ds.git/ldap/schema, branch 573889 Unnamed repository; edit this file to name it for gitweb. Bug 617629 - Missing aliases in new schema files 2010-08-02T17:55:10+00:00 Rich Megginson rmeggins@redhat.com 2010-07-23T22:03:51+00:00 f87b2ba449659fc2dfb934a90c73a5279db5a4b1 https://bugzilla.redhat.com/show_bug.cgi?id=617629 Resolves: bug 617629 Bug Description: Missing aliases in new schema files Reviewed by: nkinder (Thanks!) Branch: master Fix Description: add back the aliases we removed - added a new schema flag X-DEPRECATED - this is a quoted string containing a space separated list of the deprecated aliases for this attribute Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no (cherry picked from commit 34c4ab700d99e455ba3523e7d7a02e4eae401d3d) 
https://bugzilla.redhat.com/show_bug.cgi?id=617629
Resolves: bug 617629
Bug Description: Missing aliases in new schema files
Reviewed by: nkinder (Thanks!)
Branch: master
Fix Description: add back the aliases we removed - added a new schema flag
X-DEPRECATED - this is a quoted string containing a space separated list
of the deprecated aliases for this attribute
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 34c4ab700d99e455ba3523e7d7a02e4eae401d3d)
619595 - Upgrading sub suffix under non-normalized suffix disappears 2010-07-30T01:04:48+00:00 Noriko Hosoi nhosoi@redhat.com 2010-07-30T01:04:48+00:00 666873df0752427eb187ce81c22b1d5db7914415 https://bugzilla.redhat.com/show_bug.cgi?id=619595 Fix Description: The cause of this problem is the config attribute nsslapd-parent-suffix was not defined as an attribute of DN syntax. Because of the missing definition, the value is not the target of the DN normalization and the match fails after upgraded. Adding the attribute to the schema solves this problem. Plus upgradedb does backup the DB before upgrade, and if it fails it restores from the backed up DB. Use dblayer_restore instead of copying DB files one by one. 
https://bugzilla.redhat.com/show_bug.cgi?id=619595

Fix Description:
The cause of this problem is the config attribute nsslapd-parent-suffix
was not defined as an attribute of DN syntax.  Because of the missing
definition, the value is not the target of the DN normalization and
the match fails after upgraded.  Adding the attribute to the schema
solves this problem.

Plus upgradedb does backup the DB before upgrade, and if it fails
it restores from the backed up DB.  Use dblayer_restore instead
of copying DB files one by one.
Update to New DN Format 2010-04-26T18:03:52+00:00 Noriko Hosoi nhosoi@redhat.com 2010-04-26T18:03:52+00:00 78c50664d6421cc5d0836bb03820680dc2cb7acf Fix Description: . adding slapi_dn_normalize_ext and its siblings to normalize/validate invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c) . replacing slapi_dn_normalize with new corresponding functions. . normalizing hardcoded DNs (e.g., removing spaces around ',') . setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix, costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN . if nsslapd-dn-validate-strict is enabled, incoming DN is examined and rejected if it is invalid. Once approved, the DN is normalized. . fixing compiler warnings and typos. See also: http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format Related bugs: Bug 199923 - subtree search fails to find items under a db containing special characters Bug 567968 - subtree/user level password policy created using 389-ds-console doesn't work. Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with non-ASCII new rdn incorrect Bug 570962 - ns-inactivate.pl does not work Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not correctly normalized Bug 573060 - DN normalizer: ESC HEX HEX is not normalized Bug 574167 - An escaped space at the end of the RDN value is not handled correctly 
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
  invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
  costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
  rejected if it is invalid.  Once approved, the DN is normalized.
. fixing compiler warnings and typos.

See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format

Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
             characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
             doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
             non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
             correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
             correctly
Add managed entries plug-in 2010-04-05T15:11:34+00:00 Nathan Kinder nkinder@redhat.com 2010-04-01T23:38:53+00:00 1f56658556ff4987a0f870b279dbb4dccecfff8d This adds a new managed entries plug-in. This plug-in allows one to have the Directory Server automatically maintain a set of entries that are based off of another type of entry (such as user private group entries based off of user entries). For more details, see the design document at: http://directory.fedoraproject.org/wiki/Managed_Entry_Design 
This adds a new managed entries plug-in.  This plug-in allows
one to have the Directory Server automatically maintain a set
of entries that are based off of another type of entry (such
as user private group entries based off of user entries).

For more details, see the design document at:

  http://directory.fedoraproject.org/wiki/Managed_Entry_Design
Add support for additional schema/matching rules included with 389 2010-03-09T16:50:22+00:00 Rich Megginson rmeggins@redhat.com 2010-03-09T03:53:49+00:00 2db1f5a13b7198de00b2b14232110ab42fc361ac https://bugzilla.redhat.com/show_bug.cgi?id=559315 Resolves: bug 559315 Bug Description: Searching some attributes are now case sensitive when they were previously case-insensitive Reviewed by: nhosoi (Thanks!) Fix Description: 1) The 60qmail.ldif schema we ship used integerMatch and IA5 syntax because we used not to support numericString syntax and matching rules - these have been changed to use the standard qmail definitions 2) Allow IA5String syntax to use caseExactSubstringsMatch - this is required by krbPrincipalName 
https://bugzilla.redhat.com/show_bug.cgi?id=559315
Resolves: bug 559315
Bug Description: Searching some attributes are now case sensitive when they were previously case-insensitive
Reviewed by: nhosoi (Thanks!)
Fix Description:
1) The 60qmail.ldif schema we ship used integerMatch and IA5 syntax
because we used not to support numericString syntax and matching rules -
these have been changed to use the standard qmail definitions
2) Allow IA5String syntax to use caseExactSubstringsMatch - this is required
by krbPrincipalName
change syntax plugins to register required matching rule plugins 2010-02-17T22:05:40+00:00 Rich Megginson rmeggins@redhat.com 2010-02-16T22:56:59+00:00 ecf93e699b04d45fdfa07b12094adaab0233c47a https://bugzilla.redhat.com/show_bug.cgi?id=559315 Resolves: 559315 Description: Searching some attributes are now case sensitive when they were previously case-insensitive Reviewed by: nhosoi (Thanks!) - also added some suggested comments I added code to allow the syntax plugins to register corresponding matching rules. That is, the functions that the syntax plugins use for filter matching and key generation can also be used for matching rules with the new wrapper code. I added some convenience functions and structures in the syntax plugin code to make it easier to add matching rules in the future. I also added a new feature to the matching rule code - in the LDAP spec definition of matching rule, the syntax provided in the matching rule definition is the syntax for the _assertion value_ used with the matching rule, which is not necessarily the same as the syntax of the _attribute values_ to which the matching rule can be applied. For example, matching rules that apply to syntax DirectoryString can also be applied in some cases to PrintableString, CountryString, and IA5String. There are several other cases like this as well. I also introduced the concept of a compat syntax that can be used with a matching rule. The server will now check, when reading in the schema, if the syntax and matching rules for an attribute are consistent. Finally, for 05rfc4523.ldif, I changed the attributes to use octetStringMatch instead of one of the unimplemented certificate matching rules. 
https://bugzilla.redhat.com/show_bug.cgi?id=559315
Resolves: 559315
Description: Searching some attributes are now case sensitive when they were previously case-insensitive
Reviewed by: nhosoi (Thanks!) - also added some suggested comments
I added code to allow the syntax plugins to register corresponding
matching rules.  That is, the functions that the syntax plugins use
for filter matching and key generation can also be used for matching
rules with the new wrapper code.  I added some convenience functions
and structures in the syntax plugin code to make it easier to add
matching rules in the future.  I also added a new feature to the
matching rule code - in the LDAP spec definition of matching rule, the
syntax provided in the matching rule definition is the syntax for
the _assertion value_ used with the matching rule, which is not
necessarily the same as the syntax of the _attribute values_ to which
the matching rule can be applied.  For example, matching rules that apply
to syntax DirectoryString can also be applied in some cases to
PrintableString, CountryString, and IA5String.  There are several other
cases like this as well.  I also introduced the concept of a compat
syntax that can be used with a matching rule.  The server will now
check, when reading in the schema, if the syntax and matching rules
for an attribute are consistent.
Finally, for 05rfc4523.ldif, I changed the attributes to use
octetStringMatch instead of one of the unimplemented certificate
matching rules.
Remove blank line from 00core.ldif. 2009-10-27T23:07:01+00:00 Nathan Kinder nkinder@redhat.com 2009-10-27T23:07:01+00:00 de638561197aedf3cd9197cc47a5acaddfc77117 There is an unnecessary blank line in 00core.ldif in the middle of an entry. This isn't causing any server issues since the line does have a space, making it count at part of the previous attribute, but it does through off Mozilla::LDAP::LDIF. The blank line should really be removed. 
There is an unnecessary blank line in 00core.ldif in the middle
of an entry.  This isn't causing any server issues since the line
does have a space, making it count at part of the previous attribute,
but it does through off Mozilla::LDAP::LDIF.  The blank line should
really be removed.
more updates - add missing rundir - remove ldapiautodnsuffix 2009-10-07T15:06:21+00:00 Rich Megginson rmeggins@redhat.com 2009-10-01T21:56:20+00:00 d1214317ca2bcefd18db4e1a7414ac2a8408e5a9 Some older releases did not have nsslapd-rundir - upgrading from those releases will cause the server not to start - we must add nsslapd-rundir if it is missing We also got rid of nsslapd-ldapiautodnsuffix, so remove that from the config - it doesn't hurt anything to leave it, but the error message is annoying I also added back a mostly truncated version of 28pilot.ldif because some apps still use pilotObject - those apps should change to use a different objectclass ASAP. Tested on Fedora 11 i386 and x86_64 Reviewed by: nkinder (Thanks!) 
Some older releases did not have nsslapd-rundir - upgrading from
those releases will cause the server not to start - we must add
nsslapd-rundir if it is missing
We also got rid of nsslapd-ldapiautodnsuffix, so remove that from
the config - it doesn't hurt anything to leave it, but the error
message is annoying
I also added back a mostly truncated version of 28pilot.ldif because
some apps still use pilotObject - those apps should change to
use a different objectclass ASAP.
Tested on Fedora 11 i386 and x86_64
Reviewed by: nkinder (Thanks!)
Add comment to 00core.ldif to explain why we changed 2009-09-30T15:15:18+00:00 Rich Megginson rmeggins@redhat.com 2009-09-30T15:15:18+00:00 5d918968b89eb5230bbea4dc76ef36a266898c86 the standard definitions of groupOfNames and groupOfUniqueNames to allow empty groups. 
the standard definitions of groupOfNames and groupOfUniqueNames
to allow empty groups.
allow empty groups 2009-09-30T15:00:52+00:00 Rich Megginson rmeggins@redhat.com 2009-09-30T02:45:54+00:00 263e072493ec249ee0176193ee8bcb1b72255720 https://bugzilla.redhat.com/show_bug.cgi?id=526141 Resolves: bug 526141 Bug Description: allow empty groups Reviewed by: nhosoi (Thanks!) Fix Description: Change groupOfNames and groupOfUniqueNames to allow empty groups by changing the member/uniqueMember attribute from MUST to MAY. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no 
https://bugzilla.redhat.com/show_bug.cgi?id=526141
Resolves: bug 526141
Bug Description: allow empty groups
Reviewed by: nhosoi (Thanks!)
Fix Description: Change groupOfNames and groupOfUniqueNames to allow empty
groups by changing the member/uniqueMember attribute from MUST to MAY.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no