ds.git/ldap/servers, branch master Unnamed repository; edit this file to name it for gitweb. Cov #16300 - Unused variable in account policy plugin 2010-10-08T21:44:18+00:00 Nathan Kinder nkinder@redhat.com 2010-10-08T21:44:18+00:00 5ae39a968b9b28d4c44407490228645c5c1e0764 The plugin_id variable is unused in acct_inact_limit(). This patch removes the unused variable. 
The plugin_id variable is unused in acct_inact_limit().  This
patch removes the unused variable.
Bug 631993 - Log authzid when proxy auth control is used 2010-10-08T20:10:43+00:00 Nathan Kinder nkinder@redhat.com 2010-10-08T20:10:43+00:00 e766b5a9e07666b95d8ba505bd512adccd41d8a3 This patch makes the access log entries for search, add, mod, del, and modrdn operations display the authzid that is used when the proxy authorization control is sent by the client. 
This patch makes the access log entries for search, add, mod, del,
and modrdn operations display the authzid that is used when the
proxy authorization control is sent by the client.
Bug 640854 - changelog db: _cl5WriteOperation: failed to 2010-10-07T06:27:47+00:00 Noriko Hosoi nhosoi@jiji.usersys.redhat.com 2010-10-07T06:27:47+00:00 3604c48b86e6b6feea63f99bebfecaa346d2bf59 write entry; db error - 22 Invalid argument https://bugzilla.redhat.com/show_bug.cgi?id=640854 Description: DBENV open flags is used to determine the DB_OPEN mode whether to set DB_AUTO_COMMIT or not. The info was eliminated in the change made for "Bug 633168 - Share backend dbEnv with the replication changelog". This patch picks up the backend dbenv openflags and uses it for the changelog DB_OPEN. 
write entry; db error - 22 Invalid argument

https://bugzilla.redhat.com/show_bug.cgi?id=640854

Description: DBENV open flags is used to determine the DB_OPEN mode
whether to set DB_AUTO_COMMIT or not.  The info was eliminated in
the change made for "Bug 633168 - Share backend dbEnv with the
replication changelog".

This patch picks up the backend dbenv openflags and uses it for
the changelog DB_OPEN.
Bug 640027 - Naming attribute with a special char sequence parsing bug 2010-10-05T22:40:10+00:00 Noriko Hosoi nhosoi@redhat.com 2010-10-05T22:40:10+00:00 9a00a444cea117d0950bef3bb9327bd05e9d11bb https://bugzilla.redhat.com/show_bug.cgi?id=640027 Description: When DN is made from RDNs containing escaped plus "\+", the dn normalizer considers the value could be nested multi- valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO) In that case, multi-valued RDNs are sorted by the normalizer. (==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO) The sample DN provided by Andrey Ivanov contains "\+", but that is not a separator for the multi-valued RDNs: cn=mytest\+\=-123'\;456,dc=example,dc=com The dn normalizer should have checked the possibility, as well. The check is added in this patch. Also, sorting was not triggered if multi-valued RDNs are located at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO) The bug was fixed, as well. 
https://bugzilla.redhat.com/show_bug.cgi?id=640027

Description: When DN is made from RDNs containing escaped plus
"\+", the dn normalizer considers the value could be nested multi-
valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO)
In that case, multi-valued RDNs are sorted by the normalizer.
(==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO)
The sample DN provided by Andrey Ivanov contains "\+", but that
is not a separator for the multi-valued RDNs:
  cn=mytest\+\=-123'\;456,dc=example,dc=com
The dn normalizer should have checked the possibility, as well.
The check is added in this patch.

Also, sorting was not triggered if multi-valued RDNs are located
at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO)
The bug was fixed, as well.
Bug 639289 - Adding a new CN entry with UpperCase UTF-8 Character 2010-10-05T16:31:15+00:00 Noriko Hosoi nhosoi@redhat.com 2010-10-05T16:31:15+00:00 76c33394c21a64a7c20047f72196b31dfdf233f0 https://bugzilla.redhat.com/show_bug.cgi?id=639289 Description: There was a bug in the utf8 uppe2Lower table: Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but to ascii 'i' (1 byte). The shortened DN tailed with a garbage character and the entry was treated as an orphan entry which does not belong to any suffix. This patch fixes the mapping table mismatch as well as adds a code to dn_ignore_case_to_end to force to NULL terminate the converted string. 
https://bugzilla.redhat.com/show_bug.cgi?id=639289

Description:
There was a bug in the utf8 uppe2Lower table:
Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map
to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but
to ascii 'i' (1 byte).  The shortened DN tailed with a garbage
character and the entry was treated as an orphan entry which does
not belong to any suffix.

This patch fixes the mapping table mismatch as well as adds a code
to dn_ignore_case_to_end to force to NULL terminate the converted
string.
add support for global inactivity limit 2010-10-01T23:02:53+00:00 Rich Megginson rmeggins@redhat.com 2010-09-29T20:15:08+00:00 037623905acf1379c964821dbb00f82f2ef1ac95 if the attribute accountInactivityLimit is specified in the global config entry cn=config,cn=Account Policy Plugin,cn=plugins,cn=config, it will be the default inactivity limit - if there is an account policy specified by acctPolicySubentry, that one will take precedence over the global policy 
if the attribute accountInactivityLimit is specified in the global
config entry cn=config,cn=Account Policy Plugin,cn=plugins,cn=config,
it will be the default inactivity limit - if there is an account policy
specified by acctPolicySubentry, that one will take precedence over the
global policy
do not register pre/post op plugins if disabled 2010-10-01T23:02:53+00:00 Rich Megginson rmeggins@redhat.com 2010-09-29T14:43:12+00:00 4ddeb0bd1e5b79360b1850ea454c08d9c2706ffa the main init function is responsible for looking to see if it is enabled and should not do any further processing, including registering the pre/post op plugins, if it is disabled 
the main init function is responsible for looking to see if it is enabled
and should not do any further processing, including registering the
pre/post op plugins, if it is disabled
fix pblock memory leak 2010-10-01T23:02:53+00:00 Rich Megginson rmeggins@redhat.com 2010-09-29T14:42:03+00:00 5f01b7913cc0c19bf8757351506f73adb1c9e58b acct_record_login() should use and destroy the pblock locally - it does not need to be passed in from the calling function 
acct_record_login() should use and destroy the pblock locally - it does
not need to be passed in from the calling function
add the account policy plugin and related server code, schema, and config 2010-10-01T23:02:53+00:00 Rich Megginson rmeggins@redhat.com 2010-09-17T14:18:29+00:00 32e2b04dd1d98d96d90fdfaa3841524b3003dcdb Add the account policy plugin and related server code, schema, and config A new switch to configure has been added --enable-acctpolicy - this is enabled by default - so the plugin and the schema will be built and installed by default the plugin will be in dse.ldif, but will be disabled by default The original contribution had some minor problems with the schema and config entries - these have been cleaned up The original contribution had a few memory leaks - these have been cleaned up 
Add the account policy plugin and related server code, schema, and config
A new switch to configure has been added --enable-acctpolicy - this is
enabled by default - so the plugin and the schema will be built and installed
by default
the plugin will be in dse.ldif, but will be disabled by default
The original contribution had some minor problems with the schema and config
entries - these have been cleaned up
The original contribution had a few memory leaks - these have been cleaned up
openldap ber_init will assert if the bv->bv_val is NULL 2010-10-01T23:01:57+00:00 Rich Megginson rmeggins@redhat.com 2010-10-01T22:38:04+00:00 4f410d762b008da8e2e43e29100c2c04ff332fbb Have to ensure that all usage of ber_init in the server checks to see if the bv->bv_val is non-NULL before using ber_init, and return the appropriate error if it is NULL Also fixed a problem in dna_extend_exop - would not send the ldap result to the client in certain error conditions Reviewed by: nhosoi (Thanks!) Tested on: RHEL5 x86_64 
Have to ensure that all usage of ber_init in the server checks to see if
the bv->bv_val is non-NULL before using ber_init, and return the appropriate
error if it is NULL
Also fixed a problem in dna_extend_exop - would not send the ldap result to
the client in certain error conditions
Reviewed by: nhosoi (Thanks!)
Tested on: RHEL5 x86_64