ds.git, branch 1.2 Unnamed repository; edit this file to name it for gitweb. Need to store additional attributes in Retro Changelog 2009-08-25T19:24:29+00:00 Rich Megginson rmeggins@redhat.com 2009-08-25T19:20:47+00:00 30e3822919e20cb13dfc5dabc50e7c1fe5e21d40 https://bugzilla.redhat.com/show_bug.cgi?id=504651 Resolves: 504651 Bug Description: Need to store additional attributes in Retro Changelog Submitted by: Endi Sukma Dewata <edewata@redhat.com> Reviewed by: rmeggins (thanks!) Platforms tested: FC10 x86_64 Fix Description: The fix allows recording some user-defined attributes from the target entry of the operation (e.g. objectGUID) and built-in attributes generated by the plugin (e.g. isReplicated) into the change log entry. The attributes should be specified in the configuration entry: dn: cn=Retro Changelog Plugin,cn=plugins,cn=config ... nsslapd-attribute: objectGUID nsslapd-attribute: isReplicated The change log entry will contain the additional attributes: dn: changeNumber=...,cn=changelog ... objectGUID: ... isReplicated: ... --- 
https://bugzilla.redhat.com/show_bug.cgi?id=504651
Resolves: 504651
Bug Description: Need to store additional attributes in Retro Changelog
Submitted by: Endi Sukma Dewata <edewata@redhat.com>
Reviewed by: rmeggins (thanks!)
Platforms tested: FC10 x86_64
Fix Description: The fix allows recording some user-defined attributes
from the target entry of the operation (e.g. objectGUID) and built-in
attributes generated by the plugin (e.g. isReplicated) into the change
log entry. The attributes should be specified in the configuration entry:

dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
...
nsslapd-attribute: objectGUID
nsslapd-attribute: isReplicated

The change log entry will contain the additional attributes:

dn: changeNumber=...,cn=changelog
...
objectGUID: ...
isReplicated: ...
---
Fails to start if attrcrypt can't unwrap keys 2009-08-25T19:18:50+00:00 Rich Megginson rmeggins@redhat.com 2009-08-25T17:44:58+00:00 66aa2197b7de316f540fe924ea3435c9275a82d7 https://bugzilla.redhat.com/show_bug.cgi?id=519065 Resolves: 519065 Bug Description: Fails to start if attrcrypt can't unwrap keys Reviewed by: nhosoi (Thanks!) Fix Description: If not using the attrcrypt feature, just return success if the keys could not be unwrapped. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no 
https://bugzilla.redhat.com/show_bug.cgi?id=519065
Resolves: 519065
Bug Description: Fails to start if attrcrypt can't unwrap keys
Reviewed by: nhosoi (Thanks!)
Fix Description: If not using the attrcrypt feature, just return success
if the keys could not be unwrapped.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/show_bug.cgi?id=487425 2009-08-25T19:18:42+00:00 Rich Megginson rmeggins@redhat.com 2009-08-25T17:09:52+00:00 5d5ce8ed4a3e37e49f4cc0fb3da17bb2d248d61a Resolves: bug 487425 Bug Description: slapd crashes after changelog is moved Reviewed by: rmeggins Fix Description: Call clcache_set_config after the global changelog cache pool has been allocated. Platforms tested: HPUX 11 (PA-RISC 2.0 64-bit) Flag Day: no Doc impact: no <diffs> 
Resolves: bug 487425
Bug Description: slapd crashes after changelog is moved
Reviewed by: rmeggins
Fix Description: Call clcache_set_config after the global changelog cache pool has been allocated.
Platforms tested: HPUX 11 (PA-RISC 2.0 64-bit)
Flag Day: no
Doc impact: no
<diffs>
Retry SASL writes if buffer not fully sent 2009-08-21T23:56:43+00:00 Rich Megginson rmeggins@redhat.com 2009-08-20T18:59:08+00:00 0d1f300d0e4e41d96f3022c5c80bfcb34507f5b5 https://bugzilla.redhat.com/show_bug.cgi?id=518544 Resolves: bug 518544 Bug Description: large entries cause server SASL responses to fail Reviewed by: nhosoi (Thanks!) Branch: HEAD and 1.2 Fix Description: The SASL server code was broken when we switched over to use NSPR I/O for the SASL IO layer. If the entire encrypted buffer could not be sent to the client, the server was just failing. Instead, the server must keep track of how many encrypted bytes were sent. If all of the encrypted bytes could not be sent, we must return the appropriate error to the caller to let them know the operation would block. The caller in this case is the write_function() which does a poll() to see if the socket is available for writing again, then will attempt the send again. I also cleaned up usage of the various Debug macros. Finally, I discovered that the sasl init code was calling config_get_localhost() before that value could be set. In most cases, it is ok, because it will fall back to the default hostname from the system. However, if for some reason you want to use a different localhost, it will fail. Now it will be set in the boostrap config code. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no 
https://bugzilla.redhat.com/show_bug.cgi?id=518544
Resolves: bug 518544
Bug Description: large entries cause server SASL responses to fail
Reviewed by: nhosoi (Thanks!)
Branch: HEAD and 1.2
Fix Description: The SASL server code was broken when we switched over to
use NSPR I/O for the SASL IO layer.  If the entire encrypted buffer could
not be sent to the client, the server was just failing.  Instead, the server
must keep track of how many encrypted bytes were sent.  If all of the
encrypted bytes could not be sent, we must return the appropriate error
to the caller to let them know the operation would block.  The caller in
this case is the write_function() which does a poll() to see if the socket
is available for writing again, then will attempt the send again.
I also cleaned up usage of the various Debug macros.
Finally, I discovered that the sasl init code was calling config_get_localhost()
before that value could be set.  In most cases, it is ok, because it will
fall back to the default hostname from the system.  However, if for some
reason you want to use a different localhost, it will fail.  Now it will be
set in the boostrap config code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
bump version to 1.2.2 2009-08-20T19:24:37+00:00 Rich Megginson rmeggins@redhat.com 2009-08-20T18:59:08+00:00 99b41607701765fd4c8c93a1183507db78d785fa Reviewed by: nhosoi (Thanks!) 
Reviewed by: nhosoi (Thanks!)
Fix usage of pre-hashed salted passwords 2009-08-20T18:02:31+00:00 Rich Megginson rmeggins@redhat.com 2009-08-20T17:28:14+00:00 3cb5251e9c549269c6548f5d21beb31a5ced5148 Pre-hashed passwords may not use the standard internal salt length. The old ldif base64 decode function would return the number of bytes in the decoded string - the new NSPR function does not. We can't use strlen on the decoded value since it is binary and may contain nulls. The solution is to use a function to calculate exactly how many bytes the encode string will have when decoded, taking into account padding. Since we know exactly how many bytes are decoded, and we know exactly how many bytes of that decoded value are the hash, the remainder must be the salt, however many bytes that is. I tested this code with salt lengths from 1 to 99. Reviewed by: nkinder (Thanks!) 
Pre-hashed passwords may not use the standard internal salt length.  The old
ldif base64 decode function would return the number of bytes in the decoded
string - the new NSPR function does not.  We can't use strlen on the decoded
value since it is binary and may contain nulls.  The solution is to use a
function to calculate exactly how many bytes the encode string will have
when decoded, taking into account padding.  Since we know exactly how many
bytes are decoded, and we know exactly how many bytes of that decoded value
are the hash, the remainder must be the salt, however many bytes that is.
I tested this code with salt lengths from 1 to 99.
Reviewed by: nkinder (Thanks!)
509472 db2index all does not reindex all the db backends correctly 2009-08-20T18:02:19+00:00 Noriko Hosoi nhosoi@redhat.com 2009-08-20T17:31:13+00:00 45306cbaf119931b04d3a01fbf4dae5204de9fe1 The commit a26ba73fb5040383c27872997bc07ab0c2006459 made to fix the bug 509472 put the assertion at the wrong place. It should be applied just for the worker thread. 
The commit a26ba73fb5040383c27872997bc07ab0c2006459 made to fix the bug 509472
put the assertion at the wrong place.  It should be applied just for the worker
thread.
set syntax checking off by default for the 1.2.1 release 2009-08-12T18:48:08+00:00 Rich Megginson rmeggins@redhat.com 2009-08-12T18:48:08+00:00 7e1f83c8cf4aad5910f7a14a1c86f2380efb836b 






506786 Index maintenance mechanism causes wrong search results when
2009-08-12T18:47:36+00:00

Noriko Hosoi
nhosoi@redhat.com

2009-08-12T15:36:58+00:00

421618180320be6d1a3f055c3ef99c0c2c0a8790

modifying attributes with subtypes

Andrey Ivanov (andrey.ivanov@polytechnique.fr) pointed out my previous
check-in for bug 506786 had an inefficient code.  To determine whether
to delete an equality index key or not, the code checks the key still
exists in the value array having the same attribute type.  The check
should be done as soon as one value is found in the value array instead
of checking through all of them.





modifying attributes with subtypes

Andrey Ivanov (andrey.ivanov@polytechnique.fr) pointed out my previous
check-in for bug 506786 had an inefficient code.  To determine whether
to delete an equality index key or not, the code checks the key still
exists in the value array having the same attribute type.  The check
should be done as soon as one value is found in the value array instead
of checking through all of them.







fix pcre build issues
2009-08-12T18:47:36+00:00

Rich Megginson
rmeggins@redhat.com

2009-08-12T15:03:32+00:00

b2c5e72befb090c853a568d269b5ea66620adbc0

Reviewed by: nkinder (Thanks!)





Reviewed by: nkinder (Thanks!)