| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Bug Description: MMR breaks from master that has been reinited
Reviewed by: nkinder (Thanks!)
Fix Description: This problem occurs when you have two or more masters, and you have updates that have originated at a master that have been sent to other masters (so that the other masters have a valid min/max csn for that replica in the ruv). If that master needs to be reinitialized for some reason (crash, etc.) the reinit will erase the changelog. The RUV for that master will now contain CSNs that are not in the changelog. If that master attempts to update another master, it will first look at the RUV from the consumer, which will contain the old CSNs, and it will look for those CSNs in the changelog, fail, and abort the update process, meaning this master can no longer send updates to other servers.
The solution is for the master to just use the min CSN in its own RUV as the new starting point, if it has not been purged. In the case of purging, if the CSN is not found, this means the consumer is too far behind and must be reinitialized.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
| |
Summary: listenhost: hostname associated with multiple addresses
1) parentheses were needed around *addr, which should have been evaluated
before the array.
2) fixed a small memory leak.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: PTA config parsing broken
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem is that it is very difficult to use a comma as a delimiter between the url and the optional settings. This is because the suffix may contain many commas. The argument string may look like this:
ldap://host1:port1 host2:port2 .... hostN:portN/a,long,suffix1:a,long,suffix2;....;a,long,suffixN optional,numeric,settings
The ldap url may not contain any spaces after the hostlist - the suffixlist part must contain only url encoded spaces if the suffix actually has a space in it. So the solution is to use a space to separate the url from the options list. The parser looks for the first space after the last "/" in the url. This should be ok - at least it will not break the most common use of pta, which is to allow the config DS admin user to log into servers that do not have the o=NetscapeRoot. setup will use something like this:
ldap://configdshost:configdsport/o=NetscapeRoot
with not optional settings - this should parse just fine with the new code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Have to assign the values directly to the array ref - not to a temp array ref
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: dbgen.pl uses incorrect perl interpreter on hpux
Reviewed by: nhosoi (Thanks!)
Fix Description: Set @perlexec@ to the correct platform specific perl location.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration : encryption key entries missing when source is 6.21
Reviewed by: nhosoi (Thanks!)
Fix Description: I found out why it wasn't always adding the attribute encryption entries. If the cn=monitor entry existed for the database, it would not add the other container entries. I don't know why it did that. I changed it to always add those entries, and just skip the ones that already exist. This should ensure that the attribute encryption entries always exist.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| | |
|
| |
|
|
|
| |
Summary: verify-db.pl : can't find dbverify (comment #5)
Fix: added the inst_dir to PATH to tell verify-db.pl where dbverify is located.
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: "nested" filtered roles result in deadlock
Description: Function slapi_vattr_values_get_sp used to use the context
allocated on the stack. Changed it to call vattr_context_new to set the
locally created pblock (local_pb). The pblock is used to pass the context
loop info as the stack gets deeper to prevent the stack overflow. At the
end of this function slapi_vattr_values_get_sp, slapi_pblock_destroy is
called if the context is local (use_local_ctx). The function cleans up
pb_vattr_context internally.
|
| |
|
|
|
| |
Description: Need to support mail server schema
Fix Description: There are customers who are using the mail schema, so we need to keep it in the product.
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Fix the error message
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Fix the error message
|
| |
|
|
|
|
|
| |
Summary: rhds71sp1 rhel3u6 - ns-slapd process dies with segmentation fault
Description: ldap_utf8prev, LDAP_UTF8PREV, and LDAP_UTF8DEC were sometimes
used without checking the returned pointer going back beyond the beginning
of the string.
|
| |
|
|
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler (Comment #25,26)
Change description: moved the DEBUG_TRACE to the place before deleting the
physical log file.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration : ignore idl switch value in 6.21 and earlier
Reviewed by: nhosoi (Thanks!)
Fix Description: If we are migrating a 6.21 or older database, we must not preserve the old idl switch setting, we must use the new default. We also have to use LDIF files for database migration as we cannot reuse the old binary database files.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Corrected path generation for loading SNMP stats file.
|
| |
|
|
|
| |
Description: ACI targetattr list parser is whitespace sensitive
Fix Description: In addition to the previous fixes, test for quote at end of string before incrementing s - otherwise test will always fail.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: build links wrong libdb on 64-bit systems
Reviewed by: nhosoi (Thanks!)
Fix Description: Once again, libtool attempts to be helpful but is instead harmful. If you have both db4-devel.i386 and db4-devel.x86_64 installed, this will install /usr/lib/libdb-4.N.la. If you use libtool to link with -ldb-4.N, and you do not specify a search path, libtool will attempt to find this library in it's default search path, which is something like /usr/lib/gcc/x86_64/blahblahblah/../../../lib. This will find /usr/lib/libdb-4.N.la and will use the information in that file and link the object with /usr/lib/libdb-4.N.so, instead of just passing -ldb-4.N through to the linker which is what it ought to do (darn libtool). In order to make libtool do the right thing, we must pass in -L$libdir -ldb-4.N to libtool so that it will use $libdir first in its search path.
Platforms tested: RHEL5 x86_64, RHEL4 x86_64
Flag Day: yes - autotool file changes
Doc impact: no
|
| |
|
|
|
| |
Description: ACI targetattr list parser is whitespace sensitive
Fix Description: I made it too sensitive. The parser should allow simple unquoted strings. However, if it begins with a quote, it must end with a quote.
|
| |
|
|
| |
Summary: Don't define _XOPEN_SOURCE_EXTENDED on HP-UX.
|
| |
|
|
|
| |
Description: ssl acceptance tests are failing
Fix Description: This isn't the full fix, but the error message should print out the directory where it was looking for the missing cert db files.
|
| |
|
|
|
|
| |
Description: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Reviewed by: supplemental
Fix Description: In some cases, it is ok if the filter is NULL. So just allow NULL in those cases. slapi_str2filter must take either NULL or a writable string, so make sure we pass those in correctly.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: qualify warning message when cert8.db is missing
Reviewed by: self
Fix Description: Only warn when both cert8.db and cert7.db are missing. If cert7.db is there, NSS will automatically create cert8.db from it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration : encryption key entries missing when source is 6.21
Reviewed by: self
Fix Description: Just always create those entries when creating the backend. The server does this at startup, but I guess for this case that occurs too late in the startup process.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Solaris: warnings reported by the Solaris compiler
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: obsolete values migrated to target instance
Reviewed by: nhosoi (Thanks!)
Fix Description: When fixing the attributes in the old entry, remove any obsolete attributes.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
| |
Summary: infadd tool won't start. Fails to load data file (comment #4)
Description: HP compiler does not like to have a function call in a constant
expression.
|
| |
|
|
|
|
|
|
|
| |
Summary: MMR: Supplier does not respond anymore after many operations (deletes)
Description: introduce OP_FLAG_REPL_RUV. It's set in repl5_replica.c if the
entry is RUV. The operation should not be blocked at the backend SERIAL lock
(this is achieved by having OP_FLAG_REPL_FIXUP set in the operation flag).
But updating RUV has nothing to do with VLV, thus if the flag is set, it skips
the VLV indexing.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem was that we were not checking the return value of slapi_str2filter(). I added a check at the crash site, and it will not print out a helpful error message. I did a search through the code looking for other similar places and found a couple. I added similar code in those places.
I added an initialization of a buffer to null, as suggested by nhosoi.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: ACI targetattr list parser is whitespace sensitive
Reviewed by: nkinder, nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Need to trim trailing whitespace from the targetattr clause. I noticed that targetattrfilters had the same problem, except it returned ACL_SYNTAX_ERR in that case, so I changed targetattr to do the same.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
Summary: "nested" filtered roles result in deadlock (comment #16)
Description: fixed a memory leak introduced in the previous checkins (comment #12)
|
| |
|
|
| |
Summary: Look for infadd data files in TEMPLATEDIR.
|
| |
|
|
| |
Summary: Sleep longer when waiting for ldap-agent to start.
|
| | |
|
| |
|
|
|
| |
Description: tmpwatch whacks stats
Fix Description: Move the default nsslapd-tmpdir to /tmp.
|
| |
|
|
|
|
|
| |
Description: tmpwatch whacks stats
Reviewed by: nkinder (Thanks!)
Fix Description: move the snmp slapd.stats file to run_dir (/var/run/dirsrv) and rename to slapd-instance.stats. Had to add nsslapd-rundir to cn=config in order for ldap-agent to be able to get it.
Doc: Yes, we need to document the new attribute nsslapd-rundir.
|
| |
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Do not allow direct migration if the source db index has old IDL format
Reviewed by: nkinder (Thanks!)
Fix Description: Just before the attempt to copy the database directories, look at the DBVERSION file from the source. If it is determined that the source version is too old, just exit migration and output a helpful error message.
Platforms tested: RHEL4 i386
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Fixed small non-recurring memory leak at startup.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Netscape Console allows instance directory to be set as change log
Reviewed by: nkinder (Thanks!)
Fix Description: 1) When removing the changelog files and directories, only remove the actual db related files - version, guardian, *db4, log.*, and __db.* - This should take care of the cases where the changelog was already created in an existing directory.
2) Disallow adding/changing a changelog db directory if it already exists and is not empty
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Don't add mailGroup objectclass when sync'ing new group entries from AD.
|
| |
|
|
|
|
|
|
| |
Summary: Migration/Upgrade fails when it's from 6.21 to 8.0 on the same OS/architecture
Description:
back-ldbm.h: added LDBM_VERSION_62
dblayer.c: fixed a bug to check the instance dir name
upgrade.c: added LDBM_VERSION_62
|
| |
|
|
| |
Summary: Ensure that we NULL terminate strings properly when processing config file settings.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: uuid generator not initialized by import from command line
Reviewed by: nkinder (Thanks!)
Fix Description:
The unique ID generator is not initialized if import is run from the command
line. The bad effect of this is that the clock sequence and node fields are all
zeros. This could lead to duplicate unique IDs being assigned by two different
servers.
What happens is that the uuid values all look like this:
XXXXXXXX-XXXXXXXX-80000000-00000000
So the time based part is generally ok, but the clock seq and node ID part are never initialized, hence 0's for those fields.
The fix is to initialize the unique id generator in the same manner as we do for the server when it starts up in regular mode, except that we tell the generator to use the single threaded (st) mode rather than the multi threaded (mt) mode.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: uuid generator truncates clock_seq_hi_and_reserved field
Reviewed by: nkinder (Thanks!)
Fix Description:
The uuid code has this code (where clock_seq is unsigned16 - 2 bytes and
uuid->clock_seq_hi_and_reserved is unsigned8 - 1 byte):
uuid->clock_seq_hi_and_reserved = (unsigned8)(clock_seq & 0x3F00) >> 8;
In this code, the cast to unsigned8 takes precedence over over the shift. So
what happens is that (clock_seq & 0x3F00) is first cast to an 8 bit quantity,
then shifted by 8 bits. The result is that the value is _always 0_. The code
also does this:
uuid->clock_seq_hi_and_reserved |= 0x80;
You can see this because every nsUniqueID looks like this:
XXXXXXXX-XXXXXXXX-80XXXXXXXX-XXXXXXXX
The first byte of the 3rd octet is always 80.
This may also be related to https://bugzilla.redhat.com/show_bug.cgi?id=197886 and may explain why the sequence numbers were exhausted so quickly. Without this fix, we only have 256 sequence numbers available. This fix adds another 6 bits.
The fix is to mask and shift as an unsigned16 quantity, then cast to unsigned8.
Platforms tested: RHEL5 x86_64
Flag Day: no - I think this will only impact new unique IDs that are generated. It will not affect existing unique IDs.
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: "nested" filtered roles result in deadlock (Comment #12)
Description:
1. Changed cache_lock to the read-write lock.
2. Instead of using the local vattr_context in vattr_test_filter, use the one
set in pblock as much as possible. To achieve the goal, introduced
pb_vattr_context to pblock.
3. Increased VATTR_LOOP_COUNT_MAX from 50 to 256.
4. When the loop count hit VATTR_LOOP_COUNT_MAX, it sets
LDAP_UNWILLING_TO_PERFORM and returns it to the client.
|
| |
|
|
| |
Summary: Remove changelog db file when replica config is removed.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: add an view object inside a view object that has an improper nsviewfilter crashes the server
Reviewed by: nhosoi (Thanks!)
Fix Description: I could not reproduce the problem by simply adding the bogus nsviewfilter. The server seemed to run fine, but I didn't stress it. However, if I restarted the server, the server would core during startup. The last message in the error log would say something about recovering the database, which is probably why the bug reporter said that it will not recover the database. The problem doesn't appear to be with views specifically, but with any internal search which uses the search_internal_callback_pb() (as opposed to the non callback internal search) and there are search base rewriters (such as the views code). The aci code uses this type of search at startup to find the acis, and that's where I saw the crash. I could crash the server at startup regardless of whether the view filter was bogus or not. The problem is that we are not passing in the address of new_base to slapi_ch_free. The fix is to use slapi_ch_free_string and pass in the address of the string. That fixes the crash.
I also cleaned up a few places in the views code which was not checking to see if slapi_str2filter returned NULL, which would happen in the case of the bogus search filter. I also added an error message which will tell the user that filter X in entry Y is bogus.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
| |
Added rfc2307bis schema, but in the data directory. It is not compatible with the older rfc2307 schema included with the directory server.
Users will need to upgrade their database to fix posixGroup entries in order
to use this schema
|
