| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=539618
Back off this commit:
commit 4205086e4f237a52eb9113cd95f9cf87b39e9ed4
Date: Mon Feb 22 08:49:49 2010 -0800
since this change could cause the deadlock between the thread
eventually calling prot_free, which acquired the agreement lock,
and other threads waiting for the agreement lock, which prevents
the protocol stop.
Instead of waiting for prot_thread_main done in prot_free, let
prot_thread_main check the existence of the protocol field in
the agreement. If it's not available, prot_thread_main quits.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=545620
Previously getopt would interpret initial '-' in root password
as an option which could lead to setup failure. Now a special
argument '--' has been added before the password to distinguish
it from other options.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=551198
Resolves: bug 551198
Bug Description: LDAPI: incorrect logging to access log
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The connection logging code was not ldapi/unix socket
aware. Now we check for the socket type, and check to see if there is
a proper path name in the path field. The "server" side of the socket
seems not to get the path name set correctly - not sure why, but it doesn't
really matter, since the client side path name does seem to be set
correctly. The access log will contain the server side path and the client
side path, so something like "from local to /var/run/slapd-foo.socket"
Platforms tested: RHEL5 x86_64, Fedora 11 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=555970
Description: view read lock was missing in a view api called from
COS.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=568196
Resolves: bug 568196
Bug Description: Install DS8.2 on Solaris fails - part 2
Reviewed by: self
Branch: HEAD
Fix Description: Add pcre_libdir to all script wrappers that
call ns-slapd, such as ldif2db, etc.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 24245075d03955f26b6c827b123ac002ff16c012)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=568196
Resolves: bug 568196
Bug Description: Install DS8.2 on Solaris fails
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Add pcre_libdir to script wrappers for programs that use pcre
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 3d27198f45b4b25df667d3f86dce66a44f4bc65d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
location on non-RHEL/Fedora OS
https://bugzilla.redhat.com/show_bug.cgi?id=460162
Resolves: bug 460162
Bug Description: FedoraDS "with-FHS" installs init.d StartupScript in wrong location on non-RHEL/Fedora OS
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: There is no LSB or FHS standard for the init script location,
and it varies widely across systems and even linux distros. I've added
a --with-initddir (default $(sysconfig)/rc.d) so that the location can be
specified. Note that this changes the initdir parameter to be an absolute
path, instead of relative to sysconfdir. Some systems do not use /etc at all
for this (e.g. HPUX uses /init.d).
Platforms tested: RHEL5 x86_64
Flag Day: yes - autotool file change
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=516611
Resolves: bug 516611
Bug Description: 389 DS segfaults on libsyntax-plugin.so - part 3
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: bin_filter_ava should check for null bvals
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=516611
Resolves: bug 516611
Bug Description: 389 DS segfaults on libsyntax-plugin.so - part 2
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: If there is an empty mod/replace of a non-existent attribute
following a real modify operation, the server will allow it, and the code in
entry_delete_present_values_wsi() would create an empty Slapi_Attr. LDAP
says that an empty mod/replace of a non-existent attribute should be ignored,
as it is in the non-repl case.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=516611
Resolves: bug 516611
Bug Description: 389 DS segfaults on libsyntax-plugin.so - part 1
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Check for NULL bvals in the string syntax filter functions
ava, sub, and key generation
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=548115
Description:
dse.c: 1) dse_add_entry_pb is supposed to free the given
the schema entry e. Although the function never consumes the
entry, it was only freeing it when the entry was added. (If
it was merged or rejected, it was not freed.)
schema.c: 1) when allocating a work buffer with sizedbuffer_allocate,
the space for the NULL termination was not counted.
2) DSE returned from slapi_validate_schema_files must have been
freed regardless of the return value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=506206
Resolves: bug 506206
Bug Description: problems linking with -z defs
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Some platforms (debian) and some build checking tools
(rpmlint, others) link with -z defs to look for any undefined references at
link time. We had several of these in various directory server objects.
1) all of the plugins need to link against libslapd.la
2) most of the plugins need to link against ldapcsdk and nspr
3) the pwdstorage plugin needs to link against LIBCRYPT, which is platform
dependent
4) various other link fixes
Platforms tested: RHEL5 x86_64
Flag Day: yes - autotool file changes
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=564876
Resolves: Bug 564876
Bug Description: FTBFS 389-ds-base-1.2.6-0.1.a1.fc13: ImplicitDSOLinking
There are several programs that use pthread but do not link against it
explicitly. We need to link against pthread explicitly.
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
| |
if replacement of the attribute values fails (e.g. due to duplicate values)
the valstoreplace is not freed - the caller expects the valueset_replace
function to own the values passed in. The function will now free the values
if there was an error
In addition, valueset_replace should not free the old values in case
of error - it should leave the old values in the attribute
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
octet string ordering work correctly
https://bugzilla.redhat.com/show_bug.cgi?id=559315
Resolves: bug 559315
Bug Description: Searching some attributes are now case sensitive when they were previously case-insensitive
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: slapi_matchingrule_is_compat() was not checking for NULL; the matching rule syntax plugin was registering with the INTEGER syntax oid; the bin_filter_ava() function needs to be ordering aware to implement the octetStringOrderingMatch; in default_mr_filter_create(), make sure the requested matching rule is provided by the given plugin
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=567370
Descriptino: When deleting an entry, if the dn is in the dn cache,
it should be removed. The original code was trying to remove it
regardless of the existence in the dn cache. Fixed it so that
only when the dn is in the cache, it's removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=539618
Descriptions: When a protocol is freed by prot_free, prot_close
is supposed to have been called to stop the main thread
prot_thread_main. But, there was no mechanism for the freeing
thread whether the prot_thread_main has already quitted or not,
it could have released the Repl_Protocol even though it was
still being in use. This fix is adding a checking method.
The same test revealed ldbm_back_modrdn had a chance to access
a field of NULL entry structure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=527848
Change Description:
1. Replication Changelog
1-1. In the clean recover mode, transaction logs should not be removed.
1-2. When nsslapd-db-circular-logging is on (by default, it's on),
call log_archive function with DB_ARCH_REMOVE, which removes
log files that are no longer needed.
1-3. Call transaction checkpoint just before shutting down the server.
1-4. "From string" in the upbrade message had a flaw.
2. Backend dblayer
2-1. In checkpoint_threadmain, call log_archive with DB_ARCH_ABS,
which returns the absolute path of the transaction log files.
It eliminates the code which generates the absolute paths.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=559315
Resolves: 559315
Description: Searching some attributes are now case sensitive when they were previously case-insensitive
Reviewed by: nhosoi (Thanks!) - also added some suggested comments
I added code to allow the syntax plugins to register corresponding
matching rules. That is, the functions that the syntax plugins use
for filter matching and key generation can also be used for matching
rules with the new wrapper code. I added some convenience functions
and structures in the syntax plugin code to make it easier to add
matching rules in the future. I also added a new feature to the
matching rule code - in the LDAP spec definition of matching rule, the
syntax provided in the matching rule definition is the syntax for
the _assertion value_ used with the matching rule, which is not
necessarily the same as the syntax of the _attribute values_ to which
the matching rule can be applied. For example, matching rules that apply
to syntax DirectoryString can also be applied in some cases to
PrintableString, CountryString, and IA5String. There are several other
cases like this as well. I also introduced the concept of a compat
syntax that can be used with a matching rule. The server will now
check, when reading in the schema, if the syntax and matching rules
for an attribute are consistent.
Finally, for 05rfc4523.ldif, I changed the attributes to use
octetStringMatch instead of one of the unimplemented certificate
matching rules.
|
| |
|
|
|
|
|
|
|
|
|
| |
Created wrappers around the new syntax style functions to make them look
like the old style filter functions. There are a few caveats:
1) SUBSTRING extensible filter searches are not supported. There is no
way currently to pass in the timelimit required by the syntax substring
filter functions.
2) ORDERING only does greater than or equal. There is no standard way to
do an extensible match with a standard ordering matching rule and specify
less than or greater than.
|
| |
|
|
|
|
|
| |
Create wrappers for the new syntax plugin style matching rule code so that
we can use the old matching rule indexing functions. Introduced a new type
of indexer for Slapi_Value values. The old style used struct berval * values,
but the syntax plugins and a lot of newer code work with Slapi_Value* instead.
|
| |
|
|
|
|
|
|
|
|
|
| |
There were many places in the server code that directly used the syntax
plugin for the attribute. If the attribute schema definition specified
a matching rule, we must use that matching rule for matching values of
that attribute, filtering that attribute, and generating index keys for
values of that attribute. New internal and plugin APIs have been added
that use the Slapi_Attr* instead of using the syntax plugin directly.
The new API will determine which matching rule to apply based on the
schema definition.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The SASL ANONYMOUS mechanism was broken since the SASL mapping code
was invoked to map anonymous to a real user entry. This adds a
special case to the canonify user callback that sets the bind DN
to "" if the ANONYMOUS mechanism is being used.
I also added a check to see if anonymous access is disabled when
we set up the SASL secprops for a connection. If anonymous access
is disabled, we set a SASL security flag to disallow mechanisms
that would allow anonymous access.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
st_size and nsldapi_build_control et al. in ldclt.c
https://bugzilla.redhat.com/show_bug.cgi?id=565987
Fix Description:
1. stat: sys/types.h and sys/stat.h need to be included.
2. nsldapi_build_control: duplicated nsldapi_build_control from
the mozldap c library.
3. added the sub value [=deref:attr] of deref to the usage.
4. allow -e deref without the sub value. It used to be allowed,
but it was forbidden by the previous change.
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=565664
Description: Special thanks to edewata@redhat.com for fixing the bug.
> See ldap/servers/slapd/back-ldbm/id2entry.c line 196.
> The second parameter should be a pointer to pointer,
> but the current code passes a regular pointer:
> CACHE_RETURN(&inst->inst_dncache, bdn);
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=563365
1) Error handling in ldbm_back_{add,delete,modify,modrdn} functions was
incomplete. When any error occurs after the transaction begins, the
changes made after that should be aborted. There were some cases the
abort was not called.
2) If modrdn failed in ldbm_back_modrdn, new DN in the DN cache was not
removed.
3) config_set_instancedir in libglobs.c was missing the function type.
|
| |
|
|
|
|
| |
Some platforms (RHEL4 for instance) put the pcre header file in
a pcre subdirectory under /usr/include. This patch makes configure
first search in /usr/include/pcre, then falls back to /usr/include.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=548535
Description:
The attrcrypt module maintains the inst_attrcrypt_state_private
field in the instance structure (ldbm_instance) to store the private
keys. The area and the space for the private keys are allocated in
attrcrypt_init which is called from dblayer_instance_start.
A backend instance could be closed and restarted multiple times
(for instance, in the bulk_import, which is used by the replica
initialization), but the area had no chance to be freed.
This patch is adding the clean-up code.
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=560827
Description: adding a perl subroutine dnEscape to escape special
characters and eliminate spaces around ',', which is to make
the given dn compliant with RFC4514.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=555577
Undoing the previous checkin.
The parameter "strict" is for the trength of the DN validation.
It should be confusing to use it for turning on/off the validation
itself.
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=555577
[See comment 7 of the bug]
DistinguishName validation slapi_dn_syntax_check should be
called only when nsslapd-dn-validate-strict is on.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=559016
[Fix Description] If the target dn of the modrdn operation is a suffix,
check if the new dn already exists or not. If it exists, it returns
LDAP_ALREADY_EXISTS. If the backend associated with the new dn does
not exist, it returns LDAP_NO_SUCH_OBJECT. Otherwise, it returns
LDAP_NAMING_VIOLATION.
If the target dn of the modrdn is attempted to move across backends,
it returns LDAP_AFFECTS_MULTIPLE_DSAS instead of LDAP_UNWILLING_TO_PERFORM.
Modrdn (op_shared_rename) was logging the parameter errors in the
clients request as SLAPI_LOG_FATAL. Reduced the level to SLAPI_LOG_ARGS.
Also, replaced ldap_explode_dn with slapi_dn_syntax_check to verify
the newsuperior.
By the replacement, 2 bugs in slapi_dn_syntax_check were found.
1) The key for the DN in the hashtable of the attribute syntax has
to be "distinguishedName". 2) Argument type for plg_syntax_validate
was not correct.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=247413
[Problem Description] Adding multiple identical values returns
"Operations error (LDAP_OPERATIONS_ERROR == 0x1)" instead of
"Type or value exists (LDAP_TYPE_OR_VALUE_EXISTS == 0x14)"
E.g.,
dn: ou=test,dc=example,dc=com
changetype: modify
replace: description
description: test
description: test
modifying entry "ou=test,dc=example,dc=com"
ldap_modify: Operations error (1)
[Fix Description] API valueset_replace used to override any
error from the lower layer with LDAP_OPERATIONS_ERROR. If
the error is LDAP_TYPE_OR_VALUE_EXISTS, the error is now
returned as is.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=557224
Fix Description: The referential integrity plugin has not supported
the subtree rename (modrdn with newsuperior). This patch is adding
the support.
There are 2 typical cases.
(case 1)
DN that modrdn modifies matches the value of attributes which is the
target of the referential integrity.
E.g.,
modrdn: uid=A,ou=B,o=C --> uid=AA,ou=BB,o=C
then,
member: uid=A,ou=B,ou=C --> uid=AA,ou=BB,ou=C
seeAlso: uid=A,ou=B,ou=C --> uid=AA,ou=BB,ou=C
(case 2)
DN that modrdn modifies is the ancestor of the value of attributes
which is the target of the referential integrity.
E.g.,
modrdn: ou=B,o=C --> ou=BB,o=C
then,
member: uid=A,ou=B,ou=C --> uid=A,ou=BB,ou=C
seeAlso: uid=A,ou=B,ou=C --> uid=A,ou=BB,ou=C
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a number of attributes that AD defines as single-valued
that are multi-valued in the LDAP RFCs. We already had a few
special cases in the winsync code where we only send one attribute
to AD to allow the change to be accepted. We then simply check if
the value in AD is present in DS when comparing entries for further
changes.
This fix cleans up that old implementation a bit by adding a static
list of these single-valued attributes and a helper function to
check if a particular type is in that list. I also had to extend
the attr_compare_present() function to allow a length to be passed
in for limiting the comparison to a portion of the values. This is
needed for the initials attribute, which is single-valued and length
constrained in AD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
begin with "lib"
https://bugzilla.redhat.com/show_bug.cgi?id=537466
Resolves: bug 537466
Bug Description: nsslapd-distribution-plugin should not require plugin name to begin with "lib"
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: We use the function PL_GetLibraryName from NSPR to get the
platform specific DLL/shared lib filename suffix. Unfortunately, this function
also prepends the string "lib" to the given name if the given file has no
suffix. If the given name already has the correct suffix, it does not prepend
the "lib" to the name. get_plugin_name() should look for the original
library name in the string returned by PL_GetLibraryName. If it is there, and
has something before it in the string, see if it is "/lib" - if so, remove the
extraneous "lib" string. If "/lib" is not there, then just pass the string
through as is.
To summarize:
/full/path/to/name.so -> /full/path/to/name.so - error if /full/path/to/name.so does not exist
name -> /default/plugin/path/libname.so -> /default/plugin/path/name.so
name.so -> /default/plugin/path/name.so
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bitwise search filter
https://bugzilla.redhat.com/show_bug.cgi?id=543080
Resolves: bug 543080
Bug Description: Bitwise plugin fails to return the exact matched entries for Bitwise search filter
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The Microsoft Windows AD bitwise filters do not work exactly
like the usual bitwise AND (&) and OR (|) operators.
For the AND case the matching rule is true only if all bits from the value
given in the filter value match the value from the entry.
For the OR case, the matching rule is true if any bits from the value given
in the filter match the value from the entry.
For the AND case, this means that even though (a & b) is True,
if (a & b) != b, the matching rule will return False.
For the OR case, this means that even though (a | b) is True,
this may be because there are bits in a. But we only care
about bits in a that are also in b. So we do (a & b) - this
will return what we want, which is to return True if any of
the bits in b are also in a.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Use entryrdn instead
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=554887
Resolves: bug 554887
Bug Description: Net::LDAP password modify extop breaks; msgid in response is 0xFF
Reviewed by: ???
Branch: HEAD
Fix Description: We use a fake conn for the internal password modify operation
so that we can use the real credentials. Unfortunately, this messes up the
result code - because there is a real, non-NULL conn, it thinks it needs to
send the result back to a real client rather than handle it as an internal
operation. It looks as though o_result_handler is only used for internal
operations. The fix is to change the result handling code to check for
an internal op OR conn == NULL to see if we should use the result handler
instead.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subtypes
Bug Description: Referential Integrity Plugin does not change the references
in subtyped attributes like "manager;en" or "ou;19"
Fix Description: The problem is in the way the function int update_integrity
(char **argv, char *origDN, char *newrDN, int logChanges) in referint.c makes
the changes. The initial search with the filter ldap_create_filter( filter,
filtlen, "(%a=%e)", NULL, NULL, argv[i], origDN, NULL) finds the entries with
attributes and with attribute subtypes. But after that when generating the
necessary changes (attribute1.mod_type = argv[i] and attribute2.mod_type =
argv[i]) the function takes care only of the "base" attributes listed in the
plugin arguments. We should parse each found entry to find all the attribute
subtypes with the value concerned and then make changes to them all.
Note: This bug was reported by andrey.ivanov@polytechnique.fr, and the bug
fix was also provided by him. The patch was reviewed by rmeggins@redhat.com
as well as nhosoi@redhat.com.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=558518
Resolves: bug 558518
Bug Description: several spelling errors
Reviewed by: ???
Branch: HEAD
Fix Description: Fix several spelling errors in error messages and man pages.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=519459
Resolves: bug 519459
Bug Description: Semi-hardcoded include and lib directories in db.m4
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Added --with-db-inc and --with-db-lib to configure. For the
default case, check first in /usr/include/db4, then in /usr/include.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch includes
- replacing the entrydn index with the entryrdn index
- replacing a full DN in each entry in the DB with an RDN
- extending Slapi_Entry, entry2str, and str2entry to absorb the changes
made on the entry
- adding DN/RDN helper functions
- adding DN cache
- adding a utility and a migration script to convert the DN format database
to the RDN format
- extending a database dump utility dbscan to support the entryrdn
- slapi_dn_syntax_check by nkinder@redhat.com is added to check the dn before
modify operations
- big fix for 171338 - Enhancement: winsync modrdn not synced
In addition to the above, compile warnings and memory leaks found in testing
the new feature are fixed.
For more details, see the feature design document at:
http://directory.fedoraproject.org/wiki/Subtree_Rename
and bugzilla at:
https://bugzilla.redhat.com/show_bug.cgi?id=171338
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using winsync, setting a mapped DN attribute (such as seeAlso) to
a DN outside the scope of the sync agreement causes an empty modify
operation to be sent to AD. This causes AD to respond with LDAP error
89, which triggers the update to abort.
The problem is that windows_update_remote_entry() uses a flag to
determine if it has a modify to send to AD. This flag is set by
windows_generate_update_mods(), but the mods are empty since it is
detecting that the DN used in seeAlso is not in the scope of the sync
agreement.
The fix is to only set the modify flag if we actually have mods to send.
|
| |
|
|
|
|
|
|
| |
According to the strncpy() manual, if there is no null byte among the
first n bytes of src, the string placed in dest will not be null
terminated. To fix the problem the null byte should be added manually.
Reviewed by: rmeggins
Pushed by: rmeggins
|
| |
|
|
|
|
| |
There was a simple syntax error in the dirsrv SELinux interface
file. This would cause issues building the admin server SELinux
policy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=555189
Resolves: bug 555189
Bug Description:
ldclt code is not passing the password correctly to ldap_sasl_bind_s.
The server receives NULL credential. Due to the default configuration:
nsslapd-allow-unauthenticated-binds: off
the unauthenticated bind fails with LDAP_UNWILLING_TO_PERFORM.
Reviewed by: rmeggins@redhat.com
Files: see diff
Branch: HEAD
Fix Description:
When "-e randombinddnfromfile=file" is given, bind dn and password pair
is retrieved from the file and is supposed to pass to ldap_sasl_bind_s.
Although the password was read from the file, but it was not set to the
berval "cred" which was passed to ldap_sasl_bind_s. Therefore, the
bind operation tried to bind with bind dn and NULL password, which now
fails since it's considered as an unauthenticated bind. This change
fixes the problem. Also, a usage typo is being fixed.
Platforms tested: Fedora 11
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=509201
Resolves: bug 509201
Bug Description: rhds81 hub with 71 master - err=32 on replica base search during replication
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: This patch doesn't fix the problem, but it makes it less likely to occur in the future. The problem is that we are not consistent about using normalized DNs everywhere. Without using a normalized DN, it is impossible to construct a DN containing another DN (e.g. cn="dc=example, dc=com", cn=mapping tree, cn=config) that another client can match on. This patch at least forces setup to use a normalized DN for the suffix.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: Yes - we will need to document what to do when running into this problem, as in the workaround in the bug report
|
