| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=644608
Description:
Previous cherry-pick commit 5cd9fc9826fd88b8672129e41523065c0b692c3b
failed the merge for setting a special dup compare callback
ai_dup_cmp_fn when it is set.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=644608
Description: Upgrade script ##upgradednformat.pl generates an
ancestorid index file in which the entry IDs are not sorted
in the index values.
This was caused because
1. upgradednformat.pl copies db files to a work dir
/path/to/db/<inst>/dnupgrade/<inst>
and run upgradednformat against the work dir.
2. Since ancestorid index needs to be created from the scratch,
import/upgradednformat code deletes the index and recreates
it.
3. When creating the index file, dblayer_open_file checks if
the to-be-opened index file is (in the standard location AND
the file exists) or not. In this case, the condition is
satisfied. Thus, the db is created using an absolute path
and closed once. Then, it is reopened using a relative path.
4. Before opening an index file, callback functions for libdb
are set. idl_new_compare_dups is one of them which is used
to sort entry IDs in the secondary index attribute values.
The setting is discarded by the close described in 3.
This patch resets the db callbacks and flags after the close.
Note: cherry-picked 058299aeaf48e34f4359f00cc05eb7186a80fc48
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=629681
Description: As reporter Oliver Thalmann (oliver.thalmann@chuv.ch)
pointed out, retrocl_init_trimming was repeating the retrocl_
housekeeping event every 5000 minutes instead of 5 minutes.
This patch fixes it to 5 minutes.
|
|
|
|
|
|
|
|
|
|
| |
are not upgraded in the server instance schema dir
https://bugzilla.redhat.com/show_bug.cgi?id=645061
Description: To replace 06inetorgperson.ldif and 05rfc4524.ldif
in teh server instance schema dir, adding the 2 schema files to
the toremove list in the schema upgrade script 60upgradeschemafiles.pl.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the entrydn in id2entry
https://bugzilla.redhat.com/show_bug.cgi?id=592397
Description: If entries created by the 389 v1.2.5 or older,
the primary db (id2entry.db4) contains "entrydn: <normalized dn>".
Upgrading from the old version to v1.2.6 keeps the entrydn
attribute type and its value even though v1.2.6 is not supposed
to store the entrydn in the database.
1) This patch drops the entrydn attribute and value in upgrading
the db.
2) If an ldif file contains entrydn attribute type and value,
import (ldif2db[.pl]) ignores it.
3) A leak was found in the export (db2ldif[.pl]) which is fixed.
4) When nsslapd-subtree-rename-switch configuration attribute has
the value "on", entrydn is not used nor created. But the
server accepted reindexing entrydn request and generated an
entrydn index file. This patch rejects it.
5) Entry and dn cache clear calls (cache_clear) are added to
dblayer_instance_close in "#if defined(_USE_VALGRIND)", which
is not defined. To enable the code, the server needs to be
rebuilt with defining the macro. This is purely for debugging.
|
|
|
|
|
|
|
| |
This patch allows an empty modify operation. We currently reject
an empty modify operation, but this patch makes the empty operation
update the modifyTimestamp and modifiersName attributes similar to
a touch-type operation.
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=644013
Resolves: bug 644013
Bug Description: uniqueness plugin segfault bug
Reviewed by: self - one liner
Branch: master
Fix Description: Access the array pointer correctly
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
|
|
|
|
|
|
| |
The flags used to identity the replication protocol versions for
7.1 and 9.0 are not being initialized. This can cause the wrong
protocol to be used when replicating to another server. This
patch initializes the flags to 0 when the structures are created.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=643532
Description: Some of the functions in ldbm_entryrdn.c uses
static memory for reading data from the entryrdn index, where
the static initializer should not have been used since the
memory cannot be shared among threads. This patch fixes it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=244229
Description:
1. When acl contains targetattr keyword:
(targetattr [!]= "attribute_1 || attribute_2 ...|| attribute_n"),
where attribute_n does not contain '*', the current ACL plugin
accepts any attribute_n value even if it is not defined in the
schema. This patch rejects the aci if it contains attribute_n
not defined in schema with this error message:
NSACLPlugin - targetattr "attribute_n" does not exist in schema.
Please add attributeTypes "attribute_n" to schema if necessary.
The message is logged in the error log as well as returned to
the client.
2. To implement 1, slapi APIs slapi_attr_syntax_exists is added.
3. An attributeTypes "connection" is added to 01core389.ldif which
is referred in an aci of cn=monitor.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability for CoS values to be merged and create
multi-valued attributes. One can append "merge-schemes" the the
end of the cosAttribute value in a definition entry to allow values
to be merged.
With a single indirect CoS definition, a merge will make CoS use
each specifier attribute value in the target entry to look for
CoS values in each of the found template entries. All of these
values will then be applied to the target entry (with the exception
of duplicate values).
With multiple indirect CoS definitions for the same attribute,
setting merge mode for all definitions will cause all of the
definitions to be used to find the values to apply to the target
entry. If merge-schemes is not defined for all of these definitions,
the result is undefined (values from the first found CoS definition
will be applied).
|
|
|
|
|
|
| |
Removed the extra proxydn format argument that was not being used
Use %lu for size_t format arguments
Reviewed by: nkinder (Thanks!)
|
|
|
|
|
| |
The DSMigration.pm has been modified such that it executes the
update scripts including removing deprecated schema.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
allow to delete some cn=config attributes
https://bugzilla.redhat.com/show_bug.cgi?id=602456
Description:
1. Originally, configuration attributes are designed not to allow
adding or deleting, but to allow just replacing. Due to a defect
in checking the add operation, adding (LDAP_MOD_ADD) is not rejected.
Instead of fixing the add checking to disallow adding, this patch
logs the operation in the error log.
2. On the other hand, deleting configuration attributes is rejected
by LDAP_UNWILLING_TO_PERFORM. We have a request that some attributes
need to allow to delete. This patch introduces a config attribute
nsslapd-allowed-to-delete-attrs, which value is configuration
attributes separated by a space ' '. If an attribute is in the list,
the attribute is allowed to delete. The delete operation is also
logged in the error log. By default, the list contains "nsslapd-
listenhost" and "nsslapd-securelistenhost".
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=586973
Description by rcritten@redhat.com:
There are no files in /usr/share/dirsrv/ldif.
This should be /usr/share/dirsrv/data/template-*.ldif
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=586966
Description: replacing the perl syntax with the corresponding
shell syntax.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of sasl packet length on connection 4
https://bugzilla.redhat.com/show_bug.cgi?id=637852
Description: A SASL packet is made from the 4 byte length and
the length size of payload. When the first 4 bytes were not
successfully received by one PR_Recv call, sasl_io_start_packet
in sasl_io.c considered an error occurred and set PR_IO_ERROR,
which terminates the SASL IO session.
To give clients a chance to send the rest of the length in the
next packet, this patch sets PR_WOULD_BLOCK_ERROR to the nspr
error code and EWOULDBLOCK/EAGAIN to errno and once the succeeding
packet comes in, it appends it to the previous incomplete length
data and continues the SASL IO.
|
|
|
|
|
|
|
|
| |
When removing an instance using remove-ds.pl, a fatal error will
be thrown when trying to remove the SELinux port label if the port
is not labelled. This patch makes this case a non-error since
there is no need to complain about removing a label if it has
already been removed.
|
|
|
|
|
| |
The plugin_id variable is unused in acct_inact_limit(). This
patch removes the unused variable.
|
|
|
|
|
|
| |
This patch makes the access log entries for search, add, mod, del,
and modrdn operations display the authzid that is used when the
proxy authorization control is sent by the client.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
write entry; db error - 22 Invalid argument
https://bugzilla.redhat.com/show_bug.cgi?id=640854
Description: DBENV open flags is used to determine the DB_OPEN mode
whether to set DB_AUTO_COMMIT or not. The info was eliminated in
the change made for "Bug 633168 - Share backend dbEnv with the
replication changelog".
This patch picks up the backend dbenv openflags and uses it for
the changelog DB_OPEN.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=640027
Description: When DN is made from RDNs containing escaped plus
"\+", the dn normalizer considers the value could be nested multi-
valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO)
In that case, multi-valued RDNs are sorted by the normalizer.
(==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO)
The sample DN provided by Andrey Ivanov contains "\+", but that
is not a separator for the multi-valued RDNs:
cn=mytest\+\=-123'\;456,dc=example,dc=com
The dn normalizer should have checked the possibility, as well.
The check is added in this patch.
Also, sorting was not triggered if multi-valued RDNs are located
at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO)
The bug was fixed, as well.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Console throws an error dialog when you attempt to edit the
default self-write ACI. The Console thinks that the labeledURL
attribute is not valid sicne it does not properly handle attributes
that use anything other than the primary short name.
This patch changes the default ACI to use the primary short name
of labeledURI instead of labeledURL. Fixing the Console to handle
non-primary short names will be dealt with in another bug in the
future.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=639289
Description:
There was a bug in the utf8 uppe2Lower table:
Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map
to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but
to ascii 'i' (1 byte). The shortened DN tailed with a garbage
character and the entry was treated as an orphan entry which does
not belong to any suffix.
This patch fixes the mapping table mismatch as well as adds a code
to dn_ignore_case_to_end to force to NULL terminate the converted
string.
|
|
|
|
|
|
|
|
|
|
|
| |
no instances
https://bugzilla.redhat.com/show_bug.cgi?id=628096
The initscript.in has been modified such that it will suppress
the error message from the ls command and generate a consistent
error message for all commands in case there is no instance
configured.
|
|
|
|
| |
Fixed some typos and copy/paste errors in Makefile.am and acctpolicy schema
|
|
|
|
|
|
|
|
| |
if the attribute accountInactivityLimit is specified in the global
config entry cn=config,cn=Account Policy Plugin,cn=plugins,cn=config,
it will be the default inactivity limit - if there is an account policy
specified by acctPolicySubentry, that one will take precedence over the
global policy
|
|
|
|
|
|
| |
the main init function is responsible for looking to see if it is enabled
and should not do any further processing, including registering the
pre/post op plugins, if it is disabled
|
|
|
|
|
| |
acct_record_login() should use and destroy the pblock locally - it does
not need to be passed in from the calling function
|
|
|
|
|
|
|
|
|
|
|
| |
Add the account policy plugin and related server code, schema, and config
A new switch to configure has been added --enable-acctpolicy - this is
enabled by default - so the plugin and the schema will be built and installed
by default
the plugin will be in dse.ldif, but will be disabled by default
The original contribution had some minor problems with the schema and config
entries - these have been cleaned up
The original contribution had a few memory leaks - these have been cleaned up
|
|
|
|
|
|
|
|
|
|
| |
Have to ensure that all usage of ber_init in the server checks to see if
the bv->bv_val is non-NULL before using ber_init, and return the appropriate
error if it is NULL
Also fixed a problem in dna_extend_exop - would not send the ldap result to
the client in certain error conditions
Reviewed by: nhosoi (Thanks!)
Tested on: RHEL5 x86_64
|
|
|
|
|
|
|
|
|
|
|
| |
When using the linked attribute plug-in, an entry that is renamed
that is outside of the scope of the plug-in will cause the forward
links in other entries to be updated if they contain a managed
attribute type.
We need to check if the new DN of the renamed entry is within the
scope of the configured linked attributes before updating forward
links.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description:
This commit made for the bug 635987 introduced a bug to replication.
commit 8ac525e5ac997378f4f2a386e9b96568c8d66db5
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue Sep 21 15:12:07 2010 -0700
subtree_candidates (ldbm_search.c)
If you do have a tombstone filter, descendants will be NULL,
and idl_intersection of candidates and descendents will wipe
out all of the candidates, leaving just the one entry, e->ep_id.
Changed to call idl_intersection only when the filter is not
for tombstone or entryrdn_get_noancestorid (false, by default).
|
|
|
|
|
|
|
|
| |
When going through the exceptions table in libaccess, we don't
check if we are at the last pair of elements in the array before
incrementing to the next pair. This patch adds checks to see if
we are at the last pair of elements and avoids the increment if
necessary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=634561
Resolves: bug 634561
Bug Description: Server crushes when using Windows Sync Agreement
Reviewed by: ???
Branch: master
Fix Description: The regular replication protocol and the windows sync
protocol have two completely different struct repl_connection. They
are almost the same, almost identical fields, but they are different.
When additional fields were added to the struct repl_connection, not
at the end of the structure, and identical changes were not made to the
struct repl_connection in windows_connection.c, the structures got out
of sync. The authors tried to anticipate this condition by providing
windows_ versions of all of the conn_ functions. We were not using the
windows_ versions of these functions in all places in the winsync code.
The fix is to use the windows_ versions of these functions throughout
the winsync code, and to make the struct repl_connection the same size
up through the char *plain field. If additional fields are added to
either structure at the end, this problem should not occur in the
future.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 4bd78323d0bb1299a19e0ed1feebc79ff997c92f)
|
|
|
|
|
|
|
|
|
|
|
| |
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: Client side sizelimit / timelimit request should
be honoured by the Directory Manager, too. Changing the time/
sizelimit evaluation so that if client side request exists,
the value is set even if the bind user is the directory manager.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ACL containing ldap:///self
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description: When a basedn has no descendants, the code to take an
intersection of idl (which was returned from the filter search --
filter_candidates) and the basedn was skipped in subtree_candidates
(ldbm_search.c). Regardless of descendants, the intersection should
be taken for the idl and a tree starting with the basedn.
Note: This bug was introduced with entryrdn.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The acl_Parse() has been modified to release newacls and newaclv
when an error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The str2simple() has been modified to release unqstr when
an error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The cos_cache_add_defn() has been modified to release theDef
when an error occurs.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The plugin_setup() has been modified to release the value before
it returns.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The acllas__client_match_URL() has been modified to release the
hostport before it returns.
|
|
|
|
|
|
| |
The ldapu_propval_list_free() function was freeing the nodes in
the list, but not the list itself. We need to free the list itself
after all of the nodes have been freed.
|
|
|
|
|
| |
We don't free new_scheme if the password encode function is not
set. We need to free new_scheme in this error case.
|
|
|
|
|
|
| |
There is a chance that we leak the memory pointed to by the new
variable if we never have one of the ldclt contexts point to it.
We need to jump to the error label in this case to free the memory.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The moddn_rename_children() has been modified to release
child_entry_copies before it returns.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The import_producer() has been modified to release ep when an error
occured.
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The index_set_entry_to_fifo() has been modified to release ep when
the job is aborted.
|