| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
These changes allow the server to be built with OpenLDAP (2.4.17+). A brief summary of the changes:
* #defines not provided by OpenLDAP were copied into slapi-plugin.h and protected with #ifndef blocks
* where it made sense, I created slapi wrapper functions for things like URL and LDIF processing to abstract way the differences in the APIs
* I created a new file utf8.c which contains the UTF8 functions from MozLDAP - this is only compiled when using OpenLDAP
* I tried to clean up the code - use the _ext versions of LDAP functions everywhere since the older versions should be considered deprecated
* I removed some unused code
NOTE that this should still be considered a work in progress since it depends on functionality not yet present in a released version of OpenLDAP, for NSS crypto and for the LDIF public API.
|
| |
|
|
|
|
|
|
| |
For more details, see the design doc at http://directory.fedoraproject.org/wiki/Thread_Aware_Regex
Additional 2 unrelated changes are being made:
1) dbgen.pl.in: secretary and manager are having a dn format value "cn=...".
2) slapi_counter_sunos_sparcv9.S: adding "#define _ASM 1" to force to set an assembler code macro _ASM.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
changed brand and capbrand to 389
changed vendor to "389 Project"
I had to redo my earlier patch - I should have used the newer
automake and autoconf to reduce the size of the patch
This commit uses automake 1.10.1 and autoconf 2.63 from F10
Reviewed by nkinder (Thanks!)
|
| |
|
|
|
|
|
| |
A change was also made to Makefile.am to avoid library versioning
for our C++ plug-in libraries. This change should allow us to use
autogen.sh on recent platforms without running into issues during
build-time.
|
| | |
|
| | |
|
| |
|
|
|
| |
Summary: move perl on solaris to a <TBD> path
Description: Changing Solaris perl path (perlexec) to /usr/lib/sparcv9/dirsec/perl5x/bin/perl.
|
| |
|
|
|
| |
Summary: move perl on solaris to a <TBD> path
Description: Changing Solaris perl path (perlexec) from /opt/perl5x/bin/perl to /usr/lib/sparcv9/dirsrv/perl5x/bin/perl.
|
| |
|
|
| |
Summary: Added new remove-ds.pl script and manpage.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Support server-to-server SASL - part 1
Reviewed by: nkinder, nhosoi, ssorce (Thanks!)
Fix Description: I've created two new functions to handle the client side of LDAP in the server - slapi_ldap_init_ext and slapi_ldap_bind. These two functions are designed to work with any connection type (ldap, ldaps, ldap+starttls, and eventually ldapi) and bind type (plain, sasl, client cert). The secure flag has been extended to use a value of 2 to mean use startTLS. One tricky part is that there is no place to store the startTLS flag in init to pass to bind, so we store that in the clientcontrols field which is currently unused. We do that because the semantics of ldap_init are not to do any network traffic, but defer that until the bind operation (or whatever the first actual operation is e.g. start_tls). I plan to replace all of the places in the code that do ldap init and bind with these functions.
I started with replication. I extended the transport to add tls for startTLS and the bind method to add sasl/gssapi and sasl/digest-md5. I removed a lot of code from repl5_connection that is now done with just slapi_ldap_init_ext and slapi_ldap_bind. One tricky part of the replication code is that it polls the connection for write available, using some ldap sdk internals. I had to fix that code to work within the public ldap api since nspr and sasl muck with the internals in different incompatible ways.
Finally, there is a lot of new kerberos code in the server. The way the server does sasl/gssapi auth with its keytab is similar to the way it does client cert auth with its ssl server cert. One big difference is that the server cannot pass the kerberos identity and credentials through the ldap/sasl/gssapi layers directly. Instead, we have to create a memory credentials cache and set the environment variable to point to it. This allows the sasl/gssapi layer to grab the credentials for use with kerberos. The way the code is written, it should also allow "external" kerberos auth e.g. if someone really wants to do some script which does a periodic kinit to refresh the file based cache, that should also work.
I added some kerberos configure options. configure tries to first use krb5-config to get the compiler and linker information. If that fails, it just looks for some standard system libraries. Note that Solaris does not allow direct use of the kerberos api until Solaris 11, so most likely Solaris builds will have to use --without-kerberos (--with-kerberos is on by default).
Fixed a bug in kerberos.m4 found by nkinder.
ssorce has pointed out a few problems with my kerberos usage that will be addressed in the next patch.
Changed the log level in ldap_sasl_get_val - pointed out by nkinder
Platforms tested: Fedora 9, Fedora 8
Flag Day: yes
Doc impact: oh yes
|
| |
|
|
| |
Summary: Added 64-bit atomic functions for platforms lacking built-ins.
|
| |
|
|
| |
Summary: Convert counters to 64-bit capable Slapi_Counter type.
|
| |
|
|
|
|
|
|
|
|
| |
Summary: LDAPI: when nsslapd-ldapiautodnsuffix doesn't exist - Bind is incorrect
Description:
- introducing --enable-auto-dn-suffix option to configure (disabled by default)
- building the auto-dn-suffix code only when the option is set
======================
autoconf version 2.59
automake version 1.9.6
|
| |
|
|
|
|
|
| |
Summary: (64bitcounters) rhds 7.1 - server stats use 32-bit integers -
entrycachehitratio 1503%
Description: checking in autoconf derived files.
Ran autogen on RHEL5; autoconf version 2.59, automake version 1.9.6
|
| | |
|
| |
|
|
| |
Summary: Add support for 64-bit counters (phase 1).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
Fix Description: The intptr_t and uintptr_t are types which are defined as integer types that are the same size as the pointer (void *) type. On the platforms we currently support, this is the same as long and unsigned long, respectively (ILP32 and LP64). However, intptr_t and uintptr_t are more portable. These can be used to assign a value passed as a void * to get an integer value, then "cast down" to an int or PRBool, and vice versa. This seems to be a common idiom in other applications where values must be passed as void *.
For the printf/scanf formats, there is a standard header called inttypes.h which defines formats to use for various 64 bit quantities, so that you don't need to figure out if you have to use %lld or %ld for a 64-bit value - you just use PRId64 which is set to the correct value. I also assumed that size_t is defined as the same size as a pointer so I used the PRIuPTR format macro for size_t.
I removed many unused variables and some unused functions.
I put parentheses around assignments in conditional expressions to tell the compiler not to complain about them.
I cleaned up some #defines that were defined more than once.
I commented out some unused goto labels.
Some of our header files shared among several source files define static variables. I made it so that those variables are not defined unless a macro is set in the source file. This avoids a lot of unused variable warnings.
I added some return values to functions that were declared as returning a value but did not return a value. In all of these cases no one was checking the return value anyway.
I put explicit parentheses around cases like this: expr || expr && expr - the && has greater precedence than the ||. The compiler complains because it wants you to make sure you mean expr || (expr && expr), not (expr || expr) && expr.
I cleaned up several places where the compiler was complaining about possible use of uninitialized variables. There are still a lot of these cases remaining.
There are a lot of warnings like this:
lib/ldaputil/certmap.c:1279: warning: dereferencing type-punned pointer will break strict-aliasing rules
These are due to our use of void ** to pass in addresses of addresses of structures. Many of these are calls to slapi_ch_free, but many are not - they are cases where we do not know what the type is going to be and may have to cast and modify the structure or pointer. I started replacing the calls to slapi_ch_free with slapi_ch_free_string, but there are many many more that need to be fixed.
The dblayer code also contains a fix for https://bugzilla.redhat.com/show_bug.cgi?id=463991 - instead of checking for dbenv->foo_handle to see if a db "feature" is enabled, instead check the flags passed to open the dbenv. This works for bdb 4.2 through bdb 4.7 and probably other releases as well.
Platforms tested: RHEL5 x86_64, Fedora 8 i386
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Lack of manpages
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: This adds man pages for the command line utilities. The configure.ac diffs were a little bit tricky - apparently, mandir is not set to a correct default value, so we have to make sure we set a reasonable default value it if the user has not set it (e.g. rpmbuild will override it with --mandir=something).
Platforms tested: Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Add CLI for dynamic reload schema file task
|
| |
|
|
| |
Summary: Added CLI for creating memberOf fix-up task entry.
|
| |
|
|
|
|
| |
Summary: Dynamically reload schema via task interface
Description: implemented task based schema file reloading
(see also http://directory.fedoraproject.org/wiki/Dynamically_Reload_Schema)
|
| | |
|
| |
|
|
|
|
| |
Summary: LDAPI: introduce --enable-autobind to support AUTOBIND
Description: --enable-autobind is supported. Unless it's set, the auto-bind
code is not compiled in.
|
| | |
|
| |
|
|
| |
640:9c57bd91b32f if ipa-memberof.c).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Bug Description: build links wrong libdb on 64-bit systems
Reviewed by: nhosoi (Thanks!)
Fix Description: Once again, libtool attempts to be helpful but is instead harmful. If you have both db4-devel.i386 and db4-devel.x86_64 installed, this will install /usr/lib/libdb-4.N.la. If you use libtool to link with -ldb-4.N, and you do not specify a search path, libtool will attempt to find this library in it's default search path, which is something like /usr/lib/gcc/x86_64/blahblahblah/../../../lib. This will find /usr/lib/libdb-4.N.la and will use the information in that file and link the object with /usr/lib/libdb-4.N.so, instead of just passing -ldb-4.N through to the linker which is what it ought to do (darn libtool). In order to make libtool do the right thing, we must pass in -L$libdir -ldb-4.N to libtool so that it will use $libdir first in its search path.
Platforms tested: RHEL5 x86_64, RHEL4 x86_64
Flag Day: yes - autotool file changes
Doc impact: no
|
| |
|
|
| |
Summary: Don't define _XOPEN_SOURCE_EXTENDED on HP-UX.
|
| |
|
|
| |
Summary: Solaris: warnings reported by the Solaris compiler
|
| |
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
| |
|
|
| |
Summary: Install SNMP subagent mibs.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: init script modification needed for kerberos auth
Reviewed by: nhosoi (Thanks!)
Fix Description: I just took Simo's initial patch and ran with it. The initconfigdir parameter is the directory containing the config file for the init script. configure will first try to use $(sysconfdir)/sysconfig, then $(sysconfdir)/default (Solaris and Debian, among others), then the package config directory (the default on HP-UX), for this parameter. The init script and startup script will look in the initconfigdir to find the init config file to source. For directory server, an instance specific file can be used, named e.g. dirsrv-localhost which will apply to the slapd-localhost instance only.
A default init config file is provided for dirsrv and dirsrv-admin, with some examples of how it could be used.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file changes
Doc impact: Yes. We will need to document how the user can supply environment to the servers at startup time without having to edit the init scripts or the startup scripts.
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Set SASL_PATH in ldclt wrapper script.
|
| | |
|
| | |
|
| |
|
|
|
| |
Summary: Installation failed. template files not found.
Description: Added template-sasl.ldif to Makefile.am
|
| | |
|
| |
|
|
|
|
|
|
| |
Summary: verify-db.pl (db_verify) does not work on a little endian machine
(comment #1-#4)
Description: 1) introducing dbverify mode to ns-slapd.
2) providing new script dbverify to call "ns-slapd dbverify"
3) fixing verify-db.pl to call dbverify instead of db_verify from BDB
|
| |
|
|
| |
Summary: Support FHS opt layout for perldir and propertydir.
|
| |
|
|
| |
Summary: Check if pkgconfig is available before trying to use it.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Change filesystem path naming from "fedora-ds" to "dirsrv"
Reviewed by: nkinder (Thanks!)
Fix Description: Mostly just changing the package name in configure.ac, and making sure we consistently use that in path naming (e.g. /etc/@PACKAGE_NAME@ or /etc/@PACKAGE_NAME_BASE@ for adminserver).
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: Oh yes.
QA impact: Any existing tests that depend on /path/brand-ds will need to change to use dirsrv. It is highly encouraged to use a macro or variable for the package name in any scripts to minimize the impact of future package name changes.
|
| |
|
|
| |
be ignored, which causes rpm packaging errors
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: improve perldap script execution ability on bundled platforms
Reviewed by: nkinder (Thanks!)
Fix Description: Most platforms will just use perl from PATH. However, on Solaris and HP-UX, we have to use special 64 bit versions to execute perldap, since perldap is 64 bit on those platforms. Also, if bundling all of the dependent components into the single package, we need to make sure the perl library path is set correctly to find perldap.
The last step will be to build our version of perldap on the bundled platforms to use rpath to point to the correct runtime library location.
Platforms tested: RHEL4, HP-UX 11.23 IPF 64 bit
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Replace ds_newinst binary with perl script
Reviewed by: nhosoi (Thanks!)
Fix Description: The time has come. We can finally get rid of the instance creation C code
once and for all. I've created a DSCreate module that has all of the functionality of the old
create_instance.c code, along with a few items from ldap/admin/lib. The way it works is
this: it first creates the dse.ldif file using template-dse.ldif and the suffix-db template to
create the initial db and suffix. It then adds additional optional configuration depending
on what optional features have been enabled. It creates other config files and copies in
the schema. It then initializes the database. It uses a template file based on the type of
entry implied by the suffix, then adds the default ACIs. If the user chose to do so, it
will also create the ou=people, ou=groups, etc. entries. The user can also supply an LDIF
file which will be used to populate the initial database, in which case none of the default
entries or ACIs will be used. It then starts the server (if desired).
I had to create a function makePaths that works like mkdir -p except that it will chown,
chgrp, and chmod all paths created.
I had to change the other places where instance creation was called to use the new
calling semantics. ds_create changed quite a bit, since it can just use an Inf to pass in the
information instead of calling ds_newinst as a CGI program.
I had to change FileConn to add support for namingContexts (i.e. entries with no parent),
and to have it write each change each time, and to return copies of entries when searching,
to avoid modifying the tree in place. This makes it act much more like LDAP.
I found and fixed a few bugs in Migration along the way that were revealed while integrating
the new DSCreate code.
Platforms tested: RHEL4, FC6
Flag Day: Yes. New instance creation code and autotool changes.
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: DS Admin Migration framework
Reviewed by: nhosoi (Thanks!)
Fix Description: Created a Migration class that is very similar to the Setup class - to act as a sort of global context for the migration process. Moved most of the guts of migrateTo11 into the new DSMigration class and the new migrate-ds.pl - we should deprecate migrateTo11 in favor of migrate-ds.pl. I had to enhance the check_and_add_entry function to handle pseudo-LDIF change records - pseudo because mozilla perldap LDIF has no real LDIF change record support.
Fixed a bug in create_instance.c - creating an instance without starting it was not working if the port number of an existing directory server was supplied.
Added a new method createDSInstance to Util - this just wraps ds_newinst.pl for now.
Platforms tested: RHEL4
Doc: Yes. We will need to document the migration procedures.
Flag day: Yes. Autotool file changes.
|
