| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Summary: Performance cleanup of sync code. Improve tombstone search performance.
|
| |
|
|
| |
Summary: Handle syncing add opererations that have a ntuniqueid present.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: MMR: Directory updates on same object
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem does appear to be concurrency. I think the original intention of
the urp fixup code was that it should only be run inside the database lock, so
that the database could be restored to a consistent state before the next
operation was processed. However, this requires the database code to know when
the database is already locked, so that if e.g. a modrdn operation needs to
call an internal delete, the database should not be locked again. The flag
OP_FLAG_REPL_FIXUP is used to denote both that the operation is such an
internal operation, and that the database should not be locked again.
There are a couple of cases where these operations can be called from outside
of the database lock:
urp_fixup_rename_entry is called from multimaster_postop_modrdn and
multimaster_postop_delete, both of which are front end post op plugins, not
called from within the database lock. Same with urp_fixup_delete_entry and
urp_fixup_modify_entry. In other cases, such as urp_fixup_add_entry, and other
places where urp_fixup_rename_entry and urp_fixup_modify_entry are called, they
are called from a bepostop plugin function, which is called after the original
database operation has been processed, within the database lock. So the
solution appears to be to move the urp_* functions to the bepostop plugin
functions. One of these functions does an internal search -
urp_get_min_naming_conflict_entry - but it does not appear that search locks
the database, so there was nothing to be done to make it "reentrant".
Without this patch, I can crash the server in a matter of minutes (x86_64
rhel5) using the latest Fedora DS 1.1 code. With the patch, the server runs
for several hours (maybe longer, I had to stop the test).
Also, to really exercise the urp code, I added a rename operation between the
add and delete e.g.
add("ou=test");
rename("ou=test", "ou=test2");
delete("ou=test2");
The server still runs for several hours with no problems.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: crash at startup with new ldap sdk on 64-bit platform
Reviewed by: nkinder (Thanks!)
Fix Description: Use LBER_SOCKET as the socket type instead of int. There was also a place in ldclt where we were doing the same thing.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Summary: verify-db.pl (db_verify) does not work on a little endian machine
(comment #1-#4)
Description: 1) introducing dbverify mode to ns-slapd.
2) providing new script dbverify to call "ns-slapd dbverify"
3) fixing verify-db.pl to call dbverify instead of db_verify from BDB
|
| |
|
|
| |
Summary: Corrected search scope used to find entries to sync in winsync total update protocol.
|
| |
|
|
| |
Summary: Handle syncing multi-valued street attribute to AD.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: This was a big endian vs. little endian issue. We only use name based UUID generation with the reversible password code. This code was not doing the ntoh with the numeric values generated. I'm sure there is probably a compiler warning about this on some platform.
Platforms tested: RHEL5 x86_64, Solaris 9 64-bit
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Check if passwords are already hashed before sync'ing with AD.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: enabling chain-on-update causes replica to act as a master
Reviewed by: nkinder (Thanks!)
Fix Description: This fix is only minor - we must use sym_load() to look up plugins, including the entry distribution plugin we use for chain on update. But I don't believe this was causing the problem. Chain on update does not work if you BIND as directory manager. You must bind as a regular user. It may be difficult to change this. We need to do more testing to see if, in general, proxy BIND and operations work with directory manager. The chaining backend cannot use directory manager as the proxy user.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes, we need to make sure we document exactly how chain on update is to be used.
|
| |
|
|
| |
Summary: Trim initials attribute value when sync'ing to AD.
|
| |
|
|
|
|
| |
Summary: cyclic dependency from getpwnam() in log rotation code
Description: Moved getpwnam call to the startup time, store the info in
slapdFrontendConfig to reuse.
|
| |
|
|
|
|
|
|
| |
Bug Description: Does not build on Fedora 8
Fix Description: If using the O_CREAT flag with open(), the file mode must also be given. Also, the bdb calls to use ->open() must use parentheses around the function pointer access e.g. (DB->open)(args...) instead of just DB->open(args).
Platforms tested: RHEL4, Fedora 8
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Change filesystem path naming from "fedora-ds" to "dirsrv"
Reviewed by: nkinder (Thanks!)
Fix Description: Mostly just changing the package name in configure.ac, and making sure we consistently use that in path naming (e.g. /etc/@PACKAGE_NAME@ or /etc/@PACKAGE_NAME_BASE@ for adminserver).
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: Oh yes.
QA impact: Any existing tests that depend on /path/brand-ds will need to change to use dirsrv. It is highly encouraged to use a macro or variable for the package name in any scripts to minimize the impact of future package name changes.
|
| |
|
|
| |
Summary: Changed ldap-agent to find location of stats file dynamically.
|
| |
|
|
| |
Windows.
|
| |
|
|
| |
Summary: not all the addresses associated with listenhost are bound to listen sockets (comment #10)
|
| |
|
|
|
| |
Summary: rsearch - make search timeout a configurable parameter
Description: Introduced a new option "-o <search time limit>"
|
| |
|
|
|
|
|
|
|
| |
Bug Description: cn equality index missing by default
Reviewed by: nhosoi (Thanks!)
Fix Description: When creating the database instance during dse.ldif processing, we do not create the user defined indexes from the defaults for this backend. This used to work in the old setup code because that code would always add the configuration for the indexes for the new instance. The way it is supposed to work is that a new instance should just copy the default indexes for that backend. This works fine when adding an instance via LDAP but not during startup. I just added a call to have this done during startup. I also removed some obsolete indexes from the default indexes.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
| |
Description: CLU: dbgen.pl fails to load data files
Reviewed by: nhosoi (Thanks!)
Fix Description: dbgen.pl is hardcoded to look for data files in ../data. Instead, we should allow the user to provide the location to the data files e.g. -l /path/to/data, and we should also use share/brand-ds/data as the default directory.
|
| |
|
|
|
|
|
| |
Summary: rhds71 Invalid LDIF Syntax crashes directory server (comment #18)
Description: The problem was if an RDN ends with '\\', strcpy_special_undo
did not check if there is no more character, and incremented the pointer
beyond the end and accessed the address.
|
| |
|
|
|
|
| |
Summary: Reimplement ds_remove without setuputil code (comment #6)
Description: adding nsslapd-instancedir to dse.ldif for ds_remove to find out
the instance dir path.
|
| |
|
|
|
| |
Summary: feature request for ldclt: add randomauthid for testing
Description: Adding randomauthid options: -e "randomauthid" -e "randomauthidlow=<low>" -e "randomauthidhigh=<high>"
|
| |
|
|
|
|
| |
Summary: Add config attributes to cn=config to support Console (comment #1)
Description: Console needs to know the default paths for ldif_dir and bak_dir.
Adding the paths to cn=config.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
| |
|
|
|
|
|
|
| |
Summary: Use mozldap6 ldif_parse_line API
Changes:
1) Removed ldif.h from the DS tree.
2) Eliminated the 5-th arg of ldif_parse_line (errmsg) and the errmsg related
code.
|
| |
|
|
| |
Summary: Added SASL support to ldclt as well as some thread-safety fixes for ns-slapd when using SASL.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: bitwise matching plugin
Fix Description: Samba requires backend LDAP servers to support bitwise operations. This is to support search filters like this:
(|(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))
Note: This patch works for Samba's tests, but hasn't been more broadly or specifically tested.
This commit also adds an --enable-bitwise option to configure (enabled by default - use --disable-bitwise to disable it) and adds the plugin entry to the configuration during new instance creation.
Platforms tested: FC5/FC6
|
| |
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot (Comment #9)
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #2)
Description: Cleaning up unused code
|
| |
|
|
|
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot (Comment #7)
Changes: If PR_Recv in sasl_recv_connection gets EAGAIN (== errno 11),
check whether it should be retried as being done for "a temporary
non-blocking I/O error".
|
| |
|
|
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot
Description: As mentioned in the comment just above of the code: "we now must
read more data off the wire until we have the complete packet", we read more.
|
| |
|
|
| |
Summary: Remove obsolete makefiles
|
| |
|
|
|
|
|
|
|
| |
Bug Description: small memory leaks in task code
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: There were a few places that were using slapi_get_first/next_backend without freeing the iterator cookie.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Change format of DBVERSION and guardian files (comment #10)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration: Migrate from 1.0.x to 1.1
Reviewed by: nhosoi (Thanks!)
Fix Description: The basic strategy is
1) shutdown the old servers - databases should be quiescent
2) run the migration script - this will copy all of the files (under /opt/fedora-ds/slapd-* by default) to their new FHS style locations, and fix up any entries and attributes that are obsolete or have changed (e.g. values that refer to paths)
3) service fedora-ds start
The migration script does not need to do anything to the database files - the new database code added by Noriko will handle the database upgrade automagically, but I'm leaving the database upgrade code in the script, commented out, in case we need it in the future.
This also fixes an annoying problem with automake - it would build ds_newinst.pl from ds_newinst.pl.in in the source ldap/admin/src directory, and use that version. This is really a problem with multi platform builds, where you want to share the ldapserver source code among multiple platforms. With the fix, built/ldap/admin/src/ds_newinst.pl is generated from srcdir/ldap/admin/src/ds_newinst.pl.in, and srcdir/ldap/admin/src/ds_newinst.pl is not written.
Platforms tested: FC6
Flag Day: no
Doc impact: Yes - we need to document migration
|
| |
|
|
|
|
|
|
| |
Summary: Change format of DBVERSION and guardian files (Comment #6)
1) introduced new strings for DBVERSION
2) added the logic to compare the new DBVERSION strings
note: we don't store the current db version string in the replication
code any more. Instead, we get it from Berkeley DB header file db.h.
|
| |
|
|
|
|
|
|
| |
Summary: Change format of DBVERSION and guardian files (Comment #4)
1) introduced new strings for DBVERSION
2) added the logic to compare the new DBVERSION strings
note: we don't store the current db version string in the backend source
code any more. Instead, we get it from Berkeley DB header file db.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: PAM passthru ENTRY method not working
Reviewed by: prowley (Thanks!)
Fix Description: There are several problems.
1) For the ENTRY method to perform the internal search to get the entry for the bind DN, it must have a component ID (aka plugin identity). The code was already there to get/set it, but it was never initialized in the init function.
2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will erase the knowledge that the Slapi_DN was allocated with malloc and it will not free it in slapi_sdn_free().
3) People may assume they can specify a subtree (e.g. ou=people,dc=example,dc=com) instead of a suffix for the list of included/excluded suffixes. The error message will not print a list of valid suffixes for the admin to use.
4) slapi_be_exist was failing because the database does not notify the mapping tree code that the backend is started during startup. This works fine under normal conditions because most all of the code in mapping_tree.c will lookup the backend if the mtn_be pointer in the mapping tree node is NULL. However, slapi_be_exist and slapi_be_select do not do this. The proper solution is to call slapi_mtn_be_started() at database startup time. This is the same thing that happens when a backend is added at runtime.
Platforms tested: FC6
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Modification of directory entries with VLV-indexed null-value attributes results in server crash
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
Fix Description: The value lowest_value is defined outside the loop that loops through all the attributes in the vlv sort specification (e.g. usually something like cn givenname o ou sn if defined by the console browsing index). lowest_value is not reset for each loop iteration. So if it goes through the loop one time for e.g. givenname, and givenname has values, lowest_value will point to the lowest value of givenname until the key is created, then it is freed. So the next loop iteration uses o, and if for example o does not have any values, lowest_value will point to the already freed memory used by the givenname iteration, which is now garbage (e.g. the lowest_value->bv_len may be very large, which is the probably cause of the malloc out of memory errors seen by the customer). The solution is to reset lowest_value to NULL before each loop iteration (I did this by moving the declaration and initialization of lowest_value inside the loop scope) and testing for lowest_value == NULL before trying to use it.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Summary: CRM #1160370 RHDS does not reset passwordRetryCount to 0 upon a successful BIND
Change: If password lockout is on, need_new_pw from the successful bind tries
to set passwordRetryCount to 0 in smods, but if passwordExpirationTime is not
set and password never expires, the smods is not applied and discarded. Added
pw_apply_mods if password lockout is on.
|
| |
|
|
|
| |
Summary: A system index of eq for nsds5ReplConflict does not help
Change: added a presence index for nsds5ReplConflict
|
| |
|
|
|
| |
Summary: Add LDAPI (LDAP over unix domain sockets) (Comment #5)
Change: Fixed a copy & paste error...
|
| |
|
|
|
| |
Summary: LDAPI: referral mode needs LDAPI socket? (Comment #3)
Change: LDAPI is disabled in the initial configuration parameter setting.
|
| |
|
|
| |
Summary: Corrected out of date licensing/copyright block in a few files.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Allow building with bdb 4.4 or later
Reviewed by: nkinder (Thanks!)
Fix Description: db.m4 already had code to detect and use the correct version of db headers and libraries. There have been some minor api changes since 4.3, so not much code changes were required. Note that this merely allows the server to build and run with db4.4 or later, not to take advantage of the newer features of the API.
Platforms tested: FC7
Flag Day: no
Doc impact: no
|
