| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Summary: Remove hard-coded SASL mappings and use config based regex mappings instead.
|
| |
|
|
| |
Summary: Fixed leak of Slapi_Value in index code.
|
| |
|
|
| |
Summary: Fixed PTA config parsing to use a comma delimiter instread of a space.
|
| |
|
|
| |
Summary: Fractional replication log statement needed a newline.
|
| |
|
|
| |
Summary: Presence filter using attribute subtype returns incorrect search results.
|
| |
|
|
| |
Summary: Don't replay AD originated password changes back to AD.
|
| | |
|
| |
|
|
| |
Summary: Make sync total update deal with an empty changelog.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: reliab15: slapd hangs on goblin5
Reviewed by: nhosoi (Thanks!)
Fix Description: We are calling the mtn_lock() twice in the same thread. The proposed fix is to move the mtn_lock() so this doesn't happen.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Summary: reset db statistics between restarts
Description: cleaning up the db stats when the server is shutdown
|
| |
|
|
|
|
| |
Summary: server crashes in schema replication
Description: resetting the global linked list head when the first objectclass
is removed from the list.
|
| |
|
|
| |
Summary: Make dbscan handle special RUV related changelog entries.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nkinder (Thanks!)
Fix Description: 7.1 and earlier chaining and replication credentials were stored incorrectly on little endian machines (x86 and itanium). They were "accidentally" stored correctly on big endian machines (sparc, pa-risc) because val == ntohl(val) on those platforms. When migrating from a little endian machine, we need to decode the password using the broken algorithm and re-encode it using the good method. We determine if the password is encode incorrectly by the following method: we use migratecred to decode and encode using the old path. If the values are equal, this means the password was already encoded correctly and we don't need to fix it. Otherwise, we set the flag that tells migratecred to fix it. In order to decode the broken password correctly on big endian machines, we have to swap the byte order to convert the values to little endian.
Platforms tested: RHEL5 x86_64, RHEL5 i386, Solaris 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: ldapsearch hung at browsing index creation (comment #4)
Fix Description:
1. instead of covering all the reindexing look, set vlv lock just around
vlv_update_index, where vlv update is executed.
2. actually, lock is not meant to use for excluding the operation against vlv
reconfiguration. This ldbm_back_ldbm2index function first calls
instance_set_busy_and_readonly and protects the backend from the operation done
by other threads. vlv delete was just ignoring the busy/readonly setting.
Thus, changed the vlv code to respect the setting. Found the backend is busy,
deleting a vlv index fails and returns.
3. cleaned up the instance_set_busy_and_readonly function not to leak memory.
4. fixed minor memory leak.
|
| |
|
|
| |
Summary: Handle initials and streetAddress attributes when doing a sync total update.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: We still need to be able to decrypt passwords using the broken method. I guess it works on Solaris and HP because the values are already in network byte order. But when the values were encrypted on x86, they were encrypted the wrong way. It is safe to use MIGRATE_BROKEN_PWD on Solaris and HP because it is essentially a no-op. But this allows us to decrypt x86 passwords and store them correctly.
Platforms tested: RHEL4 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
| |
Summary: Online browsing indexing hangs
Description:
1. adding more shutdown checks in the indexing code to achieve the swift
shutdown even in the long running browsing indexing.
2. in the error case, cleaning up the index file.
3. found minor memory leaks.
|
| |
|
|
|
|
|
|
|
|
| |
Summary: CRM 1474928 : ds7.1 db index/vlv not handling a stop-slapd, hangs slapd
Description:
1. moved active thread count from ns-slapd to libslapd for the task threads to
use.
2. provided APIs to increment/decrement/get the active thread count
3. let task threads increment the active thread count when it's spawned and
decrement it when it quits.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 - search filters returns too many entries on interger attributes value greater than 231
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem is that the current code uses atol() to convert the string value to an integer. long is 4 bytes or 8 bytes depending on the underlying platform. These binary values are stored in the index as 4 or 8 byte values. Finally, the behavior of atol() is different on the platform in overflow cases. Instead of dealing with binary values, we must store the values in string format, and perform string comparison, string normalization, and string key generation on INTEGER syntax values. I added another syntax type to the list in syntax.h. The code in string.c and value.c was mostly usable. I had to add some code in value_normalize to handle cases like " -00000001" -> "-1" to make it work like atol(), and I had to add some code to value_cmp to handle the sign (e.g. positive is always greater than negative, no other comparison is necessary) and magnitude (longer number is larger/smaller than shorter number, depending on sign). Otherwise, strcmp() does the right thing (e.g. "50" > "49", the same as int(50) > int(49)). One problem I ran into was that the value_normalize code takes just a char *, rather than a berval* or a char * + size_t length. To be efficient, this function should return the new length of the normalized string. Fortunately, none of the existing code cares about the length, but I needed the length for magnitude comparison, so I just used strlen for those cases. Which should be fine. value_normalize always produces a correctly null terminated string. I rewrote the value_cmp code to use a simple if rather than the switch statement. This makes it much clearer - if syntax is case insensitive, use slapi_utf8casecmp - if case sensitive, use strcmp - otherwise, error.
I also found a problem with the ldif2db code, which I uncovered because I added my integer indexes online and did an online import. The db2index code will correctly clear the INDEX_OFFLINE bit after the index is completed, but the ldif2db code will not.
Platforms tested: RHEL5 x86_64
Flag Day: Yes, if you are upgrading and you have integer valued indexes, you will have to remove them and recreate them.
Doc impact: We will have to document this in the release notes.
|
| |
|
|
| |
Summary: Don't try to dlopen ldap SSL libs in ldclt.
|
| |
|
|
| |
Summary: Allow server to start if descriptor related attributes are set too high.
|
| |
|
|
| |
Summary: Performance cleanup of sync code. Improve tombstone search performance.
|
| |
|
|
| |
Summary: Handle syncing add opererations that have a ntuniqueid present.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: MMR: Directory updates on same object
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem does appear to be concurrency. I think the original intention of
the urp fixup code was that it should only be run inside the database lock, so
that the database could be restored to a consistent state before the next
operation was processed. However, this requires the database code to know when
the database is already locked, so that if e.g. a modrdn operation needs to
call an internal delete, the database should not be locked again. The flag
OP_FLAG_REPL_FIXUP is used to denote both that the operation is such an
internal operation, and that the database should not be locked again.
There are a couple of cases where these operations can be called from outside
of the database lock:
urp_fixup_rename_entry is called from multimaster_postop_modrdn and
multimaster_postop_delete, both of which are front end post op plugins, not
called from within the database lock. Same with urp_fixup_delete_entry and
urp_fixup_modify_entry. In other cases, such as urp_fixup_add_entry, and other
places where urp_fixup_rename_entry and urp_fixup_modify_entry are called, they
are called from a bepostop plugin function, which is called after the original
database operation has been processed, within the database lock. So the
solution appears to be to move the urp_* functions to the bepostop plugin
functions. One of these functions does an internal search -
urp_get_min_naming_conflict_entry - but it does not appear that search locks
the database, so there was nothing to be done to make it "reentrant".
Without this patch, I can crash the server in a matter of minutes (x86_64
rhel5) using the latest Fedora DS 1.1 code. With the patch, the server runs
for several hours (maybe longer, I had to stop the test).
Also, to really exercise the urp code, I added a rename operation between the
add and delete e.g.
add("ou=test");
rename("ou=test", "ou=test2");
delete("ou=test2");
The server still runs for several hours with no problems.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: crash at startup with new ldap sdk on 64-bit platform
Reviewed by: nkinder (Thanks!)
Fix Description: Use LBER_SOCKET as the socket type instead of int. There was also a place in ldclt where we were doing the same thing.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Summary: verify-db.pl (db_verify) does not work on a little endian machine
(comment #1-#4)
Description: 1) introducing dbverify mode to ns-slapd.
2) providing new script dbverify to call "ns-slapd dbverify"
3) fixing verify-db.pl to call dbverify instead of db_verify from BDB
|
| |
|
|
| |
Summary: Corrected search scope used to find entries to sync in winsync total update protocol.
|
| |
|
|
| |
Summary: Handle syncing multi-valued street attribute to AD.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: This was a big endian vs. little endian issue. We only use name based UUID generation with the reversible password code. This code was not doing the ntoh with the numeric values generated. I'm sure there is probably a compiler warning about this on some platform.
Platforms tested: RHEL5 x86_64, Solaris 9 64-bit
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Check if passwords are already hashed before sync'ing with AD.
|
| |
|
|
|
|
|
|
|
| |
Bug Description: enabling chain-on-update causes replica to act as a master
Reviewed by: nkinder (Thanks!)
Fix Description: This fix is only minor - we must use sym_load() to look up plugins, including the entry distribution plugin we use for chain on update. But I don't believe this was causing the problem. Chain on update does not work if you BIND as directory manager. You must bind as a regular user. It may be difficult to change this. We need to do more testing to see if, in general, proxy BIND and operations work with directory manager. The chaining backend cannot use directory manager as the proxy user.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes, we need to make sure we document exactly how chain on update is to be used.
|
| |
|
|
| |
Summary: Trim initials attribute value when sync'ing to AD.
|
| |
|
|
|
|
| |
Summary: cyclic dependency from getpwnam() in log rotation code
Description: Moved getpwnam call to the startup time, store the info in
slapdFrontendConfig to reuse.
|
| |
|
|
|
|
|
|
| |
Bug Description: Does not build on Fedora 8
Fix Description: If using the O_CREAT flag with open(), the file mode must also be given. Also, the bdb calls to use ->open() must use parentheses around the function pointer access e.g. (DB->open)(args...) instead of just DB->open(args).
Platforms tested: RHEL4, Fedora 8
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Change filesystem path naming from "fedora-ds" to "dirsrv"
Reviewed by: nkinder (Thanks!)
Fix Description: Mostly just changing the package name in configure.ac, and making sure we consistently use that in path naming (e.g. /etc/@PACKAGE_NAME@ or /etc/@PACKAGE_NAME_BASE@ for adminserver).
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: Oh yes.
QA impact: Any existing tests that depend on /path/brand-ds will need to change to use dirsrv. It is highly encouraged to use a macro or variable for the package name in any scripts to minimize the impact of future package name changes.
|
| |
|
|
| |
Summary: Changed ldap-agent to find location of stats file dynamically.
|
| |
|
|
| |
Windows.
|
| |
|
|
| |
Summary: not all the addresses associated with listenhost are bound to listen sockets (comment #10)
|
| |
|
|
|
| |
Summary: rsearch - make search timeout a configurable parameter
Description: Introduced a new option "-o <search time limit>"
|
| |
|
|
|
|
|
|
|
| |
Bug Description: cn equality index missing by default
Reviewed by: nhosoi (Thanks!)
Fix Description: When creating the database instance during dse.ldif processing, we do not create the user defined indexes from the defaults for this backend. This used to work in the old setup code because that code would always add the configuration for the indexes for the new instance. The way it is supposed to work is that a new instance should just copy the default indexes for that backend. This works fine when adding an instance via LDAP but not during startup. I just added a call to have this done during startup. I also removed some obsolete indexes from the default indexes.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| | |
|
| |
|
|
|
|
| |
Description: CLU: dbgen.pl fails to load data files
Reviewed by: nhosoi (Thanks!)
Fix Description: dbgen.pl is hardcoded to look for data files in ../data. Instead, we should allow the user to provide the location to the data files e.g. -l /path/to/data, and we should also use share/brand-ds/data as the default directory.
|
| |
|
|
|
|
|
| |
Summary: rhds71 Invalid LDIF Syntax crashes directory server (comment #18)
Description: The problem was if an RDN ends with '\\', strcpy_special_undo
did not check if there is no more character, and incremented the pointer
beyond the end and accessed the address.
|
| |
|
|
|
|
| |
Summary: Reimplement ds_remove without setuputil code (comment #6)
Description: adding nsslapd-instancedir to dse.ldif for ds_remove to find out
the instance dir path.
|
| |
|
|
|
| |
Summary: feature request for ldclt: add randomauthid for testing
Description: Adding randomauthid options: -e "randomauthid" -e "randomauthidlow=<low>" -e "randomauthidhigh=<high>"
|
| |
|
|
|
|
| |
Summary: Add config attributes to cn=config to support Console (comment #1)
Description: Console needs to know the default paths for ldif_dir and bak_dir.
Adding the paths to cn=config.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
| |
|
|
|
|
|
|
| |
Summary: Use mozldap6 ldif_parse_line API
Changes:
1) Removed ldif.h from the DS tree.
2) Eliminated the 5-th arg of ldif_parse_line (errmsg) and the errmsg related
code.
|
| |
|
|
| |
Summary: Added SASL support to ldclt as well as some thread-safety fixes for ns-slapd when using SASL.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: bitwise matching plugin
Fix Description: Samba requires backend LDAP servers to support bitwise operations. This is to support search filters like this:
(|(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))
Note: This patch works for Samba's tests, but hasn't been more broadly or specifically tested.
This commit also adds an --enable-bitwise option to configure (enabled by default - use --disable-bitwise to disable it) and adds the plugin entry to the configuration during new instance creation.
Platforms tested: FC5/FC6
|
