| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
Summary: LDAPI: support auto-bind
Description: String representation of socktype was not set correctly when
the socktype was PR_AF_LOCAL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: LDAPI: support auto-bind
Description:
1) Debugged the basic code of slapd_get_socket_peer, which is used for Solaris9
and HP-UX. The recvmsg call returns an error immediately if no data is waiting
to be received since the socket is set PR_SockOpt_Nonblocking (O_NONBLOCK). To
make slapd_get_socket_peer more robust, we have to retry recvmsg if it returns
EAGAIN. But set a retry count not to hang there.
2) Introduced c_local_valid in the Connection handle to tell the autobind
code that the uid/gid pair is valid or not.
3) Stops the automagic/unconditional auto-bind (the code used to be in
daemon.c).
4) Auto-bind is effective only when the client passes the SASL/EXTERNAL request.
|
| |
|
|
|
|
| |
Summary: LDAPI: cleaning up template-ldapi-default.ldif.in and DSCreate.pm.in
Description: Separated auto-bind attributes from the ldapi attributes. Fixed
to store auto-bind attributes in dsel.dif only when auto-bind is enabled.
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: LDAPI: referral mode needs LDAPI socket
Problem Description: If you start the server with the referral mode, e.g.,
like this:
ns-slapd refer -D /etc/dirsrv/slapd-test -r ldap://laputa.example.com
UNIX socket for LDAPI was not opened since LDAPI configuration parameters are
not read from dse.ldif at that moment.
Fix Description: adding the code to process nsslapd-ldapifilepath and
nsslapd-ldapilisten in slapd_bootstrap_config.
|
| |
|
|
|
|
|
| |
Summary: Allow larger regex buffer to enable long substring filters
Description: Applying the patches provided by ulf.weltman@hp.com.
regex.c: use dynamically allocated regex buffer, use ptrdiff_t to store the offsets to be restored after the realloc, and use a constant for the value of "how much the NFA buffer can grow in one iteration on the pattern".
string.c: use dynamically allocated buffer if the prepared buffer is not large enough, used wrong pointer (pat instead of p) in a debug message, and performed an unneeded strcat of ".*"
|
| |
|
|
| |
Summary: Check for indirect memberships when removing memberOf attributes.
|
| |
|
|
|
|
|
|
| |
Summary: memory leaks in extensible filter code
Description: applying the patch provided by Ulf Weltman
1) type is not consumed in attrlist_merge
2) although dnattrs is a linked list, only the first item was released.
Test case filter: "(ou:dn:=groups)"
|
| |
|
|
| |
Summary: Fixed memory leaks in memberOf plug-in.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: simple password auth fails using NSS 3.11.99 or later
Reviewed by: nkinder (Thanks!)
Fix Description: The new softokn in NSS 3.11.99 and later requires that
the server calls NSS_Init() after forking, but before detaching from the
controlling terminal. In fact, this was always a requirement, but the
softokn in older NSS allow it. However, it's possible that some
hardware crypto devices do not allow this and may not work with older
directory servers. The fix is to move the nss/ssl initialization so
that it can be called at the right point, or from other points in cases
where the server does not fork (e.g. db2ldif).
Platforms tested: Fedora 9 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Fixed valrgind errors about use of unitialized values.
|
| |
|
|
| |
Summary: Enhanced SLAPI task API and ported existing tasks to use new API.
|
| |
|
|
| |
Resolves: 439450
|
| |
|
|
| |
Summary: Handle delete modify of all present member values. When doing a delete modify, we should treat it the same as a replace when no deletion values are specified.
|
| |
|
|
| |
Summary: Handle updates of memberOf attributes for indirect members when a group is renamed.
|
| |
|
|
| |
Summary: LDAPI: move default LDAPI UNIX socket from /var/run/dirsrv/slapd-ID.socket to /var/run/slapd-ID.socket
|
| |
|
|
|
|
|
|
| |
Summary: SASL IO functions set/get: argument mismatch
Fix description: When setting the IO functions in sasl_io_setup, use the local
memory to pass the IO functions. Plus, allocate the memory for backing up the
existing IO functions (real_iofns in the code), which is set in sasl_io_setup
and the area is released after setting it back in sasl_io_cleanup.
|
| |
|
|
| |
Summary: Allow fractional replication between masters.
|
| |
|
|
| |
640:9c57bd91b32f if ipa-memberof.c).
|
| |
|
|
| |
Summary: Fixed crash in replication during bulk import. Use bulk impport code more consistently.
|
| |
|
|
| |
Summary: Allow import fifo to clear out all finished entries.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migrate-ds-admin.pl spins at 100% cpu
Reviewed by: nkinder (Thanks!)
Fix Description: It was spinning because inst_dir was not being set, so it kept trying to find the parent directory of a non-existent directory. In migration, the old instance has no instance dir - we will fill that in during instance creation, so just skip it if not set. I also found and fixed another bug in migration with the usage of file_name_is_absolute - have to use the full module name and function name.
Platforms tested: RHEL4 32bit and 64bit
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Instance creation through console is broken
Reviewed by: nhosoi (Thanks!)
Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started.
Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified.
Another problem was that instance creation was leaving temp ldif files around.
I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file change in adminserver
Doc impact: no
|
| |
|
|
|
| |
Description: migrate-ds-admin.pl script - not working
Fix Description: Was getting this output - GLOB(0x9d908d8)inst_dir = - forgot a comma
|
| |
|
|
|
| |
Description: migrate-ds-admin.pl script - not working
Fix Description: Broken while fixing bug 400421 - Need to use $mig->{inf} instead of $inf
|
| |
|
|
|
| |
Descriptionn: fedora-ds-base build problem
Fix Description: Correct usage of va_list and vfprintf
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: unable to restart configDS via console
Reviewed by: nhosoi (Thanks!)
Fix Description: We were using the old format for the ldapStart directive, which assumed everything was under a serverroot, so it just stored the relative path. We need the absolute path. During regular setup, we can get this from the directory server instance. During migration, we need to update the ldapStart directive to use the absolute path, so we need to get that information from the directory server code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Summary: command line scripts fine tuning (Comment #2)
Description: removed words "6.x" and "iWS" from the output messages.
|
| |
|
|
|
| |
Summary: command line scripts fine tuning (Comment #1)
Description: dded "-T vlvAttributeName: ..." to the usage
|
| |
|
|
|
|
|
| |
Summary: Multiple restores from a non-existant directory could wipe out database
Description: The given archive path was not normalized. Due to the trailing
slash '/', comparing with the db dir failed and wiped out the db dirs.
Applying the path normalization to the archive path.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: db2bak: crash bug (comment #8, 11)
Description:
Set the strong requirement: nsslapd-directory must have some value.
to guarantee it:
1) checking errors from ldbm_config_directory_set. If the check fails, don't
start the server.
2) if nsslapd-directory does not exist or the value is empty in dse.ldif,
issuing an error message and returning the error code.
3) since it was difficult to distinguish the nsslapd-directory empty value from
the initial default value, introduced CONFIG_FLAG_SKIP_DEFAULT_SETTING flag to
tell the backend config code to skip setting the default value
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: LongDuration: Error log Rotation test suite causes slapd hang
Problem description: LDAPDebug eventually calls slapd_log_error_proc_internal,
which obtains the lock. If any functions called in the lock tries to log into
the errors log, it tries to get the same lock and it hangs there since the
underlying PR_Lock is not reentrant.
Fix description: log__enough_freespace and log__delete_error_logfile could be
called indirectly from slapd_log_error_proc_internal. Instead of LDAPDebug,
changed these functions to call log__error_emergency when necessary.
|
| |
|
|
|
|
|
|
|
|
| |
Summary: clean up template-scriptname which is derived from template-scriptname.in (comment #3,4)
Description: removing obsolete scripts:
ds_viewlog.pl scripts/template-dsml-activate.pl
scripts/template-migrateInstance5 scripts/template-migrateTo6
scripts/template-migrate50to51
scripts/template-migrateInstance6 scripts/template-migrate5to6
scripts/template-migrateTo5
|
| |
|
|
|
|
| |
Summary: db2bak fails if the archive path exists and ends with '/' (Comment #8)
Description: Changed the condition to normalize the path: if '.' or '/' is
included in the path, normalize it.
|
| |
|
|
|
|
| |
Summary: Hide nsslapd-db-transaction
Description: don't show the configuration parameter nsslapd-db-transaction in
dse.ldif.
|
| |
|
|
| |
Summary: verify-db.pl : can't find dbverify
|
| |
|
|
|
|
| |
Summary: clu test failures (Comment #7)
Description: 1) Removing obsolete PATH info from Usage
2) Replacing "idl" with "ID list" following the suggestion from Doc.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: '.' (dot) in the server ID
Reviewed by: nkinder (Thanks!)
Fix Description: Remove . and , from the characters allowed in the server ID. Also use the more descriptive error message.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: MMR breaks from master that has been reinited
Reviewed by: nkinder (Thanks!)
Fix Description: This problem occurs when you have two or more masters, and you have updates that have originated at a master that have been sent to other masters (so that the other masters have a valid min/max csn for that replica in the ruv). If that master needs to be reinitialized for some reason (crash, etc.) the reinit will erase the changelog. The RUV for that master will now contain CSNs that are not in the changelog. If that master attempts to update another master, it will first look at the RUV from the consumer, which will contain the old CSNs, and it will look for those CSNs in the changelog, fail, and abort the update process, meaning this master can no longer send updates to other servers.
The solution is for the master to just use the min CSN in its own RUV as the new starting point, if it has not been purged. In the case of purging, if the CSN is not found, this means the consumer is too far behind and must be reinitialized.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
| |
Summary: listenhost: hostname associated with multiple addresses
1) parentheses were needed around *addr, which should have been evaluated
before the array.
2) fixed a small memory leak.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: PTA config parsing broken
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem is that it is very difficult to use a comma as a delimiter between the url and the optional settings. This is because the suffix may contain many commas. The argument string may look like this:
ldap://host1:port1 host2:port2 .... hostN:portN/a,long,suffix1:a,long,suffix2;....;a,long,suffixN optional,numeric,settings
The ldap url may not contain any spaces after the hostlist - the suffixlist part must contain only url encoded spaces if the suffix actually has a space in it. So the solution is to use a space to separate the url from the options list. The parser looks for the first space after the last "/" in the url. This should be ok - at least it will not break the most common use of pta, which is to allow the config DS admin user to log into servers that do not have the o=NetscapeRoot. setup will use something like this:
ldap://configdshost:configdsport/o=NetscapeRoot
with not optional settings - this should parse just fine with the new code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Have to assign the values directly to the array ref - not to a temp array ref
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: dbgen.pl uses incorrect perl interpreter on hpux
Reviewed by: nhosoi (Thanks!)
Fix Description: Set @perlexec@ to the correct platform specific perl location.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration : encryption key entries missing when source is 6.21
Reviewed by: nhosoi (Thanks!)
Fix Description: I found out why it wasn't always adding the attribute encryption entries. If the cn=monitor entry existed for the database, it would not add the other container entries. I don't know why it did that. I changed it to always add those entries, and just skip the ones that already exist. This should ensure that the attribute encryption entries always exist.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Summary: verify-db.pl : can't find dbverify (comment #5)
Fix: added the inst_dir to PATH to tell verify-db.pl where dbverify is located.
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: "nested" filtered roles result in deadlock
Description: Function slapi_vattr_values_get_sp used to use the context
allocated on the stack. Changed it to call vattr_context_new to set the
locally created pblock (local_pb). The pblock is used to pass the context
loop info as the stack gets deeper to prevent the stack overflow. At the
end of this function slapi_vattr_values_get_sp, slapi_pblock_destroy is
called if the context is local (use_local_ctx). The function cleans up
pb_vattr_context internally.
|
| |
|
|
|
| |
Description: Need to support mail server schema
Fix Description: There are customers who are using the mail schema, so we need to keep it in the product.
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Fix the error message
|
| |
|
|
|
| |
Description: migration : ignore idl switch value in 6.21 and earlier
Fix Description: Fix the error message
|
| |
|
|
|
|
|
| |
Summary: rhds71sp1 rhel3u6 - ns-slapd process dies with segmentation fault
Description: ldap_utf8prev, LDAP_UTF8PREV, and LDAP_UTF8DEC were sometimes
used without checking the returned pointer going back beyond the beginning
of the string.
|
