| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #54)
Description:
1) eliminated the code adding o=netscaperoot related entries from cfg_sspt.c.
2) moving DS task CGIs to the adminserver.
|
| | |
|
| |
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: 1) Need to have $SILENT be greater than $CUSTOM so that dialog hiding works properly.
2) Need to have the ability to hide or show individual prompts in a dialog e.g. if using TLS/SSL, need to ask for the CA certificate filename, otherwise, not.
3) Need the ability to call a function to get the default yes or no answer for DialogYesNo
4) DialogYesNo should match answer case insensitively
|
| |
|
|
|
|
|
|
| |
Summary: Use mozldap6 ldif_parse_line API
Changes:
1) Removed ldif.h from the DS tree.
2) Eliminated the 5-th arg of ldif_parse_line (errmsg) and the errmsg related
code.
|
| |
|
|
| |
Summary: Added SASL support to ldclt as well as some thread-safety fixes for ns-slapd when using SASL.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: The Resource class needs to support more than 1 resource file e.g. for ds-base and ds-admin.
The property dir should be under $datadir. Property files are data files, not really config files.
Added a shared_lib_suffix token
Fixed some wording errors in the resource file.
Platforms tested: RHEL4
Flag Day: no
Doc impact: No new doc impact from previous commits for this bug.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server
Fix Description: This adds the setup related perl modules, scripts, and resource files to the DS base code. This will allow a user to interactively setup (create an instance of) a directory server. This will also form the base of the work to add the console and admin server related setup code.
New files/directories:
$libdir/fedora-ds/perl - this is where the perl modules (Setup.pm, etc.) will be installed.
$bindir/setup-ds.pl - the script to use to interactively create an instance of directory server. This has use lib '$libdir/fedora-ds/perl' hard coded into it at build time, in order to find the "private" setup perl modules. If you invoke this script in silent mode (setup-ds.pl -s) then it is exactly the same as just using ds_newinst.pl.
$sysconfdir/fedora-ds/property/setup-ds.res - Resources for setup-ds.pl and the associated modules.
I also fixed a problem with the libns-dshttpd linkage.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. All of these new items will need to be documented.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: allow instance creation with no .inf file; allow pre-hashed RootDNPwd
Reviewed by: nhosoi (Thanks!)
Fix Description: You can now use ds_newinst.pl without (or with) a .inf file like this:
ds_newinst.pl General.SuiteSpotUserID=nobody slapd.ServerPort=3890 ....
The parameters can be supplied via the command line. The format of the parameter is section.param=value. Normal shell quoting rules apply, so you still have to do something like this:
ds_newinst.pl "slapd.Suffix=dc=example, dc=com"
for embedded spaces and the like. If you supply a filename (or '-'), it must be the first argument after ds_newinst.pl. If you then supply additional arguments after the filename, these will override the settings in the given inf file. So, for example, you could reuse the same .inf file, except provide a different hostname:
ds_newinst.pl basefile.inf General.FullMachineName=bar.example.com
This allows you to use the same base .inf file for several machines, and only change certain parameters on a per-machine basis.
ds_newinst.pl will now fill in some default values - it will use Net::Domain::hostfqdn for FullMachineName, and your login ID for SuiteSpotUserID (however, not if running ds_newinst.pl as root), and will construct the Suffix and ServerIdentifier based on the FullMachineName. RootDN will default to cn=Directory Manager. ServerRoot is no longer required.
Another enhancement is the ability to provide a pre-hashed password for the RootDNPwd parameter, to avoid having to pass around the clear text directory manager password. However, some caveats apply. If the password begins with one of the well known hash algorithms (e.g. {SHA, {SSHA, etc.), ds_newinst will assume it is already hashed. This may cause problems if users expect to be able to provide a clear text password such as {SSHA}text, but I seriously doubt anyone does that (famous last words . . .). Another problem is that the code as it currently stands uses the clear text password to bind to the server after starting the server to add some additional entries and ACIs. This cannot be done if a pre-hashed password is provided (but we're working on a solution to that problem too).
write_ldap_info() is no longer needed.
Finally, a couple of minor bug fixes.
Platforms tested: RHEL4
Flag Day: no
Doc impact: Yes. There will be some documentation changes required.
|
| |
|
|
|
|
| |
Description: Allow mimimum schema in ds_newinst.pl
Fix Description: Fixed by abartlet. Add a new configuration param to create_instance - install_full_schema. By default this is 1, meaning the traditional behavior of installing all of the schema. If set to 0, this will only install the 00core.ldif schema file. This also required enhancements to ds_newinst.pl as well as a bug fix to allow passing in a 0 value.
Reviewed by: nhosoi, rmeggins
|
| |
|
|
|
| |
Description: Add replication schema to core DS schema
Fix Description: We need to move some of the schema from 01common to 00core in order to allow the directory server to use replication with minimal schema.
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: bitwise matching plugin
Fix Description: Samba requires backend LDAP servers to support bitwise operations. This is to support search filters like this:
(|(|(&(!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))
Note: This patch works for Samba's tests, but hasn't been more broadly or specifically tested.
This commit also adds an --enable-bitwise option to configure (enabled by default - use --disable-bitwise to disable it) and adds the plugin entry to the configuration during new instance creation.
Platforms tested: FC5/FC6
|
| |
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot (Comment #9)
|
| |
|
|
|
|
|
| |
Summary: Change the name and location of template-cl-dump.pl and template-repl-monitor.pl
Description: 1) Removed "template-" from the script name
2) added shell script wrappers cl-dump and repl-monitor
3) moved them to bindir
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #5)
Description: DSMLGW and ORGCHART are moved out; removing from ldapserver
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #5)
Description: DSMLGW and ORGCHART are moved out; removing from ldapserver
|
| |
|
|
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #4,#6)
Description:
.DSGW is already a separated module "dsgw"; Removing from ldapserver.
.Removing the independency from lib/libsi18n/gsslapd.h
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #2)
Description: Cleaning up unused code
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #2)
Description: Cleaning up unused code
|
| |
|
|
|
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot (Comment #7)
Changes: If PR_Recv in sasl_recv_connection gets EAGAIN (== errno 11),
check whether it should be retried as being done for "a temporary
non-blocking I/O error".
|
| |
|
|
| |
Summary: Modified the with-fhs and with-fhs-opt configure options
|
| |
|
|
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot
Description: As mentioned in the comment just above of the code: "we now must
read more data off the wire until we have the complete packet", we read more.
|
| |
|
|
| |
Summary: Added a configure option for FHS optional software layout style.
|
| |
|
|
| |
Summary: Remove obsolete makefiles
|
| |
|
|
| |
Summary: Remove obsolete makefiles
|
| |
|
|
|
|
|
|
|
| |
Bug Description: small memory leaks in task code
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: There were a few places that were using slapi_get_first/next_backend without freeing the iterator cookie.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Set correct default nsslapd-saslpath config setting on non-Linux platforms.
|
| |
|
|
|
| |
Summary: verify-db.pl still assumes the db dir is always in the instance dir (Comment #8)
Description: Introduced "DB-DIR" macro
|
| |
|
|
|
| |
Summary: make db2bak.pl & db2ldif.pl user more user-friendly (Comment #10)
Change: fixed 'db2ldif -s ""' fails with shift unavailable
|
| |
|
|
| |
Summary: Change format of DBVERSION and guardian files (comment #10)
|
| |
|
|
|
|
| |
Summary: make db2bak.pl & db2ldif.pl user more user-friendly (Comment #8)
Fixed problem: the command line fails to generate an output file name
when an empty suffix is passed like this: db2ldif -s ""
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: verify-db.pl still assumes the db dir is always in the instance dir
Changes:
0) eliminated the "current directory" from the utility. Now, it can be run
from any location.
1) updated to take a new option [-a <fullpath_to_db_dir> ] to allow specifying
the db dir/changelog dir; by default the start point is "db_dir"
(nsslapd-directory in cn=config,cn=ldbm database,cn=plugins,cn=config)
2) instead of assuming the db dir structure (e.g.,
db/<backend_instance>/<db_files>), now it checks all the db files found under
the specified path. This allows to run the utility against the backup files,
as well.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: make db2bak.pl & db2ldif.pl user more user-friendly (Comment #4)
Changes:
1) Found db2bak, db2bak.pl, and db2ldif do not backup/export into the dir/file
which do not start with the <server-id> string. It could cause the difficulty
to find out which server instance does the backup/exported file belongs to.
Also, to make them consistent with db2ldif.pl, added the "server id" string to
the back up dir name/exported ldif file name.
2) db2ldif[.pl] takes -M option. With the -M option, the server adds backend
name to the ldif file name. To reduce the redundancy, stopped adding the
backend name if -M is set.
3) made the ldif file name db2ldif generates consistent with the one db2ldif.pl
generates.
|
| |
|
|
| |
Summary: make db2bak.pl & db2ldif.pl user more user-friendly
|
| |
|
|
| |
Summary: template file for db2bak.pl fails due to variable/path mismatches
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration: Migrate from 1.0.x to 1.1
Reviewed by: nhosoi (Thanks!)
Fix Description: The basic strategy is
1) shutdown the old servers - databases should be quiescent
2) run the migration script - this will copy all of the files (under /opt/fedora-ds/slapd-* by default) to their new FHS style locations, and fix up any entries and attributes that are obsolete or have changed (e.g. values that refer to paths)
3) service fedora-ds start
The migration script does not need to do anything to the database files - the new database code added by Noriko will handle the database upgrade automagically, but I'm leaving the database upgrade code in the script, commented out, in case we need it in the future.
This also fixes an annoying problem with automake - it would build ds_newinst.pl from ds_newinst.pl.in in the source ldap/admin/src directory, and use that version. This is really a problem with multi platform builds, where you want to share the ldapserver source code among multiple platforms. With the fix, built/ldap/admin/src/ds_newinst.pl is generated from srcdir/ldap/admin/src/ds_newinst.pl.in, and srcdir/ldap/admin/src/ds_newinst.pl is not written.
Platforms tested: FC6
Flag Day: no
Doc impact: Yes - we need to document migration
|
| |
|
|
|
|
|
|
| |
Summary: Change format of DBVERSION and guardian files (Comment #6)
1) introduced new strings for DBVERSION
2) added the logic to compare the new DBVERSION strings
note: we don't store the current db version string in the replication
code any more. Instead, we get it from Berkeley DB header file db.h.
|
| |
|
|
|
|
|
|
| |
Summary: Change format of DBVERSION and guardian files (Comment #4)
1) introduced new strings for DBVERSION
2) added the logic to compare the new DBVERSION strings
note: we don't store the current db version string in the backend source
code any more. Instead, we get it from Berkeley DB header file db.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: PAM passthru ENTRY method not working
Reviewed by: prowley (Thanks!)
Fix Description: There are several problems.
1) For the ENTRY method to perform the internal search to get the entry for the bind DN, it must have a component ID (aka plugin identity). The code was already there to get/set it, but it was never initialized in the init function.
2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will erase the knowledge that the Slapi_DN was allocated with malloc and it will not free it in slapi_sdn_free().
3) People may assume they can specify a subtree (e.g. ou=people,dc=example,dc=com) instead of a suffix for the list of included/excluded suffixes. The error message will not print a list of valid suffixes for the admin to use.
4) slapi_be_exist was failing because the database does not notify the mapping tree code that the backend is started during startup. This works fine under normal conditions because most all of the code in mapping_tree.c will lookup the backend if the mtn_be pointer in the mapping tree node is NULL. However, slapi_be_exist and slapi_be_select do not do this. The proper solution is to call slapi_mtn_be_started() at database startup time. This is the same thing that happens when a backend is added at runtime.
Platforms tested: FC6
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Modification of directory entries with VLV-indexed null-value attributes results in server crash
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
Fix Description: The value lowest_value is defined outside the loop that loops through all the attributes in the vlv sort specification (e.g. usually something like cn givenname o ou sn if defined by the console browsing index). lowest_value is not reset for each loop iteration. So if it goes through the loop one time for e.g. givenname, and givenname has values, lowest_value will point to the lowest value of givenname until the key is created, then it is freed. So the next loop iteration uses o, and if for example o does not have any values, lowest_value will point to the already freed memory used by the givenname iteration, which is now garbage (e.g. the lowest_value->bv_len may be very large, which is the probably cause of the malloc out of memory errors seen by the customer). The solution is to reset lowest_value to NULL before each loop iteration (I did this by moving the declaration and initialization of lowest_value inside the loop scope) and testing for lowest_value == NULL before trying to use it.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Summary: CRM #1160370 RHDS does not reset passwordRetryCount to 0 upon a successful BIND
Change: If password lockout is on, need_new_pw from the successful bind tries
to set passwordRetryCount to 0 in smods, but if passwordExpirationTime is not
set and password never expires, the smods is not applied and discarded. Added
pw_apply_mods if password lockout is on.
|
| |
|
|
|
| |
Summary: A system index of eq for nsds5ReplConflict does not help
Change: added a presence index for nsds5ReplConflict
|
| |
|
|
|
| |
Summary: Add LDAPI (LDAP over unix domain sockets) (Comment #5)
Change: Fixed a copy & paste error...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Split core schema
Reviewed by: prowley (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Moved all schema not required to start the server from
00core.ldif into a new file called 01common.ldif. Andrew and Satish
already did the work to determine which schema are required to start the
server, which is the schema needed to be in 00core.ldif.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
Summary: LDAPI: referral mode needs LDAPI socket? (Comment #3)
Change: LDAPI is disabled in the initial configuration parameter setting.
|
| |
|
|
|
| |
Summary: LDAPI: referral mode needs LDAPI socket? (Comment #3)
Change: if ldapifilepath is not passed, LDAPI is disabled in the newly created instance.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: allow ds_newinst with ldapi and no serverport
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: Two new fields have been added to the ds_newinst .inf files:
ldapifilepath - the full path and file name of the server ldapi file
start_server - if present and has a value of 0, this tells ds_newinst not to start the server - default is 1
The ds_newinst code has been changed to allow an empty or "0" value servport if an ldapifilepath is given (and ENABLE_LDAPI is defined). Either a valid server port or an ldapifilepath must be provided, or both.
In addition, I changed ds_newinst.pl to accept a .inf file given on stdin.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: We will have to document ldapi support on the wiki.
|
| |
|
|
| |
Summary: Corrected out of date licensing/copyright block in a few files.
|
| | |
|
| | |
|
