| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: logrotation time of -1 causes hang
Change description:
1. slapd_log_audit_proc, slapd_log_error_proc_internal, and log_flush_buffer:
use absolute value of rotationtime_secs to calculate the rotationsyncclock.
2. when the result of "atoi" for nsslapd-XXX-logrotationtime is 0 due to the
invalid setting, logrotation time is reset to -1 (no rotation).
3. if nsslapd-XXX-logrotationtime and nsslapd-XXX-logexpirationtime is large
(near MAXINT) and calculated rotationtime_secs and/or exptime_secs is
overflown, set MAXINT to the sec value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: db2bak fails if the archive path exists and ends with '/'
Fix description:
1. Use path normalize API rel2abspath to remove the trailing '/'s.
2. db2bak renames the archive dir if the directory exists, checks the directory
is the db dir or not. If it is, the command line rename back the existing db
to the original and exits with the error: db2archive: Cannot archive to the db
directory. Then, the original dir is renamed back. If the db2bak runs as a
task (db2bak.pl or console), the server is up and running. Although the
backend is disabled, we don't want to rename the db path even for a short time.
That being said, changed the order to: check if the archive dir is the same as
db dir or not. It exits immediately.
|
| |
|
|
|
|
|
| |
Description: double err=32 result sent when suffix doesn't exist
Reviewed by: nkinder (Thanks!)
Fix Description: The backend does not send back a result if the op is search and the err is NO_SUCH_OBJECT (32). The frontend should handle this case so that it knows to defer sending the result until all of the backend candidates have been scanned. We also need to change send_nobackend_ldap_result() to use slapi_send_ldap_result instead of send_ldap_result so that it has the same semantics as the regular backend code.
Platforms tested: RHEL5 x86_64
|
| |
|
|
|
|
| |
Summary: miscellaneous memory leaks
Description: 1) fixed memory leaks
2) cleaned up normalize_path code with fixing memory leaks
|
| |
|
|
|
| |
Summary: vlv: crash after repeated backend creation/deletion
Description: added a check code for the backend's existing.
|
| |
|
|
| |
Summary: Don't send result twice when searching against a non-existent suffix.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 - search filters returns too many entries on integer attributes value greater than 2 to the power of 31
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: The way >= and <= searches are supposed to work in LDAP is that you are supposed to define an ORDERING matching rule for the attribute you want to use in the search filter. The way our code is written, most strings "just work" as a side effect of the way bdb sorts the keys by default - so you can do (uid>=jvedder) and get what you would expect, even though LDAP says this is illegal because the schema definition of the uid attribute does not have an ORDERING matching rule. And INTEGER worked with the old binary format for the same reason. The only attribute definitions we use with ORDERING are attributes that use Generalized Time syntax (e.g. createTimestamp, et. al.) and numSubordinates (which uses INTEGER, but this is a special case handled internally by the db code).
The way it works now is that the indexing code will honor the ORDERING matching rule specified in the schema definition. Or, if ORDERING is not specified, the user can use the nsMatchingRule index configuration. This will allow an existing customer that depends all integer syntax attributes (e.g. uidNumber) to allow range searches by default to enable range searches without editing the schema. The syntax definition for the attribute must also specify a compare function. This compare function will be used by the bdb bt_compare() function.
I also fixed a bug in the integer normalize code - a string of all zeros should normalize to a single "0". In all other cases, the leading zeros should be removed.
Platforms tested: RHEL5 x86_64
Flag Day: Yes. Integer indexes will need to be rebuilt (except for numsubordinates).
Doc impact: Yes - document slapi API additions
QA impact: Pay close attention to tests that use >= or <= search filters, both with and without index attributes. Also, pay close attention to greater/less than searches using i18n collations.
New Tests integrated into TET: Forthcoming
|
| |
|
|
| |
Summary: Add entries to entrycache after adding operational attributes.
|
| |
|
|
| |
Summary: Added container entries for sasl mappings.
|
| |
|
|
|
|
| |
Summary: server crash after deleting supposedly deleted attribute
Description:
index.c: if there is no attribute to delete, don't call index_addordel_values_svstring.c: changed string_values2keys to handle NULL bvals
|
| |
|
|
| |
Summary: Remove hard-coded SASL mappings and use config based regex mappings instead.
|
| |
|
|
| |
Summary: Fixed leak of Slapi_Value in index code.
|
| |
|
|
| |
Summary: Fixed PTA config parsing to use a comma delimiter instread of a space.
|
| |
|
|
| |
Summary: Fractional replication log statement needed a newline.
|
| |
|
|
| |
Summary: Presence filter using attribute subtype returns incorrect search results.
|
| |
|
|
| |
Summary: Don't replay AD originated password changes back to AD.
|
| | |
|
| |
|
|
| |
Summary: Make sync total update deal with an empty changelog.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: reliab15: slapd hangs on goblin5
Reviewed by: nhosoi (Thanks!)
Fix Description: We are calling the mtn_lock() twice in the same thread. The proposed fix is to move the mtn_lock() so this doesn't happen.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Summary: reset db statistics between restarts
Description: cleaning up the db stats when the server is shutdown
|
| |
|
|
|
|
| |
Summary: server crashes in schema replication
Description: resetting the global linked list head when the first objectclass
is removed from the list.
|
| |
|
|
| |
Summary: Make dbscan handle special RUV related changelog entries.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nkinder (Thanks!)
Fix Description: 7.1 and earlier chaining and replication credentials were stored incorrectly on little endian machines (x86 and itanium). They were "accidentally" stored correctly on big endian machines (sparc, pa-risc) because val == ntohl(val) on those platforms. When migrating from a little endian machine, we need to decode the password using the broken algorithm and re-encode it using the good method. We determine if the password is encode incorrectly by the following method: we use migratecred to decode and encode using the old path. If the values are equal, this means the password was already encoded correctly and we don't need to fix it. Otherwise, we set the flag that tells migratecred to fix it. In order to decode the broken password correctly on big endian machines, we have to swap the byte order to convert the values to little endian.
Platforms tested: RHEL5 x86_64, RHEL5 i386, Solaris 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: ldapsearch hung at browsing index creation (comment #4)
Fix Description:
1. instead of covering all the reindexing look, set vlv lock just around
vlv_update_index, where vlv update is executed.
2. actually, lock is not meant to use for excluding the operation against vlv
reconfiguration. This ldbm_back_ldbm2index function first calls
instance_set_busy_and_readonly and protects the backend from the operation done
by other threads. vlv delete was just ignoring the busy/readonly setting.
Thus, changed the vlv code to respect the setting. Found the backend is busy,
deleting a vlv index fails and returns.
3. cleaned up the instance_set_busy_and_readonly function not to leak memory.
4. fixed minor memory leak.
|
| |
|
|
|
| |
Description: Show-Stopper - Migration path rhel21_ds621_TO_rhel4_32bit
Fix Description: not actually a fix, but with -dd this will print out the entries that were ignored during migration, which should be the presence plugin config entries and possibly others
|
| |
|
|
| |
Summary: Handle initials and streetAddress attributes when doing a sync total update.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: We still need to be able to decrypt passwords using the broken method. I guess it works on Solaris and HP because the values are already in network byte order. But when the values were encrypted on x86, they were encrypted the wrong way. It is safe to use MIGRATE_BROKEN_PWD on Solaris and HP because it is essentially a no-op. But this allows us to decrypt x86 passwords and store them correctly.
Platforms tested: RHEL4 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
| |
Summary: Online browsing indexing hangs
Description:
1. adding more shutdown checks in the indexing code to achieve the swift
shutdown even in the long running browsing indexing.
2. in the error case, cleaning up the index file.
3. found minor memory leaks.
|
| |
|
|
|
|
|
|
|
|
| |
Summary: CRM 1474928 : ds7.1 db index/vlv not handling a stop-slapd, hangs slapd
Description:
1. moved active thread count from ns-slapd to libslapd for the task threads to
use.
2. provided APIs to increment/decrement/get the active thread count
3. let task threads increment the active thread count when it's spawned and
decrement it when it quits.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 - search filters returns too many entries on interger attributes value greater than 231
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem is that the current code uses atol() to convert the string value to an integer. long is 4 bytes or 8 bytes depending on the underlying platform. These binary values are stored in the index as 4 or 8 byte values. Finally, the behavior of atol() is different on the platform in overflow cases. Instead of dealing with binary values, we must store the values in string format, and perform string comparison, string normalization, and string key generation on INTEGER syntax values. I added another syntax type to the list in syntax.h. The code in string.c and value.c was mostly usable. I had to add some code in value_normalize to handle cases like " -00000001" -> "-1" to make it work like atol(), and I had to add some code to value_cmp to handle the sign (e.g. positive is always greater than negative, no other comparison is necessary) and magnitude (longer number is larger/smaller than shorter number, depending on sign). Otherwise, strcmp() does the right thing (e.g. "50" > "49", the same as int(50) > int(49)). One problem I ran into was that the value_normalize code takes just a char *, rather than a berval* or a char * + size_t length. To be efficient, this function should return the new length of the normalized string. Fortunately, none of the existing code cares about the length, but I needed the length for magnitude comparison, so I just used strlen for those cases. Which should be fine. value_normalize always produces a correctly null terminated string. I rewrote the value_cmp code to use a simple if rather than the switch statement. This makes it much clearer - if syntax is case insensitive, use slapi_utf8casecmp - if case sensitive, use strcmp - otherwise, error.
I also found a problem with the ldif2db code, which I uncovered because I added my integer indexes online and did an online import. The db2index code will correctly clear the INDEX_OFFLINE bit after the index is completed, but the ldif2db code will not.
Platforms tested: RHEL5 x86_64
Flag Day: Yes, if you are upgrading and you have integer valued indexes, you will have to remove them and recreate them.
Doc impact: We will have to document this in the release notes.
|
| |
|
|
| |
Summary: Don't try to dlopen ldap SSL libs in ldclt.
|
| |
|
|
| |
Summary: Allow server to start if descriptor related attributes are set too high.
|
| |
|
|
| |
Summary: Performance cleanup of sync code. Improve tombstone search performance.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Show-Stopper - Migration from HP-PARISC DS 6.21 to DS80 on HP-Itaninum
Reviewed by: nhosoi (Thanks!)
Fix Description: These are additional fixes for various and sundry problems:
1) If doing cross platform migration, just use the default db and changelog db dirs
2) If doing same platform migration, try to keep the db dir if the user has changed it. It will usually be changed for a good reason, like moving to a separate device for performance reasons. In order to see if the directory has changed, we need to "normalize" the path in the attribute so that we can compare it correctly.
3) Do not migrate the attributes nsslapd-db-private-import-mem and nsslapd-import-cache-autosize - just use the new default values for these
4) Do not migrate nsslapd-allidsthreshold - this has been removed
5) Add additional error checking and handling when migrating the local.conf information.
6) Change the brand in the sie and isie when migrating.
7) Update the Group in console.conf during migration.
Platforms tested: HP-UX 11.23 IPF64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
| |
Description: Show-Stopper - Migration from HP-PARISC DS 6.21 to DS80 on HP-Itaninum
Fix Description: Cannot start servers until after the data and config has been migrated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Show-Stopper - Migration from HP-PARISC DS 6.21 to DS80 on HP-Itaninum
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) The temp file created to fix nsroot was not owned by the server user, and ldif2db could not open it.
2) The perldap LDIF parser/writer did not correctly handle the version: 1 line in the LDIF file. It outputs dn\nversion: 1 which causes ldif2db to crash.
3) The migrate script could not start the server because it wasn't looking in the fhs-opt location. The real solution is to just have migration start the servers after it migrates them. This assumes the old servers are all shutdown first, which they must be, in order to have a consistent database for migration.
These last two were found and fixed by nhosoi
4) If we transform an attribute to an empty value, this means we want to remove it from the migrated entry. We use the remove method to remove the attribute.
5) The remove method in FileConn was not working. We have to make a clone of the entry that we have removed the attribute from. The process of iterating over the attributes skips deleted ones because of the way the Tie::Hash functions in the Entry class work.
Platforms tested: HP-UX 11.23 IPF64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Handle syncing add opererations that have a ntuniqueid present.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: MMR: Directory updates on same object
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem does appear to be concurrency. I think the original intention of
the urp fixup code was that it should only be run inside the database lock, so
that the database could be restored to a consistent state before the next
operation was processed. However, this requires the database code to know when
the database is already locked, so that if e.g. a modrdn operation needs to
call an internal delete, the database should not be locked again. The flag
OP_FLAG_REPL_FIXUP is used to denote both that the operation is such an
internal operation, and that the database should not be locked again.
There are a couple of cases where these operations can be called from outside
of the database lock:
urp_fixup_rename_entry is called from multimaster_postop_modrdn and
multimaster_postop_delete, both of which are front end post op plugins, not
called from within the database lock. Same with urp_fixup_delete_entry and
urp_fixup_modify_entry. In other cases, such as urp_fixup_add_entry, and other
places where urp_fixup_rename_entry and urp_fixup_modify_entry are called, they
are called from a bepostop plugin function, which is called after the original
database operation has been processed, within the database lock. So the
solution appears to be to move the urp_* functions to the bepostop plugin
functions. One of these functions does an internal search -
urp_get_min_naming_conflict_entry - but it does not appear that search locks
the database, so there was nothing to be done to make it "reentrant".
Without this patch, I can crash the server in a matter of minutes (x86_64
rhel5) using the latest Fedora DS 1.1 code. With the patch, the server runs
for several hours (maybe longer, I had to stop the test).
Also, to really exercise the urp code, I added a rename operation between the
add and delete e.g.
add("ou=test");
rename("ou=test", "ou=test2");
delete("ou=test2");
The server still runs for several hours with no problems.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Show-Stopper - Migration from DS 6.21 to DS80
Reviewed by: nhosoi (Thanks!)
Fix Description: Added a new function migrateNetscapeRoot which will create a temporary LDIF file from the given NetscapeRoot.ldif file. The function will look for all \bNetscape\b occurances and convert them to @capbrand@ where that is defined as the capitalized brand name in configure. It will then import this temporary LDIF file and delete it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
| |
Bug Description: crash at startup with new ldap sdk on 64-bit platform
Reviewed by: nkinder (Thanks!)
Fix Description: Use LBER_SOCKET as the socket type instead of int. There was also a place in ldclt where we were doing the same thing.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Summary: verify-db.pl (db_verify) does not work on a little endian machine
(comment #1-#4)
Description: 1) introducing dbverify mode to ns-slapd.
2) providing new script dbverify to call "ns-slapd dbverify"
3) fixing verify-db.pl to call dbverify instead of db_verify from BDB
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Pass in schema and config LDIF files to setup
Reviewed by: nhosoi (Thanks!)
Fix Description: 1) Allow multi-valued parameters in .inf files and command line. These values will be represented internally as an array ref. No existing parameters allow being multi-valued (e.g. you can't use Suffix=o=foo and Suffix=o=bar)
2) Add two new .inf parameters - SchemaFile and ConfigFile. The files listed in SchemaFile will be copied into the schema subdirectory of the new instance, so they must already be named appropriately (e.g. 60foo.ldif). The files listed in ConfigFile must be LDIF files with one or more whole entries to be added to the initial dse.ldif. These could be additional suffixes/databases to create, plugin configuration, replication configuration, or anything else.
Right now, if you have an LDIF file that relies on custom schema, you cannot use the InstallLdifFile directive during setup. SchemaFile allows you to do that.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Will need to document the two additional parameters.
|
| |
|
|
|
|
| |
Summary: Replication monitor CGI seems misconfigured (comment #1)
1) get_replica: missing return value for the success case
2) support the case "shadowport" is not passed
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: 'Operation Error' encountered during DS6.21 to DS80 cross-platform migration
Reviewed by: nhosoi (Thanks!)
Fix Description: For cross platform migration, we should not migrate the nsslapd-idl-switch setting, we should just use the new default value which is "new".
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Corrected search scope used to find entries to sync in winsync total update protocol.
|
| |
|
|
|
| |
Summary: Migration script references a non-existing directory (comment #22)
Description: introduced ignoreOldEntries not to migrate obsolete config entries.
|
| |
|
|
| |
Summary: Handle syncing multi-valued street attribute to AD.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: This was a big endian vs. little endian issue. We only use name based UUID generation with the reversible password code. This code was not doing the ntoh with the numeric values generated. I'm sure there is probably a compiler warning about this on some platform.
Platforms tested: RHEL5 x86_64, Solaris 9 64-bit
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Migration script references a non-existing directory
Reviewed by: nhosoi (Thanks!)
Fix Description: This fixes a couple of problems.
1) Use the inst_dir from the directory server as the instance dir where the ldif2db script is found.
2) The password for migratecred should be quoted before being passed to the shell, in case there are shell meta chars in there
3) If using cross platform migration, and no LDIF files were found to migrate, this will cause an error message to be printed and migration will be aborted.
Platforms tested: RHEL4 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
