[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'debian-experimental'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Wed Feb 6 11:19:54 UTC 2013
New branch 'debian-experimental' available with the following commits:
commit dade08dae50f8ba86ec2359d97ebe1e58ca982e5
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Mar 6 13:19:14 2013 +0200
control: Bump the policy to 3.9.4, no changes.
commit 6765aa019a8f5022105c02a500c602dc8085fb8c
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Mar 6 12:47:06 2013 +0200
update the changelog
commit c3a1719c07298afa10b09bbb5b0619233d673346
Merge: d3464f7 606cb84
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Wed Mar 6 12:44:59 2013 +0200
Merge branch 'upstream-experimental' into debian-experimental
Conflicts:
Makefile.in
aclocal.m4
config.guess
config.h.in
config.sub
configure
ltmain.sh
commit 606cb848e358b6ca86b6263f5aa77a6be342d509
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed Jan 16 17:35:51 2013 -0800
bump version to 1.3.0.2
(1.3.0.1 is void.)
commit 57f4381395e2181e5610acc715e8c71592616ffd
Author: Nathan Kinder <nkinder at redhat.com>
Date: Wed Jan 16 14:20:14 2013 -0800
Ticket 556 - Don't overwrite certmap.conf during upgrade
The certmap.conf config files were being overwritten with the
default template during upgrade. We need to skip writing the
certmap.conf files if they already exist so config changes are
not lost.
commit 5941a5bf4e7c9970c7e32ddf9d83eb7645b9b710
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Wed Jan 9 13:14:17 2013 -0800
Ticket #542 - Cannot dynamically set nsslapd-maxbersize
Fix description: Based on the proposal made by rmeggins at redhat.com
in the ticket #542, this patch sets maxbersize every time before
reading the client input from the socket.
If the incoming ber size is larger than maxbersize, access log logs:
[..] conn=# op=-1 fd=64 closed error 34 (Numerical result out of range) - B2
And the error log logs:
[..] connection - conn=# fd=# Incoming BER Element was too long, max
allowable is # bytes. Change the nsslapd-maxbersize attribute in
cn=config to increase.
https://fedorahosted.org/389/ticket/542
Reviewed by Rich (Thank you!!)
(cherry picked from commit cce46be3b8cc12ccef8c34024a6ade2c07e28273)
commit 21cade3fed05560a16a401606460b982e5bba70e
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Jan 8 16:18:01 2013 -0800
bump version to 1.3.0.0
commit 302cea43201c09dad0235dca6c734836637c13e2
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Jan 8 11:39:00 2013 -0800
bump version to 1.3.0.rc3
commit 090236b6dd97b16258f3bb03631dabfadef34a99
Author: Nathan Kinder <nkinder at redhat.com>
Date: Fri Jan 4 11:41:48 2013 -0800
Ticket 549 - DNA plugin no longer reports additional info when range is depleted
When the DNA plug-in was modified to allocate range values at the
bepreop phase, it stopped returning detailed error strings to the
client when the range was depleted.
This patch allows our bepreop functions to fill in the error string
that the caller can return to the client.
commit b3e16f033f41834d8469e59f1a1ba885b427a1e8
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Dec 18 16:04:01 2012 -0500
Ticket 541 - need to set plugin as off in ldif template
Reviewed by: richm(Thanks)
(cherry picked from commit 1f7195980fa7073f88ba04fce74b62b07e43e143)
commit b12e69e0fbd9cf14d3b4b74f8424c7658fa1a6f3
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Dec 18 14:41:52 2012 -0500
Ticket 541 - RootDN Access Control plugin is missing after upgrade
Created the upgrade ldif: 50rootdnaccesscontrolplugin.ldif
https://fedorahosted.org/389/ticket/541
Reviewed by: richm(Thanks)
(cherry picked from commit d0ee60fafdf62bdbbcde31281d25a58a75aaffa8)
commit d3464f7e33807fb9d0bb72cb9c4edd6cdfd8e237
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Dec 18 11:46:34 2012 +0200
update the version
commit 1daba3b79183fe013b83344fa52364253e776773
Merge: 08cc67e 94e25a1
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Dec 18 10:16:54 2012 +0200
Merge branch 'upstream-experimental' into debian-experimental
Conflicts:
Makefile.in
aclocal.m4
config.guess
config.h.in
config.sub
configure
ltmain.sh
commit 94e25a13de0afa578c4837a0a5897ee3637e8d57
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Fri Dec 14 12:06:13 2012 -0800
bump version to 1.3.0.rc2
commit f503882ba230c6dee2075e1491fb75bc0711cc28
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Thu Dec 13 17:29:32 2012 -0800
Trac Ticket #497 - Escaped character cannot be used in the substring search filter
https://fedorahosted.org/389/ticket/497
Bug description: Previous commit de8fd7d0e596e4de885b4dda6bf5329469880c45
for Ticket 328 introduced this bug. Only a string format filter
for logging needs to be escaped, but the above commit accidentally
applied the escaped filter to the real filter.
Fix description: This patch did undo the escape on the real filter.
(cherry picked from commit 8ff26ec960277dcfb44586d05949e24f3f85c277)
commit 69d2dd5ee31a0587dbbb6ec2d49a27179ca699ab
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Thu Dec 13 17:13:20 2012 -0800
Ticket 509 - lock-free access to be->be_suffixlock
Fix Description:
Previous commit 1b6f39cbb800b9c70abff1d025fecdd812a5b7b6 had a malloc
size problem. Instead of the size of pointer, the size of struct
suffixlist has to be allocated.
(cherry picked from commit 5bd932e0ebe6873f743b31b600b2a32982dd01db)
commit 6afa80ab7cc302d98dda68f4dd11bf720fceed69
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Thu Dec 13 16:52:08 2012 -0800
Trac Ticket #522 - betxn: upgrade is not implemented yet
https://fedorahosted.org/389/ticket/522
Description: 389-ds-base-1.3.0 supports slapi transactions.
Some default plugins which take advantage of the feature require
the plugin configuration entry change. This patch provides the
upgrade tool 20betxn.pl which is called from "setup-ds.pl -u".
(cherry picked from commit 87636bd304b2479b8489c3683716d715c99c3494)
commit 6ee822f1549ff60e1d3a5993930339557aa3ce7b
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Tue Dec 11 14:32:48 2012 -0800
bump version to 1.3.0.rc1
commit bf03b790e4354326f15435a124810d546f413345
Author: Rich Megginson <rmeggins at redhat.com>
Date: Tue Dec 11 13:21:19 2012 -0700
Ticket #322 - Create DOAP description for the 389 Directory Server project
https://fedorahosted.org/389/ticket/322
Reviewed by: n/a
Branch: master
Fix Description: Created DOAP file for 389
Platforms tested: n/a
Flag Day: no
Doc impact: no
commit d59f687e2aace66ab43aabe57c9ccc96901d6cfe
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Fri Nov 16 09:56:58 2012 -0800
Trac Ticket #499 - Handling URP results is not corrrect
https://fedorahosted.org/389/ticket/499
Bug description: When an urp resolution occurred as follows
[] - urp_delete: Entry "nsuniqueid=<UNIQID>,uid=<UID>,o=<ORG>"
is already a Tombstone.
the operation should be skipped in the backend, but should return
SUCCESS to the supplier. Otherwise, the supplier continues to
send the relay and the replication stops there.
Fix description: This patch introduced SLAPI_PLUGIN_NOOP (-2)
to the bepre and betxnpre plugin return value set (SLAPI_
PLUGIN_SUCCESS == 0; SLAPI_PLUGIN_FAILURE == -1). If SLAPI_
PLUGIN_NOOP is returned, the backend code skips the operation,
but it returns SUCCESS. Note that urp is only executed on the
replicated operation (not on the end user ones).
commit 1b6f39cbb800b9c70abff1d025fecdd812a5b7b6
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Dec 11 14:20:38 2012 -0500
Ticket 509 - lock-free access to be->be_suffixlock
Bug Description: This is an amendment to the first patch which was not safe
because of the reallocation of the suffix list
Fix Description: Use a linked list instead of a pointer array, as the array needs to
be reallocated which each add.
https://fedorahosted.org/389/ticket/509
Reviewed by: Noriko, and Rich (Thanks!)
commit fc80262eaade94d47f12228036d23643cfcb9b98
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Fri Dec 7 15:12:54 2012 -0500
Ticket 456 - improve entry cache sizing
Bug Description: Entry cache sizing should be done outside of the lock
Fix Description: Moved the sizing outside the lock. Saw improved numbers
in callgrind, and less contention as well.
https://fedorahosted.org/389/ticket/456
Reviewed by: richm(Thanks!)
commit 08cc67e4d939a3ba7e8e092341ab619c10291030
Merge: 16f5d44 5a4d41e
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Dec 11 14:42:23 2012 +0200
Merge branch 'debian-unstable' into debian-experimental
commit 16f5d44b14468c72231f4f931d62470f972a1d6d
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Dec 11 14:34:58 2012 +0200
update the version
commit d35269060d46f6705e8b5e9c8c7f0373f6168fd2
Merge: d8d2252 bd66709
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Dec 11 14:33:30 2012 +0200
Merge branch 'debian-unstable' into debian-experimental
Conflicts:
config.h.in
configure
commit d8d225267edb14ec5adf57e12d56d7fb6fbcd127
Merge: b3a0ab7 85261ef
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Dec 11 14:33:06 2012 +0200
Merge branch 'upstream-unstable' into debian-experimental
commit b3a0ab786091705883bec5315c9b74e025ad211a
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Mon Dec 10 15:08:05 2012 -0800
Trac Ticket #531 - loading an entry from the database should use str2entry_f
https://fedorahosted.org/389/ticket/531
Description: Based upon the comments by Rich Megginson (Thanks!!),
changing the newly introduced macro to all upper case. Plus, it
was pointed out that the meaning of the macro name was opposite.
Fixing these 2 issues, this patch replaces the macro str2entry_
can_use_fast with STR2ENTRY_CANNOT_USE_FAST.
commit dc33f18501bce10785f9a254a95ad73dd1069312
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Mon Dec 10 11:12:06 2012 -0800
Trac Ticket #536 - Clean up compiler warnings for 1.3
https://fedorahosted.org/389/ticket/536
Description: Cleaning up compiler warnings by:
- declaring config_get_schemamod in proto-slap.h
- putting parentheses around assignment
- explicitly casting to discard 'const'
commit 7af4fc1cafc1b5a7c68b7a90fd90523a18e9c71e
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Mon Dec 10 10:37:24 2012 -0800
Trac Ticket #531 - loading an entry from the database should use str2entry_fast
https://fedorahosted.org/389/ticket/531
Bug Description: When loading an entry from the backend, it
is known to be well formed and str2entry_fast() could be used,
but always str2entry_dupcheck() is called. The reason is that
id2entry() sets the flag SLAPI_STR2ENTRY_NO_ENTRYDN and this
flag is not contained in the set of flags known to be handled
by str2entry_fast() although it does have code for this flag.
Fix Description: This patch is adding flags SLAPI_STR2ENTRY_
NO_ENTRYDN and SLAPI_STR2ENTRY_DN_NORMALIZED to the local
macro SLAPI_STRENTRY_FLAGS_HANDLED_IN_SLAPI_STR2ENTRY,
which is used to determine the string formatted entry can be
processed by str2entry_fast or not. Also, this patch defines
a macro str2entry_can_use_fast to increase the code readability.
commit cd6a6dd804d63bb389c1916c8ea090977bf601a0
Merge: 4e9aab8 06a26b6
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Mon Dec 10 12:10:29 2012 -0500
Merge branch 'ticket509'
commit 06a26b6cdbd7d7afbca8e0060bcd51f4993e7e0d
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Mon Dec 10 12:09:09 2012 -0500
Ticket 509 - lock-free access to be->be_suffixlock
Bug Description: Remove locking around the be_suffixcount
Fix Description: Use atomic counter for the suffix count, and remove
the lock. The "count" is all we need to safely transverse
the array.
https://fedorahosted.org/389/ticket/509
Reviewed by: Ludwig & richm(Thanks!)
commit 4e9aab8a172c8636ea78a9d1230c78c76268efd7
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Dec 6 14:52:40 2012 -0500
Ticket 527 - ns-slapd segfaults if it cannot rename the logs
Bug Description: If we can not rename a log file, triggered by log rotation,
we try and log a message stating this error, but trying to
log this new message triggers log rotation again. This leads
to an infinite loop and a stack overflow.
Fix Description: Created a new logging function that does not do a rotation check.
We use this new function for all emergency error logging.
https://fedorahosted.org/389/ticket/527
Reviewed by: richm(Thanks!)
commit e3aac6618a00236b73e44b99d15abed647708187
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed Dec 5 17:43:30 2012 -0500
Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't
Bug Description: The root DSE lists all the mechanisms the SASL library can handle (sasl_listmech), but that's
not necessarily what the server/co-products can support (e.g. communicating with IPA).
Fix Description: Added new config setting to specifiy the SASL mechanisms that are allowed. If none are specified,
than all are allowed. This setting now impacts the SASL callback SASL_CB_GETOPT(ids_sasl_getopt), so
it applies to all SASL operations. So, the root DSE information is correct, and you can now control
what mechanisms the server actually allows.
https://fedorahosted.org/389/ticket/395
Reviewed by: richm(Thanks!)
commit b3a2f4010d4eae7bd62a0c09576b1a643eca3901
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Nov 29 10:49:33 2012 -0500
Ticket 216 - disable replication agreements
Bug Description: Objectclass violation when trying to add "nsds5ReplicaEnabled"
to a winSync agmt.
Fix Description: Add this attribute to the "MAY" list for objectclass: nsDSWindowsReplicationAgreement
https://fedorahosted.org/389/ticket/216
Reviewed by: richm(Thanks)
commit b3ca9eec5d50c2ca503582e55b6681b9b3ad6ad3
Author: Ludwig Krispenz <lkrispen at redhat.com>
Date: Fri Nov 23 11:15:52 2012 +0100
Ticket 518 - dse.ldif is 0 length after server kill or machine kill
Bug Description: If a machine is powered off while slapd is running, dse.ldif can have 0 bytes and
server doesn't start even if a dse.ldif.tmp or dse.ldif.bak exists
Fix Description: I see no way to prevent a 0 byte ldif in case of a machine crash from slapd code,
but the server should try all avaialble backup dse.ldif files to be able to start,
https://fedorahosted.org/389/ticket/518
Reviewed by: RichM (Thanks)
commit 8799a86f36c40169f9077d1e836ba1b4f32080d7
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Nov 27 15:16:45 2012 -0500
Ticket 393 - Change in winSyncInterval does not take immediate effect
Bug Description: If you change the sync interval you must restart the DS for
it to take effect.
Fix Description: When we change certain config settings(like the interval), notify
the repl protocol that the agmt has changed. This iputs the incr_run
into the START state where we will pick the interval change.
We do not want to notify the protocol when updating these attributes:
nsds7WindowsReplicaSubtree
nsds7DirectoryReplicaSubtree
nsds7WindowsDomain
Notifying the protocol automatically triggers these attributes to be
updated, so we don't want to renotify the protocol and end up in an
infinite loop.
https://fedorahosted.org/389/ticket/393
Reviewed by: richm(Thanks!)
commit 2b98d672c11a5e4111e5d22a322f4e8a414ca104
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Nov 27 10:24:02 2012 -0500
Ticket 20 - Allow automember to work on entries that have already been added
Bug Description: If the server can not open a ldif for reading(mapping task), an
incorrect error and file name is returned.
Fix Description: Report the correct file name, and correctly grab the OS error/string.
Also made slapd_pr_strerr() and slapd_system_strerr() public, so I
refactored the function names to be "slapi_" - so a lot of files are
touched but the main change for this ticket is still in automember.c
https://fedorahosted.org/389/ticket/20
Reviewed by: richm(Thanks)
commit 4850b2720a6d2a1cf65b2cbfa296e37f04f85c5d
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Mon Nov 26 11:04:36 2012 -0500
Coverity Fixes
12626
13030
13114
13115
13116
Reviewed by: richm (Thanks Rich!)
commit da4e8686e530757e6c1005588e5e0c4e185f12e1
Author: Ludwig Krispenz <lkrispen at redhat.com>
Date: Wed Nov 21 10:08:45 2012 +0100
Ticket 349 - nsViewFilter syntax issue in 389DS 1.2.5
Bug Description: current nsViewFilter syntax is IA5string, this is too restictive
for definition of views in DIT using international chareacters
Fix Description: change syntax of nsViewFilter to directory string
NOTE: there could be deployments relying on the case sensitivity of IA5string
although not very likely. Probably need to doc in RN
https://fedorahosted.org/389/ticket/349
Reviewed by: ?
commit ecbd8b7513d05dab5876a88ca56b102c08a7a67c
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Nov 20 16:14:42 2012 -0500
Ticket 337 - improve CLEANRUV functionality
Bug Description: Without anonymous access allowed, then task could not
contact other servers and retrieve data(ruv, maxcsns, etc).
Fix Description: Changed all communication to use extended operations, and improved
sychronization between the replicas.
https://fedorahosted.org/389/ticket/337
Reviewed by: richm(Thanks Rich!)
commit f102eb72cf8928a585a33423124c2c98a2048bce
Author: Ludwig Krispenz <lkrispen at redhat.com>
Date: Mon Nov 19 13:48:23 2012 +0100
Fix for ticket 504
commit ecf3cc3436accbae478ebe0774e817ead91c6fdf
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Mon Nov 19 15:52:32 2012 -0500
Ticket 394 - modify-delete userpassword
Bug Description: Attempting to delete a specific user password results in an error 16 - if
you are not using clear-text password storage scheme.
Fix Description: The error is caused because it can not find a userpassword attr with
the clear-text password - as its usually encoded. If you know the correct
userpassword encoded value to delete, then you won't get an error 16, but
the unhashed userpassword will not be removed.
This fix checks the scheme of the password value to delete, then compares it
to all the userpassword attrs. Once we find a match, we change the "value to delete"
to the encoded value.
If you do supply an encoded password value to delete, we do the opposite. We
grab all the clear-text unhashed userpasswords from the password entry extension.
Then we compare each one to the hashed value. If we have a match, we know which
unhashed userpassword to delete.
Also, added a check to make sure we don't add encoded values to the unhashed_password
extension.
https://fedorahosted.org/389/ticket/394
Reviewed by: richm (Thank you)
commit 32ab01f55684859213bfebf8190b82ba84f374c5
Author: Rich Megginson <rmeggins at redhat.com>
Date: Thu Oct 25 17:16:08 2012 -0600
minor fixes for bdb 4.2/4.3 and mozldap
commit 48b35ec4e48a38c257d5b9a5d2ef584661895261
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Sun Oct 14 16:46:16 2012 -0700
Trac Ticket #276 - Multiple threads simultaneously working on
connection's private buffer causes ns-slapd to abort
https://fedorahosted.org/389/ticket/276
Bug description: When a connection is to be released, the current
code releases the connection object before making it readable,
which leaves a small window for multiple threads accessing the
same private buffer.
Fix description: This patch moves the location of releasing the
connection object after the connection is readable.
commit 2f1021c8253ffe8c21e2a1e1a10a7953bda64948
Author: Ludwig Krispenz <lkrispen at redhat.com>
Date: Fri Nov 16 16:58:35 2012 +0100
Fix for ticket 465: cn=monitor showing stats for other db instances
Check that part of the db file name that matches is the full db dir name
commit e53973451dc8dbdd9e8829a1d86a2cd7a14733fe
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Thu Nov 15 12:57:35 2012 -0500
Ticket 507 - use mutex for FrontendConfig lock instead of rwlock
Bug Description: There was a lot of contention over the read/write lock
for the frontend config
Fix Description: Updated the macros to use a simple lock.
https://fedorahosted.org/389/ticket/507
Reviewed by: noriko(Thanks!)
commit 49b7b668953f576040f308081e1920a325f49971
Author: Ludwig Krispenz <lkrispen at redhat.com>
Date: Fri Nov 16 14:13:27 2012 +0100
Fix for ticket 510
Avoid creating an attribute just to determine the syntax for a type, look up the syntax directly by type
commit e754339c441ea30b5c555171e6723ea74375d523
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Wed Nov 14 13:41:30 2012 -0800
Coverity defect: Resource leak 13110
This commit 94b123780b21e503b78bceca9d60904206ef91fa
introduced the resource leak.
Trac Ticket #447 - Possible to add invalid attribute
to nsslapd-allowed-to-delete-attrs
Fix description: This patch calls slapi_ch_array_free for the
allocated charray "allowed".
commit d97835969db3e957032c52ac317699354299c07c
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed Nov 14 15:18:57 2012 -0500
Ticket 517 - crash in DNA if no dnaMagicRegen is specified
Bug Description: There are several places where we deference config_entry->generate
Fix Description: Properly check for NULL, and allow the update of dnaType.
https://fedorahosted.org/389/ticket/517
Reviewed by: richm(Thanks Rich)
commit 40e68b18dae23a21654719a742419f172aa54806
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Wed Nov 14 10:49:35 2012 -0800
Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry
https://fedorahosted.org/389/ticket/520
Fix description: The code to check if the new superior entry exists
or not was returning the "No such object" error only when the op
was requested by the directory manager. This patch is removing
the condition so that whoever the requester is, it returns the error.
commit f026ef0447b18994e0e9b847698703436e874f84
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Nov 13 18:01:57 2012 -0800
Trac Ticket #519 - Search with a complex filter including range search is slow
https://fedorahosted.org/389/ticket/519
Bug description: If a filter contains a range search, the
search retrieves one ID per one idl_fetch and merge it to
the idlist using idl_union, which is slow especially when
the range search result size is large.
Fix description: When the idlist size is larger than nsslapd-
lookthroughlimit, the range search returns ALLID (default
value of nsslapd-lookthroughlimit is 5000). Then, the range
search filter is evaluated before returning to the client.
If the default value of nsslapd-lookthroughlimit can be used,
the search elapsed time is much shorter than generating a
complete idlist in index_range_read_ext. Since the nsslapd-
lookthroughlimit is shared among all the search operations,
larger value might be required for other cases. To have its
own control, this patch introduces a new config parameter
nsslapd-rangelookthroughlimit for the range search.
Also, this patch replaced idl_union in index_range_read_ext
with idl_append_extend and sort the idlist at the end. It
improves the range search, but it is still slower than just
returning ALLID for the large range search.
commit 19e49e69124ff19530a584f90808aa652a4c686f
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Tue Nov 13 11:21:26 2012 -0800
Trac Ticket #500 - Newly created users with
organizationalPerson objectClass fails to sync from AD to DS with missing attribute error
https://fedorahosted.org/389/ticket/500
Bug description: Posix Account objectclass requires homeDirectory,
uidNumber, and gidNumber. When an AD entry has just some of these
attributes or other allow-to-have attributes, i.e., loginShell or
gecos, the entry is incompletely converted to Posix Account entry
and fails to be added due to the missing attribute error.
Fix description: Before transforming the AD entry to the DS posix
account entry, check the required attributes first. If any of the
above 3 attributes is missing, all of the posix account related
attributes are dropped and added to the DS as a non-posix account
entry. If the PLUGIN log level is set, this type of message is
logged in the error log.
[] posix-winsync - AD entry CN=<CN>,OU=<OU>,DC=<DC>,DC=<COM> does
not have required attribute uidNumber for posixAccount objectclass.
commit 8a9684ff9cadddc58de3a849c1e875955ea16128
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Fri Nov 9 10:52:38 2012 -0800
Trac Ticket #311 - IP lookup failing with multiple DNS
entries
https://fedorahosted.org/389/ticket/311
Bug description: DNS keyword in ACI only accepted an FQDN returned
from gethostbyaddr. If an alias hostname was set in an ACI, a request
sent from the host was treated as the one from the primary hostname
and it failed to get the expected access rights.
Fix description: This patch turns the "dns" keyword covers the alias
hostnames, as well. In addition to the primary hostname, by setting
the secondary hostnames as dns, clients requests would obtain the
expected access rights. When an IP address is associated with multiple
hostnames (primary: hostA, aliases: hostB and hostC), they could be
listed, for instance, in an aci as follows:
aci: (targetattr = "*") (version 3.0;acl "dns example";allow (all)
dns="hostA.example.com" or dns="hostB.example.com" or dns="hostC.
example.com";)
commit 94b123780b21e503b78bceca9d60904206ef91fa
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Wed Nov 7 17:21:09 2012 -0800
Trac Ticket #447 - Possible to add invalid attribute
to nsslapd-allowed-to-delete-attrs
https://fedorahosted.org/389/ticket/447
Fix description: This patch is adding a code to check if the value
of config parameter nsslapd-allowed-to-delete-attrs includes any
invalid attributes or not. If it does, the server ignores the
invalid ones, and the following search returns only the valid
attributes. Also, it is logged in the error log:
nsslapd-allowed-to-delete-attrs: Unknown attribute bogus will be
ignored
commit 90dd9bb3c1411daca353d055d90618e67aa1fa7e
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Tue Nov 6 18:15:46 2012 -0800
Trac Ticket #443 - Deleting attribute present in
nsslapd-allowed-to-delete-attrs returns Operations error
https://fedorahosted.org/389/ticket/443
Bug Description: Even if setting a config parameter to nsslapd-
allowed-to-delete-attrs, the value failed to delete if the type
was on|off or integer.
Fix Description: Store all the initial config param values in
ConfigList. If the attribute value is deleted, reset the initial
value.
commit e3357b44187acf3f43ad52a62c78911bea620b88
Author: Nathan Kinder <nkinder at redhat.com>
Date: Tue Nov 6 07:58:58 2012 -0800
Ticket #503 - Improve AD version in winsync log message
When enabling replication level logging, winsync prints out what
version of Windows/AD it detects. If it detects win2k3 or later, it
prints out "detected win2k3 peer". This can be confusing if you are
running a later version, such as win2k8. The code is really trying
to detect if we can use certain operations that only started being
supported in win2k3. This patch changes the message to match this
logic by printing "detected win2k3 or later peer".
commit 996034bc98d0f2ef33bdf70ae226fd4410b88075
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Fri Nov 2 16:43:48 2012 -0700
Trac Ticket #190 - Un-resolvable server in replication
agreement produces unclear error message
https://fedorahosted.org/389/ticket/190
Fix description: This patch retrieves more info such as hostname
and error code from getaddrinfo in case ldap_sasl_bind does not
return any useful information about the failure. E.g.,
Error: could not send bind request for id [(anon)] mech [EXTERNAL]:
error -1 (Can't contact LDAP server)
-5987 (Invalid function argument.)
-2 (Name or service not known "your_host_name")
Error: could not send bind request for id [<binddn>] mech [SIMPLE]:
error -1 (Can't contact LDAP server)
-5987 (Invalid function argument.)
107 (Transport endpoint is not connected "your_host_name")
commit e229bb45b418371d83af302f3d24f881ca32bd41
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Fri Nov 2 14:36:38 2012 -0700
Coverity fixes
13107,13108: Explicit null deferenced
Bug description: "Explicit null dereferenced" error was introduced
by commit 7f81635990fa340e2db5c1b14a8d1ba10fa53887
Trac Ticket #391 - Slapd crashes when deleting backends
while operations are still in progress
Fix description: Added codes to check if the inst variable is NULL
or not. If NULL, skip accessing the instance variable and return
an error.
commit 7f81635990fa340e2db5c1b14a8d1ba10fa53887
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Fri Oct 26 12:09:18 2012 -0700
Trac Ticket #391 - Slapd crashes when deleting backends
while operations are still in progress
https://fedorahosted.org/389/ticket/391
Bug Description: Deleting backend code ldbm_instance_delete_instance_
entry_callback had no checking for the ordinary operations accessing
the backend instance. Even if some operations are still in progress,
the backend instance could be deleted and it crashes the server.
Fix Description: Backend struct ldbm_instance had a member inst_ref_
count, which was not used. This patch converts the type PRInt32 to
Slapi_Counter and increments it when the backend instance is in use.
The delete code checks the counter and if it is greater than 0, it
returns SLAPI_DSE_CALLBACK_ERROR.
commit caf2febf0d8c9f31e1cc2ca9404465eaf10eaf63
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Tue Oct 30 13:03:22 2012 -0700
Trac Ticket #448 - Possible to set invalid macros in Macro ACIs
https://fedorahosted.org/389/ticket/448
Bug description: Syntax checking code in acl did not check the
macro syntax. Thus, invalide macro such as ($bogus.description)
could have been unexpectedly added.
Fix description: This patch adds the checking code: If acl contains
a keyword starting with "($" or "[$", only one of "($dn)", "[$dn]",
or "($attr." is allowed.
commit 47c0d96ac28c0b1cc15e7bbb77648551c309ccf5
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Mon Oct 29 10:55:05 2012 -0700
Trac Ticket #498 - Cannot abaondon simple paged result search
https://fedorahosted.org/389/ticket/498
Bug Description: The enhancement "Ticket #260 - 389 DS does not
support multiple paging controls on a single connection (commit
add880accaa28de8304da1c2c2f58fe8af002ebb)" broke the ability to
abandon the on-going simple paged result search.
1) The abandon request expects the operation exist. When sending
an abort request, the search operation could have already finished
and the operation object has been released.
2) Plus, request page size is 0, it should be interpreted as abandoned.
Fix Description:
1) In do_abandon, this patch eliminates to check if the operation
is a simplepaged results oriented or not, since the operation object
is often already released. Instead, it directly checks the internal
paged results info in the connection object.
To make sure the abandoned search won't go further, a flag value
CONN_FLAG_PAGEDRESULTS_ABANDONED is introduced. If it is set in
the pagedresults structure in the connection object, it skips any
further process of the search.
2) This patch is adding a check if the given page size is 0 in the
simple-paged-results control or not. If it is 0, treat is as an
abandoned operation.
commit 544f027193139a109aeb14145ae1d77c4bdcc618
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Fri Oct 26 18:18:15 2012 -0700
Coverity defects
History:
The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481
"expand nested posix groups" introduced 4 coverity defects. Commit for
the fixing patch e9941a2915ac848abe9a4afe802d0432aa0c354a failed to solve
13102: Resource leak.
Fix Description: This patch explicitly calls slapi_valueset_free for
the leak reported object muid_old_vs.
commit b963576d2758d29e8d21297e8f763d0373895b9f
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed Oct 24 11:14:21 2012 -0700
Trac Ticket #494 - slapd entered to infinite loop during new index addition
https://fedorahosted.org/389/ticket/494
Bug Description: An entry which rdn is nsuniqueid=...,nsuniqueid=...
was accidentally generated. It broke the entryrdn tree and put
the reindex and export into the the infinite loop.
Fix Description: Added an missing check if the retrieved entry is
already an tombstone or not. This tombstone is the one converted
by the entryusn plugin. Please note that replication has an urp
code which handles such conflicts.
commit 927b0efb4291e1d514c1bab4fb20ec8bdf8eab10
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Thu Oct 25 10:13:08 2012 -0700
Fixing compiler warnings in the posix-winsync plugin
The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481
"expand nested posix groups" introduced these compiler warnings.
1) posix-grou-func.c
. added missing format strings "%s" in searchUid.
. added a function declaration hasObjectClass.
. replaced an obsolete api escape_filter_value with slapi_escape_
filter_value.
. eliminated an unused variable uid_dn_value.
2) posix-group-task.c
. replaced an obsolete api escape_filter_value with slapi_escape_
filter_value.
commit e9941a2915ac848abe9a4afe802d0432aa0c354a
Author: Noriko Hosoi <nhosoi at totoro.usersys.redhat.com>
Date: Wed Oct 24 15:27:48 2012 -0700
Coverity defects
The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481
"expand nested posix groups" introduced 4 coverity defects.
Description:
13100, 13101: Missing return statement
Fix description: addUserToGroupMembership and propogateDeletion-
UpwardCallback are declared to return an integer value, but
nothing was returned. This patch changes it to return 0.
13102: Resource leak
Fix description: The memory of valueset muid_old_vs is internally
allocated. It was meant to be set to muid_upward_vs and freed
together when muid_upward_vs is freed. But due to the function
calling order, it was not properly set and it lost the chance to
be freed. This patch calls slapi_attr_get_valueset prior to
slapi_valueset_set_valueset and let free muid_old_vs together
with slapi_valueset_set_valueset.
13103: Uninitialized pointer read
Fix description: Possibly uninitialized variable was passed to
a logging function slapi_log_error, but actually it was not
referred. With this patch, the variable filter is no longer to
passed to the function.
commit 8639c035050484bd5a8f31bb70874d593cd1585e
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Mon Oct 22 16:17:42 2012 -0400
Ticket 147 - Internal Password Policy usage very inefficient
Bug Description: When updating a userpassword, the passwordPolicy struct is allocated & freed 5 to 7 times.
Fix Description: Store the passwordPolicy struct in the pblock, and when we try and create a new policy struct,
return the one in the pblock.
https://fedorahosted.org/389/ticket/147
Reviewed by: richm(Thanks!)
commit f33e73fe45225c0c7413d74dc846cead3214a404
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Fri Oct 19 15:55:54 2012 -0400
Ticket 495 - internalModifiersname not updated by DNA plugin
Bug Description: If you are using the "nsslapd-plugin-binddn-tracking", and the DNA plugin
modifiers the entry, the internalmodifiersname is not updated.
Fix Description: This is because the DNA plugin directly modifies the entry, and does not
use the internal modify functions that would trigger the last mod attributes
to be updated. So we have to call the last mod update function directly from
the dna plugin.
There is also a slight change to the behavior now. The internalModifiersname &
internalCreatorsname will never be the bind dn, but instead it will be the plugin
that actually did the update. So if a entry was not touched by a DS plugin, then
the "database" plugin would be the internal modifier/creator:
More information about the Pkg-fedora-ds-maintainers
mailing list