[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Mon Aug 29 07:56:43 UTC 2016
Makefile.am | 3
VERSION.sh | 2
debian/changelog | 7
debian/patches/support-non-nss-libldap.diff | 60
dirsrvtests/create_test.py | 171 +
dirsrvtests/tests/suites/paged_results/paged_results_test.py | 1138 ++++++++++-
dirsrvtests/tests/suites/paged_results/sss_control.py | 127 +
dirsrvtests/tests/suites/password/pwp_history_test.py | 264 ++
dirsrvtests/tests/tickets/ticket1347760_test.py | 440 ++++
dirsrvtests/tests/tickets/ticket47462_test.py | 160 +
dirsrvtests/tests/tickets/ticket48109_test.py | 41
dirsrvtests/tests/tickets/ticket48497_test.py | 4
dirsrvtests/tests/tickets/ticket48745_test.py | 2
dirsrvtests/tests/tickets/ticket48746_test.py | 2
dirsrvtests/tests/tickets/ticket48755_test.py | 261 ++
dirsrvtests/tests/tickets/ticket48798_test.py | 141 +
dirsrvtests/tests/tickets/ticket48799_test.py | 170 +
dirsrvtests/tests/tickets/ticket48808_test.py | 337 +++
ldap/admin/src/logconv.pl | 60
ldap/admin/src/scripts/91reindex.pl.in | 103
ldap/admin/src/scripts/91subtreereindex.pl | 8
ldap/admin/src/scripts/repl-monitor.pl.in | 72
ldap/admin/src/scripts/setup-ds.res.in | 1
ldap/ldif/template-dse.ldif.in | 1
ldap/schema/01core389.ldif | 6
ldap/servers/plugins/replication/cl5_api.c | 171 -
ldap/servers/plugins/replication/cl5_clcache.c | 292 +-
ldap/servers/plugins/replication/cl5_clcache.h | 2
ldap/servers/plugins/replication/repl5.h | 14
ldap/servers/plugins/replication/repl5_inc_protocol.c | 106 -
ldap/servers/plugins/replication/repl5_plugins.c | 3
ldap/servers/plugins/replication/repl5_replica.c | 137 +
ldap/servers/plugins/replication/repl5_replica_config.c | 32
ldap/servers/plugins/replication/repl5_tot_protocol.c | 169 +
ldap/servers/plugins/replication/repl_globals.c | 1
ldap/servers/slapd/back-ldbm/back-ldbm.h | 6
ldap/servers/slapd/back-ldbm/dblayer.c | 5
ldap/servers/slapd/back-ldbm/dn2entry.c | 17
ldap/servers/slapd/back-ldbm/filterindex.c | 21
ldap/servers/slapd/back-ldbm/findentry.c | 139 +
ldap/servers/slapd/back-ldbm/idl_new.c | 87
ldap/servers/slapd/back-ldbm/import-threads.c | 7
ldap/servers/slapd/back-ldbm/index.c | 22
ldap/servers/slapd/back-ldbm/init.c | 2
ldap/servers/slapd/back-ldbm/ldbm_add.c | 21
ldap/servers/slapd/back-ldbm/ldbm_attr.c | 18
ldap/servers/slapd/back-ldbm/ldbm_bind.c | 11
ldap/servers/slapd/back-ldbm/ldbm_compare.c | 2
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 9
ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 6
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 30
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 17
ldap/servers/slapd/back-ldbm/ldbm_search.c | 35
ldap/servers/slapd/back-ldbm/misc.c | 3
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 14
ldap/servers/slapd/back-ldbm/vlv_srch.c | 2
ldap/servers/slapd/bind.c | 126 -
ldap/servers/slapd/daemon.c | 226 --
ldap/servers/slapd/defbackend.c | 82
ldap/servers/slapd/entry.c | 4
ldap/servers/slapd/modify.c | 4
ldap/servers/slapd/opshared.c | 11
ldap/servers/slapd/pagedresults.c | 5
ldap/servers/slapd/pblock.c | 13
ldap/servers/slapd/proto-slap.h | 1
ldap/servers/slapd/pw.c | 33
ldap/servers/slapd/result.c | 27
ldap/servers/slapd/saslbind.c | 4
ldap/servers/slapd/schema.c | 66
ldap/servers/slapd/slap.h | 5
ldap/servers/slapd/slapi-plugin.h | 9
ldap/servers/slapd/slapi-private.h | 1
ldap/servers/slapd/ssl.c | 77
ldap/servers/slapd/task.c | 346 +++
ldap/servers/slapd/tools/ldclt/ldcltU.c | 2
man/man1/ldclt.1 | 2
man/man1/repl-monitor.1 | 58
wrappers/systemd.template.sysconfig | 3
78 files changed, 5089 insertions(+), 998 deletions(-)
New commits:
commit e57b626da6399a744fc0476d2c9ae58d894c1c8f
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Mon Aug 29 10:56:16 2016 +0300
releasing package 389-ds-base version 1.3.4.14-1
diff --git a/debian/changelog b/debian/changelog
index 636e692..be6c2f7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,9 @@
-389-ds-base (1.3.4.14-1) UNRELEASED; urgency=medium
+389-ds-base (1.3.4.14-1) unstable; urgency=medium
* New upstream release.
* support-non-nss-libldap.diff: Refreshed.
- -- Timo Aaltonen <tjaalton at debian.org> Fri, 19 Aug 2016 09:58:10 +0300
+ -- Timo Aaltonen <tjaalton at debian.org> Mon, 29 Aug 2016 10:17:41 +0300
389-ds-base (1.3.4.9-1) unstable; urgency=medium
commit 2a01d3f6c8e0fc2563e2209e0d8fa32220270d42
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Aug 19 10:09:38 2016 +0300
support-non-nss-libldap.diff: Refreshed.
diff --git a/debian/changelog b/debian/changelog
index e103eb1..636e692 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
389-ds-base (1.3.4.14-1) UNRELEASED; urgency=medium
* New upstream release.
+ * support-non-nss-libldap.diff: Refreshed.
-- Timo Aaltonen <tjaalton at debian.org> Fri, 19 Aug 2016 09:58:10 +0300
diff --git a/debian/patches/support-non-nss-libldap.diff b/debian/patches/support-non-nss-libldap.diff
index 5ae9a46..9e654ef 100644
--- a/debian/patches/support-non-nss-libldap.diff
+++ b/debian/patches/support-non-nss-libldap.diff
@@ -61,13 +61,13 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
attributeTypes: ( 2.16.840.1.113730.3.1.2091 NAME 'nsslapd-suffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )
attributeTypes: ( 2.16.840.1.113730.3.1.2092 NAME 'nsslapd-ldapiautodnsuffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )
attributeTypes: ( 2.16.840.1.113730.3.1.2095 NAME 'connection' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )
-@@ -293,8 +296,8 @@ objectClasses: ( 2.16.840.1.113730.3.2.1
+@@ -295,8 +298,8 @@ objectClasses: ( 2.16.840.1.113730.3.2.1
objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' )
--objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher) X-ORIGIN 'Netscape' )
+-objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ allowWeakDHParam ) X-ORIGIN 'Netscape' )
-objectClasses: ( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsSSLToken $ nsSSLPersonalityssl $ nsSSLActivation ) X-ORIGIN 'Netscape' )
-+objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ CACertExtractFile ) X-ORIGIN 'Netscape' )
++objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher $ allowWeakDHParam $ CACertExtractFile ) X-ORIGIN 'Netscape' )
+objectClasses: ( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsSSLToken $ nsSSLPersonalityssl $ nsSSLActivation $ ServerKeyExtractFile $ ServerCertExtractFile ) X-ORIGIN 'Netscape' )
objectClasses: ( 2.16.840.1.113730.3.2.327 NAME 'rootDNPluginConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( rootdn-open-time $ rootdn-close-time $ rootdn-days-allowed $ rootdn-allow-host $ rootdn-deny-host $ rootdn-allow-ip $ rootdn-deny-ip ) X-ORIGIN 'Netscape' )
objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC 'Netscape defined objectclass' SUP top MAY ( cn $ schemaUpdateObjectclassAccept $ schemaUpdateObjectclassReject $ schemaUpdateAttributeAccept $ schemaUpdateAttributeReject) X-ORIGIN 'Netscape Directory Server' )
@@ -466,7 +466,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
char* rel2abspath( char * );
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
-@@ -2093,6 +2093,8 @@ typedef struct _slapdEntryPoints {
+@@ -2098,6 +2098,8 @@ typedef struct _slapdEntryPoints {
#define CONFIG_MAXSIMPLEPAGED_PER_CONN_ATTRIBUTE "nsslapd-maxsimplepaged-per-conn"
@@ -475,7 +475,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
/* getenv alternative */
#define CONFIG_MALLOC_MXFAST "nsslapd-malloc-mxfast"
#define CONFIG_MALLOC_TRIM_THRESHOLD "nsslapd-malloc-trim-threshold"
-@@ -2362,6 +2364,7 @@ typedef struct _slapdFrontendConfig {
+@@ -2367,6 +2369,7 @@ typedef struct _slapdFrontendConfig {
int malloc_trim_threshold; /* mallopt M_TRIM_THRESHOLD */
int malloc_mmap_threshold; /* mallopt M_MMAP_THRESHOLD */
#endif
@@ -485,7 +485,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
/* possible values for slapdFrontendConfig_t.schemareplace */
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -6151,12 +6151,14 @@ int slapi_rwlock_get_size();
+@@ -6153,12 +6153,14 @@ int slapi_rwlock_get_size();
/*
* thread-safe LDAP connections
*/
@@ -501,7 +501,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
* \param shared \c 0 - single thread access \c 1 - LDAP* will be shared among multiple threads
* \return A pointer to an LDAP* handle
*
-@@ -6175,6 +6177,7 @@ LDAP *slapi_ldap_init( char *ldaphost, i
+@@ -6177,6 +6179,7 @@ LDAP *slapi_ldap_init( char *ldaphost, i
* \see slapi_ldap_init_ext()
*/
void slapi_ldap_unbind( LDAP *ld );
@@ -509,7 +509,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
/**
* Initializes an LDAP connection, and returns a handle to the connection.
*
-@@ -6182,9 +6185,9 @@ void slapi_ldap_unbind( LDAP *ld );
+@@ -6184,9 +6187,9 @@ void slapi_ldap_unbind( LDAP *ld );
* ldapi://path - if \c NULL, #hostname, #port, and #secure must be provided
* \param hostname Hostname or IP address - NOTE: for TLS or GSSAPI, should be the FQDN
* \param port LDAP server port number (default 389)
@@ -521,7 +521,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
* \return A pointer to an LDAP* handle
*
* \note Use #slapi_ldap_unbind() to close and free the handle
-@@ -6200,7 +6203,7 @@ LDAP *slapi_ldap_init_ext(
+@@ -6202,7 +6205,7 @@ LDAP *slapi_ldap_init_ext(
int secure, /* 0 for ldap, 1 for ldaps, 2 for starttls -
override proto in url */
int shared, /* if true, LDAP* will be shared among multiple threads */
@@ -530,7 +530,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
);
/**
* The LDAP bind request - this function handles all of the different types of mechanisms
-@@ -6237,6 +6240,18 @@ int slapi_ldap_bind(
+@@ -6239,6 +6242,18 @@ int slapi_ldap_bind(
);
/**
@@ -551,7 +551,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
* \param ld the LDAP connection handle
--- a/ldap/servers/slapd/slapi-private.h
+++ b/ldap/servers/slapd/slapi-private.h
-@@ -1160,6 +1160,7 @@ char* slapd_get_tmp_dir( void );
+@@ -1161,6 +1161,7 @@ char* slapd_get_tmp_dir( void );
#include <stdio.h> /* GGOODREPL - For BUFSIZ, below, gak */
const char* escape_string (const char* str, char buf[BUFSIZ]);
const char* escape_string_with_punctuation(const char* str, char buf[BUFSIZ]);
@@ -559,7 +559,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
void strcpy_unescape_value( char *d, const char *s );
char *slapi_berval_get_string_copy(const struct berval *bval);
-@@ -1304,6 +1305,8 @@ void add_internal_modifiersname(Slapi_PB
+@@ -1305,6 +1306,8 @@ void add_internal_modifiersname(Slapi_PB
/* ldaputil.c */
char *ldaputil_get_saslpath();
@@ -570,7 +570,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
/*
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
-@@ -231,6 +231,19 @@ PRBool enableSSL3 = PR_FALSE;
+@@ -249,6 +249,19 @@ PRBool enableSSL3 = PR_FALSE;
*/
PRBool enableTLS1 = PR_TRUE;
@@ -590,7 +590,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
static void
slapd_SSL_report(int degree, char *fmt, va_list args)
{
-@@ -277,7 +290,7 @@ getSupportedCiphers()
+@@ -295,7 +308,7 @@ getSupportedCiphers()
SSL_GetCipherSuiteInfo((PRUint16)_conf_ciphers[i].num,&info,sizeof(info));
/* only support FIPS approved ciphers in FIPS mode */
if (!isFIPS || info.isFIPS) {
@@ -599,7 +599,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
_conf_ciphers[i].name,sep,
info.symCipherName,sep,
info.macAlgorithmName,sep,
-@@ -315,7 +328,7 @@ getEnabledCiphers()
+@@ -360,7 +373,7 @@ getEnabledCiphers()
SSL_CipherPrefGetDefault(_conf_ciphers[x].num, &enabled);
if (enabled) {
SSL_GetCipherSuiteInfo((PRUint16)_conf_ciphers[x].num,&info,sizeof(info));
@@ -608,7 +608,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
_conf_ciphers[x].name,sep,
info.symCipherName,sep,
info.macAlgorithmName,sep,
-@@ -496,7 +509,7 @@ charray2str(char **ary, const char *deli
+@@ -541,7 +554,7 @@ charray2str(char **ary, const char *deli
if (str) {
str = PR_sprintf_append(str, "%s%s", delim, *ary++);
} else {
@@ -617,7 +617,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
}
}
-@@ -678,7 +691,7 @@ _conf_setciphers(char *ciphers, int flag
+@@ -723,7 +736,7 @@ _conf_setciphers(char *ciphers, int flag
slapi_ch_free((void **)&unsuplist); /* strings inside are static */
if (!enabledOne) {
@@ -626,7 +626,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
return nocipher;
}
_conf_dumpciphers();
-@@ -777,6 +790,31 @@ freeChildren( char **list ) {
+@@ -822,6 +835,31 @@ freeChildren( char **list ) {
}
}
@@ -658,7 +658,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
/* Logs a warning and returns 1 if cert file doesn't exist. You
* can skip the warning log message by setting no_log to 1.*/
static int
-@@ -784,8 +822,8 @@ warn_if_no_cert_file(const char *dir, in
+@@ -829,8 +867,8 @@ warn_if_no_cert_file(const char *dir, in
{
int ret = 0;
char *filename = slapi_ch_smprintf("%s/cert8.db", dir);
@@ -669,7 +669,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
slapi_ch_free_string(&filename);
filename = slapi_ch_smprintf("%s/cert7.db", dir);
status = PR_Access(filename, PR_ACCESS_READ_OK);
-@@ -1067,7 +1105,7 @@ slapd_nss_init(int init_ssl, int config_
+@@ -1112,7 +1150,7 @@ slapd_nss_init(int init_ssl, int config_
slapd_pk11_configurePKCS11(NULL, NULL, tokPBE, ptokPBE, NULL, NULL, NULL, NULL, 0, 0 );
secStatus = NSS_Initialize(certdir, NULL, NULL, "secmod.db", nssFlags);
@@ -678,7 +678,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
if (secStatus != SECSuccess) {
errorCode = PR_GetError();
-@@ -1190,10 +1228,16 @@ slapd_ssl_init()
+@@ -1249,10 +1287,16 @@ slapd_ssl_init()
freeConfigEntry( &entry );
return -1;
}
@@ -695,7 +695,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
for (family = family_list; *family; family++) {
-@@ -1221,6 +1265,7 @@ slapd_ssl_init()
+@@ -1280,6 +1324,7 @@ slapd_ssl_init()
if (!PL_strcasecmp(token, "internal") ||
!PL_strcasecmp(token, "internal (software)")) {
slot = slapd_pk11_getInternalKeySlot();
@@ -703,7 +703,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
} else {
slot = slapd_pk11_findSlotByName(token);
}
-@@ -1234,8 +1279,6 @@ slapd_ssl_init()
+@@ -1293,8 +1338,6 @@ slapd_ssl_init()
return -1;
}
@@ -712,7 +712,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
if (!slot) {
errorCode = PR_GetError();
slapd_SSL_warn("Security Initialization: Unable to find slot ("
-@@ -1243,18 +1286,26 @@ slapd_ssl_init()
+@@ -1302,18 +1345,26 @@ slapd_ssl_init()
errorCode, slapd_pr_strerror(errorCode));
freeChildren(family_list);
freeConfigEntry( &entry );
@@ -742,7 +742,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
}
freeChildren( family_list );
freeConfigEntry( &entry );
-@@ -1570,9 +1621,9 @@ slapd_ssl_init2(PRFileDesc **fd, int sta
+@@ -1629,9 +1680,9 @@ slapd_ssl_init2(PRFileDesc **fd, int sta
if(slapd_pk11_isFIPS()) {
if(slapd_pk11_authenticate(slot, PR_TRUE, NULL) != SECSuccess) {
errorCode = PR_GetError();
@@ -755,7 +755,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
return -1;
}
fipsMode = PR_TRUE;
-@@ -2004,111 +2055,117 @@ slapd_SSL_client_auth (LDAP* ld)
+@@ -2081,111 +2132,117 @@ slapd_SSL_client_auth (LDAP* ld)
char *token = NULL;
SVRCOREStdPinObj *StdPinObj;
SVRCOREError err = SVRCORE_Success;
@@ -953,7 +953,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
}
/* Free config data */
-@@ -2123,15 +2180,69 @@ slapd_SSL_client_auth (LDAP* ld)
+@@ -2200,15 +2257,69 @@ slapd_SSL_client_auth (LDAP* ld)
errorCode, slapd_pr_strerror(errorCode));
} else {
#if defined(USE_OPENLDAP)
@@ -1032,7 +1032,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
}
/*
* not sure what else needs to be done for client auth - don't
-@@ -2162,6 +2273,7 @@ slapd_SSL_client_auth (LDAP* ld)
+@@ -2239,6 +2350,7 @@ slapd_SSL_client_auth (LDAP* ld)
slapi_ch_free_string(&token);
slapi_ch_free_string(&pw);
@@ -1040,7 +1040,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
LDAPDebug (LDAP_DEBUG_TRACE, "slapd_SSL_client_auth() %i\n", rc, 0, 0);
return rc;
-@@ -2262,9 +2374,10 @@ slapd_get_unlocked_key_for_cert(CERTCert
+@@ -2339,9 +2451,10 @@ slapd_get_unlocked_key_for_cert(CERTCert
slotname, tokenname, certsubject);
break;
} else {
@@ -1054,7 +1054,7 @@ Note: Instead of checking with "OpenSSL" for the openldap client library,
}
}
-@@ -2288,3 +2401,591 @@ slapd_get_unlocked_key_for_cert(CERTCert
+@@ -2365,3 +2478,591 @@ slapd_get_unlocked_key_for_cert(CERTCert
return key;
}
commit 3fc54779d5c43cfa9a4150e7b337c879f4cf05a5
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Aug 19 10:09:20 2016 +0300
update the changelog
diff --git a/debian/changelog b/debian/changelog
index 515d427..e103eb1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+389-ds-base (1.3.4.14-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Fri, 19 Aug 2016 09:58:10 +0300
+
389-ds-base (1.3.4.9-1) unstable; urgency=medium
* New upstream release.
commit 695f0b73e9a4e6ce682526265fb1ec7f18ba7970
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Thu Aug 11 15:11:57 2016 -0700
bump version to 1.3.4.14
diff --git a/VERSION.sh b/VERSION.sh
index 42e3e7e..0309bf5 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=3
-VERSION_MAINT=4.13
+VERSION_MAINT=4.14
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit c5521864b2996db2ae18f24ef34acb6aec92ad78
Author: Ludwig Krispenz <lkrispen at redhat.com>
Date: Thu Aug 4 11:45:49 2016 -0700
Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.
Description: do not overwrite rc used to decide if bind was successful.
When the bind is through ldapi/autobind, an entry does not exist to be
checked with slapi_check_account_lock. In that case, a variable rc is
not supposed to be modified which confuses the following code path.
Reviewed by nhosoi at redhat.com.
(cherry picked from commit caa351ae0cc81cbf2309a43c5f74b359cda152d0)
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index 8f5375a..399eaf7 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -775,10 +775,12 @@ do_bind( Slapi_PBlock *pb )
*/
if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
- rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
- if (1 == rc) { /* account is locked */
+ myrc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
+ if (1 == myrc) { /* account is locked */
+ rc = myrc;
goto account_locked;
}
+ myrc = 0;
}
if (!auto_bind) {
/*
commit e88a1ba32ec1b02f278e7febef6024f4e6bf9f55
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Jul 26 18:08:38 2016 -0700
Bug 1347760 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation, etc.
Description:
1. When an account is inactivated, the error UNWILLING_TO_PERFORM with
the inactivated message should be returned only when the bind is
successful.
2. When SASL bind fails, instead of returning the cause of the failure
directly to the client, but logging it in the access log.
https://bugzilla.redhat.com/show_bug.cgi?id=1347760
Reviewed by wibrown at redhat.com (Thank you, William!)
(cherry picked from commit b8767d510d11c7cbfede24daaae3348b9f028f47)
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index 6763fc3..8f5375a 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -720,25 +720,6 @@ do_bind( Slapi_PBlock *pb )
}
}
}
-
- /*
- * Is this account locked ?
- * could be locked through the account inactivation
- * or by the password policy
- *
- * rc=0: account not locked
- * rc=1: account locked, can not bind, result has been sent
- * rc!=0 and rc!=1: error. Result was not sent, lets be_bind
- * deal with it.
- *
- */
-
- /* get the entry now, so that we can give it to slapi_check_account_lock and reslimit_update_from_dn */
- if (! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
- bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
- rc = slapi_check_account_lock ( pb, bind_target_entry, pw_response_requested, 1, 1);
- }
-
slapi_pblock_set( pb, SLAPI_PLUGIN, be->be_database );
set_db_default_result_handlers(pb);
if ( (rc != 1) &&
@@ -777,6 +758,28 @@ do_bind( Slapi_PBlock *pb )
if ( rc == SLAPI_BIND_SUCCESS ) {
int myrc = 0;
+ /*
+ * The bind is successful.
+ * We can give it to slapi_check_account_lock and reslimit_update_from_dn.
+ */
+ /*
+ * Is this account locked ?
+ * could be locked through the account inactivation
+ * or by the password policy
+ *
+ * rc=0: account not locked
+ * rc=1: account locked, can not bind, result has been sent
+ * rc!=0 and rc!=1: error. Result was not sent, lets be_bind
+ * deal with it.
+ *
+ */
+ if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
+ bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
+ rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
+ if (1 == rc) { /* account is locked */
+ goto account_locked;
+ }
+ }
if (!auto_bind) {
/*
* There could be a race that bind_target_entry was not added
@@ -787,13 +790,7 @@ do_bind( Slapi_PBlock *pb )
if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA) &&
!bind_target_entry) {
bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
- if (bind_target_entry) {
- myrc = slapi_check_account_lock(pb, bind_target_entry,
- pw_response_requested, 1, 1);
- if (1 == myrc) { /* account is locked */
- goto account_locked;
- }
- } else {
+ if (!bind_target_entry) {
slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry");
send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
goto free_and_return;
diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
index 76294ac..d56f0ed 100644
--- a/ldap/servers/slapd/saslbind.c
+++ b/ldap/servers/slapd/saslbind.c
@@ -1049,8 +1049,8 @@ sasl_check_result:
errstr = sasl_errdetail(sasl_conn);
PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
- (char*)errstr, 0, NULL);
+ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, (void *)errstr);
+ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL);
break;
}
commit 5e810f82fd36d606f48d9a1218d2b8937bdf04ef
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Jul 26 15:31:32 2016 -0400
Ticket 48935 - Update dirsrv.systemd file
BUg Description: Two issues here. First the default system startup timeout
is set to 1 minute 30 seconds. But in the start-dirsrv script
it attempts to use a 10 minute timeout.
Second, starting in F23 systemd does not work well with valgrind.
systemd does not accept the notification once the DS starts.
So the start command actually fails after it times out.
Fix Description: For the first issue set the system startup timeout to match the
start-dirsrv script by setting:
TimeoutStartSecs=10min
Second, allow valgrind's startup success message to be
recognized/accepted we set:
NotifyAccess=all
https://fedorahosted.org/389/ticket/48935
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit ce44176803aa52ab8001113136bfbb7ff4a50972)
diff --git a/wrappers/systemd.template.sysconfig b/wrappers/systemd.template.sysconfig
index d88bdcd..e653c86 100644
--- a/wrappers/systemd.template.sysconfig
+++ b/wrappers/systemd.template.sysconfig
@@ -1,3 +1,6 @@
[Service]
+TimeoutStartSec=10m
+NotifyAccess=all
+
# uncomment this line to raise the file descriptor limit
# LimitNOFILE=8192
commit c8e7fc567ca9b00969e3911bf3aa6245ebdffe5b
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Jul 19 18:28:06 2016 -0400
Ticket 48930 - Paged result search can hang the server
Bug Description: If a pages result has sent all its entry it's possible that
the connection lock/monitor is not exited. This can lead
to a deadlock when a new connection comes in.
Fix Description: Move the monitor exit to the proper location, and also set
the result to success if all the entries have been sent.
https://fedorahosted.org/389/ticket/48930
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit bff1dd433f5de807ded1114e5961d66e2c0494e2)
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 84e4c71..93334a1 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -694,11 +694,12 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
/* search result could be reset in the backend/dse */
slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
pagedresults_set_search_result(pb->pb_conn, operation, sr, 1/*locked*/, pr_idx);
- PR_ExitMonitor(pb->pb_conn->c_mutex);
}
} else {
pr_stat = PAGEDRESULTS_SEARCH_END;
+ rc = LDAP_SUCCESS;
}
+ PR_ExitMonitor(pb->pb_conn->c_mutex);
pagedresults_unlock(pb->pb_conn, pr_idx);
if ((PAGEDRESULTS_SEARCH_END == pr_stat) || (0 == pnentries)) {
commit 7738a00e7334c191421be274bae3ada964e4279a
Author: Simon Pichugin <spichugi at redhat.com>
Date: Thu Jul 14 14:14:12 2016 +0200
Ticket 48752 - Add CI test
Description: Test that search with simple paged result control works
properly on two suffixes (one is parent of the other) and the logs
show right pr_cookie values.
https://fedorahosted.org/389/ticket/48752
Reviewed by: mreynolds (Thanks!)
(cherry picked from commit fc97900fc6637d888a103c69adbf303f6e78e233)
diff --git a/dirsrvtests/tests/suites/paged_results/paged_results_test.py b/dirsrvtests/tests/suites/paged_results/paged_results_test.py
index 6fec5c7..2248fd2 100644
--- a/dirsrvtests/tests/suites/paged_results/paged_results_test.py
+++ b/dirsrvtests/tests/suites/paged_results/paged_results_test.py
@@ -12,8 +12,7 @@ import logging
import pytest
from random import sample
from ldap.controls import SimplePagedResultsControl
-from lib389 import DirSrv, Entry, tools, tasks
-from lib389.tools import DirSrvTools
+from lib389 import DirSrv, Entry
from lib389._constants import *
from lib389.properties import *
from lib389.tasks import *
@@ -24,8 +23,14 @@ logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)
TEST_USER_NAME = 'simplepaged_test'
-TEST_USER_DN = 'uid=%s,%s' % (TEST_USER_NAME, DEFAULT_SUFFIX)
+TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, DEFAULT_SUFFIX)
TEST_USER_PWD = 'simplepaged_test'
+NEW_SUFFIX_1_NAME = 'test_parent'
+NEW_SUFFIX_1 = 'o={}'.format(NEW_SUFFIX_1_NAME)
+NEW_SUFFIX_2_NAME = 'child'
+NEW_SUFFIX_2 = 'ou={},{}'.format(NEW_SUFFIX_2_NAME, NEW_SUFFIX_1)
+NEW_BACKEND_1 = 'parent_base'
+NEW_BACKEND_2 = 'child_base'
class TopologyStandalone(object):
@@ -62,9 +67,10 @@ def topology(request):
@pytest.fixture(scope="module")
-def test_user(topology):
+def test_user(topology, request):
"""User for binding operation"""
+ log.info('Adding user {}'.format(TEST_USER_DN))
try:
topology.standalone.add_s(Entry((TEST_USER_DN, {
'objectclass': 'top person'.split(),
@@ -81,8 +87,63 @@ def test_user(topology):
e.message['desc']))
raise e
+ def fin():
+ log.info('Deleting user {}'.format(TEST_USER_DN))
+ topology.standalone.delete_s(TEST_USER_DN)
+ request.addfinalizer(fin)
+
+
+ at pytest.fixture(scope="module")
+def new_suffixes(topology):
+ """Add two suffixes with backends, one is a parent
+ of the another
+ """
+
+ log.info('Adding suffix:{} and backend: {}'.format(NEW_SUFFIX_1, NEW_BACKEND_1))
+ topology.standalone.backend.create(NEW_SUFFIX_1,
+ {BACKEND_NAME: NEW_BACKEND_1})
+ topology.standalone.mappingtree.create(NEW_SUFFIX_1,
+ bename=NEW_BACKEND_1)
+ try:
+ topology.standalone.add_s(Entry((NEW_SUFFIX_1, {
+ 'objectclass': 'top',
+ 'objectclass': 'organization',
+ 'o': NEW_SUFFIX_1_NAME
+ })))
+ except ldap.LDAPError as e:
+ log.error('Failed to add suffix ({}): error ({})'.format(NEW_SUFFIX_1,
+ e.message['desc']))
+ raise
-def add_users(topology, users_num):
+ log.info('Adding suffix:{} and backend: {}'.format(NEW_SUFFIX_2, NEW_BACKEND_2))
+ topology.standalone.backend.create(NEW_SUFFIX_2,
+ {BACKEND_NAME: NEW_BACKEND_2})
+ topology.standalone.mappingtree.create(NEW_SUFFIX_2,
+ bename=NEW_BACKEND_2,
+ parent=NEW_SUFFIX_1)
+
+ try:
+ topology.standalone.add_s(Entry((NEW_SUFFIX_2, {
+ 'objectclass': 'top',
+ 'objectclass': 'organizationalunit',
+ 'ou': NEW_SUFFIX_2_NAME
+ })))
+ except ldap.LDAPError as e:
+ log.error('Failed to add suffix ({}): error ({})'.format(NEW_SUFFIX_2,
+ e.message['desc']))
+ raise
+
+ log.info('Adding ACI to allow our test user to search')
+ ACI_TARGET = '(targetattr != "userPassword || aci")'
+ ACI_ALLOW = '(version 3.0; acl "Enable anonymous access";allow (read, search, compare)'
+ ACI_SUBJECT = '(userdn = "ldap:///anyone");)'
+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
+
+ mod = [(ldap.MOD_ADD, 'aci', ACI_BODY)]
+ topology.standalone.modify_s(NEW_SUFFIX_1, mod)
+
+
+def add_users(topology, users_num, suffix):
"""Add users to the default suffix
Return the list of added user DNs.
@@ -93,7 +154,7 @@ def add_users(topology, users_num):
for num in sample(range(1000), users_num):
num_ran = int(round(num))
USER_NAME = 'test%05d' % num_ran
- USER_DN = 'uid=%s,%s' % (USER_NAME, DEFAULT_SUFFIX)
+ USER_DN = 'uid=%s,%s' % (USER_NAME, suffix)
users_list.append(USER_DN)
try:
topology.standalone.add_s(Entry((USER_DN, {
@@ -154,7 +215,7 @@ def change_conf_attr(topology, suffix, attr_name, attr_value):
return attr_value_bck
-def paged_search(topology, controls, search_flt, searchreq_attrlist):
+def paged_search(topology, suffix, controls, search_flt, searchreq_attrlist):
"""Search at the DEFAULT_SUFFIX with ldap.SCOPE_SUBTREE
using Simple Paged Control(should the first item in the
list controls.
@@ -167,7 +228,7 @@ def paged_search(topology, controls, search_flt, searchreq_attrlist):
pctrls = []
all_results = []
req_ctrl = controls[0]
- msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ msgid = topology.standalone.search_ext(suffix,
ldap.SCOPE_SUBTREE,
search_flt,
searchreq_attrlist,
@@ -187,7 +248,7 @@ def paged_search(topology, controls, search_flt, searchreq_attrlist):
if pctrls[0].cookie:
# Copy cookie from response control to request control
req_ctrl.cookie = pctrls[0].cookie
- msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
+ msgid = topology.standalone.search_ext(suffix,
ldap.SCOPE_SUBTREE,
search_flt,
searchreq_attrlist,
@@ -219,7 +280,7 @@ def test_search_success(topology, test_user, page_size, users_num):
@Assert: All users should be found
"""
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -230,7 +291,7 @@ def test_search_success(topology, test_user, page_size, users_num):
log.info('Create simple paged results control instance')
req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
- all_results = paged_search(topology, [req_ctrl],
+ all_results = paged_search(topology, DEFAULT_SUFFIX, [req_ctrl],
search_flt, searchreq_attrlist)
log.info('%d results' % len(all_results))
@@ -272,7 +333,7 @@ def test_search_limits_fail(topology, test_user, page_size, users_num,
@Assert: Should fail with appropriate exception
"""
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
attr_value_bck = change_conf_attr(topology, suffix, attr_name, attr_value)
conf_param_dict = {attr_name: attr_value}
search_flt = r'(uid=test*)'
@@ -362,7 +423,7 @@ def test_search_sort_success(topology, test_user):
users_num = 50
page_size = 5
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -377,7 +438,7 @@ def test_search_sort_success(topology, test_user):
log.info('Initiate ldapsearch with created control instance')
log.info('Collect data with sorting')
controls = [req_ctrl, sort_ctrl]
- results_sorted = paged_search(topology, controls,
+ results_sorted = paged_search(topology, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
log.info('Substring numbers from user DNs')
@@ -411,7 +472,7 @@ def test_search_abandon(topology, test_user):
users_num = 10
page_size = 2
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -464,7 +525,7 @@ def test_search_with_timelimit(topology, test_user):
users_num = 100
page_size = 50
timelimit = 5
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -547,7 +608,7 @@ def test_search_dns_ip_aci(topology, test_user, aci_subject):
users_num = 100
page_size = 5
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -578,7 +639,7 @@ def test_search_dns_ip_aci(topology, test_user, aci_subject):
log.info('Initiate three searches with a paged results control')
for ii in range(3):
log.info('%d search' % (ii + 1))
- all_results = paged_search(topology, controls,
+ all_results = paged_search(topology, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
log.info('%d results' % len(all_results))
assert len(all_results) == len(users_list)
@@ -618,7 +679,7 @@ def test_search_multiple_paging(topology, test_user):
users_num = 100
page_size = 30
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -679,7 +740,7 @@ def test_search_invalid_cookie(topology, test_user, invalid_cookie):
users_num = 100
page_size = 50
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -732,7 +793,7 @@ def test_search_abandon_with_zero_size(topology, test_user):
users_num = 10
page_size = 0
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -787,7 +848,7 @@ def test_search_pagedsizelimit_success(topology, test_user):
attr_value = '20'
attr_value_bck = change_conf_attr(topology, DN_CONFIG,
attr_name, attr_value)
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
@@ -799,7 +860,7 @@ def test_search_pagedsizelimit_success(topology, test_user):
req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
controls = [req_ctrl]
- all_results = paged_search(topology, controls,
+ all_results = paged_search(topology, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
log.info('%d results' % len(all_results))
@@ -846,7 +907,7 @@ def test_search_nspagedsizelimit(topology, test_user,
users_num = 10
page_size = 10
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
conf_attr_bck = change_conf_attr(topology, DN_CONFIG,
@@ -865,11 +926,11 @@ def test_search_nspagedsizelimit(topology, test_user,
if expected_rs == ldap.SIZELIMIT_EXCEEDED:
log.info('Expect to fail with SIZELIMIT_EXCEEDED')
with pytest.raises(expected_rs):
- all_results = paged_search(topology, controls,
+ all_results = paged_search(topology, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
elif expected_rs == 'PASS':
log.info('Expect to pass')
- all_results = paged_search(topology, controls,
+ all_results = paged_search(topology, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
log.info('%d results' % len(all_results))
assert len(all_results) == len(users_list)
@@ -917,7 +978,7 @@ def test_search_paged_limits(topology, test_user, conf_attr_values, expected_rs)
users_num = 101
page_size = 10
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
size_attr_bck = change_conf_attr(topology, DN_CONFIG,
@@ -940,11 +1001,11 @@ def test_search_paged_limits(topology, test_user, conf_attr_values, expected_rs)
if expected_rs == ldap.ADMINLIMIT_EXCEEDED:
log.info('Expect to fail with ADMINLIMIT_EXCEEDED')
with pytest.raises(expected_rs):
- all_results = paged_search(topology, controls,
+ all_results = paged_search(topology, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
elif expected_rs == 'PASS':
log.info('Expect to pass')
- all_results = paged_search(topology, controls,
+ all_results = paged_search(topology, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
log.info('%d results' % len(all_results))
assert len(all_results) == len(users_list)
@@ -996,7 +1057,7 @@ def test_search_paged_user_limits(topology, test_user, conf_attr_values, expecte
users_num = 101
page_size = 10
- users_list = add_users(topology, users_num)
+ users_list = add_users(topology, users_num, DEFAULT_SUFFIX)
search_flt = r'(uid=test*)'
searchreq_attrlist = ['dn', 'sn']
lookthrough_attr_bck = change_conf_attr(topology, 'cn=config,%s' % DN_LDBM,
@@ -1019,11 +1080,11 @@ def test_search_paged_user_limits(topology, test_user, conf_attr_values, expecte
if expected_rs == ldap.ADMINLIMIT_EXCEEDED:
log.info('Expect to fail with ADMINLIMIT_EXCEEDED')
with pytest.raises(expected_rs):
- all_results = paged_search(topology, controls,
+ all_results = paged_search(topology, DEFAULT_SUFFIX, controls,
search_flt, searchreq_attrlist)
elif expected_rs == 'PASS':
More information about the Pkg-fedora-ds-maintainers
mailing list