[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][master] 33 commits: Ticket 50165 - Fix issues with dscreate
Timo Aaltonen
gitlab at salsa.debian.org
Wed Apr 24 13:53:15 BST 2019
Timo Aaltonen pushed to branch master at FreeIPA packaging / 389-ds-base
Commits:
0036226b by Mark Reynolds at 2019-02-01T15:39:20Z
Ticket 50165 - Fix issues with dscreate
Bug Description: The install would fail under these two conditions:
[1] You do not specfiy a secure port, even if not using TLS
[2] The suffix has a space after a comma.
Fix Description: If the secure port is not specified set it to the default,
and normalize the suffix DN
https://pagure.io/389-ds-base/issue/50165
Reviewed by: ?
- - - - -
98bfccc8 by Thierry Bordaz at 2019-02-01T15:43:50Z
Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status
Bug Description:
scripts that create online import and export tasks do not define a Time To Life of the tasks.
As a consequence the task entry is cleared 2min (default value) after task completion.
This is too rapid and some admin scripts may miss the final task status.
Fix Description:
The fix is to keep the entry of completed online import and export tasks for 1 day.
It also allows defines a default TTL to 1h (instead of 2min)
https://pagure.io/389-ds-base/issue/50177
Reviewed by: Mark Reynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
70cac1b1 by Thierry Bordaz at 2019-02-05T15:01:52Z
Ticket 49658 - In replicated topology a single-valued attribute can diverge
Bug Description:
When deleting a specific value of a single valued attribute,
the deleted value can be erronously resurrected.
Fix Description:
This second fix is a rewrite of entry state resolution.
The original function (resolve_attribute_state_single_valued) implemented
a main algorythm but it was heavily merged with resolution of specific cases.
It was too difficult to make the function understandable and preserving
the handling of the specific cases.
The risk of that rewrite fix is that I can not guarantee it fully covers
the set of specific cases
https://pagure.io/389-ds-base/issue/49658
Reviewed by: William Brown (Thanks !!)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
6f87fab4 by Thierry Bordaz at 2019-02-06T12:54:53Z
Ticket 49873 - Contention on virtual attribute lookup
Bug Description:
During lookup of the virtual attribute table (filter evaluation and returned attribute)
the lock is acquired many times in read. For example it is acquired for each targetfilter aci and for
each evaluated entry.
Unfortunately RW lock is expensive and appears frequently on pstacks.
The lock exists because the table can be updated but update is very rare (addition of a new service provider).
So it slows down general proceeding for exceptional events.
Fix Description:
The fix is to acquire/release the read lock at the operation level and set a per-cpu flag, so that later lookup
would just check the flag.
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Ludwig Krispenz, William Brown (thanks !!)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
ba02f5a6 by Mark Reynolds at 2019-02-07T17:10:33Z
Ticket 50155 - password history check has no way to just check the current password
Description: Currently if you set passwordinhistory 1, it checks the last
recorded password and the current password. To get it to just
check the current password we need to allow "0" in passwordinhistory.
Then only check the current password, and not the entry's
passwordHistory attributes (if any).
Also added new "rebind" function to Accounts class to "rebind"
on the current connection.
https://pagure.io/389-ds-base/issue/50155
Reviewed by: firstyear & spichugi (Thanks!!)
- - - - -
f19f2793 by William Brown at 2019-02-08T00:56:44Z
Ticket 50151 - lib389 support cli add/replace/delete on objects
Bug Description: We need a generic way to add/replace/delete on
objects, that is not ldif. Ldif is wildly inaccessible and hard
to use.
Fix Description: Add a "modify" generic to cli_base, that is
used by user. It supports a syntax of:
modify <selector> <add|replace|delete>:<attr>:<value>
An example is:
... user modify demo_user add:objectclass:nsMemberOf
These can have many modifications in a single transaction:
user modify demo_user add:objectclass:nsMemberOf add:description:test
https://pagure.io/389-ds-base/issue/50151
Author: William Brown <william at blackhats.net.au>
Review by: spichugi, mreynolds, lkrispen (Thanks!)
- - - - -
ea24c43a by Mark Reynolds at 2019-02-26T14:23:33Z
Ticket 50236 - memberOf should be more robust
Bug Description: When doing a modrdn, or any memberOf update, if the entry
already has the memberOf attribute with the same value
the operation is incorrectly rejected.
Fix Description: If we get an error 20 (type or value exists) return success.
Also fixed a coding mistake that causes the wrong error
code to be returned. This also required fixing the CI
test to check for the new correct errro code.
https://pagure.io/389-ds-base/issue/50236
Reviewed by: firstyear, spichugi, and tbordaz (Thanks!!!)
- - - - -
a0639843 by Mark Reynolds at 2019-02-26T14:31:57Z
Ticket 50238 - Failed modrdn can corrupt entry cache
Bug Description: Under certain conditions (found under IPA) when a backend
transaction plugin fails and causes a modrdn operation to
fail the entry cache no longer contains the original/pre
entry, but instead it has the post modrdn'ed entry with
the original entry's ID
Fix Description: Upon failure, if the post entry is in the cache, then swap
it out with the original entry.
https://pagure.io/389-ds-base/issue/50238
Reviewed by: firstyear, spichugi, & tboardaz (Thanks!!!)
- - - - -
6e95c659 by Mark Reynolds at 2019-02-27T21:32:50Z
Ticket 50215 - UI - implement Database Tab in reachJS
Description: Implement database tab in ReactJS.
https://pagure.io/389-ds-base/issue/50215
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
0f785304 by Ludwig Krispenz at 2019-03-06T11:40:58Z
Ticket 50232 - export creates not importable ldif file
Bug: If the RUV entry hasa smaller entryid than the suffix entry it will be
exported before the suffix. If that ldif is used for import the RUV entry
is skipped and a new one generated with a different database generation
Fix: Before exporting the RUV check that the suffix is alread exported, if not
make the RUV entry pending and write it after all othere entries
Reviewed by: tbordaz, wbrown. Thanks
- - - - -
0654777e by Ludwig Krispenz at 2019-03-06T11:41:40Z
Ticket 50234 - one level search returns not matching entry
Bug: if in a onelevel search the IDList for the parentid is smaller than the filter
threshold and smaller than the list generated by the search filter
then the intersection is aborted and all children are returned.
Fix: In the above case we need to set the flag that the filter evaluation
cannot be bypassed
Reviewed by: William, Thierry. Thanks
- - - - -
951c499d by Mark Reynolds at 2019-03-11T16:28:40Z
Ticket 50273 - reduce default replicaton agmt timeout
Description: The default timeout of 10 minutes is just too long.
Change default to 2 minutes.
https://pagure.io/389-ds-base/issue/50273
Reviewed by: tbordaz(Thanks!)
(cherry picked from commit a703d1017716159f9c84b2c8f6fb0246f9a6a8a8)
- - - - -
1f15e966 by Simon Pichugin at 2019-03-13T13:25:31Z
Issue 50041 - Add CLI functionality for special plugins
Description: Add the functionality for
account-policy, attr-uniq, automember, dna, linked-attr,
managed-entries, memberof, pass-through-auth, refer-init,
retro-changelog, root-dn, usn commands.
Make DSLdapObject create an entry with only DN and attributes
(cases when RDN is not specified).
Fix two small typos in pwpolicy CLI's arguments.
Port test for DNA plugin.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: wibrown, mreynolds, mhonek (Thanks!)
(cherry picked from commit 46e28cb4229f590c225f2a52bc8169e6fcc2d65b)
- - - - -
09b5a2c3 by Mark Reynolds at 2019-03-14T04:50:18Z
Ticket 50260 - backend txn plugins can corrupt entry cache
Bug Description: If a nested backend txn plugin fails, any updates
it made that went into the entry cache still persist
after the database transaction is aborted.
Fix Description: In order to be sure the entry cache is not corrupted
after a backend txn plugin failure we need to flush
all the cache entries that were added to the cache
after the parent operation was started.
To do this we record the start time the original operation,
(or parent operation), and we record the time any entry
is added to the cache. Then on failure we do a comparision
and remove the entry from the cache if it's not in use.
If it is in use we add a "invalid" flag which triggers
the entry to be removed when the cache entry is returned
by the owner.
https://pagure.io/389-ds-base/issue/50260
CI tested and ASAN approved.
Reviewed by: firstyear, tbordaz, and lkrispen (Thanks!!!)
(cherry picked from commit 7ba8a80cfbaed9f6d727f98ed8c284943b3295e1)
- - - - -
b998fed9 by Thierry Bordaz at 2019-03-14T10:58:16Z
Ticket 49873: (cont) Contention on virtual attribute lookup
Bug Description:
The previous fix was incomplete.
It created the thread private counter before the fork.
The deamon process was not inheriting it.
There is a possiblity that an callback of an internal search
tries to update the map. (cos thread monitoring cos definition)
In such case the RW lock was first acquired in read at the top level
of the internal search, then later the callback try to acquire it in write.
this created a deadlock
It stored in in private counter a value (int) rather than the address of
of the value (int*).
Fix Description:
The fix consists to create the thread private counter after the deamon creation.
In adding, when acquiring the lock in write, if the lock was already acquired
at the top level (in read), it release the lock and reset the counter. Then acquires
the lock in write.
In the opposite when releasing the lock in read, if the lock was not already acquired
it assumes it was acquired in write and do nothing
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Mark Reynolds, William Brown (thanks !!)
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
ada0f84b by Thierry Bordaz at 2019-03-15T10:38:24Z
Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members
Bug Description:
When automember and memberof are enabled, if a user is member of a group
because of an automember rule. Then when the group is deleted,
memberof updates the member (to update 'memberof' attribute) that
trigger automember to reevaluate the automember rule and add the member
to the group. But at this time the group is already deleted.
Chaining back the failure up to the top level operation the deletion
of the group fails
Fix Description:
The fix consists to check that if a automember rule tries to add a user
in a group, then to check that the group exists before updating it.
https://pagure.io/389-ds-base/issue/50282
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
4ab9bd59 by Mark Reynolds at 2019-03-15T14:12:44Z
Ticket 50077 - Do not automatically turn automember postop modifies on
Description: Although we have set the new postop processing on by
default in the template-dse.ldif, we do not want to
enable it by default for upgrades (only new installs).
So if the attribute is not set, it is assumed "off".
https://pagure.io/389-ds-base/issue/50077
Reviewed by: firstyear(Thanks!)
(cherry picked from commit d318d060f49b67ed1b10f22b52f98e038afa356a)
- - - - -
906e093f by Thierry Bordaz at 2019-03-18T13:50:31Z
Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry
Bug Description:
When a failure occurs during betxn_post plugin callback, the betxn_post plugins are called again.
This is to process some kind of undo action (for example usn or dna that manage counters).
If MEP plugin is called for a managing entry, it deletes the managed entry (that become a tombstone).
If later an other betxn_postop fails, then MEP is called again.
But as it does not detect the operation failure (for DEL and ADD), then it tries again
to delete the managed entry that is already a tombstone.
Fix Description:
The MEP betxn_post plugin callbacks (ADD and DEL) should catch the operation failure
and return.
It is already in place for MODRDN and MOD.
https://pagure.io/389-ds-base/issue/49561
Reviewed by: Mark Reynold, thanks !!
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
67aaee47 by Mark Reynolds at 2019-03-18T16:45:39Z
Ticket 50260 - Invalid cache flushing improvements
Description: The original version of the fix only checked if backend
transaction "post" operation plugins failed, but it did
not check for errors from the backend transaction "pre"
operation plugin. To address this we flush invalid
entries whenever any error occurs.
We were also not flushing invalid cache entries when
modrdn errors occurred. Modrdns only make changes to
the DN hashtable inside the entry cache, but we were only
checking the ID hashtable. So we also need to check the
DN hashtable in the entry cache for invalid entries.
https://pagure.io/389-ds-base/issue/50260
Reviewed by: firstyear & tbordaz(Thanks!!)
(cherry picked from commit 33fbced25277b88695bfba7262e606380e9d891f)
- - - - -
c01d34cf by Ludwig Krispenz at 2019-03-21T08:29:16Z
Ticket 50265: the warning about skew time could last forever
Bug: if the local system time is set back more than 300 seconds
a worning about too much time skew is logged and the sampled
time is updated. This adjustment is done at every write operation
and can increase the time skew and be logged infinitely
Fix: the intention of the adjustment was to avoid a roll over of seq_num
if the sampled time is not increased for more than 65k oberations.
But this is already handled with an explicite check for seq_num
rollover. The extra adjustment for negative time skew can be removed.
Reviewed by: Thierry, William. Thanks.
- - - - -
f3aa0a60 by Timo Aaltonen at 2019-03-21T14:53:48Z
control: Drop 389-ds-base from -legacy-tools Depends. (Closes: #924265)
- - - - -
f57f72c2 by Timo Aaltonen at 2019-03-21T15:02:05Z
fix-dsctl-remove.diff: Don't hardcode sysconfig. (Closes: #925221)
- - - - -
d55de4d5 by Mark Reynolds at 2019-03-22T20:38:57Z
Ticket 50300 - Fix memory leak in automember plugin
Description: We were allocating a pblock long before it was used, and
we were returning from the function on an error before we
freed it. The fix just allocates the pblock right before
it's used, and then it is properly freed.
https://pagure.io/389-ds-base/issue/50300
Reviewed by: mreynolds (one line commit rule)
(cherry picked from commit 37f919a79a719c485742bb0bc2e09d8b2018a2b6)
- - - - -
e568d474 by Mark Reynolds at 2019-03-25T15:34:21Z
Ticket 50289 - Fix various database UI issues
Description:
Fixed these issues:
- https://bugzilla.redhat.com/show_bug.cgi?id=1664621 - backup freezes when no suffix present
- https://bugzilla.redhat.com/show_bug.cgi?id=1685395 - Perform Backup fails when Backend Name is not configured
- https://bugzilla.redhat.com/show_bug.cgi?id=1688587 - typo when restarting instance
- https://bugzilla.redhat.com/show_bug.cgi?id=1688775 - db tree breaks when suffix contains spaces.
- https://bugzilla.redhat.com/show_bug.cgi?id=1688919 - backups fail with empty name
Also fixed issue where if you start an instance in UI the configuration is correctly loaded.
https://pagure.io/389-ds-base/issue/50289
Reviewed by: spichugi(Thanks!)
- - - - -
2b689f8b by Simon Pichugin at 2019-03-26T22:19:55Z
Issue 50292 - Fix Plugin CLI and UI issues
Description: Fix 'All plugins' tab rendering issue.
Fix nsds5replicalastinitstatus typo.
Fix generic_object_add logic for cases when RDN is in props and BaseDN is supplied.
Add Posix Winsync API plugin
Add PAM PTA plugin
Fix underscore issues in plugin arguments.
Fix Linked Attribute plugin Fixup task arguments and name.
Change a 'print()' function to a 'log.info()' function.
https://pagure.io/389-ds-base/issue/50292
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
74490fb2 by Thierry Bordaz at 2019-03-27T09:35:35Z
Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup
Bug Description:
SSL initialization does internal searches that access the vattr_global_lock
Thread private counter needs to be initialized by that time.
Currently it is initialized after SSL init.
Second problem was a leak of one 'int' per worker. It was used to keep the private counter.
Fix Description:
Call of vattr_global_lock_create needs to be called before slapd_do_all_nss_ssl_init.
Also, 'main' may or may not fork, the initialization fo the thread private variable
is done either on the child or parent depending if main forks or not.
The leak is fixed using a destructor callback of the private variable and so
call PR_SetThreadPrivate only if there is no private variable.
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Mark Reynolds, Simon Pichugi (thanks)
Platforms tested: F28
Flag Day: no
Doc impact: no
Ticket foo
- - - - -
f7d71790 by Thierry Bordaz at 2019-03-28T17:15:01Z
Ticket 49873 - (cont 3rd) cleanup debug log
- - - - -
85c3c304 by Mark Reynolds at 2019-03-29T13:20:58Z
Ticket 50308 - Fix memory leaks for repeat binds and replication
Description: Fixed two memory leaks:
- If a worker thread had multiple binds the "bind dn"
thread data was leaked.
- Memory leak when processing changes in the changelog
https://pagure.io/389-ds-base/issue/50308
Reviewed by: firstyear(Thanks!)
(cherry picked from commit 6c2bb66f15d7ab8ab079effc66e0705c2513b1fd)
- - - - -
11430afd by Mark Reynolds at 2019-03-29T19:01:57Z
Ticket 50308 - Revise memory leak fix
Description; Turns out the previous commit did not address
the changelog leak, and it introduced a compiler
warning. This part of the fix is being reverted.
https://pagure.io/389-ds-base/issue/50308
(cherry picked from commit 1808f317d5ef240fd0ac3947fcb90a895e46b436)
- - - - -
9d84a40d by Mark Reynolds at 2019-03-29T19:40:43Z
Bump version to 1.4.0.22
- - - - -
b471f966 by Timo Aaltonen at 2019-04-03T06:44:07Z
Merge branch 'upstream'
- - - - -
9e4432a2 by Timo Aaltonen at 2019-04-03T06:44:52Z
bump changelog
- - - - -
bc662300 by Timo Aaltonen at 2019-04-24T09:04:15Z
releasing package 389-ds-base version 1.4.0.22-1
- - - - -
30 changed files:
- VERSION.sh
- debian/changelog
- debian/control
- + debian/patches/fix-dsctl-remove.diff
- debian/patches/series
- dirsrvtests/tests/suites/automember_plugin/automember_test.py
- dirsrvtests/tests/suites/betxns/betxn_test.py
- dirsrvtests/tests/suites/memberof_plugin/regression_test.py
- dirsrvtests/tests/suites/password/pwp_history_test.py
- dirsrvtests/tests/suites/plugins/acceptance_test.py
- + dirsrvtests/tests/suites/plugins/dna_test.py
- − dirsrvtests/tests/tickets/ticket47937_test.py
- + dirsrvtests/tests/tickets/ticket49658_test.py
- + dirsrvtests/tests/tickets/ticket50232_test.py
- + dirsrvtests/tests/tickets/ticket50234_test.py
- ldap/admin/src/scripts/db2ldif.pl.in
- ldap/admin/src/scripts/ldif2db.pl.in
- ldap/servers/plugins/automember/automember.c
- ldap/servers/plugins/memberof/memberof.c
- ldap/servers/plugins/mep/mep.c
- ldap/servers/plugins/replication/cl5_clcache.c
- ldap/servers/plugins/replication/repl5_agmt.c
- ldap/servers/slapd/back-ldbm/back-ldbm.h
- ldap/servers/slapd/back-ldbm/backentry.c
- ldap/servers/slapd/back-ldbm/cache.c
- ldap/servers/slapd/back-ldbm/idl_set.c
- ldap/servers/slapd/back-ldbm/ldbm_add.c
- ldap/servers/slapd/back-ldbm/ldbm_delete.c
- ldap/servers/slapd/back-ldbm/ldbm_modify.c
- ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/a80a850dbf8483a40a6f1638de0c2f625908beb5...bc66230085f8d982375a7919b9e729e93d5cd35f
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/a80a850dbf8483a40a6f1638de0c2f625908beb5...bc66230085f8d982375a7919b9e729e93d5cd35f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190424/3b6ff5d0/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list