[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][master] 34 commits: Issue 48081 - Add new CI tests for password

Timo Aaltonen gitlab at salsa.debian.org
Sun Jan 13 19:21:20 GMT 2019

Timo Aaltonen pushed to branch master at FreeIPA packaging / 389-ds-base

9d736d68 by Akshay Adhikari at 2018-11-20T08:54:05Z
Issue 48081 - Add new CI tests for password

Description: Added new tests in the password suite,
performing extended password modify operations.


Reviewed by: spichugi(Thanks!)

- - - - -
89886ba4 by Mark Reynolds at 2018-11-23T14:39:41Z
Ticket 49994 - Add backend features to CLI

Description:  Added backend features (chaining, db, indexes, vlv,
              attr encryption, and monitor to the CLI.

              Addressed https://pagure.io/389-ds-base/issue/48881
              that prevented VLV search/index entries from being updated.

              Also updated jstree js file.


Reviewed by: spichugi & firstyear(Thanks!)

- - - - -
683bc575 by Mark Reynolds at 2018-11-23T16:08:12Z
Ticket 49994 - comment out dev paths

Description:  Accidentally left dev paths for CLI tools in UI uncommented


- - - - -
70bdd335 by Fraser Tweedale at 2018-11-26T02:38:08Z
Ticket 49543 - fix certmap dn comparison

Bug Description: Differences in DN string representations between
the value included in certmap.conf, and the stringified value of the
Issuer DN produced by NSS, as well as buggy DN normalisation code in
389 itself, cause 389 to wrongly reject the correct certmap
configuration to use.  Authentication fails.  This behaviour was
observed when there is an escaped comma in an attribute value.

Fix Description: Instead of comparing stringified DNs, parse the DN
represented in certmap.conf into an NSS CertNAME.  Use the NSS DN
comparison routine when comparing certificate Issuer DNs against the
certmap configurations.  Remove the buggy DN normalisation routine.


Author: Fraser Tweedale <ftweedal at redhat.com>

Review by: ???

- - - - -
5d611f1c by Mark Reynolds at 2018-11-26T17:28:25Z
Ticket 49814 - dscreate should handle selinux ports that are in a range

Description:  If the server port is within a selinux policy range do not
              try to add or remove the port as it will cause a failure
              during removal (even though the removal actually worked)


Reviewed by: spichugi(Thanks!)

- - - - -
6fe61010 by Mark Reynolds at 2018-11-26T17:36:50Z
Ticket 49927 - dsctl db2index does not work

Description:  When you don't specify any attributes to index, then all attributes
              should be reindexed.  This is accomplished by using "ns-slapd upgradedb"
              but we were not using the correct command line options for this to work.


Reviewed by: spichugi(Thanks!)

- - - - -
4fd73c5d by Mark Reynolds at 2018-11-26T17:46:17Z
Ticket 50022, 50012, 49956, and 49800: Various dsctl/dscreate fixes


Fix 50022 - Confusing command line switches for dscreate and dsctl
Fix 50012 - Add option to dsctl to remove all instances
Fix 49956 - dsctl: add an option to list all available instances
Fix 49800 - Debug messages "OK user/group dirsrv exists" are emitted when lib389 cli tools are used


Reviewed by: spichugi(Thanks!)

- - - - -
a8f62ee1 by Mark Reynolds at 2018-11-27T14:41:25Z
Ticket 50046 - Remove irrelevant debug-log messages from CLI tools

Description:  Remove the "brought to you by the letter..." messages from the CLI
              debug logging.


Reviewed by: spichugi(Thanks!)

- - - - -
d9437be2 by Mark Reynolds at 2018-11-27T14:45:27Z
Ticket 49950 -  PassSync not setting pwdLastSet attribute in Active Directory after Pw update from LDAP sync for normal user

Bug Description:

If a user's password was reset by an "Admin" or directory manager, the
password policy requires a user must change their password after it's
been "reset", and the user then resets their password in DS, this
information was not sent to AD.  Then if the user logged in AD after
resetting their password in DS they still get forced to change their
password again in AD.

Fix Description:

When sending a password update to AD, and AD is enforcing password must
be reset, check if the user's did reset thier password.  If so, set the
correct "pwdLastSet" value to prevent AD from forcing that user to
change their password again.

But this only works going from DS to AD.  The information needed to make
it work from AD -> DS is not available to passSync, and if it was available
it could not be correctly sent to DS anyway (not without a major redesign).

Side Note:

Also moved iand consolidated the function "fetch_attr" to util.c.  It
was reused and redefined in many plugins.  So I added the definition
to slapi-plugin.h and removed the duplicate definitions.


Reviewed by: tbordaz(Thanks!)

- - - - -
5acc4e48 by Simon Pichugin at 2018-11-27T20:16:11Z
Issue 49984 - Add an empty domain creation to the dscreate

Description: Create an empty domain with basic ACIs
while creating an instance without sample_entries but with a backend.


Reviewed by: mreynolds, vashirov (Thanks!)

- - - - -
a990d044 by Simon Pichugin at 2018-11-27T20:18:14Z
Issue 49974 - lib389 - List instances with initconfig_dir instead of sysconf_dir

Description: In lib389/instances/setup.py the _install_ds method of class SetupDs
uses sysconf_dir with hardcoded path sysconfig instead of initconfig_dir.
This breaks the script if initconfig_dir is not equal to /etc/sysconfig,
e.g. /etc/default.


Author: Jan N (janluca)

Reviewed by: vashirov (Thanks!)

- - - - -
5d7b95cc by Thierry Bordaz at 2018-11-28T09:34:14Z
Ticket 50053 - Subtree password policy overrides a user-defined password policy

Bug Description:
	When an entry contains an attribute that is also defined by a cos definition
	a specifier defines which values win: the real values that are in the entry or the
	virtual values that are cos defined.
	The specifier 'default' means that the real values are the winners (returned).
	'operational-default' has the same behavior but just specify that the attribute
	is operational.
	The bug is that when real values exists, the 'operational-default' specifier
	drops the real values in favor of the virtual ones.

Fix Description:
	Change the test, so that real values are not kept for 'operation-default'
	Note: the full routine cos_cache_query_attr looks quite messy and error prone
	It would be nice to rewrite it when we have time


Reviewed by: Mark Reynolds

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
f2ff28e0 by Thierry Bordaz at 2018-11-28T16:50:50Z
Ticket 50053 - improve testcase

- - - - -
b646e4da by Stanislav Levin at 2018-11-28T19:21:44Z
Pass argument into hashtable_new

@8915d8d87 and @4471b7350 modified "usetxn" parameter in
"hashtable_new" scope (was a global variable before).
But the callers of this function don't pass argument into.
Thus, "usetxn" acts as an uninitialized auto variable.

Fixes: https://pagure.io/389-ds-base/issue/50057

- - - - -
3fe4b5b0 by Mark Reynolds at 2018-11-29T21:16:15Z
Ticket 50028 - Revise ds-replcheck usage

Description:  Revised the tools usage to be cleaner and more intuitive.
              Added a "-y" option to use a password file.
              Added a "state" function to just return an RUV comparison
              Moved all the process status messages to only be displayed in verbose mode.


Reviewed by: spichugi(Thanks!)

- - - - -
b844aab6 by Simon Pichugin at 2018-11-30T10:02:04Z
Issue 50041 - Set the React dataflow foundation and add basic plugin UI

Description: Add basic plugin functionality - Table and Modal.
Add Notificationcontroller component which can be used by other
components in the future.
Add cockpit component for onoff switch.
Add custoTableToolbar component with search field and loading spinner.
Add edit option to Plugin CLI.
Fix ds.css according to eslint.
Remove custom OnOffSwitch component because Patternfly seems to work okay.
Move the start/stop/restart and change server-select event listners
to the "document is ready" part. React requires the change.


Reviewed by: mreynolds, mhonek (Thanks!)

- - - - -
bae33f97 by Mark Reynolds at 2018-11-30T15:52:56Z
Ticket 50062 - Replace error by warning in the state machine defined in repl5_inc_run

Description:  Replace error log severity message from ERR to WARNING


Reviewed by: mreynolds(one line commit rule)

- - - - -
d36f796a by Mark Reynolds at 2018-12-03T15:47:23Z
Ticket 50063 - Crash after attempting to restore a single backend

Description:  While we do not support backup/restore of individual backends,
              it should not crash the server either.  PR_OpenDir will crash
              if the file name is NULL, so this fix just prevents the crash
              by returning an error if the filename is NULL.


Reviewed by: firstyear & tbordaz(Thanks!!)

- - - - -
55ec4ef3 by Simon Pichugin at 2018-12-03T16:49:35Z
Issue 50061 - Improve schema loading in UI

Description: Get all the schema in one search, then the UI loads it
once, and parse out attrs, oc's, and mr's.
Add 'dsconf schema list' command for that.
Reset x-origin field in 'clear_form()' funcitons.
Set 'View' header for the view modal form.


Reviewed by: mreynolds (Thanks!)

- - - - -
5eab3b57 by Mark Reynolds at 2018-12-04T00:49:39Z
Ticket 50065 - lib389 aci parsing is too strict

Bug Description:  ACI parsing is very strict around parsing "version 3.0;".
                  If there are any spaces around the semicolon parsing fails.

Fix Description:  Add a normalization function that removes duplicate
                  consecutive spaces, and handles spaces around the version


Reviewed by: spichugi(Thanks!)

- - - - -
1698dd8e by Simon Pichugin at 2018-12-05T15:39:58Z
Issue 50071 - Set ports in local_simple_allocate function

Description: remove_ds_instance function require DirSrv
object having port and sslport defined for semanage remove
label operation. We should set it in local_simple_allocate too.
Fix DSEldif.get function so it returns a list instead of a view
(Python 3 change).


Reviewed by: mhonek, tbordaz, cheimes (Thanks!)

- - - - -
bb335e01 by Mark Reynolds at 2018-12-05T17:42:38Z
Ticket 49864 - Revised replication status messages for transient errors

Description:  Transient errors are temporary conditions that usually resolve
              themselves.  But the message are vague and alarming.  This
              patch changes it to a "warning" message.


Reviewed by: spichugi & firstyear(Thanks!)

- - - - -
5ed5f873 by Mark Reynolds at 2018-12-10T17:26:25Z
Ticket 50056 - Fix CLI/UI bugs

Description:  Fix several issues discovered during QE testing

https://bugzilla.redhat.com/show_bug.cgi?id=1654101 - dscreate issues
https://bugzilla.redhat.com/show_bug.cgi?id=1654585 - dsidm sys ext error
https://bugzilla.redhat.com/show_bug.cgi?id=1654105 - dsconf related issues
https://bugzilla.redhat.com/show_bug.cgi?id=1654116 - dsctl remove "confirm with "Yes"
https://bugzilla.redhat.com/show_bug.cgi?id=1654134 - backups fixed
https://bugzilla.redhat.com/show_bug.cgi?id=1654451 - dscreate permissions and selinux issues
https://bugzilla.redhat.com/show_bug.cgi?id=1654566 - dbtasks no attr _instance
https://bugzilla.redhat.com/show_bug.cgi?id=1631461 - selinux reserved ports
https://bugzilla.redhat.com/show_bug.cgi?id=1654518 - issues with selinux ports
https://bugzilla.redhat.com/show_bug.cgi?id=1654581 - dsidm sys ext error
https://bugzilla.redhat.com/show_bug.cgi?id=1654577 - check if backup already exists
https://bugzilla.redhat.com/show_bug.cgi?id=1654693 - add password option for dsconf tools
https://pagure.io/389-ds-base/issue/50056 - dscreate defaults for instance name


Reviewed by: spichugi(Thanks!)

- - - - -
967d0aa2 by Thierry Bordaz at 2018-12-14T16:54:10Z
Ticket 50091 - shadowWarning is not generated if passwordWarning is lower than 86400 seconds (1 day)

Bug Description:
	For a shadowAccount, if a password policy defines passwordWarning below 1 days (86400 seconds)
	then the shadowWarning (in day) is not returned from the entry. In such case its value is '0'.

Fix Description:
	The fix is to accept shadowWarning = 0 as valid value and return it


Reviewed by: Mark Reynolds

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
91307878 by Mark Reynolds at 2018-12-14T18:14:05Z
Ticket 50090 - refactor fetch_attr() to slapi_fetch_attr()

Description:  fetch_attr was recetnly moved toeh public api.  This
              naming context is conflicting with other applications.
              Appropriately changing the name to start with "slapi_"


Reviewed by: mreynolds(one line commit rule)

- - - - -
8a08fb65 by Mark Reynolds at 2018-12-14T18:27:42Z
Ticket 49994 - Add test for backend/suffix CLI functions

Description:  Add tests for the backend CLI functions.

              Also fixed a few minor bugs found from this testing in lib389
              and in core DS(chaining).


Reviewed by: spichugi(Thanks!)

- - - - -
b43380f7 by Mark Reynolds at 2018-12-14T18:33:58Z
Bump version to

- - - - -
3a6d0b8f by Timo Aaltonen at 2019-01-12T18:21:15Z
Merge branch 'upstream'

- - - - -
879ddf8c by Timo Aaltonen at 2019-01-12T18:24:09Z
bump the version

- - - - -
1652c623 by Timo Aaltonen at 2019-01-12T18:29:43Z
close a bug

- - - - -
95a239da by Timo Aaltonen at 2019-01-12T21:50:47Z
fix-nss-path.diff: Fix includes.

- - - - -
e6dc2bbb by Timo Aaltonen at 2019-01-12T22:04:58Z
Build ds* manpages, add missing build-depends.

- - - - -
3ab52f57 by Timo Aaltonen at 2019-01-13T19:12:40Z
Move deprecated tools in a new subpackage.

- - - - -
24b832e8 by Timo Aaltonen at 2019-01-13T19:13:38Z
releasing package 389-ds-base version

- - - - -

30 changed files:

- + debian/389-ds-base-legacy-tools.install
- debian/389-ds-base.install
- debian/changelog
- debian/control
- − debian/patches/dont-build-new-manpages.diff
- + debian/patches/fix-nss-path.diff
- debian/patches/series
- debian/python3-lib389.install
- debian/rules
- dirsrvtests/tests/suites/ds_tools/replcheck_test.py
- + dirsrvtests/tests/suites/password/pwdModify_test.py
- + dirsrvtests/tests/suites/plugins/cos_test.py
- docker/389ds_poc/Dockerfile
- include/ldaputil/certmap.h
- include/ldaputil/ldaputil.h
- ldap/admin/src/scripts/ds-replcheck
- ldap/servers/plugins/automember/automember.c
- ldap/servers/plugins/chainingdb/cb_instance.c
- ldap/servers/plugins/cos/cos_cache.c
- ldap/servers/plugins/linkedattrs/fixup_task.c
- ldap/servers/plugins/memberof/memberof.c
- ldap/servers/plugins/memberof/memberof.h
- ldap/servers/plugins/memberof/memberof_config.c
- ldap/servers/plugins/posix-winsync/posix-group-task.c
- ldap/servers/plugins/replication/repl5_inc_protocol.c
- ldap/servers/plugins/replication/repl5_protocol_util.c
- ldap/servers/plugins/replication/repl5_replica_config.c
- ldap/servers/plugins/replication/windows_inc_protocol.c
- ldap/servers/plugins/replication/windows_protocol_util.c

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/060487c362b6438afd420682bd12ca4b9a46bcc4...24b832e87ffc3b9d3d5d892329d841aa1170bf4f

View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/060487c362b6438afd420682bd12ca4b9a46bcc4...24b832e87ffc3b9d3d5d892329d841aa1170bf4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190113/3d48cd35/attachment-0001.html>

More information about the Pkg-freeipa-devel mailing list