[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 23 commits: Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422)
Timo Aaltonen
gitlab at salsa.debian.org
Fri Dec 18 13:30:33 GMT 2020
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base
Commits:
6e1b7b9d by Simon Pichugin at 2020-11-09T11:46:55+01:00
Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422)
Description: In dsconf CLI, make it possible to create SSLCLIENTAUTH
bind method agreement without specifying bind dn (--bind-dn) and
the password (--bind-passwd).
Fixes: #4412
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
f1285d78 by tbordaz at 2020-11-10T19:36:50+01:00
Issue 4391 - DSE config modify does not call be_postop (#4394)
Bug description:
During a DSE modify, be_preop callback are called. But be_postop callback are called at the condition
dse_call_callback is different that SLAPI_DSE_CALLBACK_DO_NOT_APPLY.
This should systematically call be_postop if be_preop were called.
In addition postop_modify_config_dse returning an invalid rc, systematically prevents DSE modify to call be_postop
Fix description:
The required bug fix is that dse_callback need to return SLAPI_DSE_CALLBACK* not ldap rc.
Also in case of vlv config (SLAPI_DSE_CALLBACK_DO_NOT_APPLY) if preop were called
it requires to call the postop.
In dse_modify, rc is used for dse_call_callback() (returns SLAPI_DSE_CALLBACK*)
but also for plugin_call_plugin (returns SLAPI_PLUGIN_*). Those rc are not compatible
and although the code works to help maintenance use 'plugin_rc' instead of 'rc'.
relates: https://github.com/389ds/389-ds-base/issues/4391
Reviewed by: William Brown, Simon Pichugin (thanks !)
Platforms tested: F31
- - - - -
32f30f26 by Mark Reynolds at 2020-11-11T22:01:55-05:00
Issue 4429 - NULL dereference in revert_cache()
Bug Description: During a delete, if the DN (with an escaped leading space)
of an existing entry fail to parse the server will revert
the entry update. In this case it will lead to a crash
becuase ther ldbm inst struct is not set before it attempts
the cache revert.
Fix Description: Check the the ldbm instance struct is not NULL before
dereferencing it.
Relates: https://github.com/389ds/389-ds-base/issues/4429
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
0dbdc110 by tbordaz at 2020-11-12T12:06:15+01:00
Issue 4316 - performance search rate: useless poll on network send callback (#4424)
Bug description:
When sending back result/entries, DS first poll the connection to check
it is able to write data on the socket. Then it writes the data.
The purpose of the poll is to handle ioblocktimeout.
The problem is that most of the time, the socket will process the write
without any issue so it is useless to poll before the write.
Fix description:
The fix is try write first. It polls for ioblocktimeout
only if the write fails
relates: https://github.com/389ds/389-ds-base/issues/4316
Reviewed by: William Brown (thanks!)
Platforms tested: F31
- - - - -
9c7d5902 by Kazım SARIKAYA at 2020-11-12T15:16:27+01:00
build problems at alpine linux
- - - - -
6233c041 by Mark Reynolds at 2020-11-12T09:32:17-05:00
Issue 4432 - After a failed online import the next imports are very slow
Bug Description: When an online import fails the entry and DN caches are
"reset", but we use the wrong "new maxsize" which was
setting the entry cache maxsize to zero which killed the
import performance.
Fix Description: When resetting the caches use the previous cache maxsize.
Relates: https://github.com/389ds/389-ds-base/issues/4432
Reviewed by: firstyear & progier(Thanks!!)
- - - - -
5376f552 by Mark Reynolds at 2020-11-12T12:08:53-05:00
Issue 4383 - Do not normalize escaped spaces in a DN
Bug Description: Adding an entry with an escaped leading space leads to many
problems. Mainly id2entry can get corrupted during an
import of such an entry, and the entryrdn index is not
updated correctly
Fix Description: In slapi_dn_normalize_ext() leave an escaped space intact.
Relates: https://github.com/389ds/389-ds-base/issues/4383
Reviewed by: firstyear, progier, and tbordaz (Thanks!!!)
- - - - -
454a2d49 by William Brown at 2020-11-13T09:10:13+10:00
Issue 4428 - Paged Results with Chaining Test Case
Bug Description: This test case shows how a paged search with criticality
set to false, causes chaining to sigsegv.
Fix Description: N/A - this is a reproducer, not the fix.
fixes: #4428
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389
- - - - -
b79419a4 by William Brown at 2020-11-13T09:10:15+10:00
Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining
Bug Description: When a paged search through chaining backend is
received with a false criticality (such as SSSD), chaining backend
will sigsegv due to a null context.
Fix Description: When a NULL ctx is recieved to be freed, this is
as paged results have finished being sent, so we check the NULL
ctx and move on.
fixes: #4428
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389
- - - - -
43bcb561 by William Brown at 2020-11-17T13:12:33+10:00
Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid
Bug Description: The mapping tree is built and arranged based on
the content of the nsslapd-parent-suffix attribute. However, it is
possible that this value is invalid pointing at a non-existant
suffix, or that it could be pointing at a suffix that is invalid
in the suffix hierarchy that mapping trees expect.
https://www.port389.org/docs/389ds/design/mapping_tree_assembly.html
Fix Description: Rather than build the mapping tree by arranging
nodes through the nsslapd-parent-suffix value, we should sort and build
them through the known and defined suffix values in cn (which we already)
rely upon to be correct. This allows stable ordering and avoids potential
user and developer errors.
fixes: #4373
Author: William Brown <william at blackhats.net.au>
Review by: @progier389, @mreynolds389 (Thanks!)
- - - - -
83fc1e9d by progier389 at 2020-11-17T11:31:40-05:00
ticket 2058: Add keep alive entry after on-line initialization - second version (#4399)
Bug description:
Keep alive entry is not created on target master after on line initialization,
and its RUVelement stays empty until a direct update is issued on that master
Fix description:
The patch allows a consumer (configured as a master) to create (if it did not
exist before) the consumer's keep alive entry. It creates it at the end of a
replication session at a time we are sure the changelog exists and will not
be reset. It allows a consumer to have RUVelement with csn in the RUV at the
first incoming replication session.
That is basically lkrispen's proposal with an associated pytest testcase
Second version changes:
- moved the testcase to suites/replication/regression_test.py
- set up the topology from a 2 master topology then
reinitialized the replicas from an ldif without replication metadata
rather than using the cli.
- search for keepalive entries using search_s instead of getEntry
- add a comment about keep alive entries purpose
last commit:
- wait that ruv are in sync before checking keep alive entries
Reviewed by: droideck, Firstyear
Platforms tested: F32
relates: #2058
- - - - -
ea6e4a84 by progier389 at 2020-11-18T17:14:38+01:00
do not add referrals for masters with different data generation #2054 (#4427)
Bug description:
The problem is that some operation mandatory in the usual cases are
also performed when replication cannot take place because the
database set are differents (i.e: RUV generation ids are different)
One of the issue is that the csn generator state is updated when
starting a replication session (it is a problem when trying to
reset the time skew, as freshly reinstalled replicas get infected
by the old ones)
A second issue is that the RUV got updated when ending a replication session
(which may add replica that does not share the same data set,
then update operations on consumer retun referrals towards wrong masters
Fix description:
The fix checks the RUVs generation id before updating the csn generator
and before updating the RUV.
Reviewed by: mreynolds
firstyear
vashirov
Platforms tested: F32
- - - - -
5eacadd1 by progier389 at 2020-11-20T11:50:42+01:00
Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444)
Bug description:
Got TypeError exception when usign:
dsctl -v slapd-localhost ldifgen users --suffix
dc=example,dc=com --parent ou=people,dc=example,dc=com
--number 100000 --generic --start-idx=50
The reason is that by default python parser provides
value for numeric options:
as an integer if specified by "--option value" or
as a string if specified by "--option=value"
Fix description:
convert the numeric parameters to integer when using it.
options impacted are:
- in users subcommand: --number , --start-idx
- in mod-load subcommand: --num-users, --add-users,
--del-users, --modrdn-users, --mod-users
FYI: An alternative solution would have been to indicate the
parser that these values are an integer. But two reasons
leaded me to implement the first solution:
- first solution fix the problem for all users while the
second one fixes only dsctl command.
- first solution is easier to test:
I just added a new test file generated by a script
that duplicated existing ldifgen test, renamed the
test cases and replaced the numeric arguments by
strings.
Second solution would need to redesign the test framework
to be able to test the parser.
relates: https://github.com/389ds/389-ds-base/issues/4440
Reviewed by:
Platforms tested: F32
- - - - -
8657fe47 by Simon Pichugin at 2020-11-24T17:12:32+01:00
Issue 4105 - Remove python.six from lib389 (#4456)
Description: We no longer use python 2, we can remove all the python-six
imports and replace code with Python 3 support only.
Fixes: #4105
Reviewed by: @mreynolds389 @Firstyear (Thanks!)
- - - - -
2c89eef7 by progier389 at 2020-11-25T12:15:44+01:00
Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451)
Bug Description:
"dsconf replication monitor" fails to retrieve database RUV entry from consumer and this
appears into the Cockpit web UI too.
The problem is that the bind credentials are not rightly propagated when trying to get
the consumers agreement status. Then supplier credntials are used instead and RUV
is searched anonymously because there is no bind dn in ldapi case.
Fix Description:
- Propagates the bind credentials when computing agreement status
- Add a credential cache because now a replica password could get asked several times:
when discovering the topology and
when getting the agreement maxcsn
- Testcase test_dsconf_replication_monitor is modified to:
- Assert when getting "consumer (Unavalaible)" status
- Add a step using a freshly generated Dirsrv instance (as dsconf does)
rather than using the topology one
FYI: although the feature was tested in test_dsconf_replication_monitor py.test
the test does not hit the bug because of several side effects:
- If consumer credentials are not provided the suplier credentials are used.
- topology generated DirSrv instance has a bind DN.
- topology masters have the same credentials
DirSrv generated by dsconf (in ldapi case) have no bind DN and hits the bugs
- Add a comment about nonlocal keyword
Relates: #4449
Reviewers:
firstyear
droideck
mreynolds
Issue 4449: Add a comment about nonlocal keyword
(cherry picked from commit 73ee04fa12cd1de3a5e47c109e79e31c1aaaa2ab)
- - - - -
54c9db06 by tbordaz at 2020-11-25T18:12:54+01:00
Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439)
Bug description:
Previous fix is buggy because slapi_filter_escape_filter_value returns
a escaped filter component not an escaped assertion value.
Fix description:
use the escaped filter component
relates: https://github.com/389ds/389-ds-base/issues/4297
Reviewed by: William Brown
Platforms tested: F31
- - - - -
2dd89149 by Mark Reynolds at 2020-11-25T16:28:15-05:00
Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set
Description: The UI schema page was not handling objectclasses that did not
have x-origin set. This patch prevents the browser from crashing
in that case.
Relates: https://github.com/389ds/389-ds-base/issues/3986
Reviewed by: mreynolds (one line commit rule)
- - - - -
b1634c75 by Mark Reynolds at 2020-11-25T17:51:40-05:00
Issue 3657 - Add options to dsctl for dsrc file
Description: Add options to create, modify, delete, and display
the .dsrc CLI tool shortcut file.
Relates: https://github.com/389ds/389-ds-base/issues/3657
Reviewed by: firstyear(Thanks!)
- - - - -
aacdac38 by William Brown at 2020-11-26T09:30:00+10:00
Issue 4460 - BUG - lib389 should use system tls policy
Bug Description: Due to some changes in dsrc for tlsreqcert
and how def open was structured in lib389, the system ldap.conf
policy was ignored.
Fix Description: Default to using the system ldap.conf policy
if undefined in lib389 or the tls_reqcert param in dsrc.
fixes: #4460
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
de9965d0 by tbordaz at 2020-11-30T09:07:13+01:00
Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467)
Bug description:
This test case was incorrect.
During a refreshPersistent search, a cookie is sent
with the intermediate message that indicates the end of the refresh phase.
Then a second cookie is sent on the updated entry (group10)
I believed this test was successful some time ago but neither python-ldap
nor sync_repl changed (intermediate sent in post refresh).
So the testcase was never successful :(
Fix description:
The fix is just to take into account the two expected cookies
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: Mark Reynolds
Platforms tested: F31
- - - - -
806feba7 by Mark Reynolds at 2020-11-30T11:43:07-05:00
Issue 4384 - Use MONOTONIC clock for all timing events and conditions
Bug Description: All of the server's event handling and replication were
based on REALTIME clocks, which can be influenced by the
system changing. This could causes massive delays, and
simply cause unexpected behavior.
Fix Description: Move all condition variables to use pthread instead of NSPR
functions. Also make sure we use MONOTONIC clocks when we
get the current time when checking for timeouts and other
timed events.
Relates: https://github.com/389ds/389-ds-base/issues/4384
Reviewed by: elkris, firstyear, and tbordaz (Thanks!!!)
Apply firstyear's sugestions
Apply Firstyear's other suggestions
Apply Thierry's suggestions
- - - - -
74170d72 by Mark Reynolds at 2020-11-30T16:34:19-05:00
Issue 4105 - Remove python.six (fix regression)
Description: The switch off of six StringIO was not correctly ported,
and an object was assigned to a variable instead of the
variable being initialized with a new instance of the
object.
Fixes: https://github.com/389ds/389-ds-base/issues/4105
Reviewed by: mreynolds(one line commit rule)
- - - - -
b09e6033 by Mark Reynolds at 2020-11-30T17:14:03-05:00
Bump version to 1.4.4.9
- - - - -
30 changed files:
- Makefile.am
- VERSION.sh
- + dirsrvtests/tests/suites/chaining_plugin/paged_search_test.py
- + dirsrvtests/tests/suites/clu/dbgen_test_usan.py
- + dirsrvtests/tests/suites/clu/dsrc_test.py
- dirsrvtests/tests/suites/clu/repl_monitor_test.py
- dirsrvtests/tests/suites/import/import_test.py
- + dirsrvtests/tests/suites/mapping_tree/mt_cursed_test.py
- dirsrvtests/tests/suites/plugins/entryusn_test.py
- dirsrvtests/tests/suites/replication/regression_test.py
- dirsrvtests/tests/suites/schema/schema_test.py
- dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
- dirsrvtests/tests/suites/syntax/acceptance_test.py
- ldap/servers/plugins/chainingdb/cb_add.c
- ldap/servers/plugins/chainingdb/cb_compare.c
- ldap/servers/plugins/chainingdb/cb_conn_stateless.c
- ldap/servers/plugins/chainingdb/cb_delete.c
- ldap/servers/plugins/chainingdb/cb_instance.c
- ldap/servers/plugins/chainingdb/cb_modify.c
- ldap/servers/plugins/chainingdb/cb_modrdn.c
- ldap/servers/plugins/chainingdb/cb_search.c
- ldap/servers/plugins/chainingdb/cb_utils.c
- ldap/servers/plugins/cos/cos_cache.c
- ldap/servers/plugins/dna/dna.c
- ldap/servers/plugins/passthru/ptconn.c
- ldap/servers/plugins/referint/referint.c
- ldap/servers/plugins/replication/repl5.h
- ldap/servers/plugins/replication/repl5_backoff.c
- ldap/servers/plugins/replication/repl5_connection.c
- ldap/servers/plugins/replication/repl5_inc_protocol.c
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/bf454ad070199d5e8c0a03b5e2505e6f2750e998...b09e603396362750ad4e28034790c4c2215cfc27
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/bf454ad070199d5e8c0a03b5e2505e6f2750e998...b09e603396362750ad4e28034790c4c2215cfc27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20201218/8322b273/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list