[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 84 commits: Issue 50791 - Healthcheck to find notes=F
Timo Aaltonen
gitlab at salsa.debian.org
Thu Nov 12 13:58:47 GMT 2020
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base
Commits:
c0688a06 by Barbora Smejkalova at 2020-07-14T14:34:53+02:00
Issue 50791 - Healthcheck to find notes=F
Description:
Created tests, that reproduce notes=A and notes=F in access log
and then check if healthcheck returned proper error code.
Relates: https://pagure.io/389-ds-base/issue/50791
Reviewed by: spichugi (Thanks!)
- - - - -
654d0ff2 by Simon Pichugin at 2020-07-17T01:01:45+02:00
Issue 50984 - Fix disk_mon_check_diskspace types
Description: Function parameters are inconsistence.
Documentation states that threshold should be from 0 to 2^63 - 1
so we can use uint64_t for that.
https://pagure.io/389-ds-base/issue/50984
Reviewed by: firstyear (Thanks!)
- - - - -
ffda491f by Simon Pichugin at 2020-07-20T12:47:17+02:00
Issue 49300 - entryUSN is duplicated after memberOf operation
Bug Description: When we assign a member to a group we have two
oprations - group modification and user modification.
As a result, they both have the same entryUSN because USN Plugin
assigns entryUSN value in bepreop but increments the counter
in the postop and a lot of things can happen in between.
Fix Description: Increment the counter in bepreop together with
entryUSN assignment. Also, decrement the counter in bepostop if
the failuer has happened.
Add test suite to cover the change.
https://pagure.io/389-ds-base/issue/49300
Reviewed by: tbordaz (Thanks!)
- - - - -
ed5b13ca by Mark Reynolds at 2020-07-20T09:34:54-04:00
Issue 51000 - Separate the BDB backend monitors
Bug Description: While trying to remove duplicate code from the backend
and BDB backend code, I found that we were not correctly
separating the BDB monitors from the core backend code.
Fix Description: Move all the monitor registering to the db_layer private
structure. This way we have fully isolated the monitors
for each backend implementation/library. This also removed
some duplicate code from the core backend and BDB code.
relates: https://pagure.io/389-ds-base/issue/51000
Reviewed by: spichugi(Thanks!)
- - - - -
22c51491 by Simon Pichugin at 2020-07-20T20:11:58+02:00
Issue 51059 - If dbhome directory is set online backup fails
Bug Description: If the dbhome directory is set, eg to /dev/shm/instance
then an online backup fails because it looks for the log.000000x file
in the wring diretcory.
This is hidden because the return code is overwritten before checking.
Fix Description: If dblayer_backup function fails - go to error processing
section.
https://pagure.io/389-ds-base/issue/51059
Reviewed by: mreynolds (Thanks!)
- - - - -
632a8e08 by Simon Pichugin at 2020-07-23T12:00:39+02:00
Issue 51136 - JSON Error output has redundant messages
Bug Description: When we try to start an instance for which
'systemctl start' command has failed, it produces excessive
output which is not a clear JSON.
Fix Description: Redirect stderr to stdout as we don't need
the info in CLI. User needs to check logs if something went wrong.
Add a new-line character in the end of DS CLI tool's stderr.
Clean up React state processing for setServerID callback.
https://pagure.io/389-ds-base/issue/51136
Reviewed by: mreynolds (Thanks!)
- - - - -
d5c9c4e6 by Simon Pichugin at 2020-07-24T15:30:53+02:00
Issue 51086 - Fix instance name length for interactive install
Description: Instance name lenght is not properly validated
during interactive install. Add a check during a user input.
https://pagure.io/389-ds-base/issue/51086
Reviewed by: mreynolds (Thanks!)
- - - - -
c6aae1e5 by Mark Reynolds at 2020-07-27T14:08:57-04:00
Issue 49487 - Cleanup unused code
Description: Remove unused functions and "#if 0" code blocks.
relates: https://pagure.io/389-ds-base/issue/49487
Reviewed by: firstyear(Thanks!)
- - - - -
4610b5f6 by Barbora Simonova at 2020-07-28T14:51:20+02:00
Issue 50746 - Add option to healthcheck to list all the lint reports
Description:
Created tests that run healthcheck with the new --list-errors, --list-checks and --checks options
and then check syntax of the output.
I also added log.info to the health.py::_print_checks so I could check the log output of --list-checks.
test_healthcheck_backend_missing_mapping_tree is set to run on proper version, because the bz1835619 / ds51091 is fixed.
Relates: https://pagure.io/389-ds-base/issue/50746
Relates: https://pagure.io/389-ds-base/issue/51091
Reviewed by: spichugi (Thanks!)
- - - - -
98d6c7f8 by Mark Reynolds at 2020-07-28T14:56:56-04:00
Issue 49481 - remove unused or unnecessary database plugin functions
Description: Removed some unused database plugin initializations. Also
cleaned up some of the logging in the bdb specific code
that was not using the correct function name.
Fixes: https://pagure.io/389-ds-base/issue/49481
Reviewed by: elkris, tbordaz, and firstyear (Thanks!!!)
- - - - -
b7865bf1 by Mark Reynolds at 2020-07-29T11:58:00-04:00
Issue 49487 - Restore function that incorrectly removed by last patch
Bug Description: Turns out we still need ldbm_back_entry_release() as
it's used in opshared.c, and its not trival to try and
move it into the backend code.
Fix Description: Restore ldbm_back_entry_release() and still set the
function pointer in the pblock. Also remove the unused
chaining release function. Also did code cleanup with
comments in opshared.c
relates: https://pagure.io/389-ds-base/issue/49487
Reviewed by: elkris(Thanks!)
- - - - -
2c8e3398 by Mark Reynolds at 2020-07-29T16:19:41-04:00
Issue 51129 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version
Bug Description: If you try and set the sslVersionMax higher than the
default range, but within the supported range, you
would still get an error and the server would reset
the max to "default" max value.
Fix Description: Keep track of both the supported and default SSL ranges,
and correctly use each range for value validation. If
the value is outside the supported range, then use default
value, etc, but do not check the requested range against
the default range. We only use the default range if
there is no specified min or max in the config, or if
a invalid min or max value is set in the config.
Also, refactored the range variable names to be more
accurate:
enabledNSSVersions --> defaultNSSVersions
emin, emax --> dmin, dmax
relates: https://pagure.io/389-ds-base/issue/51129
Reviewed by: firstyear(Thanks!)
- - - - -
594bf91f by Simon Pichugin at 2020-07-30T14:41:14+02:00
Issue 51222 - It should not be allowed to delete Managed Entry manually
Bug Description: It is possible to delete a managed entry and no error is raised.
Also, while doing delete or modrdn peration on a managing entry and the managed entry
doesn't exist, we should continue the operation.
Fix Description: We should put an entry struct duplicate to SLAPI_ENTRY_PRE_OP pblock
before we execute plugins PRE_OP. Also, we should allow to continue modrdn and delete
managing entry operations execution even when managed entry doesn't exists.
Allow 'cn=directory manager' to delete managed entry on direct update.
Add a test.
https://pagure.io/389-ds-base/issue/51222
Reviewed by: firstyear, tbordaz (Thanks!)
- - - - -
b1e4f5f2 by Barbora Simonova at 2020-08-03T12:51:04+02:00
Issue 51102 - RFE - ds-replcheck - make online timeout configurable
Description:
Created a sanity test to check if the newly introduced -t option
for ds-replcheck does not break anything when used with various connection mechanisms.
Relates: https://pagure.io/389-ds-base/issue/51102
Reviewed by: spichugi (Thanks!)
- - - - -
79d5f2cf by William Brown at 2020-08-05T11:10:31+10:00
Ticket 50933 - Update 2307compat.ldif
Bug Description: This resolves a potential conflict between 60nis.ldif
in freeipa and others with 2307compat, by removing the conflicting
definitions from 2307bis that were included.
Fix Description: By not including these in 2307compat, this means that
sites that rely on the values provided by 2307bis may ALSO need
60nis.ldif to be present. However, these nis values seem like they are
likely very rare in reality, and this also will avoid potential
issues with freeipa. It also is the least disruptive as we don't need
to change an already defined file, and we don't have values where the name
to oid relationship changes.
Fixes: #50933
https://pagure.io/389-ds-base/issue/50933
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
a2041151 by William Brown at 2020-08-05T11:10:31+10:00
Ticket 50933 - enable 2307compat.ldif by default
Bug Description: This patch enables 2307compat.ldif by
default.
Fix Description: This is seperate to allow a simple roll
back if required during the review/devel process.
https://pagure.io/389-ds-base/issue/50933
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks)
- - - - -
d2689280 by Barbora Simonova at 2020-08-05T12:12:14+02:00
Issue 50952 - SSCA lacks basicConstraint:CA
Description:
Created a test that checks if the certificate generated by instance
has 'category: authority' tag in trust.
Relates: https://pagure.io/389-ds-base/issue/50952
Reviewed by: spichugi (Thanks!)
- - - - -
066a7b49 by Simon Pichugin at 2020-08-06T20:42:36+02:00
Issue 50260 - Fix test according to #51222 fix
Description: Managed Entry plugin behaviour was fixed and
returned codes were cleaned up. Now we allow to continue
modrdn and delete managing entry operations execution
even when managed entry doesn't exists.
Also allow 'cn=directory manager' to delete managed entry
on direct update.
Make the updates fail using another way.
https://pagure.io/389-ds-base/issue/50260
https://pagure.io/389-ds-base/issue/51222
Reviewed by: mreynolds (Thanks!)
- - - - -
ea39a99e by Mark Reynolds at 2020-08-10T12:04:26-04:00
Issue 51233 - ds-replcheck crashes in offline mode
Bug Description: When processing all the DN's found in the Master LDIF
it is possible that the LDIF is not in the expected
order and ldifsearch fails (crashing the tool).
Fix Description: If ldifsearch does not find an entry, start from the
beginning of the LDIF and try again.
relates: https://pagure.io/389-ds-base/issue/51233
Reviewed by: spichugi(Thanks!)
- - - - -
c5b60d6d by Simon Pichugin at 2020-08-11T16:32:43+02:00
Issue 51228 - Clean up dsidm user status command
Description: ns-accountstatus.pl, ns-activate.pl and ns-inactivate.pl
were ported to lib389 CLI. The functionality was added to dsidm account/role entry-status,
dsidm account subtree-status, dsidm role lock/unlock, dsidm account lock/unlock.
Remove dsidm user status/lock/unlock commands as they are redundant.
https://pagure.io/389-ds-base/issue/50206
https://pagure.io/389-ds-base/issue/51228
Reviewed by: mreynolds (Thanks!)
- - - - -
5afcbb0d by Mark Reynolds at 2020-08-12T12:46:42-04:00
Issue 50933 - Fix OID change between 10rfc2307 and 10rfc2307compat
Bug Description: 10rfc2307compat changed the OID for nisMap objectclass to
match the standard OID, but this breaks replication with
older versions of DS.
Fix Description: Continue to use the old(invalid?) oid for nisMap so that
replication does not break in a mixed version environment.
Fixes: https://pagure.io/389-ds-base/issue/50933
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
dda3ab0d by Mark Reynolds at 2020-08-17T09:20:07-04:00
Issue 51165 - Set the operation start time for extended ops
Bug Description: Extended ops, likewhat is used in replication, were not
setting the operation start time. This caused invalid
values in the new access log keywords (wtime & optime)
Fix Description: Set the start start at the start of the extended op.
Fixes: https://pagure.io/389-ds-base/issue/51165
Reviewed by: mreynolds (one line commit rule)
- - - - -
0f1ab5f0 by Ludwig Krispenz at 2020-08-17T20:37:21+02:00
Ticket - 49562 integrate changelog database to main database
Bug description:
PHASE 2 of backend redesign:
http://www.port389.org/docs/389ds/design/integrate-changelog-database-and-backend-database.html
Mainly changelog managed its own access to the database and it uses a global
config entry (cn=changelog5,cn=config) not related to the backend/replica.
Fix description:
The fix is described in the design.
Plus:
- use-after-free (remove+add replica, set)
- various leaks (triggered with CI tests fixup-tombstone, cascading)
- Plus some changes in the CI tests
https://pagure.io/389-ds-base/issue/49562
Reviewed by: Mark Reynolds, William Brown, Thierry Bordaz
- - - - -
bf6e4866 by Thierry Bordaz at 2020-08-18T17:23:41+02:00
Ticket - 51189 integrate changelog in main database - update CLI
Bug description:
PHASE 2 of backend redesign:
http://www.port389.org/docs/389ds/design/integrate-changelog-database-and-backend-database.html
With https://pagure.io/389-ds-base/issue/49562, the changelog uses the main database.
Changelog configuration was managed with a global config entry (cn=changelog5,cn=config)
Now it is managed via a per backend config entry (cn=changelog,cn=<backend_entry>).
Some config parameters are now in the backend specific changelog entry
nsslapd-changelogmaxage
nsslapd-changelogmaxentries
nsslapd-changelogtrim-interval
Some config paramters are simply abandonned (see design):
nsslapd-changelogdir
nsslapd-changelogcompactdb-interval
Fix description:
This fix (PR) is to be applied on top of 49562
It suppressed the ablity to create/delete changelog as the changelog entry
is now created/suppressed when a backend becomes a replica or not.
subcommands to set/get changelog attributes requires a suffix (aka backend).
dsconf <inst> replication set-changelog --suffix <suffix> --trim-interval <val>
dsconf <inst> replication set-changelog --suffix <suffix> --max-age <val>
dsconf <inst> replication set-changelog --suffix <suffix> --max-entries <val>
dsconf <inst> replication get-changelog --suffix <suffix>
This patch removes the ability to restore a changelog (restore-changelog)
It implements a new 'class Changelog' to set/get the configuration attribute
of a per backend changelog
https://pagure.io/389-ds-base/issue/51189
Reviewed by: Simon Pichugin, Mark Reynolds (Big thanks)
- - - - -
d1d557ad by Simon Pichugin at 2020-08-20T10:32:59+02:00
Issue 51229 - Server Settings page gets into an unresponsive state
Bug Description: If we switch the tab in Cockpit UI and restart
the instance - we can't go back to the default tab as it's in
an unresponsive loading state.
Fix Description: Do the update on ComponentDidUpdate instead of
ComponentDidMount.
https://pagure.io/389-ds-base/issue/51229
Reviewed by: mreynolds (Thanks!)
- - - - -
b8e9773e by William Brown at 2020-08-21T10:06:56+10:00
Ticket 51177 - on upgrade configuration handlers
Bug Description: 389 to function in docker and other environments
such as restore-from-backup, needs to be able to upgrade it's configuration
on startup. This lets us ship-and-enable new features, upgrade plugins
and more (similar to libglobs upgrades)
Previously we had only basic machinery for this (IE make sure this
entry exists like this) which would always write the content. This
caused problems where plugins would re-enable on restart, or couldn't
be removed.
Fix Description: This adds an upgrade processor and an exists_or_add
so that we can do stateful creates of entries, but without trampling
user modifications IE disabling plugins.
https://pagure.io/389-ds-base/issue/51177
fixes: #51177
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, mreynolds (Thanks!)
- - - - -
cbcdf050 by William Brown at 2020-08-24T12:43:07+10:00
Ticket 51247 - Container Healthcheck failure
Bug Description: Due to human error, a change to begin_healthcheck
was overlooked that causes containers to always report an unhealthy
state.
Fix Description: Fix the use of begin_healthcheck
fixes: https://pagure.io/389-ds-base/issue/51247
fixes #51247
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
52a09ced by Simon Pichugin at 2020-08-27T15:24:48+02:00
Issue 51228 - Fix lock/unlock wording and lib389 use of methods
Descriptions: Clean up lib389 idm-account methods to presicely locate
CoS objects. Also, fix AccountPolicyEntry super() function.
Fix wording in user input requests while doing lock/unlock.
https://pagure.io/389-ds-base/issue/51228
Reviewed by: mreynolds (Thanks!)
- - - - -
3d61aafa by William Brown at 2020-08-27T23:48:20+00:00
Ticket 51177 - fix warnings
Bug Description: Humans make mistakes. A lot of mistakes. In
the commit of 51177 I made a mistake of not checking every
compiler warning, which led to a mistake that could cause
problems for others.
Fix Description: There is no fix for humans. But we can
fix the compiler warnings.
fixes #51177
https://pagure.io/389-ds-base/issue/51177
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
01d9def3 by Mark Reynolds at 2020-09-01T10:06:17-04:00
Issue 51253 - dscreate should LDAPI to bootstrap the config
Description: There are cases where DNS is not setup yet, and trying to
automate the installation fails. Using LDAPI bypasses this
issue and allows for more robust deployment options
relates: https://pagure.io/389-ds-base/issue/51253
Reviewed by: minfrin, firstyear, and tbordaz (Thanks!!!)
- - - - -
e8f06927 by Mark Reynolds at 2020-09-02T09:12:05-04:00
Issue 51121 - Remove hardcoded changelog file name
Bug Description: There are several places in the code where
the new changelog name is just a hardcoded
string. So if the name changes we will have
many places that need to be updated.
Fix Description: Use a "define" for the file name in the bdb code,
and in the changelog get get the filename from
backend ldbminfo.
Also extended the ldbminfo flags to include the
backend implementation. This will be used as
we start to need a way t odetect what database
backend is in use.
relates: https://pagure.io/389-ds-base/issue/51121
Reviewed by: firstyear(Thanks!)
- - - - -
f9638bbd by Thierry Bordaz at 2020-09-09T10:40:10+02:00
Ticket 51190 - SyncRepl plugin provides a wrong cookie
Bug description:
A sync repl thread is similar to persistent search thread.
The server is communicating with the sync repl thread with
an ordered queue of updates.
Updates are written in the queue by post op callbacks.
Sync repl thread waits/reads the queue, retrieve the updates
from the retroCL, checks if target entry matches the
request (scope/filter) and send back the entry/update to
the sync repl client.
Several issues regarding the way order of the updates in
the queue:
(1) When an update generates nested updates (automemeber,
memberof,...) the order of the updates in the queue is
not following the order of applied updates. The consequence
is that the cookie (containing the update nubmer) can be wrong.
It can contains jumps, disorder and invalid number (-1).
When an update fails (nested or primary update), none of the
updates should be pushed to sync_repl queue
(2) The plugin callback on updates are POSTOP, so if there are
two direct updates, there is a possibility that the callback
of the second update (and its nested updates) are enqueued
before the first update. In such case the sync_repl thread
may skip some updates and/or fail to retrieve update from
retroCL (cookie.update_no=-1)
Fix description:
The fix does
(1) implements a pending list of updates (in the thread
private space "get_thread_primary_op").
The first in the pending list is the primary update then
the others are the nested updates.
A new operation (betxn_preop) registers the operation at
the end of the pending list with the state OPERATION_PL_PENDING.
It requires to registers new callbacks (sync_betxn_preop_init)
During be_postop (see below) callbacks flags the pending
updates as OPERATION_PL_SUCCEEDED or OPERATION_PL_FAILED
depending on the operatione result.
When no more pending updates are OPERATION_PL_PENDING,
then depending of the result of the primary update
(OPERATION_PL_SUCCEEDED or OPERATION_PL_FAILED) the
updates are moved to the sync_repl queue.
(2) The postop plugin callbacks are now be_postop
https://pagure.io/389-ds-base/issue/51190
Reviewed by: Mark Reynolds, Simon Pichugin, William Brown (Thanks)
Platforms tested: F31
- - - - -
0d1ac8ab by Simon Pichugin at 2020-09-17T16:34:52+02:00
Issue 4327 - Update issue templates and README.md
Description: GitHub creates it's issue templates directly in the repo.
Create a bug report and feature request templates.
Update README.md
Reviewed by: Firstyear (Thanks!)
Fixes: #4327
- - - - -
f41fc384 by Antonio Navarro at 2020-09-17T16:38:50+02:00
Issue 4322 - Updates old reference to pagure issue (#4321)
Description: Updates old reference to Pagure issue
(docker/README.md ' was fixed by @antonionc)
The rest is done by @droideck:
Change reference from the old Pagure issue to the corresponding GitHub issue
Fix all Pagure references and improve guides.
Co-authored-by: Simon Pichugin <spichugi at redhat.com>
Reviewed by: Firstyear (Thanks!)
Fixes: #4322
- - - - -
00d08139 by tbordaz at 2020-09-21T08:28:38+02:00
Issue 4319 - Performance search rate: listener may be erroneously waken up (#4323)
Bug description:
A worker thread usually wakes up the listener when it has completed
reading the operation from the operation.
In addition upon exceptional event (timeout while reading op or
max thread per connection), it sets a local flag (need_wakeup) and
wakes the listener.
The problem is that it does not reset the flag after wake up. So
for any further operation (on any operation) it will trigger this
additional wake up.
This triggers a write syscall and wakes up listener for nothing.
This impacts througput by ~2%
Fix description:
reset the need_wakeup after signal_listner
relates: https://github.com/389ds/389-ds-base/issues/4319
Reviewed by: William Brown, Mark Reynolds (thanks !!)
Platforms tested: F31, RHEL8.3
- - - - -
ff6e8523 by Simon Pichugin at 2020-09-22T13:23:47+02:00
Issue 4322 - Fix a source link (#4332)
Description: Source0 should point to a local file instead of
a remote URL. We use it for testing/development only so
there is no need in external links.
Reviewed by: @Firstyear (Thanks!)
Fixes: #4322
- - - - -
787dfa11 by Mark Reynolds at 2020-09-22T11:34:38-04:00
Issue 4209 - RFE - add bootstrap credentials to repl agreement
Description: When using Bind DN Groups for a replication agreement
authentication there are cases where the group is not
present, or is outdated. In such cases having bootstrap
credentials can allow replication to start working again.
New replication sessions will always try and use the
default credentials first.
relates: https://github.com/389ds/389-ds-base/issues/4209
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
a16d9c14 by Mark Reynolds at 2020-09-22T11:34:38-04:00
Issue 4209 - RFE - add bootstrap credentials to repl agreement
Description: When using Bind DN Groups for a replication agreement
authentication there are cases where the group is not
relates: https://github.com/389ds/389-ds-base/issues/4209
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
19c27490 by Mark Reynolds at 2020-09-22T11:34:38-04:00
Issue 4209 - RFE - add bootstrap credentials to repl agreement (UI update)
Description: Add replication bootstrap settings to the UI.
relates: https://github.com/389ds/389-ds-base/issues/4209
Reviewed by: tbordaz & firstyear(Thanks!)
- - - - -
1dbb69ba by Mark Reynolds at 2020-09-22T11:34:38-04:00
Issue 4209 - RFE - add bootstrap credentials to repl agreement (upgrade update)
Description: Add an upgrade function to add the new bootstrap password
attribute to the AES reversible password plugin.
relates: https://github.com/389ds/389-ds-base/issues/4209
Reviewed by: tbordaz & firstyear (Thanks!!)
- - - - -
d98428a7 by Firstyear at 2020-09-23T09:19:34+10:00
Ticket 4326 - entryuuid fixup did not work correctly (#4328)
Bug Description: due to an oversight in how fixup tasks
worked, the entryuuid fixup task did not work correctly and
would not persist over restarts.
Fix Description: Correctly implement entryuuid fixup.
fixes: #4326
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (thanks!)
- - - - -
e51d2d62 by Mark Reynolds at 2020-09-22T19:35:44-04:00
Issue 4258 - Add server version information to UI
Description: Add the server's version number to the server configuration
page.
Fixes: https://github.com/389ds/389-ds-base/issues/4258
Reviewed by: firstyear(Thanks!)
- - - - -
089c1d58 by Simon Pichugin at 2020-09-24T10:25:04+02:00
Issue 3996 - Add dsidm rename option (#4338)
Description: Add rename option to dsidm CLI.
user, group, posixgroup, organizationalunit - rename by rdn.
account, role - rename by dn.
Set Account._protected = False by default so we can run
rename and delete operations.
Fix typos in dsidm CLI code.
Reviewed by: @mreynolds389 and @Firstyear (Thanks!!)
Fixes: #4127
Fixes: #3996
- - - - -
3a643dc8 by Mark Reynolds at 2020-09-24T12:29:52-04:00
Issue 4342 - UI - additional fixes for creation instance modal
Description: In the instance creation modal there is an incorrect warning
about the port number range. It should state valid port numbers
are between 1 and 65535. The root DN character validation allows
non ascii as the first characters after the "=". And we are not
forewarning about the instance name length if it is greater than
80 characters
Fixes: https://github.com/389ds/389-ds-base/issues/4342
Reviewed by: spichugi(Thanks!)
- - - - -
df3a5127 by sgouvern at 2020-09-28T10:09:18+10:00
Description: (#4325)
Automated tests to verify that
- db2ldif exits properly when the ldif file path provided cannot be accessed
- a usefull error message is displayed as output when the ldif file cannot be accessed
Relates: https://github.com/389ds/389-ds-base/issues/4241
Relates: https://github.com/389ds/389-ds-base/issues/4278
Reviewed by: Bsimonova, Firstyear. Thanks !
- - - - -
f6799c27 by Firstyear at 2020-09-30T11:35:20+10:00
Ticket 4345 - import self sign cert doc comment (#4346)
Bug Description: It was raised that the doc comment with TLS
and self sign cert could be confusing and if disabled it was
not clear how to enable TLS later.
Fix Description: Improve the doc comment with examples.
fixes: #4345
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
dc905d22 by Firstyear at 2020-10-02T07:55:58+10:00
Ticket 4351 - improve generated sssd.conf output (#4354)
Bug Description: There were some subtle issues in the sssd.conf
generator. When no group was specified, we'd generate an invalid
config. When the config used ldapi, it may not work on remote
servers.
Fix Description: When the uri is ldapi, emit a warning for
this parameter to be reviewed. When ldap filter is none
provide the example as commented out.
fixes: #4351
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
7275ce97 by Firstyear at 2020-10-02T08:09:22+10:00
Ticket 4350 - dsrc should warn when tls_cacertdir is invalid (#4353)
Bug Description: When the cacertdir is not a directory
or does not exist we should warn that this is not valid
and provide recification steps.
Fix Description: Check if the path exists or is a directory
and report this, along with steps on how to run c_rehash
fixes: #4350
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
bf5a79c6 by tbordaz at 2020-10-02T12:03:12+02:00
Issue 4297- On ADD replication URP issue internal searches with filter containing unescaped chars (#4355)
Bug description:
In MMR a consumer receiving a ADD has to do some checking based on basedn.
It checks if the entry was a tombstone or if the conflicting parent entry was a tombstone.
To do this checking, URP does internal searches using basedn.
A '*' (ASTERISK) is valid in a RDN and in a DN. But using a DN in an assertionvalue of a filter, the ASTERISK needs to be escaped else the server will interprete the filtertype to be a substring. (see
https://tools.ietf.org/html/rfc4515#section-3)
The problem is that if a added entry contains an ASTERISK in the DN, it will not be escaped in internal search and trigger substring search (likely unindexed).
Fix description:
escape the DN before doing internal search in URP
Fixes: #4297
Reviewed by: Mark Reynolds, William Brown, Simon Pichugi (thanks !)
Platforms tested: F31
- - - - -
4f25c850 by Firstyear at 2020-10-06T08:15:01+10:00
Ticket 4347 - log when server requires a restart for a plugin to become active (#4352)
Bug Description: When testing another feature, user confusion was experienced
while enabling a plugin. This was due to a misunderstanding about dynamic
plugins and when and how they take effect.
Fix Description: When dynamic plugins are NOT enabled, and an attempt
is made to enable a plugin, clearly log that we require a restart of
the server for this functionality to become active.
fixes: #4347
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389 (Thanks!)
- - - - -
db7d98c3 by Firstyear at 2020-10-06T12:41:00+10:00
Ticket 4350 - One line, fix invalid type error in tls_cacertdir check (#4358)
Bug Description: When the tls_cacertdir parameter was not
present os.path fails with None not a str.
Fix Description: Check if the path is None
fixes: #4350
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
b7ad38a6 by Barbora Simonova at 2020-10-06T11:04:00+02:00
Issue 4348 - Add tests for dsidm
Description:
Created tests for dsidm client_config option and enhanced
the src/lib389/lib389/cli_idm/client_config.py so the output gets caught
to a log file and can be compared.
Also modified the dbgen_test.py, because the check_value_in_log_and_reset() function
provided a fake value in the log file. So in case something failed and the original value
was not in the output, the test would find the value in "Check that {} is present" line
and therefore it would not fail.
Fixes: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: Firstyear, droideck (Thanks!)
- - - - -
54b54423 by Mark Reynolds at 2020-10-06T10:17:37-04:00
Issue 4360 - password policy max sequence sets is not working as expected
Description: password max sequence sets: "123--123" are not being correctly
detected. This is due to an uninitialized char array
Relates: https://github.com/389ds/389-ds-base/issues/4360
Reviewed by: mreynolds (one line commit rule)
- - - - -
7cb9a635 by Simon Pichugin at 2020-10-08T19:18:24+02:00
Issue 4265 - UI - Make the secondary plugins read-only (#4364)
Description: As some of the changes may break the server.
We should make all the plugins in the UI Plugins table read-only.
Only the ones in the left column should editable.
The change is only for UI.
Fixes: #4265
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
aaaaaf50 by Mark Reynolds at 2020-10-08T19:31:56-04:00
Issue 4366 - lib389 - Fix account status inactivity checks
Bug Description: When we converted the entries lastLoginAttr to epoch seconds
the function was not converting it correctly, and the value
was off by quite a bit. This caused the CLI tools to potentially
report the wrong status of the entry.
Fix Description> First the times from the entry are gmtime, not local. So
instead of grabbing the current local time, we need to grab
the current gmtime. Second, the function that converts a
generalized time to epoch seconds is not working. So that
was reworked to generate the correct epoch value.
relates: https://github.com/389ds/389-ds-base/issues/4366
Reviewed by: firstyear(Thanks!)
- - - - -
a931061e by Mark Reynolds at 2020-10-08T19:37:15-04:00
Issue 4368 - ds-replcheck crashes when processing glue entries
Bug Description: When processing glue entries on the replica the tool
can crash by dereferencing a None variable.
Fix Description: Properly check the replica result entry for what type
of entry it is, and ten properly handle it if it is
a glue entry.
relates: https://github.com/389ds/389-ds-base/issues/4368
Reviewed by: firstyear(Thanks!)
- - - - -
f7ecbf85 by Firstyear at 2020-10-09T10:34:30+10:00
Issue 4361 - RFE - add - dscreate --advanced flag to avoid user confusion
Bug Description: It has been noticed in a few seperate reports that
certain options in the dscreate template can cause confusion. This
is because when presented with the options, people may attempt to
tweak or change settings to "customise" them, without fully
understanding the impact.
Fix Description: Distinguish common options from developer-only
advanced options in the template with the --advanced flag.
fixes: #4361
Author: William Brown <william at blackhats.net.au>
Review by: @droideck @mreynolds389 thanks!
- - - - -
90048526 by Firstyear at 2020-10-12T07:54:01+10:00
Issue 4334 - RFE - Task timeout may cause larger dataset imports to fail (#4359)
Bug Description: The task.wait() function had a hardcoded timeout
and no method to "disable" that check. This could cause very large
databases to fail to import.
Fix Description: Support timeout=None, which allows the task to
take 'infinite' time. Additionally, this provides a warning that
this is occuring.
fixes: #4334
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck (thanks!)
- - - - -
ffc5982b by Firstyear at 2020-10-13T08:14:26+10:00
Issue 4372 - BUG - Chaining DB did not validate bind mech parameters (#4374)
Bug Description: Chaining DB did not validate the content of bind mech.
When combined with an ambiguous help string, this caused users to set
blank/empty strings into the chaining db config, that would not auth
correctly to the tarcet.
Fix Description: The chaining DB should strictly enforce the incoming
values that are set. The help in dsconf should be explicit about what
values are supported and how they are set.
fixes: #4372
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (thanks!)
- - - - -
7fd97b1d by Simon Pichugin at 2020-10-13T14:04:55+02:00
Issue 3555 - Fix npm audit issues (#4370)
Description: Update dependencies which have vulnarabilities
and remove unused deps:
- eonasdan-bootstrap-datetimepicker;
- react-ellipsis-with-tooltip;
- recompose;
Relates: #3555
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
43c69156 by tbordaz at 2020-10-15T11:57:56+02:00
Issue 4329 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber (#4356)
Bug description:
In persist mode, sync_repl sends a matching updated entry with a sync state control
containing a cookie. The cookie contains the changenumber related to the updated entry.
If several consecutive updates targets the same entry, sync_repl will send for each
update the same changenumber (the first of the set of updates).
changenumber will resync as soon as another entry is sent.
The reason why sync_repl sends several time the same entry is that the internal
search looks for '(changenumber >= cookie_changenumber)' rather than
'(changenumber > cookie_changenumber)'.
Fix description:
Change the filter to look for the next changenumber
Fixes: #4329
Reviewed by: William Brown, Simon Pichugi
Platforms tested: F31, F33
- - - - -
b8b16914 by tbordaz at 2020-10-15T16:59:56+02:00
Issue 4379 - allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service (#4380)
Bug description:
The fix #3028 enforces a strict limit of empty attributeDescription.
The limit is low (1) and some application may failing.
We can relax this limit to a higher value without reopening DOS risk
Fix description:
Change the max authorized empty attributesDescription from 1 to 10
relates: https://github.com/389ds/389-ds-base/issues/4379
Reviewed by: Mark Reynolds
Platforms tested: F31
- - - - -
141a5145 by Mark Reynolds at 2020-10-16T10:58:00-04:00
Issue 4159 - Healthcheck code DSBLE0002 not returned on disabled suffix
Bug Description: The healthcheck tool was actually crashing when a suffix
was disabled. We also were not correctly processing
DSLdapObjects, where we would run all the lint tests
even though we only asked to run one specific lint test.
Fix Description: Make healthcheck more robust to handle exceptions. Fix
the processing of DSLdapObjects by passing in the lint
function name to DSLint().
Also added the health "check" that triggered the issue
to the final report so you know which exact test to rerun.
Fixes: https://github.com/389ds/389-ds-base/issues/4159
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
9cfb5751 by Mark Reynolds at 2020-10-19T12:11:08-04:00
Issue 4176 - import ldif2cl task should not close all changelogs
Bug Description: With the new per-backend replication changelog, the
ldif2cl task would incorrectly close all the backends.
Fix Description: First, the global changelog struct (s_cl5Desc) was
completely removed and merged with the replica changelog
db handle struct. The dbState variable is used to
sychronize access to the changelog db struct during
shutdown, or ldif2cl tasks.
The CLI was updated to handle setting changelog encryption,
and importing/restoring a changelog ldif.
The UI was updated to handle the new per-backlend changelog
and its configuration. Also added the option to
export/import the changelog and its various forms.
Fixes: https://github.com/389ds/389-ds-base/issues/4176
Reviewed by: tbordaz, firstyear, and elkris (Thanks!!!)
Remove unneeded LMDB changelog file name
Apply requested changes
Fix dbscan, adjust changelog format v6, and other cleanup...
Prepare the CLI for changelog export/import
- - - - -
0a902cc8 by Firstyear at 2020-10-20T12:04:51+10:00
Issue #3600 - RFE - openldap migration tooling (#4318)
Bug Description: A large number of enterprise customers are interested
to move from OpenLDAP to 389 Directory Server. As this can be a
difficult process, there are many parts that we can automate to make
the process smoother, and to provide other information to assist
admins in a successful migration.
Fix Description: This adds the openldap_to_ds command, which given
a backup of an OpenLDAP and it's configuration, is able to partially
migrate the content and plugins to a running instance. Additionally
this is able to provide a checklist of other migration tasks that
may require administrator action and management.
fixes: #3600
Author: William Brown <william at blackhats.net.au>
Review by: @droideck @mreynolds389 (Thanks!)
- - - - -
d2c285f0 by Jamie Chapman at 2020-10-20T15:00:27+01:00
Issue 1199 - Misleading message in access log for idle timeout (#4385)
Issue 1199 - Misleading message in access log for idle timeout
Description: Update timeout error code in daemon.
Add extra detail to idle and IO timeout error messaging.
Typo in logconv.pl
Relates: #1199
Reviewed by: mreynolds389, droideck, Firstyear (Thanks folks)
- - - - -
95653e74 by Simon Pichugin at 2020-10-20T18:49:37+02:00
Issue 4295 - Fix a closing quote issue (#4386)
Description: The "details" keyword in the access log does not have
a closing quote.
The issue happens because the quote was set in the wrong place.
Fixes: #4295
Reviewed by: @mreynolds389
- - - - -
d5c5097b by Mark Reynolds at 2020-10-20T14:54:54-04:00
Issue 4389 - errors log with incorrectly formatted message parent_update_on_childchange
Description: The arguemtns were incorrect for the logging line
Fixes: https://github.com/389ds/389-ds-base/issues/4389
Reviewed by: mreynolds(one line commit rule)
- - - - -
266d8780 by Mark Reynolds at 2020-10-21T17:07:13-04:00
Issue 2526 - suffix management in backends incorrect
Description: Previously the server used to support mutliple suffixes per backend
and the server had to maintain and check a be list of suffixes.
However, this is no longer supported, so all of this code can be
cleaned up to support a single suffix per backend.
Also added a check that when creating a mapping tree entry, that the
backend entry must already exist and match the suffix.
Relates: https://github.com/389ds/389-ds-base/issues/2526
Reviewed by: firstyear(Thanks!)
- - - - -
8742f657 by Akshay Adhikari at 2020-10-22T08:48:14+02:00
Issue 2820 - Fix CI tests (#4365)
Issue 2820 - Fix CI tests
Bug Description: tickets/ticket47973_test.py test had failures in CI nightly runs
Fix Description: Fix the failure and also change the code to use DSLdapObject.
Move the code into the schema test suite.
Replace legacy objects from the whole test
Relates: #2820
Reviewed by: Simon(droideck)
- - - - -
1f5aecb5 by Mark Reynolds at 2020-10-22T09:46:03-04:00
Issue 4392 - Update create_test.py
Description: Remove the unnecessary DEBUGGING logger code
Fixes: https://github.com/389ds/389-ds-base/issues/4392
Reviewed by: firstyear & spichugi (Thanks!!)
- - - - -
fbb54a7f by tbordaz at 2020-10-23T10:34:02+02:00
Issue 4363 - Sync repl: per thread structure was incorrectly initialized (#4395)
Bug description:
A per thread structure should be allocated once, either on get/set.
Currently it is allocated on the primary operation and free when
the primary operation is completed.
Fix description:
The per thread structure is now a HEAD structure.
The HEAD is the where the primary operation is referenced when
the operation starts and where it is reset when the primary operation ends
(pushed to the sync_repl thread)
relates: https://github.com/389ds/389-ds-base/issues/4363
Reviewed by: Mark Reynolds
Platforms tested: F31, F33
- - - - -
e227c5be by Mark Reynolds at 2020-10-25T12:49:54-04:00
Issue 2526 - revert API change in slapi_be_getsuffix()
Description: The public slapi API was changed in the previous commit and
this broke several other projects using 389 DS. This patch
restore the API, but it ignores the unused value:
const Slapi_DN *slapi_be_getsuffix(Slapi_Backend *be, int unused);
Relates: https://github.com/389ds/389-ds-base/issues/2526
Reviewed by: mreynolds
- - - - -
a2584e1d by Mark Reynolds at 2020-10-26T09:08:00-04:00
Issue 4262 - Remove legacy tools subpackage
Description: Remove all the legacy tool scripts, libraries, and obsolete files
Relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by: viktor & firstyear (Thanks!!)
Apply Viktor's suggestions
- - - - -
06ff5b77 by Mark Reynolds at 2020-10-26T11:42:46-04:00
Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install)
Description: Update specfile to restart instances after installing new rpm
Relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by: viktor(Thanks!)
- - - - -
60412d96 by Mark Reynolds at 2020-10-26T16:31:30-04:00
Issue 4262 - Remove legacy tools subpackage (final cleanup)
Description: Found a few more cleanup issues with removing perl.
Relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by: spichugi(Thanks!)
- - - - -
f030cf88 by Mark Reynolds at 2020-10-26T21:45:30-04:00
Bump version to 1.4.4.6
- - - - -
67c8b870 by Mark Reynolds at 2020-10-27T13:58:01-04:00
Issue 2526 - retrocl backend created out of order
Bug Description: A recent change verified that you do not create
a mappingtree entry before the backend entry was
created. The server created the retrocl backend
in the opposite order which broke the retrocl.
Fix Description: Create the retrocl backend entry before creating
the mapping tree entry.
Relates: https://github.com/389ds/389-ds-base/issues/2526
Reviewed by: viktor(Thanks!)
- - - - -
b45df8df by Mark Reynolds at 2020-10-28T09:02:26-04:00
Issue 4262 - more perl removal cleanup
Description: Removed the remaining "enabled_perl" code.
Relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by: viktor(Thanks!)
- - - - -
fa6e1aa2 by Mark Reynolds at 2020-10-28T09:59:15-04:00
Issue 2526 - revert backend validation check
Description: Other projects are creating backends out of order, so
the previous patch was breaking these projects. Reverting
the valdiation check in 1.4.4, but leaving it in 1.4.5 (F34)
where we will fix the other projects for F34.
Relates: https://github.com/389ds/389-ds-base/issues/2526
Reviewed by: mreynolds
- - - - -
60a2429e by Mark Reynolds at 2020-10-28T10:46:31-04:00
Bump version to 1.4.4.7
- - - - -
c4b1be45 by Mark Reynolds at 2020-11-03T08:03:29-05:00
Issue 4176 - CL trimming causes high CPU
Bug Description: The changelog trimming switched to using pthread_cond_timedwait()
instead of NSPR, but the relative time was used for the wait time
instead of the absolute time. This caused it to basically not
wait at all and consume all the CPU.
Fix Description: Use the absolute(monotonic) time for the condition wait time.
Relates: https://github.com/389ds/389-ds-base/issues/4176
Reviewed by: progier(Thanks!)
- - - - -
264f173a by Mark Reynolds at 2020-11-03T17:25:19-05:00
Issue 4415 - unable to query schema if there are extra parenthesis
Bug Description: When a client does a schema lookup in lib389 asking
for theresult in JSON, the X-ORIGIN is not correctly
parsed if it contains an extra parenthesis
Fix Description: When parsing between the X-ORIGIN encapsulating parenthesis
find the right most match, not the first match.
Relates: https://github.com/389ds/389-ds-base/issues/4415
Reviewed by: spichugi(Thanks!)
- - - - -
bf454ad0 by Mark Reynolds at 2020-11-07T22:33:31-05:00
Bump version to 1.4.4.8
- - - - -
30 changed files:
- + .github/ISSUE_TEMPLATE/bug_report.md
- + .github/ISSUE_TEMPLATE/feature_request.md
- Makefile.am
- README.md
- VERSION.sh
- configure.ac
- dirsrvtests/create_test.py
- + dirsrvtests/tests/data/openldap_2_389/1/example_com.slapcat.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/example_net.slapcat.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/setup/example_com.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/setup/example_net.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/setup/slapd.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/cn=module{0}.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/cn=schema.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/cn=schema/cn={0}core.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/cn=schema/cn={3}rfc2307bis.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/cn=schema/cn={4}yast.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={0}config.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={1}mdb.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={1}mdb/olcOverlay={0}memberof.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={1}mdb/olcOverlay={1}refint.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={1}mdb/olcOverlay={2}unique.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={2}mdb.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={2}mdb/olcOverlay={0}memberof.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={2}mdb/olcOverlay={1}unique.ldif
- dirsrvtests/tests/suites/acl/acl_deny_test.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/318a3ce0c721ce217fc166b69e3457ad6ee0fb98...bf454ad070199d5e8c0a03b5e2505e6f2750e998
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/318a3ce0c721ce217fc166b69e3457ad6ee0fb98...bf454ad070199d5e8c0a03b5e2505e6f2750e998
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20201112/8de8201c/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list