[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][master-next] 1518 commits: Ticket 49867 - Fix CLI tools' double output
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Mon Oct 18 17:24:07 BST 2021
Timo Aaltonen pushed to branch master-next at FreeIPA packaging / 389-ds-base
Commits:
52b89974 by Mark Reynolds at 2018-07-23T17:40:15-04:00
Ticket 49867 - Fix CLI tools' double output
Description: This is a regression from a previous fix. Do not call
logging.basicConfig() in cli tools
https://pagure.io/389-ds-base/issue/49867
Reviewed by: spichugi(Thanks!)
- - - - -
fd8ca9aa by Mark Reynolds at 2018-07-24T10:51:25-04:00
Ticket 49794 - Add pam_pwquality features to password syntax checking
Description: Added the following pam_pwquality fartures to DS. We can
not add all the features because some of them require that
you have the the previous or current password in clear text..
New features:
- Check password is not in dictionary
- Password is not a palindrome
- Maximum allowed monotonic sequence characters
- Maximum allowed monotonic sequence characters that can
be repeated.
- Maximum number of consectuve characters from the same
class of characters (digits, alphas, specials, etc)
- List of words that are not allowed to appear in the new
password
- List of attributes to check in the user's entry to see
if those values are in the new password.
https://pagure.io/389-ds-base/issue/49794
Reviewed by: vashirov & spichugi(Thanks!!)
- - - - -
7e49dec0 by Mark Reynolds at 2018-07-25T18:16:10-04:00
Ticket 49837 - Add new password policy attributes to UI
Description: Added new password policy features to UI.
Also made change to instance creation to line up
with changes going on in lib389
https://pagure.io/389-ds-base/issue/49837
Reviewed by: spichugi(Thanks!)
- - - - -
c439b920 by Simon Pichugin at 2018-07-27T16:10:38+02:00
Issue 49381 - Refactor the plugin test suite docstrings
Description: Remove attr_uniqueness_test.py and dna_test.py
because they are present in acceptance_test.py.
Refactor the docstrings in the existing suites.
https://pagure.io/389-ds-base/issue/49381
Reviewed by: vashirov, mreynolds (Thanks!)
- - - - -
7b3c401a by Simon Pichugin at 2018-07-30T14:22:23+02:00
Issue 49761 - Fix replication test suite issues
Description - the issues:
cleanallruv - add 'certify' to the abort tasks certify and adjust a timeout;
encryption_cl5 - add the encryption attributes to the schema
(we had used extensibleObject before but now we use nsChangelogConfig);
tombstone - fix how Tombstone(DSLdapObject) handles the searches.
https://pagure.io/389-ds-base/issue/49761
Reviewed by: vashirov, mreynolds (Thanks!)
- - - - -
b14c836b by Amita Sharma at 2018-07-31T17:35:11+05:30
Issue 48056 - Add more test cases to the basic suite
Description: Added a test for anonymous search with various filters
Added a test to verify bug915801
Added a test to verify bug192901
Added a test to verify bug1044135
Added markers for password and filter test cases
https://pagure.io/389-ds-base/issue/48056
Reviewed by: Simon and Viktor
- - - - -
ba8f57d2 by William Brown at 2018-08-03T11:10:59+10:00
49881 - Missing check for crack.h
A check for crack.h is missing from configure.ac. Add it.
https://pagure.io/389-ds-base/issue/49881
Author: William Brown <william at blackhats.net.au>
- - - - -
74498103 by Mark Reynolds at 2018-08-06T13:53:34-04:00
Ticket 49866 - Add password policy features to CLI/UI
Description: Add global and local password policy functionality to
dsconf and UI.
https://pagure.io/389-ds-base/issue/49866
Reviewed by: ?
- - - - -
0d1eded7 by Mark Reynolds at 2018-08-07T08:43:11-04:00
Ticket 49888 - Use perl filter in rpm specfile
Description: Apply perl filter to legacy tools subpackage to prevent 389
from "Providing" its perl modules.
https://pagure.io/389-ds-base/issue/49888
Reviewed by: vashirov(Thanks!)
- - - - -
e4831bc4 by William Brown at 2018-08-08T09:19:19+10:00
49884 - Improve nunc-stans test to detect socket errors sooner
While testing on a fresh machine (without ipv6) I noticed the ns test
would fail. This led me to improve the state of the ns stress test
code to remove the legacy atomic, and check assertions of the sockets.
https://pagure.io/389-ds-base/pull-request/49884
Author: William Brown <william at blackhats.net.au>
- - - - -
ad640e96 by Viktor Ashirov at 2018-08-08T14:12:40+02:00
Issue 48377 - Update file name for LD_PRELOAD
Bug Description:
We ship versioned libjemalloc.so.2, but LD_PRELOAD still uses
unversioned file name.
Fix Description:
Update LD_PRELOAD to use versioned .so name.
https://pagure.io/389-ds-base/issue/48377
Reviewed by: mreynolds (Thanks!)
- - - - -
2f2d3b1d by Mark Reynolds at 2018-08-08T17:19:27-04:00
Ticket 49893 - disable nunc-stans by default
Description: Until nunc-stans is stablized we need to disable it
https://pagure.io/389-ds-base/issue/49893
Reviewed by: ?
- - - - -
90bf1799 by Mark Reynolds at 2018-08-09T15:11:33-04:00
Ticket 49029 - improve internal operations logging
Description: This patch uses "local thread storage" to keep track of
the connection and op id numbers for internal operations.
This makes it easier to follow the access logs and know
what connection is actually doing what.
It also maintains its on operation id count for each
internal operation. This adds complexity once internal ops
start nesting (plugins calling plugins). To handle this
two LTS variables were added to keep track of the nested
level or count, and one to know once a series of nested
operations are finally unnested/complete. This is needed
to maintain the correct internal operation id counter correct
and in sequence.
Also organized the local thread storage initialization into
a single function - there was no need to have separate
functions.
Thanks lkrispenz for improving the logging format, and
providing the initial patch this was all based off of.
https://pagure.io/389-ds-base/issue/49029
Reviewed by: tbordaz & lkrispen(Thanks!)
- - - - -
c989e18f by Mark Reynolds at 2018-08-09T15:38:57-04:00
Ticket 49890 : ldapsearch with server side sort crashes the
ldap server
Bug Description:
Server side sort with a specified matching rule trigger a crash
Fix Description:
Check if the we are able to index the provided value.
If we are not then slapd_qsort returns an error (LDAP_OPERATION_ERROR)
https://pagure.io/389-ds-base/issue/49890
Reviewed by: mreynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
b413ba02 by Mark Reynolds at 2018-08-10T09:39:05-04:00
Ticket 49891 - Use "--python3" macro for python scripts
Description: Make sure all python scripts use the macro "__python3"
for its shebang.
https://pagure.io/389-ds-base/issue/49891
Reviewed by: vashirov(Thanks!)
- - - - -
520e2f9c by Mark Reynolds at 2018-08-10T11:21:17-04:00
Ticket 49891 - Use "--python3" macro for python scripts (remove readnsstate)
Description: The spec file can not update readnsstate script, so skip it
from the last commit
- - - - -
bd3daf13 by Mark Reynolds at 2018-08-10T11:22:45-04:00
Bump version to 1.4.0.14
- - - - -
9ac6112b by William Brown at 2018-08-13T09:41:31+10:00
49885 - On some platform fips does not exist
Fix test detection to not fail with exceptions if fips proc files
are not present
https://pagure.io/389-ds-base/issue/49885
Author: William Brown <william at blackhats.net.au>
- - - - -
11d689da by Mark Reynolds at 2018-08-14T09:13:58-04:00
Ticket 48377 - Only ship libjemalloc.so.2
Description: We are only supposed to ship libjemalloc.so.2, and nothing else.
https://pagure.io/389-ds-base/issue/48377
Reviewed by: vashirov(Thanks!)
- - - - -
160e0273 by Amita Sharma at 2018-08-15T18:58:39+05:30
Issue 48061 : CI test - config
Description: Add more test cases to the config suite
https://pagure.io/389-ds-base/issue/48061
Reviewed by: Simon
- - - - -
9f9f4a9d by Mark Reynolds at 2018-08-16T10:18:44-04:00
Ticket 49029 - Internal logging thread data needs to allocate int pointers
Bug Description:
The original version of the fix incorrectly used stack pointers
to update the thread data. These pointers would go out of scope
and could cause a crash when updated.
Fix Description:
Allocate the integer pointers at initalization time for each
worker thread including main() thread. Also cleaned up other
areas of this code/feature.
Passed ASAN tests.
https://pagure.io/389-ds-base/issue/49029
Reviewed by: vashirov & lkrispen(Thanks!!)
- - - - -
94f30daf by Mark Reynolds at 2018-08-16T13:01:46-04:00
Bump version to 1.4.0.15
- - - - -
c393394f by Simon Pichugin at 2018-08-18T10:58:03+02:00
Issue 49858 - Add backup/restore and import/export functionality to WebUI/CLI
Description: dsconf tool now has:
'dsconf localhost backup create' and 'dsconf localhost backup restore';
'dsconf localhost backend import' and 'dsconf localhost backend export'.
Add basic tests for the CLI part
Add JS logic for online backup/restore.
Add more HTML and JS for online import/export functionality.
Fix CSS alignment issues. Fix validity checks in CLI.
https://pagure.io/389-ds-base/issue/49858
Reviewed by: mreynolds, wibrown, mhonek (Thanks!)
- - - - -
d06b5bb2 by William Brown at 2018-08-22T18:51:07+10:00
Ticket 49887: Fix SASL map creation when --disable-perl
When the SASL maps for single backend was made, it was assuming a number
of behaviours such as a single backend was added. This is *not* the
default in lib389, and caused a crashed when a valid ZERO backend
server was created. Additionally, it used a template file that
will not be present in the future.
This Fixes the behaviour to account for 0, 1 and multiple backends
and uses the correct saslmapping objects to create the types needed
for LDAPI
https://pagure.io/389-ds-base/issue/49887
Author: William Brown <william at blackhats.net.au>
- - - - -
17dc2b07 by Timo Aaltonen at 2018-08-23T00:25:18+03:00
Merge branch 'upstream'
- - - - -
31996474 by Timo Aaltonen at 2018-08-23T00:28:20+03:00
update the changelog
- - - - -
8a7a4f0b by Timo Aaltonen at 2018-08-23T00:37:31+03:00
control: Add libcrack2-dev to build-depends.
- - - - -
54b166ba by Timo Aaltonen at 2018-08-23T00:46:55+03:00
releasing package 389-ds-base version 1.4.0.15-1
- - - - -
510dc2e9 by Timo Aaltonen at 2018-08-23T08:52:47+03:00
control: Build cockpit-389-ds only on 64bit and i386.
- - - - -
1378dec0 by Timo Aaltonen at 2018-08-23T08:54:12+03:00
releasing package 389-ds-base version 1.4.0.15-2
- - - - -
104968b6 by Mark Reynolds at 2018-08-24T16:21:32-04:00
Revert "Ticket 49432 - filter optimise crash"
This reverts commit 5c89dd8f9c8eb77c967574412d049d55565bb364.
- - - - -
14a10a34 by Mark Reynolds at 2018-08-24T16:24:21-04:00
Revert "Ticket 49372 - filter optimisation improvements for common queries"
This reverts commit 4cd1a24b3ce88968ff5f9a2b87efdc84dee176da.
- - - - -
de78c494 by Mark Reynolds at 2018-08-24T16:34:25-04:00
Bump version to 1.4.0.16
- - - - -
09ad0d01 by Mark Reynolds at 2018-08-27T15:48:23-04:00
Ticket 49877 - Add log level functionality to UI
Description: Add logic to get and save the access & errors log levels
in the UI tables
https://pagure.io/389-ds-base/issue/49877
Reviewed by: ?
- - - - -
d6616221 by Simon Pichugin at 2018-08-28T15:19:38+02:00
Issue 49866 - Refactor PwPolicy lib389/CLI module
Description: Refactor Password Policy module and its CLI part.
Add PwPolicyManager object and PwPolicyEntry(DSLdapObject).
Validate LDIF and Backup dir paths. Don't accept a forward slash
because it can lead to a security flow.
Add an additional assertion to Backup/Restore CLI test suite.
https://pagure.io/389-ds-base/issue/49866
Reviewed by: mreynolds (Thanks!)
- - - - -
2dc26d9b by Amita Sharma at 2018-08-29T21:13:54+05:30
Issue 48053 - Add attribute encryption test cases
Description: Added test cases for attribute encryption
https://pagure.io/389-ds-base/issue/48053
Reviewed by: Simon and Viktor
- - - - -
78fc627a by Mark Reynolds at 2018-08-30T14:28:10-04:00
Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly
Bug Description: We clone a pblock in a psearch search, and under certain
error conditions this pblock is freed, but it frees the
password policy struct which can lead to a double free
when the original pblock is destroyed.
Fix Description: During the cloning, set the pwppolicy struct to NULL
so the clone allocates its own policy if needed
https://pagure.io/389-ds-base/issue/49932
Reviewed by: ?
- - - - -
8857b150 by Akshay Adhikari at 2018-09-04T09:45:06+05:30
Issue 49930 - Correction of the existing fixture function names to remove test_ prefix
Description: Fixed fixture names and also python3 issue.
https://pagure.io/389-ds-base/issue/49930
Reviewed by: amsharma & spichugi (Thanks!)
- - - - -
ccd245ad by Timo Aaltonen at 2018-09-04T14:52:57+03:00
control: 389-ds-base-dev provides libsvrcore-dev. (Closes: #907140)
- - - - -
c64f7fb1 by Mark Reynolds at 2018-09-04T09:33:18-04:00
Ticket 49866 - fix typo in cos template in pwpolicy subtree create
Description: Typo in the pwdpolicy subentry attribute name
https://pagure.io/389-ds-base/issue/49866
Reviewed by: mreynodls(one line commit rule)
- - - - -
70a8b5cd by Timo Aaltonen at 2018-09-04T21:22:50+03:00
perl-use-move-instead-of-rename.diff: Fix upgrade on systems where /var is on a separate partition: (Closes: #905184)
- - - - -
8ff8cb85 by Mark Reynolds at 2018-09-05T14:10:42-04:00
Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe
Bug Description: Multiple operations making modificatiosn on a DN
that is very large can crash the server, because
when we do emergency logging, we close and reopen
the errors log withgout hold the error log write
lock. This causes the FD pointer to be become
invalid and triggers a crash.
Fix description: Hold the errors log write lock while closing and
reopening the log
https://pagure.io/389-ds-base/issue/49937
Reviewed by: vashirov(Thanks!)
- - - - -
e59b309c by William Brown at 2018-09-12T20:36:02+10:00
Ticket 49887: Clean thread local usage
Clean the thread local usage of the logging system to be more inline with
pthread's intent, remove bad practices of case/switch get setters, and change
the types to be more effecient struct types. Generally make it better
https://pagure.io/389-ds-base/issue/49941
Author: William Brown <william at blackhats.net.au>
- - - - -
c96c3966 by Timo Aaltonen at 2018-09-12T20:17:40+03:00
Merge branch 'upstream'
- - - - -
7f9f6fe9 by Timo Aaltonen at 2018-09-12T20:21:30+03:00
bump the version
- - - - -
4881826e by Mark Reynolds at 2018-09-14T10:18:52-04:00
Ticket 49926 - Add replication functionality to dsconf
Description: Add replication functionality to the dsconf. This includes
repl config, agmts, winsync agmts, and cleanallruv/abort cleanallruv
Adjusted the backend options to use hyphens for consistency
https://pagure.io/389-ds-base/issue/49926
Reviewed by: spichugi & firstyear(Thanks!!)
- - - - -
fc2008c4 by Viktor Ashirov at 2018-09-17T14:01:35+02:00
Ticket 49926 - Fix replication tests on 1.3.x
Description:
nsAccount is not supported by 1.3.x branch.
Fix description:
Remove nsAccount objectClass from Replication Manager
if DS is older than 1.4.x.
https://pagure.io/389-ds-base/issue/49926
Reviewed by: mreynolds, firstyear (Thanks!)
- - - - -
219fd4b1 by Simon Pichugin at 2018-09-18T09:50:16+02:00
Issue 49928 - Refactor and improve schema CLI/lib389 part to DSLdapObject
Description: First commit that refactors Schema object and
removes SchemaLegacy usage from CLI.
Add full CLI Schema functionality to lib389.
It includes: list, query, add, edit, remove operations.
https://pagure.io/389-ds-base/issue/49928
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
b4164ccf by Thierry Bordaz at 2018-09-18T14:33:20+02:00
Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than uint32_t
Bug Description:
The page size is retrieved from uint32_t dblayer_page_size.
Later it is stored in a size_t variable with a cast.
Depending on little/big endian the page size can be stored in the upper/lower bits of the 64bits variable.
Later the variable is used to set the page size of a database file using the lower bits (uint32_t) that are zeroed.
Fix Description:
The BDB callback to set the pagesize, expects a a uint32_t.
Make sure the field containing it is uint32_t (instead of size_t) as the page
size is retrieved as a uint32_t as well (dblayer_page_size/BACK_INFO_INDEXPAGESIZE)
https://pagure.io/389-ds-base/issue/49954
Reviewed by: Ludwig Krispen
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
efa39cbc by Simon Pichugin at 2018-09-21T16:26:38+02:00
Issue 49928 - WebUI schema functionality and improve CLI part
Description: Add schema functionality for add/edit/remove for
for attributes and objectClasses. Add get_attr_syntaxes funciton.
Fix small CLI schema issues and lib389 API part.
Set LogCapture level on the init.
Add copyright for cli/conf_backup_test.py.
https://pagure.io/389-ds-base/issue/49928
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
ff3da975 by Thierry Bordaz at 2018-09-25T09:47:23+02:00
Ticket 49958: extended search fail to match entries
Bug Description:
During an extended search, a structure is created for each filter component.
The structure contains the keys generated from the assertion and using the given
matching rule indexer.
Later the keys will be compared (with the MR) with keys generated from the
attribute values of the candidate entries.
The bug is that parsing the assertion, instead of removing the heading spaces
the routine clear the assertion that is empty. So the generated keys is NULL.
Fix Description:
The fix consists to only remove heading spaces
https://pagure.io/389-ds-base/issue/49958
Reviewed by: Mark Reynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
4f118f42 by Matúš Honěk at 2018-09-25T16:01:04+02:00
Issue 49947 - Coverity: 389-ds-base-1.4.0.16.20180905git8ff8cb8
Bugs and fixes description:
- 15607:
- in lib389/suffix.py: Structurally dead code
- 15604:
- in bug_harness.py: Null dereference
+ solved by removing the file as it is unused and outdated
- additionally, remove the static_var decorator definition as it
is not used anyway any more
- 15754:
- in pwdPolicy_syntax_test.py: fix typo in identifier
+ Fix log msg in file pw.c
- 17046, 17061, 17063, 17069, 17084:
- in backend_test and backendLegacy_test: fix use before NULL check
- 17473:
- in lib389/__init__.py: Identical code in different branches
+ removed the wrapper altogether as we don't support Python2 any more
- replace SafeConfigParser with ConfigParser for it has been just an
alias since Python 3.2 and will be removed in the future
https://pagure.io/389-ds-base/issue/49947
Author: mhonek
Review by: spichugi, firstyear (Thanks!)
- - - - -
c73cd26d by Viktor Ashirov at 2018-09-26T14:28:10+02:00
Issue 49963 - ASan build fails on F28
Bug Description:
When building with gcc, we need to link wit libasan.
Fix Description:
Add -lasan to compiler flags.
https://pagure.io/389-ds-base/issue/49963
Reviewed by: tbordaz (Thanks!)
- - - - -
0f6d9681 by Timo Aaltonen at 2018-09-27T22:39:43+03:00
releasing package 389-ds-base version 1.4.0.16-1
- - - - -
bdb86769 by Thierry Bordaz at 2018-10-04T11:44:04+02:00
Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and replication cannot finish
Bug Description:
During a total initialization the supplier builds a candidate list of the entries to send.
Because of https://fedorahosted.org/389/ticket/48755, the candidate list relies on parentid attribute.
All entries, except tombstones and suffix itself, have parentid.
There is an assumption that the first found key (i.e. '=1') contains the suffix children.
So when it finally finds the suffix key it adds its children to a leftover list rather to the candidate list.
Later idl_new_range_fetch loops for ever trying to add suffix children from leftover to candidate list.
Fix Description:
The fix consist to store the suffix_id (if it does not exist already) in the parentid index (with the key '=0').
Then get it to detect the suffix key from the index in idl_new_range_fetch.
https://pagure.io/389-ds-base/issue/49915
Reviewed by: Ludwig Krispenz, William Brown (thanks !)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
e2810e78 by Matúš Honěk at 2018-10-05T10:46:36+02:00
Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough
Bug Description:
Test suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic
does not reach constraints extensively. The asserts are too
benevolent.
The commit 6ef4eb5 changed 'normal user' ACIs, however these changes
introduced new attr 'modifiersName' which was supposed to be missing
when searching.
In the first case, assert checks only for 'objectClass' and
pseudo-randomly one more attr to be present which is not sufficient.
In the second case, recently changed assert introduced weaker check
than the one present before.
Fix Description:
Bring back previous ACI to explicitly test the difference when binding
as normal user and the DM.
In case of add_attr == '*', test for all expected_attrs to be in
found_attrs. In the other case bring back the strict comparison as
there used to be before.
https://pagure.io/389-ds-base/issue/49943
Author: mhonek
Review by: firstyear, spichugi (Thanks!)
- - - - -
be947047 by Timo Aaltonen at 2018-10-09T10:42:06+03:00
control: Build on any arch again.
- - - - -
a49bd03d by Mark Reynolds at 2018-10-09T14:42:46-04:00
Ticket 49969 - DOS caused by malformed search operation (security fix)
Bug Description: There are two issues here. The one in we don't cloase a
connection when an invalid unbind occurs. The other is a
search request passing 8MB of NULL bytes as search attributes
will keep one thread busy for a long time. The reason is
that the attr array is copied/normalized to the searchattrs in
the search operation and does this using charray_add() which
iterates thru the array to determine the size of the array and
then allocate one element more. So this means we iterate 8
million times an array with a then average size of 4 million
elements.
Fix Description: We already have traversed the array once and know the size,
so we can allocate the needed size once and only copy the element.
In addition we check for the kind of degenerated attributes ""
as used in this test scenario. So the fix will reject invalid
attr lists and improve performance for valid ones
Author: Ludwig Krispens <lkrispen at redhat.com>
https://pagure.io/389-ds-base/issue/49969
Reviewed by: tbordaz & mreynolds (Thanks!)
- - - - -
068a00fb by Mark Reynolds at 2018-10-09T14:54:53-04:00
Bump version to 1.4.0.17
- - - - -
23735a5e by Timo Aaltonen at 2018-10-09T21:55:26+03:00
perl-use-move-instead-of-rename.diff: Use copy instead of move, except when restoring files in case of an error.
- - - - -
1fc5aec4 by Timo Aaltonen at 2018-10-10T10:47:30+03:00
Merge branch 'upstream'
- - - - -
ab466137 by Timo Aaltonen at 2018-10-10T10:50:10+03:00
bump version
- - - - -
a6369790 by Mark Reynolds at 2018-10-10T09:27:36-04:00
Ticket 49969 - DOS caused by malformed search operation (part 2)
Description: Fix regression that casued a crash
https://pagure.io/389-ds-base/issue/49969
- - - - -
614837ac by German Parente at 2018-10-10T17:29:50+02:00
Ticket #49946 upgrade of 389-ds-base could remove replication agreements.
Bug Description:
when a replication agreement starts with "cn=->...", the upgrade is removing
the entry.
Fix Description:
a check is missing when re-building dse.ldif in "setup-ds.pl -u" that provoked this entry not to be re-added to the file.
https://pagure.io/389-ds-base/issue/49946
Author: German Parente <gparente at redhat.com>
Review by: ???
- - - - -
80d0d712 by Thierry Bordaz at 2018-10-10T17:39:04+02:00
Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from filter_candidates_ext
Bug Description:
When a filter component is indexed but returns an empty IDL
an alarming message is logged although it is normal.
Fix Description:
Remove the alarming message
https://pagure.io/389-ds-base/issue/49968
Reviewed by: Mark Reynolds
Platforms tested: F27 + testcase
Flag Day: no
Doc impact: no
- - - - -
d2aa131f by Mark Reynolds at 2018-10-10T12:32:17-04:00
Bump version to 1.4.0.18
- - - - -
c4a7fd96 by Timo Aaltonen at 2018-10-10T23:20:25+03:00
Merge branch 'upstream'
- - - - -
2e862603 by Timo Aaltonen at 2018-10-10T23:20:44+03:00
bump the version
- - - - -
4f3b98ab by Timo Aaltonen at 2018-10-11T00:25:23+03:00
Move the new utils (dsconf, dscreate, dsctl, dsidm) to python3- lib389.
- - - - -
30fe2aed by Timo Aaltonen at 2018-10-11T00:28:20+03:00
control: Add python3-argcomplete to python3-lib389 depends. (Closes: #910761)
- - - - -
4b3d5b5f by Timo Aaltonen at 2018-10-11T00:56:11+03:00
releasing package 389-ds-base version 1.4.0.18-1
- - - - -
ac06ab67 by Timo Aaltonen at 2018-10-11T19:07:32+03:00
control: Make C/R backports-compatible. (Closes: #910796)
- - - - -
cf68341c by Mark Reynolds at 2018-10-15T11:41:04-04:00
Ticket 49926 - Add replication functionality to UI
Description:
Add replication functionality to UI.
Cleaned up various UI interactions and page loading
Added console logging for all CLI commands
https://pagure.io/389-ds-base/issue/49926
Reviewed by: ?
- - - - -
ab44af3f by Mark Reynolds at 2018-10-15T12:02:58-04:00
Ticket 49926 - UI - comment out dev cli patchs
- - - - -
21af54bb by Simon Pichugin at 2018-10-15T20:00:14+02:00
Issue 49928 - Fix various small WebUI schema issues
Description: Make standard schema attributes and objectclasses non-editable.
Attributes table should contain a string representation of
the syntax attributes, and if you point a cursor on them you can see an ID.
MAY and MUST attributes list shouldn't contain empty lines.
Make WebUI form and CLI functionality consistent.
Fix formatting and forloop lint issues.
https://pagure.io/389-ds-base/issue/49928
Reviewed by: mreynolds, wibrown, mhonek (Thanks!)
- - - - -
2ce769e4 by Mark Reynolds at 2018-10-15T15:07:21-04:00
Ticket 49979 - Remove dirsrv tests subpackage
Description: Removed subpackage and cleaned up some compiler warnings
related to ticket 49915
https://pagure.io/389-ds-base/issue/49979
Reviewed by: mreynolds
- - - - -
a8c37ead by Mark Reynolds at 2018-10-15T20:17:31-04:00
Ticket 49979 - Fix regression in last commit
Description: Fix single_space char pointer to actually point to a space
https://pagure.io/389-ds-base/issue/49979
- - - - -
634df9e4 by Amita Sharma at 2018-10-18T13:20:55+05:30
Issue 49929 - Modifications required for the Test Case Management System
Description: We need to have the requirement token specified in the init.py file
of each test suit in order to get the test cases mapped to these
requirements in our test system.
https://pagure.io/389-ds-base/issue/49929
Reviewed by: Viktor
- - - - -
aaf517cb by Mark Reynolds at 2018-10-18T10:03:13-04:00
Ticket 49978 - Add CLI logging function for UI
Description:
Add a web browser console logging function to enforce
a consistent format and hide password values for CLI
commands.
https://pagure.io/389-ds-base/issue/49978
Reviewed by: ?
- - - - -
e1c693d2 by William Brown at 2018-10-20T09:34:54+10:00
Issue 49939 - Fix ldapi path in lib389
Lib389 uses a .replace rather than a path join, causing dirsrv to be replaced in
the path. This breaks if the prefix is "/opt/dirsrv".
This should use path join instead.
https://pagure.io/389-ds-base/issue/49939
Author: William Brown <william at blackhats.net.au>
- - - - -
364b8548 by William Brown at 2018-10-20T09:34:54+10:00
Ticket 49975 - SUSE rpmlint issues
The package maintainer at SUSE kindly pointed out a number of issues
detected by rpmlint. Of the three issues, this resolves two of them.
The first is calling setgroups with an empty group list before setgid
so that we guarantee we only have the target user group remaining
in our permission set when we drop privileges. The second is to remove
a superfluous shebang line from python
https://pagure.io/389-ds-base/issue/49975
Author: William Brown <william at blackhats.net.au>
- - - - -
219ddd83 by Mark Reynolds at 2018-10-22T15:22:41-04:00
Ticket 49926 - Fix various issues with replication UI
Description:
Fixed some minor issues found in the JS. Also
improved the replication enabling/disabling design/flow.
https://pagure.io/389-ds-base/issue/49926
Reviewed by: ?
- - - - -
f9011903 by Mark Reynolds at 2018-10-23T11:59:18-04:00
Ticket 49856 - Remove backend option from bak2db
Description:
The server has not supported backup/restore of a single backend for a
long time now. All references to it should be remove from the CLI
and man pages.
https://pagure.io/389-ds-base/issue/49856
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
3571bac0 by Mark Reynolds at 2018-10-24T12:51:00-04:00
Ticket 49814 - dscreate should set the port selinux labels
Description:
dscreate was not setting the selinux labels on the ports, so if you specified
a non-standard port the instance would not start. This fix sets/removes
selinux labels during instance creation and removal
Also moved ds_selinux_port_query & ds_selinux_enabled to the legacy tools
package as they are only used by setup-ds.pl
https://pagure.io/389-ds-base/issue/49814
Reviewed by: firstyear & mhonek (Thanks!!)
- - - - -
3cb911d5 by Mark Reynolds at 2018-10-24T13:44:26-04:00
Ticket 49814 - skip standard ports for selinux labelling
Description: Skip labelling ports that use the the standard
port numbers (389, 636).
https://pagure.io/389-ds-base/issue/49814
Reviewed by: mreynolds(one line commit rule)
- - - - -
487ea32c by Mark Reynolds at 2018-10-24T15:10:52-04:00
Ticket 49975 - Add missing include file to main.c
Description: The first commit for this ticket introduced a compiler warning
because it was missing the proper header file.
https://pagure.io/389-ds-base/issue/49975
Reviewed by: mreynolds(one line commit rule)
- - - - -
ab4af68e by Thierry Bordaz at 2018-10-25T11:29:10+02:00
Ticket 49967 - entry cache corruption after failed MODRDN
Bug Description:
During a MODRDN the DN cache is updated to replace
source DN with the target DN (modrdn_rename_entry_update_indexes)
If later a failure occurs (for example if BETXN_POSTOP fails) and
the txn is aborted, the target DN (for the specific entryID) remains
in the DN cache.
If the entry is returned in a search, to build the DN there is
a lookup of the DN cache with the entryID. It retrieves the target DN
rather than the source DN
Fix Description:
In case of failure of the operation, the entry (from the entryID)
need to be cleared from the DN cache
https://pagure.io/389-ds-base/issue/49967
Reviewed by: Mark Reynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
a06c2327 by Thierry Bordaz at 2018-10-26T14:29:37+02:00
Ticket 49985 - memberof may silently fails to update a member
Bug Description:
when adding 'memberof' to a member entry, the update may fail
(invalid schema, db errors...).
The error is reported at upper level. But in case of MODRDN
the error is lost in memberof_moddn_attr_list where returned
code of memberof_modop_one_replace_r is not tested
Fix Description:
Report a failure in memberof_moddn_attr_list as soon as
memberof_modop_one_replace_r fails
https://pagure.io/389-ds-base/issue/49985
Reviewed by: Simon Pichugi, William Brown
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
64ef8081 by German Parente at 2018-10-28T16:31:03+01:00
Ticket 49997 RFE: ds-replcheck could validate suffix exists and it's replicated
Bug Description:
seen at customer site, as first request to ldap database is the RUV, if the suffix provided in the command line does not exist or it's not replicated, we have an error message that it's regarding the RUV:
ds-replcheck -D "cn=directory manager" -w secret12 -b "o=ipaca" -r ldap://ipamaster.germanparente.local:389 -m ldap://ipareplica.germanparente.local
Performing online report...
Connecting to servers...
Gathering Master's RUV...
Error: Failed to get Master RUV entry: {'desc': 'No such object'}
Fix Description:
add function to validate suffix exists and it's replicated
https://pagure.io/389-ds-base/issue/49997
Author: German Parente <gparente at redhat.com>
Review by: ???
- - - - -
a7dfa383 by Mark Reynolds at 2018-10-31T09:55:15-04:00
Ticket 49995 - Fix issues with internal op logging
Bug Description:
-----------------
At server startup the server's internal operatons performed by bootstrapping
occurred before the thread data was initialized. This caused random values in
the logging counters [1].
It was also observed that nested operations(and nested-nested operations, etc)
were not properly logged [2].
Fix Description:
-----------------
[1] Move the thread initialization higher up in main()
[2] Changed the way we log nested internal operations. Instead, we keep the
internal op number the same for nested ops but also now display the nested level.
https://pagure.io/389-ds-base/issue/49995
Reviewed by: lkrispenz, amsharma, firstyear (Thanks!)
- - - - -
51af3e50 by Simon Pichugin at 2018-11-01T17:39:12+01:00
Issue 49999 - Integrate React structure into cockpit-389-ds
Description: Refactor the existing 389-console Cockpit plugin structure
so it uses React, Babel, Eslint.
Add Makefile targets and refactor spec-file accordingly.
Add python3-policycoreutils, npm and nodejs to BuildRequires.
Put blank Plugins page which work in React and uses Cockpit API.
Reviewed by: mreynolds, vashirov, mhonek (Thanks!)
https://pagure.io/389-ds-base/issue/49999
- - - - -
0a255222 by Mark Reynolds at 2018-11-01T13:12:46-04:00
Ticket 49814 - Add specfile requirements for python3-selinux
Description: Need to add missing dependency in specfile for python3-selinux
https://pagure.io/389-ds-base/issue/49814
Reviewed by: mreynolds(one line commit rule)
- - - - -
1cd46b19 by Mark Reynolds at 2018-11-01T16:51:16-04:00
Ticket 49814 - Add specfile requirements for python3-libselinux
Description: Cleanup spec file
https://pagure.io/389-ds-base/issue/49814
Reviewed by: mreynolds(one line commit rule)
- - - - -
534fad1c by Simon Pichugin at 2018-11-02T17:25:17+01:00
Issue 49999 - Add dist-bz2 target for Koji build system
Description: Change Makefile so it is run only when there
is no files cockpit_dist and node_modules.
Add target for creating a tarball for Koji system
https://pagure.io/389-ds-base/issue/49999
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
8566e327 by Mark Reynolds at 2018-11-05T10:43:38-05:00
Remove __python3 from local specfile
Description: Fix regression from previous commit
- - - - -
a784a4ee by Thierry Bordaz at 2018-11-06T10:43:04+01:00
Ticket 49975: followup for broken prefix deployment
Bug Description:
setgroups fails when not called by superuser. In case of prefix deployment
DS is started by regular user
Fix Description:
Only superuser calls setgroups
https://pagure.io/389-ds-base/issue/49975
Reviewed by: Mark Reynolds, Ludwig Krispenz and William Brown
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
5884c479 by German Parente at 2018-11-06T18:47:41+01:00
Ticket 50013 - Log warn instead of ERR when aci target does not exist.
Bug Description:
This is something we have very often in IPA context and customers are very often asking why there are errors in the logs:
[31/Oct/2018:05:52:23.436616394 -0400] - ERR - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=cgparente,dc=local does not exist
[31/Oct/2018:05:52:23.438951763 -0400] - ERR - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=cgparente,dc=local does not exist
Fix Description:
just log WARN instead of ERR
https://pagure.io/389-ds-base/issue/50013
Author: German Parente <gparente at redhat.com>
Review by: ???
- - - - -
ab321cf1 by Mark Reynolds at 2018-11-07T15:07:20-05:00
Ticket 50004 - lib389 - improve X-ORIGIN schema parsing
Bug Description: Schema parsing assumed X-ORIGIN was always in this
format "X-ORIGIN '", but it can also be in other
formats like: "X-ORIGIN (". So when it did not contain
the original format we got list index errors.
Fix Description: Loosen the format to " X-ORIGIN " which all the formats.
Also:
improve from UI schema error messages
updated create_test for python3
https://pagure.io/389-ds-base/issue/50004
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
ce05f246 by Simon Pichugin at 2018-11-08T18:46:03+01:00
Issue 49999 - Finish up the transfer to React
Description: Move plugins.es6 to index.es6 so we can
properly navigate using old nav-bar. New React entry points
should be added to the index.es6.
Add a make target for manual Cockpit UI building:
'make 389-console' and a target to node_modules.mk 'eslint-fix'.
Fix a few CSS issues.
https://pagure.io/389-ds-base/issue/49999
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
5284dcec by Thierry Bordaz at 2018-11-12T14:46:11+01:00
Ticket 50020 - during MODRDN referential integrity can fail erronously while updating large groups
Bug Description:
During a MODRDN of a group member, referential integrity will update the groups containing this member.
Under specific conditions, the MODRDN can fail (err=1).
on MODRDN Referential integrity checks if the original DN of the target MODRDN entry is
member of a given group. If it is then it updates the group.
The returned code of the group update is using the variable 'rc'..
It does a normalized DN comparison to compare original DN with members DN, to determine if
a group needs to be updated.
If the group does not need to be updated, 'rc' is not set.
The bug is that it uses 'rc' to normalize the DN and if the group is not updated
the returned code reflects the normalization returned code rather that the group update.
The bug is hit in specific conditions
One of the evaluated group contains more than 128 members
the last member (last value) of the group is not the moved entry
the last member (last value) of the group is a DN value that contains escaped chars
Fix Description:
Use a local variable to check the result of the DN normalization
https://pagure.io/389-ds-base/issue/50020
Reviewed by: Simon Pichugin, Mark Reynolds (thanks)
Platforms tested: F27
Flag Day: no
- - - - -
a1578a9b by Thierry Bordaz at 2018-11-15T14:45:33+01:00
Ticket 50026 - audit logs does not capture the operation where nsslapd-lookthroughlimit is modified
Bug Description:
During a dse update (config, schema,..) the dse callback will process the mods
but can also modify them (SLAPI_MODIFY_MODS) leaving only ignored attributes.
A consequence is that later audit logging will only log the ignored attributes.
Fix Description:
Save a copy of the orignal mods before the dse callback and restore them
when dse callback completes.
https://pagure.io/389-ds-base/issue/50026
Reviewed by: Ludwig Krispenz
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
7ee2be80 by Mark Reynolds at 2018-11-15T09:23:13-05:00
Bump version to 1.4.0.19
- - - - -
b0921754 by Timo Aaltonen at 2018-11-16T10:02:21+02:00
Merge branch 'upstream'
- - - - -
46b6a6be by Timo Aaltonen at 2018-11-16T10:03:26+02:00
bump the version
- - - - -
519a59d0 by Timo Aaltonen at 2018-11-16T10:56:15+02:00
use-packaged-js.diff: Dropped, packaged versions don't work. (Closes: #913820)
- - - - -
603ac391 by Timo Aaltonen at 2018-11-16T10:58:47+02:00
Follow upstream, and drop python3-dirsrvtests.
- - - - -
9d736d68 by Akshay Adhikari at 2018-11-20T14:24:05+05:30
Issue 48081 - Add new CI tests for password
Description: Added new tests in the password suite,
performing extended password modify operations.
https://pagure.io/389-ds-base/issue/48081
Reviewed by: spichugi(Thanks!)
- - - - -
89886ba4 by Mark Reynolds at 2018-11-23T09:39:41-05:00
Ticket 49994 - Add backend features to CLI
Description: Added backend features (chaining, db, indexes, vlv,
attr encryption, and monitor to the CLI.
Addressed https://pagure.io/389-ds-base/issue/48881
that prevented VLV search/index entries from being updated.
Also updated jstree js file.
https://pagure.io/389-ds-base/issue/49994
Reviewed by: spichugi & firstyear(Thanks!)
- - - - -
683bc575 by Mark Reynolds at 2018-11-23T11:08:12-05:00
Ticket 49994 - comment out dev paths
Description: Accidentally left dev paths for CLI tools in UI uncommented
https://pagure.io/389-ds-base/issue/49994
- - - - -
70bdd335 by Fraser Tweedale at 2018-11-26T12:38:08+10:00
Ticket 49543 - fix certmap dn comparison
Bug Description: Differences in DN string representations between
the value included in certmap.conf, and the stringified value of the
Issuer DN produced by NSS, as well as buggy DN normalisation code in
389 itself, cause 389 to wrongly reject the correct certmap
configuration to use. Authentication fails. This behaviour was
observed when there is an escaped comma in an attribute value.
Fix Description: Instead of comparing stringified DNs, parse the DN
represented in certmap.conf into an NSS CertNAME. Use the NSS DN
comparison routine when comparing certificate Issuer DNs against the
certmap configurations. Remove the buggy DN normalisation routine.
https://pagure.io/389-ds-base/issue/49543
Author: Fraser Tweedale <ftweedal at redhat.com>
Review by: ???
- - - - -
5d611f1c by Mark Reynolds at 2018-11-26T12:28:25-05:00
Ticket 49814 - dscreate should handle selinux ports that are in a range
Description: If the server port is within a selinux policy range do not
try to add or remove the port as it will cause a failure
during removal (even though the removal actually worked)
https://pagure.io/389-ds-base/issue/49814
Reviewed by: spichugi(Thanks!)
- - - - -
6fe61010 by Mark Reynolds at 2018-11-26T12:36:50-05:00
Ticket 49927 - dsctl db2index does not work
Description: When you don't specify any attributes to index, then all attributes
should be reindexed. This is accomplished by using "ns-slapd upgradedb"
but we were not using the correct command line options for this to work.
https://pagure.io/389-ds-base/issue/49927
Reviewed by: spichugi(Thanks!)
- - - - -
4fd73c5d by Mark Reynolds at 2018-11-26T12:46:17-05:00
Ticket 50022, 50012, 49956, and 49800: Various dsctl/dscreate fixes
Description:
Fix 50022 - Confusing command line switches for dscreate and dsctl
Fix 50012 - Add option to dsctl to remove all instances
Fix 49956 - dsctl: add an option to list all available instances
Fix 49800 - Debug messages "OK user/group dirsrv exists" are emitted when lib389 cli tools are used
https://pagure.io/389-ds-base/issue/50022
https://pagure.io/389-ds-base/issue/50012
https://pagure.io/389-ds-base/issue/49956
https://pagure.io/389-ds-base/issue/49800
Reviewed by: spichugi(Thanks!)
- - - - -
a8f62ee1 by Mark Reynolds at 2018-11-27T09:41:25-05:00
Ticket 50046 - Remove irrelevant debug-log messages from CLI tools
Description: Remove the "brought to you by the letter..." messages from the CLI
debug logging.
https://pagure.io/389-ds-base/issue/50046
Reviewed by: spichugi(Thanks!)
- - - - -
d9437be2 by Mark Reynolds at 2018-11-27T09:45:27-05:00
Ticket 49950 - PassSync not setting pwdLastSet attribute in Active Directory after Pw update from LDAP sync for normal user
Bug Description:
If a user's password was reset by an "Admin" or directory manager, the
password policy requires a user must change their password after it's
been "reset", and the user then resets their password in DS, this
information was not sent to AD. Then if the user logged in AD after
resetting their password in DS they still get forced to change their
password again in AD.
Fix Description:
When sending a password update to AD, and AD is enforcing password must
be reset, check if the user's did reset thier password. If so, set the
correct "pwdLastSet" value to prevent AD from forcing that user to
change their password again.
But this only works going from DS to AD. The information needed to make
it work from AD -> DS is not available to passSync, and if it was available
it could not be correctly sent to DS anyway (not without a major redesign).
Side Note:
Also moved iand consolidated the function "fetch_attr" to util.c. It
was reused and redefined in many plugins. So I added the definition
to slapi-plugin.h and removed the duplicate definitions.
https://pagure.io/389-ds-base/issue/49950
Reviewed by: tbordaz(Thanks!)
- - - - -
5acc4e48 by Simon Pichugin at 2018-11-27T21:16:11+01:00
Issue 49984 - Add an empty domain creation to the dscreate
Description: Create an empty domain with basic ACIs
while creating an instance without sample_entries but with a backend.
https://pagure.io/389-ds-base/issue/49984
Reviewed by: mreynolds, vashirov (Thanks!)
- - - - -
a990d044 by Simon Pichugin at 2018-11-27T21:18:14+01:00
Issue 49974 - lib389 - List instances with initconfig_dir instead of sysconf_dir
Description: In lib389/instances/setup.py the _install_ds method of class SetupDs
uses sysconf_dir with hardcoded path sysconfig instead of initconfig_dir.
This breaks the script if initconfig_dir is not equal to /etc/sysconfig,
e.g. /etc/default.
https://pagure.io/389-ds-base/issue/49974
Author: Jan N (janluca)
Reviewed by: vashirov (Thanks!)
- - - - -
5d7b95cc by Thierry Bordaz at 2018-11-28T10:34:14+01:00
Ticket 50053 - Subtree password policy overrides a user-defined password policy
Bug Description:
When an entry contains an attribute that is also defined by a cos definition
a specifier defines which values win: the real values that are in the entry or the
virtual values that are cos defined.
The specifier 'default' means that the real values are the winners (returned).
'operational-default' has the same behavior but just specify that the attribute
is operational.
The bug is that when real values exists, the 'operational-default' specifier
drops the real values in favor of the virtual ones.
Fix Description:
Change the test, so that real values are not kept for 'operation-default'
Note: the full routine cos_cache_query_attr looks quite messy and error prone
It would be nice to rewrite it when we have time
https://pagure.io/389-ds-base/issue/50053
Reviewed by: Mark Reynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
f2ff28e0 by Thierry Bordaz at 2018-11-28T17:50:50+01:00
Ticket 50053 - improve testcase
- - - - -
b646e4da by Stanislav Levin at 2018-11-28T14:21:44-05:00
Pass argument into hashtable_new
@8915d8d87 and @4471b7350 modified "usetxn" parameter in
"hashtable_new" scope (was a global variable before).
But the callers of this function don't pass argument into.
Thus, "usetxn" acts as an uninitialized auto variable.
Fixes: https://pagure.io/389-ds-base/issue/50057
- - - - -
3fe4b5b0 by Mark Reynolds at 2018-11-29T16:16:15-05:00
Ticket 50028 - Revise ds-replcheck usage
Description: Revised the tools usage to be cleaner and more intuitive.
Added a "-y" option to use a password file.
Added a "state" function to just return an RUV comparison
Moved all the process status messages to only be displayed in verbose mode.
https://pagure.io/389-ds-base/issue/50028
Reviewed by: spichugi(Thanks!)
- - - - -
b844aab6 by Simon Pichugin at 2018-11-30T11:02:04+01:00
Issue 50041 - Set the React dataflow foundation and add basic plugin UI
Description: Add basic plugin functionality - Table and Modal.
Add Notificationcontroller component which can be used by other
components in the future.
Add cockpit component for onoff switch.
Add custoTableToolbar component with search field and loading spinner.
Add edit option to Plugin CLI.
Fix ds.css according to eslint.
Remove custom OnOffSwitch component because Patternfly seems to work okay..
Move the start/stop/restart and change server-select event listners
to the "document is ready" part. React requires the change.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
bae33f97 by Mark Reynolds at 2018-11-30T10:52:56-05:00
Ticket 50062 - Replace error by warning in the state machine defined in repl5_inc_run
Description: Replace error log severity message from ERR to WARNING
https://pagure.io/389-ds-base/issue/50062
Reviewed by: mreynolds(one line commit rule)
- - - - -
267b521c by Timo Aaltonen at 2018-12-03T15:56:32+02:00
cockpit-389-ds.install: Updated.
- - - - -
e84a292d by Timo Aaltonen at 2018-12-03T15:56:56+02:00
releasing package 389-ds-base version 1.4.0.19-1
- - - - -
d36f796a by Mark Reynolds at 2018-12-03T10:47:23-05:00
Ticket 50063 - Crash after attempting to restore a single backend
Description: While we do not support backup/restore of individual backends,
it should not crash the server either. PR_OpenDir will crash
if the file name is NULL, so this fix just prevents the crash
by returning an error if the filename is NULL.
https://pagure.io/389-ds-base/issue/50063
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
55ec4ef3 by Simon Pichugin at 2018-12-03T17:49:35+01:00
Issue 50061 - Improve schema loading in UI
Description: Get all the schema in one search, then the UI loads it
once, and parse out attrs, oc's, and mr's.
Add 'dsconf schema list' command for that.
Reset x-origin field in 'clear_form()' funcitons.
Set 'View' header for the view modal form.
https://pagure.io/389-ds-base/issue/50061
Reviewed by: mreynolds (Thanks!)
- - - - -
5eab3b57 by Mark Reynolds at 2018-12-03T19:49:39-05:00
Ticket 50065 - lib389 aci parsing is too strict
Bug Description: ACI parsing is very strict around parsing "version 3.0;".
If there are any spaces around the semicolon parsing fails.
Fix Description: Add a normalization function that removes duplicate
consecutive spaces, and handles spaces around the version
string.
https://pagure.io/389-ds-base/issue/50065
Reviewed by: spichugi(Thanks!)
- - - - -
55360ef9 by Timo Aaltonen at 2018-12-04T11:39:30+02:00
rules: Add -latomic to LDFLAGS on archs failing to build. (Closes: #910982)
- - - - -
1698dd8e by Simon Pichugin at 2018-12-05T16:39:58+01:00
Issue 50071 - Set ports in local_simple_allocate function
Description: remove_ds_instance function require DirSrv
object having port and sslport defined for semanage remove
label operation. We should set it in local_simple_allocate too.
Fix DSEldif.get function so it returns a list instead of a view
(Python 3 change).
https://pagure.io/389-ds-base/issue/50071
Reviewed by: mhonek, tbordaz, cheimes (Thanks!)
- - - - -
bb335e01 by Mark Reynolds at 2018-12-05T12:42:38-05:00
Ticket 49864 - Revised replication status messages for transient errors
Description: Transient errors are temporary conditions that usually resolve
themselves. But the message are vague and alarming. This
patch changes it to a "warning" message.
https://pagure.io/389-ds-base/issue/49864
Reviewed by: spichugi & firstyear(Thanks!)
- - - - -
db487bf9 by Timo Aaltonen at 2018-12-06T01:06:44+02:00
releasing package 389-ds-base version 1.4.0.19-2
- - - - -
5ed5f873 by Mark Reynolds at 2018-12-10T12:26:25-05:00
Ticket 50056 - Fix CLI/UI bugs
Description: Fix several issues discovered during QE testing
https://bugzilla.redhat.com/show_bug.cgi?id=1654101 - dscreate issues
https://bugzilla.redhat.com/show_bug.cgi?id=1654585 - dsidm sys ext error
https://bugzilla.redhat.com/show_bug.cgi?id=1654105 - dsconf related issues
https://bugzilla.redhat.com/show_bug.cgi?id=1654116 - dsctl remove "confirm with "Yes"
https://bugzilla.redhat.com/show_bug.cgi?id=1654134 - backups fixed
https://bugzilla.redhat.com/show_bug.cgi?id=1654451 - dscreate permissions and selinux issues
https://bugzilla.redhat.com/show_bug.cgi?id=1654566 - dbtasks no attr _instance
https://bugzilla.redhat.com/show_bug.cgi?id=1631461 - selinux reserved ports
https://bugzilla.redhat.com/show_bug.cgi?id=1654518 - issues with selinux ports
https://bugzilla.redhat.com/show_bug.cgi?id=1654581 - dsidm sys ext error
https://bugzilla.redhat.com/show_bug.cgi?id=1654577 - check if backup already exists
https://bugzilla.redhat.com/show_bug.cgi?id=1654693 - add password option for dsconf tools
https://pagure.io/389-ds-base/issue/50056 - dscreate defaults for instance name
https://pagure.io/389-ds-base/issue/50056
Reviewed by: spichugi(Thanks!)
- - - - -
967d0aa2 by Thierry Bordaz at 2018-12-14T17:54:10+01:00
Ticket 50091 - shadowWarning is not generated if passwordWarning is lower than 86400 seconds (1 day)
Bug Description:
For a shadowAccount, if a password policy defines passwordWarning below 1 days (86400 seconds)
then the shadowWarning (in day) is not returned from the entry. In such case its value is '0'.
Fix Description:
The fix is to accept shadowWarning = 0 as valid value and return it
https://pagure.io/389-ds-base/issue/50091
Reviewed by: Mark Reynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
91307878 by Mark Reynolds at 2018-12-14T13:14:05-05:00
Ticket 50090 - refactor fetch_attr() to slapi_fetch_attr()
Description: fetch_attr was recetnly moved toeh public api. This
naming context is conflicting with other applications.
Appropriately changing the name to start with "slapi_"
https://pagure.io/389-ds-base/issue/50090
Reviewed by: mreynolds(one line commit rule)
- - - - -
8a08fb65 by Mark Reynolds at 2018-12-14T13:27:42-05:00
Ticket 49994 - Add test for backend/suffix CLI functions
Description: Add tests for the backend CLI functions.
Also fixed a few minor bugs found from this testing in lib389
and in core DS(chaining).
https://pagure.io/389-ds-base/issue/49994
Reviewed by: spichugi(Thanks!)
- - - - -
b43380f7 by Mark Reynolds at 2018-12-14T13:33:58-05:00
Bump version to 1.4.0.20
- - - - -
174c4683 by Mark Reynolds at 2018-12-14T16:21:41-05:00
Ticket 50095 - cleanup deprecated key.h includes
Description: key.h has been deprecated in favor of keyhi.h
https://pagure.io/389-ds-base/issue/50095
Reviewed by: mreynolds(one line commit rule)
- - - - -
07b367ea by Akshay Adhikari at 2018-12-17T13:15:12+05:30
Issue 49588 - Add py3 support for tickets : part-5
Description: Added py3 support by explicitly changing strings to bytes.
Fixed old legacy objects.
https://pagure.io/389-ds-base/issue/49588
Reviewed by: mreynolds (Thanks!)
- - - - -
8d51c979 by Ludwig Krispenz at 2018-12-18T13:43:55+01:00
Ticket 49574 - remove index subsystem
There is code for an indexing subsystem, which looks like it was intended
to provide special indexes for specific search filters (not vlv).
But it is not used and not documented and unclear if it ever worked or will
work. It only contains calls in search processing to check if something is defined
and so only provides a bit of overhead in searches.
We can remove this dead code. We can also remove the broker api for idl_xxx since it is not used
anywhere else.
- - - - -
4b53c312 by Anuj Borah at 2018-12-18T19:57:37+05:30
Issue: 50082 - Port state test suite
Description: Port state test suite
issue: https://pagure.io/389-ds-base/issue/50082
Reviewed by: Mark Reynolds
- - - - -
00c3b7a9 by Simon Pichugin at 2018-12-18T20:15:43+01:00
Issue 50041 - Add basic plugin UI/CLI wrappers
Description: Add plugin UI tabs with basic data editing,
enable/disable and dynamic plugin switch.
Fix loading. Fix small CSS issues.
React. Add customCollapse element. Make customToolbar customizable.
Rework data flow in the component.
CLI. Put all the plugins to 'plugin' parser. Add wrappers for
all main plugins. Clean up plugin args (remove get_dn, generic enable and disable)
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
76847e82 by Thierry Bordaz at 2018-12-19T10:58:44+01:00
Ticket 50099 - In FIPS mode, the server can select an unsupported password storage scheme
Bug Description:
When running in FIPS mode, DS selects SSHA512 as password storage schema else it selects PBKDF2_SHA256.
The problem is that in FIPS mode it selects PBKDF2_SHA256 that is currently not supported by NSS.
So DS fails to hash password
The scheme selection is done in the early phase of DS startup (slapd_bootstrap_config).
To determine it is in FIPS mode, DS calls PK11_IsFIPS that requires that NSS has been initialized.
The problem is that during slapd_bootstrap_config, NSS is not yet initialized and PK11_IsFIPS returns
PR_FALSE even in FIPS mode
Fix Description:
The fix consists to check if NSS is initialized. If it is initialize, then rely on PK11_IsFIPS.
If it is not initialized then retrieve the FIPS mode from the system, assuming that if system
is in FIPS mode, then NSS will be in FIPS mode as well
https://pagure.io/389-ds-base/issue/50099
Reviewed by: Mark Reynolds (thanks Mark !)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
ecdf6d8d by Thierry Bordaz at 2018-12-19T14:34:55+01:00
Ticket 50099 - extend error messages
- - - - -
14890380 by Anuj Borah at 2018-12-21T11:20:33+05:30
Issue: 48064
Bug Description: CI test - disk_monitoring
Fix Description: Scripts are ported
https://pagure.io/389-ds-base/issue/48064
Reviewed by: Simon Pichugin
- - - - -
ad1b78ea by Mark Reynolds at 2018-12-21T10:08:02-05:00
Ticket 50056 - Fix UI bugs (part 2)
Description: Fix issues with deleting SASL mappings, loading the
replicated suffix dropdown select lists, improve root
dn password change validation, improved docs in dscreate
template for suffixes, hide password values in console
logging, remove ssca directory whenremoivnign the last
instance, and issues with audit fail logging in UI.
https://pagure.io/389-ds-base/issue/50056
Reviewed by: vashirov(Thanks!)
- - - - -
1737ddce by Jelmer Vernooij at 2018-12-31T11:29:11+00:00
Use secure copyright file specification URI.
Fixes lintian: insecure-copyright-format-uri
See https://lintian.debian.org/tags/insecure-copyright-format-uri.html for more details.
- - - - -
e480b134 by Jelmer Vernooij at 2018-12-31T11:29:13+00:00
Trim trailing whitespace.
Fixes lintian: file-contains-trailing-whitespace
See https://lintian.debian.org/tags/file-contains-trailing-whitespace.html for more details.
- - - - -
0de39362 by Jelmer Vernooij at 2018-12-31T11:29:18+00:00
Use secure URI in Vcs control header.
Fixes lintian: vcs-field-uses-insecure-uri
See https://lintian.debian.org/tags/vcs-field-uses-insecure-uri.html for more details.
- - - - -
ba5833bb by Hugh McMaster at 2018-12-31T23:46:02+11:00
Use pkg-config to detect icu
Closes: #916115
- - - - -
303fd07a by Hugh McMaster at 2019-01-01T15:48:08+11:00
debian/control: Declare 389-ds-base-libs and 389-ds-base-dev Multi-Arch: same
- - - - -
9b178916 by Hugh McMaster at 2019-01-01T22:26:30+11:00
debian/control: Convert cockpit-389-ds to Architecture: all
- - - - -
63ff21ef by Hugh McMaster at 2019-01-01T22:26:36+11:00
debian/control: Declare cockpit-389-ds Multi-Arch: foreign
- - - - -
d3076d04 by Timo Aaltonen at 2019-01-02T12:41:45+02:00
update the changelog
- - - - -
060487c3 by Timo Aaltonen at 2019-01-02T12:51:03+02:00
releasing package 389-ds-base version 1.4.0.19-3
- - - - -
4bb89f16 by Anuj Borah at 2019-01-03T09:12:42+05:30
Issue: 49761
Bug Description:Fix CI test suite issues
Fix Description: Ported test scrips
https://pagure.io/389-ds-base/issue/49761
Reviewed by: Mark Reynolds and spichugi
- - - - -
01df5d52 by Simon Pichugin at 2019-01-03T17:05:06+01:00
Issue 49938 - lib389 - Clean up CLI logging
Description: We set DEBUG log level if self.verbose is true.
So we should properly log the information through self.log.debug
when it is necessary.
https://pagure.io/389-ds-base/issue/49938
Reviewed by: mreynolds (Thanks!)
- - - - -
a3d35b9d by Viktor Ashirov at 2019-01-04T11:48:28+01:00
Issue 48064 - Fix various issues in disk monitoring test suite
Bug Description:
1. Some tests were hanging after disk monitoring test suite was executed,
because we didn't do a proper cleanup: log directories were still
mounted after test has ended.
2. Deprecation warnings from re module.
Fix Description:
1. Change scope of the fixture to 'module' instead of 'function'.
Split setup fixture to have a separate fixture for log reset for each
test.
2. Use raw strings for re functions' parameters.
https://pagure.io/389-ds-base/issue/48064
Reviewed by: mreynolds and spichugi (Thanks!)
- - - - -
3a1628f6 by Mark Reynolds at 2019-01-04T11:42:52-05:00
Ticket 49999 - rpm.mk dist-bz2 should clean cockpit_dist first
Description: make -f rpm.mk dist-bz2 should always generate this directory
from scratch:
src/cockpit/389-console/cockpit_dist
https://pagure.io/389-ds-base/issue/49999
Reviewed by: spichugi & mreynolds
- - - - -
ff00b074 by Thierry Bordaz at 2019-01-07T09:40:04+01:00
Ticket 50117 - after certain failed import operation, impossible to replay an import operation
Bug Description:
At the beginning of an import, a flag is set to mark the target backend is busy.
Then import tests if there are pending operations. If such operations exist the import can not proceed and fails.
The problem is that in such case of pending operations, the import fails without resetting the busy flag.
It let the backend busy (until next reboot) and prevent new import.
Fix Description:
It needs to reset the busy flag if there are pending operations
https://pagure.io/389-ds-base/issue/50117
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
f574332f by Barbora Smejkalová at 2019-01-07T12:09:32+01:00
Issue 49618 - Set nsslapd-cachememsize to custom value
Description:
Added function for getting available memory.
Added test case to set nsslapd-cachememsize to custom value above 3805132804 bytes. Test is skipped if available memory is lower than we want to set.
https://pagure.io/389-ds-base/issue/49618
Reviewed by: vashirov, spichugi (Thanks!)
- - - - -
410d3bb9 by William Brown at 2019-01-08T13:55:55+10:00
Ticket 50128 - NS Stress fails without ipv6
Bug Description: Docker for osx doesn't support ipv6, which
means that in ipv4 only environments this test fails.
We aren't trying to test ipv4/ipv6 here, only that NS handles
load, so swapping to ipv4 is not a change to the test
Fix Description: Change the PR_AF_INET6 to PR_AF_INET
https://pagure.io/389-ds-base/issue/50128
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
f03ea8ec by Barbora Smejkalová at 2019-01-08T14:53:26+01:00
Issue 50091 - shadowWarning is not generated if passwordWarning is lower than 86400 seconds (1 day).
Description:
Added test case to check if shadowWarning attribute is generated when passwordWarning is set to lower value than 84600 seconds.
https://pagure.io/389-ds-base/issue/50091
Reviewed by: vashirov, amsharma, spichugi, firstyear (Thank you!)
- - - - -
d97514a9 by Anuj Borah at 2019-01-08T19:26:30+05:30
Issue: 50101 - Port fourwaymmr Test TET suit to python3
Port fourwaymmr Test TET suit to python3
https://pagure.io/389-ds-base/issue/50101
Reviewed by: Simon Pichugin
- - - - -
a9ed1e6a by William Brown at 2019-01-09T08:39:45+10:00
Issue 50122 - Selinux test for presence
Description: Selinux is not present on all systems. Trying to
import python-selinux when it's not available fails, but we
can not guarantee that the with_selinux flag to defaults is
correct because some systems build with selinux but may not
have it enabled. We should check if we can access the tools
instead, and skip them (with warnings) if we can't make changes
https://pagure.io/389-ds-base/issue/50122
Reviewed by: mreynolds
- - - - -
07b5532e by Matúš Honěk at 2019-01-09T09:30:42+01:00
Ticket 50134 - fixup-memberof.pl does not respect protocol requested
Bug Description:
fixup-memberof.pl tries with StartTLS even though LDAP was specified.
Fix Description:
Fix protocol assignment to $info, probably missed during a previous code porting.
https://pagure.io/389-ds-base/issue/50134
Author: mhonek
Review by: mreynolds, firstyear (thanks!)
- - - - -
c1cc0acd by Marc Muehlfeld at 2019-01-09T14:56:33+01:00
Issue 50130 - Building RPMs on RHEL8 fails
Description: Due to an incorrect path in a "mv" command in
389-ds-base.spec.in, building RPMs on RHEL8 failed
https://pagure.io/389-ds-base/issue/50130
Reviewed by: vashirov & wibrown
- - - - -
50e290dc by William Brown at 2019-01-10T09:13:23+10:00
Ticket 50126 - Incorrect usage of sudo in test
Bug Description:
Sudo is assumed to be present and working in passwordless
mode with basictest.
Fix Description:
We can not make this assumption, that sudo is installed (docker)
or in passwordless mode. As a result for this test to work, we should
run the suite as "sudo py.test" or "dirsrv". Potentially we may need
to update defaults.inf for people who want to run the tests as
their own user ID.
https://pagure.io/389-ds-base/issue/50126
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
83223d5f by Ludwig Krispenz at 2019-01-10T11:39:59+01:00
Ticket 50078 - cannot add cenotaph in read only consumer
Bug: For modrdn operations a cenotaph entry is created to be used in later conflict
resolution procedures, this is done by an internal add operation and
fails on hubs and consumers
Fix: Add the "bypass referral" flag to the internal add operation to allow it
Reviewed by: Thierry, thanks
- - - - -
a4632aa6 by Mark Reynolds at 2019-01-10T12:49:10-05:00
Ticket 50056 - dsctl db2ldif throws an exception
Description: dsctl db2ldif throws an exception because of a typo in
a parameter name.
https://pagure.io/389-ds-base/issue/50056
Reviewed by: mreynolds(one line commit rule)
- - - - -
e31057e2 by Simon Pichugin at 2019-01-11T00:39:37+01:00
Issue 50145 - Add a verbose option to the backup tools
Bug description: RHDS 9 does not require a -q option to not log debugging messages.
-q also suppresses the output that had been included before when doing an import.
Fix description:
Make -q option less verbose by removing error log messages
and add -V option which enables Verbose DEBUG output.
https://pagure.io/389-ds-base/issue/50145
Reviewed by: mreynolds (Thanks!)
- - - - -
4b8b470f by William Brown at 2019-01-11T10:42:34+10:00
Ticket 50122 - Fix incorrect path spec
Bug Description: Due to human error, I missed a path spec in
a change I made
Fix Description: Fix the path
https://pagure.io/389-ds-base/issue/50122
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
55045dab by Matúš Honěk at 2019-01-11T14:40:00+01:00
Ticket 50138 - db2bak.pl -P LDAPS does not work when nsslapd-securePort is missing
Bug Description:
When nsslapd-securePort is not set in dse.ldif, DSUtil (in case of LDAPS)
interpolates ldapmodify (and other) call to a URI ending only with a colon
because obtained securePort is just an empty string. The very same turns out to
happen for the nsslapd-port.
Fix Description:
Hardcode the default ports, which is a short variant of omitting the
colon and port, and which would be chosen by the OpenLDAP utils any way.
https://pagure.io/389-ds-base/issue/50138
Author: mhonek
Review by: mreynolds (thanks!)
- - - - -
c1f96bd3 by Mark Reynolds at 2019-01-11T11:23:32-05:00
Ticket 49994 - Adjust dsconf backend usage
Description: Slightly rearrange the backend usage to move create/delete
to main subcommands instead of being under suffix.
https://pagure.io/389-ds-base/issue/49994
Reviewed by: spichugi & firstyear(Thanks!!)
- - - - -
3a6d0b8f by Timo Aaltonen at 2019-01-12T20:21:15+02:00
Merge branch 'upstream'
- - - - -
879ddf8c by Timo Aaltonen at 2019-01-12T20:24:09+02:00
bump the version
- - - - -
1652c623 by Timo Aaltonen at 2019-01-12T20:29:43+02:00
close a bug
- - - - -
95a239da by Timo Aaltonen at 2019-01-12T23:50:47+02:00
fix-nss-path.diff: Fix includes.
- - - - -
e6dc2bbb by Timo Aaltonen at 2019-01-13T00:04:58+02:00
Build ds* manpages, add missing build-depends.
- - - - -
3ab52f57 by Timo Aaltonen at 2019-01-13T21:12:40+02:00
Move deprecated tools in a new subpackage.
- - - - -
24b832e8 by Timo Aaltonen at 2019-01-13T21:13:38+02:00
releasing package 389-ds-base version 1.4.0.20-1
- - - - -
9f433e82 by William Brown at 2019-01-14T08:39:04+10:00
Update .gitignore to hide extra files
Description: Add a small number of files to gitignore
- - - - -
b5e4fca0 by William Brown at 2019-01-14T08:39:04+10:00
Ticket 50136 - Allow resetting passwords on the CLI
Bug Description: This allows resetting passwords on the CLI for
accounts, as well as allowing accounts to self-change their
passwords.
Fix Description: Add reset and change password functions, and
fix a number of issues with non-DM bind in the server, regrissions
in tls enable during tests.
https://pagure.io/389-ds-base/issue/50136
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
7096094e by Mark Reynolds at 2019-01-14T09:56:37-05:00
Ticket 50077 - RFE - improve automember plugin to work with modify ops
Description:
Previously automember was only invoked for ADD operations. This enhancement
allows it to work with modify operations, and it will also maintain the
correct memberships. So if a modify changes which groups the user would
belong to, it will add the user to the new group, and remove them from the
old group.
https://pagure.io/389-ds-base/issue/50077
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
a8fa9a99 by Mark Reynolds at 2019-01-14T10:10:20-05:00
Ticket 49984 - python installer add option to create suffix entry
Description: Making the top suffix entry should be optional, and
not the fixed default behavior. Added a new option:
create_suffix_entry True/False
https://pagure.io/389-ds-base/issue/49984
Reviewed by: ?
- - - - -
c5781fe4 by Timo Aaltonen at 2019-01-14T20:04:23+02:00
releasing package 389-ds-base version 1.4.0.20-2
- - - - -
0666b520 by William Brown at 2019-01-15T10:03:37+10:00
Ticket 50123 - with_tmpfiles_d is associated to systemd
Description: with_tmpfiles_d does not operate unless it's
part of a systemd install. This moves the configure check
and operation to within the "with_systemd" code.
https://pagure.io/389-ds-base/issue/50123
Reviewed by: vashirov (Thanks!)
- - - - -
ca13f42d by Mark Reynolds at 2019-01-14T22:53:10-05:00
Ticket 50153 - Increase default max logs
Bug Description: The errors & audit logs default to max number of logs to 1.
This prevents the max log size rotation policy from working.
This is documented in the docs, but the problem is that this
can allow the server to fill up the FS on /var under certain
conditions.
Fix Description: Change the default max number of logs to "2". This is still
a small value, and it allows the rotation policy to be effective.
https://pagure.io/389-ds-base/issue/50153
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
8bac1e29 by Marc Muehlfeld at 2019-01-15T15:26:24+01:00
Ticket 50161 - Fixed some descriptions in "dsconf backend --help"
Description: - Help for "suffix" was no longer correct
- Help for "create" changed to "Create a backend database"
- Changed descriptions to start with a capital letter for consistency
https://pagure.io/389-ds-base/issue/50161
Reviewed by: mhonek, mreynolds
- - - - -
ff9387bb by Thierry Bordaz at 2019-01-15T17:57:30+01:00
Ticket 49972 - use-after-free in case of several parallel krb authentication
Bug Description:
When several threads (RA) authenticates to the same host and at the same time
There is a good chance they will share the same credential cache.
If one authentication fails, the thread will clear the cache (krb5_cc_destroy)
although others threads may still use it.
Fix Description:
The best approach is to drop using krb5 function and use gssapi.
It is a quite intrusive change and a simplest temporary fix will serialize
all krb5 calls.
During initialization of the interaction structure (sasl), if using gssapi mechanism,
the calls to krb5 functions are serialized with a lock.
Then the lock is released for the authentication and cleanup.
Cleanup needs to be serialized as well as it calls krb5_cc_destroy.
The fix consist to acquire the lock over initialization/authentication/cleanup.
So only one RA can authenticate at the same time.
https://pagure.io/389-ds-base/issue/49972
Reviewed by: Robbie Harwood, William Brown (many thanks for your reviews !!)
Platforms tested: F27 & F28
Flag Day: no
Doc impact: no
- - - - -
eae696f1 by Mark Reynolds at 2019-01-15T13:46:06-05:00
Ticket 50077 - Fix compiler warnings in automember rebuild task
https://pagure.io/389-ds-base/issue/50077
Reviewed by: mreynolds(one line commit rule)
- - - - -
58be90b8 by Mark Reynolds at 2019-01-15T13:55:18-05:00
Ticket 49540 - FIx compiler warning in ldif2ldbm
https://pagure.io/389-ds-base/issue/49540
Reviewed by: mreynolds(one line commit rule)
- - - - -
bf34abab by Mark Reynolds at 2019-01-15T14:06:51-05:00
Ticket - Fix compiler warning in init.c
https://pagure.io/389-ds-base/issue/49574
Reviewed by: mreynolds(one line commit rule)
- - - - -
e0485033 by Mark Reynolds at 2019-01-15T14:40:39-05:00
Fix compiler warning in snmp main()
Reviewed by: mreynolds(one line commit rule)
- - - - -
6c227c47 by Timo Aaltonen at 2019-01-16T11:30:41+02:00
control: 389-ds-base should depend on the legacy tools for now. (Closes: #919420)
- - - - -
aa20c2d3 by Timo Aaltonen at 2019-01-16T11:30:58+02:00
releasing package 389-ds-base version 1.4.0.20-3
- - - - -
ada2dfdd by Simon Pichugin at 2019-01-16T11:26:48+01:00
Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser
Description: When HOME env var is not set, the call will fail with an exception.
Instead of HOME we can use expanduser method. The expanduser will do the right thing
and get home directory on all platforms from either env vars or password database.
https://pagure.io/389-ds-base/issue/50152
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
68e08801 by Mark Reynolds at 2019-01-16T12:36:59-05:00
Ticket 50165 - Fix dscreate issues
Description: There were some recent regressions about selinux in dscreate.
- When skipping labelling of default port an error message was incorrectly logged
- restorecon was not using the correct path
https://pagure.io/389-ds-base/issue/50165
Reviewed by: firstyear & mhonek (Thanks!!)
- - - - -
c57528b1 by Mark Reynolds at 2019-01-16T13:08:41-05:00
Ticket 50169 - lib389 changed hardcoded systemctl path
Description: Currently the server is using "/usr/bin/systemctl", but
this fails on Debian. There is no need for a path anyway
so jsut strip it.
https://pagure.io/389-ds-base/issue/50169
Reviewed by: mhonek(Thanks!)
- - - - -
7f3f9786 by German Parente at 2019-01-17T14:17:35+01:00
Fix for ticket 50059: If an object is nsds5replica, it must be cn=replica
Bug Description:
We should enforce that if an object is of type nsds5replica, it must be named cn=replica.
This has caused some confusion where people have misconfigured their system by trying alternate names.
Fix Description:
Check that rdn of replica dn is exactly REPLICA_RDN
https://pagure.io/389-ds-base/issue/50059
Author: German Parente <gparente at redhat.com>
Review by: ???
- - - - -
b6ed4534 by Mark Reynolds at 2019-01-17T08:33:00-05:00
Ticket 50164 - Add test for dscreate
Description: Add a simple test in basic suite to make sure dscreate works,
also moved setup/remove tests from lib389 and moved them inside
dirsrvtests directory
https://pagure.io/389-ds-base/issue/50164
Reviewed by: ?
- - - - -
d23ef6d3 by William Brown at 2019-01-18T09:11:21+10:00
Ticket 50125 - perl fix ups for tmpfiles
Bug Description: I missed updating the perl tools during the tmpfiles
fix.
Fix Description: Change the name in dscreate.pm
https://pagure.io/389-ds-base/issue/50125
Author: William Brown <william at blackhats.net.au>
Review by: vashirov (Thanks!)
- - - - -
e08b20cc by German Parente at 2019-01-18T08:48:20+00:00
Merge #50079 `Fix for ticket 50059: If an object is nsds5replica, it must be cn=replica`
- - - - -
abdf8aab by Mark Reynolds at 2019-01-24T12:01:02-05:00
Bump version to 1.4.1.0
- - - - -
614ab2a2 by Simon Pichugin at 2019-01-28T18:32:26+01:00
Issue 50041 - CLI and WebUI - Add memberOf plugin functionality
Description: Add the main functionality to memberOf plugin tab.
Increase the eslint max line length from 80 to 100.
Rework plugin properties to be more compact.
Eslint webpack config. Add react-bootstrap-typeahead for
multivalued attributes. Fix the word 'successfully' typos.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
341eeabd by William Brown at 2019-01-29T08:40:35+10:00
Ticket 50151 - lib389 support cli add/replace/delete on objects
Bug Description: We need a generic way to add/replace/delete on
objects, that is not ldif. Ldif is wildly inaccessible and hard
to use.
Fix Description: Add a "modify" generic to cli_base, that is
used by user. It supports a syntax of:
modify <selector> <add|replace|delete>:<attr>:<value>
An example is:
... user modify demo_user add:objectclass:nsMemberOf
These can have many modifications in a single transaction:
user modify demo_user add:objectclass:nsMemberOf add:description:test
https://pagure.io/389-ds-base/issue/50151
Author: William Brown <william at blackhats.net.au>
Review by: spichugi, mreynolds, lkrispen (Thanks!)
- - - - -
af9bb720 by Mark Reynolds at 2019-01-30T15:08:52-05:00
Bump version to 1.4.1.1
- - - - -
0be01490 by Simon Pichugin at 2019-01-31T09:45:22-05:00
Issue 50041 - CLI and WebUI - Add memberOf plugin functionality
Description: Add the main functionality to memberOf plugin tab.
Increase the eslint max line length from 80 to 100.
Rework plugin properties to be more compact.
Eslint webpack config. Add react-bootstrap-typeahead for
multivalued attributes. Fix the word 'successfully' typos.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
92909976 by Mark Reynolds at 2019-01-31T09:46:11-05:00
Bump version to 1.4.0.21
- - - - -
ae39d1f0 by William Brown at 2019-02-01T10:48:39+10:00
Ticket 50159 - sssd and config display
Bug Description: It can be very hard and confusing for an admin
when they first start with LDAP to know how to configure clients
both generic, ldapcli tools or sssd.
Fix Description: Add a subcommand to dsidm that allows generation
of example configs for ldap.conf, sssd.conf and generic display
of parameters for LDAP clients. These have been tested to work on
SUSE and Fedora, and they are well commented to advise admins
to review and improve the configurations.
https://pagure.io/389-ds-base/issue/50159
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
1c5f0605 by William Brown at 2019-02-01T10:50:00+10:00
Ticket 50184 - Add cli tool parity to dsconf/dsctl
Bug Description: As we are removing the shell/perl tools, we need
to have functional parity with the existing tools. This adds the
final tools needed to make that equivalent.
Fix Description: Add support for dbverify, linkedattr fixup and
a monitoring tool.
https://pagure.io/389-ds-base/issue/50184
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (thanks!)
- - - - -
84dba178 by William Brown at 2019-02-01T10:51:59+10:00
Ticket 50140 - Use high ports in container installs
Bug Description: Out of the box, linux and containers don't
have the required root permissions to use ports below 1024.
We can't expect admins to change this, so we should configure
ourselves on high ports in container installs.
Fix Description: Add containised argument to slapd2base
options, and pass it as required for example file and
installer sections.
https://pagure.io/389-ds-base/issue/50140
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
cd908573 by Thierry Bordaz at 2019-02-01T15:42:54+01:00
Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status
Bug Description:
scripts that create online import and export tasks do not define a Time To Life of the tasks.
As a consequence the task entry is cleared 2min (default value) after task completion.
This is too rapid and some admin scripts may miss the final task status.
Fix Description:
The fix is to keep the entry of completed online import and export tasks for 1 day.
It also allows defines a default TTL to 1h (instead of 2min)
https://pagure.io/389-ds-base/issue/50177
Reviewed by:
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
9408b94d by Mark Reynolds at 2019-02-01T10:37:23-05:00
Ticket 50165 - Fix issues with dscreate
Bug Description: The install would fail under these two conditions:
[1] You do not specfiy a secure port, even if not using TLS
[2] The suffix has a space after a comma.
Fix Description: If the secure port is not specified set it to the default,
and normalize the suffix DN
https://pagure.io/389-ds-base/issue/50165
Reviewed by: ?
- - - - -
0036226b by Mark Reynolds at 2019-02-01T10:39:20-05:00
Ticket 50165 - Fix issues with dscreate
Bug Description: The install would fail under these two conditions:
[1] You do not specfiy a secure port, even if not using TLS
[2] The suffix has a space after a comma.
Fix Description: If the secure port is not specified set it to the default,
and normalize the suffix DN
https://pagure.io/389-ds-base/issue/50165
Reviewed by: ?
- - - - -
98bfccc8 by Thierry Bordaz at 2019-02-01T16:43:50+01:00
Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status
Bug Description:
scripts that create online import and export tasks do not define a Time To Life of the tasks.
As a consequence the task entry is cleared 2min (default value) after task completion.
This is too rapid and some admin scripts may miss the final task status.
Fix Description:
The fix is to keep the entry of completed online import and export tasks for 1 day.
It also allows defines a default TTL to 1h (instead of 2min)
https://pagure.io/389-ds-base/issue/50177
Reviewed by: Mark Reynolds
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
24271fe6 by Hugh McMaster at 2019-02-03T17:58:57+11:00
Ticket 50111: Use pkg-config to detect icu
Use of icu-config is deprecated upstream and no longer supported
in Debian, Ubuntu and Linux Mint.
Signed-off-by: Hugh McMaster <hugh.mcmaster at outlook.com>
- - - - -
e09725e7 by Thierry Bordaz at 2019-02-05T15:19:49+01:00
Ticket 49658 - In replicated topology a single-valued attribute can diverge
Bug Description:
When deleting a specific value of a single valued attribute,
the deleted value can be erronously resurrected.
Fix Description:
This second fix is a rewrite of entry state resolution.
The original function (resolve_attribute_state_single_valued) implemented
a main algorythm but it was heavily merged with resolution of specific cases.
It was too difficult to make the function understandable and preserving
the handling of the specific cases.
The risk of that rewrite fix is that I can not guarantee it fully covers
the set of specific cases
https://pagure.io/389-ds-base/issue/49658
Reviewed by: William Brown (Thanks !!)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
70cac1b1 by Thierry Bordaz at 2019-02-05T16:01:52+01:00
Ticket 49658 - In replicated topology a single-valued attribute can diverge
Bug Description:
When deleting a specific value of a single valued attribute,
the deleted value can be erronously resurrected.
Fix Description:
This second fix is a rewrite of entry state resolution.
The original function (resolve_attribute_state_single_valued) implemented
a main algorythm but it was heavily merged with resolution of specific cases.
It was too difficult to make the function understandable and preserving
the handling of the specific cases.
The risk of that rewrite fix is that I can not guarantee it fully covers
the set of specific cases
https://pagure.io/389-ds-base/issue/49658
Reviewed by: William Brown (Thanks !!)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
d8a94c28 by William Brown at 2019-02-06T10:16:42+10:00
Ticket 50195 - improve selinux error messages in interactive
Bug Description: During an interactive install, the selinux
module if not found would produce many error messages that
were not necessary.
Fix Description: Warn the user at the start of the install
that selinux isn't found, and allow them to continue
https://pagure.io/389-ds-base/issue/50195
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
ff94e562 by William Brown at 2019-02-06T10:19:28+10:00
Ticket 50197 - Container integration improvements
Bug Description: During the container integration process
I have noticed a small number of remaining issues.
Fix Description:
* dm password is left as randomised in container install
* nss_ssl only removes dir content, not the directory itself
* basic tests rely on incorrect assumptions about file perms,
hostnames and ports.
https://pagure.io/389-ds-base/issue/50197
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
e580506d by Thierry Bordaz at 2019-02-06T13:41:22+01:00
Ticket 49873 - Contention on virtual attribute lookup
Bug Description:
During lookup of the virtual attribute table (filter evaluation and returned attribute)
the lock is acquired many times in read. For example it is acquired for each targetfilter aci and for
each evaluated entry.
Unfortunately RW lock is expensive and appears frequently on pstacks.
The lock exists because the table can be updated but update is very rare (addition of a new service provider).
So it slows down general proceeding for exceptional events.
Fix Description:
The fix is to acquire/release the read lock at the operation level and set a per-cpu flag, so that later lookup
would just check the flag.
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Ludwig Krispenz, William Brown (thanks !!)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
6f87fab4 by Thierry Bordaz at 2019-02-06T13:54:53+01:00
Ticket 49873 - Contention on virtual attribute lookup
Bug Description:
During lookup of the virtual attribute table (filter evaluation and returned attribute)
the lock is acquired many times in read. For example it is acquired for each targetfilter aci and for
each evaluated entry.
Unfortunately RW lock is expensive and appears frequently on pstacks.
The lock exists because the table can be updated but update is very rare (addition of a new service provider).
So it slows down general proceeding for exceptional events.
Fix Description:
The fix is to acquire/release the read lock at the operation level and set a per-cpu flag, so that later lookup
would just check the flag.
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Ludwig Krispenz, William Brown (thanks !!)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
cab38f97 by Mark Reynolds at 2019-02-07T12:07:17-05:00
Ticket 50155 - password history check has no way to just check the current password
Description: Currently if you set passwordinhistory 1, it checks the last
recorded password and the current password. To get it to just
check the current password we need to allow "0" in passwordinhistory.
Then only check the current password, and not the entry's
passwordHistory attributes (if any).
Also added new "rebind" function to Accounts class to "rebind"
on the current connection.
https://pagure.io/389-ds-base/issue/50155
Reviewed by: firstyear & spichugi (Thanks!!)
- - - - -
ba02f5a6 by Mark Reynolds at 2019-02-07T12:10:33-05:00
Ticket 50155 - password history check has no way to just check the current password
Description: Currently if you set passwordinhistory 1, it checks the last
recorded password and the current password. To get it to just
check the current password we need to allow "0" in passwordinhistory.
Then only check the current password, and not the entry's
passwordHistory attributes (if any).
Also added new "rebind" function to Accounts class to "rebind"
on the current connection.
https://pagure.io/389-ds-base/issue/50155
Reviewed by: firstyear & spichugi (Thanks!!)
- - - - -
f19f2793 by William Brown at 2019-02-08T10:56:44+10:00
Ticket 50151 - lib389 support cli add/replace/delete on objects
Bug Description: We need a generic way to add/replace/delete on
objects, that is not ldif. Ldif is wildly inaccessible and hard
to use.
Fix Description: Add a "modify" generic to cli_base, that is
used by user. It supports a syntax of:
modify <selector> <add|replace|delete>:<attr>:<value>
An example is:
... user modify demo_user add:objectclass:nsMemberOf
These can have many modifications in a single transaction:
user modify demo_user add:objectclass:nsMemberOf add:description:test
https://pagure.io/389-ds-base/issue/50151
Author: William Brown <william at blackhats.net.au>
Review by: spichugi, mreynolds, lkrispen (Thanks!)
- - - - -
7de40c5e by Timo Aaltonen at 2019-02-10T12:22:36+02:00
Run offline upgrade only when upgrading from versions below 1.4.0.9, ns-slapd itself handles upgrades in newer versions.
- - - - -
6d02b1d5 by Timo Aaltonen at 2019-02-10T12:43:49+02:00
rules: Actually install the minified javascript files. (Closes: #913820)
- - - - -
d68b131e by Anuj Borah at 2019-02-11T12:19:36+05:30
Issue:50211 - Making an actual Anonymous type in lib389/idm/account.py
Making an actual Anonymous type in lib389/idm/account.py
https://pagure.io/389-ds-base/issue/50211
Reviewed by: William Brown
- - - - -
8e2da5db by William Brown at 2019-02-12T08:26:39+10:00
Ticket 50199 - disable perl by default
Bug Description: Our python lib389 tools have become much
more mature. We should disable perl by default as it's really
not maintained, and deprecated, so we should stop emitting it
by default. It can still be enabled with --enable-perl to
./configure, but we just discourage it.
Fix Description: Turn yes to no.
https://pagure.io/389-ds-base/issue/50199
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, mhonek, lslebodn (Thanks)
- - - - -
722c3781 by Timo Aaltonen at 2019-02-12T16:07:09+02:00
Merge branch 'upstream'
- - - - -
08da899c by Timo Aaltonen at 2019-02-12T16:07:35+02:00
bump the version
- - - - -
a80a850d by Timo Aaltonen at 2019-02-12T16:28:21+02:00
releasing package 389-ds-base version 1.4.0.21-1
- - - - -
6714c456 by Anuj Borah at 2019-02-14T08:01:25+05:30
Issue: 50170 - composable object types for nsRole in lib389
Composable object types for nsRole in lib389
https://pagure.io/389-ds-base/issue/50170
Reviewed by: Ludwig Krispenz, William Brown, thierry bordaz
- - - - -
e373f392 by William Brown at 2019-02-15T10:46:32+10:00
Ticket 50208 - make instances mark off based on dse.ldif not sysconfig
Bug Description: As sysconfig isn't cross platform compatible, and
there are some potential plans to remove it from our systemd files,
we need to make sure that lib389 can handle this file not being present
in new installs.
Fix Description: Thankfully, we have a file we can always guarantee
exists: dse.ldif. This makes /etc/dirsrv/slapd-instance the only
fixed location in the server now, all other locations can be "moved".
This patch:
* Fixes a large number of removal regressions
* Add comments and warnings throughout remove and setup to help
prevent future regresions
* Create no longer creates /etc/sysconfig/dirsrv-instance
* Create makes dse.ldif *first* as it's the marker location
* Remove works when there is no marker file (but will remove if it
exists)
* Listing now ignores /etc/sysconfig, and reads dse.ldif instead
with a follow up https://pagure.io/389-ds-base/issue/50207 to
parse data from this file for offline
https://pagure.io/389-ds-base/issue/50208
Author: William Brown <william at blackhats.net.au>
Review by: spichugi, abbra (Thanks)
- - - - -
ddf79e62 by Anuj Borah at 2019-02-18T09:25:12+05:30
Issue: 50112 Port ACI test suit from TET to python3(Aci Atter)
Port ACI test suit from TET to python3
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown and Simon Pichugin
modified: acivattr_test.py
deleted: deladd_test.py
deleted: globalgroup_part2_test.py
deleted: globalgroup_test.py
deleted: keywords_part2_test.py
deleted: keywords_test.py
deleted: misc_test.py
deleted: modify_test.py
deleted: modrdn_test.py
deleted: roledn_test.py
deleted: search_real_part2_test.py
deleted: search_real_part3_test.py
deleted: search_real_test.py
deleted: syntax_test.py
deleted: userattr_test.py
deleted: valueacl_part2_test.py
deleted: valueacl_test.py
modified: working_contstants.py
- - - - -
39d13101 by Anuj Borah at 2019-02-18T04:13:54+00:00
Issue:50112 - Port ACI test suit from TET to python3(valueaci)
Port ACI test suit from TET to python3(valueaci)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown
- - - - -
2031ed0d by William Brown at 2019-02-19T09:18:04+10:00
Ticket 50224 - warnings on deprecated API usage
Bug Description: There have been many cases of incorrect and
invalid api usage. As we go on, we can't allow more usage of
these apis to be added as it only puts more work on us in
the future to remove.
Fix Description: Add deprecation warnings to these apis, telling
people they will be removed, and where their faulty code is.
https://pagure.io/389-ds-base/issue/50224
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
459f7383 by Anuj Borah at 2019-02-20T08:14:30+05:30
Issue: 50112 - Port ACI test suit from TET to python3(modify)
Port ACI test suit from TET to python3(modify)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown
- - - - -
bc3ea14c by Anuj Borah at 2019-02-21T07:49:35+05:30
Issue: 50227 - Making an cosClassicDefinition type in src/lib389/lib389/cos.py
Making an cosClassicDefinition type in src/lib389/lib389/cos.py
https://pagure.io/389-ds-base/issue/50227
Reviewed by: William Brown
- - - - -
5262f50b by Anuj Borah at 2019-02-25T09:25:02+05:30
Issue: 50219 - Add generic filter to DSLdapObjects
Add generic filter to DSLdapObjects
https://pagure.io/389-ds-base/issue/50219
Reviewed by: William Brown
- - - - -
6963780b by William Brown at 2019-02-25T14:11:10+10:00
Ticket 50213 - fix list instance issue
Bug Description: A format string would not always be created
which caused instance list to fail. This may lead to instance
removal failing (creation and api removal still functioned)
Fix Description: Use a correctly initialised paths object, and
add extra debugging around the list capability for -v
https://pagure.io/389-ds-base/issue/50213
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks)
- - - - -
47c42590 by Mark Reynolds at 2019-02-26T09:20:05-05:00
Ticket 50236 - memberOf should be more robust
Bug Description: When doing a modrdn, or any memberOf update, if the entry
already has the memberOf attribute with the same value
the operation is incorrectly rejected.
Fix Description: If we get an error 20 (type or value exists) return success.
Also fixed a coding mistake that causes the wrong error
code to be returned. This also required fixing the CI
test to check for the new correct errro code.
https://pagure.io/389-ds-base/issue/50236
Reviewed by: firstyear, spichugi, and tbordaz (Thanks!!!)
- - - - -
b30295a7 by Mark Reynolds at 2019-02-26T09:21:34-05:00
Ticket 50238 - Failed modrdn can corrupt entry cache
Bug Description: Under certain conditions (found under IPA) when a backend
transaction plugin fails and causes a modrdn operation to
fail the entry cache no longer contains the original/pre
entry, but instead it has the post modrdn'ed entry with
the original entry's ID
Fix Description: Upon failure, if the post entry is in the cache, then swap
it out with the original entry.
https://pagure.io/389-ds-base/issue/50238
Reviewed by: firstyear, spichugi, & tboardaz (Thanks!!!)
- - - - -
ea24c43a by Mark Reynolds at 2019-02-26T09:23:33-05:00
Ticket 50236 - memberOf should be more robust
Bug Description: When doing a modrdn, or any memberOf update, if the entry
already has the memberOf attribute with the same value
the operation is incorrectly rejected.
Fix Description: If we get an error 20 (type or value exists) return success.
Also fixed a coding mistake that causes the wrong error
code to be returned. This also required fixing the CI
test to check for the new correct errro code.
https://pagure.io/389-ds-base/issue/50236
Reviewed by: firstyear, spichugi, and tbordaz (Thanks!!!)
- - - - -
a0639843 by Mark Reynolds at 2019-02-26T09:31:57-05:00
Ticket 50238 - Failed modrdn can corrupt entry cache
Bug Description: Under certain conditions (found under IPA) when a backend
transaction plugin fails and causes a modrdn operation to
fail the entry cache no longer contains the original/pre
entry, but instead it has the post modrdn'ed entry with
the original entry's ID
Fix Description: Upon failure, if the post entry is in the cache, then swap
it out with the original entry.
https://pagure.io/389-ds-base/issue/50238
Reviewed by: firstyear, spichugi, & tboardaz (Thanks!!!)
- - - - -
45e84745 by William Brown at 2019-02-27T10:14:30+10:00
Ticket 50243 - refint modrdn stress test
Bug Description: It was reported that modrdn of an ou which
contained many items could break refint in some cases.
Fix Description: Add a stress test to try to reproduce the issue
https://pagure.io/389-ds-base/issue/50243
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks)
- - - - -
752801b8 by Mark Reynolds at 2019-02-27T16:09:30-05:00
Ticket 50215 - UI - implement Database Tab in reachJS
Description: Implement database tab in ReactJS.
https://pagure.io/389-ds-base/issue/50215
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
6e95c659 by Mark Reynolds at 2019-02-27T16:32:50-05:00
Ticket 50215 - UI - implement Database Tab in reachJS
Description: Implement database tab in ReactJS.
https://pagure.io/389-ds-base/issue/50215
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
eb1b5c51 by Ludwig Krispenz at 2019-02-28T15:18:16+01:00
Ticket 50232 - export creates not importable ldif file
Bug: If the RUV entry hasa smaller entryid than the suffix entry it will be
exported before the suffix. If that ldif is used for import the RUV entry
is skipped and a new one generated with a different database generation
Fix: Before exporting the RUV check that the suffix is alread exported, if not
make the RUV entry pending and write it after all othere entries
Reviewed by: tbordaz, wbrown. Thanks
- - - - -
fb5ae2ca by William Brown at 2019-03-01T14:31:36+10:00
Ticket 50197 - Container init tools
Bug Description: It's important that 389 Directory Server
has a functional, correct, and high quality container integration
system. After years of work on the server core and lib389, this is
nearly possible.
Importantly, containers have certain requirements we must understand.
All state must be in external-filesystem volumes. We can not assume
that we have an instance installed, so must create one on launch.
If one exists, we need to expose it. We don't have the ability to
ask questions, so we need to use environment, or work with no
input at all. We can't make assumptions about backends. Finally,
we need to assume that we could be a new version of the server -
we don't know about anything else.
Fix Description: This adds a dscontainer wrapper tool that is
intended for operation inside of containers. It handles and binds
many of the existing parts of lib389 for container support. I have
cleaned up past container support realising how it was done wasn't
as elegant as this.
The dscontainer tool is intended to be the entry point from a
dockerfile, IE the CMD directive.
There are still some avenues to explore. For example, we could
attempt to override the storage paths for logs and db rather than
relying on dockerfile system links. (this may break apparmor though).
https://pagure.io/389-ds-base/issue/50197
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
0f918de1 by William Brown at 2019-03-01T14:43:59+10:00
Ticket 50197 - Container integration part 2
Bug Description: Rather than hardcoding behaviours into the setup
process of the installer, the container init process adapts the
slapd config to match what a container needs.
Fix Description: To achieve this, we expose a "start" option
in the from-file install which allows the post install start
to be true/false. We also correct the container's locations
to install ds into known paths. Finally a flag is added to
dsctl to prevent certain actions from running inside a container
limiting us only to maintenance actions (and still only offline)
https://pagure.io/389-ds-base/issue/50197
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, mhonek
- - - - -
c6054d12 by Simon Pichugin at 2019-03-01T21:46:17+01:00
Issue 50246 - Fix the regression in old control tools
Bug Description: The old control tools - status-dirsrv, start-dirsrv,
stop-dirsrv, restart-dirsrv stopped working properly after
the /etc/sysconfig/dirsrv removal.
Fix Description: Make them the direct systemctl command wrappers and
don't look for instances in /etc/sysconfig/dirsrv.
Fix UI. Make it use the new dsctl tools. Extend dsctl status (add JSON).
Also, remove the dragon warning because it breaks the QE test reports
when we run all the tests (we don't use DEBUGGING mode there
because it doesn't remove the instances).
The deprication warning should be enough for now.
https://pagure.io/389-ds-base/issue/50246
Reviewed by: wibrown, vashirov, mhonek, mreynolds (Thanks!)
- - - - -
f1661548 by William Brown at 2019-03-04T11:42:04+10:00
Ticket 50230 - improve ioerror msg when not root/dirsrv
Bug Description: When not running as root or dirsrv, improve the clarity
of the error messages as the previous messages were misleading.
Fix Description: Improve the exception handling and messages.
https://pagure.io/389-ds-base/issue/50230
Author: William Brown <william at blackhats.net.au>
Review by: mhonek
- - - - -
e6e18004 by Barbora Smejkalová at 2019-03-05T23:46:46+00:00
Issue 49029 - [RFE] improve internal operations logging
Description:
Added test cases and fixtures to check correct internal log values of user operations (add, rename, delete) in access log when different access log level is set.
https://pagure.io/389-ds-base/issue/49029
Reviewed by: spichugi, firstyear, mreynolds (Thanks!)
- - - - -
2c5f34d6 by Anuj Borah at 2019-03-06T01:01:24+00:00
Issue: 50253 - Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py
Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py
https://pagure.io/389-ds-base/issue/50253
Reviewed by: William Brown, thierry bordaz
- - - - -
0ad1dd2e by Mark Reynolds at 2019-03-05T23:11:27-05:00
Ticket 50257 - lib389 - password policy user vs subtree checks are broken
Description: We were not properly checking for user verses subtree policies.
This patch cleaned up alot of flawed code, and properly uses
DSLdapObjects to find policies and process them.
https://pagure.io/389-ds-base/issue/50257
Reviewed by: firstyear(Thanks!)
- - - - -
47045414 by Ludwig Krispenz at 2019-03-06T11:32:40+01:00
Ticket 50234 - one level search returns not matching entry
Bug: if in a onelevel search the IDList for the parentid is smaller than the filter
threshold and smaller than the list generated by the search filter
then the intersection is aborted and all children are returned.
Fix: In the above case we need to set the flag that the filter evaluation
cannot be bypassed
Reviewed by: William, Thierry. Thanks
- - - - -
0f785304 by Ludwig Krispenz at 2019-03-06T12:40:58+01:00
Ticket 50232 - export creates not importable ldif file
Bug: If the RUV entry hasa smaller entryid than the suffix entry it will be
exported before the suffix. If that ldif is used for import the RUV entry
is skipped and a new one generated with a different database generation
Fix: Before exporting the RUV check that the suffix is alread exported, if not
make the RUV entry pending and write it after all othere entries
Reviewed by: tbordaz, wbrown. Thanks
- - - - -
0654777e by Ludwig Krispenz at 2019-03-06T12:41:40+01:00
Ticket 50234 - one level search returns not matching entry
Bug: if in a onelevel search the IDList for the parentid is smaller than the filter
threshold and smaller than the list generated by the search filter
then the intersection is aborted and all children are returned.
Fix: In the above case we need to set the flag that the filter evaluation
cannot be bypassed
Reviewed by: William, Thierry. Thanks
- - - - -
eed079c0 by Simon Pichugin at 2019-03-06T16:43:58+01:00
Issue 50197 - Fix dscreate regression
Description: dscreate fails to create an instance because
the wrong number of arguments is used for Slapd2Base() call.
https://pagure.io/389-ds-base/issue/50197
Reviewed by: ?
- - - - -
d79fea60 by William Brown at 2019-03-06T23:58:35+00:00
Ticket 49655 - remove doap file
Bug Description: Remove the unused and unmaintained doap file
Fix Description: rm 389-doap.rdf
https://pagure.io/389-ds-base/issue/49655
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
28fe1601 by William Brown at 2019-03-08T12:00:58+10:00
Ticket 50137 - create should not check in non-stateful mode for exist
Bug Description: In def create, we should do a existance check for an
entry before creating. However, depending on access control this may not
work as intended because you can create without sight of the target, and
then this may cause misleading exceptions preventing the create.
Fix Description: In stateless mode, don't check the existance of the
entry before create.
In stateful ensure mode, continue to check for the existance.
https://pagure.io/389-ds-base/issue/50137
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
00dfb129 by William Brown at 2019-03-08T12:14:40+10:00
Ticket 49575 - Indicate autosize value errors and corrective actions
Bug Description: The autosize system would fail if the values were
greater than 100 comibined. However, I did not disclose how to fix
these values and where.
Fix Description: Improve the error message to give reasonable
advice and location of the fix for corrective action.
https://pagure.io/389-ds-base/issue/49575
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
118f8a2f by Simon Pichugin at 2019-03-08T12:04:25+01:00
Issue 50263 - LDAPS port not listening after installation
Bug description: When I add an additional instance to my server,
an error is displayed at the end of the installation and
the LDAPS port is not listening.
The issue was introduced in
https://pagure.io/389-ds-base/pull-request/50202#_7__59
Fix description: Make interactive installation process
general["start"] argument.
https://pagure.io/389-ds-base/issue/50263
Reviewed by: mreynolds, wibrown, mhonek (Thanks!)
- - - - -
46e28cb4 by Simon Pichugin at 2019-03-08T18:49:19+01:00
Issue 50041 - Add CLI functionality for special plugins
Description: Add the functionality for
account-policy, attr-uniq, automember, dna, linked-attr,
managed-entries, memberof, pass-through-auth, refer-init,
retro-changelog, root-dn, usn commands.
Make DSLdapObject create an entry with only DN and attributes
(cases when RDN is not specified).
Fix two small typos in pwpolicy CLI's arguments.
Port test for DNA plugin.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: wibrown, mreynolds, mhonek (Thanks!)
- - - - -
5563e770 by Anuj Borah at 2019-03-11T02:09:00+00:00
Issue: 50112 - Port ACI test suit from TET to python3(Global Group)
Port ACI test suit from TET to python3(Global Group)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: Mark Reynolds, Simon Pichugin, William Brown
- - - - -
9f3344a3 by Mark Reynolds at 2019-03-11T10:30:21-04:00
Ticket 50208 - lib389- Fix issue with list all instances
Description: There was a regression where listing "all" instances
failed and returned none. This corrects the instance
path gathering logic
https://pagure.io/389-ds-base/issue/50208
Reviewed by: firstyear(Thanks!)
- - - - -
a703d101 by Mark Reynolds at 2019-03-11T12:27:20-04:00
Ticket 50273 - reduce default replicaton agmt timeout
Description: The default timeout of 10 minutes is just too long.
Change default to 2 minutes.
https://pagure.io/389-ds-base/issue/50273
Reviewed by: tbordaz(Thanks!)
- - - - -
951c499d by Mark Reynolds at 2019-03-11T12:28:40-04:00
Ticket 50273 - reduce default replicaton agmt timeout
Description: The default timeout of 10 minutes is just too long.
Change default to 2 minutes.
https://pagure.io/389-ds-base/issue/50273
Reviewed by: tbordaz(Thanks!)
(cherry picked from commit a703d1017716159f9c84b2c8f6fb0246f9a6a8a8)
- - - - -
813030cc by William Brown at 2019-03-12T11:38:46+10:00
Ticket 50259 - implement dn construction test
Bug Description: Implement a lib389 dn test to show we have correct
behaviour with dn derivation in lib389 creation.
Fix Description: Add test case.
https://pagure.io/389-ds-base/issue/50259
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
656a6c93 by Anuj Borah at 2019-03-12T09:52:56+05:30
Issue: 50112 - Port ACI test suit from TET to python3(Search)
Port ACI test suit from TET to python3(Search)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown, thierry bordaz
- - - - -
f59ddfbc by Simon Pichugin at 2019-03-13T10:57:25+01:00
Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present
Description: When we make srpm we want to make sure that 389-ds-console is built every time.
It is built only if it's not already there (clean up is required).
We should enforce the cockpit_dist building even if it's present.
https://pagure.io/389-ds-base/issue/50276
Reviewed by: mreynolds, vashirov (Thanks!)
- - - - -
1f15e966 by Simon Pichugin at 2019-03-13T09:25:31-04:00
Issue 50041 - Add CLI functionality for special plugins
Description: Add the functionality for
account-policy, attr-uniq, automember, dna, linked-attr,
managed-entries, memberof, pass-through-auth, refer-init,
retro-changelog, root-dn, usn commands.
Make DSLdapObject create an entry with only DN and attributes
(cases when RDN is not specified).
Fix two small typos in pwpolicy CLI's arguments.
Port test for DNA plugin.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: wibrown, mreynolds, mhonek (Thanks!)
(cherry picked from commit 46e28cb4229f590c225f2a52bc8169e6fcc2d65b)
- - - - -
703ee9b0 by William Brown at 2019-03-13T23:03:26+00:00
Ticket 49667 - 49668 - remove old spec files
Bug Description: Remove old unused spec files.
Fix Description: Lib389 and svrcore are now part of 389ds, so
these spec files are not used.
https://pagure.io/389-ds-base/issue/49667
https://pagure.io/389-ds-base/issue/49668
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
5bc92e99 by Mark Reynolds at 2019-03-14T00:45:15-04:00
Ticket 50255 - Port password policy test to use DSLdapObject
Description: While investigating ticket 50255 I had issues with
the CI test because it was not use DSLdapObject. So
This patch just refectors the test to use the current
DSLDAPObject model.
https://pagure.io/389-ds-base/issue/50255
Reviewed by: firstyear(Thanks!)
- - - - -
7ba8a80c by Mark Reynolds at 2019-03-14T00:47:26-04:00
Ticket 50260 - backend txn plugins can corrupt entry cache
Bug Description: If a nested backend txn plugin fails, any updates
it made that went into the entry cache still persist
after the database transaction is aborted.
Fix Description: In order to be sure the entry cache is not corrupted
after a backend txn plugin failure we need to flush
all the cache entries that were added to the cache
after the parent operation was started.
To do this we record the start time the original operation,
(or parent operation), and we record the time any entry
is added to the cache. Then on failure we do a comparision
and remove the entry from the cache if it's not in use.
If it is in use we add a "invalid" flag which triggers
the entry to be removed when the cache entry is returned
by the owner.
https://pagure.io/389-ds-base/issue/50260
CI tested and ASAN approved.
Reviewed by: firstyear, tbordaz, and lkrispen (Thanks!!!)
- - - - -
09b5a2c3 by Mark Reynolds at 2019-03-14T00:50:18-04:00
Ticket 50260 - backend txn plugins can corrupt entry cache
Bug Description: If a nested backend txn plugin fails, any updates
it made that went into the entry cache still persist
after the database transaction is aborted.
Fix Description: In order to be sure the entry cache is not corrupted
after a backend txn plugin failure we need to flush
all the cache entries that were added to the cache
after the parent operation was started.
To do this we record the start time the original operation,
(or parent operation), and we record the time any entry
is added to the cache. Then on failure we do a comparision
and remove the entry from the cache if it's not in use.
If it is in use we add a "invalid" flag which triggers
the entry to be removed when the cache entry is returned
by the owner.
https://pagure.io/389-ds-base/issue/50260
CI tested and ASAN approved.
Reviewed by: firstyear, tbordaz, and lkrispen (Thanks!!!)
(cherry picked from commit 7ba8a80cfbaed9f6d727f98ed8c284943b3295e1)
- - - - -
6d0ba294 by Thierry Bordaz at 2019-03-14T11:50:11+01:00
Ticket 49873: (cont) Contention on virtual attribute lookup
Bug Description:
The previous fix was incomplete.
It created the thread private counter before the fork.
The deamon process was not inheriting it.
There is a possiblity that an callback of an internal search
tries to update the map. (cos thread monitoring cos definition)
In such case the RW lock was first acquired in read at the top level
of the internal search, then later the callback try to acquire it in write.
this created a deadlock
It stored in in private counter a value (int) rather than the address of
of the value (int*).
Fix Description:
The fix consists to create the thread private counter after the deamon creation.
In adding, when acquiring the lock in write, if the lock was already acquired
at the top level (in read), it release the lock and reset the counter. Then acquires
the lock in write.
In the opposite when releasing the lock in read, if the lock was not already acquired
it assumes it was acquired in write and do nothing
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Mark Reynolds, William Brown (thanks !!)
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
b998fed9 by Thierry Bordaz at 2019-03-14T11:58:16+01:00
Ticket 49873: (cont) Contention on virtual attribute lookup
Bug Description:
The previous fix was incomplete.
It created the thread private counter before the fork.
The deamon process was not inheriting it.
There is a possiblity that an callback of an internal search
tries to update the map. (cos thread monitoring cos definition)
In such case the RW lock was first acquired in read at the top level
of the internal search, then later the callback try to acquire it in write.
this created a deadlock
It stored in in private counter a value (int) rather than the address of
of the value (int*).
Fix Description:
The fix consists to create the thread private counter after the deamon creation.
In adding, when acquiring the lock in write, if the lock was already acquired
at the top level (in read), it release the lock and reset the counter. Then acquires
the lock in write.
In the opposite when releasing the lock in read, if the lock was not already acquired
it assumes it was acquired in write and do nothing
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Mark Reynolds, William Brown (thanks !!)
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
208111a3 by William Brown at 2019-03-14T23:28:54+00:00
Ticket 49715 - extend account functionality
Bug Description: It was noted by mreynolds that account doesn't
do as much as user does. This brings account to partial-feature
parity with user, able to modify, show and delete accounts.
Fix Description: Add the ability to show, modify and delete generic
account types.
Note that account can never, and will never gain the ability to
create accounts, because "accounts" are such an opinionated and
complex topic. For creating accounts, user will remain the
preferred command. Account exists to "manage existing" account
types, that an external system may create or feed to the 389
instance.
https://pagure.io/389-ds-base/issue/49715
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks)
- - - - -
da7d2de1 by Thierry Bordaz at 2019-03-15T11:35:30+01:00
Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members
Bug Description:
When automember and memberof are enabled, if a user is member of a group
because of an automember rule. Then when the group is deleted,
memberof updates the member (to update 'memberof' attribute) that
trigger automember to reevaluate the automember rule and add the member
to the group. But at this time the group is already deleted.
Chaining back the failure up to the top level operation the deletion
of the group fails
Fix Description:
The fix consists to check that if a automember rule tries to add a user
in a group, then to check that the group exists before updating it.
https://pagure.io/389-ds-base/issue/50282
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
ada0f84b by Thierry Bordaz at 2019-03-15T11:38:24+01:00
Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members
Bug Description:
When automember and memberof are enabled, if a user is member of a group
because of an automember rule. Then when the group is deleted,
memberof updates the member (to update 'memberof' attribute) that
trigger automember to reevaluate the automember rule and add the member
to the group. But at this time the group is already deleted.
Chaining back the failure up to the top level operation the deletion
of the group fails
Fix Description:
The fix consists to check that if a automember rule tries to add a user
in a group, then to check that the group exists before updating it.
https://pagure.io/389-ds-base/issue/50282
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
d318d060 by Mark Reynolds at 2019-03-15T10:11:16-04:00
Ticket 50077 - Do not automatically turn automember postop modifies on
Description: Although we have set the new postop processing on by
default in the template-dse.ldif, we do not want to
enable it by default for upgrades (only new installs).
So if the attribute is not set, it is assumed "off".
https://pagure.io/389-ds-base/issue/50077
Reviewed by: firstyear(Thanks!)
- - - - -
4ab9bd59 by Mark Reynolds at 2019-03-15T10:12:44-04:00
Ticket 50077 - Do not automatically turn automember postop modifies on
Description: Although we have set the new postop processing on by
default in the template-dse.ldif, we do not want to
enable it by default for upgrades (only new installs).
So if the attribute is not set, it is assumed "off".
https://pagure.io/389-ds-base/issue/50077
Reviewed by: firstyear(Thanks!)
(cherry picked from commit d318d060f49b67ed1b10f22b52f98e038afa356a)
- - - - -
c7da16fb by Thierry Bordaz at 2019-03-18T14:45:58+01:00
Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry
Bug Description:
When a failure occurs during betxn_post plugin callback, the betxn_post plugins are called again.
This is to process some kind of undo action (for example usn or dna that manage counters).
If MEP plugin is called for a managing entry, it deletes the managed entry (that become a tombstone).
If later an other betxn_postop fails, then MEP is called again.
But as it does not detect the operation failure (for DEL and ADD), then it tries again
to delete the managed entry that is already a tombstone.
Fix Description:
The MEP betxn_post plugin callbacks (ADD and DEL) should catch the operation failure
and return.
It is already in place for MODRDN and MOD.
https://pagure.io/389-ds-base/issue/49561
Reviewed by: Mark Reynold, thanks !!
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
906e093f by Thierry Bordaz at 2019-03-18T14:50:31+01:00
Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry
Bug Description:
When a failure occurs during betxn_post plugin callback, the betxn_post plugins are called again.
This is to process some kind of undo action (for example usn or dna that manage counters).
If MEP plugin is called for a managing entry, it deletes the managed entry (that become a tombstone).
If later an other betxn_postop fails, then MEP is called again.
But as it does not detect the operation failure (for DEL and ADD), then it tries again
to delete the managed entry that is already a tombstone.
Fix Description:
The MEP betxn_post plugin callbacks (ADD and DEL) should catch the operation failure
and return.
It is already in place for MODRDN and MOD.
https://pagure.io/389-ds-base/issue/49561
Reviewed by: Mark Reynold, thanks !!
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
33fbced2 by Mark Reynolds at 2019-03-18T12:42:49-04:00
Ticket 50260 - Invalid cache flushing improvements
Description: The original version of the fix only checked if backend
transaction "post" operation plugins failed, but it did
not check for errors from the backend transaction "pre"
operation plugin. To address this we flush invalid
entries whenever any error occurs.
We were also not flushing invalid cache entries when
modrdn errors occurred. Modrdns only make changes to
the DN hashtable inside the entry cache, but we were only
checking the ID hashtable. So we also need to check the
DN hashtable in the entry cache for invalid entries.
https://pagure.io/389-ds-base/issue/50260
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
67aaee47 by Mark Reynolds at 2019-03-18T12:45:39-04:00
Ticket 50260 - Invalid cache flushing improvements
Description: The original version of the fix only checked if backend
transaction "post" operation plugins failed, but it did
not check for errors from the backend transaction "pre"
operation plugin. To address this we flush invalid
entries whenever any error occurs.
We were also not flushing invalid cache entries when
modrdn errors occurred. Modrdns only make changes to
the DN hashtable inside the entry cache, but we were only
checking the ID hashtable. So we also need to check the
DN hashtable in the entry cache for invalid entries.
https://pagure.io/389-ds-base/issue/50260
Reviewed by: firstyear & tbordaz(Thanks!!)
(cherry picked from commit 33fbced25277b88695bfba7262e606380e9d891f)
- - - - -
0a4ee32c by Ludwig Krispenz at 2019-03-21T09:24:58+01:00
Ticket 50265: the warning about skew time could last forever
Bug: if the local system time is set back more than 300 seconds
a worning about too much time skew is logged and the sampled
time is updated. This adjustment is done at every write operation
and can increase the time skew and be logged infinitely
Fix: the intention of the adjustment was to avoid a roll over of seq_num
if the sampled time is not increased for more than 65k oberations.
But this is already handled with an explicite check for seq_num
rollover. The extra adjustment for negative time skew can be removed.
Reviewed by: Thierry, William. Thanks.
- - - - -
c01d34cf by Ludwig Krispenz at 2019-03-21T09:29:16+01:00
Ticket 50265: the warning about skew time could last forever
Bug: if the local system time is set back more than 300 seconds
a worning about too much time skew is logged and the sampled
time is updated. This adjustment is done at every write operation
and can increase the time skew and be logged infinitely
Fix: the intention of the adjustment was to avoid a roll over of seq_num
if the sampled time is not increased for more than 65k oberations.
But this is already handled with an explicite check for seq_num
rollover. The extra adjustment for negative time skew can be removed.
Reviewed by: Thierry, William. Thanks.
- - - - -
f3aa0a60 by Timo Aaltonen at 2019-03-21T16:53:48+02:00
control: Drop 389-ds-base from -legacy-tools Depends. (Closes: #924265)
- - - - -
f57f72c2 by Timo Aaltonen at 2019-03-21T17:02:05+02:00
fix-dsctl-remove.diff: Don't hardcode sysconfig. (Closes: #925221)
- - - - -
37f919a7 by Mark Reynolds at 2019-03-22T16:27:15-04:00
Ticket 50300 - Fix memory leak in automember plugin
Description: We were allocating a pblock long before it was used, and
we were returning from the function on an error before we
freed it. The fix just allocates the pblock right before
it's used, and then it is properly freed.
https://pagure.io/389-ds-base/issue/50300
Reviewed by: mreynolds (one line commit rule)
- - - - -
d55de4d5 by Mark Reynolds at 2019-03-22T16:38:57-04:00
Ticket 50300 - Fix memory leak in automember plugin
Description: We were allocating a pblock long before it was used, and
we were returning from the function on an error before we
freed it. The fix just allocates the pblock right before
it's used, and then it is properly freed.
https://pagure.io/389-ds-base/issue/50300
Reviewed by: mreynolds (one line commit rule)
(cherry picked from commit 37f919a79a719c485742bb0bc2e09d8b2018a2b6)
- - - - -
28a5ddbd by Akshay Adhikari at 2019-03-25T14:56:54+05:30
Ticket 49463 After cleanALLruv, replication is looping on keep alive DEL
Bug Description: When cleanAllRuv is launched, it spawn cleanAllRuv on all replicas.
Each replica will clean its changelog and database RUV but in addition
will DEL the keep alive entry of the target ReplicaID.
Fix Description: Test case cover all the scenario to be tested for the fix.
https://pagure.io/389-ds-base/issue/49463
Review by: firstyear,tbordaz
- - - - -
395a4a26 by Mark Reynolds at 2019-03-25T11:23:59-04:00
Ticket 50289 - Fix various database UI issues
Description:
Fixed these issues:
- https://bugzilla.redhat.com/show_bug.cgi?id=1664621 - backup freezes when no suffix present
- https://bugzilla.redhat.com/show_bug.cgi?id=1685395 - Perform Backup fails when Backend Name is not configured
- https://bugzilla.redhat.com/show_bug.cgi?id=1688587 - typo when restarting instance
- https://bugzilla.redhat.com/show_bug.cgi?id=1688775 - db tree breaks when suffix contains spaces.
- https://bugzilla.redhat.com/show_bug.cgi?id=1688919 - backups fail with empty name
Also fixed issue where if you start an instance in UI the configuration is correctly loaded.
https://pagure.io/389-ds-base/issue/50289
Reviewed by: spichugi(Thanks!)
- - - - -
e568d474 by Mark Reynolds at 2019-03-25T11:34:21-04:00
Ticket 50289 - Fix various database UI issues
Description:
Fixed these issues:
- https://bugzilla.redhat.com/show_bug.cgi?id=1664621 - backup freezes when no suffix present
- https://bugzilla.redhat.com/show_bug.cgi?id=1685395 - Perform Backup fails when Backend Name is not configured
- https://bugzilla.redhat.com/show_bug.cgi?id=1688587 - typo when restarting instance
- https://bugzilla.redhat.com/show_bug.cgi?id=1688775 - db tree breaks when suffix contains spaces.
- https://bugzilla.redhat.com/show_bug.cgi?id=1688919 - backups fail with empty name
Also fixed issue where if you start an instance in UI the configuration is correctly loaded.
https://pagure.io/389-ds-base/issue/50289
Reviewed by: spichugi(Thanks!)
- - - - -
24f8b6d9 by Anuj Borah at 2019-03-25T23:18:24+05:30
Issue:50112 - Port ACI test suit from TET to python3(misc and syntax)
Port ACI test suit from TET to python3(misc and syntax)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: thierry bordaz, William Brown, Matus Honek, Ludwig Krispenz, Simon Pichugin
- - - - -
09965c45 by Simon Pichugin at 2019-03-26T23:07:47+01:00
Issue 50292 - Fix Plugin CLI and UI issues
Description: Fix 'All plugins' tab rendering issue.
Fix nsds5replicalastinitstatus typo.
Fix generic_object_add logic for cases when RDN is in props and BaseDN is supplied.
Add Posix Winsync API plugin
Add PAM PTA plugin
Fix underscore issues in plugin arguments.
Fix Linked Attribute plugin Fixup task arguments and name.
Change a 'print()' function to a 'log.info()' function.
https://pagure.io/389-ds-base/issue/50292
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
2b689f8b by Simon Pichugin at 2019-03-26T23:19:55+01:00
Issue 50292 - Fix Plugin CLI and UI issues
Description: Fix 'All plugins' tab rendering issue.
Fix nsds5replicalastinitstatus typo.
Fix generic_object_add logic for cases when RDN is in props and BaseDN is supplied.
Add Posix Winsync API plugin
Add PAM PTA plugin
Fix underscore issues in plugin arguments.
Fix Linked Attribute plugin Fixup task arguments and name.
Change a 'print()' function to a 'log.info()' function.
https://pagure.io/389-ds-base/issue/50292
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
38d4e523 by Thierry Bordaz at 2019-03-27T10:28:52+01:00
Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup
Bug Description:
SSL initialization does internal searches that access the vattr_global_lock
Thread private counter needs to be initialized by that time.
Currently it is initialized after SSL init.
Second problem was a leak of one 'int' per worker. It was used to keep the private counter.
Fix Description:
Call of vattr_global_lock_create needs to be called before slapd_do_all_nss_ssl_init.
Also, 'main' may or may not fork, the initialization fo the thread private variable
is done either on the child or parent depending if main forks or not.
The leak is fixed using a destructor callback of the private variable and so
call PR_SetThreadPrivate only if there is no private variable.
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Mark Reynolds, Simon Pichugi (thanks)
Platforms tested: F28
Flag Day: no
Doc impact: no
Ticket foo
- - - - -
74490fb2 by Thierry Bordaz at 2019-03-27T10:35:35+01:00
Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup
Bug Description:
SSL initialization does internal searches that access the vattr_global_lock
Thread private counter needs to be initialized by that time.
Currently it is initialized after SSL init.
Second problem was a leak of one 'int' per worker. It was used to keep the private counter.
Fix Description:
Call of vattr_global_lock_create needs to be called before slapd_do_all_nss_ssl_init.
Also, 'main' may or may not fork, the initialization fo the thread private variable
is done either on the child or parent depending if main forks or not.
The leak is fixed using a destructor callback of the private variable and so
call PR_SetThreadPrivate only if there is no private variable.
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Mark Reynolds, Simon Pichugi (thanks)
Platforms tested: F28
Flag Day: no
Doc impact: no
Ticket foo
- - - - -
235bde93 by Thierry Bordaz at 2019-03-28T17:58:46+01:00
Ticket 49873 - (cont 3rd) cleanup debug log
- - - - -
f7d71790 by Thierry Bordaz at 2019-03-28T18:15:01+01:00
Ticket 49873 - (cont 3rd) cleanup debug log
- - - - -
5d76a244 by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use PKG_CHECK_MODULES to detect the event library
- - - - -
f56f78db by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use PKG_CHECK_MODULES to detect the nspr library
- - - - -
a7f1dd08 by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use PKG_CHECK_MODULES to detect the nss library
- - - - -
d6a32479 by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use PKG_CHECK_MODULES to detect the cmocka library
- - - - -
5203410c by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use PKG_CHECK_MODULES to detect the pcre library
- - - - -
9f5f29a7 by Hugh McMaster at 2019-03-29T01:39:47+00:00
m4/doxygen.m4: Fix spelling of Doxygen in a message
- - - - -
40ca6e97 by Hugh McMaster at 2019-03-29T01:39:47+00:00
configure.ac: Remove unpaired parentheses from two help strings
- - - - -
a2ebc6d5 by Hugh McMaster at 2019-03-29T01:39:47+00:00
configure.ac: Add missing comma to an AC_ARG_ENABLE macro
- - - - -
e50466ee by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use PKG_CHECK_MODULES to detect the libsasl2 library
- - - - -
9d6531aa by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use pkg-config from the host system to better support cross-compiling
- - - - -
773e8989 by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use PKG_CHECK_MODULES to detect the kerberos library
- - - - -
11309bf3 by Hugh McMaster at 2019-03-29T01:39:47+00:00
Use PKG_CHECK_MODULES to detect the systemd library
- - - - -
6c2bb66f by Mark Reynolds at 2019-03-29T09:18:44-04:00
Ticket 50308 - Fix memory leaks for repeat binds and replication
Description: Fixed two memory leaks:
- If a worker thread had multiple binds the "bind dn"
thread data was leaked.
- Memory leak when processing changes in the changelog
https://pagure.io/389-ds-base/issue/50308
Reviewed by: firstyear(Thanks!)
- - - - -
85c3c304 by Mark Reynolds at 2019-03-29T09:20:58-04:00
Ticket 50308 - Fix memory leaks for repeat binds and replication
Description: Fixed two memory leaks:
- If a worker thread had multiple binds the "bind dn"
thread data was leaked.
- Memory leak when processing changes in the changelog
https://pagure.io/389-ds-base/issue/50308
Reviewed by: firstyear(Thanks!)
(cherry picked from commit 6c2bb66f15d7ab8ab079effc66e0705c2513b1fd)
- - - - -
1808f317 by Mark Reynolds at 2019-03-29T14:59:05-04:00
Ticket 50308 - Revise memory leak fix
Description; Turns out the previous commit did not address
the changelog leak, and it introduced a compiler
warning. This part of the fix is being reverted.
https://pagure.io/389-ds-base/issue/50308
- - - - -
11430afd by Mark Reynolds at 2019-03-29T15:01:57-04:00
Ticket 50308 - Revise memory leak fix
Description; Turns out the previous commit did not address
the changelog leak, and it introduced a compiler
warning. This part of the fix is being reverted.
https://pagure.io/389-ds-base/issue/50308
(cherry picked from commit 1808f317d5ef240fd0ac3947fcb90a895e46b436)
- - - - -
9d84a40d by Mark Reynolds at 2019-03-29T15:40:43-04:00
Bump version to 1.4.0.22
- - - - -
9a126614 by Mark Reynolds at 2019-03-29T16:06:14-04:00
Bump version to 1.4.1.2
- - - - -
223846df by William Brown at 2019-04-02T09:27:17+10:00
Ticket 49390 - improve compare and cn=config compare tests
Bug Description: We had a number of tests for the dsldapobject
compare cases, but they were in the lib389 tests. Move and update
these to work as part of the dirsrvtests suite.
Fix Description: Update lib389 to properly handle attribute casing
and update compare tests to work with newer lib389 ideas
https://pagure.io/389-ds-base/issue/49390
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks)
- - - - -
bc207222 by William Brown at 2019-04-02T13:06:28+10:00
Ticket 50310 - fix sasl header include
Bug Description: After the merge of the PKG_CONFIG change, on SUSE
the server fails to build. This is because the pkg-config for
sasl on suse doesn't add the -I include for sasl to the path so
using sasl.h doesn't work.
Fix Description: Change all references to sasl/sasl.h
https://pagure.io/389-ds-base/issue/50310
Author: William Brown <william at blackhats.net.au>
Review by: hmc, mreynolds (thanks!)
- - - - -
7a0b8ae5 by Viktor Ashirov at 2019-04-02T15:31:07+02:00
Issue 50032 - Fix deprecation warnings in tests
Bug Description:
Deprecation warnings are issued by Python for the following changes:
1. https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior
https://bugs.python.org/issue27364 - Deprecate invalid escape sequences in str/bytes
2. https://docs.python.org/3/whatsnew/3.7.html#deprecated-python-behavior
https://bugs.python.org/issue25988 - collections.abc.Indexable
3. https://docs.python.org/3/library/logging.html#logging.warning
https://bugs.python.org/issue13235 - logging.warn() is not documented
Fix Description:
1. Use correct escape sequences or raw strings where needed.
2. Import Callable from collections.abc instead of collections module directly.
3. Use logging.warning() instead of logging.warn().
Fixes https://pagure.io/389-ds-base/issue/50032
Reviewed by: mreynolds, spichugi
- - - - -
38515800 by Mark Reynolds at 2019-04-02T17:31:16+00:00
Ticket 50240 - Improve task logging
Description: Improve the updates to the task's log attribute when
errors occur. Previously we were not recording the
reason for most failures during db2ldif, ldif2db, and
db2index.
https://pagure.io/389-ds-base/issue/50240
Reviewed by: ?
- - - - -
593a7180 by Mark Reynolds at 2019-04-02T13:32:58-04:00
Ticket 50240 - Improve task logging
Description: Improve the updates to the task's log attribute when
errors occur. Previously we were not recording the
reason for most failures during db2ldif, ldif2db, and
db2index.
https://pagure.io/389-ds-base/issue/50240
Reviewed by: ?
- - - - -
c9d65282 by Mark Reynolds at 2019-04-02T13:36:48-04:00
Ticket 50306 - Move connection config inside struct
Description: We are constantly calling configuration get functions
during a connection. These calls are expensive, so we
should just store all these settings in the conn struct
during handle_new_connection()
https://pagure.io/389-ds-base/issue/50306
Reviewed by: firstyear(Thanks!)
- - - - -
78003de2 by Mark Reynolds at 2019-04-02T21:08:11-04:00
Ticket 50303 - Add task creation date to task data
Description: Add a new attribute to the slapi task entry containing
the start date. This provides a nice convenience without
having to change LDAP clients.
https://pagure.io/389-ds-base/issue/50303
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
73d18c8e by Mark Reynolds at 2019-04-02T21:11:29-04:00
Ticket 50303 - Add task creation date to task data
Description: Add a new attribute to the slapi task entry containing
the start date. This provides a nice convenience without
having to change LDAP clients.
https://pagure.io/389-ds-base/issue/50303
Reviewed by: firstyear & spichugi(Thanks!)
(cherry picked from commit 78003de289556ca6cdbe81fd200f80f4e8f69cbb)
- - - - -
b471f966 by Timo Aaltonen at 2019-04-03T09:44:07+03:00
Merge branch 'upstream'
- - - - -
9e4432a2 by Timo Aaltonen at 2019-04-03T09:44:52+03:00
bump changelog
- - - - -
0319ec02 by Viktor Ashirov at 2019-04-04T16:54:47+02:00
Issue 49915 - Add regression test
Fixes https://pagure.io/389-ds-base/issue/49915
Reviewed by: mreynolds (Thanks!)
- - - - -
018c8364 by William Brown at 2019-04-04T23:43:27+00:00
Ticket 49899 - fix pin.txt and pwdfile permissions
Bug Description: On unix, user and group permissions are basically
the same, because users always have a primary group. However, best
practice ignores this, and states everything should be user
owned only if security sensitive.
Fix Description: Make pin.txt and pwdfile user only owned to prevent
disclosure (in limited circumstances, this is little more than
a compliance step).
https://pagure.io/389-ds-base/issue/49899
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, mhonek (Thanks)
- - - - -
9e4ce5fa by Barbora Smejkalová at 2019-04-05T13:05:32+02:00
Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified
Description:
Updated test case to check modification of attributes in audit log, because it wasn't logged in correct format.
Also removed function in test_internal_log_level_131076 in ds_logs_test.py that I used for debugging when making that test and forgot to delete it..
https://pagure.io/389-ds-base/issue/50026
Reviewed by: mreynolds, tbordaz, spichugi (Thanks!)
- - - - -
78f8c17a by Matúš Honěk at 2019-04-05T14:48:08+02:00
Fix typo from: Issue 49915 - Add regression test
Fixes commit 0319ec02a.
Relates https://pagure.io/389-ds-base/pull-request/50320
- - - - -
d08f7eb6 by Mark Reynolds at 2019-04-05T11:13:36-04:00
Ticket 50305 - Revise CleanAllRUV task restart process
Bug Description: If the server was stopped while a CleanAllRUV task was
running the task gets marked in the replica config entry
so it knowns to resume the task at server startup. The
problem is that when it resumed it just fires off the
task thread, and did not create a new Slapi_Task entry.
This makes it impossible to track these tasks that got
resumed.
Fix Description: There were a few things wrong with the resume process,
including it was harded coded to only handle a maximum
of 4 tasks. We also were not recording all the required
information needed to resume the task.
Now "resume" process can handle an infinite number of
tasks, and it creates fresh Slapi_Task entries so the
tasks can be tracked.
CI tested & ASAN approved
https://pagure.io/389-ds-base/issue/50305
Reviewed by: lkrispenz(Thanks!)
- - - - -
1ebaff46 by Mark Reynolds at 2019-04-05T11:22:03-04:00
Ticket 50305 - Revise CleanAllRUV task restart process
Bug Description: If the server was stopped while a CleanAllRUV task was
running the task gets marked in the replica config entry
so it knowns to resume the task at server startup. The
problem is that when it resumed it just fires off the
task thread, and did not create a new Slapi_Task entry.
This makes it impossible to track these tasks that got
resumed.
Fix Description: There were a few things wrong with the resume process,
including it was harded coded to only handle a maximum
of 4 tasks. We also were not recording all the required
information needed to resume the task.
Now "resume" process can handle an infinite number of
tasks, and it creates fresh Slapi_Task entries so the
tasks can be tracked.
CI tested & ASAN approved
https://pagure.io/389-ds-base/issue/50305
Reviewed by: lkrispenz(Thanks!)
(cherry picked from commit d08f7eb688102cd54bbacd009d162f0cc16cd5fe)
- - - - -
51eb5b26 by William Brown at 2019-04-08T01:07:08+00:00
Ticket 50317 - fix ds-backtrace issue on latest gdb
Bug Description: ds-backtrace was failing due to a
type issue on latest python/gdb on suse.
Fix Description: If debug info is missing, a nonetype
was returned in the backtrace, causing a type mismatch
on " ".join().
https://pagure.io/389-ds-base/pull-request/50317
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
3347d922 by Martin Pitt at 2019-04-11T14:04:56+02:00
Fix cockpit console AppStream data
* Add missing <?xml> header
* Update <extends> to renamed cockpit ID, as "cockpit.desktop" is
invalid (§ 2.1.3 [1]) and got changed in [2]
* Avoid dashes in <id> (§2.1.3) and use the actual project's home page.
Rename the file accordingly.
* Use a more verbose description from the home page ("style-invalid"
validation error)
* Avoid whitespace in <summary>
* Add homepage URL
* Add <update_contact>
`appstream-util validate src/cockpit/389-console/org.cockpit-project.389-console.metainfo.xml`
is happy now.
[1] https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#sect-Metadata-GenericComponent
[2] https://github.com/cockpit-project/cockpit/pull/11557
- - - - -
34fbb5b1 by Martin Pitt at 2019-04-11T13:25:16-04:00
Fix cockpit console AppStream data
* Add missing <?xml> header
* Update <extends> to renamed cockpit ID, as "cockpit.desktop" is
invalid (§ 2.1.3 [1]) and got changed in [2]
* Avoid dashes in <id> (§2.1.3) and use the actual project's home page.
Rename the file accordingly.
* Use a more verbose description from the home page ("style-invalid"
validation error)
* Avoid whitespace in <summary>
* Add homepage URL
* Add <update_contact>
`appstream-util validate src/cockpit/389-console/org.cockpit-project.389-console.metainfo.xml`
is happy now.
[1] https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#sect-Metadata-GenericComponent
[2] https://github.com/cockpit-project/cockpit/pull/11557
(cherry picked from commit 3347d922272c0be98978b3660fdf79f6930a0ec8)
- - - - -
ab94fc12 by Mark Reynolds at 2019-04-12T16:14:22-04:00
Ticket 50291 - Add monitor tab functionality to Cockpit UI
Description: Added the backend functionality to the monitoring
tab.
Also returned all dsconf errors as json objects so
the UI could display friendly error messages
https://pagure.io/389-ds-base/issue/50291
Reviewed by: spichugi(Thanks!)
- - - - -
1d13ff25 by Mark Reynolds at 2019-04-12T16:23:26-04:00
Ticket 50291 - Add monitor tab functionality to Cockpit UI
Description: Added the backend functionality to the monitoring
tab.
Also returned all dsconf errors as json objects so
the UI could display friendly error messages
https://pagure.io/389-ds-base/issue/50291
Reviewed by: spichugi(Thanks!)
(cherry picked from commit ab94fc12e2dedf21c7784609600d60b9999e1ce4)
- - - - -
117d4ba0 by Thierry Bordaz at 2019-04-15T11:52:27+02:00
Ticket 50306 - (cont typo) Move connection config inside struct
Bug Description:
typo where ioblocktimeout was erronously computed from maxbersize
Fix Description:
move c_maxbersize to c_ioblocktimeout
https://pagure.io/389-ds-base/issue/50306
Reviewed by: Thierry Bordaz
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
8ca14203 by Mark Reynolds at 2019-04-15T11:15:02-04:00
Ticket 49990 - Increase the default FD limits
Description: As discussed in the ticket, this fix sets the maxdescriptors
to the maximum allowed by the OS/systemd. If this limit can
not be obtained then we fall back to 8192 as the limit
https://pagure.io/389-ds-base/issue/49990
Reviewed by: tbordaz & firstyear(Thanks!!)
- - - - -
2c583a97 by Mark Reynolds at 2019-04-15T11:31:53-04:00
Ticket 49990 - Increase the default FD limits
Description: As discussed in the ticket, this fix sets the maxdescriptors
to the maximum allowed by the OS/systemd. If this limit can
not be obtained then we fall back to 8192 as the limit
https://pagure.io/389-ds-base/issue/49990
Reviewed by: tbordaz & firstyear(Thanks!!)
(cherry picked from commit 8ca142034a051122b78bdaa3a948d3c50d4cca7e)
- - - - -
4d9cc24d by Thierry Bordaz at 2019-04-15T18:06:17+02:00
Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
Bug Description:
A secure socket is configured in blocking mode. If an event
is detected on a secure socket a worker, tries to read the request.
The read can hang indefinitely if there is nothing to read.
As a consequence ioblocktimeout is not enforced when reading secure socket
Fix Description:
The fix is specific to secure socket read.
Before reading it polls the socket for a read. The socket is poll
(with a 0.1s timeout) until read is possible or sum of poll timeout
is greater than ioblocktimeout.
https://pagure.io/389-ds-base/issue/50329
Reviewed by: Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
fcf2b5dd by Thierry Bordaz at 2019-04-15T18:11:37+02:00
Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
Bug Description:
A secure socket is configured in blocking mode. If an event
is detected on a secure socket a worker, tries to read the request.
The read can hang indefinitely if there is nothing to read.
As a consequence ioblocktimeout is not enforced when reading secure socket
Fix Description:
The fix is specific to secure socket read.
Before reading it polls the socket for a read. The socket is poll
(with a 0.1s timeout) until read is possible or sum of poll timeout
is greater than ioblocktimeout.
https://pagure.io/389-ds-base/issue/50329
Reviewed by: Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
68b6319d by Simon Pichugin at 2019-04-15T18:32:43+02:00
Issue 50041 - Add the rest UI Plugin tabs - Part 1
Description: Add UI plugin tabs for accountPolicy, attributeUniqueness,
linkedAttributes, referentialIntegrity, retroChangelog, rootDNAccessControl
and winsync.
Reorder the tabs to make the usage more intuitive.
Fix Attribute Uniqueness logging level issue.
Move pluginTable.jsx content to pluginTables.jsx.
Fix a small 'help' typo in dbtasks.py.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds (Thanks!)
- - - - -
56373fb5 by William Brown at 2019-04-16T00:53:40+00:00
Ticket 49390, 50019 - support cn=config compare operations
Bug Description: Ansible will attempt to check the state of a value
before it makes an alteration on the ldap server. To do this in a
correct and schema aware fashion, it will use the ldapcompare operation.
It's a request that people want to manage their cn=config with ansible,
however dse.c didn't support ldapcompare on these backends.
Fix Description: Add support for ldapcompare operations on dse.c,
including the ability to correctly generate the cn=config defaults
into the entry for comparison.
This also adds support for ldapcompare as the default comparitor in
lib389.
https://pagure.io/389-ds-base/issue/49390
https://pagure.io/389-ds-base/issue/50019
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
af97382f by Anuj Borah at 2019-04-16T14:00:20+05:30
Issue:50112 - Port ACI test suit from TET to python3(Delete and Add)
Port ACI test suit from TET to python3(Delete and Add)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown, Simon Pichugin
- - - - -
9724e8bb by Anuj Borah at 2019-04-17T15:17:28+05:30
Issue: 50313 - Add a NestedRole type to lib389
Add the NestedRole and the NestedRoles classes to src/lib389/lib389/idm/role.py
Add one test case that will test that the new class NestedRoles is
working fine.
https://pagure.io/389-ds-base/issue/50313
Reviewed by: Simon Pichugin, thierry bordaz
- - - - -
6d080a0a by William Brown at 2019-04-18T12:58:01+10:00
Ticket 50329 - improve connection default parameters
Bug Description: An issue was raised that appears that our default
values may be misleading and hard to configure correctly in some
circumstances. We should improve our default values to have better
time sharing for connections.
Fix Description: Improve ioblock to be shorter to prevent write
blocks, make reads quicker for sharing, and by default have an
idle disconnect to clients.
https://pagure.io/389-ds-base/issue/50329
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
4f7c05e2 by Mark Reynolds at 2019-04-18T09:37:20-04:00
Ticket 50327 - Add replication conflict entry support to lib389/CLI
Description: Added Conflict Entry and Glue entry classes to lib389,
and updated dsconf to allow for conflict entry management.
Made some other minor changes to mapped objects:
- Added an attribute list option to display()
- Added a recursive delete option to delete()
https://pagure.io/389-ds-base/issue/50327
Reviewed by: firstyear, lkrispen, and spichugi(Thanks!!!)
- - - - -
fec59e01 by Mark Reynolds at 2019-04-18T09:45:22-04:00
Ticket 50327 - Add replication conflict entry support to lib389/CLI
Description: Added Conflict Entry and Glue entry classes to lib389,
and updated dsconf to allow for conflict entry management.
Made some other minor changes to mapped objects:
- Added an attribute list option to display()
- Added a recursive delete option to delete()
https://pagure.io/389-ds-base/issue/50327
Reviewed by: firstyear, lkrispen, and spichugi(Thanks!!!)
(cherry picked from commit 4f7c05e2879cee7d205531edb64b19ad799e20bd)
- - - - -
21e10bd5 by Mark Reynolds at 2019-04-22T10:59:02-04:00
Ticket 50327 - Add replication conflict support to UI
Description: Added a page under the monitor tab to view and management
replication conflict and glue entries.
https://pagure.io/389-ds-base/issue/50327
Reviewed by: spichugi(Thanks!)
- - - - -
bc662300 by Timo Aaltonen at 2019-04-24T12:04:15+03:00
releasing package 389-ds-base version 1.4.0.22-1
- - - - -
4f710b35 by Mark Reynolds at 2019-04-24T17:03:55-04:00
Ticket 50327 - Add replication conflict support to UI
Description: Added a page under the monitor tab to view and management
replication conflict and glue entries.
https://pagure.io/389-ds-base/issue/50327
Reviewed by: spichugi(Thanks!)
(cherry picked from commit 21e10bd59dc6c3094337c8340a28a588ddd7cfa4)
- - - - -
fc46de68 by Ludwig Krispenz at 2019-04-25T13:51:51+02:00
Ticket 50340 - structs for diabled plugins will not be freed
Bug: when plugins are loaded from dse.ldif enabled plugins will be added to
the list of the plugin type and freed when plugins are stopped.
But the memory allocated for disabled plugins will remain allocated and
and be reported.
Fix: free plugin if not enabled after loading
This will alos let the many leaks reported for "GrowStuff" disappear.
The fix also contains one missing free for slapi_ch_smprintf allocated memory
Reviewed by: Mark, thanks
- - - - -
dd14c53c by Ludwig Krispenz at 2019-04-25T13:57:02+02:00
Ticket 50340 - structs for diabled plugins will not be freed
Bug: when plugins are loaded from dse.ldif enabled plugins will be added to
the list of the plugin type and freed when plugins are stopped.
But the memory allocated for disabled plugins will remain allocated and
and be reported.
Fix: free plugin if not enabled after loading
This will alos let the many leaks reported for "GrowStuff" disappear.
The fix also contains one missing free for slapi_ch_smprintf allocated memory
Reviewed by: Mark, thanks
- - - - -
6a6b8d96 by Simon Pichugin at 2019-04-26T13:29:44+02:00
Issue #50067 - Fix krb5 dependency in a specfile
Bug Description: The build fails because the krb5 dependencies
are not installed while using specfile.
Fix Description: Add pkgconfig(krb5) to the BuildRequires section.
https://pagure.io/389-ds-base/issue/50067
Reviewed by: mhonek, mreynolds (Thanks!)
- - - - -
80468425 by William Brown at 2019-05-01T11:38:11+10:00
Ticket 50344 - tidy rpm vs build systemd flag handling
Bug Description: In rpm builds we would read with_systemd from
defaults.inf, which has a diffeent value to hand-building. AS
a result this caused as issue in dscontainer on opensuse where
it believed systemd was present.
Fix Description: Simplify the systemd handling to a single flag
which is possible to override in a container env.
https://pagure.io/389-ds-base/issue/50344
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
468b8a8d by Anuj Borah at 2019-05-06T21:05:57+05:30
Issue: 50112 - Port ACI test suit from TET to python3(keyaci)
Port ACI test suit from TET to python3(keyaci)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: Mark Reynolds, Simon Pichugin, William Brown, Viktor Ashirov
- - - - -
f35ad371 by Thierry Bordaz at 2019-05-07T17:36:07+02:00
Ticket 50329 - revert fix
Bug Description:
This fix introduces a regression BZ 1705125
https://pagure.io/389-ds-base/issue/50329
- - - - -
4950a3e3 by Thierry Bordaz at 2019-05-07T17:43:37+02:00
Ticket 50329 - revert fix
Bug Description:
This fix introduces a regression BZ https://bugzilla.redhat.com/show_bug.cgi?id=1705125
https://pagure.io/389-ds-base/issue/50329
- - - - -
06c9f534 by Hugh McMaster at 2019-05-09T21:35:00+10:00
Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion
Bug Description:
The NSS header cert.h resides in different paths on different operating
systems. Hardcoding a path prefix as #include <nss3/cert.h> caused
fatal compile-time errors on some operating systems, such as Debian,
because the C preprocessor could not find the header.
Fix Description:
Removing the 'nss3' path prefix allows compilation to succeed, as
the compiler can locate cert.h in the NSS include path detected
by pkg-config.
Changes to rpm/389-ds-base.spec.in included at the request of
Matus Honek in https://pagure.io/389-ds-base/pull-request/50352
Author: Hugh McMaster <hugh.mcmaster at outlook.com>
Reviewed by: firstyear, mhonek, mreynolds
Remove NSS header and library path hacks from the rpm package spec file
Patch suggested by Matus Honek in https://pagure.io/389-ds-base/pull-request/50352
- - - - -
aa1bde47 by Anuj Borah at 2019-05-10T08:06:41+05:30
Issue: 50358 - Create a Bitwise Plugin class in plugins.py
Create a Bitwise Plugin class in plugins.py
https://pagure.io/389-ds-base/issue/50358
Author: aborah
Reviewed by: William Brown
- - - - -
e5ae9d0d by Viktor Ashirov at 2019-05-10T14:18:33+02:00
Issue 50303 - Add creation date to task data
Bug Description:
Tests are failing on <1.4.1.2 where nsTaskCreated attribute doesn't exists
Fix Description:
Check for nsTaskCreated attribute only in 1.4.1.2+
Additionally, run dscreate test only on 1.4.0.0+
Fixes https://pagure.io/389-ds-base/issue/50303
Reviewed by: mhonek (Thanks!)
- - - - -
9e80a33e by Viktor Ashirov at 2019-05-10T14:20:38+02:00
Issue #50353 - Categorize tests by tiers
Bug Description:
We should have different tiers of tests:
tier0 - basic functionality (installation, instance startup, basic operations, import/export, etc.)
tier1 - functional tests for the most used features
tier2 - functional tests for the less used features and tests that take more time to complete (stress tests)
tier3 - long duration tests.
Fix Description:
Use pytest marks per test module or individually.
Fixes https://pagure.io/389-ds-base/issue/50353
Reviewed by: spichugi (Thanks!)
- - - - -
b770ac72 by Matúš Honěk at 2019-05-10T15:41:36+02:00
Issue 49730 - MozLDAP bindings have been unsupported for a while
Bug Description:
We haven't been supporting MozLDAP for a long time. In fact, it is not possible
to build without OpenLDAP as MozLDAP specifics were not maintained properly.
Fix Description:
Remove all MozLDAP-only features from the code.
Fixes https://pagure.io/389-ds-base/issue/49730
Relates https://pagure.io/389-ds-base/pull-request/50332
Author: mhonek
Review by: hmc, firstyear, spichugi (Thanks!)
- - - - -
974c802f by Mark Reynolds at 2019-05-13T09:56:35-04:00
Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes
Bug Description: If for some reason an entry's multi-valued attribute
values are in different orders on different replicas
the tool reports this as an inconsistency when it is
not.
Fix Description: For both offline & online processing sort each entry's
multi-valued attribute values.
https://pagure.io/389-ds-base/issue/50363
Reviewed by: firstyear & mhonek (Thanks!!)
- - - - -
f3192039 by Mark Reynolds at 2019-05-13T10:00:10-04:00
Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes
Bug Description: If for some reason an entry's multi-valued attribute
values are in different orders on different replicas
the tool reports this as an inconsistency when it is
not.
Fix Description: For both offline & online processing sort each entry's
multi-valued attribute values.
https://pagure.io/389-ds-base/issue/50363
Reviewed by: firstyear & mhonek (Thanks!!)
(cherry picked from commit 974c802fceb429315bf799805917a208b44c4917)
- - - - -
423a9ce2 by Viktor Ashirov at 2019-05-14T10:20:32+02:00
Issue 50164 - Add test for dscreate to basic test suite
Bug Description:
dscreate tests do not work properly when newer lib389 is used
with older 389-ds-base versions.
Fix Description:
* Unset PYTHONPATH for dscreate if it's set to prevent clobbering system
lib389.
* Don't run dscreate_test on older versions, where instance-specific sysconfig
env file is mentioned in systemd unit file. dscreate no longer creates it and
causes dirsrv service fail to start.
* Don't check for instance-specific sysconfig env file on removing the instance
since it's no longer created.
Fixes https://pagure.io/389-ds-base/issue/50164
Reviewed by: mreynolds (Thanks!)
- - - - -
fa74996f by Viktor Ashirov at 2019-05-14T10:24:15+02:00
Fix missing import
Reviewed by: one line commit rule
- - - - -
505b563d by Ludwig Krispenz at 2019-05-14T17:16:30+02:00
Ticket 50340 cont - structs for disabled plugins will not be freed
Bug: The original fix did free structs for not enabled plugins, but
they remained in the depenendency list of plugins and when the
list was processed a freed struct could be accessed
Fix: do not add a disabled plugin to the plugin dependency list
Reviewed by: Mark, thanks
- - - - -
8ea36434 by Ludwig Krispenz at 2019-05-14T17:19:34+02:00
Ticket 50340 cont - structs for disabled plugins will not be freed
Bug: The original fix did free structs for not enabled plugins, but
they remained in the depenendency list of plugins and when the
list was processed a freed struct could be accessed
Fix: do not add a disabled plugin to the plugin dependency list
Reviewed by: Mark, thanks
- - - - -
7141b8d1 by Mark Reynolds at 2019-05-14T22:22:04-04:00
Ticket 50370 - CleanAllRUV task crashing during server shutdown
Description: There is a race condition during server shutdown that
can cause the server to crash. Increment the active
thread count for each cleaning task to prevent the plugins
from being closed before the thread terminates.
https://pagure.io/389-ds-base/issue/50370
Reviewed by: firstyear(Thanks!)
- - - - -
44707447 by Mark Reynolds at 2019-05-14T22:36:27-04:00
Ticket 50370 - CleanAllRUV task crashing during server shutdown
Description: There is a race condition during server shutdown that
can cause the server to crash. Increment the active
thread count for each cleaning task to prevent the plugins
from being closed before the thread terminates.
https://pagure.io/389-ds-base/issue/50370
Reviewed by: firstyear(Thanks!)
(cherry picked from commit 7141b8d10382e8dcb8528b57e5226c82506b79b9)
- - - - -
87338c17 by Akshay Adhikari at 2019-05-15T14:52:22+05:30
Issue 50220 - attr_encryption test suite failing
Description: Fixed the issue by removing the old function of creating an encrypted attribute
with a new one.
Fixes https://pagure.io/389-ds-base/issue/50220
Reviewed by: firstyear,viktor
- - - - -
d0da0284 by Anuj Borah at 2019-05-15T19:20:18+05:30
Issue:48851 - investigate and port TET matching rules filter tests
Investigate and port TET matching rules filter tests
https://pagure.io/389-ds-base/issue/48851
Reviewed by: William Brown, thierry bordaz, Viktor Ashirov, Simon Pichugin, Matus Honek
- - - - -
41c30fd5 by Mark Reynolds at 2019-05-15T16:07:42-04:00
Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
Description: When the client is a IPv6 client, any ACI's that contain bind rules
for IPv4 addresses essentially break that aci causing it to not be
fully evaluated.
For example we have an aci like this:
aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(
read,search,compare) userdn="ldap:///anyone" and
(ip="127.0.0.1" or ip="2620:52:0:84:f816:3eff:fe4b:4f35");)
So when the client is IPv6 we start processing the IP addresses in
the ACI, as soon as a IPv4 address is found the ACI evaluation stops
and in this case the IPv6 address is never checked and access is denied.
The problem is that we set the wrong return code variable in libaccess
https://pagure.io/389-ds-base/issue/50378
Reviewed by: mreynolds (one line commit rule)
- - - - -
64a784f4 by Mark Reynolds at 2019-05-15T16:10:37-04:00
Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
Description: When the client is a IPv6 client, any ACI's that contain bind rules
for IPv4 addresses essentially break that aci causing it to not be
fully evaluated.
For example we have an aci like this:
aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(
read,search,compare) userdn="ldap:///anyone" and
(ip="127.0.0.1" or ip="2620:52:0:84:f816:3eff:fe4b:4f35");)
So when the client is IPv6 we start processing the IP addresses in
the ACI, as soon as a IPv4 address is found the ACI evaluation stops
and in this case the IPv6 address is never checked and access is denied.
The problem is that we set the wrong return code variable in libaccess
https://pagure.io/389-ds-base/issue/50378
Reviewed by: mreynolds (one line commit rule)
(cherry picked from commit 41c30fd557d4cc0aaaf8a9f7767d37746f4c4bc4)
- - - - -
632ecb90 by Mark Reynolds at 2019-05-15T20:16:42-04:00
Ticket 50251 - clear text passwords visable in CLI verbose mode logging
Bug Description: If you run any of the CLI tools using "-v", and set a password,
that password will be displayed in clear text in the console.
Fix Description: Create an internal list of sensitive attributes to filter, and
mask them in the operation debug logging. But still allow the
password to be seen if you set the env variable DEBUGGING=true
We also still print the root DN password if it is a container
installation.
https://pagure.io/389-ds-base/issue/50251
Reviewed by: spichugi, firstyear, and mhonek (Thanks!!!)
- - - - -
2c51eeb4 by Viktor Ashirov at 2019-05-16T12:44:48+02:00
Issue - 50374 dsdim posixgroup create fails with ERROR
Bug Description:
dsidm posixgroup create passes a wrong parameter to
_get_attributes.
Fix Description:
Fix the parameter name.
Fixes https://pagure.io/389-ds-base/issue/50374
Reviewed by: mreynolds (Thanks!)
- - - - -
a9e4ce00 by Viktor Ashirov at 2019-05-16T14:48:08+02:00
Issue 49761 - Fix CI test suite issues
Description:
Fix various failures on older releases for tier1 tests
Relates https://pagure.io/389-ds-base/issue/49761
Reviewed by: spichugi (Thanks!)
- - - - -
cd000871 by Barbora Smejkalová at 2019-05-16T15:01:38+02:00
Issue 49029 - [RFE] improve internal operations logging
Description:
Edited the test cases by changing the 'op' number to regex, because the values were hardcoded into the test and if there was some more fixing of internal logs that would cause the 'op' number to raise up/lower down then the test would fail. The main goal is to check syntax of internal messages, not to match 'op' numbers.
Also changed strings in src/lib389/lib389/dirsrv_log.py to raw strings to stop showing warnings about deprecation.
https://pagure.io/389-ds-base/issue/49029
Reviewed by: vashirov (Thanks!)
- - - - -
9ebf5f8a by Viktor Ashirov at 2019-05-16T18:38:08+02:00
Issue 50384 - Missing dependency: cracklib-dicts
Bug Description:
passwordDictCheck relies on cracklib and uses a default dictionary
provided by cracklib-dicts, but we don't depend on it.
Fix Description:
Add missing dependency for cracklib-dicts
Fixes https://pagure.io/389-ds-base/issue/50384
Reviewed by: ???
- - - - -
1bb8882d by Mark Reynolds at 2019-05-16T13:43:51-04:00
Ticket 50251 - clear text passwords visable in CLI verbose mode logging
Bug Description: If you run any of the CLI tools using "-v", and set a password,
that password will be displayed in clear text in the console.
Fix Description: Create an internal list of sensitive attributes to filter, and
mask them in the operation debug logging. But still allow the
password to be seen if you set the env variable DEBUGGING=true
We also still print the root DN password if it is a container
installation.
https://pagure.io/389-ds-base/issue/50251
Reviewed by: spichugi, firstyear, and mhonek (Thanks!!!)
(cherry picked from commit 632ecb90d96ac0535656f5aaf67fd2be4b81d310)
- - - - -
26b9e1b0 by Mark Reynolds at 2019-05-16T16:26:49-04:00
Ticket 50306 - Fix regression with maxbersize
Description: When passing the max BER size to openldap we were using the wrong
integer type, and it caused it to not be enforced.
https://pagure.io/389-ds-base/issue/50306
Reviewed by: mreynolds(one line commit rule)
- - - - -
31c89d3b by Simon Pichugin at 2019-05-17T20:35:26+02:00
Issue 50390 - Add Managed Entries Plug-in Config Entry schema
Description: Add AttributeTypes and an ObjectClass to Managed Entries
Plug-in Configuration entry schema.
Fix MEPConfigs(DSLdapObjects) accordingly.
https://pagure.io/389-ds-base/issue/50390
Reviewed by: mreynolds (Thanks!)
- - - - -
7c71e762 by Simon Pichugin at 2019-05-17T21:27:44+02:00
Issue 50390 - Add Managed Entries Plug-in Config Entry schema
Description: Add AttributeTypes and an ObjectClass to Managed Entries
Plug-in Configuration entry schema.
Fix MEPConfigs(DSLdapObjects) accordingly.
https://pagure.io/389-ds-base/issue/50390
Reviewed by: mreynolds (Thanks!)
(cherry picked from commit 31c89d3bbd0bcfea71b4e6be912ad4bb9f43e171)
- - - - -
f2c63bcd by Viktor Ashirov at 2019-05-20T14:50:47+02:00
Issue 50387 - enable_tls() should label ports with ldap_port_t
Bug Description:
In some tests we use enable_tls(), but the secure port doesn't get
labeled automatically with ldap_port_t.
Fix Description:
Fix enable_tls() to label secure port.
Additionally fix typo in pluginpath_validation_test.py
Fixes https://pagure.io/389-ds-base/issue/50387
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
0935b8af by Mark Reynolds at 2019-05-20T15:06:54-04:00
Ticket 50396 - Crash in PAM plugin when user does not exist
Description: pam passthru & addn plugin causes crash in bind when
user does not exist. Need to make sure we don't
dereference NULL pointer.
https://pagure.io/389-ds-base/issue/50396
Reviewed by: mreynolds & tbordaz
- - - - -
f76845fe by Mark Reynolds at 2019-05-20T15:10:18-04:00
Ticket 50396 - Crash in PAM plugin when user does not exist
Description: pam passthru & addn plugin causes crash in bind when
user does not exist. Need to make sure we don't
dereference NULL pointer.
https://pagure.io/389-ds-base/issue/50396
Reviewed by: mreynolds & tbordaz
(cherry picked from commit 0935b8af6c8925c7a79a0a22103142ef5f7c5960)
- - - - -
2738fd00 by Viktor Ashirov at 2019-05-21T11:16:41+02:00
Issue 49960 - Core schema contains strings instead of numer oids
Bug Description:
Core schema contains strings instead of numer oids.
Fix Description:
Update schema files with the correct oids.
Relates: https://pagure.io/389-ds-base/issue/49960
Reviewed by: firstyear, mreynolds, spichugi (Thanks!)
- - - - -
6fd9a413 by Anuj Borah at 2019-05-21T15:54:26+05:30
Issue: 50112 - Port ACI test suit from TET to python3(roledn)
Description: Port ACI test suit from TET to python3 (roledn)
Relates: https://pagure.io/389-ds-base/issue/50112
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
ca70d06f by Mark Reynolds at 2019-05-21T16:26:47+00:00
Ticket 50393 - maxlogsperdir accepting negative values
Description: Improve the log "digit" config setting validation
for all settings.
https://pagure.io/389-ds-base/issue/50393
Reviewed by: tbordaz, firstyear, mhonek, and spichugi (Thanks!!!!)
- - - - -
2e749e72 by Mark Reynolds at 2019-05-21T12:28:22-04:00
Ticket 50393 - maxlogsperdir accepting negative values
Description: Improve the log "digit" config setting validation
for all settings.
https://pagure.io/389-ds-base/issue/50393
Reviewed by: tbordaz, firstyear, mhonek, and spichugi (Thanks!!!!)
(cherry picked from commit ca70d06fbb7a2c06c62f0ba5b192dba36f24b8e3)
- - - - -
a8bc2e33 by Anuj Borah at 2019-05-21T22:32:50+05:30
Issue: 50112 - Port ACI test suit from TET to python3(userattr)
Description: Port ACI test suit from TET to python3(userattr)
Fixes https://pagure.io/389-ds-base/issue/50112
Author: aborah
Reviewed by: Matus Honek, Simon Pichugin
- - - - -
c4a2eb4a by Viktor Ashirov at 2019-05-22T17:12:21+02:00
Issue 50037 - lib389 fails to install in venv under non-root user
Bug description:
Some files were installed using absolute path, preventing installation
under non-root user.
Fix description:
Change paths to be relative to the current prefix.
Update .gitignore to exlcude venv and build products.
Update tox.ini to the current supported Python versions.
Fixes https://pagure.io/389-ds-base/issue/50037
Reviewed by: mhonek, firstyear, spichugi (Thanks!)
- - - - -
db29fc2d by Anuj Borah at 2019-05-23T15:31:14+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(scanlimit)
investigate and port TET matching rules filter tests(scanlimit)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin, Matus Honek
- - - - -
2886ba77 by Thierry Bordaz at 2019-05-23T15:15:28+02:00
Ticket 50389 - ns-slapd craches while two threads are polling the same connection
Bug Description:
nspr IO is not multi-threaded safe.
389-ds should not be in a situation where several threads are polling
a same connection at the same time.
The scenario is a worker send back an operation result at the same time
another worker wants to read an incoming request.
Fix Description:
The fix consist in synchonizing polling with c_pdumutex.
The thread that sends data (flush_ber) hold c_pdumutex.
The thread that reads the data does a non blocking read. It then
enforce ioblocktimeout with iteration of poll.
The reading thread must hold c_pdumutex during poll to synchronize
with the reader thread.
The reading thread must poll with a small timeout
(CONN_TURBO_TIMEOUT_INTERVAL). In order to not block
the thread that send back data, the fix reduces the delay to 0.1s.
https://pagure.io/389-ds-base/issue/50389
Reviewed by: Mark Reynolds, Matus Honek, William Brown
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
f8e5e010 by Viktor Ashirov at 2019-05-23T16:17:40+02:00
Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389
Bug Description:
There is a typo in formatInfData() that generates invalid inf file.
Fix Description:
Fix the typo.
Fixes https://pagure.io/389-ds-base/issue/50403
Reviewed by: mreynolds (Thanks!)
- - - - -
2ca86fe1 by Ludwig Krispenz at 2019-05-24T12:55:36-04:00
Ticket 50340 - 2nd try - structs for diabled plugins will not be freed
Bug: when plugins are loaded from dse.ldif enabled plugins will be added to
the list of the plugin type and freed when plugins are stopped.
But the memory allocated for disabled plugins will remain allocated and
and be reported.
Fix: The previous fix did free not enabled plugins in plugin_setup, but
that caused a lot of issues.
This patch frees not enabled plugins in plugin_dependency_freeall
Reviewed by: ?
Signed-off-by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
ba46b9a8 by Simon Pichugin at 2019-05-24T19:11:29+02:00
Issue 50041 - Add the rest UI Plugin tabs - Part 2
Description: Add UI plugin tabs for autoMembership, DNA, managedEntries,
passthroughAuthentication, usn.
Add Shared Config Entry to referentialIntegrity plugin.
Add Plugin Precedence field to the basic plugin configuration.
Fix CLI tools according to the UI changes.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds (Thanks!)
- - - - -
bc773989 by Viktor Ashirov at 2019-05-24T20:24:41+02:00
Issue 49761 - Fix CI test suite issues
Bug Description:
RootDN plugin test was failing because of a race condition: existing
connection was reused to test allow/deny rules.
Fix Description:
Refactor test to use direct ldap connection instead of topology's bind.
Relates https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
1f1119d4 by Mark Reynolds at 2019-05-24T14:37:38-04:00
Bump version to 1.4.1.3
- - - - -
41a8e4c6 by Ludwig Krispenz at 2019-05-24T15:20:36-04:00
Ticket 50340 - 2nd try - structs for diabled plugins will not be freed
Bug: when plugins are loaded from dse.ldif enabled plugins will be added to
the list of the plugin type and freed when plugins are stopped.
But the memory allocated for disabled plugins will remain allocated and
and be reported.
Fix: The previous fix did free not enabled plugins in plugin_setup, but
that caused a lot of issues.
This patch frees not enabled plugins in plugin_dependency_freeall
Reviewed by: ?
Signed-off-by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
3e193b9a by Simon Pichugin at 2019-05-24T15:31:24-04:00
Issue 50041 - Add the rest UI Plugin tabs - Part 2
Description: Add UI plugin tabs for autoMembership, DNA, managedEntries,
passthroughAuthentication, usn.
Add Shared Config Entry to referentialIntegrity plugin.
Add Plugin Precedence field to the basic plugin configuration.
Fix CLI tools according to the UI changes.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds (Thanks!)
- - - - -
ba68333a by Mark Reynolds at 2019-05-24T15:32:48-04:00
Bump version to 1.4.0.23
- - - - -
08a6aadc by Hugh McMaster at 2019-05-27T22:50:59+10:00
Ticket 49730 - Remove unused Mozilla ldapsdk variables
Bug Description:
The recent removal of support for Mozilla's ldapsdk in b770ac7
left behind some unused variables.
Fix Description:
Remove the unused variables from the code base.
Author: Hugh McMaster <hugh.mcmaster at outlook.com>
Review by: firstyear, mreynolds, mhonek
- - - - -
71e27117 by Viktor Ashirov at 2019-05-27T17:01:51+02:00
Issue 50390 - Add Managed Entries Plug-in Config Entry schema
Bug Description:
On older versions without the MEP config entry schema lib389 fails
to configure MEP plugin
Fix Description:
Check if we have required schema present, otherwise fallback to extensibleObject
Relates https://pagure.io/389-ds-base/issue/50390
Reviewed by: spichugi (Thanks!)
- - - - -
cf01e3b4 by Anuj Borah at 2019-05-28T16:29:16+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(vfilter_ld)
Investigate and port TET matching rules filter tests(vfilter_ld)
Relates: https://pagure.io/389-ds-base/issue/48851
Reviewed by: Simon Pichugin
- - - - -
3d4c48eb by Mark Reynolds at 2019-05-28T09:33:10-04:00
Ticket 50355 - NSS can change the requested SSL min and max versions
Description: If we try and set a min and max SSL version in the server,
it is actually only a request. After setting the min and
max, you need to retrieve the min and max to see what NSS
did. Then you have to reset the min and max versions one
more time to actually set the valid range. So yes, you do
have to do a set() -> get() -> set().
There also another outstanding issue with NSS where it says
the default max SSL version in FIPS mode is 1.3, but in fact
it is 1.2. So this patch has a hack fix to workaround that
bug. It should be able to be removed soon...
https://pagure.io/389-ds-base/issue/50355
Reviewed by: mhonek(Thanks!)
- - - - -
1427641b by Mark Reynolds at 2019-05-28T09:36:00-04:00
Ticket 50355 - NSS can change the requested SSL min and max versions
Description: If we try and set a min and max SSL version in the server,
it is actually only a request. After setting the min and
max, you need to retrieve the min and max to see what NSS
did. Then you have to reset the min and max versions one
more time to actually set the valid range. So yes, you do
have to do a set() -> get() -> set().
There also another outstanding issue with NSS where it says
the default max SSL version in FIPS mode is 1.3, but in fact
it is 1.2. So this patch has a hack fix to workaround that
bug. It should be able to be removed soon...
https://pagure.io/389-ds-base/issue/50355
Reviewed by: mhonek(Thanks!)
(cherry picked from commit 3d4c48eb4fc78628ef15e981d5175c68ab9ee4d8)
- - - - -
aa2649fa by Anuj Borah at 2019-05-30T17:02:23+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(vfilter simple)
Investigate and port TET matching rules filter tests(vfilter simple)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin, Viktor Ashirov, Barbora Smejkalová
- - - - -
255faf93 by Simon Pichugin at 2019-05-31T13:52:24+02:00
Issue 50052 - Add package-lock.json and use "npm ci"
Bug description: All software changes incur some risk,
and it's critical to be able to manage this risk.
We can use a common way of dealing with it - npm-shrinkwrap.
Fix description: The suggested approach - npm-shrinkwrap - is an "overkill"
for our case. We don't need to publish the package on NPM.
It will be sufficient enough to use existing NPM functionality added in 5.7 version.
Replace `npm install` with `npm ci` which uses package-lock.json
and throws an error if any inconsistencies with pachage.json are found.
Add package-lock.json to the repo.
When we change the package.json content, a new pachage-lock.json should be
generated (using `npm install`) and the change should be commited.
Fix audit issues and update package.json. Add repository field.
Add audit-ci tool. While creating a tarball, we now check that
there are no vulnerabilities higher than "moderate".
If you it's impossible to fix issue on our side right now and it is safe
to proceed, the vulnerable package can be added to whitelist temporary.
https://pagure.io/389-ds-base/issue/50052
Reviewed by: mhonek, vashirov (Thanks!)
Add audit-ci tool, fix audit issues, add "repository" field
- - - - -
423a7ba0 by Mark Reynolds at 2019-05-31T12:45:22+00:00
Ticket 50413 - ds-replcheck - Always display the Result Summary
Description: Previously we only printed a "Result Summary" if there
were no inconsistencies and the entry counts matched.
However, the entry counts do not need to match. So
this made the "Result Summary" checks too strict, and
if things were out of sync there was no Result Summary
printed at all. This fix just always prints a result
summary and it removes the entry count check.
https://pagure.io/389-ds-base/issue/50413
Reviewed by: ?
- - - - -
ff5b4fd6 by Mark Reynolds at 2019-05-31T08:47:27-04:00
Ticket 50413 - ds-replcheck - Always display the Result Summary
Description: Previously we only printed a "Result Summary" if there
were no inconsistencies and the entry counts matched.
However, the entry counts do not need to match. So
this made the "Result Summary" checks too strict, and
if things were out of sync there was no Result Summary
printed at all. This fix just always prints a result
summary and it removes the entry count check.
https://pagure.io/389-ds-base/issue/50413
Reviewed by: spichugi(Thanks!)
(cherry picked from commit 423a7ba01ed3bad52c8caa6a20267f2335b3c69f)
- - - - -
10bffac3 by Matus Honek at 2019-06-03T12:23:48+00:00
Issue 49875 - Move SystemD service config to a drop-in file
Bug Description:
Runtime configuration options are mixed into the service specification
which should seldom be changed by users.
Fix Description:
Move the runtime configuration options into a drop-in file. These options
are then automatically pulled in by SystemD.
Additional Info:
Erasing the default values of the mentioned options to implicitly pull in
system defaults which are more sane nowadays.
The .service file is now common for xsan and non-xsan builds, the former
differring only by an additional drop-in file.
Related https://pagure.io/389-ds-base/issue/49875
Author: Matus Honek <mhonek at redhat.com>
Review by: firstyear, mreynolds, vashirov (thanks!)
- - - - -
73cdeb71 by Viktor Ashirov at 2019-06-03T18:22:36+02:00
Issue 49761 - Fix CI test suite issues
Bug Description:
ds_is_older() and ds_is_newer() accept only one value. This becomes tricky
when we need to compare current DS version to a number of versions
across different branches where a feature was implemented or a bug was
fixed.
Fix Description:
Add a generic function that accepts either string or multiple strings
containing versions. If a single version string is passed, it is
compared only to that string. If multiple version strings are passed,
the comparison happens only in a related branch, i.e. '1.3.9.1' is
compared only to '1.3.x', but not to '1.4.x'.
Update replcheck_test.py to use different parameters for ds-replcheck
depending on the version.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
7596ca04 by Anuj Borah at 2019-06-04T16:46:38+05:30
Issue: 48851 - Add more search filters to vfilter_simple test suite
Add more search filters to vfilter_simple test suite
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
65e325a0 by Mark Reynolds at 2019-06-05T13:07:04+00:00
Ticket 50417 - Revise legacy tool scripts to work with new systemd changes
Description: Since we no longer use unit files in /etc/sysconfig all the shell/perl
scripts need to ifnd instances using /etc/dirsrv (@instconfigdir@)
https://pagure.io/389-ds-base/issue/50417
Reviewed by: ?
- - - - -
f20e982c by Thierry Bordaz at 2019-06-06T15:40:44+02:00
Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
Bug Description:
A secure socket is configured in blocking mode. If an event
is detected on a secure socket a worker tries to receive the request.
If handshake occurs during the read, it can hang longer than
ioblocktimeout because it takes into account the socket option
rather than the timeout used for the ssl_Recv
Fix Description:
The fix is specific to secure socket and set this socket option
to do non blocking IO.
https://pagure.io/389-ds-base/issue/50329
Reviewed by: ?
Platforms tested: F28, RHEL7.6
Flag Day: no
Doc impact: no
- - - - -
7b0e7f6f by Thierry Bordaz at 2019-06-06T16:30:24+02:00
Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
Bug Description:
A secure socket is configured in blocking mode. If an event
is detected on a secure socket a worker tries to receive the request.
If handshake occurs during the read, it can hang longer than
ioblocktimeout because it takes into account the socket option
rather than the timeout used for the ssl_Recv
Fix Description:
The fix is specific to secure socket and set this socket option
to do non blocking IO.
https://pagure.io/389-ds-base/issue/50329
Reviewed by: ?
Platforms tested: F28, RHEL7.6
Flag Day: no
Doc impact: no
- - - - -
278f5aac by Thierry Bordaz at 2019-06-07T14:24:55+02:00
Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
Bug Description:
When a search request contains invalid parameters (attribute list with empty attribute
name, unknown scope, invalid filter..) the search is rejected but the access log
contains a wrong base search: ... SRCH base="(null)"...
This is because it does not use for logging the variable that gather the actual base ('rawbase')
Fix Description:
Use 'rawbase' value for logging
https://pagure.io/389-ds-base/issue/50428
Reviewed by: Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
9349a248 by Thierry Bordaz at 2019-06-07T14:29:43+02:00
Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
Bug Description:
When a search request contains invalid parameters (attribute list with empty attribute
name, unknown scope, invalid filter..) the search is rejected but the access log
contains a wrong base search: ... SRCH base="(null)"...
This is because it does not use for logging the variable that gather the actual base ('rawbase')
Fix Description:
Use 'rawbase' value for logging
https://pagure.io/389-ds-base/issue/50428
Reviewed by: Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
c96ef350 by Matus Honek at 2019-06-07T14:41:14+02:00
Issue 50365 - PIDFile= references path below legacy directory /var/run/
Bug description:
SystemD complains the PIDFile= in the .service file points into a legacy
directory /var/run
Fix description:
Drop '@localstatedir@' which interpolates to '/var'. Although the actual
directory referenced everywhere else is the one prefixed with '/var' it
should not pose a problem since every environment SystemD is supposed to
run in has to have absolute path `/run' present which is effectively
always linked to the legacy '/var/run'.
Fixes https://pagure.io/389-ds-base/issue/50365
Author: Matus Honek <mhonek at redhat.com>
Review by: mreynolds, vashirov, firstyear (thanks!)
- - - - -
ff46f533 by Simon Pichugin at 2019-06-07T17:34:40+02:00
Issue 50052 - Fix rpm.mk according to audit-ci change
Description: Always run `npm ci` when we run node_modules install.
It should be done because we always have to be sure about
what we ship in the package is safe and stable.
https://pagure.io/389-ds-base/issue/50052
Reviewed by: mreynolds (Thanks!)
- - - - -
22f2f9a1 by Mark Reynolds at 2019-06-07T14:33:17-04:00
Issue 50426 - nsSSL3Ciphers is limited to 1024 characters
Bug Description: There was a hardcoded buffer for processing TLS ciphers..
Anything over 1024 characters was truncated and was not
applied.
Fix Description: Don't use a fixed size buffer and just use the entire
string. When printing errors about invalid format then
we must use a fixed sized buffer, but we will truncate
that log value as to not exceed the ssl logging function's
buffer, and still output a useful message.
ASAN approved
https://pagure.io/389-ds-base/issue/50426
Reviewed by: firstyear, tbordaz, and spichugi (Thanks!!!)
- - - - -
1cb4e7d0 by Mark Reynolds at 2019-06-07T14:35:56-04:00
Issue 50426 - nsSSL3Ciphers is limited to 1024 characters
Bug Description: There was a hardcoded buffer for processing TLS ciphers..
Anything over 1024 characters was truncated and was not
applied.
Fix Description: Don't use a fixed size buffer and just use the entire
string. When printing errors about invalid format then
we must use a fixed sized buffer, but we will truncate
that log value as to not exceed the ssl logging function's
buffer, and still output a useful message.
ASAN approved
https://pagure.io/389-ds-base/issue/50426
Reviewed by: firstyear, tbordaz, and spichugi (Thanks!!!)
(cherry picked from commit 22f2f9a1502e63bb169b7d599b5a3b35ddb31b8a)
- - - - -
3ca307d2 by Mark Reynolds at 2019-06-07T14:38:50-04:00
Revert "Issue 49960 - Core schema contains strings instead of numer oids"
This reverts commit 2738fd00ffd7b9bced16e2e9ce61da80eec51206.
- - - - -
4934b57a by Mark Reynolds at 2019-06-10T15:34:06-04:00
Ticket 50431 - Fix covscan warnings
Description: Most coverity errors happen when something fails.
https://pagure.io/389-ds-base/issue/50431
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
d2545a98 by Mark Reynolds at 2019-06-10T15:41:03-04:00
Ticket 50431 - Fix covscan warnings
Description: Most coverity errors happen when something fails.
https://pagure.io/389-ds-base/issue/50431
Reviewed by: firstyear & spichugi(Thanks!)
(cherry picked from commit 4934b57afbe68cb7a2d792608ef37b34adc2308b)
- - - - -
8af8e785 by Mark Reynolds at 2019-06-10T16:02:12-04:00
Issue 50417 - Fix missing quote in some legacy tools
Description: A few scripts were missing a quote for the CONFIG_DIR var
https://pagure.io/389-ds-base/issue/50417
Reviewed by: mreynolds (one line commit rule)
- - - - -
b4e585fa by Anuj Borah at 2019-06-12T17:37:00+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(match)
Investigate and port TET matching rules filter tests(match)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Matus Honek, Simon Pichugin
- - - - -
84243ab8 by Barbora Smejkalová at 2019-06-13T10:15:17+02:00
Issue 50370 - CleanAllRUV task crashing during server shutdown
Description:
Added test case to check if CleanAllRUV task didn't crash during server shutdown.
This code is not in a mergeable state yet.
I need review, if my steps are correct, because it is a timing issue to reproduce the bug.
https://pagure.io/389-ds-base/issue/50370
Reviewed by: mreynolds (Thanks!)
- - - - -
054d32e7 by Mark Reynolds at 2019-06-13T17:55:25-04:00
Issue 50431 - Fix regression from coverity fix
Description: Fix a regression from the initial coverity commit
where we did not allow NULL pointers to set into
the pblock. They were false positives reported by
covscan.
https://pagure.io/389-ds-base/issue/50431
Reviewed by: mreynolds (one line commit rule)
- - - - -
2c011ad7 by Mark Reynolds at 2019-06-13T17:59:45-04:00
Issue 50431 - Fix regression from coverity fix
Description: Fix a regression from the initial coverity commit
where we did not allow NULL pointers to set into
the pblock. They were false positives reported by
covscan.
https://pagure.io/389-ds-base/issue/50431
Reviewed by: mreynolds (one line commit rule)
(cherry picked from commit 054d32e7b697513124a37dade54828ec52397c1c)
- - - - -
09ba2514 by William Brown at 2019-06-14T09:26:51+00:00
Ticket 50037 - revert path changes as it breaks prefix/rpm builds
Bug Description: A change was made to support virtual envs, but it
causes a regression that breaks prefix building to access the cli
tools.
Fix Description: Revert the path changes - the other patch changes
were tottaly reasonable, and can remain.
Related: https://pagure.io/389-ds-base/issue/50037
Author: William Brown <william at blackhats.net.au>
Review by: vashirov (Thanks!)
- - - - -
5c6ffae1 by William Brown at 2019-06-14T12:54:43+00:00
Ticket 50439 - Update docker integration to work out of source directory
Bug Description: Docker did not function in some cases, and we had to wait for
releases via rpm.
Fix Description: This adds the support to build from source into the tree
so that we can build and test git master. This also resolves a var/run
issue in the image, as well as some other minor python cleaning such
as handling sigchld to act as init.
https://pagure.io/389-ds-base/issue/50439
Author: William Brown william at blackhats.net.au
Review by: spichugi
- - - - -
bd80a4f5 by Mark Reynolds at 2019-06-14T14:32:56-04:00
Issue 49602 - Revise replication status messages
Bug Description: All agreement status messages start with "Error (##)" followed
by a text string. Even success states start with "Error", and
this is confusing.
Added new attributes to display the status in a JSON format
for easier parsing for applications:
replicaLastUpdateStatusJSON
replicaLastInitStatusJSON
Design Doc: https://www.port389.org/docs/389ds/design/repl-agmt-status-design.html
https://pagure.io/389-ds-base/issue/49602
Reviewed by: firstyear(Thanks!)
- - - - -
89081d1f by Anuj Borah at 2019-06-17T18:06:05+05:30
Issue: 50446 - NameError: name 'ds_is_older' is not defined
Bug description: ds_is_older module is not imported in account.py
that's why enroll_certificate function is not working.
Fixes: https://pagure.io/389-ds-base/issue/50446
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
86077ec5 by Anuj Borah at 2019-06-18T16:46:05+05:30
Issue: 48851 - Investigate and port TET matching rules filter tests(bug772777)
Bug description: Investigate and port TET matching rules filter tests(bug772777).
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Matus Honek, Simon Pichugin
- - - - -
a90dec70 by Mark Reynolds at 2019-06-18T15:26:31-04:00
Ticket 49361 - Use IPv6 friendly network functions
Description: We use these functions that are not reliable with IPv6:
- gethostbyname()
- inet_ntoa()
- inet_aton()
- inet_addr()
This patch replaces these calls using one of the following
preferred functions:
- inet_ntop()
- inet_pton()
Also fixed a few failures in the replication CI test
regression_test.py as replication uses code touched by this
patch.
ASAN approved
https://pagure.io/389-ds-base/issue/49361
Reviewed by: firstyear(Thanks!)
- - - - -
5f0d45a3 by Mark Reynolds at 2019-06-18T16:18:31-04:00
Bump version to 1.4.1.4
- - - - -
d4a676cf by Simon Pichugin at 2019-06-19T12:42:36+02:00
Issue 49232 - Truncate the message when buffer capacity is exceeded
Bug Description: When the access log buffer capacity is exceeded we log
an emergency error and the access log line is not logged at all.
Fix Description: Log the error message to errors log and log the access
log message but truncate its elements (for the search access log message)..
Or just log what is in the buffer in other cases.
Add CI test to ds_logs test suite for the basic feature testing.
https://pagure.io/389-ds-base/issue/49232
Reviewed by: mreynolds, tbordaz, firstyear (Thanks!!)
- - - - -
73cb6b9e by Anuj Borah at 2019-06-19T17:28:53+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(index)
Investigate and port TET matching rules filter tests(index)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
5c0198d9 by Mark Reynolds at 2019-06-19T15:41:04-04:00
Issue 50454 - Fix Cockpit UI branding
Bug Description: On RHEL we still displayed "389 Directory Server" in
the Cockpit vertical navigation panel instead of
"Red Hat Directory Server".
Fix Description: Instead of using separate files, just do a "sed" replacement
in the specfile to handle the branding
https://pagure.io/389-ds-base/issue/50454
Reviewed by: viktor & mhonek (Thanks!!)
- - - - -
f874c39f by William Brown at 2019-06-20T15:22:10+02:00
Ticket 50439 - fix waitpid issue when pid does not exist
Bug Description: In some situations, waitpid will fail with
a no child process error, when the pid file has a value but
no pid exists.
Fix Description: Catch the exception, because in this case
we have no pids to wait upon, so there is no harm to skip this.
https://pagure.io/389-ds-base/issue/50439
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
5e285f63 by Viktor Ashirov at 2019-06-24T17:42:12+02:00
Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
Description:
Add a new test case for #50378 instead of the older one that was testing
an unsupported corner case (ip=*).
Relates: https://pagure.io/389-ds-base/issue/50378
Reviewed by: mreynolds (Thanks!)
- - - - -
1924c12b by Anuj Borah at 2019-06-25T18:32:19+05:30
Issue: 48851 - Add more test cases to the match test suite.
Bug Description: Add more test cases to the match test suite.
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
e4ec3e0e by Matúš Honěk at 2019-06-25T14:46:05+00:00
Ticket 50217 - Implement dsconf security section
Bug Description:
dsconf lacks options to configure security options
Fix Description:
Implementing options to configure security related attributes and handle ciphers
configuration.
Fixes: https://pagure.io/389-ds-base/issue/50217
Author: Matus Honek <mhonek at redhat.com>
Review by: firstyear, mreynolds (Thanks!)
- - - - -
25101470 by Mark Reynolds at 2019-06-25T13:34:54-04:00
Issue 49602 - Revise replication status messages
Bug Description: All agreement status messages start with "Error (##)" followed
by a text string. Even success states start with "Error", and
this is confusing.
Added new attributes to display the status in a JSON format
for easier parsing for applications:
replicaLastUpdateStatusJSON
replicaLastInitStatusJSON
Design Doc: https://www.port389.org/docs/389ds/design/repl-agmt-status-design.html
https://pagure.io/389-ds-base/issue/49602
Reviewed by: firstyear(Thanks!)
- - - - -
52a911b7 by Matúš Honěk at 2019-06-25T13:37:00-04:00
Ticket 50217 - Implement dsconf security section
Bug Description:
dsconf lacks options to configure security options
Fix Description:
Implementing options to configure security related attributes and handle ciphers
configuration.
Fixes: https://pagure.io/389-ds-base/issue/50217
Author: Matus Honek <mhonek at redhat.com>
Review by: firstyear, mreynolds (Thanks!)
- - - - -
19d2029b by Mark Reynolds at 2019-06-25T15:18:43-04:00
Issue 50462 - Fix CI tests
Description: Port some of the failing ticket tests to suites
related: https://pagure.io/389-ds-base/issue/50462
Reviewed by: vashirov, mhonek, spichugi, and aadhikari (thanks!)
- - - - -
71138c04 by Mark Reynolds at 2019-06-25T15:22:40-04:00
Issue 50462 - Fix Root DN access control plugin CI tests
Description: Port CI test to use DSLDapObject instead of raw types,
and add sleeps after every config change.
Also increased replication timeout in the referint_plugin
test.
related: https://pagure.io/389-ds-base/issue/50462
Reviewed by: vashirov(thanks!)
- - - - -
dd2a2e75 by Mark Reynolds at 2019-06-25T15:37:30-04:00
Issue 50041 - Add the rest UI Plugin tabs - Part 1
Description: Add UI plugin tabs for accountPolicy, attributeUniqueness,
linkedAttributes, referentialIntegrity, retroChangelog, rootDNAccessControl
and winsync.
Reorder the tabs to make the usage more intuitive.
Fix Attribute Uniqueness logging level issue.
Move pluginTable.jsx content to pluginTables.jsx.
Fix a small 'help' typo in dbtasks.py.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds (Thanks!)
- - - - -
8d6b3654 by Simon Pichugin at 2019-06-25T15:38:55-04:00
Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present
Description: When we make srpm we want to make sure that 389-ds-console is built every time.
It is built only if it's not already there (clean up is required).
We should enforce the cockpit_dist building even if it's present.
https://pagure.io/389-ds-base/issue/50276
Reviewed by: mreynolds, vashirov (Thanks!)
- - - - -
75b03db2 by Simon Pichugin at 2019-06-25T15:39:06-04:00
Issue 50052 - Fix rpm.mk according to audit-ci change
Description: Always run `npm ci` when we run node_modules install.
It should be done because we always have to be sure about
what we ship in the package is safe and stable.
https://pagure.io/389-ds-base/issue/50052
Reviewed by: mreynolds (Thanks!)
- - - - -
ffcd8717 by Mark Reynolds at 2019-06-25T16:02:21-04:00
Fix cherry-pick error from last commit
- - - - -
f321bbb4 by Mark Reynolds at 2019-06-25T16:20:32-04:00
Bump version to 389-ds-base-1.4.0.24
- - - - -
0b2f0475 by Ludwig Krispenz at 2019-06-27T09:26:13+02:00
Ticket 50472 - memory leak with encryption
Bug: In ssl initialization a lot of memory is allocated by calls to nss functions
and not freed
Fix: free all allocations reported by asan
Reviewed by: Mark, thanks
- - - - -
9bf0fc29 by Matúš Honěk at 2019-06-27T08:10:17+00:00
Issue 50474 - Unify result codes for add and modify of repl5 config
Bug Description:
Same constraints resulting in error are reported as different LDAP
result codes when using different operation for adjusting these.
Fix Description:
A part of the code had not conveyed the error reason down the stack,
therefore adding this information and returning the proper code.
Fixes: https://pagure.io/389-ds-base/issue/50474
Author: Matus Honek <mhonek at redhat.com>
Review by: mreynolds, spichugi (thanks!)
- - - - -
4661c793 by Viktor Ashirov at 2019-07-01T16:30:07+02:00
Issue 49761 - Fix CI test suite issues
Description:
Fix test failures in tier0 and tier1 tests:
* Skip tests where it's not implemented.
* Set custom fd limits to the value less than allowed per process.
* Use a correct URI for ACI related tests in paged_results_test.py.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
4677007d by Akshay Adhikari at 2019-07-03T20:09:20+05:30
Issue 50177 - Add a new CI test case, also added fixes in lib389
Bug Description: Import task should not be deleted too rapidely after import finishes
to be able to query the status.
Fix Description: A new attribute 'ttl' is order to tune the life time of the task.
The default value is increased to '86400'. Added a test to check that and added it
to ImportTask & ExportTask classes in lib389 so it will create ttl attribute by default.
Fixes: https://pagure.io/389-ds-base/issue/50177
Review by: mreynolds (Thanks!)
- - - - -
70ba6e38 by Akshay Adhikari at 2019-07-03T20:31:38+05:30
Issue 49997 - Add a new CI test case
Bug Description: If the suffix provided in the command line does not exist or it's
not replicated, we have an error message that it's regarding the RUV
Fix Description: Added a test case that will validate if a wrong suffix is passed then
a proper error message is displayed or not.
Relates: https://pagure.io/389-ds-base/issue/49997
Review by: vashirov (Thanks!)
- - - - -
c2650f02 by Akshay Adhikari at 2019-07-04T12:27:21+05:30
Issue 49239 - Add a new CI test case
Bug Description: ds-replcheck unreliable, showing false positives, showing missing tombstone entries
in the report.
Fix Description: Added a test case to check missing tombstone entries is not reported, also fixed
py3 issue in ds-replcheck by explicitly adding bytes.
Relates: https://pagure.io/389-ds-base/issue/49239
Review by: vashirov, mreynolds (Thanks!)
- - - - -
7aac955d by Timo Aaltonen at 2019-07-08T11:46:14+03:00
Merge tag '389-ds-base-1.4.0.24'
- - - - -
7df0f208 by Timo Aaltonen at 2019-07-08T11:46:58+03:00
bump version
- - - - -
0b7bdbeb by Timo Aaltonen at 2019-07-08T11:48:19+03:00
watch: Use https.
- - - - -
9d31f966 by Timo Aaltonen at 2019-07-08T11:48:58+03:00
control: Bump policy to 4.4.0.
- - - - -
50872464 by Timo Aaltonen at 2019-07-08T11:56:30+03:00
Bump debhelper to 12.
- - - - -
db1132eb by Timo Aaltonen at 2019-07-08T12:09:02+03:00
Merge tag '389-ds-base-1.4.0.24' into m
- - - - -
8d4a27d1 by Timo Aaltonen at 2019-07-08T12:09:08+03:00
Merge branch 'master' into m
- - - - -
2d2b6a00 by Timo Aaltonen at 2019-07-08T12:09:29+03:00
bump the version
- - - - -
5d03e0d5 by Timo Aaltonen at 2019-07-08T12:56:23+03:00
patches: fix-dsctl-remove.diff, fix-nss-path.diff, icu_pkg-config.patch removed, upstream. Others refreshed.
- - - - -
b39532a6 by Timo Aaltonen at 2019-07-08T13:15:05+03:00
rules: Pass --enable-perl, we still need the perl tools.
- - - - -
66b1f739 by Timo Aaltonen at 2019-07-08T13:44:21+03:00
*.install: Updated.
- - - - -
fdf59ee0 by Mark Reynolds at 2019-07-08T14:00:28-04:00
Issue 50431 - Fix regression from coverity fix
Description: Fix a regression from the initial coverity commit that
caused the memebrOf groupattrs to become corrupted and
crash the server.
https://pagure.io/389-ds-base/issue/50431
Reviewed by: vashirov(Thanks!)
- - - - -
74833414 by Mark Reynolds at 2019-07-08T15:23:01-04:00
Bump version to 1.4.1.5
- - - - -
22d97542 by Mark Reynolds at 2019-07-09T13:17:32-04:00
Issue 50486 - Update jemalloc to 5.2.0
Description: Update jemalloc from 5.1.0 to 5.2.0
https://github.com/jemalloc/jemalloc/releases/tag/5.2.0
Refers: https://pagure.io/389-ds-base/issue/50486
Reviewed by: mhonek(Thanks!)
- - - - -
326c7ecd by Timo Aaltonen at 2019-07-10T09:59:00+03:00
Merge tag '389-ds-base-1.4.1.5'
- - - - -
af438e90 by Timo Aaltonen at 2019-07-10T10:03:23+03:00
bump the version
- - - - -
e8f97fdd by Timo Aaltonen at 2019-07-10T10:13:35+03:00
releasing package 389-ds-base version 1.4.1.5-1
- - - - -
7f58c064 by William Brown at 2019-07-11T10:41:59+10:00
Ticket 50484 - Add a release build dockerfile and dscontainer improvements
Bug Description: In testing a production deployment of 389-ds-base
from the source tree, a new dockerfile was added to handle the release
build and proper image cleanups. Additionally, some issues with sigchld
handling were noted.
Fix Description:
* Add a .release dockerfile for the suse base image which cleans up
after itself correctly.
* Catch extra arguments to the sigchld handler
* Create directories in /data with more open permissions to account for
id changes.
https://pagure.io/389-ds-base/pull-request/50484
Author: William Brown <william at blackhats.net.au>
Review by: mhonek (Thank you!)
- - - - -
d6226865 by William Brown at 2019-07-12T11:09:19+10:00
Ticket 50459 - c_mutex to use pthread_mutex to allow ns sharing
Bug Description: To allow nunc-stans to share the same lock as c_mutex
we need to change conn to use a pthread_mutex instead.
Fix Description: Change c_mutex to pthread
https://pagure.io/389-ds-base/issue/50459
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, mreynolds (Thank you!)
- - - - -
20e0d266 by Simon Pichugin at 2019-07-16T00:45:16+02:00
Issue 50499 - Fix audit issues and remove jquery from the whitelist
Description: 50 high vulnerabilities were found during audit. Fix them.
It updates the Patternfly version to 3.59.3 version.
Package jquery is no longer an issue, remove it from the whitelist.
https://pagure.io/389-ds-base/issue/50499
Reviewed by: mreynolds (Thanks!)
- - - - -
d5b23dcb by William Brown at 2019-07-16T09:06:59+10:00
Ticket 50459 - Correct issue with allocation state
Bug Description: While adding the connection state, due to
a misunderstanding on my part, it was possible that a connection
was more likely to fail to allocate causing the server to exit(1)
incorrectly.
Fix Description: Fix the state handler to correctly account for
connection structure reuse.
https://pagure.io/389-ds-base/issue/50459
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
9529cfc0 by William Brown at 2019-07-16T09:08:45+10:00
Ticket 50493 - connection_is_free to trylock
Bug Description: Due to the nature of the connection table
being single threaded, in connection_is_free, we would iterate
over the CT attempting to lock and check connection free states.
However, because this required the lock, if the connection was
currently in io, or other operations, the ct would delay behind
the c_mutex until it was released, then we would check the free
state.
Fix Description: Change the connection_is_free to use trylock
instead of lock - this means if the connection is locked it's
probably inuse and we can skip over it directly. We also change the
fn to iterate over the ct twice to check for possible connections
incase something frees up.
https://pagure.io/389-ds-base/pull-request/50493
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
3aa14161 by Emanuel Rietveld at 2019-07-16T09:43:03+10:00
Ticket 49421 - on bind password upgrade proof of concept
Bug Description: Improve security of accounts by upgrading their password
hashes on login when we have the plaintext password available.
Fix Description: Implement the upgrade on bind function and provide
it to bind.c
https://pagure.io/389-ds-base/issue/49421
Author: Emanuel Rietveld <erietveld at dearnova.nl>
Review by: William Brown
- - - - -
b84669f8 by William Brown at 2019-07-16T09:43:17+10:00
Ticket 49421 - Implement password hash upgrade on bind.
Bug Description: As time goes on, password hash mechanisms
change and need to become more resistant to brute force and
other attacks. However long lived, and service passwords do
not change frequently - and in fact, frequent password changes
is a security anti-pattern which is now discouraged.
As a result, it's important to be able to improve the
cryptographic strength and resitance of our passwords for
users as time goes on.
Fix Description: We can implement this because during a bind
operation we have short amount of access to the plaintext
password - we then use that to upgrade the content of the
hash. This builds on Emanuel's proof of concept to improve the
testing of the feature, as well as to avoid updating clear/crypt
due to potential application integrations.
https://pagure.io/389-ds-base/issue/49421
Author: Emanuel Rietveld <https://pagure.io/user/codehotter>
William Brown <william at blackhats.net.au>
Review by: mreynolds, mhonek (Thanks!)
- - - - -
104be995 by Thierry Bordaz at 2019-07-16T15:33:13+02:00
Ticket 49789 - By default, do not manage unhashed password
Bug Description:
By default, unhashed#user#password is recorded into changelog database.
It is a specific use when some plugin need to know the clear text password on update.
This should be disabled ('off') by default
Fix Description:
Switch the default value from 'on' to 'off'
https://pagure.io/389-ds-base/issue/49789
Reviewed by: Viktor Ashirov, Simon Pichugi, Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
a77abdbc by Mark Reynolds at 2019-07-16T15:40:46+00:00
Issue 50325 - Add Security tab to UI
Description: This updates the CLI and UI to handle a majority of
the security configuration. It also adds support
for PF dual list selection even though I ended up
not using it.
Relates: https://pagure.io/389-ds-base/issue/50325
Reviewed by: spichugi, and mhonek (Thanks!!)
Fixed Simon's issues
Fix issue with listing certs with spaces in the name
Fix npm vulnerabilities
Fix selinux port labeling, and add 'saving' spinners
Use a regex for parsing certutil output
- - - - -
7466be33 by Mark Reynolds at 2019-07-16T15:22:39-04:00
Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file
Description: Add the jemalloc back to the systemd dropin file which
was accidentally removed from a previous change regarding
systemd
Relates: https://pagure.io/389-ds-base/issue/50425
Reviewed by: mhonek(Thanks!)
- - - - -
76c0e75a by Matus Honek at 2019-07-17T13:02:32+00:00
Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file
The previous fix (7466be3) for jemalloc inclusion stopped installing
template-initconfig rendering ds-setup.pl unusable.
This fix moves the template-initconfig into -legacy-tools
to make it available only when necessary.
Relates: https://pagure.io/389-ds-base/issue/50425
Reviewed by: Viktor, Ludwig, Thierry, Mark (thanks!)
- - - - -
c482e15a by Ludwig Krispenz at 2019-07-18T16:41:08+02:00
correction to fix for #50417
Bug: The patch for 50417 did break start-dirsrv and stop-dirsrv.
Some paths were not correctly set
Fix: use path variable like in other legacy scripts, eg @sbindir@
Reviewed by: Mark, thanks
- - - - -
ea390f53 by Anuj Borah at 2019-07-18T20:51:55+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(Final)
Bug Description: Investigate and port TET matching rules filter tests(Final)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
04208edb by Simon Pichugin at 2019-07-19T11:28:05+02:00
Issue 50497 - Port cl-dump.pl tool to Python using lib389
Bug Description: We're going to deprecate all Perl scripts in 389-ds
so cl-dump.pl should be ported as soon as possible.
Fix Description: Put the tool to dsconf replication dump-changelog.
Preserve all the functionality and output format.
Depricate ChangelogLegacy object.
Move Changelog5 object to replica.py so we can avoid import loops.
Also it makes more sense to have it there because it is part of Replication.
Add ChangelogLDIF object.
Add process_and_dump_changelog() method to Replicas object.
https://pagure.io/389-ds-base/issue/50497
Reviewed by: mreynolds, mhonek, wibrown (Thanks!)
- - - - -
57b990de by Mark Reynolds at 2019-07-19T10:26:01-04:00
Issue 50355 - SSL version min and max not correctly applied
Bug Description: Setting the sslVersionMin or SSLVersionMax was not
correctly applied and the NSS default min and max
became the valid range.
Fix Description: Do not attempt to reset the requested range based off
of hardcoded limits. Also removed obsolete SSL3 code,
and fixed a minor memory leak in main.c found during
ASAN testing.
Relates: https://pagure.io/389-ds-base/issue/50355
ASAN approved
Reviewed by: tbordaz(Thanks!)
- - - - -
5ac5a8aa by Mark Reynolds at 2019-07-19T10:44:46-04:00
Bump version to 1.4.1.6
- - - - -
53efe7a1 by Mark Reynolds at 2019-07-22T12:51:54-04:00
Issue 50508 - UI - fix local password policy form
Description: The modal width is too narrow and it overflows
relates: https://pagure.io/389-ds-base/issue/50508
Reviewed by: mreynolds(one line commit rule)
- - - - -
9ea5b9bf by Anuj Borah at 2019-07-23T22:56:01+05:30
Issue 50511 - lib389 PosixGroups type can not handle rdn properly
Description: lib389 PosixGroups type can not handle rdn properly
Fixes: https://pagure.io/389-ds-base/issue/50511
Author: aborah
Reviewed by: Simon Pichugin, Matus Honek
- - - - -
c7782552 by Simon Pichugin at 2019-07-24T11:28:49+02:00
Issue 50488 - Create a monitor for disk space usagedisk-space-mon
Description: Create a new monitor object: cn=disk space,cn=monitor.
It contains 'dsDisk' multi-valued attribute which has a format:
dsdisk: partition="/" size="42006183936" used="35768864768" available="6237319
168" use%="85"
dsdisk: partition="/tmp" size="1023303680" used="950198272" available="7310540
8" use%="92"
Add MonitorDiskSpace(DSLdapObject) to monitor.py.
Add a test to check the basic functionality.
Remove unused code and its statfs.h dependency.
Remove SLAPD_MONITOR_DN definition because it is unused.
https://pagure.io/389-ds-base/issue/50488
Authors: spichugi, mreynolds
Reviewed by: mreynolds, tbordaz, mhonek (Thanks!)
- - - - -
4295210b by Thierry Bordaz at 2019-07-25T15:54:16+02:00
Ticket 50510 - etime can contain invalid nanosecond value
Bug Description:
When computing the etime, it takes into account the nanosecond.
At border of a second, the ending nsec can be lower than starting nsec.
In such case the computation is wrong as delta=(ending_nsec - starting_nsec) is negative.
final_nsec = 1 - delta > 1sec
Fix Description:
if delta=(ending_nsec - starting_nsec) is negative
final_nsec = 1 + delta < 1sec
https://pagure.io/389-ds-base/issue/50510
Reviewed by: Mark Reynolds (Thanks!)
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
b07be1e6 by Mark Reynolds at 2019-07-30T14:38:26-04:00
Issue 50521 - Add regressions in CI tests
Description: Port accpol_test.py to DSLdapObject. The othertests are all
related to a change with hiding unhashed passwords by default
in the logs.
relates: https://pagure.io/389-ds-base/issue/50521
Reviewed by: vashirov(Thanks!)
- - - - -
a593f3d0 by Mark Reynolds at 2019-07-30T16:25:58-04:00
Issue 50506 - Replace slapi_entry_attr_get_charptr() with slapi_entry_attr_get_ref()
Description:
There has been a pattern/habit in the code of using slapi_entry_attr_get_charptr()
to get an attribute value, but this function strdup's the entry's attribute value.
In almost all cases the slapi_entry_attr_get_charptr() value is freed right away -
it is not consumed. This is causing unnecessary malloc/free's which adds to
fragmentation and hurts performance. Instead, if the attribute value is not consumed
we should use slapi_entry_attr_get_ref() instead, which just grabs a pointer to
the attribute value.
relates: https://pagure.io/389-ds-base/issue/50506
ASAN & covscan approved
Reviewed by: lkrispen(Thanks!)
- - - - -
4b240e96 by Mark Reynolds at 2019-08-01T10:21:02-04:00
Issue 50506 - Fix invalid frees from pointer reference calls.
Description: There were a few free calls that were not removed
which caused a double free. There was also extra
care needed in pw.c around shadow password attribute
values.
relates: https://pagure.io/389-ds-base/issue/50506
Reviewed by: lkrispen(Thanks!)
- - - - -
67c7604b by Mark Reynolds at 2019-08-02T12:07:07-04:00
Issue 50529 - LDAP server returning PWP controls in different sequence
Description: The server returns password policy controls in different orders
depending on the state of grace logins. The requested control,
if any, should be returned first, followed by any controls the
server might add.
relates: https://pagure.io/389-ds-base/issue/50529
Reviewed by: mreynolds (one line commit rule)
- - - - -
4159cf6d by Mark Reynolds at 2019-08-05T09:20:55-04:00
Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
Bug Description: A regression was introduced some time back that changed the
behavior of how the server handled the "1.1" requested attribute
in a search request. If "1.1" was requested along with other
attributes then no attibutes were returned, but in this case "1.1"
is expected to be ignroed.
Fix Description: Only comply with "1.1" if it is the only requested attribute
relates: https://pagure.io/389-ds-base/issue/50530
Reviewed by: firstyear(Thanks!)
- - - - -
64e457ad by Anuj Borah at 2019-08-07T15:42:13+05:30
Issue: 48851 - Add more test cases to the match test suite(mode replace)
Bug Description: Add more test cases to the match test suite(mode replace)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
7fb25957 by Anuj Borah at 2019-08-07T19:49:25+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(indexing final)
Bug Description: Investigate and port TET matching rules filter tests(indexing final)
Relates : https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
70461785 by Mark Reynolds at 2019-08-07T10:34:33-04:00
Issue 50507 - Fix Cockpit UI styling for PF4
Description: Fix the UI stylings to be aligned with Patternfly 4.
Also cleaned up ds.css to remove unused and duplicate
classes.
Added framework for PF React 4 so we start porting
PF React to version 4 as well.
relates: https://pagure.io/389-ds-base/issue/50507
Reviewed by: spichugi(Thanks!)
- - - - -
205506a9 by Ludwig Krispenz at 2019-08-07T17:14:51+02:00
Issue 50506 - cont Fix invalid frees from pointer reference calls
one more issue found with dynamic_plugins test suite and ASAN
- - - - -
b8c64856 by Mark Reynolds at 2019-08-07T16:38:25-04:00
Issue 50534 - CLI change schema edit subcommand to replace
Description: The way the CLI currently edits an attribute or objectclass
is that it deletes it, and then adds the new attribute using
only the params specified in "edit". So the subcommand "edit"
is misleading as previous/untouched values will get overwritten,
it should be "replace" instead to avoid confusion..
relates: https://pagure.io/389-ds-base/issue/50534
Reviewed by: spichugi(Thanks!)
- - - - -
fb3be041 by Mark Reynolds at 2019-08-07T16:49:22-04:00
Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
Bug Description:
If you delete the suffix that is set as the default naming context, the attribute
is not reset.
Also using dsconf to delete a backend/suffix fails if there are vlv indexes, encrypted
attributes, or replication is configured.
Fix Description:
As for the default naming context, if there is a second suffix configured, it will be
automatically set as the new default naming context, otherwise the attribute is not
modified.
For dsconf backend delete issue, it now checks and removes replication configuration
and agreements, and removes all the child entries under the backend entry..
relates: https://pagure.io/389-ds-base/issue/50525
Reviewed by: spichugi(Thanks!)
- - - - -
71d7ca07 by Mark Reynolds at 2019-08-08T08:02:49-04:00
Issue 50536 - Audit log heading written to log after every update
Bug Description: Once the audit log is rotated the log "title" is incorrectly
written to the log after every single update. This happened
becuase when we udpated the state of the log it was applied
to a local variable, and not the log info structure itself.
Fix Description: After writting the "title", update the state of the log using
a pointer to the log info structure.
relates: https://pagure.io/389-ds-base/issue/50536
Reviewed by: lkrispenz(Thanks!)
- - - - -
35757309 by Mark Reynolds at 2019-08-08T11:48:40-04:00
Issue 50538 - cleanAllRUV task limit is not enforced for replicated tasks
Bug Description:
There is a hard limit of 64 concurrent cleanAllRUV tasks, but this limit is
only enforced when creating "new" tasks. It was not enforced when a task was
received via an extended operation. There were also race conditions in the
existing logic that allowed the array of cleaned rids to get corrupted . This
allowed for a very large number of task threads to be created.
Fix Description:
Maintain a new counter to keep track of the number of clean and abort threads
to make sure it never over runs the rid array buffers.
relates: https://pagure.io/389-ds-base/issue/50538
Reviewed by: lkrispenz(Thanks!)
- - - - -
21ba8427 by Mark Reynolds at 2019-08-09T09:31:23-04:00
Issue 50538 - Move CI test to individual file
Description: The CI test needs to be a standalone file as it needs
a clean environment to run correctly
relates: https://pagure.io/389-ds-base/issue/50538
Reviewed by: lkrispenz(Thanks!)
- - - - -
340f2399 by Ludwig Krispenz at 2019-08-13T10:05:34+02:00
Ticket 50490 objects and memory leaks
Bug: There are severalmemory leaks for replication objects
Fix: This patch contains a couple of fixes:
- The balance of acquire and release for a replica object was incorrect,
but the object is allocated at startup or when a replica is added and
destroyed at shutdown. In between we know the replica exists and can be accessed directly
To ensure that no access was made until it is destroyed the shutdown order was
slightly modifed
- other objects like RUV or AGMT were also not always correctly balanced, this
is corrected
- in cl5_api where many types of objects are used, the variable names were changed
to bettr indicat to what an object refers
- some other leaks, eg in repl5_total_init or op_shared_add were fixed
- unused code has been removed
Reviewed by: William, Thierry, Mark - thanks
- - - - -
7a24286f by Akshay Adhikari at 2019-08-13T18:47:31+05:30
Issue 50462 - Fix CI tests
Description: Explicitly changed strings to bytes in upgrade-script(tools.py)
Also Added ds_version check in order it won't break in 1.4.
Added a new replication agreement, and a replication manager. Replication is not
working with service accounts.
related: https://pagure.io/389-ds-base/issue/50462
Reviewed by: Firstyear, vashirov (Thanks!)
- - - - -
ca915d58 by Thierry Bordaz at 2019-08-14T15:37:12+02:00
Ticket 50542 - Entry cache contention during base search
Bug Description:
During a base search the entry cache lock is acquired to retrieve the target entry.
Later when the candidate list is built, the entry cache lock is also acquired
to retrieve the candidate that is actually the target entry itself
So for a base search the entry cache lock is accessed 4 times (2 acquires + 2 releases)
It is very easy to create a huge contention (e.g. dereferencing large group) increasing
etime
Fix Description:
The idea is to acquire the entry, from the entry cache (with refcnt++) when searching the base
search. Then instead of returning the entry (refcnt--) the entry is kept in the operation until
the operation completes. If later we need the entry (to send it back to the client), the entry is
picked up from the operation not from the entry cache lookup
https://pagure.io/389-ds-base/issue/50542
Reviewed by: Ludwig Krispenz, William Brown
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
f5714c12 by Barbora Smejkalova at 2019-08-22T08:25:47+02:00
Issue 49761 - Fix CI test suite issues
Description:
Fixing failing ticket49071_test.py, so it would pass nightly tests.
Also moved this test to "/suites/import/regression_test.py" and removed ticket49071_test.py from "tickets"
Relates: https://pagure.io/389-ds-base/issue/49071
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: firstyear, vashirov (Thanks!)
- - - - -
7edcaff0 by Ludwig Krispenz at 2019-08-22T16:41:28+02:00
fix for 50542 crashes in filter tests
The crash is when a backentry is released, there is a call to CACHE_RETURN
and then check and free of a vlv entry.
But CACHE_RETURN, under some conditions, can free the backentry - the following check will
dereference a NULL entry and crashes
Fix: Reverse the order of freeing vlv entry and returning entry to cache
Note: Viktor did successfully runthe tests, thanks
Reviewed by: ?
- - - - -
b5d96274 by Mark Reynolds at 2019-08-22T11:45:06-04:00
Issue 49624 - modrdn silently fails if DB deadlock occurs
Bug Description:
If a DB Deadlock error occurs during a modrdn operation the entry
cache gets updated (corrupted), but the update is not applied to
the database.
Fix Description:
Looks like there was a copy & paste error, and the wrong attribute
was updated during the retry of the modrdn operation.
relates: https://pagure.io/389-ds-base/issue/49624
Reviewed by: lkrispenz (Thanks!)
- - - - -
6ae84810 by Simon Pichugin at 2019-08-23T09:54:55+02:00
Issue 50499 - Audit fix - Update npm 'eslint-utils' version
Description: Versions of `eslint-utils` >=1.2.0 or <1.4.1 are vulnerable
to Arbitrary Code Execution. Update the version.
https://pagure.io/389-ds-base/issue/50499
Reviewed by: ?
- - - - -
e3780926 by Mark Reynolds at 2019-08-23T11:32:48-04:00
Issue 50506 - Fix regression from slapi_entry_attr_get_ref refactor
Description: In pwenc.c we took a reference to the attribute value, but
it was freed before we looked at it.
relates: https://pagure.io/389-ds-base/issue/50506
Regviewed by: mreynolds (one line commit rule)
- - - - -
af4631f2 by Viktor Ashirov at 2019-08-23T18:07:40+02:00
Issue 49761 - Fix CI test suite issues
Description:
* Update conftest.py to work correctly on FIPS machine
* Rename single letter variables to avoid conflicts with pdb commands
* Skip some tests on versions < 1.4.1.6 where fix is not available
* Add a timeout after import task is created to avoid failures on slow machines
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: spichugi (Thanks!)
- - - - -
441d5aba by Mark Reynolds at 2019-08-26T10:50:05-04:00
Issue 49324 - idl_new report index name in error conditions
Description: Add the index attribute name to error messages
relates: https://pagure.io/389-ds-base/issue/49324
Reviewed by: firstyear & tbordaz (Thanks!!)
- - - - -
5287b9ac by Simon Pichugin at 2019-08-26T21:22:18+02:00
Issue 50206 - Refactor lock, unlock and status of dsidm account/role
Description: Port ns-accountstatus.pl, ns-activate.pl and ns-inactivate.pl to lib389 CLI.
Add: dsidm account/role entry-status, dsidm account subtree-status, dsidm role lock/unlock
Refactor: dsidm account lock/unlock
Remove: dsidm account status
Also, refactor role.py and idm/account.py accordingly to the CLI requirements.
https://pagure.io/389-ds-base/issue/50206
Reviewed by: firstyear (Thanks, William!)
- - - - -
bfdb2262 by William Brown at 2019-08-26T22:31:08+00:00
Ticket 50564 - Fix rust libraries by default and improve docker
Bug Description: Rust libraries were not installed properly
due to quirks of autotools and cargo. Containers as a result
couldn't start in some cases.
Fix Description: Fix this by building rust
libraries as static libs and linking them into existing .so files
instead.
https://pagure.io/389-ds-base/pull-request/50564
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
8474a172 by Mark Reynolds at 2019-08-27T11:13:25-04:00
Issue 49324 - idl_new fix assert
Description: Remove faulty assert, and retrieve best effort name of index
relates: https://pagure.io/389-ds-base/issue/49324
Reviewed by: tbordaz(Thanks!)
- - - - -
723b88a2 by Anuj Borah at 2019-08-28T15:33:09+05:30
Issue: 48055 - CI test-(Plugin configuration should throw proper error messages if not configured properly)
CI test-(Plugin configuration should throw proper error messages if not configured properly)
Relates: https://pagure.io/389-ds-base/issue/48055
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
43f7b99c by William Brown at 2019-08-29T09:44:50+10:00
Ticket 50349 - filter schema validation
Bug Description: 389 Should assert that all attributes in a filter
are present and valid in schema. If there are attributes in a filter
that are not in schema, this can lead to DOS due to fall-back to
un-indexed scans, and it also can mask and cover-up application and
development issues with queries. For example, the referenced case was
caused by IPA mistakenly searching an attribute that can never be
satisfied by ACI/filter. If we warned or rejected filters in this case
we would have quickly communicated to the developer that they had caused
a mistake - feedback, being a vital component of psychology and usability
theory.
This should optionally be allowed to be disabled, due to some sites that
use things like extensibleObject that by nature, bypass and violate schema
checks.
Fix Description: We now have a configuration item that has three levels:
off, warn, on. The idea is that with "on" we'll reject the filter and
won't execute it. "warn", we evaluate the filter, but we map invalid
attributes empty IDL. And "off" we have the "previous" behiavour. We
default to "warn" which is the rfc compliant behaviour.
https://pagure.io/389-ds-base/issue/50349
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, lkrispen (Thanks!)
- - - - -
0c94f219 by Simon Pichugin at 2019-08-30T16:52:18+02:00
Issue 50578 - Add SKIP_AUDIT_CI flag for Cockpit builds
Description: Sometimes we need to skip audit-ci check because
we are doing a bisect or just checking older commit.
Process an environment variable SKIP_AUDIT_CI and
if it's set - skip the audit-ci action.
https://pagure.io/389-ds-base/issue/50578
Reviewed by: mreynolds, vashirov (Thanks!)
- - - - -
54ae3dfb by Simon Pichugin at 2019-09-02T16:12:31+02:00
Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted
Description: By default, remove ldif.done files after running cl-dump.
Add an option '-l' which allows keep the files.
Modify 'dsconf replication dump-changelog' command accordingly.
Update man files.
https://pagure.io/389-ds-base/issue/50572
Reviewed by: firstyear, mreynolds (Thanks!)
- - - - -
0a343893 by Simon Pichugin at 2019-09-02T18:16:10+02:00
Issue 50545 - Port fixup-memberuid and add the functionality to CLI and UI
Description: fixup-memberuid.pl script corrects mismatched member and uniquemember values.
Port to existing CLI tools and add the button (similar to memberOf fixup task) to UI.
https://pagure.io/389-ds-base/issue/50545
Reviewed by: mreynolds, firstyear (Thanks!)
- - - - -
aa17a8f9 by Simon Pichugin at 2019-09-03T17:59:29+02:00
Issue 50550 - DS installer debug messages leaking to ipa-server-install
Bug Description:
DS installer debug messages are now leaked in the main ipa-server-install output.
This looks as a (very minor) regression, I did not see this text in the past.
Fix Description:
Clean up loging in lib389. Replace 'sepolicy' module with subprocess call
to 'semanage' tool. It is done because 'sepolicy' has verbose output that
appears on 'import'. Instead of developing a tricky workaround, direct
'semange' call was used.
https://pagure.io/389-ds-base/issue/50550
Reviewed by: firstyear, mreynolds, mhonek (Thanks!)
- - - - -
ba425453 by William Brown at 2019-09-04T09:58:43+10:00
Ticket 50567, 50568 - strict host check disable and display container version
Bug Description: This is a minor fix to disable strict host checking
by default as it causes some installs to unexpectedly fail. We also
display the container version by default to aid future issue reports.
Fix Description: strict host check to false, and print paths.version.
https://pagure.io/389-ds-base/issue/50568
https://pagure.io/389-ds-base/issue/50567
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
295ea072 by William Brown at 2019-09-04T10:04:02+10:00
Ticket 50576 - Same proc uid/gid maps to rootdn for ldapi sasl
Bug Description: In containers the directory server process may
not start as root, and root may not even be accessible. This means
that some local administration is difficult to achieve. By allowing
the running process id to map to rootdn (directory manager), we have
the same effective security, but ease use of some cli tools.
Fix Description: Allow uid/gid to map to root dn
https://pagure.io/389-ds-base/issue/50576
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
a096b07c by Mark Reynolds at 2019-09-06T15:42:04-04:00
Bump version to 1.4.2.0
- - - - -
00403323 by Mark Reynolds at 2019-09-07T07:37:42-04:00
Issue 50546 - Fix various issues in UI
Description: This patch addresses several issues:
- #50546 - Exports from Cockpit can be stored outside of /var/lib/dirsrv/slapd-instance_name/ldif/
- #50418 - dsctl remove does not cleanup /etc/tmpfiles.d
- #50554 - Cockpit incorrectly shows that a server is in read-only mode
- #49856 - Changing port should adjust selinux labels
- This also enforces a minimum password length for root DN
- Added confirmation modal is you disable LDAPI(and UI)
- Added port verification
- Created new "view" modals for schema instead oi reusing edit forms
- Improved instance creation form validation
- Added a progress bar for doing the initial load of configuration
relates: https://pagure.io/389-ds-base/issue/50546
Reviewed by: spichugi(Thanks!)
- - - - -
4a84f843 by Simon Pichugin at 2019-09-09T09:10:31+02:00
Issue 50173 - Add the validate-syntax task to the dsconf schema
Description: Perl scripts will be removed. And we should have
the replacement for syntax-validate.pl. We should add the CLI
option to dsconf schema.
Add validate-syntax task subcommand for 'dsconf schema'.
Add a test for syntax validate task
https://pagure.io/389-ds-base/issue/50173
https://pagure.io/389-ds-base/issue/50545
Reviewed by: firstyear (Thanks!)
- - - - -
38d1b0a0 by Simon Pichugin at 2019-09-09T13:53:36+02:00
Issue 50586 - lib389 - Fix DSEldif long line processing
Description: When dse.ldif has a very long line inthe attribute value,
it puts it to the next line and adds ' '.
We should process it correctly in lib389.
https://pagure.io/389-ds-base/issue/50586
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
041f71c2 by Mark Reynolds at 2019-09-09T16:36:20-04:00
Issue 50546 - fix more UI issues
Description: In schema.js do not reset "ds-input" class's border. In FF
it makes all the field ugly. Also fixed the plugin forms
to be nicer and easier to read
relates: https://pagure.io/389-ds-base/issue/50546
Reviewed by: mreynolds (one line commit rule)
- - - - -
e1c2d433 by Timo Aaltonen at 2019-09-10T16:40:56+03:00
control: Drop direct depends on python from 389-ds-base. (Closes: #936102)
- - - - -
5e320aab by Timo Aaltonen at 2019-09-10T16:45:55+03:00
Merge branch 'upstream'
- - - - -
d6562ff0 by Timo Aaltonen at 2019-09-10T16:46:38+03:00
bump the version
- - - - -
d0c846be by Tibor Dudlák at 2019-09-10T18:22:57+02:00
Do not use comparision with "is" for empty value
There is a warning with python 3.8 at fedora rawhide about
comparision with "is" while running ipa-server install:
dirsrv_log.py:148: SyntaxWarning: "is not" with a literal. Did you mean "!="
Removing "is not ''" as this should not be needed
to make sure that timedata['nanosecond'] is empty.
Signed-off-by: Tibor Dudlák <tdudlak at redhat.com>
- - - - -
db876c62 by Mark Reynolds at 2019-09-10T15:14:42-04:00
Issue 50546 - fix more UI issues(part 2)
Description: Fixed minor issues not fully addressed from the last commit
relates: https://pagure.io/389-ds-base/issue/50546
Reviewed by: mreynolds (one line commit rule)
- - - - -
828ebf66 by William Brown at 2019-09-10T23:31:32+00:00
Ticket 50584, 49212 - docker healthcheck and configuration
Bug Description: Docker is managed by providing values from the
environment. To know if this is ready to make changes to our
local instance, we need to be able to check the instance is
healthy. In addition, docker has a health check process which
can allow monitoring and management of instances as they start.
Fix Description: This provides a healthcheck tool and allows
configuration by the envirnoment for the directory manager
password, and allows indicating via the env to perform a
db2index on startup.
https://pagure.io/389-ds-base/issue/49212
https://pagure.io/389-ds-base/issue/50584
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
00e33315 by Matus Honek at 2019-09-11T11:00:53+00:00
Issue 50580 - Perl can't be disabled in configure
Bug description:
Due to incorrect use of AC_ARG_ENABLE macro arguments' semantics some
calls like ./configure --disable-* and --enable-*=no worked
unexpectedly like --enable-*=yes.
Fix description:
As this issue affects several ./configure options all were fixed. The
fix uses the fourth argument of the AC_ARG_ENABLE to set the default in
case no option was provided. In case an explicit --disable-* or
--enable-* argument was provided to ./configure the respective $enable_*
variable is implicitly populated by autoconf, hence subsequent
if-else statements take care of additional operations based on the
variable's value.
For the record, some implementations of the options pre-set the default
value before the AC_ARG_ENABLE in case the respective $enable_* variable
has not been set. This is a correct approach, hence left as is.
Resolves: https://pagure.io/389-ds-base/issue/50580
Author: Matus Honek <mhonek at redhat.com>
Review-By: Mark (thanks!)
- - - - -
bfbe3022 by Timo Aaltonen at 2019-09-11T15:56:05+03:00
Drop -legacy-tools and other obsolete scripts.
- - - - -
01d23bcd by Timo Aaltonen at 2019-09-11T16:02:00+03:00
use-bash-instead-of-sh.diff, rename-online-scripts.diff, perl-use- move-instead-of-rename.diff: Dropped, obsolete.
- - - - -
e46341e3 by Timo Aaltonen at 2019-09-11T16:33:12+03:00
rules: Fix dsconf/dscreate/dsctl/dsidm manpage section.
- - - - -
7583f756 by Timo Aaltonen at 2019-09-11T16:33:52+03:00
tests/setup: Migrate to dscreate.
- - - - -
d0aedf52 by Timo Aaltonen at 2019-09-11T16:34:40+03:00
drop autoreconf from dh line
- - - - -
b3287062 by Timo Aaltonen at 2019-09-11T16:35:46+03:00
control: Add libnss3-tools to python3-lib389 depends. (Closes: #920025)
- - - - -
4d8863f9 by Timo Aaltonen at 2019-09-11T17:01:40+03:00
releasing package 389-ds-base version 1.4.1.6-1
- - - - -
4082f760 by Timo Aaltonen at 2019-09-12T14:50:20+03:00
Restore perl build partly, setup-ds is still needed for upgrades until Ubuntu 20.04 is released (for versions << 1.4.0.9).
- - - - -
523166b3 by Timo Aaltonen at 2019-09-12T14:50:47+03:00
releasing package 389-ds-base version 1.4.1.6-2
- - - - -
9e88e197 by Ludwig Krispenz at 2019-09-12T15:51:57+02:00
Issue 50506 - Fix regression for relication stripattrs
Bug: When parsing the provided attribute value, a reference was used
and modified, the original attribute was corrupted
Fix: Use a copy for parsing
Reviewed by: ?
- - - - -
0caae8aa by Ludwig Krispenz at 2019-09-12T16:42:46+02:00
Ticket 50593 Investigate URP handling on standalone instance
Bug: If the MMR plugin is enabled (on by default)
even if no replica was configured the MMR plugins were called
and eventually tried to generate cenotaphs for modrdn ops-
Fix: Check early if the operation affects a backend without replication
and return
- - - - -
7eeb2d74 by Timo Aaltonen at 2019-09-13T07:32:25+03:00
control: Add openssl to python3-lib389 depends.
- - - - -
1bb4857b by Timo Aaltonen at 2019-09-13T07:32:31+03:00
releasing package 389-ds-base version 1.4.1.6-3
- - - - -
99f11312 by Sylvie Gouverneyre at 2019-09-13T14:51:48+00:00
ticket 50510 - etime can contain invalid nanosecond value
Bug Description:
When running the test on upstream backported version, the skipif line has to be manually commented
Fix description :
changed skifif to xfail, the test being written so that it is able to manage the failures.
This is a temporary fix, as the test will have to be modified when bug 1749236 related to this feature will be fixed.
- - - - -
c403a39c by Mark Reynolds at 2019-09-16T15:31:15-04:00
Issue 50604 - Fix UI validation
Description:
This issue has been opened to track a series of bugzillas that were filed by our QE group during a massive UI testing day. Here are the issues being addressed in this issue:
- Replication agreement disappears from table after browser refresh
- https://bugzilla.redhat.com/show_bug.cgi?id=1751128
- Fix log rotation time validation
- https://bugzilla.redhat.com/show_bug.cgi?id=1751004
- Check backup/ldif name to see if it already exists
- https://bugzilla.redhat.com/show_bug.cgi?id=1751007
- https://bugzilla.redhat.com/show_bug.cgi?id=1751009
- Root DN should not be editable
- https://bugzilla.redhat.com/show_bug.cgi?id=1751011
- Backup should check if there is a database available
- https://bugzilla.redhat.com/show_bug.cgi?id=1751019
- Also fixed backup duplicate timestamp issue
- Fixed instance creation error handing
- https://bugzilla.redhat.com/show_bug.cgi?id=1751026
- Fixed export/inout issues. Check for existing back or ldif
- https://bugzilla.redhat.com/show_bug.cgi?id=1751019
- Validate SSL version min and max
- https://bugzilla.redhat.com/show_bug.cgi?id=1751072
- Can not promte/demote replica
- https://bugzilla.redhat.com/show_bug.cgi?id=1751145
- Database link creation and deletion issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1751157
- Agreement name validation during creation
- https://bugzilla.redhat.com/show_bug.cgi?id=1751165
- Validate referral port
- https://bugzilla.redhat.com/show_bug.cgi?id=1751173
- Fix deleteion of config attributes
- https://bugzilla.redhat.com/show_bug.cgi?id=1751190
There was an overall improvement when creating suffixes/databases on how to initialize them
relates: https://pagure.io/389-ds-base/issue/50604
Reviewed by: spichugi(Thanks!)
- - - - -
394732b6 by Timo Aaltonen at 2019-09-17T01:37:11+03:00
tests: Redirect stderr to stdout.
- - - - -
4c5a4316 by Thierry Bordaz at 2019-09-17T15:21:05+02:00
Ticket 50581 - ns-slapd crashes during ldapi search
Bug Description:
Using ldapi, if the length of the socket file path exceeds
46 bytes it triggers a buffer overflow while reseting a connection.
Reset happens at open/close/error.
Fix Description:
Use a buffer sized for a PRNetAddr.local.path (~100bytes)
Use of MAXPATHLEN (4kb) is too much.
https://pagure.io/389-ds-base/issue/50581
Reviewed by: William Brown, Alexander Bokovoy, Mark Reynolds, Simon Pichugi
Platforms tested: F30 (thanks !!)
Flag Day: no
Doc impact: no
- - - - -
2b44a279 by Mark Reynolds at 2019-09-17T10:36:30-04:00
Bump version to 1.4.2.1
- - - - -
160e4c95 by Timo Aaltonen at 2019-09-17T18:14:32+03:00
releasing package 389-ds-base version 1.4.1.6-4
- - - - -
16cf97e1 by Ludwig Krispenz at 2019-09-18T17:13:19+02:00
Ticket: 50610 memory leak in dbscan
Bug: the latest allocation of a database iteratioj is not freed,
Fix: after the iteration free key/data structs
Reviewed by: Mark, thanks
- - - - -
56ea32d6 by Viktor Ashirov at 2019-09-23T10:00:49+02:00
Issue 50615 - Log current test name to journald
Bug Description:
Sometimes server crashes during test execution, events about crash are
logged to journald. But it's not easy to tell in which test the crash
happened, especially during the full test run.
Fix Description:
Add a fixture that is used automatically for all tests (if the server is
built with systemd) on setup and teardown, and logs a message to journald
Fixes: https://pagure.io/389-ds-base/issue/50615
Reviewed by: mreynolds (Thanks!)
- - - - -
fce5c6c0 by Mark Reynolds at 2019-09-25T10:49:37-04:00
Issue 50620 - Fix regressions from 50506 (slapi_enry_attr_get_ref)
Description: Some crashes were found in upstream testing. Needed
to revert slapi_entry_attr_get_ref() back to slapi_entry_attr_get_charptr()
relates: https://pagure.io/389-ds-base/issue/50620
Reviewed by: tbordaz(Thanks!)
- - - - -
4b987b3a by William Brown at 2019-09-26T10:55:53+10:00
Ticket 50617 - disable cargo lock
Bug Description: We need cargo lock for future offline builds, but
the version of cargo in suse/rhel seems to old to support vendoring.
Fix Description: For now, disable this, and rely on "online" builds
(but we have no/few external deps anyway)
https://pagure.io/389-ds-base/issue/50617
Author: William Brown <william at blackhats.net.au>
Review by: mhonek, mreynolds (thanks!)
- - - - -
28f40a83 by William Brown at 2019-09-26T11:00:25+10:00
Ticket 50595 - remove syslog.target requirement
Bug Description: Syslog.target is removed in newer systemd versions.
Fix Description: Remove the target because it's no longer relevant.
https://pagure.io/389-ds-base/issue/50595
Author: William Brown <william at blackhats.net.au>
Review by: mhonek (Thanks)
- - - - -
54df38ee by William Brown at 2019-09-26T11:12:06+10:00
Ticket 50622 - ds_selinux_enabled may crash on suse
Bug Description: SUSE doesn't have the python-selinux module by
default, so this tool crashes as it can't find the python
module for import.
Fix Description: ATtempt to import the library, and on failure
return false for enabled.
https://pagure.io/389-ds-base/issue/50622
Author: William Brown <william at blackhats.net.au>
Review by: mhonek (Thanks!)
- - - - -
761dd658 by Simon Pichugin at 2019-09-26T09:13:26+02:00
Issue 50545 - Port repl-monitor.pl to lib389 CLI
Description: Add a new command to 'dsconf replication' CLI.
'dsconf replication monitor' generates a report which
shows the replication topology to which the instance does belong.
Additional arguments:
-c or --connections [CONNECTION [CONNECTION ...]]
The connection values for monitoring other not
connected topologies. The format:
'host:port:binddn:bindpwd'. You can use regex for host
and port. You can set bindpwd to * and it will be
requested at the runtime or you can include the path
to the password file in square brackets - [~/pwd.txt]
-a or --aliases [ALIAS [ALIAS ...]]
If a host:port is assigned an alias, then the alias
instead of host:port will be displayed in the output.
The format: alias=host:port
Also, ~/.dsrc can be used for specifying the connections and aliases.
[repl-monitor-connections]
connection1 = server1.example.com:38901:cn=Directory manager:*
connection2 = server2.example.com:38902:cn=Directory manager:[~/pwd.txt]
connection3 = hub1.example.com:.*:cn=Directory manager:password
[repl-monitor-aliases]
M1 = server1.example.com:38901
M2 = server2.example.com:38902
https://pagure.io/389-ds-base/issue/50545
Reviewed by: mreynolds (Thanks!)
- - - - -
d41ef935 by Viktor Ashirov at 2019-09-26T09:59:15+02:00
Issue 50627 - Add ASAN logs to HTML report
Bug Description:
ASAN-enabled server generates error logs, it would be nice to collect
them and identify tests that caused the error.
Fix Description:
Add a hook for pytest-html plugin to add logs generated by ASAN to the
html report. After test is done, these logs will be rotated.
Fixes: https://pagure.io/389-ds-base/issue/50627
Reviewed by: mreynolds (Thanks!)
- - - - -
11bb10ff by Mark Reynolds at 2019-09-26T09:43:18-04:00
bump version to 1.4.2.2
- - - - -
2e85b4a3 by Mark Reynolds at 2019-09-27T17:23:49-04:00
Issue 50499 - Fix npm audit issues
Description; Updated npm handlebars package
relates: https://pagure.io/389-ds-base/issue/50499
- - - - -
205778fc by William Brown at 2019-10-02T09:26:40+10:00
Ticket 50619 - extend commands to have more modify options
Bug Description: Extend dsidm to support modifying more types of
entries.
Fix Description: Can now modify groups, posixgroup, ou and others
from the cli without an ldifmodify
https://pagure.io/389-ds-base/issue/50619
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
e0492360 by William Brown at 2019-10-02T09:33:55+10:00
Ticket 50632 - Add ensure attr state so that diffs are easier from 389-ds-portal
Bug Description: We did not have a stateful attribute update system.
Fix Description: Add a stateful attribute update that asserts attributes
and values are in a known state, and updates in a single modification if not.
https://pagure.io/389-ds-base/pull-request/50632
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
52f2b0db by Thierry Bordaz at 2019-10-07T15:10:42+02:00
Ticket 50636 - Crash during sasl bind
Bug Description:
Sasl bind registers IO layers (sasl_IoMethods) that will be
pushed (and called) by the next incoming operation.
So the next incoming operation should synchronize itself
with the sasl bind.
Fix Description:
The call to connection_call_io_layer_callbacks, that pushes
registered methods, must hold c_mutex so that it let
a pending sasl bind to fully register the methods.
https://pagure.io/389-ds-base/issue/50636
Reviewed by: Ludwig Krispenz, Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
1ac74076 by Viktor Ashirov at 2019-10-08T08:49:19+02:00
Issue 50638 - RecursionError: maximum recursion depth exceeded while calling a Python object
Bug Description:
DSLdapObject has an overridden `__getattr__` method. In case the requested
attribute doesn't exist, `getattr()` goes into an infitite recursive loop,
only to be interrupted by a `RecursionError` exception.
`rename()` method has one such lookup for a non-existent attribute,
and it's not used at all.
Fix Description:
* Restore the default behaviour of `getattr()` when attribute doesn't exist.
* Remove unneeded attribute lookup in `rename()`.
Fixes: https://pagure.io/389-ds-base/issue/50638
Reviewed by: mreynolds, mhonek, firstyear (Thanks!)
- - - - -
f6bd667d by Anuj Borah at 2019-10-09T15:39:34+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(indexing more test cases)
Bug Description: Investigate and port TET matching rules filter tests(indexing more test cases)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
b7d11180 by Ludwig Krispenz at 2019-10-10T10:57:02+02:00
Ticket - 50349 - additional fix: filter schema check must handle subtypes
Bug: if the filter did contain an attribute with a subtype eg givenname;lang-de
then the schema lookup failed.
Fix: The subtype needs to be removed befor asi lookup
Reviewed by: William, Thiery, Mark - thanks
- - - - -
94c74015 by Ludwig Krispenz at 2019-10-10T13:35:26+02:00
Ticket 49476 - refactor ldbm backend to allow replacement of BDB
BACKEND REDESIGN -Phase 1
This patch provides the first phase of the backend redesign. It does
split the configuration of the LDBM layer and the DB specific layer.
The dblayer_private defines a set of functions to be used by the LDBM
layer and to be implemented by the DB layer.
Currently this is only done for the BDB implementation, the patch automatically
splits the configuration for existing instances
See also:
http://www.port389.org/docs/389ds/design/backend-redesign.html
- - - - -
c8ac6fca by Ludwig Krispenz at 2019-10-10T13:35:26+02:00
Ticket 49476 - backend refactoring phase1, fix failing tests
this patch fixes a couple of failing tests
- passwordpolicy, failing sometimes, with and without backend patch,
adding a sleep makes it pass
- ticket48906 - check did look for backend config params in the (now)
wrong entry
- ticket48252 - incorrect parameters passed to db2index, which only
had effect with th enew backend code
- ticket49076 - bug in bdb_config code, fixe
- - - - -
6377bc78 by William Brown at 2019-10-11T11:10:13+10:00
Ticket 50627 - Support platforms without pytest_html
Bug Description: On systems without pytest_html the conftest
hook would cause tests to fail
Fix Description: If pytest_html is none, don't write the report
to avoid the failure.
Fixes: https://pagure.io/389-ds-base/issue/50627
Author: William Brown <william at blackhats.net.au>
Review by: vashirov
- - - - -
c95f6cfb by Barbora Smejkalova at 2019-10-11T13:48:58+02:00
Add new test suite to test migration between RHDS versions
Description:
Created migration test suite, which will be used with ansible for testing import/export
and replication method between RHDS versions. These tests can be executed only in specific
test environment and therefore will be skipped in normal test run.
Reviewed by: vashirov, firstyear (Thanks!)
- - - - -
7a0a090c by Mark Reynolds at 2019-10-16T14:56:46-04:00
Issue 50646 - Improve task handling during shutdowns
Bug Description: There is a race condition when stopping the server and
a running import task that can cause a heap-use-after-free.
Fix Description: For an import task, encapsulate the import thread with
a global thread increment/decrement (just like the export
task). Also improved how tasks are notified to abort by
notifiying them before we wait for active threads to finish.
Then the tasks get destroyed after all threads are complete.
relates: https://pagure.io/389-ds-base/issue/50646
Reviewed by: lkrispen & tbordaz (Thanks!!)
- - - - -
cc1c946b by Mark Reynolds at 2019-10-16T15:07:57-04:00
Issue 50653 - objectclass parsing fails to log error message text
Description: When replacing an objectclass, if it already exists we
log an error but we do not log what objectclass it is.
This commit adds the error message text.
relates: https://pagure.io/389-ds-base/issue/50653
Reviewed by: abbra(Thanks!)
- - - - -
225f4e17 by Mark Reynolds at 2019-10-16T17:00:05-04:00
Issue 50655 - access log etime is not properly formatted
Description: The wrong printf format was used for displaying the nanosecond etime
in the access log.
relates: https://pagure.io/389-ds-base/issue/50655
Reviewed by: firstyear(Thanks!)
- - - - -
fc476208 by Mark Reynolds at 2019-10-16T19:50:04-04:00
Issue 49850 - ldbm_get_nonleaf_ids() slow for databases with many non-leaf entries
Bug Description: The logs from an LDIF import indicated that gathering non-leaf IDs
for creating the ancestorid index took an enormous amount of time,
over 10hrs. The root cause is that the parentid index btree ordering
is lexical, but the IDList being built up from it is sorted numerically.
In the existing code, the IDList is maintained in constantly sorted
order by idl_insert().
Fix Description: ldbm_get_nonleaf_ids() switches to idl_append_extend() instead idl_insert()
for building up the IDList and then sorts the result only once, using
qsort with idl_sort_cmp, after the entire list has been gathered.
The improvement on identical hardware is for the operation to take 10
seconds rather than 10 hours
Patch Author: Thomas Lackey <telackey at bozemanpass.com> Thanks for the great contribution!!!
relates: https://pagure.io/389-ds-base/issue/49850
Reviewed by: mreynolds, tbordaz, and firstyear (Thanks!)
- - - - -
2f5daa79 by Sylvie Gouverneyre at 2019-10-17T08:10:26+00:00
Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
Bug Description:
When a search fails because it requests more than one empty attribute,
the search base DN is always logged as "(null)".
Fix Description:
The search base DN for the failed search request is logged.
This commit includes the automated test to verify the correct behavior.
Fixes https://pagure.io/389-ds-base/issue/50428
Relates: https://pagure.io/389-ds-base/issue/49969
Author: Sylvie Gouverneyre
Reviewed by: Viktor Ashirov, Simon Pichugin, Thierry Bordaz
- - - - -
166a594c by Anuj Borah at 2019-10-17T14:57:45+05:30
Issue: 48851 - Investigate and port TET matching rules filter tests(match more test cases)
Bug Description: Investigate and port TET matching rules filter tests(match more test cases)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
a2e3c02e by Simon Pichugin at 2019-10-18T08:00:06+02:00
Issue 50634 - Clean up CLI errors output
Description: CLI tools should print human easy readable messages
if something went wrong.
As discussed here: https://pagure.io/389-ds-base/pull-request/50624
Change the CLI error processing so the dict type is always transformed.
https://pagure.io/389-ds-base/issue/50634
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
1563a9d8 by Viktor Ashirov at 2019-10-18T15:58:16+02:00
Issue 50660 - Build failure on Fedora 31
Bug Description:
node-sass v4.11 is not compatible with nodejs-12 that is shipped with
Fedora 31.
Fix Description:
Bump node-sass version to v4.12
Relates/Fixes: https://pagure.io/389-ds-base/issue/50660
Reviewed by: ???
- - - - -
abc6f165 by Simon Pichugin at 2019-10-21T18:25:20+02:00
Issue 50634 - Clean up CLI errors output - Fix wrong exception
Description: The previous commit takes care only about ValueError
evaluation. But it is possible that other exceptions will be raised
which will result in a wrong error output.
Make the exception object more general.
https://pagure.io/389-ds-base/issue/50634
Reviewed by: ?
- - - - -
52b3eb0f by Ludwig Krispenz at 2019-10-24T14:07:45+02:00
Ticket 49850 cont -fix crash in ldbm_non_leaf
Bug: if the ldif to be imported contains only one entry there are no leaf nodes
and the call to qsort crashes
Fix: check that nodes is not NULL
- - - - -
44e92dc8 by William Brown at 2019-10-25T12:34:26+10:00
Ticket 50669 - remove nunc-stans
Bug Description: We have been attempting to modernise our
connection code for a long time - one attempt was nunc-stans.
However after a series of attempts to integrate it, and multiple
failures we discussed this in the listed email thread and decided
to remove this.
https://lists.fedoraproject.org/archives/list/389-devel@lists.fedoraproject.org/thread/3JRQQRIPOVDLLRD2QMF2PWNHJGZFUDCC/
Fix Description: rm -r src/nunc-stans
https://pagure.io/389-ds-base/issue/50669
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
30ae2d70 by Viktor Ashirov at 2019-10-25T21:59:51+02:00
Issue 50669 - Fix RPM build
Bug Description:
rpm build fails due to missing libnunc-stans.so:
```
RPM build errors:
File not found: /workspace/ds/rpmbuild/BUILDROOT/389-ds-base-1.4.2.2-20191025git44e92dc8b.fc30.x86_64/usr/lib64/dirsrv/libnunc-stans.so.*
make: *** [rpm.mk:115: rpms] Error 1
```
Fix Description:
Update 389-ds-base.spec file
Relates: https://pagure.io/389-ds-base/issue/50669
- - - - -
5e338e97 by Mark Reynolds at 2019-10-30T09:00:52-04:00
Issue 50677 - Map subtree searches with NULL base to default naming context
Description:
The Root DSE entry is retreived by using a empty/NULL search base, and a
search scope of "BASE". According to the RFCs these are the exact requirements
for returning the Root DSE, but it does not dictate what you must do if
a different search scope is used. In DS we will return NO_SUCH_OBJECT if
the scope is ONE or SUBTREE. In AD it will use the default suffix in this
case.
To be more compatible AD, specifically global catalog, 389 should also return
the default naming context for a non-Root DSE search(a NULL suffix with a
scope of ONE, or SUBTREE).
relates: https://pagure.io/389-ds-base/issue/50677
Reviewed by: firstyear(Thanks!)
- - - - -
8166d834 by Anuj Borah at 2019-10-30T19:56:13+05:30
Issue: 48055 - CI test - automember_plugin(part1)
CI test - automember_plugin(part1) and add nsAdminGroup
Relates: https://pagure.io/389-ds-base/issue/48055
Fixes: https://pagure.io/389-ds-base/issue/50515
Author: aborah
Reviewed by: Simon Pichugin, Mark Reynolds, Viktor Ashirov
- - - - -
d400bc1d by Matus Honek at 2019-10-31T11:19:23+00:00
Issue 50669 - Remove nunc-stans in favour of reworking current conn code (add.)
Bug Description:
There are a bit more pieces that should be removed for the ticket.
Fix Description:
Remove some additional code. Some documentation still left in place for
reference.
Relates https://pagure.io/389-ds-base/issue/50669
Author: Matus Honek <mhonek at redhat.com>
Review by: mreynolds, firstyear (thanks!)
- - - - -
3f4f52a7 by Viktor Ashirov at 2019-10-31T14:56:13+01:00
Issue 50680 - Remove branding from upstream spec file
Bug Description:
Branding logic is triggered in EPEL builds. We should not have it in
upstream as it should be applied in the downstream only.
Fix Description:
Remove branding.
Fixes: https://pagure.io/389-ds-base/issue/50680
Reviewed by: mreynolds (Thanks!)
- - - - -
5e48e9f4 by Mark Reynolds at 2019-10-31T16:53:07-04:00
Issue 50592 - Port Replication Tab to ReactJS
Description: Ported the replication tab to React. Made many
other improvements throughout the UI:
- Protected "Treeviews" by disable/enable as components are relaoded
- Add a new Double Confirmation Modal/Popup
- Added a script (buildAndWatch.sh) for faster/more convenient developing
- Added a new RUV fucntion for the CLI, and made other lib389 improvements:
- Added support for not only "dc" suffixes, but also "o", "ou", and "cn"
relates: https://pagure.io/389-ds-base/issue/50592
Reviewed by: spichugi(Thanks!)
- - - - -
12991435 by Mark Reynolds at 2019-11-03T15:38:11-05:00
Bump version to 1.4.2.3
- - - - -
5202ad8b by Simon Pichugin at 2019-11-04T22:15:43+01:00
Issue 50499 - Fix npm audit issues
Description: Updated npm handlebars package to 4.4.5
relates: https://pagure.io/389-ds-base/issue/50499
- - - - -
cc8bfec0 by William Brown at 2019-11-05T15:00:37+10:00
Ticket 50633 - Add cargo vendor support for offline builds
Bug Description: At suse/rh we need to be able to build offline. To
achieve this we need offline builds. This adds support for these in
389-ds with cargo and rust.
Fix Description:
This adds cargo vendor support for offline builds,
and shows that they work. We add a stub library for librslapd/libslapd
so that we can begin to develop features in rust.
To build normally: work as usual.
To build offline: make -f rpm.mk download-cargo-dependencies
./configure --enable-rust --enable-rust-offline
Continue to build as usual.
A note to keep in mind is cargo test does not work offline as
dev-dependencies are not vendored.
The download-cargo-dependencies has been added to dist-bz2 for
distributions.
https://pagure.io/389-ds-base/pull-request/50633
Author: William Brown <william at blackhats.net.au>
Review by: mhonek (Thanks)
- - - - -
f701d18f by Matúš Honěk at 2019-11-06T14:31:20+00:00
Issue 50199 - Disable perl by default
Bug Description:
Setting PERL_ON=0 in 389-ds-base.spec.in still builds with Perl
due to the fix in PR #50200.
Fix Description:
Introduce use_legacy in SPEC file (dropping use_perl for clarity), and
keep logic for *perl* flags in other layers for compatibility and
add *legacy* flags to encapsulate the additional changes that need to
be done to which files are being installed when building with/without Perl.
Relates https://pagure.io/389-ds-base/issue/50199
Relates https://pagure.io/389-ds-base/pull-request/50200
Author: Matus Honek <mhonek at redhat.com>
Review by: mreynolds, firstyear, vashirov (thanks!)
- - - - -
1747f910 by Mark Reynolds at 2019-11-06T11:08:50-05:00
Issue 50689 - Failed db restore task does not report an error
Bug Description: If you have a back up that contains a backend that
is not configured the restore fails, but a success
return code is returned to the client. This happens
becuase the return code gets overwritten after the
failure.
Fix Description: Preserve the error code upon failure and properly update
the task exit code.
relates: https://pagure.io/389-ds-base/issue/50689
Reviewed by: tboardaz & lkrispen(Thanks!!)
Never rewrite the orginal error code
- - - - -
83d41432 by William Brown at 2019-11-07T10:44:33+10:00
Ticket 50007, 50648 - improve x509 handling.
Bug Description: certutil and nssdb have fallen from favour
and are really not easy to use. Most admins are used to PEM
files and much easier TLS management.
Fix Description: Add some basic and simple wrappers to support
a set of common operations such as listing TLS certs, making a CSR
and importing PEM files - including from services like let's encrypt
https://pagure.io/389-ds-base/issue/50007
https://pagure.io/389-ds-base/pull-request/50648
Author: William Brown <william at blackhats.net.au>
Review by: spichugi, mreynolds (Thanks!)
- - - - -
5a26d545 by William Brown at 2019-11-07T10:56:13+10:00
Ticket 50641 - Update default aci to allows users to change their own password
Bug Description: The default acis were too restrictive - we do want
people to be able to self change passwords by default!
Fix Description: Fix the default aci's and add tests to prove they behave
as we actually expect.
https://pagure.io/389-ds-base/pull-request/50641
Author: William Brown <william at blackhats.net.au>
Review by: vashirov
- - - - -
a3d876fa by William Brown at 2019-11-07T10:56:13+10:00
Update to mark as skipif
- - - - -
6dcf4067 by William Brown at 2019-11-07T11:35:21+10:00
Update based on Marks feedback
- - - - -
21f2a06c by Mark Reynolds at 2019-11-08T16:57:32-05:00
Issue 50696 - Fix various UI bugs
https://bugzilla.redhat.com/show_bug.cgi?id=1751004
Bug 1751004 - Log Settings "Create New Log Every" takes non integer as input, it even takes alphabets
https://bugzilla.redhat.com/show_bug.cgi?id=1748349
Bug 1748349 - 'View objectclass' modal dialog doesn't have all controls disabled
https://bugzilla.redhat.com/show_bug.cgi?id=1688614
Bug 1688614 - Chaining Configuration Error: Cockpit had an unexpected internal error
https://bugzilla.redhat.com/show_bug.cgi?id=1748355
Bug 1748355 - LDAPI and Autobind configuration should have a warning
https://bugzilla.redhat.com/show_bug.cgi?id=1751157
Bug 1751157 - Cannot Create Database Link
https://bugzilla.redhat.com/show_bug.cgi?id=1751011
Bug 1751011 - DS instance can be easily destroyed by changing non existing Directory Manager DN
https://bugzilla.redhat.com/show_bug.cgi?id=1688663
Bug 1688663 - Cockpit: Enable Replication failed with error "Failed to add replication manager because the base DN of the entry does not exist"
https://bugzilla.redhat.com/show_bug.cgi?id=1751035
Bug 1751035 - Allow and Deny same Ciphers same time
relates: https://pagure.io/389-ds-base/issue/50696
Reviewed by: spichugi(Thanks!)
- - - - -
66a21bfc by Matus Honek at 2019-11-11T15:05:43+01:00
Issue #50683 - Makefile.am contains unused RPM-related targets
Bug Description:
Makefile.am contains some targets very similar to the ones in rpm.mk but
most likely unused by anyone and also untouched recently unlike the
rpm.mk ones.
Fix Description:
Remove the targets for cleanness and reducing confusion.
Fixes https://pagure.io/389-ds-base/issue/50683
Author: Matus Honek <mhonek at redhat.com>
Review by: firstyear, mreynolds (thanks!)
- - - - -
15789e89 by Viktor Ashirov at 2019-11-12T11:11:27+01:00
Issue 49761 - Fix CI test suite issues
Description:
Fix various test issues on RHEL7 and RHEL8:
* systemd on RHEL7 doesn't have --value option.
Drop --value option and parse the output manually.
* Use newer BDB config only on 1.4.2+.
* Skip tests/suites/password/pbkdf2_upgrade_plugin_test.py on <1.4.1.
* Unhashed passwords are not logged by default only on 1.4.1.6+.
* String literal comparison doesn't work with double digits,
i.e. '1.3.10.1' > '1.3.2.1' returns False.
Use packaging.version to compare versions.
* Don't use nsAccount objectClass on versions <=1.4.x.
* Update skipif/xfail version to match downstream versions too.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: firstyear (Thanks!)
- - - - -
7a7bc787 by Viktor Ashirov at 2019-11-12T12:56:10+01:00
Issue 50706 - Missing lib389 dependency - packaging
Description:
In 15789e8 I introduced a new dependency for lib389, thinking it's part
of python's standard library, but it's not. We need to explicitly
mention it in the spec file, requirements.txt and setup.py.
Fixes: https://pagure.io/389-ds-base/issue/50706
Reviewed by: mhonek (Thanks!)
- - - - -
2b8750d6 by Viktor Ashirov at 2019-11-12T18:21:30+01:00
Issue #50712 - Version comparison doesn't work correctly on git builds
Bug Description:
```
>>> get_ds_version()
'1.4.2.3.20191112git7a7bc7872'
>>> ds_is_older('1.4.0')
True
```
This happens because packaging.version returns a different object for
'1.4.2.3.20191112git7a7bc7872' (LegacyVersion) than for '1.4.0'
(Version).
And during comparison Version is always higher:
```
>>> x = Version('1.0')
>>> y = LegacyVersion('2.0')
>>> x > y
True
```
Fix Description:
Always use LegacyVersion during comparison
Fixes: https://pagure.io/389-ds-base/issue/50712
Reviewed by: tbordaz (Thanks!)
- - - - -
fb3d3559 by Barbora Smejkalova at 2019-11-13T11:14:05+01:00
Issue 50536 - After audit log file is rotated, DS version string is logged after each update
Description:
Created test case, which checks if DS version string is present only once
at the top of the audit log after it is rotated.
Relates: https://pagure.io/389-ds-base/issue/50536
Reviewed by: spichugi (Thanks!)
- - - - -
ddbe3c8f by Mark Reynolds at 2019-11-13T12:34:54-05:00
Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes
Bug Description: If there is an ACI that allows "search" access to an attribute,
the deref plugin access control checks sees this is a "read"
privilege and returns the attribute's value.
Fix description: For deref plugin we are only concerned with "read" access, not
"search" access. Removed the SLAPI_ACL_SEARCH right flag when
checking access for an attribute.
relates: https://pagure.io/389-ds-base/issue/50716
Reviewed by: lkrispen & tbordaz(Thanks!)
- - - - -
0493b01b by Mark Reynolds at 2019-11-13T16:00:18-05:00
Issue 50699 - Add Disk Monitor to CLI and UI
Description: Add the disk monitoring to the CLI and UI
relates: https://pagure.io/389-ds-base/issue/50699
Reviewed by: spichugi(Thanks!)
- - - - -
f90077f5 by Mark Reynolds at 2019-11-13T19:10:46-05:00
Issue 50644 - fix regression with creating sample entries
Bug Description: The previous commit for this issue missed how the aci's
were were being adjusted for each type of different
suffix rdn.
Fix Description: I just moved the aci creation into the base object
creation code where all the info needed was readily
available.
relates: https://pagure.io/389-ds-base/issue/50644
Reviewed by: firstyear(Thanks!)
- - - - -
334ba3fb by Viktor Ashirov at 2019-11-14T14:22:40+01:00
Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes
Description:
Add test case
Author: Mark Reynolds
Relates: https://pagure.io/389-ds-base/issue/50716
- - - - -
b77f04af by Ludwig Krispenz at 2019-11-14T16:14:00+01:00
Ticket 50659 AddressSanitizer: SEGV ... in bdb_pre_close
Bug: The crash reported is caused by calling dblayer_close twice in some
offline exec modes. Investigating the crash revealed another crash
in dbverify and memory leaks, one introduced by the backend
patch, two existing previously
Fix: - call dblayer_close only once
- initialize db env properly in dbverify execmode
- don't set sdn by reference when adding to entrydncache
- free collected instances from commandline in dbupgrade mode
- free bdb env in index mode
Reviewed by: William
- - - - -
1b277fb2 by Simon Pichugin at 2019-11-14T17:24:00+01:00
Issue 50634 - Fix CLI error parsing for non-string values
Bug Description: Sometimes the error message has int values and
it makes ' - '.join() function to fail.
Fix Description: Use a list comprehension to change the dict values to str.
https://pagure.io/389-ds-base/issue/50634
Reviewed by: ?
- - - - -
e7f0ec9e by Viktor Ashirov at 2019-11-14T19:22:33+01:00
Issue 49761 - Fix CI test suite issues
Description:
Fix few more issues around version detection.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
c881f6ec by Mark Reynolds at 2019-11-14T16:05:32-05:00
Bump version to 1.4.2.4
- - - - -
aa9600ec by Viktor Ashirov at 2019-11-15T10:27:39+01:00
Issue 50706 - Missing lib389 dependency - packaging
Bug Description:
Build-time dependency was added, but runtime was missing.
Fix Description:
Add runtime dependency for lib389 too.
Fixes: https://pagure.io/389-ds-base/issue/50706
Reviewed by: mhonek (Thanks!)
- - - - -
b1d67c11 by Mark Reynolds at 2019-11-15T11:04:14-05:00
Issue 50499 - Fix npm audit issues
Description: Updated npm handlebars package to 4.5.2
relates: https://pagure.io/389-ds-base/issue/50499
- - - - -
6d70cbe8 by Viktor Ashirov at 2019-11-15T17:21:27+01:00
Issue 50712 - Version comparison doesn't work correctly on git builds
Bug Description:
`python3-packaging` is not shipped in RHEL8. But it's bundled with
`setuptools` which is present in all major distributions.
Fix Description:
Use `pkg_resources` module from `setuptools` which provides needed
functionality, change lib389 and rpm dependencies accordingly.
Unfortunately, `pkg_resources.parse_version()` returns different
objects for different strings too, so use `LegacyVersion` directly
from `pkg_resources.extern.packaging.version`.
Fixes: https://pagure.io/389-ds-base/issue/50712
Relates: https://pagure.io/389-ds-base/issue/50706
- - - - -
a913bea8 by Viktor Ashirov at 2019-11-19T12:30:32+01:00
Issue 50722 - Test IDs are not unique
Bug Description:
Unique IDs are needed for a proper import of test cases into test case
management system. Some test suites have duplicate test IDs, perhaps a
copy-paste error.
Fix Description:
Remove duplicate IDs.
Fix IDs in non-UUID format.
Fix spacing between :id: token and its value.
Fixes: https://pagure.io/389-ds-base/issue/50722
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
9f475988 by Simon Pichugin at 2019-11-20T12:18:56+01:00
Issue 50499 - Fix npm audit issues
Description: Updated npm handlebars package to 4.5.3
relates: https://pagure.io/389-ds-base/issue/50499
- - - - -
8d42434f by Anuj Borah at 2019-11-20T17:07:23+05:30
Issue: 48851 - Investigate and port TET matching rules filter tests(last test cases for match)
Bug Description: Investigate and port TET matching rules filter tests(last test cases for match)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: William Brown, Simon Pichugin
- - - - -
957e2ae2 by Matus Honek at 2019-11-20T15:18:55+01:00
Issue 50439 - Update docker integration for Fedora
Bug Description:
Fedora Dockerfile has been unbuildable/broken for sometime.
Fix Description:
Update the Dockerfile to make it work while mimicking ideas from the
SUSE's counterpart.
Additionaly, changing wget to curl in rpm.mk since wget does not seem to
be available in the minimal image.
Relates https://pagure.io/389-ds-base/issue/50439
Relates https://pagure.io/389-ds-base/pull-request/50441#comment-88961
Author: Matus Honek <mhonek at redhat.com>
Review by: firstyear, vashirov (thanks!)
- - - - -
7b1144ea by Matus Honek at 2019-11-20T15:59:05+01:00
Issue 50711 - `dsconf security` lacks option for setting nsTLSAllowClientRenegotiation attribute
Bug Description:
dsconf security is not able to handle nsTLSAllowClientRenegotiation attribute.
Fix Description:
Add the respective option for dsconf.
Relates https://pagure.io/389-ds-base/issue/50711
Author: Matus Honek <mhonek at redhat.com>
Review by: spichugin, mreynolds (thanks!)
- - - - -
a370f8d4 by Mark Reynolds at 2019-11-22T10:28:00-05:00
Issue 50701 - Add additional healthchecks to dsconf
Description: New checks and several design changes have been implemented
Design changes:
- Moved to a "yield" design, where a lint function can return multiple results
- Revised the lint report so it's easier to read and distiguish between multiple
errors
- Revised most lint errors to include CLI examples on how to fix the issue
New Checks:
- Check TLS certs for expired/expiring
- Add RI plugin checks for missing indexes for RI member attributes
- Added Disk Space check
- Add Virtual Attribute index check
- Add replication agmt status check
- Add replication conflict entry check
- File System checks (/etc/revolv.conf, and NSS pin files)
- Replication changelog trimming
relates: https://pagure.io/389-ds-base/issue/50701
Reviewed by: firstyear, mhonek, tbordaz, and spichugi (Thanks!!!!)
add suggested changes
Improved the replication agreement health checks to use the new
state levels (red, amber, green), and we use that to generate
different reports.
Also improved report example autofilling of the values, so the exact
commands can be copied and pasted.
Added a changelog trimming check as well.
Updated the help section to wanr that htehealthcheck feature should
only be run on the local instance
Moved healthcheck to dsctl and added file permission checks
- - - - -
7ccf5911 by William Brown at 2019-11-25T12:45:30+10:30
Ticket 50729 - add support for gssapi tests on suse
Bug Description: suse has different paths for it's krb
tools.
Fix Description: Allow supporting different paths based
on distro detection.
https://pagure.io/389-ds-base/issue/50729
Author: William Brown <william at blackhats.net.au>
Review by: vashirov, mreynolds (Thanks!)
- - - - -
f4394473 by Mark Reynolds at 2019-11-25T17:24:04-05:00
Issue 50701 - Fix type in lint report
Description: Fix typo introduced from the previous commit for 50701
relates: https://pagure.io/389-ds-base/issue/50701
Reviewed by: firstyear(Thanks!)
- - - - -
51e2c458 by Sylvie Gouverneyre at 2019-11-26T10:47:57+00:00
Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted
Bug Description:
cl-dump utility generates *.ldif files in the changelog directory.
At the end, they are renamed to *ldif.done but they are never deleted.
In some cases, these files can be very large which is provoking an issue at a customer.
Fix Description:
By default, remove ldif.done files after running cl-dump.
Add an option '-l' which allows keep the files.
This commit includes the automated test to check the fix works fine.
Relates https://pagure.io/389-ds-base/issue/50572
Author: Sylvie Gouverneyre
Review by: Simon Pichugin, Viktor Ashirov
- - - - -
569d579d by Timo Aaltonen at 2019-11-26T21:02:03+02:00
Merge branch 'upstream'
- - - - -
54651e58 by Timo Aaltonen at 2019-11-26T21:15:12+02:00
bump the version
- - - - -
d11b9403 by Timo Aaltonen at 2019-11-26T23:34:03+02:00
drop obsolete patch, refresh drop-old-man.diff
- - - - -
aa4bb6bd by Timo Aaltonen at 2019-11-26T23:37:58+02:00
control: Add python3-packaging to build-depends and python3-lib389 depends.
- - - - -
66c6edf9 by Timo Aaltonen at 2019-11-26T23:38:48+02:00
dev,libs.install: Nunc-stans got dropped.
- - - - -
057cd62e by Timo Aaltonen at 2019-11-26T23:39:18+02:00
source/local-options: Add some files to diff-ignore.
- - - - -
6f88a10a by Timo Aaltonen at 2019-11-26T23:39:48+02:00
rules: Refresh list of files to purge.
- - - - -
9583a576 by Timo Aaltonen at 2019-11-27T00:00:58+02:00
rules: Update dh_auto_clean override.
- - - - -
90506d34 by Timo Aaltonen at 2019-11-27T00:02:04+02:00
releasing package 389-ds-base version 1.4.2.4-1
- - - - -
21b8ef93 by Timo Aaltonen at 2019-11-27T18:28:50+02:00
prerm: Fix slapd install path. (Closes: #945583)
- - - - -
01299263 by Thierry Bordaz at 2019-11-27T17:35:01+01:00
Ticket 50741 - bdb_start - Detected Disorderly Shutdown last time Directory Server was running
Bug description:
At startup plugins are started (plugin_dependency_startall) including ldbm database
that read/remove the guardian file (bdb_start).
If one of the plugin fails to start, for example because of a missing dependency,
the statup function just exits without recreating the guardian file.
The next restart will not find the guardian file, trigger a recovery and
log the alarming message "Detected Disorderly Shutdown last time Directory Server was running..."
Fix description:
In case the startup function fails it should call the closing function of all
started plugin: plugin_closeall
The fix also contains fixes for plugin acceptance tests. If DS startup is expected
to fail, it is caught by subprocess.CalledProcessError but actually the startup
function can also return ValueError exception
https://pagure.io/389-ds-base/issue/50741
Reviewed By: Mark Reynolds
- - - - -
94354d8b by Thierry Bordaz at 2019-11-27T17:45:39+01:00
Ticket 50736 - RetroCL trimming may crash at shutdown if trimming configuration is invalid
Bug Description:
If config of retroCL trimming contains invalid value for trim-interval
and/or maxage, then the trimming initialization is skipped.
In such case the trimming structures are not allocated and if they
are freed at shutdown it triggers a crash
Fix Description:
When trimming mechanism is stopped (at shutdown) check that
it was successfully initialized before freeing the structs
https://pagure.io/389-ds-base/issue/50736
Reviewed by: Mark Reynolds
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
d0f04dd3 by William Brown at 2019-11-28T09:51:57+10:00
Ticket 50664 - DS can fail to recover if an empty directory exists in db
Bug Description: In count_dbfiles_in_dir, when the recurse option is set
to false, the counter was zerod. Depending on the opendir (inode, dirent)
ordering of directories in a be folder (ie userRoot), this could cause
an empty directory to be examined last via the recurse option, when then
would clear the counter. If the counter is cleared, the server believes
no db files exist.
Fix Description: Remove the counter-zeroing on recurse == false which
requires us to check the original caller DOES zero the value (I checked,
it does).
https://pagure.io/389-ds-base/issue/50664
Author: William Brown <william at blackhats.net.au>, Thomas E Lackey <telackey at bozemanpass.com>
Review by: ???
- - - - -
cad1bbe5 by Anuj Borah at 2019-12-03T15:07:03+05:30
Issue: 50443 - Create a module in lib389 to Convert a byte sequence to a properly escaped for LDAP
Create a module in lib389 to Convert a byte sequence to a properly escaped for LDAP
Fixes: https://pagure.io/389-ds-base/issue/50443
Author: aborah
Reviewed by: Matus Honek, Simon Pichugin
- - - - -
9caf7aba by Anuj Borah at 2019-12-03T16:17:26+05:30
Issue: 48851 - investigate and port TET matching rules filter tests(cert)
Investigate and port TET matching rules filter tests(cert)
Fixes: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Matus Honek
- - - - -
ff75058b by Matus Honek at 2019-12-03T14:35:10+01:00
Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt
Bug Description:
`NssSsl` always creates `README.txt` which describes the purpose of SSCA, even
when creating only an instance-specific certificate database.
Fix Description:
Create the README.txt only when creating cert DB for a specified DS instance.
Fixes https://pagure.io/389-ds-base/issue/50734
Author: Matus Honek <mhonek at redhat.com>
Review by: Mark, William (thanks!)
- - - - -
7c3c10da by Thierry Bordaz at 2019-12-04T11:06:42+01:00
Ticket 50745: ns-slapd hangs during CleanAllRUV tests
Bug Description:
The hang condition:
- is not systematic
- occurs in rare case, for example here during the deletion of a replica.
- a thread is waiting for a dblock that an other thread "forgot" to
release.
- have always existed, at least since 1.4.0 but likely since 1.2.x
When deleting a replica, the replica is retrieved from
mapping tree structure (mtnode).
The replica is also retrieved through the mapping tree
when writing updates to the changelog.
When deleting the replica, mapping tree structure is cleared
after the changelog is deleted (that can take some cycles).
There is a window where an update can retrieve the replica,
from the not yet cleared MT, while the changelog being removed.
At the end, the update will update the changelog that is
currently removed and keeps an unfree lock in the DB.
Fix description:
Ideally mapping tree should be protected by a lock but it
is not done systematically (e.g. slapi_get_mapping_tree_node).
Using a lock looks an overkill and can probably introduce
deadlock and performance hit.
The idea of the fix is to reduce the window, moving the
mapping tree clear before the changelog removal.
https://pagure.io/389-ds-base/issue/50745
Reviewed by: Mark Reynolds, Ludwig Krispenz
- - - - -
ce8b4ca7 by Simon Pichugin at 2019-12-04T14:11:22+01:00
Issue 50753 - Dumping the changelog to a file doesn't work
Description: Pass the logging object to the code branch where
-i CHANGELOG_FILE is not specified, so -o OUTPUT_FILE works
correctly in that case too.
https://pagure.io/389-ds-base/issue/50753
Reviewed by: mreynolds (Thanks!)
- - - - -
4a6a2800 by Mark Reynolds at 2019-12-04T13:42:18-05:00
Issue 50758 - Enable CLI arg completion
Description: We need to make sure the bash_completion package is installed,
and that we call activate-global-python-argcomplete in %post
relates: https://pagure.io/389-ds-base/issue/50758
Reviewed by: mhonek, and firstyear(Thanks!)
- - - - -
7301d435 by Mark Reynolds at 2019-12-05T12:38:12-05:00
Issue 50747 - Port readnsstate to dsctl
Description: Port the legacy tool readnsstate to dsctl, and add a healthcheck
for local and remote offset that are close to triggering
replication time skew errors
relates: https://pagure.io/389-ds-base/issue/50747
Reviewed by: tbordaz(Thanks!)
Revise lint messages per Thierry's requests
adjust skew calculation
Update man page
- - - - -
d5270034 by Mark Reynolds at 2019-12-06T15:50:47-05:00
Bump version to 1.4.2.5
- - - - -
49f2b1ac by Barbora Smejkalova at 2019-12-09T11:07:15+01:00
Issue 50761 - Parametrized tests are missing ':parametrized' value
Bug Description:
Value ':parametrized: yes' in parametrized tests is needed
for a proper import of results into test case management system.
Fix Description:
Added ':parametrized: yes' value to parametrized tests.
Fixed spacing.
Added missing id to tests.
Fixes: https://pagure.io/389-ds-base/issue/50761
Reviewed by: mhonek, vashirov (Thanks!)
- - - - -
49e2299f by Anuj Borah at 2019-12-09T19:09:12+05:30
Issue: 48851 - Investigate and port TET matching rules filter tests(last test cases for match index)
Bug Description: Investigate and port TET matching rules filter tests(last test cases for match index)
Fixes: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
8a604aaa by Anuj Borah at 2019-12-09T20:06:13+05:30
Issue: 50690 - Port Password Storage test cases from TET to python3(create required types in password_plugins)
Bug Description: Port Password Storage test cases from TET to python3(create required types in password_plugins)
Relates: https://pagure.io/389-ds-base/issue/50690
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
463d6b75 by Thierry Bordaz at 2019-12-09T15:38:00+01:00
Ticket 50709: Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
Description of the problem:
When evaluating an ACI with 'ip' subject, it adds a PRNetAddr to the subject
property list. When the list is free (acl__done_aclpb) the property is not freed.
Description of the fix:
Add the property to the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP) so that it
the property is freed with acl pblock.
https://pagure.io/389-ds-base/issue/50709
Reviewed by: Mark Reynolds, William Brown, Ludwig Krispenz
- - - - -
a446d97f by thierry bordaz at 2019-12-09T14:39:44+00:00
Merge #50710 `Ticket 50709: Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10`
- - - - -
ec229f7d by Viktor Ashirov at 2019-12-09T16:30:18+01:00
Issue 50758 - Need to enable CLI arg completion
Bug Description:
`activate-global-python-argcomplete` creates a file that belongs to
another package. We shouldn't do that.
Fix Description:
Don't call `activate-global-python-argcomplete` as the completion is
active by default when `python3-argcomplete` is installed on a system.
Relates: https://pagure.io/389-ds-base/issue/50758
Reviewed by: mhonek, mreynolds (Thanks!)
- - - - -
bcf5e9f9 by Viktor Ashirov at 2019-12-10T16:40:32+01:00
Issue 50771 - 1.4.2.5 doesn't compile due to error ModuleNotFoundError: No module named 'pkg_resources.extern'
Bug Description:
Arch Linux ships python-setuptools stripped of vendored packages.
This makes lib389 fail with ModuleNotFoundError on import.
Fix Description:
Use a fallback to `packaging` module.
Fixes: https://pagure.io/389-ds-base/issue/50771
Relates: https://pagure.io/389-ds-base/issue/50712
Reviewed by: mhonek (Thanks!)
- - - - -
71cf23ca by Viktor Ashirov at 2019-12-10T16:44:23+01:00
Issue 50774 - Account.enroll_certificate() should not check for DS version
Bug Description:
`Account.enroll_certificate()` assumes that `userCertificate` can be added
only to `nsAccount` and does a check for DS version where this objectClass
was introduced.
But `userCertificate` is a valid attribute for `inetOrgPerson` objectClass
too. And `enroll_certificate()` can be used with this objectClass.
Fix Description:
Instead of relying on a DS version we should trust the server to add or
reject an invalid attribute.
Fixes: https://pagure.io/389-ds-base/issue/50774
Reviewed by: mhonek (Thanks!)
- - - - -
80e0ce24 by Viktor Ashirov at 2019-12-11T16:02:30+01:00
Issue 50499 - Fix npm audit issues
Description:
Updated npm packages and their dependencies:
* compression-webpack-plugin ^3.0.1
* copy-webpack-plugin ^5.1.0
* webpack ^4.41.2
Relates: https://pagure.io/389-ds-base/issue/50499
- - - - -
61bba3a6 by Sylvie Gouverneyre at 2019-12-12T09:59:30+00:00
Ticket #49761 - Fix CI test suite issues
Problem Description:
tickets/ticket47966_test.py is FAIL in CI nightly runs
Fix Description:
Remove tickets/ticket47966_test.py as it has already been ported to vlv/regression_test.py::test_bulk_import_when_the_backend_with_vlv_was_recreated
Add a blank line in test header to avoid potential problem when parsing
Relates: https://pagure.io/389-ds-base/issue/49761
Author: sgouvern
Review by: tbordaz, mhonek
- - - - -
1ff88d6e by Mark Reynolds at 2019-12-16T10:50:54-05:00
Set branch version to 1.4.3.0
- - - - -
912b3549 by Mark Reynolds at 2019-12-16T12:34:07-05:00
Issue 50779 - lib389 - conflict compare fails for DN's with spaces
Description: When processing the attribute nsds5ReplConflict we were
splitting the value into its 3 components:
namingConflict (ADD) ENTRY_DN
But we split the "spaced out" values one too many times,
and that broke the entry DN if the DN contained any
spaces.
relates: https://pagure.io/389-ds-base/issue/50779
Reviewed by: mreynolds (one line commit rule)
- - - - -
9327a332 by William Brown at 2019-12-17T09:40:21+10:00
Ticket 50727 - correct mistaken options in filter validation patch
Bug Description: Because William of the past missed (forgot) to make
some agreed upon changes, we shipped the feature for filter validation
in a state that was a bit unclear for users.
Fix Description: Fix the options to now be clearer in what is
expected/demaned from admins. We now have 4 possible states for
the value of the config:
* reject-invalid (prev on)
* process-safe (prev warn)
* warn-invalid (new!)
* off (prev off)
These behave as:
* reject-invalid - reject queries that contain unknown attributes
* process-safe - log a notes=F that an attr is missing, and idl_alloc(0)
the missing attribute for RFC4511 compliance.
* warn-invalid - log a notes=F that an attr is missing, and process
as ALLIDS (the legacy behaviour)
* off - process as ALLIDs (the legacy behaviour)
The default is "process-safe".
https://pagure.io/389-ds-base/issue/50727
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, lkrispen (thanks)
- - - - -
7ffb2eb1 by Mark Reynolds at 2019-12-17T09:41:32-05:00
Issue 50780 - Fix UI issues
Description: Fixed issue with replication conflict entry modal, and
problem with the monitor's replication and suffix
state data collision that caused a crash if you first
looked at replication and then the suffix monitor
relates: https://pagure.io/389-ds-base/issue/50780
Reviewed by: spichugi(Thanks!)
- - - - -
b74780e4 by William Brown at 2019-12-20T12:21:40+10:30
Ticket 50649 - lib389 without defaults.inf
Bug Description: In deploying 389-ds-portal to a container, I notice that lib389
would fail with "unable to locate defaults.inf".
This means we need some way to "proceed" sanely when we can't find defaults.inf.
Fix Description: Re-arrange some parts of the init functions to make subobjects
init later, and have paths able to access versions online instead. This also
flags in paths if we are local or remote.
https://pagure.io/389-ds-base/issue/50649
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
3022f467 by Mark Reynolds at 2019-12-20T22:24:20+00:00
Issue 50780 - More CLI fixes
Description: Harden the get RUV/agmtMaxCSN in case DB is missing
the ruv/tombstone entry
relates: https://pagure.io/389-ds-base/issue/50780
Reviewed by: ?
- - - - -
b133a741 by William Brown at 2019-12-30T14:33:54+11:00
Ticket 50667 - dsctl -l did not respect PREFIX
Bug Description: dsctl list was not coded to allow
using the paths module.
Fix Description: Change to the paths module to allow
better and consistent CLI handling.
https://pagure.io/389-ds-base/issue/50667
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, spichugi (thanks)
- - - - -
7cb0a1fa by Anuj Borah at 2020-01-06T19:12:00+05:30
Issue: 48055 - CI test - automember_plugin(part2)
Bug Description: CI test - automember_plugin(part2)
Relates: https://pagure.io/389-ds-base/issue/48055
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
83503157 by Simon Pichugin at 2020-01-07T09:27:25+01:00
Issue 50754 - Add Restore Change Log option to CLI
Description: dsconf can export the changelog
but there is no feature to import a changelog dump.
Add the feature.
Fix replication CLI parsers.
Add 'copy_with_permissions' function to lib389.utils.
usage: dsconf instance replication restore-changelog [-h] {from-ldif,from-changelogdir}
positional arguments:
{from-ldif,from-changelogdir}
Replication Configuration
from-ldif Restore a single LDIF file.
from-changelogdir Restore LDIF files from changelogdir.
https://pagure.io/389-ds-base/issue/50754
Reviewed by: mreynolds (Thanks!)
- - - - -
49ccb4d5 by Sylvie Gouverneyre at 2020-01-07T14:26:31+00:00
Issue 49761 - Fix CI test suite issues
Problem Description:
Random failures in test suites/plugins/rootdn_plugin_test.py.
It may occur on slow machines that configuration changes take more or less time to be effective.
The current static timer in the tests does not always plays its role, being difficult to set it to a reasonable and efficient value.
Fix Description:
In all possibly impacted tests, replace time.sleep() by a polling waiting for the configuration changes to be effective before attempting a bind
Fix the get_allow_ip() and get_deny_ip() methods so that they return multiple values, rootdn-deny-ip and rootdn-allow-ip attributes being multi-valued
Relates: https://pagure.io/389-ds-base/issue/49761
Author: sgouvern
Review by: spichugi
- - - - -
b8a922ec by Barbora Smejkalova at 2020-01-13T13:23:09+01:00
Issue 49761 - Fix CI test suite issues
Description:
Fixing failing ticket48755_test.py, so it would pass nightly tests.
Also moved the test from tickets to suites/replication/regressions_test.py
This code is NOT IN MERGEABLE state.
The test passes on Fedora, RHEL7 and RHEL8
but I could use an advice with how to replace "search_s"
so the test wouldn't use deprecated features, please.
Relates: https://pagure.io/389-ds-base/issue/48755
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: vashirov (Thanks!)
- - - - -
50c49693 by Anuj Borah at 2020-01-13T18:47:26+05:30
Issue: 50690 - Port Password Storage test cases from TET to python3 part 1
Bug Description: Port Password Storage test cases from TET to python3 part 1
Relates: https://pagure.io/389-ds-base/issue/50690
Author: aborah
Reviewed by: William Brown, Viktor Ashirov
- - - - -
caca64e7 by Mark Reynolds at 2020-01-13T09:34:49-05:00
Issue 50806 - Fix minor issues in lib389 health checks
Description: For permissions checks, add a list of permissions
that is acceptable instead of single value.
For RI plugin attribute indexing checks, we now check
if a container scope is specified. If it is set, we
skip all the other backends that are not in the scope.
This prevents false positives.
relates: https://pagure.io/389-ds-base/issue/50806
Reviewed by: mhonek(Thanks!)
- - - - -
3054205d by Simon Pichugin at 2020-01-13T19:49:20+01:00
Issue 50545 - Add the new replication monitor functionality to UI
Description: As we ported repl-monitor.pl to dscon CLI
we should add the functionality to WebUI.
It is important to keep in mind that we shouldn't expose
user's password so the interactive option should be carried out.
Improve replication monitor CLI JSON output consistency.
Add Full Replication report functionality with ability of
continuous refresh.
https://pagure.io/389-ds-base/issue/50545
Reviewed by: mreynolds (Thanks!)
- - - - -
c39c7bbc by William Brown at 2020-01-13T19:48:06+00:00
Ticket 50798 - incorrect bytes in format string
Bug Description: We did not use ensure_bytes on a command output in
format strings. Python 3 subprocess returens bytes, but format string
expects utf8
Fix Description: Wrap the values in the correct safety wrappers.
https://pagure.io/389-ds-base/issue/50798
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, mhonek (Thanks)
- - - - -
a08202a5 by Mark Reynolds at 2020-01-13T15:06:25-05:00
Bump version to 1.4.3.1
- - - - -
828aad07 by Mark Reynolds at 2020-01-13T17:17:40-05:00
Issue 50798 - incorrect bytes in format string(fix import issue)
Description: The previous commit did not import ensure_list_str() from
utils.py
relates: https://pagure.io/389-ds-base/issue/50798
Reviewed by: mreynolds (one line commit rule)
- - - - -
cb259593 by Mark Reynolds at 2020-01-13T19:25:38-05:00
Issue 50816 - dsconf allows the root password to be set to nothing
Bug Description: dsconf allows you to set the root DN password to nothing/
Fix Description: Do not allow the root DN password to be set to nothing
relates: https://pagure.io/389-ds-base/issue/50816
Reviewed by: firstyear(Thanks!)
- - - - -
74557dbe by Mark Reynolds at 2020-01-14T08:41:10-05:00
Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/
Description: dscontainer is not a user-runnable executable. Per packaging
guidelines it should be placed under /usr/libexec/dirsrv/
relates: https://pagure.io/389-ds-base/issue/50812
Reviewed by: firstyear & mhonek (Thanks!!)
- - - - -
fa1f69a1 by Mark Reynolds at 2020-01-14T09:59:51-05:00
Issue 50599 - Remove db region files prior to db recovery
Bug Description: If the server crashes then the region files can become
corrupted and this prevents the server from starting.
Fix Description: If we encounter a disorderly shutdown, then remove
the region files so there is a clean slate to start
with.
Also cleaned up function typo: slapi_disordely_shutdown
relates: https://pagure.io/389-ds-base/issue/50599
Reviewed by: firstyear & lkrispen (Thanks!!)
- - - - -
4f9aafca by Matus Honek at 2020-01-16T13:00:49+00:00
Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined"
Bug Description:
Missing import since commit c39c7bb.
Fix Description:
Add the import.
Fixes https://pagure.io/389-ds-base/issue/50824
Author: Matus Honek <mhonek at redhat.com>
Review by: Mark (thanks!)
- - - - -
2a678488 by Mark Reynolds at 2020-01-16T15:28:58-05:00
Issue 50818 - dsconf pwdpolicy get error
Description: When trying to retrieve a global or local policy we now see:
policyError: 'PwPolicyManager' object has no attribute 'get_attr_list'
Someone removed the function get_attr_list() along the way.
Added the same logic back, and improved it to only report attributes
that are set.
relates: https://pagure.io/389-ds-base/issue/50818
Reviewed by: spichugi(Thanks!)
- - - - -
e034c291 by Mark Reynolds at 2020-01-16T19:41:55-05:00
Issue 49395 - Set the default TLS version min to TLS1.2
Description: On fedora the NSS default minimum is still TLS1.0,
we need to force the default min to be TLS1.2 unless
explicity set using sslVersionMin in cn=encryption,cn=config
entry.
This is also to comply with our healthcheck tool that
complains about TLS1.0 min setting.
relates: https://pagure.io/389-ds-base/issue/49395
Reviewed by: firstyear (Thanks!)
- - - - -
cf849cc3 by Mark Reynolds at 2020-01-17T15:46:41+00:00
Issue 50599 - Fix memory leak when removing db region files
Description: An unnecessary flag was set in glob() that was resulting
in a memory leak in the DS code. Removing this flag
eliminated the leak.
relates: https://pagure.io/389-ds-base/issue/50599
Reviewed by:
- - - - -
938fb347 by William Brown at 2020-01-20T00:39:06+00:00
Ticket 50784 - performance testing scripts
Bug Description: Everyone loves things to be fast, so to understand how to
achieve that we need metrics and observability into the server to know
what to change.
Fix Description: This adds some python based test runnenrs able to
setup and trigger ldclt against remote hosts.
For those remove hosts, this adds support for them to have systemtap
probes activated (--enable-systemtap), which can then be hooked by the
scripts in profiling/stap/ to get histograms of function latency and
timing.
This also adds the needed debug info to use mutrace (http://0pointer.de/blog/projects/mutrace.html)
to identify lock contention
https://pagure.io/389-ds-base/issue/50784
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, mreynolds (Thanks!)
- - - - -
058f4da2 by Thierry Bordaz at 2020-01-20T14:56:50+01:00
Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10
Description of the problem:
Original fix was incorrect as it set again in pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP)
the same structure. As old structure is freed during the slapi_pblock_set,
pblock refers to a freed structure.
Later an other threads using the same aclpb contain will use it after free
(see https://pagure.io/389-ds-base/issue/50709#comment-621129)
Description of the fix:
Only sets in pblock a newly allocated structure
https://pagure.io/389-ds-base/issue/50709
Reviewed by: Mark Reynolds (Thanks !)
- - - - -
bb3ac591 by Mark Reynolds at 2020-01-20T09:36:16-05:00
Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free
Description: When Disk Monitoring finds that disk space is too low it starts
freeing up disk space by removing rotated logs. However the log
list struct was not properly reset after freeing all the files
in the list. This is what allowed the heap-use-after-free to
occur.
relates: https://pagure.io/389-ds-base/issue/50829
Reviewed by: firstyear(Thanks!)
- - - - -
d24352c9 by Mark Reynolds at 2020-01-20T13:16:36-05:00
Issue 50834 - Incorrectly setting the NSS default SSL version max
Description: We've been using the wrong function to get the NSS max
version We were calling SSL_VersionRangeGetSupported()
which gets the versions NSS "can" handle, but
SSL_VersionRangeGetDefault() gets the versions that
are actually "enabled".
relates: https://pagure.io/389-ds-base/issue/50834
Reviewed by: mreynolds(one line commit rule)
- - - - -
76571de5 by Viktor Ashirov at 2020-01-21T22:20:39+01:00
Issue 50627 - Add ASAN logs to HTML report
Bug Description:
ASAN log files were rotated even when HTML report was not used.
Fix Description:
Rotate the ASAN log files only when pytest-html plugin is installed
and a path to the HTML report is provided.
Relates: https://pagure.io/389-ds-base/issue/50627
Reviewed by: mreynolds (Thanks!)
- - - - -
fb78e16b by William Brown at 2020-01-22T10:34:04+10:00
Ticket 50790 - Add result text when filter is invalid
Bug Description: As a result of the change in 50727
we need to communicate to users/admins when queries they issue
may be incomplete due to rfc compliance of filter processing.
Fix Description: When we use idl_alloc(0) on attributes, we set
a result text (if none already set) warning that the result set
may be incomplete.
https://pagure.io/389-ds-base/issue/50790
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
126bfa07 by Simon Pichugin at 2020-01-22T17:47:26+01:00
Issue 50842 - Decrease 389-console Cockpit component size
Description: Our Web UI source files are too big and
we should make it compact for the production.
Compress and decrease the size of the files that are generated by webpack..
Fix rpm.mk so it delivers RPMs only with production-ready result files
(we can skip js.map because it is used only for development)
Also, fix minor audit-ci issues.
https://pagure.io/389-ds-base/issue/50842
Reviewed by: mreynolds (Thanks!)
- - - - -
2ebdd308 by Simon Pichugin at 2020-01-22T22:15:10+01:00
Issue 50836 - Port Schema UI tab to React
Description: Port the schema UI tab to React and preserve all
existing features.
https://pagure.io/389-ds-base/issue/50836
Reviewed by: mreynolds (Thank you!!)
- - - - -
469bc4cb by Ludwig Krispenz at 2020-01-23T15:59:04+01:00
Ticket 50741-cont bdb_start - Detected Disorderly Shutdown
Bug: Offline import does no longer write guardian file, next
normal start will raise a Disorderly Shutdown
Fix: The bug was introduced with the fix for #50659 when dblayer_close() was
removed from import_moain_offline becasue it was called twice in some
scenarios. But it did miss in ldif2db. Add it there.
Also correct function reference in error messages
Reviewed by: Thierry, thanks
- - - - -
3c38d333 by Mark Reynolds at 2020-01-23T12:33:39-05:00
Issue 49254 - Fix compiler failures and warnings
Description: Fix issues with new gcc compiler flag "-fno-common",
and clean up doxygen warnings around libsds
relates: https://pagure.io/389-ds-base/issue/49254
Reviewed by: mhonek, spichugi, and tbordaz (Thanks!!!)
- - - - -
fda93494 by Mark Reynolds at 2020-01-23T15:09:40-05:00
Bump version to 1.4.3.2
- - - - -
38fe7680 by William Brown at 2020-01-23T23:28:17+00:00
Ticket 48707 - ldapssotoken for authentication
Bug Description: This implements LDAP ssotokens, a simple
but cryptographically strong method of providing "cookies" to clients
on request so that they can re-bind to a session at a later time. This
is required for the web portal so that the portal may remain "isolated"
without a strict security audit as the 389-ds server provides all
security features.
Fix Description: This adds the features for cookies with time limits up
to one day to be generated from a rust library. These can be "revoked"
globally by regeneration of the fernet key. Multiple DS servers can
accept the tokens if they all have the same key configured. The TTL
is adjustable based on site preferences. Additionally, sites that do
not compile rust features will not have the feature enabled.
https://pagure.io/389-ds-base/issue/48707
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds
- - - - -
54b941de by Mark Reynolds at 2020-01-24T09:08:14-05:00
Issue 49990 - Need to enforce a hard maximum limit for file descriptors
Description: on some platforms the maximum FD limit is high it can cause
a OOM at server startup. So we need to add a hard maximum
limit.
relates: https://pagure.io/389-ds-base/issue/49990
Reviewed by: firstyear & tbordaz (Thanks!!)
- - - - -
1004e5c1 by Mark Reynolds at 2020-01-24T10:56:35-05:00
Issue 50850 - Fix dsctl healthcheck for python36
Description: dsctl health check, specifically the certificate expiring
checks, were using python37 specific functions, but these
do not work on python36. Needed to replace fromisoformat()
with something more portable.
relates: https://pagure.io/389-ds-base/issue/50850
Reviewed by: firstyear(Thanks!)
- - - - -
9b779ed8 by Mark Reynolds at 2020-01-24T11:33:21-05:00
Issue 50853 - Fix NULL pointer deref in config setting
Description: Need to check if the config init function is defined for
the attribute before blindly calling it. This fixes a
regression from issue 48707.
relates: https://pagure.io/389-ds-base/issue/50853
Reviewed by: tbordaz & mhonek (Thanks!)
- - - - -
a3beee45 by Viktor Ashirov at 2020-01-27T11:26:16+01:00
Issue 49761 - Fix CI test suite issues
Description:
Fix plugins acceptace test suite by adding a test attribute to the schema
since the schema filter check can return invalid search results.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mhonek (Thanks!)
- - - - -
473d6163 by Thierry Bordaz at 2020-01-27T16:34:29+01:00
Ticket 50857 - Memory leak in ACI using IP subject
Bug Description:
When a ACI is evaluated (LASIpEval) a context (cookie) is allocated.
At the end of the connection, the context is freed
via a callback (LASIpFlush).
The context contains two LASIpTree_t tree (ipv4 and ipv6)
In free callback, only ipv4 tree is freed
Fix Description:
Free ipv6 tree in LASIpTree
https://pagure.io/389-ds-base/issue/50857
Reviewed by: Mark Reynolds
Platforms tested: F31
Flag Day: no
Doc impact: no
- - - - -
7120ecb3 by William Brown at 2020-01-28T12:58:06+10:00
Ticket 50694 - import PEM certs on startup
Bug Description: To make container setup easier, given TLS
material in defined locations we should convert these into
a functional nssdb
Fix Description: Provided that we have:
* /data/config/pwdfile.txt
* /data/tls/server.key
* /data/tls/server.crt
* /data/tls/ca/*.crt
There are imported into the nssdb as such:
/data/tls/ca/ca.crt C,,
Server-Cert u,u,u
This works on restarts, changes of keys, etc. IE to replace these,
just change out the pem files, and restart, and we "do the right
thing". Importantly, this will allow a much easier deployment of
containerised 389-ds with let's encrypt!
https://pagure.io/389-ds-base/issue/50694
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, mhonek (thanks)
- - - - -
c70d2ff1 by William Brown at 2020-01-28T13:04:09+10:00
Ticket 50831 add cargo.lock to allow offline builds
Bug Description: We need cargo.lock to be distributed to allow offline
builds of the application
Fix Description: In offline builds without cargo.lock present, the build
fails as the versions are checked.
https://pagure.io/389-ds-base/issue/50831
Author: William Brown <william at blackhats.net.au>
Review by: mhonek
- - - - -
8a3cea67 by Matus Honek at 2020-01-28T03:06:32+00:00
Issue 50737 - Allow building with rust online without vendoring
Bug Description:
Building --rust-enable without --rust-enable-offline still requires
predownloading the libraries.
Fix Description:
Setup .cargo/config on ./configure time allowing to subsequently do make
that would in a case automatically download necessary libraries (in
online mode).
Fixes https://pagure.io/389-ds-base/issue/50737
Author: Matus Honek <mhonek at redhat.com>
Review by: ???
- - - - -
d8a35290 by Matus Honek at 2020-01-30T12:14:19+00:00
Issue 50867 - Fix minor buildsys issues
Description:
Gitignore fixes:
- Add svrcore.pc along other .pc files.
- Since 5b1c8e7 bin utils are not created with -bin suffix.
RPM:
- Comments are not allowed on macro's line; move below.
- Remove some ancient Obsoletes and Conflicts.
Fixes: https://pagure.io/389-ds-base/issue/50867
Author: Matus Honek <mhonek at redhat.com>
Review by: Mark, William (thanks!)
- - - - -
711b9de1 by Ludwig Krispenz at 2020-01-30T13:32:05+01:00
Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache
Bug: If there are deadlocks a transaction will be retried. In the case
of modrdn operation there is an error in handling the newsuperior
dn, which has to be reset when the txn is repeated.
There is also an error in freeing the entry stored in the pblock which can
lead to a double free
There is also a memory leak for ec entries
Fix: check if the newsuperior in the pblock was changed before the retry and
only then free and reset it.
check and protect pblock entry from double free
remove ec entry from cache
fix the txn_test_thread to run
There is also a message at shutdown that entries remain in the entry cache
although no leaks are reported and a hash dump didn't show entries.
Change log level to avoid confusion
Reviewed by: Thierry, William, Viktor - Thanks
- - - - -
52930da0 by Matus Honek at 2020-01-30T12:49:52+00:00
Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name
Bug Description:
DirSrv.list drops all occurrences of 'slapd-' within a serverid
rendering names containing it damaged.
Fix Description:
Remove only the first occurrence of 'slapd-' in the serverid, which is
the prefix that is expected to be removed.
Fixes https://pagure.io/389-ds-base/issue/50823
Author: Matus Honek <mhonek at redhat.com>
Review by: Mark, William (thanks!)
- - - - -
5afacd39 by William Brown at 2020-01-31T02:09:45+00:00
Ticket 50859 - support running only with ldaps socket
Bug Description: As plaintext protocols have shown they are
unable to be effectively secured, we should have the choice to
be able to run the server only as LDAPS for high assurance
environments.
Fix Description: Add a test to assert we can move to ldaps only
and back to ldap/ldaps. Add a command to help make this easier for
admins to find and discover.
https://pagure.io/389-ds-base/issue/50859
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
493a6644 by William Brown at 2020-02-03T00:47:11+00:00
Ticket 50787 - fix implementation of attr unique
Bug Description: The implementation of attribute unique relies
on a "plugin per config" which is different to most other
handlings. This creates an exception case to the standard
plugin framework in lib389 that was not correctly handled
in the CLI.
Fix Description: Fix the cli to have the correct customised
variants of the commands to support this plugin's behaviour.
> dsconf localhost plugin attr-uniq status uid-test
Plugin 'uid-test' is disabled
> dsconf localhost plugin attr-uniq enable uid-test
Successfully enabled the cn=uid-test,cn=plugins,cn=config
> dsconf localhost plugin attr-uniq enable uid-test
Plugin 'uid-test' already enabled
> dsconf localhost plugin attr-uniq status uid-test
Plugin 'uid-test' is enabled
> dsconf localhost plugin attr-uniq disable uid-test
Successfully disabled the cn=uid-test,cn=plugins,cn=config
> dsconf localhost plugin attr-uniq disable uid-test
Plugin 'uid-test' already disabled
https://pagure.io/389-ds-base/issue/50787
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
0362fa3f by Akshay Adhikari at 2020-02-05T17:06:03+05:30
Issue 50117 - Add a new CI test case
Bug Description: After certain failed import operation, impossible to replay an import operation.
Fix Description: Added a test case to Check after certain failed import operation, is it
possible to replay an import operation.
Relates: https://pagure.io/389-ds-base/issue/50117
Review by: mhonek,tbordaz
- - - - -
26d75994 by Akshay Adhikari at 2020-02-05T17:06:03+05:30
Issue 49946 - Add a new CI test case
Bug Description: Upgrade of 389-ds-base could remove replication agreements.
Fix Description: Added a test case to check if agreement starts with "cn=->..." then
after upgrade does it get removed.
Relates: https://pagure.io/389-ds-base/issue/49946
Review by: mhonek
- - - - -
c6ad8481 by Akshay Adhikari at 2020-02-05T17:06:03+05:30
Issue 50028 - Add a new CI test case
Bug Description: There was a request for having -y option for ds-replcheck.
Fix Description: Added a test to Check ds-replcheck works if password file is provided
with -y option.
Relates: https://pagure.io/389-ds-base/issue/50028
Review by: mhonek
- - - - -
fcd6b2e1 by Mark Reynolds at 2020-02-05T09:26:43-05:00
Issue 50873 - Fix issues with healthcheck tool
Description:
- Wrong error code reported with result for backend check
- Disk Space Monitor check crashes because it is missing "import copy"
- On a non-LDAPI instance "dsctl healthcheck" does not prompt for bind dn, only for password.
relates: https://pagure.io/389-ds-base/issue/50873
Reviewed by: firstyear(Thanks!)
- - - - -
c6976c18 by Mark Reynolds at 2020-02-05T09:48:15-05:00
Issue 50873 - Fix healthcheck and virtual attr check
Description: Used the wrong DN to lookup COS definitions
relates: https://pagure.io/389-ds-base/issue/50873
Reviewed by: mreynolds (one line commit rule)
- - - - -
d8988cc3 by Mark Reynolds at 2020-02-06T14:38:04-05:00
Issue 50886 - Typo in the replication debug message
Description: Fix typo in replication logging message
relates: https://pagure.io/389-ds-base/issue/50886
Reviewed by: mreynolds (one line commit rule)
- - - - -
827c97d9 by Mark Reynolds at 2020-02-07T14:23:50-05:00
Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled
Bug Description: The config and FSChecks fail when TLS is not setup
Fix Description: Properly check for conditions when TLS is not enabled,
and ignore errors if TLS related files are not present
during the FS permissions check.
relates: https://pagure.io/389-ds-base/issue/50882
Reviewed by: firstyear(thanks!)
- - - - -
036c2d0b by Timo Aaltonen at 2020-02-10T15:08:53+02:00
Merge branch 'upstream'
- - - - -
1438a013 by Timo Aaltonen at 2020-02-10T15:09:29+02:00
bump the version
- - - - -
02d23f06 by Ludwig Krispenz at 2020-02-11T17:47:37+01:00
Ticket - 49623-cont cenotaph errors on modrdn operations
Bug: In modrdn operations a cenotaph entries are created to track the time when
an entry had existed. But in cases where rentries were renamed in cycles
reusing the dns again and again this failed with an error: "faild to add cenotaph"
Fix: Previous versions of cenotaphs with the same dn are not used (or maybe in very unlikely
scenarios) so there is no need to change the dn construction to be able to keep all
versions of the same cenotaph. Instead, if the creation of the cenotaph fails because
it already exists, the existin cenotaph is moodified with the lifespan data of the
cenotaph that was tried to add.
Reviewed by: Thierry, thanks
- - - - -
5878a311 by Anuj Borah at 2020-02-12T14:49:00+05:30
Issue: 50686 - Port fractional replication test cases from TET to python3 part 1
Bug Description: Port fractional replication test cases from TET to python3 part 1
Relates: https://pagure.io/389-ds-base/issue/50686
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
e4391203 by Timo Aaltonen at 2020-02-12T18:31:16+02:00
install: Updated.
- - - - -
b4f4634a by Timo Aaltonen at 2020-02-12T19:37:34+02:00
control: Use debhelper-compat.
- - - - -
bbe0b1f8 by Timo Aaltonen at 2020-02-12T19:39:30+02:00
releasing package 389-ds-base version 1.4.3.2-1
- - - - -
e6fc427c by Mark Reynolds at 2020-02-12T20:19:58-05:00
Issue 49845 - README does not contain complete information on building
Description: Update READNME.md with clearer instructions and requirements
for building the server. Also added a check for libasan
to configure.am.
relates: https://pagure.io/389-ds-base/issue/49845
Reviewed by: firstyear(Thanks!)
- - - - -
c6198c53 by Mark Reynolds at 2020-02-13T10:47:43-05:00
Issue 50855 - UI: Port Server Tab to React
Description: Ported the server tab to reactJS. Also made other changes:
- Moved Password policy to the database tab tree.
- Moved the Security Tab to the Server Tab tree.
- Fixed all the typeAhead errors
- Removed unused CSS classes
relates: https://pagure.io/389-ds-base/issue/50855
Reviewed by: spichugi(Thanks!)
- - - - -
605db5be by Mark Reynolds at 2020-02-13T11:47:04-05:00
Issue 50855 - remove unused file from UI
Description: Remove pwpolicy,jsx as it was accidentally added to the last commit
- - - - -
776c6edf by Mark Reynolds at 2020-02-13T14:58:44-05:00
Bump version to 1.4.3.3
- - - - -
2f8fbe26 by Thierry Bordaz at 2020-02-14T15:44:38+01:00
Ticket 50898 - ldclt core dumped when run with -e genldif option
Bug Description:
ldctl can generate ldif file. If the template file or option
-e <objectclass> (person/InetOrgPerson/emailPerson) is missing,
then the attribute value is not set.
When dereferencing attribute.mod_values it crashes
Fix Description:
Test that attribute.mod_values is set. If it is not (tha
means the objectclass value was not provided) and return an error
https://pagure.io/389-ds-base/issue/50898
Reviewed by: ?
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
1671dc03 by William Brown at 2020-02-19T09:06:04+10:00
Ticket 50900 - Fix cargo offline build
Bug Description: The cargo offline build was broken due to a missing
+ on the CPP flags to nsslapd, and because of a "space" between a
variable and the value in configure.ac.
Fix Description: Add the plus, remove the space.
https://pagure.io/389-ds-base/pull-request/50900
Author: William Brown <william at blackhats.net.au>
Review by: mhonek (Thanks!)
- - - - -
0e6a04af by William Brown at 2020-02-19T09:08:05+10:00
Ticket 50618 - support cgroupv2
Bug Description: fedora 31 changes to cgroup v2 and I expect suse
to do the same soon. We should support this natively as part of
the memory limit detection.
Fix Description: Add support for cgroup v2
https://pagure.io/389-ds-base/issue/50618
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
d98699a0 by William Brown at 2020-02-19T09:14:11+10:00
Ticket 50786 - connection table freelist
Bug Description: The connection table previously to find an available
slot would iterate over the table attempting to find a free connection.
Under high congestion this yields poor performance as we may need to walk
O(n) slots to find the "one free", and the algorithm allowed the table to
be walked twice, making it potentially a O(2n) worst case. To make this
worse, the walking attempted to "trylock" - better than before (which
really locked!), but the trylock still issues atomics that are costly.
Fix Description: Implement a freelist - at start up all connections are
free, and as they are allocated they are removed from the list. As they
are disconnected they are re-added. This makes the lookup of a connection
O(1), removes spurious atomic and locking behaviour, and helps to minimise
time under the conntable lock. In some test cases this is shown to
improve server throughput by at minimum 6%
https://pagure.io/389-ds-base/issue/50786
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, lkrispen
- - - - -
8b82fbd7 by Anuj Borah at 2020-02-19T14:03:57+05:30
Issue:50860 - Port Password Policy test cases from TET to python3 series of bugs
Bug Description: Port Password Policy test cases from TET to python3 series of bugs
Relates: https://pagure.io/389-ds-base/issue/50690
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
b7255ce8 by Anuj Borah at 2020-02-19T14:18:35+05:30
Issue:50860 - Port Password Policy test cases from TET to python3 bug624080
Bug Description: Port Password Policy test cases from TET to python3 bug624080
Relates: https://pagure.io/389-ds-base/issue/50690
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
031c0b9d by Matus Honek at 2020-02-19T13:47:27+01:00
Issue 49845 - Remove pkgconfig check for libasan
Bug Description:
A recent commit introduced a pkgconfig check for libasan. However, ASAN
buildtime whereabouts are provided within compiler itself, hence there is no
external libasan.pc file, only dynamic linking to libasan is necessary.
Fix Description:
Remove the superfluous check from configure.ac.
Relates https://pagure.io/389-ds-base/issue/49845
Author: Matus Honek <mhonek at redhat.com>
Review by: ???
- - - - -
3963b020 by Anuj Borah at 2020-02-24T15:42:00+05:30
Issue: 50686 - Port fractional replication test cases from TET to python3 final
Bug Description: Port fractional replication test cases from TET to python3 final
Fixes: https://pagure.io/389-ds-base/issue/50686
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
ea4fa549 by Mark Reynolds at 2020-02-25T14:05:03-05:00
Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before
Bug Description: We were not handling the process of changing the replica
type and id correctly. For one, we were not correctly
handling a change to a hub/consumer, but it just happened
to work by accident in most cases. In other caes you
could not change the rid more than once.
Fix Description: Changed the value checking to allow ID changes to 65535
which allowed the type/id pointers to be set correctly.
Then the checking of the type & ID change combination had
to be revised.
Also, removed the option to get just set the RID or type
from dsconf. Only replication promotion/demotion should
be touching these values.
relates: https://pagure.io/389-ds-base/issue/50909
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
60ae321e by Thierry Bordaz at 2020-02-26T10:58:19+01:00
Ticket 50889 - Extract pem files into a private namespace
Bug Description:
since 1.3.5, certificates and keys are, by default, extracted under
nsslapd-certdir directory. They are exracted in pem files.
Some pem files (i.e. Serv-Cert-Key.pem) contain sensitive.
The ticket is to extract them into a private namespace specific
to the DS process.
Fix Description:
If the process is started with systemd, it uses the PrivateTmp=on
directive to create a private namespace.
Then if such private namespace exists DS extracts the certificates/keys
under it. Else it extracts the PEM files under usual nsslapd-certdir directory
https://pagure.io/389-ds-base/issue/50889
Reviewed by: William Brown
Platforms tested: F30
Doc impact: yes
- - - - -
4beba62a by Timo Aaltonen at 2020-02-27T14:15:18+02:00
Merge branch 'upstream'
- - - - -
151e9074 by Timo Aaltonen at 2020-02-27T14:15:40+02:00
New upstream release.
- - - - -
15916104 by Timo Aaltonen at 2020-02-27T14:23:03+02:00
Add debian/gitlab-ci.yaml.
- - - - -
737005dd by Timo Aaltonen at 2020-02-27T14:27:48+02:00
control: Bump policy to 4.5.0.
- - - - -
83228b45 by Timo Aaltonen at 2020-02-27T14:28:17+02:00
control: Use https url for upstream.
- - - - -
82d92518 by Timo Aaltonen at 2020-02-27T14:28:51+02:00
control: Use canonical URL in Vcs-Browser.
- - - - -
e1f7f24c by Timo Aaltonen at 2020-02-27T14:30:13+02:00
copyright: Use spaces rather than tabs to start continuation lines.
- - - - -
7fe89539 by Timo Aaltonen at 2020-02-27T14:32:30+02:00
fix the gitlab-ci filename
- - - - -
70f24384 by Timo Aaltonen at 2020-02-27T15:25:03+02:00
ci: allow blhc to fail
- - - - -
ab03d0f8 by Timo Aaltonen at 2020-02-27T15:25:57+02:00
Add lintian-overrides for the source, cockpit index.js has long lines.
- - - - -
c8096427 by Thierry Bordaz at 2020-02-27T14:34:21+01:00
Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group
Bug Description:
automember plugin adds matching members to a target group. If the target group
does not exist a message is logged but with SLAPI_LOG_PLUGIN level.
Fix Description:
Such situation (target group missing/deleted) is rare. It worths logging
the message, that automember did not add a member, at SLAPI_LOG_INFO
https://pagure.io/389-ds-base/pull-request/50285
Reviewed by: Mark Reynolds
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
7923698d by Mark Reynolds at 2020-02-27T09:16:26-05:00
Issue 50912 - RFE - add password policy attribute pwdReset
Description: Implement the Password Policy attribute "pwdReset"
as described at:
https://tools.ietf.org/html/draft-behera-ldap-password-policy-10
relates: https://pagure.io/389-ds-base/issue/50912
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
75a51aa3 by Mark Reynolds at 2020-02-27T15:01:40-05:00
Issue 50872 - dsconf can't create GSSAPI replication agreements
Description: An error in python syntax broke the check for bind
method vs credentials.
Bug was found and fixed by: quentinmit (Thanks!)
relates: https://pagure.io/389-ds-base/issue/50872
Reviewed by: mreynolds
- - - - -
5fb04713 by Mark Reynolds at 2020-02-28T08:06:17-05:00
Issue 50919 - Backend delete fails using dsconf
Description: Fix typo in parser argument name
relates: https://pagure.io/389-ds-base/issue/50919
Reviewed by: mreynolds(one line commit rule)
- - - - -
d9e02aa6 by Simon Pichugin at 2020-02-29T03:57:45+01:00
Issue 50923 - Add test - dsctl fails to remove instances with dashes in the name
Description: Add a test which checks that an instance with a multiple dashes in
the name can be removed with 'dsctl --remove-all' command
https://pagure.io/389-ds-base/issue/50923
Reviewed by: mreynolds (Thanks!)
- - - - -
245d8949 by Simon Pichugin at 2020-03-01T16:30:25+01:00
Issue 50920 - cl-dump exit code is 0 even if command fails with invalid arguments
Description of problem:
When running the cl-dump.pl script with invalid arguments, the exit code is always 0,
even if an error message is reported.
Fix Description:
Pass the return code to the end of the #main.
Change CI test accordingly.
https://pagure.io/389-ds-base/issue/50920
Reviewed by: vashirov, mreynolds (Thanks!)
- - - - -
c013a028 by Simon Pichugin at 2020-03-02T19:34:21+01:00
Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code
Description: Port the rest of ds.js and index.html code to React.
It includes instance navigation, creation, removal, and other dsctl tasks..
Fix https://pagure.io/389-ds-base/issue/49902
https://pagure.io/389-ds-base/issue/50904
Reviewed by: mreynolds (Thanks!)
- - - - -
ae29367e by Simon Pichugin at 2020-03-04T14:41:58+01:00
Issue 50923 - Fix a test regression
Description: Fix a fixture naming issue.
https://pagure.io/389-ds-base/issue/50923
Reviewed by: spichugi (one line commit rule)
- - - - -
6fd09c43 by Matus Honek at 2020-03-04T17:48:40+00:00
Issue 50758 - Only Recommend bash-completion, not Require
Bug Description:
bash-completion package is only useful for interactive use. E.g. in case of a
container deployment this is unnecessary.
Fix Description:
Change Requires to Recommends, which allows the dnf/yum ran with
install_weak_deps=False to not install this package; however, this option is by
default True, therefore a regular installation will install the package.
Relates https://pagure.io/389-ds-base/issue/50758
Author: Matus Honek <mhonek at redhat.com>
Review by: ???
- - - - -
742922be by Mark Reynolds at 2020-03-04T17:54:23+00:00
Issue 50928 - Unable to create a suffix with countryName
Bug Description: It is not possible to create a suffix using 'c' as
the RDN attribute.
Fix Description: Support 'c' when creating an instance or backend.
Also fixed a few python warnings.
reletes: https://pagure.io/389-ds-base/issue/50928
Reviewed by: ?
- - - - -
b43ec69c by Mark Reynolds at 2020-03-05T09:56:46-05:00
Issue 50926 - Remove dual spinner and other UI fixes
Description: Removed unnecessary spinner when loading the backup table.
Removed duplicate ID's from html
Revised Create Instance modal to be easier to read
Fixed typo in posix winsync fixup task help description
Removed unused CSS styles
Fixed plugin modal alignment issues
Fixed typo in Enable Replication modal
relates: https://pagure.io/389-ds-base/issue/50926
Reviewed by: spichugi(Thanks!)
- - - - -
07a1080c by Mark Reynolds at 2020-03-05T10:03:17-05:00
Issue 50884 - Health check tool DSEldif check fails
Bug Description: dsconf healthcheck was failing depending how the
server id entered. Using "slapd-INSTANCE" vs
"INSTANCE" produced different results.
Fix Description: Normalize the instance name by always stripping
off "slapd-". Also fixes similar issue when ~/.dsrc
is used.
Fixed the RI plugin lint report's inconsistent IDs
Fixed issue how flipend was being called for read-nsstate.
relates: https://pagure.io/389-ds-base/issue/50884
Reviewed by: spichugi & firstyear (Thanks!)
Improve instance name handling robustness
- - - - -
a4340aaa by Thierry Bordaz at 2020-03-05T19:17:32+01:00
Ticket 50889 - fix compiler issues
- - - - -
3abe9228 by William Brown at 2020-03-06T12:24:27+10:00
Ticket 50618 - clean compiler warning and log level
Bug Description: Mark spotted a compiler error that I missed
while working on the cgroupv2 support
Fix Description: Fix the size of the constant to be a size_t
to fix a format warning, and change the loglevel of some messages
to be debug only.
https://pagure.io/389-ds-base/issue/50618
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds
- - - - -
bf8b4af6 by Sylvie Gouverneyre at 2020-03-09T14:32:49+00:00
Issue 49761 - Fix CI test suite issues
Bug Description:
tickets/ticket48229 test had failures in CI nightly runs
Fix Description:
tickets/ticket48226_test.py file moved and renamed to tests/suite/memory_leaks/MMR_double_free_test.py
Use of Valgrind removed, as support for Valgrind is broken in lib389 - Test run only with ASAN build
Replaced depracated _s functions by use of DSLdapObject
Relates https://pagure.io/389-ds-base/issue/49761
Author: sgouvern
Reviewed by: vashirov, spichugi
- - - - -
a66fe152 by Simon Pichugin at 2020-03-09T22:44:53+01:00
Issue 50499 - Fix npm audit issues
Description:
Updated npm packages and their dependencies:
* patternfly-react ^2.39.15
Relates: https://pagure.io/389-ds-base/issue/50499
- - - - -
439cd381 by William Brown at 2020-03-10T23:11:17+00:00
Ticket 50935 - systemd override in lib389 for dscontainer
Bug Description: A change to how with_systemd works has caused dscontainer
to no longer be able to setup instances, as with_systemd always evals to
true from defaults.inf as the marker file isn't written yet - post setup
this works.
Fix Description: To resolve this, a systemd override is required, that
allows the setup to ignore the systemd status as the external tools
"know better" than defaults inf up to that point. Post install, this
works as the marker would be inplace.
https://pagure.io/389-ds-base/issue/50935
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
ad8b9266 by William Brown at 2020-03-10T23:20:56+00:00
Ticket 50945 - givenname alias of gn from openldap
Bug Description: openldap supplies a different givenname
definition in schema.
Fix Description: Add gn as an alias to givenname
https://pagure.io/389-ds-base/issue/50945
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
df52b510 by Anuj Borah at 2020-03-12T18:34:40+05:30
Issue: 50860 - Port Password Policy test cases from TET to python3 pwp.sh
Bug Description: Port Password Policy test cases from TET to python3 pwp.sh
Relates: https://pagure.io/389-ds-base/issue/50690
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
a5e0fef7 by Mark Reynolds at 2020-03-12T10:08:32-04:00
Issue 50937 - Update CLI for new backend split configuration
Description: In preparation for the move to LMDB the global database
configuration has been split into two (or more) entries
under cn=config. This patch changes how the gets/sets
work to make both of these entries appear as one
configuration unit. This is done by dynamically setting
the backend configuration entry dn with what is set in
nsslapd-backend-implement.
relates: https://pagure.io/389-ds-base/issue/50937
Reviewed by: spichugi, tbordaz, and firstyear(Thanks!!!)
Make changes via Simon's suggestions
Add firstyear's assert
- - - - -
c23b785b by Ludwig Krispenz at 2020-03-12T16:58:18+01:00
Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory
Bug: If nsslapd-db-home-directory is set for new instances the database is
placed below this directory, not only the db environment.
Fix: Use the db dir when looking up the instance dir.
Make sure the log dir is below db dir and not home dir.
Make sure dse.ldif is written if upgrade to split config
is done in a non-normal mode, eg import
Make sure the db directory is set to the list of parent
directories for instances
If dblayer is closed only temporarily do not free directory settings
Adjust log level of some error messages
Reviewed by: Mark, thanks
- - - - -
e74fae45 by William Brown at 2020-03-13T03:04:57+00:00
Ticket 50947 - change 00core.ldif objectClasses for openldap migration
Bug Description: Some values from rfc2256 are still present in openldap
despite being deprecated. We need to support these incase someone
has them, and to prevent the openldap_2_389 tool from attempting this
migration.
Fix Description: Add the missing rfc2256 attributes and values.
https://pagure.io/389-ds-base/issue/50947
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
3deb6ad7 by Mark Reynolds at 2020-03-13T19:36:17-04:00
Issue 50954 - Port buildnum.pl to python
Description: Replace buildnum.pl with a python version so we can
continue to remove perl dependencies.
relates: https://pagure.io/389-ds-base/issue/50954
Reviewed by: firstyear(Thanks!)
- - - - -
d0c37639 by Mark Reynolds at 2020-03-16T09:47:36-04:00
Issue 50955 - Fix memory leaks in chaining plugin
Bug Description: There are many leaks caused by reinitializing a
chaining backend, and there are other leaks caused
with initialization allocations are not freed in
the plugin's close() function.
Fix Description: Make sure we free pointers before blindly overwriting
them, and make sure we call chaining instance free
function for all chaining backends when stopping
the plugin.
relates: https://pagure.io/389-ds-base/issue/50955
Reviewed by: firstyear(Thanks!)
- - - - -
dae7cc93 by Mark Reynolds at 2020-03-16T10:37:33-04:00
Issue 50954 - Port buildnum.pl to python(part 2)
Description: If the env var SOURCE_DATE_EPOCH is set we need
convert it to an Integer when passing it to gmtime().
relates: https://pagure.io/389-ds-base/issue/50954
Reviewed by: mreynolds(one line commit rule)
- - - - -
3422d657 by Mark Reynolds at 2020-03-16T10:39:50-04:00
Bump version to 1.4.3.4
- - - - -
b32c7455 by Mark Reynolds at 2020-03-16T16:56:12+00:00
Issue 50954 - buildnum.py - fix date formatting issue
Description: Use time.strftime to generate build number
(Thanks Matus for the suggestion)
relates: https://pagure.io/389-ds-base/issue/50954
Reviewed by: mhonek(Thanks!)
- - - - -
ea418700 by Timo Aaltonen at 2020-03-18T00:29:38+02:00
Merge branch 'upstream'
- - - - -
9cb68103 by Timo Aaltonen at 2020-03-18T00:29:58+02:00
bump the version
- - - - -
c6b86a3a by Timo Aaltonen at 2020-03-18T08:47:42+02:00
releasing package 389-ds-base version 1.4.3.4-1
- - - - -
ded67694 by Anuj Borah at 2020-03-18T14:38:43+05:30
Issue: 50860 - Port Password Policy test cases from TET to python3 series of bugs Port final
Bug Description: Port Password Policy test cases from TET to python3 series of bugs final
Relates: https://pagure.io/389-ds-base/issue/50690
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
4cc83693 by Anuj Borah at 2020-03-18T14:37:20+00:00
Issue: 50860 - Port Password Policy test cases from TET to python3 Password grace limit section.
Bug Description: Port Password Policy test cases from TET to python3 Password grace limit section.
Relates/Fixes: https://pagure.io/389-ds-base/issue/50860
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
6fba9a81 by Simon Pichugin at 2020-03-18T21:27:08+01:00
Issue 50963 - We should bundle *.min.js files of Console
Description: Currently, we do not bundle in the tarball the *.min.js
files which help with deciphering the obfuscated code which is actually
run by the browser. This leads to end-users submitting partially
unreadable JavaScript stack traces.
Please note this won't result in end-users having to download more data
just to use the Console, since these files are downloaded only when needed,
i.e. when Developer's Console is opened.
https://pagure.io/389-ds-base/issue/50963
Reviewed by: mreynolds (Thanks!)
- - - - -
c4befd63 by Mark Reynolds at 2020-03-20T02:48:45+00:00
Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted
Description: The asterick character was missing from the allowed character list.
Also cleaned up the source in the C file.
Thanks @yrro for contributing the original patch!
relates: https://pagure.io/389-ds-base/issue/50800
Reviewed by: firstyear (Thanks!)
- - - - -
d1b746b6 by Simon Pichugin at 2020-03-20T16:09:20+01:00
Issue 50960 - [RFE] Advance options in RHDS Disk Monitoring Framework
Description: Add an attributes to cn=config
nsslapd-disk-monitoring-readonly-on-threshold - it accepts 'on/off'
values and changes the original behavior so when we reach the threshold,
we set the read-only mode (and then we do other actions - like disable
non-critical logging, etc.). When we reach half of the threshold, we start
the graceful shutdown as it was before.
Change the code so the instance doesn't start up if the disk space
is still below half of the threshold.
Add basic tests to disk monitoring test suite.
https://pagure.io/389-ds-base/issue/50960
Reviewed by: firstyear, tbordaz (Thanks a lot!!)
- - - - -
81c50ce8 by Jashank Jeremy at 2020-03-23T17:06:46+11:00
Issue 50971 - Support building on FreeBSD.
Bug Description:
The build on FreeBSD wasn't *quite* working.
Fix Description:
A few surprisingly minor fixes to support building 389ds on FreeBSD:
* slapd: Don't use `O_PATH' if it's not available.
* slapd: Don't invoke `#include' inside a function.
* slapd: Move the `#include' of libgen.h to grab basename(3).
* pwdstorage: Set `_BSD_SOURCE'; and fix up includes for FreeBSD.
* slapd: statvfs(3) doesn't have `f_mntonname', but statfs(2) does.
* libaccess: `LASIpAddPatternIPV6' returns `int'; `NULL' can't be cast.
* buildnum.py: Use `env' to find python3.
* autogen: Use `gsed' (hopefully GNU sed) if it's available.
Relates: https://pagure.io/389-ds-base/issue/50971
Author: Jashank Jeremy (@jashankj)
Review by: William Brown (@firstyear)
- - - - -
983c373c by Sylvie Gouverneyre at 2020-03-23T08:30:27+00:00
Issue 49761 - Fix CI test suite issues
Description:
CI nightly runs are still broken in suites/plugins/rootdn_plugin_test.py in race conditions on bind operations.
Polling implemented to fix that.
Relates: https://pagure.io/389-ds-base/issue/49761
Author: sgouvern
Review by: spichugi
- - - - -
f2901631 by Stanislav Levin at 2020-03-23T17:01:36+03:00
Issue 50972 - Fix cockpit plugin build
Bug Description:
During 389-console build, `npm run build` complains about the wrong
indentations.
Fix Description:
This is just the correction of indentations.
Fixes: https://pagure.io/389-ds-base/issue/50972
Author: Stanislav Levin <slev at altlinux.org>
Review by: mreynolds (Thanks!)
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
6f912c3e by Mark Reynolds at 2020-03-23T11:14:57-04:00
Issue 50974 - UI - wrong title in "Delete Suffix" popup
Description: A copy and paste error existed that mixed a replication
title into the "delete suffix" popup
fixes: https://pagure.io/389-ds-base/issue/50974
Reviewed by: mreynolds(one line commit rule)
- - - - -
4cf9431a by Mark Reynolds at 2020-03-23T13:04:07-04:00
Issue 50966 - UI - Database indexes not using typeAhead correctly
Description: The attribute indexes were using the wrong format for the typeAhead fields
which results in console crashes, and invalid indexes.
relates: https://pagure.io/389-ds-base/issue/50966
Reviewed by: spichugi(Thanks!)
- - - - -
457cab95 by Mark Reynolds at 2020-03-23T13:20:06-04:00
Issue 50955 - Fix memory leaks in chaining plugin(part 2)
Description: Fix compiler warning
relates: https://pagure.io/389-ds-base/issue/50955
Reviewed by: mreynolds(one line commit rule)
- - - - -
f41e1d3f by Simon Pichugin at 2020-03-23T22:33:39+01:00
Issue 50976 - Clean up Web UI source directory from unused files
Description: We ship unused files under src/cockpit/389-console/src.
We should clean them up. It includes: static, fonts, images and
banner.htmp.
Also, fix index.html and webpack.config.js accordingly.
https://pagure.io/389-ds-base/issue/50976
Reviewed by: mreynolds (Thanks!)
- - - - -
aca3ae80 by Matus Honek at 2020-03-24T11:44:15+01:00
Issue 50952- SSCA lacks basicConstraint:CA
Bug Description:
SSCA CA cert lacks basicConstraint:CA and for that reason it may not be
acknowledged as a CA cert by some tools, e.g. in case of system-wide
update-ca-trust tool.
Fix Description:
Add the constraint while generating the cert. And yes, we need to use stdin
since certutil does not provide a silent mode for this option.
Fixes https://pagure.io/389-ds-base/issue/50952
Author: Matus Honek <mhonek at redhat.com>
Review by: Mark, William (thanks!)
- - - - -
534c2cfa by Shogo Matsumoto at 2020-03-24T18:11:26-04:00
-n option of dbverify does not work
Correct a field name in order to pass instance names
specified by -n to backend's dbverify function.
Signed-off-by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
04e0be8f by William Brown at 2020-03-25T10:25:23+10:00
Ticket 50971 - fix BSD_SOURCE
Bug Description: BSD_SOURCE is deprecated for DEFAULT_SOURCE
Fix Description: Use DEFAULT_SOURCE instead.
https://pagure.io/389-ds-base/issue/50971
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
96c8abba by Mark Reynolds at 2020-03-25T18:23:30+00:00
Issue 49731 - set and use db_home_directory by default
Description: New instances will automatically create and use db_home_dir
/dev/shm/dirsrv/slapd-INSTANCE.
relates: https://pagure.io/389-ds-base/issue/49731
Reviewed by: tbordaz & firstyear(Thanks!)
- - - - -
de9f26ac by Mark Reynolds at 2020-03-25T15:10:29-04:00
Issue 49731 - Do not add db_home_dir to template-dse.ldif
Description: The file used by setup-ds.pl for creating the dse.ldif
should not have had the db_home_dir set.
relates: https://pagure.io/389-ds-base/issue/49731
Reviewed by: mreynolds (one line commit rule)
- - - - -
1c06f8c2 by Mark Reynolds at 2020-03-26T10:29:47-04:00
Issue 49437 - Fix memory leak with indirect COS
Bug Description: There are two leaks when dealing with indirect COS. The
first leak is caused by the COS cache entry's objectclass
list not being freed when the entry is removed from the
hash table.
The other leak is caused when we follow an indirect pointer
COS and do not free a tmp value set that goes unused.
Fix description: Free the COS entry objectclass list when removing an entry
from the hash table. When querying a COS attribute and the
returned attribute (out_attr) is NULL, then free the unused
tmp_val ValueSet as it's not consumed by anything.
Fixes: https://pagure.io/389-ds-base/issue/49437
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
6a1d7851 by Mark Reynolds at 2020-03-26T14:56:39-04:00
Issue 50975 - Revise UI branding with new minimized build
Description: We can no longer use the previous method of text replacement
to brand the UI for downstream vs upstream builds. Instead
we can use css files to set the branding, and the specfile
can do a text replacement on the non-miminized css file.
fixes: https://pagure.io/389-ds-base/issue/50975
Reviewed by: firstyear & mhonek (Thanks!!)
- - - - -
335b6de1 by Mark Reynolds at 2020-03-26T16:50:35-04:00
Issue 49731 - dscreate fails in silent mode because of db_home_dir
Description: The silent install was broken because of a missing key "db_home_dir"
so it is now added to the dictionary.
relates: https://pagure.io/389-ds-base/issue/49731
Reviewed by: mreynolds (one line commit rule)
- - - - -
8ecada01 by Simon Pichugin at 2020-03-27T02:00:54+01:00
Issue 50984 - Memory leaks in disk monitoring
Description: Memory leaks are reported by the disk monitoring test suite.
The direct leak is related to char **dirs array which is not freed at all..
Free the array when we clean up or go to shutdown.
Fix disk_monitoring_test.py::test_below_half_of_the_threshold_not_starting_after_shutdown.
It should accept different exception when the instance is not started.
https://pagure.io/389-ds-base/issue/50984
Reviewed by: firstyear (Thanks!)
- - - - -
a171670d by Simon Pichugin at 2020-03-27T11:37:01+01:00
Issue 50984 - Memory leaks in disk monitoring
Description: Reset dirs pointer every time we free it.
The code may be changed in the future so we should make it
more robust.
https://pagure.io/389-ds-base/issue/50984
Reviewed by: spichugi, tbordaz (one line commit rule)
- - - - -
7a6bbc1d by Simon Pichugin at 2020-03-27T15:32:38+01:00
Issue 50337 - Replace exec() with setattr()
Description: _constants.py uses exec() a lot to define module
global variables. That's rather slow and not very elegant.
Get the current module object with sys.modules[__name__] and
then use setattr() instead.
https://pagure.io/389-ds-base/issue/50337
Reviewed by: mreynolds (Thanks!)
- - - - -
0683bcde by William Brown at 2020-03-31T23:12:21+00:00
Ticket 50933 - rfc2307compat.ldif
Bug Description: rfc2307 is the original schema for posix and other related
attributes. rfc2307bis was a draft propsed by a member of the openldap team
that fixed a number of deficiencies in rfc2307. However, rfc2307bis is not
completely forward compatible - replacing them may introduce possible data
errors or other subtle issues.
In the interest of allowing easier openldap to 389 migrations
( https://pagure.io/389-ds-base/issue/50544 ) I propose a rfc2307compat,
which is a forward compatible version combining rfc2307 and rfc2307bis. This
would allow items from both to be considered "valid' without changing the
semantics of either.
Fix Description: This adds rfc2307compat.ldif, which is a forward compatabile
expression of both rfc2307 and rfc2307bis, with the knowledge that 389 ds
does not enforce structural/auxillary rules.
https://pagure.io/389-ds-base/issue/50933
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
862d0445 by Mark Reynolds at 2020-04-01T11:56:32-04:00
Issue 50994 - Fix latest UI bugs found by QE
Description:
This address many bugs, most of whioch is very small fixes:
- [Bug 1816563] Referential integrity scope values are not saved in cockpit
- [Bug 1816599] Initializing database from Ldif is broken in Cockpit
- [Bug 1816708] Removing objectclass does not ask for confirmation
- [Bug 1816712] Removing attribute does not ask for confirmation
- [Bug 1816928] Other tabs become unclickable Or unresponsive if you click on Replication tab under Monitoring tab (WORKED FOR ME)
- [Bug 1816956] Removing an attribute uniqueness does not ask for confirmation
- [Bug 1816958] Run Fixup Task for USN under Plugins tab either Cleanup Suffix Or Cleanup Backend option should be there not the both
- [Bug 1817062] Created attribute uniqueness is not visible after page refresh
- [Bug 1817098] Instance fails to start after creating attribute uniqueness because of a missing attribute
- [Bug 1817396] Various display problems on 'Server Settings'/'Security' Tab
- [Bug 1817415] The 'Security Settings' refresh button does not work
- [Bug 1817526] Cannot change Bind DN name in agreement
- [Bug 1817554] cockpit crashes when creating new sasl mapping
- [Bug 1817580] Reindex button is greyed out in Reindex Suffix
- [Bug 1817585] Changing the SASL mapping priority prevents to create mapping
- [Bug 1817983] Directory Manager Password can only be change when user click on Storage Scheme option
- [Bug 1818016] Directory Manager Password is changing before the change in password storage scheme
- [Bug 1818020] Confirm password field under Server setting's Directory manager tab not doing field check
- [Bug 1818027] Cockpit broken when saving new changelog directory
- [Bug 1818823] Can create replication manager without password and then it can't be deleted
relates: https://pagure.io/389-ds-base/issue/50994
Reviewed by: firstyear & spichugi(Thanks!!)
Updates
- Remove excessive/nested spinner toggling for many of the plugins
- Updated specfile for cockpit-389-ds to require 389-ds-base
- Fixed how attribute uniquness plugins are created and found, and
made it more robust to handle enabled and disabled plugins
- - - - -
fc95cf3a by Mark Reynolds at 2020-04-01T12:01:50-04:00
Bump version to 1.4.3.5
- - - - -
dd266dac by Simon Pichugin at 2020-04-02T15:11:36+02:00
Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value
Bug Description: Adding multiple mechanisms to nsslapd-allowed-sasl-mechanisms ignores all but one of the mechanisms specified.
Fix Description: The issue happens because we use the same memory address
for 'char *' for slapdFrontendConfig->allowed_sasl_mechs and
for slapdFrontendConfig->allowed_sasl_mechs_array.
So when we split the 'char *' into the 'char **' with ' ' delimetr,
allowed_sasl_mechs has only the first element becuase ' ' is set to 0 now.
Define a separate 'char *' for the array.
Add a test for the issue.
https://pagure.io/389-ds-base/issue/50869
Reviewed by: mreynolds, firstyear, tbordaz (Thanks!!)
- - - - -
f31abde7 by Matus Honek at 2020-03-28T06:32:52+00:00
Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given
Bug Description:
Cannot call dsconf ... chaining monitor due to invalid call to get_monitor.
FTR: The other issue reported within, for the ... link-delete has already been
fixed in commit c403a39.
Fix Description:
Use _get_link to get the named link, the same way some other functions in the
file do.
Also, merge and move _format_status to cli_base.
Fixes https://pagure.io/389-ds-base/issue/50640
Author: Matus Honek <mhonek at redhat.com>
Review by: Mark (thanks!)
- - - - -
ca2d54b1 by Timo Aaltonen at 2020-03-30T19:06:36+03:00
fix-pkg-query.diff: Use dpkg-query to check if 389-ds-base is installed, in the cockpit ui.
- - - - -
90f3642c by Viktor Ashirov at 2020-04-03T15:02:42+02:00
Issue 50952 - SSCA lacks basicConstraint:CA
Bug Description:
`capture_output` was introduced in python 3.7 and
on earlier versions this code produces TypeError.
Fix Description:
Make it compatible with python 3.6 by setting `stderr`
and `stdout` to PIPE.
Fixes: https://pagure.io/389-ds-base/issue/50952
Reviewed by: mhonek (Thanks!)
- - - - -
19cc56ec by Thierry Bordaz at 2020-04-03T16:21:02+02:00
Ticket 50905 - intermittent SSL hang with rhds
Bug Description:
On a successfull sasl bind, a new IO layer (sasl_io_enable) is registered on top of
the connection. Then sasl bind sends the successful result. Registration is
done while sasl bind thread holds c_mutex but result is sent while the c_mutex
is released.
If a new operation comes in just after c_mutex was released it is
possible that sasl bind sends the result while the new IO layer is pushed.
IO layers is partially initialized at that time. It can create sigseg or
deadlock or...
Fix Description:
The fix is to protect the send result from IO layer push.
i.e. move send_ldap_result into c_mutex
https://pagure.io/389-ds-base/issue/50905
Reviewed by: Mark Reynolds (Thanks !!)
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
341d6145 by Viktor Ashirov at 2020-04-03T17:15:12+02:00
Issue 50337 - Replace exec() with setattr()
Bug Description:
Instance IDs now include superfluous quotes that break
calling CLI tools from lib389.
Fix Description:
Remove the quotes.
Fixes: https://pagure.io/389-ds-base/issue/50337
Reviewed by: spichugi (Thanks!)
- - - - -
52e28942 by Mark Reynolds at 2020-04-03T11:23:44-04:00
Issue 49731 - Fix additional issues with setting db home directory by default
Description: The db home dir does need to be set in the template-dse.ldif file,
but this required additional changes to perl modules that setup-ds.pl
uses. There are also issues with containers where /dev/shm could
be undersized for the database, so for container installs we will
not set the db-home-dir to tmpfs.
relates: https://pagure.io/389-ds-base/issue/49731
Reviewed by: ?
- - - - -
426e4e08 by Viktor Ashirov at 2020-04-06T14:21:20+02:00
Issue 51005 - AttributeUniqueness plugin's DN parameter should not have a default value
Bug Description:
Currently we have an optional dn parameter with a default value:
def __init__(self, instance, dn="cn=plugins,cn=config"):
This breaks some tests that assume the default base DN for this plugin.
But it can have multiple instances, so we should always specify the DN.
Making this parameter mandatory will ensure this.
Fix Description:
Remove the default DN value and update tests.
Fixes: https://pagure.io/389-ds-base/issue/51005
Reviewed by: mreynolds (Thanks!)
- - - - -
2523f487 by Mark Reynolds at 2020-04-06T08:44:02-04:00
Issue 50545 - Port dbmon.sh to dsconf
Description: dbmon.sh has been ported to dsconf with basically the
same feature set. i You can contiusiouly refresh the
report at a specified interval, you can choose to get
stats one multiple/specific backends, and the option
to display individual index stats. There is now a human
friendly report and a JSON version.
There was also other improvements made to lib389 to take
into account the new bdb split configuration under cn=confg.
Design Doc: https://www.port389.org/docs/389ds/design/dbmon-design.html
Relates: https://pagure.io/389-ds-base/issue/50545
Reviewed by: spichugi & firstyear (Thanks!!)
Cleanup comments about the change needed for #50189
Fix adjustment
- - - - -
c868a418 by Mark Reynolds at 2020-04-06T09:23:54-04:00
Issue 50545 - remove dbmon "incr" option from arg parser
Description: Forgot to remove the "incr" option for dbmon from the argparse list
Relates: https://pagure.io/389-ds-base/issue/50545
Reviewed by: mreynolds (one line commit rule)
- - - - -
a252a6f9 by William Brown at 2020-04-08T09:34:40+10:00
Ticket 51014 - slapi_pal.c possible static buffer overflow
Bug Description: Due to an incorrect use of a buffer size,
static analysis in suse detected a possible overflow in
slapi pal. However, it requires root permissions to exploit
anything, and thus is not a security issues.
Fix Description: Change the buffer we read the cgroup into
to be maxpathlen size.
https://pagure.io/389-ds-base/issue/51014
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
36c593d3 by Simon Pichugin at 2020-04-08T11:56:20+02:00
Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code
Bug Description: Searches on cn=config takes values with spaces and
makes multiple attributes out of them. If we set passwordUserAttributes
to "cn uid givenname", it will transform it in a multi-valued attribute.
Fix Description: Change passwordUserAttributes's and passwordBadWords's type
to CONFIG_STRING (it was CONFIG_CHARRAY). Add an additional parameter
to store the array (and use it in pw.c).
The string and array processing is similar to nsslapd-allowed-sasl-mechanisms.
Add tests for both attributes.
https://pagure.io/389-ds-base/issue/50875
Reviewed by: mreynolds, tbordaz, firstyear (Thanks!)
- - - - -
d7810ffc by William Brown at 2020-04-14T05:44:20+00:00
Ticket 51008 - dbhome in containers
Bug Description: When starting 389 in containers, the shm may be too
small. Mark fixed this in #51007, but it removed the ability to have
the dbhome in a tmpfs/shm.
Fix Description: Move the request for dbhome/container logic into
the dscontainer entry point instead to keep the setup.py simpler,
and make the dbhome in /data/run/dbhome allowing people to use
an shm for dbhome with '--tmpfs /data/run/dbhome:rw' to a docker
run or create command.
https://pagure.io/389-ds-base/issue/51008
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
a11bae32 by Thierry Bordaz at 2020-04-14T13:54:37+02:00
Ticket 50980 - RFE extend usability for slapi_compute_add_search_rewriter and slapi_compute_add_evaluator
Bug Description:
plugin api allows to register filter rewriter callback (slapi_compute_add_search_rewriter)
and computed attribute callback (slapi_compute_add_evaluator)
This requires to write a new plugin to register callbacks.
This RFE is to simplify the use of those plugin api interfaces
so that rewriters (filter or computed attribute) in shared library can be taken into account
as soon as listed in config entries
Fix Description:
It follows the design http://www.port389.org/docs/389ds/design/search_rewriters.html
registers callback listed in children of 'cn=rewriters,cn=config'
The rewriters.c files contains examples of filter rewriter and computed attribute
https://pagure.io/389-ds-base/issue/50980
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
46fb7cee by Simon Pichugin at 2020-04-15T10:50:07+02:00
Issue 51016 - Fix memory leaks in changelog5_init and perfctrs_init
Bug Description: Memory Leaks are detected by ASAN in changelog5_init
and perfctrs_init functions.
Fix Description: For perfctrs_init, free existing memory before initializing
new memory which will be assigned to the existing stucts.
For changelog5_init, run cl5Cleanup instead of cl5Close for BE preop.
https://pagure.io/389-ds-base/issue/51016
Reviewed by: lkrispen (Thanks!)
- - - - -
12c6814a by Thierry Bordaz at 2020-04-15T18:50:30+02:00
Ticket 50931 - RFE AD filter rewriter for ObjectCategory
Bug Description:
AD provides flexibility, to AD client, to use shortcuts values in filter components.
To support AD client using 'ObjectCategory' shortcut, we need a 389-ds filter rewriters that
translate the filter '(ObjectCategory=foo)' into '(ObjectCategory=cn=foo,cn=schema,cn=configuration,<base>)'
before processing the filter
[1] https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx#Filter_on_objectCategory_and_objectClass
Fix Description:
This patch uses the new ability to registers rewriters (https://pagure.io/389-ds-base/issue/50980).
It implements a new rewriters library (under /lib) with a callback filter rewriter adfilter_rewrite_objectCategory.
A adfilter rewriter config entry refers to that library and register the callback at startup
https://pagure.io/389-ds-base/issue/50931
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
9ede55d2 by Mark Reynolds at 2020-04-16T10:16:36-04:00
Issue 50933 - 10rfc2307compat.ldif is not ready to set used by default
Description: The compat schema file is causing issues with upgrades,
and schema replication. For now we need to move it out
to the optional schema location until we can resolve
those issues
relates: https://pagure.io/389-ds-base/issue/50933
- - - - -
5fc54f43 by Mark Reynolds at 2020-04-16T10:30:38-04:00
Bump version to 1.4.4
- - - - -
56c43383 by Mark Reynolds at 2020-04-16T14:14:46-04:00
Bump version to 1.4.3.6
- - - - -
b807bf5e by Timo Aaltonen at 2020-04-20T14:40:41+03:00
Merge branch 'upstream'
- - - - -
4140c108 by Timo Aaltonen at 2020-04-20T14:41:54+03:00
bump the version
- - - - -
b8b9afe8 by Timo Aaltonen at 2020-04-20T14:48:30+03:00
drop the patch, obsolete
- - - - -
8a7c1790 by Timo Aaltonen at 2020-04-20T14:56:39+03:00
install: Updated.
- - - - -
4e8d4846 by Timo Aaltonen at 2020-04-20T15:01:43+03:00
releasing package 389-ds-base version 1.4.3.6-1
- - - - -
db6cd237 by Mark Reynolds at 2020-04-20T10:24:13-04:00
Issue 51031 UI - transition between two instances needs improvement
Bug Description: When you switch between instances in the UI, there is
no loading page, there is a long wait before the dropdown
menu changes, and it does not refresh the page content
(it still contains the previous instance's data).
Fix Description: Set the "loading" flag and the serverId right away when
instance is changed. Then we set the tab component's
key to the server ID so the content is automatically
refreshed.
fixes: https://pagure.io/389-ds-base/issue/51031
Reviewed by: spichugi(Thanks!)
- - - - -
e6023cab by Thierry Bordaz at 2020-04-21T15:20:51+02:00
Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1
Bug Description:
startTls pushes a network layer on top of the connection.
So when processing startTLS, there should not be a pending operation
else there is a risk that the operation sends back data on moving
network layer.
When startTls detects a pending operation it aborts startTls.
However if a new operation is received while processing startTls,
the operation is pending but can not be read because startTls
holds c_mutex.
Fix Description:
In case of unread pending operation, relax the control
and just log an information message.
https://pagure.io/389-ds-base/issue/51035
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
0bdef382 by Timo Aaltonen at 2020-04-21T20:19:00+03:00
fix-db-home-dir.diff: Set db_home_dir same as db_dir to fix an issue starting a newly created instance.
- - - - -
20a7ff11 by Timo Aaltonen at 2020-04-21T20:19:15+03:00
releasing package 389-ds-base version 1.4.3.6-2
- - - - -
fe8547bc by Anuj Borah at 2020-04-22T13:27:16+05:30
Issue: 48055 - CI test - automember_plugin(part3)
Bug Description: CI test - automember_plugin(part3)
Relates: https://pagure.io/389-ds-base/issue/48055
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
3ca89e31 by Mark Reynolds at 2020-04-22T08:41:45-04:00
Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
Bug Description: There are several issues with using /dec/shm/disrv/
for the db home directory. Cantainers have issues,
and system reboots can cause issues too.
Fix Description: Using just /dev/shm/slapd-INST solves all the permission
issues, but that requires a new selinux label, so
for now we will just set the db home directory to the
database directory (effectively disabling the change).
relates: https://pagure.io/389-ds-base/issue/49731
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
69a389e0 by Thierry Bordaz at 2020-04-22T15:22:37+02:00
Ticket 50877 - task to run tests of csn generator
Bug Description:
It exists a test of csn generator (csngen_test()).
It is not called from any function.
Fix Description:
register a task container 'cn=csngen_test,cn=tasks,cn=config"
that calls the test function
https://pagure.io/389-ds-base/issue/50877
Reviewed by: William Brown (Thanks !)
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
8635444b by root at 2020-04-22T17:57:05+02:00
Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins
Bug: Changes by internal operations were not handled by the sync repl plugin
Fix: Register sync repl postop functions also for internal ops
Reviewed by: xAThierry, thanks
- - - - -
2333d75d by Mark Reynolds at 2020-04-22T14:29:43-04:00
Bump version to 1.4.4.1
- - - - -
05f86617 by Simon Pichugin at 2020-04-24T14:50:01+02:00
Issue 51027 - Test passwordHistory is not rewritten on a fail attempt
Description: Add a test that check that "passwordHistory" attribute
for a user doesn't get updated if a password change fails due to
password repetition.
Add a fixture for the test user and its ACI.
https://pagure.io/389-ds-base/issue/51027
Reviewed by: tbordaz (Thanks!)
- - - - -
326be2c9 by Mark Reynolds at 2020-04-24T10:12:56-04:00
Issue 50545 - Port dbgen.pl to dsctl
Description: Ported the main features to lib389 and added some other useful features:
Now there are several LDIFs that can be created:
- User LDIFs (different types)
- Group LDIFs
- COS LDIFs
- Role LDIFs
- Modification LDIFs
- Nested LDIFs
Design Doc: https://www.port389.org/docs/389ds/design/dbgen-design.html
fixes: https://pagure.io/389-ds-base/issue/50545
Reviewed by: firstyear & spichugi(Thanks!!)
Fix various issue and improve ldif file validation
Add summary of settings to output, and set the default location of user/nested LDIF to be in the server's LDIF directory
- - - - -
53e9d9f9 by Mark Reynolds at 2020-04-24T12:35:38-04:00
Issue 50499 - fix npm audit issues
Description: Fix npm audit amd update npm packages
relates: https://pagure.io/389-ds-base/issue/50499
Reviewed by: spichugi(Thanks!)
- - - - -
0f446a54 by Mark Reynolds at 2020-04-24T12:40:47-04:00
Issue 51047 - React deprecating ComponentWillMount
Description: ComponentWillMount has been deemed as unsafe, switching to
ComponentDidMount is the preferred solution and does not
seem to affect the UX.
Fixes: https://pagure.io/389-ds-base/issue/51047
Reviewed by: spichugi(Thanks!)
- - - - -
1b8a6be1 by Viktor Ashirov at 2020-04-29T15:46:08+02:00
Issue 49761 - Fix CI tests
Description:
* Update pytest markers
* Fix changelog test on EL8
* Fix race conditions in pwdPolicy_warning_test, pwdPolicy_attribute_test, rootdn_plugin_test
* Increase a timeout for check_ruv()
* Use appropriate default password storage scheme on older versions
* Remove nsUniqueId from the expected attributes if search is done on rootdse
* Add missing __init__.py for the test suites
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: spichugi (Thanks!)
- - - - -
13f8dc7b by Mark Reynolds at 2020-04-29T13:25:43-04:00
Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev
Bug Description: Adding an invalid/double equal sign when setting the
target/targetattr/targetfilter will cause a heap "underflow":
targetfilter=="(uid=*)"
Fix description: Detect and reject these invalid ACI syntaxes before we
"underflow". Simply check if the character after the first
equal sign is a double quote, as that is the only possible
next valid character in a valid ACI.
fixes: https://pagure.io/389-ds-base/issue/51054
Reviewed by: firstyear(Thanks!)
- - - - -
c7da66eb by Mark Reynolds at 2020-04-29T17:00:33-04:00
Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now
Description: Also need to undo the change for setup-ds.pl
relates: https://pagure.io/389-ds-base/issue/49731
- - - - -
da12b98c by Sylvie Gouverneyre at 2020-04-30T09:34:13+00:00
Issue 50655 - etime displayed has an order of magnitude 10 times smaller than it should be
Description:
Time value in nanoseconds displayed in the access log was 10 times lower than the actual value.
This test is intented to verify the fix for this problem.
Relates https://bugzilla.redhat.com/show_bug.cgi?id=1749236
Author: sgouvern
Review by: firstyear, spichugi
- - - - -
3def54de by Mark Reynolds at 2020-05-01T09:40:28-04:00
Issue 51051 - CLI fix consistency issues with confirmations
Description: The remove-all feature of dsctl uses different confirmation
prompt than "dsctl remove". To fix this the "countdown" style
confirmation was moved to "remove_all", as "dsctl INST remove"
already had an additional argument.
Also cleaned up unused imports other various bugs found by my
IDE.
relates: https://pagure.io/389-ds-base/issue/51050
Reviewed by: firstyear(Thanks!)
- - - - -
1cff0fb3 by Mark Reynolds at 2020-05-01T09:54:23-04:00
Issue 51064 - Unable to install server where IPv6 is disabled
Description: When checking if a port is available, first attempt to
create a socket using AF_INET6, if that fails then use
AF_INET
relates: https://pagure.io/389-ds-base/issue/51064
Reviewed by: firstyear(Thanks!)
- - - - -
3548738f by Mark Reynolds at 2020-05-01T09:58:06-04:00
Issue 51060 - unable to set sslVersionMin to TLS1.0
Description: When processing the "sslVersionMin" attribute we were incorrectly
setting it to TLS1.2 (current default level)
fixes: https://pagure.io/389-ds-base/issue/51060
Reviewed by: firstyear(Thanks!)
- - - - -
8895fc4b by Viktor Ashirov at 2020-05-02T20:58:21+02:00
Issue 50992 - Bump jemalloc version and enable profiling
Description:
jemalloc 5.2.1 release introduced a number of fixes.
https://github.com/jemalloc/jemalloc/releases/tag/5.2.1
Additionally:
* Override default page and hugepage sizes, because builder machines may not match the target systems.
* Enable profiling by default (--enable-perf), so it can be used for troubleshooting.
Fixes: https://pagure.io/389-ds-base/issue/50992
Reviewed by: mreynolds (Thanks!)
- - - - -
582691dd by Eli Schwartz at 2020-05-05T20:50:54-04:00
Issue 51042 - switch from c_rehash to openssl rehash
Bug Description:
389-ds-base depends on an additional Fedora package openssl-perl for
the /usr/bin/c_rehash script, which just wraps /usr/bin/openssl and
drags in a perl interpreter in the process. The openssl program
contains a builtin 'rehash' subcommand that does the same thing,
only faster and with fewer dependencies. And openssl developers
refer to c_rehash as a fallback and suggest it might be feasible to
remove it entirely.
Fix Description:
Switch all call sites and inline documentation to refer to `openssl
rehash`, and drop the unneeded dependency from the spec file.
One less dependency on perl!
Fixes https://pagure.io/389-ds-base/issue/51042
Author: eschwartz
- - - - -
151a9678 by Eli Schwartz at 2020-05-05T20:50:54-04:00
Issue 51042 - try to use both c_rehash and openssl rehash
Bug Description:
It's not possible to fully migrate to openssl rehash, since it is
not available everywhere. And versions of openssl which don't have
rehash, also cannot check if rehash is available, or try running it
at all as a fallback, because the return value is meaningless.
Fix Description:
Add a utility function that checks the openssl version and parses it
into a LegacyVersion class. `openssl version` should work
everywhere, despite being unfriendly to parse. On versions of
openssl >= 1.1.0a (LegacyVersion also considers 1.1.0 > 1.1.0a), use
openssl rehash, otherwise fall back to c_rehash.
Fixes https://pagure.io/389-ds-base/issue/51042
Author: eschwartz
- - - - -
1b7b12e2 by Thierry Bordaz at 2020-05-07T16:50:21+02:00
Ticket 51068 - deadlock when updating the schema
Bug Description:
It exists a 3 threads deadlock scenario. It involves state change plugins when it
calls schema_changed_callback. So the trigger is a change of schema (direct or via
replication). The scenario is
MOD(cn=schema) hold StateChange lock wait for vattr lock
SRCH hold vattr lock wait for DB page
MOD hold DB page wait for StateChange lock
Fix Description:
Statechange lock protects the list of registered callbacks.
lock is a mutex where actually registration of callback is only done
at startup. Later the list is only lookup.
Making statechange lock a rwlock suppresses the deadlock scenario
as MODs will only acquire in read StateChange lock.
It should also improve performance as at the moment all MODs are serialized
on that lock
In order to prevent writer starvation a new slapi_new_rwlock_prio
create rwlock with priority to writers.
https://pagure.io/389-ds-base/issue/51068
Reviewed by: Mark Reynolds, William Brown
Platforms tested: 30
Flag Day: no
Doc impact: no
- - - - -
916d13bc by Mark Reynolds at 2020-05-08T09:43:53-04:00
Issue 51054 - Revise ACI target syntax checking
Bug Description: The previous commit enforced a strict syntax that was previously
allowed. This is causing regressions for customers and community
members.
Fix Description: Reject ACI's that use more than one equal sign between the target
keyword and the value, but do not enforce that the values are
quoted. A flag was added that we can turn on strict syntax at a
later date, but for now we will continue allow values without quotes.
relates: https://pagure.io/389-ds-base/issue/51054
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
6a0ece1e by Mark Reynolds at 2020-05-08T15:05:25-04:00
Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema
Description:
FreeIPA LDAP update code relies on the schema retrieval when
deciding what to do with values of single-valued LDAP attributes.
In the case attribute is single-valued and some value was present
in the original entry for this attribute, it would use MOD_REPLACE.
Otherwise, it uses MOD_DELETE + MOD_ADD.
Many attributes used in cn=config entries have no formal schema
defined. Since by default an attribute is multi-valued, this fails
the logic above for actual single-valued attributes, like
nsslapd-enable-upgrade-hash. It means FreeIPA has to write special
logic to handle just this attribute.
It would be good to expose schema for nsslapd-enable-upgrade-hash.
We need to change its value to off in all FreeIPA installations
because ipa-pwd-extop plugin prevents hashed passwords in updates
due to a need to regenerate Kerberos hashes on a password change.
It means upgrade of a password hash on LDAP bind will never work
in FreeIPA.
Note - this does move us closer to our goal of adding all the
configuration attributes to the schema.
fixes: https://pagure.io/389-ds-base/issue/51078
Reviewed by: mreynolds (one line commit rule)
- - - - -
debc684a by Mark Reynolds at 2020-05-08T15:25:46-04:00
Bump version to 1.4.4.2
- - - - -
888f0b21 by Simon Pichugin at 2020-05-11T10:54:08+02:00
Issue 50201 - nsIndexIDListScanLimit accepts any value
Bug Description: Setting of nsIndexIDListScanLimit like
'limit=2 limit=3' are detected and logged in error logs.
But the invalid value is successfully applied in the config entry
and the operation itself is successful.
The impact is limited because the index will be used following
idlistscanlimit rather than invalid definition nsIndexIDListScanLimit.
Fix Description: Print the errors to the user when he tries to add
or to modify index config entry with malformed values.
Change tests accordingly.
https://pagure.io/389-ds-base/issue/50201
Reviewed by: mreynolds, tbordaz (Thanks!)
- - - - -
d73b14a1 by Anuj Borah at 2020-05-11T15:46:25+05:30
Issue:CI test - automember_plugin (Long Duration test)
CI test - automember_plugin (Long Duration test)
Relates: https://pagure.io/389-ds-base/issue/48055
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
0cb1e043 by Thierry Bordaz at 2020-05-11T18:07:22+02:00
Ticket 51082 - abort when a empty valueset is freed
Bug Description:
A large valueset (more than 10 values) manages a sorted array of values.
replication purges old values from a valueset (valueset_array_purge). If it purges all the values
the valueset is freed (slapi_valueset_done).
A problem is that the counter of values, in the valueset, is still reflecting the initial number
of values (before the purge). When the valueset is freed (because empty) a safety checking
detects incoherent values based on the wrong counter.
Fix Description:
When all the values have been purge reset the counter before freeing the valueset
https://pagure.io/389-ds-base/issue/51082
Reviewed by: Mark Reynolds
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
6a7a1541 by Matus Honek at 2020-05-12T11:06:50+02:00
Issue 51017 - Implement dynamic ds/bz pytest markers
Bug Description:
Our unique markers for tickets cause a lot pytest warnings
PytestUnknownMarkWarning.
Fix Description:
On each run, go through all test files and the correctly prefixed markers for
the runtime being.
Fixes: https://pagure.io/389-ds-base/issue/51017
Author: Matus Honek <mhonek at redhat.com>
Review by: Viktor & Simon (Thanks!)
- - - - -
497c18f2 by Barbora Smejkalova at 2020-05-12T11:23:20+02:00
Issue 50873 - Fix issues with healthcheck tool
Description:
Created sanity HealthCheck test to see if the tool works on standalone instance.
I extended topology_st with LogCapture in src/lib389/lib389/topologies.py
and added new topology_no_sample that does not create sample entries so we can reproduce DSBLE0003.
Added environment variable PYINSTALL to use python installer for these tests.
The tests can be run using 'PYINSTALL=True py.test ...'.
Also created test to check DSBLE0003 and added test steps from Sylvie (Thanks!) because
we want to import them to our test plan in Polarion
I will fill the blank tests soon.
Relates: https://pagure.io/389-ds-base/issue/50873
Reviewed by: spichugi, firstyear, vashirov (Thanks!)
- - - - -
26c77a4b by Matus Honek at 2020-05-12T09:27:20+00:00
Issue 50940 - Permissions of some shipped directories may change over time
Bug Description:
Some utilities (e.g. installer, esp. setup-ds.pl) alter permissions of
some folders shipped by default. This is discoverable by running
`rpm -V 389-ds-base` after using these.
Fix Description:
Since Perl tools are deprecated and Python tools do not seem to change
most of those permissions, only fix /var/lock/dirsrv in SPEC file.
Relates: https://pagure.io/389-ds-base/issue/50940
Author: Matus Honek <mhonek at redhat.com>
Review By: Simon (Thanks!)
- - - - -
bc789a90 by Mark Reynolds at 2020-05-12T07:36:17-04:00
Issue 51076 - prevent unnecessarily duplication of the target entry
Bug Description: For any update operation the MEP plugin was calling
slapi_search_internal_get_entry() which duplicates
the entry it returns. In this case the entry is just
read from and discarded, but this entry is already
in the pblock (the PRE OP ENTRY).
Fix Description: Just grab the PRE OP ENTRY from the pblock and use
that to read the attribute values from. This saves
two entry duplications for every update operation
from MEP.
fixes: https://pagure.io/389-ds-base/issue/51076
Reviewed by: tbordaz & firstyear(Thanks!!)
- - - - -
d45d8bd0 by Simon Pichugin at 2020-05-12T15:26:37+02:00
Issue 50610 - memory leaks in dbscan and changelog encryption
Bug Description: More leaks are present that involve dbscan
execution (the issue happens on instance restart though).
Fix Description: dbscan - add 'done:' section to which we can
go to if something went worng and free the allocated data.
changelog encryption - add clcrypt_destroy function;
properly free the allocated memory when we go to shutdown.
When we do changelog5_config_done, additionally free
config->symmetricKey, config->dbconfig.encryptionAlgorithm,
and config->dbconfig.symmetricKey
https://pagure.io/389-ds-base/issue/50610
Reviewed by: lkrispen (Thanks!)
- - - - -
431aba86 by Simon Pichugin at 2020-05-13T14:05:42+02:00
Issue 50610 - Fix return code when it's nothing to free
Description: Fix the return code when NULL == clcrypt_handle
supplied to clcrypt_destroy.
https://pagure.io/389-ds-base/issue/50610
Reviewed by: mreynolds (Thanks!)
- - - - -
ab1aaad4 by Viktor Ashirov at 2020-05-13T20:28:36+02:00
Issue 49761 - Fix CI tests
Fix Description:
* Update skipif/xfail pytest marks
* Unset PYTHONPATH for cli tools in setup_ds tests
* Change pem files extraction path in SASL regression tests
* Fix a typo in 'state' tests directory name
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
b3dec427 by Matus Honek at 2020-05-14T16:55:43+02:00
Revert "Issue 51017 - Implement dynamic ds/bz pytest markers"
Apparently, in some situations, grepping over all the files gets very
slow due to filesystem implementation (e.g. docker on MacOS) specifics.
Instead of this implementation, we'll rather look into pre-commit hooks
adding new markings on the fly.
This reverts commit 6a7a154159583c09fcbba0578eaf576d577ccb11.
Relates: https://pagure.io/389-ds-base/issue/51017
- - - - -
1ba7370e by William Brown at 2020-05-15T12:00:32+10:00
Ticket 51079 - container pid start and stop issues
Bug Description: During the container startup, we were incorrectly
checking for the pidfile as we started. We also were not properly
catching sigint, and dscontainer on keyboard int was not passing
some signals through.
Fix Description: Improve signal handling in dscontainer, add sigint
as a caught signal to ns-slapd, and remove the pid file from the container
instance as we do not require it.
https://pagure.io/389-ds-base/issue/51079
https://pagure.io/389-ds-base/issue/51080
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
495ee204 by Mark Reynolds at 2020-05-15T08:17:02-04:00
Issue 51091 - healthcheck json report fails when mapping tree is deleted
Description: We were passing the bename in bytes and not as a utf8 string.
This caused the json dumping to fail.
relates: https://pagure.io/389-ds-base/issue/51091
Reviewed by: firstyear(Thanks!)
- - - - -
9afa6694 by Mark Reynolds at 2020-05-15T10:05:35-04:00
Issue 50499 - Fix some npm audit issues
Description there are still warnings:
npm WARN eonasdan-bootstrap-datetimepicker at 4.17.47 requires a peer of bootstrap@^3.3 but none is installed. You must install peer dependencies yourself.
npm WARN table-resolver at 3.3.0 requires a peer of redux@>= 3.0.0 < 4.0.0 but none is installed. You must install peer dependencies yourself..
npm WARN react-ellipsis-with-tooltip at 1.1.1 requires a peer of react-bootstrap at 0.31.x || 0.32.x but none is installed. You must install peer dependencies yourself.
relates: https://pagure.io/389-ds-base/issue/50499
Reviewed by: mreynolds
- - - - -
3516495c by Thierry Bordaz at 2020-05-18T17:36:37+02:00
Ticket 51037 - RFE AD filter rewriter for ObjectSID
Bug Description:
AD provides flexibility, to AD clients, to use string representation of objectSID
(for example S-1-5-21-1305200397-1234-1234-1234)
To support AD client using 'ObjectSid' shortcut, we need a 389-ds filter rewriters that
translate the filter '(objectSid=S-1-5-21-1305200397-1234-1234-1234)' into '(objectSid=<objectsid blob>)'
before processing the filter
see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada3/afac8414-c614-4c6a-b316-41f5978308bd
Fix Description:
This patch uses the new ability to registers rewriters (https://pagure.io/389-ds-base/issue/50980)
It implements a new callback filter rewriter adfilter_rewrite_objectsid in librewriters.so
https://pagure.io/389-ds-base/issue/51037
Reviewed by: Mark Reynolds, Alexander Bokovoy, Simon Pichugin, William Brown (Thanks !)
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
8b3f4ca6 by William Brown at 2020-05-19T10:28:17+10:00
Ticket 50989 - ignore pid when it is ourself in protect_db
Bug Description: In protect_db.c, there are some cases (especially containers)
where a pid number can be re-used. Following a bad shutdown, the lock files
in /run/lock/{export,import,server}/* remain, and the pid they hold could
be allocated to ourself. When this occurs, the server fails to start.
Fix Description: If the pid of the lock file is our own pid, that is proof
that the previous pid/lock file can not exist, and therfore it is safe to
proceed with the startup.
https://pagure.io/389-ds-base/issue/50989
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
08cad9e7 by Thierry Bordaz at 2020-05-19T10:59:22+02:00
Ticket 51037 - compiler warning
- - - - -
75e3b867 by Anuj Borah at 2020-05-19T14:34:55+05:30
Issue:51070 - Port Import TET module to python3 part1
Bug Description: Port Import TET module to python3 part1
Relates: https://pagure.io/389-ds-base/issue/51070
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
e0e2db1d by Simon Pichugin at 2020-05-19T17:42:07+02:00
Issue 51086 - Improve dscreate instance name validation
Bug Description: When creating an instance using dscreate, it doesn't enforce
max name length. The ldapi socket name contains name of the instance. If it's
too long, we can hit limits, and the file name will be truncated. Also, it
doesn't sanitize the instance name, it's possible to create an instance with
non-ascii symbols in its name.
Fix Description: Add more checks to 'dscreate from-file' installation.
Add a limitation for nsslapd-ldapifilepath string lenght because it is
limited by sizeof((*ports_info.i_listenaddr)->local.path)) it is copied to.
https://pagure.io/389-ds-base/issue/51086
Reviewed by: firstyear, mreynolds (Thanks!)
- - - - -
68ab6a80 by Mark Reynolds at 2020-05-20T09:22:06-04:00
Issue 51076 - remove unnecessary slapi entry dups
Description: So the problem is that slapi_search_internal_get_entry()
duplicates the entry twice. It does that as a convenience
where it will allocate a pblock, do the search, copy
the entry, free search results from the pblock, and then
free the pblock itself. I basically split this function
into two functions. One function allocates the pblock,
does the search and returns the entry. The other function
frees the entries and pblock.
99% of time when we call slapi_search_internal_get_entry()
we are just reading it and freeing it. It's not being
consumed. In these cases we can use the two function
approach eliminates an extra slapi_entry_dup(). Over the
time of an operation/connection we can save quite a bit
of mallocing/freeing. This could also help with memory
fragmentation.
ASAN: passed
relates: https://pagure.io/389-ds-base/issue/51076
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
c350ddc9 by Mark Reynolds at 2020-05-20T13:48:27-04:00
Issue 51102 - RFE - ds-replcheck - make online timeout configurable
Bug Description: When doing an online check with replicas that are very
far apart the connection can time out as the hardcoded
timeout is 5 seconds.
Fix Description: Change the default timeout to never timeout, and add an
CLI option to specify a specific timeout.
Also caught all the possible LDAP exceptions so we can
cleanly "fail". Fixed some python syntax issues, and
improved the entry inconsistency report
relates: https://pagure.io/389-ds-base/issue/51102
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
9d5fe06e by Sylvie Gouverneyre at 2020-05-25T09:51:24+00:00
Issue 49850 -ldbm_get_nonleaf_ids() painfully slow for databases with many non-leaf entries
Description:
With a very large database, gathering non-leaf IDs for creating the ancestorid index took an enormous amount of time.
This test is to verify the fix for this problem.
https://pagure.io/389-ds-base/issue/49850
Author: sgouvern
Reviewed by: firstyear, spichugi
- - - - -
251cef91 by Mark Reynolds at 2020-05-26T08:38:30-04:00
Issue 51110 - Fix ASAN ODR warnings
Description: Fixed ODR issues with glboal attributes which were duplicated from
the core server into the replication and retrocl plugins.
relates: https://pagure.io/389-ds-base/issue/51110
Reviewed by: firstyear(Thanks!)
- - - - -
2fc834aa by Mark Reynolds at 2020-05-26T11:20:02-04:00
Issue 51095 - abort operation if CSN can not be generated
Bug Description: If we fail to get the system time then we were using an
uninitialized timespec struct which could lead to bizarre
times in CSN's.
Fix description: Check if the system time function fails, and if it does
then abort the update operation.
relates: https://pagure.io/389-ds-base/issue/51095
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
eb191f5b by Mark Reynolds at 2020-05-27T07:35:57-04:00
Issue 51113 - Allow using uid for replication manager entry
Bug Description: Currently it was hardcoded to only allow "cn" as
the rdn attribute for the replication manager entry.
Fix description: Allow setting the rdn attribute of the replication
manager DS ldap object, and include the schema that
allows "uid".
relates: https://pagure.io/389-ds-base/issue/51113
Reviewed by: spichugi & firstyear(Thanks!!)
- - - - -
1befe929 by Anuj Borah at 2020-05-28T10:14:24+05:30
Issue: 50860 - Port Password Policy test cases from TET to python3 part1
CI test - Port Password Policy test cases from TET to python3 part1
Relates: https://pagure.io/389-ds-base/issue/50860
Author: aborah
Reviewed by: Simon Pichugin, Viktor Ashirov
- - - - -
cec05062 by Viktor Ashirov at 2020-05-28T09:58:26+02:00
Issue 50931 - RFE AD filter rewriter for ObjectCategory
Bug Description:
ASAN build fails on RHEL due to linking issues
Fix Description:
Add missing libslapd.la for librewriters.la
Relates: https://pagure.io/389-ds-base/issue/50931
Reviewed by: tbordaz (Thanks!)
- - - - -
7b79b89c by Mark Reynolds at 2020-05-29T16:44:12-04:00
Bump version to 1.4.4.3
- - - - -
672192a5 by Timo Aaltonen at 2020-06-02T11:11:48+03:00
Merge tag '389-ds-base-1.4.3.6' into m
- - - - -
353b912d by Timo Aaltonen at 2020-06-02T11:11:59+03:00
Merge branch 'master' into m
- - - - -
8e7f2c1f by Timo Aaltonen at 2020-06-02T11:15:34+03:00
bump the version
- - - - -
ff385d32 by Timo Aaltonen at 2020-06-02T11:17:42+03:00
fix-db-home-dir.diff: Dropped, upstream.
- - - - -
17586c42 by Timo Aaltonen at 2020-06-02T11:33:54+03:00
releasing package 389-ds-base version 1.4.4.3-1
- - - - -
4a55322c by Matus Honek at 2020-06-02T16:16:09+02:00
Issue 50746 - Add option to healthcheck to list all the lint reports
Bug Description:
Healthcheck lacks a way to find out what checks are available.
Fix Description:
Add dsctl healthcheck options to list available checks, known error
codes, and ability to run cehcks selectively. The checks are rather
hierarchically structured and in some cases matchable by patterns (by
use of asterisk).
Fixes https://pagure.io/389-ds-base/issue/50746
Author: Matus Honek <mhonek at redhat.com>
Review by: Mark, William, Simon (thanks for the patience!)
- - - - -
a0113b19 by Mark Reynolds at 2020-06-02T10:28:24-04:00
Issue 51118 - UI - improve modal validation when creating an instance
Description: Do not enable the "create" button until all the fields are
valid (DN's, port numbers, passwords, etc).
Improve layout and handling of optional database settings.
Add a json argument to dscreate so the UI can report any
failure text. Also improve error reporting in dscreate.
relates: https://pagure.io/389-ds-base/issue/51118
Reviewed by: firstyear & spichugi(Thanks!!)
Improve validation error messages
Fix allowed characters
- - - - -
1d995575 by William Brown at 2020-06-03T09:10:34+10:00
Ticket 51115 - enable samba3.ldif by default
Bug Description: Samba has an ldapsam module that allows
samba to authenticate via LDAP for ad-domain-less systems.
By enabling it by default this opens some easier out-of-the-box
integrations.
Fix Description: Enable it by default, and fix a type in 60samba.ldif
Already tested with replication and 60samba.ldif to ensure no conflict.
https://pagure.io/389-ds-base/issue/51115
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
9a069355 by William Brown at 2020-06-03T09:15:05+10:00
Ticket 51072 - improve autotune defaults
Bug Description: we have learnt that the CPU autotuning is too aggresive, potentially
decreasing throughput due to overhead in context switching and lock contention, and
that our memory tuning is not aggressive enough, at only 10% of the system memory.
Additionally, in containers, we are able to have access to different memory limits
and reservations, so we can choose to be even more forward in our selection.
Fix Description: Change thread tuning to match the number of threads available on
the system. Change memory tuning to 25% of system memory by default. Finally add
an environment variable to containers allowing more aggressive tuning to be
set DS_MEMORY_PERCENTAGE. Later this could be set to a higher default value.
https://pagure.io/389-ds-base/issue/51072
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, vashirov, tbordaz (Thanks!)
- - - - -
b405a909 by William Brown at 2020-06-03T12:23:58+10:00
Ticket 137 - Implement EntryUUID plugin
Bug Description: This implements EntryUUID - A plugin that generates
uuid's on attributes, which can be used by external applications to
associate an entry uniquely.
Fix Description: This change is quite large as it contains multiple parts:
* Schema for entryuuid.
ldap/schema/02common.ldif
ldap/schema/03entryuuid.ldif
* Documentation of the plugin design
src/README.md
* A rust plugin api.
src/slapi_r_plugin/Cargo.toml
src/slapi_r_plugin/README.md
src/slapi_r_plugin/build.rs
src/slapi_r_plugin/src/backend.rs
src/slapi_r_plugin/src/ber.rs
src/slapi_r_plugin/src/constants.rs
src/slapi_r_plugin/src/dn.rs
src/slapi_r_plugin/src/entry.rs
src/slapi_r_plugin/src/error.rs
src/slapi_r_plugin/src/init.c
src/slapi_r_plugin/src/lib.rs
src/slapi_r_plugin/src/log.rs
src/slapi_r_plugin/src/macros.rs
src/slapi_r_plugin/src/pblock.rs
src/slapi_r_plugin/src/plugin.rs
src/slapi_r_plugin/src/search.rs
src/slapi_r_plugin/src/syntax_plugin.rs
src/slapi_r_plugin/src/task.rs
src/slapi_r_plugin/src/value.rs
* An entry uuid syntax plugin, that has functional indexing
src/plugins/entryuuid_syntax/Cargo.toml
src/plugins/entryuuid_syntax/src/lib.rs
* A entry uuid plugin that generates entryuuid's and has a fixup task..
src/plugins/entryuuid/Cargo.toml
src/plugins/entryuuid/src/lib.rs
* Supporting changes in the server core to enable and provide apis for the plugins.
ldap/servers/slapd/config.c
ldap/servers/slapd/entry.c
ldap/servers/slapd/fedse.c
* A test suite for for the entryuuid plugin
dirsrvtests/tests/data/entryuuid/localhost-userRoot-2020_03_30_13_14_47.ldif
dirsrvtests/tests/suites/entryuuid/basic_test.py
* Supporting changes in lib389
src/lib389/lib389/_constants.py
src/lib389/lib389/backend.py
src/lib389/lib389/instance/setup.py
src/lib389/lib389/plugins.py
src/lib389/lib389/tasks.py
* Changes to support building the plugins
Makefile.am
configure.ac
* Execution of cargo fmt on the tree, causing some clean up of files.
src/Cargo.lock
src/Cargo.toml
src/librnsslapd/build.rs
src/librnsslapd/src/lib.rs
src/librslapd/Cargo.toml
src/librslapd/build.rs
src/librslapd/src/lib.rs
src/libsds/sds/lib.rs
src/libsds/sds/tqueue.rs
src/slapd/src/error.rs
src/slapd/src/fernet.rs
src/slapd/src/lib.rs
https://pagure.io/389-ds-base/issue/137
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, lkrispenz (Thanks)
- - - - -
31e132a5 by Barbora Smejkalova at 2020-06-03T08:22:43+02:00
Issue 50889 - Extract pem files into a private namespace
Description:
Created test for checking if certs and private key in pem format are stored
in private namespace and not under 'nsslapd-certdir' directory.
Relates: https://pagure.io/389-ds-base/issue/50889
Reviewed by: firstyear, tbordaz, vashirov (Thanks!)
- - - - -
e8f510e9 by Barbora Smejkalova at 2020-06-03T06:49:32+00:00
Issue 50545 - Port remaining legacy tools to new python CLI
Description:
Created test that checks output syntax for dbmon to make sure
it did not fail with error.
Relates: https://pagure.io/389-ds-base/issue/50545
Reviewed by: firstyear, mreynolds (Thanks!)
- - - - -
4f2f3c37 by William Brown at 2020-06-04T00:12:49+00:00
Ticket 51034 - labeledURIObject
Bug Description: We are missing part of rfc2079, the labeledURIObject
Fix Description: At the schema as defined in the RFC
https://pagure.io/389-ds-base/issue/51034
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
75c8de1e by Mark Reynolds at 2020-06-04T10:25:10-04:00
Issue 51132 - Winsync setting winSyncWindowsFilter not working as expected
Bug Description: When processing updates from AD we search AD using a filter,
and this filter can be customized via the attribute setting:
winSyncWindowsFilter. However, after setting a custom filter
replication appears to stop working as expected. New entries
that match the filter are replicated to DS, but not updates
to these entries. The problem is that when dirsync sends
updates, it is just a partial entry - only containing the
attributes that changed. Then the server checks the filter
again on the returned entry, but if it's just a mod update then
the entry is missing most of its attributes, and the filter
check fails and the entry is not updated on DS.
Fix Description: Do not check the filter on the returned entries when processing
incremental updates as the fitler test was already done when
gathering the candidates.
relates: https://pagure.io/389-ds-base/issue/51132
Reviewed by: tbordaz & firstyear (Thanks!)
- - - - -
ac54e069 by Viktor Ashirov at 2020-06-05T01:58:49+02:00
Issue 50781 - Make building cockpit plugin optional
Bug Description:
Currently building 389-ds involves building cockpit-389-ds too,
which is not always desired.
Fix Description:
Introduce a new configure parameter --enable-cockpit, which is on by default.
Fixes: https://pagure.io/389-ds-base/issue/50781
Doc impact: no
Reviewed by: ???
- - - - -
05e3407e by William Brown at 2020-06-05T11:58:20+10:00
Ticket 137 - fix compiler warning
Bug Description: Fix a compiler warning
Fix Description: -
https://pagure.io/389-ds-base/issue/137
https://pagure.io/389-ds-base/pull-request/50970#comment-122059
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
af870480 by Mark Reynolds at 2020-06-08T11:13:14-04:00
Issue 51136 - dsctl and dsidm do not errors correctly when using JSON
Description: dsctl and dsidm were not returning errors in a JSON object
when the JSON CLI option is requested. This breaks the UI
when errors occur.
fixes: https://pagure.io/389-ds-base/issue/51136
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
ac58ddf3 by Simon Pichugin at 2020-06-09T18:36:25+02:00
Issue 51100 - Correct numSubordinates value for cn=monitor
Bug Description: numSubordinates for cn=monitor shows 4
while there are 3 child entries are present.
Fix Description: Ignore easter egg entry while increasing
numSubordinates count.
https://pagure.io/389-ds-base/issue/51100
Reviewed by: mreynolds (Thanks!)
- - - - -
e9626cc7 by Viktor Ashirov at 2020-06-10T13:26:58+02:00
Issue 50781 - Make building cockpit plugin optional
Bug description:
Cockpit plugin should be optional, but not disabled by default.
Fix description:
Change the default to COCKPIT_ON = 1
Relates: https://pagure.io/389-ds-base/issue/50781
Reviewed by: mreynolds (Thanks!)
- - - - -
3ddcc620 by Mark Reynolds at 2020-06-11T15:47:43-04:00
Issue 50912 - pwdReset can be modified by a user
Description: The attribute "pwdReset" should only be allowed to be set by the
server. Update schema definition to include NO-USER-MODIFICATION
relates: https://pagure.io/389-ds-base/issue/50912
Reviewed by: mreynolds(one line commit rule)
- - - - -
4cfa3745 by William Brown at 2020-06-11T23:45:20+00:00
Ticket 51140 - missing ifdef
Bug Description: entryuuid syntax was added when rust is
not enabled.
Fix Description: Add the missing ifdef
https://pagure.io/389-ds-base/issue/51140
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
dc7bf4a7 by Mark Reynolds at 2020-06-15T11:01:02-04:00
Issue 51072 - Set the default minimum worker threads
Description: Testing has shown that using current number of CPU cores
to set the thread number gives the best performance, but
when there are expensive operations total throughput drops.
We still need a minimum number of workers threads to handle
a wide range of operations. We decided for now that the
minimum should be 16 workers.
relates: https://pagure.io/389-ds-base/issue/51072
Reviewed by: tbordaz & firstyear (Thanks!!)
Define MAX and MIN threads, and improve logging
- - - - -
f75fd1aa by Mark Reynolds at 2020-06-15T11:37:39-04:00
Issue 50791 - Healthcheck should look for notes=A/F in access log
Description: Add checks for notes=A (fully unindexed search) and
notes=F (Unknown attribute in search filter) in the
current access log.
relates: https://pagure.io/389-ds-base/issue/50791
Reviewed by: firstyear(Thanks!)
- - - - -
2ccd0bed by Thierry Bordaz at 2020-06-15T18:00:07+02:00
Ticket 49859 - A distinguished value can be missing in an entry
Bug description:
According to RFC 4511 (see ticket), the values of the RDN attributes
should be present in an entry.
With a set of replicated operations, it is possible that those values
would be missing
Fix description:
MOD and MODRDN update checks that the RDN values are presents.
If they are missing they are added to the resulting entry. In addition
the set of modifications to add those values are also indexed.
The specific case of single-valued attributes, where the final and unique value
can not be the RDN value, the attribute nsds5ReplConflict is added.
https://pagure.io/389-ds-base/issue/49859
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31
- - - - -
a1c8e126 by Viktor Ashirov at 2020-06-16T20:47:17+02:00
Issue 49761 - Fix CI tests
Fix Description:
* Remove checks for some of the expected logs that are no longer present after
https://pagure.io/389-ds-base/issue/51076
* Use a fixture for disabling/enabling access log buffering
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: spichugi (Thanks!)
- - - - -
7e1d80f6 by William Brown at 2020-06-17T01:39:05+00:00
Ticket 51131 - improve mutex alloc in conntable
Bug Description: We previously did delayed allocation
of mutexs, which @tbordaz noted can lead to high usage
of the pthread mutex init routines. This was done under
the conntable lock, as well as cleaning the connection
Fix Description: rather than delayed allocation, we
initialise everything at start up instead, which means
that while startup may have a delay, at run time we have
a smaller and lighter connection allocation routine,
that is able to release the CT lock sooner.
https://pagure.io/389-ds-base/issue/51131
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
327147cf by Simon Pichugin at 2020-06-17T13:35:31+02:00
Issue 50984 - Memory leaks in disk monitoring
Description: Fix the rest of the leaks in disk monitoring
which are present when we shutdown while being below half
of the threshold (at the start-up in main.c).
Free directories, sockets and ports before going to cleanup.
https://pagure.io/389-ds-base/issue/50984
Reviewed by: mhonek, tbordaz (Thanks!)
- - - - -
f97a86af by William Brown at 2020-06-18T00:16:42+00:00
Ticket 51159 - dsidm ou delete fails
Bug Description: delete ou would fail with a stack
trace due to incorrect variable args
Fix Description: use args.dn
https://pagure.io/389-ds-base/issue/51159
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
c6405714 by Mark Reynolds at 2020-06-18T10:23:20-04:00
Issue 51155 - Fix OID for sambaConfig objectclass
Description: The wrong OID was set for sambaConfig objectclass
relates: https://pagure.io/389-ds-base/issue/51155
Reviewed by: mreynolds & tbordaz
- - - - -
3a964c2d by Mark Reynolds at 2020-06-18T17:03:09-04:00
Issue 51144 - dsctl fails with instance names that contain slapd-
Bug Description: If an instance name contains 'slapd-' the CLI breaks:
slapd-test-slapd
Fix Description: Only strip off "slapd-" from the front of the instance
name.
relates: https://pagure.io/389-ds-base/issue/51144
Reviewed by: firstyear(Thanks!)
- - - - -
c20cb673 by Simon Pichugin at 2020-06-18T23:51:53+02:00
Issue 49999 - rpm.mk build-cockpit should clean cockpit_dist first
Description: make -f rpm.mk rpms should always generate this directory
from scratch: src/cockpit/389-console/cockpit_dist
https://pagure.io/389-ds-base/issue/49999
Reviewed by: spichugi (one-line rule)
- - - - -
b59faa43 by William Brown at 2020-06-19T11:24:10+10:00
Ticket 51161 - fix SLE15.2 install issps
Bug Description: On SLE15.2 the hostname is almost always set
incorrectly which can break the install. Newer versions of
systemd encode utf8 in their command output that trips up
the log subsystem.
Fix Description:
We have to set SER_HOST rather than using the default which is
socket.gethostname() from init.py.
Discard the special utf8 encodings in the log output for systemd
https://pagure.io/389-ds-base/issue/51161
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
8f3887e0 by William Brown at 2020-06-22T14:16:31+10:00
Ticket 50544 - OpenLDAP syncrepl compatability
Bug Description: Some customers have asked for the ability to sync
openldap fro 389-ds in a read only mode. OpenLDAP's syncrepl
functionality is slightly different to what our module expected,
requiring changes to be made.
Fix Description: This fixes a number of syncrepl issues within
our plugin, works around a number of deviations from OpenLDAP's
syncrepl client, adds tests, and the needed schema to allow
OpenLDAP to sync from 389-ds.
Outstanding issue is that when the EntryUUID plugin is enabled, it
can confuse OpenLDAP, so a subsequent PR will address that issue.
Note, the provided tests require a fix to python-ldap, so you may
not be able to run these tests yet. See:
https://github.com/python-ldap/python-ldap/pull/351
https://pagure.io/389-ds-base/issue/50544
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
16e47bff by Mark Reynolds at 2020-06-22T09:02:00-04:00
Issue 51166 - Log an error when a search is fully unindexed
Bug Description: Some plugins can trigger very expensive internal searches
that can exhaust the bdb db_locks. It is very difficult
to track these down.
Fix description: Log a message to the errors log when any search (internal or not)
is fully unindexed and provide the search details. This will
allow an admin to identify and fix indexing issues.
relates: https://pagure.io/389-ds-base/issue/51166
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
2813d3d0 by Anuj Borah at 2020-06-22T19:25:09+05:30
Issue:50860 - Port Password Policy test cases from TET to python3 part2
Bug Description: CI test - Port Password Policy test cases from TET to python3 part2
Relates: https://pagure.io/389-ds-base/issue/50860
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
fe48b604 by Barbora Smejkalova at 2020-06-22T16:15:24+02:00
Issue 50873 - Fix issues with healthcheck tool
Description:
I finished remaining tests for healthcheck tool.
I moved some of the tests to separate files because one large file was becoming messy.
Also the test in health_sync_test.py is separate because it is time sensitive to reproduce.
Running it with other tests in one file can cause delay and not catching the error code.
Created requirements.txt to install libfaketime.
Updated topologies.py for LogCapture.
Relates: https://pagure.io/389-ds-base/issue/50873
Reviewed by: vashirov (Thanks!)
- - - - -
526b542b by Simon Pichugin at 2020-06-23T01:36:35+02:00
Issue 51157 - Reindex task may create abandoned index file
Bug Description: Recreating an index for the same attribute but changing
the case of for example 1 letter, results in abandoned indexfile.
Fix Decsription: Add a test case to a newly created 'indexes' test suite.
When we remove the index config from the backend, - remove the attribute
info from LDBM instance attributes.
https://pagure.io/389-ds-base/issue/51157
Reviewed by: firstyear, mreynolds (Thanks!)
- - - - -
a64d6be1 by Mark Reynolds at 2020-06-23T01:27:01+00:00
Issue 49256 - log warning when thread number is very different from autotuned value
Description: To help prevent customers from setting incorrect values for
the thread number it would be useful to warn them that the
configured value is either way too low or way too high.
relates: https://pagure.io/389-ds-base/issue/49256
Reviewed by: firstyear(Thanks!)
- - - - -
a99cd7c7 by Mark Reynolds at 2020-06-23T11:35:30-04:00
Issue 51169 - UI - attr uniqueness - selecting empty subtree crashes cockpit
Description: When processing the typeAheadChange we need to check for a empty
string before treating the array like a list of objects.
Also updated README with contribution instructions
relates: https://pagure.io/389-ds-base/issue/51169
Reviewed by: spichugi(Thanks!)
Improve handling of typeAhead values.
In some cases its an array of strings, and in some cases it's array of objects
- - - - -
0f8605a7 by Simon Pichugin at 2020-06-23T19:28:59+02:00
Issue 50696 - Fix Allowed and Denied Ciphers lists - WebUI
Description: When we add a cipher to an Allowed list we should
not be allowed to add the same cipher to a Denied list.
Also, show a warning when we do an action which requires a restart.
https://pagure.io/389-ds-base/issue/50696
Reviewed by: mreynolds (Thanks!)
- - - - -
d4f5dce7 by Anuj Borah at 2020-06-24T09:43:50+05:30
Issue: 50860 - Port Password Policy test cases from TET to python3 final
Bug Description: Port Password Policy test cases from TET to python3 final
Fixes: https://pagure.io/389-ds-base/issue/50860
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
32593df1 by Anuj Borah at 2020-06-24T07:44:40+00:00
Issue:51142 - Port manage Entry TET suit to python 3 part 1
Bug Description: Port manage Entry TET suit to python 3 part 1
Relates: https://pagure.io/389-ds-base/issue/51142
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
0a71c3db by Anuj Borah at 2020-06-24T07:53:31+00:00
Issue: 51070 - Port Import TET module to python3 part2
Bug Description: Port Import TET module to python3 part2
Fixes: https://pagure.io/389-ds-base/issue/51070
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
6a2750c0 by Anuj Borah at 2020-06-24T07:58:28+00:00
Issue : 49761 - Fix CI test suite issues ( Port remaning acceptance test suit part 1)
Bug Description: Port remaning acceptance test suit part 1
Relates/Fixes: https://pagure.io/389-ds-base/issue/49761
Author: aborah
Reviewed by: Viktor Ashirov
- - - - -
3246fe79 by Mark Reynolds at 2020-06-24T16:55:59+00:00
Issue 51165 - add new access log keywords for wtime and optime
Description: In addition to the "etime" stat in the access we can also
add the time the operation spent in the work queue, and
how long the actual operation took. We now have "wtime"
and "optime" to track these stats in the access log.
Also updated logconf for notes=F (related to a different
ticket), and stats for wtime and optime.
relates: https://pagure.io/389-ds-base/issue/51165
Reviewed by: ?
- - - - -
98a8287e by Barbora Smejkalova at 2020-06-25T13:01:50+02:00
Issue 50545 - Port remaining legacy tools to new python CLI
Description:
Created sanity tests for repl-monitor, dbverify, ldifgen (dbgen) and fixup task
into separate files for each tool.
All tests check output syntax to make sure the tool did not fail with error.
Tests for dbgen create ldif files, that are imported to database and
then check if entries are imported correctly.
Relates: https://pagure.io/389-ds-base/issue/50545
Reviewed by: spichugi (Thanks!)
- - - - -
20e24cc0 by Simon Pichugin at 2020-06-26T02:00:31+02:00
Issue 51188 - db2ldif crashes when LDIF file can't be accessed
Bug Description: db2ldif crashes when we set '-a LDIF_PATH' to a place that
can't be accessed by the user (dirsrv by default)
Fix Description: Don't attempt to close DB if we bail after a failed
attempt to open LDIF file.
https://pagure.io/389-ds-base/issue/51188
Reviewed by: mreynolds (Thanks!)
- - - - -
c48f4d98 by Akshay Adhikari at 2020-06-26T18:30:57+05:30
Issue 50928 - Unable to create a suffix with countryName either via dscreate or the admin console
Description: Added a test case to create a suffix with countryName and all other RDN attributes
via dscreate, also added a negative scenario.
Relates: https://pagure.io/389-ds-base/issue/50928
Reviewed by: vashirov, mreynolds (Thanks!)
- - - - -
f771ff7e by Mark Reynolds at 2020-06-28T22:05:23-04:00
Issue 51165 - add more logconv stats for the new access log keywords
Description: Add "average" stats for wtime, optime, and etime
relates: https://pagure.io/389-ds-base/issue/51165
Reviewed by: firstyear(Thanks!)
- - - - -
91c8ad41 by Thierry Bordaz at 2020-06-29T13:46:09+02:00
Ticket 50980 - fix foo_filter_rewrite
- - - - -
567e8312 by Viktor Ashirov at 2020-06-30T18:28:35+02:00
Issue 50840 - Fix test docstrings metadata
Bug Description:
Some tests have an incorrect metadata in the docstrings. This prevents
the import of the test cases in the test case management system.
Fix Description:
Update the metadata:
* Add missing test tier markers
* Fix missing newline between the short description and :id: token.
* Update test descriptions
* Fix aci tests so that the correct test case name is used in the
aci description
* Fix all warnings and errors reported by docutils parser
Fixes: https://pagure.io/389-ds-base/issue/50840
Reviewed by: mreynolds (Thanks!)
- - - - -
36d61e9a by Akshay Adhikari at 2020-07-01T15:24:14+05:30
Issue 50840 - Fix test docstrings metadata-1
Fix Description: Updated the metadata
Relates: https://pagure.io/389-ds-base/issue/50840
Reviewed by: vashirov
- - - - -
53f92181 by Mark Reynolds at 2020-07-01T09:07:37-04:00
Issue 51192 - Add option to reject internal unindexed searches
Bug Description: Some plugins can perform unindexed searches, and under the
right conditions this can cause problems like exhausting DB locks.
The setting "nsslapd-require-index" does not apply to internal
searches, so there is no way to prevent these searches from
occuring.
Fix Description: Add a new database setting "nsslapd-require-internalop-index"
that rejects an internal unindexed searches.
Also found during testing that when the RI plugin fails that
it does not set the proper result error code.
relates: https://pagure.io/389-ds-base/issue/51192
Reviewed by: firstyear, spichugi & tbordaz (Thanks!!!)
- - - - -
5cc73845 by Mark Reynolds at 2020-07-01T23:08:57-04:00
Issue 51187 - UI - stop importing Cockpit's PF css
Bug Description: Cockpit has deprecated its patternfly css, so plugins
need to provide their own.
Fix Description: Used the same process cockpit-podman used. Was able to
consolidate the our CSS files so we don't have to ship
ds.css and branding.css. This also allowed us to remove
all the ds.css imports for almost every jsx file.
Special thanks to Martin Pitt for helping with this patch!
relates: https://pagure.io/389-ds-base/issue/51187
Reviewed by: spichugi(Thanks!)
- - - - -
017fda07 by William Brown at 2020-07-03T09:24:44+10:00
Ticket 51175 - resolve plugin name leaking
Bug Description: Previously pblock.c assumed that all plugin
names were static c strings. Rust can't create static C
strings, so these were intentionally leaked.
Fix Description: Rather than leak these, we do a dup/free
through the slapiplugin struct instead, meaning we can use
ephemeral, and properly managed strings in rust. This does not
affect any other existing code which will still handle the
static strings correctly.
https://pagure.io/389-ds-base/issue/51175
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, tbordaz (Thanks!)
- - - - -
318a3ce0 by Mark Reynolds at 2020-07-08T17:01:34-04:00
Bump version to 1.4.4.4
- - - - -
c0688a06 by Barbora Smejkalova at 2020-07-14T14:34:53+02:00
Issue 50791 - Healthcheck to find notes=F
Description:
Created tests, that reproduce notes=A and notes=F in access log
and then check if healthcheck returned proper error code.
Relates: https://pagure.io/389-ds-base/issue/50791
Reviewed by: spichugi (Thanks!)
- - - - -
654d0ff2 by Simon Pichugin at 2020-07-17T01:01:45+02:00
Issue 50984 - Fix disk_mon_check_diskspace types
Description: Function parameters are inconsistence.
Documentation states that threshold should be from 0 to 2^63 - 1
so we can use uint64_t for that.
https://pagure.io/389-ds-base/issue/50984
Reviewed by: firstyear (Thanks!)
- - - - -
ffda491f by Simon Pichugin at 2020-07-20T12:47:17+02:00
Issue 49300 - entryUSN is duplicated after memberOf operation
Bug Description: When we assign a member to a group we have two
oprations - group modification and user modification.
As a result, they both have the same entryUSN because USN Plugin
assigns entryUSN value in bepreop but increments the counter
in the postop and a lot of things can happen in between.
Fix Description: Increment the counter in bepreop together with
entryUSN assignment. Also, decrement the counter in bepostop if
the failuer has happened.
Add test suite to cover the change.
https://pagure.io/389-ds-base/issue/49300
Reviewed by: tbordaz (Thanks!)
- - - - -
ed5b13ca by Mark Reynolds at 2020-07-20T09:34:54-04:00
Issue 51000 - Separate the BDB backend monitors
Bug Description: While trying to remove duplicate code from the backend
and BDB backend code, I found that we were not correctly
separating the BDB monitors from the core backend code.
Fix Description: Move all the monitor registering to the db_layer private
structure. This way we have fully isolated the monitors
for each backend implementation/library. This also removed
some duplicate code from the core backend and BDB code.
relates: https://pagure.io/389-ds-base/issue/51000
Reviewed by: spichugi(Thanks!)
- - - - -
22c51491 by Simon Pichugin at 2020-07-20T20:11:58+02:00
Issue 51059 - If dbhome directory is set online backup fails
Bug Description: If the dbhome directory is set, eg to /dev/shm/instance
then an online backup fails because it looks for the log.000000x file
in the wring diretcory.
This is hidden because the return code is overwritten before checking.
Fix Description: If dblayer_backup function fails - go to error processing
section.
https://pagure.io/389-ds-base/issue/51059
Reviewed by: mreynolds (Thanks!)
- - - - -
632a8e08 by Simon Pichugin at 2020-07-23T12:00:39+02:00
Issue 51136 - JSON Error output has redundant messages
Bug Description: When we try to start an instance for which
'systemctl start' command has failed, it produces excessive
output which is not a clear JSON.
Fix Description: Redirect stderr to stdout as we don't need
the info in CLI. User needs to check logs if something went wrong.
Add a new-line character in the end of DS CLI tool's stderr.
Clean up React state processing for setServerID callback.
https://pagure.io/389-ds-base/issue/51136
Reviewed by: mreynolds (Thanks!)
- - - - -
d5c9c4e6 by Simon Pichugin at 2020-07-24T15:30:53+02:00
Issue 51086 - Fix instance name length for interactive install
Description: Instance name lenght is not properly validated
during interactive install. Add a check during a user input.
https://pagure.io/389-ds-base/issue/51086
Reviewed by: mreynolds (Thanks!)
- - - - -
c6aae1e5 by Mark Reynolds at 2020-07-27T14:08:57-04:00
Issue 49487 - Cleanup unused code
Description: Remove unused functions and "#if 0" code blocks.
relates: https://pagure.io/389-ds-base/issue/49487
Reviewed by: firstyear(Thanks!)
- - - - -
4610b5f6 by Barbora Simonova at 2020-07-28T14:51:20+02:00
Issue 50746 - Add option to healthcheck to list all the lint reports
Description:
Created tests that run healthcheck with the new --list-errors, --list-checks and --checks options
and then check syntax of the output.
I also added log.info to the health.py::_print_checks so I could check the log output of --list-checks.
test_healthcheck_backend_missing_mapping_tree is set to run on proper version, because the bz1835619 / ds51091 is fixed.
Relates: https://pagure.io/389-ds-base/issue/50746
Relates: https://pagure.io/389-ds-base/issue/51091
Reviewed by: spichugi (Thanks!)
- - - - -
98d6c7f8 by Mark Reynolds at 2020-07-28T14:56:56-04:00
Issue 49481 - remove unused or unnecessary database plugin functions
Description: Removed some unused database plugin initializations. Also
cleaned up some of the logging in the bdb specific code
that was not using the correct function name.
Fixes: https://pagure.io/389-ds-base/issue/49481
Reviewed by: elkris, tbordaz, and firstyear (Thanks!!!)
- - - - -
b7865bf1 by Mark Reynolds at 2020-07-29T11:58:00-04:00
Issue 49487 - Restore function that incorrectly removed by last patch
Bug Description: Turns out we still need ldbm_back_entry_release() as
it's used in opshared.c, and its not trival to try and
move it into the backend code.
Fix Description: Restore ldbm_back_entry_release() and still set the
function pointer in the pblock. Also remove the unused
chaining release function. Also did code cleanup with
comments in opshared.c
relates: https://pagure.io/389-ds-base/issue/49487
Reviewed by: elkris(Thanks!)
- - - - -
2c8e3398 by Mark Reynolds at 2020-07-29T16:19:41-04:00
Issue 51129 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version
Bug Description: If you try and set the sslVersionMax higher than the
default range, but within the supported range, you
would still get an error and the server would reset
the max to "default" max value.
Fix Description: Keep track of both the supported and default SSL ranges,
and correctly use each range for value validation. If
the value is outside the supported range, then use default
value, etc, but do not check the requested range against
the default range. We only use the default range if
there is no specified min or max in the config, or if
a invalid min or max value is set in the config.
Also, refactored the range variable names to be more
accurate:
enabledNSSVersions --> defaultNSSVersions
emin, emax --> dmin, dmax
relates: https://pagure.io/389-ds-base/issue/51129
Reviewed by: firstyear(Thanks!)
- - - - -
594bf91f by Simon Pichugin at 2020-07-30T14:41:14+02:00
Issue 51222 - It should not be allowed to delete Managed Entry manually
Bug Description: It is possible to delete a managed entry and no error is raised.
Also, while doing delete or modrdn peration on a managing entry and the managed entry
doesn't exist, we should continue the operation.
Fix Description: We should put an entry struct duplicate to SLAPI_ENTRY_PRE_OP pblock
before we execute plugins PRE_OP. Also, we should allow to continue modrdn and delete
managing entry operations execution even when managed entry doesn't exists.
Allow 'cn=directory manager' to delete managed entry on direct update.
Add a test.
https://pagure.io/389-ds-base/issue/51222
Reviewed by: firstyear, tbordaz (Thanks!)
- - - - -
b1e4f5f2 by Barbora Simonova at 2020-08-03T12:51:04+02:00
Issue 51102 - RFE - ds-replcheck - make online timeout configurable
Description:
Created a sanity test to check if the newly introduced -t option
for ds-replcheck does not break anything when used with various connection mechanisms.
Relates: https://pagure.io/389-ds-base/issue/51102
Reviewed by: spichugi (Thanks!)
- - - - -
79d5f2cf by William Brown at 2020-08-05T11:10:31+10:00
Ticket 50933 - Update 2307compat.ldif
Bug Description: This resolves a potential conflict between 60nis.ldif
in freeipa and others with 2307compat, by removing the conflicting
definitions from 2307bis that were included.
Fix Description: By not including these in 2307compat, this means that
sites that rely on the values provided by 2307bis may ALSO need
60nis.ldif to be present. However, these nis values seem like they are
likely very rare in reality, and this also will avoid potential
issues with freeipa. It also is the least disruptive as we don't need
to change an already defined file, and we don't have values where the name
to oid relationship changes.
Fixes: #50933
https://pagure.io/389-ds-base/issue/50933
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
a2041151 by William Brown at 2020-08-05T11:10:31+10:00
Ticket 50933 - enable 2307compat.ldif by default
Bug Description: This patch enables 2307compat.ldif by
default.
Fix Description: This is seperate to allow a simple roll
back if required during the review/devel process.
https://pagure.io/389-ds-base/issue/50933
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks)
- - - - -
d2689280 by Barbora Simonova at 2020-08-05T12:12:14+02:00
Issue 50952 - SSCA lacks basicConstraint:CA
Description:
Created a test that checks if the certificate generated by instance
has 'category: authority' tag in trust.
Relates: https://pagure.io/389-ds-base/issue/50952
Reviewed by: spichugi (Thanks!)
- - - - -
066a7b49 by Simon Pichugin at 2020-08-06T20:42:36+02:00
Issue 50260 - Fix test according to #51222 fix
Description: Managed Entry plugin behaviour was fixed and
returned codes were cleaned up. Now we allow to continue
modrdn and delete managing entry operations execution
even when managed entry doesn't exists.
Also allow 'cn=directory manager' to delete managed entry
on direct update.
Make the updates fail using another way.
https://pagure.io/389-ds-base/issue/50260
https://pagure.io/389-ds-base/issue/51222
Reviewed by: mreynolds (Thanks!)
- - - - -
ea39a99e by Mark Reynolds at 2020-08-10T12:04:26-04:00
Issue 51233 - ds-replcheck crashes in offline mode
Bug Description: When processing all the DN's found in the Master LDIF
it is possible that the LDIF is not in the expected
order and ldifsearch fails (crashing the tool).
Fix Description: If ldifsearch does not find an entry, start from the
beginning of the LDIF and try again.
relates: https://pagure.io/389-ds-base/issue/51233
Reviewed by: spichugi(Thanks!)
- - - - -
c5b60d6d by Simon Pichugin at 2020-08-11T16:32:43+02:00
Issue 51228 - Clean up dsidm user status command
Description: ns-accountstatus.pl, ns-activate.pl and ns-inactivate.pl
were ported to lib389 CLI. The functionality was added to dsidm account/role entry-status,
dsidm account subtree-status, dsidm role lock/unlock, dsidm account lock/unlock.
Remove dsidm user status/lock/unlock commands as they are redundant.
https://pagure.io/389-ds-base/issue/50206
https://pagure.io/389-ds-base/issue/51228
Reviewed by: mreynolds (Thanks!)
- - - - -
5afcbb0d by Mark Reynolds at 2020-08-12T12:46:42-04:00
Issue 50933 - Fix OID change between 10rfc2307 and 10rfc2307compat
Bug Description: 10rfc2307compat changed the OID for nisMap objectclass to
match the standard OID, but this breaks replication with
older versions of DS.
Fix Description: Continue to use the old(invalid?) oid for nisMap so that
replication does not break in a mixed version environment.
Fixes: https://pagure.io/389-ds-base/issue/50933
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
dda3ab0d by Mark Reynolds at 2020-08-17T09:20:07-04:00
Issue 51165 - Set the operation start time for extended ops
Bug Description: Extended ops, likewhat is used in replication, were not
setting the operation start time. This caused invalid
values in the new access log keywords (wtime & optime)
Fix Description: Set the start start at the start of the extended op.
Fixes: https://pagure.io/389-ds-base/issue/51165
Reviewed by: mreynolds (one line commit rule)
- - - - -
0f1ab5f0 by Ludwig Krispenz at 2020-08-17T20:37:21+02:00
Ticket - 49562 integrate changelog database to main database
Bug description:
PHASE 2 of backend redesign:
http://www.port389.org/docs/389ds/design/integrate-changelog-database-and-backend-database.html
Mainly changelog managed its own access to the database and it uses a global
config entry (cn=changelog5,cn=config) not related to the backend/replica.
Fix description:
The fix is described in the design.
Plus:
- use-after-free (remove+add replica, set)
- various leaks (triggered with CI tests fixup-tombstone, cascading)
- Plus some changes in the CI tests
https://pagure.io/389-ds-base/issue/49562
Reviewed by: Mark Reynolds, William Brown, Thierry Bordaz
- - - - -
bf6e4866 by Thierry Bordaz at 2020-08-18T17:23:41+02:00
Ticket - 51189 integrate changelog in main database - update CLI
Bug description:
PHASE 2 of backend redesign:
http://www.port389.org/docs/389ds/design/integrate-changelog-database-and-backend-database.html
With https://pagure.io/389-ds-base/issue/49562, the changelog uses the main database.
Changelog configuration was managed with a global config entry (cn=changelog5,cn=config)
Now it is managed via a per backend config entry (cn=changelog,cn=<backend_entry>).
Some config parameters are now in the backend specific changelog entry
nsslapd-changelogmaxage
nsslapd-changelogmaxentries
nsslapd-changelogtrim-interval
Some config paramters are simply abandonned (see design):
nsslapd-changelogdir
nsslapd-changelogcompactdb-interval
Fix description:
This fix (PR) is to be applied on top of 49562
It suppressed the ablity to create/delete changelog as the changelog entry
is now created/suppressed when a backend becomes a replica or not.
subcommands to set/get changelog attributes requires a suffix (aka backend).
dsconf <inst> replication set-changelog --suffix <suffix> --trim-interval <val>
dsconf <inst> replication set-changelog --suffix <suffix> --max-age <val>
dsconf <inst> replication set-changelog --suffix <suffix> --max-entries <val>
dsconf <inst> replication get-changelog --suffix <suffix>
This patch removes the ability to restore a changelog (restore-changelog)
It implements a new 'class Changelog' to set/get the configuration attribute
of a per backend changelog
https://pagure.io/389-ds-base/issue/51189
Reviewed by: Simon Pichugin, Mark Reynolds (Big thanks)
- - - - -
d1d557ad by Simon Pichugin at 2020-08-20T10:32:59+02:00
Issue 51229 - Server Settings page gets into an unresponsive state
Bug Description: If we switch the tab in Cockpit UI and restart
the instance - we can't go back to the default tab as it's in
an unresponsive loading state.
Fix Description: Do the update on ComponentDidUpdate instead of
ComponentDidMount.
https://pagure.io/389-ds-base/issue/51229
Reviewed by: mreynolds (Thanks!)
- - - - -
b8e9773e by William Brown at 2020-08-21T10:06:56+10:00
Ticket 51177 - on upgrade configuration handlers
Bug Description: 389 to function in docker and other environments
such as restore-from-backup, needs to be able to upgrade it's configuration
on startup. This lets us ship-and-enable new features, upgrade plugins
and more (similar to libglobs upgrades)
Previously we had only basic machinery for this (IE make sure this
entry exists like this) which would always write the content. This
caused problems where plugins would re-enable on restart, or couldn't
be removed.
Fix Description: This adds an upgrade processor and an exists_or_add
so that we can do stateful creates of entries, but without trampling
user modifications IE disabling plugins.
https://pagure.io/389-ds-base/issue/51177
fixes: #51177
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, mreynolds (Thanks!)
- - - - -
cbcdf050 by William Brown at 2020-08-24T12:43:07+10:00
Ticket 51247 - Container Healthcheck failure
Bug Description: Due to human error, a change to begin_healthcheck
was overlooked that causes containers to always report an unhealthy
state.
Fix Description: Fix the use of begin_healthcheck
fixes: https://pagure.io/389-ds-base/issue/51247
fixes #51247
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
52a09ced by Simon Pichugin at 2020-08-27T15:24:48+02:00
Issue 51228 - Fix lock/unlock wording and lib389 use of methods
Descriptions: Clean up lib389 idm-account methods to presicely locate
CoS objects. Also, fix AccountPolicyEntry super() function.
Fix wording in user input requests while doing lock/unlock.
https://pagure.io/389-ds-base/issue/51228
Reviewed by: mreynolds (Thanks!)
- - - - -
3d61aafa by William Brown at 2020-08-27T23:48:20+00:00
Ticket 51177 - fix warnings
Bug Description: Humans make mistakes. A lot of mistakes. In
the commit of 51177 I made a mistake of not checking every
compiler warning, which led to a mistake that could cause
problems for others.
Fix Description: There is no fix for humans. But we can
fix the compiler warnings.
fixes #51177
https://pagure.io/389-ds-base/issue/51177
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
01d9def3 by Mark Reynolds at 2020-09-01T10:06:17-04:00
Issue 51253 - dscreate should LDAPI to bootstrap the config
Description: There are cases where DNS is not setup yet, and trying to
automate the installation fails. Using LDAPI bypasses this
issue and allows for more robust deployment options
relates: https://pagure.io/389-ds-base/issue/51253
Reviewed by: minfrin, firstyear, and tbordaz (Thanks!!!)
- - - - -
e8f06927 by Mark Reynolds at 2020-09-02T09:12:05-04:00
Issue 51121 - Remove hardcoded changelog file name
Bug Description: There are several places in the code where
the new changelog name is just a hardcoded
string. So if the name changes we will have
many places that need to be updated.
Fix Description: Use a "define" for the file name in the bdb code,
and in the changelog get get the filename from
backend ldbminfo.
Also extended the ldbminfo flags to include the
backend implementation. This will be used as
we start to need a way t odetect what database
backend is in use.
relates: https://pagure.io/389-ds-base/issue/51121
Reviewed by: firstyear(Thanks!)
- - - - -
f9638bbd by Thierry Bordaz at 2020-09-09T10:40:10+02:00
Ticket 51190 - SyncRepl plugin provides a wrong cookie
Bug description:
A sync repl thread is similar to persistent search thread.
The server is communicating with the sync repl thread with
an ordered queue of updates.
Updates are written in the queue by post op callbacks.
Sync repl thread waits/reads the queue, retrieve the updates
from the retroCL, checks if target entry matches the
request (scope/filter) and send back the entry/update to
the sync repl client.
Several issues regarding the way order of the updates in
the queue:
(1) When an update generates nested updates (automemeber,
memberof,...) the order of the updates in the queue is
not following the order of applied updates. The consequence
is that the cookie (containing the update nubmer) can be wrong.
It can contains jumps, disorder and invalid number (-1).
When an update fails (nested or primary update), none of the
updates should be pushed to sync_repl queue
(2) The plugin callback on updates are POSTOP, so if there are
two direct updates, there is a possibility that the callback
of the second update (and its nested updates) are enqueued
before the first update. In such case the sync_repl thread
may skip some updates and/or fail to retrieve update from
retroCL (cookie.update_no=-1)
Fix description:
The fix does
(1) implements a pending list of updates (in the thread
private space "get_thread_primary_op").
The first in the pending list is the primary update then
the others are the nested updates.
A new operation (betxn_preop) registers the operation at
the end of the pending list with the state OPERATION_PL_PENDING.
It requires to registers new callbacks (sync_betxn_preop_init)
During be_postop (see below) callbacks flags the pending
updates as OPERATION_PL_SUCCEEDED or OPERATION_PL_FAILED
depending on the operatione result.
When no more pending updates are OPERATION_PL_PENDING,
then depending of the result of the primary update
(OPERATION_PL_SUCCEEDED or OPERATION_PL_FAILED) the
updates are moved to the sync_repl queue.
(2) The postop plugin callbacks are now be_postop
https://pagure.io/389-ds-base/issue/51190
Reviewed by: Mark Reynolds, Simon Pichugin, William Brown (Thanks)
Platforms tested: F31
- - - - -
26254f33 by Timo Aaltonen at 2020-09-14T13:58:31+03:00
watch: Update upstream git repo url.
- - - - -
d87aa88b by Timo Aaltonen at 2020-09-14T14:04:19+03:00
Merge branch 'upstream'
- - - - -
49d9c6c7 by Timo Aaltonen at 2020-09-14T14:10:24+03:00
bump the version
- - - - -
0d1ac8ab by Simon Pichugin at 2020-09-17T16:34:52+02:00
Issue 4327 - Update issue templates and README.md
Description: GitHub creates it's issue templates directly in the repo..
Create a bug report and feature request templates.
Update README.md
Reviewed by: Firstyear (Thanks!)
Fixes: #4327
- - - - -
f41fc384 by Antonio Navarro at 2020-09-17T16:38:50+02:00
Issue 4322 - Updates old reference to pagure issue (#4321)
Description: Updates old reference to Pagure issue
(docker/README.md ' was fixed by @antonionc)
The rest is done by @droideck:
Change reference from the old Pagure issue to the corresponding GitHub issue
Fix all Pagure references and improve guides.
Co-authored-by: Simon Pichugin <spichugi at redhat.com>
Reviewed by: Firstyear (Thanks!)
Fixes: #4322
- - - - -
00d08139 by tbordaz at 2020-09-21T08:28:38+02:00
Issue 4319 - Performance search rate: listener may be erroneously waken up (#4323)
Bug description:
A worker thread usually wakes up the listener when it has completed
reading the operation from the operation.
In addition upon exceptional event (timeout while reading op or
max thread per connection), it sets a local flag (need_wakeup) and
wakes the listener.
The problem is that it does not reset the flag after wake up. So
for any further operation (on any operation) it will trigger this
additional wake up.
This triggers a write syscall and wakes up listener for nothing.
This impacts througput by ~2%
Fix description:
reset the need_wakeup after signal_listner
relates: https://github.com/389ds/389-ds-base/issues/4319
Reviewed by: William Brown, Mark Reynolds (thanks !!)
Platforms tested: F31, RHEL8.3
- - - - -
99853049 by Timo Aaltonen at 2020-09-22T09:00:12+03:00
control: Add python3-dateutil to build-depends.
- - - - -
59af6ae4 by Timo Aaltonen at 2020-09-22T09:05:44+03:00
copyright: Drop duplicate globbing patterns.
- - - - -
05ae503b by Timo Aaltonen at 2020-09-22T09:12:20+03:00
lintian: Drop obsolete overrides.
- - - - -
a382e5fd by Timo Aaltonen at 2020-09-22T09:19:12+03:00
postinst: Drop obsolete rule to upgrade the instances.
- - - - -
8d01d3a6 by Timo Aaltonen at 2020-09-22T09:23:15+03:00
prerm: Use dsctl instead of remove-ds.
- - - - -
583b0f85 by Timo Aaltonen at 2020-09-22T09:23:48+03:00
releasing package 389-ds-base version 1.4.4.4-1
- - - - -
ff6e8523 by Simon Pichugin at 2020-09-22T13:23:47+02:00
Issue 4322 - Fix a source link (#4332)
Description: Source0 should point to a local file instead of
a remote URL. We use it for testing/development only so
there is no need in external links.
Reviewed by: @Firstyear (Thanks!)
Fixes: #4322
- - - - -
787dfa11 by Mark Reynolds at 2020-09-22T11:34:38-04:00
Issue 4209 - RFE - add bootstrap credentials to repl agreement
Description: When using Bind DN Groups for a replication agreement
authentication there are cases where the group is not
present, or is outdated. In such cases having bootstrap
credentials can allow replication to start working again.
New replication sessions will always try and use the
default credentials first.
relates: https://github.com/389ds/389-ds-base/issues/4209
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
a16d9c14 by Mark Reynolds at 2020-09-22T11:34:38-04:00
Issue 4209 - RFE - add bootstrap credentials to repl agreement
Description: When using Bind DN Groups for a replication agreement
authentication there are cases where the group is not
relates: https://github.com/389ds/389-ds-base/issues/4209
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
19c27490 by Mark Reynolds at 2020-09-22T11:34:38-04:00
Issue 4209 - RFE - add bootstrap credentials to repl agreement (UI update)
Description: Add replication bootstrap settings to the UI.
relates: https://github.com/389ds/389-ds-base/issues/4209
Reviewed by: tbordaz & firstyear(Thanks!)
- - - - -
1dbb69ba by Mark Reynolds at 2020-09-22T11:34:38-04:00
Issue 4209 - RFE - add bootstrap credentials to repl agreement (upgrade update)
Description: Add an upgrade function to add the new bootstrap password
attribute to the AES reversible password plugin.
relates: https://github.com/389ds/389-ds-base/issues/4209
Reviewed by: tbordaz & firstyear (Thanks!!)
- - - - -
d98428a7 by Firstyear at 2020-09-23T09:19:34+10:00
Ticket 4326 - entryuuid fixup did not work correctly (#4328)
Bug Description: due to an oversight in how fixup tasks
worked, the entryuuid fixup task did not work correctly and
would not persist over restarts.
Fix Description: Correctly implement entryuuid fixup.
fixes: #4326
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (thanks!)
- - - - -
e51d2d62 by Mark Reynolds at 2020-09-22T19:35:44-04:00
Issue 4258 - Add server version information to UI
Description: Add the server's version number to the server configuration
page.
Fixes: https://github.com/389ds/389-ds-base/issues/4258
Reviewed by: firstyear(Thanks!)
- - - - -
089c1d58 by Simon Pichugin at 2020-09-24T10:25:04+02:00
Issue 3996 - Add dsidm rename option (#4338)
Description: Add rename option to dsidm CLI.
user, group, posixgroup, organizationalunit - rename by rdn.
account, role - rename by dn.
Set Account._protected = False by default so we can run
rename and delete operations.
Fix typos in dsidm CLI code.
Reviewed by: @mreynolds389 and @Firstyear (Thanks!!)
Fixes: #4127
Fixes: #3996
- - - - -
3a643dc8 by Mark Reynolds at 2020-09-24T12:29:52-04:00
Issue 4342 - UI - additional fixes for creation instance modal
Description: In the instance creation modal there is an incorrect warning
about the port number range. It should state valid port numbers
are between 1 and 65535. The root DN character validation allows
non ascii as the first characters after the "=". And we are not
forewarning about the instance name length if it is greater than
80 characters
Fixes: https://github.com/389ds/389-ds-base/issues/4342
Reviewed by: spichugi(Thanks!)
- - - - -
df3a5127 by sgouvern at 2020-09-28T10:09:18+10:00
Description: (#4325)
Automated tests to verify that
- db2ldif exits properly when the ldif file path provided cannot be accessed
- a usefull error message is displayed as output when the ldif file cannot be accessed
Relates: https://github.com/389ds/389-ds-base/issues/4241
Relates: https://github.com/389ds/389-ds-base/issues/4278
Reviewed by: Bsimonova, Firstyear. Thanks !
- - - - -
f6799c27 by Firstyear at 2020-09-30T11:35:20+10:00
Ticket 4345 - import self sign cert doc comment (#4346)
Bug Description: It was raised that the doc comment with TLS
and self sign cert could be confusing and if disabled it was
not clear how to enable TLS later.
Fix Description: Improve the doc comment with examples.
fixes: #4345
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
dc905d22 by Firstyear at 2020-10-02T07:55:58+10:00
Ticket 4351 - improve generated sssd.conf output (#4354)
Bug Description: There were some subtle issues in the sssd.conf
generator. When no group was specified, we'd generate an invalid
config. When the config used ldapi, it may not work on remote
servers.
Fix Description: When the uri is ldapi, emit a warning for
this parameter to be reviewed. When ldap filter is none
provide the example as commented out.
fixes: #4351
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
7275ce97 by Firstyear at 2020-10-02T08:09:22+10:00
Ticket 4350 - dsrc should warn when tls_cacertdir is invalid (#4353)
Bug Description: When the cacertdir is not a directory
or does not exist we should warn that this is not valid
and provide recification steps.
Fix Description: Check if the path exists or is a directory
and report this, along with steps on how to run c_rehash
fixes: #4350
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
bf5a79c6 by tbordaz at 2020-10-02T12:03:12+02:00
Issue 4297- On ADD replication URP issue internal searches with filter containing unescaped chars (#4355)
Bug description:
In MMR a consumer receiving a ADD has to do some checking based on basedn.
It checks if the entry was a tombstone or if the conflicting parent entry was a tombstone.
To do this checking, URP does internal searches using basedn.
A '*' (ASTERISK) is valid in a RDN and in a DN. But using a DN in an assertionvalue of a filter, the ASTERISK needs to be escaped else the server will interprete the filtertype to be a substring. (see
https://tools.ietf.org/html/rfc4515#section-3)
The problem is that if a added entry contains an ASTERISK in the DN, it will not be escaped in internal search and trigger substring search (likely unindexed).
Fix description:
escape the DN before doing internal search in URP
Fixes: #4297
Reviewed by: Mark Reynolds, William Brown, Simon Pichugi (thanks !)
Platforms tested: F31
- - - - -
4f25c850 by Firstyear at 2020-10-06T08:15:01+10:00
Ticket 4347 - log when server requires a restart for a plugin to become active (#4352)
Bug Description: When testing another feature, user confusion was experienced
while enabling a plugin. This was due to a misunderstanding about dynamic
plugins and when and how they take effect.
Fix Description: When dynamic plugins are NOT enabled, and an attempt
is made to enable a plugin, clearly log that we require a restart of
the server for this functionality to become active.
fixes: #4347
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389 (Thanks!)
- - - - -
db7d98c3 by Firstyear at 2020-10-06T12:41:00+10:00
Ticket 4350 - One line, fix invalid type error in tls_cacertdir check (#4358)
Bug Description: When the tls_cacertdir parameter was not
present os.path fails with None not a str.
Fix Description: Check if the path is None
fixes: #4350
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
b7ad38a6 by Barbora Simonova at 2020-10-06T11:04:00+02:00
Issue 4348 - Add tests for dsidm
Description:
Created tests for dsidm client_config option and enhanced
the src/lib389/lib389/cli_idm/client_config.py so the output gets caught
to a log file and can be compared.
Also modified the dbgen_test.py, because the check_value_in_log_and_reset() function
provided a fake value in the log file. So in case something failed and the original value
was not in the output, the test would find the value in "Check that {} is present" line
and therefore it would not fail.
Fixes: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: Firstyear, droideck (Thanks!)
- - - - -
54b54423 by Mark Reynolds at 2020-10-06T10:17:37-04:00
Issue 4360 - password policy max sequence sets is not working as expected
Description: password max sequence sets: "123--123" are not being correctly
detected. This is due to an uninitialized char array
Relates: https://github.com/389ds/389-ds-base/issues/4360
Reviewed by: mreynolds (one line commit rule)
- - - - -
7cb9a635 by Simon Pichugin at 2020-10-08T19:18:24+02:00
Issue 4265 - UI - Make the secondary plugins read-only (#4364)
Description: As some of the changes may break the server.
We should make all the plugins in the UI Plugins table read-only.
Only the ones in the left column should editable.
The change is only for UI.
Fixes: #4265
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
aaaaaf50 by Mark Reynolds at 2020-10-08T19:31:56-04:00
Issue 4366 - lib389 - Fix account status inactivity checks
Bug Description: When we converted the entries lastLoginAttr to epoch seconds
the function was not converting it correctly, and the value
was off by quite a bit. This caused the CLI tools to potentially
report the wrong status of the entry.
Fix Description> First the times from the entry are gmtime, not local. So
instead of grabbing the current local time, we need to grab
the current gmtime. Second, the function that converts a
generalized time to epoch seconds is not working. So that
was reworked to generate the correct epoch value.
relates: https://github.com/389ds/389-ds-base/issues/4366
Reviewed by: firstyear(Thanks!)
- - - - -
a931061e by Mark Reynolds at 2020-10-08T19:37:15-04:00
Issue 4368 - ds-replcheck crashes when processing glue entries
Bug Description: When processing glue entries on the replica the tool
can crash by dereferencing a None variable.
Fix Description: Properly check the replica result entry for what type
of entry it is, and ten properly handle it if it is
a glue entry.
relates: https://github.com/389ds/389-ds-base/issues/4368
Reviewed by: firstyear(Thanks!)
- - - - -
f7ecbf85 by Firstyear at 2020-10-09T10:34:30+10:00
Issue 4361 - RFE - add - dscreate --advanced flag to avoid user confusion
Bug Description: It has been noticed in a few seperate reports that
certain options in the dscreate template can cause confusion. This
is because when presented with the options, people may attempt to
tweak or change settings to "customise" them, without fully
understanding the impact.
Fix Description: Distinguish common options from developer-only
advanced options in the template with the --advanced flag.
fixes: #4361
Author: William Brown <william at blackhats.net.au>
Review by: @droideck @mreynolds389 thanks!
- - - - -
90048526 by Firstyear at 2020-10-12T07:54:01+10:00
Issue 4334 - RFE - Task timeout may cause larger dataset imports to fail (#4359)
Bug Description: The task.wait() function had a hardcoded timeout
and no method to "disable" that check. This could cause very large
databases to fail to import.
Fix Description: Support timeout=None, which allows the task to
take 'infinite' time. Additionally, this provides a warning that
this is occuring.
fixes: #4334
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck (thanks!)
- - - - -
ffc5982b by Firstyear at 2020-10-13T08:14:26+10:00
Issue 4372 - BUG - Chaining DB did not validate bind mech parameters (#4374)
Bug Description: Chaining DB did not validate the content of bind mech.
When combined with an ambiguous help string, this caused users to set
blank/empty strings into the chaining db config, that would not auth
correctly to the tarcet.
Fix Description: The chaining DB should strictly enforce the incoming
values that are set. The help in dsconf should be explicit about what
values are supported and how they are set.
fixes: #4372
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (thanks!)
- - - - -
7fd97b1d by Simon Pichugin at 2020-10-13T14:04:55+02:00
Issue 3555 - Fix npm audit issues (#4370)
Description: Update dependencies which have vulnarabilities
and remove unused deps:
- eonasdan-bootstrap-datetimepicker;
- react-ellipsis-with-tooltip;
- recompose;
Relates: #3555
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
43c69156 by tbordaz at 2020-10-15T11:57:56+02:00
Issue 4329 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber (#4356)
Bug description:
In persist mode, sync_repl sends a matching updated entry with a sync state control
containing a cookie. The cookie contains the changenumber related to the updated entry.
If several consecutive updates targets the same entry, sync_repl will send for each
update the same changenumber (the first of the set of updates).
changenumber will resync as soon as another entry is sent.
The reason why sync_repl sends several time the same entry is that the internal
search looks for '(changenumber >= cookie_changenumber)' rather than
'(changenumber > cookie_changenumber)'.
Fix description:
Change the filter to look for the next changenumber
Fixes: #4329
Reviewed by: William Brown, Simon Pichugi
Platforms tested: F31, F33
- - - - -
b8b16914 by tbordaz at 2020-10-15T16:59:56+02:00
Issue 4379 - allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service (#4380)
Bug description:
The fix #3028 enforces a strict limit of empty attributeDescription.
The limit is low (1) and some application may failing.
We can relax this limit to a higher value without reopening DOS risk
Fix description:
Change the max authorized empty attributesDescription from 1 to 10
relates: https://github.com/389ds/389-ds-base/issues/4379
Reviewed by: Mark Reynolds
Platforms tested: F31
- - - - -
141a5145 by Mark Reynolds at 2020-10-16T10:58:00-04:00
Issue 4159 - Healthcheck code DSBLE0002 not returned on disabled suffix
Bug Description: The healthcheck tool was actually crashing when a suffix
was disabled. We also were not correctly processing
DSLdapObjects, where we would run all the lint tests
even though we only asked to run one specific lint test..
Fix Description: Make healthcheck more robust to handle exceptions. Fix
the processing of DSLdapObjects by passing in the lint
function name to DSLint().
Also added the health "check" that triggered the issue
to the final report so you know which exact test to rerun.
Fixes: https://github.com/389ds/389-ds-base/issues/4159
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
9cfb5751 by Mark Reynolds at 2020-10-19T12:11:08-04:00
Issue 4176 - import ldif2cl task should not close all changelogs
Bug Description: With the new per-backend replication changelog, the
ldif2cl task would incorrectly close all the backends.
Fix Description: First, the global changelog struct (s_cl5Desc) was
completely removed and merged with the replica changelog
db handle struct. The dbState variable is used to
sychronize access to the changelog db struct during
shutdown, or ldif2cl tasks.
The CLI was updated to handle setting changelog encryption,
and importing/restoring a changelog ldif.
The UI was updated to handle the new per-backlend changelog
and its configuration. Also added the option to
export/import the changelog and its various forms.
Fixes: https://github.com/389ds/389-ds-base/issues/4176
Reviewed by: tbordaz, firstyear, and elkris (Thanks!!!)
Remove unneeded LMDB changelog file name
Apply requested changes
Fix dbscan, adjust changelog format v6, and other cleanup...
Prepare the CLI for changelog export/import
- - - - -
0a902cc8 by Firstyear at 2020-10-20T12:04:51+10:00
Issue #3600 - RFE - openldap migration tooling (#4318)
Bug Description: A large number of enterprise customers are interested
to move from OpenLDAP to 389 Directory Server. As this can be a
difficult process, there are many parts that we can automate to make
the process smoother, and to provide other information to assist
admins in a successful migration.
Fix Description: This adds the openldap_to_ds command, which given
a backup of an OpenLDAP and it's configuration, is able to partially
migrate the content and plugins to a running instance. Additionally
this is able to provide a checklist of other migration tasks that
may require administrator action and management.
fixes: #3600
Author: William Brown <william at blackhats.net.au>
Review by: @droideck @mreynolds389 (Thanks!)
- - - - -
d2c285f0 by Jamie Chapman at 2020-10-20T15:00:27+01:00
Issue 1199 - Misleading message in access log for idle timeout (#4385)
Issue 1199 - Misleading message in access log for idle timeout
Description: Update timeout error code in daemon.
Add extra detail to idle and IO timeout error messaging.
Typo in logconv.pl
Relates: #1199
Reviewed by: mreynolds389, droideck, Firstyear (Thanks folks)
- - - - -
95653e74 by Simon Pichugin at 2020-10-20T18:49:37+02:00
Issue 4295 - Fix a closing quote issue (#4386)
Description: The "details" keyword in the access log does not have
a closing quote.
The issue happens because the quote was set in the wrong place.
Fixes: #4295
Reviewed by: @mreynolds389
- - - - -
d5c5097b by Mark Reynolds at 2020-10-20T14:54:54-04:00
Issue 4389 - errors log with incorrectly formatted message parent_update_on_childchange
Description: The arguemtns were incorrect for the logging line
Fixes: https://github.com/389ds/389-ds-base/issues/4389
Reviewed by: mreynolds(one line commit rule)
- - - - -
266d8780 by Mark Reynolds at 2020-10-21T17:07:13-04:00
Issue 2526 - suffix management in backends incorrect
Description: Previously the server used to support mutliple suffixes per backend
and the server had to maintain and check a be list of suffixes.
However, this is no longer supported, so all of this code can be
cleaned up to support a single suffix per backend.
Also added a check that when creating a mapping tree entry, that the
backend entry must already exist and match the suffix.
Relates: https://github.com/389ds/389-ds-base/issues/2526
Reviewed by: firstyear(Thanks!)
- - - - -
8742f657 by Akshay Adhikari at 2020-10-22T08:48:14+02:00
Issue 2820 - Fix CI tests (#4365)
Issue 2820 - Fix CI tests
Bug Description: tickets/ticket47973_test.py test had failures in CI nightly runs
Fix Description: Fix the failure and also change the code to use DSLdapObject.
Move the code into the schema test suite.
Replace legacy objects from the whole test
Relates: #2820
Reviewed by: Simon(droideck)
- - - - -
1f5aecb5 by Mark Reynolds at 2020-10-22T09:46:03-04:00
Issue 4392 - Update create_test.py
Description: Remove the unnecessary DEBUGGING logger code
Fixes: https://github.com/389ds/389-ds-base/issues/4392
Reviewed by: firstyear & spichugi (Thanks!!)
- - - - -
fbb54a7f by tbordaz at 2020-10-23T10:34:02+02:00
Issue 4363 - Sync repl: per thread structure was incorrectly initialized (#4395)
Bug description:
A per thread structure should be allocated once, either on get/set.
Currently it is allocated on the primary operation and free when
the primary operation is completed.
Fix description:
The per thread structure is now a HEAD structure.
The HEAD is the where the primary operation is referenced when
the operation starts and where it is reset when the primary operation ends
(pushed to the sync_repl thread)
relates: https://github.com/389ds/389-ds-base/issues/4363
Reviewed by: Mark Reynolds
Platforms tested: F31, F33
- - - - -
e227c5be by Mark Reynolds at 2020-10-25T12:49:54-04:00
Issue 2526 - revert API change in slapi_be_getsuffix()
Description: The public slapi API was changed in the previous commit and
this broke several other projects using 389 DS. This patch
restore the API, but it ignores the unused value:
const Slapi_DN *slapi_be_getsuffix(Slapi_Backend *be, int unused);
Relates: https://github.com/389ds/389-ds-base/issues/2526
Reviewed by: mreynolds
- - - - -
a2584e1d by Mark Reynolds at 2020-10-26T09:08:00-04:00
Issue 4262 - Remove legacy tools subpackage
Description: Remove all the legacy tool scripts, libraries, and obsolete files
Relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by: viktor & firstyear (Thanks!!)
Apply Viktor's suggestions
- - - - -
06ff5b77 by Mark Reynolds at 2020-10-26T11:42:46-04:00
Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install)
Description: Update specfile to restart instances after installing new rpm
Relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by: viktor(Thanks!)
- - - - -
60412d96 by Mark Reynolds at 2020-10-26T16:31:30-04:00
Issue 4262 - Remove legacy tools subpackage (final cleanup)
Description: Found a few more cleanup issues with removing perl.
Relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by: spichugi(Thanks!)
- - - - -
f030cf88 by Mark Reynolds at 2020-10-26T21:45:30-04:00
Bump version to 1.4.4.6
- - - - -
67c8b870 by Mark Reynolds at 2020-10-27T13:58:01-04:00
Issue 2526 - retrocl backend created out of order
Bug Description: A recent change verified that you do not create
a mappingtree entry before the backend entry was
created. The server created the retrocl backend
in the opposite order which broke the retrocl.
Fix Description: Create the retrocl backend entry before creating
the mapping tree entry.
Relates: https://github.com/389ds/389-ds-base/issues/2526
Reviewed by: viktor(Thanks!)
- - - - -
b45df8df by Mark Reynolds at 2020-10-28T09:02:26-04:00
Issue 4262 - more perl removal cleanup
Description: Removed the remaining "enabled_perl" code.
Relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by: viktor(Thanks!)
- - - - -
5c25c06c by Mark Reynolds at 2020-10-28T09:43:51-04:00
Bump version to 1.4.5.0
- - - - -
fa6e1aa2 by Mark Reynolds at 2020-10-28T09:59:15-04:00
Issue 2526 - revert backend validation check
Description: Other projects are creating backends out of order, so
the previous patch was breaking these projects. Reverting
the valdiation check in 1.4.4, but leaving it in 1.4.5 (F34)
where we will fix the other projects for F34.
Relates: https://github.com/389ds/389-ds-base/issues/2526
Reviewed by: mreynolds
- - - - -
60a2429e by Mark Reynolds at 2020-10-28T10:46:31-04:00
Bump version to 1.4.4.7
- - - - -
cdaa81c5 by Mark Reynolds at 2020-10-29T23:07:40-04:00
Bump version to 2.0.0
- - - - -
db655bbe by Firstyear at 2020-11-02T09:14:25+10:00
Issue 4403 RFE - OpenLDAP pw hash migration tests (#4408)
Bug Description: As we want to support openldap to 389 password migration,
we should check if we allow accounts to continue to bind. This involves
testing different openldap authentication schemes to determine if they
work.
Fix Description: Add tests for different password and contrib password
types that are supported in openldap.
fixes: #4403
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @progier389 (Thanks!)
- - - - -
013ea7dd by progier389 at 2020-11-03T12:18:50+01:00
ticket 2058: Add keep alive entry after on-line initialization - second version (#4399)
Bug description:
Keep alive entry is not created on target master after on line initialization,
and its RUVelement stays empty until a direct update is issued on that master
Fix description:
The patch allows a consumer (configured as a master) to create (if it did not
exist before) the consumer's keep alive entry. It creates it at the end of a
replication session at a time we are sure the changelog exists and will not
be reset. It allows a consumer to have RUVelement with csn in the RUV at the
first incoming replication session.
That is basically lkrispen's proposal with an associated pytest testcase
Second version changes:
- moved the testcase to suites/replication/regression_test.py
- set up the topology from a 2 master topology then
reinitialized the replicas from an ldif without replication metadata
rather than using the cli.
- search for keepalive entries using search_s instead of getEntry
- add a comment about keep alive entries purpose
last commit:
- wait that ruv are in sync before checking keep alive entries
Reviewed by: droideck, Firstyear
Platforms tested: F32
relates: #2058
- - - - -
4cc9b104 by Mark Reynolds at 2020-11-03T08:02:45-05:00
Issue 4176 - CL trimming causes high CPU
Bug Description: The changelog trimming switched to using pthread_cond_timedwait()
instead of NSPR, but the relative time was used for the wait time
instead of the absolute time. This caused it to basically not
wait at all and consume all the CPU.
Fix Description: Use the absolute(monotonic) time for the condition wait time.
Relates: https://github.com/389ds/389-ds-base/issues/4176
Reviewed by: progier(Thanks!)
- - - - -
c4b1be45 by Mark Reynolds at 2020-11-03T08:03:29-05:00
Issue 4176 - CL trimming causes high CPU
Bug Description: The changelog trimming switched to using pthread_cond_timedwait()
instead of NSPR, but the relative time was used for the wait time
instead of the absolute time. This caused it to basically not
wait at all and consume all the CPU.
Fix Description: Use the absolute(monotonic) time for the condition wait time.
Relates: https://github.com/389ds/389-ds-base/issues/4176
Reviewed by: progier(Thanks!)
- - - - -
5b0cbddc by sgouvern at 2020-11-03T14:32:06+01:00
Issue 4218 - Verify the new wtime and optime access log keywords (#4397)
Description: Add a test case to dirsrvtests/tests/suites/ds_logs/ds_logs_test.py:
test_optime_and_wtime_keywords. It tests that the new optime and wtime keywords
are present in the access log and have correct values
Also, adapt test_etime_order_of_magnitude adapted to the new RESULT string format
in the access log
Relates: #4218
Reviewed by: @droideck, @Firstyear (Thanks!)
- - - - -
bc92c17b by tbordaz at 2020-11-03T17:33:31+01:00
Issue 4391 - DSE config modify does not call be_postop (#4394)
Bug description:
During a DSE modify, be_preop callback are called. But be_postop callback are called at the condition
dse_call_callback is different that SLAPI_DSE_CALLBACK_DO_NOT_APPLY.
This should systematically call be_postop if be_preop were called.
In addition postop_modify_config_dse returning an invalid rc, systematically prevents DSE modify to call be_postop
Fix description:
The required bug fix is that dse_callback need to return SLAPI_DSE_CALLBACK* not ldap rc.
Also in case of vlv config (SLAPI_DSE_CALLBACK_DO_NOT_APPLY) if preop were called
it requires to call the postop.
In dse_modify, rc is used for dse_call_callback() (returns SLAPI_DSE_CALLBACK*)
but also for plugin_call_plugin (returns SLAPI_PLUGIN_*). Those rc are not compatible
and although the code works to help maintenance use 'plugin_rc' instead of 'rc'.
relates: https://github.com/389ds/389-ds-base/issues/4391
Reviewed by: William Brown, Simon Pichugin (thanks !)
Platforms tested: F31
- - - - -
7cb5c920 by Mark Reynolds at 2020-11-03T13:42:29-05:00
Issue 4420 - change NVR to use X.X.X instead of X.X.X.X
Description: Start using 389-ds-base-2.0.0 instead of 389-ds-base-2.0.0.0
Fixes: https://github.com/389ds/389-ds-base/issues/4420
Reviewed by: mreynolds (one line commit rule)
- - - - -
b557f5da by Mark Reynolds at 2020-11-03T13:43:44-05:00
Bump version to 2.0.1
- - - - -
04ba05e0 by Mark Reynolds at 2020-11-03T17:23:22-05:00
Issue 4415 - unable to query schema if there are extra parenthesis
Bug Description: When a client does a schema lookup in lib389 asking
for theresult in JSON, the X-ORIGIN is not correctly
parsed if it contains an extra parenthesis
Fix Description: When parsing between the X-ORIGIN encapsulating parenthesis
find the right most match, not the first match.
Relates: https://github.com/389ds/389-ds-base/issues/4415
Reviewed by: spichugi(Thanks!)
- - - - -
264f173a by Mark Reynolds at 2020-11-03T17:25:19-05:00
Issue 4415 - unable to query schema if there are extra parenthesis
Bug Description: When a client does a schema lookup in lib389 asking
for theresult in JSON, the X-ORIGIN is not correctly
parsed if it contains an extra parenthesis
Fix Description: When parsing between the X-ORIGIN encapsulating parenthesis
find the right most match, not the first match.
Relates: https://github.com/389ds/389-ds-base/issues/4415
Reviewed by: spichugi(Thanks!)
- - - - -
bf454ad0 by Mark Reynolds at 2020-11-07T22:33:31-05:00
Bump version to 1.4.4.8
- - - - -
a2c7e50b by Kazım SARIKAYA at 2020-11-08T14:48:49-05:00
build problems at alpine linux
- - - - -
c3bdb443 by Firstyear at 2020-11-09T10:55:47+10:00
Issue 4407 RFE - remove http client and presence plugin (#4409)
Bug Description: The presence plugin has been disabled for a long
time and relates to a defunct IM project. This also had a HTTP client
that we no longer use in any capacity, but was enabled by default.
Fix Description: This removes the two un-used plugins, and adds
handlers to allows deny-listing of the plugins to prevent them being
loaded.
fixes: #4407
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389 (Thanks!)
- - - - -
ca8ac8ec by Simon Pichugin at 2020-11-09T11:43:04+01:00
Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422)
Description: In dsconf CLI, make it possible to create SSLCLIENTAUTH
bind method agreement without specifying bind dn (--bind-dn) and
the password (--bind-passwd).
Fixes: #4412
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
6e1b7b9d by Simon Pichugin at 2020-11-09T11:46:55+01:00
Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422)
Description: In dsconf CLI, make it possible to create SSLCLIENTAUTH
bind method agreement without specifying bind dn (--bind-dn) and
the password (--bind-passwd).
Fixes: #4412
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
f1285d78 by tbordaz at 2020-11-10T19:36:50+01:00
Issue 4391 - DSE config modify does not call be_postop (#4394)
Bug description:
During a DSE modify, be_preop callback are called. But be_postop callback are called at the condition
dse_call_callback is different that SLAPI_DSE_CALLBACK_DO_NOT_APPLY.
This should systematically call be_postop if be_preop were called.
In addition postop_modify_config_dse returning an invalid rc, systematically prevents DSE modify to call be_postop
Fix description:
The required bug fix is that dse_callback need to return SLAPI_DSE_CALLBACK* not ldap rc.
Also in case of vlv config (SLAPI_DSE_CALLBACK_DO_NOT_APPLY) if preop were called
it requires to call the postop.
In dse_modify, rc is used for dse_call_callback() (returns SLAPI_DSE_CALLBACK*)
but also for plugin_call_plugin (returns SLAPI_PLUGIN_*). Those rc are not compatible
and although the code works to help maintenance use 'plugin_rc' instead of 'rc'.
relates: https://github.com/389ds/389-ds-base/issues/4391
Reviewed by: William Brown, Simon Pichugin (thanks !)
Platforms tested: F31
- - - - -
f8a424f1 by Mark Reynolds at 2020-11-11T22:01:18-05:00
Issue 4429 - NULL dereference in revert_cache()
Bug Description: During a delete, if the DN (with an escaped leading space)
of an existing entry fail to parse the server will revert
the entry update. In this case it will lead to a crash
becuase ther ldbm inst struct is not set before it attempts
the cache revert.
Fix Description: Check the the ldbm instance struct is not NULL before
dereferencing it.
Relates: https://github.com/389ds/389-ds-base/issues/4429
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
32f30f26 by Mark Reynolds at 2020-11-11T22:01:55-05:00
Issue 4429 - NULL dereference in revert_cache()
Bug Description: During a delete, if the DN (with an escaped leading space)
of an existing entry fail to parse the server will revert
the entry update. In this case it will lead to a crash
becuase ther ldbm inst struct is not set before it attempts
the cache revert.
Fix Description: Check the the ldbm instance struct is not NULL before
dereferencing it.
Relates: https://github.com/389ds/389-ds-base/issues/4429
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
a924b551 by Barbora Simonova at 2020-11-12T10:05:03+01:00
Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked'
Description:
Created a test to verify bz1862971, because the status,lock and unlock options
were moved from dsidm user to dsidm account. The rest of the tests for dsidm will soon follow
so I have created helper functions for next tests.
Relates: https://github.com/389ds/389-ds-base/issues/4281
Relates: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: droideck, Firstyear (Thanks!)
- - - - -
99462bbf by tbordaz at 2020-11-12T11:52:38+01:00
Issue 4316 - performance search rate: useless poll on network send callback (#4424)
Bug description:
When sending back result/entries, DS first poll the connection to check
it is able to write data on the socket. Then it writes the data.
The purpose of the poll is to handle ioblocktimeout.
The problem is that most of the time, the socket will process the write
without any issue so it is useless to poll before the write.
Fix description:
The fix is try write first. It polls for ioblocktimeout
only if the write fails
relates: https://github.com/389ds/389-ds-base/issues/4316
Reviewed by: William Brown (thanks!)
Platforms tested: F31
- - - - -
0dbdc110 by tbordaz at 2020-11-12T12:06:15+01:00
Issue 4316 - performance search rate: useless poll on network send callback (#4424)
Bug description:
When sending back result/entries, DS first poll the connection to check
it is able to write data on the socket. Then it writes the data.
The purpose of the poll is to handle ioblocktimeout.
The problem is that most of the time, the socket will process the write
without any issue so it is useless to poll before the write.
Fix description:
The fix is try write first. It polls for ioblocktimeout
only if the write fails
relates: https://github.com/389ds/389-ds-base/issues/4316
Reviewed by: William Brown (thanks!)
Platforms tested: F31
- - - - -
dfa685fa by Timo Aaltonen at 2020-11-12T14:03:41+02:00
Merge branch 'upstream'
- - - - -
1d72e02b by Timo Aaltonen at 2020-11-12T14:38:34+02:00
bump the version
- - - - -
2a1e98e8 by Timo Aaltonen at 2020-11-12T14:47:57+02:00
fix-systemctl-path.diff, drop-old-man.diff: Dropped, obsolete.
- - - - -
9743270e by Timo Aaltonen at 2020-11-12T15:26:40+02:00
fix-prlog-include.diff: Fix build by dropping nspr4/ prefix.
- - - - -
7d2f4f67 by Timo Aaltonen at 2020-11-12T15:44:05+02:00
install, rules: Clean up perl cruft that got removed upstream.
- - - - -
2377b35e by Timo Aaltonen at 2020-11-12T15:46:12+02:00
install: Add openldap_to_ds.
- - - - -
e963b01d by Timo Aaltonen at 2020-11-12T15:57:01+02:00
watch: Follow 1.4.4.x.
- - - - -
d36cebca by Timo Aaltonen at 2020-11-12T15:57:18+02:00
releasing package 389-ds-base version 1.4.4.8-1
- - - - -
9c7d5902 by Kazım SARIKAYA at 2020-11-12T15:16:27+01:00
build problems at alpine linux
- - - - -
4e99d892 by Mark Reynolds at 2020-11-12T09:31:18-05:00
Issue 4432 - After a failed online import the next imports are very slow
Bug Description: When an online import fails the entry and DN caches are
"reset", but we use the wrong "new maxsize" which was
setting the entry cache maxsize to zero which killed the
import performance.
Fix Description: When resetting the caches use the previous cache maxsize.
Relates: https://github.com/389ds/389-ds-base/issues/4432
Reviewed by: firstyear & progier(Thanks!!)
- - - - -
6233c041 by Mark Reynolds at 2020-11-12T09:32:17-05:00
Issue 4432 - After a failed online import the next imports are very slow
Bug Description: When an online import fails the entry and DN caches are
"reset", but we use the wrong "new maxsize" which was
setting the entry cache maxsize to zero which killed the
import performance.
Fix Description: When resetting the caches use the previous cache maxsize.
Relates: https://github.com/389ds/389-ds-base/issues/4432
Reviewed by: firstyear & progier(Thanks!!)
- - - - -
2529313e by Mark Reynolds at 2020-11-12T12:08:01-05:00
Issue 4383 - Do not normalize escaped spaces in a DN
Bug Description: Adding an entry with an escaped leading space leads to many
problems. Mainly id2entry can get corrupted during an
import of such an entry, and the entryrdn index is not
updated correctly
Fix Description: In slapi_dn_normalize_ext() leave an escaped space intact.
Relates: https://github.com/389ds/389-ds-base/issues/4383
Reviewed by: firstyear, progier, and tbordaz (Thanks!!!)
- - - - -
5376f552 by Mark Reynolds at 2020-11-12T12:08:53-05:00
Issue 4383 - Do not normalize escaped spaces in a DN
Bug Description: Adding an entry with an escaped leading space leads to many
problems. Mainly id2entry can get corrupted during an
import of such an entry, and the entryrdn index is not
updated correctly
Fix Description: In slapi_dn_normalize_ext() leave an escaped space intact.
Relates: https://github.com/389ds/389-ds-base/issues/4383
Reviewed by: firstyear, progier, and tbordaz (Thanks!!!)
- - - - -
4a2d711b by progier389 at 2020-11-12T18:50:04+01:00
do not add referrals for masters with different data generation #2054 (#4427)
Bug description:
The problem is that some operation mandatory in the usual cases are
also performed when replication cannot take place because the
database set are differents (i.e: RUV generation ids are different)
One of the issue is that the csn generator state is updated when
starting a replication session (it is a problem when trying to
reset the time skew, as freshly reinstalled replicas get infected
by the old ones)
A second issue is that the RUV got updated when ending a replication session
(which may add replica that does not share the same data set,
then update operations on consumer retun referrals towards wrong masters
Fix description:
The fix checks the RUVs generation id before updating the csn generator
and before updating the RUV.
Reviewed by: mreynolds
firstyear
vashirov
Platforms tested: F32
- - - - -
87712846 by William Brown at 2020-11-13T08:58:04+10:00
Issue 4428 - Paged Results with Chaining Test Case
Bug Description: This test case shows how a paged search with criticality
set to false, causes chaining to sigsegv.
Fix Description: N/A - this is a reproducer, not the fix.
fixes: #4428
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389
- - - - -
7f241dc7 by William Brown at 2020-11-13T08:58:04+10:00
Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining
Bug Description: When a paged search through chaining backend is
received with a false criticality (such as SSSD), chaining backend
will sigsegv due to a null context.
Fix Description: When a NULL ctx is recieved to be freed, this is
as paged results have finished being sent, so we check the NULL
ctx and move on.
fixes: #4428
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389
- - - - -
454a2d49 by William Brown at 2020-11-13T09:10:13+10:00
Issue 4428 - Paged Results with Chaining Test Case
Bug Description: This test case shows how a paged search with criticality
set to false, causes chaining to sigsegv.
Fix Description: N/A - this is a reproducer, not the fix.
fixes: #4428
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389
- - - - -
b79419a4 by William Brown at 2020-11-13T09:10:15+10:00
Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining
Bug Description: When a paged search through chaining backend is
received with a false criticality (such as SSSD), chaining backend
will sigsegv due to a null context.
Fix Description: When a NULL ctx is recieved to be freed, this is
as paged results have finished being sent, so we check the NULL
ctx and move on.
fixes: #4428
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389
- - - - -
d644ebaa by William Brown at 2020-11-17T10:21:35+10:00
Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid
Bug Description: The mapping tree is built and arranged based on
the content of the nsslapd-parent-suffix attribute. However, it is
possible that this value is invalid pointing at a non-existant
suffix, or that it could be pointing at a suffix that is invalid
in the suffix hierarchy that mapping trees expect.
https://www.port389.org/docs/389ds/design/mapping_tree_assembly.html
Fix Description: Rather than build the mapping tree by arranging
nodes through the nsslapd-parent-suffix value, we should sort and build
them through the known and defined suffix values in cn (which we already)
rely upon to be correct. This allows stable ordering and avoids potential
user and developer errors.
fixes: #4373
Author: William Brown <william at blackhats.net.au>
Review by: @progier389, @mreynolds389 (Thanks!)
- - - - -
33279b75 by William Brown at 2020-11-17T10:28:27+10:00
Issue 4410 RFE - ndn cache with arc in rust
Bug Description: As we move to LMDB and require a concurrently
readable model, we need access to concurrently readable datastructures.
Fix Description: This is a poc of NDN cache in rust with
a concurrently readable adaptive replacement cache.
fixes: #4410
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
43bcb561 by William Brown at 2020-11-17T13:12:33+10:00
Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid
Bug Description: The mapping tree is built and arranged based on
the content of the nsslapd-parent-suffix attribute. However, it is
possible that this value is invalid pointing at a non-existant
suffix, or that it could be pointing at a suffix that is invalid
in the suffix hierarchy that mapping trees expect.
https://www.port389.org/docs/389ds/design/mapping_tree_assembly.html
Fix Description: Rather than build the mapping tree by arranging
nodes through the nsslapd-parent-suffix value, we should sort and build
them through the known and defined suffix values in cn (which we already)
rely upon to be correct. This allows stable ordering and avoids potential
user and developer errors.
fixes: #4373
Author: William Brown <william at blackhats.net.au>
Review by: @progier389, @mreynolds389 (Thanks!)
- - - - -
83fc1e9d by progier389 at 2020-11-17T11:31:40-05:00
ticket 2058: Add keep alive entry after on-line initialization - second version (#4399)
Bug description:
Keep alive entry is not created on target master after on line initialization,
and its RUVelement stays empty until a direct update is issued on that master
Fix description:
The patch allows a consumer (configured as a master) to create (if it did not
exist before) the consumer's keep alive entry. It creates it at the end of a
replication session at a time we are sure the changelog exists and will not
be reset. It allows a consumer to have RUVelement with csn in the RUV at the
first incoming replication session.
That is basically lkrispen's proposal with an associated pytest testcase
Second version changes:
- moved the testcase to suites/replication/regression_test.py
- set up the topology from a 2 master topology then
reinitialized the replicas from an ldif without replication metadata
rather than using the cli.
- search for keepalive entries using search_s instead of getEntry
- add a comment about keep alive entries purpose
last commit:
- wait that ruv are in sync before checking keep alive entries
Reviewed by: droideck, Firstyear
Platforms tested: F32
relates: #2058
- - - - -
ea6e4a84 by progier389 at 2020-11-18T17:14:38+01:00
do not add referrals for masters with different data generation #2054 (#4427)
Bug description:
The problem is that some operation mandatory in the usual cases are
also performed when replication cannot take place because the
database set are differents (i.e: RUV generation ids are different)
One of the issue is that the csn generator state is updated when
starting a replication session (it is a problem when trying to
reset the time skew, as freshly reinstalled replicas get infected
by the old ones)
A second issue is that the RUV got updated when ending a replication session
(which may add replica that does not share the same data set,
then update operations on consumer retun referrals towards wrong masters
Fix description:
The fix checks the RUVs generation id before updating the csn generator
and before updating the RUV.
Reviewed by: mreynolds
firstyear
vashirov
Platforms tested: F32
- - - - -
3c3e1f30 by progier389 at 2020-11-19T10:21:10+01:00
Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444)
Bug description:
Got TypeError exception when usign:
dsctl -v slapd-localhost ldifgen users --suffix
dc=example,dc=com --parent ou=people,dc=example,dc=com
--number 100000 --generic --start-idx=50
The reason is that by default python parser provides
value for numeric options:
as an integer if specified by "--option value" or
as a string if specified by "--option=value"
Fix description:
convert the numeric parameters to integer when using it.
options impacted are:
- in users subcommand: --number , --start-idx
- in mod-load subcommand: --num-users, --add-users,
--del-users, --modrdn-users, --mod-users
FYI: An alternative solution would have been to indicate the
parser that these values are an integer. But two reasons
leaded me to implement the first solution:
- first solution fix the problem for all users while the
second one fixes only dsctl command.
- first solution is easier to test:
I just added a new test file generated by a script
that duplicated existing ldifgen test, renamed the
test cases and replaced the numeric arguments by
strings.
Second solution would need to redesign the test framework
to be able to test the parser.
relates: https://github.com/389ds/389-ds-base/issues/4440
Reviewed by:
Platforms tested: F32
- - - - -
5eacadd1 by progier389 at 2020-11-20T11:50:42+01:00
Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444)
Bug description:
Got TypeError exception when usign:
dsctl -v slapd-localhost ldifgen users --suffix
dc=example,dc=com --parent ou=people,dc=example,dc=com
--number 100000 --generic --start-idx=50
The reason is that by default python parser provides
value for numeric options:
as an integer if specified by "--option value" or
as a string if specified by "--option=value"
Fix description:
convert the numeric parameters to integer when using it.
options impacted are:
- in users subcommand: --number , --start-idx
- in mod-load subcommand: --num-users, --add-users,
--del-users, --modrdn-users, --mod-users
FYI: An alternative solution would have been to indicate the
parser that these values are an integer. But two reasons
leaded me to implement the first solution:
- first solution fix the problem for all users while the
second one fixes only dsctl command.
- first solution is easier to test:
I just added a new test file generated by a script
that duplicated existing ldifgen test, renamed the
test cases and replaced the numeric arguments by
strings.
Second solution would need to redesign the test framework
to be able to test the parser.
relates: https://github.com/389ds/389-ds-base/issues/4440
Reviewed by:
Platforms tested: F32
- - - - -
61738d31 by Viktor Ashirov at 2020-11-23T14:16:26+01:00
Fix pytest test collection
Bug Description:
Some tests were missing tier0 and tier1 marks, didn't have _test
postfix in the filename.
Because of this some tests were not collected and not executed.
Fix Description:
* Add missing pytest marks for tier0 and tier1
* Rename test modules to have _test in the filename.
Reviewed by: Simon (Thanks!)
- - - - -
4d5915f3 by Simon Pichugin at 2020-11-24T17:06:52+01:00
Issue 4105 - Remove python.six from lib389 (#4456)
Description: We no longer use python 2, we can remove all the python-six
imports and replace code with Python 3 support only.
Fixes: #4105
Reviewed by: @mreynolds389 @Firstyear (Thanks!)
- - - - -
8657fe47 by Simon Pichugin at 2020-11-24T17:12:32+01:00
Issue 4105 - Remove python.six from lib389 (#4456)
Description: We no longer use python 2, we can remove all the python-six
imports and replace code with Python 3 support only.
Fixes: #4105
Reviewed by: @mreynolds389 @Firstyear (Thanks!)
- - - - -
73ee04fa by progier389 at 2020-11-24T19:22:49+01:00
Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451)
Bug Description:
"dsconf replication monitor" fails to retrieve database RUV entry from consumer and this
appears into the Cockpit web UI too.
The problem is that the bind credentials are not rightly propagated when trying to get
the consumers agreement status. Then supplier credntials are used instead and RUV
is searched anonymously because there is no bind dn in ldapi case.
Fix Description:
- Propagates the bind credentials when computing agreement status
- Add a credential cache because now a replica password could get asked several times:
when discovering the topology and
when getting the agreement maxcsn
- Testcase test_dsconf_replication_monitor is modified to:
- Assert when getting "consumer (Unavalaible)" status
- Add a step using a freshly generated Dirsrv instance (as dsconf does)
rather than using the topology one
FYI: although the feature was tested in test_dsconf_replication_monitor py.test
the test does not hit the bug because of several side effects:
- If consumer credentials are not provided the suplier credentials are used.
- topology generated DirSrv instance has a bind DN.
- topology masters have the same credentials
DirSrv generated by dsconf (in ldapi case) have no bind DN and hits the bugs
- Add a comment about nonlocal keyword
Relates: #4449
Reviewers:
firstyear
droideck
mreynolds
Issue 4449: Add a comment about nonlocal keyword
- - - - -
2c89eef7 by progier389 at 2020-11-25T12:15:44+01:00
Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451)
Bug Description:
"dsconf replication monitor" fails to retrieve database RUV entry from consumer and this
appears into the Cockpit web UI too.
The problem is that the bind credentials are not rightly propagated when trying to get
the consumers agreement status. Then supplier credntials are used instead and RUV
is searched anonymously because there is no bind dn in ldapi case.
Fix Description:
- Propagates the bind credentials when computing agreement status
- Add a credential cache because now a replica password could get asked several times:
when discovering the topology and
when getting the agreement maxcsn
- Testcase test_dsconf_replication_monitor is modified to:
- Assert when getting "consumer (Unavalaible)" status
- Add a step using a freshly generated Dirsrv instance (as dsconf does)
rather than using the topology one
FYI: although the feature was tested in test_dsconf_replication_monitor py.test
the test does not hit the bug because of several side effects:
- If consumer credentials are not provided the suplier credentials are used.
- topology generated DirSrv instance has a bind DN.
- topology masters have the same credentials
DirSrv generated by dsconf (in ldapi case) have no bind DN and hits the bugs
- Add a comment about nonlocal keyword
Relates: #4449
Reviewers:
firstyear
droideck
mreynolds
Issue 4449: Add a comment about nonlocal keyword
(cherry picked from commit 73ee04fa12cd1de3a5e47c109e79e31c1aaaa2ab)
- - - - -
8bb2f6b3 by Akshay Adhikari at 2020-11-25T13:40:35+01:00
Issue 4112 - Added a CI test (#4441)
Issue 4112 - Added a CI test
Bug Description: If the dbhome directory is set, eg to /dev/shm/instance
then an online backup fails because it looks for the log.000000x file
in the wring directory.
Relates: #4112
Reviewed by: Firstyear,droideck (Thanks!)
- - - - -
c87084de by tbordaz at 2020-11-25T18:07:34+01:00
Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439)
Bug description:
Previous fix is buggy because slapi_filter_escape_filter_value returns
a escaped filter component not an escaped assertion value.
Fix description:
use the escaped filter component
relates: https://github.com/389ds/389-ds-base/issues/4297
Reviewed by: William Brown
Platforms tested: F31
- - - - -
54c9db06 by tbordaz at 2020-11-25T18:12:54+01:00
Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439)
Bug description:
Previous fix is buggy because slapi_filter_escape_filter_value returns
a escaped filter component not an escaped assertion value.
Fix description:
use the escaped filter component
relates: https://github.com/389ds/389-ds-base/issues/4297
Reviewed by: William Brown
Platforms tested: F31
- - - - -
d6f73060 by Mark Reynolds at 2020-11-25T16:25:43-05:00
Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set
Description: The UI schema page was not handling objectclasses that did not
have x-origin set. This patch prevents the browser from crashing
in that case.
Relates: https://github.com/389ds/389-ds-base/issues/3986
Reviewed by: mreynolds (one line commit rule)
- - - - -
2dd89149 by Mark Reynolds at 2020-11-25T16:28:15-05:00
Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set
Description: The UI schema page was not handling objectclasses that did not
have x-origin set. This patch prevents the browser from crashing
in that case.
Relates: https://github.com/389ds/389-ds-base/issues/3986
Reviewed by: mreynolds (one line commit rule)
- - - - -
bc6edc01 by William Brown at 2020-11-26T08:16:49+10:00
Issue 4454 - RFE - fix version numbers to allow object caching
Bug Description: ccache and sccache are unable to cache object
files in 389-ds due to the use of BUILDNUM that takes a current
time including minutes, and VERSION.sh using the current
date and git commit which can change between branches.
Fix Description: When using --enable-debug, BUILDNUM and VERSION
are set to 0 or "DEVELOPER BUILD". Since this is now static
object caching can now occuring, reducing developer recompile
times and allowing incremental compilation to work correctly.
fixes: #4454
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
ca65f3a6 by Mark Reynolds at 2020-11-25T17:50:31-05:00
Issue 3657 - Add options to dsctl for dsrc file
Description: Add options to create, modify, delete, and display
the .dsrc CLI tool shortcut file.
Relates: https://github.com/389ds/389-ds-base/issues/3657
Reviewed by: firstyear(Thanks!)
- - - - -
b1634c75 by Mark Reynolds at 2020-11-25T17:51:40-05:00
Issue 3657 - Add options to dsctl for dsrc file
Description: Add options to create, modify, delete, and display
the .dsrc CLI tool shortcut file.
Relates: https://github.com/389ds/389-ds-base/issues/3657
Reviewed by: firstyear(Thanks!)
- - - - -
ce7beae4 by William Brown at 2020-11-26T09:28:33+10:00
Issue 4460 - BUG - lib389 should use system tls policy
Bug Description: Due to some changes in dsrc for tlsreqcert
and how def open was structured in lib389, the system ldap.conf
policy was ignored.
Fix Description: Default to using the system ldap.conf policy
if undefined in lib389 or the tls_reqcert param in dsrc.
fixes: #4460
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
aacdac38 by William Brown at 2020-11-26T09:30:00+10:00
Issue 4460 - BUG - lib389 should use system tls policy
Bug Description: Due to some changes in dsrc for tlsreqcert
and how def open was structured in lib389, the system ldap.conf
policy was ignored.
Fix Description: Default to using the system ldap.conf policy
if undefined in lib389 or the tls_reqcert param in dsrc.
fixes: #4460
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
f1243f7c by tbordaz at 2020-11-30T09:03:33+01:00
Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467)
Bug description:
This test case was incorrect.
During a refreshPersistent search, a cookie is sent
with the intermediate message that indicates the end of the refresh phase.
Then a second cookie is sent on the updated entry (group10)
I believed this test was successful some time ago but neither python-ldap
nor sync_repl changed (intermediate sent in post refresh).
So the testcase was never successful :(
Fix description:
The fix is just to take into account the two expected cookies
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: Mark Reynolds
Platforms tested: F31
- - - - -
de9965d0 by tbordaz at 2020-11-30T09:07:13+01:00
Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467)
Bug description:
This test case was incorrect.
During a refreshPersistent search, a cookie is sent
with the intermediate message that indicates the end of the refresh phase.
Then a second cookie is sent on the updated entry (group10)
I believed this test was successful some time ago but neither python-ldap
nor sync_repl changed (intermediate sent in post refresh).
So the testcase was never successful :(
Fix description:
The fix is just to take into account the two expected cookies
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: Mark Reynolds
Platforms tested: F31
- - - - -
a98fe542 by James Chapman at 2020-11-30T15:28:05+00:00
Issue 4418 - ldif2db - offline. Warn the user of skipped entries
Bug Description: During an ldif2db import entries that do not
conform to various constraints will be skipped and not imported.
On completition of an import with skipped entries, the server
returns a success exit code and logs the skipped entry detail to
the error logs. The success exit code could lead the user to
believe that all entries were successfully imported.
Fix Description: If a skipped entry occurs during import, the
import will continue and a warning will be returned to the user.
CLI tools for offline import updated to handle warning code.
Test added to generate an incorrect ldif entry and perform an
import.
Fixes: #4418
Reviewed by: Firstyear, droideck (Thanks)
- - - - -
a5029c80 by Mark Reynolds at 2020-11-30T11:40:36-05:00
Issue 4384 - Use MONOTONIC clock for all timing events and conditions
Bug Description: All of the server's event handling and replication were
based on REALTIME clocks, which can be influenced by the
system changing. This could causes massive delays, and
simply cause unexpected behavior.
Fix Description: Move all condition variables to use pthread instead of NSPR
functions. Also make sure we use MONOTONIC clocks when we
get the current time when checking for timeouts and other
timed events.
Relates: https://github.com/389ds/389-ds-base/issues/4384
Reviewed by: elkris, firstyear, and tbordaz (Thanks!!!)
Apply firstyear's sugestions
Apply Firstyear's other suggestions
Apply Thierry's suggestions
- - - - -
806feba7 by Mark Reynolds at 2020-11-30T11:43:07-05:00
Issue 4384 - Use MONOTONIC clock for all timing events and conditions
Bug Description: All of the server's event handling and replication were
based on REALTIME clocks, which can be influenced by the
system changing. This could causes massive delays, and
simply cause unexpected behavior.
Fix Description: Move all condition variables to use pthread instead of NSPR
functions. Also make sure we use MONOTONIC clocks when we
get the current time when checking for timeouts and other
timed events.
Relates: https://github.com/389ds/389-ds-base/issues/4384
Reviewed by: elkris, firstyear, and tbordaz (Thanks!!!)
Apply firstyear's sugestions
Apply Firstyear's other suggestions
Apply Thierry's suggestions
- - - - -
782e6c1e by Mark Reynolds at 2020-11-30T16:30:39-05:00
Issue 4105 - Remove python.six (fix regression)
Description: The switch off of six StringIO was not correctly ported,
and an object was assigned to a variable instead of the
variable being initialized with a new instance of the
object.
Fixes: https://github.com/389ds/389-ds-base/issues/4105
Reviewed by: mreynolds(one line commit rule)
- - - - -
74170d72 by Mark Reynolds at 2020-11-30T16:34:19-05:00
Issue 4105 - Remove python.six (fix regression)
Description: The switch off of six StringIO was not correctly ported,
and an object was assigned to a variable instead of the
variable being initialized with a new instance of the
object.
Fixes: https://github.com/389ds/389-ds-base/issues/4105
Reviewed by: mreynolds(one line commit rule)
- - - - -
b09e6033 by Mark Reynolds at 2020-11-30T17:14:03-05:00
Bump version to 1.4.4.9
- - - - -
b7219518 by William Brown at 2020-12-01T13:15:14+10:00
Issue 4464 - RFE - clang with ds+asan+rust
Bug Description: Some subtle issues existed when using clang with
ds for builds, emiting warnings or not working (asan).
Fix Description: Remove some compiler flags that caused warnings,
and clean up how to emit certain linking related parts for asan
and dynamic libs for clang.
fixes: #4464
Author: William Brown <william at blackhats.net.au>
Review by: vashirov (thanks!)
- - - - -
7d2f95dc by tbordaz at 2020-12-01T15:15:21+01:00
Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466)
Bug description:
Individual testcase run fine but they fails when
run in a raw
Fix description:
Each testcase needs to do cleanup (at the end) or
make initialization more robust
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: William Brown, Simon Pichugin (Thanks !)
Platforms tested: F31
- - - - -
a074b28c by tbordaz at 2020-12-01T15:19:55+01:00
Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466)
Bug description:
Individual testcase run fine but they fails when
run in a raw
Fix description:
Each testcase needs to do cleanup (at the end) or
make initialization more robust
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: William Brown, Simon Pichugin (Thanks !)
Platforms tested: F31
- - - - -
2eba8fec by Barbora Simonova at 2020-12-03T11:10:10+01:00
Issue 4284 - dsidm fails to delete an organizationalUnit entry
Description:
Created test for dsidm organizationalunit delete and moved the function
check_value_in_log_and_reset() to __init__.py, because it will be used for
other dsidm tests.
Also modified the delete() function in lib389 to be able to delete the entry
without warning message for test purposes.
Relates: https://github.com/389ds/389-ds-base/issues/4284
Reviewed by: droideck (Thanks!)
- - - - -
52215dcb by William Brown at 2020-12-04T10:13:05+10:00
Issue 4446 RFE - openldap password hashers
Bug Description: To allow easier migrations, we need to support
some password types that OpenLDAP has that we do not. This
is mainly PBKDF2 types. OpenLDAP's hashers are
based on python passlib, so they also store the values in
a different way than our PBDKF2 module.
Fix Description: This adds passlib style PBKDF2 support, written
in Rust. It extends the slapi_r_plugin shim to support password
extensions for Rust plugins, as well as providing a number of
small improvements to the build system and testing for rust
plugins.
fixes: #4446
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks)
- - - - -
dec149b4 by Firstyear at 2020-12-04T10:14:33+10:00
Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472)
Bug Description: During SSCA creation, the server cert did not have
the machine name, which meant that the cert would not work without
reqcert = never.
Fix Description: Add the machine name as an alt name during SSCA
creation. It is not guaranteed this value is correct, but it
is better than nothing.
relates: https://github.com/389ds/389-ds-base/issues/4460
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds389, droideck
- - - - -
99443d77 by Firstyear at 2020-12-04T10:46:43+10:00
Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472)
Bug Description: During SSCA creation, the server cert did not have
the machine name, which meant that the cert would not work without
reqcert = never.
Fix Description: Add the machine name as an alt name during SSCA
creation. It is not guaranteed this value is correct, but it
is better than nothing.
relates: https://github.com/389ds/389-ds-base/issues/4460
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds389, droideck
- - - - -
2bd5aefa by William Brown at 2020-12-04T10:52:18+10:00
Issue 4410 RFE - ndn cache with arc in rust
Bug Description: As we move to LMDB and require a concurrently
readable model, we need access to concurrently readable datastructures.
Fix Description: This is a poc of NDN cache in rust with
a concurrently readable adaptive replacement cache.
fixes: #4410
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
4c2cb804 by Firstyear at 2020-12-04T10:52:26+10:00
Issue 4403 RFE - OpenLDAP pw hash migration tests (#4408)
Bug Description: As we want to support openldap to 389 password migration,
we should check if we allow accounts to continue to bind. This involves
testing different openldap authentication schemes to determine if they
work.
Fix Description: Add tests for different password and contrib password
types that are supported in openldap.
fixes: #4403
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @progier389 (Thanks!)
- - - - -
1063bb7d by William Brown at 2020-12-04T10:52:33+10:00
Issue 4446 RFE - openldap password hashers
Bug Description: To allow easier migrations, we need to support
some password types that OpenLDAP has that we do not. This
is mainly PBKDF2 types. OpenLDAP's hashers are
based on python passlib, so they also store the values in
a different way than our PBDKF2 module.
Fix Description: This adds passlib style PBKDF2 support, written
in Rust. It extends the slapi_r_plugin shim to support password
extensions for Rust plugins, as well as providing a number of
small improvements to the build system and testing for rust
plugins.
fixes: #4446
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks)
- - - - -
74a96c6a by tbordaz at 2020-12-07T09:41:27+10:00
Issue 4315: performance search rate: nagle triggers high rate of setsocketopt (#4437)
Bug description:
When a socket is set with NO_DELAY=0 (nagle), written pdu are buffered
until buffer is full or tcp_cork is set. This reduce network traffic when
the application writes partial pdu.
DS write complete pdu (results/entries/..) so it gives low benefit for DS.
In addition nagle being 'on' by default, DS sets/unset socket tcp_cork to send
immediately results/entries at each operation. This is an overhead of syscalls.
Fix description:
Disable nagle by default
relates: https://github.com/389ds/389-ds-base/issues/4315
Reviewed by: @mreynolds389, @Firstyear
Platforms tested: F33
- - - - -
87b39043 by tbordaz at 2020-12-08T08:32:21+01:00
Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475)
Bug description:
Cookie changenumber can be 0.
test_sync_repl_cookie_add_del and test_sync_repl_mep are not
accepting this value
Fix description:
change the assertion
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: William Brown, Simon Pichugin (thanks for this continuous effort on
buggy testcases :) )
Platforms tested: F31
- - - - -
66f195b9 by tbordaz at 2020-12-08T08:36:56+01:00
Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475)
Bug description:
Cookie changenumber can be 0.
test_sync_repl_cookie_add_del and test_sync_repl_mep are not
accepting this value
Fix description:
change the assertion
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: William Brown, Simon Pichugin (thanks for this continuous effort on
buggy testcases :) )
Platforms tested: F31
- - - - -
1af84fd1 by James Chapman at 2020-12-09T22:42:59+00:00
Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476)
Bug Description: During an online ldif2db import entries that do not
conform to various constraints will be skipped and
not imported. On completition of an import with skipped
entries, the server responds with a success message
and logs the skipped entry detail to the error logs.
The success messgae could lead the user to believe
that all entries were successfully imported.
Fix Description: If a skipped entry occurs during import, the import
will continue and a warning message will be displayed.
The schema is extended with a nsTaskWarning attribute
which is used to capture and retrieve any task
warnings.
CLI tools for online import updated.
Test added to generate an incorrect ldif entry and perform an
online import.
Fixes: https://github.com/389ds/389-ds-base/issues/4419
Reviewed by: tbordaz, mreynolds389, droideck, Firstyear (Thanks)
- - - - -
d35266ed by tbordaz at 2020-12-10T09:25:18+10:00
Issue 4315: performance search rate: nagle triggers high rate of setsocketopt (#4437)
Bug description:
When a socket is set with NO_DELAY=0 (nagle), written pdu are buffered
until buffer is full or tcp_cork is set. This reduce network traffic when
the application writes partial pdu.
DS write complete pdu (results/entries/..) so it gives low benefit for DS.
In addition nagle being 'on' by default, DS sets/unset socket tcp_cork to send
immediately results/entries at each operation. This is an overhead of syscalls.
Fix description:
Disable nagle by default
relates: https://github.com/389ds/389-ds-base/issues/4315
Reviewed by: @mreynolds389, @Firstyear
Platforms tested: F33
- - - - -
4b501a5e by William Brown at 2020-12-10T09:29:40+10:00
Ticket 4313 - fix potential syncrepl data corruption
Bug Description: The cookie encodes which changelog entries we
have seen up to and including. However, the sync process would then
re-send the cl item from the cookie number. This could cause corruption
in some cases as some combinations of actions between two points
are no-oped in the server.
Fix Description: Fix the changelog search to always process that
entries of the CL must be greater than, but not equal to the
already seen CL items from the cookie.
Fixes: https://github.com/389ds/389-ds-base/issues/4313
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
d2a3f2eb by William Brown at 2020-12-10T09:29:40+10:00
Ticket 4313 - improve tests and improve readme re refdel
Bug Description: This is a supplement to 51260.
Fix Description: This expands the test cases to be able to detect
the subsequent data corruption of 51260. This also improves
documentation around the rfc, and some todo comments for
future work with entryuuid + openldap.
Fixes: https://github.com/389ds/389-ds-base/issues/4313
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
5a3a6e50 by William Brown at 2020-12-10T09:29:40+10:00
Ticket 4224 - openldap can become confused with entryuuid
Bug Description: OpenLDAP server as a syncrepl consumed enforces
the condition that syncUUID in ldap messages must match the entryuuid
of the entry. This is not in the RFC but it affects this one situation.
Fix Description: To resolve this, we enforce that entryuuid is a
requirement to the openldap syncrepl mode. Only entries with an
entryuuid can be sent to openldap. Additionally, this mode is disabled
by default by a configuration parameter "syncrepl-allow-openldap" in
the content sync plugin config.
Fixes: https://github.com/389ds/389-ds-base/issues/4224
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz (Thanks!)
- - - - -
06ad8c78 by William Brown at 2020-12-10T09:37:47+10:00
Ticket 4313 - fix potential syncrepl data corruption
Bug Description: The cookie encodes which changelog entries we
have seen up to and including. However, the sync process would then
re-send the cl item from the cookie number. This could cause corruption
in some cases as some combinations of actions between two points
are no-oped in the server.
Fix Description: Fix the changelog search to always process that
entries of the CL must be greater than, but not equal to the
already seen CL items from the cookie.
Fixes: https://github.com/389ds/389-ds-base/issues/4313
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
65757379 by William Brown at 2020-12-10T09:37:52+10:00
Ticket 4313 - improve tests and improve readme re refdel
Bug Description: This is a supplement to 51260.
Fix Description: This expands the test cases to be able to detect
the subsequent data corruption of 51260. This also improves
documentation around the rfc, and some todo comments for
future work with entryuuid + openldap.
Fixes: https://github.com/389ds/389-ds-base/issues/4313
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
5d77fe60 by William Brown at 2020-12-10T09:37:58+10:00
Ticket 4224 - openldap can become confused with entryuuid
Bug Description: OpenLDAP server as a syncrepl consumed enforces
the condition that syncUUID in ldap messages must match the entryuuid
of the entry. This is not in the RFC but it affects this one situation.
Fix Description: To resolve this, we enforce that entryuuid is a
requirement to the openldap syncrepl mode. Only entries with an
entryuuid can be sent to openldap. Additionally, this mode is disabled
by default by a configuration parameter "syncrepl-allow-openldap" in
the content sync plugin config.
Fixes: https://github.com/389ds/389-ds-base/issues/4224
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz (Thanks!)
- - - - -
7ed09120 by Firstyear at 2020-12-10T12:45:54+10:00
Issue 4229 - RFE - Improve rust linking and build performance (#4474)
Bug Description: Due to changes in how we approach rust in our
make system, we can improve this significantly to reduce complexity
in our linking, and to remove a large quantity of deadcode that
is no longer needed.
Fix Description: Remove older parts of sds (removed in favour
of rust datastructures and concread), and remove lfds which
is no longer used from nunc-stans
fixes: https://github.com/389ds/389-ds-base/issues/4229
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks!)
- - - - -
46ae8c3f by William Brown at 2020-12-10T12:47:37+10:00
Issue 4464 - RFE - clang with ds+asan+rust
Bug Description: Some subtle issues existed when using clang with
ds for builds, emiting warnings or not working (asan).
Fix Description: Remove some compiler flags that caused warnings,
and clean up how to emit certain linking related parts for asan
and dynamic libs for clang.
fixes: #4464
Author: William Brown <william at blackhats.net.au>
Review by: vashirov (thanks!)
- - - - -
60fb9fa8 by Firstyear at 2020-12-10T12:47:44+10:00
Issue 4229 - RFE - Improve rust linking and build performance (#4474)
Bug Description: Due to changes in how we approach rust in our
make system, we can improve this significantly to reduce complexity
in our linking, and to remove a large quantity of deadcode that
is no longer needed.
Fix Description: Remove older parts of sds (removed in favour
of rust datastructures and concread), and remove lfds which
is no longer used from nunc-stans
fixes: https://github.com/389ds/389-ds-base/issues/4229
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks!)
- - - - -
f0825275 by James Chapman at 2020-12-10T03:15:43+00:00
Issue 4489 - Remove return statement from a void function (#4490)
Bug Description: void function returns a value, causing compiler warnings.
Fix Description: Remove return statement.
Relates: https://github.com/389ds/389-ds-base/issues/4419
Reviewed by: One line rule
- - - - -
bdf955bd by Mark Reynolds at 2020-12-10T12:04:51-05:00
Issue 4421 - Unable to build with Rust enabled in closed environment
Description: Add Makefile flags and update rpm.mk that allow updating
and downloading all the cargo/rust dependencies. This is
needed for nightly tests and upstream/downstream releases.
Fixes: https://github.com/389ds/389-ds-base/issues/4421
Reviewed by: firstyear(Thanks!)
- - - - -
488bad57 by Mark Reynolds at 2020-12-10T12:05:47-05:00
Issue 4421 - Unable to build with Rust enabled in closed environment
Description: Add Makefile flags and update rpm.mk that allow updating
and downloading all the cargo/rust dependencies. This is
needed for nightly tests and upstream/downstream releases.
Fixes: https://github.com/389ds/389-ds-base/issues/4421
Reviewed by: firstyear(Thanks!)
- - - - -
4715f372 by Mark Reynolds at 2020-12-10T15:34:31-05:00
Issue 4224 - cleanup specfile after libsds removal
Description: The original commit for this ticket did not cleanup the specfile
relates: https://github.com/389ds/389-ds-base/issues/4224
Reviewed by: mreynolds(one line commit rule)
- - - - -
85abc9fa by Mark Reynolds at 2020-12-10T15:35:56-05:00
Issue 4224 - cleanup specfile after libsds removal
Description: The original commit for this ticket did not cleanup the specfile
relates: https://github.com/389ds/389-ds-base/issues/4224
Reviewed by: mreynolds(one line commit rule)
- - - - -
09d3ab7d by James Chapman at 2020-12-10T22:23:39+00:00
Issue 4486 - Remove random ldif file generation from import test (#4487)
Bug Description: The test_fast_slow_import() test validates the performance
impact of the nsslapd-db-private-import-mem config attribute
over multiple ldif file offline imports. For each import, a
random ldif file is generated which can differ in size,
effecting the duration of the import.
Fix Description: Check if the ldif file exists before creating a new one, so we
have the same ldif file for each import comparison.
Fixes: https://github.com/389ds/389-ds-base/issues/4486
Reviewed by: Firstyear, droideck (Thank you)
- - - - -
429c2f85 by Mark Reynolds at 2020-12-11T15:25:09-05:00
Issue 4483 - heap-use-after-free in slapi_be_getsuffix
Description: heap-use-after-free in slapi_be_getsuffix after disk
monitoring runs. This feature is freeing a list of
backends which it does not need to do.
Fixes: https://github.com/389ds/389-ds-base/issues/4483
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
5a80dd90 by Mark Reynolds at 2020-12-11T15:26:07-05:00
Issue 4483 - heap-use-after-free in slapi_be_getsuffix
Description: heap-use-after-free in slapi_be_getsuffix after disk
monitoring runs. This feature is freeing a list of
backends which it does not need to do.
Fixes: https://github.com/389ds/389-ds-base/issues/4483
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
32413b5b by Firstyear at 2020-12-14T11:16:31+10:00
Issue 4373 - BUG - calloc of size 0 in MT build (#4496)
Bug Description: In some cases it's possible for there to be
no mapping trees which causes a warning of a calloc of size
0.
Fix Description: In these cases, we can skip the attempt to calloc
and build.
fixes: https://github.com/389ds/389-ds-base/issues/4373
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
18184e5e by Firstyear at 2020-12-14T11:17:12+10:00
Issue 4373 - BUG - calloc of size 0 in MT build (#4496)
Bug Description: In some cases it's possible for there to be
no mapping trees which causes a warning of a calloc of size
0.
Fix Description: In these cases, we can skip the attempt to calloc
and build.
fixes: https://github.com/389ds/389-ds-base/issues/4373
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
f629f8f5 by tbordaz at 2020-12-14T10:02:24+01:00
Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493)
Bug description:
When a replication session starts, a starting point is computed
according to supplier/consumer RUVs.
from the starting point the updates are bulk loaded from the CL.
When a bulk set have been fully evaluated the server needs to bulk load another set.
It iterates until there is no more updates to send.
The bug is that during bulk load, it recomputes the CL cursor position
and this computation can be wrong. For example if a new update on
a rarely updated replica (or not known replica) the new position will
be set before the inital starting point
Fix description:
Fixing the invalid computation is a bit risky (complex code resulting from
years of corner cases handling) and a fix could fail to address others flavor
with the same symptom
The fix is only (sorry for that) safety checking fix that would end a replication session
if the computed cursor position goes before the initial starting point.
In case of large jump behind (24h) the starting point, a warning is logged.
relates: https://github.com/389ds/389-ds-base/issues/4492
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31
- - - - -
260128fa by tbordaz at 2020-12-14T10:27:40+01:00
Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493)
Bug description:
When a replication session starts, a starting point is computed
according to supplier/consumer RUVs.
from the starting point the updates are bulk loaded from the CL.
When a bulk set have been fully evaluated the server needs to bulk load another set.
It iterates until there is no more updates to send.
The bug is that during bulk load, it recomputes the CL cursor position
and this computation can be wrong. For example if a new update on
a rarely updated replica (or not known replica) the new position will
be set before the inital starting point
Fix description:
Fixing the invalid computation is a bit risky (complex code resulting from
years of corner cases handling) and a fix could fail to address others flavor
with the same symptom
The fix is only (sorry for that) safety checking fix that would end a replication session
if the computed cursor position goes before the initial starting point.
In case of large jump behind (24h) the starting point, a warning is logged.
relates: https://github.com/389ds/389-ds-base/issues/4492
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31
- - - - -
9fa46b83 by Mark Reynolds at 2020-12-14T10:08:23-05:00
Issue 3522 - Remove DES to AES conversion code
Description: remove the reversible password storage scheem upgrade code.
This was only needed for people moving from 1.2.10, which
has not been supported for years.
Fixes: https://github.com/389ds/389-ds-base/issues/3522
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
07b678dc by Simon Pichugin at 2020-12-14T21:13:45+01:00
Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481)
Description: Libraries like libldap, libber do error and debug
logging, but it is not available in the DS logs.
Provide a way to enable the third party logging in DS.
Add nsslapd-external-libs-debug-enabled attribute to 'cn=config'
which will enable all of the levels available in libldap and libber.
The setting should be used only for debugging purposes as
it prints all of the operations with great verbosity.
The code for log_external_libs_debug_print() and
log_external_libs_debug_set_log_fn() functions are provided
by a former Red Hat employee - Ludwig Krispenz.
Fixes: #1795
Reviewed by: @Firstyear and @tbordaz (Thanks!)
- - - - -
926b2e04 by Simon Pichugin at 2020-12-14T21:39:02+01:00
Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481)
Description: Libraries like libldap, libber do error and debug
logging, but it is not available in the DS logs.
Provide a way to enable the third party logging in DS.
Add nsslapd-external-libs-debug-enabled attribute to 'cn=config'
which will enable all of the levels available in libldap and libber.
The setting should be used only for debugging purposes as
it prints all of the operations with great verbosity.
The code for log_external_libs_debug_print() and
log_external_libs_debug_set_log_fn() functions are provided
by a former Red Hat employee - Ludwig Krispenz.
Fixes: #1795
Reviewed by: @Firstyear and @tbordaz (Thanks!)
- - - - -
bf46ccec by Stanislav Levin at 2020-12-15T09:49:34+10:00
Issue 4272 RFE - add support for gost-yescrypt for hashing passwords (#4497)
Bug Description: The state standard of Russian Federation requires
strong password hashes relied on GOST R 34.11-2012 (also known as
Streebog[0]) hash function.
Fix Description: One of the implementations of Streebog hash function
was made by libxcrypt, which has come as the replacement of glibc's
libcrypt. This means that several of the pwdstorage plugins have already
linked against libxcrypt.
>From libxcrypt docs:
gost-yescrypt uses the output from the yescrypt hashing method in
place of a hmac message. Thus, the yescrypt crypto properties
are superseeded by the GOST R 34.11-2012 (Streebog) hash function
with a 256 bit digest.
[0]: https://tools.ietf.org/html/rfc6986
fixes: #4272
Reviewed by: @Firstyear, @mreynolds389 (Thanks!)
- - - - -
ec4a8cce by Stanislav Levin at 2020-12-15T09:51:48+10:00
Issue 4272 RFE - add support for gost-yescrypt for hashing passwords (#4497)
Bug Description: The state standard of Russian Federation requires
strong password hashes relied on GOST R 34.11-2012 (also known as
Streebog[0]) hash function.
Fix Description: One of the implementations of Streebog hash function
was made by libxcrypt, which has come as the replacement of glibc's
libcrypt. This means that several of the pwdstorage plugins have already
linked against libxcrypt.
>From libxcrypt docs:
gost-yescrypt uses the output from the yescrypt hashing method in
place of a hmac message. Thus, the yescrypt crypto properties
are superseeded by the GOST R 34.11-2012 (Streebog) hash function
with a 256 bit digest.
[0]: https://tools.ietf.org/html/rfc6986
fixes: #4272
Reviewed by: @Firstyear, @mreynolds389 (Thanks!)
- - - - -
d7bef97b by Mark Reynolds at 2020-12-15T16:54:43-05:00
Merge pull request #4501 from mreynolds389/issue4500
Issue 4500 - add cockpit options to dsctl
- - - - -
925f3e19 by Mark Reynolds at 2020-12-15T16:55:47-05:00
Merge pull request #4501 from mreynolds389/issue4500
Issue 4500 - add cockpit options to dsctl
- - - - -
b9edaacf by Firstyear at 2020-12-16T08:57:24+10:00
Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502)
Bug Description: We had a free on the wrong line which could
lead to a memory leak during server setup.
Fix Description: Free results if ent count is 0
fixes: https://github.com/389ds/389-ds-base/issues/4373
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @tbordaz (Thanks!)
- - - - -
730b30f0 by Firstyear at 2020-12-16T08:59:09+10:00
Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502)
Bug Description: We had a free on the wrong line which could
lead to a memory leak during server setup.
Fix Description: Free results if ent count is 0
fixes: https://github.com/389ds/389-ds-base/issues/4373
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @tbordaz (Thanks!)
- - - - -
0b08e6f3 by progier389 at 2020-12-16T16:21:35+01:00
Issue #4504 - Fix pytest test_dsconf_replication_monitor (#4505)
- - - - -
cc0f6928 by tbordaz at 2020-12-16T16:30:28+01:00
Issue 4480 - Unexpected info returned to ldap request (#4491)
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: https://github.com/389ds/389-ds-base/issues/4480
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
Platforms tested: F31
- - - - -
38b97fae by tbordaz at 2020-12-16T16:35:08+01:00
Issue 4480 - Unexpected info returned to ldap request (#4491)
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: https://github.com/389ds/389-ds-base/issues/4480
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
Platforms tested: F31
- - - - -
26c6a0b7 by progier389 at 2020-12-16T17:04:00+01:00
Issue #4504 - Fix pytest test_dsconf_replication_monitor (#4505)
(cherry picked from commit 0b08e6f35b000d1383580be59f902ac813e940f2)
- - - - -
0f38410a by Firstyear at 2020-12-17T08:22:23+10:00
Issue 4498 - BUG - entryuuid replication may not work (#4503)
Bug Description: EntryUUID can be duplicated in replication,
due to a missing check in assign_uuid
Fix Description: Add a test case to determine how this occurs,
and add the correct check for existing entryUUID.
fixes: https://github.com/389ds/389-ds-base/issues/4498
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
c5dfc280 by Firstyear at 2020-12-17T08:23:05+10:00
Issue 4498 - BUG - entryuuid replication may not work (#4503)
Bug Description: EntryUUID can be duplicated in replication,
due to a missing check in assign_uuid
Fix Description: Add a test case to determine how this occurs,
and add the correct check for existing entryUUID.
fixes: https://github.com/389ds/389-ds-base/issues/4498
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
8b17d7ad by Timo Aaltonen at 2020-12-18T14:59:51+02:00
Merge branch 'upstream'
- - - - -
50a31f33 by Timo Aaltonen at 2020-12-18T15:03:53+02:00
bump the version, drop a patch
- - - - -
840d33b0 by Timo Aaltonen at 2020-12-18T15:29:27+02:00
releasing package 389-ds-base version 1.4.4.9-1
- - - - -
a1618152 by Mark Reynolds at 2021-01-04T23:25:30-05:00
Issue 4507 - Improve csngen testing task (#4508)
Description: Once the csngen testing task is created, it will not stop for 10 minutes
even if you attempt to stop the server. This is adding 10 minutes to
the CI testing runs.
Improved this task to check for the server shutdown, an moved the csngen
test to the bottom of the file so it is executed last so it does not
interfere with other tests
Fixes: https://github.com/389ds/389-ds-base/issues/4507
Reviewed by: tbordaz(Thanks!)
- - - - -
b0cc3385 by Mark Reynolds at 2021-01-04T23:26:08-05:00
Issue 4507 - Improve csngen testing task (#4508)
Description: Once the csngen testing task is created, it will not stop for 10 minutes
even if you attempt to stop the server. This is adding 10 minutes to
the CI testing runs.
Improved this task to check for the server shutdown, an moved the csngen
test to the bottom of the file so it is executed last so it does not
interfere with other tests
Fixes: https://github.com/389ds/389-ds-base/issues/4507
Reviewed by: tbordaz(Thanks!)
- - - - -
3ab35273 by Firstyear at 2021-01-06T11:12:39+10:00
Issue 4517 - BUG: Multiple systemd pin warnings (#4518)
Bug Description: When multiple entries exist under
cn=encryption,cn=config then we log a warning for each
entry that systemd ask pass may be needed. This creates noise
when the warning is needed once.
Fix Description: Move the warning to outside the loop.
fixes: https://github.com/389ds/389-ds-base/issues/4517
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck (Thanks!)
- - - - -
3b0f3385 by Mark Reynolds at 2021-01-06T20:41:22-05:00
Issue 4414 - disk monitoring - prevent division by zero crash
Bug Description: If a disk mount has zero total space or zero used
space then a division by zero can occur and the
server will crash.
It has also been observed that sometimes a system
can return the wrong disk entirely, and when that
happens the incorrect disk also has zero available
space which triggers the disk monitioring thread to
immediately shut the server down.
Fix Description: Check the total and used space for zero and do not
divide, just ignore it. As a preemptive measure
ignore disks from /dev, /proc, /sys (except /dev/shm).
Yes it's a bit hacky, but the true underlying cause
is not known yet. So better to be safe than sorry.
Relates: https://github.com/389ds/389-ds-base/issues/4414
Reviewed by: firstyear(Thanks!)
- - - - -
ea10cc3e by Mark Reynolds at 2021-01-06T20:42:20-05:00
Issue 4414 - disk monitoring - prevent division by zero crash
Bug Description: If a disk mount has zero total space or zero used
space then a division by zero can occur and the
server will crash.
It has also been observed that sometimes a system
can return the wrong disk entirely, and when that
happens the incorrect disk also has zero available
space which triggers the disk monitioring thread to
immediately shut the server down.
Fix Description: Check the total and used space for zero and do not
divide, just ignore it. As a preemptive measure
ignore disks from /dev, /proc, /sys (except /dev/shm).
Yes it's a bit hacky, but the true underlying cause
is not known yet. So better to be safe than sorry.
Relates: https://github.com/389ds/389-ds-base/issues/4414
Reviewed by: firstyear(Thanks!)
- - - - -
53af2749 by Simon Pichugin at 2021-01-07T06:11:56+01:00
Issue 4513 - Fix schema test and lib389 task module (#4514)
Issue 4513 - Fix schema test and lib389 task module
Description: Fix the assertion in schema_test.py.
Make sure that all of the tasks are up to date
with the recent changes in the task API.
Relates: #4513
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
8bd016cc by James Chapman at 2021-01-07T10:12:11-05:00
Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476)
Bug Description: During an online ldif2db import entries that do not
conform to various constraints will be skipped and
not imported. On completition of an import with skipped
entries, the server responds with a success message
and logs the skipped entry detail to the error logs.
The success messgae could lead the user to believe
that all entries were successfully imported.
Fix Description: If a skipped entry occurs during import, the import
will continue and a warning message will be displayed.
The schema is extended with a nsTaskWarning attribute
which is used to capture and retrieve any task
warnings.
CLI tools for online import updated.
Test added to generate an incorrect ldif entry and perform an
online import.
Fixes: https://github.com/389ds/389-ds-base/issues/4419
Reviewed by: tbordaz, mreynolds389, droideck, Firstyear (Thanks)
- - - - -
09f771bc by James Chapman at 2021-01-07T10:16:03-05:00
Issue 4418 - ldif2db - offline. Warn the user of skipped entries
Bug Description: During an ldif2db import entries that do not
conform to various constraints will be skipped and not imported.
On completition of an import with skipped entries, the server
returns a success exit code and logs the skipped entry detail to
the error logs. The success exit code could lead the user to
believe that all entries were successfully imported.
Fix Description: If a skipped entry occurs during import, the
import will continue and a warning will be returned to the user.
CLI tools for offline import updated to handle warning code.
Test added to generate an incorrect ldif entry and perform an
import.
Fixes: #4418
Reviewed by: Firstyear, droideck (Thanks)
- - - - -
1bcd2b43 by Mark Reynolds at 2021-01-07T20:33:46-05:00
Issue 4381 - RFE - LDAPI authentication DN rewritter
Description: Create a new LDAPI configuration entry to specify a DN
mapping based on system user name. This also includes
a reload task.
For more information see:
https://www.port389.org/docs/389ds/design/ldapi-auto-auth-dn-design.html
Relates: https://github.com/389ds/389-ds-base/issues/4381
Reviewed by: firstyear & cheimes(Thanks!!)
Apply Firstyear's suggestions
- - - - -
65678bb3 by Mark Reynolds at 2021-01-07T20:36:13-05:00
Issue 4384 - Separate eventq into REALTIME and MONOTONIC
Description: The recent changes to the eventq "when" time changed
internally from REALTIME to MONOTONIC, and this broke
the API. Create a new API for MONOTONIC clocks, and
keep the original API intact for REALTIME clocks.
Relates: https://github.com/389ds/389-ds-base/issues/4384
Reviewed by: firstyear(Thanks!)
- - - - -
62ba2a27 by Mark Reynolds at 2021-01-07T20:37:03-05:00
Issue 4384 - Separate eventq into REALTIME and MONOTONIC
Description: The recent changes to the eventq "when" time changed
internally from REALTIME to MONOTONIC, and this broke
the API. Create a new API for MONOTONIC clocks, and
keep the original API intact for REALTIME clocks.
Relates: https://github.com/389ds/389-ds-base/issues/4384
Reviewed by: firstyear(Thanks!)
- - - - -
89367c67 by Viktor Ashirov at 2021-01-10T14:19:07+01:00
Issue 4219 - Log internal unindexed searches (notes=A)
Description:
Add a test case.
Relates: https://github.com/389ds/389-ds-base/issues/4219
Reviewed by: @mreynolds389, @droideck, @tmihinto (Thanks!)
- - - - -
acaf2235 by tbordaz at 2021-01-11T17:33:06+01:00
Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525)
Bug description:
For each returned entry, deref plugin dereferences some attribute values that refer to entries.
To do this it does an internal search (scope base) with each attribute values.
Deref plugin assumes that if internal search succeeds, a single entry is returned.
It exists cases (not identified) where internal search succeeds but returns no entry.
In such case (search succeeds but no entry returned) the server crash.
Note: wonder if DB deadlock could lead to such situation.
Fix description:
Make a hardening fix that logs warning in such case
relates: https://github.com/389ds/389-ds-base/issues/4521
Reviewed by: Mark Reynolds (thanks)
Platforms tested: F31
- - - - -
f221b9bf by tbordaz at 2021-01-11T17:37:34+01:00
Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525)
Bug description:
For each returned entry, deref plugin dereferences some attribute values that refer to entries.
To do this it does an internal search (scope base) with each attribute values.
Deref plugin assumes that if internal search succeeds, a single entry is returned.
It exists cases (not identified) where internal search succeeds but returns no entry.
In such case (search succeeds but no entry returned) the server crash.
Note: wonder if DB deadlock could lead to such situation.
Fix description:
Make a hardening fix that logs warning in such case
relates: https://github.com/389ds/389-ds-base/issues/4521
Reviewed by: Mark Reynolds (thanks)
Platforms tested: F31
- - - - -
bcd39f16 by Firstyear at 2021-01-12T12:46:37+10:00
Issue 4506 - BUG - Fix bounds on fd table population (#4520)
Bug Description: While investigating 4506 it was noticed that
it was possible to exceed the capacity of the connection table
fd array if you had many listeners and a large number of
connections. The number of connections required and in the
correct state to cause this is in the thousands and would
be infeasible in reality, but it is still worth defending
from this.
Fix Description: Add the correct bound on the while loop
setting up the fd for polling.
relates: https://github.com/389ds/389-ds-base/issues/4506
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
1485f60b by Firstyear at 2021-01-12T12:47:38+10:00
Issue 4506 - BUG - Fix bounds on fd table population (#4520)
Bug Description: While investigating 4506 it was noticed that
it was possible to exceed the capacity of the connection table
fd array if you had many listeners and a large number of
connections. The number of connections required and in the
correct state to cause this is in the thousands and would
be infeasible in reality, but it is still worth defending
from this.
Fix Description: Add the correct bound on the while loop
setting up the fd for polling.
relates: https://github.com/389ds/389-ds-base/issues/4506
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
279556bc by progier389 at 2021-01-12T11:06:24+01:00
Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527)
- - - - -
f8f52754 by progier389 at 2021-01-12T11:20:24+01:00
Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527)
(cherry picked from commit 279556bc78ed743d7a053069621d999ec045866f)
- - - - -
78f6203d by progier389 at 2021-01-12T13:57:13+01:00
Issue 4504 - pytest test_dsconf_replication_monitor fails on RHEL - Fix merging issue (#4530)
* Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL)
* Issue #4504 - Fix pytest test_dsconf_replication_monitor on RHEL
* Issue #4504 - Fix pytest test_dsconf_replication_monitor on RHEL
- - - - -
f06181b2 by Barbora Simonova at 2021-01-12T15:39:08+01:00
Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt
Description:
The config value of nsslapd-nagle is now set to 'off' by default.
Added a test case, that checks the value.
Relates: https://github.com/389ds/389-ds-base/issues/4315
Reviewed by: droideck (Thanks!)
- - - - -
a880fddc by progier389 at 2021-01-12T17:45:41+01:00
Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533)
- - - - -
74a6ce5a by progier389 at 2021-01-12T18:12:41+01:00
Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533)
(cherry picked from commit a880fddc192414d6283ea6832491b7349e5471dc)
- - - - -
279b68d5 by Mark Reynolds at 2021-01-12T12:42:02-05:00
Issue 4513 - CI Tests - fix test failures
Description:
Fixed tests in these suites: basic, entryuuid, filter, lib389, and schema
relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: progier(Thanks!)
- - - - -
6dd37b4f by Robbie Harwood at 2021-01-13T09:42:26+10:00
Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523)
Bug description:
set_krb5_creds() creates a principal with an empty string for a realm,
and assumes this will function as a wildcard. However, this behavior is
not a guarantee that krb5 provides; dependent on canonicalization
settings, it could result in later failures in SASL.
Fix description:
Remove set_krb5_creds(). Previously, this function existed in order to
treat the keytab at KRB5_KTNAME as a source of initiator credentials.
However, since krb5-1.11, there is a separate environment variable
KRB5_CLIENT_KTNAME that provides this functionality.
In the process, remove the unused Heimdal vestiges. In
773e89898d995f4dfecbe872dd6679f4ae2e542d , the semantics of HAVE_KRB5
were changed to refer to specifically MIT krb5. As a result, none of
the Kerberos goo has run against Heimdal since then. When Heimdal has a
feature release, it will also support KRB5_CLIENT_KTNAME, and so this
code will work with it too.
relates: https://github.com/389ds/389-ds-base/issues/4537
Author: Robbie Harwood <rharwood at redhat.com>
Review by: @Firstyear, @mreynolds389, @droideck (Thanks!)
- - - - -
ef8328f7 by Mark Reynolds at 2021-01-13T08:57:35-05:00
Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated
Bug Description:
If a backend is not replicated then healthcheck backend cl_trimming check will
throw an exception. Now dsctl catches this error and moves on, but ipa healthcheck
complains becuase it is directly using the API.
Fix Description:
Catch the exception is rpelciation is not enabled, and just move to the next check.
Fixes: https://github.com/389ds/389-ds-base/issues/4535
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
85187885 by Mark Reynolds at 2021-01-13T08:58:14-05:00
Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated
Bug Description:
If a backend is not replicated then healthcheck backend cl_trimming check will
throw an exception. Now dsctl catches this error and moves on, but ipa healthcheck
complains becuase it is directly using the API.
Fix Description:
Catch the exception is rpelciation is not enabled, and just move to the next check.
Fixes: https://github.com/389ds/389-ds-base/issues/4535
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
290c408a by Simon Pichugin at 2021-01-13T15:16:08+01:00
Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529)
Bug Description: While doing a ldapsearch on "cn=monitor" is
throwing err=32 with -s one.
Fix Description: 'cn=monitor' is not a real entry so we should not
trying to check if the searched suffix (cm=monitor or its children)
belongs to the searched backend.
Fixes: #4528
Reviewed by: @mreynolds389 @Firstyear @tbordaz (Thanks!)
- - - - -
224d76f4 by Simon Pichugin at 2021-01-13T15:23:27+01:00
Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529)
Bug Description: While doing a ldapsearch on "cn=monitor" is
throwing err=32 with -s one.
Fix Description: 'cn=monitor' is not a real entry so we should not
trying to check if the searched suffix (cm=monitor or its children)
belongs to the searched backend.
Fixes: #4528
Reviewed by: @mreynolds389 @Firstyear @tbordaz (Thanks!)
- - - - -
c2d38610 by Mark Reynolds at 2021-01-13T10:49:13-05:00
Issue 4513 - CI Tests - fix test failures
Description:
Fixed tests in these suites: basic, entryuuid, filter, lib389, and schema
relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: progier(Thanks!)
- - - - -
ffc9f525 by Firstyear at 2021-01-14T09:08:09+10:00
Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540)
Bug Description: If no overlays were configured in openldap, the migration
would fail with no such file or directory.
Fix Description: Check if the overlay folder in slapd.d exists as python
listdir can not handle if the directory does not exist.
fixes: https://github.com/389ds/389-ds-base/issues/4539
Author: William Brown <william at blackhats.net.au>
Review by: @droideck (Thanks!)
- - - - -
f965835a by Firstyear at 2021-01-14T09:08:52+10:00
Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540)
Bug Description: If no overlays were configured in openldap, the migration
would fail with no such file or directory.
Fix Description: Check if the overlay folder in slapd.d exists as python
listdir can not handle if the directory does not exist.
fixes: https://github.com/389ds/389-ds-base/issues/4539
Author: William Brown <william at blackhats.net.au>
Review by: @droideck (Thanks!)
- - - - -
6d17ca7d by Mark Reynolds at 2021-01-14T13:16:20-05:00
Bump version to 2.0.2
- - - - -
2bee54eb by Mark Reynolds at 2021-01-14T16:47:25-05:00
Update rpm.mk for RUST tarballs
- - - - -
77e1e414 by Mark Reynolds at 2021-01-14T16:58:30-05:00
Issue 4381 - RFE - LDAPI authentication DN rewritter
Description: Create a new LDAPI configuration entry to specify a DN
mapping based on system user name. This also includes
a reload task.
For more information see:
https://www.port389.org/docs/389ds/design/ldapi-auto-auth-dn-design.html
Relates: https://github.com/389ds/389-ds-base/issues/4381
Reviewed by: firstyear & cheimes(Thanks!!)
Apply Firstyear's suggestions
- - - - -
b90b673c by Mark Reynolds at 2021-01-14T17:22:13-05:00
Issue 4418 - fix cherry-pick error
Description: Fix copy and paste error in slapi_task_set_warning()
relates: https://github.com/389ds/389-ds-base/issues/4534
Reviewed by: mreynold(one line commit rule)
- - - - -
ebdf2525 by Mark Reynolds at 2021-01-14T17:27:39-05:00
Bump version to 1.4.4.10
- - - - -
54a74194 by Robbie Harwood at 2021-01-15T08:43:38+10:00
Issue 4544 - Compiler warnings on krb5 functions (#4545)
Bug description: 6dd37b4fa801b64af0f26293c359a08d744661b2
introduced compiler warnings on unused code.
Fix description: Remove the dead code.
relates: https://github.com/389ds/389-ds-base/issues/4544
Author: Robbie Harwood <rharwood at redhat.com>
Review by: @Firstyear @mreynolds389
- - - - -
111774dc by progier389 at 2021-01-18T15:01:08+01:00
Issue 4534 - libasan read buffer overflow in filtercmp (#4541)
- - - - -
e0e1803c by progier389 at 2021-01-18T15:13:32+01:00
Issue 4534 - libasan read buffer overflow in filtercmp (#4541)
(cherry picked from commit 111774dcc74f9b216f929e641bcc376f20e8c6f2)
- - - - -
9015bff2 by Mark Reynolds at 2021-01-18T09:54:30-05:00
Issue 4535 - lib389 - Fix log function in backends.py
Description: Had a typo for the log function in a lint test that
is breaking freeipa healthcheck
Relates: https://github.com/389ds/389-ds-base/issues/4535
Reviewed by: mreynolds (one line commit rule)
- - - - -
552c6c68 by Mark Reynolds at 2021-01-18T09:57:35-05:00
Issue 4535 - lib389 - Fix log function in backends.py
Description: Had a typo for the log function in a lint test that
is breaking freeipa healthcheck
Relates: https://github.com/389ds/389-ds-base/issues/4535
Reviewed by: mreynolds (one line commit rule)
- - - - -
e4f282e1 by Firstyear at 2021-01-19T11:31:17+10:00
Issue 4506 - Temporary fix for io issues (#4516)
Issue 4506 - RFE - connection accept thread
Bug Description: Previously we accepted connections and
selected for new work in the same event loop. This could
cause connection table polling to delay accepts, and
accepts to delay connection activity from being ready.
Fix Description: This seperates those functions allowing
accept to occur in parallel to our normal work.
fixes: https://github.com/389ds/389-ds-base/issues/4506
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @progier389 (Thanks!)
- - - - -
b50e7452 by Simon Pichugin at 2021-01-19T12:11:40-05:00
Issue 4513 - Fix schema test and lib389 task module (#4514)
Issue 4513 - Fix schema test and lib389 task module
Description: Fix the assertion in schema_test.py.
Make sure that all of the tasks are up to date
with the recent changes in the task API.
Relates: #4513
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
a4a53e1e by Mark Reynolds at 2021-01-20T11:10:50-05:00
Issue 4548 - CLI - dsconf needs better root DN access control plugin validation
Description: There is no validation done for any of the root DN access control
plugin settings.
Relates: https://github.com/389ds/389-ds-base/issues/4548
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
a3534437 by Mark Reynolds at 2021-01-20T11:13:28-05:00
Issue 4548 - CLI - dsconf needs better root DN access control plugin validation
Description: There is no validation done for any of the root DN access control
plugin settings.
Relates: https://github.com/389ds/389-ds-base/issues/4548
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
f3bedfda by Firstyear at 2021-01-21T10:12:57+10:00
Issue 4506 - BUG - fix oob alloc for fds (#4555)
Bug Description: during review it was requested that a piece
of code be changed which seemed quite innocent. The code was
moved but the logic around the code wasn't considered
causing the fd array for the accept thread to be allocated with
a size of zero, causing the values to be lost.
Fix Description: Move the allocation to the correct location.
fixes: https://github.com/389ds/389-ds-base/issues/4506
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck
- - - - -
071793f2 by Akshay Adhikari at 2021-01-21T13:01:27+01:00
Issue 4153 - Added a CI test (#4556)
Bug Description: The numSubordinates value doesn't always match the number of direct subordinate(s)
Relates: #4153
Reviewed by: @droideck
- - - - -
3d0b4990 by Timo Aaltonen at 2021-01-21T21:23:17+02:00
Merge branch 'upstream'
- - - - -
14a6bc9b by Timo Aaltonen at 2021-01-21T21:23:39+02:00
bump the version
- - - - -
cb7efc29 by Timo Aaltonen at 2021-01-21T21:57:08+02:00
CVE-2017-15135.patch: Refreshed.
- - - - -
85f4708c by Timo Aaltonen at 2021-01-21T21:57:21+02:00
source: Update diff-ignore.
- - - - -
07208253 by Timo Aaltonen at 2021-01-21T21:58:38+02:00
install: Drop libsds which got removed.
- - - - -
17c9218c by Timo Aaltonen at 2021-01-21T22:09:56+02:00
control: Add libnss3-tools to cockpit-389-ds Depends. (Closes: #965004)
- - - - -
53ce2607 by Timo Aaltonen at 2021-01-21T22:16:27+02:00
control: Drop python3-six from depends.
- - - - -
98378d49 by Timo Aaltonen at 2021-01-21T22:22:35+02:00
releasing package 389-ds-base version 1.4.4.10-1
- - - - -
4f4807f0 by Simon Pichugin at 2021-01-22T11:45:57+01:00
Issue 4513 - Fix replication CI test failures (#4557)
Description: Divide regression test suite into separate
files with different topologies to use. It fixes topology
conflicts that may occurre.
Fix cleanup finalizer at topo_with_sigkill fixture.
Remove rfc2307compat test suite as it's not valid
as we don't ship 10rfc2307.ldif anymore.
https://github.com/389ds/389-ds-base/pull/4388/
Relates: #4513
Reviewed by: @mreynolds389, @Firstyear
- - - - -
6ea32f9f by Simon Pichugin at 2021-01-22T16:17:30+01:00
Issue 4513 - Fix replication CI test failures (#4557)
Desciption: Add missing tests from previous commit.
Relates: #4513
Reviewed by: @mreynolds, @Firstyear (Thanks!)
- - - - -
3038c598 by Barbora Simonova at 2021-01-25T15:31:51+01:00
Update metadata for customerscenario in test docstring
Description:
Update metadata for customerscenario in test docstring to be properly imported in Polarion.
- - - - -
b8b822cc by bsimonova at 2021-01-25T16:28:10+01:00
Revert "Update metadata for customerscenario in test docstring"
This reverts commit 3038c59861acf4f30d5100b1c4d163fa9d5d9085.
- - - - -
16e40086 by Mark Reynolds at 2021-01-25T14:23:07-05:00
Bump version to 1.4.4.11
- - - - -
4513cc46 by James Chapman at 2021-01-26T10:29:42+00:00
Issue 4396 - Minor memory leak in backend (#4558)
Bug Description: As multiple suffixes per backend were no longer used, this
functionality has been replaced with a single suffix per backend. Legacy
code remains that adds multiple suffixes to the dse internal backend,
resulting in memory allocations that are lost.
Also a minor typo is corrected in backend.c
Fix Description: Calls to be_addsuffix on the DSE backend are removed
as they are never used.
Fixes: https://github.com/389ds/389-ds-base/issues/4396
Reviewed by: mreynolds389, Firstyear, droideck (Thank you)
- - - - -
533c5740 by Mark Reynolds at 2021-01-26T11:17:29-05:00
Issue 5442 - Search results are different between RHDS10 and RHDS11
Bug Description: In 1.4.x we introduced a change that was overly strict about
how a search on a non-existent subtree returned its error code.
It was changed from returning an error 32 to an error 0 with
zero entries returned.
Fix Description: When finding the entry and processing acl's make sure to
gather the aci's that match the resource even if the resource
does not exist. This requires some extra checks when processing
the target attribute.
relates: https://github.com/389ds/389-ds-base/issues/4542
Reviewed by: firstyear, elkris, and tbordaz (Thanks!)
Apply Thierry's changes
round 2
Apply more suggestions from Thierry
- - - - -
d641e852 by Mark Reynolds at 2021-01-26T11:18:37-05:00
Issue 5442 - Search results are different between RHDS10 and RHDS11
Bug Description: In 1.4.x we introduced a change that was overly strict about
how a search on a non-existent subtree returned its error code.
It was changed from returning an error 32 to an error 0 with
zero entries returned.
Fix Description: When finding the entry and processing acl's make sure to
gather the aci's that match the resource even if the resource
does not exist. This requires some extra checks when processing
the target attribute.
relates: https://github.com/389ds/389-ds-base/issues/4542
Reviewed by: firstyear, elkris, and tbordaz (Thanks!)
Apply Thierry's changes
round 2
Apply more suggestions from Thierry
- - - - -
fe0f6152 by Simon Pichugin at 2021-01-26T17:50:20+01:00
Issue 4513 - Add DS version check to SSL version test (#4570)
Description: Starting from Fedora 33, cryptographic protocols
(TLS 1.0 and TLS 1.1) were moved to LEGACY
Add a 389-ds-base version check so we don't check for the policies
if DS is newer than 1.4.3.
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
Relates: #4513
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
abb93243 by tbordaz at 2021-01-26T18:02:44+01:00
Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569)
Bug description:
The entry cache is protected with recursive mutex. Currently it is
implemented using PR_Monitor (NSPR). When the entry cache mutex
becomes the bottleneck (for example base search searchrate on
the same entry), using pthread recursive mutex gives 8% benefit.
Fix description:
Changing the c_mutex from PR_Monitor to pthread recursive mutex
relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: Mark Reynolds, Simon Pichugin
Platforms tested: F31
- - - - -
14f67ebe by tbordaz at 2021-01-26T18:08:28+01:00
Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569)
Bug description:
The entry cache is protected with recursive mutex. Currently it is
implemented using PR_Monitor (NSPR). When the entry cache mutex
becomes the bottleneck (for example base search searchrate on
the same entry), using pthread recursive mutex gives 8% benefit.
Fix description:
Changing the c_mutex from PR_Monitor to pthread recursive mutex
relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: Mark Reynolds, Simon Pichugin
Platforms tested: F31
- - - - -
96edca86 by James Chapman at 2021-01-27T09:56:38+00:00
Issue 4396 - Minor memory leak in backend (#4558) (#4572)
Bug Description: As multiple suffixes per backend were no longer used, this
functionality has been replaced with a single suffix per backend. Legacy
code remains that adds multiple suffixes to the dse internal backend,
resulting in memory allocations that are lost.
Also a minor typo is corrected in backend.c
Fix Description: Calls to be_addsuffix on the DSE backend are removed
as they are never used.
Fixes: https://github.com/389ds/389-ds-base/issues/4396
Reviewed by: mreynolds389, Firstyear, droideck (Thank you)
- - - - -
ba0e91b4 by tbordaz at 2021-01-27T11:58:38+01:00
Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553)
Bug description:
When an operation complete, it was retrieved in the pending list with
the address of the Operation structure. In case of POST OP nested operations
the same address can be reused. So when completing an operation there could be
a confusion which operation actually completed.
A second problem is that if an update its DB_DEADLOCK, the BETXN_PREOP can
be called several times. During retry, the operation is already in the pending
list.
Fix description:
The fix defines a new operation extension (sync_persist_extension_type).
This operation extension contains an index (idx_pl) of the op_pl in the
the pending list.
And additional safety fix is to dump the pending list in case it becomes large (>10).
The pending list is dumped with SLAPI_LOG_PLUGIN.
When there is a retry (operation extension exists) the call to sync_update_persist_betxn_pre_op
becomes a NOOP: the operation is not added again in the pending list.
relates: https://github.com/389ds/389-ds-base/issues/4526
Reviewed by: William Brown (Thanks !!)
Platforms tested: F31 & F33
- - - - -
9f9eb91e by tbordaz at 2021-01-27T12:40:34+01:00
Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553)
Bug description:
When an operation complete, it was retrieved in the pending list with
the address of the Operation structure. In case of POST OP nested operations
the same address can be reused. So when completing an operation there could be
a confusion which operation actually completed.
A second problem is that if an update its DB_DEADLOCK, the BETXN_PREOP can
be called several times. During retry, the operation is already in the pending
list.
Fix description:
The fix defines a new operation extension (sync_persist_extension_type).
This operation extension contains an index (idx_pl) of the op_pl in the
the pending list.
And additional safety fix is to dump the pending list in case it becomes large (>10).
The pending list is dumped with SLAPI_LOG_PLUGIN.
When there is a retry (operation extension exists) the call to sync_update_persist_betxn_pre_op
becomes a NOOP: the operation is not added again in the pending list.
relates: https://github.com/389ds/389-ds-base/issues/4526
Reviewed by: William Brown (Thanks !!)
Platforms tested: F31 & F33
- - - - -
08c83d38 by Akshay Adhikari at 2021-01-27T14:30:01+01:00
Issue 4575 - Update test docstrings metadata
Description: Added customerscenario tag in test metadata for all customer tests cases
Relates: https://github.com/389ds/389-ds-base/issues/4575
Reviewed by: @vashirov
- - - - -
82777382 by Mark Reynolds at 2021-01-27T12:26:19-05:00
Issue 4093 - fix compiler warnings and update doxygen
Description: Update the doxy file (doxygen), fix compiler warnings
(x86_64, arm, and s390x), and update Rust cargo file.
relates: https://github.com/389ds/389-ds-base/issues/4093
Reviewed by: firstyear, spichugi, & progier(Thanks!!!)
- - - - -
90c48837 by tbordaz at 2021-01-28T10:39:31+01:00
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
- - - - -
900e6fdc by tbordaz at 2021-01-28T10:46:50+01:00
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
- - - - -
91737952 by Timo Aaltonen at 2021-01-28T12:28:50+02:00
Merge branch 'upstream'
- - - - -
00f87311 by Timo Aaltonen at 2021-01-28T12:29:07+02:00
bump the version
- - - - -
12527457 by Timo Aaltonen at 2021-01-28T13:03:28+02:00
fix-s390x-failure.diff: Fix a crash on big-endian architectures like s390x.
- - - - -
9c480924 by Timo Aaltonen at 2021-01-28T13:03:40+02:00
releasing package 389-ds-base version 1.4.4.11-1
- - - - -
f41fb942 by Viktor Ashirov at 2021-01-29T10:28:44+01:00
Issue 4577 - Add GitHub actions
Add first set of actions to compile project using gcc and clang.
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: @firstyear, @droideck
- - - - -
95201aa8 by Barbora Simonova at 2021-01-29T15:04:50+01:00
Issue 4348 - Add tests for dsidm
Description:
Created tests for dsidm user option and enhanced
the src/lib389/lib389/cli_idm/__init__.py and src/lib389/lib389/cli_base/__init__.py
so the output gets caught to topology LogCapture to compare the results.
Relates: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: droideck (Thanks!)
- - - - -
15109fc0 by tbordaz at 2021-02-01T09:28:25+01:00
Issue 4581 - A failed re-indexing leaves the database in broken state (#4582)
Bug description:
During reindex the numsubordinates attribute is not updated in parent entries.
The consequence is that the internal counter job->numsubordinates==0.
Later when indexing the ancestorid, the server can show the progression of this
indexing with a ratio using job->numsubordinates==0.
Division with 0 -> SIGFPE
Fix description:
if the numsubordinates is NULL, log a message without a division.
relates: https://github.com/389ds/389-ds-base/issues/4581
Reviewed by: Pierre Rogier, Mark Reynolds, Simon Pichugin, Teko Mihinto (thanks !!)
Platforms tested: F31
- - - - -
64167696 by progier389 at 2021-02-01T10:57:10+01:00
Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
- - - - -
75ef66b4 by progier389 at 2021-02-01T12:32:24+01:00
Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
(cherry picked from commit 64167696080eb664c5bc4f00ff10412a9ad8cc2c)
- - - - -
7b681e1d by Mark Reynolds at 2021-02-02T11:28:36-05:00
Bump version to 1.4.4.12
- - - - -
f38b124f by Firstyear at 2021-02-03T09:48:48+10:00
Issue 4588 - BUG - unable to compile without xcrypt (#4589)
Bug Description: If xcrypt is not available, especially on some
distros with older libraries, 389 was unable to build.
Fix Description: Detect if we have xcrypt, and if not, add
stubs that always error instead.
fixes: https://github.com/389ds/389-ds-base/issues/4588
Author: William Brown <william at blackhats.net.au>
Review by: @progier389, @jchapma, @droideck (Thanks!)
- - - - -
9347a552 by Timo Aaltonen at 2021-02-04T13:16:22+02:00
Merge branch 'upstream'
- - - - -
a11712f3 by Timo Aaltonen at 2021-02-04T13:16:42+02:00
bump the version
- - - - -
4f22163e by Viktor Ashirov at 2021-02-08T17:07:27+01:00
Issue 4577 - Add GitHub actions
Description:
* Update compilation tests to use prebuilt container images
* Add pytest workflow for dirsrvtests
Test suite matrix is generated automatically based
on the contents of the tests suites directory.
Replication test suite is split up futher to speed up test
execution.
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: ??
- - - - -
90da5570 by tbordaz at 2021-02-09T11:43:42+01:00
Issue 4600 - performance modify rate: reduce lock contention on the object extension factory (#4601)
Bug description:
object extension factory uses a simple mutex to protect allocation/destroy object.
This mutex is a NSPR mutex. Using modrate load (entry object), the mutext is the
second hottest contention. Moving it to pthread mutex moves it down to the fifth
hotest.
giving a small throughput benefit (1%)
Fix description:
Use pthread normal mutex
relates: https://github.com/389ds/389-ds-base/issues/4600
Reviewed by: Simon Pichugin, William Brown
Platforms tested: RHEL 8.3 and F31
- - - - -
ec2fc845 by Viktor Ashirov at 2021-02-09T11:49:35+01:00
Issue 4571 - Stale libdb-utils dependency
Description:
libdb-utils was used by `verify-db.pl` to work, but it's no longer needed.
Fix Description:
* Remove libdb-utils dependency from the spec file, `index_dump` tool (superseded by `db_scan`).
* Remove outdated changelog section from the spec file.
Reviewed by: @Firstyear, @droideck (Thanks!)
- - - - -
2b176205 by Barbora Simonova at 2021-02-09T13:00:29+01:00
Issue 4348 - Add tests for dsidm
Description:
Fixed missing reason for xfail mark in test_dsidm_user_get_dn.
Replaced print() statements with log.info() in cli_base and cli_idm init files.
Relates: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: droideck (Thanks!)
- - - - -
3147c2f5 by Timo Aaltonen at 2021-02-10T11:26:53+02:00
fix-s390x-failure.diff: Dropped, upstream.
- - - - -
b6aae4d8 by Mark Reynolds at 2021-02-10T09:29:31-05:00
Issue 4609 - CVE - info disclosure when authenticating
Description: If you bind as a user that does not exist. Error 49 is returned
instead of error 32. As error 32 discloses that the entry does
not exist. When you bind as an entry that does not have userpassword
set then error 48 (inappropriate auth) is returned, but this
discloses that the entry does indeed exist. Instead we should
always return error 49, even if the password is not set in the
entry. This way we do not disclose to an attacker if the Bind
DN exists or not.
Relates: https://github.com/389ds/389-ds-base/issues/4609
Reviewed by: tbordaz(Thanks!)
- - - - -
71cb9030 by Mark Reynolds at 2021-02-10T09:33:10-05:00
Issue 4609 - CVE - info disclosure when authenticating
Description: If you bind as a user that does not exist. Error 49 is returned
instead of error 32. As error 32 discloses that the entry does
not exist. When you bind as an entry that does not have userpassword
set then error 48 (inappropriate auth) is returned, but this
discloses that the entry does indeed exist. Instead we should
always return error 49, even if the password is not set in the
entry. This way we do not disclose to an attacker if the Bind
DN exists or not.
Relates: https://github.com/389ds/389-ds-base/issues/4609
Reviewed by: tbordaz(Thanks!)
- - - - -
137db805 by progier389 at 2021-02-10T19:18:00+01:00
issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613)
- - - - -
fc69ddb9 by Firstyear at 2021-02-11T15:12:38+10:00
Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
Bug Description: Improve the --help page, and finish wiring in some
features.
Fix Description: Wire in exclusion of attributes/schema for migration.
fixes: https://github.com/389ds/389-ds-base/issues/4591
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @droideck
- - - - -
3e09bff1 by Viktor Ashirov at 2021-02-11T15:26:16+01:00
Issue 4577 - Add GitHub actions
Description:
* Enable IPv6 support for docker daemon
* Set server.example.com as FQDN for container
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: @droideck (Thanks!)
- - - - -
946f2048 by Mark Reynolds at 2021-02-11T10:19:25-05:00
Issue 4149 - UI - port TreeView and opther components to PF4
Description: This ports all th TreeViews to PF4, and also does some proof
of concept changes for PF3 to PF4 migration. There is much
more needed, but this does not break anything
relates: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
- - - - -
20b9ec53 by Jack at 2021-02-12T11:40:05+10:00
Update dscontainer (#4564)
Issue 4564 - RFE - Add suffix to dscontainer rc file
Bug Description: The suffix was not added before, adding a hurdle to
automatic admin of the container instance
Fix Description: If the suffix is set, add it to the created rc file.
fixes: https://github.com/389ds/389-ds-base/pull/4564
Author: @Jackbennett
Review by: @Firstyear
- - - - -
66221963 by progier389 at 2021-02-12T12:34:22+01:00
Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm
A massive change (https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html) that implements and use the dbimpl API in the backend.
- - - - -
145e27fa by Simon Pichugin at 2021-02-12T13:12:51+01:00
Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
Description: RHDS instance will fail to start if the TLS server
certificate nickname doesn't match the value of the configuration
parameter "nsSSLPersonalitySSL".
The mismatch typically happens when customers copy the NSS DB from
a previous instance or export the certificate's data but forget to set
the "nsSSLPersonalitySSL" value accordingly.
Log an additional message which should help a user to set up
nsSSLPersonalitySSL correctly.
Fixes: #4593
Reviewed by: @Firstyear (Thanks!)
- - - - -
8d40f278 by Simon Pichugin at 2021-02-12T13:15:13+01:00
Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
Description: RHDS instance will fail to start if the TLS server
certificate nickname doesn't match the value of the configuration
parameter "nsSSLPersonalitySSL".
The mismatch typically happens when customers copy the NSS DB from
a previous instance or export the certificate's data but forget to set
the "nsSSLPersonalitySSL" value accordingly.
Log an additional message which should help a user to set up
nsSSLPersonalitySSL correctly.
Fixes: #4593
Reviewed by: @Firstyear (Thanks!)
- - - - -
a7766ffb by Mark Reynolds at 2021-02-12T12:28:53-05:00
Issue 4324 - Some architectures the cache line size file does not exist
Bug Description: When optimizing our mutexes we check for a system called
coherency_line_size that contains the size value, but if
the file did not exist the server would crash in PR_Read
(NULL pointer for fd).
Fix Description: Check PR_Open() was successfully before calling PR_Read().
Relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: tbordaz(Thanks!)
- - - - -
d4c2ab38 by Mark Reynolds at 2021-02-12T12:32:05-05:00
Issue 4324 - Some architectures the cache line size file does not exist
Bug Description: When optimizing our mutexes we check for a system called
coherency_line_size that contains the size value, but if
the file did not exist the server would crash in PR_Read
(NULL pointer for fd).
Fix Description: Check PR_Open() was successfully before calling PR_Read().
Relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: tbordaz(Thanks!)
- - - - -
b8c4510b by Firstyear at 2021-02-12T14:22:54-05:00
Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
Bug Description: Improve the --help page, and finish wiring in some
features.
Fix Description: Wire in exclusion of attributes/schema for migration.
fixes: https://github.com/389ds/389-ds-base/issues/4591
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @droideck
- - - - -
ffa4563d by Jack at 2021-02-12T14:28:15-05:00
Update dscontainer (#4564)
Issue 4564 - RFE - Add suffix to dscontainer rc file
Bug Description: The suffix was not added before, adding a hurdle to
automatic admin of the container instance
Fix Description: If the suffix is set, add it to the created rc file.
fixes: https://github.com/389ds/389-ds-base/pull/4564
Author: @Jackbennett
Review by: @Firstyear
- - - - -
6841d693 by Mark Reynolds at 2021-02-12T14:32:48-05:00
Bump version to 1.4.4.13
- - - - -
07b5a79a by progier389 at 2021-02-12T20:52:48+01:00
Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618)
see design document https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html
- - - - -
404e278e by Mark Reynolds at 2021-02-12T15:11:18-05:00
Issue 4615 - log message when psearch first exceeds max threads per conn
Desciption: When a connection hits max threads per conn for the first time
log a message in the error. This will help customers diagnosis
misbehaving clients.
Fixes: https://github.com/389ds/389-ds-base/issues/4615
Reviewed by: progier389(Thanks!)
- - - - -
6fcdfad7 by Mark Reynolds at 2021-02-12T15:13:14-05:00
Issue 4615 - log message when psearch first exceeds max threads per conn
Desciption: When a connection hits max threads per conn for the first time
log a message in the error. This will help customers diagnosis
misbehaving clients.
Fixes: https://github.com/389ds/389-ds-base/issues/4615
Reviewed by: progier389(Thanks!)
- - - - -
53075a88 by Mark Reynolds at 2021-02-12T15:16:12-05:00
Issue 4619 - remove pytest requirement from lib389
Description: Remove the requirement for pytest from lib389, it causes
unneeded package requirements on Fedora/RHEL.
Fixes: https://github.com/389ds/389-ds-base/issues/4619
Reviewed by: mreynolds(one line commit rule)
- - - - -
48259831 by Mark Reynolds at 2021-02-12T15:16:53-05:00
Issue 4619 - remove pytest requirement from lib389
Description: Remove the requirement for pytest from lib389, it causes
unneeded package requirements on Fedora/RHEL.
Fixes: https://github.com/389ds/389-ds-base/issues/4619
Reviewed by: mreynolds(one line commit rule)
- - - - -
a355b30b by Mark Reynolds at 2021-02-12T15:28:16-05:00
Bump version to 2.0.3
- - - - -
a2af7c54 by Mark Reynolds at 2021-02-17T20:14:01-05:00
Issue 4513 - CI - make acl ip address tests more robust
Description: The tests aumme the system is using IPv6 loopback address, but it
should still check for IPv4 loopback.
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: ?
- - - - -
4e3b2d31 by Mark Reynolds at 2021-02-17T20:15:41-05:00
Issue 4513 - CI - make acl ip address tests more robust
Description: The tests aumme the system is using IPv6 loopback address, but it
should still check for IPv4 loopback.
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: ?
- - - - -
845e0f9f by Barbora Simonova at 2021-02-18T10:38:26+01:00
Issue 2820 - Fix CI test suite issues
Description:
tickets/ticket48961_test.py was failing in CI nightly runs.
Fixed the failure by changing the code to use DSLdapObject
and moved the code into the config test suite.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: droideck (Thanks!)
- - - - -
0f2b46ea by Mark Reynolds at 2021-02-19T08:45:36-05:00
Issue 4169 - UI - port charts to PF4
Description: Ported the charts under the monitor tab to use PF4 sparkline charts
and provide realtime stats on the the caches.
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
2108b4f6 by James Chapman at 2021-02-19T16:32:22+00:00
Issue 4595 - Paged search lookthroughlimit bug (#4602)
Bug Description: During a paged search with lookthroughlimit enabled,
lookthroughcount is used to keep track of how many entries are
examined. A paged search reads ahead one entry to catch the end of the
search so it doesn't show the prompt when there are no more entries.
lookthroughcount doesn't take read ahead into account when tracking
how many entries have been examined.
Fix Description: Keep lookthroughcount in sync with read ahead by
by decrementing it during read ahead roll back.
Fixes: https://github.com/389ds/389-ds-base/issues/4595
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: droideck, mreynolds389, Firstyear, progier389 (Many thanks)
- - - - -
66b92a3f by Mark Reynolds at 2021-02-19T17:24:35-05:00
Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection
Description: Replace all the CustomCollapse components with PF4
ExpandableSection component.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
1c6adb37 by Mark Reynolds at 2021-02-22T16:21:02-05:00
Issue 4169 - UI - Migrate alerts to PF4
Description: Migrate the toast notifications to PF4 Alerts.
Also fixed a refresh problem on the Tuning page.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
9bdd9ec3 by tbordaz at 2021-02-23T08:58:37+01:00
Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
Bug description:
When an operation is flagged OP_FLAG_NOOP, it skips BETXN plugins but calls POST plugins.
For sync_repl, betxn (sync_update_persist_betxn_pre_op) creates an operation extension to be
consumed by the post (sync_update_persist_op). In case of OP_FLAG_NOOP, there is no
operation extension.
Fix description:
Test that the operation is OP_FLAG_NOOP if the operation extension is missing
relates: https://github.com/389ds/389-ds-base/issues/4649
Reviewed by: William Brown (thanks)
Platforms tested: F31
- - - - -
58725517 by tbordaz at 2021-02-23T10:24:04+01:00
Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
Bug description:
When an operation is flagged OP_FLAG_NOOP, it skips BETXN plugins but calls POST plugins.
For sync_repl, betxn (sync_update_persist_betxn_pre_op) creates an operation extension to be
consumed by the post (sync_update_persist_op). In case of OP_FLAG_NOOP, there is no
operation extension.
Fix description:
Test that the operation is OP_FLAG_NOOP if the operation extension is missing
relates: https://github.com/389ds/389-ds-base/issues/4649
Reviewed by: William Brown (thanks)
Platforms tested: F31
- - - - -
f581979f by tbordaz at 2021-02-23T13:42:31+01:00
Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET..
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump..
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31
- - - - -
3687e1ca by tbordaz at 2021-02-23T13:43:44+01:00
Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET..
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump..
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31
- - - - -
60e35aac by Mark Reynolds at 2021-02-23T11:52:38-05:00
Issue 4646 - CLI/UI - revise DNA plugin management
Bug Description:
There was a false assumption that you have to create the shared DNA
server configuration entry, but in fact the server creates and manages
this entry. The only thing you should edit in this entry are the
remote Bind Method and Connection Protocol.
Fix Description:
Remove the options to create the shared config entry, and edit the
core/reserved attributes.
Also fixed some issues where we were not showing CLI plugin output in
proper JSON. This required some changes to the UI as well.
Relates: https://github.com/389ds/389-ds-base/issues/4646
Reviewed by: spichugi(Thanks!)
- - - - -
e86389b4 by Mark Reynolds at 2021-02-23T11:53:20-05:00
Issue 4646 - CLI/UI - revise DNA plugin management
Bug Description:
There was a false assumption that you have to create the shared DNA
server configuration entry, but in fact the server creates and manages
this entry. The only thing you should edit in this entry are the
remote Bind Method and Connection Protocol.
Fix Description:
Remove the options to create the shared config entry, and edit the
core/reserved attributes.
Also fixed some issues where we were not showing CLI plugin output in
proper JSON. This required some changes to the UI as well.
Relates: https://github.com/389ds/389-ds-base/issues/4646
Reviewed by: spichugi(Thanks!)
- - - - -
65a55129 by Simon Pichugin at 2021-02-24T13:34:02+01:00
Issue 4513 - Fix replication CI test failures (#4557)
Description: Divide regression test suite into separate
files with different topologies to use. It fixes topology
conflicts that may occurre.
Fix cleanup finalizer at topo_with_sigkill fixture.
Remove rfc2307compat test suite as it's not valid
as we don't ship 10rfc2307.ldif anymore.
https://github.com/389ds/389-ds-base/pull/4388/
Relates: #4513
Reviewed by: @mreynolds389, @Firstyear
- - - - -
e9b4eb59 by Simon Pichugin at 2021-02-26T15:54:29+01:00
Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645)
Description: The Fedora builds of 389-DS uses the vendored crates
to build the official packages for Rawhide. Vendoring and bundling
dependencies is in violation of Fedora policies. As an upstream project
we are free to ship vendored code. But as a downstream Fedora project
we must not use the vendored code.
Add a tool that will help to generate 'Provides: bundled(crate(foo)) = version'
for Cargo.lock file content.
Replace License field which should contain all of the package licenses
we bundle in the specfile.
Fixes: https://github.com/389ds/389-ds-base/issues/4643
Reviewed by: @Firstyear, @decathorpe, @mreynolds389 (Thanks!)
- - - - -
3fc16ccc by Firstyear at 2021-03-02T11:15:31+10:00
Issue 4588 - BUG - unable to compile without xcrypt (#4589)
Bug Description: If xcrypt is not available, especially on some
distros with older libraries, 389 was unable to build.
Fix Description: Detect if we have xcrypt, and if not, add
stubs that always error instead.
fixes: https://github.com/389ds/389-ds-base/issues/4588
Author: William Brown <william at blackhats.net.au>
Review by: @progier389, @jchapma, @droideck (Thanks!)
- - - - -
e8b93a6b by Mark Reynolds at 2021-03-03T15:33:51-05:00
Issue 4169 - UI - updates on the tuning page are not reflected in the UI
Bug Description: We were not reloading the configuration after applying
to the server. So the UI would appear to reset to the
previous value.
Fix Description: This was fixed in master branch as part of a different
effort to move to PF4. Back porting that part of the
fix to 1.4.4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
aefc1acb by progier389 at 2021-03-08T21:12:57+01:00
issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin
Merge of a fix in cl5_clcache.c (changelog cache restarts from begining if large update)
Rebase with master
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm - fix test_maxbersize_repl pytest failure
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix indent issue
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix merge issue
manual Merge of fix about changelog cache iteration restarting from beginning in case of large update + automatic rebase to master
* Issue 4552 - Backend redesign phase 3b - fix indent issue + random crash and memory leak in tombstone handling
- - - - -
c25d385f by Mark Reynolds at 2021-03-09T12:37:20-05:00
Merge pull request #4664 from mreynolds389/issue4663
Issue 4663 - CLI - unable to add objectclass/attribute without x-origin
- - - - -
85fabb6f by Mark Reynolds at 2021-03-09T12:39:44-05:00
Issue 4663 - CLI - unable to add objectclass/attribute without x-origin
- - - - -
714add9e by Firstyear at 2021-03-10T12:45:36+10:00
Issue 4659 - restart after openldap migration to enable plugins (#4660)
Bug Description: Rather than requesting the user to do the fixup
which also relies on them to know to restart after enabling the
plugins, we should restart and do the fixup.
Fix Description: Restart before we do post tasks.
fixes: https://github.com/389ds/389-ds-base/issues/4659
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
d3c7f40a by Firstyear at 2021-03-10T12:46:09+10:00
Issue 4659 - restart after openldap migration to enable plugins (#4660)
Bug Description: Rather than requesting the user to do the fixup
which also relies on them to know to restart after enabling the
plugins, we should restart and do the fixup.
Fix Description: Restart before we do post tasks.
fixes: https://github.com/389ds/389-ds-base/issues/4659
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
cf0eb4dd by Firstyear at 2021-03-10T12:59:11+10:00
Issue 4661 - RFE - allow importing openldap schemas (#4662)
Bug Description: Many applications only publish schemas in
openldap formats. We should be able to import them.
Fix Description: Add a dsconf tool that allows online
importing of these schemas. This uses the migration framework
underneath so that we avoid code duplication.
fixes: https://github.com/389ds/389-ds-base/issues/4661
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks!)
- - - - -
12b25060 by Firstyear at 2021-03-10T12:59:35+10:00
Issue 4661 - RFE - allow importing openldap schemas (#4662)
Bug Description: Many applications only publish schemas in
openldap formats. We should be able to import them.
Fix Description: Add a dsconf tool that allows online
importing of these schemas. This uses the migration framework
underneath so that we avoid code duplication.
fixes: https://github.com/389ds/389-ds-base/issues/4661
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks!)
- - - - -
19eb28db by Mark Reynolds at 2021-03-10T10:37:03-05:00
Issue 4656 - Remove problematic language from UI/CLI/lib389
Description: Replace "master" and "slave" with more appropriate names
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: firstyear(Thanks!)
- - - - -
f3c13129 by Mark Reynolds at 2021-03-11T08:50:31-05:00
Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down
Bug Description: If a custom path is used for something like the backup directory,
dsctl will still use the default path from defaults.inf..
Fix Description: When initializing the default Paths consult dse.ldif for some
of the paths.
relates: https://github.com/389ds/389-ds-base/issues/4459
Reviewed by: firstyear(Thanks!)
- - - - -
e8a4c61b by Mark Reynolds at 2021-03-11T08:51:06-05:00
Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down
Bug Description: If a custom path is used for something like the backup directory,
dsctl will still use the default path from defaults.inf..
Fix Description: When initializing the default Paths consult dse.ldif for some
of the paths.
relates: https://github.com/389ds/389-ds-base/issues/4459
Reviewed by: firstyear(Thanks!)
- - - - -
f32cd6d1 by Mark Reynolds at 2021-03-11T09:24:21-05:00
Issue 4656 - Remove problematic language from UI/CLI/lib389
Description: Replace "master" and "slave" with more appropriate names
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: firstyear(Thanks!)
- - - - -
6fddab6d by Mark Reynolds at 2021-03-11T09:59:57-05:00
Issue 4656 - Make replication CLI backwards compatible with role name change
Description: All replication role names to be backawards compatible with
problematic language changes
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: mreynolds
- - - - -
d5fdea90 by Mark Reynolds at 2021-03-11T10:12:46-05:00
Issue 4656 - remove problematic language from ds-replcheck
Description: remove master from ds-replcheck and replace it with supplier
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: mreynolds
e with '#' will be ignored, and an empty message aborts the commit.
- - - - -
1827c76d by Mark Reynolds at 2021-03-15T16:50:37-04:00
Issue 4169 - UI - migrate modals to PF4
Description: Updated the Modals to PF4. Also had to redesign DNA and
Managed Entry plugin pages. Other minor improvements were
made.
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
47a23847 by Mark Reynolds at 2021-03-15T23:31:01-04:00
Issue 4658 - monitor - connection start date is incorrect
Description: The connection start time was incorrectly set to a
MONTONIC time instead of a REALTIME. This just sets
the start time to REALTIME and the "idletimeout" to
MONOTONIC as originally intended.
Relates: https://github.com/389ds/389-ds-base/issues/4658
Reviewed by: mreynolds (one line commit rule)
- - - - -
a6b7d062 by Mark Reynolds at 2021-03-15T23:35:24-04:00
Issue 4658 - monitor - connection start date is incorrect
Description: The connection start time was incorrectly set to a
MONTONIC time instead of a REALTIME. This just sets
the start time to REALTIME and the "idletimeout" to
MONOTONIC as originally intended.
Relates: https://github.com/389ds/389-ds-base/issues/4658
Reviewed by: mreynolds (one line commit rule)
- - - - -
aec1b449 by Mark Reynolds at 2021-03-16T09:53:53-04:00
Issue 4673 - Update Rust crates
Description: Update the bare minimum rust dependencies so that a build will complete
Relates: https://github.com/389ds/389-ds-base/issues/4673
Reviewed by: mreynolds
- - - - -
e5da97bf by Mark Reynolds at 2021-03-17T09:48:25-04:00
Issue 4229 - Fix Rust linking
Description: Fixed a build problem related to:
- undefined reference to symbol
- error adding symbols: DSO missing from command line
Relates: https://github.com/389ds/389-ds-base/issues/4229
Reviewed by: mreynolds
- - - - -
b190d1fb by Mark Reynolds at 2021-03-17T09:51:15-04:00
Issue 4229 - Fix Rust linking
Description: Fixed a build problem related to:
- undefined reference to symbol
- error adding symbols: DSO missing from command line
Relates: https://github.com/389ds/389-ds-base/issues/4229
Reviewed by: mreynolds
- - - - -
06db4a85 by Gilbert Kimetto at 2021-03-17T10:52:17-04:00
Issue 4654 Updates to tickets/ticket48234_test.py (#4654)
* IDMDS-1068 Update failing ticket48234_test.py test
* IDMDS-1068 Update failing ticket48234_test.py test
* [INTEROP-4009] CodeReady Studio on OpenShift - Run locally
* [INTEROP-4009] CodeReady Studio on OpenShift - Run locally
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 - Updates to tickets/ticket48234_test.py
Bug Description:
Update to tickets/ticket48234_test.py which are currently failing and using
soon to be obsolete classes
Fix Description:
Updated tickets/ticket48234_test.py and ported to the suites directory
Updated to utilise the DSLDAPObject class methods
relates: <The Issue URL>
Author: Gilbert Kimetto
Reviewed by: ???
IDMDS-1068 Update failing ticket48234_test.py test
[INTEROP-4009] CodeReady Studio on OpenShift - Run locally
[INTEROP-4009] CodeReady Studio on OpenShift - Run locally
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4609 - CVE - info disclosure when authenticating
Description: If you bind as a user that does not exist. Error 49 is returned
instead of error 32. As error 32 discloses that the entry does
not exist. When you bind as an entry that does not have userpassword
set then error 48 (inappropriate auth) is returned, but this
discloses that the entry does indeed exist. Instead we should
always return error 49, even if the password is not set in the
entry. This way we do not disclose to an attacker if the Bind
DN exists or not.
Relates: https://github.com/389ds/389-ds-base/issues/4609
Reviewed by: tbordaz(Thanks!)
* issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613)
* Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
Bug Description: Improve the --help page, and finish wiring in some
features.
Fix Description: Wire in exclusion of attributes/schema for migration.
fixes: https://github.com/389ds/389-ds-base/issues/4591
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @droideck
* Issue 4577 - Add GitHub actions
Description:
* Enable IPv6 support for docker daemon
* Set server.example.com as FQDN for container
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: @droideck (Thanks!)
* Issue 4149 - UI - port TreeView and opther components to PF4
Description: This ports all th TreeViews to PF4, and also does some proof
of concept changes for PF3 to PF4 migration. There is much
more needed, but this does not break anything
relates: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
* Update dscontainer (#4564)
Issue 4564 - RFE - Add suffix to dscontainer rc file
Bug Description: The suffix was not added before, adding a hurdle to
automatic admin of the container instance
Fix Description: If the suffix is set, add it to the created rc file.
fixes: https://github.com/389ds/389-ds-base/pull/4564
Author: @Jackbennett
Review by: @Firstyear
* Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm
A massive change (https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html) that implements and use the dbimpl API in the backend.
* Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
Description: RHDS instance will fail to start if the TLS server
certificate nickname doesn't match the value of the configuration
parameter "nsSSLPersonalitySSL".
The mismatch typically happens when customers copy the NSS DB from
a previous instance or export the certificate's data but forget to set
the "nsSSLPersonalitySSL" value accordingly.
Log an additional message which should help a user to set up
nsSSLPersonalitySSL correctly.
Fixes: #4593
Reviewed by: @Firstyear (Thanks!)
* Issue 4324 - Some architectures the cache line size file does not exist
Bug Description: When optimizing our mutexes we check for a system called
coherency_line_size that contains the size value, but if
the file did not exist the server would crash in PR_Read
(NULL pointer for fd).
Fix Description: Check PR_Open() was successfully before calling PR_Read().
Relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: tbordaz(Thanks!)
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618)
see design document https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html
* Issue 4615 - log message when psearch first exceeds max threads per conn
Desciption: When a connection hits max threads per conn for the first time
log a message in the error. This will help customers diagnosis
misbehaving clients.
Fixes: https://github.com/389ds/389-ds-base/issues/4615
Reviewed by: progier389(Thanks!)
* Issue 4619 - remove pytest requirement from lib389
Description: Remove the requirement for pytest from lib389, it causes
unneeded package requirements on Fedora/RHEL.
Fixes: https://github.com/389ds/389-ds-base/issues/4619
Reviewed by: mreynolds(one line commit rule)
* Bump version to 2.0.3
* Issue 4513 - CI - make acl ip address tests more robust
Description: The tests aumme the system is using IPv6 loopback address, but it
should still check for IPv4 loopback.
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: ?
* Issue 2820 - Fix CI test suite issues
Description:
tickets/ticket48961_test.py was failing in CI nightly runs.
Fixed the failure by changing the code to use DSLdapObject
and moved the code into the config test suite.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: droideck (Thanks!)
* Issue 4169 - UI - port charts to PF4
Description: Ported the charts under the monitor tab to use PF4 sparkline charts
and provide realtime stats on the the caches.
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
* Issue 4595 - Paged search lookthroughlimit bug (#4602)
Bug Description: During a paged search with lookthroughlimit enabled,
lookthroughcount is used to keep track of how many entries are
examined. A paged search reads ahead one entry to catch the end of the
search so it doesn't show the prompt when there are no more entries.
lookthroughcount doesn't take read ahead into account when tracking
how many entries have been examined.
Fix Description: Keep lookthroughcount in sync with read ahead by
by decrementing it during read ahead roll back.
Fixes: https://github.com/389ds/389-ds-base/issues/4595
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: droideck, mreynolds389, Firstyear, progier389 (Many thanks)
* Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection
Description: Replace all the CustomCollapse components with PF4
ExpandableSection component.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4169 - UI - Migrate alerts to PF4
Description: Migrate the toast notifications to PF4 Alerts.
Also fixed a refresh problem on the Tuning page.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
* Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
Bug description:
When an operation is flagged OP_FLAG_NOOP, it skips BETXN plugins but calls POST plugins.
For sync_repl, betxn (sync_update_persist_betxn_pre_op) creates an operation extension to be
consumed by the post (sync_update_persist_op). In case of OP_FLAG_NOOP, there is no
operation extension.
Fix description:
Test that the operation is OP_FLAG_NOOP if the operation extension is missing
relates: https://github.com/389ds/389-ds-base/issues/4649
Reviewed by: William Brown (thanks)
Platforms tested: F31
* Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET..
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump..
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31
* Issue 4646 - CLI/UI - revise DNA plugin management
Bug Description:
There was a false assumption that you have to create the shared DNA
server configuration entry, but in fact the server creates and manages
this entry. The only thing you should edit in this entry are the
remote Bind Method and Connection Protocol.
Fix Description:
Remove the options to create the shared config entry, and edit the
core/reserved attributes.
Also fixed some issues where we were not showing CLI plugin output in
proper JSON. This required some changes to the UI as well.
Relates: https://github.com/389ds/389-ds-base/issues/4646
Reviewed by: spichugi(Thanks!)
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645)
Description: The Fedora builds of 389-DS uses the vendored crates
to build the official packages for Rawhide. Vendoring and bundling
dependencies is in violation of Fedora policies. As an upstream project
we are free to ship vendored code. But as a downstream Fedora project
we must not use the vendored code.
Add a tool that will help to generate 'Provides: bundled(crate(foo)) = version'
for Cargo.lock file content.
Replace License field which should contain all of the package licenses
we bundle in the specfile.
Fixes: https://github.com/389ds/389-ds-base/issues/4643
Reviewed by: @Firstyear, @decathorpe, @mreynolds389 (Thanks!)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin
Merge of a fix in cl5_clcache.c (changelog cache restarts from begining if large update)
Rebase with master
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm - fix test_maxbersize_repl pytest failure
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix indent issue
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix merge issue
manual Merge of fix about changelog cache iteration restarting from beginning in case of large update + automatic rebase to master
* Issue 4552 - Backend redesign phase 3b - fix indent issue + random crash and memory leak in tombstone handling
* Merge pull request #4664 from mreynolds389/issue4663
Issue 4663 - CLI - unable to add objectclass/attribute without x-origin
Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 - Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
Bug Description:
- Update ticket48234_test.py to verify tests on RHEL 7/8 and Fedora
- Update deprecated "*_s" methods to leverage the DSLDAPObject class
- Move test from the current location in ../tickets to appropriate ../suites/aci/* directory
Fix Description:
- Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
relates:
Author: Gilbert Kimetto
Reviewed by: ???
Co-authored-by: Mark Reynolds <mreynolds at redhat.com>
Co-authored-by: progier389 <progier at redhat.com>
Co-authored-by: Firstyear <william at blackhats.net.au>
Co-authored-by: Viktor Ashirov <vashirov at redhat.com>
Co-authored-by: Jack <me at jackben.net>
Co-authored-by: Simon Pichugin <spichugi at redhat.com>
Co-authored-by: Barbora Simonova <bsmejkal at redhat.com>
Co-authored-by: James Chapman <jachapma at redhat.com>
Co-authored-by: tbordaz <tbordaz at redhat.com>
- - - - -
6def0ac9 by progier389 at 2021-03-18T12:34:04+01:00
Issue 4648 - Fix some issues and improvement around CI tests (#4651)
* Issue 4648 - Fix some issues and improvement around CI tests
* Issue 4648 - Fix some issues and improvement around CI tests
- - - - -
e249c0dd by Mark Reynolds at 2021-03-18T09:16:18-04:00
Issue 4169 - UI - Add PF4 charts for server stats
Description: Added charts for current connections (that does NOT use cn=monitor),
server memory size and CPU usage.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi & tmihinto (Thanks!!)
- - - - -
72726e42 by Mark Reynolds at 2021-03-18T13:17:43-04:00
Issue 4671 - UI - Fix browser crashes
Description: if schema attributes were missing x-origin it would crash the browser,
and in Monitor -> Replication, if the replication agreement is in an
odd state, and the lag was not computable, it could also crash the UI.
Relates: https://github.com/389ds/389-ds-base/issues/4671
Reviewed by: mreynolds (one line commit rule)
- - - - -
8d081684 by Mark Reynolds at 2021-03-18T13:20:49-04:00
Issue 4671 - UI - Fix browser crashes
Description: if schema attributes were missing x-origin it would crash the browser,
and in Monitor -> Replication, if the replication agreement is in an
odd state, and the lag was not computable, it could also crash the UI.
Relates: https://github.com/389ds/389-ds-base/issues/4671
Reviewed by: mreynolds (one line commit rule)
- - - - -
37dc9567 by Thierry Bordaz at 2021-03-19T14:02:36+01:00
Bump version to 1.4.4.14
- - - - -
8069de9c by Firstyear at 2021-03-24T08:59:15+10:00
Issue 4666 - BUG - cb_ping_farm can fail with anonymous binds disabled (#4669)
Bug Description: cb_ping_farm had a combination of issues that made it
possible to fail in high load or odd situations. First it used anonymous
binds instead of the same credentials as the chaining process. Second
it used a NULL search DN, meaning it would use the default BASE configured
in /etc/openldap/ldap.conf. Depending on per-site configuration this
could cause the cb_ping_farm check to fail infinitly until restart
of the instance.
Fix Description: Change chaining cb_ping_farm to bind with the same
credentials as the chaining configuration, and change the target base
dn to the DN of the suffix that we are chaining to.
fixes: https://github.com/389ds/389-ds-base/issues/4666
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
741e7a72 by Akshay Adhikari at 2021-03-24T16:22:23+01:00
Issue 4127 - With Accounts/Account module delete fuction is not working (#4697)
Description: Added a test to verify delete function is working with Accounts/Account
Relates: https://github.com/389ds/389-ds-base/issues/4127
Reviewed by: @droideck
- - - - -
0c51de73 by Barbora Simonova at 2021-03-29T18:04:14+02:00
Issue 3585 - LDAP server returning controltype in different sequence
Description:
Added a test to check sequence of ldap controlType returned
when there are remaining or exhausted grace login.
Automation was not possible until now because of bug 1757699 in python-ldap
where no controls were returned in the error message after exception was raised
with exhausted grace login. The bug is fixed now.
Relates: https://github.com/389ds/389-ds-base/issues/3585
Reviewed by: droideck (Thanks!)
- - - - -
ed477340 by Mark Reynolds at 2021-03-29T15:19:53-04:00
Issue 4706 - negative wtime in access log for CMP operations
Description: We forgot to set the start time for compare operations,
this led to invalid values in the access log for optime
and wtime.
relates: https://github.com/389ds/389-ds-base/issues/4706
Reviewed by: mreynolds (one line commit ruile)
- - - - -
2cda79bc by Mark Reynolds at 2021-03-29T15:21:49-04:00
Issue 4706 - negative wtime in access log for CMP operations
Description: We forgot to set the start time for compare operations,
this led to invalid values in the access log for optime
and wtime.
relates: https://github.com/389ds/389-ds-base/issues/4706
Reviewed by: mreynolds (one line commit ruile)
- - - - -
54db3f7d by Mark Reynolds at 2021-03-29T21:04:29-04:00
Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736
Description: Adjust perl and python scripts shebangs for be absolute values
relates: https://github.com/389ds/389-ds-base/issues/2736
Reviewed by: firstyear(Thanks!)
- - - - -
67177489 by Mark Reynolds at 2021-03-29T21:05:00-04:00
Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736
Description: Adjust perl and python scripts shebangs for be absolute values
relates: https://github.com/389ds/389-ds-base/issues/2736
Reviewed by: firstyear(Thanks!)
- - - - -
ecd7e71d by Mark Reynolds at 2021-03-30T13:50:10-04:00
Issue 2736 - remove remaining perl references
Description: Remove all perl shebang mangling code.
relates: https://github.com/389ds/389-ds-base/issues/2736
Reviewed by: mreynolds
- - - - -
29ee6d2e by progier389 at 2021-03-31T14:59:23+02:00
issue 4585 - backend redesign phase 3c - dbregion test removal (#4665)
* issue 4585 - backend redesign phase 3c - dbregion test removal
* Issue 4585 - backend redesign phase 3c - dbregion test removal
* Issue 4585 - Backend redesign phase 3c - remove import_lock_fd
- - - - -
e4dfa12b by Mark Reynolds at 2021-03-31T09:30:46-04:00
Issue 4169 - UI - migrate monitor tables to PF4
Description: Migrate from PF3 tables to PF4 tables. This patch mostly
hanles the tables underthe monitor tab, but there are many
more tables that need migrating.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
ba598c79 by Gilbert Kimetto at 2021-04-01T10:20:28-04:00
Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4710)
* IDMDS-1068 Update failing ticket48234_test.py test
* IDMDS-1068 Update failing ticket48234_test.py test
* [INTEROP-4009] CodeReady Studio on OpenShift - Run locally
* [INTEROP-4009] CodeReady Studio on OpenShift - Run locally
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 - Updates to tickets/ticket48234_test.py
Bug Description:
Update to tickets/ticket48234_test.py which are currently failing and using
soon to be obsolete classes
Fix Description:
Updated tickets/ticket48234_test.py and ported to the suites directory
Updated to utilise the DSLDAPObject class methods
relates: <The Issue URL>
Author: Gilbert Kimetto
Reviewed by: ???
IDMDS-1068 Update failing ticket48234_test.py test
[INTEROP-4009] CodeReady Studio on OpenShift - Run locally
[INTEROP-4009] CodeReady Studio on OpenShift - Run locally
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4609 - CVE - info disclosure when authenticating
Description: If you bind as a user that does not exist. Error 49 is returned
instead of error 32. As error 32 discloses that the entry does
not exist. When you bind as an entry that does not have userpassword
set then error 48 (inappropriate auth) is returned, but this
discloses that the entry does indeed exist. Instead we should
always return error 49, even if the password is not set in the
entry. This way we do not disclose to an attacker if the Bind
DN exists or not.
Relates: https://github.com/389ds/389-ds-base/issues/4609
Reviewed by: tbordaz(Thanks!)
* issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613)
* Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
Bug Description: Improve the --help page, and finish wiring in some
features.
Fix Description: Wire in exclusion of attributes/schema for migration.
fixes: https://github.com/389ds/389-ds-base/issues/4591
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @droideck
* Issue 4577 - Add GitHub actions
Description:
* Enable IPv6 support for docker daemon
* Set server.example.com as FQDN for container
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: @droideck (Thanks!)
* Issue 4149 - UI - port TreeView and opther components to PF4
Description: This ports all th TreeViews to PF4, and also does some proof
of concept changes for PF3 to PF4 migration. There is much
more needed, but this does not break anything
relates: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
* Update dscontainer (#4564)
Issue 4564 - RFE - Add suffix to dscontainer rc file
Bug Description: The suffix was not added before, adding a hurdle to
automatic admin of the container instance
Fix Description: If the suffix is set, add it to the created rc file.
fixes: https://github.com/389ds/389-ds-base/pull/4564
Author: @Jackbennett
Review by: @Firstyear
* Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm
A massive change (https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html) that implements and use the dbimpl API in the backend.
* Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
Description: RHDS instance will fail to start if the TLS server
certificate nickname doesn't match the value of the configuration
parameter "nsSSLPersonalitySSL".
The mismatch typically happens when customers copy the NSS DB from
a previous instance or export the certificate's data but forget to set
the "nsSSLPersonalitySSL" value accordingly.
Log an additional message which should help a user to set up
nsSSLPersonalitySSL correctly.
Fixes: #4593
Reviewed by: @Firstyear (Thanks!)
* Issue 4324 - Some architectures the cache line size file does not exist
Bug Description: When optimizing our mutexes we check for a system called
coherency_line_size that contains the size value, but if
the file did not exist the server would crash in PR_Read
(NULL pointer for fd).
Fix Description: Check PR_Open() was successfully before calling PR_Read().
Relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: tbordaz(Thanks!)
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618)
see design document https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html
* Issue 4615 - log message when psearch first exceeds max threads per conn
Desciption: When a connection hits max threads per conn for the first time
log a message in the error. This will help customers diagnosis
misbehaving clients.
Fixes: https://github.com/389ds/389-ds-base/issues/4615
Reviewed by: progier389(Thanks!)
* Issue 4619 - remove pytest requirement from lib389
Description: Remove the requirement for pytest from lib389, it causes
unneeded package requirements on Fedora/RHEL.
Fixes: https://github.com/389ds/389-ds-base/issues/4619
Reviewed by: mreynolds(one line commit rule)
* Bump version to 2.0.3
* Issue 4513 - CI - make acl ip address tests more robust
Description: The tests aumme the system is using IPv6 loopback address, but it
should still check for IPv4 loopback.
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: ?
* Issue 2820 - Fix CI test suite issues
Description:
tickets/ticket48961_test.py was failing in CI nightly runs.
Fixed the failure by changing the code to use DSLdapObject
and moved the code into the config test suite.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: droideck (Thanks!)
* Issue 4169 - UI - port charts to PF4
Description: Ported the charts under the monitor tab to use PF4 sparkline charts
and provide realtime stats on the the caches.
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
* Issue 4595 - Paged search lookthroughlimit bug (#4602)
Bug Description: During a paged search with lookthroughlimit enabled,
lookthroughcount is used to keep track of how many entries are
examined. A paged search reads ahead one entry to catch the end of the
search so it doesn't show the prompt when there are no more entries.
lookthroughcount doesn't take read ahead into account when tracking
how many entries have been examined.
Fix Description: Keep lookthroughcount in sync with read ahead by
by decrementing it during read ahead roll back.
Fixes: https://github.com/389ds/389-ds-base/issues/4595
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: droideck, mreynolds389, Firstyear, progier389 (Many thanks)
* Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection
Description: Replace all the CustomCollapse components with PF4
ExpandableSection component.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4169 - UI - Migrate alerts to PF4
Description: Migrate the toast notifications to PF4 Alerts.
Also fixed a refresh problem on the Tuning page.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
* Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
Bug description:
When an operation is flagged OP_FLAG_NOOP, it skips BETXN plugins but calls POST plugins.
For sync_repl, betxn (sync_update_persist_betxn_pre_op) creates an operation extension to be
consumed by the post (sync_update_persist_op). In case of OP_FLAG_NOOP, there is no
operation extension.
Fix description:
Test that the operation is OP_FLAG_NOOP if the operation extension is missing
relates: https://github.com/389ds/389-ds-base/issues/4649
Reviewed by: William Brown (thanks)
Platforms tested: F31
* Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET..
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump..
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31
* Issue 4646 - CLI/UI - revise DNA plugin management
Bug Description:
There was a false assumption that you have to create the shared DNA
server configuration entry, but in fact the server creates and manages
this entry. The only thing you should edit in this entry are the
remote Bind Method and Connection Protocol.
Fix Description:
Remove the options to create the shared config entry, and edit the
core/reserved attributes.
Also fixed some issues where we were not showing CLI plugin output in
proper JSON. This required some changes to the UI as well.
Relates: https://github.com/389ds/389-ds-base/issues/4646
Reviewed by: spichugi(Thanks!)
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645)
Description: The Fedora builds of 389-DS uses the vendored crates
to build the official packages for Rawhide. Vendoring and bundling
dependencies is in violation of Fedora policies. As an upstream project
we are free to ship vendored code. But as a downstream Fedora project
we must not use the vendored code.
Add a tool that will help to generate 'Provides: bundled(crate(foo)) = version'
for Cargo.lock file content.
Replace License field which should contain all of the package licenses
we bundle in the specfile.
Fixes: https://github.com/389ds/389-ds-base/issues/4643
Reviewed by: @Firstyear, @decathorpe, @mreynolds389 (Thanks!)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin
Merge of a fix in cl5_clcache.c (changelog cache restarts from begining if large update)
Rebase with master
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm - fix test_maxbersize_repl pytest failure
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix indent issue
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix merge issue
manual Merge of fix about changelog cache iteration restarting from beginning in case of large update + automatic rebase to master
* Issue 4552 - Backend redesign phase 3b - fix indent issue + random crash and memory leak in tombstone handling
* Merge pull request #4664 from mreynolds389/issue4663
Issue 4663 - CLI - unable to add objectclass/attribute without x-origin
Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 - Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
Bug Description:
- Update ticket48234_test.py to verify tests on RHEL 7/8 and Fedora
- Update deprecated "*_s" methods to leverage the DSLDAPObject class
- Move test from the current location in ../tickets to appropriate ../suites/aci/* directory
Fix Description:
- Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
relates:
Author: Gilbert Kimetto
Reviewed by: ???
* Test new password policy attribute "pwdReset by DM user
Description: Verify that the DM user is not permitted to
change the password policy attribute "pwdReset.
Reviewed by: ?
Co-authored-by: Mark Reynolds <mreynolds at redhat.com>
Co-authored-by: progier389 <progier at redhat.com>
Co-authored-by: Firstyear <william at blackhats.net.au>
Co-authored-by: Viktor Ashirov <vashirov at redhat.com>
Co-authored-by: Jack <me at jackben.net>
Co-authored-by: Simon Pichugin <spichugi at redhat.com>
Co-authored-by: Barbora Simonova <bsmejkal at redhat.com>
Co-authored-by: James Chapman <jachapma at redhat.com>
Co-authored-by: tbordaz <tbordaz at redhat.com>
- - - - -
ab0bc2e6 by tbordaz at 2021-04-02T14:05:41+02:00
Issue 4700 - Regression in winsync replication agreement (#4712)
Bug description:
#4396 fixes a memory leak but did not set 'cn=config' as
DSE backend.
It had no signicant impact unless with sidgen IPA plugin
Fix description:
revert the portion of the #4364 patch that set be_suffix
in be_addsuffix, free the suffix before setting it
relates: https://github.com/389ds/389-ds-base/issues/4700
Reviewed by: Pierre Rogier (thanks !)
Platforms tested: F33
- - - - -
be2e6636 by tbordaz at 2021-04-02T14:10:00+02:00
Issue 4700 - Regression in winsync replication agreement (#4712)
Bug description:
#4396 fixes a memory leak but did not set 'cn=config' as
DSE backend.
It had no signicant impact unless with sidgen IPA plugin
Fix description:
revert the portion of the #4364 patch that set be_suffix
in be_addsuffix, free the suffix before setting it
relates: https://github.com/389ds/389-ds-base/issues/4700
Reviewed by: Pierre Rogier (thanks !)
Platforms tested: F33
- - - - -
26d6d69b by Gilbert Kimetto at 2021-04-02T09:09:04-04:00
Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4713)
Description:
Updated the docstring for the new test test_pwdReset_by_user_DM to make it compatible for Polarion
Added a marker with the respective BugZilla
Updated results details for step 4
Relates: https://github.com/389ds/389-ds-base/issues/3965
Reviewed by: ?
- - - - -
f1f7ff12 by progier389 at 2021-04-02T15:48:50+02:00
Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (#4715)
* Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA
* Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (Added Thierry's check)
- - - - -
f4b03055 by Thierry Bordaz at 2021-04-06T11:45:21+02:00
Bump version to 1.4.4.15
- - - - -
7f6ba5a3 by Thierry Bordaz at 2021-04-07T09:46:28+02:00
Bump version to 2.0.4
- - - - -
1bd1411a by progier389 at 2021-04-07T15:56:41+02:00
issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan (#4709)
* issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan
* issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan - fix indentation
- - - - -
e542902a by Mark Reynolds at 2021-04-07T09:59:12-04:00
Issue 4169 - UI - PF4 migration - database tables
Description: Convert all the tables used by the database tab to PF4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
0a504c8e by Mark Reynolds at 2021-04-13T08:42:28-04:00
Issue 4577 - Fix ASAN flags in specfile
Description: Previously Rust and ASAN did not work together and we
had to add special conditions in the specfile file to
avoid the conflict. These checks are no longer needed
and should be removed.
relates: https://github.com/389ds/389-ds-base/issues/4577
Author: vashirov at redhat.com - Thanks!
Reviewed by: mreynolds
- - - - -
718b4537 by Mark Reynolds at 2021-04-13T08:46:26-04:00
Issue 4577 - Fix ASAN flags in specfile
Description: Previously Rust and ASAN did not work together and we
had to add special conditions in the specfile file to
avoid the conflict. These checks are no longer needed
and should be removed.
relates: https://github.com/389ds/389-ds-base/issues/4577
Author: vashirov at redhat.com - Thanks!
Reviewed by: mreynolds
- - - - -
ee3196c1 by Firstyear at 2021-04-16T10:46:12+10:00
Issue 4637 - ndn cache leak (#4724)
Bug Description: During the change of the ndn cache to rust a memory
leak was missed (probably due to asan with gcc and rust issues). This
is due to a behavioural change in how dn's were used in the original version.
Fix Description: Free the dn key since rust internally needs to clone
a copy so it can correctly free it.
This also improves the drop code in the rust, and allows environment
passthrough into startup so that external ASAN_OPTIONS can be set.
fixes: https://github.com/389ds/389-ds-base/issues/4637
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
91c1c4d0 by Firstyear at 2021-04-16T11:25:08+10:00
Issue 4637 - ndn cache leak (#4724)
Bug Description: During the change of the ndn cache to rust a memory
leak was missed (probably due to asan with gcc and rust issues). This
is due to a behavioural change in how dn's were used in the original version.
Fix Description: Free the dn key since rust internally needs to clone
a copy so it can correctly free it.
This also improves the drop code in the rust, and allows environment
passthrough into startup so that external ASAN_OPTIONS can be set.
fixes: https://github.com/389ds/389-ds-base/issues/4637
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
a67fa12b by Mark Reynolds at 2021-04-16T16:22:56-04:00
Issue 4169 - UI - migrate replication tables to PF4
Description: Migrated replication tables to PF 4 and cleaned up
replication monitoring.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
f0ef03f6 by Viktor Ashirov at 2021-04-19T18:07:21+02:00
Issue 4632 - dscontainer: SyntaxWarning: "is" with a literal.
Bug Description:
`dscontainer -H` always returns 1 because of incorrect comparison
(object instead of value).
Fix Description:
Use the euality operator `==` instead of identity operator `is`.
Relates: https://github.com/389ds/389-ds-base/issues/4300
Fixes: https://github.com/389ds/389-ds-base/issues/4632
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
40edb3cd by Mark Reynolds at 2021-04-20T12:13:38-04:00
Issue 4656 - Remove problematic language from source code
Description: replace "master" with supplier, and "slave" with consumer
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: firstyear, tbordaz, and spichugi(Thanks!!!)
Upgrade
During bootstrapping adjust the in memory plugin structure, and
the plugin slapi_entry. After bootstrapping the plugins, update
any plugin that has a dependency on the old plugin name
- - - - -
4559a89c by Viktor Ashirov at 2021-04-20T21:42:37+02:00
Issue 4729 - GitHub Actions fails to run pytest tests
Description:
Update python interpreter
Fixes: https://github.com/389ds/389-ds-base/issues/4729
Reviewed by: @droideck (Thanks!)
- - - - -
0a399a2b by James Chapman at 2021-04-24T21:37:54+01:00
Issue 4734 - import of entry with no parent warning (#4735)
Description: Online import of ldif file that contains an entry with
no parent doesnt generate a task warning.
Fixes: https://github.com/389ds/389-ds-base/issues/4734
Author: vashirov at redhat.com (Thanks)
Reviewed by: mreynolds, jchapma
- - - - -
d7eef2fc by tbordaz at 2021-04-27T09:29:32+02:00
Issue 4711 - SIGSEV with sync_repl (#4738)
Bug description:
sync_repl sends back entries identified with a unique
identifier that is 'nsuniqueid'. If 'nsuniqueid' is
missing, then it may crash
Fix description:
Check a nsuniqueid is available else returns OP_ERR
relates: https://github.com/389ds/389-ds-base/issues/4711
Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
Platforms tested: F33
- - - - -
58dbf084 by tbordaz at 2021-04-27T09:39:57+02:00
Issue 4711 - SIGSEV with sync_repl (#4738)
Bug description:
sync_repl sends back entries identified with a unique
identifier that is 'nsuniqueid'. If 'nsuniqueid' is
missing, then it may crash
Fix description:
Check a nsuniqueid is available else returns OP_ERR
relates: https://github.com/389ds/389-ds-base/issues/4711
Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
Platforms tested: F33
- - - - -
095eca41 by tbordaz at 2021-04-27T16:13:50+02:00
Issue 4740 - Fix CI lib389 userPwdPolicy and subtreePwdPolicy (#4741)
Bug description:
pwdpolicy tests in regression_test.py are failing
because of missing '%s' in debug log
Fix description:
add the '%s'
relates: https://github.com/389ds/389-ds-base/issues/4740
Reviewed by: Mark Reynolds
Platforms tested: F33
- - - - -
e501b83a by James Chapman at 2021-04-27T17:00:15+01:00
Issue 4701 - RFE - Exclude attributes from retro changelog (#4723)
Description: When the retro changelog plugin is enabled it writes the
added/modified values to the "cn-changelog" suffix. In
some cases an entries attribute values can be of a
sensitive nature and should be excluded. This RFE adds
functionality that will allow an admin exclude certain
attributes from the retro changelog DB.
Relates: https://github.com/389ds/389-ds-base/issues/4701
Reviewed by: mreynolds389, droideck (Thanks folks)
- - - - -
3250a3e4 by tbordaz at 2021-04-29T09:29:44+02:00
Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732)
Bug description:
The fix #2932 (Contention on virtual attribute lookup) reduced
contention on vattr acquiring vattr lock at the operation
level rather than at the attribute level (filter and
returned attr).
The fix #2932 is invalid. it can lead to deadlock scenario
(3 threads). A vattr writer (new cos/schema) blocks
an update thread that hold DB pages and later needs vattr.
Then if a reader (holding vattr) blocks vattr writer and later
needs the same DB pages, there is a deadlock.
The decisions are:
- revert #2932 (this issue)
- Skip contention if deployement has no vattr #4678
- reduce contention with new approaches
(COW and/or cache vattr struct in each thread)
no issue opened
Fix description:
The fix reverts #2932
relates: https://github.com/389ds/389-ds-base/issues/4667
Reviewed by: William Brown, Simon Pichugin
Platforms tested: F33
- - - - -
6446fe27 by tbordaz at 2021-04-29T11:40:09+02:00
Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732)
Bug description:
The fix #2932 (Contention on virtual attribute lookup) reduced
contention on vattr acquiring vattr lock at the operation
level rather than at the attribute level (filter and
returned attr).
The fix #2932 is invalid. it can lead to deadlock scenario
(3 threads). A vattr writer (new cos/schema) blocks
an update thread that hold DB pages and later needs vattr.
Then if a reader (holding vattr) blocks vattr writer and later
needs the same DB pages, there is a deadlock.
The decisions are:
- revert #2932 (this issue)
- Skip contention if deployement has no vattr #4678
- reduce contention with new approaches
(COW and/or cache vattr struct in each thread)
no issue opened
Fix description:
The fix reverts #2932
relates: https://github.com/389ds/389-ds-base/issues/4667
Reviewed by: William Brown, Simon Pichugin
Platforms tested: F33
- - - - -
13420e5c by Mark Reynolds at 2021-04-29T14:14:05-04:00
Issue 4169 - UI - Migrate Server, Security, and Schema tables to PF4
Description: Migrate these tables to PF4 tables.
Also added spinning buttons.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
5598abba by Mark Reynolds at 2021-04-30T08:40:54-04:00
Issue 4742 - UI - should always use LDAPI path when calling CLI
Bug Description:
In some places in the UI code we call dsconf like:
dsconf -j slapd-instance ...
Instead of:
dsconf -j "ldapi://%2fvar%2frun%2fslapd-" + this.props.serverId + ".socket"
The problem is that if you setup the ".dsrc" file to use something other than LDAPI then the UI hangs.
Fix Description:
We need to always call the CLI using the LDAP socket.
Relates: https://github.com/389ds/389-ds-base/issues/4742
Reviewed by: spichugi(Thanks!)
- - - - -
4ba0f07d by Mark Reynolds at 2021-04-30T08:43:08-04:00
Issue 4742 - UI - should always use LDAPI path when calling CLI
Bug Description:
In some places in the UI code we call dsconf like:
dsconf -j slapd-instance ...
Instead of:
dsconf -j "ldapi://%2fvar%2frun%2fslapd-" + this.props.serverId + ".socket"
The problem is that if you setup the ".dsrc" file to use something other than LDAPI then the UI hangs.
Fix Description:
We need to always call the CLI using the LDAP socket.
Relates: https://github.com/389ds/389-ds-base/issues/4742
Reviewed by: spichugi(Thanks!)
- - - - -
e0cf8a9c by James Chapman at 2021-04-30T13:54:02+00:00
Issue 4701 - RFE - Exclude attributes from retro changelog (#4723)
Description: When the retro changelog plugin is enabled it writes the
added/modified values to the "cn-changelog" suffix. In
some cases an entries attribute values can be of a
sensitive nature and should be excluded. This RFE adds
functionality that will allow an admin exclude certain
attributes from the retro changelog DB.
Relates: https://github.com/389ds/389-ds-base/issues/4701
Reviewed by: mreynolds389, droideck (Thanks folks)
- - - - -
f6938036 by James Chapman at 2021-05-04T15:48:10+01:00
Issue 4750 - Fix compiler warning in retrocl (#4751)
Description: An unused variable generates a compiler warning.
Fix description: Remove unused variable. Modify CI test to restart the test instance instead
of using dynamic plugins.
Fixes: https://github.com/389ds/389-ds-base/issues/4750
Relates: https://github.com/389ds/389-ds-base/issues/4701
Reviewed by: jchapma (One line commit rule)
- - - - -
a7943349 by Viktor Ashirov at 2021-05-05T09:33:58+02:00
Issue 4714 - dscontainer fails with rootless podman
Bug Description:
shutil.copy2 attempts to preserve metadata, but in a container without
privileges we don't have access to set xattrs. With rootless podman this
triggers an AVC denial and causes dscontainer to fail when a shared
data volume is reused.
Fix Description:
Use shutil.copy instead.
Reviewed by: @Firstyear (Thanks!)
Fixes: https://github.com/389ds/389-ds-base/issues/4714
- - - - -
9b62aede by James Chapman at 2021-05-05T16:46:16+01:00
Issue 4169 - UI - Migrate Buttons to PF4 (#4745)
Description: Migrate buttons from PF3 to PF4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: mreynolds389, droideck (Many thanks)
- - - - -
ad3e77d7 by tbordaz at 2021-05-06T18:50:06+02:00
Issue 4759 - Fix coverity issue (#4760)
Bug description:
with #4218 (wtime, optime in access log), hrtime is set in the
operation. But it is done before checking if the operation is
set. covscan fails
Fix description:
move the setting after verification that operation != NULL
relates: https://github.com/389ds/389-ds-base/issues/4759
Reviewed by: Simon Pichugin
Platforms tested: F34
- - - - -
8006632e by tbordaz at 2021-05-06T18:54:20+02:00
Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748)
Bug description:
Some tests (17) in the tests suite (dirsrvtest/tests/suites)
are failing although there is no regression.
It needs (long) investigations to status if failures
are due to a bug in the tests or in DS core.
Until those investigations are completes, test suites
loose a large part of its value to detect regression.
Indeed those failing tests may hide a real regression.
Fix description:
Flag failing tests with pytest.mark.flaky(max_runs=2, min_passes=1)
Additional action will be to create upstream 17 ticket to
status on each failing tests
relates: https://github.com/389ds/389-ds-base/issues/4747
Reviewed by: Simon Pichugin, Viktor Ashirov (many thanks for your
reviews and help)
Platforms tested: F33
- - - - -
70c3e9e7 by tbordaz at 2021-05-07T08:51:17+02:00
Issue 4759 - Fix coverity issue (#4760)
Bug description:
with #4218 (wtime, optime in access log), hrtime is set in the
operation. But it is done before checking if the operation is
set. covscan fails
Fix description:
move the setting after verification that operation != NULL
relates: https://github.com/389ds/389-ds-base/issues/4759
Reviewed by: Simon Pichugin
Platforms tested: F34
- - - - -
adc2c8f5 by tbordaz at 2021-05-12T14:21:04+02:00
Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727)
Bug description:
Enhance password policy to support registration password (Temporary Password Rules)
design is https://www.port389.org/docs/389ds/design/otp-password-policy.html
Fix description:
The fix introduces new password policy configuration attributes
(passwordTPR*) and entry (user) operational attributes (pwdTPR*).
It supports Temporary Password Rules (fixed use count) and validity
window (valid since-until).
During bind it checks if the TPR limits are violated.
During password update it computes and set
operational attributed (pwdTPR*).
Note: a previous version of the fix/design mentioned
this feature as 'One Time Password'. This naming was confusing
and the current version replace it with 'Temporary Password
Rules' (aka TPR). If it remains some 'OTP' code/comments
it is a mistake.
relates: https://github.com/389ds/389-ds-base/issues/4725
Reviewed by: William Brown (Thanks !!!)
Platforms tested: F33
- - - - -
db47dfcb by tbordaz at 2021-05-12T14:33:33+02:00
Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727)
Bug description:
Enhance password policy to support registration password (Temporary Password Rules)
design is https://www.port389.org/docs/389ds/design/otp-password-policy.html
Fix description:
The fix introduces new password policy configuration attributes
(passwordTPR*) and entry (user) operational attributes (pwdTPR*).
It supports Temporary Password Rules (fixed use count) and validity
window (valid since-until).
During bind it checks if the TPR limits are violated.
During password update it computes and set
operational attributed (pwdTPR*).
Note: a previous version of the fix/design mentioned
this feature as 'One Time Password'. This naming was confusing
and the current version replace it with 'Temporary Password
Rules' (aka TPR). If it remains some 'OTP' code/comments
it is a mistake.
relates: https://github.com/389ds/389-ds-base/issues/4725
Reviewed by: William Brown (Thanks !!!)
Platforms tested: F33
- - - - -
2a12316b by progier389 at 2021-05-12T19:29:19+02:00
Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766)
* Issue 4765 - database suffix unexpectdly changed from .db to .db4
* Issue 4765 - database suffix unexpectdly changed from .db to .db4 - fix some compilation warnings
- - - - -
6ca3fb97 by Mark Reynolds at 2021-05-17T09:21:49-04:00
Issue 4770 - Lower FIPS logging severity
Description: If FIPS is not available on a system we log errors messages
with the severity level of ERR, but it's not really an error
so it should be changed to NOTICE.
relates: https://github.com/389ds/389-ds-base/issues/4770
Reviewed by: mreynolds (one line commit rule)
- - - - -
56299aef by Mark Reynolds at 2021-05-17T09:24:51-04:00
Issue 4770 - Lower FIPS logging severity
Description: If FIPS is not available on a system we log errors messages
with the severity level of ERR, but it's not really an error
so it should be changed to NOTICE.
relates: https://github.com/389ds/389-ds-base/issues/4770
Reviewed by: mreynolds (one line commit rule)
- - - - -
b6d8de51 by Thierry Bordaz at 2021-05-17T17:21:51+02:00
Issue 4725 - Fix compiler warnings
- - - - -
49a5f1c1 by Thierry Bordaz at 2021-05-17T17:24:03+02:00
Issue 4725 - Fix compiler warnings
- - - - -
66bbfee8 by tbordaz at 2021-05-18T12:29:29-04:00
Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748)
Bug description:
Some tests (17) in the tests suite (dirsrvtest/tests/suites)
are failing although there is no regression.
It needs (long) investigations to status if failures
are due to a bug in the tests or in DS core.
Until those investigations are completes, test suites
loose a large part of its value to detect regression.
Indeed those failing tests may hide a real regression.
Fix description:
Flag failing tests with pytest.mark.flaky(max_runs=2, min_passes=1)
Additional action will be to create upstream 17 ticket to
status on each failing tests
relates: https://github.com/389ds/389-ds-base/issues/4747
Reviewed by: Simon Pichugin, Viktor Ashirov (many thanks for your
reviews and help)
Platforms tested: F33
- - - - -
f5b2cfb3 by Mark Reynolds at 2021-05-19T12:12:47-04:00
Issue 3555 - Fix UI audit issue
Description: This does not fix all the audit errors because we need
to get off of patternfly 3 first, but this does address
a critical vulnerability and several high vulnerabilities.
relates: https://github.com/389ds/389-ds-base/issues/3555
Reviewed by: mreynolds
- - - - -
e3104967 by Mark Reynolds at 2021-05-19T12:19:15-04:00
Issue 3555 - Fix UI audit issue
Description: This does not fix all the audit errors because we need
to get off of patternfly 3 first, but this does address
a critical vulnerability and several high vulnerabilities.
relates: #3555
Reviewed by: mreynolds
- - - - -
3cbad9e8 by Simon Pichugin at 2021-05-20T14:24:25+02:00
Issue 4623 - RFE - Monitor the current DB locks (#4762)
* Issue 4623 - RFE - Monitor the current DB locks
Description: DB lock gets exhausted because of unindexed internal searches
(under a transaction). Indexing those searches is the way to prevent exhaustion.
If db lock get exhausted during a txn, it leads to db panic and the later recovery
can possibly fail. That leads to a full reinit of the instance where the db locks
got exhausted.
Add three attributes to global BDB config: "nsslapd-db-locks-monitoring-enabled",
"nsslapd-db-locks-monitoring-threshold" and "nsslapd-db-locks-monitoring-pause".
By default, nsslapd-db-locks-monitoring-enabled is turned on, nsslapd-db-locks-monitoring-threshold is set to 90% and nsslapd-db-locks-monitoring-threshold is 500ms.
When current locks are close to the maximum locks value of 90% - returning
the next candidate will fail until the maximum of locks won't be
increased or current locks are released.
The monitoring thread runs with the configurable interval of 500ms.
Add the setting to UI and CLI tools.
Fixes: https://github.com/389ds/389-ds-base/issues/4623
Reviewed by: @Firstyear, @tbordaz, @jchapma, @mreynolds389 (Thank you!!)
- - - - -
58a1591b by Mark Reynolds at 2021-05-21T13:10:27-04:00
Issue 4773 - Enable interval feature of DNA plugin
Description: Enable the dormant interval feature in DNA plugin
relates: https://github.com/389ds/389-ds-base/issues/4773
Review by: mreynolds (one line commit rule)
- - - - -
a80d6770 by Mark Reynolds at 2021-05-21T13:11:25-04:00
Issue 4773 - Enable interval feature of DNA plugin
Description: Enable the dormant interval feature in DNA plugin
relates: https://github.com/389ds/389-ds-base/issues/4773
Review by: mreynolds (one line commit rule)
- - - - -
83094c3b by MIZUTA Takeshi at 2021-05-25T11:15:49-04:00
Issue 4781 - There are some typos in man-pages
Description: Fixed the following man-page typo.
- dbscan(1)
- ldclt(1)
- rsearch(1)
- 99user.ldif(5)
- dirsrv.systemd(5)
relates: https://github.com/389ds/389-ds-base/issues/4781
- - - - -
50606d85 by MIZUTA Takeshi at 2021-05-25T11:17:28-04:00
Issue 4781 - There are some typos in man-pages
Description: Fixed the following man-page typo.
- dbscan(1)
- ldclt(1)
- rsearch(1)
- 99user.ldif(5)
- dirsrv.systemd(5)
relates: https://github.com/389ds/389-ds-base/issues/4781
- - - - -
3111a166 by Viktor Ashirov at 2021-05-26T13:11:11+02:00
Issue 2820 - Fix CI test suite issues
Bug Description:
Test collection fails due to file name clash - basic_test.py is present
in other suites too.
Fix Description:
Add a missing a __init__.py file.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: @droideck (Thanks!)
- - - - -
bba519cc by Simon Pichugin at 2021-05-26T13:39:34+02:00
Issue 4623 - RFE - Monitor the current DB locks (#4762)
Description: DB lock gets exhausted because of unindexed internal searches
(under a transaction). Indexing those searches is the way to prevent exhaustion.
If db lock get exhausted during a txn, it leads to db panic and the later recovery
can possibly fail. That leads to a full reinit of the instance where the db locks
got exhausted.
Add three attributes to global BDB config: "nsslapd-db-locks-monitoring-enabled",
"nsslapd-db-locks-monitoring-threshold" and "nsslapd-db-locks-monitoring-pause".
By default, nsslapd-db-locks-monitoring-enabled is turned on, nsslapd-db-locks-monitoring-threshold is set to 90% and nsslapd-db-locks-monitoring-threshold is 500ms.
When current locks are close to the maximum locks value of 90% - returning
the next candidate will fail until the maximum of locks won't be
increased or current locks are released.
The monitoring thread runs with the configurable interval of 500ms.
Add the setting to UI and CLI tools.
Fixes: https://github.com/389ds/389-ds-base/issues/4623
Reviewed by: @Firstyear, @tbordaz, @jchapma, @mreynolds389 (Thank you!!)
- - - - -
0cfdea7a by progier389 at 2021-05-26T16:07:43+02:00
Issue 4764 - replicated operation sometime checks ACI (#4783)
- - - - -
407a9ebe by progier389 at 2021-05-26T16:22:41+02:00
Issue 4764 - replicated operation sometime checks ACI (#4783)
(cherry picked from commit 0cfdea7abcacfca6686a6cf84dbf7ae1167f3022)
- - - - -
4763e651 by Mark Reynolds at 2021-05-27T15:18:06-04:00
Issue 4656 - Allow backward compatilbity for replication plugin name change
Description: We still need to map the plugin name from the old one to the new
one to support upgrades with other applications.
relates: https://github.com/389ds/389-ds-base/issues/4656
ASAN tested and approved
Reviewed by: abbra(Thanks!)
- - - - -
723bf037 by Mark Reynolds at 2021-05-28T13:15:46-04:00
Issue 4169 - UI - Port plugin tables to PF4
Description: port the plugins tables to PF4. This completes the entire
table migration.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: jchapman & spichugi(Thanks!!)
- - - - -
ba5578f7 by Mark Reynolds at 2021-05-28T13:21:57-04:00
Issue 4778 - RFE - Allow setting TOD for db compaction and add task
Description: Since database compaction can be costly it should be allowed
to set a time to execute it during offpeak hours. Once the
compaction interval has been met, it will wait for the configured
time of day to do the compaction. The default is just before
midnight: 23:59
A task was also created that can run compaction on demand,
and can also just target the replication changelog. This could
be used in conjunction with a cronjob for more complex
execution patterns.
ASAN tested and approved.
relates: https://github.com/389ds/389-ds-base/issues/4778
Reviewed by: spichugi(Thanks!)
- - - - -
7b583470 by Mark Reynolds at 2021-05-28T13:47:17-04:00
Issue 4778 - RFE - Allow setting TOD for db compaction and add task
Description: Since database compaction can be costly it should be allowed
to set a time to execute it during offpeak hours. Once the
compaction interval has been met, it will wait for the configured
time of day to do the compaction. The default is just before
midnight: 23:59
A task was also created that can run compaction on demand,
and can also just target the replication changelog. This could
be used in conjunction with a cronjob for more complex
execution patterns.
ASAN tested and approved.
relates: https://github.com/389ds/389-ds-base/issues/4778
Reviewed by: spichugi(Thanks!)
- - - - -
607bfbf1 by Mark Reynolds at 2021-05-30T09:41:27-04:00
Bump version to 2.0.5
- - - - -
23c28c2f by Mark Reynolds at 2021-05-30T11:15:00-04:00
Issue 4719 - lib389 - fix dsconf passthrough auth bugs
Description: This fixes issues with pass through auth subtree validation
and other fixes with adding/editting URLs and nslapd-pluginarg
attributes
Relates: https://github.com/389ds/389-ds-base/issues/4719
Reviewed by: spichugi(Thanks!)
- - - - -
f835ad25 by Mark Reynolds at 2021-05-30T11:27:33-04:00
Update npm packages
- - - - -
3d31c6c7 by Mark Reynolds at 2021-05-30T11:28:15-04:00
Bump version to 1.4.4.16
- - - - -
5fe3b0ce by Akshay Adhikari at 2021-06-02T13:30:17+02:00
Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream
Description: With RHEL 9, 389-ds-base-snmp is no longer delivered in AppStream.
We need to adapt our tests which rely on 389-ds-base-snmp, so that they are skipped if it is missing.
Fix Description: Added skipif to tests which rely on 389-ds-base-snmp
Fixes: https://github.com/389ds/389-ds-base/issues/4753
Reviewed by: ??
- - - - -
72a7aa93 by Akshay Adhikari at 2021-06-02T13:30:17+02:00
removed the snmp_present() from utils.py as we have get_rpm_version() in conftest.py
- - - - -
a38f9394 by Akshay Adhikari at 2021-06-02T13:30:17+02:00
Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream
Description: With RHEL 9, 389-ds-base-snmp is no longer delivered in AppStream.
We need to adapt our tests which rely on 389-ds-base-snmp so that they are skipped if it is missing.
Fix Description: Added skipif to tests that rely on 389-ds-base-snmp
Fixes: https://github.com/389ds/389-ds-base/issues/4753
Reviewed by: @vashirov, @sgouvern (Thanks!)
- - - - -
53f372ce by Akshay Adhikari at 2021-06-02T13:31:30+02:00
Issue 4575 Update test docstrings metadata
Description: Mapping all the test cases to the requirements.
Fix Description: Adding __init__.py file and docstrings to all the test suites
Fixes: https://github.com/389ds/389-ds-base/pull/4754
Reviewed by: @vashirov, @sgouvern (Thanks!)
- - - - -
268d1c7e by Akshay Adhikari at 2021-06-02T15:36:02+02:00
Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service
Desciption: Added a test case to verify up to 10 empty values and a negative
case to check max limit.
Relates: https://github.com/389ds/389-ds-base/issues/4379
Reviewed by: @bsimonova, @droideck (Thanks!)
- - - - -
ff830604 by Akshay Adhikari at 2021-06-02T15:36:02+02:00
Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service
Description: Added a test case to verify up to 10 empty values and a negative
case to check max limit.
Relates: https://github.com/389ds/389-ds-base/issues/4379
Reviewed by: @vashirov, @bsimonova, @droideck (Thanks!)
- - - - -
a08540a8 by James Chapman at 2021-06-03T12:56:02+00:00
Issue 4750 - Fix compiler warning in retrocl (#4751)
Description: An unused variable generates a compiler warning.
Fix description: Remove unused variable. Modify CI test to restart the test instance instead
of using dynamic plugins.
Fixes: https://github.com/389ds/389-ds-base/issues/4750
Relates: https://github.com/389ds/389-ds-base/issues/4701
Reviewed by: jchapma (One line commit rule)
- - - - -
f53b2844 by Thierry Bordaz at 2021-06-04T13:58:35+02:00
Issue 4379 - fixing regression in test_info_disclosure
- - - - -
f8e42061 by tbordaz at 2021-06-07T11:23:35+02:00
Issue 4789 - Temporary password rules are not enforce with local password policy (#4790)
Bug description:
When allocating a password policy structure (new_passwdPolicy)
it is initialized with the local policy definition or
the global one. If it exists a local policy entry, the TPR
attributes (passwordTPRMaxUse, passwordTPRDelayValidFrom and
passwordTPRDelayExpireAt) are not taken into account.
Fix description:
Take into account TPR attributes to initialize the policy
relates: https://github.com/389ds/389-ds-base/issues/4789
Reviewed by: Simon Pichugin, William Brown
Platforms tested: F34
- - - - -
a8596b08 by Mark Reynolds at 2021-06-07T13:07:36-04:00
Issue 4773 - Add CI test for DNA interval assignment
Description: Add test case for DNA interval assignment
relates: https://github.com/389ds/389-ds-base/issues/4773
Reviewed by: spichugi(Thanks!)
- - - - -
bfb3880c by Mark Reynolds at 2021-06-07T13:08:19-04:00
Issue 4773 - Add CI test for DNA interval assignment
Description: Add test case for DNA interval assignment
relates: https://github.com/389ds/389-ds-base/issues/4773
Reviewed by: spichugi(Thanks!)
- - - - -
2120af0c by Mark Reynolds at 2021-06-08T09:35:24-04:00
Issue 4447 - Crash when the Referential Integrity log is manually edited
Bug Description: If the referint log is manually edited with a string
that is not a DN the server will crash when processing
the log.
Fix Description: Check for NULL pointers when strtoking the file line.
relates: https://github.com/389ds/389-ds-base/issues/4447
Reviewed by: firstyear(Thanks!)
- - - - -
f31010ef by Mark Reynolds at 2021-06-08T09:36:06-04:00
Issue 4447 - Crash when the Referential Integrity log is manually edited
Bug Description: If the referint log is manually edited with a string
that is not a DN the server will crash when processing
the log.
Fix Description: Check for NULL pointers when strtoking the file line.
relates: https://github.com/389ds/389-ds-base/issues/4447
Reviewed by: firstyear(Thanks!)
- - - - -
2437047b by James Chapman at 2021-06-09T15:27:10+01:00
Issue 4169 - UI Migrate checkbox to PF4 (#4769)
Description: Migrate checkbox from pf3 to pf4
Button migrations missed in previous PR
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: droideck, mreynolds389 (Thank you)
- - - - -
551b5a98 by tbordaz at 2021-06-10T15:03:27+02:00
Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799)
Bug description:
The fix for ticket #3764 was broken with a missing break in a
switch. The consequence is that while setting the client IP
address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the
connection is erroneously set as replication connection.
This can lead to crash or failure of testcase
test_access_from_certain_network_only_ip.
This bug was quite hidden until the fix for #4764 is
showing it more frequently
Fix description:
Add the missing break
relates: https://github.com/389ds/389-ds-base/issues/4797
Reviewed by: Mark Reynolds
Platforms tested: F33
- - - - -
02ca55dd by tbordaz at 2021-06-10T15:07:23+02:00
Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799)
Bug description:
The fix for ticket #3764 was broken with a missing break in a
switch. The consequence is that while setting the client IP
address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the
connection is erroneously set as replication connection.
This can lead to crash or failure of testcase
test_access_from_certain_network_only_ip.
This bug was quite hidden until the fix for #4764 is
showing it more frequently
Fix description:
Add the missing break
relates: https://github.com/389ds/389-ds-base/issues/4797
Reviewed by: Mark Reynolds
Platforms tested: F33
- - - - -
23a75834 by Barbora Simonova at 2021-06-10T16:14:01+02:00
Issue 4593 - Log an additional message if the server certificate nickname doesn't match nsSSLPersonalitySSL value
Description:
Added a test to check if additional message is present in the error log
if nsSSLPersonalitySSL value does not match the certificate nickname.
Also brought back changes to ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c,
because they were removed in commit 07b5a79a3a9ec9c6d5575f2a893fd48bdcdd3c81
Relates: https://github.com/389ds/389-ds-base/issues/4593
Reviewed by: @vashirov, @Firstyear, @droideck (Thanks!)
- - - - -
da522d53 by Firstyear at 2021-06-11T12:23:37+10:00
Issue 4794 - BUG - don't capture container output (#4798)
Bug Description: It was noticed that capturing the container
output with PIPE may cause the buffer to fill up, resulting
in some tasks hanging.
Fix Description: Do not capture the process output.
fixes: https://github.com/389ds/389-ds-base/issues/4794
Author: William Brown <william at blackhats.net.au>
Review by: @vashirov, @last-ninjai
- - - - -
f542f890 by James Chapman at 2021-06-14T12:29:14+01:00
Issue 4791 - Missing dependency for RetroCL RFE (#4792)
Description: The RetroCL exclude attribute RFE is dependent on functionality of the
EntryUUID bug fix, that didn't make into the latest build. This breaks the
RetroCL exclude attr feature so we need to provide a workaround.
Fixes: https://github.com/389ds/389-ds-base/issues/4791
Relates: https://github.com/389ds/389-ds-base/pull/4723
Relates: https://github.com/389ds/389-ds-base/issues/4224
Reviewed by: tbordaz, droideck (Thank you)
- - - - -
a16a6532 by tbordaz at 2021-06-15T16:18:23+02:00
Issue 4789 - Temporary password rules are not enforce with local password policy (#4790)
Bug description:
When allocating a password policy structure (new_passwdPolicy)
it is initialized with the local policy definition or
the global one. If it exists a local policy entry, the TPR
attributes (passwordTPRMaxUse, passwordTPRDelayValidFrom and
passwordTPRDelayExpireAt) are not taken into account.
Fix description:
Take into account TPR attributes to initialize the policy
relates: https://github.com/389ds/389-ds-base/issues/4789
Reviewed by: Simon Pichugin, William Brown
Platforms tested: F34
- - - - -
ff977cc8 by tbordaz at 2021-06-16T13:41:27+02:00
Issue 4747 - Remove unstable/unstatus tests (followup) (#4809)
Bug description:
test_syncrepl_basic test is unstable (1 fail out of 10 run)
with a error.PyAsn1Error exception.
Fix description:
flag this tests as flaky
relates: https://github.com/389ds/389-ds-base/issues/4747
Reviewed by: self reviewed (one line commit)
Platforms tested: F33
- - - - -
e4612cd4 by tbordaz at 2021-06-16T13:50:06+02:00
Issue 4747 - Remove unstable/unstatus tests (followup) (#4809)
Bug description:
test_syncrepl_basic test is unstable (1 fail out of 10 run)
with a error.PyAsn1Error exception.
Fix description:
flag this tests as flaky
relates: https://github.com/389ds/389-ds-base/issues/4747
Reviewed by: self reviewed (one line commit)
Platforms tested: F33
- - - - -
836e84b3 by Mark Reynolds at 2021-06-16T08:11:27-04:00
Issue 4093 - Fix MEP test case
Bug Description: Once some compiler warnings were fixed it
accidentally fixed the modrdn behavior. Previously
the modrdn code accidentally ignored errors that the
test case was taking for granted. Once these checks
were properly inforced the teset case started to fail.
Fix Description: Revise test case to "properly" check modrdn operations
by creating the Managed Entry before assignign it to
an entry, and then check for the revise managhed entry
DN after the modrdn takes place.
Also, improved CI debugging logging settings
relates: https://github.com/389ds/389-ds-base/issues/4093
Reviewed by: spichugi(Thanks!)
- - - - -
1e3f32dc by Mark Reynolds at 2021-06-16T08:12:18-04:00
Issue 4093 - Fix MEP test case
Bug Description: Once some compiler warnings were fixed it
accidentally fixed the modrdn behavior. Previously
the modrdn code accidentally ignored errors that the
test case was taking for granted. Once these checks
were properly inforced the teset case started to fail.
Fix Description: Revise test case to "properly" check modrdn operations
by creating the Managed Entry before assignign it to
an entry, and then check for the revise managhed entry
DN after the modrdn takes place.
Also, improved CI debugging logging settings
relates: https://github.com/389ds/389-ds-base/issues/4093
Reviewed by: spichugi(Thanks!)
- - - - -
7753988c by Mark Reynolds at 2021-06-16T08:15:54-04:00
Issue 4709 - Fix double free in dbscan
Description: Fix double free in dbscan - in main()
relates: https://github.com/389ds/389-ds-base/pull/4709
Reviewed by: tbordaz, spichugi, progier(Thanks!!!)
- - - - -
649b7b50 by Mark Reynolds at 2021-06-16T08:19:33-04:00
Issue 4506 - Improve SASL logging
Description:
Converted all SLAPI_LOG_TRACE logging to Connection logging (SLAPI_LOG_CONNS).
sasl_errstring() perform a simple and fast switch case mapping from
error code to const string.
relates : https://github.com/389ds/389-ds-base/issues/4506
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed by: mreynolds
- - - - -
fa46922b by Mark Reynolds at 2021-06-16T08:20:05-04:00
Issue 4506 - Improve SASL logging
Description:
Converted all SLAPI_LOG_TRACE logging to Connection logging (SLAPI_LOG_CONNS).
sasl_errstring() perform a simple and fast switch case mapping from
error code to const string.
relates : https://github.com/389ds/389-ds-base/issues/4506
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed by: mreynolds
- - - - -
a8703f01 by Mark Reynolds at 2021-06-16T10:10:21-04:00
Issue 4656 - replication name change upgrade code causes crash with dynamic plugins
Bug Description: If dynamic plugins is enabled, the server will crash after
restarting several plugins. The global plugin list became
corrupted, and an invalid plugin entry was read.
Fix Description: Always call the close function of a plugin even if its
not started (this undoes a change from the previous patch
that was not needed afterall).
Updated the replication plugin upgrade code logging to
be more clear, and to be logged by default.
ASAN testeed and approved
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: tbordaz(Thanks!)
- - - - -
b251ffe7 by Mark Reynolds at 2021-06-17T09:57:23-04:00
Issue 4656 - Fix replication plugin rename dependency issues
Bug Description: If a plugin has a named dependency on the old
Replication plugin name, and it is listed in
the dse.ldif before the replication plugin
then the "conversion" fails because the internal
plugin dependency list was not properly updated
Fix Description: Update the plugin dependency list after we update a
plugin's dependency.
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: spichugi(Thanks!)
- - - - -
59d889ad by tbordaz at 2021-06-17T16:22:09+02:00
Issue 4788 - CLI should support Temporary Password Rules attributes (#4793)
Bug description:
Since #4725, password policy support temporary password rules.
CLI (dsconf) does not support this RFE and only direct ldap
operation can configure global/local password policy
Fix description:
Update dsconf to support this new RFE.
To run successfully the testcase it relies on #4788
relates: #4788
Reviewed by: Simon Pichugin (thanks !!)
Platforms tested: F34
- - - - -
8de81d54 by tbordaz at 2021-06-17T16:56:36+02:00
Issue 4788 - CLI should support Temporary Password Rules attributes (#4793)
Bug description:
Since #4725, password policy support temporary password rules.
CLI (dsconf) does not support this RFE and only direct ldap
operation can configure global/local password policy
Fix description:
Update dsconf to support this new RFE.
To run successfully the testcase it relies on #4788
relates: #4788
Reviewed by: Simon Pichugin (thanks !!)
Platforms tested: F34
- - - - -
c7b16700 by Barbora Simonova at 2021-06-22T14:45:28+02:00
Issue 4414 - disk monitoring - prevent division by zero crash
Description:
Added a test to check DS will not crash when division by zero
occurs in disk monitoring. Also fixed a description in compact_test.py
because it was causing errors in Polarion import.
Relates: https://github.com/389ds/389-ds-base/issues/4414
Reviewed by: droideck (Thanks!)
- - - - -
cb825e0b by James Chapman at 2021-06-22T15:55:49+01:00
Issue 4169 - UI - Migrate Typeaheads to PF4 (#4808)
* Issue 4169 - UI - Migrate Typeaheads to PF4
Description: Migrate the current bootstrap typeaheads to
patternfly 4 select typeaheads
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: mreynolds389, droideck (Many thanks)
- - - - -
72964fe6 by Simon Pichugin at 2021-06-23T10:01:30+02:00
Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810)
Description: The description of the field "nsslapd-db-locks-monitoring-threshold"
is unclear. Make the explanations more detailed and concise in both CLI
and Web UI.
Fixes: https://github.com/389ds/389-ds-base/issues/4803
Reviewed by: @tbordaz (Thank you!)
- - - - -
724763b7 by Simon Pichugin at 2021-06-23T10:08:13+02:00
Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810)
Description: The description of the field "nsslapd-db-locks-monitoring-threshold"
is unclear. Make the explanations more detailed and concise in both CLI
and Web UI.
Fixes: https://github.com/389ds/389-ds-base/issues/4803
Reviewed by: @tbordaz (Thank you!)
- - - - -
9ee03bc8 by Simon Pichugin at 2021-06-23T10:21:57+02:00
Issue 4803 - Improve DB Locks Monitoring Feature Descriptions
Description: Enchance one line for the threshold setting
as per comment in https://github.com/389ds/389-ds-base/pull/4810
Relates: https://github.com/389ds/389-ds-base/issues/4803
Reviewed by: @droideck (one line rule)
- - - - -
5c88c00d by Simon Pichugin at 2021-06-23T10:25:54+02:00
Issue 4803 - Improve DB Locks Monitoring Feature Descriptions
Description: Enchance one line for the threshold setting
as per comment in https://github.com/389ds/389-ds-base/pull/4810
Relates: https://github.com/389ds/389-ds-base/issues/4803
Reviewed by: @droideck (one line rule)
- - - - -
c0ca290f by Thierry Bordaz at 2021-06-23T19:12:10+02:00
Bump version to 2.0.6
- - - - -
6b10f179 by Viktor Ashirov at 2021-06-29T14:05:10+02:00
Issue 2820 - Fix CI test suite issues
Bug Description:
* repl_monitor_test.py fails after changes in replication monitor output
in e4dfa12b151afa9a2b1830af4fe370fc8e0dfaa1
* import_test.py::test_fast_slow_import is very strict and fails when
the time difference between imports is insignificant and less than 1s.
Fix Description:
* repl_monitor_test.py - update expected string values
* import_test.py - relax the expected time to be within 1s variance,
comment out flaky decorator to enable the test back in PR CI.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
f17617d1 by Mark Reynolds at 2021-07-01T14:01:35-04:00
Issue 4656 - remove problematic language from ds-replcheck
Description: remove master from ds-replcheck and replace it with supplier
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: mreynolds
e with '#' will be ignored, and an empty message aborts the commit.
- - - - -
96fe605f by tbordaz at 2021-07-02T13:33:52+02:00
Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823)
Bug description:
dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py contains
password policy attributes tests (min_age,...) and tpr tests.
Leftover of the fixture password_policy (scope module) are breaking
TPR tests with subtree/user local password policy.
Fix description:
Separate temporary password tests into their own module
relates: https://github.com/389ds/389-ds-base/issues/4822
Reviewed by: Simon Pichugin (Thanks!)
Platforms tested: 8.5
- - - - -
747d2bfb by Viktor Ashirov at 2021-07-02T16:11:24+02:00
Issue 4826 - Filter argparse-manpage from autogenerated requires
Bug Description:
RPM dependency generators add argparse-manpage to the list of runtime
dependencies. But it's a buildtime only dependency.
Fix Description:
Use requires filter macro in the spec file.
Fixes: https://github.com/389ds/389-ds-base/issues/4826
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
8b257002 by tbordaz at 2021-07-02T18:02:54+02:00
Issue 4262 - Fix Index out of bound in fractional test (#4828)
Bug description:
In master branch there are by default 2 groups while
in 1.4.3 it exists only one. So the index '1'
in the retrieved groups raise 'invalid index' exception
in 1.4.3.
Fix description:
Retrieve the specific group bug739172_01group
to test its membership
relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by:
Platforms tested: 8.5, fedora
foo
- - - - -
30b13465 by tbordaz at 2021-07-02T18:12:15+02:00
Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823)
Bug description:
dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py contains
password policy attributes tests (min_age,...) and tpr tests.
Leftover of the fixture password_policy (scope module) are breaking
TPR tests with subtree/user local password policy.
Fix description:
Separate temporary password tests into their own module
relates: https://github.com/389ds/389-ds-base/issues/4822
Reviewed by: Simon Pichugin (Thanks!)
Platforms tested: 8.5, F34
- - - - -
fc53c8b2 by tbordaz at 2021-07-02T18:15:04+02:00
Issue 4262 - Fix Index out of bound in fractional test (#4828)
Bug description:
In master branch there are by default 2 groups while
in 1.4.3 it exists only one. So the index '1'
in the retrieved groups raise 'invalid index' exception
in 1.4.3.
Fix description:
Retrieve the specific group bug739172_01group
to test its membership
relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by:
Platforms tested: 8.5, fedora
foo
- - - - -
fb70c5c8 by tbordaz at 2021-07-02T20:53:26+02:00
Issue 4414 - SIGFPE crash in rhds disk monitoring routine (#4829)
Bug description:
The testcase systematically fails on PRCI running
in a container. It gets a E_ACCES during
access to a tmpfs mounted filesystem, while
it runs fine on openstack.
Fix description:
Just skip this test in our test PRCI
relates: https://github.com/389ds/389-ds-base/issues/4414
Reviewed by: Mark Reynolds
Platforms tested: fedora
- - - - -
5d956fcc by Thierry Bordaz at 2021-07-05T16:03:04+02:00
Issue 4656 - (2nd) Remove problematic language from UI/CLI/lib389
- - - - -
ca848dfb by Akshay Adhikari at 2021-07-07T12:39:01+02:00
Issue 4706 - negative wtime for compare operations (#4780)
Description: Improve ds_logs_test.py::test_optime_and_wtime_keywords so
it tests the associated bug.
Relates: https://github.com/389ds/389-ds-base/issues/4706
Reviewed by: @vashirov, @droideck
- - - - -
13ee2053 by Firstyear at 2021-07-08T10:46:25+10:00
Issue 4820 - RFE - control flow integrity (#4821)
Bug Description: Many attacks involved hijacking the
control flow of an executable to change it's behaviour.
While we can do many things to prevent this at development
time, we need to be ready for unexpected situations in
run time.
Fix Description: Enabling control flow integrity allows
enforcing that our projects logic flow only goes in certain,
known valid locations at compile time. This means a program
that violates these behaviours will be terminated to prevent
exploitation.
fixes: https://github.com/389ds/389-ds-base/issues/4820
Author: William Brown <william at blackhats.net.au>
Review by: @jchapma
- - - - -
aeb90eb0 by Firstyear at 2021-07-09T11:53:35+10:00
Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819)
Bug Description: Due to mishanding of short dbpwd hashes, the
crypt_r algorithm was misused and was only comparing salts
in some cases, rather than checking the actual content
of the password.
Fix Description: Stricter checks on dbpwd lengths to ensure
that content passed to crypt_r has at least 2 salt bytes and
1 hash byte, as well as stricter checks on ct_memcmp to ensure
that compared values are the same length, rather than potentially
allowing overruns/short comparisons.
fixes: https://github.com/389ds/389-ds-base/issues/4817
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
c1926dfc by Firstyear at 2021-07-09T11:55:56+10:00
Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819)
Bug Description: Due to mishanding of short dbpwd hashes, the
crypt_r algorithm was misused and was only comparing salts
in some cases, rather than checking the actual content
of the password.
Fix Description: Stricter checks on dbpwd lengths to ensure
that content passed to crypt_r has at least 2 salt bytes and
1 hash byte, as well as stricter checks on ct_memcmp to ensure
that compared values are the same length, rather than potentially
allowing overruns/short comparisons.
fixes: https://github.com/389ds/389-ds-base/issues/4817
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
aec9ceb4 by Mark Reynolds at 2021-07-12T23:08:22-04:00
Issue 4169 - UI - migrate Server Tab forms to PF4
Description: Migrate off of PF3 Forms/Rows/Col to PF4 Forms/Grids
for the Server & Database tabs
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
c072156c by James Chapman at 2021-07-14T22:24:24+01:00
Issue 4603 - Reindexing a single backend (#4831)
* Issue 4603 - Reindexing a single backend
Bug description:
While trying to offline reindex a single backend, all backends
are reindexed. This can introduce un-wanted latencies if one wants to reindex a
single backend rather than reindexing all backends.
Fix description:
DB txn logging disabled
CLI modified to provide extra reindex options
DSELidf extended to get backend index attributes
Relates: https://github.com/389ds/389-ds-base/issues/4603
Reviewed by: mreynolds389, droideck, Firstyear (Thank you)
- - - - -
4b74d1e9 by Mark Reynolds at 2021-07-15T12:22:05-04:00
Issue 4443 - Internal unindexed searches in syncrepl/retro changelog
Bug Description:
When a non-system index is added to a backend it is
disabled until the database is initialized or reindexed.
So in the case of the retro changelog the changenumber index
is alway disabled by default since it is never initialized.
This leads to unexpected unindexed searches of the retro
changelog.
Fix Description:
If an index has "nsSystemIndex" set to "true" then enable it
immediately.
relates: https://github.com/389ds/389-ds-base/issues/4443
Reviewed by: spichugi & tbordaz(Thanks!!)
- - - - -
357c16cd by Mark Reynolds at 2021-07-15T12:24:21-04:00
Issue 4443 - Internal unindexed searches in syncrepl/retro changelog
Bug Description:
When a non-system index is added to a backend it is
disabled until the database is initialized or reindexed.
So in the case of the retro changelog the changenumber index
is alway disabled by default since it is never initialized.
This leads to unexpected unindexed searches of the retro
changelog.
Fix Description:
If an index has "nsSystemIndex" set to "true" then enable it
immediately.
relates: https://github.com/389ds/389-ds-base/issues/4443
Reviewed by: spichugi & tbordaz(Thanks!!)
- - - - -
0f443bf3 by Mark Reynolds at 2021-07-15T13:50:02-04:00
Bump version to 2.0.7
- - - - -
9ae0134c by James Chapman at 2021-07-29T14:27:09+01:00
Issue - 4696 - Password hash upgrade on bind (#4840)
Description:
There is an unintended side effect of the "upgrade password
on bind" feature. It causes the password policy code to be
engaged and it resets the passwordExpirationtime in the entry.
Fix description:
Only allow an external password modify operation or an extended
password modify operation update the password info.
Relates: https://github.com/389ds/389-ds-base/issues/4696
Reviewed by: @droideck, @tbordaz, @mreynolds389 (Thank you)
- - - - -
24d458af by Viktor Ashirov at 2021-07-29T18:07:24+02:00
Issue 4848 - Force to require nss version greater or equal as the version available at the build time
Description:
In our spec file we require nss >= 3.34, but not the exact (or greater,
as they are backward compatible) version available at the build time.
Fix Description:
We should record nss version available at the build time and require it
at the runtime.
Adapt a macro from samba spec file.
Fixes: https://github.com/389ds/389-ds-base/issues/4848
Reviewed by: @mreynolds389, @Firstyear, @droideck (Thank you!)
- - - - -
434d6803 by Simon Pichugin at 2021-08-03T14:49:10+02:00
Issue 4460 - Fix isLocal and TLS paths discovery (#4850)
Description: Fix isLocal inconsistency in the 'allocate' code.
Process LDAP URI and decide if it's local or not.
Make sure that while connecting locally the certdir (and other TLS paths) are accessible
(has read right) before setting ldap.OPT_X_TLS_*.
If none ldap.OPT_X_TLS_* options are set and there is no new TLS context,
don't set OPT_X_TLS_NEWCTX. Then /etc/openldap/ldap.conf will be used..
Relates: https://github.com/389ds/389-ds-base/issues/4460
Reviewed by: @mreynolds389, @Firstyear (Thanks!!)
- - - - -
4bd1c940 by Simon Pichugin at 2021-08-03T15:37:22+02:00
Issue 4460 - Fix isLocal and TLS paths discovery (#4850)
Description: Fix isLocal inconsistency in the 'allocate' code.
Process LDAP URI and decide if it's local or not.
Make sure that while connecting locally the certdir (and other TLS paths) are accessible
(has read right) before setting ldap.OPT_X_TLS_*.
If none ldap.OPT_X_TLS_* options are set and there is no new TLS context,
don't set OPT_X_TLS_NEWCTX. Then /etc/openldap/ldap.conf will be used..
Relates: https://github.com/389ds/389-ds-base/issues/4460
Reviewed by: @mreynolds389, @Firstyear (Thanks!!)
- - - - -
33c81588 by Mark Reynolds at 2021-08-03T23:34:45-04:00
Issue 4736 - CLI - Errors from certutil are not propagated
Description: Errors from certutil are not returned to the client, and
only a generic failure code is returned. The actual error text should be
returned to the client since it has meaning. Just catch all the
exception and return the output as a ValueError.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: firstyear (Thanks!)
- - - - -
b99236af by Mark Reynolds at 2021-08-03T23:35:17-04:00
Issue 4736 - CLI - Errors from certutil are not propagated
Description: Errors from certutil are not returned to the client, and
only a generic failure code is returned. The actual error text should be
returned to the client since it has meaning. Just catch all the
exception and return the output as a ValueError.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: firstyear (Thanks!)
- - - - -
e4a09aa1 by Barbora Simonova at 2021-08-04T09:22:19+02:00
Issue 4623 - RFE - Monitor the current DB locks ( nsslapd-db-current-locks )
Description:
Added additional tests for DB locks monitoring to check if invalid
values are correctly rejected for nsslapd-db-locks and
nsslapd-db-locks-monitoring-threshold.
Relates: https://github.com/389ds/389-ds-base/issues/4623
Reviewed by: droideck (Thanks!)
- - - - -
c02d99fd by Mark Reynolds at 2021-08-05T23:49:05-04:00
Issue 4169 - Migrate Replication & Schema tabs to PF4
Description: Migrate the remaining components in the repl and schema
tabs to PF4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed: spichugi & jchapman (Thanks!!)
- - - - -
f5fd00f6 by Viktor Ashirov at 2021-08-06T06:53:17+02:00
Issue 4859 - Don't version libns-dshttpd
Description:
On every build libns-dshttpd has a version corresponding
to the package version, e.g. libns-dshttpd-2.0.7.so.
It's unnecessary, as we are the only consumers of this library
and we don't change its ABI on every build.
It also triggers rpmdiff test failures that have to be waived on
each build.
Fixes: https://github.com/389ds/389-ds-base/issues/4859
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
1bbef77a by Viktor Ashirov at 2021-08-06T06:53:32+02:00
Issue 4861 - Improve instructions in custom.conf for memory leak detection
Description:
Extend instructions in
/usr/lib/systemd/system/dirsrv at .service.d/custom.conf
to provide guides on how to use valgrind and AddressSanitizer.
Fixes: https://github.com/389ds/389-ds-base/issues/4861
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
c7a67960 by Mark Reynolds at 2021-08-10T11:17:46-04:00
Issue 4736 - lib389 - fix regression in certutil error checking
Description: A regression in the previous commit accidentally called
certutil twice which triggered the CLI to prompt for the NSS database
password. This broke CI tests, etc.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: mreynolds (one line commit rule)
- - - - -
07b44fe5 by Mark Reynolds at 2021-08-10T11:18:18-04:00
Issue 4736 - lib389 - fix regression in certutil error checking
Description: A regression in the previous commit accidentally called
certutil twice which triggered the CLI to prompt for the NSS database
password. This broke CI tests, etc.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: mreynolds (one line commit rule)
- - - - -
4c5a75ff by Simon Pichugin at 2021-08-12T09:36:35+02:00
Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867)
Description: Fix typos in the output of "dsconf instance_name
pwpolicy set --help".
Fixes: https://github.com/389ds/389-ds-base/issues/4851
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
19115294 by Timo Aaltonen at 2021-08-16T09:43:03+03:00
Merge branch 'upstream'
- - - - -
c108149c by Timo Aaltonen at 2021-08-16T09:43:51+03:00
bump the version
- - - - -
e9e693ac by Timo Aaltonen at 2021-08-16T09:48:57+03:00
watch: Updated to use github.
- - - - -
7a804acf by Timo Aaltonen at 2021-08-16T09:54:50+03:00
copyright: Fix 'globbing-patterns-out-of-order'.
- - - - -
e6521870 by Timo Aaltonen at 2021-08-16T09:55:03+03:00
releasing package 389-ds-base version 1.4.4.16-1
- - - - -
a3d4f63e by Simon Pichugin at 2021-08-18T16:04:41+02:00
Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871)
Bug Description: When using the Attribute uniqueness plugin, restricted
to one subtree, moving an object with an already existing attribute
to this subtree does not raise any exceptions. It appears that the
originating subtree is searched instead.
Fix Description: Use parent DN of the new entry when searching
for attribute uniqueness.
Add test to plugins/attruniq_test.py suite.
Fixes: https://github.com/389ds/389-ds-base/issues/4763
Reviewed by: @tbordaz (Thanks!)
- - - - -
9cf2517b by Simon Pichugin at 2021-08-18T16:05:20+02:00
Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871)
Bug Description: When using the Attribute uniqueness plugin, restricted
to one subtree, moving an object with an already existing attribute
to this subtree does not raise any exceptions. It appears that the
originating subtree is searched instead.
Fix Description: Use parent DN of the new entry when searching
for attribute uniqueness.
Add test to plugins/attruniq_test.py suite.
Fixes: https://github.com/389ds/389-ds-base/issues/4763
Reviewed by: @tbordaz (Thanks!)
- - - - -
a5c04a8f by Simon Pichugin at 2021-08-18T16:11:33+02:00
Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867)
Description: Fix typos in the output of "dsconf instance_name
pwpolicy set --help".
Fixes: https://github.com/389ds/389-ds-base/issues/4851
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
a7ca0280 by Firstyear at 2021-08-19T14:30:14-04:00
Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876)
Bug Description: Due to older servers missing the syntax
plugin this breaks schema replication and causes cascading
errors.
Fix Description: This changes the syntax to be a case
insensitive string, while leaving the plugins in place
for other usage.
fixes: https://github.com/389ds/389-ds-base/issues/4872
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @progier389
- - - - -
bce941ec by Firstyear at 2021-08-19T14:31:03-04:00
Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876)
Bug Description: Due to older servers missing the syntax
plugin this breaks schema replication and causes cascading
errors.
Fix Description: This changes the syntax to be a case
insensitive string, while leaving the plugins in place
for other usage.
fixes: https://github.com/389ds/389-ds-base/issues/4872
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @progier389
- - - - -
66f74586 by James Chapman at 2021-08-19T15:41:25-04:00
Issue 4734 - import of entry with no parent warning (#4735)
Description: Online import of ldif file that contains an entry with
no parent doesnt generate a task warning.
Fixes: https://github.com/389ds/389-ds-base/issues/4734
Author: vashirov at redhat.com (Thanks)
Reviewed by: mreynolds, jchapma
- - - - -
16124665 by Firstyear at 2021-08-23T11:42:53+10:00
Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878)
Bug Description: Due to changing the syntax of EntryUUID's
to string, we may have invalid EntryUUID's imported into
the database.
Fix Description: To resolve this during a fixup we validate
that Uuid's have a valid syntax. If they do not, we regenerate
them.
fixes: https://github.com/389ds/389-ds-base/issues/4877
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
193ae2f7 by Firstyear at 2021-08-23T11:46:58+10:00
Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878)
Bug Description: Due to changing the syntax of EntryUUID's
to string, we may have invalid EntryUUID's imported into
the database.
Fix Description: To resolve this during a fixup we validate
that Uuid's have a valid syntax. If they do not, we regenerate
them.
fixes: https://github.com/389ds/389-ds-base/issues/4877
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
553f26c8 by Mark Reynolds at 2021-08-23T15:35:05-04:00
Bump version to 2.0.8
- - - - -
6e21d41f by Mark Reynolds at 2021-08-26T09:38:11-04:00
Issue 4884 - server crashes when dnaInterval attribute is set to zero
Bug Description:
A division by zero crash occurs if the dnaInterval is set to zero
Fix Description:
Validate the config value of dnaInterval and adjust it to the
default/safe value of "1" if needed.
relates: https://github.com/389ds/389-ds-base/issues/4884
Reviewed by: tbordaz(Thanks!)
- - - - -
38e1e261 by Mark Reynolds at 2021-08-26T09:38:45-04:00
Issue 4884 - server crashes when dnaInterval attribute is set to zero
Bug Description:
A division by zero crash occurs if the dnaInterval is set to zero
Fix Description:
Validate the config value of dnaInterval and adjust it to the
default/safe value of "1" if needed.
relates: https://github.com/389ds/389-ds-base/issues/4884
Reviewed by: tbordaz(Thanks!)
- - - - -
d86a6a82 by Mark Reynolds at 2021-08-26T10:10:39-04:00
Issue 4875 - CLI - Add some verbosity to installer
Description: Previously the installer would basically say
"Starting" and "Finished". If a step would
run into a problem it is difficult to narrow
down what is going wrong. So add a little more
output during the installation.
relates: https://github.com/389ds/389-ds-base/issues/4875
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
a91c1f58 by Mark Reynolds at 2021-08-26T10:11:27-04:00
Issue 4875 - CLI - Add some verbosity to installer
Description: Previously the installer would basically say
"Starting" and "Finished". If a step would
run into a problem it is difficult to narrow
down what is going wrong. So add a little more
output during the installation.
relates: https://github.com/389ds/389-ds-base/issues/4875
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
01f97198 by Mark Reynolds at 2021-08-27T08:53:52-04:00
Issue 4149 - UI - Migrate the remaining components to PF4
Description: This completes the initial migration to PF4
fixes: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
- - - - -
0491c217 by James Chapman at 2021-08-27T12:08:58-04:00
Issue - 4696 - Password hash upgrade on bind (#4840)
Description:
There is an unintended side effect of the "upgrade password
on bind" feature. It causes the password policy code to be
engaged and it resets the passwordExpirationtime in the entry.
Fix description:
Only allow an external password modify operation or an extended
password modify operation update the password info.
Relates: https://github.com/389ds/389-ds-base/issues/4696
Reviewed by: @droideck, @tbordaz, @mreynolds389 (Thank you)
- - - - -
cef02245 by Mark Reynolds at 2021-08-30T15:42:37-04:00
Issue 4887 - UI - Update webpack.config.js and package.json
Bug Description:
Our cockpit dependencies were very out of date and had
security issues. But the newer ELint package had lots of new
complaints.
Fix Description:
"noop" no longer exists in PF4, so that had to be removed from
the PropTypes, as well as a ton of ESlint errros about
variable declarations, certain function names, etc.
npm audit is now clean, and we are up to date with Cockpit
requirements/standards.
relates: https://github.com/389ds/389-ds-base/issues/4887
Reviewed by: jchapman(Thanks!)
- - - - -
9dab9bc6 by Mark Reynolds at 2021-08-30T15:50:13-04:00
Bump version to 2.0.9
- - - - -
549d9c65 by Mark Reynolds at 2021-08-31T16:11:51-04:00
Issue 4887 - UI - fix minor regression from camelCase fixup
Description: The new ESlinter can comaplained about function names, and
there was a mistake that caused the wrong function name to be passed as
a property to a component.
relates: https://github.com/389ds/389-ds-base/issues/4887
Reviedwed by: mreynolds(one line commit rule)
- - - - -
3f7a2fa3 by Mark Reynolds at 2021-09-03T09:57:07-04:00
Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
Bug Description: Monotonic clocks were used to check if an entry was old
enough to be trimmed, but the real system time should be
used. So entries were never trimmed from the changelog..
Fix Description: Make sure monotonic clocks are only used for the
trimming interval, and real time clocks are used
for entry age.
relates: https://github.com/389ds/389-ds-base/issues/4869
Reviewed by: firstyear(Thanks!)
- - - - -
03a67520 by Mark Reynolds at 2021-09-03T09:57:57-04:00
Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
Bug Description: Monotonic clocks were used to check if an entry was old
enough to be trimmed, but the real system time should be
used. So entries were never trimmed from the changelog..
Fix Description: Make sure monotonic clocks are only used for the
trimming interval, and real time clocks are used
for entry age.
relates: https://github.com/389ds/389-ds-base/issues/4869
Reviewed by: firstyear(Thanks!)
- - - - -
20de3428 by Timo Aaltonen at 2021-09-07T15:39:40+03:00
tests: Add isolation-container to restrictions.
- - - - -
97f84338 by Mark Reynolds at 2021-09-09T07:46:04-04:00
Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
Bug Description: During a reindex task we skip the RUV tombstone entry,
which corrupts the nsuniqueid index.
Fix Description: Make sure we still index nsuniqueid index for
the RUV tombstone entry.
relates: https://github.com/389ds/389-ds-base/issues/4910
Reviewed by: firstyear & progier389 (Thanks!!)
- - - - -
154957ca by Mark Reynolds at 2021-09-09T07:47:35-04:00
Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
Bug Description: During a reindex task we skip the RUV tombstone entry,
which corrupts the nsuniqueid index.
Fix Description: Make sure we still index nsuniqueid index for
the RUV tombstone entry.
relates: https://github.com/389ds/389-ds-base/issues/4910
Reviewed by: firstyear & progier389 (Thanks!!)
- - - - -
93aa9f4c by Mark Reynolds at 2021-09-09T07:49:33-04:00
Issue 4912 - dsidm command crashing when account policy plugin is enabled
Bug Description: If the account policy plugin is enabled, but not
configured then dsidm will crash when checking an
entry's status.
Fix Description: Check if the config DN is present before trying
to check its values.
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: firstyear(thanks!)
- - - - -
7eed5601 by Mark Reynolds at 2021-09-09T07:49:57-04:00
Issue 4912 - dsidm command crashing when account policy plugin is enabled
Bug Description: If the account policy plugin is enabled, but not
configured then dsidm will crash when checking an
entry's status.
Fix Description: Check if the config DN is present before trying
to check its values.
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: firstyear(thanks!)
- - - - -
3982ce69 by Mark Reynolds at 2021-09-10T10:23:32-04:00
Issue 4169 - backport lib389 cert list fix
Description: We didn't call ensure_str() on the output from certutil
commands
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: mreynolds(one line commit rule)
- - - - -
012a6a35 by Simon Pichugin at 2021-09-10T14:20:03-07:00
Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
Bug Description: Starting with 389-ds 2.0.8 on rawhide,
any call to ipa user-del --preserve fails with
This entry already exists.
Fix Description: We should split 'dn' parameter in searchAllSubtrees
into parent and target. As one of them is used for excluding the
subtree checks and another one for searching.
Improve 'superior' processing when we don't change the parent..
Rename variables in a more sane way.
Fixes: https://github.com/389ds/389-ds-base/issues/4894
Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!)
- - - - -
4634ec6a by Simon Pichugin at 2021-09-10T14:20:26-07:00
Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
Bug Description: Starting with 389-ds 2.0.8 on rawhide,
any call to ipa user-del --preserve fails with
This entry already exists.
Fix Description: We should split 'dn' parameter in searchAllSubtrees
into parent and target. As one of them is used for excluding the
subtree checks and another one for searching.
Improve 'superior' processing when we don't change the parent..
Rename variables in a more sane way.
Fixes: https://github.com/389ds/389-ds-base/issues/4894
Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!)
- - - - -
2e4387db by Mark Reynolds at 2021-09-11T10:14:38-04:00
Issue 4796 - Add support for nsslapd-state to CLI & UI
Description: Add support for nsslapd-state to lib389 and UI. Also
added a check to prevent the changing of nsslapd-state
for replicated suffixes.
Also did a little UI cleanup where a bottom margin was added
to the bottom of pages instead of using <hr> to create the gap.
relates: https://github.com/389ds/389-ds-base/issues/4796
Reviewed by: jachapman & spichugi(Thanks!!)
- - - - -
ef01f6d8 by Mark Reynolds at 2021-09-11T10:28:47-04:00
Issue 4796 - Add support for nsslapd-state to CLI & UI
Description:
Add support for nsslapd-state to lib389 and UI. Also added a check to prevent the changing of nsslapd-state for replicated suffixes.
Also did a little UI cleanup where a bottom margin was added to the bottom of pages instead of using "hr" to create the gap.
relates: https://github.com/389ds/389-ds-base/issues/4796
Reviewed by: jchapman & spichugi(Thanks!)
- - - - -
d4243cfc by François Cami at 2021-09-13T12:16:01-04:00
Issue 4863 - typoes in logconv.pl
There are two occurrences of "occurrances" in logconv.pl.
Replace the two occurrences of occurrances by occurences.
Relates: https://github.com/389ds/389-ds-base/issues/4863
Signed-off-by: François Cami <fcami at redhat.com>
Reviewed by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
083c55b1 by Mark Reynolds at 2021-09-13T12:23:48-04:00
Issue 4912 - Account Policy plugin does not set the config entry DN
Description: Although we create the config entry for the Account Policy
plugin, we do not list the config entry DN in the main plugin entry
via nsslapd-pluginarg0
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: mreynolds(one line commit rule)
- - - - -
f6bb281d by Mark Reynolds at 2021-09-13T12:24:06-04:00
Issue 4912 - Account Policy plugin does not set the config entry DN
Description: Although we create the config entry for the Account Policy
plugin, we do not list the config entry DN in the main plugin entry
via nsslapd-pluginarg0
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: mreynolds(one line commit rule)
- - - - -
b400b07c by Marc Muehlfeld at 2021-09-14T09:24:06-04:00
Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
Description:
The --help of dsconf and its subcommands contain several incorrect descriptions, typos, inconsistent language, some entries end with a ".", some doesn't, some descriptions start with lowercase, ...
For a better user experience, the descriptions of subcommands, and parameters should be reviewed and improved.
Fixes: #4908
Reviewed by: Mark Reynolds, William Brown, and Simon Pichugin
- - - - -
ebacadde by Marc Muehlfeld at 2021-09-14T09:31:02-04:00
Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
Description:
The --help of dsconf and its subcommands contain several incorrect descriptions, typos, inconsistent language, some entries end with a ".", some doesn't, some descriptions start with lowercase, ...
For a better user experience, the descriptions of subcommands, and parameters should be reviewed and improved.
Fixes: #4908
Reviewed by: Mark Reynolds, William Brown, and Simon Pichugin
- - - - -
21dd2802 by Mark Reynolds at 2021-09-20T09:12:55-04:00
Bump version to 2.0.10
- - - - -
8127b3d0 by Mark Reynolds at 2021-09-20T17:00:19-04:00
Issue 4927 - rebase lib389 and cockpit in 1.4.4
Description: 389-ds-base-1.4.4 has somehow become out of sync
with critical fixes in lib389 and cockpit. It is
too difficult to try and find which patches are
missing. Instead we can just rebase the source
code for lib389 and cockpit from branch 389-ds-base-2.0.
fixes: https://github.com/389ds/389-ds-base/issues/4927
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
5e1e392a by Mark Reynolds at 2021-09-20T17:01:33-04:00
Bump version to 1.4.4.17
- - - - -
ae9fc0ac by Timo Aaltonen at 2021-10-18T17:48:33+03:00
Add a dependency to libjemalloc2, and add a symlink to it so the preload works. (Closes: #992696)
- - - - -
e60cb856 by Timo Aaltonen at 2021-10-18T17:53:19+03:00
Merge branch 'upstream'
- - - - -
93fc088c by Timo Aaltonen at 2021-10-18T17:53:42+03:00
bump the version
- - - - -
28a9ab44 by Timo Aaltonen at 2021-10-18T18:36:07+03:00
close a bug
- - - - -
7835b2b7 by Timo Aaltonen at 2021-10-18T18:36:10+03:00
CVE-2017-15135.patch: Dropped, fixed by upstream issue #4817.
- - - - -
73809254 by Timo Aaltonen at 2021-10-18T18:36:37+03:00
releasing package 389-ds-base version 1.4.4.17-1
- - - - -
7e2ebb46 by Timo Aaltonen at 2021-10-18T18:48:47+03:00
really remove the patch
- - - - -
ca346f1f by Timo Aaltonen at 2021-10-18T18:59:19+03:00
Merge tag '389-ds-base-1.4.4.17' into master-next
- - - - -
30b3552e by Timo Aaltonen at 2021-10-18T19:01:07+03:00
Merge branch 'master' into master-next
- - - - -
ba71cbf2 by Timo Aaltonen at 2021-10-18T19:01:44+03:00
bump the version
- - - - -
b7dfab16 by Timo Aaltonen at 2021-10-18T19:11:48+03:00
missing-sources: Removed, all the minified javascript files were removed upstream some time ago.
- - - - -
57da0c7c by Timo Aaltonen at 2021-10-18T19:20:13+03:00
install: Updated.
- - - - -
f405c03c by Timo Aaltonen at 2021-10-18T19:23:31+03:00
control: Bump debhelper to 13.
- - - - -
30 changed files:
- + .cargo/config.in
- + .dockerignore
- + .github/ISSUE_TEMPLATE/bug_report.md
- + .github/ISSUE_TEMPLATE/feature_request.md
- + .github/daemon.json
- + .github/scripts/generate_matrix.py
- + .github/workflows/compile.yml
- + .github/workflows/pytest.yml
- .gitignore
- − 389-doap.rdf
- + LICENSE.openldap
- Makefile.am
- README.md
- VERSION.sh
- autogen.sh
- − buildnum.pl
- + buildnum.py
- configure.ac
- debian/389-ds-base-dev.install
- debian/389-ds-base-libs.install
- − debian/389-ds-base-libs.lintian-overrides
- debian/389-ds-base.install
- debian/389-ds-base.lintian-overrides
- debian/389-ds-base.postinst
- debian/389-ds-base.prerm
- debian/changelog
- debian/cockpit-389-ds.install
- − debian/compat
- debian/control
- debian/copyright
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/222d75b7ec163f9dd633ea03df84004b0b0ad665...f405c03ccc2655b252eefd17f3c287878bf3b40a
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/222d75b7ec163f9dd633ea03df84004b0b0ad665...f405c03ccc2655b252eefd17f3c287878bf3b40a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20211018/73c2d363/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list