[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][master] 344 commits: Bump version to 1.4.5.0
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Thu Feb 10 17:39:29 GMT 2022
Timo Aaltonen pushed to branch master at FreeIPA packaging / 389-ds-base
Commits:
5c25c06c by Mark Reynolds at 2020-10-28T09:43:51-04:00
Bump version to 1.4.5.0
- - - - -
cdaa81c5 by Mark Reynolds at 2020-10-29T23:07:40-04:00
Bump version to 2.0.0
- - - - -
db655bbe by Firstyear at 2020-11-02T09:14:25+10:00
Issue 4403 RFE - OpenLDAP pw hash migration tests (#4408)
Bug Description: As we want to support openldap to 389 password migration,
we should check if we allow accounts to continue to bind. This involves
testing different openldap authentication schemes to determine if they
work.
Fix Description: Add tests for different password and contrib password
types that are supported in openldap.
fixes: #4403
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @progier389 (Thanks!)
- - - - -
013ea7dd by progier389 at 2020-11-03T12:18:50+01:00
ticket 2058: Add keep alive entry after on-line initialization - second version (#4399)
Bug description:
Keep alive entry is not created on target master after on line initialization,
and its RUVelement stays empty until a direct update is issued on that master
Fix description:
The patch allows a consumer (configured as a master) to create (if it did not
exist before) the consumer's keep alive entry. It creates it at the end of a
replication session at a time we are sure the changelog exists and will not
be reset. It allows a consumer to have RUVelement with csn in the RUV at the
first incoming replication session.
That is basically lkrispen's proposal with an associated pytest testcase
Second version changes:
- moved the testcase to suites/replication/regression_test.py
- set up the topology from a 2 master topology then
reinitialized the replicas from an ldif without replication metadata
rather than using the cli.
- search for keepalive entries using search_s instead of getEntry
- add a comment about keep alive entries purpose
last commit:
- wait that ruv are in sync before checking keep alive entries
Reviewed by: droideck, Firstyear
Platforms tested: F32
relates: #2058
- - - - -
4cc9b104 by Mark Reynolds at 2020-11-03T08:02:45-05:00
Issue 4176 - CL trimming causes high CPU
Bug Description: The changelog trimming switched to using pthread_cond_timedwait()
instead of NSPR, but the relative time was used for the wait time
instead of the absolute time. This caused it to basically not
wait at all and consume all the CPU.
Fix Description: Use the absolute(monotonic) time for the condition wait time.
Relates: https://github.com/389ds/389-ds-base/issues/4176
Reviewed by: progier(Thanks!)
- - - - -
5b0cbddc by sgouvern at 2020-11-03T14:32:06+01:00
Issue 4218 - Verify the new wtime and optime access log keywords (#4397)
Description: Add a test case to dirsrvtests/tests/suites/ds_logs/ds_logs_test.py:
test_optime_and_wtime_keywords. It tests that the new optime and wtime keywords
are present in the access log and have correct values
Also, adapt test_etime_order_of_magnitude adapted to the new RESULT string format
in the access log
Relates: #4218
Reviewed by: @droideck, @Firstyear (Thanks!)
- - - - -
bc92c17b by tbordaz at 2020-11-03T17:33:31+01:00
Issue 4391 - DSE config modify does not call be_postop (#4394)
Bug description:
During a DSE modify, be_preop callback are called. But be_postop callback are called at the condition
dse_call_callback is different that SLAPI_DSE_CALLBACK_DO_NOT_APPLY.
This should systematically call be_postop if be_preop were called.
In addition postop_modify_config_dse returning an invalid rc, systematically prevents DSE modify to call be_postop
Fix description:
The required bug fix is that dse_callback need to return SLAPI_DSE_CALLBACK* not ldap rc.
Also in case of vlv config (SLAPI_DSE_CALLBACK_DO_NOT_APPLY) if preop were called
it requires to call the postop.
In dse_modify, rc is used for dse_call_callback() (returns SLAPI_DSE_CALLBACK*)
but also for plugin_call_plugin (returns SLAPI_PLUGIN_*). Those rc are not compatible
and although the code works to help maintenance use 'plugin_rc' instead of 'rc'.
relates: https://github.com/389ds/389-ds-base/issues/4391
Reviewed by: William Brown, Simon Pichugin (thanks !)
Platforms tested: F31
- - - - -
7cb5c920 by Mark Reynolds at 2020-11-03T13:42:29-05:00
Issue 4420 - change NVR to use X.X.X instead of X.X.X.X
Description: Start using 389-ds-base-2.0.0 instead of 389-ds-base-2.0.0.0
Fixes: https://github.com/389ds/389-ds-base/issues/4420
Reviewed by: mreynolds (one line commit rule)
- - - - -
b557f5da by Mark Reynolds at 2020-11-03T13:43:44-05:00
Bump version to 2.0.1
- - - - -
04ba05e0 by Mark Reynolds at 2020-11-03T17:23:22-05:00
Issue 4415 - unable to query schema if there are extra parenthesis
Bug Description: When a client does a schema lookup in lib389 asking
for theresult in JSON, the X-ORIGIN is not correctly
parsed if it contains an extra parenthesis
Fix Description: When parsing between the X-ORIGIN encapsulating parenthesis
find the right most match, not the first match.
Relates: https://github.com/389ds/389-ds-base/issues/4415
Reviewed by: spichugi(Thanks!)
- - - - -
a2c7e50b by Kazım SARIKAYA at 2020-11-08T14:48:49-05:00
build problems at alpine linux
- - - - -
c3bdb443 by Firstyear at 2020-11-09T10:55:47+10:00
Issue 4407 RFE - remove http client and presence plugin (#4409)
Bug Description: The presence plugin has been disabled for a long
time and relates to a defunct IM project. This also had a HTTP client
that we no longer use in any capacity, but was enabled by default.
Fix Description: This removes the two un-used plugins, and adds
handlers to allows deny-listing of the plugins to prevent them being
loaded.
fixes: #4407
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389 (Thanks!)
- - - - -
ca8ac8ec by Simon Pichugin at 2020-11-09T11:43:04+01:00
Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422)
Description: In dsconf CLI, make it possible to create SSLCLIENTAUTH
bind method agreement without specifying bind dn (--bind-dn) and
the password (--bind-passwd).
Fixes: #4412
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
f8a424f1 by Mark Reynolds at 2020-11-11T22:01:18-05:00
Issue 4429 - NULL dereference in revert_cache()
Bug Description: During a delete, if the DN (with an escaped leading space)
of an existing entry fail to parse the server will revert
the entry update. In this case it will lead to a crash
becuase ther ldbm inst struct is not set before it attempts
the cache revert.
Fix Description: Check the the ldbm instance struct is not NULL before
dereferencing it.
Relates: https://github.com/389ds/389-ds-base/issues/4429
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
a924b551 by Barbora Simonova at 2020-11-12T10:05:03+01:00
Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked'
Description:
Created a test to verify bz1862971, because the status,lock and unlock options
were moved from dsidm user to dsidm account. The rest of the tests for dsidm will soon follow
so I have created helper functions for next tests.
Relates: https://github.com/389ds/389-ds-base/issues/4281
Relates: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: droideck, Firstyear (Thanks!)
- - - - -
99462bbf by tbordaz at 2020-11-12T11:52:38+01:00
Issue 4316 - performance search rate: useless poll on network send callback (#4424)
Bug description:
When sending back result/entries, DS first poll the connection to check
it is able to write data on the socket. Then it writes the data.
The purpose of the poll is to handle ioblocktimeout.
The problem is that most of the time, the socket will process the write
without any issue so it is useless to poll before the write.
Fix description:
The fix is try write first. It polls for ioblocktimeout
only if the write fails
relates: https://github.com/389ds/389-ds-base/issues/4316
Reviewed by: William Brown (thanks!)
Platforms tested: F31
- - - - -
4e99d892 by Mark Reynolds at 2020-11-12T09:31:18-05:00
Issue 4432 - After a failed online import the next imports are very slow
Bug Description: When an online import fails the entry and DN caches are
"reset", but we use the wrong "new maxsize" which was
setting the entry cache maxsize to zero which killed the
import performance.
Fix Description: When resetting the caches use the previous cache maxsize.
Relates: https://github.com/389ds/389-ds-base/issues/4432
Reviewed by: firstyear & progier(Thanks!!)
- - - - -
2529313e by Mark Reynolds at 2020-11-12T12:08:01-05:00
Issue 4383 - Do not normalize escaped spaces in a DN
Bug Description: Adding an entry with an escaped leading space leads to many
problems. Mainly id2entry can get corrupted during an
import of such an entry, and the entryrdn index is not
updated correctly
Fix Description: In slapi_dn_normalize_ext() leave an escaped space intact.
Relates: https://github.com/389ds/389-ds-base/issues/4383
Reviewed by: firstyear, progier, and tbordaz (Thanks!!!)
- - - - -
4a2d711b by progier389 at 2020-11-12T18:50:04+01:00
do not add referrals for masters with different data generation #2054 (#4427)
Bug description:
The problem is that some operation mandatory in the usual cases are
also performed when replication cannot take place because the
database set are differents (i.e: RUV generation ids are different)
One of the issue is that the csn generator state is updated when
starting a replication session (it is a problem when trying to
reset the time skew, as freshly reinstalled replicas get infected
by the old ones)
A second issue is that the RUV got updated when ending a replication session
(which may add replica that does not share the same data set,
then update operations on consumer retun referrals towards wrong masters
Fix description:
The fix checks the RUVs generation id before updating the csn generator
and before updating the RUV.
Reviewed by: mreynolds
firstyear
vashirov
Platforms tested: F32
- - - - -
87712846 by William Brown at 2020-11-13T08:58:04+10:00
Issue 4428 - Paged Results with Chaining Test Case
Bug Description: This test case shows how a paged search with criticality
set to false, causes chaining to sigsegv.
Fix Description: N/A - this is a reproducer, not the fix.
fixes: #4428
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389
- - - - -
7f241dc7 by William Brown at 2020-11-13T08:58:04+10:00
Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining
Bug Description: When a paged search through chaining backend is
received with a false criticality (such as SSSD), chaining backend
will sigsegv due to a null context.
Fix Description: When a NULL ctx is recieved to be freed, this is
as paged results have finished being sent, so we check the NULL
ctx and move on.
fixes: #4428
Author: William Brown <william at blackhats.net.au>
Review by: @droideck, @mreynolds389
- - - - -
d644ebaa by William Brown at 2020-11-17T10:21:35+10:00
Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid
Bug Description: The mapping tree is built and arranged based on
the content of the nsslapd-parent-suffix attribute. However, it is
possible that this value is invalid pointing at a non-existant
suffix, or that it could be pointing at a suffix that is invalid
in the suffix hierarchy that mapping trees expect.
https://www.port389.org/docs/389ds/design/mapping_tree_assembly.html
Fix Description: Rather than build the mapping tree by arranging
nodes through the nsslapd-parent-suffix value, we should sort and build
them through the known and defined suffix values in cn (which we already)
rely upon to be correct. This allows stable ordering and avoids potential
user and developer errors.
fixes: #4373
Author: William Brown <william at blackhats.net.au>
Review by: @progier389, @mreynolds389 (Thanks!)
- - - - -
33279b75 by William Brown at 2020-11-17T10:28:27+10:00
Issue 4410 RFE - ndn cache with arc in rust
Bug Description: As we move to LMDB and require a concurrently
readable model, we need access to concurrently readable datastructures.
Fix Description: This is a poc of NDN cache in rust with
a concurrently readable adaptive replacement cache.
fixes: #4410
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
3c3e1f30 by progier389 at 2020-11-19T10:21:10+01:00
Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444)
Bug description:
Got TypeError exception when usign:
dsctl -v slapd-localhost ldifgen users --suffix
dc=example,dc=com --parent ou=people,dc=example,dc=com
--number 100000 --generic --start-idx=50
The reason is that by default python parser provides
value for numeric options:
as an integer if specified by "--option value" or
as a string if specified by "--option=value"
Fix description:
convert the numeric parameters to integer when using it.
options impacted are:
- in users subcommand: --number , --start-idx
- in mod-load subcommand: --num-users, --add-users,
--del-users, --modrdn-users, --mod-users
FYI: An alternative solution would have been to indicate the
parser that these values are an integer. But two reasons
leaded me to implement the first solution:
- first solution fix the problem for all users while the
second one fixes only dsctl command.
- first solution is easier to test:
I just added a new test file generated by a script
that duplicated existing ldifgen test, renamed the
test cases and replaced the numeric arguments by
strings.
Second solution would need to redesign the test framework
to be able to test the parser.
relates: https://github.com/389ds/389-ds-base/issues/4440
Reviewed by:
Platforms tested: F32
- - - - -
61738d31 by Viktor Ashirov at 2020-11-23T14:16:26+01:00
Fix pytest test collection
Bug Description:
Some tests were missing tier0 and tier1 marks, didn't have _test
postfix in the filename.
Because of this some tests were not collected and not executed.
Fix Description:
* Add missing pytest marks for tier0 and tier1
* Rename test modules to have _test in the filename.
Reviewed by: Simon (Thanks!)
- - - - -
4d5915f3 by Simon Pichugin at 2020-11-24T17:06:52+01:00
Issue 4105 - Remove python.six from lib389 (#4456)
Description: We no longer use python 2, we can remove all the python-six
imports and replace code with Python 3 support only.
Fixes: #4105
Reviewed by: @mreynolds389 @Firstyear (Thanks!)
- - - - -
73ee04fa by progier389 at 2020-11-24T19:22:49+01:00
Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451)
Bug Description:
"dsconf replication monitor" fails to retrieve database RUV entry from consumer and this
appears into the Cockpit web UI too.
The problem is that the bind credentials are not rightly propagated when trying to get
the consumers agreement status. Then supplier credntials are used instead and RUV
is searched anonymously because there is no bind dn in ldapi case.
Fix Description:
- Propagates the bind credentials when computing agreement status
- Add a credential cache because now a replica password could get asked several times:
when discovering the topology and
when getting the agreement maxcsn
- Testcase test_dsconf_replication_monitor is modified to:
- Assert when getting "consumer (Unavalaible)" status
- Add a step using a freshly generated Dirsrv instance (as dsconf does)
rather than using the topology one
FYI: although the feature was tested in test_dsconf_replication_monitor py.test
the test does not hit the bug because of several side effects:
- If consumer credentials are not provided the suplier credentials are used.
- topology generated DirSrv instance has a bind DN.
- topology masters have the same credentials
DirSrv generated by dsconf (in ldapi case) have no bind DN and hits the bugs
- Add a comment about nonlocal keyword
Relates: #4449
Reviewers:
firstyear
droideck
mreynolds
Issue 4449: Add a comment about nonlocal keyword
- - - - -
8bb2f6b3 by Akshay Adhikari at 2020-11-25T13:40:35+01:00
Issue 4112 - Added a CI test (#4441)
Issue 4112 - Added a CI test
Bug Description: If the dbhome directory is set, eg to /dev/shm/instance
then an online backup fails because it looks for the log.000000x file
in the wring directory.
Relates: #4112
Reviewed by: Firstyear,droideck (Thanks!)
- - - - -
c87084de by tbordaz at 2020-11-25T18:07:34+01:00
Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439)
Bug description:
Previous fix is buggy because slapi_filter_escape_filter_value returns
a escaped filter component not an escaped assertion value.
Fix description:
use the escaped filter component
relates: https://github.com/389ds/389-ds-base/issues/4297
Reviewed by: William Brown
Platforms tested: F31
- - - - -
d6f73060 by Mark Reynolds at 2020-11-25T16:25:43-05:00
Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set
Description: The UI schema page was not handling objectclasses that did not
have x-origin set. This patch prevents the browser from crashing
in that case.
Relates: https://github.com/389ds/389-ds-base/issues/3986
Reviewed by: mreynolds (one line commit rule)
- - - - -
bc6edc01 by William Brown at 2020-11-26T08:16:49+10:00
Issue 4454 - RFE - fix version numbers to allow object caching
Bug Description: ccache and sccache are unable to cache object
files in 389-ds due to the use of BUILDNUM that takes a current
time including minutes, and VERSION.sh using the current
date and git commit which can change between branches.
Fix Description: When using --enable-debug, BUILDNUM and VERSION
are set to 0 or "DEVELOPER BUILD". Since this is now static
object caching can now occuring, reducing developer recompile
times and allowing incremental compilation to work correctly.
fixes: #4454
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
ca65f3a6 by Mark Reynolds at 2020-11-25T17:50:31-05:00
Issue 3657 - Add options to dsctl for dsrc file
Description: Add options to create, modify, delete, and display
the .dsrc CLI tool shortcut file.
Relates: https://github.com/389ds/389-ds-base/issues/3657
Reviewed by: firstyear(Thanks!)
- - - - -
ce7beae4 by William Brown at 2020-11-26T09:28:33+10:00
Issue 4460 - BUG - lib389 should use system tls policy
Bug Description: Due to some changes in dsrc for tlsreqcert
and how def open was structured in lib389, the system ldap.conf
policy was ignored.
Fix Description: Default to using the system ldap.conf policy
if undefined in lib389 or the tls_reqcert param in dsrc.
fixes: #4460
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
f1243f7c by tbordaz at 2020-11-30T09:03:33+01:00
Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467)
Bug description:
This test case was incorrect.
During a refreshPersistent search, a cookie is sent
with the intermediate message that indicates the end of the refresh phase.
Then a second cookie is sent on the updated entry (group10)
I believed this test was successful some time ago but neither python-ldap
nor sync_repl changed (intermediate sent in post refresh).
So the testcase was never successful :(
Fix description:
The fix is just to take into account the two expected cookies
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: Mark Reynolds
Platforms tested: F31
- - - - -
a98fe542 by James Chapman at 2020-11-30T15:28:05+00:00
Issue 4418 - ldif2db - offline. Warn the user of skipped entries
Bug Description: During an ldif2db import entries that do not
conform to various constraints will be skipped and not imported.
On completition of an import with skipped entries, the server
returns a success exit code and logs the skipped entry detail to
the error logs. The success exit code could lead the user to
believe that all entries were successfully imported.
Fix Description: If a skipped entry occurs during import, the
import will continue and a warning will be returned to the user.
CLI tools for offline import updated to handle warning code.
Test added to generate an incorrect ldif entry and perform an
import.
Fixes: #4418
Reviewed by: Firstyear, droideck (Thanks)
- - - - -
a5029c80 by Mark Reynolds at 2020-11-30T11:40:36-05:00
Issue 4384 - Use MONOTONIC clock for all timing events and conditions
Bug Description: All of the server's event handling and replication were
based on REALTIME clocks, which can be influenced by the
system changing. This could causes massive delays, and
simply cause unexpected behavior.
Fix Description: Move all condition variables to use pthread instead of NSPR
functions. Also make sure we use MONOTONIC clocks when we
get the current time when checking for timeouts and other
timed events.
Relates: https://github.com/389ds/389-ds-base/issues/4384
Reviewed by: elkris, firstyear, and tbordaz (Thanks!!!)
Apply firstyear's sugestions
Apply Firstyear's other suggestions
Apply Thierry's suggestions
- - - - -
782e6c1e by Mark Reynolds at 2020-11-30T16:30:39-05:00
Issue 4105 - Remove python.six (fix regression)
Description: The switch off of six StringIO was not correctly ported,
and an object was assigned to a variable instead of the
variable being initialized with a new instance of the
object.
Fixes: https://github.com/389ds/389-ds-base/issues/4105
Reviewed by: mreynolds(one line commit rule)
- - - - -
b7219518 by William Brown at 2020-12-01T13:15:14+10:00
Issue 4464 - RFE - clang with ds+asan+rust
Bug Description: Some subtle issues existed when using clang with
ds for builds, emiting warnings or not working (asan).
Fix Description: Remove some compiler flags that caused warnings,
and clean up how to emit certain linking related parts for asan
and dynamic libs for clang.
fixes: #4464
Author: William Brown <william at blackhats.net.au>
Review by: vashirov (thanks!)
- - - - -
7d2f95dc by tbordaz at 2020-12-01T15:15:21+01:00
Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466)
Bug description:
Individual testcase run fine but they fails when
run in a raw
Fix description:
Each testcase needs to do cleanup (at the end) or
make initialization more robust
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: William Brown, Simon Pichugin (Thanks !)
Platforms tested: F31
- - - - -
2eba8fec by Barbora Simonova at 2020-12-03T11:10:10+01:00
Issue 4284 - dsidm fails to delete an organizationalUnit entry
Description:
Created test for dsidm organizationalunit delete and moved the function
check_value_in_log_and_reset() to __init__.py, because it will be used for
other dsidm tests.
Also modified the delete() function in lib389 to be able to delete the entry
without warning message for test purposes.
Relates: https://github.com/389ds/389-ds-base/issues/4284
Reviewed by: droideck (Thanks!)
- - - - -
52215dcb by William Brown at 2020-12-04T10:13:05+10:00
Issue 4446 RFE - openldap password hashers
Bug Description: To allow easier migrations, we need to support
some password types that OpenLDAP has that we do not. This
is mainly PBKDF2 types. OpenLDAP's hashers are
based on python passlib, so they also store the values in
a different way than our PBDKF2 module.
Fix Description: This adds passlib style PBKDF2 support, written
in Rust. It extends the slapi_r_plugin shim to support password
extensions for Rust plugins, as well as providing a number of
small improvements to the build system and testing for rust
plugins.
fixes: #4446
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks)
- - - - -
dec149b4 by Firstyear at 2020-12-04T10:14:33+10:00
Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472)
Bug Description: During SSCA creation, the server cert did not have
the machine name, which meant that the cert would not work without
reqcert = never.
Fix Description: Add the machine name as an alt name during SSCA
creation. It is not guaranteed this value is correct, but it
is better than nothing.
relates: https://github.com/389ds/389-ds-base/issues/4460
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds389, droideck
- - - - -
74a96c6a by tbordaz at 2020-12-07T09:41:27+10:00
Issue 4315: performance search rate: nagle triggers high rate of setsocketopt (#4437)
Bug description:
When a socket is set with NO_DELAY=0 (nagle), written pdu are buffered
until buffer is full or tcp_cork is set. This reduce network traffic when
the application writes partial pdu.
DS write complete pdu (results/entries/..) so it gives low benefit for DS.
In addition nagle being 'on' by default, DS sets/unset socket tcp_cork to send
immediately results/entries at each operation. This is an overhead of syscalls.
Fix description:
Disable nagle by default
relates: https://github.com/389ds/389-ds-base/issues/4315
Reviewed by: @mreynolds389, @Firstyear
Platforms tested: F33
- - - - -
87b39043 by tbordaz at 2020-12-08T08:32:21+01:00
Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475)
Bug description:
Cookie changenumber can be 0.
test_sync_repl_cookie_add_del and test_sync_repl_mep are not
accepting this value
Fix description:
change the assertion
relates: https://github.com/389ds/389-ds-base/issues/4243
Reviewed by: William Brown, Simon Pichugin (thanks for this continuous effort on
buggy testcases :) )
Platforms tested: F31
- - - - -
1af84fd1 by James Chapman at 2020-12-09T22:42:59+00:00
Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476)
Bug Description: During an online ldif2db import entries that do not
conform to various constraints will be skipped and
not imported. On completition of an import with skipped
entries, the server responds with a success message
and logs the skipped entry detail to the error logs.
The success messgae could lead the user to believe
that all entries were successfully imported.
Fix Description: If a skipped entry occurs during import, the import
will continue and a warning message will be displayed.
The schema is extended with a nsTaskWarning attribute
which is used to capture and retrieve any task
warnings.
CLI tools for online import updated.
Test added to generate an incorrect ldif entry and perform an
online import.
Fixes: https://github.com/389ds/389-ds-base/issues/4419
Reviewed by: tbordaz, mreynolds389, droideck, Firstyear (Thanks)
- - - - -
4b501a5e by William Brown at 2020-12-10T09:29:40+10:00
Ticket 4313 - fix potential syncrepl data corruption
Bug Description: The cookie encodes which changelog entries we
have seen up to and including. However, the sync process would then
re-send the cl item from the cookie number. This could cause corruption
in some cases as some combinations of actions between two points
are no-oped in the server.
Fix Description: Fix the changelog search to always process that
entries of the CL must be greater than, but not equal to the
already seen CL items from the cookie.
Fixes: https://github.com/389ds/389-ds-base/issues/4313
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
d2a3f2eb by William Brown at 2020-12-10T09:29:40+10:00
Ticket 4313 - improve tests and improve readme re refdel
Bug Description: This is a supplement to 51260.
Fix Description: This expands the test cases to be able to detect
the subsequent data corruption of 51260. This also improves
documentation around the rfc, and some todo comments for
future work with entryuuid + openldap.
Fixes: https://github.com/389ds/389-ds-base/issues/4313
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
5a3a6e50 by William Brown at 2020-12-10T09:29:40+10:00
Ticket 4224 - openldap can become confused with entryuuid
Bug Description: OpenLDAP server as a syncrepl consumed enforces
the condition that syncUUID in ldap messages must match the entryuuid
of the entry. This is not in the RFC but it affects this one situation.
Fix Description: To resolve this, we enforce that entryuuid is a
requirement to the openldap syncrepl mode. Only entries with an
entryuuid can be sent to openldap. Additionally, this mode is disabled
by default by a configuration parameter "syncrepl-allow-openldap" in
the content sync plugin config.
Fixes: https://github.com/389ds/389-ds-base/issues/4224
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz (Thanks!)
- - - - -
7ed09120 by Firstyear at 2020-12-10T12:45:54+10:00
Issue 4229 - RFE - Improve rust linking and build performance (#4474)
Bug Description: Due to changes in how we approach rust in our
make system, we can improve this significantly to reduce complexity
in our linking, and to remove a large quantity of deadcode that
is no longer needed.
Fix Description: Remove older parts of sds (removed in favour
of rust datastructures and concread), and remove lfds which
is no longer used from nunc-stans
fixes: https://github.com/389ds/389-ds-base/issues/4229
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks!)
- - - - -
f0825275 by James Chapman at 2020-12-10T03:15:43+00:00
Issue 4489 - Remove return statement from a void function (#4490)
Bug Description: void function returns a value, causing compiler warnings.
Fix Description: Remove return statement.
Relates: https://github.com/389ds/389-ds-base/issues/4419
Reviewed by: One line rule
- - - - -
bdf955bd by Mark Reynolds at 2020-12-10T12:04:51-05:00
Issue 4421 - Unable to build with Rust enabled in closed environment
Description: Add Makefile flags and update rpm.mk that allow updating
and downloading all the cargo/rust dependencies. This is
needed for nightly tests and upstream/downstream releases.
Fixes: https://github.com/389ds/389-ds-base/issues/4421
Reviewed by: firstyear(Thanks!)
- - - - -
4715f372 by Mark Reynolds at 2020-12-10T15:34:31-05:00
Issue 4224 - cleanup specfile after libsds removal
Description: The original commit for this ticket did not cleanup the specfile
relates: https://github.com/389ds/389-ds-base/issues/4224
Reviewed by: mreynolds(one line commit rule)
- - - - -
09d3ab7d by James Chapman at 2020-12-10T22:23:39+00:00
Issue 4486 - Remove random ldif file generation from import test (#4487)
Bug Description: The test_fast_slow_import() test validates the performance
impact of the nsslapd-db-private-import-mem config attribute
over multiple ldif file offline imports. For each import, a
random ldif file is generated which can differ in size,
effecting the duration of the import.
Fix Description: Check if the ldif file exists before creating a new one, so we
have the same ldif file for each import comparison.
Fixes: https://github.com/389ds/389-ds-base/issues/4486
Reviewed by: Firstyear, droideck (Thank you)
- - - - -
429c2f85 by Mark Reynolds at 2020-12-11T15:25:09-05:00
Issue 4483 - heap-use-after-free in slapi_be_getsuffix
Description: heap-use-after-free in slapi_be_getsuffix after disk
monitoring runs. This feature is freeing a list of
backends which it does not need to do.
Fixes: https://github.com/389ds/389-ds-base/issues/4483
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
32413b5b by Firstyear at 2020-12-14T11:16:31+10:00
Issue 4373 - BUG - calloc of size 0 in MT build (#4496)
Bug Description: In some cases it's possible for there to be
no mapping trees which causes a warning of a calloc of size
0.
Fix Description: In these cases, we can skip the attempt to calloc
and build.
fixes: https://github.com/389ds/389-ds-base/issues/4373
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
f629f8f5 by tbordaz at 2020-12-14T10:02:24+01:00
Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493)
Bug description:
When a replication session starts, a starting point is computed
according to supplier/consumer RUVs.
from the starting point the updates are bulk loaded from the CL.
When a bulk set have been fully evaluated the server needs to bulk load another set.
It iterates until there is no more updates to send.
The bug is that during bulk load, it recomputes the CL cursor position
and this computation can be wrong. For example if a new update on
a rarely updated replica (or not known replica) the new position will
be set before the inital starting point
Fix description:
Fixing the invalid computation is a bit risky (complex code resulting from
years of corner cases handling) and a fix could fail to address others flavor
with the same symptom
The fix is only (sorry for that) safety checking fix that would end a replication session
if the computed cursor position goes before the initial starting point.
In case of large jump behind (24h) the starting point, a warning is logged.
relates: https://github.com/389ds/389-ds-base/issues/4492
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31
- - - - -
9fa46b83 by Mark Reynolds at 2020-12-14T10:08:23-05:00
Issue 3522 - Remove DES to AES conversion code
Description: remove the reversible password storage scheem upgrade code.
This was only needed for people moving from 1.2.10, which
has not been supported for years.
Fixes: https://github.com/389ds/389-ds-base/issues/3522
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
07b678dc by Simon Pichugin at 2020-12-14T21:13:45+01:00
Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481)
Description: Libraries like libldap, libber do error and debug
logging, but it is not available in the DS logs.
Provide a way to enable the third party logging in DS.
Add nsslapd-external-libs-debug-enabled attribute to 'cn=config'
which will enable all of the levels available in libldap and libber.
The setting should be used only for debugging purposes as
it prints all of the operations with great verbosity.
The code for log_external_libs_debug_print() and
log_external_libs_debug_set_log_fn() functions are provided
by a former Red Hat employee - Ludwig Krispenz.
Fixes: #1795
Reviewed by: @Firstyear and @tbordaz (Thanks!)
- - - - -
bf46ccec by Stanislav Levin at 2020-12-15T09:49:34+10:00
Issue 4272 RFE - add support for gost-yescrypt for hashing passwords (#4497)
Bug Description: The state standard of Russian Federation requires
strong password hashes relied on GOST R 34.11-2012 (also known as
Streebog[0]) hash function.
Fix Description: One of the implementations of Streebog hash function
was made by libxcrypt, which has come as the replacement of glibc's
libcrypt. This means that several of the pwdstorage plugins have already
linked against libxcrypt.
>From libxcrypt docs:
gost-yescrypt uses the output from the yescrypt hashing method in
place of a hmac message. Thus, the yescrypt crypto properties
are superseeded by the GOST R 34.11-2012 (Streebog) hash function
with a 256 bit digest.
[0]: https://tools.ietf.org/html/rfc6986
fixes: #4272
Reviewed by: @Firstyear, @mreynolds389 (Thanks!)
- - - - -
d7bef97b by Mark Reynolds at 2020-12-15T16:54:43-05:00
Merge pull request #4501 from mreynolds389/issue4500
Issue 4500 - add cockpit options to dsctl
- - - - -
b9edaacf by Firstyear at 2020-12-16T08:57:24+10:00
Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502)
Bug Description: We had a free on the wrong line which could
lead to a memory leak during server setup.
Fix Description: Free results if ent count is 0
fixes: https://github.com/389ds/389-ds-base/issues/4373
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @tbordaz (Thanks!)
- - - - -
0b08e6f3 by progier389 at 2020-12-16T16:21:35+01:00
Issue #4504 - Fix pytest test_dsconf_replication_monitor (#4505)
- - - - -
cc0f6928 by tbordaz at 2020-12-16T16:30:28+01:00
Issue 4480 - Unexpected info returned to ldap request (#4491)
Bug description:
If the bind entry does not exist, the bind result info
reports that 'No such entry'. It should not give any
information if the target entry exists or not
Fix description:
Does not return any additional information during a bind
relates: https://github.com/389ds/389-ds-base/issues/4480
Reviewed by: William Brown, Viktor Ashirov, Mark Reynolds (thank you all)
Platforms tested: F31
- - - - -
0f38410a by Firstyear at 2020-12-17T08:22:23+10:00
Issue 4498 - BUG - entryuuid replication may not work (#4503)
Bug Description: EntryUUID can be duplicated in replication,
due to a missing check in assign_uuid
Fix Description: Add a test case to determine how this occurs,
and add the correct check for existing entryUUID.
fixes: https://github.com/389ds/389-ds-base/issues/4498
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
a1618152 by Mark Reynolds at 2021-01-04T23:25:30-05:00
Issue 4507 - Improve csngen testing task (#4508)
Description: Once the csngen testing task is created, it will not stop for 10 minutes
even if you attempt to stop the server. This is adding 10 minutes to
the CI testing runs.
Improved this task to check for the server shutdown, an moved the csngen
test to the bottom of the file so it is executed last so it does not
interfere with other tests
Fixes: https://github.com/389ds/389-ds-base/issues/4507
Reviewed by: tbordaz(Thanks!)
- - - - -
3ab35273 by Firstyear at 2021-01-06T11:12:39+10:00
Issue 4517 - BUG: Multiple systemd pin warnings (#4518)
Bug Description: When multiple entries exist under
cn=encryption,cn=config then we log a warning for each
entry that systemd ask pass may be needed. This creates noise
when the warning is needed once.
Fix Description: Move the warning to outside the loop.
fixes: https://github.com/389ds/389-ds-base/issues/4517
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck (Thanks!)
- - - - -
3b0f3385 by Mark Reynolds at 2021-01-06T20:41:22-05:00
Issue 4414 - disk monitoring - prevent division by zero crash
Bug Description: If a disk mount has zero total space or zero used
space then a division by zero can occur and the
server will crash.
It has also been observed that sometimes a system
can return the wrong disk entirely, and when that
happens the incorrect disk also has zero available
space which triggers the disk monitioring thread to
immediately shut the server down.
Fix Description: Check the total and used space for zero and do not
divide, just ignore it. As a preemptive measure
ignore disks from /dev, /proc, /sys (except /dev/shm).
Yes it's a bit hacky, but the true underlying cause
is not known yet. So better to be safe than sorry.
Relates: https://github.com/389ds/389-ds-base/issues/4414
Reviewed by: firstyear(Thanks!)
- - - - -
53af2749 by Simon Pichugin at 2021-01-07T06:11:56+01:00
Issue 4513 - Fix schema test and lib389 task module (#4514)
Issue 4513 - Fix schema test and lib389 task module
Description: Fix the assertion in schema_test.py.
Make sure that all of the tasks are up to date
with the recent changes in the task API.
Relates: #4513
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
1bcd2b43 by Mark Reynolds at 2021-01-07T20:33:46-05:00
Issue 4381 - RFE - LDAPI authentication DN rewritter
Description: Create a new LDAPI configuration entry to specify a DN
mapping based on system user name. This also includes
a reload task.
For more information see:
https://www.port389.org/docs/389ds/design/ldapi-auto-auth-dn-design.html
Relates: https://github.com/389ds/389-ds-base/issues/4381
Reviewed by: firstyear & cheimes(Thanks!!)
Apply Firstyear's suggestions
- - - - -
65678bb3 by Mark Reynolds at 2021-01-07T20:36:13-05:00
Issue 4384 - Separate eventq into REALTIME and MONOTONIC
Description: The recent changes to the eventq "when" time changed
internally from REALTIME to MONOTONIC, and this broke
the API. Create a new API for MONOTONIC clocks, and
keep the original API intact for REALTIME clocks.
Relates: https://github.com/389ds/389-ds-base/issues/4384
Reviewed by: firstyear(Thanks!)
- - - - -
89367c67 by Viktor Ashirov at 2021-01-10T14:19:07+01:00
Issue 4219 - Log internal unindexed searches (notes=A)
Description:
Add a test case.
Relates: https://github.com/389ds/389-ds-base/issues/4219
Reviewed by: @mreynolds389, @droideck, @tmihinto (Thanks!)
- - - - -
acaf2235 by tbordaz at 2021-01-11T17:33:06+01:00
Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525)
Bug description:
For each returned entry, deref plugin dereferences some attribute values that refer to entries.
To do this it does an internal search (scope base) with each attribute values.
Deref plugin assumes that if internal search succeeds, a single entry is returned.
It exists cases (not identified) where internal search succeeds but returns no entry.
In such case (search succeeds but no entry returned) the server crash.
Note: wonder if DB deadlock could lead to such situation.
Fix description:
Make a hardening fix that logs warning in such case
relates: https://github.com/389ds/389-ds-base/issues/4521
Reviewed by: Mark Reynolds (thanks)
Platforms tested: F31
- - - - -
bcd39f16 by Firstyear at 2021-01-12T12:46:37+10:00
Issue 4506 - BUG - Fix bounds on fd table population (#4520)
Bug Description: While investigating 4506 it was noticed that
it was possible to exceed the capacity of the connection table
fd array if you had many listeners and a large number of
connections. The number of connections required and in the
correct state to cause this is in the thousands and would
be infeasible in reality, but it is still worth defending
from this.
Fix Description: Add the correct bound on the while loop
setting up the fd for polling.
relates: https://github.com/389ds/389-ds-base/issues/4506
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
279556bc by progier389 at 2021-01-12T11:06:24+01:00
Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527)
- - - - -
78f6203d by progier389 at 2021-01-12T13:57:13+01:00
Issue 4504 - pytest test_dsconf_replication_monitor fails on RHEL - Fix merging issue (#4530)
* Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL)
* Issue #4504 - Fix pytest test_dsconf_replication_monitor on RHEL
* Issue #4504 - Fix pytest test_dsconf_replication_monitor on RHEL
- - - - -
f06181b2 by Barbora Simonova at 2021-01-12T15:39:08+01:00
Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt
Description:
The config value of nsslapd-nagle is now set to 'off' by default.
Added a test case, that checks the value.
Relates: https://github.com/389ds/389-ds-base/issues/4315
Reviewed by: droideck (Thanks!)
- - - - -
a880fddc by progier389 at 2021-01-12T17:45:41+01:00
Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533)
- - - - -
279b68d5 by Mark Reynolds at 2021-01-12T12:42:02-05:00
Issue 4513 - CI Tests - fix test failures
Description:
Fixed tests in these suites: basic, entryuuid, filter, lib389, and schema
relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: progier(Thanks!)
- - - - -
6dd37b4f by Robbie Harwood at 2021-01-13T09:42:26+10:00
Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523)
Bug description:
set_krb5_creds() creates a principal with an empty string for a realm,
and assumes this will function as a wildcard. However, this behavior is
not a guarantee that krb5 provides; dependent on canonicalization
settings, it could result in later failures in SASL.
Fix description:
Remove set_krb5_creds(). Previously, this function existed in order to
treat the keytab at KRB5_KTNAME as a source of initiator credentials.
However, since krb5-1.11, there is a separate environment variable
KRB5_CLIENT_KTNAME that provides this functionality.
In the process, remove the unused Heimdal vestiges. In
773e89898d995f4dfecbe872dd6679f4ae2e542d , the semantics of HAVE_KRB5
were changed to refer to specifically MIT krb5. As a result, none of
the Kerberos goo has run against Heimdal since then. When Heimdal has a
feature release, it will also support KRB5_CLIENT_KTNAME, and so this
code will work with it too.
relates: https://github.com/389ds/389-ds-base/issues/4537
Author: Robbie Harwood <rharwood at redhat.com>
Review by: @Firstyear, @mreynolds389, @droideck (Thanks!)
- - - - -
ef8328f7 by Mark Reynolds at 2021-01-13T08:57:35-05:00
Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated
Bug Description:
If a backend is not replicated then healthcheck backend cl_trimming check will
throw an exception. Now dsctl catches this error and moves on, but ipa healthcheck
complains becuase it is directly using the API.
Fix Description:
Catch the exception is rpelciation is not enabled, and just move to the next check.
Fixes: https://github.com/389ds/389-ds-base/issues/4535
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
290c408a by Simon Pichugin at 2021-01-13T15:16:08+01:00
Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529)
Bug Description: While doing a ldapsearch on "cn=monitor" is
throwing err=32 with -s one.
Fix Description: 'cn=monitor' is not a real entry so we should not
trying to check if the searched suffix (cm=monitor or its children)
belongs to the searched backend.
Fixes: #4528
Reviewed by: @mreynolds389 @Firstyear @tbordaz (Thanks!)
- - - - -
ffc9f525 by Firstyear at 2021-01-14T09:08:09+10:00
Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540)
Bug Description: If no overlays were configured in openldap, the migration
would fail with no such file or directory.
Fix Description: Check if the overlay folder in slapd.d exists as python
listdir can not handle if the directory does not exist.
fixes: https://github.com/389ds/389-ds-base/issues/4539
Author: William Brown <william at blackhats.net.au>
Review by: @droideck (Thanks!)
- - - - -
6d17ca7d by Mark Reynolds at 2021-01-14T13:16:20-05:00
Bump version to 2.0.2
- - - - -
2bee54eb by Mark Reynolds at 2021-01-14T16:47:25-05:00
Update rpm.mk for RUST tarballs
- - - - -
54a74194 by Robbie Harwood at 2021-01-15T08:43:38+10:00
Issue 4544 - Compiler warnings on krb5 functions (#4545)
Bug description: 6dd37b4fa801b64af0f26293c359a08d744661b2
introduced compiler warnings on unused code.
Fix description: Remove the dead code.
relates: https://github.com/389ds/389-ds-base/issues/4544
Author: Robbie Harwood <rharwood at redhat.com>
Review by: @Firstyear @mreynolds389
- - - - -
111774dc by progier389 at 2021-01-18T15:01:08+01:00
Issue 4534 - libasan read buffer overflow in filtercmp (#4541)
- - - - -
9015bff2 by Mark Reynolds at 2021-01-18T09:54:30-05:00
Issue 4535 - lib389 - Fix log function in backends.py
Description: Had a typo for the log function in a lint test that
is breaking freeipa healthcheck
Relates: https://github.com/389ds/389-ds-base/issues/4535
Reviewed by: mreynolds (one line commit rule)
- - - - -
e4f282e1 by Firstyear at 2021-01-19T11:31:17+10:00
Issue 4506 - Temporary fix for io issues (#4516)
Issue 4506 - RFE - connection accept thread
Bug Description: Previously we accepted connections and
selected for new work in the same event loop. This could
cause connection table polling to delay accepts, and
accepts to delay connection activity from being ready.
Fix Description: This seperates those functions allowing
accept to occur in parallel to our normal work.
fixes: https://github.com/389ds/389-ds-base/issues/4506
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @progier389 (Thanks!)
- - - - -
a4a53e1e by Mark Reynolds at 2021-01-20T11:10:50-05:00
Issue 4548 - CLI - dsconf needs better root DN access control plugin validation
Description: There is no validation done for any of the root DN access control
plugin settings.
Relates: https://github.com/389ds/389-ds-base/issues/4548
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
f3bedfda by Firstyear at 2021-01-21T10:12:57+10:00
Issue 4506 - BUG - fix oob alloc for fds (#4555)
Bug Description: during review it was requested that a piece
of code be changed which seemed quite innocent. The code was
moved but the logic around the code wasn't considered
causing the fd array for the accept thread to be allocated with
a size of zero, causing the values to be lost.
Fix Description: Move the allocation to the correct location.
fixes: https://github.com/389ds/389-ds-base/issues/4506
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck
- - - - -
071793f2 by Akshay Adhikari at 2021-01-21T13:01:27+01:00
Issue 4153 - Added a CI test (#4556)
Bug Description: The numSubordinates value doesn't always match the number of direct subordinate(s)
Relates: #4153
Reviewed by: @droideck
- - - - -
4f4807f0 by Simon Pichugin at 2021-01-22T11:45:57+01:00
Issue 4513 - Fix replication CI test failures (#4557)
Description: Divide regression test suite into separate
files with different topologies to use. It fixes topology
conflicts that may occurre.
Fix cleanup finalizer at topo_with_sigkill fixture.
Remove rfc2307compat test suite as it's not valid
as we don't ship 10rfc2307.ldif anymore.
https://github.com/389ds/389-ds-base/pull/4388/
Relates: #4513
Reviewed by: @mreynolds389, @Firstyear
- - - - -
6ea32f9f by Simon Pichugin at 2021-01-22T16:17:30+01:00
Issue 4513 - Fix replication CI test failures (#4557)
Desciption: Add missing tests from previous commit.
Relates: #4513
Reviewed by: @mreynolds, @Firstyear (Thanks!)
- - - - -
3038c598 by Barbora Simonova at 2021-01-25T15:31:51+01:00
Update metadata for customerscenario in test docstring
Description:
Update metadata for customerscenario in test docstring to be properly imported in Polarion.
- - - - -
b8b822cc by bsimonova at 2021-01-25T16:28:10+01:00
Revert "Update metadata for customerscenario in test docstring"
This reverts commit 3038c59861acf4f30d5100b1c4d163fa9d5d9085.
- - - - -
4513cc46 by James Chapman at 2021-01-26T10:29:42+00:00
Issue 4396 - Minor memory leak in backend (#4558)
Bug Description: As multiple suffixes per backend were no longer used, this
functionality has been replaced with a single suffix per backend. Legacy
code remains that adds multiple suffixes to the dse internal backend,
resulting in memory allocations that are lost.
Also a minor typo is corrected in backend.c
Fix Description: Calls to be_addsuffix on the DSE backend are removed
as they are never used.
Fixes: https://github.com/389ds/389-ds-base/issues/4396
Reviewed by: mreynolds389, Firstyear, droideck (Thank you)
- - - - -
533c5740 by Mark Reynolds at 2021-01-26T11:17:29-05:00
Issue 5442 - Search results are different between RHDS10 and RHDS11
Bug Description: In 1.4.x we introduced a change that was overly strict about
how a search on a non-existent subtree returned its error code.
It was changed from returning an error 32 to an error 0 with
zero entries returned.
Fix Description: When finding the entry and processing acl's make sure to
gather the aci's that match the resource even if the resource
does not exist. This requires some extra checks when processing
the target attribute.
relates: https://github.com/389ds/389-ds-base/issues/4542
Reviewed by: firstyear, elkris, and tbordaz (Thanks!)
Apply Thierry's changes
round 2
Apply more suggestions from Thierry
- - - - -
fe0f6152 by Simon Pichugin at 2021-01-26T17:50:20+01:00
Issue 4513 - Add DS version check to SSL version test (#4570)
Description: Starting from Fedora 33, cryptographic protocols
(TLS 1.0 and TLS 1.1) were moved to LEGACY
Add a 389-ds-base version check so we don't check for the policies
if DS is newer than 1.4.3.
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
Relates: #4513
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
abb93243 by tbordaz at 2021-01-26T18:02:44+01:00
Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569)
Bug description:
The entry cache is protected with recursive mutex. Currently it is
implemented using PR_Monitor (NSPR). When the entry cache mutex
becomes the bottleneck (for example base search searchrate on
the same entry), using pthread recursive mutex gives 8% benefit.
Fix description:
Changing the c_mutex from PR_Monitor to pthread recursive mutex
relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: Mark Reynolds, Simon Pichugin
Platforms tested: F31
- - - - -
ba0e91b4 by tbordaz at 2021-01-27T11:58:38+01:00
Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553)
Bug description:
When an operation complete, it was retrieved in the pending list with
the address of the Operation structure. In case of POST OP nested operations
the same address can be reused. So when completing an operation there could be
a confusion which operation actually completed.
A second problem is that if an update its DB_DEADLOCK, the BETXN_PREOP can
be called several times. During retry, the operation is already in the pending
list.
Fix description:
The fix defines a new operation extension (sync_persist_extension_type).
This operation extension contains an index (idx_pl) of the op_pl in the
the pending list.
And additional safety fix is to dump the pending list in case it becomes large (>10).
The pending list is dumped with SLAPI_LOG_PLUGIN.
When there is a retry (operation extension exists) the call to sync_update_persist_betxn_pre_op
becomes a NOOP: the operation is not added again in the pending list.
relates: https://github.com/389ds/389-ds-base/issues/4526
Reviewed by: William Brown (Thanks !!)
Platforms tested: F31 & F33
- - - - -
08c83d38 by Akshay Adhikari at 2021-01-27T14:30:01+01:00
Issue 4575 - Update test docstrings metadata
Description: Added customerscenario tag in test metadata for all customer tests cases
Relates: https://github.com/389ds/389-ds-base/issues/4575
Reviewed by: @vashirov
- - - - -
82777382 by Mark Reynolds at 2021-01-27T12:26:19-05:00
Issue 4093 - fix compiler warnings and update doxygen
Description: Update the doxy file (doxygen), fix compiler warnings
(x86_64, arm, and s390x), and update Rust cargo file.
relates: https://github.com/389ds/389-ds-base/issues/4093
Reviewed by: firstyear, spichugi, & progier(Thanks!!!)
- - - - -
90c48837 by tbordaz at 2021-01-28T10:39:31+01:00
Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
Bug description:
SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set).
This although the storage field is an unsigned long.
Calling slapi_pblock_get with an long (8 btyes) destination creates
a problem on big-endian (s390x).
Fix description:
Define destination op_type as an int (4 bytes)
relates: https://github.com/389ds/389-ds-base/issues/4563
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F31 (little endian), Debian (big endian)
- - - - -
f41fb942 by Viktor Ashirov at 2021-01-29T10:28:44+01:00
Issue 4577 - Add GitHub actions
Add first set of actions to compile project using gcc and clang.
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: @firstyear, @droideck
- - - - -
95201aa8 by Barbora Simonova at 2021-01-29T15:04:50+01:00
Issue 4348 - Add tests for dsidm
Description:
Created tests for dsidm user option and enhanced
the src/lib389/lib389/cli_idm/__init__.py and src/lib389/lib389/cli_base/__init__.py
so the output gets caught to topology LogCapture to compare the results.
Relates: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: droideck (Thanks!)
- - - - -
15109fc0 by tbordaz at 2021-02-01T09:28:25+01:00
Issue 4581 - A failed re-indexing leaves the database in broken state (#4582)
Bug description:
During reindex the numsubordinates attribute is not updated in parent entries.
The consequence is that the internal counter job->numsubordinates==0.
Later when indexing the ancestorid, the server can show the progression of this
indexing with a ratio using job->numsubordinates==0.
Division with 0 -> SIGFPE
Fix description:
if the numsubordinates is NULL, log a message without a division.
relates: https://github.com/389ds/389-ds-base/issues/4581
Reviewed by: Pierre Rogier, Mark Reynolds, Simon Pichugin, Teko Mihinto (thanks !!)
Platforms tested: F31
- - - - -
64167696 by progier389 at 2021-02-01T10:57:10+01:00
Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
- - - - -
f38b124f by Firstyear at 2021-02-03T09:48:48+10:00
Issue 4588 - BUG - unable to compile without xcrypt (#4589)
Bug Description: If xcrypt is not available, especially on some
distros with older libraries, 389 was unable to build.
Fix Description: Detect if we have xcrypt, and if not, add
stubs that always error instead.
fixes: https://github.com/389ds/389-ds-base/issues/4588
Author: William Brown <william at blackhats.net.au>
Review by: @progier389, @jchapma, @droideck (Thanks!)
- - - - -
4f22163e by Viktor Ashirov at 2021-02-08T17:07:27+01:00
Issue 4577 - Add GitHub actions
Description:
* Update compilation tests to use prebuilt container images
* Add pytest workflow for dirsrvtests
Test suite matrix is generated automatically based
on the contents of the tests suites directory.
Replication test suite is split up futher to speed up test
execution.
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: ??
- - - - -
90da5570 by tbordaz at 2021-02-09T11:43:42+01:00
Issue 4600 - performance modify rate: reduce lock contention on the object extension factory (#4601)
Bug description:
object extension factory uses a simple mutex to protect allocation/destroy object.
This mutex is a NSPR mutex. Using modrate load (entry object), the mutext is the
second hottest contention. Moving it to pthread mutex moves it down to the fifth
hotest.
giving a small throughput benefit (1%)
Fix description:
Use pthread normal mutex
relates: https://github.com/389ds/389-ds-base/issues/4600
Reviewed by: Simon Pichugin, William Brown
Platforms tested: RHEL 8.3 and F31
- - - - -
ec2fc845 by Viktor Ashirov at 2021-02-09T11:49:35+01:00
Issue 4571 - Stale libdb-utils dependency
Description:
libdb-utils was used by `verify-db.pl` to work, but it's no longer needed.
Fix Description:
* Remove libdb-utils dependency from the spec file, `index_dump` tool (superseded by `db_scan`).
* Remove outdated changelog section from the spec file.
Reviewed by: @Firstyear, @droideck (Thanks!)
- - - - -
2b176205 by Barbora Simonova at 2021-02-09T13:00:29+01:00
Issue 4348 - Add tests for dsidm
Description:
Fixed missing reason for xfail mark in test_dsidm_user_get_dn.
Replaced print() statements with log.info() in cli_base and cli_idm init files.
Relates: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: droideck (Thanks!)
- - - - -
b6aae4d8 by Mark Reynolds at 2021-02-10T09:29:31-05:00
Issue 4609 - CVE - info disclosure when authenticating
Description: If you bind as a user that does not exist. Error 49 is returned
instead of error 32. As error 32 discloses that the entry does
not exist. When you bind as an entry that does not have userpassword
set then error 48 (inappropriate auth) is returned, but this
discloses that the entry does indeed exist. Instead we should
always return error 49, even if the password is not set in the
entry. This way we do not disclose to an attacker if the Bind
DN exists or not.
Relates: https://github.com/389ds/389-ds-base/issues/4609
Reviewed by: tbordaz(Thanks!)
- - - - -
137db805 by progier389 at 2021-02-10T19:18:00+01:00
issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613)
- - - - -
fc69ddb9 by Firstyear at 2021-02-11T15:12:38+10:00
Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
Bug Description: Improve the --help page, and finish wiring in some
features.
Fix Description: Wire in exclusion of attributes/schema for migration.
fixes: https://github.com/389ds/389-ds-base/issues/4591
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @droideck
- - - - -
3e09bff1 by Viktor Ashirov at 2021-02-11T15:26:16+01:00
Issue 4577 - Add GitHub actions
Description:
* Enable IPv6 support for docker daemon
* Set server.example.com as FQDN for container
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: @droideck (Thanks!)
- - - - -
946f2048 by Mark Reynolds at 2021-02-11T10:19:25-05:00
Issue 4149 - UI - port TreeView and opther components to PF4
Description: This ports all th TreeViews to PF4, and also does some proof
of concept changes for PF3 to PF4 migration. There is much
more needed, but this does not break anything
relates: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
- - - - -
20b9ec53 by Jack at 2021-02-12T11:40:05+10:00
Update dscontainer (#4564)
Issue 4564 - RFE - Add suffix to dscontainer rc file
Bug Description: The suffix was not added before, adding a hurdle to
automatic admin of the container instance
Fix Description: If the suffix is set, add it to the created rc file.
fixes: https://github.com/389ds/389-ds-base/pull/4564
Author: @Jackbennett
Review by: @Firstyear
- - - - -
66221963 by progier389 at 2021-02-12T12:34:22+01:00
Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm
A massive change (https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html) that implements and use the dbimpl API in the backend.
- - - - -
145e27fa by Simon Pichugin at 2021-02-12T13:12:51+01:00
Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
Description: RHDS instance will fail to start if the TLS server
certificate nickname doesn't match the value of the configuration
parameter "nsSSLPersonalitySSL".
The mismatch typically happens when customers copy the NSS DB from
a previous instance or export the certificate's data but forget to set
the "nsSSLPersonalitySSL" value accordingly.
Log an additional message which should help a user to set up
nsSSLPersonalitySSL correctly.
Fixes: #4593
Reviewed by: @Firstyear (Thanks!)
- - - - -
a7766ffb by Mark Reynolds at 2021-02-12T12:28:53-05:00
Issue 4324 - Some architectures the cache line size file does not exist
Bug Description: When optimizing our mutexes we check for a system called
coherency_line_size that contains the size value, but if
the file did not exist the server would crash in PR_Read
(NULL pointer for fd).
Fix Description: Check PR_Open() was successfully before calling PR_Read().
Relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: tbordaz(Thanks!)
- - - - -
07b5a79a by progier389 at 2021-02-12T20:52:48+01:00
Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618)
see design document https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html
- - - - -
404e278e by Mark Reynolds at 2021-02-12T15:11:18-05:00
Issue 4615 - log message when psearch first exceeds max threads per conn
Desciption: When a connection hits max threads per conn for the first time
log a message in the error. This will help customers diagnosis
misbehaving clients.
Fixes: https://github.com/389ds/389-ds-base/issues/4615
Reviewed by: progier389(Thanks!)
- - - - -
53075a88 by Mark Reynolds at 2021-02-12T15:16:12-05:00
Issue 4619 - remove pytest requirement from lib389
Description: Remove the requirement for pytest from lib389, it causes
unneeded package requirements on Fedora/RHEL.
Fixes: https://github.com/389ds/389-ds-base/issues/4619
Reviewed by: mreynolds(one line commit rule)
- - - - -
a355b30b by Mark Reynolds at 2021-02-12T15:28:16-05:00
Bump version to 2.0.3
- - - - -
a2af7c54 by Mark Reynolds at 2021-02-17T20:14:01-05:00
Issue 4513 - CI - make acl ip address tests more robust
Description: The tests aumme the system is using IPv6 loopback address, but it
should still check for IPv4 loopback.
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: ?
- - - - -
845e0f9f by Barbora Simonova at 2021-02-18T10:38:26+01:00
Issue 2820 - Fix CI test suite issues
Description:
tickets/ticket48961_test.py was failing in CI nightly runs.
Fixed the failure by changing the code to use DSLdapObject
and moved the code into the config test suite.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: droideck (Thanks!)
- - - - -
0f2b46ea by Mark Reynolds at 2021-02-19T08:45:36-05:00
Issue 4169 - UI - port charts to PF4
Description: Ported the charts under the monitor tab to use PF4 sparkline charts
and provide realtime stats on the the caches.
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
2108b4f6 by James Chapman at 2021-02-19T16:32:22+00:00
Issue 4595 - Paged search lookthroughlimit bug (#4602)
Bug Description: During a paged search with lookthroughlimit enabled,
lookthroughcount is used to keep track of how many entries are
examined. A paged search reads ahead one entry to catch the end of the
search so it doesn't show the prompt when there are no more entries.
lookthroughcount doesn't take read ahead into account when tracking
how many entries have been examined.
Fix Description: Keep lookthroughcount in sync with read ahead by
by decrementing it during read ahead roll back.
Fixes: https://github.com/389ds/389-ds-base/issues/4595
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: droideck, mreynolds389, Firstyear, progier389 (Many thanks)
- - - - -
66b92a3f by Mark Reynolds at 2021-02-19T17:24:35-05:00
Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection
Description: Replace all the CustomCollapse components with PF4
ExpandableSection component.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
1c6adb37 by Mark Reynolds at 2021-02-22T16:21:02-05:00
Issue 4169 - UI - Migrate alerts to PF4
Description: Migrate the toast notifications to PF4 Alerts.
Also fixed a refresh problem on the Tuning page.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
9bdd9ec3 by tbordaz at 2021-02-23T08:58:37+01:00
Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
Bug description:
When an operation is flagged OP_FLAG_NOOP, it skips BETXN plugins but calls POST plugins.
For sync_repl, betxn (sync_update_persist_betxn_pre_op) creates an operation extension to be
consumed by the post (sync_update_persist_op). In case of OP_FLAG_NOOP, there is no
operation extension.
Fix description:
Test that the operation is OP_FLAG_NOOP if the operation extension is missing
relates: https://github.com/389ds/389-ds-base/issues/4649
Reviewed by: William Brown (thanks)
Platforms tested: F31
- - - - -
f581979f by tbordaz at 2021-02-23T13:42:31+01:00
Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET..
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump..
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31
- - - - -
60e35aac by Mark Reynolds at 2021-02-23T11:52:38-05:00
Issue 4646 - CLI/UI - revise DNA plugin management
Bug Description:
There was a false assumption that you have to create the shared DNA
server configuration entry, but in fact the server creates and manages
this entry. The only thing you should edit in this entry are the
remote Bind Method and Connection Protocol.
Fix Description:
Remove the options to create the shared config entry, and edit the
core/reserved attributes.
Also fixed some issues where we were not showing CLI plugin output in
proper JSON. This required some changes to the UI as well.
Relates: https://github.com/389ds/389-ds-base/issues/4646
Reviewed by: spichugi(Thanks!)
- - - - -
e9b4eb59 by Simon Pichugin at 2021-02-26T15:54:29+01:00
Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645)
Description: The Fedora builds of 389-DS uses the vendored crates
to build the official packages for Rawhide. Vendoring and bundling
dependencies is in violation of Fedora policies. As an upstream project
we are free to ship vendored code. But as a downstream Fedora project
we must not use the vendored code.
Add a tool that will help to generate 'Provides: bundled(crate(foo)) = version'
for Cargo.lock file content.
Replace License field which should contain all of the package licenses
we bundle in the specfile.
Fixes: https://github.com/389ds/389-ds-base/issues/4643
Reviewed by: @Firstyear, @decathorpe, @mreynolds389 (Thanks!)
- - - - -
aefc1acb by progier389 at 2021-03-08T21:12:57+01:00
issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin
Merge of a fix in cl5_clcache.c (changelog cache restarts from begining if large update)
Rebase with master
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm - fix test_maxbersize_repl pytest failure
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix indent issue
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix merge issue
manual Merge of fix about changelog cache iteration restarting from beginning in case of large update + automatic rebase to master
* Issue 4552 - Backend redesign phase 3b - fix indent issue + random crash and memory leak in tombstone handling
- - - - -
c25d385f by Mark Reynolds at 2021-03-09T12:37:20-05:00
Merge pull request #4664 from mreynolds389/issue4663
Issue 4663 - CLI - unable to add objectclass/attribute without x-origin
- - - - -
714add9e by Firstyear at 2021-03-10T12:45:36+10:00
Issue 4659 - restart after openldap migration to enable plugins (#4660)
Bug Description: Rather than requesting the user to do the fixup
which also relies on them to know to restart after enabling the
plugins, we should restart and do the fixup.
Fix Description: Restart before we do post tasks.
fixes: https://github.com/389ds/389-ds-base/issues/4659
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
cf0eb4dd by Firstyear at 2021-03-10T12:59:11+10:00
Issue 4661 - RFE - allow importing openldap schemas (#4662)
Bug Description: Many applications only publish schemas in
openldap formats. We should be able to import them.
Fix Description: Add a dsconf tool that allows online
importing of these schemas. This uses the migration framework
underneath so that we avoid code duplication.
fixes: https://github.com/389ds/389-ds-base/issues/4661
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (Thanks!)
- - - - -
19eb28db by Mark Reynolds at 2021-03-10T10:37:03-05:00
Issue 4656 - Remove problematic language from UI/CLI/lib389
Description: Replace "master" and "slave" with more appropriate names
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: firstyear(Thanks!)
- - - - -
f3c13129 by Mark Reynolds at 2021-03-11T08:50:31-05:00
Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down
Bug Description: If a custom path is used for something like the backup directory,
dsctl will still use the default path from defaults.inf..
Fix Description: When initializing the default Paths consult dse.ldif for some
of the paths.
relates: https://github.com/389ds/389-ds-base/issues/4459
Reviewed by: firstyear(Thanks!)
- - - - -
d5fdea90 by Mark Reynolds at 2021-03-11T10:12:46-05:00
Issue 4656 - remove problematic language from ds-replcheck
Description: remove master from ds-replcheck and replace it with supplier
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: mreynolds
e with '#' will be ignored, and an empty message aborts the commit.
- - - - -
1827c76d by Mark Reynolds at 2021-03-15T16:50:37-04:00
Issue 4169 - UI - migrate modals to PF4
Description: Updated the Modals to PF4. Also had to redesign DNA and
Managed Entry plugin pages. Other minor improvements were
made.
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
47a23847 by Mark Reynolds at 2021-03-15T23:31:01-04:00
Issue 4658 - monitor - connection start date is incorrect
Description: The connection start time was incorrectly set to a
MONTONIC time instead of a REALTIME. This just sets
the start time to REALTIME and the "idletimeout" to
MONOTONIC as originally intended.
Relates: https://github.com/389ds/389-ds-base/issues/4658
Reviewed by: mreynolds (one line commit rule)
- - - - -
aec1b449 by Mark Reynolds at 2021-03-16T09:53:53-04:00
Issue 4673 - Update Rust crates
Description: Update the bare minimum rust dependencies so that a build will complete
Relates: https://github.com/389ds/389-ds-base/issues/4673
Reviewed by: mreynolds
- - - - -
e5da97bf by Mark Reynolds at 2021-03-17T09:48:25-04:00
Issue 4229 - Fix Rust linking
Description: Fixed a build problem related to:
- undefined reference to symbol
- error adding symbols: DSO missing from command line
Relates: https://github.com/389ds/389-ds-base/issues/4229
Reviewed by: mreynolds
- - - - -
06db4a85 by Gilbert Kimetto at 2021-03-17T10:52:17-04:00
Issue 4654 Updates to tickets/ticket48234_test.py (#4654)
* IDMDS-1068 Update failing ticket48234_test.py test
* IDMDS-1068 Update failing ticket48234_test.py test
* [INTEROP-4009] CodeReady Studio on OpenShift - Run locally
* [INTEROP-4009] CodeReady Studio on OpenShift - Run locally
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 - Updates to tickets/ticket48234_test.py
Bug Description:
Update to tickets/ticket48234_test.py which are currently failing and using
soon to be obsolete classes
Fix Description:
Updated tickets/ticket48234_test.py and ported to the suites directory
Updated to utilise the DSLDAPObject class methods
relates: <The Issue URL>
Author: Gilbert Kimetto
Reviewed by: ???
IDMDS-1068 Update failing ticket48234_test.py test
[INTEROP-4009] CodeReady Studio on OpenShift - Run locally
[INTEROP-4009] CodeReady Studio on OpenShift - Run locally
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4609 - CVE - info disclosure when authenticating
Description: If you bind as a user that does not exist. Error 49 is returned
instead of error 32. As error 32 discloses that the entry does
not exist. When you bind as an entry that does not have userpassword
set then error 48 (inappropriate auth) is returned, but this
discloses that the entry does indeed exist. Instead we should
always return error 49, even if the password is not set in the
entry. This way we do not disclose to an attacker if the Bind
DN exists or not.
Relates: https://github.com/389ds/389-ds-base/issues/4609
Reviewed by: tbordaz(Thanks!)
* issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613)
* Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
Bug Description: Improve the --help page, and finish wiring in some
features.
Fix Description: Wire in exclusion of attributes/schema for migration.
fixes: https://github.com/389ds/389-ds-base/issues/4591
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @droideck
* Issue 4577 - Add GitHub actions
Description:
* Enable IPv6 support for docker daemon
* Set server.example.com as FQDN for container
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: @droideck (Thanks!)
* Issue 4149 - UI - port TreeView and opther components to PF4
Description: This ports all th TreeViews to PF4, and also does some proof
of concept changes for PF3 to PF4 migration. There is much
more needed, but this does not break anything
relates: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
* Update dscontainer (#4564)
Issue 4564 - RFE - Add suffix to dscontainer rc file
Bug Description: The suffix was not added before, adding a hurdle to
automatic admin of the container instance
Fix Description: If the suffix is set, add it to the created rc file.
fixes: https://github.com/389ds/389-ds-base/pull/4564
Author: @Jackbennett
Review by: @Firstyear
* Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm
A massive change (https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html) that implements and use the dbimpl API in the backend.
* Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
Description: RHDS instance will fail to start if the TLS server
certificate nickname doesn't match the value of the configuration
parameter "nsSSLPersonalitySSL".
The mismatch typically happens when customers copy the NSS DB from
a previous instance or export the certificate's data but forget to set
the "nsSSLPersonalitySSL" value accordingly.
Log an additional message which should help a user to set up
nsSSLPersonalitySSL correctly.
Fixes: #4593
Reviewed by: @Firstyear (Thanks!)
* Issue 4324 - Some architectures the cache line size file does not exist
Bug Description: When optimizing our mutexes we check for a system called
coherency_line_size that contains the size value, but if
the file did not exist the server would crash in PR_Read
(NULL pointer for fd).
Fix Description: Check PR_Open() was successfully before calling PR_Read().
Relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: tbordaz(Thanks!)
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618)
see design document https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html
* Issue 4615 - log message when psearch first exceeds max threads per conn
Desciption: When a connection hits max threads per conn for the first time
log a message in the error. This will help customers diagnosis
misbehaving clients.
Fixes: https://github.com/389ds/389-ds-base/issues/4615
Reviewed by: progier389(Thanks!)
* Issue 4619 - remove pytest requirement from lib389
Description: Remove the requirement for pytest from lib389, it causes
unneeded package requirements on Fedora/RHEL.
Fixes: https://github.com/389ds/389-ds-base/issues/4619
Reviewed by: mreynolds(one line commit rule)
* Bump version to 2.0.3
* Issue 4513 - CI - make acl ip address tests more robust
Description: The tests aumme the system is using IPv6 loopback address, but it
should still check for IPv4 loopback.
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: ?
* Issue 2820 - Fix CI test suite issues
Description:
tickets/ticket48961_test.py was failing in CI nightly runs.
Fixed the failure by changing the code to use DSLdapObject
and moved the code into the config test suite.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: droideck (Thanks!)
* Issue 4169 - UI - port charts to PF4
Description: Ported the charts under the monitor tab to use PF4 sparkline charts
and provide realtime stats on the the caches.
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
* Issue 4595 - Paged search lookthroughlimit bug (#4602)
Bug Description: During a paged search with lookthroughlimit enabled,
lookthroughcount is used to keep track of how many entries are
examined. A paged search reads ahead one entry to catch the end of the
search so it doesn't show the prompt when there are no more entries.
lookthroughcount doesn't take read ahead into account when tracking
how many entries have been examined.
Fix Description: Keep lookthroughcount in sync with read ahead by
by decrementing it during read ahead roll back.
Fixes: https://github.com/389ds/389-ds-base/issues/4595
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: droideck, mreynolds389, Firstyear, progier389 (Many thanks)
* Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection
Description: Replace all the CustomCollapse components with PF4
ExpandableSection component.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4169 - UI - Migrate alerts to PF4
Description: Migrate the toast notifications to PF4 Alerts.
Also fixed a refresh problem on the Tuning page.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
* Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
Bug description:
When an operation is flagged OP_FLAG_NOOP, it skips BETXN plugins but calls POST plugins.
For sync_repl, betxn (sync_update_persist_betxn_pre_op) creates an operation extension to be
consumed by the post (sync_update_persist_op). In case of OP_FLAG_NOOP, there is no
operation extension.
Fix description:
Test that the operation is OP_FLAG_NOOP if the operation extension is missing
relates: https://github.com/389ds/389-ds-base/issues/4649
Reviewed by: William Brown (thanks)
Platforms tested: F31
* Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET..
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump..
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31
* Issue 4646 - CLI/UI - revise DNA plugin management
Bug Description:
There was a false assumption that you have to create the shared DNA
server configuration entry, but in fact the server creates and manages
this entry. The only thing you should edit in this entry are the
remote Bind Method and Connection Protocol.
Fix Description:
Remove the options to create the shared config entry, and edit the
core/reserved attributes.
Also fixed some issues where we were not showing CLI plugin output in
proper JSON. This required some changes to the UI as well.
Relates: https://github.com/389ds/389-ds-base/issues/4646
Reviewed by: spichugi(Thanks!)
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645)
Description: The Fedora builds of 389-DS uses the vendored crates
to build the official packages for Rawhide. Vendoring and bundling
dependencies is in violation of Fedora policies. As an upstream project
we are free to ship vendored code. But as a downstream Fedora project
we must not use the vendored code.
Add a tool that will help to generate 'Provides: bundled(crate(foo)) = version'
for Cargo.lock file content.
Replace License field which should contain all of the package licenses
we bundle in the specfile.
Fixes: https://github.com/389ds/389-ds-base/issues/4643
Reviewed by: @Firstyear, @decathorpe, @mreynolds389 (Thanks!)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin
Merge of a fix in cl5_clcache.c (changelog cache restarts from begining if large update)
Rebase with master
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm - fix test_maxbersize_repl pytest failure
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix indent issue
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix merge issue
manual Merge of fix about changelog cache iteration restarting from beginning in case of large update + automatic rebase to master
* Issue 4552 - Backend redesign phase 3b - fix indent issue + random crash and memory leak in tombstone handling
* Merge pull request #4664 from mreynolds389/issue4663
Issue 4663 - CLI - unable to add objectclass/attribute without x-origin
Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 - Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
Bug Description:
- Update ticket48234_test.py to verify tests on RHEL 7/8 and Fedora
- Update deprecated "*_s" methods to leverage the DSLDAPObject class
- Move test from the current location in ../tickets to appropriate ../suites/aci/* directory
Fix Description:
- Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
relates:
Author: Gilbert Kimetto
Reviewed by: ???
Co-authored-by: Mark Reynolds <mreynolds at redhat.com>
Co-authored-by: progier389 <progier at redhat.com>
Co-authored-by: Firstyear <william at blackhats.net.au>
Co-authored-by: Viktor Ashirov <vashirov at redhat.com>
Co-authored-by: Jack <me at jackben.net>
Co-authored-by: Simon Pichugin <spichugi at redhat.com>
Co-authored-by: Barbora Simonova <bsmejkal at redhat.com>
Co-authored-by: James Chapman <jachapma at redhat.com>
Co-authored-by: tbordaz <tbordaz at redhat.com>
- - - - -
6def0ac9 by progier389 at 2021-03-18T12:34:04+01:00
Issue 4648 - Fix some issues and improvement around CI tests (#4651)
* Issue 4648 - Fix some issues and improvement around CI tests
* Issue 4648 - Fix some issues and improvement around CI tests
- - - - -
e249c0dd by Mark Reynolds at 2021-03-18T09:16:18-04:00
Issue 4169 - UI - Add PF4 charts for server stats
Description: Added charts for current connections (that does NOT use cn=monitor),
server memory size and CPU usage.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi & tmihinto (Thanks!!)
- - - - -
72726e42 by Mark Reynolds at 2021-03-18T13:17:43-04:00
Issue 4671 - UI - Fix browser crashes
Description: if schema attributes were missing x-origin it would crash the browser,
and in Monitor -> Replication, if the replication agreement is in an
odd state, and the lag was not computable, it could also crash the UI.
Relates: https://github.com/389ds/389-ds-base/issues/4671
Reviewed by: mreynolds (one line commit rule)
- - - - -
8069de9c by Firstyear at 2021-03-24T08:59:15+10:00
Issue 4666 - BUG - cb_ping_farm can fail with anonymous binds disabled (#4669)
Bug Description: cb_ping_farm had a combination of issues that made it
possible to fail in high load or odd situations. First it used anonymous
binds instead of the same credentials as the chaining process. Second
it used a NULL search DN, meaning it would use the default BASE configured
in /etc/openldap/ldap.conf. Depending on per-site configuration this
could cause the cb_ping_farm check to fail infinitly until restart
of the instance.
Fix Description: Change chaining cb_ping_farm to bind with the same
credentials as the chaining configuration, and change the target base
dn to the DN of the suffix that we are chaining to.
fixes: https://github.com/389ds/389-ds-base/issues/4666
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
741e7a72 by Akshay Adhikari at 2021-03-24T16:22:23+01:00
Issue 4127 - With Accounts/Account module delete fuction is not working (#4697)
Description: Added a test to verify delete function is working with Accounts/Account
Relates: https://github.com/389ds/389-ds-base/issues/4127
Reviewed by: @droideck
- - - - -
0c51de73 by Barbora Simonova at 2021-03-29T18:04:14+02:00
Issue 3585 - LDAP server returning controltype in different sequence
Description:
Added a test to check sequence of ldap controlType returned
when there are remaining or exhausted grace login.
Automation was not possible until now because of bug 1757699 in python-ldap
where no controls were returned in the error message after exception was raised
with exhausted grace login. The bug is fixed now.
Relates: https://github.com/389ds/389-ds-base/issues/3585
Reviewed by: droideck (Thanks!)
- - - - -
ed477340 by Mark Reynolds at 2021-03-29T15:19:53-04:00
Issue 4706 - negative wtime in access log for CMP operations
Description: We forgot to set the start time for compare operations,
this led to invalid values in the access log for optime
and wtime.
relates: https://github.com/389ds/389-ds-base/issues/4706
Reviewed by: mreynolds (one line commit ruile)
- - - - -
54db3f7d by Mark Reynolds at 2021-03-29T21:04:29-04:00
Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736
Description: Adjust perl and python scripts shebangs for be absolute values
relates: https://github.com/389ds/389-ds-base/issues/2736
Reviewed by: firstyear(Thanks!)
- - - - -
ecd7e71d by Mark Reynolds at 2021-03-30T13:50:10-04:00
Issue 2736 - remove remaining perl references
Description: Remove all perl shebang mangling code.
relates: https://github.com/389ds/389-ds-base/issues/2736
Reviewed by: mreynolds
- - - - -
29ee6d2e by progier389 at 2021-03-31T14:59:23+02:00
issue 4585 - backend redesign phase 3c - dbregion test removal (#4665)
* issue 4585 - backend redesign phase 3c - dbregion test removal
* Issue 4585 - backend redesign phase 3c - dbregion test removal
* Issue 4585 - Backend redesign phase 3c - remove import_lock_fd
- - - - -
e4dfa12b by Mark Reynolds at 2021-03-31T09:30:46-04:00
Issue 4169 - UI - migrate monitor tables to PF4
Description: Migrate from PF3 tables to PF4 tables. This patch mostly
hanles the tables underthe monitor tab, but there are many
more tables that need migrating.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
ba598c79 by Gilbert Kimetto at 2021-04-01T10:20:28-04:00
Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4710)
* IDMDS-1068 Update failing ticket48234_test.py test
* IDMDS-1068 Update failing ticket48234_test.py test
* [INTEROP-4009] CodeReady Studio on OpenShift - Run locally
* [INTEROP-4009] CodeReady Studio on OpenShift - Run locally
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* [IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 - Updates to tickets/ticket48234_test.py
Bug Description:
Update to tickets/ticket48234_test.py which are currently failing and using
soon to be obsolete classes
Fix Description:
Updated tickets/ticket48234_test.py and ported to the suites directory
Updated to utilise the DSLDAPObject class methods
relates: <The Issue URL>
Author: Gilbert Kimetto
Reviewed by: ???
IDMDS-1068 Update failing ticket48234_test.py test
[INTEROP-4009] CodeReady Studio on OpenShift - Run locally
[INTEROP-4009] CodeReady Studio on OpenShift - Run locally
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4609 - CVE - info disclosure when authenticating
Description: If you bind as a user that does not exist. Error 49 is returned
instead of error 32. As error 32 discloses that the entry does
not exist. When you bind as an entry that does not have userpassword
set then error 48 (inappropriate auth) is returned, but this
discloses that the entry does indeed exist. Instead we should
always return error 49, even if the password is not set in the
entry. This way we do not disclose to an attacker if the Bind
DN exists or not.
Relates: https://github.com/389ds/389-ds-base/issues/4609
Reviewed by: tbordaz(Thanks!)
* issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613)
* Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
Bug Description: Improve the --help page, and finish wiring in some
features.
Fix Description: Wire in exclusion of attributes/schema for migration.
fixes: https://github.com/389ds/389-ds-base/issues/4591
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @droideck
* Issue 4577 - Add GitHub actions
Description:
* Enable IPv6 support for docker daemon
* Set server.example.com as FQDN for container
Relates: https://github.com/389ds/389-ds-base/issues/4577
Reviewed by: @droideck (Thanks!)
* Issue 4149 - UI - port TreeView and opther components to PF4
Description: This ports all th TreeViews to PF4, and also does some proof
of concept changes for PF3 to PF4 migration. There is much
more needed, but this does not break anything
relates: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
* Update dscontainer (#4564)
Issue 4564 - RFE - Add suffix to dscontainer rc file
Bug Description: The suffix was not added before, adding a hurdle to
automatic admin of the container instance
Fix Description: If the suffix is set, add it to the created rc file.
fixes: https://github.com/389ds/389-ds-base/pull/4564
Author: @Jackbennett
Review by: @Firstyear
* Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm
A massive change (https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html) that implements and use the dbimpl API in the backend.
* Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
Description: RHDS instance will fail to start if the TLS server
certificate nickname doesn't match the value of the configuration
parameter "nsSSLPersonalitySSL".
The mismatch typically happens when customers copy the NSS DB from
a previous instance or export the certificate's data but forget to set
the "nsSSLPersonalitySSL" value accordingly.
Log an additional message which should help a user to set up
nsSSLPersonalitySSL correctly.
Fixes: #4593
Reviewed by: @Firstyear (Thanks!)
* Issue 4324 - Some architectures the cache line size file does not exist
Bug Description: When optimizing our mutexes we check for a system called
coherency_line_size that contains the size value, but if
the file did not exist the server would crash in PR_Read
(NULL pointer for fd).
Fix Description: Check PR_Open() was successfully before calling PR_Read().
Relates: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: tbordaz(Thanks!)
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618)
see design document https://directory.fedoraproject.org/docs/389ds/design/backend-redesign-phase3.html
* Issue 4615 - log message when psearch first exceeds max threads per conn
Desciption: When a connection hits max threads per conn for the first time
log a message in the error. This will help customers diagnosis
misbehaving clients.
Fixes: https://github.com/389ds/389-ds-base/issues/4615
Reviewed by: progier389(Thanks!)
* Issue 4619 - remove pytest requirement from lib389
Description: Remove the requirement for pytest from lib389, it causes
unneeded package requirements on Fedora/RHEL.
Fixes: https://github.com/389ds/389-ds-base/issues/4619
Reviewed by: mreynolds(one line commit rule)
* Bump version to 2.0.3
* Issue 4513 - CI - make acl ip address tests more robust
Description: The tests aumme the system is using IPv6 loopback address, but it
should still check for IPv4 loopback.
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: ?
* Issue 2820 - Fix CI test suite issues
Description:
tickets/ticket48961_test.py was failing in CI nightly runs.
Fixed the failure by changing the code to use DSLdapObject
and moved the code into the config test suite.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: droideck (Thanks!)
* Issue 4169 - UI - port charts to PF4
Description: Ported the charts under the monitor tab to use PF4 sparkline charts
and provide realtime stats on the the caches.
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
* Issue 4595 - Paged search lookthroughlimit bug (#4602)
Bug Description: During a paged search with lookthroughlimit enabled,
lookthroughcount is used to keep track of how many entries are
examined. A paged search reads ahead one entry to catch the end of the
search so it doesn't show the prompt when there are no more entries.
lookthroughcount doesn't take read ahead into account when tracking
how many entries have been examined.
Fix Description: Keep lookthroughcount in sync with read ahead by
by decrementing it during read ahead roll back.
Fixes: https://github.com/389ds/389-ds-base/issues/4595
Relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: droideck, mreynolds389, Firstyear, progier389 (Many thanks)
* Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection
Description: Replace all the CustomCollapse components with PF4
ExpandableSection component.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4169 - UI - Migrate alerts to PF4
Description: Migrate the toast notifications to PF4 Alerts.
Also fixed a refresh problem on the Tuning page.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
* Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
Bug description:
When an operation is flagged OP_FLAG_NOOP, it skips BETXN plugins but calls POST plugins.
For sync_repl, betxn (sync_update_persist_betxn_pre_op) creates an operation extension to be
consumed by the post (sync_update_persist_op). In case of OP_FLAG_NOOP, there is no
operation extension.
Fix description:
Test that the operation is OP_FLAG_NOOP if the operation extension is missing
relates: https://github.com/389ds/389-ds-base/issues/4649
Reviewed by: William Brown (thanks)
Platforms tested: F31
* Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
Bug description:
The replication agreements are using bulk load to load updates.
For bulk load it uses a cursor with DB_MULTIPLE_KEY and DB_NEXT.
Before using the cursor, it must be initialized with DB_SET.
If during the cursor/DB_SET the CSN refers to an update that is larger than
the size of the provided buffer, then the cursor remains not initialized and
c_get returns DB_BUFFER_SMALL.
The consequence is that the next c_get(DB_MULTIPLE_KEY and DB_NEXT) will return the
first record in the changelog DB. This break CLcache.
Fix description:
The fix is to harden cursor initialization so that if DB_SET fails
because of DB_BUFFER_SMALL. It reallocates buf_data and retries a DB_SET..
If DB_SET can not be initialized it logs a warning.
The patch also changes the behaviour of the fix #4492.
#4492 detected a massive (1day) jump prior the starting csn and ended the
replication session. If the jump was systematic, for example
if the CLcache got broken because of a too large updates, then
replication was systematically stopped.
This patch suppress the systematically stop, letting RA doing a big jump..
From #4492 only remains the warning.
relates: https://github.com/389ds/389-ds-base/issues/4644
Reviewed by: Pierre Rogier (Thanks !!!!)
Platforms tested: F31
* Issue 4646 - CLI/UI - revise DNA plugin management
Bug Description:
There was a false assumption that you have to create the shared DNA
server configuration entry, but in fact the server creates and manages
this entry. The only thing you should edit in this entry are the
remote Bind Method and Connection Protocol.
Fix Description:
Remove the options to create the shared config entry, and edit the
core/reserved attributes.
Also fixed some issues where we were not showing CLI plugin output in
proper JSON. This required some changes to the UI as well.
Relates: https://github.com/389ds/389-ds-base/issues/4646
Reviewed by: spichugi(Thanks!)
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
[IDMDS-1068] Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645)
Description: The Fedora builds of 389-DS uses the vendored crates
to build the official packages for Rawhide. Vendoring and bundling
dependencies is in violation of Fedora policies. As an upstream project
we are free to ship vendored code. But as a downstream Fedora project
we must not use the vendored code.
Add a tool that will help to generate 'Provides: bundled(crate(foo)) = version'
for Cargo.lock file content.
Replace License field which should contain all of the package licenses
we bundle in the specfile.
Fixes: https://github.com/389ds/389-ds-base/issues/4643
Reviewed by: @Firstyear, @decathorpe, @mreynolds389 (Thanks!)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622)
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin
Merge of a fix in cl5_clcache.c (changelog cache restarts from begining if large update)
Rebase with master
* Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm - fix test_maxbersize_repl pytest failure
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix indent issue
* issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin - fix merge issue
manual Merge of fix about changelog cache iteration restarting from beginning in case of large update + automatic rebase to master
* Issue 4552 - Backend redesign phase 3b - fix indent issue + random crash and memory leak in tombstone handling
* Merge pull request #4664 from mreynolds389/issue4663
Issue 4663 - CLI - unable to add objectclass/attribute without x-origin
Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
* Issue 4654 - Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
Bug Description:
- Update ticket48234_test.py to verify tests on RHEL 7/8 and Fedora
- Update deprecated "*_s" methods to leverage the DSLDAPObject class
- Move test from the current location in ../tickets to appropriate ../suites/aci/* directory
Fix Description:
- Issue 4654 Update ticket48234_test.py and move to suites/acl/aci_excl_filter_test.py
relates:
Author: Gilbert Kimetto
Reviewed by: ???
* Test new password policy attribute "pwdReset by DM user
Description: Verify that the DM user is not permitted to
change the password policy attribute "pwdReset.
Reviewed by: ?
Co-authored-by: Mark Reynolds <mreynolds at redhat.com>
Co-authored-by: progier389 <progier at redhat.com>
Co-authored-by: Firstyear <william at blackhats.net.au>
Co-authored-by: Viktor Ashirov <vashirov at redhat.com>
Co-authored-by: Jack <me at jackben.net>
Co-authored-by: Simon Pichugin <spichugi at redhat.com>
Co-authored-by: Barbora Simonova <bsmejkal at redhat.com>
Co-authored-by: James Chapman <jachapma at redhat.com>
Co-authored-by: tbordaz <tbordaz at redhat.com>
- - - - -
ab0bc2e6 by tbordaz at 2021-04-02T14:05:41+02:00
Issue 4700 - Regression in winsync replication agreement (#4712)
Bug description:
#4396 fixes a memory leak but did not set 'cn=config' as
DSE backend.
It had no signicant impact unless with sidgen IPA plugin
Fix description:
revert the portion of the #4364 patch that set be_suffix
in be_addsuffix, free the suffix before setting it
relates: https://github.com/389ds/389-ds-base/issues/4700
Reviewed by: Pierre Rogier (thanks !)
Platforms tested: F33
- - - - -
26d6d69b by Gilbert Kimetto at 2021-04-02T09:09:04-04:00
Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4713)
Description:
Updated the docstring for the new test test_pwdReset_by_user_DM to make it compatible for Polarion
Added a marker with the respective BugZilla
Updated results details for step 4
Relates: https://github.com/389ds/389-ds-base/issues/3965
Reviewed by: ?
- - - - -
f1f7ff12 by progier389 at 2021-04-02T15:48:50+02:00
Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (#4715)
* Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA
* Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (Added Thierry's check)
- - - - -
7f6ba5a3 by Thierry Bordaz at 2021-04-07T09:46:28+02:00
Bump version to 2.0.4
- - - - -
1bd1411a by progier389 at 2021-04-07T15:56:41+02:00
issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan (#4709)
* issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan
* issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan - fix indentation
- - - - -
e542902a by Mark Reynolds at 2021-04-07T09:59:12-04:00
Issue 4169 - UI - PF4 migration - database tables
Description: Convert all the tables used by the database tab to PF4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
0a504c8e by Mark Reynolds at 2021-04-13T08:42:28-04:00
Issue 4577 - Fix ASAN flags in specfile
Description: Previously Rust and ASAN did not work together and we
had to add special conditions in the specfile file to
avoid the conflict. These checks are no longer needed
and should be removed.
relates: https://github.com/389ds/389-ds-base/issues/4577
Author: vashirov at redhat.com - Thanks!
Reviewed by: mreynolds
- - - - -
ee3196c1 by Firstyear at 2021-04-16T10:46:12+10:00
Issue 4637 - ndn cache leak (#4724)
Bug Description: During the change of the ndn cache to rust a memory
leak was missed (probably due to asan with gcc and rust issues). This
is due to a behavioural change in how dn's were used in the original version.
Fix Description: Free the dn key since rust internally needs to clone
a copy so it can correctly free it.
This also improves the drop code in the rust, and allows environment
passthrough into startup so that external ASAN_OPTIONS can be set.
fixes: https://github.com/389ds/389-ds-base/issues/4637
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
a67fa12b by Mark Reynolds at 2021-04-16T16:22:56-04:00
Issue 4169 - UI - migrate replication tables to PF4
Description: Migrated replication tables to PF 4 and cleaned up
replication monitoring.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
f0ef03f6 by Viktor Ashirov at 2021-04-19T18:07:21+02:00
Issue 4632 - dscontainer: SyntaxWarning: "is" with a literal.
Bug Description:
`dscontainer -H` always returns 1 because of incorrect comparison
(object instead of value).
Fix Description:
Use the euality operator `==` instead of identity operator `is`.
Relates: https://github.com/389ds/389-ds-base/issues/4300
Fixes: https://github.com/389ds/389-ds-base/issues/4632
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
40edb3cd by Mark Reynolds at 2021-04-20T12:13:38-04:00
Issue 4656 - Remove problematic language from source code
Description: replace "master" with supplier, and "slave" with consumer
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: firstyear, tbordaz, and spichugi(Thanks!!!)
Upgrade
During bootstrapping adjust the in memory plugin structure, and
the plugin slapi_entry. After bootstrapping the plugins, update
any plugin that has a dependency on the old plugin name
- - - - -
4559a89c by Viktor Ashirov at 2021-04-20T21:42:37+02:00
Issue 4729 - GitHub Actions fails to run pytest tests
Description:
Update python interpreter
Fixes: https://github.com/389ds/389-ds-base/issues/4729
Reviewed by: @droideck (Thanks!)
- - - - -
0a399a2b by James Chapman at 2021-04-24T21:37:54+01:00
Issue 4734 - import of entry with no parent warning (#4735)
Description: Online import of ldif file that contains an entry with
no parent doesnt generate a task warning.
Fixes: https://github.com/389ds/389-ds-base/issues/4734
Author: vashirov at redhat.com (Thanks)
Reviewed by: mreynolds, jchapma
- - - - -
d7eef2fc by tbordaz at 2021-04-27T09:29:32+02:00
Issue 4711 - SIGSEV with sync_repl (#4738)
Bug description:
sync_repl sends back entries identified with a unique
identifier that is 'nsuniqueid'. If 'nsuniqueid' is
missing, then it may crash
Fix description:
Check a nsuniqueid is available else returns OP_ERR
relates: https://github.com/389ds/389-ds-base/issues/4711
Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!)
Platforms tested: F33
- - - - -
095eca41 by tbordaz at 2021-04-27T16:13:50+02:00
Issue 4740 - Fix CI lib389 userPwdPolicy and subtreePwdPolicy (#4741)
Bug description:
pwdpolicy tests in regression_test.py are failing
because of missing '%s' in debug log
Fix description:
add the '%s'
relates: https://github.com/389ds/389-ds-base/issues/4740
Reviewed by: Mark Reynolds
Platforms tested: F33
- - - - -
e501b83a by James Chapman at 2021-04-27T17:00:15+01:00
Issue 4701 - RFE - Exclude attributes from retro changelog (#4723)
Description: When the retro changelog plugin is enabled it writes the
added/modified values to the "cn-changelog" suffix. In
some cases an entries attribute values can be of a
sensitive nature and should be excluded. This RFE adds
functionality that will allow an admin exclude certain
attributes from the retro changelog DB.
Relates: https://github.com/389ds/389-ds-base/issues/4701
Reviewed by: mreynolds389, droideck (Thanks folks)
- - - - -
3250a3e4 by tbordaz at 2021-04-29T09:29:44+02:00
Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732)
Bug description:
The fix #2932 (Contention on virtual attribute lookup) reduced
contention on vattr acquiring vattr lock at the operation
level rather than at the attribute level (filter and
returned attr).
The fix #2932 is invalid. it can lead to deadlock scenario
(3 threads). A vattr writer (new cos/schema) blocks
an update thread that hold DB pages and later needs vattr.
Then if a reader (holding vattr) blocks vattr writer and later
needs the same DB pages, there is a deadlock.
The decisions are:
- revert #2932 (this issue)
- Skip contention if deployement has no vattr #4678
- reduce contention with new approaches
(COW and/or cache vattr struct in each thread)
no issue opened
Fix description:
The fix reverts #2932
relates: https://github.com/389ds/389-ds-base/issues/4667
Reviewed by: William Brown, Simon Pichugin
Platforms tested: F33
- - - - -
13420e5c by Mark Reynolds at 2021-04-29T14:14:05-04:00
Issue 4169 - UI - Migrate Server, Security, and Schema tables to PF4
Description: Migrate these tables to PF4 tables.
Also added spinning buttons.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi(Thanks!)
- - - - -
5598abba by Mark Reynolds at 2021-04-30T08:40:54-04:00
Issue 4742 - UI - should always use LDAPI path when calling CLI
Bug Description:
In some places in the UI code we call dsconf like:
dsconf -j slapd-instance ...
Instead of:
dsconf -j "ldapi://%2fvar%2frun%2fslapd-" + this.props.serverId + ".socket"
The problem is that if you setup the ".dsrc" file to use something other than LDAPI then the UI hangs.
Fix Description:
We need to always call the CLI using the LDAP socket.
Relates: https://github.com/389ds/389-ds-base/issues/4742
Reviewed by: spichugi(Thanks!)
- - - - -
f6938036 by James Chapman at 2021-05-04T15:48:10+01:00
Issue 4750 - Fix compiler warning in retrocl (#4751)
Description: An unused variable generates a compiler warning.
Fix description: Remove unused variable. Modify CI test to restart the test instance instead
of using dynamic plugins.
Fixes: https://github.com/389ds/389-ds-base/issues/4750
Relates: https://github.com/389ds/389-ds-base/issues/4701
Reviewed by: jchapma (One line commit rule)
- - - - -
a7943349 by Viktor Ashirov at 2021-05-05T09:33:58+02:00
Issue 4714 - dscontainer fails with rootless podman
Bug Description:
shutil.copy2 attempts to preserve metadata, but in a container without
privileges we don't have access to set xattrs. With rootless podman this
triggers an AVC denial and causes dscontainer to fail when a shared
data volume is reused.
Fix Description:
Use shutil.copy instead.
Reviewed by: @Firstyear (Thanks!)
Fixes: https://github.com/389ds/389-ds-base/issues/4714
- - - - -
9b62aede by James Chapman at 2021-05-05T16:46:16+01:00
Issue 4169 - UI - Migrate Buttons to PF4 (#4745)
Description: Migrate buttons from PF3 to PF4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: mreynolds389, droideck (Many thanks)
- - - - -
ad3e77d7 by tbordaz at 2021-05-06T18:50:06+02:00
Issue 4759 - Fix coverity issue (#4760)
Bug description:
with #4218 (wtime, optime in access log), hrtime is set in the
operation. But it is done before checking if the operation is
set. covscan fails
Fix description:
move the setting after verification that operation != NULL
relates: https://github.com/389ds/389-ds-base/issues/4759
Reviewed by: Simon Pichugin
Platforms tested: F34
- - - - -
8006632e by tbordaz at 2021-05-06T18:54:20+02:00
Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748)
Bug description:
Some tests (17) in the tests suite (dirsrvtest/tests/suites)
are failing although there is no regression.
It needs (long) investigations to status if failures
are due to a bug in the tests or in DS core.
Until those investigations are completes, test suites
loose a large part of its value to detect regression.
Indeed those failing tests may hide a real regression.
Fix description:
Flag failing tests with pytest.mark.flaky(max_runs=2, min_passes=1)
Additional action will be to create upstream 17 ticket to
status on each failing tests
relates: https://github.com/389ds/389-ds-base/issues/4747
Reviewed by: Simon Pichugin, Viktor Ashirov (many thanks for your
reviews and help)
Platforms tested: F33
- - - - -
adc2c8f5 by tbordaz at 2021-05-12T14:21:04+02:00
Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727)
Bug description:
Enhance password policy to support registration password (Temporary Password Rules)
design is https://www.port389.org/docs/389ds/design/otp-password-policy.html
Fix description:
The fix introduces new password policy configuration attributes
(passwordTPR*) and entry (user) operational attributes (pwdTPR*).
It supports Temporary Password Rules (fixed use count) and validity
window (valid since-until).
During bind it checks if the TPR limits are violated.
During password update it computes and set
operational attributed (pwdTPR*).
Note: a previous version of the fix/design mentioned
this feature as 'One Time Password'. This naming was confusing
and the current version replace it with 'Temporary Password
Rules' (aka TPR). If it remains some 'OTP' code/comments
it is a mistake.
relates: https://github.com/389ds/389-ds-base/issues/4725
Reviewed by: William Brown (Thanks !!!)
Platforms tested: F33
- - - - -
2a12316b by progier389 at 2021-05-12T19:29:19+02:00
Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766)
* Issue 4765 - database suffix unexpectdly changed from .db to .db4
* Issue 4765 - database suffix unexpectdly changed from .db to .db4 - fix some compilation warnings
- - - - -
6ca3fb97 by Mark Reynolds at 2021-05-17T09:21:49-04:00
Issue 4770 - Lower FIPS logging severity
Description: If FIPS is not available on a system we log errors messages
with the severity level of ERR, but it's not really an error
so it should be changed to NOTICE.
relates: https://github.com/389ds/389-ds-base/issues/4770
Reviewed by: mreynolds (one line commit rule)
- - - - -
b6d8de51 by Thierry Bordaz at 2021-05-17T17:21:51+02:00
Issue 4725 - Fix compiler warnings
- - - - -
f5b2cfb3 by Mark Reynolds at 2021-05-19T12:12:47-04:00
Issue 3555 - Fix UI audit issue
Description: This does not fix all the audit errors because we need
to get off of patternfly 3 first, but this does address
a critical vulnerability and several high vulnerabilities.
relates: https://github.com/389ds/389-ds-base/issues/3555
Reviewed by: mreynolds
- - - - -
3cbad9e8 by Simon Pichugin at 2021-05-20T14:24:25+02:00
Issue 4623 - RFE - Monitor the current DB locks (#4762)
* Issue 4623 - RFE - Monitor the current DB locks
Description: DB lock gets exhausted because of unindexed internal searches
(under a transaction). Indexing those searches is the way to prevent exhaustion.
If db lock get exhausted during a txn, it leads to db panic and the later recovery
can possibly fail. That leads to a full reinit of the instance where the db locks
got exhausted.
Add three attributes to global BDB config: "nsslapd-db-locks-monitoring-enabled",
"nsslapd-db-locks-monitoring-threshold" and "nsslapd-db-locks-monitoring-pause".
By default, nsslapd-db-locks-monitoring-enabled is turned on, nsslapd-db-locks-monitoring-threshold is set to 90% and nsslapd-db-locks-monitoring-threshold is 500ms.
When current locks are close to the maximum locks value of 90% - returning
the next candidate will fail until the maximum of locks won't be
increased or current locks are released.
The monitoring thread runs with the configurable interval of 500ms.
Add the setting to UI and CLI tools.
Fixes: https://github.com/389ds/389-ds-base/issues/4623
Reviewed by: @Firstyear, @tbordaz, @jchapma, @mreynolds389 (Thank you!!)
- - - - -
58a1591b by Mark Reynolds at 2021-05-21T13:10:27-04:00
Issue 4773 - Enable interval feature of DNA plugin
Description: Enable the dormant interval feature in DNA plugin
relates: https://github.com/389ds/389-ds-base/issues/4773
Review by: mreynolds (one line commit rule)
- - - - -
83094c3b by MIZUTA Takeshi at 2021-05-25T11:15:49-04:00
Issue 4781 - There are some typos in man-pages
Description: Fixed the following man-page typo.
- dbscan(1)
- ldclt(1)
- rsearch(1)
- 99user.ldif(5)
- dirsrv.systemd(5)
relates: https://github.com/389ds/389-ds-base/issues/4781
- - - - -
3111a166 by Viktor Ashirov at 2021-05-26T13:11:11+02:00
Issue 2820 - Fix CI test suite issues
Bug Description:
Test collection fails due to file name clash - basic_test.py is present
in other suites too.
Fix Description:
Add a missing a __init__.py file.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: @droideck (Thanks!)
- - - - -
0cfdea7a by progier389 at 2021-05-26T16:07:43+02:00
Issue 4764 - replicated operation sometime checks ACI (#4783)
- - - - -
4763e651 by Mark Reynolds at 2021-05-27T15:18:06-04:00
Issue 4656 - Allow backward compatilbity for replication plugin name change
Description: We still need to map the plugin name from the old one to the new
one to support upgrades with other applications.
relates: https://github.com/389ds/389-ds-base/issues/4656
ASAN tested and approved
Reviewed by: abbra(Thanks!)
- - - - -
723bf037 by Mark Reynolds at 2021-05-28T13:15:46-04:00
Issue 4169 - UI - Port plugin tables to PF4
Description: port the plugins tables to PF4. This completes the entire
table migration.
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: jchapman & spichugi(Thanks!!)
- - - - -
ba5578f7 by Mark Reynolds at 2021-05-28T13:21:57-04:00
Issue 4778 - RFE - Allow setting TOD for db compaction and add task
Description: Since database compaction can be costly it should be allowed
to set a time to execute it during offpeak hours. Once the
compaction interval has been met, it will wait for the configured
time of day to do the compaction. The default is just before
midnight: 23:59
A task was also created that can run compaction on demand,
and can also just target the replication changelog. This could
be used in conjunction with a cronjob for more complex
execution patterns.
ASAN tested and approved.
relates: https://github.com/389ds/389-ds-base/issues/4778
Reviewed by: spichugi(Thanks!)
- - - - -
607bfbf1 by Mark Reynolds at 2021-05-30T09:41:27-04:00
Bump version to 2.0.5
- - - - -
5fe3b0ce by Akshay Adhikari at 2021-06-02T13:30:17+02:00
Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream
Description: With RHEL 9, 389-ds-base-snmp is no longer delivered in AppStream.
We need to adapt our tests which rely on 389-ds-base-snmp, so that they are skipped if it is missing.
Fix Description: Added skipif to tests which rely on 389-ds-base-snmp
Fixes: https://github.com/389ds/389-ds-base/issues/4753
Reviewed by: ??
- - - - -
72a7aa93 by Akshay Adhikari at 2021-06-02T13:30:17+02:00
removed the snmp_present() from utils.py as we have get_rpm_version() in conftest.py
- - - - -
a38f9394 by Akshay Adhikari at 2021-06-02T13:30:17+02:00
Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream
Description: With RHEL 9, 389-ds-base-snmp is no longer delivered in AppStream.
We need to adapt our tests which rely on 389-ds-base-snmp so that they are skipped if it is missing.
Fix Description: Added skipif to tests that rely on 389-ds-base-snmp
Fixes: https://github.com/389ds/389-ds-base/issues/4753
Reviewed by: @vashirov, @sgouvern (Thanks!)
- - - - -
53f372ce by Akshay Adhikari at 2021-06-02T13:31:30+02:00
Issue 4575 Update test docstrings metadata
Description: Mapping all the test cases to the requirements.
Fix Description: Adding __init__.py file and docstrings to all the test suites
Fixes: https://github.com/389ds/389-ds-base/pull/4754
Reviewed by: @vashirov, @sgouvern (Thanks!)
- - - - -
268d1c7e by Akshay Adhikari at 2021-06-02T15:36:02+02:00
Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service
Desciption: Added a test case to verify up to 10 empty values and a negative
case to check max limit.
Relates: https://github.com/389ds/389-ds-base/issues/4379
Reviewed by: @bsimonova, @droideck (Thanks!)
- - - - -
ff830604 by Akshay Adhikari at 2021-06-02T15:36:02+02:00
Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service
Description: Added a test case to verify up to 10 empty values and a negative
case to check max limit.
Relates: https://github.com/389ds/389-ds-base/issues/4379
Reviewed by: @vashirov, @bsimonova, @droideck (Thanks!)
- - - - -
f53b2844 by Thierry Bordaz at 2021-06-04T13:58:35+02:00
Issue 4379 - fixing regression in test_info_disclosure
- - - - -
f8e42061 by tbordaz at 2021-06-07T11:23:35+02:00
Issue 4789 - Temporary password rules are not enforce with local password policy (#4790)
Bug description:
When allocating a password policy structure (new_passwdPolicy)
it is initialized with the local policy definition or
the global one. If it exists a local policy entry, the TPR
attributes (passwordTPRMaxUse, passwordTPRDelayValidFrom and
passwordTPRDelayExpireAt) are not taken into account.
Fix description:
Take into account TPR attributes to initialize the policy
relates: https://github.com/389ds/389-ds-base/issues/4789
Reviewed by: Simon Pichugin, William Brown
Platforms tested: F34
- - - - -
a8596b08 by Mark Reynolds at 2021-06-07T13:07:36-04:00
Issue 4773 - Add CI test for DNA interval assignment
Description: Add test case for DNA interval assignment
relates: https://github.com/389ds/389-ds-base/issues/4773
Reviewed by: spichugi(Thanks!)
- - - - -
2120af0c by Mark Reynolds at 2021-06-08T09:35:24-04:00
Issue 4447 - Crash when the Referential Integrity log is manually edited
Bug Description: If the referint log is manually edited with a string
that is not a DN the server will crash when processing
the log.
Fix Description: Check for NULL pointers when strtoking the file line.
relates: https://github.com/389ds/389-ds-base/issues/4447
Reviewed by: firstyear(Thanks!)
- - - - -
2437047b by James Chapman at 2021-06-09T15:27:10+01:00
Issue 4169 - UI Migrate checkbox to PF4 (#4769)
Description: Migrate checkbox from pf3 to pf4
Button migrations missed in previous PR
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: droideck, mreynolds389 (Thank you)
- - - - -
551b5a98 by tbordaz at 2021-06-10T15:03:27+02:00
Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799)
Bug description:
The fix for ticket #3764 was broken with a missing break in a
switch. The consequence is that while setting the client IP
address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the
connection is erroneously set as replication connection.
This can lead to crash or failure of testcase
test_access_from_certain_network_only_ip.
This bug was quite hidden until the fix for #4764 is
showing it more frequently
Fix description:
Add the missing break
relates: https://github.com/389ds/389-ds-base/issues/4797
Reviewed by: Mark Reynolds
Platforms tested: F33
- - - - -
23a75834 by Barbora Simonova at 2021-06-10T16:14:01+02:00
Issue 4593 - Log an additional message if the server certificate nickname doesn't match nsSSLPersonalitySSL value
Description:
Added a test to check if additional message is present in the error log
if nsSSLPersonalitySSL value does not match the certificate nickname.
Also brought back changes to ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c,
because they were removed in commit 07b5a79a3a9ec9c6d5575f2a893fd48bdcdd3c81
Relates: https://github.com/389ds/389-ds-base/issues/4593
Reviewed by: @vashirov, @Firstyear, @droideck (Thanks!)
- - - - -
da522d53 by Firstyear at 2021-06-11T12:23:37+10:00
Issue 4794 - BUG - don't capture container output (#4798)
Bug Description: It was noticed that capturing the container
output with PIPE may cause the buffer to fill up, resulting
in some tasks hanging.
Fix Description: Do not capture the process output.
fixes: https://github.com/389ds/389-ds-base/issues/4794
Author: William Brown <william at blackhats.net.au>
Review by: @vashirov, @last-ninjai
- - - - -
f542f890 by James Chapman at 2021-06-14T12:29:14+01:00
Issue 4791 - Missing dependency for RetroCL RFE (#4792)
Description: The RetroCL exclude attribute RFE is dependent on functionality of the
EntryUUID bug fix, that didn't make into the latest build. This breaks the
RetroCL exclude attr feature so we need to provide a workaround.
Fixes: https://github.com/389ds/389-ds-base/issues/4791
Relates: https://github.com/389ds/389-ds-base/pull/4723
Relates: https://github.com/389ds/389-ds-base/issues/4224
Reviewed by: tbordaz, droideck (Thank you)
- - - - -
ff977cc8 by tbordaz at 2021-06-16T13:41:27+02:00
Issue 4747 - Remove unstable/unstatus tests (followup) (#4809)
Bug description:
test_syncrepl_basic test is unstable (1 fail out of 10 run)
with a error.PyAsn1Error exception.
Fix description:
flag this tests as flaky
relates: https://github.com/389ds/389-ds-base/issues/4747
Reviewed by: self reviewed (one line commit)
Platforms tested: F33
- - - - -
836e84b3 by Mark Reynolds at 2021-06-16T08:11:27-04:00
Issue 4093 - Fix MEP test case
Bug Description: Once some compiler warnings were fixed it
accidentally fixed the modrdn behavior. Previously
the modrdn code accidentally ignored errors that the
test case was taking for granted. Once these checks
were properly inforced the teset case started to fail.
Fix Description: Revise test case to "properly" check modrdn operations
by creating the Managed Entry before assignign it to
an entry, and then check for the revise managhed entry
DN after the modrdn takes place.
Also, improved CI debugging logging settings
relates: https://github.com/389ds/389-ds-base/issues/4093
Reviewed by: spichugi(Thanks!)
- - - - -
7753988c by Mark Reynolds at 2021-06-16T08:15:54-04:00
Issue 4709 - Fix double free in dbscan
Description: Fix double free in dbscan - in main()
relates: https://github.com/389ds/389-ds-base/pull/4709
Reviewed by: tbordaz, spichugi, progier(Thanks!!!)
- - - - -
649b7b50 by Mark Reynolds at 2021-06-16T08:19:33-04:00
Issue 4506 - Improve SASL logging
Description:
Converted all SLAPI_LOG_TRACE logging to Connection logging (SLAPI_LOG_CONNS).
sasl_errstring() perform a simple and fast switch case mapping from
error code to const string.
relates : https://github.com/389ds/389-ds-base/issues/4506
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed by: mreynolds
- - - - -
a8703f01 by Mark Reynolds at 2021-06-16T10:10:21-04:00
Issue 4656 - replication name change upgrade code causes crash with dynamic plugins
Bug Description: If dynamic plugins is enabled, the server will crash after
restarting several plugins. The global plugin list became
corrupted, and an invalid plugin entry was read.
Fix Description: Always call the close function of a plugin even if its
not started (this undoes a change from the previous patch
that was not needed afterall).
Updated the replication plugin upgrade code logging to
be more clear, and to be logged by default.
ASAN testeed and approved
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: tbordaz(Thanks!)
- - - - -
b251ffe7 by Mark Reynolds at 2021-06-17T09:57:23-04:00
Issue 4656 - Fix replication plugin rename dependency issues
Bug Description: If a plugin has a named dependency on the old
Replication plugin name, and it is listed in
the dse.ldif before the replication plugin
then the "conversion" fails because the internal
plugin dependency list was not properly updated
Fix Description: Update the plugin dependency list after we update a
plugin's dependency.
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: spichugi(Thanks!)
- - - - -
59d889ad by tbordaz at 2021-06-17T16:22:09+02:00
Issue 4788 - CLI should support Temporary Password Rules attributes (#4793)
Bug description:
Since #4725, password policy support temporary password rules.
CLI (dsconf) does not support this RFE and only direct ldap
operation can configure global/local password policy
Fix description:
Update dsconf to support this new RFE.
To run successfully the testcase it relies on #4788
relates: #4788
Reviewed by: Simon Pichugin (thanks !!)
Platforms tested: F34
- - - - -
c7b16700 by Barbora Simonova at 2021-06-22T14:45:28+02:00
Issue 4414 - disk monitoring - prevent division by zero crash
Description:
Added a test to check DS will not crash when division by zero
occurs in disk monitoring. Also fixed a description in compact_test.py
because it was causing errors in Polarion import.
Relates: https://github.com/389ds/389-ds-base/issues/4414
Reviewed by: droideck (Thanks!)
- - - - -
cb825e0b by James Chapman at 2021-06-22T15:55:49+01:00
Issue 4169 - UI - Migrate Typeaheads to PF4 (#4808)
* Issue 4169 - UI - Migrate Typeaheads to PF4
Description: Migrate the current bootstrap typeaheads to
patternfly 4 select typeaheads
Relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: mreynolds389, droideck (Many thanks)
- - - - -
72964fe6 by Simon Pichugin at 2021-06-23T10:01:30+02:00
Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810)
Description: The description of the field "nsslapd-db-locks-monitoring-threshold"
is unclear. Make the explanations more detailed and concise in both CLI
and Web UI.
Fixes: https://github.com/389ds/389-ds-base/issues/4803
Reviewed by: @tbordaz (Thank you!)
- - - - -
9ee03bc8 by Simon Pichugin at 2021-06-23T10:21:57+02:00
Issue 4803 - Improve DB Locks Monitoring Feature Descriptions
Description: Enchance one line for the threshold setting
as per comment in https://github.com/389ds/389-ds-base/pull/4810
Relates: https://github.com/389ds/389-ds-base/issues/4803
Reviewed by: @droideck (one line rule)
- - - - -
c0ca290f by Thierry Bordaz at 2021-06-23T19:12:10+02:00
Bump version to 2.0.6
- - - - -
6b10f179 by Viktor Ashirov at 2021-06-29T14:05:10+02:00
Issue 2820 - Fix CI test suite issues
Bug Description:
* repl_monitor_test.py fails after changes in replication monitor output
in e4dfa12b151afa9a2b1830af4fe370fc8e0dfaa1
* import_test.py::test_fast_slow_import is very strict and fails when
the time difference between imports is insignificant and less than 1s.
Fix Description:
* repl_monitor_test.py - update expected string values
* import_test.py - relax the expected time to be within 1s variance,
comment out flaky decorator to enable the test back in PR CI.
Relates: https://github.com/389ds/389-ds-base/issues/2820
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
96fe605f by tbordaz at 2021-07-02T13:33:52+02:00
Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823)
Bug description:
dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py contains
password policy attributes tests (min_age,...) and tpr tests.
Leftover of the fixture password_policy (scope module) are breaking
TPR tests with subtree/user local password policy.
Fix description:
Separate temporary password tests into their own module
relates: https://github.com/389ds/389-ds-base/issues/4822
Reviewed by: Simon Pichugin (Thanks!)
Platforms tested: 8.5
- - - - -
747d2bfb by Viktor Ashirov at 2021-07-02T16:11:24+02:00
Issue 4826 - Filter argparse-manpage from autogenerated requires
Bug Description:
RPM dependency generators add argparse-manpage to the list of runtime
dependencies. But it's a buildtime only dependency.
Fix Description:
Use requires filter macro in the spec file.
Fixes: https://github.com/389ds/389-ds-base/issues/4826
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
8b257002 by tbordaz at 2021-07-02T18:02:54+02:00
Issue 4262 - Fix Index out of bound in fractional test (#4828)
Bug description:
In master branch there are by default 2 groups while
in 1.4.3 it exists only one. So the index '1'
in the retrieved groups raise 'invalid index' exception
in 1.4.3.
Fix description:
Retrieve the specific group bug739172_01group
to test its membership
relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by:
Platforms tested: 8.5, fedora
foo
- - - - -
fb70c5c8 by tbordaz at 2021-07-02T20:53:26+02:00
Issue 4414 - SIGFPE crash in rhds disk monitoring routine (#4829)
Bug description:
The testcase systematically fails on PRCI running
in a container. It gets a E_ACCES during
access to a tmpfs mounted filesystem, while
it runs fine on openstack.
Fix description:
Just skip this test in our test PRCI
relates: https://github.com/389ds/389-ds-base/issues/4414
Reviewed by: Mark Reynolds
Platforms tested: fedora
- - - - -
ca848dfb by Akshay Adhikari at 2021-07-07T12:39:01+02:00
Issue 4706 - negative wtime for compare operations (#4780)
Description: Improve ds_logs_test.py::test_optime_and_wtime_keywords so
it tests the associated bug.
Relates: https://github.com/389ds/389-ds-base/issues/4706
Reviewed by: @vashirov, @droideck
- - - - -
13ee2053 by Firstyear at 2021-07-08T10:46:25+10:00
Issue 4820 - RFE - control flow integrity (#4821)
Bug Description: Many attacks involved hijacking the
control flow of an executable to change it's behaviour.
While we can do many things to prevent this at development
time, we need to be ready for unexpected situations in
run time.
Fix Description: Enabling control flow integrity allows
enforcing that our projects logic flow only goes in certain,
known valid locations at compile time. This means a program
that violates these behaviours will be terminated to prevent
exploitation.
fixes: https://github.com/389ds/389-ds-base/issues/4820
Author: William Brown <william at blackhats.net.au>
Review by: @jchapma
- - - - -
aeb90eb0 by Firstyear at 2021-07-09T11:53:35+10:00
Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819)
Bug Description: Due to mishanding of short dbpwd hashes, the
crypt_r algorithm was misused and was only comparing salts
in some cases, rather than checking the actual content
of the password.
Fix Description: Stricter checks on dbpwd lengths to ensure
that content passed to crypt_r has at least 2 salt bytes and
1 hash byte, as well as stricter checks on ct_memcmp to ensure
that compared values are the same length, rather than potentially
allowing overruns/short comparisons.
fixes: https://github.com/389ds/389-ds-base/issues/4817
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
aec9ceb4 by Mark Reynolds at 2021-07-12T23:08:22-04:00
Issue 4169 - UI - migrate Server Tab forms to PF4
Description: Migrate off of PF3 Forms/Rows/Col to PF4 Forms/Grids
for the Server & Database tabs
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
c072156c by James Chapman at 2021-07-14T22:24:24+01:00
Issue 4603 - Reindexing a single backend (#4831)
* Issue 4603 - Reindexing a single backend
Bug description:
While trying to offline reindex a single backend, all backends
are reindexed. This can introduce un-wanted latencies if one wants to reindex a
single backend rather than reindexing all backends.
Fix description:
DB txn logging disabled
CLI modified to provide extra reindex options
DSELidf extended to get backend index attributes
Relates: https://github.com/389ds/389-ds-base/issues/4603
Reviewed by: mreynolds389, droideck, Firstyear (Thank you)
- - - - -
4b74d1e9 by Mark Reynolds at 2021-07-15T12:22:05-04:00
Issue 4443 - Internal unindexed searches in syncrepl/retro changelog
Bug Description:
When a non-system index is added to a backend it is
disabled until the database is initialized or reindexed.
So in the case of the retro changelog the changenumber index
is alway disabled by default since it is never initialized.
This leads to unexpected unindexed searches of the retro
changelog.
Fix Description:
If an index has "nsSystemIndex" set to "true" then enable it
immediately.
relates: https://github.com/389ds/389-ds-base/issues/4443
Reviewed by: spichugi & tbordaz(Thanks!!)
- - - - -
0f443bf3 by Mark Reynolds at 2021-07-15T13:50:02-04:00
Bump version to 2.0.7
- - - - -
9ae0134c by James Chapman at 2021-07-29T14:27:09+01:00
Issue - 4696 - Password hash upgrade on bind (#4840)
Description:
There is an unintended side effect of the "upgrade password
on bind" feature. It causes the password policy code to be
engaged and it resets the passwordExpirationtime in the entry.
Fix description:
Only allow an external password modify operation or an extended
password modify operation update the password info.
Relates: https://github.com/389ds/389-ds-base/issues/4696
Reviewed by: @droideck, @tbordaz, @mreynolds389 (Thank you)
- - - - -
24d458af by Viktor Ashirov at 2021-07-29T18:07:24+02:00
Issue 4848 - Force to require nss version greater or equal as the version available at the build time
Description:
In our spec file we require nss >= 3.34, but not the exact (or greater,
as they are backward compatible) version available at the build time.
Fix Description:
We should record nss version available at the build time and require it
at the runtime.
Adapt a macro from samba spec file.
Fixes: https://github.com/389ds/389-ds-base/issues/4848
Reviewed by: @mreynolds389, @Firstyear, @droideck (Thank you!)
- - - - -
434d6803 by Simon Pichugin at 2021-08-03T14:49:10+02:00
Issue 4460 - Fix isLocal and TLS paths discovery (#4850)
Description: Fix isLocal inconsistency in the 'allocate' code.
Process LDAP URI and decide if it's local or not.
Make sure that while connecting locally the certdir (and other TLS paths) are accessible
(has read right) before setting ldap.OPT_X_TLS_*.
If none ldap.OPT_X_TLS_* options are set and there is no new TLS context,
don't set OPT_X_TLS_NEWCTX. Then /etc/openldap/ldap.conf will be used..
Relates: https://github.com/389ds/389-ds-base/issues/4460
Reviewed by: @mreynolds389, @Firstyear (Thanks!!)
- - - - -
33c81588 by Mark Reynolds at 2021-08-03T23:34:45-04:00
Issue 4736 - CLI - Errors from certutil are not propagated
Description: Errors from certutil are not returned to the client, and
only a generic failure code is returned. The actual error text should be
returned to the client since it has meaning. Just catch all the
exception and return the output as a ValueError.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: firstyear (Thanks!)
- - - - -
e4a09aa1 by Barbora Simonova at 2021-08-04T09:22:19+02:00
Issue 4623 - RFE - Monitor the current DB locks ( nsslapd-db-current-locks )
Description:
Added additional tests for DB locks monitoring to check if invalid
values are correctly rejected for nsslapd-db-locks and
nsslapd-db-locks-monitoring-threshold.
Relates: https://github.com/389ds/389-ds-base/issues/4623
Reviewed by: droideck (Thanks!)
- - - - -
c02d99fd by Mark Reynolds at 2021-08-05T23:49:05-04:00
Issue 4169 - Migrate Replication & Schema tabs to PF4
Description: Migrate the remaining components in the repl and schema
tabs to PF4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed: spichugi & jchapman (Thanks!!)
- - - - -
f5fd00f6 by Viktor Ashirov at 2021-08-06T06:53:17+02:00
Issue 4859 - Don't version libns-dshttpd
Description:
On every build libns-dshttpd has a version corresponding
to the package version, e.g. libns-dshttpd-2.0.7.so.
It's unnecessary, as we are the only consumers of this library
and we don't change its ABI on every build.
It also triggers rpmdiff test failures that have to be waived on
each build.
Fixes: https://github.com/389ds/389-ds-base/issues/4859
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
1bbef77a by Viktor Ashirov at 2021-08-06T06:53:32+02:00
Issue 4861 - Improve instructions in custom.conf for memory leak detection
Description:
Extend instructions in
/usr/lib/systemd/system/dirsrv at .service.d/custom.conf
to provide guides on how to use valgrind and AddressSanitizer.
Fixes: https://github.com/389ds/389-ds-base/issues/4861
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
c7a67960 by Mark Reynolds at 2021-08-10T11:17:46-04:00
Issue 4736 - lib389 - fix regression in certutil error checking
Description: A regression in the previous commit accidentally called
certutil twice which triggered the CLI to prompt for the NSS database
password. This broke CI tests, etc.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: mreynolds (one line commit rule)
- - - - -
9cf2517b by Simon Pichugin at 2021-08-18T16:05:20+02:00
Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871)
Bug Description: When using the Attribute uniqueness plugin, restricted
to one subtree, moving an object with an already existing attribute
to this subtree does not raise any exceptions. It appears that the
originating subtree is searched instead.
Fix Description: Use parent DN of the new entry when searching
for attribute uniqueness.
Add test to plugins/attruniq_test.py suite.
Fixes: https://github.com/389ds/389-ds-base/issues/4763
Reviewed by: @tbordaz (Thanks!)
- - - - -
a5c04a8f by Simon Pichugin at 2021-08-18T16:11:33+02:00
Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867)
Description: Fix typos in the output of "dsconf instance_name
pwpolicy set --help".
Fixes: https://github.com/389ds/389-ds-base/issues/4851
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
bce941ec by Firstyear at 2021-08-19T14:31:03-04:00
Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876)
Bug Description: Due to older servers missing the syntax
plugin this breaks schema replication and causes cascading
errors.
Fix Description: This changes the syntax to be a case
insensitive string, while leaving the plugins in place
for other usage.
fixes: https://github.com/389ds/389-ds-base/issues/4872
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @progier389
- - - - -
193ae2f7 by Firstyear at 2021-08-23T11:46:58+10:00
Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878)
Bug Description: Due to changing the syntax of EntryUUID's
to string, we may have invalid EntryUUID's imported into
the database.
Fix Description: To resolve this during a fixup we validate
that Uuid's have a valid syntax. If they do not, we regenerate
them.
fixes: https://github.com/389ds/389-ds-base/issues/4877
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
553f26c8 by Mark Reynolds at 2021-08-23T15:35:05-04:00
Bump version to 2.0.8
- - - - -
6e21d41f by Mark Reynolds at 2021-08-26T09:38:11-04:00
Issue 4884 - server crashes when dnaInterval attribute is set to zero
Bug Description:
A division by zero crash occurs if the dnaInterval is set to zero
Fix Description:
Validate the config value of dnaInterval and adjust it to the
default/safe value of "1" if needed.
relates: https://github.com/389ds/389-ds-base/issues/4884
Reviewed by: tbordaz(Thanks!)
- - - - -
d86a6a82 by Mark Reynolds at 2021-08-26T10:10:39-04:00
Issue 4875 - CLI - Add some verbosity to installer
Description: Previously the installer would basically say
"Starting" and "Finished". If a step would
run into a problem it is difficult to narrow
down what is going wrong. So add a little more
output during the installation.
relates: https://github.com/389ds/389-ds-base/issues/4875
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
01f97198 by Mark Reynolds at 2021-08-27T08:53:52-04:00
Issue 4149 - UI - Migrate the remaining components to PF4
Description: This completes the initial migration to PF4
fixes: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
- - - - -
cef02245 by Mark Reynolds at 2021-08-30T15:42:37-04:00
Issue 4887 - UI - Update webpack.config.js and package.json
Bug Description:
Our cockpit dependencies were very out of date and had
security issues. But the newer ELint package had lots of new
complaints.
Fix Description:
"noop" no longer exists in PF4, so that had to be removed from
the PropTypes, as well as a ton of ESlint errros about
variable declarations, certain function names, etc.
npm audit is now clean, and we are up to date with Cockpit
requirements/standards.
relates: https://github.com/389ds/389-ds-base/issues/4887
Reviewed by: jchapman(Thanks!)
- - - - -
9dab9bc6 by Mark Reynolds at 2021-08-30T15:50:13-04:00
Bump version to 2.0.9
- - - - -
549d9c65 by Mark Reynolds at 2021-08-31T16:11:51-04:00
Issue 4887 - UI - fix minor regression from camelCase fixup
Description: The new ESlinter can comaplained about function names, and
there was a mistake that caused the wrong function name to be passed as
a property to a component.
relates: https://github.com/389ds/389-ds-base/issues/4887
Reviedwed by: mreynolds(one line commit rule)
- - - - -
3f7a2fa3 by Mark Reynolds at 2021-09-03T09:57:07-04:00
Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
Bug Description: Monotonic clocks were used to check if an entry was old
enough to be trimmed, but the real system time should be
used. So entries were never trimmed from the changelog..
Fix Description: Make sure monotonic clocks are only used for the
trimming interval, and real time clocks are used
for entry age.
relates: https://github.com/389ds/389-ds-base/issues/4869
Reviewed by: firstyear(Thanks!)
- - - - -
154957ca by Mark Reynolds at 2021-09-09T07:47:35-04:00
Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
Bug Description: During a reindex task we skip the RUV tombstone entry,
which corrupts the nsuniqueid index.
Fix Description: Make sure we still index nsuniqueid index for
the RUV tombstone entry.
relates: https://github.com/389ds/389-ds-base/issues/4910
Reviewed by: firstyear & progier389 (Thanks!!)
- - - - -
93aa9f4c by Mark Reynolds at 2021-09-09T07:49:33-04:00
Issue 4912 - dsidm command crashing when account policy plugin is enabled
Bug Description: If the account policy plugin is enabled, but not
configured then dsidm will crash when checking an
entry's status.
Fix Description: Check if the config DN is present before trying
to check its values.
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: firstyear(thanks!)
- - - - -
4634ec6a by Simon Pichugin at 2021-09-10T14:20:26-07:00
Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
Bug Description: Starting with 389-ds 2.0.8 on rawhide,
any call to ipa user-del --preserve fails with
This entry already exists.
Fix Description: We should split 'dn' parameter in searchAllSubtrees
into parent and target. As one of them is used for excluding the
subtree checks and another one for searching.
Improve 'superior' processing when we don't change the parent..
Rename variables in a more sane way.
Fixes: https://github.com/389ds/389-ds-base/issues/4894
Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!)
- - - - -
2e4387db by Mark Reynolds at 2021-09-11T10:14:38-04:00
Issue 4796 - Add support for nsslapd-state to CLI & UI
Description: Add support for nsslapd-state to lib389 and UI. Also
added a check to prevent the changing of nsslapd-state
for replicated suffixes.
Also did a little UI cleanup where a bottom margin was added
to the bottom of pages instead of using <hr> to create the gap.
relates: https://github.com/389ds/389-ds-base/issues/4796
Reviewed by: jachapman & spichugi(Thanks!!)
- - - - -
d4243cfc by François Cami at 2021-09-13T12:16:01-04:00
Issue 4863 - typoes in logconv.pl
There are two occurrences of "occurrances" in logconv.pl.
Replace the two occurrences of occurrances by occurences.
Relates: https://github.com/389ds/389-ds-base/issues/4863
Signed-off-by: François Cami <fcami at redhat.com>
Reviewed by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
083c55b1 by Mark Reynolds at 2021-09-13T12:23:48-04:00
Issue 4912 - Account Policy plugin does not set the config entry DN
Description: Although we create the config entry for the Account Policy
plugin, we do not list the config entry DN in the main plugin entry
via nsslapd-pluginarg0
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: mreynolds(one line commit rule)
- - - - -
b400b07c by Marc Muehlfeld at 2021-09-14T09:24:06-04:00
Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
Description:
The --help of dsconf and its subcommands contain several incorrect descriptions, typos, inconsistent language, some entries end with a ".", some doesn't, some descriptions start with lowercase, ...
For a better user experience, the descriptions of subcommands, and parameters should be reviewed and improved.
Fixes: #4908
Reviewed by: Mark Reynolds, William Brown, and Simon Pichugin
- - - - -
21dd2802 by Mark Reynolds at 2021-09-20T09:12:55-04:00
Bump version to 2.0.10
- - - - -
54d7cc78 by Viktor Ashirov at 2021-09-22T00:07:23+02:00
Issue 4916 - Memory leak in ldap-agent
Description:
Fix a minor memory leak in ldap-agent to make AddressSanitizer happy.
Fixes: https://github.com/389ds/389-ds-base/issues/4916
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
c661024b by tbordaz at 2021-09-23T09:49:40-04:00
Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926)
Bug description:
An ACI may contain targetfilter. For a given returned entry, of a
SRCH request, the same targetfilter is evaluated for each of the
returned attributes.
Once the filter has been evaluated, it is useless to reevaluate
it for a next attribute.
Fix description:
The fix implements a very simple cache (linked list) that keeps
the results of the previously evaluated 'targetfilter'.
This cache is per-entry. For an operation, a aclpb is allocated
that is used to evaluate ACIs against each successive entry.
Each time a candidate entry is added in the aclpb
(acl_access_allowed), the cache (aclpb_curr_entry_targetfilters)
is freed. Then for each 'targetfilter', the original targetfilter
is lookup from the cache. If this is the first evaluation of it
then the result of the evaluation is stored into the cache using
the original targetfilter as the key in the cache
The key to lookup/store the cache is the string representation
of the targetfilter. The string contains a redzone to detect
that the filter exceeds the maximum size (2K). If it exceeds
then the key is invalid and the lookup/store is noop.
relates: #4925
Reviewed by: Mark Reynolds, William Brown (Thanks)
Platforms tested: F34
- - - - -
cdd354c9 by Mark Reynolds at 2021-09-27T13:07:20-04:00
Issue 4513 - fix ACI CI tests involving ip/hostname rules
Description: Fix tests that use ACIs with ip/hostname rules. Harden
the dscreate and dsctl acceptance tests, and fix some
flakiness in the sync repl test, and filter schema
validation.
Also updated the doxy file and fixed some compiler warnings
relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: spichugi & tbordaz(Thanks!!)
(cherry picked from commit 2a9df10303c4902a816a64b805448f31380a2728)
- - - - -
121e27a4 by Firstyear at 2021-09-30T11:51:23+10:00
Issue 4847 - BUG - potential deadlock in replica (#4936)
Bug Description: There was an incorrect double lock in
repl5_replica_config.c
Fix Description: Replace the incorrect lock with and unlock.
fixes: https://github.com/389ds/389-ds-base/issues/4847
Author: jenny <@jenny-cheung>
Review by: @firstyear @droideck
Co-authored-by: jenny <84835889+jenny-cheung at users.noreply.github.com>
- - - - -
2cd65b47 by James Chapman at 2021-10-07T15:04:06+00:00
Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922)
Description: When logconv.pl is run with the recommendations flag
it generates an uninitialized value error.
Fixed this and done some tidy up.
Fixes: https://github.com/389ds/389-ds-base/issues/4921
Reviewed by: @progier389 (Thank you)
- - - - -
9ea04db9 by Viktor Ashirov at 2021-10-11T09:13:49+02:00
Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace
Bug Description:
On a very slow machine max_failure_count can be reached to soon. For
troubleshooting and diagnostics this parameter should be configurable.
Fix Description:
Introduce a new env variable DS_STARTUP_TIMEOUT that accepts a number in
seconds. By default it is 60.
Log a traceback when we reach the timeout.
Fixes: https://github.com/389ds/389-ds-base/issues/4938
Reviewed by: @Firstyear (Thanks!)
- - - - -
ca346f1f by Timo Aaltonen at 2021-10-18T18:59:19+03:00
Merge tag '389-ds-base-1.4.4.17' into master-next
- - - - -
30b3552e by Timo Aaltonen at 2021-10-18T19:01:07+03:00
Merge branch 'master' into master-next
- - - - -
ba71cbf2 by Timo Aaltonen at 2021-10-18T19:01:44+03:00
bump the version
- - - - -
b7dfab16 by Timo Aaltonen at 2021-10-18T19:11:48+03:00
missing-sources: Removed, all the minified javascript files were removed upstream some time ago.
- - - - -
57da0c7c by Timo Aaltonen at 2021-10-18T19:20:13+03:00
install: Updated.
- - - - -
f405c03c by Timo Aaltonen at 2021-10-18T19:23:31+03:00
control: Bump debhelper to 13.
- - - - -
173194e5 by Mark Reynolds at 2021-10-18T15:00:27-04:00
Issue 4299 - Merge LDAP editor code into Cockpit UI
Description: Merging parts of Têko Mihinto <tmihinto at redhat.com> LDAP
editor into the Cockpit UI. Some of it is functional, but there is
still much more work to be done.
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi(Thanks!)
- - - - -
c0623e95 by Mark Reynolds at 2021-10-19T08:51:20-04:00
Bump github contianer shm size to 4 gigs
- - - - -
bf128397 by Mark Reynolds at 2021-10-19T09:27:14-04:00
Issue 2790 - Set db home directory by default
Description: The selinux rules (selinux-policy-3.14.3-79)
have been updated to support /dev/shm/slapd-INST
Relates: https://github.com/389ds/389-ds-base/issues/2790
Reviewed by: firstyear(Thanks!)
- - - - -
6467ea5c by progier389 at 2021-10-26T10:38:00+02:00
Issue 4943 - Fix csn generator to limit time skew drift (#4946)
* Issue 4943 - Fix csn generator to limit time skew drift
(cherry picked from commit cbfccd67e0ad0900f5307c565f8b32cbfdda5223)
- - - - -
b0d06615 by Simon Pichugin at 2021-10-26T17:08:43-07:00
Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)
Issue Description: Use PK11_Decrypt function to get hash data
because PK11_ExtractKeyValue function is forbidden in FIPS mode.
We can't extract keys while in FIPS mode. But we use PK11_ExtractKeyValue
for hashes, and it's not forbidden.
We can't use OpenSSL's PBKDF2-SHA256 implementation right now because
we need to support an upgrade procedure while in FIPS mode (update
hash on bind). For that, we should fix existing PBKDF2 usage, and we can
switch to OpenSSL's PBKDF2-SHA256 in the following versions.
Fix Description: Use PK11_Decrypt function to get the data.
Enable TLS on all CI test topologies while in FIPS because without
that we don't set up the NSS database correctly.
Add PBKDF2-SHA256 (OpenSSL) to ldif templates, so the password scheme is
discoverable by internal functions.
https://github.com/389ds/389-ds-base/issues/3584
Reviewed by: @progier389, @mreynolds389, @Firstyear, @tbordaz (Thanks!!)
- - - - -
0e5a5c52 by Mark Reynolds at 2021-10-27T20:36:49-04:00
Issue 4962 - Fix various UI bugs part 1
Fix Description:
Bug 2016022 - Cockpit UI: UI is incorrectly saying "Create the Sub Suffix entry"
Bug 2015951 - Cockpit UI: Database tab ---> Export Database/replicaton
data
Bug 2015221 - Cockpit UI: UX Bugs Server Settings ->Tuning and Limits
Bug 2015139 - Configuration for Import Cache Settings is not saved
Bug 2015127 - No message when configuring Global Database Configuration
Bug 2014924 - Cockpit UI: UX Bugs and other cockpit GUI related defects
relates: https://github.com/389ds/389-ds-base/issues/4962
Reviewed by: spichugi & jchapman (Thanks!!)
- - - - -
36af8a01 by Mark Reynolds at 2021-10-28T08:26:35-04:00
Issue 4731 - Promoting/demoting a replica can crash the server
Bug Description: The server will crash if you demote a
supplier with no changelog.
Fix Description: Check if the changelog pointer is NULL before
dereferencing it
relates: https://github.com/389ds/389-ds-base/issues/4731
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
9e9ef0f3 by Mark Reynolds at 2021-10-28T14:46:46-04:00
Issue 4956 - Automember allows invalid regex, and does not log proper error
Bug Description: The server was detecting an invalid automember
regex, but it did not reject it, and it did not
log which regex rule was invalid.
Fix Description: By properly rejecting the invalid regex will also
trigger the proper error logging to occur.
relates: https://github.com/389ds/389-ds-base/issues/4956
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
5f05bc7a by Mark Reynolds at 2021-10-28T14:55:16-04:00
Issue 4092 - systemd-tmpfiles warnings
Bug Description:
systemd-tmpfiles warns about legacy paths in our tmpfiles configs.
Using /var/run also introduces a race condition, see the following
issue https://pagure.io/389-ds-base/issue/47429
Fix Description:
Instead of using @localstatedir@/run use @localrundir@ which was
introduced in #850.
Relates: https://github.com/389ds/389-ds-base/issues/766
Fixes: https://github.com/389ds/389-ds-base/issues/4092
Reviewed by: vashirov & firstyear(Thanks!)
- - - - -
c30ebb57 by Mark Reynolds at 2021-11-01T14:08:32-04:00
Issue 4973 - installer changes permissions on /run
Description: There was a regression when we switched over to using /run
that caused the installer to try and create /run which
caused the ownership to change. Fixed this by changing
the "run_dir" to /run/dirsrv
relates: https://github.com/389ds/389-ds-base/issues/4973
Reviewed by: jchapman(Thanks!)
- - - - -
769e591b by Simon Pichugin at 2021-11-01T12:09:10-07:00
Issue 4962 - Fix various UI bugs - Plugins (#4969)
Description:
Bug 1816526 - restart instance after plugin enabled/disabled should depend on 'nsslapd-dynamic-plugins' status
Bug 2011183 - Retro Changelog plugin - saving any configuration is stuck in loading
Bug 2011187 - Posix Winsync Plugin - configuration is not saved
Bug 2011188 - DNA plugin fails to be enabled
Bug 2011751 - Referential Integrity Plugin - unable to save changes
Bug 2011767 - RootDN Access Control Plugin - configuration stuck and a wrong message is displayed
Bug 2011814 - Account Policy Plugin - configuration failing with error
relates: #4962
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
a123c215 by Mark Reynolds at 2021-11-02T10:46:54-04:00
Issue 4973 - update snmp to use /run/dirsrv for PID file
Description: Previously SNMP would write the agent PID file directly
under /run (or /var/run), but this broke a CI test after
updating lib389/defaults.inf to use /run/dirsrv.
Instead of hacking the CI test, I changed the path
snmp uses to: /run/dirsrv/ Which is where it
should really be written anyway.
relates: https://github.com/389ds/389-ds-base/issues/4973
Reviewed by: vashirov(Thanks!)
- - - - -
b0e890bf by Viktor Ashirov at 2021-11-03T12:17:03+01:00
Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import
Bug Description:
Previous change 6b10f1795f52395aa46d48a6f0428d126b35a90d had a wrong
assumption that total_time1 and total_time2 have a very insignificant
difference in case nsslapd-db-private-import-mem is set to 'off'.
In reality it is insignificant only on a smaller number of entries.
A recent change in libdb exposed this wrong assumption. With this change
__db.00* files get the maximum size in advance, instead of expanding
them when needed.
Fix Description:
Revert 6b10f1795f52395aa46d48a6f0428d126b35a90d.
Fixes: https://github.com/389ds/389-ds-base/issues/4976
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
b1efe0d4 by Mark Reynolds at 2021-11-03T08:56:11-04:00
Issue 4978 - make installer robust
Description: When run in a container the server can fail to start
because the installer sets the db_home_dir to /dev/shm,
but in containers the default size of /dev/shm is too
small for libdb. We should detect if we are in a
container and not set db_home_dir to /dev/shm.
During instance removal, if an instance was not properly
created then it can not be removed either. Make the
uninstall more robust to accept some errors and continue
removing the instance.
relates: https://github.com/389ds/389-ds-base/issues/4978
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
7570259a by tbordaz at 2021-11-05T09:59:47+01:00
Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981)
releases where it was DirectoryString
Bug description:
For years 'gecos' was DirectoryString (UTF8), with #50933 it was restricted to IA5 (ascii)
https://github.com/389ds/389-ds-base/commit/0683bcde1b667b6d0ca6e8d1ef605f17c51ea2f7#
IA5 definition conforms rfc2307 but is a problem for existing deployments
where entries can have 'gecos' attribute value with UTF8.
Fix description:
Revert the definition to of 'gecos' being Directory String
Additional fix to make test_replica_backup_and_restore more
robust to CI
relates: https://github.com/389ds/389-ds-base/issues/4972
Reviewed by: William Brown, Pierre Rogier, James Chapman (Thanks !)
Platforms tested: F34
- - - - -
608d4b37 by tbordaz at 2021-11-05T16:37:42+01:00
Issue 4678 - RFE automatique disable of virtual attribute checking (#4918)
Bug description:
Virtual attributes are configured via Roles or COS definitions
and registered during initialization of those plugins.
Virtual attributes are processed during search evaluation of
filter and returned attributes. This processing is expensive
and prone to create contention between searches.
Use of virtual attribute is not frequent. So many of the
deployement process virtual attribute even if there is none.
Fix description:
The fix configure the server to ignore virtual attribute by
default (nsslapd-ignore-virtual-attrs: on).
At startup, if a new virtual attribute is registered or
it exists Roles/COS definitions, then the server is
configured to process the virtual attributes
(nsslapd-ignore-virtual-attrs: off)
design: https://www.port389.org/docs/389ds/design/vattr-automatic-toggle.html
relates: https://github.com/389ds/389-ds-base/issues/4678
Reviewed by: William Brown, Simon Pichugin, Mark Reynolds (Thanks !!)
Platforms tested: F34
- - - - -
33c85c56 by Mark Reynolds at 2021-11-10T08:57:50-05:00
Issue 4978 - use more portable python command for checking containers
Description: During the installation check for containers use arguments
for subprocess.run() that work on all versions of python
relates: https://github.com/389ds/389-ds-base/issues/4978
Reviewed by: mreynolds(one line commit rule)
- - - - -
f53793d3 by Simon Pichugin at 2021-11-12T10:45:23-08:00
Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000)
Description: Don't start/stop instance if it's already started/stopped.
Add JSON error output to the basic CLI tool's operations.
Fix Ciphers Tab behaviour so it's aligned with the documentation and the
core functionality.
Relates: https://github.com/389ds/389-ds-base/issues/4962
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
8a2b4c7d by Mark Reynolds at 2021-11-15T16:43:02-05:00
Issue 5001 - Fix next round of UI bugs:
Description:
Addressing a series of bugs found by QE:
Bug 2016526 - LDAPI & Autobind save btn misbehaving
Bug 2016481 - Disabling Security leaves the pop-up window open
Bug 2016026 - Selecting existing certificate in Security Configuration crashes browser
Bug 2017402 - Adding several allowed SASL mechanisms does not behave correctly
Bug 2017411 - cockpit crashes because invalid SASL mapping regex was saved
Bug 2022117 - Cockpit UI: Editing an Objectclass name causes an error in Cockpit UI
Bug 2021194 - Searching "matching rules" in the "Schema" Tab crashes browser
Bug 2021591 - cockpit : audit and audit failure log enablement status is not persistent
relates: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
172dd04e by spike at 2021-11-16T09:09:49-05:00
Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail.
Description: Use local_simple_allocate in dsctl so that isLocal is always set properly
Relates: https://github.com/389ds/389-ds-base/issues/4959
Reviewed by: @droideck (Thanks!)
- - - - -
a69bd611 by Mark Reynolds at 2021-11-16T11:49:26-05:00
Issue 5001 - Update CI test for new availableSASLMechs attribute
Description: Issue 5001 added a new attribute to the root dse, but
a CI test was not updated for the new attribute.
relates: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: mreynolds (one line commit rule)
- - - - -
f974ec39 by Mark Reynolds at 2021-11-17T15:37:59-05:00
Issue 5006 - UI - LDAP editor tree not being properly updated
Description: Deleting an entry was the tree view did not update the
treeview. Updates to table view were also not seen
in the tree view. The views should now be in synch
Also, replaced some console logging with our "log_cmd"
function in the editor utils file.
relates: https://github.com/389ds/389-ds-base/issues/5006
Reviewed by: spichugi(Thanks!)
- - - - -
64a521f4 by Timo Aaltonen at 2021-11-18T15:56:43+02:00
Override some lintian errors.
- - - - -
18a12749 by Mark Reynolds at 2021-11-21T17:48:37-05:00
Issue 5014 - UI - Add group creation to LDAP editor
Description: Added group creation to LDAP editor via the "New ..."
menu option
relates: https://github.com/389ds/389-ds-base/issues/5014
Reviewed by: spichugi(Thanks!)
- - - - -
a033e026 by Simon Pichugin at 2021-11-22T19:39:33-05:00
Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016)
Description:
Bug 2014924 - Cockpit UI: UX Bugs and other cockpit GUI related defects
Bug 2017441 - cockpit : Export changelog allows to check both 'Export to LDIF For Debugging' options but only takes one into account
Bug 2018101 - cockpit : impossible to create credentials or aliases for replication monitoring synchronization report
Bug 2021250 - cockpit : logging setting entered values for rotation and deletion policies should be checked
Bug 2021278 - Cockpit UI: Unable to Edit Attributes without first searching for the attribute to edit
Related: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: @mreynolds389 (Thanks!!)
- - - - -
237913e8 by Mark Reynolds at 2021-11-22T19:44:39-05:00
Bump version to 2.0.11
- - - - -
cb9980a0 by tbordaz at 2021-11-24T18:43:30+01:00
Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009)
Bug description:
If a non-critical plugin can not be loaded/initialized, the server should continue its startup.
Fix description:
During plugin_setup, if the server fails to initialize a
non-critical plugin then it just log an error:
plugin_setup - "GOST_YESCRYPT" plugin in library "libpwdstorage-plugin" not initialized and ignored
The non-critical plugins are statically listed in
plugin_load_critical(). ATM non critical plugins are
entryuuid (name)
GOST_YESCRYPT (name)
libpwdchan (library path)
relates: #5008
Reviewed by: Mark Reynolds, Pierre Rogier, William Brown, Stanislav Levin (thanks !!)
Platforms tested: F34, CentOS8
- - - - -
2a0edec1 by Firstyear at 2021-12-02T09:55:53+10:00
Issue 5020 - BUG - improve clarity of posix win sync logging (#5021)
* Issue 5020 - BUG - improve clarity of posix win sync logging
Bug Description: When a user isn't synced from AD due to missing schema,
if the user was a member of a group then posix-winsync would confusingly
report an err=32 (NO_SUCH_OBJECT) which made it "appear" significantly
worse as a problem than it was.
Fix Description: This clarifies the error message to make it easier
for an administrator to understand why this is occuring.
fixes: https://github.com/389ds/389-ds-base/issues/5020
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz , @droideck
- - - - -
43ac925f by Firstyear at 2021-12-03T11:01:46+10:00
Issue 5024 - BUG - windows ro replica sigsegv (#5027)
Bug Description: After 1.4.3, the changelog moves into the main database rather than being a
seperate entity. This caused a situation where it was possible to create and configure a
changelog while also acting as a read-only replica. This allows individuals to create a
windows sync agreement, however during the upgrade to 1.4.4 where we move the changelog into
the main DB, I can only assume we either delete or ignore the CL if the replica is readonly.
As a result, this caused a situation where the replica information and agreement existed, but
the changelog did not. During startup as the agreement was processed, an attempt to open the
CL was made, but caused a NULL pointer dereference which prevented server startup.
Fix Description: This fixes the issue on a number of fronts. First, we remove the original
NULL pointer dereference in cl5_api.c. We correct a bug in promote in lib389 that prevented
consumer to supplier promotion. And finally, this adds a hardening check to better communicate
to users in this situation what steps they need to take.
fixes: https://github.com/389ds/389-ds-base/issues/5024
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @tbordaz
- - - - -
1a52a366 by Viktor Ashirov at 2021-12-03T10:21:54+01:00
Issue 4931 - RFE: dsidm - add creation of service accounts
Description:
Extend dsidm to handle service accounts under ou=services
Relates: https://github.com/389ds/389-ds-base/issues/4931
Reviewed by: @Firstyear, @mreynolds389 (Thanks!)
- - - - -
0bf27ed1 by Sam Morris at 2021-12-06T11:58:07-05:00
Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections
Bug Description:
The RootDN access control plugin prevents access via UNIX sockets (ldapi://)
when host or IP restrictions are configured.
Fix Description:
The host and IP restrictions are no longer applied if the client connected via UNIX sockets.
relates: https://github.com/389ds/389-ds-base/issues/4165
Author: Sam Morris
Reviewed by: @mreynolds389, @Firstyear
- - - - -
7953e8b6 by Firstyear at 2021-12-10T09:38:21+10:00
Issue 5043 - BUG - Result must be used compiler warning (#5045)
Bug Description: Rust 1.57 enforces that Results must be
used, which causes librnsslapd to fail to build
Fix Description: Change how we duplicate the string so
that we don't need the result step.
fixes: https://github.com/389ds/389-ds-base/issues/5043
Author: William Brown <william at blackhats.net.au>
Review by: @vashirov, @droideck
- - - - -
5ba2b8b2 by Firstyear at 2021-12-10T09:38:26+10:00
Issue 5046 - BUG - update concread (#5047)
Bug Description: an update to concread changed how the cache was
constructed and how stats are used.
Fix Description: Update to adapt to these changes. Additionally
this update has a number of performance improvements.
fixes: https://github.com/389ds/389-ds-base/issues/5046
Author: William Brown <william at blackhats.net.au>
Review by: @vashirov, @droideck
- - - - -
706d95fa by Simon Pichugin at 2021-12-13T18:02:37-08:00
Issue 4962 - Fix various UI bugs - Database and Backups (#5044)
Description:
Bug 1751280 - [RFE] Cockpit : Provide the access path to the exported suffix
Bug 1861805 - 389-ds-base: Accepting nsslapd-db-checkpoint-interval values in negative.
Bug 1926516 - Cannot load the DB with suffix with characters escaped by a backslash.
Bug 1986388 - Cockpit: "Manage backups" list is empty if dirsrv service is stopped
Related: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: @jchapma, @mreynolds389 (Thanks!)
- - - - -
5952e984 by Timo Aaltonen at 2021-12-15T20:48:24+02:00
Merge branch 'upstream' into master-next
- - - - -
2df23cf9 by Timo Aaltonen at 2021-12-15T20:48:54+02:00
bump the version
- - - - -
9f06adbb by Timo Aaltonen at 2021-12-15T20:49:48+02:00
watch: Update the url.
- - - - -
6cd56904 by Timo Aaltonen at 2021-12-15T21:03:28+02:00
releasing package 389-ds-base version 2.0.11-1
- - - - -
b6fc1afc by Timo Aaltonen at 2021-12-15T23:01:42+02:00
Revert a commit that makes dscreate to fail.
- - - - -
c3610604 by Timo Aaltonen at 2021-12-15T23:23:25+02:00
releasing package 389-ds-base version 2.0.11-2
- - - - -
039bc990 by James Chapman at 2022-01-13T16:50:07+00:00
Issue 4994 - Revert retrocl dependency workaround (#4995)
Description: The RetroCL exclude attribute RFE was dependent on the
functionality of a commit that didn't make into the rhel 8.5 build. A
work around was committed that added the missing methods.
Since then the previous commit has been merged, so there now exists two
definitions of the same method, these need to be removed.
fixes: https://github.com/389ds/389-ds-base/issues/4994
relates: https://github.com/389ds/389-ds-base/issues/4791
Reviewed by: tbordaz (Merci)
- - - - -
97b3c32d by James Chapman at 2022-01-13T16:50:55+00:00
Issue 5074 - retro changelog cli updates (#5075)
Bug description: The cli does not allow for the creation of multiple
exclude attributes in one call. When there are multiple exclude
attributes defined, the cli doesn't allow removal of an individual
exclude attribute. Using the set command deletes all excluded
attributes.
Fix description: Modify parser to take multiple arguments in a single
call. Add atribute del method to lib389 cli_conf.
Fixes: https://github.com/389ds/389-ds-base/issues/5074
Reviewed by: Firstyear, droideck, mreynolds389 (Thank you)
- - - - -
c2f6c23b by Simon Pichugin at 2022-01-13T09:31:34-08:00
Issue 3584 - Add is_fips check to password tests (#5100)
Description: While in FIPS mode, it's expected that SSHA512 is used
as a storage scheme. And {PBKDF2_SHA256} is used when not run in FIPS mode.
Align tests with the logic.
Fixes: https://github.com/389ds/389-ds-base/issues/3584
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
cb21e1a2 by tbordaz at 2022-01-14T14:51:59+01:00
Issue 5095 - sync-repl with openldap may send truncated syncUUID (#5099)
Bug description:
When using sync_repl from openldap, syncUUID (that identify an
entry) is retrieved from targetEntryUUID rather than nsuniqueid.
syncUUID is a 16 bytes long representation of targetEntryUUID.
TargetEntryUUID can contain '00' so syncUUID can contain a
byte with 0x00.
When creating a syncInfo
(https://datatracker.ietf.org/doc/html/rfc4533#section-2.5)
syncUUIDS is ber encoded with '[v]' taking a null terminated
array of (char*). In such case the 0x00 char truncates the
syncUUID.
Fix description:
Instead of using a null terminated array of (char*), the
fix uses a null terminated array of berval.
relates: https://github.com/389ds/389-ds-base/issues/5095
Reviewed by: William Brown, Simon Pichugin (Thanks)
Platforms tested: F34
- - - - -
389188cd by tbordaz at 2022-01-14T17:21:27+01:00
Issue 5105 - During a bind, if the target entry is not reachable the operation may complete without sending result (#5107)
Bug description:
A bind operation can skip sending back operation result.
This can happen in rare condition like backend is not available
or in referral mode or did not define a bind callback.
Fix description:
Catch those errors condition and send an operation result.
relates: https://github.com/389ds/389-ds-base/issues/5105
Reviewed by: Pierre Rogier (thanks !)
Platforms tested: F34
- - - - -
64aef1e7 by tbordaz at 2022-01-19T09:35:54+01:00
Issue 4312 - performance search rate: contention on global monitoring counters (#4940)
Bug description:
The servers manages a set of counters in order to report metrics either with SRCH
"cn=monitor" or with SNMP agent.
The counters are global and so the threads updating the counters are all accessing
the same counters and same memory addresses. The counters are accessed by workers and/or listener threads.
All of them are in competition to access the counter memory addresses that creates contention.
Fix description:
The fix spread the set of global counters into a per thread set
of global counters
https://www.port389.org/docs/389ds/design/global-counters-contention.html
relates: https://github.com/389ds/389-ds-base/issues/4312
Reviewed by: William Brown, Mark Reynolds (Thanks)
Platforms tested: F34
- - - - -
9a49331c by Viktor Ashirov at 2022-01-19T19:52:32+01:00
Issue 5115 - AttributeError: type object 'build_manpages' has no attribute 'build_manpages'
Bug Description:
Starting from v2.1, argparse-manpage provides methods build_manpages,
get_build_py_cmd and get_install_cmd in the top-level module.
This breaks installation of lib389 on systems with the newer version
of argparse-manpage.
Fix Description:
Update setup.py to be aware of the module version and import methods
based on it.
Fixes: https://github.com/389ds/389-ds-base/issues/5115
Reviewed by: @tbordaz, @mreynolds389 (Thanks!)
- - - - -
0130544e by Thierry Bordaz at 2022-01-20T10:07:18+01:00
Issue 4312 - fix compiler warning
- - - - -
de212e22 by Viktor Ashirov at 2022-01-20T17:21:17+01:00
Issue 5124 - dscontainer fails to create an instance
Bug Description:
After 5f05bc7af82edf4690c0dce0ceaab8ac328b70a6 dscontainer fails to
create an intance, because it tries to write PID file to /run instead
of /run/dirsrv as was previously.
Fix Description:
Change pid_file in defaults.inf back to /run/dirsrv/slapd-{instance_name}.pid
Fixes: https://github.com/389ds/389-ds-base/issues/5124
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
5b69fc6a by Mark Reynolds at 2022-01-24T11:51:02-05:00
Issue 5127 - run restorecon on /dev/shm at server startup
Description:
Update the systemd service file to execute a script that runs
restorecon on the DB home directory. This addresses issues with
backup/restore, reboot, and FS restore issues that can happen when
/dev/shm is missing or created outside of dscreate.
relates: https://github.com/389ds/389-ds-base/issues/5127
Reviewed by: progier & viktor (Thanks!!)
- - - - -
0000fb52 by Mark Reynolds at 2022-01-24T12:01:12-05:00
Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality
Description:
Reworked the entry edit wizard to be one form to edit all
aspects of the entry. Also add the ability to do modrdns.
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi & tmihinto(Thanks!!)
- - - - -
1cee8d4f by Mark Reynolds at 2022-01-24T12:01:52-05:00
Issue 4299 - UI - Add ACI editing features
Description: Add ACI management features to UI
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
874da220 by Mark Reynolds at 2022-01-24T12:20:24-05:00
Issue 3555 - UI - fix audit issue with npm nanoid
Description:
Ran npm audit fix to address vulnerability in nanoid
relates: https://github.com/389ds/389-ds-base/issues/3555
Reviewed by: mreynolds
- - - - -
26cb4b8e by Mark Reynolds at 2022-01-24T13:07:47-05:00
Issue 5132 - Update Rust crate lru to fix CVE
Description:
A CVE was discovered in the Rust create lru that
389-ds-base was using. CVE-2021-45720 bundled
lru: Use after free in lru crate
https://bugzilla.redhat.com/show_bug.cgi?id=2044430
relates: https://github.com/389ds/389-ds-base/issues/5132
Reviewed by: ?
- - - - -
8a0dc0c1 by Mark Reynolds at 2022-01-24T13:32:54-05:00
Bump version to 2.0.13
Description: The version had bumped to 2.0.12, but that commit
was not pushed. So 2.0.12 was really at commit:
706d95fa1 Issue 4962 - Fix various UI bugs - Database and Backups (#5044)
- - - - -
72eb93ac by Firstyear at 2022-01-25T10:49:42+10:00
Issue 5129 - BUG - Incorrect fn signature in add_index (#5130)
Bug Description: Due to an incorrect function signature,
it was possible to cause add index to fail by trying to
add an empty mr set.
Fix Description: Fix the function signature and make
the function more robust.
fixes: https://github.com/389ds/389-ds-base/issues/5129
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (thanks!)
- - - - -
e7d6aef4 by Mark Reynolds at 2022-01-25T13:39:13-05:00
Issue 5135 - UI - Disk monitoring threshold does update properly
Description:
If you try entering a value manually and start with an empty field
it overwrites the value with 4096 as it's trying to incorrectly
enforce a minimum value.
relates: https://github.com/389ds/389-ds-base/issues/5135
Reviewed by: spichugi(Thanks!)
- - - - -
c1a56924 by Firstyear at 2022-01-27T07:34:39-05:00
Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094)
Bug Description: In migration from openldap we were not correctly
handling how we parsed indexed attributes with multiple types of
indexes applied.
Fix Description: Fix the parsing and add tests for this scenario
fixes: https://github.com/389ds/389-ds-base/issues/5080
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @progier389, @droideck
- - - - -
f0b69ea7 by Firstyear at 2022-01-27T07:35:27-05:00
Issue 5079 - BUG - multiple ways to specific primary (#5087)
Bug Description: In a winsync environment, we can only sync
changes to a primary replica. There are however, multiple
ways to specify which server is a primary for a replication
agreement, and I only accounted for one of them.
Fix Description: Improve the check to account for the
other primary replica flags.
fixes: https://github.com/389ds/389-ds-base/issues/5079
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
e19a538e by Firstyear at 2022-01-27T07:35:48-05:00
Issue 4992 - BUG - slapd.socket container fix (#4993)
Bug Description: A recent fix exposed that we were incorrectly
setting the container socket for ldapi.
Fix Description: Correct this to be consistent.
fixes: https://github.com/389ds/389-ds-base/issues/4992
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
68c97a2b by tbordaz at 2022-01-27T07:36:04-05:00
Issue 5037 - in OpenQA changelog trimming can crashes (#5070)
Bug description:
The changelog trimming thread is launched
upon various conditions (changelog open,
create replica, check RUVs, enable replication,
...).
The trimming thread is stopped upon
various conditions (import, changelog close,
delete replica, reload RUVs, disable replication
demote supplier,...)
There are two issues:
In case the trimming is stopped while the thread
has not yet started, the trimming thread can crash
because some required data (cldb) have been
cleared under it.
In case the trimming is restarted while the thread
has not yet started, there is a possiblity of
starting several trimming threads
Fix description:
The fix to prevent the first issue, just checks that
the required data (cldb) is set.
The second fix is to use a flag (trimmingOnGoing)
to prevent multiple trimming threads. The flag is
protected by stLock.
relates: https://github.com/389ds/389-ds-base/issues/5037
Reviewed by: Simon Pichugin (thanks !)
Platforms tested: F34
- - - - -
f308faeb by Adam Williamson at 2022-01-27T15:53:52-05:00
Issue 5127 - ds_selinux_restorecon.sh: always exit 0
Description:
We don't want to error out and give up on starting the service
if the restorecon fails - it might just be that the directory
doesn't exist and doesn't need restoring. Issue identified and
fix suggested by Simon Farnsworth
relates: https://github.com/389ds/389-ds-base/issues/5127
Reviewed by: adamw & mreynolds
- - - - -
eccfa2af by Mark Reynolds at 2022-01-27T16:06:48-05:00
Bump version to 2.0.14
- - - - -
2fa5af9a by Timo Aaltonen at 2022-02-10T19:19:01+02:00
Merge branch 'upstream'
- - - - -
a5626cad by Timo Aaltonen at 2022-02-10T19:27:32+02:00
version bump
- - - - -
fdeddf3d by Timo Aaltonen at 2022-02-10T19:37:16+02:00
install: Updated.
- - - - -
aa1f34e3 by Timo Aaltonen at 2022-02-10T19:38:12+02:00
control: Bump policy to 4.6.0.
- - - - -
23 changed files:
- + .github/daemon.json
- + .github/scripts/generate_matrix.py
- + .github/workflows/compile.yml
- .github/workflows/pytest.yml
- .gitignore
- Makefile.am
- VERSION.sh
- configure.ac
- debian/389-ds-base-libs.install
- + debian/389-ds-base-libs.lintian-overrides
- debian/389-ds-base.install
- debian/389-ds-base.lintian-overrides
- debian/changelog
- debian/control
- debian/copyright
- − debian/missing-sources/bootpopup.js
- − debian/missing-sources/bootstrap.js
- − debian/missing-sources/c3.js
- − debian/missing-sources/d3.js
- − debian/missing-sources/jquery-1.12.4.js
- − debian/missing-sources/jquery-3.3.1.js
- − debian/missing-sources/jquery-ui.js
- − debian/missing-sources/jquery.dataTables.js
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/7e2ebb46a532dc5640b52a9d8832faf845840164...aa1f34e3455331a18550a450a300cc0a1f43d8a2
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/7e2ebb46a532dc5640b52a9d8832faf845840164...aa1f34e3455331a18550a450a300cc0a1f43d8a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20220210/6a9811b0/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list