[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 307 commits: Bump version to 389-ds-base-2.1.0
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Fri Jan 20 18:50:21 GMT 2023
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base
Commits:
f4f255d2 by Mark Reynolds at 2021-08-09T17:51:33-04:00
Bump version to 389-ds-base-2.1.0
- - - - -
0208b72e by Mark Reynolds at 2021-08-10T11:12:52-04:00
Issue 4736 - lib389 - fix regression in certutil error checking
Description: A regression in the previous commit accidentally called
certutil twice which triggered the CLI to prompt for the NSS database
password. This broke CI tests, etc.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: mreynolds (one line commit rule)
- - - - -
0d708be0 by Viktor Ashirov at 2021-08-11T15:05:31+02:00
Issue 4096 - Missing perl dependencies for logconv.pl
Bug Description:
On a minimal Fedora install logconv.pl fails to run because of the
missing perl dependencies. These were part of the perl package but in
perl-5.32 they were split into smaller packages.
See https://fedoraproject.org/wiki/Changes/perl5.32
Fix Description:
Add explicit Requires for perl-sigtrap and perl-debugger.
Fixes: https://github.com/389ds/389-ds-base/issues/4096
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
a2435264 by Simon Pichugin at 2021-08-12T09:23:41+02:00
Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867)
Description: Fix typos in the output of "dsconf instance_name
pwpolicy set --help".
Fixes: https://github.com/389ds/389-ds-base/issues/4851
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
de39b793 by Simon Pichugin at 2021-08-18T14:51:11+02:00
Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871)
Bug Description: When using the Attribute uniqueness plugin, restricted
to one subtree, moving an object with an already existing attribute
to this subtree does not raise any exceptions. It appears that the
originating subtree is searched instead.
Fix Description: Use parent DN of the new entry when searching
for attribute uniqueness.
Add test to plugins/attruniq_test.py suite.
Fixes: https://github.com/389ds/389-ds-base/issues/4763
Reviewed by: @tbordaz (Thanks!)
- - - - -
c50cfafb by Firstyear at 2021-08-19T10:46:00+10:00
Issue 4775 - Add entryuuid CLI and Fixup (#4776)
Bug Description: EntryUUID when added was missing it's CLI
and helpers for fixups.
Fix Description: Add the CLI elements.
fixes: https://github.com/389ds/389-ds-base/issues/4775
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (thanks!)
- - - - -
0607d5b6 by Firstyear at 2021-08-19T11:06:06+10:00
Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876)
Bug Description: Due to older servers missing the syntax
plugin this breaks schema replication and causes cascading
errors.
Fix Description: This changes the syntax to be a case
insensitive string, while leaving the plugins in place
for other usage.
fixes: https://github.com/389ds/389-ds-base/issues/4872
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @progier389
- - - - -
72338f12 by Firstyear at 2021-08-20T09:18:50+10:00
Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878)
Bug Description: Due to changing the syntax of EntryUUID's
to string, we may have invalid EntryUUID's imported into
the database.
Fix Description: To resolve this during a fixup we validate
that Uuid's have a valid syntax. If they do not, we regenerate
them.
fixes: https://github.com/389ds/389-ds-base/issues/4877
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
8e5d4789 by progier389 at 2021-08-23T16:55:16+02:00
Issue 4699 - backend redesign phase 4 - db-mdb plugin implementation (#4716)
* Issue 4699 - Backend redesign phase 4 - Rename dblayer and unprefixed function in bdb plugin
This first backend redesign phase 4 commit renames functions
n bdb files and back-ldbm includes:
replace bdb_import_main by bdb_public_import_main (to avoid a naming conflict)
replace function with dblayer prefix by function with bdb_ suffix
add bdb_ prefix to function without bdb_ prefix
==> After this commit all db-bdb functions are prefixed by bdb_
This allows to duplicate the plugin and replace bdb by mdb to create the mdb
plugin skeleton
These changes are generated with the following script
> sf
( cd .. ; git checkout . )
for f in *.[ch] ../*.h
do
cp $f $f.X
sed s/bdb_import_main/bdb_public_import_main/g $f.X > $f
/bin/rm -f $f.X
done
mktags *.c
for s in $(grep ^dblayer tags | cut -f 1)
do
s1=bdb${s#dblayer}
echo "s/$s/$s1/g" >> sf
grep $s1[^a-zA-Z0-9_] tags
done
for s in $(grep -v ^bdb_ tags | grep -v ";.*;" | grep "^[a-z]" | grep -v _import_worker_info | cut -f 1)
do
s1=bdb_${s}
echo "s/$s[^a-zA-Z0-9_]/bdb_&/g" >> sf
grep $s1[^a-zA-Z0-9_] tags
done
for f in *.[ch] ../*.h
do
cp $f $f.X
sed -f sf $f.X > $f
/bin/rm -f $f.X
done
* Issue 4699 - Backend redesign phase 4 - Move some common functions from bdb to back-ldbm
This Backend redesign phase 4 second commit is about:
- moving the bdb functions prototype from the backend include to bdb_layer.h
- moving some common functions from the bdb plugin back to the backend
(typically in the import/archive area like the ldif provider thread)
Unlike the first one, this commit changes are manual and require review.
* Issue 4699 - Backend redesign phase 4 - Create mdb plugin skeleton
This Backend redesign phase 4 third commit creates mdb plugin skeleton
This commit dwchange changes are mostly generated from following script
( only mdb_perfctrs.c needed a few changes to get something buildable )
I do not think that this commit needs to be reviewd
L=$(cd ../db-bdb; ls bdb_*.[ch])
for f in $L
do
nf=mdb${f#bdb}
sed '
s/bdb/mdb/g
s/^{/{@#ifdef TODO/
s,^},#endif /* TODO */@},
' ../db-bdb/$f | tr @ '\n' > $nf
done
FYI: the Makefile change got erroneously pushed with previous commit .
build is igenerating lots of warning about mdb modules: mainly missing return or unused functions
(because for now all the functions meet is within #ifdef TODO)
* Backup redesign phase 4 - Fix missing symbol error
* Update backend redesign phase 4 - replace mdb_prefix by dbmdb_
* Update backend redesign phase 4 - fix miscellaneous issues
* Update backend redesign phase 4 - start env and open db instances
* Update backend redesign phase 4 - start env and open db instances
* Backup redesign phase 4 - merge upgrade.c
* Backup redesign phase 4 - Be able to add entries
* Update backend redesign phase 4 - fix MDB_GET_MULTIPLE handling that was breaking the searches
* Update backend redesign phase 4a - implement backend removal on lmdb
* Issue 4699 - Backend redesign phase 4b - Implement import/export over lmdb
* Issue 4699 - Backend redesign phase 4b - Implement import/export over lmdb - fix build issues
* Issue 4699 - Backend redesign phase 4b - Implement import/export over lmdb - configure nsslapd-backend-implemenys with dsconf
* Issue 4699 - Backend redesign phase 4b - Implement import/export over lmdb - switch to mdb by default - (for initial tests phases)
* Issue 4699 - Backend redesign phase 4b - Implement backup/restore over lmdb
* Update Backend Redesign phase 4 - fixing some import bugs
* Update Backend Redesign phase 4 - fixing test_basic_acl regression
* Update Backend Redesign phase 4 - fixing unwanted rmdb.c removal
* Issue 4699 - Backend redesign phase 4 - Fix some CL test issues with mdb
* Update Backend Redesign phase 4 - select mdb by default in lib389
* Update Backend Redesign phase 4 - fix some replication issue
* Update Backend Redesign phase 4 - fix import+VLV issue
* Update Backend Redesign phase 4 - disable detailled debug
* Update Backend Redesign phase 4 - fix some py.tests
* issue 4653: refactor ldbm backend to allow replacement of BDB - phase 4 - fix vlv search
* Issue 4699 - Backend redesign phase 4 - Implements monitor and perf counters
* Debug tests for i4699 branch
* Revert "Debug tests for i4699 branch"
This reverts commit 4d953eec745c99b36df7a930dc9f58296a24181c.
* Issue 4699 - Backend redesign phase 4 - Fix bak2db CL test issues with mdb
* Update backend redesign phase 4 - fix replication issues
* Update Backend Redesign phase 4 - fixing Monitor classes in lib389
* Issue 4699 - Backend redesign phase 4 - Implements monitor in lib389 - 2nd try
* Issue 4699 - Backend redesign phase 4 - fix a crash when closing ports
* Issue 4699 - Backend redesign phase 4 - Rebase with master
* Issue 4699 - Backend redesign phase 4 - attempt to Fix nss issue
* Issue 4699 - Backend redesign phase 4 - attempt to Fix nss issue v2
* temporary traces added
* temporary traces added
* Update backend redesign phase 4 - fix import issues
* Update backend redesign phase 4 - debug import issues
* temporary traces added + hash of long keys
* temporary traces added + hash of long keys
* Update Backend Redesign phase 4 - fix some bdb initialisation issue.
* Update backend redesign phase 4 - fix database flags issue
* Update Backend Redesign phase 4 - Add back DUPSUPPORT for entryrdn
* Update backend redesign phase 4 - fix database size issue
* Update backend redesign phase 4 - limit default database size to 1GB + debug cleanup
* Update backend redesign phase 4 - fix hashed index key issues
- - - - -
bce016bd by progier389 at 2021-08-24T15:29:38+02:00
Issue 4880: Revert removed_config_49298_test.py wrongly modified by issue 4699 (#4881)
- - - - -
8f3baf3c by Mark Reynolds at 2021-08-26T09:36:44-04:00
Issue 4884 - server crashes when dnaInterval attribute is set to zero
Bug Description:
A division by zero crash occurs if the dnaInterval is set to zero
Fix Description:
Validate the config value of dnaInterval and adjust it to the
default/safe value of "1" if needed.
relates: https://github.com/389ds/389-ds-base/issues/4884
Reviewed by: tbordaz(Thanks!)
- - - - -
e1249f30 by Mark Reynolds at 2021-08-26T10:09:51-04:00
Issue 4875 - CLI - Add some verbosity to installer
Description: Previously the installer would basically say
"Starting" and "Finished". If a step would
run into a problem it is difficult to narrow
down what is going wrong. So add a little more
output during the installation.
relates: https://github.com/389ds/389-ds-base/issues/4875
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
714b1504 by Mark Reynolds at 2021-08-27T08:48:49-04:00
Issue 4169 - Migrate Replication & Schema tabs to PF4
Description: Migrate the remaining components in the repl and schema
tabs to PF4
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed: spichugi & jchapman (Thanks!!)
- - - - -
311d08ff by Mark Reynolds at 2021-08-27T08:48:49-04:00
Issue 4149 - UI - Migrate the remaining components to PF4
Description: This completes the initial migration to PF4
fixes: https://github.com/389ds/389-ds-base/issues/4149
Reviewed by: spichugi(Thanks!)
- - - - -
cb6ff048 by Gilbert Kimetto at 2021-08-30T11:06:57-04:00
Issue# 4725 [RFE] DS - Update the password policy to support Temporary Password Rules (#4853)
Bug Description:
Enhance password policy to support registration password (One Time Password).
Fix Description:
This is Automation to test this new feature Automate Bz 1626633
Relates:
https://github.com/389ds/389-ds-base/issues/4725
Author: Gilbert Kimetto
Reviewed by: mreynolds Thank you!
- - - - -
001f116c by Mark Reynolds at 2021-08-30T13:03:35-04:00
Issue 4887 - UI - Update webpack.config.js and package.json
Bug Description:
Our cockpit dependencies were very out of date and had
security issues. But the newer ELint package had lots of new
complaints.
Fix Description:
"noop" no longer exists in PF4, so that had to be removed from
the PropTypes, as well as a ton of ESlint errros about
variable declarations, certain function names, etc.
npm audit is now clean, and we are up to date with Cockpit
requirements/standards.
relates: https://github.com/389ds/389-ds-base/issues/4887
Reviewed by: jchapman(Thanks!)
- - - - -
d1ae9581 by Mark Reynolds at 2021-08-31T16:08:26-04:00
Issue 4887 - UI - fix minor regression from camelCase fixup
Description: The new ESlinter can comaplained about function names, and
there was a mistake that caused the wrong function name to be passed as
a property to a component.
relates: https://github.com/389ds/389-ds-base/issues/4887
Reviedwed by: mreynolds(one line commit rule)
- - - - -
caa33cf3 by Akshay Adhikari at 2021-09-01T16:13:32+02:00
Issue 4773 - Extend CI tests for DNA interval assignment
Description: Extend CI tests for DNA interval assignment
Relates: https://github.com/389ds/389-ds-base/issues/4773
Reviewed by: @tbordaz, @vashirov, @sgouvern (Thanks!)
- - - - -
d7050227 by progier389 at 2021-09-02T12:33:42+02:00
Issue 4889 - bdb lock deadlock while reindex/import vlv index (#4892)
* Issue 4889 - bdb lock deadlock while reindex/import vlv index
* Issue 4889 - bdb lock deadlock while reindex/import vlv index
* Issue 4889 - bdb lock deadlock while reindex/import vlv index
- - - - -
d5486212 by Mark Reynolds at 2021-09-03T09:54:48-04:00
Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
Bug Description: Monotonic clocks were used to check if an entry was old
enough to be trimmed, but the real system time should be
used. So entries were never trimmed from the changelog..
Fix Description: Make sure monotonic clocks are only used for the
trimming interval, and real time clocks are used
for entry age.
relates: https://github.com/389ds/389-ds-base/issues/4869
Reviewed by: firstyear(Thanks!)
- - - - -
378fb724 by Viktor Ashirov at 2021-09-06T15:44:00+02:00
Issue 4901 - Add COPR integration
Description:
Fedora COPR supports automatic rebuilds from SCM:
https://docs.pagure.org/copr.copr/user_documentation.html#scm
And GitHub webhooks to automatically trigger builds:
https://docs.pagure.org/copr.copr/user_documentation.html#github-webhooks
Fixes: https://github.com/389ds/389-ds-base/issues/4901
Reviewed by: mreynolds (Thanks!)
- - - - -
0d907a97 by Viktor Ashirov at 2021-09-07T14:22:16+02:00
Issue 4577 - Add GitHub actions
Description:
* Update GH actions to use ubuntu-latest
* Update pytest workflow to also run nightly
* Add SKIP_AUDIT_CI=1 to copr builds
* Add npm audit-ci workflow
* Add badges with test status to README.md
Relates: https://github.com/389ds/389-ds-base/issues/4577
Relates: https://github.com/389ds/389-ds-base/issues/4901
Reviewed by: mreynolds (Thanks!)
- - - - -
7f610ec7 by Mark Reynolds at 2021-09-09T07:45:07-04:00
Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
Bug Description: During a reindex task we skip the RUV tombstone entry,
which corrupts the nsuniqueid index.
Fix Description: Make sure we still index nsuniqueid index for
the RUV tombstone entry.
relates: https://github.com/389ds/389-ds-base/issues/4910
Reviewed by: firstyear & progier389 (Thanks!!)
- - - - -
a2db752a by Mark Reynolds at 2021-09-09T07:49:06-04:00
Issue 4912 - dsidm command crashing when account policy plugin is enabled
Bug Description: If the account policy plugin is enabled, but not
configured then dsidm will crash when checking an
entry's status.
Fix Description: Check if the config DN is present before trying
to check its values.
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: firstyear(thanks!)
- - - - -
ff508d1a by Firstyear at 2021-09-10T11:44:27+10:00
Issue 4914 - BUG - resolve duplicate stderr with clang (#4915)
Bug Description: Due to linking with libgcc stderr had multiple locations
available when using asan + clang.
Fix Description: Remove gcc_s from ld with rust when using clang, and
mark c++ to use staticly linked libgcc to scope the stderr definition
to libns-dshttpd.
fixes: https://github.com/389ds/389-ds-base/issues/4914
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
674aefb1 by Simon Pichugin at 2021-09-10T14:17:41-07:00
Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
Bug Description: Starting with 389-ds 2.0.8 on rawhide,
any call to ipa user-del --preserve fails with
This entry already exists.
Fix Description: We should split 'dn' parameter in searchAllSubtrees
into parent and target. As one of them is used for excluding the
subtree checks and another one for searching.
Improve 'superior' processing when we don't change the parent..
Rename variables in a more sane way.
Fixes: https://github.com/389ds/389-ds-base/issues/4894
Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!)
- - - - -
735c5a79 by Mark Reynolds at 2021-09-11T10:12:15-04:00
Issue 4796 - Add support for nsslapd-state to CLI & UI
Description: Add support for nsslapd-state to lib389 and UI. Also
added a check to prevent the changing of nsslapd-state
for replicated suffixes.
Also did a little UI cleanup where a bottom margin was added
to the bottom of pages instead of using <hr> to create the gap.
relates: https://github.com/389ds/389-ds-base/issues/4796
Reviewed by: jachapman & spichugi(Thanks!!)
- - - - -
3d770b0a by François Cami at 2021-09-13T09:51:33-04:00
Issue 4863 - typoes in logconv.pl
There are two occurrences of "occurrances" in logconv.pl.
Replace the two occurrences of occurrances by occurences.
Relates: https://github.com/389ds/389-ds-base/issues/4863
Signed-off-by: François Cami <fcami at redhat.com>
Reviewed by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
9734e156 by Mark Reynolds at 2021-09-13T12:22:48-04:00
Issue 4912 - Account Policy plugin does not set the config entry DN
Description: Although we create the config entry for the Account Policy
plugin, we do not list the config entry DN in the main plugin entry
via nsslapd-pluginarg0
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: mreynolds(one line commit rule)
- - - - -
dc5445aa by Marc Muehlfeld at 2021-09-14T09:23:30-04:00
Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
Description:
The --help of dsconf and its subcommands contain several incorrect descriptions, typos, inconsistent language, some entries end with a ".", some doesn't, some descriptions start with lowercase, ...
For a better user experience, the descriptions of subcommands, and parameters should be reviewed and improved.
Fixes: #4908
Reviewed by: Mark Reynolds, William Brown, and Simon Pichugin
- - - - -
dc189068 by Gilbert Kimetto at 2021-09-14T11:49:36-04:00
Issue# 4656 DS Remove problematic language from CLI tools and UI (#4893)
- - - - -
22156fcd by Viktor Ashirov at 2021-09-21T23:43:12+02:00
Issue 4916 - Memory leak in ldap-agent
Description:
Fix a minor memory leak in ldap-agent to make AddressSanitizer happy.
Fixes: https://github.com/389ds/389-ds-base/issues/4916
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
96dbbb21 by tbordaz at 2021-09-23T10:48:50+02:00
Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926)
Bug description:
An ACI may contain targetfilter. For a given returned entry, of a
SRCH request, the same targetfilter is evaluated for each of the
returned attributes.
Once the filter has been evaluated, it is useless to reevaluate
it for a next attribute.
Fix description:
The fix implements a very simple cache (linked list) that keeps
the results of the previously evaluated 'targetfilter'.
This cache is per-entry. For an operation, a aclpb is allocated
that is used to evaluate ACIs against each successive entry.
Each time a candidate entry is added in the aclpb
(acl_access_allowed), the cache (aclpb_curr_entry_targetfilters)
is freed. Then for each 'targetfilter', the original targetfilter
is lookup from the cache. If this is the first evaluation of it
then the result of the evaluation is stored into the cache using
the original targetfilter as the key in the cache
The key to lookup/store the cache is the string representation
of the targetfilter. The string contains a redzone to detect
that the filter exceeds the maximum size (2K). If it exceeds
then the key is invalid and the lookup/store is noop.
relates: #4925
Reviewed by: Mark Reynolds, William Brown (Thanks)
Platforms tested: F34
- - - - -
2a9df103 by Mark Reynolds at 2021-09-27T13:05:14-04:00
Issue 4513 - fix ACI CI tests involving ip/hostname rules
Description: Fix tests that use ACIs with ip/hostname rules. Harden
the dscreate and dsctl acceptance tests, and fix some
flakiness in the sync repl test, and filter schema
validation.
Also updated the doxy file and fixed some compiler warnings
relates: https://github.com/389ds/389-ds-base/issues/4513
Reviewed by: spichugi & tbordaz(Thanks!!)
- - - - -
11a0fa8a by Firstyear at 2021-09-30T11:47:29+10:00
Issue 4847 - BUG - potential deadlock in replica (#4936)
Bug Description: There was an incorrect double lock in
repl5_replica_config.c
Fix Description: Replace the incorrect lock with and unlock.
fixes: https://github.com/389ds/389-ds-base/issues/4847
Author: jenny <@jenny-cheung>
Review by: @firstyear @droideck
Co-authored-by: jenny <84835889+jenny-cheung at users.noreply.github.com>
- - - - -
9ebd3d78 by tbordaz at 2021-09-30T15:59:40+02:00
Issue 4678 - RFE automatique disable of virtual attribute checking (#4918)
Bug description:
Virtual attributes are configured via Roles or COS definitions
and registered during initialization of those plugins.
Virtual attributes are processed during search evaluation of
filter and returned attributes. This processing is expensive
and prone to create contention between searches.
Use of virtual attribute is not frequent. So many of the
deployement process virtual attribute even if there is none.
Fix description:
The fix configure the server to ignore virtual attribute by
default (nsslapd-ignore-virtual-attrs: on).
At startup, if a new virtual attribute is registered or
it exists Roles/COS definitions, then the server is
configured to process the virtual attributes
(nsslapd-ignore-virtual-attrs: off)
design: https://www.port389.org/docs/389ds/design/vattr-automatic-toggle.html
relates: https://github.com/389ds/389-ds-base/issues/4678
Reviewed by: William Brown, Simon Pichugin, Mark Reynolds (Thanks !!)
Platforms tested: F34
- - - - -
6cac256b by progier389 at 2021-10-01T17:23:33+02:00
Issue 4896 - improve CI tests report in case of SERVER_DOWN exception (#4897)
* Issue 4896 - CI tests on lmdb still reports errors
* issue 4653: refactor ldbm backend to allow replacement of BDB - phase 4 - increase default map size
* Update backend redesign phase 4 - limit default database size to 1GB + debug cleanup
* issue 4653: refactor ldbm backend to allow replacement of BDB - phase 4 - improve lmdb_nasty logs
* issue 4653: refactor ldbm backend to allow replacement of BDB - phase 4 - fix err 22 issue by refactoring the instance management
* issue 4896: refactor ldbm backend to allow replacement of BDB - phase 4 - fix err 22 issue by refactoring the instance management
* Issue 4896 - Backend redesign phase 4 - Fix issue around dbi handling and txn
* Issue 4896 - Backend redesign phase 4 - Fix issue around dbi handling and txn
* Issue 4896 - Backend redesign phase 4 - Fix issue around dbi handling and txn
* Issue 4896 - Backend redesign phase 4 - Improve CI tests report about ldap.SERVER_DOWN exception
* Issue 4896 - Backend redesign phase 4 - Improve CI tests report about ldap.SERVER_DOWN exception
* Issue 4896 - Backend redesign phase 4 - Improve CI tests report about ldap.SERVER_DOWN exception
* Issue 4896 - Backend redesign phase 4 - Improve CI tests report about ldap.SERVER_DOWN exception
* Issue 4896 - Backend redesign phase 4 - Improve CI tests report about ldap.SERVER_DOWN exception
* Issue 4896 - Backend redesign phase 4 - Improve CI tests report about ldap.SERVER_DOWN exception
- - - - -
b109073b by James Chapman at 2021-10-07T07:18:52+01:00
Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922)
Description: When logconv.pl is run with the recommendations flag
it generates an uninitialized value error.
Fixed this and done some tidy up.
Fixes: https://github.com/389ds/389-ds-base/issues/4921
Reviewed by: @progier389 (Thank you)
- - - - -
40dfe534 by Viktor Ashirov at 2021-10-11T09:09:30+02:00
Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace
Bug Description:
On a very slow machine max_failure_count can be reached to soon. For
troubleshooting and diagnostics this parameter should be configurable.
Fix Description:
Introduce a new env variable DS_STARTUP_TIMEOUT that accepts a number in
seconds. By default it is 60.
Log a traceback when we reach the timeout.
Fixes: https://github.com/389ds/389-ds-base/issues/4938
Reviewed by: @Firstyear (Thanks!)
- - - - -
50e2314a by Mark Reynolds at 2021-10-18T14:59:57-04:00
Issue 4299 - Merge LDAP editor code into Cockpit UI
Description: Merging parts of Têko Mihinto <tmihinto at redhat.com> LDAP
editor into the Cockpit UI. Some of it is functional, but there is
still much more work to be done.
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi(Thanks!)
- - - - -
70c61f69 by Mark Reynolds at 2021-10-19T08:50:42-04:00
Bump github contianer shm size to 4 gigs
- - - - -
269f1f8e by Mark Reynolds at 2021-10-19T09:26:24-04:00
Issue 2790 - Set db home directory by default
Description: The selinux rules (selinux-policy-3.14.3-79)
have been updated to support /dev/shm/slapd-INST
Relates: https://github.com/389ds/389-ds-base/issues/2790
Reviewed by: firstyear(Thanks!)
- - - - -
aaab088c by Viktor Ashirov at 2021-10-23T21:59:14+02:00
Issue 4954 - pytest is killed by OOM killer when the whole test suite is executed
Bug Description:
After 2a9df10 we started to collect dirsrv logs and attach them to
html report. This works fine in PR CI when a single test module is
executed. But when all tests are executed, pytest starts to consume
a lot of memory, which on 4GB VMs leads to OOM kill event, leaving
test run without results.
Fix Description:
We should read logs into memory only when html report is requested.
Fixes: https://github.com/389ds/389-ds-base/issues/4954
Reviewed by: @Firstyear, @droideck (Thanks!)
- - - - -
cbfccd67 by progier389 at 2021-10-25T17:09:57+02:00
Issue 4943 - Fix csn generator to limit time skew drift (#4946)
* Issue 4943 - Fix csn generator to limit time skew drift
- - - - -
a1680a2b by Simon Pichugin at 2021-10-26T15:51:24-07:00
Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)
Issue Description: Use PK11_Decrypt function to get hash data
because PK11_ExtractKeyValue function is forbidden in FIPS mode.
We can't extract keys while in FIPS mode. But we use PK11_ExtractKeyValue
for hashes, and it's not forbidden.
We can't use OpenSSL's PBKDF2-SHA256 implementation right now because
we need to support an upgrade procedure while in FIPS mode (update
hash on bind). For that, we should fix existing PBKDF2 usage, and we can
switch to OpenSSL's PBKDF2-SHA256 in the following versions.
Fix Description: Use PK11_Decrypt function to get the data.
Enable TLS on all CI test topologies while in FIPS because without
that we don't set up the NSS database correctly.
Add PBKDF2-SHA256 (OpenSSL) to ldif templates, so the password scheme is
discoverable by internal functions.
https://github.com/389ds/389-ds-base/issues/3584
Reviewed by: @progier389, @mreynolds389, @Firstyear, @tbordaz (Thanks!!)
- - - - -
eec3da36 by Mark Reynolds at 2021-10-27T20:36:21-04:00
Issue 4962 - Fix various UI bugs part 1
Fix Description:
Bug 2016022 - Cockpit UI: UI is incorrectly saying "Create the Sub Suffix entry"
Bug 2015951 - Cockpit UI: Database tab ---> Export Database/replicaton
data
Bug 2015221 - Cockpit UI: UX Bugs Server Settings ->Tuning and Limits
Bug 2015139 - Configuration for Import Cache Settings is not saved
Bug 2015127 - No message when configuring Global Database Configuration
Bug 2014924 - Cockpit UI: UX Bugs and other cockpit GUI related defects
relates: https://github.com/389ds/389-ds-base/issues/4962
Reviewed by: spichugi & jchapman (Thanks!!)
- - - - -
ac27e7bf by Mark Reynolds at 2021-10-28T08:15:50-04:00
Issue 4731 - Promoting/demoting a replica can crash the server
Bug Description: The server will crash if you demote a
supplier with no changelog.
Fix Description: Check if the changelog pointer is NULL before
dereferencing it
relates: https://github.com/389ds/389-ds-base/issues/4731
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
5df00bdd by Mark Reynolds at 2021-10-28T14:46:17-04:00
Issue 4956 - Automember allows invalid regex, and does not log proper error
Bug Description: The server was detecting an invalid automember
regex, but it did not reject it, and it did not
log which regex rule was invalid.
Fix Description: By properly rejecting the invalid regex will also
trigger the proper error logging to occur.
relates: https://github.com/389ds/389-ds-base/issues/4956
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
63243a4a by Mark Reynolds at 2021-10-28T14:49:33-04:00
Issue 4092 - systemd-tmpfiles warnings
Bug Description:
systemd-tmpfiles warns about legacy paths in our tmpfiles configs.
Using /var/run also introduces a race condition, see the following
issue https://pagure.io/389-ds-base/issue/47429
Fix Description:
Instead of using @localstatedir@/run use @localrundir@ which was
introduced in #850.
Relates: https://github.com/389ds/389-ds-base/issues/766
Fixes: https://github.com/389ds/389-ds-base/issues/4092
Reviewed by: vashirov & firstyear(Thanks!)
- - - - -
bdc315f7 by Simon Pichugin at 2021-10-29T18:11:34-07:00
Issue 4962 - Fix various UI bugs - Plugins (#4969)
Description:
Bug 1816526 - restart instance after plugin enabled/disabled should depend on 'nsslapd-dynamic-plugins' status
Bug 2011183 - Retro Changelog plugin - saving any configuration is stuck in loading
Bug 2011187 - Posix Winsync Plugin - configuration is not saved
Bug 2011188 - DNA plugin fails to be enabled
Bug 2011751 - Referential Integrity Plugin - unable to save changes
Bug 2011767 - RootDN Access Control Plugin - configuration stuck and a wrong message is displayed
Bug 2011814 - Account Policy Plugin - configuration failing with error
relates: #4962
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
b264f1ec by Firstyear at 2021-11-01T08:31:57+10:00
Issue 4959 - BUG - Invalid /etc/hosts setup can cause isLocalHost (#4960)
Bug Description: During dsctl localhost status, this can fail
to detect if the instance isLocal if /etc/hosts is not correctly
configured. This starts inside of utils with no ip for "hostname"
but then causes paths.py to fail as there is no config.
Fix Description: Improve the error condition when _config
is not present either due to remote instance is offline, or
an invalid dns setup with /etc/hosts
fixes: https://github.com/389ds/389-ds-base/issues/4959
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
0552081f by Mark Reynolds at 2021-11-01T14:07:11-04:00
Issue 4973 - installer changes permissions on /run
Description: There was a regression when we switched over to using /run
that caused the installer to try and create /run which
caused the ownership to change. Fixed this by changing
the "run_dir" to /run/dirsrv
relates: https://github.com/389ds/389-ds-base/issues/4973
Reviewed by: jchapman(Thanks!)
- - - - -
f8fbdd46 by Mark Reynolds at 2021-11-02T10:21:16-04:00
Issue 4973 - update snmp to use /run/dirsrv for PID file
Description: Previously SNMP would write the agent PID file directly
under /run (or /var/run), but this broke a CI test after
updating lib389/defaults.inf to use /run/dirsrv.
Instead of hacking the CI test, I changed the path
snmp uses to: /run/dirsrv/ Which is where it
should really be written anyway.
relates: https://github.com/389ds/389-ds-base/issues/4973
Reviewed by: vashirov(Thanks!)
- - - - -
70022245 by Viktor Ashirov at 2021-11-03T11:11:45+01:00
Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import
Bug Description:
Previous change 6b10f1795f52395aa46d48a6f0428d126b35a90d had a wrong
assumption that total_time1 and total_time2 have a very insignificant
difference in case nsslapd-db-private-import-mem is set to 'off'.
In reality it is insignificant only on a smaller number of entries.
A recent change in libdb exposed this wrong assumption. With this change
__db.00* files get the maximum size in advance, instead of expanding
them when needed.
Fix Description:
Revert 6b10f1795f52395aa46d48a6f0428d126b35a90d.
Fixes: https://github.com/389ds/389-ds-base/issues/4976
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
ef93bea4 by progier389 at 2021-11-03T13:43:15+01:00
Issue 4898 - Implement bdb to lmdb CLI migration tools (#4952)
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
* Issue 4898 - Add bdb to lmdb migration tools
- - - - -
228612ad by Mark Reynolds at 2021-11-03T08:55:19-04:00
Issue 4978 - make installer robust
Description: When run in a container the server can fail to start
because the installer sets the db_home_dir to /dev/shm,
but in containers the default size of /dev/shm is too
small for libdb. We should detect if we are in a
container and not set db_home_dir to /dev/shm.
During instance removal, if an instance was not properly
created then it can not be removed either. Make the
uninstall more robust to accept some errors and continue
removing the instance.
relates: https://github.com/389ds/389-ds-base/issues/4978
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
495fdc02 by Barbora Simonova at 2021-11-03T14:59:39+01:00
Issue 4758 - Add tests for WebUI
Description:
Added some basic tests for WebUI (login, create instance etc.). These tests need
specific environment to be run so they will be skipped in normal conditions.
Playwright for Python is used to develop the tests and they can run
by using Firefox and Chromium browser.
Relates: https://github.com/389ds/389-ds-base/issues/4758
Reviewed by: @vashirov (Thanks!)
- - - - -
aeed1de9 by Viktor Ashirov at 2021-11-04T08:37:08+01:00
Issue 4096 - Missing perl dependencies for logconv.pl
Bug Description:
Split perl dependencies are not available in EPEL8.
Fix Description:
Use split perl dependencies only on Fedora >= 33 and
RHEL >= 9.
Fixes: https://github.com/389ds/389-ds-base/issues/4096
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
5e00102e by tbordaz at 2021-11-05T09:56:43+01:00
Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981)
releases where it was DirectoryString
Bug description:
For years 'gecos' was DirectoryString (UTF8), with #50933 it was restricted to IA5 (ascii)
https://github.com/389ds/389-ds-base/commit/0683bcde1b667b6d0ca6e8d1ef605f17c51ea2f7#
IA5 definition conforms rfc2307 but is a problem for existing deployments
where entries can have 'gecos' attribute value with UTF8.
Fix description:
Revert the definition to of 'gecos' being Directory String
Additional fix to make test_replica_backup_and_restore more
robust to CI
relates: https://github.com/389ds/389-ds-base/issues/4972
Reviewed by: William Brown, Pierre Rogier, James Chapman (Thanks !)
Platforms tested: F34
- - - - -
c6b160c2 by Barbora Simonova at 2021-11-05T14:43:35+01:00
Issue 4758 - Add tests for WebUI
Description:
Just a minor fix for checking the cockpit version
so selectors have correct names.
Relates: https://github.com/389ds/389-ds-base/issues/4758
Reviewed by: vashirov (Thanks!)
- - - - -
0a6bd0bd by Firstyear at 2021-11-08T10:40:11+10:00
Issue 4982 - BUG - missing inttypes.h (#4983)
Bug Description: Missing inttypes.h in main.c of snmp causes
clang to fail to build the file. Incorrect use of malloc
instead of calloc in main causes asan issue.
Fix Description: Add missing header. Use calloc
fixes: https://github.com/389ds/389-ds-base/issues/4982
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
5377334e by Akshay Adhikari at 2021-11-09T11:51:17+01:00
Issue 4460 - python3-lib389 ignore the configuration parameters from … (#4906)
* Issue 4460 - python3-lib389 ignore the configuration parameters from /etc/openldap/ldap.conf
Description: python3-lib389 v1.4.3 seems to ignore the configuration parameters from /etc/openldap/ldap.conf.
Added LDAPCONF env variable to be used instead of writing in ldap.conf.
Added HOME env variable to be used as path (to make it work with non-root users).
Relates: https://github.com/389ds/389-ds-base/issues/4460
Reviewed by: sgouvern, Firstyear (Thanks!)
- - - - -
1aaadb8a by Firstyear at 2021-11-10T08:29:28+10:00
Issue 4984 - BUG - pid file handling (#4986)
Bug Description: When starting up in a container, if the pid
file location is not writeable, the dscontainer/lib389 tools can't
detect that the pid is running correctly, which causes the start
up to fail. This happened because the pid file location was
incorrectly set due to a previous change.
Fix Description: This forces the pid file path when we know
that we are in container mode, and also causes 389-ds to exit
with an error if we can not write to the pid file location.
fixes: https://github.com/389ds/389-ds-base/issues/4984
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
a1683147 by Firstyear at 2021-11-10T11:47:57+10:00
Issue 4992 - BUG - slapd.socket container fix (#4993)
Bug Description: A recent fix exposed that we were incorrectly
setting the container socket for ldapi.
Fix Description: Correct this to be consistent.
fixes: https://github.com/389ds/389-ds-base/issues/4992
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
5f92e1d6 by tbordaz at 2021-11-10T11:59:06+01:00
Issue 4990 - CI tests: improve robustness of fourwaymmr (#4991)
Bug description:
Various unstable fixes
relates: #4990
Reviewed by: Simon Pichugin
Platforms tested: F34
- - - - -
92ad2b91 by Mark Reynolds at 2021-11-10T08:56:20-05:00
Issue 4978 - use more portable python command for checking containers
Description: During the installation check for containers use arguments
for subprocess.run() that work on all versions of python
relates: https://github.com/389ds/389-ds-base/issues/4978
Reviewed by: mreynolds(one line commit rule)
- - - - -
f7cff392 by Barbora Simonova at 2021-11-12T15:20:55+01:00
Issue 4778 - [RFE] Schedule execution of "compactdb" at specific date/time
Description:
Added additional tests to check invalid and no compaction value for
nsslapd-db-compactdb-interval.
Relates: https://github.com/389ds/389-ds-base/issues/4778
Reviewed by: mreynolds389, tbordaz (Thanks!)
- - - - -
e4faecbd by Barbora Simonova at 2021-11-12T15:22:02+01:00
Issue 4734 - ldif2db - import of entry with no parent doesnt generate a warning
Description:
Added a test to check if warning message is displayed
when there are skipped entries during backend import.
Relates: https://github.com/389ds/389-ds-base/issues/4734
Reviewed by: droideck (Thanks!)
- - - - -
829ea411 by Simon Pichugin at 2021-11-12T10:44:04-08:00
Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000)
Description: Don't start/stop instance if it's already started/stopped.
Add JSON error output to the basic CLI tool's operations.
Fix Ciphers Tab behaviour so it's aligned with the documentation and the
core functionality.
Relates: https://github.com/389ds/389-ds-base/issues/4962
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
9936e8cf by Mark Reynolds at 2021-11-15T16:42:28-05:00
Issue 5001 - Fix next round of UI bugs:
Description:
Addressing a series of bugs found by QE:
Bug 2016526 - LDAPI & Autobind save btn misbehaving
Bug 2016481 - Disabling Security leaves the pop-up window open
Bug 2016026 - Selecting existing certificate in Security Configuration crashes browser
Bug 2017402 - Adding several allowed SASL mechanisms does not behave correctly
Bug 2017411 - cockpit crashes because invalid SASL mapping regex was saved
Bug 2022117 - Cockpit UI: Editing an Objectclass name causes an error in Cockpit UI
Bug 2021194 - Searching "matching rules" in the "Schema" Tab crashes browser
Bug 2021591 - cockpit : audit and audit failure log enablement status is not persistent
relates: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
55fb438a by spike at 2021-11-16T09:08:53-05:00
Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail.
Description: Use local_simple_allocate in dsctl so that isLocal is always set properly
Relates: https://github.com/389ds/389-ds-base/issues/4959
Reviewed by: @droideck (Thanks!)
- - - - -
b1b4a74f by Mark Reynolds at 2021-11-16T11:47:03-05:00
Issue 5001 - Update CI test for new availableSASLMechs attribute
Description: Issue 5001 added a new attribute to the root dse, but
a CI test was not updated for the new attribute.
relates: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: mreynolds (one line commit rule)
- - - - -
53f8d1be by progier389 at 2021-11-17T11:50:32+01:00
Issue 4923 - issue about LMDB dbi versus txn handling (#4924)
* Issue 4923 - issue about LMDB dbi versus txn handling
- - - - -
749b1a11 by Mark Reynolds at 2021-11-17T15:36:44-05:00
Issue 5006 - UI - LDAP editor tree not being properly updated
Description: Deleting an entry was the tree view did not update the
treeview. Updates to table view were also not seen
in the tree view. The views should now be in synch
Also, replaced some console logging with our "log_cmd"
function in the editor utils file.
relates: https://github.com/389ds/389-ds-base/issues/5006
Reviewed by: spichugi(Thanks!)
- - - - -
e2839d51 by Mark Reynolds at 2021-11-21T17:48:07-05:00
Issue 5014 - UI - Add group creation to LDAP editor
Description: Added group creation to LDAP editor via the "New ..."
menu option
relates: https://github.com/389ds/389-ds-base/issues/5014
Reviewed by: spichugi(Thanks!)
- - - - -
0e30ba58 by tbordaz at 2021-11-22T17:14:13+01:00
Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import (#5017)
Bug description:
A large merge #4923 removed #4976 fix
Fix description:
The test test_fast_slow_import purpose is to verify
that private import is faster than shared one.
It is too complex to manage a limit to the private/shared
durations
Revert to #4923 fix
relates: #4923
Reviewed by: Pierre Rogier, Viktor Ashirov
Platforms tested: PR-CI
- - - - -
2e2414f8 by Simon Pichugin at 2021-11-22T16:26:47-08:00
Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016)
Description:
Bug 2014924 - Cockpit UI: UX Bugs and other cockpit GUI related defects
Bug 2017441 - cockpit : Export changelog allows to check both 'Export to LDIF For Debugging' options but only takes one into account
Bug 2018101 - cockpit : impossible to create credentials or aliases for replication monitoring synchronization report
Bug 2021250 - cockpit : logging setting entered values for rotation and deletion policies should be checked
Bug 2021278 - Cockpit UI: Unable to Edit Attributes without first searching for the attribute to edit
Related: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: @mreynolds389 (Thanks!!)
- - - - -
6100985d by progier389 at 2021-11-24T15:38:44+01:00
Revert slapi-plugin.h change from PR 4924 (#5023)
* Fix regression about slapi-plugin.h change from PR 4924 (it breaks freeipa plugin tester that mimic ns-slapd)
- - - - -
79219770 by tbordaz at 2021-11-24T16:04:02+01:00
Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009)
Bug description:
If a non-critical plugin can not be loaded/initialized, the server should continue its startup.
Fix description:
During plugin_setup, if the server fails to initialize a
non-critical plugin then it just log an error:
plugin_setup - "GOST_YESCRYPT" plugin in library "libpwdstorage-plugin" not initialized and ignored
The non-critical plugins are statically listed in
plugin_load_critical(). ATM non critical plugins are
entryuuid (name)
GOST_YESCRYPT (name)
libpwdchan (library path)
relates: #5008
Reviewed by: Mark Reynolds, Pierre Rogier, William Brown, Stanislav Levin (thanks !!)
Platforms tested: F34, CentOS8
- - - - -
35b1841c by Firstyear at 2021-11-25T08:35:06+10:00
Issue 5025 - RFE - remove useless logging (#5026)
Bug Description: Many of these trace log records serve no value, they don't help with debugging,
they create noise, performance issues, and just shouldn't exist.
Fix Description: Delete the offending lines.
fixes: https://github.com/389ds/389-ds-base/issues/5025
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
c302c633 by progier389 at 2021-11-25T12:09:33+01:00
5011 - test_replica_backup_and_restore random failure (#5028)
* 5011 - test_replica_backup_and_restore random failure
- - - - -
e6bfeb97 by Firstyear at 2021-11-26T09:28:28+10:00
Issue 5020 - BUG - improve clarity of posix win sync logging (#5021)
* Issue 5020 - BUG - improve clarity of posix win sync logging
Bug Description: When a user isn't synced from AD due to missing schema,
if the user was a member of a group then posix-winsync would confusingly
report an err=32 (NO_SUCH_OBJECT) which made it "appear" significantly
worse as a problem than it was.
Fix Description: This clarifies the error message to make it easier
for an administrator to understand why this is occuring.
fixes: https://github.com/389ds/389-ds-base/issues/5020
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz , @droideck
- - - - -
051b9fbf by Firstyear at 2021-11-30T10:44:13+10:00
Issue 5038 - BUG - dsconf tls may fail due to incorrect cert path (#5039)
Bug Description: Early in lib389 startup, certain functions are not
available, especially in dsconf. This means we can't read the live value
for the certdir, and we haven't overriden in it the container
so dsconf tls fails.
Fix Description: Apply the manual container path consistent with
other overrides
fixes: https://github.com/389ds/389-ds-base/issues/5038
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
a3375a08 by Simon Pichugin at 2021-11-29T17:44:53-08:00
Issue 5032 - OpenLDAP is not shipped with non-threaded version of libldap (#5033)
Bug Description: 389-ds-base is built with libldap_r shared library.
The non-threaded version of libldap is fully depricated since Fedora 34,
libldap_r supplied as symlinks. OpenLDAP 2.6 won't have libldap_r at all.
Fix Description: Use lldap instead of lldap_r in Makefile.
Add "--with-libldap-r" parameter to configure.ac.
If it's not set, we check the OpenLDAP version on the build system and use the appropriate shared library.
Fixes: https://github.com/389ds/389-ds-base/issues/5032
Reviewed by: @Firstyear (Thanks!)
- - - - -
6602ebda by Barbora Simonova at 2021-12-02T09:53:16+01:00
Issue 4758 - Add tests for WebUI
Description:
Added additional iframe assignment and cockpit version checking, because
some tests ocassionaly failed at instance removal.
Relates: https://github.com/389ds/389-ds-base/issues/4758
Reviewed by: vashirov (Thanks!)
- - - - -
66ed6836 by Firstyear at 2021-12-03T09:50:58+10:00
Issue 5024 - BUG - windows ro replica sigsegv (#5027)
Bug Description: After 1.4.3, the changelog moves into the main database rather than being a
seperate entity. This caused a situation where it was possible to create and configure a
changelog while also acting as a read-only replica. This allows individuals to create a
windows sync agreement, however during the upgrade to 1.4.4 where we move the changelog into
the main DB, I can only assume we either delete or ignore the CL if the replica is readonly.
As a result, this caused a situation where the replica information and agreement existed, but
the changelog did not. During startup as the agreement was processed, an attempt to open the
CL was made, but caused a NULL pointer dereference which prevented server startup.
Fix Description: This fixes the issue on a number of fronts. First, we remove the original
NULL pointer dereference in cl5_api.c. We correct a bug in promote in lib389 that prevented
consumer to supplier promotion. And finally, this adds a hardening check to better communicate
to users in this situation what steps they need to take.
fixes: https://github.com/389ds/389-ds-base/issues/5024
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @tbordaz
- - - - -
e594330e by Viktor Ashirov at 2021-12-03T10:23:07+01:00
Issue 4931 - RFE: dsidm - add creation of service accounts
Description:
Extend dsidm to handle service accounts under ou=services
Relates: https://github.com/389ds/389-ds-base/issues/4931
Reviewed by: @Firstyear, @mreynolds389 (Thanks!)
- - - - -
d86e748f by Sam Morris at 2021-12-06T11:56:26-05:00
Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections
Bug Description:
The RootDN access control plugin prevents access via UNIX sockets (ldapi://)
when host or IP restrictions are configured.
Fix Description:
The host and IP restrictions are no longer applied if the client connected via UNIX sockets.
relates: https://github.com/389ds/389-ds-base/issues/4165
Author: Sam Morris
Reviewed by: @mreynolds389, @Firstyear
- - - - -
26a1e0c0 by James Chapman at 2021-12-07T10:58:18+00:00
Issue 5029 - Unbind generates incorrent closed error message (#5030)
* Issue 5029 - Unbind generates incorrent closed error message
Bug description: There is a misleading error message in the access logs when
a client does an unbind. (... conn=5 op=2 fd=64 closed error - U1)
Fix description: disconnect_server_nomutex_ext() closes a connection,
the user can provide a reason the connection was closed and a flag to
indicate if the connection was closed in error. If no error has occured
just log the closure.
relates: https://github.com/389ds/389-ds-base/issues/5029
Reviewed by: progier389 (Thank you)
- - - - -
e085612d by tbordaz at 2021-12-08T19:05:42+01:00
Issue 5034 - is_dbi contains an invalid debug message that trigger failure in import_tests (#5035)
Bug description:
The test test_import_with_index (since #4923) relies on is_dbi.
is_dbi contains an invalid formating message that trigger
(random ?) failure
In addition #4923 improve dbscan interface (-D and -L). import_tests
rely on it. As the tests are also run with version without
#4923, we need to be backward compatible
Fix description:
Change the format adding '+'
Test if is_dbi() supports -D and -L. Then import_tests relies
on it else it fallback to glob.glog.
relates: #5034
Reviewed by: Pierre Rogier
Platforms tested: F34
- - - - -
29d9f35d by tbordaz at 2021-12-09T18:33:15+01:00
Issue 4312 - performance search rate: contention on global monitoring counters (#4940)
Bug description:
The servers manages a set of counters in order to report metrics either with SRCH
"cn=monitor" or with SNMP agent.
The counters are global and so the threads updating the counters are all accessing
the same counters and same memory addresses. The counters are accessed by workers and/or listener threads.
All of them are in competition to access the counter memory addresses that creates contention.
Fix description:
The fix spread the set of global counters into a per thread set
of global counters
https://www.port389.org/docs/389ds/design/global-counters-contention.html
relates: https://github.com/389ds/389-ds-base/issues/4312
Reviewed by: William Brown, Mark Reynolds (Thanks)
Platforms tested: F34
- - - - -
ea905a09 by Firstyear at 2021-12-10T08:03:30+10:00
Issue 5043 - BUG - Result must be used compiler warning (#5045)
Bug Description: Rust 1.57 enforces that Results must be
used, which causes librnsslapd to fail to build
Fix Description: Change how we duplicate the string so
that we don't need the result step.
fixes: https://github.com/389ds/389-ds-base/issues/5043
Author: William Brown <william at blackhats.net.au>
Review by: @vashirov, @droideck
- - - - -
a007a6f5 by Firstyear at 2021-12-10T08:06:37+10:00
Issue 5046 - BUG - update concread (#5047)
Bug Description: an update to concread changed how the cache was
constructed and how stats are used.
Fix Description: Update to adapt to these changes. Additionally
this update has a number of performance improvements.
fixes: https://github.com/389ds/389-ds-base/issues/5046
Author: William Brown <william at blackhats.net.au>
Review by: @vashirov, @droideck
- - - - -
bd5c39b4 by James Chapman at 2021-12-09T22:22:02+00:00
Issue 4994 - Revert retrocl dependency workaround (#4995)
Description: The RetroCL exclude attribute RFE was dependent on the
functionality of a commit that didn't make into the rhel 8.5 build. A
work around was committed that added the missing methods.
Since then the previous commit has been merged, so there now exists two
definitions of the same method, these need to be removed.
fixes: https://github.com/389ds/389-ds-base/issues/4994
relates: https://github.com/389ds/389-ds-base/issues/4791
Reviewed by: tbordaz (Merci)
- - - - -
76279017 by Viktor Ashirov at 2021-12-13T18:02:32+01:00
Issue 5055 - Improve core dump detection and collection in PR CI
Description:
Set `core_pattern` to location inside the container so that cores can be
collected as part of the pytest artifacts.
Fixes: https://github.com/389ds/389-ds-base/issues/5055
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
601380d2 by Simon Pichugin at 2021-12-13T18:01:06-08:00
Issue 4962 - Fix various UI bugs - Database and Backups (#5044)
Description:
Bug 1751280 - [RFE] Cockpit : Provide the access path to the exported suffix
Bug 1861805 - 389-ds-base: Accepting nsslapd-db-checkpoint-interval values in negative.
Bug 1926516 - Cannot load the DB with suffix with characters escaped by a backslash.
Bug 1986388 - Cockpit: "Manage backups" list is empty if dirsrv service is stopped
Related: https://github.com/389ds/389-ds-base/issues/5001
Reviewed by: @jchapma, @mreynolds389 (Thanks!)
- - - - -
1729500e by Firstyear at 2021-12-16T08:24:26+10:00
Issue 5018 - RFE - openSUSE systemd hardening (#5019)
Issue 5018 - RFE - openSUSE systemd hardening
Bug Description: The openSUSE/SUSE product security team is currently engaged in a project to
assist hardening projects systemd services with a number of options that can help prevent
certain attack classes. Rather than just having this in openSUSE we can have this upstream
to benefit all of us.
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
Fix Description: Add the recommended hardening options to 389-ds.
fixes: https://github.com/389ds/389-ds-base/issues/5018
Author: William Brown <william at blackhats.net.au>
Review by: @vashirov (Thanks)
- - - - -
d1b1319d by Mark Reynolds at 2021-12-16T17:21:19-05:00
Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality
Description:
Reworked the entry edit wizard to be one form to edit all
aspects of the entry. Also add the ability to do modrdns.
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi & tmihinto(Thanks!!)
- - - - -
3d019c0e by tbordaz at 2021-12-17T15:58:26+01:00
Issue 5011 - test_replica_backup_and_restore random failure (#5066)
Bug description:
fourwaymmr_test.py::test_replica_backup_and_restore checks
that, on a given supplier, after an offline LDIF import,
entries that are present in the LDIF do exist.
The problem is that some entries 'uid=test_user_2[0-4]'
has been deleted before the import and others suppliers may
replicate the DEL before the test checks that the entries exist.
To prevent that, replication agreement toward the given supplier
are pause.
The bug is that list_agmt_toward compare string port with
an int, so no replication agreement are selected
Fix description:
Retrieve the RA port with get_attr_val_int
relates: https://github.com/389ds/389-ds-base/issues/5011
Reviewed by: Simon Pichugin (thanks :))
Platforms tested: F34
- - - - -
c38a9158 by progier389 at 2021-12-21T11:52:37+01:00
Issue 4890 - Need cli to easely get simple performance statistics (#4891)
- - - - -
d02054dc by tbordaz at 2021-12-21T13:54:00+01:00
Issue 5049 - ns-slapd crash in replication/acceptance_test.py (#5063)
Bug description:
The pointer to a replica structure is stored in
object extension in the mapping tree (mtn_extension)
and in incoming replication connection (connect_ext).
If the replica structure is freed by mapping tree
the replication connection can access the freed
replica structure (at session termination)
and most probably will crash.
Fix description:
There is no easy way to update the replication
connection. The fix is just to reduce the window
of possibility of use after free.
When an adminstrative task deletes a mapping tree
(that is quite rare event), the replica_destroy
function will pause for 3 seconds.
This will likely give the time to complete
the end of the replication session.
relates: https://github.com/389ds/389-ds-base/issues/5049
Reviewed by: Pierre Rogier (thanks)
Platforms tested: f34
- - - - -
97119ebe by tbordaz at 2021-12-23T09:41:15+01:00
Issue 5037 - in OpenQA changelog trimming can crashes (#5070)
Bug description:
The changelog trimming thread is launched
upon various conditions (changelog open,
create replica, check RUVs, enable replication,
...).
The trimming thread is stopped upon
various conditions (import, changelog close,
delete replica, reload RUVs, disable replication
demote supplier,...)
There are two issues:
In case the trimming is stopped while the thread
has not yet started, the trimming thread can crash
because some required data (cldb) have been
cleared under it.
In case the trimming is restarted while the thread
has not yet started, there is a possiblity of
starting several trimming threads
Fix description:
The fix to prevent the first issue, just checks that
the required data (cldb) is set.
The second fix is to use a flag (trimmingOnGoing)
to prevent multiple trimming threads. The flag is
protected by stLock.
relates: https://github.com/389ds/389-ds-base/issues/5037
Reviewed by: Simon Pichugin (thanks !)
Platforms tested: F34
- - - - -
28cc8232 by spike77453 at 2022-01-04T11:24:35+01:00
Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail (#5003)
Description: Ensure prop dictionary only contains strings to avoid error prone bytes/string comparisons
Relates: https://github.com/389ds/389-ds-base/issues/4959
Reviewed by: @progier389 (Thanks!)
- - - - -
b28328d6 by Akshay Adhikari at 2022-01-04T13:33:48+01:00
Issue 5082 - slugify: ModuleNotFoundError when running test cases
Description: slugify: ModuleNotFoundError when running test cases
Relates: https://github.com/389ds/389-ds-base/issues/5082
Reviewed by: @mreynolds389, @tbordaz (thanks!)
- - - - -
0690246a by progier389 at 2022-01-05T12:09:27+01:00
Issue 5085 - Race condition about snmp collator at startup (#5086)
- - - - -
5b4e6101 by Firstyear at 2022-01-06T09:49:30+10:00
Issue 5079 - BUG - multiple ways to specific primary (#5087)
Bug Description: In a winsync environment, we can only sync
changes to a primary replica. There are however, multiple
ways to specify which server is a primary for a replication
agreement, and I only accounted for one of them.
Fix Description: Improve the check to account for the
other primary replica flags.
fixes: https://github.com/389ds/389-ds-base/issues/5079
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
a0c419d1 by progier389 at 2022-01-06T11:02:50+01:00
Issue 5088 - dsctl dblib broken because of a merge issue (#5089)
- - - - -
28bf2d25 by Viktor Ashirov at 2022-01-06T11:13:37+01:00
Issue 5053 - Improve GitHub Actions debugging
Description:
This commit adds `workflow_dispatch` trigger with 2 inputs.
First input specifies what test suites or test modules should be
executed. Paths should be delimited by space and be relative to
dirsrvtests/tests/suites/, i.e. input
```
basic replication/acceptance_test.py
```
will execute tests under `basic` test suite directory and
`replication/acceptance_test.py` module.
Only existing paths are accepted, everything else will be filtered out.
Second input is a boolean that enables debugging with tmate:
https://github.com/marketplace/actions/debugging-with-tmate
By default it's `false`, so set it to `true` when you need to rerun the
test with remote access.
Action is configured to use SSH key(s) registered with your GitHub
profile.
Connection string will be logged in "Setup tmate session" step in the
test logs.
Once you inside the tmate session, run `touch continue` to continue the
workflow. When ontainer with pytest is started, run
`docker exec -ti $(docker ps -q) /bin/bash` to get inside the container
to inspect it.
Fixes: https://github.com/389ds/389-ds-base/issues/5053
Reviewed by: @droideck (Thanks!)
- - - - -
76204690 by Mark Reynolds at 2022-01-07T09:53:45-05:00
Issue 2929 - Fix github warnings
Description:
Cleanup some github compiler & clang warnings
relates: https://github.com/389ds/389-ds-base/issues/2929
Reviewed by: firstyear (Thanks!)
- - - - -
fdaec7f7 by Firstyear at 2022-01-10T09:56:01+10:00
Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094)
Bug Description: In migration from openldap we were not correctly
handling how we parsed indexed attributes with multiple types of
indexes applied.
Fix Description: Fix the parsing and add tests for this scenario
fixes: https://github.com/389ds/389-ds-base/issues/5080
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389, @progier389, @droideck
- - - - -
19570bf3 by Simon Pichugin at 2022-01-10T11:45:49-08:00
Issue 5032 - Fix OpenLDAP version check (#5091)
Description: In the Upstream, libldap_r has been merged with libldap
starting from openldap-2.5.
Fix the version check in configure.ac and the comments.
Fixes: https://github.com/389ds/389-ds-base/issues/5032
Reviewed by: @Firstyear (Thanks!)
- - - - -
06dace1d by tbordaz at 2022-01-11T15:44:27+01:00
Issue 5095 - sync-repl with openldap may send truncated syncUUID (#5099)
Bug description:
When using sync_repl from openldap, syncUUID (that identify an
entry) is retrieved from targetEntryUUID rather than nsuniqueid.
syncUUID is a 16 bytes long representation of targetEntryUUID.
TargetEntryUUID can contain '00' so syncUUID can contain a
byte with 0x00.
When creating a syncInfo
(https://datatracker.ietf.org/doc/html/rfc4533#section-2.5)
syncUUIDS is ber encoded with '[v]' taking a null terminated
array of (char*). In such case the 0x00 char truncates the
syncUUID.
Fix description:
Instead of using a null terminated array of (char*), the
fix uses a null terminated array of berval.
relates: https://github.com/389ds/389-ds-base/issues/5095
Reviewed by: William Brown, Simon Pichugin (Thanks)
Platforms tested: F34
- - - - -
6f84b0b6 by Simon Pichugin at 2022-01-11T12:35:17-08:00
Issue 3584 - Add is_fips check to password tests (#5100)
Description: While in FIPS mode, it's expected that SSHA512 is used
as a storage scheme. And {PBKDF2_SHA256} is used when not run in FIPS mode.
Align tests with the logic.
Fixes: https://github.com/389ds/389-ds-base/issues/3584
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
db514a1c by James Chapman at 2022-01-13T14:40:25+00:00
Issue 5074 - retro changelog cli updates (#5075)
Bug description: The cli does not allow for the creation of multiple
exclude attributes in one call. When there are multiple exclude
attributes defined, the cli doesn't allow removal of an individual
exclude attribute. Using the set command deletes all excluded
attributes.
Fix description: Modify parser to take multiple arguments in a single
call. Add atribute del method to lib389 cli_conf.
Fixes: https://github.com/389ds/389-ds-base/issues/5074
Reviewed by: Firstyear, droideck, mreynolds389 (Thank you)
- - - - -
05961eb9 by tbordaz at 2022-01-14T14:46:34+01:00
Issue 5105 - During a bind, if the target entry is not reachable the operation may complete without sending result (#5107)
Bug description:
A bind operation can skip sending back operation result.
This can happen in rare condition like backend is not available
or in referral mode or did not define a bind callback.
Fix description:
Catch those errors condition and send an operation result.
relates: https://github.com/389ds/389-ds-base/issues/5105
Reviewed by: Pierre Rogier (thanks !)
Platforms tested: F34
- - - - -
9a6a0c3f by progier389 at 2022-01-14T17:24:10+01:00
ipa-replica-install with 389ds copr repo (#5106)
- - - - -
9a9c5a5d by James Chapman at 2022-01-17T18:08:04+00:00
Issue 5077 - UI - Add retrocl exclude attribute functionality (#5078)
Description: UI needs to be updated to support the exclusion of
attributes from the retro changelog.
Relates: https://github.com/389ds/389-ds-base/issues/5077
Reviewed by: droideck (Thank you)
- - - - -
3ac16c11 by Firstyear at 2022-01-18T10:11:29+10:00
Issue 5102 - BUG - container may fail with bare uid/gid (#5110)
Bug Description: Containers may fail to start with bare
uid/gid. This also impacted setup of the instance due
to attempting to chown the volume root.
Fix Description: This is resolved in the dockerfile through
the addition of nss_synth. For resolving the volume
issue we skip chown of the db_dir parent during setup
fixes: https://github.com/389ds/389-ds-base/issues/5102
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
91cdf030 by James Chapman at 2022-01-18T13:23:07+00:00
Issue 5117 - Revert skipif line from CI test (#5118)
Description: The CI test, basic_test.py::test_basic_ldapagent used a
skipif decorator to check if 389-ds-base-snmp was installed before
proceeding. This skipif was removed in error and needs to be reverted.
Fixes: https://github.com/389ds/389-ds-base/issues/5117
Reviewed by: @bsimonova (Thank you)
- - - - -
7cee0c31 by Viktor Ashirov at 2022-01-18T18:55:15+01:00
Issue 5115 - AttributeError: type object 'build_manpages' has no attribute 'build_manpages'
Bug Description:
Starting from v2.1, argparse-manpage provides methods build_manpages,
get_build_py_cmd and get_install_cmd in the top-level module.
This breaks installation of lib389 on systems with the newer version
of argparse-manpage.
Fix Description:
Update setup.py to be aware of the module version and import methods
based on it.
Fixes: https://github.com/389ds/389-ds-base/issues/5115
Reviewed by: @tbordaz, @mreynolds389 (Thanks!)
- - - - -
def84df1 by Viktor Ashirov at 2022-01-19T08:21:13+01:00
Issue #5113 - Increase timestamp precision for development builds
Bug Description:
We use %Y%m%d timestamp format for development and copr builds.
Copr builds are done on each commit. If multiple commits were done during
the same day, packages would have the same version.
Additionally, git is missing in the buildroot, this makes prerel version
to be empty and copr builds do not contain commit hash information in their
verison.
Fix Description:
* Change timestamp format to %Y%m%d%H%M.
* Modify rpm.mk to evaluate version information only once, instead of
calling shell script every time and get different results.
* Update copr Makefile to install git as a dependency.
Fixes: https://github.com/389ds/389-ds-base/issues/5113
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
e0db9ec1 by progier389 at 2022-01-19T16:10:19+01:00
Issue 4939 - Redesign LMDB import (#5071)
* Issue 4939 - Redesign LMDB import
* Issue 4939 - Redesign LMDB import - fix code review isssues
- - - - -
5129c27a by progier389 at 2022-01-20T12:22:28+01:00
Issue 5098 - Multiple issues around replication and CI test test_online_reinit_may_hang (#5109)
- - - - -
1f9000f7 by Viktor Ashirov at 2022-01-20T17:20:07+01:00
Issue 5124 - dscontainer fails to create an instance
Bug Description:
After 5f05bc7af82edf4690c0dce0ceaab8ac328b70a6 dscontainer fails to
create an intance, because it tries to write PID file to /run instead
of /run/dirsrv as was previously.
Fix Description:
Change pid_file in defaults.inf back to /run/dirsrv/slapd-{instance_name}.pid
Fixes: https://github.com/389ds/389-ds-base/issues/5124
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
50e03ee7 by Mark Reynolds at 2022-01-24T11:49:11-05:00
Issue 5127 - run restorecon on /dev/shm at server startup
Description:
Update the systemd service file to execute a script that runs
restorecon on the DB home directory. This addresses issues with
backup/restore, reboot, and FS restore issues that can happen when
/dev/shm is missing or created outside of dscreate.
relates: https://github.com/389ds/389-ds-base/issues/5127
Reviewed by: progier & viktor (Thanks!!)
- - - - -
dd3c71e3 by Mark Reynolds at 2022-01-24T11:56:13-05:00
Issue 4299 - UI - Add ACI editing features
Description: Add ACI management features to UI
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
74c13c88 by Mark Reynolds at 2022-01-24T12:17:57-05:00
Issue 3555 - UI - fix audit issue with npm nanoid
Description:
Ran npm audit fix to address vulnerability in nanoid
relates: https://github.com/389ds/389-ds-base/issues/3555
Reviewed by: mreynolds
- - - - -
ed615152 by Mark Reynolds at 2022-01-24T13:07:00-05:00
Issue 5132 - Update Rust crate lru to fix CVE
Description:
A CVE was discovered in the Rust create lru that
389-ds-base was using. CVE-2021-45720 bundled
lru: Use after free in lru crate
https://bugzilla.redhat.com/show_bug.cgi?id=2044430
relates: https://github.com/389ds/389-ds-base/issues/5132
Reviewed by: ?
- - - - -
dccd5435 by Firstyear at 2022-01-25T09:44:33+10:00
Issue 5129 - BUG - Incorrect fn signature in add_index (#5130)
Bug Description: Due to an incorrect function signature,
it was possible to cause add index to fail by trying to
add an empty mr set.
Fix Description: Fix the function signature and make
the function more robust.
fixes: https://github.com/389ds/389-ds-base/issues/5129
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (thanks!)
- - - - -
f837841c by Mark Reynolds at 2022-01-25T13:37:23-05:00
Issue 5135 - UI - Disk monitoring threshold does update properly
Description:
If you try entering a value manually and start with an empty field
it overwrites the value with 4096 as it's trying to incorrectly
enforce a minimum value.
relates: https://github.com/389ds/389-ds-base/issues/5135
Reviewed by: spichugi(Thanks!)
- - - - -
af20dce9 by Adam Williamson at 2022-01-27T15:09:21-05:00
Issue 5127 - ds_selinux_restorecon.sh: always exit 0
Description:
We don't want to error out and give up on starting the service
if the restorecon fails - it might just be that the directory
doesn't exist and doesn't need restoring. Issue identified and
fix suggested by Simon Farnsworth
relates: https://github.com/389ds/389-ds-base/issues/5127
Reviewed by: adamw & mreynolds
- - - - -
9d9a597f by Barbora Simonova at 2022-01-31T17:55:51+01:00
Issue 2790 - RFE - set db home directory to /dev/shm by default
Description:
Added set of test cases to check if db_home_dir is set
to /dev/shm/slapd-instance/ by default and the contents
of the directory.
Relates: https://github.com/389ds/389-ds-base/issues/2790
Reviewed by: @vashirov, @tbordaz, @mreynolds389, @progier389 (Thanks!)
- - - - -
e32ee468 by James Chapman at 2022-01-31T19:57:22+00:00
Issue 5103 - UI - Add support for TPR to web console (#5111)
Description: A user can modify Temporary Password Rules password policy
via the CLI. Add similar functionality to the web console.
Fixes: https://github.com/389ds/389-ds-base/issues/5103
Reviewed by: @mreynolds389 (Thank you)
- - - - -
2c648ba4 by Mark Reynolds at 2022-02-01T08:29:59-05:00
Issue 4299 - UI - fix minor issues with ldap editor
Description: Improved how treeview handles loading subtrees with large
number of entries. Previously, the parent entry would not be
displayed while loading its child entries, and if a timeout occurred
then the paretn entry would not be loading in the UI, and you could not
do or see anything with it.
Also added a pop modal when an error occurs when searching the database,
or the size limit is exceeded.
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi(Thanks!)
- - - - -
c8bbf929 by Mark Reynolds at 2022-02-01T17:34:20-05:00
Issue 4299 - UI - fix minor issues with ldap editor (table view)
Description:
Imrpove the react handling of the table view while searching is going
on. Also adjusted the default size limit to 2000. The search was also
not doing any notifications if an error happened.
relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: spichugi(Thanks!)
- - - - -
b4d22b67 by Mark Reynolds at 2022-02-02T13:50:59-05:00
Bump version to 2.1.0
- - - - -
0af9c715 by Akshay Adhikari at 2022-02-03T10:55:22+01:00
Issue 4678 - Added test cases
Bug Description: Added test cases to check nsslapd-ignore-virtual-attrs
is set back to ON when cos/roles are deleted. Added test cases to check if
it works in replication setup.
Relates: https://github.com/389ds/389-ds-base/issues/4678
Reviewed by: @droideck, @sgouvern
- - - - -
b45cd082 by Mark Reynolds at 2022-02-03T16:31:18-05:00
Issue 5142 - CLI - dsctl dbgen is broken
Description:
Changes to dsctl broke dbgen which requires instance.userid to
set the permissions of the ldif file. It occurred when we added:
local_simple_allocate(). The fix is add userid in this allocate
function.
relates: https://github.com/389ds/389-ds-base/issues/5142
Reviewed by: progier(Thanks!)
- - - - -
d5ca7bf5 by Viktor Ashirov at 2022-02-04T11:36:26+01:00
Issue 5149 - Build failure on EL8 - undefined reference to `twalk_r'
Description:
back-ldbm uses `twalk_r` which is only available in glibc-2.30 or
higher. This results in a compilation warning and a linking error on
systems where this symbol is not available, for example EL8.
Fix Description:
* Add an autoconf check for the required symbol
* Add an explicit requirement for glibc => 2.30 in the spec file.
Fixes: https://github.com/389ds/389-ds-base/issues/5149
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
db699306 by progier389 at 2022-02-04T14:00:40+01:00
Issue 5050 - bdb bulk op fails if fs page size > 8K (#5150)
- - - - -
fb3e9516 by Simon Pichugin at 2022-02-15T10:40:56-08:00
Issue 4299 - UI - Add Role funtionality (#5163)
Description: Add Role management features to UI.
Improve CLI role functionality.
Relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
a10c8607 by Mark Reynolds at 2022-02-16T16:26:33-05:00
Issue 5155 - RFE - Provide an option to abort an Auto Member rebuild task
Description: Add an abort task for the automember rebuild task. There
are cases where IPA can start spinning up schema compat search during
the rebuild which can bog down an entire system. If this happens the
task can be aborted to prevent an outage.
The transaction for the entire task was also removed since it isn't
really needed for a fixup task.
Also found that in cleanAllRUV we wre trying to write to the task entry
in the task add callback function (which is too early to start updating
the task and triggers error 32 messages in the errors log). So that
was fixed as well.
relates: https://github.com/389ds/389-ds-base/issues/5155
Reviewed by: progier, tbordaz, spichugi (Thanks!!!)
- - - - -
65a33c97 by Mark Reynolds at 2022-02-16T17:45:06-05:00
Issue 4721 - UI - attribute uniqueness crashes UI when there are no configs
Description:
The UI crashes if there are no attribute uniqueness configurations. So
improved the robustness for plugins that only exist as separate config
entries (currently just attribute uniqueness). Did some other plugin
cleanup with action menus and spacing.
relates: https://github.com/389ds/389-ds-base/issues/4721
Reviewed by: spichugi(Thanks!)
- - - - -
812c148c by Mark Reynolds at 2022-02-17T09:10:01-05:00
Issue 5145 - Fix covscan errors
Decription: Fix latest covscan errors on lastest 389-ds-base-2.0
Resource leaks:
csngen_multi_suppliers_test() -> csn & last_csn are not proeprly handled
ids_sasl_listmech() -> leaks config_ret
Copy & Paste:
referentialIntegrity.jsx -> copy & paste error with componetn name (harmless)
Null Dereference:
acl_ext.c -> aclpb is dereferenced on allocation error
Use After Free
pam_ptimpl.c -> do_one_pam_auth() happens on pam_end() error
relates: https://github.com/389ds/389-ds-base/issues/5145
Reviewed by: firstyear(Thanks!)
- - - - -
7373d341 by Firstyear at 2022-02-22T10:06:42+10:00
Issue 5102 - BUG - container may fail with bare uid/gid (#5140)
Bug Description: Containers may fail to start with bare
uid/gid. This also impacted setup of the instance due
to attempting to chown the volume root. They may also fail
to start if systemd-detect-virt is present but you are
NOT using systemd in the container as well.
Fix Description: This is resolved in the dockerfile through
the addition of nss_synth. For resolving the volume
issue we skip chown of the db_dir parent during setup. If we
know we are in a container, we skip the detect virt check.
fixes: https://github.com/389ds/389-ds-base/issues/5102
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
ba7512c5 by Firstyear at 2022-02-22T10:06:54+10:00
Issue 5137 - RFE - improve sssd conf output (#5138)
Bug Description: In the case the dsrc contained an ldapi
uri, this could cause sssd.conf if redirected to not
start as the "WARNING" was not commented
Fix Description: Move the warning into the sssd.conf as
generated, and comment it.
fixes: https://github.com/389ds/389-ds-base/issues/5137
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
7c94275b by Firstyear at 2022-02-23T10:22:33+10:00
Issue 5160 - BUG - x- prefix in descr-oid can confuse oid parser (#5161)
Bug Description: Attributes and objectclasses with an x- prefix to their
name such as x-attribute or x-object can confuse the schema parser as it
is ambiguous if the term is a descr-oid or an x- field.
Fix Description: Improve our oid schema parse check to specifically warn
about this case, and improve the migration tool to pre-alert the user
that the schema value they want to migrate is not valid for 389.
fixes: https://github.com/389ds/389-ds-base/issues/5160
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz @droideck
- - - - -
f2ada948 by tbordaz at 2022-02-24T18:13:42+01:00
Issue 5176 - CI rewriter fails when libslapd.so.0 does not exist (#5177)
Bug description:
rewriter test assumes that the library libslapd.so.0
exists (/usr/lib64/dirsrv/libslapd.so.0).
On 389-ds-base-2.0, only libslapd.so exists.
Fix description:
The test case should test if libslapd.so exists
If not then fall back to libslapd.so.0
relates: https://github.com/389ds/389-ds-base/issues/5176
Reviewed by: Mark Reynolds
Platforms tested: F35
- - - - -
37995ff4 by Simon Pichugin at 2022-02-24T12:58:19-08:00
Issue 5032 - Fix configure option in specfile (#5174)
Description: Lildap_r is no longer used since Fedora 34 and
is completely removed from Fedora 36 and older.
Hence, adjust the specfile accordingly.
Relates: https://github.com/389ds/389-ds-base/issues/5032
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
b527b345 by progier389 at 2022-02-25T16:16:16+01:00
Issue 5122 - dsconf instance backend suffix set doesn't accept backend name (#5178)
- - - - -
55bce3fc by MIZUTA Takeshi at 2022-03-02T13:16:21+10:00
Issue 5048 - Support for nsslapd-tcp-fin-timeout and nsslapd-tcp-keepalive-time (#5179)
Description:
Installing 389-ds modifies system parameters by 70-dirsrv.conf.
"net.ipv4.tcp_fin_timeout" and "net.ipv4.tcp_keepalive_time" can be set for
389-ds sockets using setsockopt(). System parameters should not be changed
as much as possible and should only be applied to 389-ds sockets.
Fix Description:
To set parameters for 389-ds sockets, following two attributes have been added.
- nsslapd-tcp-fin-timeout
- nsslapd-tcp-keepalive-time
"net.ipv4.tcp_fin_timeout" and "net.ipv4.tcp_keepalive_time" of 70-dirsrv.conf
are no longer needed.
Relates: https://github.com/389ds/389-ds-base/issues/5048
Reviewed by: Firstyear, mreynolds389 (Thanks!)
- - - - -
17bf69e6 by Mark Reynolds at 2022-03-02T20:56:58-05:00
Issue 5186 - UI - Fix SASL Mapping regex validation and other minor
improvements
Description:
- replaced deprecated "isHoverable" with "isSelectable" for Cards.
- Revised logging save btn enablement
- Fixed entry dropdown toggling
- ACI editor improved Bind Rule modal(searching and form layout)
- Improve SASL mapping modal validation
- Improved LDAP editor result alerts to include spinner and more
friendly result messages
relates: https://github.com/389ds/389-ds-base/issues/5186
Reviewed by: spichugi(Thanks!)
- - - - -
8c0be341 by Firstyear at 2022-03-04T09:43:35+10:00
Issue 5162 - BUG - error on importing chain files (#5164)
Bug Description: Nss can't import pem chain files which can
confuse users why they have missing certificates when they try
to import a chain.
Fix Description: Error out on chain files in any of the import
paths since they are ambiguous.
fixes: https://github.com/389ds/389-ds-base/issues/5162
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
17d1006d by Mark Reynolds at 2022-03-04T09:39:40-05:00
Issue 5184 - memberOf does not work correctly with multiple include scopes
Bug Description:
MemberOf Plugin only looks at the first include scope, and the rest are
ignored. So if multiple "memberOfEntryScope" attributes are set then the
plugin will not work as expected.
Fix Description:
The fix is to read all the memberOfEntryScope attributes and update the
group cache.
relates: https://github.com/389ds/389-ds-base/issues/5184
Reviewed by: tbordaz(Thanks!)
- - - - -
8100f00e by Mark Reynolds at 2022-03-07T18:08:32-05:00
Issue 5188 - UI - LDAP editor - add entry and group types
Bug Description:
Previously the UI would create entries that had very few
objectclasses, and they did not match the entries created by dsidm.
This causes issues with the defualt aci's we add to a suffix.
Fix Description:
Added "types" of entries/accounts: Basic, Posix, and
Service. Each one using its own set of objectclasses. For groups I
added: Basic and Posix
relates: https://github.com/389ds/389-ds-base/issues/5188
Reviewed by: jchapman, spichugi, tmihinto (Thanks!!!)
- - - - -
3329b180 by Firstyear at 2022-03-08T15:52:59+10:00
Issue 5051 - RFE - ADSync flatten tree (#5192)
Issue 5051 - RFE - ADSync flatten tree
Bug Description: ADSync would try to preserve the tree
structure within AD when replicated to 389. This often
led to sync failing unless the administrator manually
recreated the OU structure since we DID NOT create
those OU's automatically
Fix Description: Allow flattening the content of the AD
tree into the ds-subtree. Since AD guarantees that ALL
RDN's are unique across the directory, this is safe
because there can never be a conflict. Additionally
due to how this is implemented, it means that when an
AD entry is relocated in the AD tree, it does not move
in 389, but continues to receive updates and changes
fixes: https://github.com/389ds/389-ds-base/issues/5051
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 (thanks!)
- - - - -
f4f49fb6 by Mark Reynolds at 2022-03-10T13:34:45-05:00
Issue 5189 - memberOf plugin exclude subtree not cleaning up groups on modrdn
Bug Description:
If MO plugin is configured to exclude membership to certain subtrees
then when a member is moved (moddn) to the "excluded" subtree the group
still maintains the member/uniquemember attribute.
Fix Description:
AFter modrdn if the user is out of scope then all the groups that it
belonged to will have the membrship attribute also removed from them.
This allows an admin to move entries to "special" locations, like a
"disabled ou" container, and all its memberships are properly updated
automatically.
relates: https://github.com/389ds/389-ds-base/issues/5189
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
ab82377a by Viktor Ashirov at 2022-03-15T11:48:50+01:00
Issue 5200 - dscontainer should use environment variables with DS_ prefix
Description:
dscontainer accepts several environment variables, but some of them
don't have DS_ prefix, such as ERRORLOG_LEVEL and SUFFIX_NAME.
It would be good to use a uniform namespaced notation to avoid
generic names that can possibly conflict with other environment
variables (for example, when DS runs in a pod with other containers,
that can also use these generic variable names).
Additionally, DS_MEMORY_PERCENTAGE is no longer applicable when server
uses MDB. We should log a warning message to notify the user.
Fixes: https://github.com/389ds/389-ds-base/issues/5200
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
d2cc9401 by progier389 at 2022-03-15T14:28:37+01:00
Issue 5197 - Build break in lib389 with INSTALL_PREFIX (#5198)
- - - - -
55cbd275 by tbordaz at 2022-03-17T18:38:51+01:00
Issue 5214 - CI Test tests/suites/replication/virtual_attribute_replication_test.py (#5215)
Bug description:
The test test_vattr_on_cos_definition_with_replication creates
a COS in a supplier/consumer topology.
With that virtual attribute, nsslapd-ignore-virtual-attrs gets
the value OFF.
Then it deletes the COS on the supplier but does not wait
that the DEL is propagated to the consumer before restarting
the consumer.
The consequence is that at startup, consumer may keep
nsslapd-ignore-virtual-attrs=OFF
Fix description:
Wait that replication is in sync before restarting the consumer
relates: #5214
Reviewed by: Mark Reynolds
Platforms tested: F34
- - - - -
a3c298f8 by tbordaz at 2022-03-21T14:24:12+01:00
Issue 5218 - double-free of the virtual attribute context in persistent search (#5219)
description:
A search is processed by a worker using a private pblock.
If the search is persistent, the worker spawn a thread
and kind of duplicate its private pblock so that the spawn
thread continue to process the persistent search.
Then worker ends the initial search, reinit (free) its private pblock,
and returns monitoring the wait_queue.
When the persistent search completes, it frees the duplicated
pblock.
The problem is that private pblock and duplicated pblock
are referring to a same structure (pb_vattr_context).
That can lead to a double free
Fix:
When cloning the pblock (slapi_pblock_clone) make sure
to transfert the references inside the original (private)
pblock to the target (cloned) one
That includes pb_vattr_context pointer.
Reviewed by: Mark Reynolds, James Chapman, Pierre Rogier (Thanks !)
Co-authored-by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
8b2c5612 by Mark Reynolds at 2022-03-21T18:22:09-04:00
Issue 5221 - User with expired password can still login with full privledges
Bug Description:
A user with an expired password can still login and perform operations
with its typical access perimssions. But an expired password means the
account should be considered anonymous.
Fix Description:
Clear the bind credentials if the password is expired
relates: https://github.com/389ds/389-ds-base/issues/5221
Reviewed by: progier(Thanks!)
- - - - -
bb907e98 by Mark Reynolds at 2022-03-22T11:06:33-04:00
Issue 5186 - UI - Fix SASL Mapping regex test feature
Description:
If the regex is invalid you are still able to click on the "Test"
button which then crashes the UI. THe Test button needs to be disabled
if the regex is invalid
relates: https://github.com/389ds/389-ds-base/issues/5186
Reviewed by: jchapman & spichugi(Thanks!!)
- - - - -
810fa917 by Mark Reynolds at 2022-03-22T11:26:55-04:00
Issue 5225 - UI - impossible to manually set entry cache
Bug description: The UI thinks cache auto-tuning is always set which
prevents the user from manaully setting the entry cache.
Fix Description: The UI was comparing a value to an array, which always
returned false and kept the UI thinking autotunning was set.
relates: https://github.com/389ds/389-ds-base/issues/5225
Reviewed by: spichugi(Thanks!)
- - - - -
08ac5406 by Simon Pichugin at 2022-03-22T12:47:06-07:00
Issue 4299 - UI - Add CoS funtionality (#5196)
Description: Add CoS management features to UI.
Fix logic in Custom Entry Wizard.
Relates: https://github.com/389ds/389-ds-base/issues/4299
Reviewed by: @mreynolds389 (Thanks!!)
- - - - -
9b6cd3ea by Anton Bobrov at 2022-03-22T16:16:48-04:00
Issue 4970 - Add support for recursively deleting subentries
Bug Description:
Currently LDAP Subentries Control [1.3.6.1.4.1.4203.1.10.1] (used by OpenLDAP's ldapdelete among others)
is not implemented so any LDAP client attempting to use it would fail.
Fix Description:
This patch implements LDAP Subentries Control support in accordance with RFC 3672 on the server side.
On the client side OpenLDAP client tools already support this control.
relates: https://github.com/389ds/389-ds-base/issues/4970
Author: antbob
Reviewed by: vashirov, mreynolds389
- - - - -
1a05f916 by James Chapman at 2022-03-23T09:11:17-04:00
Issue 5193 - Incomplete ruv occasionally returned from ruv search (#5194)
Bug Description:
An intermittent condition occurs during cleanallruv (force) CI tests
which results in an incomplete ruv being returned to the client.This
generates an "IndexError" in lib389 because of the ruv->replica_purl
being NULL.
Fix Description:
During an ruv search we iterate over the in memory ruv list. Skip over
an ruv if we detect ruv->replica_purl == NULL.
Fixes: https://github.com/389ds/389-ds-base/issues/5193
Reviewed by: @progier389 @mreynolds389 (Thanks)
- - - - -
093befc5 by Thierry Bordaz at 2022-03-23T09:38:45-04:00
Issue 5230 - Race condition in RHDS disk monitoring functions
Bug description:
Disk monitoring fetch file system info using
getmntent system call.
It should rather use MT safe getmnent_r
Fix description:
use getmntent_r
relates: #5230
Reviewed by: Mark Reynolds
Platforms tested: F35
- - - - -
503ff986 by Mark Reynolds at 2022-03-23T09:53:54-04:00
Bump version to 2.2.0
- - - - -
5a3bdc33 by progier389 at 2022-03-24T15:59:54+01:00
Issue 5217 - Simplify instance creation and administration by non root user (#5224)
- - - - -
c2218fa4 by Simon Pichugin at 2022-03-24T10:29:26-07:00
Issue 5227 - UI - No way to move back to Get Started step (#5233)
Bug Description: There is no way to move back to the main New Entry
landing page. You can when entering A New User, but not when
entering Group, Organisational Unit, Role or a new custom entry.
Fix Desciption: Add an initial step to Group, Organisational Unit,
Role or a new custom entry creation.
Make sure that stepIdReached initialized with '1' value.
Fixes: https://github.com/389ds/389-ds-base/issues/5227
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
52f85cb8 by Mark Reynolds at 2022-03-24T17:50:26-04:00
Issue 5234 - UI - rename Users and Groups tab
Description:
Changing the legcay "Users & Groups" label to "LDAP Browser"
And a few other minor bug fixes
relates: https://github.com/389ds/389-ds-base/issues/5234
Reviewed by: spichugi (Thanks!)
- - - - -
9061b420 by Viktor Ashirov at 2022-03-25T16:33:02+01:00
Issue 5237 - audit-ci: Cannot convert undefined or null to object
Description:
Update audit-ci to the latest version that works with NPM >=7.
Fixes: https://github.com/389ds/389-ds-base/issues/5237
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
e09d984a by Viktor Ashirov at 2022-03-28T14:25:00+02:00
Issue 5239 - Nightly copr builds are broken
Bug Description:
Nightly builds started to fail during srpm generation step
`copr-rpmbuild` executes mock with `mock-source-build.cfg`
config that drops a lot of capabilities, including CAP_SETUID and
CAP_SETGID, used by npm.
From
https://github.com/npm/cli/blob/latest/changelogs/CHANGELOG-7.md#all-lifecycle-scripts
> The user, group, uid, gid, and unsafe-perms configurations are
> no longer relevant. When npm is run as root, scripts are always
> run with the effective uid and gid of the working directory owner.
Files had `root:mockbuild` ownership, and `npm` was running under
root, so `npm` tried to set gid to `mockbuild` user and was denied.
Fix Description:
We should always chown files in $CWD to `root:root` since
the `make srpm` step is executed under root user.
Fixes: https://github.com/389ds/389-ds-base/issues/5239
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
9b6882ee by Gilbert Kimetto at 2022-03-29T20:46:43-04:00
Issue 4775 -plugin entryuuid failing (#5229)
Check CLI dsconf entryuuid fixup
- - - - -
caad47ab by tbordaz at 2022-03-30T18:07:23+02:00
Issue 5242- Craft message may crash the server (#5243)
Bug description:
A craft request can result in DoS
Fix description:
If the server fails to decode the ber value
then return an Error
relates: 5242
Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)
Platforms tested: F34
- - - - -
06c14502 by Firstyear at 2022-04-07T12:51:16+10:00
Issue 5247 - BUG - Missing attributes in samba schema (#5248)
Bug Description: When using 389ds as an authentication backend for samba, a specific set of
attributes and objectclasses is required. Some of these were missing which currently prevents
correct operation of the backend.
Fix Description: Update to the latest sambav3 schema.
fixes: https://github.com/389ds/389-ds-base/issues/5247
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
2044bd35 by progier389 at 2022-04-07T16:44:22+02:00
Issue 5065 - Crash in suite plugins - test_dna_max_value (#5108)
dna pre operation plugin modify the modifiers list but does not update the block in case of error. This leads to have freed data linked in pblock and SIGSEGV when trying to use them to generate the audit log records.
Solution is to systematically update the pblock modifiers list in case of modify operation.
Also modified to test case to insure that server is still up at the end.
Fix issue: 5065 https://github.com/389ds/389-ds-base/issues/5065
- - - - -
42fa04d6 by Stanislav Levin at 2022-04-08T08:45:25-04:00
Issue 5210 - Python undefined names in lib389
Bug Description:
There are several Python undefined names in lib389. Usually they are
plain errors caused by refactorings, typos, etc.
Fix Description:
- added missing imports
- fixed typos
Note: `lib389.tests.cli.conf_plugin_test` was not fixed yet. I'm not sure
whether it should be removed completely or only
plugin_{enable,disable,get_dn} parts.
Fixes: https://github.com/389ds/389-ds-base/issues/5210
Reviewed by: Mark Reynolds (thanks!)
Signed-off-by: Stanislav Levin <slev at altlinux.org>
- - - - -
45af3401 by progier389 at 2022-04-11T16:15:07+02:00
Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255)
dscreate create-template regression due to 829ea4113..5a3bdc336
(default value for template_file parameter was unwillingly changed to 'None' (instead of None))
Issue: 5254 https://github.com/389ds/389-ds-base/issues/5254
Reviewed by:
- - - - -
4a56dd12 by tbordaz at 2022-04-11T16:25:39+02:00
Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256)
Bug description:
vlv_build_idl builds a candidate list from a starting to ending
points. By the time the ending point is computed (like in
vlvIndex_get_indexlength) and is finally used, the actual
number of record may reduced. In such case the ending point
does no longer exist, and cursor(NEXT) hits the end
of the index (DBI_RC_NOTFOUND).
The if that occurs, the current candidate list is valid
and should be returned.
Fix description:
On DBI_RC_NOTFOUND, exit from the start to end loop
without error.
relates: https://github.com/389ds/389-ds-base/issues/5252
Reviewed by: Pierre Rogier
- - - - -
04db8690 by Firstyear at 2022-04-13T11:57:39+10:00
Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261)
Bug Description: Openldap allowed multiple names of the memberof overlay
which mean that in some cases we wouldn't migrate the plugin.
Fix Description: Accept both objectclass names.
fixes: https://github.com/389ds/389-ds-base/issues/5260
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
08cb6292 by progier389 at 2022-04-13T15:57:59+02:00
lib389 prerequisite for ansible-ds (#5253)
- - - - -
6adb3123 by Mark Reynolds at 2022-04-13T10:57:48-04:00
Issue 4904 - Fix various small issues
- Issue 4904 - Set the plugin identity before calling internal op.
- Issue 5232 - Remove --durable-txn from dsconf
- Issue 5195 - Improve error messages to state with settings are missing
- Issue 5169 - During LDIF import we log a debug message by default when we should
not
- Issue 5259 - dsctl --remove-all can be triggered with abbreviated arg
name
relates: https://github.com/389ds/389-ds-base/issues/4904
relates: https://github.com/389ds/389-ds-base/issues/5232
relates: https://github.com/389ds/389-ds-base/issues/5195
relates: https://github.com/389ds/389-ds-base/issues/5169
relates: https://github.com/389ds/389-ds-base/issues/5259
Reviewed by: tbordaz, progier, firstyear, and spichugi (Thanks!!!!)
- - - - -
4a5e72af by James Chapman at 2022-04-14T15:55:56+01:00
Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266)
Bug description: A slapi_unlock_mutex is attempted on a NULL mutex.
Fix description: SNMP collator is started if counters are enabled,
but is stopped without checking if counters are enabled. A check is
added before snmp_collator_stop() is called.
Fixes: https://github.com/389ds/389-ds-base/issues/5180
Reviewed by: @mreynolds389 (Thank you)
- - - - -
5565862a by Simon Pichugin at 2022-04-15T10:45:44-07:00
Issue 5241 - UI - Add account locking missing functionality (#5251)
Description: Add a missing ability to lock and unlock Roles/Accounts to LDAP Editor.
Add Lock/Unlock button to Dropdown when choose entry in Tree and Table Views tab;
Add 'Locked' indicator with 'lock' icon beside entry DN;
Add the same functionality to Search tab. But also add Show Locking button
which enables this functionality (disabled by default). We need it because
it vastly impacts performance.
Fixes: https://github.com/389ds/389-ds-base/issues/5241
Reviewed by: @mreynolds389 (Thanks!!)
- - - - -
fbcaf84d by Mark Reynolds at 2022-04-18T14:40:30-04:00
Issue 4866 - CLI - when enabling replication set changelog trimming by
default
Description: Enable changelog trimming by default when enabling
replication.
relates: https://github.com/389ds/389-ds-base/issues/4866
Reviewed by: spichugi(Thanks!)
- - - - -
718dcd94 by Mark Reynolds at 2022-04-20T19:03:22-04:00
Issue 2893 - CLI - dscreate - add options for setting up replication
Description:
Add options for setting up replication to dscreate
relates: https://github.com/389ds/389-ds-base/issues/2893
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
2abf85ab by Mark Reynolds at 2022-04-22T15:22:30-04:00
Issue 5273 - CLI - add arg completer for instance name
Description:
For convenience it would be nice to have auto compeletion for the instance
name when using the CLI tools.
relates: https://github.com/389ds/389-ds-base/issues/5273
Reviewed by: spichugi(Thanks!)
- - - - -
fef7f178 by Simon Pichugin at 2022-04-26T08:05:51-07:00
Issue 3 - ansible-ds - Prefix handling fix (#5275)
Description: When we run 389-ds in Ansible, its processing sets
PREFIX to "", so we should check for both - None and "".
Related: https://github.com/389ds/ansible-ds/issues/3
Reviewed by: @progier389 (Thanks!)
- - - - -
4d89e114 by progier389 at 2022-05-02T18:43:25+02:00
Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153)
* Issue 5126 - Memory leak in slapi_ldap_get_lderrno
The problem is that some time ago libldap API replaced LDAP_OPT_ERROR_STRING whose data should not be freed by
LDAP_OPT_DIAGNOSTIC_MESSAGE whose data must be freed.
slapi_ldap_get_lderrno was adapted to use the new option but the callers were not modified to free the value.
The Solution:
Insure that we also need to free slapi_ldap_get_lderrno value if legacy LDAP_OPT_ERROR_STRING is used (by duping the value)
Insure that the callers free the value.
Added test case about replication using SASL/Digest-md5 authentication
Added test case to check this leak
Also updated test case about SASL/GSSAPI to be comapatible with current lib389 framework but marked as skipped because it requires a specific configuration (This path should be tested by IPA tests)
Fixed valgrind lib389 function to run on prefixed installation without needing to be root.
At last I also improved lib389 mapped object to have a better diagnostic when LDAP operation fails (by adding the request within the exception)
issue: 5126 https://github.com/389ds/389-ds-base/issues/5126
Reviewd by: @droideck
- - - - -
0ca6689f by Mark Reynolds at 2022-05-03T09:55:49-04:00
Issue 5276 - CLI - improve task handling
Description: We have several fixup tasks that the cli tools can
perform. Most them wait for the task to finish but some tasks run for
a long time and the CLI tools actually timeout while waiting. When this
happens nothing is logged that the CLI timed out waiting for the task.
Instead we should add a "--wait" option if you actually want to wait for
the task, and added a new "fixup-status" argument to display the status
for existing tasks.
relates: https://github.com/389ds/389-ds-base/issues/5276
Reviewed by: progier, spichugi, and firstyear(Thanks!!!)
- - - - -
90d84742 by Firstyear at 2022-05-05T11:40:26+10:00
Issue 5170 - RFE - Filter optimiser (#5171)
Bug Description: This introduces a query optimiser to 389-ds.
A query optimiser helps our backend process queries in a manner
that is more efficient by reducing IO events, and returning
the correct results quicker. This is needed as most applications
are not aware of the internals of how we execute a query internally
- nor should they need to know. As an example, queries commonly
produced by SSSD are suboptimial and cause high latency and IO, but
this optimiser can resolve the majority of these issues which
generally improves all server throughput.
Fix Description: The optimiser works by attempting to produce
"the smallest candidate set" first. Having a smaller candidate
set earlier means that we can be below the filter test threshold
which shortcuts and can evaluate the remaining filter assertions
on the partial candidate set, rather than loading more expensive
and larger indexes. This also allows us to "fail fast" by
promoting "unlikely" candidates earlier which may end up
having a zero-length so that again, we don't load larger indexes.
A number of other changes were made and resolved in this change:
* Issue: The onelevel filter (not related to the
optimiser ...) works be injecting a parentid field check
to the filter that is used in the search. If the user
does not have access to read this field, then one level
searches fail
* Fix: Split the filter by "intent" and "as
executed". We can filter test on as executed without check
of the ACI, but we also check the filter as executed to
ensure that only valid entries matching the proper semantics
are returned
* Fix: Duplicate the filter for optimisation instead
and free it in the search path, leaving the pblock filter as
the "query as intended".
* Issue: In some cases, the filter test shortcut was
applied, but with a specially crafted query, this could trigger
the return prematurely giving incorrect results as the filter
test was NOT bubbled up correctly.
* Fix: Flag in the sr that the filter test MUST be
applied in certain shortcut cases.
fixes: https://github.com/389ds/389-ds-base/issues/5170
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz, @mreynolds389
- - - - -
4cfefd79 by Viktor Ashirov at 2022-05-05T09:28:26+02:00
Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
Bug Description:
When DS_STARTUP_TIMEOUT is specified, dscontainer fails with:
TypeError: unsupported operand type(s) for /: 'str' and 'int'
Fix Description:
os.getenv returns a string when a variable is present, so the value
must be converted to int.
Fixes: https://github.com/389ds/389-ds-base/issues/5279
Reviewed by: @Firstyear (Thanks!)
- - - - -
b169df29 by progier389 at 2022-05-10T16:25:11+02:00
Issue 5284 - Replication broken after password change (#5286)
Problem: A cached version of decoded password within agmt connection
is not updated when password get changed.
Solution: Store also the encoded version beside the decoded one
and replace both password verfsion if the encoded one does not
match the agmt password.
Issue: 5284
Reviewed by @firstyear
- - - - -
18a5f7e2 by Viktor Ashirov at 2022-05-11T08:43:04+02:00
Issue 5281 - HIGH - basic test does not run
Bug Description:
test_basic_ldapagent has an incorrect pytestmark that checks for presence
of 389-ds-base-snmp package that might not exist on other distros than
Fedora/RHEL. It's also a second declaration of the pytestmark that
overrides previous one at the beginning of the test.
Fix Description:
Instead of checking for package presence, check for `ldap-agent` binary.
Fixes: https://github.com/389ds/389-ds-base/issues/5281
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
7b52d40b by Mark Reynolds at 2022-05-11T09:34:23-04:00
Issue 379 - RFE - Compress rotated logs
Description:
After rotating a log compress it using gzip. Required updating the
rotation/deletion policy to account for the longer log name (.gz)
relates: https://github.com/389ds/389-ds-base/issues/379
Reviewed by: progier & spichugi(Thanks!!)
- - - - -
64122178 by Mark Reynolds at 2022-05-12T10:22:03-04:00
Issue 379 - RFE - Compress rotated logs (fix linker)
Description:
Add "-lz" to Makefile.am
relates: https://github.com/389ds/389-ds-base/issues/379
Reviewed by: progier389(Thanks!)
- - - - -
b1500405 by progier389 at 2022-05-13T15:02:45+02:00
Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292)
ReplicationManager.wait_for_replication may wrongly fails without no way to determine if the error is normal or not.
Solution to harden the function is to also check the description value ob the "from" side
And if servers are in sync but not having the expected value
LOG A DIFFERENT MESSAGE
REDO THE CHANGE (because previous one may have been overwritten by URP)
If the timeout (now set to 60 seconds by default) expires then log last 30 lines from replication plugin in error log
on both instances. (to capture the last replication session)
This change helped me to understand why test_change_repl_passwd[using-bind-group] fails while it pass when running alone.
So I also fixed test_fetch_bindDnGroup test to restore the configuration and avoid impacting the other tests.
Issue 5291
Reviewed by: @mreynolds
- - - - -
682bbfb5 by Firstyear at 2022-05-14T11:24:36+10:00
Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285)
Bug Description: Due to a change in the logic with filter
optimiser, in ldbm search we accidentally returned ldap
subentrys
Fix Description: Clean up the logic and comments in the
ldbm_search.c file to prevent this.
fixes: https://github.com/389ds/389-ds-base/issues/5170
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
39d843cc by Akshay Adhikari at 2022-05-16T09:58:15+02:00
Issue 5294 - Report Portal 5 is not processing test results XML file
Bug Description: Report Portal 5 is not processing an XML file with
test parameters exceeding 1024 char.
Fix Description: Fix the test case by using ids.
fixes: https://github.com/389ds/389-ds-base/issues/5294
Review by: @droideck, @bsimonova
- - - - -
01857c34 by Florian Schmaus at 2022-05-16T13:42:32+02:00
Issue 5175 - Remove stale zlib-devel dependency declaration (#5173)
Relates: https://github.com/389ds/389-ds-base/issues/5175
Reviewed by: Mark Reynolds <mreynolds at redhat.com>
Reviewed by: William Brown <firstyear at redhat.com>
- - - - -
53d0e170 by Viktor Ashirov at 2022-05-18T14:33:41+02:00
Issue 5299 - jemalloc 5.3 released
Description:
Bump jemalloc version to 5.3.0
https://github.com/jemalloc/jemalloc/releases/tag/5.3.0
Fixes: https://github.com/389ds/389-ds-base/issues/5299
Reviewed by: @droideck (Thanks!)
- - - - -
df1abddb by Firstyear at 2022-05-19T09:54:38+10:00
Issue 5170 - RFE - improve filter logging to assist debugging (#5301)
Bug Description: To help with this issue, improve filter logging
for future reports
Fix Description: Improve the logging.
fixes: https://github.com/389ds/389-ds-base/issues/5170
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
cfab2c1b by Viktor Ashirov at 2022-05-24T16:13:22+02:00
Issue 5302 - Release tarballs don't contain cockpit webapp
Description:
Add a new GitHub action to create a release tarball when a new tag
is created. The created source tarball also contains Rust vendored
dependencies and precompiled Cockpit assets.
Fixes: https://github.com/389ds/389-ds-base/issues/5302
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
89033bea by Viktor Ashirov at 2022-05-26T11:01:47+02:00
Issue 5307 - VERSION_PREREL is not set correctly in CI builds
Bug Description:
VERSION_PREREL is used to set pre-release version (.a1, .rc1, etc).
If the build is done inside the git tree, it is set to
VERSION_PREREL=.${VERSION_DATE}git$COMMIT.
But since we don't do any Alpha or RC releases, it should be
empty by default and populated by date and git commit hash in the
development builds.
Additionally, in our CI git commands stopped working after git-2.36
resulting in an incorrect VERSION_PREREL.
Fix Description:
* Set VERSION_PREREL to an empty value
* Update GH actions to explicitly add $GITHUB_WORKSPACE directory to a
list of safe directories.
Fixes: https://github.com/389ds/389-ds-base/issues/5307
Reviewed by: @bsimonova (Thanks!)
- - - - -
ab5e4b30 by Viktor Ashirov at 2022-05-26T11:03:05+02:00
Issue 5305 - OpenLDAP version autodetection doesn't work
Fix Description:
* Escape regex for `OPENLDAP_VERSION`.
* Invert logic for the version comparison.
Relates: https://github.com/389ds/389-ds-base/issues/5032
Fixes: https://github.com/389ds/389-ds-base/issues/5305
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
23e01a7d by Viktor Ashirov at 2022-05-27T15:23:51+02:00
Issue 5311 - Missing Requires for acl in the spec file
Description:
Add missing Requires for acl package that contains setfacl used by
ds_systemd_ask_password_acl script.
Fixes: https://github.com/389ds/389-ds-base/issues/5311
Reviewed by: @droideck (Thanks!)
- - - - -
51dcc37a by Viktor Ashirov at 2022-05-27T17:46:45+02:00
Issue 5313 - dbgen test uses deprecated -h HOST and -p PORT options for ldapmodify
Bug Description:
OpenLDAP 2.6+ deprecated -h HOST and -p PORT options in all their command
line tools. They are not allowed anymore and cause 'unknown option -' errors.
See https://bugs.openldap.org/show_bug.cgi?id=8618
dbgen test uses ldapmodify with deprecated -h HOST and -p PORT options.
On F36 with OpenLDAP 2.6.x this test fails.
Fix Description:
Use -H URL option for client tools.
Fixes: https://github.com/389ds/389-ds-base/issues/5313
Reviewed by: @droideck (Thanks!)
- - - - -
83b3fe96 by progier389 at 2022-05-31T17:44:44+02:00
Issue 5304: Need a compatibility option about sub suffix handling (#5310)
Issue #4373 has obsoleted the nsslapd-parent-suffix config attribute
(this attribute is now ignored )
This fixed a common configuration error but that cause regression
to some users deployment that requires that search does not get
forwarded to sub suffix (as it was the case in old versions
if nsslapd-parent-suffix was not configured.)
The solution is to add an "orphan" compatibility attribute to the
mapping tree entry that force the parent suffix to be the root entry
(ignoring the dn relationship)
This attribute may be configured by using
dsconf instance backend suffix --enable-orphan bename
dsconf instance backend suffix -disable-orphan bename
Issue #5304
Reviewed by: @mreynolds389
- - - - -
a393afe5 by OttoHollmann at 2022-06-01T14:05:12+10:00
Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321)
Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321)
Bug Description: When using migration utility openldap_to_ds to migrate an
OpenLDAP server where database for monitoring interface exists it result in
a crash.
Fix Description: Config entries related to monitoring interface doesn't have
key olcSuffix nor olcDbIndex. Skip importing these since we 389-ds has it's own
monitoring systems.
fixes: https://github.com/389ds/389-ds-base/issues/5323
Author: @OttoHollmann
Review by: @firstyear
- - - - -
987821a4 by Viktor Ashirov at 2022-06-01T11:36:48+02:00
Issue 5319 - dsctl_tls_test.py fails with openssl-3.x
Bug Description:
openssl-3.x has changed error message when an invalid private key is
attempted to use.
Fix Description:
Add a version check for openssl and expect for a new error message when
openssl-3.x is used.
Fixes: https://github.com/389ds/389-ds-base/issues/5319
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
6eecf3bb by Mark Reynolds at 2022-06-02T07:56:26-04:00
Issue 5324 - plugin acceptance test needs hardening
Description:
On slow VM's the schema & config update nmeedsa sleep after it before we
do the bind.
relates: https://github.com/389ds/389-ds-base/issues/5324
Reviewed by: spichugi(Thanks!)
- - - - -
40563667 by Firstyear at 2022-06-03T10:05:56+10:00
Issue 5170 - BUG - incorrect behaviour of filter test (#5315)
Bug Description: In the filter test during access only
checks, OR conditions were not correctly evaluated. They
would have their access checked, but it was not confirmed
if this was the element that the entry matched. This mean
that queries could incorrectly reduce entries.
Fix Description: Remove the access check only mode from being
using in filter tests since it is broken, and requires the full
filter test to be evaluated along with it to work in complex cases.
fixes: https://github.com/389ds/389-ds-base/issues/5170
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
419461df by Firstyear at 2022-06-03T10:12:48+10:00
Issue 5323 - BUG - Fix issue in mdb tests with monitor (#5326)
Bug Description: due to the way that the monitor check worked
it would fail if the database name did not have a } in it.
Fix Description: Change the check to be a bit more robust to
various DB types.
fixes: https://github.com/389ds/389-ds-base/issues/5323
Author: William Brown <william at blackhats.net.au>
Review by: @vashirov
- - - - -
9763e161 by Mark Reynolds at 2022-06-03T15:44:28-04:00
Bump version to 2.2.1
- - - - -
3231732d by Viktor Ashirov at 2022-06-06T16:14:16+02:00
Issue 5333 - 389-ds-base fails to build with Python 3.11
Bug Description:
389-ds-base fails to build with Python 3.11:
argparse.ArgumentError: argument {show,enable,disable,status}:
conflicting subparser: enable
Argparse is more strict in 3.11.0b3 and doesn't allow duplicate
subcommands, which we apparently had in pass-through-auth plugin.
Fix Description:
Remove duplicate subcommands from pass-through-auth plugin
Fixes: https://github.com/389ds/389-ds-base/issues/5333
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
d3272e1f by dependabot[bot] at 2022-06-07T08:29:07+00:00
Bump crossbeam-utils from 0.8.6 to 0.8.8 in /src
Bumps [crossbeam-utils](https://github.com/crossbeam-rs/crossbeam) from 0.8.6 to 0.8.8.
- [Release notes](https://github.com/crossbeam-rs/crossbeam/releases)
- [Changelog](https://github.com/crossbeam-rs/crossbeam/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crossbeam-rs/crossbeam/compare/crossbeam-utils-0.8.6...crossbeam-utils-0.8.8)
---
updated-dependencies:
- dependency-name: crossbeam-utils
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support at github.com>
- - - - -
cd18e411 by Barbora Simonova at 2022-06-07T13:00:15+02:00
Issue 4348 - Add tests for dsidm
Description:
Created test for dsidm initialise option.
Relates: https://github.com/389ds/389-ds-base/issues/4348
Reviewed by: @droideck, @vashirov (Thanks!)
- - - - -
489b585a by James Chapman at 2022-06-10T16:09:24+01:00
Issue 4812 - Scalability with high number of connections (#5090)
Description: Listener thread poll established connections. When the
number of connections is high and/or there is a high incoming traffic,
this single thread becomes a bottleneck. The thread is eating a lot of
cpu to go through the huge array of established connection but it is not
running fast enough if there is a big incoming traffic and finally
limits the capacity of the server.
Fix: Create multi connection table active lists where each list is
managed by a dedicated listener thread.
Relates: https://github.com/389ds/389-ds-base/issues/4812
Reviewed by: @Firstyear, @progier389 , @tbordaz (Thanks)
- - - - -
46396d1f by Viktor Ashirov at 2022-06-14T09:52:14+02:00
Issue 5327 - Validate test metadata
Bug Description:
Metadata in our tests' docstrings is used for test case and requirements
import in our test case management system. But it's prone to copy-paste
issues (duplicate unique test case IDs), formatting issues (RST parser
is not always happy) or it's simply missing. We should use automatic
validation for test metadata as part of our PR CI so that all new test
cases have valid docstrings and unique IDs.
Fix Description:
* Add a new Validate workflow to run on each PR. It runs testimony that
validates docstrings
* Add missing docstrings.
* Rename test_user fixtures to avoid confusion with pytest test functions..
* Fix token names and indentation.
* Add a python script to check for duplicate :id: tokens
* Fix duplicate :id: tokens.
Fixes: https://github.com/389ds/389-ds-base/issues/5327
Reviewed by: @droideck (Thanks!)
- - - - -
0abe315d by William Brown at 2022-06-14T16:53:14-04:00
Issue 5332 - BUG - normalise filter as intended
Bug Description: Due to a mistake in the optimiser rework
the filter as intended was not normalised, causing some searches
to fail
Fix Description: Always normalise both filters.
fixes: https://github.com/389ds/389-ds-base/issues/5332
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
Signed-off-by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
0d27fc43 by Mark Reynolds at 2022-06-15T13:36:45-04:00
Issue 4932 - CLI - add parser aliases to long arg names
Description:
In dsidm "organizationalunit", and "initialise" and be abbreviated to
shorter names, and in dsconf "replication" could use use an alias.
relates: https://github.com/389ds/389-ds-base/issues/4932
Reviewed by: spichugi(Thanks!)
- - - - -
233bde04 by Mark Reynolds at 2022-06-15T22:58:49-04:00
Issue 5343 - Various improvements to winsync
Description:
In some sync cases the objectclass person is present, but we do not add
the required attribute "sn" to the mapped entry. So this has been fixed.
Revised some of the logging to provide more details about sync failures
Updated an error with CLI around winysnc agreement configuration
Updated UI to better handle replication agreements
relates: https://github.com/389ds/389-ds-base/issues/5343
Reviewed by: firstyear(Thanks!)
- - - - -
9523a33e by Mark Reynolds at 2022-06-16T09:08:22-04:00
Issue 5329 - Improve replication extended op logging
Description:
We need logging around parsing extended op payload, right now when it
fails we have no idea why.
relates: https://github.com/389ds/389-ds-base/issues/5329
Reviewed by: progier, firstyear, and spichugi(Thanks!!!)
- - - - -
5ba868da by Firstyear at 2022-06-20T11:11:02+10:00
Issue 5323 - BUG - improve skipping of monitor db (#5340)
Bug Description: Monitor dbs were not handled correctly
when importing from openldap.
Fix Description: Improve the testing of the import
process, and skip the db's in a more effective manner.
fixes: https://github.com/389ds/389-ds-base/issues/5323
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
032f6587 by Firstyear at 2022-06-20T11:12:56+10:00
Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347)
Bug Description: When ppolicy in openldap was active, migration
would fail with various schema errors. This is because the openldap
ppolicy is "similar to" but not quite the same as our password
policy modules.
Fix Description: Improve the import to skip importing schema elements
that have 389-ds equivalents. Improve the pwd module to have some
better semantics around pw_lockduration handling. Allow excluding
objectClasses that are invalid during the import process. Improve
post-migration task management to include review of password policy.
fixes: https://github.com/389ds/389-ds-base/issues/5345
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
e3981575 by James Chapman at 2022-06-21T11:52:35+01:00
Issue 5346 - New connection table fails with ASAN failures (#5350)
Bug Description: Commit 489b585a67bf9b91c33a93cf8b0c6c7bca398bee
contains a buffer overflow that causes asan failures.
Fix Decription: Removed the overflow, corrected an incorrect memory
allocation and corrected some debug strings.
fixes: https://github.com/389ds/389-ds-base/issues/5346
relates: https://github.com/389ds/389-ds-base/issues/4812
Reviewed by: @Firstyear (Thank you)
- - - - -
f3fd6ec2 by Mark Reynolds at 2022-06-24T17:23:30-04:00
Issue 5353 - CLI - dsconf backend export breaks with multiple backends
Description:
If there are multiple backends "dsconf backend export" fails with a decoding error
because we don't process mutliple backends correctly, and we attempt to
process a suffix/dn that is actually the backend name.
Fix Description:
Properly handle checking a backend name or suffix when attempting to
find the backend. Also did some code cleanup.
relates: https://github.com/389ds/389-ds-base/issues/5353
Reviewed by: spichugi(Thanks!)
- - - - -
05c0a45f by Akshay Adhikari at 2022-06-28T10:57:25-07:00
Issue 5294: Report Portal 5 is not processing an XML file with (#5358)
Bug Description: Test parameters exceeding 1024 char.
Fix Description: changes made to the wrong line, correction is been made.
Relates: https://github.com/389ds/389-ds-base/issues/5294
Review by: @droideck
- - - - -
37101d99 by tbordaz at 2022-07-04T15:17:54+02:00
Issue 5221 - fix covscan (#5359)
- - - - -
55e2c7ab by Mark Reynolds at 2022-07-05T11:21:15-04:00
Bump version to 2.2.2
- - - - -
fe186737 by spike77453 at 2022-07-12T16:02:44+02:00
Issue 5290 - Importing certificate chain files via "import-server-key-cert" no longer works (#5293)
Description: Remove assertions from add_server_key_and_cert since pk12util has no issues importing certificate chain files
Relates: https://github.com/389ds/389-ds-base/issues/5290
Reviewed by: droideck
- - - - -
d522c921 by progier389 at 2022-07-13T17:02:02+02:00
Issue 3069 - Support ECDSA private keys for TLS (#5365)
- - - - -
2a9909fd by Mark Reynolds at 2022-07-20T00:00:05-04:00
Issue 5371 - Update npm and cargo packages
Description:
Updated cockpit npm packages and rust cargo packages. Fixed some compiler
errors.
In rpm.mk renamed FEDORA_SPECFILE to DS_SPECFILE because we use this for
other platforms besides FEDORA. Also renamed bundle make command to be
more generic
Updated obsolete macros in configure.ac and m4 files.
relates: https://github.com/389ds/389-ds-base/issues/5371
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
765c31f7 by Mark Reynolds at 2022-07-21T10:06:38-04:00
Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function
Description: The _get_arg() function was not being properly called when
a DN is not provided. Also improved the overall error handling when
things go wrong.
relates: https://github.com/389ds/389-ds-base/issues/5373
Reviewed by: firstyear & spichugi (Thanks!)
- - - - -
38552a3c by Gilbert Kimetto at 2022-07-21T10:40:36-04:00
Issue 981 Managed Entries betxnpreoperation - transaction not aborted on managed entry failure (#5369)
* Issue 981 Managed Entries betxnpreoperation - transaction not aborted upon failure to create managed entry
* Issue 981 Managed Entries betxnpreoperation - transaction not aborted upon failure to create managed entry
- - - - -
7514fc93 by Mark Reynolds at 2022-07-22T09:25:52-04:00
Issue 5375 - CI - disable TLS hostname checking
Description: For CI tests we should disable TLS hostname checking
because our testing envionments are fragile and TLS issues occur often.
relates: https://github.com/389ds/389-ds-base/issues/5375
Reviewed by: tbordaz, viktor, spichugi(Thanks!!)
- - - - -
7efbeb3b by Mark Reynolds at 2022-07-22T09:45:42-04:00
Issue 5335 - RFE - Add Security Audit Log
Description:
Create a new log using a JSON format that captures in a single line all
the relevant info (client, server, bind dn, event type, etc) related to
security events: Failed/success logins, TCP errors, authorization and
account lockout.
https://www.port389.org/docs/389ds/design/security-audit-log-design.html
relates: https://github.com/389ds/389-ds-base/issues/5335
ASAN: passed
Reviewed by: firstyear, progier, viktor, and tbordaz(Thanks!!!)
- - - - -
a199440a by Mark Reynolds at 2022-07-25T09:53:20-04:00
Issue 5322 - optime & wtime on rejected connections is not properly set
Description: We were not setting the operation start time before
aborting a connection because of minssf or anonymous access being
denied. This can lead to an overflow and unexpected values for
the wtime & optime keywords in the access log.
relates: https://github.com/389ds/389-ds-base/issues/5322
Reviewed by: firstyear & tbordaz (Thanks!!)
- - - - -
8f5db8da by Mark Reynolds at 2022-07-25T10:10:38-04:00
Issue 5380 - Separate cleanAllRUV code into new file
Description:
A majority of the cleanAllruv code is jammed inside of
rep5_replica_config.c. It really deserves it's own file which will make
it easier to analyze and troubleshoot (especially for people not
familiar with it).
Also, revised the CI "force" tests to make them more robust.
relates: https://github.com/389ds/389-ds-base/issues/5380
Reviewed by: jchapman & firstyear (Thanks!!)
- - - - -
8badf2c6 by Mark Reynolds at 2022-07-26T09:57:31-04:00
Issue 4656 - Remove problematic language from source code
Description: Remove problematic language from source code
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: spichugi, progier, vashirov, firstyear (Thanks!!!!)
- - - - -
f002e9e0 by Mark Reynolds at 2022-07-28T09:04:18-04:00
Issue 5383 - UI - Various fixes and RFE's for UI
Description:
Addressing these bugs/RFEs found during our testing day:
https://bugzilla.redhat.com/show_bug.cgi?id=2090687 - RFE - Add attribute search box when editing/adding user
https://bugzilla.redhat.com/show_bug.cgi?id=2090460 - can not do modrdn
https://bugzilla.redhat.com/show_bug.cgi?id=2090069 - stopping instance does not display message
https://bugzilla.redhat.com/show_bug.cgi?id=2090393 - no warning when setting port to zero
https://bugzilla.redhat.com/show_bug.cgi?id=2095765 - enabling disabling logs
https://bugzilla.redhat.com/show_bug.cgi?id=2090475 - unable edit trust flags of CA
https://bugzilla.redhat.com/show_bug.cgi?id=2090449 - numeric log levels not displayed
https://bugzilla.redhat.com/show_bug.cgi?id=2090403 - monitor causes too many messages in console
https://bugzilla.redhat.com/show_bug.cgi?id=2090499 - selecting index type before selecting attribute...
https://bugzilla.redhat.com/show_bug.cgi?id=2090152 - attribute encryption
https://bugzilla.redhat.com/show_bug.cgi?id=2090140 - Selecting and deselecting "Reindex Attribute After Saving"
https://bugzilla.redhat.com/show_bug.cgi?id=2029839 - can not enable dict checks
relates: https://github.com/389ds/389-ds-base/issues/5383
Reviewed by: spichugi(Thanks!)
- - - - -
85a3b3c8 by Mark Reynolds at 2022-08-01T13:57:48-04:00
Issue 5388 - fix use-after-free and deadcode
Description; Fix latest coverity repor
relates: https://github.com/389ds/389-ds-base/issues/5388
Reviewed by: progier(Thanks!)
- - - - -
1deeda27 by Firstyear at 2022-08-02T14:22:03+10:00
Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387)
Bug Description: It was found by a SUSE customer, that an inconsistency between ldap core schemas
and sudoers existed. This was due to items like uid and cn being UTF-8, but sudoUser and other
types were IA5 only. This created a scenario where sudo rules in ldap were failing due to incorrect
matching being applied (trying to match a UTF8 type with IA5 rules.).
Fix Description: Since UTF-8 is a superset of IA5 the sudoers schema can be expanded to support
UTF-8 without any other changes. This was discussed with the sudo maintainers at SUSE, and the sudo
project itself accepted the changes to the schema. Since we ship a copy of the schema, we should
update to be in line.
fixes: https://github.com/389ds/389-ds-base/issues/5386
Author: William Brown <william at blackhats.net.au>
Review by: @progier389 @droideck
- - - - -
8b348b0e by Wander Boessenkool at 2022-08-02T15:59:44-04:00
Issue 5392 - dscreate fails when using alternative ports in the SELinux hi_reserved_port_t label range
Bug Description:
When trying to install a new instance on alterative port numbers the
dscreate tool fails when one of the ports used is labelled by SELinux as
hi_reserved_port_t
Fix Description:
Add `hi_reserved_port_t` to the list of port labels ignored when
checking for existing labels.
relates: https://github.com/389ds/389-ds-base/issues/5392
Author: Wander Boessenkool
Reviewed by: mreynolds389
- - - - -
24d00236 by Viktor Ashirov at 2022-08-04T12:03:33+02:00
Issue 5394 - configure doesn't check for lmdb and json-c
Description:
After a successful ./configure with no options, build fails with:
```
In file included from ldap/servers/slapd/back-ldbm/db-mdb/mdb_config.c:15:
ldap/servers/slapd/back-ldbm/db-mdb/mdb_layer.h:13:10: fatal error: lmdb.h: No such file or directory
13 | #include <lmdb.h>
| ^~~~~~~~
```
and then with
```
ldap/servers/slapd/log.c:34:10: fatal error: json-c/json.h: No such file or directory
34 | #include <json-c/json.h>
| ^~~~~~~~~~~~~~~
```
Fix Description:
We should check for presence of lmdb.h and json-c/json.h
Fixes: https://github.com/389ds/389-ds-base/issues/5394
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
db3e8c0b by progier389 at 2022-08-04T20:01:46+02:00
Issue: 5377 - Code cleanup: Fix Covscan invalid reference (#5393)
* Issue: 5377 - Code cleanup: Fix Covscan invalid reference - V1
Fixed some of the issue but It looks like it did not fix as many FORWARD_NULL as I expected:
The initial state | The state with this commit
covscanhub/task/257865/ | covscanhub/task/258085/
ARRAY_VS_SINGLETON 9 | ARRAY_VS_SINGLETON 7
BAD_COMPARE 1 | BAD_COMPARE 1
BAD_FREE 2 | BAD_FREE 2
BUFFER_SIZE 8 | BUFFER_SIZE 8
CHECKED_RETURN 18 | CHECKED_RETURN 18
CLANG_WARNING 336 | CLANG_WARNING 282
COMPILER_WARNING 26 | COMPILER_WARNING 31
CONSTANT_EXPRESSION_RESULT 4 CONSTANT_EXPRESSION_RESULT 4
COPY_PASTE_ERROR 8 | COPY_PASTE_ERROR 10
CPPCHECK_WARNING 38 | CPPCHECK_WARNING 146
DC.WEAK_CRYPTO 5 | DC.WEAK_CRYPTO 5
DEADCODE 22 | DEADCODE 22
FORWARD_NULL 47 | FORWARD_NULL 32
GCC_ANALYZER_WARNING 89 | GCC_ANALYZER_WARNING 81
LOCK 4 | LOCK 4
MISSING_BREAK 5 | MISSING_BREAK 5
MISSING_LOCK 5 | MISSING_LOCK 5
NEGATIVE_RETURNS 3 | NEGATIVE_RETURNS 3
NO_EFFECT 1 | NO_EFFECT 1
NULL_RETURNS 2 |
OVERRUN 18 | OVERRUN 18
RESOURCE_LEAK 29 | RESOURCE_LEAK 21
REVERSE_INULL 11 | REVERSE_INULL 11
SENSITIVE_DATA_LEAK 1 | SENSITIVE_DATA_LEAK 1
SHELLCHECK_WARNING 4 | SHELLCHECK_WARNING 4
SIZEOF_MISMATCH 6 | SIZEOF_MISMATCH 6
STRING_OVERFLOW 16 | STRING_OVERFLOW 16
TAINTED_SCALAR 4 | TAINTED_SCALAR 4
TAINTED_STRING 1 | TAINTED_STRING 1
TOCTOU 6 | TOCTOU 6
UNINIT 3 | UNINIT 2
UNREACHABLE 2 | UNREACHABLE 3
UNUSED_VALUE 16 | UNUSED_VALUE 16
USELESS_CALL 3 | USELESS_CALL 3
USE_AFTER_FREE 12 | USE_AFTER_FREE 12
* Issue: 5377 - Code cleanup: Fix Covscan invalid reference - V2
Task URL: https://cov01.lab.eng.brq.redhat.com/covscanhub/task/258546/
Last covscan with this commit is:
ARRAY_VS_SINGLETON 7
BAD_FREE 2
BUFFER_SIZE 3
CHECKED_RETURN 8
CLANG_WARNING 248
COMPILER_WARNING 7
CONSTANT_EXPRESSION_RESULT 2
COPY_PASTE_ERROR 6
CPPCHECK_WARNING 29
DC.WEAK_CRYPTO 5
DEADCODE 4
FORWARD_NULL 5
GCC_ANALYZER_WARNING 77
IDENTICAL_BRANCHES 2
LOCK 2
MISSING_BREAK 5
MISSING_LOCK 4
NEGATIVE_RETURNS 2
NO_EFFECT 1
NULL_RETURNS 1
OVERRUN 18
RESOURCE_LEAK 13
REVERSE_INULL 1
SENSITIVE_DATA_LEAK 1
SHELLCHECK_WARNING 4
SIZEOF_MISMATCH 1
STRING_OVERFLOW 16
TAINTED_SCALAR 3
TAINTED_STRING 1
TOCTOU 6
UNINIT 1
UNREACHABLE 3
UNUSED_VALUE 10
USELESS_CALL 3
USE_AFTER_FREE 8
* Issue: 5377 - Code cleanup: Fix Covscan invalid reference - Fix review
* Issue: 5377 - Code cleanup: Fix Covscan invalid reference - Fix replication failure
* Issue: 5377 - Code cleanup: Fix Covscan invalid reference - Fix mdb and pwpolicy failures
- - - - -
55cb7b50 by Mark Reynolds at 2022-08-05T10:39:15-04:00
Issue 3903 - Supplier should do periodic updates
Description:
On suppliers update the keep alive entry periodically to keep the RUV up
to date in case a replica is neglected for along time. This prevents
very long changelog scans when finally processing updates.
relates: https://github.com/389ds/389-ds-base/issues/3903
Reviewed by: firstyear & tbordaz(Thanks!)
- - - - -
a6bf0a19 by Simon Pichugin at 2022-08-05T10:08:45-07:00
Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400)
Description: We don't refresh LDAP Editor when we switch instances.
It may lead to unpleasant errors.
Add componentDidUpdate function with the appropriate processing and
properties.
Fixes: https://github.com/389ds/389-ds-base/issues/5399
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
acbde67b by Mark Reynolds at 2022-08-08T10:22:26-04:00
Issue 5397 - Fix various memory leaks
Description:
Fixed memory leaks in:
- Upgrade code when we check if an expected plugin is present, we didn't
free the search results.
- Filter optimizer introduced sr_norm_filter_intent which dupped a filter
but never freed it.
- Replication connections would leak the replication manager's
credentials.
relates: https://github.com/389ds/389-ds-base/issues/5397
Reviewed by: progier & jchapman (Thanks!!)
- - - - -
053fee67 by Mark Reynolds at 2022-08-08T13:02:50-04:00
Issue 3903 - keep alive update event starts too soon
Description: THe keep alive update needs a little more time to start to
allow changelog, and other replication protocols to startup
relates: https://github.com/389ds/389-ds-base/issues/3903
Reviewed by: tbordaz (Thanks!)
- - - - -
baa53b5b by James Chapman at 2022-08-09T12:27:35+01:00
Issue 5403 - Memory leak in conntection table mulit list (#5404)
Bug description: Memory leaks were introduced as part of the
connection table multi list feature.
Fixes: https://github.com/389ds/389-ds-base/issues/5403
Reviewed by: @progier389 (Thank you)
- - - - -
e867d145 by progier389 at 2022-08-09T16:31:08+02:00
Issue 5385 - LMDB - import crash in rdncache_add_elem (#5406)
* Issue 5385 - LMDB - import crash in rdncache_add_elem
* Issue 5385 - LMDB - fix tabulation issues.
- - - - -
ff1d65d2 by tbordaz at 2022-08-10T15:45:33+02:00
Issue 5407 - sync_repl crashes if enabled while dynamic plugin is enabled (#5411)
Bug description:
When dynamic plugin is enabled, if a MOD enables sync_repl plugin
then sync_repl init function registers the postop callback
that will be called for the MOD itself while the preop
has not been called.
postop expects preop to be called and so primary operation
to be set. When it is not set it crashes
Fix description:
If the primary operation is not set, just return
relates: #5407
Reviewed by:
- - - - -
59fe6dc6 by Mark Reynolds at 2022-08-10T16:58:37-04:00
Issue 5412 - lib389 - do not set backend name to lowercase
Description:
There is no reason to set a new suffix to lowercase. The server
will correctly handle the case, and some customers, especially
with migrations, want to have the base suffix a certain case.
relates: https://github.com/389ds/389-ds-base/issues/5412
Reviewed by: spichugi(Thanks!)
- - - - -
3cda974c by Akshay Adhikari at 2022-08-11T17:26:22+02:00
Issue 5415 - Hostname when set to localhost causing failures in other tests
Description: When the hostname is set to localhost it is causing failures
in other test suites like replication
Fixes: https://github.com/389ds/389-ds-base/issues/5415
Reviewed by: @bsimonova, @tbordaz (Thanks!)
- - - - -
513a763b by tbordaz at 2022-08-18T11:17:30+02:00
Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420)
Bug description:
If the servers receives an invalid cookie without separator '#',
it parses it into an empty cookie (Sync_Cookie) instead of a NULL
cookie (failure).
Later it sigsegv when using the empty cookie.
Fix description:
If the parsing fails return NULL
relates: #5418
Reviewed by: Viktor Ashirov, Mark Reynolds, William Brown, Simon
Pichugin (thanks !)
- - - - -
77da7ffa by Mark Reynolds at 2022-08-18T09:38:34-04:00
Issue 3903 - fix repl keep alive event interval
Description: Previously we passed the interval as seconds to the
event queue, but it is supposed to be milliseconds.
Fixed a crash with repl logging and decoding extended
op payload (referrals).
Also reworked alot of the replication CI tests that
were flaky.
relates: https://github.com/389ds/389-ds-base/issues/3903
Reviewed by: tbordaz & spichugi(Thanks!)
- - - - -
23a5d68c by tbordaz at 2022-08-19T09:35:23+02:00
Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422)
Bug description:
test_modify_entry relies on replication latency with sleeps
Fix description:
change sleep into wait_for_replication
relates: #5421
Reviewed by: Simon Pichugin
- - - - -
2e202490 by Andrew Elwell at 2022-08-22T12:12:56-04:00
Fix missing 'not' in description (closes #5423) (#5424)
Issue #5243 - Fix missing 'not' in description
Bug Description:
The helptext for 'start' is missing the word 'not'
Fix Description:
Adds in missing word
relates: https://github.com/389ds/389-ds-base/issues/5423
Author: Andrew Elwell
Reviewed by: mreynolds
- - - - -
63249e1d by Mark Reynolds at 2022-08-22T19:14:13-04:00
Issue 5428 - Fix regression with nscpEntryWsi computation
Description: We were not resetting the length of copied value when
computing the nscpEntryWsi value. This led to value corruption in the
output.
relates: https://github.com/389ds/389-ds-base/issues/5428
Reviewed by: spichugi(Thanks!)
- - - - -
dea9f6a7 by Mark Reynolds at 2022-08-23T08:29:45-04:00
Issue 5012 - Migrate pcre to pcre2
Description: PCRE is deprecated and is being removed, need to use the
new PCRE2 lkbrary
fixes: https://github.com/389ds/389-ds-base/issues/5012
Reviewed by: tbordaz & firstyear (Thanks!!)
- - - - -
99a74d7b by Mark Reynolds at 2022-08-24T15:20:54-04:00
Issue 5356 - Make Rust non-optional and update default password storage
scheme
Description:
We need a stronger default storage scheme which comes from our Rust
plugins, but to do this Rust needs to be non-optional. It will be
a requirement moving forward.
relates: https://github.com/389ds/389-ds-base/issues/5356
Reviewed by: firstyear, vashirov, and spichugi (Thanks!!!)
- - - - -
3439c243 by Mark Reynolds at 2022-08-25T16:53:57-04:00
Update CI tests
Reviewed by: progier & spichugi(Thanks!!)
- - - - -
a310799f by Mark Reynolds at 2022-08-31T07:22:57-04:00
Issue 5012 - Migrate pcre to pcre2 - remove match limit
Description: During the migration a match limit was incorrectly
applied when in was not actually needed. This broke
regexes where the source target matched more than 30
characters.
relates: https://github.com/389ds/389-ds-base/issues/5012
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
3db81913 by Mark Reynolds at 2022-09-01T15:00:57-04:00
Bump version to 2.3.0
- - - - -
d5ba5374 by progier389 at 2022-09-12T15:36:06+02:00
Issue 5158: entryuuid fixup tasks fails in replicated topology (#5439)
Problem:
entryuuid plugin fixup task fails in replicated topology because o CSN is generated and the replication plugin aborts the operation.
This happen because the operation flags are set to 0x400000 which is OP_FLAG_TOMBSTONE_FIXUP
(a flags that should only be set to handle replication plugin internal operations)
Solution:
Do not use any flags
- - - - -
199ec655 by progier389 at 2022-09-12T18:21:56+02:00
Issue 4592: dscreate error with custom dir_path (#5434)
* Issue 4592: dscreate error with custom dir_path
Problem:
When creating an instance with a custom dir_path and if seLinux is enabled then the instance creation fails:
Instance fails to start because database cannot be created due to seLinux permission error.
Solution:
The solution is to set the right seLinux label for the instance directories by deleting current context
and adding new one
but there are some pitfalls to avoid:
- Make sure that the right path is used (otherwise semanage fails)
- Make sure that a path is not associated with different labels
( for example by setting the same path in db_dir and in tmp_dir )
The idea is to parse the semanage fcontext -l [-C] output to get the:
path equivalence rules (about symbolic link)
local file context path and labels
global policy file context path and labels
And use them to compute the right path, and to decide what must be done
(nothing, delete existing local context, raise an error or add new context)
Note: also fixed some lib389 warning about obsolete escape sequences
Issue: 4592
Reviewed by: @droideck
- - - - -
9db7a5ad by Mark Reynolds at 2022-09-12T15:06:27-04:00
Issue 5413 - Allow only one MemberOf fixup task at a time
Description: only allow one fixup task to run at a time, and improve
the task logging
relates: https://github.com/389ds/389-ds-base/issues/5413
Reviewed by: progier & tbordaz(Thanks!)
- - - - -
c1486b81 by Mark Reynolds at 2022-09-12T15:12:28-04:00
Issue 5443 - UI - disable save button while saving
Description:
You can click the save button over and over while its spinning
and it will trigger the same operation over and over. It should
be disabled while it's "working/spinning".
Fixed typo with replication log level that trigger many log levels,
including trace function calls, to be accidentally enabled
relates: https://github.com/389ds/389-ds-base/issues/5443
Reviewed by: spichugi(Thanks!)
- - - - -
88cda888 by Mark Reynolds at 2022-09-14T19:54:01-04:00
Issue 5447 - UI - add NDN max cache size to UI
Descripion:
Add NDD cache max size to UI. Also rewored "Database Global Config"
page as it was getting crowded, so it's now a Tabs form. Also updated
patternfly to pick up enhancements to the TreeView (previously selecting
a node label would expand/collapse the node which was very annoying),
now you must click on the "icon" to expand/collapse it.
relates: https://github.com/389ds/389-ds-base/issues/5447
Reviewed by: spichugi(Thanks!)
- - - - -
bb6029d4 by Mark Reynolds at 2022-09-15T10:36:02-04:00
Issue 4308 - checking if an entry is a referral is expensive
Description:
When updating the entry cache check if the entry has a smart referral, if
so set a flag so we don't have to do the referral check for future
searches.
relates: https://github.com/389ds/389-ds-base/issues/4308
Reviewed by: firstyear & tbordaz (Thanks!!)
- - - - -
a0d15b46 by progier389 at 2022-09-19T15:05:06+02:00
Issue 5446 - Fix some covscan issues (#5451)
Problem:
covscan reported a number of important issues.
Solution:
Most of those were false positive but a few were genuine errors. I annotated the false positive so the issues does not get reported ( except the COPY_PASTE_ERROR whose annotation seems ignored (coverity bug?) but at least the comment visible in the detailed report shows it is a false positive without even having to look at the code)
Except copy_[paste_errors only 2 errors in jemalloc third party code are reported.
Now the scan-results-imp-summary.txt is getting minimal:
some issue in jemalloc code
a few COPY_PASTE_ERROR false positive error (that have been commented so by reading the detailed report we know it is a false positive) For some reason covscan annotation does not work for copy_paste_error category
Issue: 5446
Reviewed by: @mreynolds389 , @droideck
- - - - -
9f1795cb by Mark Reynolds at 2022-09-20T14:08:10-04:00
Issue 5453 - UI/CLI - Changing Root DN breaks UI
Bug Description:
When you change the root DN it breaks LDAPI connectivity because the
LDAPI mapping for the root DN is out of sync. This also causes the UI
to crash when accessing the server.
Fix Description:
When you change the root dn via dsconf it will automatically update the
LDAPI configuration. The UI will also gracefully handle the situation
when things are out sync.
relates: https://github.com/389ds/389-ds-base/issues/5453
Reviewed by: spichugi(Thanks!)
- - - - -
ca05dea9 by tbordaz at 2022-09-20T14:24:47-04:00
Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272)
Bug description:
calls to PAM authentication are serialized by DS.
libpam is thread-safe and some module may also be
thread-safe.
Because serialization impacts performance, an administator
should be allowed to remove the serialization in case
the pam module is thread safe
Fix description:
If the pam configuration entry contains 'pamModuleIsThreadSafe: TRUE'
then futher calls to pam_start/pam_authenticate/pam_end are not
serialized
relates: #5271
Reviewed by: Mark Reynolds, William Brown (thanks)
- - - - -
a942379b by Stanislav Levin at 2022-09-29T14:04:09+02:00
Issue 5465 - Fix dbscan linking (#5466)
Bug Description:
Linking of dbscan fails with:
ld: ./.libs/libback-ldbm.so: undefined reference to symbol 'slapi_ch_free'
ld: ./.libs/libslapd.so.0: error adding symbols: DSO missing from command line
Fix Description:
Add the missing libslapd.so to the command line.
relates: https://github.com/389ds/389-ds-base/issues/5465
Author: Stanislav Levin
Reviewed by: Mark Reynolds (thanks)
- - - - -
8cb63bcf by Firstyear at 2022-09-30T12:08:09+10:00
Issue 5462 - RFE - add missing default indexes (#5464)
Bug Description: Uidnumber and gidnumber are commonly searched
by unix related integrations. Memberuid is also used by the
less-prefrered legacy style unix group resolution tools.
We should index these by default to prevent performance and
experience issues.
Fix Description: Add uidnumber, gidnumber and memberuid indexes
to the default index set.
fixes: https://github.com/389ds/389-ds-base/issues/5462
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck
- - - - -
1011ad1f by Simon Pichugin at 2022-09-29T19:49:41-07:00
Issue 4324 - Revert recursive pthread mutex change (#5463)
Bug description:
The entry cache is protected with recursive mutex. Currently it is
implemented using pthread recursive mutex. Very rarely, we may
encounter 'Retry count error' (we weren't able to reproduce it reliably).
Fix description:
As per investigation and team discussions, we decided to go with the 'revert' option,
as it reliably helped the user who had the issue on their environment.
Changing the c_mutex from pthread recursive mutex back to PR_Monitor.
Related: https://github.com/389ds/389-ds-base/issues/4324
Reviewed by: @progier389 (Thanks!)
- - - - -
810fc877 by tbordaz at 2022-09-30T13:35:05+02:00
Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264)
Bug description:
Under high mixed load (update/read), the pressure on the entry cache is
so high that during an update by the time the entry is added into the
cache, it is then removed from the cache before it is locked for the update.
If such event occurs 1000 times in a raw, the update fails.
Another issue is that when updating the parent entry of a
deleted entry (numsubordinates), if it fails to lock the parent
it does not return the parent entry. So refcnt becomes invalid.
Fix description:
To reduce the likelyhood of failure, if an entry is removed from
the entry cache before it is locked, then pause 100ms before
retrying to upload/lock it.
In the case of the failure to lock the parent entry, the entry
should be returned.
relates: #5262
Reviewed by: Pierre Rogier, Mark Reynolds, Simon Pichugin, William Brown
- - - - -
cf4c82c2 by Viktor Ashirov at 2022-10-04T22:15:11+02:00
Issue 5302 - Release tarballs don't contain cockpit webapp
Bug Description:
It was found that this action was producing incomplete tarballs **only**
containing the cockpit webapp and rust vendored dependencies.
The reason is the same as in #5307 - current working directory was not
marked as a safe directory.
Fix Description:
* Add $GITHUB_WORKSPACE as a safe directory.
* Add a manual trigger that allows you to specify a tag and whether
to skip npm audit-ci or not.
Fixes: https://github.com/389ds/389-ds-base/issues/5302
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
469e856c by Mark Reynolds at 2022-10-06T09:58:08-04:00
Issue 3061 - RFE - Add password policy debug log level
Description:
Added new logging level (1048576) for password policy debugging where the
failure message, entry dn, and pwd policy is recorded (it's either
the global policy or the DN of the local policy).
relates: https://github.com/389ds/389-ds-base/issues/3061
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
cd0bd600 by progier389 at 2022-10-07T14:32:05+02:00
Issue 5478 - Random crash in connection code during server shutdown (#5479)
Problem: connection table thread may be still running while connection table get freed.
Fix is to decrease the working thread number only when the thread has finished instead of doing that when detecting than the thread should be stopped.
Issue: 5478
Reviewed by: @mreynolds389
- - - - -
1ea6522d by Mark Reynolds at 2022-10-12T09:57:14-04:00
Issue 5482 - lib389 - Can not enable replication with a mixed case suffix
Description:
Can not enable replication with a mixed case suffix using dsconf because
not all of the code expects mixed case. Need to "lower" some values
before comparing them.
Also did a little code cleanup
relates: https://github.com/389ds/389-ds-base/issues/5482
Reviewed by: spichugi, and progier(Thanks!)
- - - - -
5212b108 by Firstyear at 2022-10-14T10:53:39+10:00
Issue 5476 - RFE - add memberUid read aci by default (#5477)
Issue 5476 - RFE - add memberUid read aci by default
Bug Description: Some legacy client issue searches for
(|(member=...)(memberUid=...)). Because of how our
aci's work, the lack of access to memberUid (even if
empty) would block the legitimate search to member=.
Fix Description: Allow memberUid to be searched by
default.
fixes: https://github.com/389ds/389-ds-base/issues/5476
Author: William Brown <william at blackhats.net.au>
Review by: @droideck @mreynolds389
- - - - -
162a56a1 by Mark Reynolds at 2022-10-14T09:47:18-04:00
Issue 5487 - Fix various issues with logconv.pl
Description:
Latency stats were inconsistent depending if "-V" was used.
This was due to a missing usage check and uninitialized latency
array
Fixed CSV format
relates: https://github.com/389ds/389-ds-base/issues/5487
Reviewed by: spichugi(Thanks!)
- - - - -
2293103d by tbordaz at 2022-10-14T16:00:12+02:00
Issue 5368 - Retro Changelog trimming does not work (#5486)
Bug description:
After an initial trimming, the trimming thread
is not scheduled according to nsslapd-changelog-trim-interval.
It is erroneously scheduled according to
nsslapd-changelogmaxage.
Fix description:
Get the trimming interval into 'ts' (trimming structure)
and decide to trim according to nsslapd-changelogmaxage
relates: #5368
Reviewed by: Mark Reynolds, Simon Pichugin (thanks)
- - - - -
b53941e5 by Simon Pichugin at 2022-10-18T16:10:43-07:00
Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492)
Description: Finish the support of binary values, specifically jpegPhoto
(and displaying it in the UI) was started in the original
code merge from Teko.
Disable conflicting eslint warnings.
Fix multivalued entry search in LDAP browser.
Fixes: https://github.com/389ds/389-ds-base/issues/5491
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
8fedec0f by Firstyear at 2022-10-21T11:57:25+10:00
Issue 5495 - RFE - skip dds during migration. (#5496)
Bug Description: We don't directly support dynamic directory services
per openldap, so we need to skip these values in migration. The admin
must review these changes.
Fix Description: Skip the values.
fixes: https://github.com/389ds/389-ds-base/issues/5495
Author: William Brown <william at blackhats.net.au>
Review by: @droideck @mreynolds389
- - - - -
d125808e by Mark Reynolds at 2022-10-27T10:52:15-04:00
Issue 5367 - RFE - store full DN in database record
Description:
For the Full unnormalized DN in the entry via "dsEntryDN"
operational attribute. This allows for maintaining the case
of a DN from when it was first added.
There is also a significant performance improvement when loading
an entry from disk to the entry cache (using entryrdn index
was very exspensive).
Added config setting to turn this behavior on and off (default on)
relates: https://github.com/389ds/389-ds-base/issues/5267
Reviewed by: firstyear, progier, tbordaz, and spichugi(Thanks!!!!)
- - - - -
715d2d49 by Firstyear at 2022-10-28T10:33:19+10:00
Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501)
Bug Description: Incorrect variables were used in the inconsistent attribute
logs.
Fix Description: Fix the variable names and reporting.
fixes: https://github.com/389ds/389-ds-base/issues/5495
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
ad5e9d6c by Mark Reynolds at 2022-11-01T10:04:56-04:00
Issue 5502 - RFE - Add option to display entry attributes in audit log
Description:
Add a new config setting to specify specifc, or all, attributes from the
entry being updated. These attributes are prefixed with a '#' to make
them comments so parsing tools will still work.
relates: https://github.com/389ds/389-ds-base/issues/5502
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
3c907022 by Mark Reynolds at 2022-11-02T09:08:32-04:00
Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed
Description: Add a lint chek to make sure the group attributes used in the memberOf plugin are indexed
relates: https://github.com/389ds/389-ds-base/issues/5429
Reviewed by: spichugi & tbordaz (Thanks!!)
- - - - -
6a78c9f5 by progier389 at 2022-11-03T14:35:57+01:00
Issue 5408: lmdb import is slow (#5481)
* Issue 5408: lmdb import is slow
- - - - -
6bc98164 by James Chapman at 2022-11-09T09:48:27+00:00
Issue 5469 - Increase the default value of nsslapd-conntablesize (#5472)
Bug Description: There are quite often customer cases about shortage of file
descriptors and LDAP client requests not being processed.
The shortage is usually caused by a low value set for the
nsslapd-conntablesize parameter.
Fix Description: The nsslapd-conntablesize attribute has been removed,
now we dynamically configure the connection table size.
conntablesize = (Max process fds - Server reserve fds).
On restart we now calculate how many reserve descriptors
the server requires, this value overides the configured
value for nsslapd-reservedescriptors if lower than the
calculated value.
Relates: https://github.com/389ds/389-ds-base/issues/5469
Reviewed by: @Firstyear, @mreynolds389, @progier389 (Thanks)
- - - - -
024e35c8 by James Chapman at 2022-11-09T09:49:47+00:00
Issue 5505 - Fix compiler warning (#5506)
relates: https://github.com/389ds/389-ds-base/issues/5505
Reviewed by: @Firstyear (Thanks)
- - - - -
0e64757d by Simon Pichugin at 2022-11-09T07:18:34-08:00
Issue 3555 - UI - fix audit issue with npm loader-utils (#5514)
Description: Ran npm audit fix to address the vulnerability in loader-utils.
Relates: #3555
Reviewed by: @jchapma (Thanks!)
- - - - -
7e701e2c by Firstyear at 2022-11-10T08:20:29+10:00
Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513)
Bug Description: Unsupported as we don't support it's
may attr types
Fix Description: Skip as it's incompatible.
fixes: https://github.com/389ds/389-ds-base/issues/5512
Author: William Brown <william at blackhats.net.au>
Review by: @droideck
- - - - -
7283a57b by tbordaz at 2022-11-10T16:31:11+01:00
Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455)
Bug description:
When there are several groupattr (attr_1, attr_2,..) in memberof config
To fixup entry 'e1', memberof does an internal search
"(|(attr_1=e1)(attr_2=e1)...(attr_n=e1))"
This is not valid regarding membership relation and in
addition it prevents the server to bypass the filter evaluation.
Fix description:
To fixup an entry iterate several internal searches
"(attr_1=e1)" , then "(attr_2=e1)", then "(attr_n=e1)"
relates: #5440
Reviewed by: Pierre Rogier, Mark Reynolds, Simon Pichugin (Thanks)
- - - - -
fdb7393e by Mark Reynolds at 2022-11-15T11:23:24-05:00
Issue 5162 - RFE - CLI allow adding CA certificate bundles
Description: Parse PEM file and add each CA cert separately.
Fixed some PEP8 errors.
relates: https://github.com/389ds/389-ds-base/issues/5162
Reviewed by: spichugi(Thanks!)
- - - - -
a8392bc7 by progier389 at 2022-11-15T17:27:17+01:00
Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516)
Since version 2.1 we use twalk_r function that is available in glibc-2.30 and newer. This prevents building 389-ds on platforms with older glibc such as EL8.
This fix Replace twalk_r by twalk if glibc version is < 2.30 and remove glibc 2.30 dependency
- - - - -
b2827133 by Mark Reynolds at 2022-11-15T14:00:17-05:00
Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement
Description: Incorrectly added "required=True" to positional arg nickname
when adding ca-cert.
relates: https://github.com/389ds/389-ds-base/issues/5162
Reviewed by: ?
- - - - -
4b82bf6d by progier389 at 2022-11-16T15:01:55+01:00
Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498)
Align mdb behavior on bdb one about tombstone entries and (entryrdn / parentid/ ancestorid ) indexes:
Make sure that entry info are build for tombstone and RUV entry so the indexes get properly updated.
Fix deadlock by insuring that ai is provided when first opening the dbi while reindexing (so that cmp function is rightly set and does not need to be set later on)
[1] Added a test that check the tombstone in entryrdn after import/reindex/bulk import
[2] I found that Tombstone entry should be in the entryrdn index but:
parent should be looked up with the nsparentuniqueid rather than on the parent dn.
==> entries nsuniqueid should also be a key of the import private database
And tombstone entry should also be stored in the private database
[3] Fixed some issue in test case
[4] removed the cas atomic operation
[5] Fixed dsrate issue about full lmdb database
[6] Fixed issue around cursor bulk operation
[7] Improved/fixed entryrdn and lmdb debug
- - - - -
099a0397 by Mark Reynolds at 2022-11-16T10:59:22-05:00
Issue 5529 - UI - Fix npm vulnerability in loader-utils
Description: fix vulnerability in loader-utils
relates: https://github.com/389ds/389-ds-base/issues/5529
Reviewed by: spichugi(Thanks!)
- - - - -
e0921ec1 by tbordaz at 2022-11-17T14:21:17+01:00
Issue 3729 - RFE Extend log of operations statistics in access log (#5508)
Bug description:
Create a per operation framework to collect/display
statistics about internal ressource consumption
Fix description:
The fix contains 2 parts
The framework, that registers a per operation object extension
(op_stat_init). The extension is used to store/retrieve
collected statistics.
To reduce the impact of collecting/logging it uses a toggle
with config attribute 'nsslapd-statlog-level' that is a bit mask.
So that data are collected and logged only if the appropriate
statistic level is set.
An exemple of statistic level regarding indexes fetching
during the evaluation of a search filter.
it is implemented in filterindex.c (store) and result.c (retrieve/log).
This path uses LDAP_STAT_READ_INDEX=0x1.
For LDAP_STAT_READ_INDEX, the collected data are:
- for each key (attribute, type, value) the number of
IDs
- the duration to fetch all the values
design https://www.port389.org/docs/389ds/design/log-operation-stats.html
relates: #3729
Reviewed by: Pierre Rogier, Mark Reynolds (thanks !)
- - - - -
b5e480f4 by Mark Reynolds at 2022-11-17T15:17:56-05:00
Issue 5532 - Make db compaction TOD day more robust.
Bug Description:
The time of day compaction setting does promise that the compaction
will happen as configured. This is becuase the compaction interval
starts when the server is started. Once it wakes up and we are "past"
the TOD setting then we compact, but it can happen at any time
once the TOD has passed.
Fix Description:
Once the compaction interval is hit we create an "event" with the
exact time the compaction should start.
relates: https://github.com/389ds/389-ds-base/issues/5532
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
d20b91b2 by Mark Reynolds at 2022-11-18T07:47:52-05:00
Bump verison to 2.3.1
- - - - -
30 changed files:
- + .copr/Makefile
- .github/scripts/generate_matrix.py
- .github/workflows/compile.yml
- + .github/workflows/npm.yml
- .github/workflows/pytest.yml
- + .github/workflows/release.yml
- + .github/workflows/validate.yml
- Makefile.am
- README.md
- VERSION.sh
- configure.ac
- + dirsrvtests/check_for_duplicate_ids.py
- dirsrvtests/conftest.py
- dirsrvtests/create_test.py
- + dirsrvtests/report.py
- dirsrvtests/requirements.txt
- + dirsrvtests/testimony.yaml
- + dirsrvtests/tests/data/entryuuid/localhost-userRoot-invalid.ldif
- + dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/cn=schema/cn={5}test.ldif
- dirsrvtests/tests/data/openldap_2_389/1/slapd.d/cn=config/olcDatabase={1}mdb.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/cn=module{0}.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/cn=schema.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/cn=schema/cn={0}core.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/cn=schema/cn={2}nis.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/olcDatabase={0}config.ldif
- + dirsrvtests/tests/data/openldap_2_389/5323/slapd.d/cn=config/olcDatabase={1}mdb.ldif
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/2d8ea2943b876b62bbf2ec5e9d9316c51cf6d40d...d20b91b26a782222074c3d0b0757be6b79e06d26
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/2d8ea2943b876b62bbf2ec5e9d9316c51cf6d40d...d20b91b26a782222074c3d0b0757be6b79e06d26
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20230120/17207cf9/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list