[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 107 commits: Bump version to 2.3.1
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Mon Jun 12 08:53:05 BST 2023
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base
Commits:
6ad8f075 by Mark Reynolds at 2022-11-18T08:54:06-05:00
Bump version to 2.3.1
- - - - -
06e96874 by Simon Pichugin at 2022-11-18T07:02:12-08:00
Issue 5534 - Add copyright text to the repository files
Description: We need to have copyright texts around our files and
some of it is missing. This commit adds the copyright to tests and
lib389.
Also, add an automatic generator in the create_test.py script.
Fixes: https://github.com/389ds/389-ds-base/issues/5534
Reviewed by: @mreynolds389, @progier389 (Thanks!)
- - - - -
83949f6d by Simon Pichugin at 2022-11-18T09:21:32-08:00
Issue 5534 - Fix a rebase typo (#5537)
Description: Fix a minor typo in config/compact_test.py.
Related: https://github.com/389ds/389-ds-base/issues/5534
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
ba9d8b3b by tbordaz at 2022-11-21T11:41:15+01:00
Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538)
Bug description:
This is a continuation of the #3729
The previous fix did not manage internal SRCH, so
statistics of internal SRCH were not logged
Fix description:
For internal operation log_op_stat uses
connid/op_id/op_internal_id/op_nested_count that have been
computed log_result
For direct operation log_op_stat uses info from the
operation itself (o_connid and o_opid)
log_op_stat relies on operation_type rather than
o_tag that is not available for internal operation
relates: #3729
Reviewed by: Pierre Rogier
- - - - -
3e814cfb by Stanislav Levin at 2022-11-22T15:21:11+01:00
Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542)
Fix Description:
Replace `name` with `be_name`.
relates: https://github.com/389ds/389-ds-base/issues/5541
Reviewed by: progier (Thanks)
- - - - -
b0f8c322 by Stanislav Levin at 2022-11-22T15:22:46+01:00
Issue 5539 - Make logger's parameter name unified (#5540)
Description: Some of the functions of `lib389.cli_conf.security`
used `log` as logger's parameter name while another ones - `logs`.
This lead to regression like #5539.
Fix Description:
Replace `logs` with `log`.
relates: https://github.com/389ds/389-ds-base/issues/5539
Reviewed by: mreynolds (Thanks)
- - - - -
89160f7a by Firstyear at 2022-11-24T09:55:46+10:00
Issue 5526 - RFE - Improve saslauthd migration options (#5528)
Bug Description: We should improve our migration paths
from openldap to allow the commonly used saslauthd plugin.
Fix Description: This adds the import transform to convert
users to use the nsSaslauthId field. This also adds a helper
in migration to enable the plugins as needed. Finally this
also adds some hardening to pam_pta.
fixes: https://github.com/389ds/389-ds-base/issues/5526
Author: William Brown <william at blackhats.net.au>
Review by: @progier389
- - - - -
08c21134 by Mark Reynolds at 2022-11-28T10:34:31-05:00
Issue 5544 - Increase default task TTL
Description: Increase the Time To Live of tasks from 1 hour to 12 hours
relates: https://github.com/389ds/389-ds-base/issues/5544
Reviewed by: progier(Thanks!)
- - - - -
8e32e5f4 by William Brown at 2022-12-06T10:53:26+10:00
Issue 5521 - BUG - Pam PTA multiple issues
Bug Description: Pam PTA and the lib389 cli had numerous
issues that were affecting administration and configuration.
Fix Description: This fixes many issues:
* add pam-[enable,disable,show] seperate to pta enable. We can't
combine these into one because they are seperate plugins. They
also still needs ways to enable them outside of the direct
config attribute manipulation.
* Make pamMissingSuffix return a default of IGNORE on NONE. This
is because many of the current tools don't actually set this
value and it can block server restarts.
* pamSecure would not warn properly on lack of TLS connections
which can trick users into thinking the plugin is not working.
fixes: https://github.com/389ds/389-ds-base/issues/5521
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck (Thanks!)
- - - - -
a8ae3421 by William Brown at 2022-12-06T10:53:26+10:00
Issue 5521 - RFE - split pass through auth cli
Bug Description: The pass through auth cli previously
was a "merge" of both ldap pass through and pam pass through. These
two do not share any commonality, and actually conflict on each other.
This caused a lot of confusion, especially in documentation where it
wasn't clear how to use either feature as a result.
Fix Description: Split the cli into two seperate plugins with their own
config domains. This clarifies the situation for users, and makes it far
easier to configure the various pass through layers.
fixes: https://github.com/389ds/389-ds-base/issues/5521
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @droideck (Thanks!)
- - - - -
b329cc48 by Viktor Ashirov at 2022-12-12T19:05:30+01:00
Issue 5561 - Nightly tests are failing
Bug Description:
We use ubuntu-latest as our runner image for testing in containers.
Recently there was a switch from 20.04 to 22.04 that caused test failures.
Fix Description:
* Pin runner image to 22.04
* Remove cgroups mount from docker cmd since ubuntu-22.04 now supports cgroupsv2
Fixes: https://github.com/389ds/389-ds-base/issues/5561
Reviewed-by: @droideck (Thanks!)
- - - - -
861d032e by Simon Pichugin at 2022-12-12T16:39:46-08:00
Issue 5554 - Add more tests to security_basic_test suite (#5555)
Description: Add tests for ANONYMOUS_BIND and TLSCLIENTAUTH
cases (including CERT_MAP_FAILED).
Fix minor test structure issues.
Fixes: https://github.com/389ds/389-ds-base/issues/5554
Reviewed by: @mreynolds389, @Firstyear (Thanks!)
- - - - -
6aa7a6d5 by Mark Reynolds at 2022-12-13T12:08:35-05:00
Issue 5413 - Allow mutliple MemberOf fixup tasks with different bases/filters
Description:
A change was made to only allow a single fixup task at a time, but there are
cases where you would want to run mutliple tasks but on different branches/filters.
Now we maintain a linked list of bases/filters of the current running tasks to
monitor this.
relates: https://github.com/389ds/389-ds-base/issues/5413
Reviewed by: tbordaz(Thanks!)
- - - - -
3ba81948 by Mark Reynolds at 2022-12-15T13:17:00-05:00
Update specfile and rust crates
Reviewed by: spichugi(Thanks!)
- - - - -
5a12552b by Mark Reynolds at 2022-12-15T17:48:44-05:00
Issue 3615 - CLI - prevent virtual attribute indexing
Description:
Do not allow virtual attributes to be indexed because it breaks search results
relates: https://github.com/389ds/389-ds-base/issues/3615
Reviewed by: spichugi(Thanks!)
- - - - -
bb5df9d4 by progier389 at 2022-12-16T16:18:40+01:00
Issue 5545 - A random crash in import over lmdb (#5546)
* Issue 5545 - A random crash in import over lmdb
* Issue 5545 - Fix reviews remarks
Random crash due to an accelerator that bypass lock while dequeueing worker thread entry but that cause synchronization issue around the hardware memory cache)
Solution: lock systematically to perform a membar that ensure proper synchronization.
(It does not impact the performances because the provider -> worker queue is not the performance bottleneck.
(that is the writer thread database operation that limits the throughput)
Also added 2 improvements:
Use MDB_NOSYNC flags during off-line import (Anyway if the process is interrupted the import must be rerun)
Log regularly some statistics about import writer thread (to help determining if the import bottleneck is because
the thread is waiting for input data or waiting that the lmdb operation complete
- - - - -
84e8fdd3 by progier389 at 2022-12-16T17:35:19+01:00
Issue 5558 - non-root instance fails to start on creation (#5559)
issue: non root installation fails to start after the default storage scheme change.
The solution is to avoid removing the RUST storage scheme from dse.ldif templates while preparing the non root user installation.
- - - - -
a94ae27a by Mark Reynolds at 2022-12-16T11:46:26-05:00
Issue 5425 - CLI - add confirmation arg when deleting backend
Description: Add "--do-it" CLI argument when deleting a backend and its subsuffixes
fixes: https://github.com/389ds/389-ds-base/issues/5425
Reviewed by: tbordaz & progier(Thanks!!)
- - - - -
f60e479a by Mark Reynolds at 2022-12-16T11:48:46-05:00
Issue 5531 - CI - use universal_lines in capture_output
Description: Use backwards compatible universal_lines in capture_output()
relates: https://github.com/389ds/389-ds-base/issues/5531
Reviewed by: progier(Thanks!)
- - - - -
ed231df0 by Mark Reynolds at 2022-12-16T13:30:08-05:00
Issue 5278 - CLI - dsidm asks for the old password on password reset
Description: If we are chaning a password as Root DN we don't
need the old password
relates: https://github.com/389ds/389-ds-base/issues/5278
Reviewed by: progier(Thanks!)
- - - - -
145f48d2 by progier389 at 2022-12-21T19:36:07+01:00
Issue 5550 - dsconf monitor crashes with Error math domain error (#5553)
* Issue 5550 - dsconf monitor crashes with Error math domain error
Problem: db computes negative db cache free space when db cache use is
above 50% because the wrong page size is used for computation.
Solution: provide the mempool page size in monitor query and use it in dbmon
Also fixing an issue around the changelog db page size.
- - - - -
af128776 by Mark Reynolds at 2023-01-03T08:37:44-05:00
Issue 5236 - UI add specialized group edit modal
Description:
Added a modal for handling groups: viewing, adding and removing members
Revised overall project:
- "Search Base" handling using a label button was not intuitive. Changed it a more recognizable href.
- Made table "trash Can" icons visibly clickable
- Edit/add entry wizard, the big red "Empty Value!" label is no longer displayed while you edit the value
relates: https://github.com/389ds/389-ds-base/issues/5236
Reviewed by: spichugi(Thanks!)
- - - - -
81c34adc by dependabot[bot] at 2023-01-03T10:21:30-05:00
Bump json5 from 2.2.1 to 2.2.3 in /src/cockpit/389-console
Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v2.2.1...v2.2.3)
---
updated-dependencies:
- dependency-name: json5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support at github.com>
- - - - -
95d83df8 by Mark Reynolds at 2023-01-05T08:56:58-05:00
Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth
Description: Previously PAM and LDAP pass thru auth plugins were merged. This change
separates them into their own plugins in the UI.
Also improved memory reporting in monitor tab.
relates: https://github.com/389ds/389-ds-base/issues/5521
Reviewed by: spichugi(Thanks!)
- - - - -
bafacd27 by Simon Pichugin at 2023-01-05T08:10:04-08:00
Issue 5585 - lib389 password policy DN handling is incorrect (#5587)
Description: After a migration between major DS versions, it can happen
that already existing password policies will have 'cn' that contains
a valid DN in double quotes "". We need to strip the quotes before
processing the DN with python-ldap.
Fixes: https://github.com/389ds/389-ds-base/issues/5585
Reviewed by: @tbordaz, @mreynolds389 (Thanks!)
- - - - -
2c28c895 by Mark Reynolds at 2023-01-05T15:36:25-05:00
Issue 5588 - Fix CI tests
Description:
Fix ACL tests that no longer return IndexError but instead return empty list
Fix db_home tests when in container and regular db dir is used instead
Fix repl monitor test where args_instance was not declared before treating it as dict
relates: https://github.com/389ds/389-ds-base/issues/5588
Reviewed by: ?
- - - - -
7def4959 by Mark Reynolds at 2023-01-06T19:18:47-05:00
Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries
description: dsidm account allow doing bulk updates to a bunch of entries.
Add options for setting a filter, scope, and base, whether
to continue on error.
relates: https://github.com/389ds/389-ds-base/issues/5348
Reviewed by: spichugi(Thanks!)
- - - - -
acfc4d7a by Mark Reynolds at 2023-01-09T13:28:29-05:00
Issue 5599 - CI - webui tests randomly fail
Description: Add sleeps to deal with slow machines
relates: https://github.com/389ds/389-ds-base/issues/5599
Reviewed by: progier389(Thanks!)
- - - - -
3baaa042 by Mark Reynolds at 2023-01-09T13:37:30-05:00
Fix latest npm audit failures
Reviewed by: spichugi(Thanks!)
- - - - -
6a4b49a8 by Firstyear at 2023-01-10T13:40:47+10:00
Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592)
Bug Description: When an invalid replication config exists,
replica_get_cl_info can return null. The lack of a null check in
cl5configtrim can lead to a SIGSEGV
Fix Description: Check for the NULL case.
fixes: https://github.com/389ds/389-ds-base/issues/5591
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
9e8d42c1 by Mark Reynolds at 2023-01-10T08:57:05-05:00
Issue 5593 - CLI - dsidm account subtree-status fails with TypeError
Description: The was a problem with the function parameters being passed to the
filter method, and we were missing a parameter for the print entry function.
relates: https://github.com/389ds/389-ds-base/issues/5593
Reviewed by: spichugi(Thanks!)
- - - - -
ea5daa5d by Mark Reynolds at 2023-01-11T09:42:23-05:00
Issue 5581 - UI - Support cockpit dark theme
Description: We were previously overriding the background color which caused
issues with the dark theme.
Also changed database tree to add a "Create Suffix" Icon in the
tree instead of the button below the tree
Fixed browser crash in "edit entry" when changing read only
variable
relates: https://github.com/389ds/389-ds-base/issues/5581
Reviewed by: spichugi(Thanks!)
- - - - -
aeebd5a0 by Mark Reynolds at 2023-01-12T10:39:02-05:00
Issue 5602 - UI - browser crash when trying to modify read-only variable
Description: Existing code that used to work (incorrectly) is now causing issues.
Need to use "let" instead of "const".
relates: https://github.com/389ds/389-ds-base/issues/5602
Reviewed by: spichugi(Thanks!)
- - - - -
10b3110d by progier389 at 2023-01-16T15:08:54+01:00
Issue 5605 - Adding a slapi_log_backtrace function in libslapd (#5606)
Moving log_stack out of db-mdb code to libslapd and renaming it as slapi_log_backtrace.
- - - - -
b8c90a5a by James Chapman at 2023-01-17T11:42:56+00:00
Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584)
RFE description: There's no way to create a private key and a CSR with
dsconf/Cockpit. However, features for importing a certificate exists, but DS also
requires the private key in the NSS database to use the certificate
Fix Description: Modify dsconf/UI to allow creation of a CSR.
relates: https://github.com/389ds/389-ds-base/issues/3604
Reviewed by: @mreynolds389, @droideck (Thank you)
- - - - -
010ac612 by progier389 at 2023-01-18T16:57:03+01:00
Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579)
when run by a non root user some of dscreate default values of the template options are requiring superuser privileges.
Solution: Changing the default value for port, secure_port, selinux, systemd when uid is not 0
- - - - -
aa2f8435 by Mark Reynolds at 2023-01-19T20:01:36-05:00
Issue 5608 - UI - need to replace some "const" with "let"
Description: Browsers are becoming for strict about jvascript and there were
places where a const varaible was being modified. This is now crashing the
server. So to be overly cautious a lot of consts were changed just to be safe.
relates: https://github.com/389ds/389-ds-base/issues/5608
Reviewed by: spichugi(Thanks!)
- - - - -
b09b069f by Viktor Ashirov at 2023-01-21T13:20:10+01:00
Issue #5610 - Build failure on Debian
Bug Description:
On Debian libslapd.so is not getting linked with libcrypto.so,
which results in `undefined reference` link errors.
Fix Description:
Move -lssl and -lcrypto for libslapd.so from LDFLAGS to LIBADD.
Fixes: https://github.com/389ds/389-ds-base/issues/5610
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
6d73cc23 by Mark Reynolds at 2023-01-23T07:47:36-05:00
Issue 5607, 5351, 5611 - UI/CLI - fix various issues
Descriptrion:
5607 - Ldap Editor failed to decode base64 values
5351 - CLI - Cockpit enable check for cockpit package was not portable
(just removed this check)
5611 - Security page had a lot of issues when trying to change the Server
Certificate. Save didn't work, and "Security Enable" modal would
crash
relates: https://github.com/389ds/389-ds-base/issues/5607
relates: https://github.com/389ds/389-ds-base/issues/5351
relates: https://github.com/389ds/389-ds-base/issues/5611
Reviewed by: spichugi(Thanks!)
- - - - -
14943d56 by Mark Reynolds at 2023-01-23T08:30:34-05:00
Issue 5547 - automember plugin improvements
Description:
Rebuild task has the following improvements:
- Only one task allowed at a time
- Do not cleanup previous members by default. Add new CLI option to intentionally
cleanup memberships before rebuilding from scratch.
- Add better task logging to show fixup progress
To prevent automember from being called in a nested be_txn loop thread storage is
used to check and skip these loops.
relates: https://github.com/389ds/389-ds-base/issues/5547
Reviewed by: spichugi(Thanks!)
- - - - -
e5375101 by Mark Reynolds at 2023-01-23T10:38:35-05:00
Bump version to 2.3.2
- - - - -
70ab219a by Mark Reynolds at 2023-01-26T13:50:52-05:00
Issue 5497 - boolean attributes should be case insensitive
Description: Boolean values are supposed to be case insensitive, but in our
code it is senstiive even though the code is in the "cis" file.
relates: https://github.com/389ds/389-ds-base/issues/5497
Reviewed by: spichugi(Thanks!)
- - - - -
ddc6e777 by progier389 at 2023-01-27T15:43:08+01:00
Issue 5578 - dscreate ds-root does not normaile paths (#5613)
Problem: dscreate ds-root or subsequent dscreate from-root command fails if either the root prefix or the
optional bin path are not normalized.
Solution: both the root prefix and the bin directory are now normalized.
- - - - -
3813f799 by Florian Schmaus at 2023-01-30T08:28:39-05:00
Remove stale libevent(-devel) dependency
It appears that the last user of libevent disappeared with
44e92dc8b900 ("Ticket 50669 - remove nunc-stans").
- - - - -
69978d13 by Mark Reynolds at 2023-02-02T08:13:22-05:00
Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees
Description: There are customers who do not use "ou=groups" or "ou=people" for
theior users and groups. This RFE allows the user/group RDN to be customized
in the .dsrc file
relates: https://github.com/389ds/389-ds-base/issues/4293
Reviewed by: spichugi(Thanks!)
- - - - -
a9a72616 by progier389 at 2023-02-06T16:33:02+01:00
Issue 4577 - Add LMDB pytest github action (#5627)
Duplicate the pytest workflow and it seems to work nicely (The github limit of 20 concurrent jobs prevents that too many tests run at the same time)
Furthermore as the bdb and lmdb tests run on different containers it ensure a proper test separations.
Note: There is a discussion whether we should re factorize or not these actions but if we ever decide to do it, we could do it later on.
- - - - -
5cbcd502 by dependabot[bot] at 2023-02-07T16:30:56+01:00
Bump tokio from 1.24.1 to 1.25.0 in /src (#5629)
Update cargo.lock to upgrade "tokio" rust component to 1.25
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.24.1 to 1.25.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.24.1...tokio-1.25.0)
---
updated-dependencies:
- dependency-name: tokio
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support at github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- - - - -
b3bb074c by Mark Reynolds at 2023-02-07T13:27:13-05:00
Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates
Description:
Allow exporting CA and server certificates
Allow importing a certificate by pasting the base64 encoded certificate text into a form,
choosing a certificate from the server's cert dir, or uploading PEM file from the client
system.
relates: https://github.com/389ds/389-ds-base/issues/5624
Reviewed by: spichugi(Thanks!)
- - - - -
f195c9de by progier389 at 2023-02-08T15:23:06+01:00
Issue 5637 - Covscan - fix Buffer Overflows (#5638)
Covscan reports:
. 389-ds-base-2.2.4/ldap/servers/slapd/conntable.c:138: suspicious_sizeof: Passing argument "table_size * 16UL /* sizeof (struct PRPollDesc) */" to function "slapi_ch_calloc" and then casting the return value to "struct PRPollDesc **" is suspicious.
And indeed memory space is wasted because a buffer larger than the expected one is allocated in connection table code: it should be: ct->list_num *sizeof(struct PRPollDesc*).
Issue: 5637
Reviewed by: @mreynolds389, @jchapma. Thanks !
- - - - -
6d3009f3 by progier389 at 2023-02-08T17:16:09+01:00
Issue 5634 - Deprecated warning related to github action workflow code (#5635)
Problem github action pytest reports deprecated warnings about actions/upload-artifact at v2 and set-output
Fix:
replaced actions/upload-artifact at v2 by actions/upload-artifact at v3
replaced run: echo "::set-output name=varName::value" by run: echo "varName=value" >> $GITHUB_OUTPUT
Issue: 5634
Reviewed by: @vashirov, Thanks !
- - - - -
856d7f0d by progier389 at 2023-02-08T19:07:18+01:00
Issue 5517 - Replication conflict CI test sometime fails (#5518)
fix a Modrdn conflict resolution issue because wrong dn is used
to rename the subtree in entryrdn index.
- - - - -
cee276d3 by Mark Reynolds at 2023-02-08T17:53:52-05:00
Issue 5632 - CLI - improve error handling with db2ldif
Description: Have the CLI check if the ldif location exists. This also prevents
the database from getting trashed by skipping the export attempt.
relates: https://github.com/389ds/389-ds-base/issues/5632
Reviewed by: progier & spichugi(Thanks!)
- - - - -
66438b4d by Firstyear at 2023-02-09T11:29:03+10:00
Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639)
Bug Description: The IDL scan limit existed as a naive attempt
at query optimisation to force longer IDLs to be skipped in favour
of short IDLs. However, since we now have a true query optimiser
that can handle this correctl, the IDL scan limit is redundant and
not functional. The only condition the IDL scan limit can now impact
is making queries slower by rejecting the use of longer IDLs when
shortcut conditions are not possible.
Fix Description: Raise the IDL Scan Limit to INT_MAX to observe
the results. In the future we can remove the code entirely.
fixes: https://github.com/389ds/389-ds-base/issues/2435
Author: William Brown <william at blackhats.net.au>
Review by: @progier389 @mreynolds389
- - - - -
1b4f5a5b by Mark Reynolds at 2023-02-10T07:52:45-05:00
Issue 5630 - CLI - error messages should goto stderr
Description: Previously all CLI output (error not not) was sent to
stdout when it should really goto stderr.
Add new handle/filter for stdout messages
relates: https://github.com/389ds/389-ds-base/issues/5630
Reviewed by: spichugi & progier (Thanks!!)
- - - - -
a5b15583 by James Chapman at 2023-02-13T11:55:23+00:00
Issue 5648 - Covscan - Compiler warnings (#5651)
Description: A covscan report on 389-ds-base=-2.2.4 reported
two compiler warnings.
Defect type: COMPILER_WARNING
389-ds-base-2.2.4/ldap/servers/plugins/retrocl/retrocl_trim.c:458:27:
warning[-Wmaybe-uninitialized]: 'trim_interval' may be used uninitialized in this function
Defect type: COMPILER_WARNING
389-ds-base-2.2.4/ldap/servers/plugins/retrocl/retrocl_trim.c:26:40:
warning[-Wint-conversion]: initialization of 'int' from 'void *' makes integer from pointer without a cast
One has since been fixed, this is for the remaining one.
relates: https://github.com/389ds/389-ds-base/issues/5648
Reviewed by: @mreynolds389 (Thanks)
- - - - -
e4ed5a8a by progier389 at 2023-02-13T16:59:00+01:00
Issue 5628 - Handle graceful timeout in CI tests (#5657)
Issue: Sometime CI test fails because github workflow timeout of 6 hour is triggered and in this case there
is no data to help troubleshooting except that timeout occurred.
Solution: Implement a 5 hour timeout in topologies fixture so that test result artefacts get collected before
github timeout. when the timeout occurs: the pytest test fails because of a TimeoutError exception and ns-slapd get killed first with SIGTERM then with SIGQUIT ( to get the core file in case of deadlock )
Specific Test modules may configure their own timeout by adding an autouse fixture
(see dirsrvtests/tests/suites/lib389/timeout_test.py)
Issue: 5628
Reviewed by: @mreynolds389
- - - - -
9710cf1c by progier389 at 2023-02-13T17:05:45+01:00
Issue 5652 - Libasan crash in replication/cascading_test (#5659)
got a crash when running replication/cascading_test on with an asan build. at repl_extop.c:486
And review shows that the code is suspicious.
Issue: [5652](https://github.com/389ds/389-ds-base/issues/5652)
Reviewed by: @mreynolds389
- - - - -
0235b062 by Mark Reynolds at 2023-02-13T11:46:02-05:00
Issue 5653 - covscan - fix invalid dereference
Description:
389-ds-base-2.2.4/ldap/servers/slapd/tools/dbscan.c:1111: var_deref_model: Passing null pointer "dump" to "fclose", which dereferences it.
389-ds-base-2.2.4/ldap/servers/slapd/result.c:2022: check_after_deref: Null-checking "op" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
389-ds-base-2.2.4/ldap/servers/slapd/result.c:2019: var_deref_model: Passing null pointer "op" to "operation_is_flag_set", which dereferences it.
relates: https://github.com/389ds/389-ds-base/issues/5653
Reviewed by: jchapman(Thanks!)
- - - - -
8a14402f by Mark Reynolds at 2023-02-13T11:50:12-05:00
Issue 5658 - CLI - unable to add attribute with matching rule
Description: dsconf incorrectly allows for multiple matching rules of the
same type (equality, substr, etc). This causes python-ldap to get upset
and error out. Change arguments to only allow one matching rule per type.
relates: https://github.com/389ds/389-ds-base/issues/5658
Reviewed by: progier(Thanks!)
- - - - -
db7be9fb by progier389 at 2023-02-14T13:34:10+01:00
issue 5647 - covscan: memory leak in audit log when adding entries (#5650)
covscan reported an issue about "vals" variable in auditlog.c:231 and indeed a charray_free is missing.
Issue: 5647
Reviewed by: @mreynolds389, @droideck
- - - - -
4a9bd39f by Mark Reynolds at 2023-02-14T08:10:47-05:00
Issue 5640 - Update logconv for new logging format
Description: Some of the "closed" m,essages inteh access log are now a mixed
case, and logconv should be able to process it.
relates: https://github.com/389ds/389-ds-base/issues/5640
Reviewed by: jchapman & tbordaz (Thanks!!)
- - - - -
4caf70ca by Mark Reynolds at 2023-02-14T13:51:23-05:00
Issue 5646 - CLI/UI - do not hardcode password storage schemes
Description: Previously all the password storage schemes were hardcoded
in the UI. Now dsconf can list all the current schemes the
server supports
relates: https://github.com/389ds/389-ds-base/issues/5636
Reviewed by: spichugi(Thanks!)
- - - - -
901316e5 by Mark Reynolds at 2023-02-14T13:55:12-05:00
Issue 5630 - CLI - need to add logging filter for stdout
Description: A logging filter was added for stderr, and we now need one for
stdout, otherwise we are getting duplicate output from cli tools
relates: https://github.com/389ds/389-ds-base/issues/5630
Reviewed by: spichugi(Thanks!)
- - - - -
c0e2f684 by Viktor Ashirov at 2023-02-14T20:57:10+01:00
Issue 5642 - Build fails against setuptools 67.0.0
Bug Description:
`setuptools` 67.0.0 vendors `packaging` 23.0 which dropped `LegacyVersion`.
Fix Description:
Replace `LegacyVersion` with `DSVersion` to compare version strings that are
not compatible with PEP 440 and PEP 508.
Reviewed by: @mreynolds389, @progier389
Fixes: https://github.com/389ds/389-ds-base/issues/5642
- - - - -
c69f2691 by Mark Reynolds at 2023-02-16T20:04:12-05:00
Issue 5162 - Lib389 - verify certificate type before adding
Description: Verify that when importing a certificate that is the correct
type. Also cleanup temporary certs that are created when
processing a bundle of certs in a PEM file.
relates: https://github.com/389ds/389-ds-base/issues/5162
Reviewed by: spichugi(Thanks!)
- - - - -
fd6b417f by progier389 at 2023-02-20T16:14:05+01:00
Issue 5647 - Fix unused variable warning from previous commit (#5670)
* issue 5647 - memory leak in audit log when adding entries
* Issue 5647 - Fix unused variable warning from previous commit
- - - - -
11c5a0e5 by Mark Reynolds at 2023-02-20T10:24:37-05:00
Issue 5567 - CLI - make ldifgen use the same default ldif name for all options
Description: For consistency just use the server's ldif directory for all
the default ldif locations
relates: https://github.com/389ds/389-ds-base/issues/5667
Reviewed by: vashirov(Thanks!)
- - - - -
79214f5b by Mark Reynolds at 2023-02-20T10:46:26-05:00
Issue 5666 - CLI - Add timeout parameter for tasks
Description: Add a timeout argument for all dsconf tasks
relates: https://github.com/389ds/389-ds-base/issues/5666
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
c70918d1 by Mark Reynolds at 2023-02-20T13:21:13-05:00
Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn
Description: Fix CI test to properly set the nsslapd-return-original-entrydn
and to restart the server after changing the config setting.
relates: https://github.com/389ds/389-ds-base/issues/5267
Reviewed by: vashirov(Thanks!)
- - - - -
d7e64128 by James Chapman at 2023-02-21T15:14:08+00:00
Issue 5671 - covscan - clang warning (#5672)
Description: covscan reported CLANG_WARNING
relates: https://github.com/389ds/389-ds-base/issues/5671
Reviewed by: @progier389 (Thank you)
- - - - -
a4c4e4ec by tbordaz at 2023-02-22T15:06:52+01:00
Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604)
Bug description:
A part of the fix #5170 append '(objectclass=referral)' to
the original filter (in subtree scope) in order to conform
smart referral support https://www.ietf.org/rfc/rfc3296.txt
This triggers a drop on SRCH throughput (10%).
#5598 limits the case when '(objectclass=referral)' is added
- Most of the time a server does not contain smart referral.
So most of the time it is useless to add that subfilter
- It should not be added for internal searches
Fix description:
A mechanism periodically (each 30s) checks if there are
smart referral entries (referral_check) under each backends.
Note that if a smart referral is present in a subsuffix,
the parent suffix inherits the referral flag.
When a smart referral is detected or no more smart
referral is detected it logs a information message.
During a direct subtree search, 'objectclass=referral' is
append at the condition it exists at least a referral
under the backend.
relates: #5598
Reviewed by: Mark Reynolds, Pierre Rogier, William Brown (Thanks)
- - - - -
e97cb61d by Mark Reynolds at 2023-02-22T12:03:21-05:00
Issue 5162 - CI - fix error message for invalid pem file
Description: With recent changes to certificate validation the error message
has changed and the CI needs to be updated.
relates: https://github.com/389ds/389-ds-base/issues/5162
Reviewed by: spichugi(Thanks!)
- - - - -
b110f3bf by Mark Reynolds at 2023-02-23T14:29:33-05:00
Issue 5640 - Update logconv for new logging format
Description: Some of the "closed" messages have been replaced by "disconnect"
The tool needs to handles these changes
relates: https://github.com/389ds/389-ds-base/issues/5640
Reviewed by: spichugi(Thanks!)
- - - - -
bff3167c by Mark Reynolds at 2023-02-27T11:12:00-05:00
Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled
Description:
Our factory extension code was not designed to work with dynamic plugins. It
assumes all extensions are registered at startup. If extensions are added
after startup (when dynamic plugins is enabled) then this breaks. The fix is
to keep track of how many extensions were allocated per object, instead of
relying on the global extension count.
Patch written by Pierre Rogier - thanks!
relates: https://github.com/389ds/389-ds-base/issues/5600
Reviewed by: jachapman (Thanks!)
- - - - -
ae003cdb by Mark Reynolds at 2023-02-27T16:38:22-05:00
Issue 3604 - UI - Add support for Subject Alternative Names in CSR
Description: Add support for SAN in the UI. Update CLI to also provide
SAN info when listing CSR. Updated UI to list SAN in CSR
Table
relates: https://github.com/389ds/389-ds-base/issues/3604
Reviewed by: spichugi(Thanks!)
- - - - -
5d26020e by Vladimir Cech at 2023-03-01T09:55:00+01:00
Issue 4758 - Add tests for WebUI
Description:
Added WebUI test for replication tab.
Relates: https://github.com/389ds/389-ds-base/issues/4758
Reviewed by: @bsimonova
- - - - -
a511f018 by Mark Reynolds at 2023-03-01T14:10:39-05:00
Issue 4583 - Update specfile to skip checks of ASAN builds
Description: Need to skip check for ASAN builds otherwise builds never complete
relates: https://github.com/389ds/389-ds-base/issues/5683
Reviewed by: spichugi(Thanks!)
- - - - -
9000a256 by Barbora Simonova at 2023-03-02T10:28:25+01:00
Issue 5554 - Add more tests to security_basic_test suite
Description:
Add test for TCP_ERROR maxbersize B2 scenario.
Relates: https://github.com/389ds/389-ds-base/issues/5554
Reviewed by: @droideck, @mreynolds389, @vashirov (Thanks!)
- - - - -
5a755180 by progier389 at 2023-03-02T17:34:21+01:00
Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV (#5676)
* Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV
* Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV - Use readonly iteration on bdb should be txn less
* Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV - Added a comment
Problem:
Tests that:
rebuilding the changelog RUV
perform changelog trimming (i.e any test that are long enough)
purge a Replica ID in the changelog (i.e demote a supplier/ cleanruv)
Are hanging on lmdb until killed by the timeout because the changelog iterator loops on first entry.
Reason:
It is due to a difference in the way bdb and lmdb cusor get works when it is the first cursor operation and
no key is provided. (bdb returns first key while lmdb fails). Because of that db-mdb layers use MDB_FIRST when no key is provided.
Solution:
Add a new dbimp function that iterates over a cursor calling a callback with key and value for all the records
(until either the end of the database or the callback says to stop)
This is more efficient than current code that walk the cursor through dbimpl API at the replication plugin level
because it avoids the dbimpl API overhead (especially in lmdb case)
furthermore it allows to easily handle the dbs specificity.
Fixed the changelog RUVs rebuild to walk the changelog (using the new dbimpl function) only once instead of twice (collecting min and max for all replica ids then building both standard and purge ruv from these data
Fixed the changelog trimming code to use the new changelog iterator, also fixed the way the purge ruv get updated (using now the first csn in the changelog (for the replicas whose csn get removed) instead of the last removed csn )
Fixed the changelog rid purge code to use the new changelog iterator
Note: The changelog replication replay iterator is not impacted by this bug and is not changed.
Also fixed a regression related to the addition of timeout in the test topology
( m1h1c1 topology is slightly different from the older version and is having a hub->supplier agreement which is
making some test fail. Fixed that topology to remove that agreement.)
Issue: [5661](#5661
Reviewed by: @tbordaz ( Thanks! )
- - - - -
8483d60d by Mark Reynolds at 2023-03-06T07:29:55-05:00
Issue 5687 - UI - sensitive information disclosure
Bug Description: In several places either the clear text password or the pasword
hash can be read by unpriviledged users.
Fix Description: When processing user entries do not attempt to decode
userpassword. When setting the password for chaining or
replication agreements/repl manager write the password
to a temporary file that can be passed to the CLI.
Also, improved user add wizard allowing to search attributes
relates: https://github.com/389ds/389-ds-base/issues/5687
Reviewed by: spichugi & vashirov (Thanks!!)
- - - - -
8654301b by tbordaz at 2023-03-08T15:40:29+01:00
Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691)
Bug description:
The first fix 5598 introduce/reveal a leak.
My initial understanding of SLAPI_SEARCH_FILTER and
SLAPI_SEARCH_FILTER_INTENDED was wrong.
Without referral, they are identical (refering to the same
filter). In case of referral, SLAPI_SEARCH_FILTER is
a craft one that *includes* the original
(SLAPI_SEARCH_FILTER_INTENDED).
Fix description:
If there is no referral, SLAPI_SEARCH_FILTER_INTENDED
and SLAPI_SEARCH_FILTER are just identical
relates: #5598
Reviewed by: Mark Reynolds, Pierre Rogier(thanks)
- - - - -
dc565fda by tbordaz at 2023-03-09T16:50:34+01:00
Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692)
Bug description:
The first fix 5598 logs a single and useless message (INFO)
when configuring a backend/mapping tree.
"INFO - slapd_daemon - New referral entries are detected under
dc=example,dc=com (returned to SRCH req)"
The reason is that it checks referral (internal search)
at the backend level. This is called at startup and config.
Upon config it should not be called because backend/
mapping tree are not ready for internal search
Fix description:
Moving the test from ldbm_instance_start(backend) to
startup ldbm_instance_startall (after slapi_mtn_be_started)
relates: #5598
Reviewed by: Mark Reynolds (thanks)
- - - - -
c18a14d9 by dependabot[bot] at 2023-03-15T16:58:03-07:00
Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699)
Bumps [webpack](https://github.com/webpack/webpack) from 5.75.0 to 5.76.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0)
---
updated-dependencies:
- dependency-name: webpack
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support at github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- - - - -
13a0ffd7 by James Chapman at 2023-03-20T10:27:39+00:00
Issue 4812 - Listener thread does not scale with a high num of established connections (#5681)
Description: Adding num listeners config option, some tidy up
relates: https://github.com/389ds/389-ds-base/issues/4812
Reviewed by: tbordaz, Firstyear, progier389 , mreynolds389, droideck (Thank you)
- - - - -
5e4551e9 by James Chapman at 2023-03-20T23:19:08+00:00
Issue 4812 - Listener thread does not scale with a high num of established connections (#5706)
Bug description: Latest commit introduced zero alloc bug.
Fix description: A memory allocation is attempted before the required size is known.
Introduced during rework.
relates: https://github.com/389ds/389-ds-base/issues/4812
Reviewed by: @mreynolds389 (Thank you)
- - - - -
5f1dc41e by Mark Reynolds at 2023-03-22T09:04:01-04:00
Issue 1081 - Stop schema replication from overwriting x-origin
Bug Description:
During schema replication all attributes/objectclasses were rewritten as
"user defined" on the consumer. This was happening because we treated all
schema updates, regardless of the origin, as new "custom" schema.
Fix Description:
If a schema update is a replicated operation do not check/adjust x_origin value.
relates: https://github.com/389ds/389-ds-base/issues/1081
Reviewed by: progier(Thanks!)
- - - - -
7c36748c by Simon Pichugin at 2023-03-22T18:28:37-07:00
Issue 5697 - Obsolete nsslapd-ldapimaprootdn attribute (#5698)
Description: LDAPI code uses nsslapd-ldapimaprootdn to map Unix root entry
to a Root DN entry. It usually has the same value as nsslapd-rootdn.
Changing one attribute but not changing the other leads to a non-functional
autobind configuration that breaks dsconf and WebUI.
LDAPI code should use nsslapd-rootdn value instead of having two separate entries
that should be kept in sync. This should make changing Root DN simpler and without
fear that it will break dsconf or WebUI access.
Fixes: https://github.com/389ds/389-ds-base/issues/5697
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
eab4eefb by tbordaz at 2023-03-28T10:27:01+02:00
Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711)
Bug description:
The RFE #3729 allows to collect index lookups per search
operation. For subtree searches the server lookup ancestorid
and those lookup are not recorded
Fix description:
if statistics are enabled, record ancestorid lookup
relates: #5710
Reviewed by: Mark Reynolds (thanks)
- - - - -
a5617fcd by dependabot[bot] at 2023-03-29T16:52:57-07:00
Bump openssl from 0.10.45 to 0.10.48 in /src (#5709)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.45 to 0.10.48.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.45...openssl-v0.10.48)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support at github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- - - - -
ad0ec0cd by Simon Pichugin at 2023-03-30T19:57:18-07:00
Issue 5701 - CLI - Fix referral mode setting (#5708)
Bug Description: Referral mode not working and failing with error: ERROR: Error:
103 - 10 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral
It happens because in CLI, we set nsslapd-referral to the backend when
it should be set to "cn=mapping tree".
Fix description: Set the attribute to the correct object.
Add get_state and set_state custom functions to BackendSuffixView.
Fix minor typos.
Fixes: https://github.com/389ds/389-ds-base/issues/5701
Reviewed by: @tbordaz, @mreynolds389, @progier389 (Thanks!)
- - - - -
fc34eec5 by Mark Reynolds at 2023-03-31T11:12:34-04:00
Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations
Description:
- DB settings "Look Through Limit" was misspelled, and the "+" increment button was not working
- Configuring logs would not correctly enable/disable the save button
- LDAP Browser - Pagination was not working correctly when you search for attributes/objectclasses. We were also missing some "search" inputs for attributes in some of the forms.
relates: https://github.com/389ds/389-ds-base/issues/5714
Reviewed by: spichugi(Thanks!)
- - - - -
7743b386 by James Chapman at 2023-04-11T11:41:17+00:00
Issue 5705 - Add config parameter to close client conns on failed bind (#5712)
Description: Malformed applications that ignore BIND return code can
load the server with unnecessary requests
Fix description: Add a config option that will allow the closure of a
client connection from server side when a BIND is failing.
relates: https://github.com/389ds/389-ds-base/issues/5707
Reviewed by: @droideck (Thank you)
- - - - -
85ab1bc4 by James Chapman at 2023-04-11T11:52:01+00:00
Issue 5718 - Memory leak in connection table (#5719)
Bug description: duplicate multiple mem allocation cause leak
Fix description: remove duplicate allocation
Fixes: https://github.com/389ds/389-ds-base/issues/5718
Reviewed by: @Firstyear (Thank you)
- - - - -
f0c804b0 by tbordaz at 2023-04-17T15:32:34+02:00
Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727)
Bug description:
With LDBM / BDB separation, LDBM functions like
upgradednformat need to initialize ldbminfo
Fix description:
call dblayer_setup in upgradednformat
relates: #5726
Reviewed by: Simon Pichugin (Thanks)
- - - - -
c4b939b6 by Mark Reynolds at 2023-04-25T15:10:29-04:00
Bump version to 2.3.3
- - - - -
27d38991 by Mark Reynolds at 2023-04-28T08:22:01-04:00
Issue - Copy config files into backup directory
Description: Copy dse.ldif, schema files, certmap.conf, slapd-collations,
and NSS files into the backup. These files are not restored
during a bak2db, so they must be manaully restored (if needed)
relates: https://github.com/389ds/389-ds-base/issues/2562
Reviewed by: firstyear, spichugi, progier, and tbordaz (Thanks!!!!)
- - - - -
c0382a44 by Mark Reynolds at 2023-05-04T14:58:01-04:00
Issue 5749 - RFE - Allow Account Policy Plugin to handle inactivity and expiration at the same time
Description:
Currently Account Policy Plugin as a state attribute and alternate state attribute.
If the main state attribute is NOT present in the entry then it fails back to the
alternate state attribute.
This RFE adds a new setting that tells the plugin to check both state attributes.
The purpose of this is for expiration and inactivity, so this is meant to be used
when the alternate state attribute is 'passwordExpirationtime'. So if the main
state attribute is OK, it will then check the alternate state attribute for
inactivity.
relates: https://github.com/389ds/389-ds-base/issues/5749
Reviewed by: tbordaz & spichugi(Thanks!!)
- - - - -
882a27da by Mark Reynolds at 2023-05-08T08:30:34-04:00
Issue 5738 - RFE - UI - Read/write replication monitor info to .dsrc file
Description:
Allow UI to use the .dsrc replication monitor info, and also allow the UI to
write new report configurations. This prevents an admin from having to enter
this information every time they want to run a report
relates: https://github.com/389ds/389-ds-base/issues/5738
Reviewed by: spichugi(Thanks!)
- - - - -
148ad351 by tbordaz at 2023-05-09T08:53:40+02:00
Issue 5704 - crash in sync_refresh_initial_content (#5720)
Bug description:
If the last record of the changelog is not accessible
then the session record is NULL. It crashes the server
when it is dereferenced.
I failed to reproduce it, including disabling/removing
'cn=changelog' backend/mapping tree. So I guess it
happens during rare dynamic.
Fix description:
Return a failure when the session cookie is not
initialized
relates: #5704
Reviewed by: Mark Reynolds (Thanks)
- - - - -
13e66bfa by Firstyear at 2023-05-10T16:26:34+02:00
Issue 5052 - BUG - Custom filters prevented entry deletion (#5060)
Bug Description: When a custom filter was provided, entries
which were deleted in AD did not have that event correctly
reflected in 389-ds. This was due to the behaviour that when
an entry in AD is deleted, it is marked with a "deleted" flag
which the objectClass=* filter would (accidentally) collect
when it did a search. However, a custom user filter being
specified would in some cases (such as a memberOf filter)
NOT show up the deletion since the entry was considered
to have moved out of scope rather than being a full delete.
Fix Description: In the case that we have a userfilter, we
wrap it in an OR condition that always requests isDeleted
flags so that we can correctly reflect the delete status.
fixes: https://github.com/389ds/389-ds-base/issues/5052
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @tbordaz
- - - - -
9c05f2e4 by Mark Reynolds at 2023-05-11T08:18:05-04:00
Issue 152 - RFE - Add support for LDAP alias entries
Description: Per RFC rfc4512#section-2.6 add support for Alias Entries.
Currently this is only designed to work with "base" searches.
Thanks for @anilech for the code contribution!!!
relates: https://github.com/389ds/389-ds-base/issues/152
Reviewed by: spichugi, tbordaz, and progier(Thanks!!!)
- - - - -
2a27121f by James Chapman at 2023-05-11T16:05:33-04:00
Issue 5643 - Memory leak in entryrdn during delete (#5717)
Bug description: Failure to delete temp key buffer
Fix description: Delete temp key buffer on exit
Fixes: https://github.com/389ds/389-ds-base/issues/5643
Reviewed by: @mreynolds389 (Thank you)
- - - - -
dfa4e810 by Mark Reynolds at 2023-05-16T11:28:34-04:00
Issue 5765 - Improve installer selinux handling
Description: When labeling ports we retry on error, and we should do the same
when labeling files
relates: https://github.com/389ds/389-ds-base/issues/5765
Reviewed by: ?
- - - - -
c0076d02 by Mark Reynolds at 2023-05-18T09:11:46-04:00
Issue 5768 - CLI/UI - cert checks are too strict, and other issues
Description:
The certificate type checks for CA/server break if there are no certificate
extensions set (use openssl in that case to gather the info instead).
dscontainter needed to be updated for new cert checks, and UI adding certs
improvements.
relates: https://github.com/389ds/389-ds-base/issues/5768
Reviewed by: spichugi(Thanks!)
- - - - -
71d5fbec by Mark Reynolds at 2023-05-18T09:17:23-04:00
Issue 5770 - RFE - Extend Password Adminstrators to allow skipping password info updates
Description:
Add new config setting to state that password admin updates should not update
entry's password state attributes.
relates: https://github.com/389ds/389-ds-base/issues/5770
Reviewed by: progier, tbordaz, spichugi (Thanks!)
- - - - -
c7d4f688 by James Chapman at 2023-05-18T10:40:23-04:00
Issue 5752 - RFE - Provide a history for LastLoginTime (#5753)
Description: When a user did a successfully bind, the "LastLoginTime"
attribute is updated. We have now a request from our security department
to display the users last successful bind before the current one. When
we just read out this attribute the value is already updated, so that
the user did not see his real last successful
login, in fact he sees the current login date and time.
Fix description: Create a new Acount Policy attribute to store the
login time stamps for a successful bind.
relates: https://github.com/389ds/389-ds-base/issues/5752
Reviewed by: @droideck (Thank you)
- - - - -
aa50e5bb by Mark Reynolds at 2023-05-18T10:43:07-04:00
Bump version to 2.3.4
- - - - -
30 changed files:
- .github/workflows/compile.yml
- + .github/workflows/lmdbpytest.yml
- .github/workflows/pytest.yml
- .github/workflows/release.yml
- Makefile.am
- VERSION.sh
- configure.ac
- dirsrvtests/check_for_duplicate_ids.py
- dirsrvtests/conftest.py
- dirsrvtests/create_test.py
- dirsrvtests/testimony.yaml
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/cn=module{0}.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/cn=schema.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/cn=schema/cn={0}core.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/cn=schema/cn={2}inetorgperson.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/cn=schema/cn={3}rfc2307bis.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/cn=schema/cn={4}yast.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/olcDatabase={0}config.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/olcDatabase={1}mdb.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/olcDatabase={1}mdb/olcOverlay={0}memberof.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/olcDatabase={1}mdb/olcOverlay={1}unique.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/slapd.d/cn=config/olcDatabase={1}mdb/olcOverlay={2}refint.ldif
- + dirsrvtests/tests/data/openldap_2_389/saslauthd/suffix.ldif
- dirsrvtests/tests/stress/reliabilty/reliab_conn_test.py
- dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py
- dirsrvtests/tests/stress/replication/mmr_01_4m_test.py
- dirsrvtests/tests/suites/acl/globalgroup_test.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/d20b91b26a782222074c3d0b0757be6b79e06d26...aa50e5bbf1fde22bcf6cad5a192edad306ef1f40
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/d20b91b26a782222074c3d0b0757be6b79e06d26...aa50e5bbf1fde22bcf6cad5a192edad306ef1f40
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20230612/f0999415/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list