[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][master] 293 commits: Issue 6446 - Fix test_acct_policy_consumer test to wait enough for lastLoginHistory update (#6530)
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Mon Apr 20 18:50:49 BST 2026
Timo Aaltonen pushed to branch master at FreeIPA packaging / 389-ds-base
Commits:
06f97609 by Masahiro Matsuya at 2025-01-24T09:43:37+09:00
Issue 6446 - Fix test_acct_policy_consumer test to wait enough for lastLoginHistory update (#6530)
Adding a small sleep to wait for lastLoginHistory update after the bind
operation.
Relates: #6446
Author: Masahiro Matsuya
Reviewed by: tbordaz
- - - - -
6fd5fff6 by Viktor Ashirov at 2025-01-24T17:59:02+01:00
Issue 6542 - RPM build errors on Fedora 42
Bug Description:
Fedora 42 has unified `/bin` and `/sbin`: https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_merged_file_system_layout
This change causes RPM build to fail with:
```
RPM build errors:
File not found: /builddir/build/BUILD/389-ds-base-3.1.2-build/BUILDROOT/usr/bin/openldap_to_ds
```
Fix Description:
Patch `setup.py.in` based on Fedora or RHEL version that support unified
`/bin` and `/sbin`.
Fixes: https://github.com/389ds/389-ds-base/issues/6542
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
07dddbe1 by William Brown at 2025-01-24T17:59:32+01:00
Issue 4596 - BUG - lto linking issues
Bug Description: Fedora is introducing lto by default which
may affect our build especially with rust and asan
Fix Description: Adapt how we use lto and how we link in
our builds so that lto works for gcc.
fixes: https://github.com/389ds/389-ds-base/issues/4596
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
75c9dcda by Viktor Ashirov at 2025-01-24T17:59:32+01:00
Issue 4596 - Build with clang/lld fails when LTO enabled
Bug Description:
Build with clang/lld fails with undefined reference error.
```
ld.lld: error: ./.libs/libslapd.so: undefined reference to __rust_probestack [--no-allow-shlib-undefined]
ld.lld: error: ./.libs/libslapd.so: undefined reference to __muloti4 [--no-allow-shlib-undefined]
```
Fix Description:
* Disabled GCC security flags when building with clang.
* lld by default uses xxhash for build ids, which is too small for rpm
(it requires it between 16 and 64 bytes in size), use sha1 instead.
* Switch debug CFLAGS and LDFLAGS to use DWARF4 instead of DWARF5.
* Disable LTO for clang rpm build.
Fixes: https://github.com/389ds/389-ds-base/issues/4596
Reviewed by: @droideck (Thanks!)
- - - - -
1417198b by Viktor Ashirov at 2025-01-25T17:06:46+01:00
Issue 6544 - logconv.py: python3-magic conflicts with python3-file-magic
Bug Description:
python3-magic and python3-file-magic can't be installed simultaneously,
python3-magic is not packaged for EL10.
Fix Description:
Use python3-file-magic instead.
Issue identified and fix suggested by Adam Williamson.
Fixes: https://github.com/389ds/389-ds-base/issues/6544
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
ef4052a3 by Simon Pichugin at 2025-01-28T16:40:00-08:00
Issue 4815 - RFE - Add Replication Log Analysis Tool with CLI Support (#6466)
Description: Add a new ReplicationLogAnalyzer class and supporting infrastructure
to analyze replication performance across multiple servers. The tool parses
replication logs, tracks CSNs, calculates lag times, and generates comprehensive
reports in interactive HTML, static PNG and CSV formats.
Based on: https://github.com/droideck/ansible-ds389-repl-monitoring
Fixes: https://github.com/389ds/389-ds-base/issues/6465
Reviewed by: @progier389, @tbordaz, @vashirov (Thanks!!!)
- - - - -
7daee184 by Viktor Ashirov at 2025-01-29T07:12:15+01:00
Issue 6468 - Fix building for older versions of Python
Bug Description:
Structural Pattern Matching has been added in Python 3.10, older version
do not support it.
Fix Description:
Replace `match` and `case` statements with `if-elif`.
Relates: https://github.com/389ds/389-ds-base/issues/6468
Reviewed by: @droideck (Thanks!)
- - - - -
5249788e by Mark Reynolds at 2025-01-29T08:23:56-05:00
Issue 6476 - Fix build failure with GCC 15
Description:
Most of the failures are our use of function pointer with a generic
typedef with unknown parameters (e.g. IFP)
There are other IFP we use, but they are not triggering build failures
yet.
Relates: https://github.com/389ds/389-ds-base/issues/6476
Reviewed by: tbordaz & spichugi (Thanks!!)
- - - - -
e3b89866 by James Chapman at 2025-01-29T17:41:55+00:00
Issue 6436 - MOD on a large group slow if substring index is present (#6437)
Bug Description: If the substring index is configured for the group
membership attribute ( member or uniqueMember ), the removal of a
member from a large static group is pretty slow.
Fix Description: A solution to this issue would be to introduce
a new index to track a membership atttribute index. In the interm,
we add a check to healthcheck to inform the user of the implications
of this configuration.
Fixes: https://github.com/389ds/389-ds-base/issues/6436
Reviewed by: @Firstyear, @tbordaz, @droideck (Thanks)
- - - - -
f5e5b593 by progier389 at 2025-01-30T14:44:39+01:00
Issue 6555 - Potential crash when deleting a replicated backend (#6559)
Problem: connection cleanup may try to access a freed replica
Solution: Ensure that the replica is still existing before using its pointer
Issue: #6555
Reviewed by: @tbordaz, @droideck (Thanks!)
- - - - -
f4d961e2 by Simon Pichugin at 2025-01-30T14:34:50-08:00
Issue 6465 - Create optional meta-package for replication reporting dependencies (#6560)
Description: Introduce a new `python3-lib389-repl-reports` meta-package that
bundles optional dependencies like Plotly and Matplotlib. This enables advanced
replication reporting (HTML/PNG) without forcing these libraries on all installations.
Update replication tests.
Generate the package only on Fedora.
Remove direct references to Plotly, Matplotlib, and Numpy from the base package.
Fixes: https://github.com/389ds/389-ds-base/issues/6465
Reviewed by: @vashirov (Thanks!)
- - - - -
18c42eec by Mark Reynolds at 2025-01-31T11:25:33-05:00
Issue 6489 - After log rotation refresh the FD pointer
Description:
When flushing a log buffer we get a FD for log prior to checking if the
log should be rotated. If the log is rotated that FD reference is now
invalid, and it needs to be refrehed before proceeding
Relates: https://github.com/389ds/389-ds-base/issues/6489
Reviewed by: tbordaz(Thanks!)
- - - - -
97c37b9a by Lenka Doudova at 2025-02-04T06:53:40+01:00
Issue 6568 - Fix failing webUI tests
Fixing webUI tests that are failing either due to changes or due to
existing bugs
Relates: https://github.com/389ds/389-ds-base/issues/6568
Author: Lenka Doudova
Reviewed by: Barbora Simonova
- - - - -
0b181ca8 by James Chapman at 2025-02-04T15:40:16+00:00
Issue 6566 - RI plugin failure to handle a modrdn for rename of member of multiple groups (#6567)
Bug description:
With AM and RI plugins enabled, the rename of a user that is part of multiple groups
fails with a "value exists" error.
Fix description:
For a modrdn the RI plugin creates a new DN, before a modify is attempted check
if the new DN already exists in the attr being updated.
Fixes: https://github.com/389ds/389-ds-base/issues/6566
Reviewed by: @progier389 , @tbordaz (Thank you)
- - - - -
cd004c58 by dependabot[bot] at 2025-02-05T10:02:22+01:00
Bump openssl from 0.10.66 to 0.10.70 in /src
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.66 to 0.10.70.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.66...openssl-v0.10.70)
---
updated-dependencies:
- dependency-name: openssl
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support at github.com>
- - - - -
5e19dfe8 by Mark Reynolds at 2025-02-05T08:25:14-05:00
Issue 6574 - Move pblock access from switch to func table
Description
Currently there are over 300 switch cases for getting/setting pblock parameters.
Instead we should have separate functions for each parameter, and use a callback
function pointer table.
Relates: https://github.com/389ds/389-ds-base/issues/6574
Reviewed by: spichugi, firstyear, progier, tbordaz (Thanks!!!!)
- - - - -
2092a1be by progier389 at 2025-02-06T17:56:22+01:00
Issue 6555 - V2 - Potential crash when deleting a replicated backend (#6585)
* Issue 6555 - Potential crash when deleting a replicated backend - hang at shutdown
Prevent previous 6555 fix to hang at shutdown.
Issue: #6555
Reviewed by: @tbordaz
- - - - -
29fcbd19 by tbordaz at 2025-02-06T18:25:36+01:00
Issue 6554 - During import of entries without nsUniqueId, a supplier generates duplicate nsUniqueId (LMDB only) (#6582)
Bug description:
During an import the entry is prepared (schema, operational
attributes, password encryption,...) before starting the
update of the database and indexes.
A step of the preparation is to assign a value to 'nsuniqueid'
operational attribute. 'nsuniqueid' must be unique.
In LMDB the preparation is done by multiple threads (workers).
In such case the 'nsuniqueid' are generated in parallel and
as it is time based several values can be duplicated.
Fix description:
To prevent that the routine dbmdb_import_generate_uniqueid
should make sure to synchronize the workers.
fixes: #6554
Reviewed by: Pierre Rogier
- - - - -
042f7c96 by Firstyear at 2025-02-07T14:47:29+10:00
Issue 6596 - BUG - Compilation Regresion (#6597)
Bug Description: The addition of the json auditlog feature caused
a regresion in compilation due to the use of labels in a declaration.
Fix Description: Enclose the switch/case in braces to resolve the
compilation issue.
fixes: https://github.com/389ds/389-ds-base/issues/6596
Author: William Brown <william at blackhats.net.au>
Review by: @droideck Thanks!
- - - - -
699f30e5 by Mark Reynolds at 2025-02-12T17:04:03-05:00
Issue 6599 - Implement option to write access log in jSON
Description:
Add option to write access log in JSON
See design doc for more info:
https://www.port389.org/docs/389ds/design/accesslog-json-design.html
Relates: https://github.com/389ds/389-ds-base/issues/6599
Reviewed by: progier & jchapman(Thanks!!)
- - - - -
885cdf42 by Viktor Ashirov at 2025-02-14T11:50:00+01:00
Issue 6561 - TLS 1.2 stickiness in FIPS mode
Description:
TLS 1.3 works with NSS in FIPS mode for quite some time now,
this restriction is no longer needed.
Fixes: https://github.com/389ds/389-ds-base/issues/6561
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
ed7c0191 by progier389 at 2025-02-17T12:14:32+01:00
Issue 6611 - db_home_test.py CI tests should be skipped on lmdb (#6612)
dbhome setup tests should be skipped on lmdb (dbhome is meaningless)
Also fix the tests for non standard deployment (typically when using PREFIX / non root install)
Issue: #6611
Reviewed by: @droideck, @tbordaz (Thanks!)
- - - - -
e65a502b by progier389 at 2025-02-17T12:21:02+01:00
Issue 6604 - Fix coverity scan issues CID 1591261 - CID 1591269 (#6605)
Issue 6604 - Fix coverity scan issues CID 1591261 - CID 1591269
Fix trivial coverity scan issues
Issue: #6604
Reviewed by: @droideck, @tbordaz (Thanks!)
- - - - -
744df65e by progier389 at 2025-02-18T15:10:49+01:00
Issue 6615 - test_custom_path CI test fails (#6616)
test_custom_path CI test fails because the instance used to perform the backup is not up to date with the config
Issue: #6615
Reviewed by: @tbordaz
- - - - -
985425be by James Chapman at 2025-02-19T12:18:59+00:00
Issue 6623 - UI - Generic updates (#6624)
Bug description:
Missing dot in warning alert when changing suffix backend state.
No success alert upon deleting local password policy.
Tool tips for part of Syntax Settings for local password policies do not show.
Fixes: https://github.com/389ds/389-ds-base/issues/6623
Reviewed by: @mreynolds389 (Thank you)
- - - - -
e0e59f91 by Mark Reynolds at 2025-02-19T08:52:13-05:00
Issue 6625 - UI - fix various issues with LDAP browser, etc
Description:
Fixed these issues
- Creating OU in ldap browser ends in error
- Delete MemberOf Config Entry window does not close when you delete the shared
config entry of MemberOf
- Message about enabling any plugin is missing result
- WebUI tries to load non-existent vendor-react.js
- Missing word in success alert when changing replica role
- Incomplete word after restarting an instance
- Broken formatting and unclear descriprion when trying a DN rename
- Confusing confirmation message upon deletion of an entry
- Unclear message when trying to create entry with duplicate DN
- Cannot go back in dialog when creating an entry encounters an error
Relates: https://github.com/389ds/389-ds-base/issues/6625
Reviewed by: jchapamn (Thanks!)
- - - - -
fc3439cd by progier389 at 2025-02-19T16:01:50+01:00
Issue 6617 - test_vlv_as_freeipa_backup_restore fails (#6618)
Problem:
dirsrvtests/tests/suites/vlv/regression_test.py::test_vlv_as_freeipa_backup_restore CI test fails on image mode
because import fails
because /var/roothome/389-ds-base/dirsrvtests/tests/suites/vlv/../../data/freeipa/issue6136/ipaca.ldif cannot be open in read mode
because /var/roothome permissions are 0700 (so ns-slapd process does not have the permission to read subdirectories)
Solution:
copy the ldif file on a place that ns-slapd can read
Issue: #6617
Reviewed by: @jchapma (Thanks!)
- - - - -
c79c1ebb by progier389 at 2025-02-19T19:11:11+01:00
Issue 6619 - test_dblib_migration fails on RHEL10 (#6620)
* Issue 6619 - test_dblib_migration fails on RHEL10
Test test_dblib_migration fails on RHEL10 because bdb is not supported.
Test should be skipped in that case and libdb should provide a function to check if server can starts on bdb
Issue: #6619
Reviewed by: @jchapma (Thanks!)
- - - - -
c27ec78a by Simon Pichugin at 2025-02-20T12:56:34+10:00
Issue 6553 - Update concread to 0.5.4 and refactor statistics tracking (#6607)
Description: Implement new cache statistics tracking with atomic counters
and dedicated stats structs.
Update concread dependency to 0.5.3 for improved cache performance.
Add tests for cache statistics functionality.
Fixes: https://github.com/389ds/389-ds-base/issues/6553
Reviewed by: @firstyear
- - - - -
294441d6 by PavlNekrasov at 2025-02-20T18:31:02+01:00
Issue 6327 - Fix incorrect sizeof() usage for pointer in get_ip_str() function (#6629)
Co-authored-by: Pavel Nekrasov <p.nekrasov at fobos-nt.ru>
Fix for issue: #6327
- - - - -
4c5eb871 by dependabot[bot] at 2025-02-20T18:41:05+01:00
Bump esbuild from 0.24.0 to 0.25.0 in /src/cockpit/389-console (#6602)
Resolve a moderate severity Dependabot alert on esbuild.
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.24.0...v0.25.0)
---
updated-dependencies:
- dependency-name: esbuild
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support at github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- - - - -
c27fe457 by Rx1513 at 2025-02-20T18:46:46+01:00
Issue #6562 - Prevent undefined behaviour in in filter_stuff_func (#6563)
Bug Description:
Undefined behaviour caused by escaping null character.
Fix Description:
Add simple check when ldap_bv2escaped_filter_value return null terminator.
relates: https://github.com/389ds/389-ds-base/issues/6562
Reviewed by: @progier389 (Thanks!)
Co-authored-by: Sergey Zhidkih <rx1513 at altlinux.org>
- - - - -
435fae38 by Mark Reynolds at 2025-02-20T15:17:16-05:00
Issue 6599 - Access JSON logging - lib389/CI/minor fixes
Description:
Update lib389 for the JSON format, added a CI test, and fixed some minor
bugs
Relates: https://github.com/389ds/389-ds-base/issues/6599
Reviewed by: jchapman, progier (Thanks!!)
- - - - -
daeecae1 by Mark Reynolds at 2025-02-25T08:24:35-05:00
Issue 6625 - UI - fix next round of bugs
Description:
This fixes the following issues:
- Subtrees field must not be mandatory If you configure the Attribute Uniqueness
plug-in over object classes
- MemberOf configuration window you can select empty values for Subtree Scope
and Exclude Subtree fields
- Database suffix field accepts dash symbol which ends in error
- Enable logs checkboxes do not display properly after changes
- Instance fails to load when DB backup directory doesn't exist
- Improvement for Create New Instance form
- Database Name is not validated
- Database Suffix is not validated properly
- Failing to update NDN cache size
- Import cache size is not easy to set
- Import cache autosize off/on fails
- Statistic about worker threads is incorrect
- Database index table searching does not work
- Schema attribute table searching does not work
- TimePicker component needs updating for PF5
- Fix Treeview appearance for browser Dark Mode
- Add attribute syntax oid name to table
Fixes: https://github.com/389ds/389-ds-base/issues/6625
Fixes: https://github.com/389ds/389-ds-base/issues/5969
Reviewed by: spichugi(Thanks!)
- - - - -
1795e4d8 by progier389 at 2025-02-28T17:31:54+01:00
Revert "Issue #6562 - Prevent undefined behaviour in in filter_stuff_func (#6563)" (#6634)
Reverting c27fe457431b78c4a7d9e8681a9462def67a76ba commit that is causing an heap corruption: buffer overflow
Issue: #6562
Reviewed by: @tbordaz , @droideck (Thanks!)
- - - - -
eb0cef2a by Mark Reynolds at 2025-03-03T15:05:41-05:00
Issue 6625 - UI - various fixes part 3
Description:
This PR addresses the following issues:
- Add new user type "traditional" for legacy objectclasses
- Display entry types in wizard header when adding new users, groups, and roles
- Update lib389 and monitor charts to use psutil instead of the UI
directly calling "ps", "netstat", and "top"
- Improved format of numbers displayed in monitor: adding commas and
converting bytes to more readable values
- Improved replication manager table to allow password edits
Relates: https://github.com/389ds/389-ds-base/issues/6625
Reviewed by: spichugi, vashirov, and progier(Thanks!!!)
- - - - -
cabf5391 by Viktor Ashirov at 2025-03-04T18:45:47+01:00
Issue 6632 - Replication init fails with ASAN build
Bug Description:
After the increase of DEFAULT_PBKDF2_ROUNDS to 100_000, bind operation
on ASAN build takes more time. On some systems it's more time than the
default timeouts for replication agreements, causing replication init
to fail.
Fix Description:
Introduce a new helper function `get_timeout_scale()` and update
hardcoded timeouts to use it for scaling. For ASAN builds it returns
2.0 instead of default 1.0.
Factor returned by `get_timeout_scale()` can be adjusted using
environment variable `DS_TIMEOUT_SCALE`.
Fixes: https://github.com/389ds/389-ds-base/issues/6632
Reviewed by: @droideck, @progier389 (Thanks!)
- - - - -
1f48f639 by James Chapman at 2025-03-06T13:26:37+00:00
Issue 6429 - UI - clicking on a database suffix under the Monitor tab crashes UI (#6610)
Bug description:
Clicking on a db suffix under the Monitor tab causes the UI to crash when
the instance is configured with the mdb db engine.
Fix description:
Introduced separate database and suffix monitor classes tailored for mdb. Parent
class detects the configured db engine and calls the appropriate monitor class.
Fixes: https://github.com/389ds/389-ds-base/issues/6429
Reviewed by: @mreynolds389, @droideck (Thank you)
- - - - -
ed386e16 by Mark Reynolds at 2025-03-06T15:22:09-05:00
Issue 6639 - remove all the code related to entryrdn_get_switch
Description:
There is no real benefit to switching between entryrdn and entrydn
formats so remove all the code related to this.
Relates: https://github.com/389ds/389-ds-base/issues/6639
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
61dbba1b by Mark Reynolds at 2025-03-07T10:10:41-05:00
Issue 6653 - Cleanup error messages
Description:
Change the attr encryption symmetric key error message to use a notice
severity level instead of a full blown error.
Do not log by default an error when the DBVERSION file is missing as
this is expected after a system reboot.
And fix compiler warning in ssl.c
Relates: https://github.com/389ds/389-ds-base/issues/6653
Reviewed by: tbordaz(Thanks!)
- - - - -
a623c3f9 by Mark Reynolds at 2025-03-07T14:52:45-05:00
Issue 6655 - fix replication release replica decoding error
Description:
When a start replication session extended op is received acquire and
release exclusive access before returning the result to the client.
Otherwise there is a race condition where a "end" replication extended
op can arrive before the replica is released and that leads to a
decoding error on the other replica.
Relates: https://github.com/389ds/389-ds-base/issues/6655
Reviewed by: spichugi, tbordaz, and vashirov(Thanks!!!)
- - - - -
976dedb4 by Simon Pichugin at 2025-03-07T12:18:38-08:00
Issue 6656 - UI - Enhance Monitor Log Viewer with Patternfly LogViewer component (#6657)
Description: The current monitor's log tabs implementation uses a basic textarea
which lacks modern features like search capability and text wrapping.
Replace monitor logging component tabs (Error, Access, Audit, Audit Failure,
and Security) with Patternfly's dedicated LogViewer.
Add search functionality, text wrapping option, and a "No Limit" option
for viewing entire log files.
Reorganize the UI controls using Patternfly's Toolbar component.
Fixes: https://github.com/389ds/389-ds-base/issues/6656
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
bb40a792 by Mark Reynolds at 2025-03-11T13:48:25-04:00
Issue 6639 - Fix crash in upgrade when removing subtree name attribute
Description:
Needed to set the deleted values to NULL before issuing the delete
operation
Relates: https://github.com/389ds/389-ds-base/issues/6639
Reviewed by: progier(Thanks!)
- - - - -
30a5cdee by Mark Reynolds at 2025-03-13T08:15:00-04:00
Issue 6665 - UI - Need to refresh log settings after saving
Description:
While do we reload the config from the parent component it is not resetting the
child component as expected.
Relates: https://github.com/389ds/389-ds-base/issues/6665
Reviewed by: spichugi(Thanks!)
- - - - -
e21c31b7 by Mark Reynolds at 2025-03-13T18:34:26-04:00
Issue 6663 - RFE - Add option to write error log in JSON
Description:
Just like our other logs we should add an option to write error log in JSON
{
local_time: "",
severity: "",
subsystem: "",
msg: "",
}
https://github.com/389ds/389-ds-base/issues/6663
Reviewed by: spichugi(Thanks!)
- - - - -
17842cc6 by Mark Reynolds at 2025-03-14T12:51:53-04:00
Issue 6663 - CLI - add error log JSON settings to dsconf
Description:
Add the new error log json settings to dsconf "logging"
Relates: https://github.com/389ds/389-ds-base/issues/6663
Reviewed by: spichugi(Thanks!)
- - - - -
f8c9704c by progier389 at 2025-03-19T19:02:28+01:00
Issue 6613 - test_reindex_task_creates_abandoned_index_file fails (#6674)
* Issue 6613 - test_reindex_task_creates_abandoned_index_file fails
* Fix review comments and dbscan -L behavior
Test is failing because it was marked as flaky and was never tried on lmdb.
Problem was that the database instance for an index existence was still tested by looking at the files.
Solution: use dbscan to determine the dbi existence as it was done in clu/dbscan_test.py
Was done by moving (and adapting) the helper class from clu/dbscan_test.py to lib389 and reusing it in the test_reindex_task_creates_abandoned_index_file test.
Issue: #6613
Reviewed by: @droideck (Thank!)
- - - - -
bc22cfa6 by progier389 at 2025-03-19T19:04:30+01:00
Ignore replica busy condition in healthcheck (#6630)
Replica Busy condition is expected when there is more than 2 suppliers so healthcheck should not report any error for such condition.
Fixed issue in CI tests:
test_healthcheck_replication_out_of_sync_not_broken was unstable and redundant with test_healthcheck_replica_busy so I moved it back in health_repl_test.py and rewrite it to test working replication whose replica are not in sync (healthcheck should not report anything)
some tests (not always the same) were randomly failing with an empty log (which is unexpected because healthcheck output should never be empty.
I suspect the log capture mechanism so health_repl_test.py now run dsctl instance healthcheck using subprocess module and capture the output. So far I have not changed the other files because I have not noticed any failure.
Issue: #6626
Reviewed by: @tbordaz (Thanks!)
- - - - -
b8828ef8 by progier389 at 2025-03-21T15:06:57+01:00
Issue 6683 - test_healthcheck_replication_out_of_sync_broken mail fail (#6684)
Testcase sometime fail because of a race condition.
The fix is to make sure that replications sessions are restarted after breaking the replication.
Issue: #6683
Reviewed by: @droideck (Thanks!)
- - - - -
fba36430 by progier389 at 2025-03-24T10:43:21+01:00
Issue 6680 - instance read-only mode is broken (#6681)
Read only mode is broken because some plugins fails to starts as they are not able to create/updates some entries in the dse backend.
Solution is to allow interrnal operations to write in dse.backend but not modify the dse.ldif (except for the special case when trying to modify nsslapd-readonly flags (to be allowed to set/unset the readonly mode)
Issue: #6680
Reviewed by: @droideck, @tbordaz (thanks!)
- - - - -
afbd53ee by Mark Reynolds at 2025-03-24T13:16:11-04:00
Issue 6671 - tombstone_fixup_test sometime fails on bdb
Description:
The diff is confusing but it basically just removed an "if"evaluation
that was supposed to be always true:
- if (entryrdn_get_switch() ||
- !slapi_entry_flag_is_set(fi->entry->ep_entry,
+ if (!slapi_entry_flag_is_set(fi->entry->ep_entry,
SLAPI_ENTRY_FLAG_TOMBSTONE)) {
This was incorrect, this code should always be run regardless of the
entry flags
relates: https://github.com/389ds/389-ds-base/issues/6639
relates: https://github.com/389ds/389-ds-base/issues/6671
Reviewed by: progier(Thanks!)
- - - - -
d3f58b48 by Simon Pichugin at 2025-03-24T16:04:10-07:00
Issue 6676 - Add GitHub workflow action and fix pbkdf2 tests (#6677)
Description: Implement a GitHub workflow for CI to run Rust tests.
The workflow triggers on push, pull request, daily schedule,
and can be triggered manually.
Fix PBKDF2 test reliability issues by implementing thread-local storage
for test environments to prevent test interference.
Add proper test reset functions to ensure each test starts with clean state.
Fixes: https://github.com/389ds/389-ds-base/issues/6676
Reviewed by: @vashirov (Thanks!)
- - - - -
a9509045 by tbordaz at 2025-03-25T09:20:50+01:00
Issue 6571 - Nested group does not receive memberOf attribute (#6679)
Bug description:
There is a risk to create a loop in group membership.
For example G2 is member of G1 and G1 is member of G2.
Memberof plugins iterates from a node to its ancestors
to update the 'memberof' values of the node.
The plugin uses a valueset ('already_seen_ndn_vals')
to keep the track of the nodes it already visited.
It uses this valueset to detect a possible loop and
in that case it does not add the ancestor as the
memberof value of the node.
This is an error in case there are multiples paths
up to an ancestor.
Fix description:
The ancestor should be added to the node systematically,
just in case the ancestor is in 'already_seen_ndn_vals'
it skips the final recursion
fixes: #6571
Reviewed by: Pierre Rogier, Mark Reynolds (Thanks !!!)
- - - - -
8b945b92 by Mark Reynolds at 2025-03-25T14:10:29-04:00
Issue 6500 - Fix covscan and ASAN issue
Description:
- Fix memory leak in alias entry plugin
- Fix lock issue in replication changelog ldif import
- Fix memory leak in replication parse_changes_string()
- Fix memory leak in views plugin
- Remove dead code in auditlog.c
- Fix memory leak in dbmdb_build_dbname()
- Fix NULL dereference in vlv_print_access_log()
- Remove obsolete file http.h
- Fix uninitialized variable warning in log.c
- Fix several memory leaks in modify.c
- Fix memory leak with result text
- Fix double free in sm_entry_get_groups()
- Fix memory leak in snmp main.c when loading config
- Fix memory leak with STAT controls
Relates: https://github.com/389ds/389-ds-base/issues/6500
Reviewed by: progier(Thanks!)
- - - - -
7fbd4526 by Pierre Rogier at 2025-03-26T11:13:16+01:00
Security fix for CVE-2025-2487
Description:
A denial of service vulnerability was found in the 389 Directory Server.
The 389 Directory Server may crash (Null Pointer Exception) after some
failed rename subtree operations (i.e. MODDN) issued by a user having enough
privileges to do so.
References:
- https://access.redhat.com/security/cve/CVE-2025-2487
- https://bugzilla.redhat.com/show_bug.cgi?id=2353071
- - - - -
b5505793 by progier389 at 2025-03-27T12:02:19+01:00
Issue 6693 - Fix error messages inconsistencies (#6694)
Fix missing function names and missing new lines in error message.
Sometime the newline was moved back from message arguments to the message
to have a better consistency and to avoid that the tool detects a false positive
Issue: #6693
Reviewed by: @droideck (Thanks!)
- - - - -
ed8987ef by Mark Reynolds at 2025-03-27T16:15:25-04:00
Issue 6695 - UI - fix more minor issues
Description:
fix the following items:
MemberOf page - subtree scopes - allows you to create blank values, and does not validate suffixes
Local password policy - copy/paste error added a duplicate label for a checkbox (send expiring warning)
Create instance modal - did not validate database name
Update connection monitor chart to include detailed information for connection status (established, close wait, and time wait)
relates: https://github.com/389ds/389-ds-base/issues/6695
Reviewed by: spichugi(Thanks!)
- - - - -
31e120d2 by progier389 at 2025-03-28T17:32:14+01:00
Issue 6698 - NPE after configuring invalid filtered role (#6699)
Server crash when doing search after configuring filtered role with invalid filter.
Reason: The part of the filter that should be overwritten are freed before knowing that the filter is invalid.
Solution: Check first that the filter is valid before freeing the filtere bits
Issue: #6698
Reviewed by: @tbordaz , @mreynolds389 (Thanks!)
- - - - -
91a5f766 by Mark Reynolds at 2025-03-28T12:41:47-04:00
Issue 6704 - UI - Add error log buffering config
Description:
Add error log buffering setting to the UI
Relates: https://github.com/389ds/389-ds-base/issues/6704
Reviewed by: jchapman (Thanks!)
- - - - -
5078fd32 by Simon Pichugin at 2025-03-28T11:28:54-07:00
Issue 6686 - CLI - Re-enabling user accounts that reached inactivity limit fails with error (#6687)
Description: When attempting to unlock a user account that has been locked due
to exceeding the Account Policy Plugin's inactivity limit, the dsidm account
unlock command fails with a Python type error: "float() argument must be a
string or a number, not 'NoneType'".
Enhance the unlock method to properly handle different account locking states,
including inactivity limit exceeded states.
Add test cases to verify account inactivity locking/unlocking functionality
with CoS and role-based indirect locking.
Fix CoS template class to include the required 'ldapsubentry' objectClass.
Improv error messages to provide better guidance on unlocking indirectly
locked accounts.
Fixes: https://github.com/389ds/389-ds-base/issues/6686
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
2e108e62 by tbordaz at 2025-03-31T11:05:01+02:00
Issue 6571 - (2nd) Nested group does not receive memberOf attribute (#6697)
Bug description:
erroneous debug change made in previous fix
where cache_ancestors is called with the wrong parameter
Fix description:
Restore the orginal param 'member_data'
Increase the set of tests around multipaths
fixes: #6571
review by: Simon Pichugin (Thanks !!)
- - - - -
a42f464c by Mark Reynolds at 2025-04-01T12:25:20-04:00
Issue 6700 - CLI/UI - include superior objectclasses' allowed and requires attrs
Description:
When you get/list an objectclass it only lists its level of allowed and
required objectclasses, but it should also include all its superior
objectclasses' allowed and required attributes.
Added an option to the CLI to also include all the parent/superior
required and allowed attributes
Relates: https://github.com/389ds/389-ds-base/issues/6700
Reviewed by: spichugi & tbordaz(Thanks!)
- - - - -
d3be668e by Miro Hrončok at 2025-04-03T15:09:27+02:00
lib389: Remove unused runtime requirement on setuptools (#6719)
Remove unused runtime requirement on setuptools
The dependency was dropped in c0e2f68423ddde9bb91250d3f96dfc8617889514
Issue: #5642
Reviewed by: @progier389 (Thanks!)
- - - - -
ae8deaee by James Chapman at 2025-04-04T10:09:34+01:00
Issue 6481 - When ports that are in use are used to update a DS instance the error message is not helpful (#6723)
Bug description: The initial fix for this issue used sudo lsof to determineif
a server port was in use. lsof is not installed by default and using sudo can
ask for a password.
Fix description: Use ss -ntplu (which is installed by default) to detect if a
port is taken.
Fixes: https://github.com/389ds/389-ds-base/issues/6481
Fix Author: Viktor Ashirov <vashirov at redhat.com>
Reviewed by: @progier389 (Thank you)
- - - - -
815a0f9e by progier389 at 2025-04-04T14:27:57+02:00
Issue 6562 - Fix issues around slapi_filter_sprintf (#6725)
Adding back PR https://github.com/389ds/389-ds-base/pull/6563 changes
and fixing the slapi_filter_sprintf error case handling by:
- resetting properly the context
- resetting the stdarg value before using it in the second
PR_vsxprintf
Note: dirsrvtests/tests/suites/filter/bitw_filter_test.py::test_all_together
tests this changes
Issue: #6562
Reviewed by: @droideck (Thanks)
- - - - -
d19a4f99 by progier389 at 2025-04-04T14:44:11+02:00
Issue 6715 - dsconf backend replication monitor fails if replica id starts with 0 (#6716)
* Issue 6715 - dsconf backend replication monitor fails if replica id starts with 0
lib389 fails to retrioeve the csn if the replicaid is not exactly the normalized form of a number
Typically because 010 does not match with the RUV value.
Solution: Ensure that rid get normalized before comparing them or using them in a dict
Issue: #6715
Reviewed by: @droideck, @tbordaz (Thanks!)
- - - - -
0aabe54f by James Chapman at 2025-04-06T22:10:46+01:00
Issue 6720 - Remove BDB attribute from MDB DB Monitor (#6721)
Bug description: Reference to a BDB attribute exists in DatabaseMonitorMDB
class.
Fix description: Remove it
Fixes: https://github.com/389ds/389-ds-base/issues/6720
Relates: https://github.com/389ds/389-ds-base/issues/6614
Reviewed by: @progier389 (Thank you)
- - - - -
6eab2d20 by James Chapman at 2025-04-06T22:23:08+01:00
Issue 6713 - ns-slapd crash during mdb offline import (#6714)
Bug description: A segmentation fault is triggered in
dbmdb_import_prepare_worker_entry() during an mdb offline import.
The import producer thread parses, validates and writes ldif entries
to the worker queue, while the import worker threads simultaneously read,
format and index entries before adding them to the DB. A race condition
occurs when a worker thread reads an entry before the producer has
fully written it, leading to a segmentation fault.
Fix description: Ensure thread safe access by locking the worker queue
before writing entries.
Fixes: https://github.com/389ds/389-ds-base/issues/6713
Reviewed by: @progier389, @bordaz (Thank you)
- - - - -
961a3ee4 by dependabot[bot] at 2025-04-07T15:18:04+02:00
Bump openssl from 0.10.70 to 0.10.72 in /src (#6730)
Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.70 to 0.10.72.
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.70...openssl-v0.10.72)
---
updated-dependencies:
- dependency-name: openssl
dependency-version: 0.10.72
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support at github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- - - - -
9fe75b22 by Simon Pichugin at 2025-04-08T12:09:46-07:00
Issue 6660 - UI - Replication Monitoring Lag Report Feature (#6661)
Description: Add a new "Log Analysis" tab in the Replication Monitoring
section of the 389-DS Cockpit interface to visualize and analyze replication
performance.
Implement a UI for configuring replication log analysis parameters.
Add file browser for selecting log directories and output locations.
Create interactive PatternFly charts to visualize replication lag metrics.
Support multiple output formats (JSON, HTML, PNG, CSV).
Include filtering options for troubleshooting (time range, lag thresholds, etc.)
Add ability to download and view generated reports.
Fixes: https://github.com/389ds/389-ds-base/issues/6660
Reviewed by: @mreynolds389, @vashirov (Thanks!!)
- - - - -
19854546 by Mark Reynolds at 2025-04-09T12:57:25-04:00
Issue 6515 - CLI - dsidm get_dn does not return JSON format
Description:
The get_dn() functions do not check for the JSON flag. Group members
and role subtree status were not returned in JSON.
Also added a LogCapture function to return the the raw results so we
can do json validation. Also did some other minor python lint cleanup.
Relates: https://github.com/389ds/389-ds-base/issues/5889
Relates: https://github.com/389ds/389-ds-base/issues/6502
Relates: https://github.com/389ds/389-ds-base/issues/6503
Relates: https://github.com/389ds/389-ds-base/issues/6515
Reviewed by: spichugi(Thanks!)
- - - - -
14314ab3 by Simon Pichugin at 2025-04-09T11:20:04-07:00
Issue 6728 - CLI - Issue with user rename operation (#6729)
Description: Fix the RDN extraction method in _generic_list to correctly
display renamed user entries regardless of keep-old-rdn status.
Improve the _generic_rename function to properly handle nonexistent users
and detect when no actual changes are made.
Add test cases for various rename scenarios including nonexistent users,
duplicate names, keep-old-rdn behavior, and listing after rename.
Enhance error handling for edge cases like renaming to an existing username.
Fixes: https://github.com/389ds/389-ds-base/issues/6728
Reviewed by: @progier389 @mreynolds389 (Thanks!!)
- - - - -
2a28c6e3 by dependabot[bot] at 2025-04-09T18:41:03-07:00
Bump tokio from 1.43.0 to 1.44.2 in /src (#6732)
Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.43.0 to 1.44.2.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.43.0...tokio-1.44.2)
---
updated-dependencies:
- dependency-name: tokio
dependency-version: 1.44.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support at github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- - - - -
bf6d07ab by Mark Reynolds at 2025-04-10T11:27:53-04:00
Issue 6735 - CLI - dsidm provide option to set decription when creating an entry
Description:
In the Web UI when you create a group, and other entries, you can set the
description during the "add", but dsidm only allows you to set it after
creating the entry. To be consistent UI and CLI should work the same way
Relates: https://github.com/389ds/389-ds-base/issues/6735
Reviewed by: spichugi(Thanks!)
- - - - -
7cfe96d0 by Sumedh Sidhaye at 2025-04-11T14:07:52+05:30
Issue 5356 - Set DEFAULT_PASSWORD_STORAGE_SCHEME to PBKDF2-SHA512 in tests
Previously we did not have PBKDF2-SHA512 for FIPS.
Now the default password storage scheme is PBKDF2-SHA512
Hence updating it in the test to reflect current state.
DEFAULT_PASSWORD_STORAGE_SCHEME is now set to PBKDF2-SHA512
relates: #5356
Reviewed by: vashirov, spichugi (Thanks!)
Signed-off-by: Sumedh Sidhaye <ssidhaye at redhat.com>
- - - - -
81829b30 by James Chapman at 2025-04-11T13:11:16+01:00
Issue 6669 - logconv.py updates (#6673)
Bug Description:
logconv.py fails when specific timestamps are provided
Fix Description:
Rework time range behaviour, filemagic updates, minor cosmetic updates
improved exception handling.
Fixes: https://github.com/389ds/389-ds-base/issues/6669
Reviewed by: @progier389 , @droideck (Thank you)
- - - - -
787497db by Anuar Beisembayev at 2025-04-11T14:48:18+02:00
Issue 6595 - Regression test in betxn_test.py failing due to busy LDAP server (#6709)
The regression test dirsrvtests/tests/suites/betxns/betxn_test.py::test_betxn_modrdn_memberof_cache_corruption throws an ldap.BUSY error due to two intentionally failing group.rename() calls in quick succession.
The topology is still processing the first failed call when the second one hits.
This fix catches the ldap.BUSY and sleeps for a short time before trying again to give the topology time to finish.
Resolves: https://github.com/389ds/389-ds-base/issues/6595
- - - - -
f483225b by Mark Reynolds at 2025-04-12T09:49:34-04:00
Issue 6743 - CLI - dsidm add option to list DN's
Description: Add an option to list the full DN instead of the RDN
Relates: https://github.com/389ds/389-ds-base/issues/6734
Reviewed by: spichugi(Thanks!)
- - - - -
7b167770 by Viktor Ashirov at 2025-04-14T11:07:16+02:00
Issue 6603 - Release tarballs ship a different Cargo.lock
Bug Description:
During release action `Cargo.lock` gets updated, has newer packages than
`Cargo.lock` committed in the repository.
Because of that upstream patches that update `Cargo.lock` do not apply
cleanly to the release tarball.
Fix Description:
Remove `cargo update` from the `download-cargo-dependencies` target. For
updating `Cargo.lock` there is a separate `update-cargo-dependencies`
target that should be used instead.
Additionally, fix `dist-bz2` target to generate tarball with a proper
name when `TAG` variable is not defined.
Fixes: https://github.com/389ds/389-ds-base/issues/6603
Reviewed by: @progier389 (Thanks!)
- - - - -
8809daee by Sumedh Sidhaye at 2025-04-14T17:11:55+05:30
Issue #6740 Certificate verify fails in FIPS mode
When FIPS mode is enabled
pw_expired_access_test.py::test_expired_user_has_no_privledge test
fails to verify certificate.
As the SSCA certificate is not trusted system-wide
and no options are specified for simple_bind_s to use custom CA
Added option to specify the cert
Relates: #6740
Signed-off-by: Sumedh Sidhaye <ssidhaye at redhat.com>
- - - - -
b2162f3a by Mark Reynolds at 2025-04-14T09:36:38-04:00
Issue 6492/6493 - CLI - dsdim can not create nested/filtered roles
Description:
Filtered role cannot be created using "dsidm role create-filtered" command, as
it doesn't accept necessary attribute nsRoleFilter and fails with object class
violation.
Nested role fails with an error:
DEBUG: Attribute nsRoleDN must not be None
This was caused by the case of the attirubte name, which needed to be set
to all lowercase
Relates: https://github.com/389ds/389-ds-base/issues/6493
Relates: https://github.com/389ds/389-ds-base/issues/6492
Reviewed by: progier(Thanks!)
- - - - -
f2252945 by Firstyear at 2025-04-15T13:29:39+10:00
Issue 6744 - BUG - memory accounting is not always enabled (#6745)
Bug Description: On some distributions memory account is not enabled
by default. This leads to a number of warnings from db autotuning
that the cgroup memory limit can not be read
Fix Description: Explicitly request memory accounting is enabled
in our service file to ensure that it is available at runtime.
fixes: https://github.com/389ds/389-ds-base/issues/6744
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
b105e61a by Mark Reynolds at 2025-04-15T08:30:33-04:00
Issue 6501 - CLI - dsidm role rename was not working
Description:
dsidm role rename says it's successful but nothing is changed. This is
because the wrong object is used when performing the rename
Relates: https://github.com/389ds/389-ds-base/issues/6501
Reviewed by: spichugi(Thanks!)
- - - - -
64b2514d by progier389 at 2025-04-16T18:13:47+02:00
Issue 6736 - Exception thrown by dsconf instance repl get_ruv (#6742)
After issue #6715 commit dsconf instance replication get_ruv fails with error
because by default NormalizedRidDict does not calling getitem as I expected.
The solution is to overwrite the get function to do things properly.
Issue: #6736
Relates: #6715
Reviewed by: @droideck (Thanks!)
- - - - -
95a3a9de by Firstyear at 2025-04-17T10:32:26+10:00
Issue 6734 - BUG - format strings may not contain backslash (#6749)
Bug Description: Format strings may not contain backslashes in
older versions of python 3
Fix Description: pre-format the strings
fixes: https://github.com/389ds/389-ds-base/issues/6734
Author: William Brown <william at blackhats.net.au>
Review by: @droideck @vashirov (thanks!)
- - - - -
228e24a7 by Mark Reynolds at 2025-04-22T14:05:58-04:00
Issue 6276 - UI - schema editing and memberof shared config not working correctly
Description:
While editing a custom schema attribute the UI is not keeping some
defined data (issue 6276).
Fixed issue with memberOf/account policy/RI shared config aresa not
being properly handled when added and deleted.
Also fixed a type with "interractive" (issue 6464)
Relates: https://github.com/389ds/389-ds-base/issues/6276
Relates: https://github.com/389ds/389-ds-base/issues/6464
Reviewed by: vashirov & spichugi(Thanks!!)
- - - - -
947ee67d by James Chapman at 2025-04-24T21:16:38+01:00
Issue 6614 - CLI - Error when trying to display global DB stats with LMDB (#6622)
Bug description:
Displaying global monitor stats fails with key error. Caused by BDB
backend keys being used when MDB is the configured DB implementation.
Fix description:
Ensure backend and monitor keys match the configured DB implementation.
Fixes: https://github.com/389ds/389-ds-base/issues/6614
Reviewed by: @droideck, @progier389 (Thank you)
- - - - -
4e62f543 by Simon Pichugin at 2025-04-29T19:59:38-07:00
Issue 4989 - Confusing error message from dsconf plugin set --enabled (#6750)
Description: Enhance the generic_object_edit function to detect when a plugin is
already in the requested enabled/disabled state and provide a more helpful error
message.
Check specifically if the plugin state was changed and report the result.
Fixes: https://github.com/389ds/389-ds-base/issues/4989
Reviewed by: @tbordaz, @progier389 (Thanks!!)
- - - - -
d1442113 by Lenka Doudova at 2025-05-05T19:35:30+02:00
Issue 6753 - Port ticket test 47560
Description:
Port test related to ticket 47560 to use DSLdapObject.
Move the test from dirsrvtests/tests/tickets/ticket47560_test.py to dirsrvtests/tests/suites/memberof_plugin/fixup_test.py
Relates: #6753
Author: Lenka Doudova
Reviewer: Simon Pichugin, Thierry Bordaz
wip
- - - - -
2bc7250b by tbordaz at 2025-05-06T16:09:36+02:00
Issue 6764 - statistics about index lookup report a wrong duration (#6765)
Bug description:
During a SRCH statistics about indexes lookup
(when nsslapd-statlog-level=1) reports a duration.
It is wrong because it should report a duration per filter
component.
Fix description:
Record a index lookup duration per key
using key_lookup_start/key_lookup_end
fixes: #6764
Reviewed by: Pierre Rogier (Thanks !)
- - - - -
df409ac6 by James Chapman at 2025-05-08T13:08:42+01:00
Issue 5120 - ns-slapd doesn't start in referral mode (#6763)
Bug description: Trying to start ns-slapd in referral mode results in
a crash.
Fix description: This feature has been broken for a while now, removing
it. If there is an attempt to start ns-slapd in referral mode, we issue a
message saying its not supported and exit.
Fixes: https://github.com/389ds/389-ds-base/issues/5120
Reviewed by: @progier389 , @droideck, @tbordaz (Thank you)
- - - - -
18b24dc3 by Mark Reynolds at 2025-05-12T10:28:22-04:00
Issue 6727 - RFE - database compaction interval should be persistent
Description:
Record when we start the compaction interval in the ldbm config entry
so if we restart the server compaction will still take place at the
intended interval
Relates: https://github.com/389ds/389-ds-base/issues/6727
Reviewed by: spichugi & tbordaz(Thanks!!)
- - - - -
b7ce2a84 by Viktor Ashirov at 2025-05-14T16:24:43+02:00
Issue 4253 - Container bind mount schema
Bug Description:
When you mount a volume with schema into container, instance creation fails with:
```
Traceback (most recent call last):
File "/usr/libexec/dirsrv/dscontainer", line 489, in <module>
begin_magic()
~~~~~~~~~~~^^
File "/usr/libexec/dirsrv/dscontainer", line 279, in begin_magic
if not sds.create_from_args(g2b.collect(), s2b.collect()):
~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/lib389/instance/setup.py", line 759, in create_from_args
self._install_ds(general, slapd, backends)
~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/lib389/instance/setup.py", line 903, in _install_ds
_ds_shutil_copytree(os.path.join(slapd['sysconf_dir'], 'dirsrv/schema'), slapd['schema_dir'])
~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/site-packages/lib389/__init__.py", line 230, in _ds_shutil_copytree
os.makedirs(dst)
~~~~~~~~~~~^^^^^
File "<frozen os>", line 227, in makedirs
FileExistsError: [Errno 17] File exists: '/etc/dirsrv/slapd-localhost/schema'
```
`_ds_shutil_copytree()` is an outdated copy of the `shutil.copytree()` from Python 3.5.
In the later versions `dirs_exist_ok` parameter was introduced, but it was never backported
to our implementation.
Fix Description:
Instead of the custom implementation, use standard `shutil.copytree()` function, but ignore
existing directories (`dirs_exist_ok=True`) and use `copy` instead of `copy2` to ignore
file metadata.
Fixes: https://github.com/389ds/389-ds-base/issues/4253
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
403246fd by Viktor Ashirov at 2025-05-14T16:27:13+02:00
Issue 6778 - Memory leak in roles_cache_create_object_from_entry
Bug Description:
`this_role` has internal allocations (`dn`, `rolescopedn`, etc.)
that are not freed.
Fix Description:
Use `roles_cache_role_object_free` to free `this_role` and all its
internal structures.
Fixes: https://github.com/389ds/389-ds-base/issues/6778
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
ab033920 by Mark Reynolds at 2025-05-20T08:02:31-04:00
Issue 6787 - Improve error message when bulk import connection is closed
Description:
If an online replication initialization connection is closed a vague error
message is reported when the init is aborted:
factory_destructor - ERROR bulk import abandoned
It should be clear that the import is being abandoned because the connection
was closed and identify the conn id.
relates: https://github.com/389ds/389-ds-base/issues/6787
Reviewed by: progier(Thanks!)
- - - - -
05934307 by Lenka Doudova at 2025-05-28T08:37:11+02:00
Issue 6753 - Port ticket test 47619
Description:
Porting ticket 47619 test to
dirsrvtests/tests/suites/retrocl/retrocl_indexing_test.py.
Relates: #6753
Author: Lenka Doudova
Reviewer: Simon Pichugin
- - - - -
07bd20fa by Viktor Ashirov at 2025-05-28T12:34:16+02:00
Issue 6534 - CI fails with Fedora 41 and DNF5
Bug Description:
DNF5 no longer supports verbose option.
Fix Description:
Remove `-v` flag.
Fixes: https://github.com/389ds/389-ds-base/issues/6534
Reviewed by: @progier389 (Thanks!)
- - - - -
a383eb3e by Viktor Ashirov at 2025-05-30T08:46:52+02:00
Issue 6776 - Enabling audit log makes slapd coredump
Bug description:
`slapi_ch_strdup` function is declared with the `returns_nonnull` attribute,
indicating that it can never return NULL.
However, its implementation explicitly returns NULL when the input is NULL.
This contradicts the attribute and misleads the compiler, which results
in a removed NULL check.
Fix Description:
Remove the `returns_nonnull` attribute from the `slapi_ch_strdup` declaration
to align with its actual behavior.
Fixes: https://github.com/389ds/389-ds-base/issues/6776
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
af66c7b6 by James Chapman at 2025-05-30T12:12:43+01:00
Issue 6641 - modrdn fails when a user is member of multiple groups (#6643)
Bug description:
Rename of a user that is member of multiple AM groups fail when MO and
RI plugins are enabled.
Fix description:
MO plugin - After updating the entry member attribute, check the return
value. Retry the delete if the attr value exists and retry the add if the
attr value is missing.
RI plugin - A previous commit checked if the attr value was not present
before adding a mod. This commit was reverted in favour of overriding
the internal op return value, consistent with other plugins.
CI test from Viktor Ashirov <vashirov at redhat.com>
Fixes: https://github.com/389ds/389-ds-base/issues/6641
Relates: https://github.com/389ds/389-ds-base/issues/6566
Reviewed by: @progier389, @tbordaz, @vashirov (Thank you)
- - - - -
17dac298 by tbordaz at 2025-06-02T16:21:23+02:00
Issue 6755 - RFE use of Session Tracking Control in replication agreement (#6766)
Bug description:
Replication agreement can use Session Tracking Control
to correlated replication sessions between suppliers
and consumers.
Since https://github.com/389ds/389-ds-base/issues/6367 the
server sides (consumer) logs session tracking control in
access logs.
This ticket is to implement the client side (supplier)
Fix description:
This is described https://www.port389.org/docs/389ds/design/session-identifier-clients.html
Each replication agreement implement a session identifier
string that is sent for each replicated operation
including extended op.
The session identifier is logged, on client side,
if the replication debug log is turned on
fixes: #6755
Reviewed by: Pierre Rogier, Mark Reynolds (Thanks !)
- - - - -
3885ffbe by Lenka Doudova at 2025-06-05T09:27:06+02:00
Issue 6753 - Port ticket test 48233
Description:
Porting ticket 48233 test to
dirsrvtests/tests/suites/acl/aci_ip_restriction.py
Relates: #6753
Author: Lenka Doudova
Reviewer: Simon Pichugin
- - - - -
9206ee10 by Lenka Doudova at 2025-06-05T09:32:04+02:00
Issue 6753 - Port ticket test 48370
Description:
Porting ticket 48370 test to
dirsrvtests/tests/suites/indexes/regression.py.
Relates: #6753
Author: Lenka Doudova
Reviewer: Simon Pichugin
- - - - -
d7ba8408 by progier389 at 2025-06-06T15:26:52+02:00
Issue 6791 - crash in liblmdb during instance shutdown (#6793)
Sometime ns-slapd process crashes during the shutdown.
The core stacks shows that a thread attempts to use liblmdb after lmdb environment get closed
in one of thread specific data destructor callback.
The fix ensure that lmdb is not called after its environment get closed
Issue: #6791
Reviewed by: @droideck, @tbordaz (Thanks!)
- - - - -
e61de564 by Lenka Doudova at 2025-06-10T08:09:33+02:00
Issue 6753 - Port ticket test 48026
Description:
Porting ticket 48026 test to
dirsrvtests/tests/suites/plugins/attruniq_test.py
Relates: #6753
Author: Lenka Doudova
Reviewer: Thierry Bordaz
- - - - -
d1b2a6e5 by Mark Reynolds at 2025-06-10T11:01:05-04:00
Issue 6761 - Password modify extended operation should skip password policy checks when executed by root DN
Description:
When the LDAP password policy extended operation is executed by root DN on a
regular user under constraints of a password policy, eg password history, it
should skip password policy checks because the root DN should be allowed to
set a regular user password to any value however this is currently not the case.
The fix is to check if the bind is a pwd admin and set SLAPI_REQUESTOR_ISROOT
for the new internal operatiin that will update the password. This does
not bypass aci evalaution.
relates: https://github.com/389ds/389-ds-base/issues/6761
reviewed by: tbordaz & spichugi(Thanks!)
- - - - -
54c1eb0e by Simon Pichugin at 2025-06-11T16:27:11-07:00
Issue 1081 - Add a CI test (#6063)
Description: Test if custom schema modifications (based on standard schema)
are properly replicated between servers and they persist after server restarts.
Relates: https://github.com/389ds/389-ds-base/issues/1081
Reviewed by: @progier389 (Thanks!)
- - - - -
04864e04 by Lenka Doudova at 2025-06-13T09:16:09+02:00
Issue 6753 - Port ticket 47640 test
Porting ticket 47640 test to dirsrvtests/tests/suites/betxns/betxn_test.py::test_linked_attributes_plugin.
Relates: #6753
Author: Lenka Doudova
Reviewer: Simon Pichugin
- - - - -
aab44b2d by Lenka Doudova at 2025-06-17T17:19:37+02:00
Issue 6758 - Fix failing webUI tests
Description:
Fixing webUI tests that are failing due to recent changes.
Removing xfail markers where bugs were fixed.
Also includes minor changes in order to remove deprecation warnings.
Removing code disabling automatic run of webUI tests.
Relates: #6758
Author: Lenka Doudova
Reviewed by: ???
- - - - -
fa336562 by Simon Pichugin at 2025-06-20T16:11:32-07:00
Issue 6553 - Update concread to 0.5.6 (#6824)
Description: The new concread version removes arc-swap usage
from its internal module. This way we avoid being exposed to
the arc-swap's undefined behaviour that exists in its current
version. Potentially, it should fix the NDN cache crash reported
in the #6803 GH issue.
Related: https://github.com/389ds/389-ds-base/issues/6553
Reviewed by: @Firstyear (Thanks!)
- - - - -
85237190 by Viktor Ashirov at 2025-06-23T09:58:30+02:00
Issue 6819 - Incorrect pwdpolicysubentry returned for an entry with user password policy
Bug Description:
When both subtree and user password policies exist, pwdpolicysubentry
points to the subtree password policy instead of user password policy.
Fix Description:
Update the template for CoS pointer definition to use
`operational-default` modifier instead of `operational`.
Fixes: https://github.com/389ds/389-ds-base/issues/6819
Reviewed by: @droideck, @tbordaz (Thanks!)
- - - - -
49f802b4 by Simon Pichugin at 2025-06-24T10:43:44-07:00
Issue 6767 - Package lib389 on PyPI (#6786)
Description: Modernize the lib389 package system by replacing the old setup.py
mechanism with pyproject.toml.
Add a version validation script to ensure the lib389 version matches
the main 389-ds-base version.
Update build systems (Makefile, rpm specfile) to work with the new packaging approach.
Enhance README.md.
Fixes: https://github.com/389ds/389-ds-base/issues/6767
Reviewed by: @hroncok, @vashirov (Thanks!!)
- - - - -
c9a4c4ae by James Chapman at 2025-06-25T15:11:05+01:00
Issue 6825 - RootDN Access Control Plugin with wildcards for IP addre… (#6826)
Bug description:
RootDN Access Control Plugin with wildcards for IP addresses fails withi
an error "Invalid IP address"
socket.inet_aton() validates IPv4 IP addresses and does not support wildcards.
Fix description:
Add a regex pattern to match wildcard IP addresses, check each octet is
between 0-255
Fixes: https://github.com/389ds/389-ds-base/issues/6825
Reviewed by: @droideck (Thank you)
- - - - -
1c90a9c9 by Viktor Ashirov at 2025-06-25T19:16:43+02:00
Bump version to 3.1.3
- - - - -
7d02492d by Barbora Simonova at 2025-06-26T14:46:34+02:00
Issue 6829 - Update parametrized docstring for tests
Description:
Update missing parametrized value in docstring for some tests
Fixes: https://github.com/389ds/389-ds-base/issues/6829
Reviewed by: @vashirov (Thanks!)
- - - - -
d0747eda by Mark Reynolds at 2025-06-27T13:30:02-04:00
Issue 6782 - Improve paged result locking
Description:
When cleaning a slot, instead of mem setting everything to Zero and restoring
the mutex, manually reset all the values leaving the mutex pointer
intact.
There is also a deadlock possibility when checking for abandoned PR search
in opshared.c, and we were checking a flag value outside of the per_conn
lock.
Relates: https://github.com/389ds/389-ds-base/issues/6782
Reviewed by: progier & spichugi(Thanks!!)
- - - - -
dcffae86 by Simon Pichugin at 2025-06-27T18:43:39-07:00
Issue 6822 - Backend creation cleanup and Database UI tab error handling (#6823)
Description: Add rollback functionality when mapping tree creation fails
during backend creation to prevent orphaned backends.
Improve error handling in Database, Replication and Monitoring UI tabs
to gracefully handle backend get-tree command failures.
Fixes: https://github.com/389ds/389-ds-base/issues/6822
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
82147465 by Viktor Ashirov at 2025-07-01T14:28:29+02:00
Issue 6838 - lib389/replica.py is using nonexistent datetime.UTC in Python 3.9
Bug Description:
389-ds-base-2.x is supposed to be used with Python 3.9.
But lib389/replica.py is using `datetime.UTC`, which is an alias
to `datetime.timezone.utc` was added only in Python 3.11.
Fix Description:
Use `datetime.timezone.utc` instead.
Fixes: https://github.com/389ds/389-ds-base/issues/6838
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
3b6f43b6 by Viktor Ashirov at 2025-07-03T09:38:37+02:00
Issue 6841 - Cancel Actions when PR is updated
Description
GH Actions take some time to run, and updating PR before the previous
run has completed makes the new runs wait.
Instead we should cancel the previous runs for this PR to save time
and don't waste computing resources.
Fixes: https://github.com/389ds/389-ds-base/issues/6841
Reviewed by: @droideck (Thanks!)
- - - - -
d620d791 by Lenka Doudova at 2025-07-05T15:27:55+02:00
Issue 6753 - Add 'add_exclude_subtree' and 'remove_exclude_subtree' methods to Attribute uniqueness plugin
Description:
Adding 'add_exclude_subtree' and 'remove_exclude_subtree' methods to AttributeUniquenessPlugin in
order to be able to easily add or remove an exclude subtree.
Porting ticket 47927 test to
dirsrvtests/tests/suites/plugins/attruniq_test.py
Relates: #6753
Author: Lenka Doudova
Reviewers: Simon Pichugin, Mark Reynolds
- - - - -
69df678c by Lenka Doudova at 2025-07-07T22:05:53+02:00
Issue 6753 - Port ticket tests 48294 & 48295
Description: Porting ticket 48294 and 48295 tests to
dirsrvtests/tests/suites/plugins/linked_attributes_test.py
Relates: #6753
Author: Lenka Doudova
Reviewed by: Simon Pichugin
- - - - -
9947b64c by Viktor Ashirov at 2025-07-09T10:31:45+02:00
Issue 6852 - Move ds* CLI tools back to /sbin
Bug Description:
After #6767 ds* CLI tools are packaged in /bin instead of /sbin. Even
though Fedora 42 has unified /bin and /sbin, some tools (ipa-backup) and
our tests still rely on hardcoded paths.
Fix Description:
Move ds* tools back to /sbin
Fixes: https://github.com/389ds/389-ds-base/issues/6852
Reviewed by: @droideck (Thanks!)
- - - - -
c6fc3732 by Alexander Bokovoy at 2025-07-09T14:54:20-04:00
Issue 6857 - uiduniq: allow specifying match rules in the filter
Allow uniqueness plugin to work with attributes where uniqueness should
be enforced using different matching rule than the one defined for the
attribute itself.
Since uniqueness plugin configuration can contain multiple attributes,
add matching rule right to the attribute as it is used in the LDAP rule
(e.g. 'attribute:caseIgnoreMatch:' to force 'attribute' to be searched
with case-insensitive matching rule instead of the original matching
rule.
Fixes: https://github.com/389ds/389-ds-base/issues/6857
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
e7a6b560 by Simon Pichugin at 2025-07-10T11:53:12-07:00
Issue 6756 - CLI, UI - Properly handle disabled NDN cache (#6757)
Description: Fix the db_monitor function in monitor.py to check if
nsslapd-ndn-cache-enabled is off and conditionally include NDN cache
statistics only when enabled.
Update dbMonitor.jsx components to detect when NDN cache is disabled and
conditionally render NDN cache tabs, charts, and related content with proper
fallback display when disabled.
Add test_ndn_cache_disabled to verify both JSON and non-JSON output formats
correctly handle when NDN cache is turned off and on.
Fixes: https://github.com/389ds/389-ds-base/issues/6756
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
58d3fc57 by James Chapman at 2025-07-11T11:16:13+01:00
Issue 6854 - Refactor for improved data management (#6855)
Description: Replaced standard dictionaries with defaultdict and
introduced @dataclass structures to streamline data handling.
Improved reliability and readability by reducing explicit key
checks and default initialisation logic. Simplified nested
structure management and ensured consistency across components
such as ResultData, BindData, and ConnectionData.
Fixes: https://github.com/389ds/389-ds-base/issues/6854
Reviewed by: @mreynolds389 (Thank you)
- - - - -
2a3c0d8e by Viktor Ashirov at 2025-07-11T13:32:23+02:00
Issue 6850 - AddressSanitizer: memory leak in mdb_init
Bug Description:
`dbmdb_componentid` can be allocated multiple times. To avoid a memory
leak, allocate it only once, and free at the cleanup.
Fixes: https://github.com/389ds/389-ds-base/issues/6850
Reviewed by: @mreynolds389, @tbordaz (Tnanks!)
- - - - -
6d23c816 by Viktor Ashirov at 2025-07-11T19:41:01+02:00
Issue 6848 - AddressSanitizer: leak in do_search
Bug Description:
When there's a BER decoding error and the function goes to
`free_and_return`, the `attrs` variable is not being freed because it's
only freed if `!psearch || rc != 0 || err != 0`, but `err` is still 0 at
that point.
If we reach `free_and_return` from the `ber_scanf` error path, `attrs`
was never set in the pblock with `slapi_pblock_set()`, so the
`slapi_pblock_get()` call will not retrieve the potentially partially
allocated `attrs` from the BER decoding.
Fixes: https://github.com/389ds/389-ds-base/issues/6848
Reviewed by: @tbordaz, @droideck (Thanks!)
- - - - -
437f145b by Viktor Ashirov at 2025-07-11T19:42:59+02:00
Issue 6865 - AddressSanitizer: leak in agmt_update_init_status
Bug Description:
We allocate an array of `LDAPMod *` pointers, but never free it:
```
=================================================================
==2748356==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f05e8cb4a07 in __interceptor_malloc (/lib64/libasan.so.6+0xb4a07)
#1 0x7f05e85c0138 in slapi_ch_malloc (/usr/lib64/dirsrv/libslapd.so.0+0x1c0138)
#2 0x7f05e109e481 in agmt_update_init_status ldap/servers/plugins/replication/repl5_agmt.c:2583
#3 0x7f05e10a0aa5 in agmtlist_shutdown ldap/servers/plugins/replication/repl5_agmtlist.c:789
#4 0x7f05e10ab6bc in multisupplier_stop ldap/servers/plugins/replication/repl5_init.c:844
#5 0x7f05e10ab6bc in multisupplier_stop ldap/servers/plugins/replication/repl5_init.c:837
#6 0x7f05e862507d in plugin_call_func ldap/servers/slapd/plugin.c:2001
#7 0x7f05e8625be1 in plugin_call_one ldap/servers/slapd/plugin.c:1950
#8 0x7f05e8625be1 in plugin_dependency_closeall ldap/servers/slapd/plugin.c:1844
#9 0x55e1a7ff9815 in slapd_daemon ldap/servers/slapd/daemon.c:1275
#10 0x55e1a7fd36ef in main (/usr/sbin/ns-slapd+0x3e6ef)
#11 0x7f05e80295cf in __libc_start_call_main (/lib64/libc.so.6+0x295cf)
#12 0x7f05e802967f in __libc_start_main_alias_2 (/lib64/libc.so.6+0x2967f)
#13 0x55e1a7fd74a4 in _start (/usr/sbin/ns-slapd+0x424a4)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
```
Fix Description:
Ensure `mods` is freed in the cleanup code.
Fixes: https://github.com/389ds/389-ds-base/issues/6865
Relates: https://github.com/389ds/389-ds-base/issues/6470
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
b97d06ac by Mark Reynolds at 2025-07-12T11:51:24-04:00
Issue 6868 - UI - schema attribute table expansion break after moving to
a new page
Description:
Used the wrong formula to select the expanded row for Attributes
Relates: https://github.com/389ds/389-ds-base/issues/6868
Reviewed by: spichugi(Thanks!)
- - - - -
d0ae48cb by Viktor Ashirov at 2025-07-14T09:03:17+02:00
Issue 6800 - Check for minimal supported Python version
Description:
Add a new check for minimal supported Python version for lib389 and dirsrvtests
Fixes: https://github.com/389ds/389-ds-base/issues/6800
Reviewed by: @progier389, @droideck (Thanks)
- - - - -
b8f7533a by Viktor Ashirov at 2025-07-14T09:06:40+02:00
Issue 5733 - Remove outdated Dockerfiles
Bug Description:
Files under ./docker are outdated and no longer used. Remove them.
Fixes: https://github.com/389ds/389-ds-base/issues/5733
Reviewed by: @droideck (Thanks!)
- - - - -
6d36bd1f by Mark Reynolds at 2025-07-16T14:15:40-04:00
Issue 6859 - str2filter is not fully applying matching rules
Description:
When we have an extended filter, one with a MR applied, it is ignored during
internal searches:
"(cn:CaseExactMatch:=Value)"
For internal searches we use str2filter() and it doesn't fully apply extended
search filter matching rules
Also needed to update attr uniqueness plugin to apply this change for mod
operations (previously only Adds were correctly handling these attribute
filters)
Relates: https://github.com/389ds/389-ds-base/issues/6857
Relates: https://github.com/389ds/389-ds-base/issues/6859
Reviewed by: spichugi & tbordaz(Thanks!!)
- - - - -
5f5edf83 by Mark Reynolds at 2025-07-18T12:03:48-04:00
Issue 6872 - compressed log rotation creates files with world readable permission
Description:
When compressing a log file, first create the empty file using open()
so we can set the correct permissions right from the start. gzopen()
always uses permission 644 and that is not safe. So after creating it
with open(), with the correct permissions, then pass the FD to gzdopen()
and write the compressed content.
relates: https://github.com/389ds/389-ds-base/issues/6872
Reviewed by: progier(Thanks!)
- - - - -
3bb3ca2e by Simon Pichugin at 2025-07-18T18:50:33-07:00
Issue 6878 - Prevent repeated disconnect logs during shutdown (#6879)
Description: Avoid logging non-active initialized connections via CONN in disconnect_server_nomutex_ext by adding a check to skip invalid conn=0 with invalid sockets, preventing excessive repeated messages.
Update ds_logs_test.py by adding test_no_repeated_disconnect_messages to verify the fix.
Fixes: https://github.com/389ds/389-ds-base/issues/6878
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
d04d3a60 by Mark Reynolds at 2025-07-22T12:16:38-04:00
Issue 6888 - Missing access JSON logging for TLS/Client auth
Description:
TLS/Client auth logging was not converted to JSON (auth.c got missed)
Relates: https://github.com/389ds/389-ds-base/issues/6888
Reviewed by: spichugi(Thanks!)
- - - - -
55d83b72 by Barbora Simonova at 2025-07-22T18:30:06+02:00
Issue 6829 - Update parametrized docstring for tests
Description:
Update the rest of missing parametrized values
Relates: https://github.com/389ds/389-ds-base/issues/6829
Reviewed by: @droideck (Thanks!)
- - - - -
34fe2125 by Anuar Beisembayev at 2025-07-23T20:48:11-07:00
Issue 6772 - dsconf - Replicas with the "consumer" role allow for viewing and modification of their changelog. (#6773)
dsconf currently allows users to set and retrieve changelogs in consumer replicas, which do not have officially supported changelogs. This can lead to undefined behavior and confusion.
This commit prints a warning message if the user tries to interact with a changelog on a consumer replica.
Resolves: https://github.com/389ds/389-ds-base/issues/6772
Reviewed by: @droideck
- - - - -
5d1861ea by Mark Reynolds at 2025-07-24T15:46:52-04:00
Issue 6893 - Log user that is updated during password modify extended operation
Description:
When a user's password is updated via an extended operation (password modify
plugin) we only log the bind DN and not what user was updated. While "internal
operation" logging will display the the user it should be logged by the default
logging level.
Add access logging using "EXT_INFO" for the old logging format, and
"EXTENDED_OP_INFO" for json logging where we display the bind dn, target
dn, and message.
Relates: https://github.com/389ds/389-ds-base/issues/6893
Reviewed by: spichugi & tbordaz(Thanks!!)
- - - - -
4243bb8d by Viktor Ashirov at 2025-07-25T17:06:20+02:00
Issue 6800 - Rerun the check in verbose mode on failure
Bug Description:
By default vermin doesn't report line numbers where the check failed,
it's available in verbose mode. But verbose mode is too noisy.
Fix Description:
Rerun vermin again in the verbose mode, only when the first run exited
with error.
Relates: https://github.com/389ds/389-ds-base/issues/6800
Reviewed by: @progier389 (Thanks!)
- - - - -
2db1412b by Viktor Ashirov at 2025-07-25T18:10:16+02:00
Issue 6352 - Fix DeprecationWarning
Bug Description:
When pytest is used on ASAN build, pytest-html plugin collects `*asan*`
files, which results in the following deprecation warning:
```
The 'report.extra' attribute is deprecated and will be removed in a
future release, use 'report.extras' instead.
```
Fixes: https://github.com/389ds/389-ds-base/issues/6352
Reviwed by: @droideck (Thanks!)
- - - - -
4d7f8b3e by Viktor Ashirov at 2025-07-25T18:11:39+02:00
Issue 6880 - Fix ds_logs test suite failure
Bug Description:
After 947ee67df6 ds_logs test suite started to fail in
test_internal_log_server_level_4. It slightly changed the order and
timing of log messages.
Fix Description:
Do another MOD after restart to trigger the internal search.
Fixes: https://github.com/389ds/389-ds-base/issues/6880
Reviewed by: @bsimonova, @droideck (Thanks!)
- - - - -
cb775295 by Viktor Ashirov at 2025-07-25T18:23:20+02:00
Issue 6901 - Update changelog trimming logging
Description:
* Set SLAPI_LOG_ERR for message in `_cl5DispatchTrimThread`
* Set correct function name for logs in `_cl5TrimEntry`.
* Add number of scanned entries to the log.
Fixes: https://github.com/389ds/389-ds-base/issues/6901
Reviewed by: @mreynolds389, @progier389 (Thanks!)
- - - - -
8856e54a by progier389 at 2025-07-26T17:24:44+02:00
Issue 6430 - implement read-only bdb (#6431)
* Issue 6430 - implement read-only bdb on F43
Remove bdb support from Fedora 43+
Implement read only bdb package to support : dsctl dblib bdb2mdb
- - - - -
9882b5f7 by Akshay Adhikari at 2025-07-28T18:14:15+05:30
Issue 6663 - Fix NULL subsystem crash in JSON error logging (#6883)
Description: Fixes crash in JSON error logging when subsystem is NULL.
Parametrized test case for better debugging.
Relates: https://github.com/389ds/389-ds-base/issues/6663
Reviewed by: @mreynolds389
- - - - -
ff46d719 by Mark Reynolds at 2025-07-28T13:42:04-04:00
Issue 6895 - Crash if repl keep alive entry can not be created
Description:
Heap use after free when logging that the replicaton keep-alive entry can not
be created. slapi_add_internal_pb() frees the slapi entry, then
we try and get the dn from the entry and we get a use-after-free crash.
Relates: https://github.com/389ds/389-ds-base/issues/6895
Reviewed by: spichugi(Thanks!)
- - - - -
e210ccf1 by Simon Pichugin at 2025-07-28T10:50:26-07:00
Issue 6250 - Add test for entryUSN overflow on failed add operations (#6821)
Description: Add comprehensive test to reproduce the entryUSN
overflow issue where failed attempts to add existing entries followed by
modify operations cause entryUSN values to underflow/overflow instead of
incrementing properly.
Related: https://github.com/389ds/389-ds-base/issues/6250
Reviewed by: @tbordaz (Thanks!)
- - - - -
70838b06 by Simon Pichugin at 2025-07-28T15:35:50-07:00
Issue 6594 - Add test for numSubordinates replication consistency with tombstones (#6862)
Description: Add a comprehensive test to verify that numSubordinates and
tombstoneNumSubordinates attributes are correctly replicated between
instances when tombstone entries are present.
Fixes: https://github.com/389ds/389-ds-base/issues/6594
Reviewed by: @progier389 (Thanks!)
- - - - -
bfeaa8d2 by Simon Pichugin at 2025-07-28T15:41:29-07:00
Issue 6884 - Mask password hashes in audit logs (#6885)
Description: Fix the audit log functionality to mask password hash values for
userPassword, nsslapd-rootpw, nsmultiplexorcredentials, nsds5ReplicaCredentials,
and nsds5ReplicaBootstrapCredentials attributes in ADD and MODIFY operations.
Update auditlog.c to detect password attributes and replace their values with
asterisks (**********************) in both LDIF and JSON audit log formats.
Add a comprehensive test suite audit_password_masking_test.py to verify
password masking works correctly across all log formats and operation types.
Fixes: https://github.com/389ds/389-ds-base/issues/6884
Reviewed by: @mreynolds389, @vashirov (Thanks!!)
- - - - -
d31b9e98 by Simon Pichugin at 2025-07-28T20:02:09-07:00
Issue 6897 - Fix disk monitoring test failures and improve test maintainability (#6898)
Description: Refactor disk_monitoring_test.py to address failures and
improve maintainability. Replace manual sleep loops with proper wait
conditions using wait_for_condition() and wait_for_log_entry() helpers.
Add comprehensive logging throughout all tests for better debugging.
Implement configuration capture/restore to prevent test pollution
between runs.
Change fixture scope from module to function level for better test
isolation and ensure proper cleanup in all test cases.
Fixes: https://github.com/389ds/389-ds-base/issues/6897
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
12191225 by Viktor Ashirov at 2025-07-29T07:45:21+02:00
Issue 6778 - Memory leak in roles_cache_create_object_from_entry part 2
Bug Description:
Everytime a role with scope DN is processed, we leak rolescopeDN.
Fix Description:
* Initialize all pointer variables to NULL
* Add additional NULL checks
* Free rolescopeDN
* Move test_rewriter_with_invalid_filter before the DB contains 90k entries
* Use task.wait() for import task completion instead of parsing logs,
increase the timeout
Fixes: https://github.com/389ds/389-ds-base/issues/6778
Reviewed by: @progier389 (Thanks!)
- - - - -
e15a5e5a by Viktor Ashirov at 2025-07-29T07:48:10+02:00
Issue 6901 - Update changelog trimming logging - fix tests
Description:
Update changelog_trimming_test for the new error message.
Fixes: https://github.com/389ds/389-ds-base/issues/6901
Reviewed by: @progier389, @aadhikar (Thanks!)
- - - - -
50e2e36f by Viktor Ashirov at 2025-07-29T14:21:58+02:00
Issue 6181 - RFE - Allow system to manage uid/gid at startup
Description:
Expand CapabilityBoundingSet to include CAP_FOWNER
Relates: https://github.com/389ds/389-ds-base/issues/6181
Relates: https://github.com/389ds/389-ds-base/issues/6906
Reviewed by: @progier389 (Thanks!)
- - - - -
2f59feba by Viktor Ashirov at 2025-08-01T12:31:13+02:00
Issue 6468 - CLI - Fix default error log level
Description:
Default error log level is 16384
Relates: https://github.com/389ds/389-ds-base/issues/6468
Reviewed by: @droideck (Thanks!)
- - - - -
13e2ec10 by James Chapman at 2025-08-01T13:27:02+01:00
Issue 6768 - ns-slapd crashes when a referral is added (#6780)
Bug description: When a paged result search is successfully run on a referred
suffix, we retrieve the search result set from the pblock and try to release
it. In this case the search result set is NULL, which triggers a SEGV during
the release.
Fix description: If the search result code is LDAP_REFERRAL, skip deletion of
the search result set. Added test case.
Fixes: https://github.com/389ds/389-ds-base/issues/6768
Reviewed by: @tbordaz, @progier389 (Thank you)
- - - - -
d0b38408 by Simon Pichugin at 2025-08-01T09:28:39-07:00
Issues 6913, 6886, 6250 - Adjust xfail marks (#6914)
Description: Some of the ACI invalid syntax issues were fixed,
so we need to remove xfail marks.
Disk space issue should have a 'skipif' mark.
Display all attrs (nsslapd-auditlog-display-attrs: *) fails because of a bug.
EntryUSN inconsistency and overflow bugs were exposed with the tests.
Related: https://github.com/389ds/389-ds-base/issues/6913
Related: https://github.com/389ds/389-ds-base/issues/6886
Related: https://github.com/389ds/389-ds-base/issues/6250
Reviewed by: @vashirov (Thanks!)
- - - - -
7bcb1899 by Lenka Doudova at 2025-08-03T21:31:22+02:00
Issue 6875 - Fix dsidm tests
Description:
Adding testing of the "full_dn" option with 'dsidm list' command for all
relevant types of entries
Removing xfail markers in dsidm role tests since the issues were
resolved
Relates: #6875
Author: Lenka Doudova
Reviewed by: ???
- - - - -
d7a43800 by Lenka Doudova at 2025-08-04T13:17:26+02:00
Issue 6753 - Port ticket test 47573
Description:
Porting tests in dirsrvtests/tests/tickets/ticket47573_test.py into
dirsrvtests/tests/suites/schema/schema_replication_test.py as it
contains tests of similar nature.
Amending all tests within target file to use DSLdapObject and other
minor code changes that do not change functionality.
Relates: #6753
Author: Lenka Doudova
Reviewer: Simon Pichugin, Thierry Bordaz
- - - - -
799cdae8 by Lenka Doudova at 2025-08-05T18:02:40+02:00
Issue 6519 - Add basic dsidm account tests
Automating basic dsidm account tests
Relates to: https://github.com/389ds/389-ds-base/issues/6519
Author: Lenka Doudova
Reviewed by: Simon Pichugin
- - - - -
1db4981c by Viktor Ashirov at 2025-08-12T10:40:00+02:00
Issue 6922 - AddressSanitizer: leaks found by acl test suite
Description:
Fix multiple memory leaks in ACL plugin:
* aclgroup.c: Fix memory leak in `aclgroup_free()` by properly cleaning
up all user groups before destroying the rwlock and freeing the main
structure
* aclscan.l & acltext.y: use `PERM_FREE` macro instead of `free()`
* Add cleanups in aclparse.c, aclinit.c, acllist.c, acllas.c
Fixes: https://github.com/389ds/389-ds-base/issues/6922
Reviewed by: @progier389 (Thanks!)
- - - - -
17014195 by Viktor Ashirov at 2025-08-12T10:41:03+02:00
Issue 6929 - Compilation failure with rust-1.89 on Fedora ELN
Bug Description:
The `ValueArrayRefIter` struct has a lifetime parameter `'a`.
But in the `iter` method the return type doesn't specify the lifetime parameter.
Fix Description:
Make the lifetime explicit.
Fixes: https://github.com/389ds/389-ds-base/issues/6929
Reviewed by: @droideck (Thanks!)
- - - - -
d523c4c8 by Viktor Ashirov at 2025-08-12T10:42:41+02:00
Issue 5120 - Fix compilation error
Bug Description:
Compilation fails with `-Wunused-function`:
```
ldap/servers/slapd/main.c:290:1: warning: ‘referral_set_defaults’ defined but not used [-Wunused-function]
290 | referral_set_defaults(void)
| ^~~~~~~~~~~~~~~~~~~~~
make: *** [Makefile:4148: all] Error 2
```
Fix Description:
Remove unused function `referral_set_defaults`.
Fixes: https://github.com/389ds/389-ds-base/issues/5120
Reviewed by: @progier389 (Thanks!)
- - - - -
e7d2af8e by Barbora Simonova at 2025-08-13T12:39:53+02:00
Issue 6904 - Fix config_test.py::test_lmdb_config
Description:
Update get_default_mdb_max_size to format DEFAULT_LMDB_SIZE from '20Gb' to '20.0 GB'
Relates: https://github.com/389ds/389-ds-base/issues/6904
Reviewed by: @progier389 (Thanks!)
- - - - -
6b2e6d1f by Akshay Adhikari at 2025-08-14T18:42:30+05:30
Issue 6753 - Removing ticket 49540 test and porting to DSLdapObject (#6877)
Description:
The old ticket49540_test.py used old test methods. This moves the test
into regression_test.py file using DSLdapObject for cleaner and
easier to maintain tests.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewer: @vashirov
- - - - -
de17154e by Viktor Ashirov at 2025-08-18T09:13:12+02:00
Issue 6928 - The parentId attribute is indexed with improper matching rule
Bug Description:
`parentId` attribute contains integer values and needs to be indexed with
`integerOrderingMatch` matching rule. This attribute is a system attribute
and the configuration entry for this attribute is created when a backend
is created. The bug is that the per backend configuration entry does not
contain `nsMatchingRule: integerOrderingMatch`.
Fix Description:
* Update `ldbm_instance_create_default_indexes` to support matching rules
and update default system index configuration for `parentId` to include
`integerOrderingMatch` matching rule.
* Add healthcheck linter for default system indexes and indexes created
by RetroCL and USN plugins.
Fixes: https://github.com/389ds/389-ds-base/issues/6928
Fixes: https://github.com/389ds/389-ds-base/issues/6915
Reviewed by: @progier389, @tbordaz (Thanks!)
- - - - -
e14e23e0 by llile at 2025-08-19T11:50:35+10:00
Migrate from PR_Poll to epoll and timerfd. (#6924)
Description:
Migrate from PR_Poll to epoll and timerfd for connection
timeout management.
Relates: https://github.com/389ds/389-ds-base/issues/5181
Author: Larry Lile
Reviewed by: firstyear, progier, tbordaz, jchapma
- - - - -
22cff37b by Simon Pichugin at 2025-08-19T14:30:15-07:00
Issue 6936 - Make user/subtree policy creation idempotent (#6937)
Description: Correct the CLI mapping typo to use 'nsslapd-pwpolicy-local',
rework subtree policy detection to validate CoS templates and add user-policy detection.
Make user/subtree policy creation idempotent via ensure_state, and improve deletion
logic to distinguish subtree vs user policies and fail if none exist.
Add a test suite (pwp_history_local_override_test.py) exercising global-only and local-only
history enforcement, local overriding global counts, immediate effect of dsconf updates,
and fallback to global after removing a user policy, ensuring reliable behavior
and preventing regressions.
Fixes: https://github.com/389ds/389-ds-base/issues/6936
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
dd812ee3 by Simon Pichugin at 2025-08-19T16:10:09-07:00
Issue 6940 - dsconf monitor server fails with ldapi:// due to absent server ID (#6941)
Description: The dsconf monitor server command fails when using ldapi://
protocol because the server ID is not set, preventing PID retrieval from
defaults.inf. This causes the Web console to fail displaying the "Server
Version" field and potentially other CLI/WebUI issues.
The fix attempts to derive the server ID from the LDAPI socket path when
not explicitly provided. This covers the common case where the socket name
contains the instance name (e.g., slapd-instance.socket).
If that's not possible, it also attempts to derive the server ID from the
nsslapd-instancedir configuration attribute. The derived server ID
is validated against actual system instances to ensure it exists.
Note that socket names can vary and nsslapd-instancedir can be changed.
This is a best-effort approach for the common naming pattern.
Also fixes the LDAPI socket path extraction which was incorrectly using
offset 9 instead of 8 for ldapi:// URIs.
The monitor command now handles missing PIDs gracefully, returning zero
values for process-specific stats instead of failing completely.
Fixes: https://github.com/389ds/389-ds-base/issues/6940
Reviewed by: @vashirov, @mreynolds389 (Thanks!!)
- - - - -
67fc9dfc by Gerben100 at 2025-08-20T12:47:17+02:00
Issue 6342 - buffer owerflow in the function parseVariant (#6927)
Bug Description:
The expression var = variant0 - VAR_MIN; calculates the difference between variant0 and a constant VAR_MIN, resulting in a value of 7 in this specific example. Attempting to access the array using the calculated index 7 would lead to an out-of-bounds access, causing an array overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE. Reporter: Dmitriy Fedin (d.fedin at fobos-nt.ru).
Organization: Fobos-NT (info at fobos-nt.ru).
Fix Description:
It is necessary to increase the size of the array and increase the bounds when it is initialized.
Organization: altlinux.org
Fixes: #6342
Author: Denis Rastyogin
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
791d2c43 by Yaakov Selkowitz at 2025-08-20T23:46:46+02:00
Issue 6430 - Fix build with bundled libdb
Description:
The libbdb_ro change (#6431) added a `WITH_LIBBDB_RO` automake conditional
and a `db_bdb_srcdir` autoconf substitution which must also be defined when
building --with-bundle-libdb.
Related: https://github.com/389ds/389-ds-base/issues/6430
- - - - -
ea441367 by progier389 at 2025-08-21T17:30:00+02:00
Issue 6919 - numSubordinates/tombstoneNumSubordinates are inconsisten… (#6920)
* Issue 6919 - numSubordinates/tombstoneNumSubordinates are inconsistent after import
Problem was that the number of tombstone was not propperly computed.
With bdb: tombstoneNumSubordinates was not computed:
With lmdb: numSubordinates was also including the tombstones
Fixed the numSubordinates/tombstoneNumSubordinates computation during import by:
walking the entryrdn C keys (because parentid does not contains tombstone on bdb)
checking if the children entry is a tombstone by looking in objectclass index
and increasing numSubordinates/tombstoneNumSubordinates subcount accordingly
performed some code cleanup.
- removed the job->mother containing the hashtable of non leaf entry ids
- moved the function that replace the numSubordinates/tombstoneNumSubordinates
attribute in an entry back in export.c (rather than duplicating it in
db_import.c and db_import.c)
- changed a PR_ASSERT that is no more true.
Notes:
Not using the parentid index because it does not contains the tombstone on bdb
(although it does on lmdb)
The new subcount computation algorythm was not possible when the code was origionally written
because it requires entrytrdn index and having alls the keys (i.e: no ALLIDs in the indexes)
That was why hash table of ids and idlist was used. ( I removed that code that code generate a serious
overhead if there is a large number of non leaf entries (typically if users entries have children)
Issue: #6919
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
18d37db6 by Akshay Adhikari at 2025-08-25T17:38:47+05:30
Issue 6753 - Removing ticket 50232 test and porting to DSLdapObject (#6861)
Description:
The old ticket50232_test.py used old test methods. This moves the test
into the updated replication_deadlock_test.py file using DSLdapObject
for cleaner and easier to maintain tests.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewer: @vashirov
- - - - -
9cede9cd by Mark Reynolds at 2025-08-26T13:31:55-04:00
Issue 6910 - Fix latest coverity issues
Description:
Fix various coverity/ASAN warnings:
- CID 1618837: Out-of-bounds read (OVERRUN) - bdb_bdbreader_glue.c
- CID 1618831: Resource leak (RESOURCE_LEAK) - bdb_layer.c
- CID 1612606: Resource leak (RESOURCE_LEAK) - log.c
- CID 1611461: Uninitialized pointer read (UNINIT) - repl5_agmt.c
- CID 1568589: Dereference before null check (REVERSE_INULL) - repl5_agmt.c
- CID 1590353: Logically dead code (DEADCODE) - repl5_agmt.c
- CID 1611460: Logically dead code (DEADCODE) - control.c
- CID 1610568: Dereference after null check (FORWARD_NULL) - modify.c
- CID 1591259: Out-of-bounds read (OVERRUN) - memberof.c
- CID 1550231: Unsigned compared against 0 (NO_EFFECT) - memberof_config.c
- CID 1548904: Overflowed constant (INTEGER_OVERFLOW) - ch_malloc.c
- CID 1548902: Overflowed constant (INTEGER_OVERFLOW) - dse.lc
- CID 1548900: Overflowed return value (INTEGER_OVERFLOW) - acct_util.c
- CID 1548898: Overflowed constant (INTEGER_OVERFLOW) - parents.c
- CID 1546849: Resource leak (RESOURCE_LEAK) - referint.c
- ASAN - Use after free - automember.c
Relates: http://github.com/389ds/389-ds-base/issues/6910
Reviewed by: progier & spichugi(Thanks!)
- - - - -
01fec9f6 by Lenka Doudova at 2025-08-27T12:44:29+02:00
Issue 6753 - Port ticket 47808 test
Porting ticket 47808 test to dirsrvtests/tests/suites/betxns/betxn_test.py::test_betxn_attr_uniqueness by parametrizing existing test.
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Thierry Bordaz, Simon Pichugin
- - - - -
ca59870b by Simon Pichugin at 2025-08-27T09:00:47-07:00
Issue 6660 - UI - Fix minor typo (#6955)
Description: CSV report tab crashes because of the type.
Use corrent variable to display the data.
Fixes: https://github.com/389ds/389-ds-base/issues/6660
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
655365fd by James Chapman at 2025-08-28T14:42:30+01:00
Issue 6810 - Deprecate PAM PTA plugin configuration attributes in base entry (#6832)
Description: For backwards compatibility, users could use the main
plugin entry although the child entry approach is what we wanted to
use. To make life easier for CLI/UI and to be consistent with other
plugins, we are deprecating the use of main plugin config entries in
favour of using child config entries.
Fix: On server startup an upgrade function checks the PTA parent entry
for config entries. If it finds any it creates a child entry and
populates it with discovered config attrs.
Fixes: https://github.com/389ds/389-ds-base/issues/6810
Reviewed by: @Firstyear, @progier389, @vashirov, @tbordaz (Thank you)
- - - - -
b7fbf086 by Mark Reynolds at 2025-08-29T14:37:50-04:00
Issue - UI - update Radio handlers and LDAP entries last modified time
Description:
- Not all Radio buttons were updated for PF5 and the handler functions
needed updating.
- Fixed some html tags/localization issues.
- Disabled Close button during instance creation
- Fixed capitalization in MO plugin field description
- Added a toggle button for displaying the Last Modified Time in
different formats
relates: https://github.com/389ds/389-ds-base/issues/6956
Reviewed by: spichugi(Thanks!)
- - - - -
409cb98b by tbordaz at 2025-09-01T18:23:33+02:00
Issue 6933 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default (#6935)
Bug description:
When deferred memberof update is enabled, the updates of the
group and the members is done with different TXN.
So there is a risk that at the time of a crash the membership
('memberof') are invalid.
To repair this we should run a memberof fixup task.
The problem is that this task is resource intensive and
should be, by default, scheduled by the administrator.
Fix description:
The fix introduces a new memberof config parameter 'launchFixup'
that is 'off' by default.
After a crash, when it is 'on' the server launch the fixup
task. If it is 'off' it logs a warning.
fixes: #6933
Reviewed by: Simon Pichugin (Thanks !)
- - - - -
13477475 by James Chapman at 2025-09-02T11:28:39+01:00
Issue 6843 - Add CI tests for logconv.py (#6856)
Description: logconv.py was added in 389-ds-base-3.0, we need some CI
tests to help validate the upgrade of logconv.py to support JSON
formatted access logs.
Fixes: https://github.com/389ds/389-ds-base/issues/6843
Reviewed by: @droideck (Thank you)
- - - - -
3d231580 by Lenka Doudova at 2025-09-03T14:54:08+02:00
Issue 6753 - Port and fix ticket 47823 tests
Fix and port 47823 tests into
dirsrvtests/suites/plugins/attruniq_test.py
Relates: #6753
Author: Lenka Doudova
Reviewer: Simon Pichugin
- - - - -
448ec861 by Mark Reynolds at 2025-09-03T15:27:45-04:00
Issue 6805 - RFE - Multiple backend entry cache tuning
Description:
Currently all backends are treated as equals when doing the entry/dn cache
autotuning. But in the case of multiple backends, some are larger than others,
and the autotuning should take this into account and give the bigger backends
larger cache sizes.
We take the page count from each backend to detemine what percentage of
the available memory each backend can use.
For MDB we don't have a cache autosize setting so that needed to be
added.
Improved logging to display dynamic units for cache sizes
Relates: https://github.com/389ds/389-ds-base/issues/6805
Reviewed by: progier, tbordaz, and spichugi(Thanks!!!)
- - - - -
3da706ee by Mark Reynolds at 2025-09-05T16:50:45-04:00
Issue 6947 - Revise time skew check in healthcheck tool and add option
to exclude checks
Description:
The current check reports a critical warning if time skew is greater than
1 day - even if "nsslapd-ignore-time-skew" is set to "on". If we are ignoring
time skew we should still report a warning if it's very significant like
30 days.
Also added an option to exclude checks
Relates: https://github.com/389ds/389-ds-base/issues/6947
Reviewed by: progier, spichugi, viktor(Thanks!!!)
- - - - -
c2a6fc52 by Akshay Adhikari at 2025-09-08T13:26:04+05:30
Issue 6900 - Rename test files for proper pytest discovery (#6909)
Description: Renamed test modules to follow *_test.py naming
so pytest can collect them correctly, fixed failing tests.
- vlv_test.py is renamed,fixed and ported into using lib389 API.
- snmp.py test is moved to monitor_test.py as a new test with different
mechanism but testing same functionality.
Fixes: https://github.com/389ds/389-ds-base/issues/6900
Reviewed by: @vashirov, @droideck (Thanks!)
- - - - -
26dda3d3 by Lenka Doudova at 2025-09-08T12:26:51+02:00
Issue 6626 - Fix version
Description:
Fixing version in dirsrvtests/tests/suites/healthcheck/health_repl_test.py due to the fix being backported all the way down to 2.2 version.
Relates: #6626
Author: Lenka Doudova
Reviewer: ???
- - - - -
5749ae69 by Mark Reynolds at 2025-09-08T10:39:42-04:00
Issue 6956 - More UI fixes
Description:
- Cannot add group as a member to a group
- Instance Name is not validated properly
- memberOf plugin: Auto Add OC value not shown after being set (mixed case OC)
- Broken table layout for removing members from a group
- No prompt in webUI to restart instance after configuring Attribute Uniqueness plugin
Relates: https://github.com/389ds/389-ds-base/issues/6956
Reviewed by: spichugi & aadhikar (Thanks!!)
- - - - -
75a51b38 by James Chapman at 2025-09-09T10:30:46+01:00
Issue 6977 - UI - Show error message when trying to use unavailable ports (#6978)
Bug description:
When trying to change the ports an instance is using to ports, that are
already used, a red exclamation mark symbol is shown, but no message.
A clear message that the ports are already used would improve user
experience.
Fix description:
Added a helper-text component to inform the user that the selected port is in use,
please choose another.
Fixes: https://github.com/389ds/389-ds-base/issues/6977
Reviewed by: @mreynolds389 (Thank you)
- - - - -
4c300fad by Lenka Doudova at 2025-09-10T09:10:35+02:00
Issue 6753 - Port ticket 47829 & 47833 tests
Description:
Port ticket 47829 and 47833 tests into dirsrvtests/tests/suites/memberof_plugin/memberof_exclude_subtrees_test.py
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Thierry Bordaz, Simon Pichugin
- - - - -
46b49c0c by Lenka Doudova at 2025-09-10T09:12:31+02:00
Issue 6753 - Port ticket 47963 & 49184 tests (#6970)
Description:
Port ticket 47963 and 49184 tests into
dirsrvtests/tests/suites/memberof_plugin/memberof_skipnested_test.py.
Creating conftest.py file to store fixtures used in multiple memberof tests.
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Thierry Bordaz, Akshay Adhikari, Simon Pichugin
- - - - -
4395d01c by Anuar Beisembayev at 2025-09-10T09:15:15-04:00
Issue 4835 - dsconf display an incomplete help with changelog setting (#6769)
Description:
Upon entering an invalid max-age parameter into dsconf replication set-changelog, it displays an error message that doesn't contain all the valid time units.
This adds the missing "week" unit to the error message.
Fixes: https://github.com/389ds/389-ds-base/issues/4835
- - - - -
87f1f59d by Mark Reynolds at 2025-09-11T09:21:13-04:00
Issue 6891 - JSON logging - add wrapper function that checks for NULL
Description:
Created a wrapper function to check for NULL before eventually calling
json_object_new_string(). This also makes the code much more readable
Relates: https://github.com/389ds/389-ds-base/issues/6891
Reviewed by: spichugi(Thanks!)
- - - - -
9bba14fa by James Chapman at 2025-09-11T17:21:21+01:00
Issue 6985 - Some logconv CI tests fail with BDB (#6986)
Description: When BDB is the configured backend, a rootdse search
is performed after a restart. These "extra" operations mean the stats
reported by logconv don't match the expected values so the tests fail.
Fix: Add a loose validation for BDB tests that require a restart.
Fixes: https://github.com/389ds/389-ds-base/issues/6985
Reviewed by: @droideck, @progier389 (Thank you)
- - - - -
65d2bfd4 by James Chapman at 2025-09-11T17:28:18+01:00
Issue 6887 - Enhance logconv.py to add support for JSON access logs (#6889)
Description: Update logconv.py to support parsing and processing of
JSON formatted access logs in addition to existing formats.
Fixes: https://github.com/389ds/389-ds-base/issues/6887
Reviewed by: @droideck, @progier389 (Thank you)
- - - - -
bf48b85b by Simon Pichugin at 2025-09-11T15:37:33-07:00
Issue 6990 - UI - Fix typeahead Select fields losing values on Enter keypress (#6991)
Description: When typing values into typeahead Select fields (e.g., "Subtree scope"
in MemberOf plugin), pressing Enter caused the entered value to disappear rather
than confirming/saving it. The Enter key should properly create/save the value.
Created a new TypeaheadSelect component to replace the problematic and deprecated
PatternFly Select components. The new component properly handles keyboard navigation,
including Enter key functionality for creating and selecting values.
Updated the MemberOf plugin to use the new component.
Fixes: https://github.com/389ds/389-ds-base/issues/6990
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
d9214abf by Simon Pichugin at 2025-09-12T18:02:21-07:00
Issue 6990 - UI - Replace deprecated Select components with new TypeaheadSelect (#6996)
Description: Make sure that the created TypeaheadSelect component
in dsBasicComponents.jsx that properly handles:
- Single and multi-select functionality
- Keyboard navigation including Enter key for creating/selecting values
- Creation of new options with validation
- Proper state management to prevent value loss
- Controlled and uncontrolled component modes
Replace all instances of the deprecated Select components across the entire
389-console codebase with the new TypeaheadSelect component, including:
- Database configuration (indexes, VLV indexes, password policies)
- Plugin configurations (MemberOf, DNA, Account Policy, etc.)
- Server settings (SASL, LDAPI, audit logging)
- Security settings (certificates, ciphers)
- Schema management (object classes, attribute types)
- Replication agreements and LDAP editor
Also fix a typo (separateed -> separated).
Fixes: https://github.com/389ds/389-ds-base/issues/6990
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
00d2455a by Lenka Doudova at 2025-09-15T14:38:07+02:00
Issue 6753 - Port ticket 49072 test (#6984)
Description:
Port ticket 49072 test into
dirsrvtests/tests/suites/memberof_plugin/fixup_test.py
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Thierry Bordaz
- - - - -
8c882dd3 by Akshay Adhikari at 2025-09-16T17:24:59+05:30
Issue 6753 - Removing ticket 47787 test and porting to DSLdapObject (#6976)
Description:
The old ticket47787_test.py had compatibility issues.
This ports the functionality to repl_conflict_delete_modify_test.py
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @tbordaz
- - - - -
9c396ccc by Lenka Doudova at 2025-09-16T18:07:10+02:00
Issue 6753 - Port ticket 49386 test (#6987)
Description:
Port ticket 49386 test into
dirsrvtests/tests/suites/memberof_plugin/regression_test.py
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Thierry Bordaz
- - - - -
5255d617 by Denis Sergeev at 2025-09-17T16:10:46+02:00
Fix overflow in certmap filter/DN buffers (#6995)
Add size checks in AddAVAToBuf(), AddToFilter() and AddToLdapDN();
return LDAPU_FAILED when space is exhausted, closing the Coverity
overflow warning.
Signed-off-by: Denis Sergeev <zeff at altlinux.org>
Issue: #6994
Reviwed by: @tbordaz (Thanks!)
- - - - -
398f0de6 by Viktor Ashirov at 2025-09-18T19:39:24+02:00
Issue 6971 - bundle-rust-npm.py: TypeError: argument of type 'NoneType' is not iterable (#6972)
Bug Description:
Some crates have an empty license, that bundle-rust-npm.py doesn't handle.
Fix Description:
Add a check if the license is empty (None)
Fixes: https://github.com/389ds/389-ds-base/issues/6971
Reviewed by: @droideck (Thanks!)
- - - - -
f4126417 by Viktor Ashirov at 2025-09-18T19:41:02+02:00
Issue 6810 - Deprecate PAM PTA plugin configuration attributes in base entry - fix memleak (#6988)
Bug Description:
ASAN reports a leak:
```
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7fcd1dae68a3 in calloc (/usr/lib64/libasan.so.8+0xe68a3) (BuildId: 10b8ccd49f75c21babf1d7abe51bb63589d8471f)
#1 0x7fcd1d61d25c in slapi_ch_calloc (/usr/lib64/dirsrv/libslapd.so.0+0x1d25c) (BuildId: f04e891fb4b70031e15759bc4baedf6701e59ccb)
#2 0x7fcd1d6ca7af in upgrade_pam_pta_default_config ldap/servers/slapd/upgrade.c:447
#3 0x55903428ecc3 in main (/usr/bin/ns-slapd+0x4cc3) (BuildId: 308e13b0030947aedc25e4ef4cf9c65bac6d6cc9)
#4 0x7fcd1d412574 in __libc_start_call_main (/lib64/libc.so.6+0x3574) (BuildId: 126a08bf502f4950b215dc773e52df8dcf50c393)
#5 0x7fcd1d412627 in __libc_start_main_alias_1 (/lib64/libc.so.6+0x3627) (BuildId: 126a08bf502f4950b215dc773e52df8dcf50c393)
#6 0x559034290294 in _start (/usr/bin/ns-slapd+0x6294) (BuildId: 308e13b0030947aedc25e4ef4cf9c65bac6d6cc9)
```
`add_pb` was allocated, but not destroyed in the success path.
Fix Description:
Destroy `add_pb` right after the error check in the success path.
Relates: https://github.com/389ds/389-ds-base/issues/6810
Reviewed by: @jchapma (Thanks!)
- - - - -
08880b84 by Viktor Ashirov at 2025-09-18T19:41:41+02:00
Issue 6997 - Logic error in get_bdb_impl_status prevents bdb2mdb execution (#6998)
Bug Description:
On F41 and F42 migration to MDB fails:
```
dsctl localhost dblib bdb2mdb
Berkeley Database library is not available. Maybe 389-ds-base-bdb rpm should be installed.
Error: Berkeley Database library is not available
```
This happens because `BDB_IMPL_STATUS.NONE` gets returned earlier than
we check for presence of the standard libdb provided by the system.
Fix Description:
Rewrite the logic to return `BDB_IMPL_STATUS.NONE` only when no working
BDB implementation is found.
Fixes: https://github.com/389ds/389-ds-base/issues/6997
Reviewed by: @progier389 (Thanks!)
- - - - -
084fb548 by progier389 at 2025-09-19T15:17:30+02:00
Issue 6992 - Improve handling of mismatched ldif import (#6999)
Fix two issues when importing wrong ldif file:
long delay before getting feedback when doing off-line import
target backend get cleared
The solution is to check that the suffix entry is present in the ldif before clearing the database and report that all entries get skipped if that is not the case.
Note: in the usual case only the first few entries in ldif file are checked as the suffix should be one of the first entries but if included or excluded suffixes are provided then the whole file is checked (to allow partial import)(
Relates: #6992
Reviewed by: @tbordaz, @mreynolds389 (Thanks!)
- - - - -
2684a2e5 by Akshay Adhikari at 2025-09-22T18:27:05+05:30
Issue 6753 - Removing ticket 47721 test and porting to DSLdapObject (#6973)
Description:
The old ticket47721_test.py had compatibility issues.
This ports the functionality to schema_csn_replication_test.py
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @tbordaz
- - - - -
212f2a25 by Akshay Adhikari at 2025-09-22T18:30:45+05:30
Issue 6753 - Removing ticket 477828 test and porting to DSLdapObject (#6989)
Description:
The old ticket47828_test.py had compatibility issues.
This ports the functionality to dna_test.py::test_dna_exclude_scope_functionality
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Assisted by: Cursor
Reviewed by: @tbordaz
- - - - -
2c4dc8ec by progier389 at 2025-09-22T15:28:53+02:00
Issue 7012 - improve dscrl dbverify result when backend does not exists (#7013)
* Issue 7012 - improve dscrl dbverify result when backend does not exists
Improve error message when running dsctl instance dbverify wrongBeName
To tell explicitly that the backend does not exists in bdb case
To tell explicitly that dbverify is useless and always successfull in lmdb case
Issue: 7012
Reviewed by: @mreynolds389 and @tbordaz (Thanks!)
- - - - -
cafb83df by Denis Sergeev at 2025-09-22T18:08:00+02:00
Issue 7010 - Fix certdir underflow in slapd_nss_init() (#7011)
Static analysis flagged BUFFER_OVERFLOW.LEN in ssl.c: we indexed
`certdir[len - 1]` immediately after `len = strlen(certdir)` without
guarding against NULL or an empty string. If `config_get_certdir()`
returns NULL, `strlen()` is invalid; if it returns "", `certdir[-1]`
is out of bounds. Trimming "/" would also turn the path into an empty
string.
Fix by validating `certdir` before calling `strlen()`, logging and
failing early when it is NULL or empty, and stripping a trailing path
separator only when `len > 1`.
Signed-off-by: Denis Sergeev <zeff at altlinux.org>
- - - - -
4a64bd51 by Lenka Doudova at 2025-09-23T08:19:27+02:00
Issue 6753 - Port ticket 47815 test (#7000)
Description:
Port ticket 47815 test into dirsrv/tests/suites/betxns/betxn_test.py.
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Pierre Rogier
- - - - -
58e3a0be by Denis Sergeev at 2025-09-23T15:46:10+02:00
Issue 7016 - fix NULL deref in send_referrals_from_entry() (#7017)
Static analysis (DEREF_OF_NULL.EX) flagged a possible null-pointer
dereference at `entry.c` where `url[numValues] = NULL;` is written even
when `numValues == 0`. If `attr != NULL` but the attribute has no
values, `url` remains `NULL` because allocation was guarded by `if
(numValues > 0)`, and writing the terminator dereferences `url[0]`.
Fix by always allocating `(numValues + 1)` pointers when `attr != NULL`,
ensuring `url[numValues]` is valid even for an empty list.
Signed-off-by: Denis Sergeev <zeff at altlinux.org>
- - - - -
9967b707 by Lenka Doudova at 2025-09-24T08:32:43+02:00
Issue 6753 - Port ticket 49073 test (#7005)
Description:
Fix and port ticket 49073 test into
dirsrvtests/tests/suites/memberof_plugin/regression_test.py
Also contains a minor fix for check_init method that was failing due to
incorrectly formatted log entries.
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Pierre Rogier
- - - - -
fb36b5b0 by Akshay Adhikari at 2025-09-24T18:18:51+05:30
Issue 6753 - Removing ticket 47869 test and porting to DSLdapObject (#7001)
Description:
The old ticket47869MMR_test.py had compatibility issues.
This ports the functionality to acl_replication_test.py
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @progier389
Assisted by: Cursor
- - - - -
c758b565 by Akshay Adhikari at 2025-09-24T18:20:27+05:30
Issue 6758 - Fix WebUI monitoring test failure due to FormSelect component deprecation (#7004)
Description: Replaced deprecated FormSelect with TypeaheadSelect in
Enable Replication dialog and updated test selectors to use combobox role.
Relates: https://github.com/389ds/389-ds-base/issues/6758
Reviewed by: @progier389
- - - - -
c982b495 by progier389 at 2025-09-24T17:00:47+02:00
Issue 7002 - restore is failing. (#7003)
* Issue 7002 - restore is failing.
Fixing restore to ignore config changes around cachememsize/dncachememsize
Issue: #7002
Reviewed by: @mreynolds389 (Thanks!)
---------
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
- - - - -
b2a2ca12 by Mark Reynolds at 2025-09-24T15:24:57-04:00
Issue 7014 - memberOf - ignored deferred updates with LMDB
Description:
When processing the memberOf plugin conifguration simply ignore the
deferred update settings if LMDB is in use. Log a message in the error
log but do not reject the update because rejecting the update causes the
server to not start up.
Relates: https://github.com/389ds/389-ds-base/issues/7014
Reviewed by: tbordaz & progier (Thanks!!)
- - - - -
8bf8ab88 by Firstyear at 2025-09-25T15:05:42+10:00
Issue 7018 - BUG - prevent stack depth being hit (#7019)
Bug Description: During filter optimise, the filter
is a linked list which we traverse through recursion.
This can cause stack depth to be hit on filters with
thousands of elements.
Fix Description: Limit the depth to which we recurse
fixes: https://github.com/389ds/389-ds-base/issues/7018
Author: William Brown <william at blackhats.net.au>
Review by: @progier389 (Thanks!)
- - - - -
884bc923 by Akshay Adhikari at 2025-09-25T15:44:13+05:30
Issue 6740 - Fix FIPS mode test failures in syncrepl, mapping tree, and resource limits (#6993)
Description: FIPS mode requires SSL certificate bypass for LDAP connections and
higher reserve descriptor constants due to mandatory SSL descriptors.
Relates: https://github.com/389ds/389-ds-base/issues/6740
Reviewed by: @progier389
- - - - -
45ee81aa by James Chapman at 2025-09-26T13:06:26+01:00
Issue 6982 - UI - MemberOf shared config does not validate DN properly (#6983)
Description: When trying to create a shared config of MemberOf plugin,
the DN is not validated properly.
Fix: Added a function to check the parent DN exists before adding the
config DN.
Fixes: https://github.com/389ds/389-ds-base/issues/6982
Reviewed by: @mreynolds389 (Thank you)
- - - - -
90e291e3 by Mark Reynolds at 2025-09-29T13:39:59-04:00
Issue 6954 - do not delete referrals on chain_on_update backend
Description:
The server does not allow deleting referrals on a backend with "referral
on update" backend state. You can replace referrals but not delete
them. Trying to delete just leads to a harmless but alarming error 53
in the errors log.
This happens when doing an online init of a read-only consumer that is
setup for chain-on-update. At the start of the init the referrals are
successfully replaced, but after the init it tries to delete them and
this needs to be skipped.
Also changed lib389 warning about consumers and changelogs because UI
expects successful operations to be in JSON but the warning is in
standard text. Changing the warning to be written to stderr avoids the
UI crash.
Relates: https://github.com/389ds/389-ds-base/issues/6954
Reviewed by: tbordaz & progier (Thanks!!)
- - - - -
e82f2051 by Akshay Adhikari at 2025-09-30T20:11:51+05:30
Issue 6753 - Removing ticket 49463 test and porting to DSLdapObject (#6899)
Description:
The old ticket49463_test.py had compatibility issues.
This ports the functionality to test_fractional_cleanallruv.py
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @vashirov, @droideck (Thanks!)
- - - - -
31fc1f82 by James Chapman at 2025-09-30T20:11:22+01:00
Issue 7021 - Units for changing MDB max size are not consistent across different tools (#7022)
Description: nsslapd-mdb-max-size accepts value in bytes. But it can't
be any value, it should be a multiple of the page size, which can
vary (4K, 16K, 64K on different architectures). dscreate accepts unit suffix
but this value is not pagesize aligned. dsconf sets the lmdb database
maximum size (in bytes) and is also not pagesize aligned.
Update dscreate a page align the mdb max size and dsconf to accept unit
suffix and page size align the value
Fixes: https://github.com/389ds/389-ds-base/issues/7021
Reviewed by: @progier389 (Thank you)
- - - - -
387781ec by Akshay Adhikari at 2025-10-02T00:08:43+05:30
Issue 6753 - Removing ticket 47653MMR test and porting to DSLdapObject (#6926)
Description:
The old ticket47653MMR_test.py had compatibility issues.
This ports the functionality to selfdn_acl_replication_test.py
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @vashirov, @droideck (Thanks!)
- - - - -
bea5091e by Simon Pichugin at 2025-10-02T13:05:50-07:00
Issue 6660 - UI - Improve replication log analysis charts and usability (#6968)
Description: The replication log analysis UI had several usability issues
including a cluttered chart legend, inability to hide chart lines, poor
datetime validation, and non-intuitive default naming.
This fix replaces the built-in Chart legend with a custom interactive
legend that allows toggling series visibility. The default report name
now uses a human-readable timestamp format (YYYY-MM-DD_HH-MM-SS) instead
of Unix timestamps. Date range validation has been improved to properly
handle start/end date conflicts and clear error states when corrected.
Additional improvements include:
- Added path input focus management for better keyboard navigation
- Reorganized hover tooltip information to show lag time and duration
prominently, with suffix and target DN details below
- Fixed CSS styling issues and improved responsive layout
- Enhanced error handling for file operations
Fixes: https://github.com/389ds/389-ds-base/issues/6660
Reviewed by: @mreynolds389 @jchapma (Thanks!!)
- - - - -
8b6b3a9f by tbordaz at 2025-10-03T15:11:12+02:00
Issue 6966 - On large DB, unlimited IDL scan limit reduce the SRCH performance (#6967)
Bug description:
The RFE 2435, removed the limit of the IDList size.
A side effect is that for subtree/on-level searches some IDL can be
huge. For example a subtree search on the base suffix will build a
IDL up to number of entries in the DB.
Building such big IDL is accounting for +90% of the etime of the
operation.
Fix description:
Using fine grain indexing we can limit IDL for parentid
(onelevel) and ancestorid (subtree) index.
It support a new backend config parameter nsslapd-systemidlistscanlimit
that is the default value limit for parentid/ancestorid limits.
Default value is 5000.
When creating a new backend it creates parentid/ancestorid
indexes with nsIndexIDListScanLimit setting the above limit.
At startup the fine grain limit is either taken from nsIndexIDListScanLimit
or fallback from nsslapd-systemidlistscanlimit.
During a search request it uses the standard fine grain mechanism.
On my tests it improves throughput and response time by ~50 times
fixes: #6966
Reviewed by: Mark Reynolds, Pierre Rogier, William Brown and Simon
Piguchin (Thanks to you all !!!)
- - - - -
13d8cc35 by Akshay Adhikari at 2025-10-03T23:22:27+05:30
Issue 6753 - Removing ticket 47676 test and porting to DSLdapObject (#6938)
Description:
The old ticket47676_test.py had compatibility issues.
This ports the functionality to schema_update_policy_test.py
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @vashirov, @droideck (Thanks!)
- - - - -
749684a3 by James Chapman at 2025-10-06T12:32:08+01:00
Issue 7027 - 389-ds-base OpenScanHub Leaks Detected (#7028)
Description: A file is opened using open() and then wrapped in a
zlib gzFile with gzdopen(). If gzdopen() fails, it never takes
ownership of the fd, so it remains open.
Fix: Ensure fd is explicitly closed when gzdopen() returns NULL.
Fixes: https://github.com/389ds/389-ds-base/issues/7027
Reviewed by: @mreynolds389 (Thank you)
- - - - -
0252ab66 by Akshay Adhikari at 2025-10-07T15:20:48+05:30
Issue 6753 - Removing ticket 47714 test and porting to DSLdapObject (#6946)
Description:
The old ticket47714_test.py had compatibility issues.
This ports the functionality to account_policy_login_attr_test.py
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @vashirov, @jchapma (Thanks!)
- - - - -
e953ee70 by Mark Reynolds at 2025-10-07T15:13:14-04:00
Issue 7023 - UI - if first instance that is loaded is stopped it breaks parts of the UI
Description:
When checking for DB implementation or loading objectcalsses for the LDAP
editor if the first instance is stopped then these settings are not loaded,
and when you switch to a new instance that is running they are not reloaded.
This causes things to unexpectedly break for valid instances that are running.
Relates: https://github.com/389ds/389-ds-base/issues/7023
Reviewed by: jchapman & spichugi (Thanks!!)
- - - - -
e55b7023 by Mark Reynolds at 2025-10-08T19:16:23-04:00
Issue 7033 - lib389 - basic plugin status not in JSON
Description:
The JSON flag you can pass to dsconf is ignored for core plugin
operations: enable/disable and status
Relates: https://github.com/389ds/389-ds-base/issues/7033
Reviewed by: spichugi(Thanks!!)
- - - - -
5348bced by Mark Reynolds at 2025-10-10T20:35:50-04:00
Issue - CLI/UI - Add option to delete all replication conflict entries
Description:
Add CLI option for deleting all conflict entries. Also added this option
to the UI. Parts of the UI for conflicts was not updated for PF5 so some
updates were needed there for handling modal updates.
Relates: https://github.com/389ds/389-ds-base/issues/7039
Reviewed by: spichugi(Thanks!)
- - - - -
db42feaa by Mark Reynolds at 2025-10-13T11:00:55-04:00
Issue 7035 - RFE - memberOf - adding scoping for specific groups
Description:
Add ability to include/exclude specific groups that memberOf will act upon
Design doc: https://www.port389.org/docs/389ds/design/memberof-specific-group-scoping-design.html
Relates: https://github.com/389ds/389-ds-base/issues/7035
Reviewed by: tbordaz & progier (Thanks!!)
- - - - -
a7067642 by Lenka Doudova at 2025-10-14T12:19:48+02:00
Issue 6753 - Port ticket 47931 test (#7038)
Description:
Port ticket 47931 test into
dirsrvtests/tests/suites/memberof_plugin/regression_test.py using lib389
API
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Pierre Rogier
- - - - -
2729625f by tbordaz at 2025-10-14T15:12:31+02:00
Issue 6979 - Improve the way to detect asynchronous operations in the access logs (#6980)
Bug description:
Asynch operations are prone to make the server unresponsive.
The detection of those operations is not easy.
Access logs should contain a way to retrieve easilly the
operations (an the connections) with async searches
Fix description:
When dispatching a new operation, if the count of
uncompleted operations on the connection overpass
a threshold (2) then add a note to the 'notes='
in the access log
between the
fixes: #6979
Reviewed by: Pierre Rogier, Simon Pichugin (Thanks !)
- - - - -
15c63802 by progier389 at 2025-10-14T16:03:17+02:00
Issue 6784 - Support of Entry cache pinned entries (#6785)
Entry cache eviction improvement to limit large group evictions
Design is https://www.port389.org/docs/389ds/design/entrycache-pinned.html
Issue: #6784
Reviewed by: @mreynolds389 , @tbordaz , @Firstyear (Thanks!)
- - - - -
98271e6b by James Chapman at 2025-10-14T20:35:01+01:00
Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026)
Description: The attribute uniqueness plugin fails to enforce
uniqueness on the CN attribute during a MODRDN operation. If no
new superior DN is specified, the destinationSDN is an empty SDN
struct, breaking marker and subtree searches later.
In this case we fall back to using the parent of the source entry
as the destination.
Fixes: https://github.com/389ds/389-ds-base/issues/6846
Reviewed by: @progier389, @tbordaz (Thank you)
- - - - -
87aabbcb by Firstyear at 2025-10-17T10:11:04+10:00
Issue 7044 - RFE - index sudoHost by default (#7046)
Bug Description: SSSD by default will emit a complex
query for sudoHost during logins. As this attribute
is unindexed by default and there are no other significant
attributes or indexes related, this can force ALLIDS searches
during logins.
Fix Description: Index sudoHost by default to improve SSSD
login performance.
fixes: https://github.com/389ds/389-ds-base/issues/7044
Author: William Brown <william at blackhats.net.au>
Review by: @tbordaz
- - - - -
57a45ed9 by Simon Pichugin at 2025-10-16T22:00:13-07:00
Issue 7047 - MemberOf plugin logs null attribute name on fixup task completion (#7048)
Description: The MemberOf plugin logged "(null)" instead of the attribute
name when the global fixup task completed. This occurred because the config
structure containing the attribute name was freed before the completion log
message was written.
This fix moves the memberof_free_config() call to after the log statement,
ensuring the attribute name is available for logging.
Additionally, the test_shutdown_on_deferred_memberof test has been improved
to properly verify the fixup task behavior by checking that both the "started"
and "finished" log messages contain the correct attribute name.
Fixes: https://github.com/389ds/389-ds-base/issues/7047
Reviewed by: @tbordaz (Thanks!)
- - - - -
a9faeec0 by tbordaz at 2025-10-20T14:30:52+02:00
Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036)
Bug description:
The bug fix #6966 adds a 'scanlimit' to one of the system
index ('parentid'). So not all of them have such attribute.
In healthcheck such attribute (i.e. key) can miss but
the code assumes it is present
Fix description:
Get 'parentid' from the dict with the proper routine
(Thanks Florence Renaud for the debug/fix)
fixes: #7032
Reviewed by: Pierre Rogier and Simon Pichugin (thank you !)
- - - - -
673dd5db by Mark Reynolds at 2025-10-21T16:21:28-04:00
Issue 7059 - UI - unable to upload pem file
Description:
The handler for processing the FileUpload value change was not
conformant with PF5. Simply need to update the parameters in the handler
function
relates: https://github.com/389ds/389-ds-base/issues/7059
Reviewed by: spichugi(Thanks!)
- - - - -
f46d65fd by Mark Reynolds at 2025-10-23T10:42:08-04:00
Issue 7061 - CLI/UI - Improve error messages for dsconf localpwp list
Description:
If local password policies are created outside of dsconf and they do not use a
DN as part of the "cn" value then "dsconf localpwd list" will produce a python
traceback.
We can still list the policy, but hte tool can not modify it. Also
improved the UI handling of these policies
Relates: https://github.com/389ds/389-ds-base/issues/7061
Reviewed by: spichugi(Thanks!)
- - - - -
14c05c40 by progier389 at 2025-10-24T16:06:38+02:00
Issue 7029 - Add test case to measure ndn cache performance impact (#7030)
* Issue 7029 - Add test case to measure ndn cache performance impact
- - - - -
9ec78878 by Lenka Doudova at 2025-10-27T19:20:05+01:00
Issue 6753 - Port ticket 48228 test (#7067)
Porting ticket 48228 test into
dirsrvtests/tests/suites/password/pwp_history_test.py by the way of
modifying and extending test_basic test function.
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Pierre Rogier
- - - - -
26df830e by Mark Reynolds at 2025-10-28T13:43:53-04:00
Issue 7041 - CLI/UI - memberOf - no way to add/remove specific group filters
Description:
All of the memberof CLI set options do a full replace of the attribute,
but in the case of specific fitlers would could be many values and it
would be difficult to have to replace all the values when you just want
to add or remove a filter.
Added new types of arguments to add and remove values: "add-attr" and
"del-attr".
The UI also needed a lot of work to include these new arguments as the
original form was doing full replcaes, so for hte specifc filter I added
tables to control the individual values so that the current Save button
enabling still worked correctly. Also found other bugs in the existing
memberOf UI page that needed to be fixed.
Relates: https://github.com/389ds/389-ds-base/issues/7041
Reviewed by: jchapman & spichugi (Thanks!!)
- - - - -
afc3c9fa by Akshay Adhikari at 2025-10-29T12:29:57+05:30
Issue 6753 - Removing ticket 47871 test and porting to DSLdapObject (#7045)
Description:
The old ticket47871_test.py had compatibility issues.
This ports the functionality to retrocl/basic_test.py::test_retrocl_trimming_entries
using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @tbordaz
- - - - -
08e469e3 by Simon Pichugin at 2025-10-30T22:25:33-07:00
Issue 7073 - Add NDN cache size configuration and enforcement tests (#7074)
Description: Adds two new tests for nsslapd-ndn-cache-max-size behavior:
test_ndn_cache_max_size verifies the cache size is correctly set and
adjusts based on entry-based rounding;
test_ndn_cache_size_enforcement validates that the cache limit is actually
enforced with evictions occurring when the cache fills.
The enforcement test populates the cache with (capacity + 1000) entries
to trigger evictions, then verifies behavior with a larger cache size.
Tests cover size adjustments, minimum value enforcement,
and eviction statistics monitoring.
Fixes: https://github.com/389ds/389-ds-base/issues/7073
Reviewed by: @progier389 (Thanks!)
- - - - -
026acd27 by Mark Reynolds at 2025-10-31T11:27:50-04:00
Issue 7071 - search filter (&(cn:dn:=groups)) no longer returns results
Description:
When processing an "and" filter and it only contains one filter component then
the logic in the code breaks down and the filter is seen as not matching.
The logic breaks down because we are not setting "nomatch" after the access
check is successful. If there are two components then it works fine
because we do the access check on the first filter component and set that
the access check was done(access_check_done), but "nomatch" is not set yet.
So when the next filter component is checked for access we see that the access
check was done and then we set "nomatch".
To recap we always need to set "nomatch" when the access check is successful
in order to handle the case where an "and" fitler only has one component.
Relates: https://github.com/389ds/389-ds-base/issues/7071
Reviewed by: spichugi(Thanks!)
- - - - -
ee9a3b49 by tbordaz at 2025-11-03T11:57:15+01:00
Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068)
Bug description:
This bug is a regression introduced with #6172.
Since the filter was optimized #5170, in case of filter bypass
the client filter remains not normalized. For access control purpose
it is nevertheless checked.
Checking main fail if the normalized sorted valueset does not match
unnormalized client assertion
Fix description:
Normalize the filter and intended filter before using it for
matching
fixes: #7065
Reviewed by: Pierre Rogier, Mark Reynolds (thanks)
- - - - -
06e1268a by Simon Pichugin at 2025-11-03T16:43:39-08:00
Issue 6660 - CLI, UI - Improve replication log analyzer usability (#7062)
Description: Fixed chart spacing and layout issues, improved directory
validation with existence checking, and enhanced error messages to provide
actionable guidance when no replication data matches filter criteria.
Fixes: https://github.com/389ds/389-ds-base/issues/6660
Reviewed by: @mreynolds389, @mirielka (Thanks!!)
- - - - -
1d72eeaa by Viktor Ashirov at 2025-11-04T12:05:51+01:00
Issue 7056 - DSBLE0007 doesn't generate remediation steps for missing indexes
Bug Description:
dsctl healthcheck doesn't generate remediation steps for missing
indexes, instead it prints an error message:
```
- Unable to check index ancestorId: No object exists given the filter criteria: ancestorId (&(&(objectclass=nsIndex))(|(cn=ancestorId)))
```
Fix Description:
Catch `ldap.NO_SUCH_OBJECT` when index is missing and generate
remediation instructions.
Update remediation instructions for missing index.
Fix failing tests due to missing idlistscanlimit.
Fixes: https://github.com/389ds/389-ds-base/issues/7056
Reviewed by: @progier389, @droideck (Thank you!)
- - - - -
2df7244e by Simon Pichugin at 2025-11-04T17:09:00-08:00
Issue 7069 - Add Subnet/CIDR Support for HAProxy Trusted IPs (#7070)
Description: nsslapd-haproxy-trusted-ip now supports CIDR notation
(192.168.0.0/24, 2001:db8::/32) instead of requiring individual IPs
for each address in a subnet. This makes it practical to trust entire
HAProxy network ranges without manually adding hundreds of entries.
The implementation includes CIDR parsing with validation, netmask
precomputation for performance, and support for mixing individual IPs
and subnets. Added comprehensive tests for subnet matching, edge cases,
and malformed input validation. Updated Cockpit console UI accordingly.
Fixes: https://github.com/389ds/389-ds-base/issues/7069
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
427aebb1 by Mark Reynolds at 2025-11-06T08:24:39-05:00
Issue 7078 - audit json logging does not encode binary values
Description:
Audit log does encode binary values, and this breaks the UI when it tries
displaying the log contents. When the value is not "printable" base64
encode it.
Relates: https://github.com/389ds/389-ds-base/issues/7078
Reviewed by: progier & spichugi(Thanks!!)
- - - - -
e7c55aa0 by James Chapman at 2025-11-07T09:57:02+00:00
Issue 7042 - Enable global_backend_lock when memberofallbackend is enabled (#7043)
Description: When the memberOf plugin is configured with memberOfAllBackends=on
option, concurrent updates to group memberships across multiple backends can lead
to deadlock.
Fix: A healthcheck was added to detect this configuration and alert the user to the
potential deadlock risk.
Fixes: https://github.com/389ds/389-ds-base/issues/7042
Reviewed by: @droideck, @firstyear, @tbordaz, @progier389 (Thank you)
- - - - -
52fa2944 by Lenka Doudova at 2025-11-07T14:46:00+01:00
Issue 6753 - Port ticket 49008 test (#7080)
Description:
Porting ticket 49008 test into
dirsrvtests/tests/suites/replication/ruvstore_test.py::test_ruv_after_aborted_plugin_operation.
Relates: #6753
Author: Lenka Doudova
Assisted by: Cursor
Reviewer: Pierre Rogier
- - - - -
717541d1 by Lenka Doudova at 2025-11-07T14:46:26+01:00
Issue 6753 - Remove ticket 47900 test (#7087)
Description:
Removing ticket 47900 test since the tescases are already covered by
dirsrvtests/tests/suites/password/pwdAdmin_test.py
Relates: #6753
Author: Lenka Doudova
Reviewer: Barbora Simonova
- - - - -
2a782b8f by tbordaz at 2025-11-07T15:41:40+01:00
Issue 7055 - Online initialization of consumers fails with error -23 (#7075)
Bug description:
During a total initialization, if the supplier is not able
to send a new entry because the consumer is LDAP_BUSY,
then it returns a failure (CONN_OPERATION_FAILED).
The failure ends the replication session
Fix description:
Instead of failing it should retry (maxretry=5)
fixes: #7055
Reviewed by: Pierre Rogier (thanks)
- - - - -
dbc4b2ed by Viktor Ashirov at 2025-11-10T13:20:28+01:00
Issue 7049 - RetroCL plugin generates invalid LDIF
Bug Description:
When a replicated modification marked with LDAP_MOD_IGNORE is logged,
`changes` attribute contains invalid LDIF:
```
replace: modifiersName
modifiersName: cn=MemberOf Plugin,cn=plugins,cn=config
-
modifyTimestamp: 20250903092211Z
-
```
Line `replace: modifyTimestamp` is missing.
A similar issue is present in audit log:
```
time: 20251031064114
dn: ou=tuser,dc=example,dc=com
result: 0
changetype: modify
add: objectClass
objectClass: nsMemberOf
-
replace: modifiersName
modifiersName: cn=MemberOf Plugin,cn=plugins,cn=config
-
-
```
Dash separator is logged, while the operation is not.
This issue is not present wheh JSON format is used.
Fix Description:
* retrocl_po.c: add a default case to skip the entire modification if it
has LDAP_MOD_IGNORE flag.
* auditlog.c: write the dash separator only if operation type is not
LDAP_MOD_IGNORE
Fixes: https://github.com/389ds/389-ds-base/issues/7049
Reviewed by: @progier389 (Thanks!)
- - - - -
8ac17d60 by Simon Pichugin at 2025-11-13T11:56:45-08:00
Issue 7069 - Fix error reporting in HAProxy trusted IP parsing (#7094)
Description: Add missing errorbuf population in haproxy_parse_trusted_ips()
for CIDR validation failures.
Initialize parse_errorbuf to zero to fix Coverity warning.
Fixes: https://github.com/389ds/389-ds-base/issues/7069
Reviewed by: progier389, mreynolds389 (Thanks!!)
- - - - -
cf277a94 by dependabot[bot] at 2025-11-17T19:57:18-08:00
Bump js-yaml from 4.1.0 to 4.1.1 in /src/cockpit/389-console (#7097)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1)
---
updated-dependencies:
- dependency-name: js-yaml
dependency-version: 4.1.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support at github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- - - - -
e86c2128 by Akshay Adhikari at 2025-11-18T21:57:10+05:30
Issue 7076, 6992, 6784, 6214 - Fix CI test failures (#7077)
- Fixed import test bugs in regression_test.py (cleanup handler, LDIF permissions) -
https://github.com/389ds/389-ds-base/issues/6992
- Fixed ModRDN cache corruption on failed operations (parent update check, cache cleanup)
- Fixed attribute uniqueness test fixture cleanup in attruniq_test.py
- mproved test stability by fixing race conditions in replication, healthcheck,
web UI, memberOf, and basic tests.
- Fixed entrycache_eviction_test.py to track incremental log counts instead of cumulative -
https://github.com/389ds/389-ds-base/issues/6784
Fixes: https://github.com/389ds/389-ds-base/issues/7076
Relates: https://github.com/389ds/389-ds-base/issues/6992
Relates: https://github.com/389ds/389-ds-base/issues/6784
Fixes: https://github.com/389ds/389-ds-base/issues/6214
Reviewed by: @vashirov, @progier389 (Thanks!)
- - - - -
7df26308 by Lenka Doudova at 2025-11-19T07:01:12+01:00
Issue 7089 - Fix dsconf certificate list (#7090)
Description:
Fixing regex matching for listing certificates to also match a single
character certificate name instead of failing the 'dsconf security
certificate list' command
Relates: #7089
Author: Lenka Doudova
Reviewer: James Chapman
- - - - -
3bd703cf by Simon Pichugin at 2025-11-20T14:34:50-08:00
Issue 3555 - UI - Fix audit issue with npm - glob (#7107)
Description: Run npm audit fix to address the vulnerability
in glob.
Relates: https://github.com/389ds/389-ds-base/issues/3555
Reviewed by: @vashirov (Thanks!)
- - - - -
9d068856 by Akshay Adhikari at 2025-11-25T15:12:07+05:30
Issue 7041 - Add WebUI test for group member management (#7111)
Description: Added test for group member add/remove functionality via checkboxes,
testing both single and multiple member deletions.
Relates: https://github.com/389ds/389-ds-base/issues/7041
Reviewed by: @mreynolds389, @droideck
- - - - -
2876e767 by Mark Reynolds at 2025-11-25T09:15:56-05:00
Issue 7007 - Improve paged result search locking
Description:
Hold the paged result connection hash mutex while acquiring the global
connection paged result lock. Otherwise there is a window where the
mutex could be rmoved and lead to a crash
Relates: https://github.com/389ds/389-ds-base/issues/7007
Reviewed by: progier, spichugi, and tbordaz(Thanks!!!)
- - - - -
67d8c649 by Akshay Adhikari at 2025-11-26T15:33:53+05:30
Issue 6753 - Port ticket47920 test to ldap_controls_test using DSLdapObject (#7103)
Description:
The old ticket47920_test.py had compatibility issues.
This ports the functionality to ldap_controls_test.py using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @droideck (Thanks!)
- - - - -
12ab69e5 by Akshay Adhikari at 2025-11-27T15:40:40+05:30
Issue 6753 - Port ticket47910 test to logconv_test using DSLdapObject (#7098)
Description:
Port ticket47910_test.py(file removed) to logconv_test.py with new tests for logconv
time filtering (-S/-E options). Fixes dataclass access bug in logconv.py
and adds proper error exit codes.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @jchapma (Thanks!)
- - - - -
1248019a by Mark Reynolds at 2025-12-02T09:56:59-05:00
Issue 7084 - UI - schema - sorting attributes breaks expanded row
Description:
When sorting attributes the expanded row is not properly set and it crashes
the browser when trying to see it. The problem is that during sorting we
are not transfering the "attribute data" to the new sorted row.
Also fixed small issue in VlvIndexes where the wrong function name was
used.
Relates: https://github.com/389ds/389-ds-base/issues/7084
Reviewed by: spichugi(Thanks!)
- - - - -
764b500c by Simon Pichugin at 2025-12-03T17:47:34-08:00
Issue 7119 - Harden DNA plugin locking for shared server list operations (#7120)
Description: Hold dna_server_write_lock() across both the global list
teardown and full rebuild in dna_load_shared_servers(), eliminating
rare races where concurrent config updates could free or append entries
while the list is being reconstructed.
Guard dna_delete_global_servers() at shutdown behind the same lock,
ensuring teardown doesn't run in parallel with active readers.
Add comprehensive multi-supplier DNA test suite covering basic
allocation, uniqueness, shared config replication, restart recovery,
and range exhaustion scenarios.
Fixes: https://github.com/389ds/389-ds-base/issues/7119
Reviewed by: @tbordaz (Thanks!)
- - - - -
f697e711 by Viktor Ashirov at 2025-12-04T21:56:28+01:00
Issue 7109 - AddressSanitizer: SEGV ldap/servers/slapd/csnset.c:302 in csnset_dup (#7114)
Bug Description:
In `extensible_candidates` we pass a `berval` struct directly to the
pblock instead of `Slapi_Value`, which have different memory layouts.
Reproducible with
`dirsrvtests/tests/suites/filter/filter_index_match_test.py::test_do_extensible_search`.
Fix Description:
Convert the `berval` to `Slapi_Value` before passing to the pblock.
Fixes: https://github.com/389ds/389-ds-base/issues/7109
Reviewed by: @progier389 (Thanks!)
- - - - -
3dd7d285 by Viktor Ashirov at 2025-12-04T22:03:31+01:00
Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116)
Bug Description:
1. In `slapd_bind_local_user()` when checking LDAPI auth mappings,
`slapi_search_internal_get_entry()` allocates and returns a duplicated
entry. This entry was never freed before jumping to the `done:` label,
causing a memory leak on each BIND operation.
2. When LDAPI mapping points to a locked account or a non-existent entry
`auth_dn` is allocated but not freed when `slapi_check_account_lock()`
returns non-zero.
3. When the root DN account is locked, `root_dn` is allocated via
`config_get_rootdn()` but not freed when the account lock check fails.
Fix Description:
1. Free the duplicated `e` before jumping to the `done:` label.
2. Free `auth_dn` when acount is locked or doesn't exist.
3. Free `root_dn` when root account is locked.
Fixes: https://github.com/389ds/389-ds-base/issues/7115
Reviewed by: @mreynolds389, @droideck (Thanks!)
- - - - -
75e0e487 by Viktor Ashirov at 2025-12-04T22:09:13+01:00
Issue 7121 - LeakSanitizer: various leaks during replication (#7122)
1. CSN Leaks
In `resolve_attribute_state_deleted_to_present()` we set CSN set pointer
to NULL without freeing the allocated memory.
In `valueset_remove_valuearray()` we overwrite `csnset` pointer without
freeing the existing `csnset`.
2. Leak in replica_add_session_abort_control()
Control's OID and value are allocated but never freed after
`slapi_pblock_set`, which duplicates the control. Added cleanup to free
`ctrl.ldctl_oid` and `ctrl.ldctl_value.bv_val` after `slapi_pblock_set`.
3. LDAP controls leak
`ldap_parse_result` allocates controls that are not being freed when not
transferred to caller or on error paths. Free `loc_returned_controls`
in cleanup section and NULL the pointer after the transfer.
`returned_controls` allocated in `conn_read_result_ex` are used to check
for abort session control, but never freed before the next loop
iteration.
Fixes: https://github.com/389ds/389-ds-base/issues/7121
Reviewed by: @progier389, @tbordaz (Thanks!)
- - - - -
49ed4ad3 by Viktor Ashirov at 2025-12-05T08:22:48+01:00
Issue 7135 - Not enough space for tests on GH runner (#7136)
Description:
Recently healthcheck tests started to fail with DSDSLE0001
> The disk partition used by the server (/), either for the database,
the configuration files, or the logs is over 90% full.
A fresh runner has 78% free space:
```
Filesystem Size Used Avail Use% Mounted on
/dev/root 73G 57G 17G 78% /
tmpfs 7.9G 172K 7.9G 1% /dev/shm
tmpfs 3.2G 1.1M 3.2G 1% /run
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sdb15 105M 6.1M 99M 6% /boot/efi
/dev/sda1 74G 4.1G 66G 6% /mnt
tmpfs 1.6G 12K 1.6G 1% /run/user/1001
```
There is preinstalled software that we don't use, like dotnet, GHC,
CodeQL, docker images. We can remove them as part of the CI job to free
up disk space.
Fixes: https://github.com/389ds/389-ds-base/issues/7135
Reviewed by: @droideck (Thanks!)
- - - - -
8fe7bfe6 by progier389 at 2025-12-05T11:39:53+01:00
Issue 7132 - Keep alive entry updated too soon after an offline import (#7133)
* Issue 7132 - Keep alive entry updated too soon after an offline import
Problem: first keep alive update is done 30 seconds after restarting the server which may be before the other replica have the time to replicate local changes after a re-initialization.
Solution: unify the timer management so that it starts after the keep alive interval (which is configurable) in the 3 following cases:
server starts
replica is enabled (i.e after bulk import)
keep alive interval is changed (to avoid having to restart the server after configuration change)
Also logs a warning if the keep alive interval is smaller than the maximum backoff timer value
Issue: #7132
Reviewed by: @tbordaz , @droideck (Thanks!)
- - - - -
337e2c90 by progier389 at 2025-12-05T17:20:18+01:00
Issue 6951 - Dynamic Certificate refresh phase 1 - Search support (#7117)
First phase of Dynamic Certificate Refresh
Implement a new backend handling cn=dynamiccertificates suffix
and the code supporting search request to list and show nss db certificates
issue: #6951
Reviewed by: @vashirov (Thanks!)
* Dynamic Certificate - Phase1- Search
* Fix sourcery-ai remarks
* Minor changes
* Fix broken search and memory leaks
Co-authored-by: Viktor Ashirov <vashirov at redhat.com>
- - - - -
ff26302e by Viktor Ashirov at 2025-12-08T08:58:25+01:00
Issue 7124 - BDB cursor race condition with transaction isolation (#7125)
Bug Description:
ASAN reported crashes in `__db_ditem_nolog()` with negative-size-param
errors. Cursor operations without transaction isolation allowed
concurrent page modifications to corrupt cursor state, leading to
invalid memory access.
The race condition occurs when:
1. T1 opens a cursor without transaction protection
2. T2 modifies the same index page
3. T1 cursor operates on stale page metadata
4. `__db_ditem_nolog()` calculates negative size for `memmove()`
5. Crash: `AddressSanitizer: negative-size-param: (size=-8)`
Reproducer: dirsrvtests/tests/stress/backend/bdb_cursor_race_test.py
Crash under ASAN usually happens within 10-30 minutes, but sometimes it
can run for hours without any crash.
Fix Description:
Implement transaction isolation for cursors in `idl_new_fetch()` and
`idl_new_range_fetch()` by always calling `dblayer_read_txn_begin()`.
In `bdb_txn_begin()` verify if the environment supports transactions
(has DB_INIT_TXN flag) before attempting to begin a transaction.
This prevents errors during offline import which uses a private
environment without transaction support.
In `bdb_public_new_cursor()` skip transaction usage when the database's
environment doesn't support transactions.
Fixes: https://github.com/389ds/389-ds-base/issues/7124
Reviewed by: @progier389, @tbordaz (Thanks!)
- - - - -
50ef48ad by James Chapman at 2025-12-08T10:20:42+00:00
Issue 7091 - Duplicate local password policy entries listed (#7092)
Bug description:
When listing local password policies, duplicate entries are shown
if a subtree password policy exists under a sub suffix. The parent
suffix search also returns the same policy, resulting in duplicates.
Fix description:
Add a check for duplicate policy entries when iterating over results from multiple suffixes.
Fixes: https://github.com/389ds/389-ds-base/issues/7091
Reviewed by: @droideck (Thank you)
- - - - -
f7156790 by James Chapman at 2025-12-08T10:33:59+00:00
Issue 7128 - memory corruption in alias entry plugin (#7131)
Description:
The plugin was freeing the original search base sdn, leading
to memory corruption during operation teardown.
Fix:
Track ownership of sdn values in the alias dereference loop, only free
temp alias sdn's created by the plugin.
Fixes: https://github.com/389ds/389-ds-base/issues/7128
Reviewed by: @vashirov, @tbordaz (Thank you)
- - - - -
4db2f3c6 by Akshay Adhikari at 2025-12-08T16:24:06+05:30
Issue 6753 - Port ticket47921 test to indirect_cos_test using DSLdapObject (#7134)
Description: The old ticket47921_test.py had compatibility issues.
This ports the functionality to indirect_cos_test.py using modern DSLdapObject methods.
Relates: https://github.com/389ds/389-ds-base/issues/6753
Reviewed by: @progier389 (Thanks!)
- - - - -
c341731f by progier389 at 2025-12-08T15:21:54+01:00
Issue 7138 - test_cleanallruv_repl does not restart supplier3 (#7139)
Fix CI by ensuring that all suppliers are started when completing the test
Issue: #7138
Reviewed by: @droideck (Thanks!)
- - - - -
d9360cb8 by Alex Kulberg at 2025-12-09T15:11:56+01:00
Issue 7053 - Remove memberof_del_dn_from_groups from MemberOf plugin (#7064)
Bug Description:
The member plugin creates redundant changes to the member attribute
in groups when deleting a user, although the referential integrity
of the member attribute should be controlled by the Referential Integrity plugin.
Furthermore, memberof doesn't take replication of operations into account
and performs the change on every server instance in the topology.
Fix Description:
Remove the `memberof_del_dn_from_groups` function from the MemberOf plugin,
completely transferring responsibility for deleting users from groups
to the Referential Integrity plugin.
Relates: https://github.com/389ds/389-ds-base/issues/7053
Reviewed by: @tbordaz
- - - - -
afffed9e by progier389 at 2025-12-09T18:02:04+01:00
Issue 7112 - dsctrl dblib bdb2mdb core dumps and won't allow conversion (#7144)
Avoid a crash we trying to free twice some bdb resources when read-only bdb is used.
Just by making sure not to dereference NULL pointer.
Issue: #7112
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
446f3a48 by Mark Reynolds at 2025-12-09T15:29:27-05:00
Issue 1793 - RFE - Implement dynamic lists
Implement a backend feature to build dynamic content based of
LDAP URI's. Configuration includes an identifying objectclass to mark
an entry as a dynamic content entry. Another setting for the attribute
that contains the LDAP URI, and an attribute for storing the dynamic
content. Attributes specified in the LDAP URI override the content
attribute and instead write that attribute's value into the dynamic
content entry.
Design doc: https://www.port389.org/docs/389ds/design/dynamic-lists-design.html
Relates: https://github.com/389ds/389-ds-base/issues/1793
Reviewed by: progier(Thanks!)
- - - - -
97ae7306 by Simon Pichugin at 2025-12-10T19:53:35-08:00
Issue 7081 - Repl Log Analysis - Implement data sampling with performance and timezone fixes (#7086)
Description: Add configurable data sampling to handle large datasets efficiently.
Implement three precision modes (fast/balanced/full) with uniform sampling on
backend and client-side fallback sampling when datasets exceed file size limits.
Track sampling metadata in JSON output and surface to users via UI notices.
Optimize chart rendering with series caching and debounced resize handlers.
Increase file size limits to 64 MiB and add proper async loading with
cancellation tokens. Make timezone handling consistent with all timestamps
timezone-aware throughout the stack. Add tracking for skipped directories,
accurate end-time reporting, and per-tab loading states.
Fixes: https://github.com/389ds/389-ds-base/issues/7081
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
7ba274f3 by Simon Pichugin at 2025-12-10T20:35:35-08:00
Issue 7119 - Fix DNA shared config replication test (#7143)
Description: Modify test_dna_shared_config_replication to validate shared
config updates through actual DNA value allocation rather than direct
modification.
Creates a user to trigger DNA allocation and verifies the dnaRemainingValues
decrements and replicates correctly across all suppliers.
Relates: https://github.com/389ds/389-ds-base/issues/7119
Reviewed by: @tbordaz (Thanks!)
- - - - -
40527f74 by Mark Reynolds at 2025-12-15T16:50:36-05:00
Issue 1793 - RFE - Dynamic lists - UI and CLI updates
Description:
Add UI and CLI support for the new dynamic lists configuration
Relates: https://github.com/389ds/389-ds-base/issues/1793
Reviewed by: spichugi(Thanks!)
- - - - -
7b2104c2 by progier389 at 2025-12-16T12:37:26+01:00
Issue: 7147 - entrycache_eviction_test is failing (#7148)
Several reason explain the test failure:
log buffereing is not disabled
a race condition causing double free in slapi_re_exec_nt when several thread uses the same compiled regex
The searched done during the test were silently unindexed so some entries were unexpectedly added to the entry cache
Issue: #7147
Reviewed by: @tbordaz, @droideck (Thanks!)
- - - - -
09a3408b by Mark Reynolds at 2025-12-16T15:43:53-05:00
Bump version to 3.1.4
- - - - -
b0916a76 by Timo Aaltonen at 2026-04-20T10:20:25+03:00
Merge branch 'upstream' into m
- - - - -
97728ef6 by Timo Aaltonen at 2026-04-20T10:21:14+03:00
version bump
- - - - -
f5d2bf7d by Timo Aaltonen at 2026-04-20T10:35:06+03:00
patches: Drop upstreamed patches.
- - - - -
d32406ea by Timo Aaltonen at 2026-04-20T10:37:19+03:00
watch: Updated.
- - - - -
6989008f by Timo Aaltonen at 2026-04-20T20:29:54+03:00
Migrate to pybuild.
- - - - -
885f34a0 by Timo Aaltonen at 2026-04-20T20:31:41+03:00
patches: Fix nss includes.
- - - - -
05473d15 by Timo Aaltonen at 2026-04-20T20:35:03+03:00
Drop libdb-dev from build-depends, include a read-only implementation derived from rpm (librobdb.so). (Closes: #1119174)
- - - - -
d4f6babb by Timo Aaltonen at 2026-04-20T20:42:48+03:00
rules: Don't clean Cargo.toml.orig-files.
- - - - -
1e89f93f by Timo Aaltonen at 2026-04-20T20:43:31+03:00
control: Drop python3-packaging from (build-)depends.
- - - - -
28ab1f56 by Timo Aaltonen at 2026-04-20T20:48:07+03:00
control: Drop unnecessary direct python dependencies from python3- lib389.
- - - - -
64132c22 by Timo Aaltonen at 2026-04-20T20:49:42+03:00
Drop old vendoring cruft.
- - - - -
676 changed files:
- .github/scripts/generate_matrix.py
- + .github/workflows/cargotest.yml
- .github/workflows/compile.yml
- .github/workflows/lmdbpytest.yml
- .github/workflows/npm.yml
- .github/workflows/pytest.yml
- .github/workflows/validate.yml
- .gitignore
- Makefile.am
- VERSION.sh
- configure.ac
- debian/389-ds-base-libs.install
- debian/389-ds-base.install
- debian/changelog
- debian/control
- − debian/patches/0001-Security-fix-for-CVE-2025-2487.patch
- − debian/patches/fix-build-fail-with-gcc15.diff
- − debian/patches/fix-build-with-newer-rust.diff
- + debian/patches/fix-nss-include.diff
- debian/patches/series
- debian/python3-lib389.install
- debian/rules
- − debian/vendor/ahash/.cargo-checksum.json
- − debian/vendor/ahash/Cargo.toml
- − debian/vendor/ahash/FAQ.md
- − debian/vendor/ahash/LICENSE-APACHE
- − debian/vendor/ahash/LICENSE-MIT
- − debian/vendor/ahash/README.md
- − debian/vendor/ahash/build.rs
- − debian/vendor/ahash/rustfmt.toml
- − debian/vendor/ahash/src/aes_hash.rs
- − debian/vendor/ahash/src/convert.rs
- − debian/vendor/ahash/src/fallback_hash.rs
- − debian/vendor/ahash/src/hash_map.rs
- − debian/vendor/ahash/src/hash_quality_test.rs
- − debian/vendor/ahash/src/hash_set.rs
- − debian/vendor/ahash/src/lib.rs
- − debian/vendor/ahash/src/operations.rs
- − debian/vendor/ahash/src/random_state.rs
- − debian/vendor/ahash/src/specialize.rs
- − debian/vendor/ahash/tests/bench.rs
- − debian/vendor/ahash/tests/map_tests.rs
- − debian/vendor/ahash/tests/nopanic.rs
- − debian/vendor/concread/.cargo-checksum.json
- − debian/vendor/concread/CACHE.md
- − debian/vendor/concread/CODE_OF_CONDUCT.md
- − debian/vendor/concread/CONTRIBUTORS.md
- − debian/vendor/concread/Cargo.toml
- − debian/vendor/concread/LICENSE.md
- − debian/vendor/concread/Makefile
- − debian/vendor/concread/README.md
- − debian/vendor/concread/asan_test.sh
- − debian/vendor/concread/benches/arccache.rs
- − debian/vendor/concread/benches/hashmap_benchmark.rs
- − debian/vendor/concread/src/arcache/ll.rs
- − debian/vendor/concread/src/arcache/mod.rs
- − debian/vendor/concread/src/arcache/traits.rs
- − debian/vendor/concread/src/bptree/asynch.rs
- − debian/vendor/concread/src/bptree/impl.rs
- − debian/vendor/concread/src/bptree/mod.rs
- − debian/vendor/concread/src/cowcell/asynch.rs
- − debian/vendor/concread/src/cowcell/mod.rs
- − debian/vendor/concread/src/ebrcell/mod.rs
- − debian/vendor/concread/src/hashmap/asynch.rs
- − debian/vendor/concread/src/hashmap/impl.rs
- − debian/vendor/concread/src/hashmap/mod.rs
- − debian/vendor/concread/src/internals/bptree/cursor.rs
- − debian/vendor/concread/src/internals/bptree/iter.rs
- − debian/vendor/concread/src/internals/bptree/macros.rs
- − debian/vendor/concread/src/internals/bptree/mod.rs
- − debian/vendor/concread/src/internals/bptree/node.rs
- − debian/vendor/concread/src/internals/bptree/states.rs
- − debian/vendor/concread/src/internals/hashmap/cursor.rs
- − debian/vendor/concread/src/internals/hashmap/iter.rs
- − debian/vendor/concread/src/internals/hashmap/macros.rs
- − debian/vendor/concread/src/internals/hashmap/mod.rs
- − debian/vendor/concread/src/internals/hashmap/node.rs
- − debian/vendor/concread/src/internals/hashmap/simd.rs
- − debian/vendor/concread/src/internals/hashmap/states.rs
- − debian/vendor/concread/src/internals/lincowcell/mod.rs
- − debian/vendor/concread/src/internals/lincowcell_async/mod.rs
- − debian/vendor/concread/src/internals/mod.rs
- − debian/vendor/concread/src/lib.rs
- − debian/vendor/concread/src/threadcache/mod.rs
- − debian/vendor/concread/src/unsound.rs
- − debian/vendor/concread/src/unsound2.rs
- − debian/vendor/concread/src/unsound3.rs
- − debian/vendor/concread/src/utils.rs
- − debian/vendor/concread/static/arc_1.png
- − debian/vendor/concread/static/arc_2.png
- − debian/vendor/concread/static/cow_1.png
- − debian/vendor/concread/static/cow_2.png
- − debian/vendor/concread/static/cow_3.png
- − debian/vendor/concread/static/cow_arc_1.png
- − debian/vendor/concread/static/cow_arc_2.png
- − debian/vendor/concread/static/cow_arc_3.png
- − debian/vendor/concread/static/cow_arc_4.png
- − debian/vendor/concread/static/cow_arc_5.png
- − debian/vendor/concread/static/cow_arc_6.png
- − debian/vendor/concread/static/cow_arc_7.png
- − debian/vendor/concread/static/cow_arc_8.png
- − debian/vendor/concread/static/cow_arc_9.png
- − debian/vendor/uuid/.cargo-checksum.json
- − debian/vendor/uuid/CODEOWNERS
- − debian/vendor/uuid/CODE_OF_CONDUCT.md
- − debian/vendor/uuid/CONTRIBUTING.md
- − debian/vendor/uuid/COPYRIGHT
- − debian/vendor/uuid/Cargo.toml
- − debian/vendor/uuid/LICENSE-APACHE
- − debian/vendor/uuid/LICENSE-MIT
- − debian/vendor/uuid/README.md
- − debian/vendor/uuid/README.tpl
- − debian/vendor/uuid/benches/format_str.rs
- − debian/vendor/uuid/benches/invalid_parse_str.rs
- − debian/vendor/uuid/benches/mod.rs
- − debian/vendor/uuid/benches/serde_support.rs
- − debian/vendor/uuid/benches/slog_support/mod.rs
- − debian/vendor/uuid/benches/slog_support/parse_str.rs
- − debian/vendor/uuid/benches/valid_parse_str.rs
- − debian/vendor/uuid/src/adapter/compact.rs
- − debian/vendor/uuid/src/adapter/mod.rs
- − debian/vendor/uuid/src/builder/error.rs
- − debian/vendor/uuid/src/builder/mod.rs
- − debian/vendor/uuid/src/error.rs
- − debian/vendor/uuid/src/lib.rs
- − debian/vendor/uuid/src/parser/error.rs
- − debian/vendor/uuid/src/parser/mod.rs
- − debian/vendor/uuid/src/prelude.rs
- − debian/vendor/uuid/src/serde_support.rs
- − debian/vendor/uuid/src/slog_support.rs
- − debian/vendor/uuid/src/test_util.rs
- − debian/vendor/uuid/src/v1.rs
- − debian/vendor/uuid/src/v3.rs
- − debian/vendor/uuid/src/v4.rs
- − debian/vendor/uuid/src/v5.rs
- − debian/vendor/uuid/src/winapi_support.rs
- debian/watch
- dirsrvtests/conftest.py
- + dirsrvtests/tests/data/5Kusers.ldif
- + dirsrvtests/tests/data/bdb_instances/instances.tgz
- + dirsrvtests/tests/perf/ndncache_test.py
- + dirsrvtests/tests/stress/backend/bdb_cursor_race_test.py
- dirsrvtests/tests/tickets/ticket48233_test.py → dirsrvtests/tests/suites/acl/aci_ip_restriction_test.py
- dirsrvtests/tests/suites/acl/roledn_test.py
- dirsrvtests/tests/suites/acl/syntax_test.py
- dirsrvtests/tests/suites/acl/userattr_test.py
- dirsrvtests/tests/suites/basic/basic_test.py
- dirsrvtests/tests/suites/basic/haproxy_test.py
- − dirsrvtests/tests/suites/basic/vlv.py
- + dirsrvtests/tests/suites/basic/vlv_test.py
- dirsrvtests/tests/suites/betxns/betxn_test.py
- dirsrvtests/tests/suites/chaining_plugin/anonymous_access_denied_basic.py → dirsrvtests/tests/suites/chaining_plugin/anonymous_access_denied_basic_test.py
- dirsrvtests/tests/suites/clu/dbgen_test_usan.py → dirsrvtests/tests/suites/clu/dbgen_usan_test.py
- dirsrvtests/tests/suites/clu/dbmon_test.py
- dirsrvtests/tests/suites/clu/dbscan_test.py
- dirsrvtests/tests/suites/clu/dbverify_test.py
- + dirsrvtests/tests/suites/clu/dsconf_backend_dynamic_lists_test.py
- dirsrvtests/tests/suites/clu/dsconf_config_test.py
- + dirsrvtests/tests/suites/clu/dsconf_conflict_test.py
- − dirsrvtests/tests/suites/clu/dsconf_logging.py
- + dirsrvtests/tests/suites/clu/dsconf_logging_test.py
- + dirsrvtests/tests/suites/clu/dsconf_memberof_test.py
- + dirsrvtests/tests/suites/clu/dsconf_schema_superior_test.py
- dirsrvtests/tests/suites/clu/dsconf_tasks_test.py
- dirsrvtests/tests/suites/clu/dsctl_acceptance_test.py
- dirsrvtests/tests/suites/clu/dsctl_dblib_test.py
- + dirsrvtests/tests/suites/clu/dsidm_account_inactivity_test.py
- dirsrvtests/tests/suites/clu/dsidm_account_test.py
- dirsrvtests/tests/suites/clu/dsidm_group_test.py
- dirsrvtests/tests/suites/clu/dsidm_organizational_unit_test.py
- dirsrvtests/tests/suites/clu/dsidm_posixgroup_test.py
- dirsrvtests/tests/suites/clu/dsidm_role_test.py
- dirsrvtests/tests/suites/clu/dsidm_services_test.py
- dirsrvtests/tests/suites/clu/dsidm_uniquegroup_test.py
- dirsrvtests/tests/suites/clu/dsidm_user_test.py
- dirsrvtests/tests/suites/clu/schema_test.py
- dirsrvtests/tests/suites/config/autotuning_test.py
- dirsrvtests/tests/suites/config/compact_test.py
- dirsrvtests/tests/suites/config/config_test.py
- dirsrvtests/tests/suites/config/regression_test.py
- dirsrvtests/tests/suites/cos/indirect_cos_test.py
- dirsrvtests/tests/suites/disk_monitoring/disk_monitoring_test.py
- dirsrvtests/tests/suites/ds_logs/ds_logs_test.py
- + dirsrvtests/tests/suites/dynamic_lists/dynamic_lists_test.py
- + dirsrvtests/tests/suites/features/entrycache_eviction_test.py
- + dirsrvtests/tests/suites/features/ldap_controls_test.py
- dirsrvtests/tests/suites/filter/basic_filter_test.py
- dirsrvtests/tests/suites/filter/complex_filters_test.py
- dirsrvtests/tests/suites/filter/filter_test_aci_with_optimiser.py → dirsrvtests/tests/suites/filter/filter_aci_with_optimiser_test.py
- dirsrvtests/tests/suites/filter/filter_test.py
- dirsrvtests/tests/suites/healthcheck/health_config_test.py
- dirsrvtests/tests/suites/healthcheck/health_repl_test.py
- dirsrvtests/tests/suites/healthcheck/health_security_test.py
- − dirsrvtests/tests/suites/healthcheck/health_sync_test.py
- + dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py
- dirsrvtests/tests/suites/healthcheck/health_tunables_test.py
- dirsrvtests/tests/suites/healthcheck/healthcheck_test.py
- dirsrvtests/tests/suites/import/import_test.py
- dirsrvtests/tests/suites/import/regression_test.py
- dirsrvtests/tests/suites/indexes/huge_index_key.py → dirsrvtests/tests/suites/indexes/huge_index_key_test.py
- dirsrvtests/tests/suites/indexes/regression_test.py
- dirsrvtests/tests/suites/ldapi/ldapi_test.py
- dirsrvtests/tests/suites/lib389/config_compare_test.py
- + dirsrvtests/tests/suites/logging/access_json_logging_test.py
- dirsrvtests/tests/suites/logging/audit_json_logging_test.py
- + dirsrvtests/tests/suites/logging/audit_password_masking_test.py
- + dirsrvtests/tests/suites/logging/error_json_logging_test.py
- + dirsrvtests/tests/suites/logging/log_flush_rotation_test.py
- + dirsrvtests/tests/suites/logging/logconv_test.py
- dirsrvtests/tests/suites/logging/logging_compression_test.py
- dirsrvtests/tests/suites/mapping_tree/referral_during_tot_init_test.py
- dirsrvtests/tests/suites/mapping_tree/regression_test.py
- dirsrvtests/tests/suites/memberof_plugin/__init__.py
- + dirsrvtests/tests/suites/memberof_plugin/conftest.py
- dirsrvtests/tests/suites/memberof_plugin/fixup_test.py
- + dirsrvtests/tests/suites/memberof_plugin/memberof_deferred_lmdb_test.py
- dirsrvtests/tests/suites/memberof_plugin/memberof_deferred_repl_test.py
- + dirsrvtests/tests/suites/memberof_plugin/memberof_exclude_subtrees_test.py
- dirsrvtests/tests/suites/memberof_plugin/memberof_include_scopes_test.py
- + dirsrvtests/tests/suites/memberof_plugin/memberof_skipnested_test.py
- + dirsrvtests/tests/suites/memberof_plugin/memberof_specific_group_test.py
- dirsrvtests/tests/suites/memberof_plugin/regression_test.py
- dirsrvtests/tests/suites/monitor/monitor_test.py
- dirsrvtests/tests/suites/paged_results/paged_results_test.py
- dirsrvtests/tests/suites/password/password_policy_test.py
- dirsrvtests/tests/suites/password/password_test.py
- dirsrvtests/tests/suites/password/pw_expired_access_test.py
- dirsrvtests/tests/suites/password/pwdAdmin_test.py
- dirsrvtests/tests/suites/password/pwdModify_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_temporary_password.py → dirsrvtests/tests/suites/password/pwdPolicy_temporary_password_test.py
- + dirsrvtests/tests/suites/password/pwp_history_local_override_test.py
- dirsrvtests/tests/suites/password/pwp_history_test.py
- dirsrvtests/tests/suites/password/pwp_test.py
- + dirsrvtests/tests/suites/plugins/account_policy_login_attr_test.py
- dirsrvtests/tests/suites/plugins/accpol_test.py
- dirsrvtests/tests/suites/plugins/attruniq_test.py
- + dirsrvtests/tests/suites/plugins/dna_repl_test.py
- dirsrvtests/tests/suites/plugins/dna_test.py
- + dirsrvtests/tests/suites/plugins/entryusn_overflow_test.py
- + dirsrvtests/tests/suites/plugins/linked_attributes_test.py
- dirsrvtests/tests/suites/plugins/memberof_test.py
- + dirsrvtests/tests/suites/plugins/modrdn_test.py
- + dirsrvtests/tests/suites/plugins/pam_pta_test.py
- dirsrvtests/tests/suites/replication/acceptance_test.py
- + dirsrvtests/tests/suites/replication/acl_replication_test.py
- dirsrvtests/tests/suites/replication/changelog_test.py
- dirsrvtests/tests/suites/replication/changelog_trimming_test.py
- + dirsrvtests/tests/suites/replication/cleanallruv_fractional_test.py
- + dirsrvtests/tests/suites/replication/numsubordinates_replication_test.py
- dirsrvtests/tests/suites/replication/regression_m2_test.py
- dirsrvtests/tests/suites/replication/regression_m3_test.py
- + dirsrvtests/tests/suites/replication/repl_conflict_delete_modify_test.py
- + dirsrvtests/tests/suites/replication/repl_log_monitoring_test.py
- + dirsrvtests/tests/suites/replication/replication_deadlock_test.py
- dirsrvtests/tests/suites/replication/ruvstore_test.py
- + dirsrvtests/tests/suites/replication/selfdn_acl_replication_test.py
- dirsrvtests/tests/suites/replication/urp.py → dirsrvtests/tests/suites/replication/urp_test.py
- dirsrvtests/tests/suites/resource_limits/fdlimits_test.py
- dirsrvtests/tests/suites/retrocl/basic_test.py
- dirsrvtests/tests/suites/retrocl/retrocl_indexing_test.py
- dirsrvtests/tests/suites/roles/basic_test.py
- + dirsrvtests/tests/suites/schema/schema_csn_replication_test.py
- dirsrvtests/tests/suites/schema/schema_replication_origin_test.py
- dirsrvtests/tests/suites/schema/schema_replication_test.py
- + dirsrvtests/tests/suites/schema/schema_standard_update_test.py
- dirsrvtests/tests/suites/schema/schema_test.py
- + dirsrvtests/tests/suites/schema/schema_update_policy_test.py
- dirsrvtests/tests/suites/session_tracking/session_test.py
- dirsrvtests/tests/suites/setup_ds/db_home_test.py
- dirsrvtests/tests/suites/slapi_memberof/basic_interface_test.py
- − dirsrvtests/tests/suites/snmp/__init__.py
- − dirsrvtests/tests/suites/snmp/snmp.py
- dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
- + dirsrvtests/tests/suites/upgrade/upgrade_bdb2mdb_test.py
- dirsrvtests/tests/suites/vlv/regression_test.py
- dirsrvtests/tests/suites/webui/__init__.py
- dirsrvtests/tests/suites/webui/backup/backup_test.py
- dirsrvtests/tests/suites/webui/database/database_test.py
- dirsrvtests/tests/suites/webui/ldap_browser/ldap_browser_test.py
- dirsrvtests/tests/suites/webui/login/login_test.py
- dirsrvtests/tests/suites/webui/monitoring/monitoring_test.py
- dirsrvtests/tests/suites/webui/plugins/plugins_test.py
- − dirsrvtests/tests/tickets/ticket47560_test.py
- − dirsrvtests/tests/tickets/ticket47573_test.py
- − dirsrvtests/tests/tickets/ticket47619_test.py
- − dirsrvtests/tests/tickets/ticket47640_test.py
- − dirsrvtests/tests/tickets/ticket47653MMR_test.py
- − dirsrvtests/tests/tickets/ticket47676_test.py
- − dirsrvtests/tests/tickets/ticket47714_test.py
- − dirsrvtests/tests/tickets/ticket47721_test.py
- − dirsrvtests/tests/tickets/ticket47787_test.py
- − dirsrvtests/tests/tickets/ticket47808_test.py
- − dirsrvtests/tests/tickets/ticket47815_test.py
- − dirsrvtests/tests/tickets/ticket47823_test.py
- − dirsrvtests/tests/tickets/ticket47828_test.py
- − dirsrvtests/tests/tickets/ticket47829_test.py
- − dirsrvtests/tests/tickets/ticket47833_test.py
- − dirsrvtests/tests/tickets/ticket47869MMR_test.py
- − dirsrvtests/tests/tickets/ticket47871_test.py
- − dirsrvtests/tests/tickets/ticket47900_test.py
- − dirsrvtests/tests/tickets/ticket47910_test.py
- − dirsrvtests/tests/tickets/ticket47920_test.py
- − dirsrvtests/tests/tickets/ticket47921_test.py
- − dirsrvtests/tests/tickets/ticket47927_test.py
- − dirsrvtests/tests/tickets/ticket47931_test.py
- − dirsrvtests/tests/tickets/ticket47963_test.py
- − dirsrvtests/tests/tickets/ticket48026_test.py
- − dirsrvtests/tests/tickets/ticket48228_test.py
- − dirsrvtests/tests/tickets/ticket48294_test.py
- − dirsrvtests/tests/tickets/ticket48295_test.py
- − dirsrvtests/tests/tickets/ticket48370_test.py
- − dirsrvtests/tests/tickets/ticket49008_test.py
- − dirsrvtests/tests/tickets/ticket49072_test.py
- − dirsrvtests/tests/tickets/ticket49073_test.py
- − dirsrvtests/tests/tickets/ticket49184_test.py
- − dirsrvtests/tests/tickets/ticket49386_test.py
- − dirsrvtests/tests/tickets/ticket49463_test.py
- − dirsrvtests/tests/tickets/ticket49540_test.py
- − dirsrvtests/tests/tickets/ticket50232_test.py
- − docker.mk
- − docker/389-ds-fedora/Dockerfile
- − docker/389-ds-suse/Dockerfile
- − docker/389-ds-suse/Dockerfile.release
- − docker/README.md
- ldap/admin/src/logconv.py
- ldap/include/avl.h
- ldap/ldif/template-dse-minimal.ldif.in
- ldap/ldif/template-dse.ldif.in
- ldap/libraries/libavl/avl.c
- ldap/servers/plugins/acctpolicy/acct_util.c
- ldap/servers/plugins/acl/aclgroup.c
- ldap/servers/plugins/acl/aclinit.c
- ldap/servers/plugins/acl/acllas.c
- ldap/servers/plugins/acl/acllist.c
- ldap/servers/plugins/acl/aclparse.c
- ldap/servers/plugins/alias_entries/alias-entries.c
- ldap/servers/plugins/automember/automember.c
- ldap/servers/plugins/chainingdb/cb_config.c
- ldap/servers/plugins/collation/orfilter.c
- ldap/servers/plugins/dna/dna.c
- ldap/servers/plugins/memberof/memberof.c
- ldap/servers/plugins/memberof/memberof.h
- ldap/servers/plugins/memberof/memberof_config.c
- ldap/servers/plugins/pam_passthru/README
- ldap/servers/plugins/pam_passthru/pam_ptconfig.c
- ldap/servers/plugins/posix-winsync/posix-winsync.c
- ldap/servers/plugins/posix-winsync/posix-wsp-ident.h
- ldap/servers/plugins/pwdstorage/md5c.c
- ldap/servers/plugins/referint/referint.c
- ldap/servers/plugins/replication/cl5_api.c
- ldap/servers/plugins/replication/cl5_config.c
- ldap/servers/plugins/replication/repl5.h
- ldap/servers/plugins/replication/repl5_agmt.c
- ldap/servers/plugins/replication/repl5_connection.c
- ldap/servers/plugins/replication/repl5_inc_protocol.c
- ldap/servers/plugins/replication/repl5_init.c
- ldap/servers/plugins/replication/repl5_replica.c
- ldap/servers/plugins/replication/repl5_replica_hash.c
- ldap/servers/plugins/replication/repl5_tot_protocol.c
- ldap/servers/plugins/replication/repl_connext.c
- ldap/servers/plugins/replication/repl_extop.c
- ldap/servers/plugins/replication/replutil.c
- ldap/servers/plugins/retrocl/retrocl_po.c
- ldap/servers/plugins/roles/roles_cache.c
- ldap/servers/plugins/syntaxes/bin.c
- ldap/servers/plugins/syntaxes/syntax.h
- ldap/servers/plugins/syntaxes/syntax_common.c
- ldap/servers/plugins/uiduniq/uid.c
- ldap/servers/plugins/views/views.c
- ldap/servers/slapd/accesslog.c
- ldap/servers/slapd/add.c
- ldap/servers/slapd/attrsyntax.c
- ldap/servers/slapd/auditlog.c
- ldap/servers/slapd/auth.c
- ldap/servers/slapd/back-ldbm/ancestorid.c
- ldap/servers/slapd/back-ldbm/archive.c
- ldap/servers/slapd/back-ldbm/back-ldbm.h
- ldap/servers/slapd/back-ldbm/backentry.c
- ldap/servers/slapd/back-ldbm/cache.c
- + ldap/servers/slapd/back-ldbm/db-bdb/bdb_bdbreader_db.h
- + ldap/servers/slapd/back-ldbm/db-bdb/bdb_bdbreader_glue.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_config.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_import_threads.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_instance_config.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.h
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_ldif2db.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_misc.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_monitor.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_upgrade.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c
- ldap/servers/slapd/back-ldbm/db-bdb/bdb_version.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_config.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_import.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_import_threads.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_instance.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_layer.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_layer.h
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_ldif2db.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_misc.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_monitor.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_txn.c
- ldap/servers/slapd/back-ldbm/db-mdb/mdb_verify.c
- ldap/servers/slapd/back-ldbm/dbimpl.c
- ldap/servers/slapd/back-ldbm/dblayer.c
- ldap/servers/slapd/back-ldbm/dn2entry.c
- ldap/servers/slapd/back-ldbm/filterindex.c
- ldap/servers/slapd/back-ldbm/findentry.c
- ldap/servers/slapd/back-ldbm/id2entry.c
- ldap/servers/slapd/back-ldbm/idl.c
- ldap/servers/slapd/back-ldbm/idl_new.c
- ldap/servers/slapd/back-ldbm/import.c
- ldap/servers/slapd/back-ldbm/import.h
- ldap/servers/slapd/back-ldbm/index.c
- ldap/servers/slapd/back-ldbm/instance.c
- ldap/servers/slapd/back-ldbm/ldbm_add.c
- ldap/servers/slapd/back-ldbm/ldbm_attr.c
- ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
- ldap/servers/slapd/back-ldbm/ldbm_config.c
- ldap/servers/slapd/back-ldbm/ldbm_config.h
- ldap/servers/slapd/back-ldbm/ldbm_delete.c
- ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
- ldap/servers/slapd/back-ldbm/ldbm_index_config.c
- ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
- ldap/servers/slapd/back-ldbm/ldbm_modify.c
- ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
- ldap/servers/slapd/back-ldbm/ldbm_search.c
- ldap/servers/slapd/back-ldbm/ldbm_usn.c
- ldap/servers/slapd/back-ldbm/ldif2ldbm.c
- ldap/servers/slapd/back-ldbm/matchrule.c
- ldap/servers/slapd/back-ldbm/misc.c
- ldap/servers/slapd/back-ldbm/parents.c
- ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
- ldap/servers/slapd/back-ldbm/sort.c
- ldap/servers/slapd/back-ldbm/vlv.c
- ldap/servers/slapd/backend.c
- ldap/servers/slapd/ch_malloc.c
- ldap/servers/slapd/connection.c
- ldap/servers/slapd/conntable.c
- ldap/servers/slapd/control.c
- ldap/servers/slapd/daemon.c
- ldap/servers/slapd/delete.c
- ldap/servers/slapd/dn.c
- ldap/servers/slapd/dse.c
- + ldap/servers/slapd/dyncerts.c
- + ldap/servers/slapd/dyncerts.h
- ldap/servers/slapd/entry.c
- ldap/servers/slapd/entrywsi.c
- ldap/servers/slapd/extendop.c
- ldap/servers/slapd/fe.h
- ldap/servers/slapd/filter.c
- ldap/servers/slapd/filtercmp.c
- ldap/servers/slapd/filterentry.c
- ldap/servers/slapd/getfilelist.c
- ldap/servers/slapd/haproxy.c
- ldap/servers/slapd/haproxy.h
- − ldap/servers/slapd/http.h
- ldap/servers/slapd/ldapi.c
- ldap/servers/slapd/ldaputil.c
- ldap/servers/slapd/libglobs.c
- ldap/servers/slapd/log.c
- ldap/servers/slapd/main.c
- ldap/servers/slapd/mapping_tree.c
- ldap/servers/slapd/modify.c
- ldap/servers/slapd/modrdn.c
- ldap/servers/slapd/operation.c
- ldap/servers/slapd/opshared.c
- ldap/servers/slapd/pagedresults.c
- ldap/servers/slapd/passwd_extop.c
- ldap/servers/slapd/pblock.c
- ldap/servers/slapd/pblock_v3.h
- ldap/servers/slapd/plugin.c
- ldap/servers/slapd/plugin_mmr.c
- ldap/servers/slapd/plugin_mr.c
- ldap/servers/slapd/plugin_syntax.c
- ldap/servers/slapd/protect_db.c
- ldap/servers/slapd/proto-slap.h
- ldap/servers/slapd/pw.c
- ldap/servers/slapd/result.c
- ldap/servers/slapd/schema.c
- ldap/servers/slapd/search.c
- ldap/servers/slapd/slap.h
- ldap/servers/slapd/slapi-memberof.c
- ldap/servers/slapd/slapi-plugin.h
- ldap/servers/slapd/slapi-private.h
- ldap/servers/slapd/ssl.c
- ldap/servers/slapd/str2filter.c
- ldap/servers/slapd/task.c
- ldap/servers/slapd/time.c
- ldap/servers/slapd/tools/ldclt/ldclt.c
- ldap/servers/slapd/tools/ldclt/ldclt.h
- ldap/servers/slapd/unbind.c
- ldap/servers/slapd/upgrade.c
- ldap/servers/slapd/util.c
- ldap/servers/slapd/valueset.c
- ldap/servers/slapd/vattr.c
- ldap/servers/snmp/main.c
- lib/ldaputil/certmap.c
- lib/libaccess/aclscan.l
- lib/libaccess/acltext.y
- + lib/librobdb/COPYING
- + lib/librobdb/COPYING.RPM
- + lib/librobdb/README.md
- + lib/librobdb/lib/bdb_ro.c
- + lib/librobdb/lib/robdb.h
- + lib/librobdb/robdb.spec
- + lib/librobdb/tests/test.c
- + lib/librobdb/tests/test.db
- m4/bundle_libdb.m4
- m4/db.m4
- rpm.mk
- rpm/389-ds-base.spec.in
- rpm/bundle-rust-npm.py
- + rpm/is-robdb-used
- src/cockpit/389-console/package-lock.json
- src/cockpit/389-console/package.json
- src/cockpit/389-console/po/ja.po
- src/cockpit/389-console/src/LDAPEditor.jsx
- src/cockpit/389-console/src/css/ds.css
- src/cockpit/389-console/src/database.jsx
- src/cockpit/389-console/src/ds.jsx
- + src/cockpit/389-console/src/dsBasicComponents.jsx
- src/cockpit/389-console/src/dsModals.jsx
- src/cockpit/389-console/src/index.html
- src/cockpit/389-console/src/lib/database/attrEncryption.jsx
- src/cockpit/389-console/src/lib/database/chaining.jsx
- src/cockpit/389-console/src/lib/database/databaseConfig.jsx
- src/cockpit/389-console/src/lib/database/databaseModal.jsx
- src/cockpit/389-console/src/lib/database/databaseTables.jsx
- src/cockpit/389-console/src/lib/database/globalPwp.jsx
- src/cockpit/389-console/src/lib/database/indexes.jsx
- src/cockpit/389-console/src/lib/database/localPwp.jsx
- src/cockpit/389-console/src/lib/database/suffix.jsx
- src/cockpit/389-console/src/lib/database/suffixConfig.jsx
- src/cockpit/389-console/src/lib/database/vlvIndexes.jsx
- src/cockpit/389-console/src/lib/ldap_editor/lib/editableTable.jsx
- src/cockpit/389-console/src/lib/ldap_editor/lib/ldapNavigator.jsx
- src/cockpit/389-console/src/lib/ldap_editor/lib/rootSuffix.jsx
- src/cockpit/389-console/src/lib/ldap_editor/lib/utils.jsx
- src/cockpit/389-console/src/lib/ldap_editor/search.jsx
- src/cockpit/389-console/src/lib/ldap_editor/treeView.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/deleteOperation.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/newEntry.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/aciNew.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/addCosDefinition.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/addCosTemplate.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/addGroup.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/addLdapEntry.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/addRole.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/addUser.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/editGroup.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/editLdapEntry.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/genericUpdate.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/groupTable.jsx
- src/cockpit/389-console/src/lib/ldap_editor/wizards/operations/renameEntry.jsx
- src/cockpit/389-console/src/lib/monitor/accesslog.jsx
- src/cockpit/389-console/src/lib/monitor/auditfaillog.jsx
- src/cockpit/389-console/src/lib/monitor/auditlog.jsx
- src/cockpit/389-console/src/lib/monitor/dbMonitor.jsx
- src/cockpit/389-console/src/lib/monitor/errorlog.jsx
- src/cockpit/389-console/src/lib/monitor/monitorModals.jsx
- src/cockpit/389-console/src/lib/monitor/monitorTables.jsx
- + src/cockpit/389-console/src/lib/monitor/replLogAnalysis.jsx
- src/cockpit/389-console/src/lib/monitor/replMonConflict.jsx
- src/cockpit/389-console/src/lib/monitor/replMonitor.jsx
- src/cockpit/389-console/src/lib/monitor/securitylog.jsx
- src/cockpit/389-console/src/lib/monitor/serverMonitor.jsx
- src/cockpit/389-console/src/lib/monitor/suffixMonitor.jsx
- src/cockpit/389-console/src/lib/plugins/accountPolicy.jsx
- src/cockpit/389-console/src/lib/plugins/attributeUniqueness.jsx
- src/cockpit/389-console/src/lib/plugins/autoMembership.jsx
- src/cockpit/389-console/src/lib/plugins/dna.jsx
- src/cockpit/389-console/src/lib/plugins/linkedAttributes.jsx
- src/cockpit/389-console/src/lib/plugins/managedEntries.jsx
- src/cockpit/389-console/src/lib/plugins/memberOf.jsx
- + src/cockpit/389-console/src/lib/plugins/memberOfModals.jsx
- src/cockpit/389-console/src/lib/plugins/pamPassThru.jsx
- src/cockpit/389-console/src/lib/plugins/pluginBasicConfig.jsx
- src/cockpit/389-console/src/lib/plugins/pluginTables.jsx
- src/cockpit/389-console/src/lib/plugins/referentialIntegrity.jsx
- src/cockpit/389-console/src/lib/plugins/retroChangelog.jsx
- src/cockpit/389-console/src/lib/plugins/rootDNAccessControl.jsx
- src/cockpit/389-console/src/lib/replication/replAgmts.jsx
- src/cockpit/389-console/src/lib/replication/replConfig.jsx
- src/cockpit/389-console/src/lib/replication/replModals.jsx
- src/cockpit/389-console/src/lib/replication/replTables.jsx
- src/cockpit/389-console/src/lib/replication/replTasks.jsx
- src/cockpit/389-console/src/lib/replication/winsyncAgmts.jsx
- src/cockpit/389-console/src/lib/schema/schemaModals.jsx
- src/cockpit/389-console/src/lib/schema/schemaTables.jsx
- src/cockpit/389-console/src/lib/security/certificateManagement.jsx
- src/cockpit/389-console/src/lib/security/ciphers.jsx
- src/cockpit/389-console/src/lib/security/securityModals.jsx
- src/cockpit/389-console/src/lib/server/accessLog.jsx
- src/cockpit/389-console/src/lib/server/auditLog.jsx
- src/cockpit/389-console/src/lib/server/auditfailLog.jsx
- src/cockpit/389-console/src/lib/server/errorLog.jsx
- src/cockpit/389-console/src/lib/server/ldapi.jsx
- src/cockpit/389-console/src/lib/server/sasl.jsx
- src/cockpit/389-console/src/lib/server/securityLog.jsx
- src/cockpit/389-console/src/lib/server/settings.jsx
- src/cockpit/389-console/src/lib/tools.jsx
- src/cockpit/389-console/src/monitor.jsx
- src/cockpit/389-console/src/replication.jsx
- src/cockpit/389-console/src/schema.jsx
- src/cockpit/389-console/src/security.jsx
- src/cockpit/389-console/src/server.jsx
- src/lib389/MANIFEST.in
- src/lib389/README.md
- + src/lib389/build_hooks.py
- src/lib389/lib389/__init__.py
- src/lib389/lib389/_constants.py
- src/lib389/lib389/_mapped_object.py
- src/lib389/lib389/agreement.py
- src/lib389/lib389/backend.py
- src/lib389/lib389/chaining.py
- src/lib389/lib389/cli_base/__init__.py
- src/lib389/lib389/cli_base/dsrc.py
- src/lib389/lib389/cli_conf/__init__.py
- src/lib389/lib389/cli_conf/backend.py
- src/lib389/lib389/cli_conf/conflicts.py
- src/lib389/lib389/cli_conf/logging.py
- src/lib389/lib389/cli_conf/monitor.py
- src/lib389/lib389/cli_conf/plugins/accountpolicy.py
- src/lib389/lib389/cli_conf/plugins/attruniq.py
- src/lib389/lib389/cli_conf/plugins/memberof.py
- src/lib389/lib389/cli_conf/plugins/referint.py
- src/lib389/lib389/cli_conf/plugins/rootdn_ac.py
- src/lib389/lib389/cli_conf/pwpolicy.py
- src/lib389/lib389/cli_conf/replication.py
- src/lib389/lib389/cli_conf/schema.py
- src/lib389/lib389/cli_ctl/dblib.py
- src/lib389/lib389/cli_ctl/health.py
- src/lib389/lib389/cli_idm/__init__.py
- src/lib389/lib389/cli_idm/account.py
- src/lib389/lib389/cli_idm/group.py
- src/lib389/lib389/cli_idm/organizationalunit.py
- src/lib389/lib389/cli_idm/posixgroup.py
- src/lib389/lib389/cli_idm/role.py
- src/lib389/lib389/cli_idm/service.py
- src/lib389/lib389/cli_idm/uniquegroup.py
- src/lib389/lib389/cli_idm/user.py
- src/lib389/lib389/dirsrv_log.py
- src/lib389/lib389/dseldif.py
- src/lib389/lib389/idm/account.py
- src/lib389/lib389/idm/group.py
- src/lib389/lib389/idm/role.py
- src/lib389/lib389/instance/options.py
- src/lib389/lib389/instance/setup.py
- src/lib389/lib389/lint.py
- src/lib389/lib389/monitor.py
- src/lib389/lib389/nss_ssl.py
- src/lib389/lib389/paths.py
- src/lib389/lib389/plugins.py
- src/lib389/lib389/pwpolicy.py
- src/lib389/lib389/replica.py
- src/lib389/lib389/repltools.py
- src/lib389/lib389/schema.py
- src/lib389/lib389/tools.py
- src/lib389/lib389/topologies.py
- src/lib389/lib389/utils.py
- + src/lib389/pyproject.toml
- src/lib389/requirements.txt
- − src/lib389/setup.cfg
- − src/lib389/setup.py.in
- + src/lib389/validate_version.py
- src/librslapd/Cargo.toml
- src/librslapd/src/cache.rs
- src/plugins/pwdchan/src/lib.rs
- src/slapi_r_plugin/src/value.rs
- test/libslapd/haproxy/parse.c
- test/libslapd/test.c
- test/test_slapd.h
- wrappers/systemd.template.service.in
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/6143c9025c8b7380618946c06e1ec21f57c6616d...64132c22285271179e4ed68a4ed41dd446143e97
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/6143c9025c8b7380618946c06e1ec21f57c6616d...64132c22285271179e4ed68a4ed41dd446143e97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20260420/94162e12/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list