org.forgerock / org.forgerock.opendj

07 Jun, 2007

4 commits

  • b49fe277   Eliminate the search-unindexed privilege, since the feature was implemented to ... Browse Dir » 
    use a privilege of "unindexed-search" instead.  Also, eliminate the
index-rebuild privilege and fold all of its functionality into ldif-import,
since having a separate privilege for it doesn't provide much benefit and
creates additional administrative overhead.

OpenDS Issue Numbers:  1765, 1776


git-svn-id: https://svn.forgerock.org/opendj/trunk@2051 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 630ba039   Add a virtual attribute provider that can be used to assign entryUUID values ... Browse Dir » 
    for entries in private backends (e.g., the root DSE, schema, monitor entries,
config entries, etc.).  The entryUUID value that will be generated is based on
an MD5 hash of the entry DN, but this shouldn't be a problem for entries in
private backends because none of them allow modify DN operations.  User entries
should have a real entryUUID value generated when the entry is created (either
via an LDAP add or an LDIF import).

OpenDS Isssue Number:  1775


git-svn-id: https://svn.forgerock.org/opendj/trunk@2050 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • a7b98ade   Update the global ACI definitions to allow all users to read entryUUID. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2048 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 2872c1cf   Fix for issue 1633 (JMX port should be disabled by default) ... Browse Dir » 
    Considering the limited added value that the JMX port will provide on 1.0 and the fact that we do not want to expose it on the QuickSetup, in the admin group we consider to disable this port by default.  Before committing a fix for this maybe we should send a Heads Up message to the users mailing list.

Basically after the changes the JMX connection handler will not be enabled if the server is installed using the graphical setup.  For the command line setup, JMX will not be enabled unless the user explicitly includes de -x option (for the JMX port) when invoking the command-line.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2046 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     

01 Jun, 2007

1 commit

24 May, 2007

1 commit

18 May, 2007

1 commit

09 May, 2007

1 commit

04 May, 2007

1 commit

  • 0025ece0   Fixes for the 2 replication problems : ... Browse Dir » 
    - Missing cn attribute in replication.ldif


- When at least 2 replication servers are used, they will both try to connect to each other.
Since there must be only one connection, one of the connection is rejected.
Unfortunately in some cases the replication server fails to recognize that they are
already connected and keep trying to connect to the other replication server
every second.

The reason while they fail to notice that they are already connected is because
there is a confusion in the code between the IP address and the hostname.
This fix uses the IP address everywhere and also add checks between the IP address
and the local IP address : 127.0.0.1.





git-svn-id: https://svn.forgerock.org/opendj/trunk@1817 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

03 May, 2007

2 commits

  • 5ec7b4df   Major changes made to the logging framework. It should resolve the following issues: ... Browse Dir » 
    1. Migrated configuration to the new admin framework.
2. Removed all dependencies on the JDK logger. (Issue 1503)
3. Added option to set the file permissions on all log files. (Issue 202)
4. Added option to write log files asynchronously.
5. Retention and rotation policies are now separate managed objects registered to the Directory Server.
6. Rotation and retention policies are not extensible.
6. Post-rotation actions are not yet implemented in this set of changes.
7. Tools and tasks can now use a custom log publisher that only picks up messages generated by a specific thread or thread group.
8. Debug logger no longer creates a log record object for every message. 
9. Configurable Log File Paths (Issue 174)
10. Log Level Support by Category/Severity. This capability is limited for error logger. (Issue 177)
11. Support log file rotation (Issue 188)
12. Sized-based, Time-based rotation policies (Issues 190, 191)
13. Time-based, max size-based, file count-based retention policies (Issues 199, 201, 202)
14. Debug logger configurable via the admin framework (Issue 836)



git-svn-id: https://svn.forgerock.org/opendj/trunk@1805 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 2606575c   This is a checkin for Issue #311 "CRYPT Storage Scheme Support". This ... Browse Dir » 
    code was contributed externally by java.net user bdamm.

The crypt implementation itself was ported from the C-based one
OpenSolaris.  Since the OpenSolaris code is covered under the CDDL,
we're okay to include it in OpenDS, but I've opened issue 1573 to
remind us to make sure that we got all of the copyrights right etc.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1801 41b1ffd8-f28e-4786-ab96-9950f0a78031
    davidely
     

02 May, 2007

1 commit

27 Apr, 2007

2 commits

  • 5a8d7362   Remove some trailing spaces on DNs. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@1727 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     
  • e43a5550   This is is the last part of the replication renaming (issue 1090) ... Browse Dir » 
    and is the renaming of the configuration.

The change in the configurations are quite simples, basically the changelog string
has been replaced by the replication-server and the synchronization string
has been replaced by replication except when it is used as synchronization provider. 

The schema is a bit more complex because I've decided to keep the old objectclass
names and the old attribute names as alias of the new names.
This would allow the previous configuration to work, however my testing has shown that
the admin framework does not seem to deal well with objectclass aliases and therefore
this is not entirely true.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1725 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

25 Apr, 2007

1 commit

23 Apr, 2007

1 commit

  • e1f53ff3   This integrates the multi-master synchronization with the new admin framework (issue 1477) ... Browse Dir » 
    and makes possible to dynamically add or remove changelog server and
synchronization domains in a running server (issue 639).

It was necessary to slightly modify the configuration :

- The objectclass ds-cfg-multimaster-synchronization-provider must be added to
 the entry : cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config
- the domains must be configured under
 cn=domains, cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config
 instead of being directly under this entry.

The synchronization.ldif file has been updated to reflect these changes.
I will update the configuration doc in the wiki

git-svn-id: https://svn.forgerock.org/opendj/trunk@1680 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

20 Apr, 2007

1 commit

13 Apr, 2007

1 commit

  • acfbc4a5   Update the member virtual attribute implementation so that it provides a ... Browse Dir » 
    mechanism for preventing the entire member list from being returned, which can
be a very expensive operation.  When running with this configuration, the
attribute will handle requests that determine whether a given user is a member
of the group, but will not list the entire set of membership.

OpenDS Issue Number:  1506


git-svn-id: https://svn.forgerock.org/opendj/trunk@1628 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

11 Apr, 2007

2 commits

10 Apr, 2007

2 commits

  • 8138f02c   Add support for two new password validators: ... Browse Dir » 
    - Issue #338:  Prevent users from selecting a password that matches the value
  of any attribute (or a specified set of attributes) in that user's entry.

- Issue #341:  Prevent users from selecting a password that matches a value
  contained in a dictionary.

Both validators support both forward and reverse matching, and for the
dictionary password validator I have compiled a dictionary from public domain
word lists.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1611 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 59b9d1d7   Added the following capabilities to OpenDS: ... Browse Dir » 
    - Index rebuilding capabilities. All indexes including system and attribute indexes can 
be rebuilt. Each index will be rebuilt by a seperate thread to increase performance. A 
max number of rebuild threads could be set to limit the resources used by large rebuild 
jobs. Partial rebuilds of attribute indexes could also be done by specifying the 
attribute index type after the attribute type (ie. sn.approximate).
- Index rebuilding standalone tool. Rebuilding of attribute indexes could be done with 
the backend online. However, rebuilds including system indexes must be done with the 
backend offline.
- Index rebuilding task. Rebuilding of attribute indexes are done with the backend 
online. Rebuilds that include system indexes will be performed after bring the backend 
offline. The user must have index-rebuild privilages to rebuild indexes.
- Approxitae indexing capability. The value of the attribute will be normalized using 
the approximate maching rule of that attribute type. This is used as the key for the 
index. Approximate indexes are fully supported by the index verify, rebuild, and import 
jobs.
- Fixed bug in build.xml where weave is enabled even if a test.* property is set.
- Consolidated some common tool messages.
- Consolidated some JE backend methods common to all tools.
- Added unit tests for rebuild job and approximate indexes.

Fix for issues 35, 39, 40, 41


git-svn-id: https://svn.forgerock.org/opendj/trunk@1607 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

03 Apr, 2007

1 commit

  • cc5a59f0   Add initial support for a virtual attribute subsystem, and implement a few ... Browse Dir » 
    different kinds of virtual attributes.  This commit addresses the following
issues:

- Issue #1475 -- General virtual attribute support
- Issue #539  -- Support for the isMemberOf virtual attribute
- Issue #544  -- Support for the entryDN virtual attribute
- Issue #1056 -- Support for the subschemaSubentry virtual attribute
- Issue #85   -- Support for the real attributes only control
- Issue #86   -- Support for the virutal attributes only control

In general, virtual attribute support consists of three parts:

- An implementation of the org.opends.server.api.VirtualAttributeProvider
  class, which provides the logic for actually generating the values, providing
  support for various kinds of matching, and potentially the ability to process
  search operations involving the virtual attribute that might not otherwise be
  indexed.

- The org.opends.server.types.VirtualAttribute class, which is a subclass of
  org.opends.server.types.Attribute and uses the virtual attribute provider to
  generate its values.

- The org.opends.server.types.VirtualAttributeRule class, which associates a
  virtual attribute provider with a given attribute type, and also with a set
  of criteria that controls which entries should have the attribute.


The virtual attribute rule currently supports the following criteria that can
be used to decide whether an entry should have a given virtual attribute:

- Zero or more base DNs.  If any base DNs are provided, then any entry which
  falls below one of those base DNs will be a candidate to get the virtual
  attribute.  If no base DNs are provided, then DIT location will not be taken
  into account when determining eligibility.

- Zero or more group DNs.  If any group DNs are provided, then any entry that
  belongs to one of the specified groups will be a candidate to get the virtual
  attribute.  If no group DNs are provided, then group membership will not be
  taken into account when determining eligibility.

- Zero or more search filters.  If any filters are provided, then any entry
  that matches one of the specified filters will be a candidate to get the
  virtual attribute.  If no filters are provided, then the contents of the
  entry will not be taken into account when determining eligibility.


In addition to that criteria, virtual attribute rules define a conflict
behavior, which controls how to behave when the entry already has one or more
real values for the attribute.  The conflict behavior can be
"real-overrides-virtual" (to only show the real values),
"virtual-overrides-real" (to only show the virtual values), or
"merge-real-and-virtual" (to show both real and virtual values).

The virtual attribute implementation has been designed so that there should be
virtually no performance impact unless the attribute needs to be returned to
the client or it is referenced in a search filter, and you can completely
disable virtual attributes if you don't need them.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1562 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

26 Mar, 2007

2 commits

  • 5e3f132a   Add two new password validators to OpenDS: ... Browse Dir » 
    - A validator which enforces a restriction that passwords must have at least a
  specified number of unique characters (issue #1219).

- A validator which enforces a restriction that passwords may not have any
  character which appears more than a specified number of times in a row (issue
  #1220).


git-svn-id: https://svn.forgerock.org/opendj/trunk@1520 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 3eef5bcc   Add a new password validator that determines whether a proposed new password ... Browse Dir » 
    is acceptable based on how similar it is to the user's current password.  The
processing uses the Levenshtein Distance algorithm to determine the number of
changes required to convert the current password into the new password (a
change may be either inserting a new character, removing an existing character,
or replacing an existing character).

Contributed By:  Ales Novak
OpenDS Issue Number:  340


git-svn-id: https://svn.forgerock.org/opendj/trunk@1511 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

22 Mar, 2007

2 commits

20 Mar, 2007

1 commit

19 Mar, 2007

1 commit

  • 0635d3fb   Add support for: ... Browse Dir » 
    1. global ACI implementation using the ds-cfg-global-aci attribute type
2. re-adds support  for ACIs in the "cn=config" naming context



git-svn-id: https://svn.forgerock.org/opendj/trunk@1452 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

08 Mar, 2007

1 commit

01 Mar, 2007

3 commits

28 Feb, 2007

1 commit

26 Feb, 2007

1 commit

  • 6eccf279   Add three new certificate mappers to the server: ... Browse Dir » 
    - One which will take attributes from the certificate subject and map them to
  attributes in user entries (Issue #1278).

- One which will search for the subjects of the presented certificates in user
  entries (Issue #1279).

- One which will search for the MD5 or SHA1 fingerprints of the presented
  certificates in user entries (Issue #1280).


git-svn-id: https://svn.forgerock.org/opendj/trunk@1254 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

23 Feb, 2007

1 commit

22 Feb, 2007

1 commit

21 Feb, 2007

1 commit

  • 7950ddbe   Redesign the server to support multiple key manager providers, trust manager ... Browse Dir » 
    providers, and certificate mappers, and update the components which need access
to those elements so that they can specify which one they want to use.  Among
other things, this will provide the ability to use different certificates for
different listeners, and provide template configuration entries that make it
easier for users to enable SSL and/or StartTLS.

OpenDS Issue Number:  561


git-svn-id: https://svn.forgerock.org/opendj/trunk@1212 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

18 Feb, 2007

1 commit

09 Feb, 2007

1 commit

  • de73e635   Add an initial set of privilege support to OpenDS. The current privileges are ... Browse Dir » 
    currently defined and implemented:
* config-read (allow reading the configuration)
* config-write (allow updating the configuration)
* ldif-import (allow invoking LDIF import tasks)
* ldif-export (allow invoking LDIF export tasks)
* backend-backup (allow invoking backup tasks)
* backend-restore (allow invoking restore tasks)
* server-shutdown (allow invoking server shutdown tasks)
* server-restart (allow invoking server restart tasks)
* server-restart (allow invoking server restart tasks)
* password-reset (allow resetting user passwords)
* update-schema (allow updating the server schema)
* privilege-change (allow changing the set of privileges for a user)

The following privileges are also defined but not yet implemented:
* bypass-acl (allow bypassing access control evaluation)
* modify-acl (allow updating access control definitions)
* jmx-read (allow reading information over JMX)
* jmx-write (allow updating information over JMX)
* jmx-notify (allow subscribing to JMX notifications)
* proxied-auth (allow the use of proxied authorization and SASL authzid)
* disconnect-request (allow terminating arbitrary client connections)
* cancel-request (allow canceling arbitrary client connections)
* search-unindexed (allow requesting unindexed searches)
* data-sync (allow participating in a data synchronization environment)

Root users automatically inherit a subset of these privileges by default, and
users can also be explicitly granted or forbidden the use of specified
privileges.

OpenDS Issue Numbers:  468, 472, 474, 475, 477, 1213


git-svn-id: https://svn.forgerock.org/opendj/trunk@1134 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson