org.forgerock / org.forgerock.opendj

20 Jun, 2007

1 commit

  • 79382956   This refactoring includes the following changes to the JE backend: ... Browse Dir » 
    - Extracted common interface DatabaseContainer from DN2ID, ID2Entry, etc... classes.
- Moved database read and write methods from EntryContainer to DatabaseContainer.
- Added index configuration to the XML based admin framework.
- Removed redundant configuration objects (Config, IndexConfig).
- Added exclusive/shared lock to EntryContainer. All access to an EntryContainer must acquire a lock before using the internal 
DatabaseContainers or making configuration changes.
- Added the ability to add/remove/modify indexes with the backend online. Server will issue rebuild required warning when adding new indexes 
or sub-indexes (equality, substring, presence...).
- Added the ability to change the index entry limit for both the backend and each index with the backend online. Server will issue rebuild 
required warning if the previous limit has been exceeded.
- Added the ability to change entry compression and index substring length setting while the backend is online.
- Added a persistent state database to each EntryContainer to persist backend configuration between server restarts. Server will issue 
rebuild required warning if a new index is added when the backend is offline.
- Added a trusted flag to indexes so that non existent keys will not be interpreted as an empty entry ID set when an index is untrusted. An 
index is untrusted when it is added to an non-empty EntryContainer or an inconsistency is detected. Server will issue warning on startup to 
rebuild the index. 
- Fixed a issue where the LDIF import process stops responding if the temporary import dir is full or unwritable. 

Fix for issue 1480 1455 1575


git-svn-id: https://svn.forgerock.org/opendj/trunk@2135 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

17 Jun, 2007

1 commit

15 Jun, 2007

5 commits

14 Jun, 2007

7 commits

12 Jun, 2007

1 commit

11 Jun, 2007

4 commits

08 Jun, 2007

1 commit

07 Jun, 2007

4 commits

  • b49fe277   Eliminate the search-unindexed privilege, since the feature was implemented to ... Browse Dir » 
    use a privilege of "unindexed-search" instead.  Also, eliminate the
index-rebuild privilege and fold all of its functionality into ldif-import,
since having a separate privilege for it doesn't provide much benefit and
creates additional administrative overhead.

OpenDS Issue Numbers:  1765, 1776


git-svn-id: https://svn.forgerock.org/opendj/trunk@2051 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 630ba039   Add a virtual attribute provider that can be used to assign entryUUID values ... Browse Dir » 
    for entries in private backends (e.g., the root DSE, schema, monitor entries,
config entries, etc.).  The entryUUID value that will be generated is based on
an MD5 hash of the entry DN, but this shouldn't be a problem for entries in
private backends because none of them allow modify DN operations.  User entries
should have a real entryUUID value generated when the entry is created (either
via an LDAP add or an LDIF import).

OpenDS Isssue Number:  1775


git-svn-id: https://svn.forgerock.org/opendj/trunk@2050 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8a0ca9cb   Provide a new mechanism for encoding entries. This method adds an extra ... Browse Dir » 
    element that includes flags that indicate how the entry was encoded.  The
flags currently defined include:

- Whether to exclude the DN from the encoded entry.  This may be useful for the
  filesystem entry cache, since it will already have a reference to the DN.

- Whether to compress the set of object classes contained in the entry with a
  binary token.

- Whether to compress the attribute descriptions in the entry with binary
  tokens.

These changes can help improve the encode/decode performance, and can reduce
the entry footprint (by about 30% for entries based on the example.template).
None of these options are enabled at the present time, but components which
call the Entry.encode() method will be able to indicate which of them should be
used for that entry.

OpenDS Issue Numbers:  660, 1675, 1770


git-svn-id: https://svn.forgerock.org/opendj/trunk@2049 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 2872c1cf   Fix for issue 1633 (JMX port should be disabled by default) ... Browse Dir » 
    Considering the limited added value that the JMX port will provide on 1.0 and the fact that we do not want to expose it on the QuickSetup, in the admin group we consider to disable this port by default.  Before committing a fix for this maybe we should send a Heads Up message to the users mailing list.

Basically after the changes the JMX connection handler will not be enabled if the server is installed using the graphical setup.  For the command line setup, JMX will not be enabled unless the user explicitly includes de -x option (for the JMX port) when invoking the command-line.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2046 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     

06 Jun, 2007

1 commit

  • 3379f481   Update the server to provide better interoperability with the Penrose virtual ... Browse Dir » 
    directory.  In particular, this commit exposes the
LDAPClientConnection.sendLDAPMessage() method, and fixes a case in which
short-circuiting out of the add operation processing in the pre-parse code with
a success response could have resulted in a null pointer exception.

OpenDS Issue Number:  1729


git-svn-id: https://svn.forgerock.org/opendj/trunk@2045 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

04 Jun, 2007

1 commit

  • 6d466d23   single valued attribute conflict resolution : issue 609 ... Browse Dir » 
    The resolution procedure for single valued attribute needs to be slightly different
from the mult-valued attribute procedure :
- less historical information can be kept
- the procedure must take into account the fact that only one value is allowed
 at a given time.

This Change splits the AttrInfo class into 2 classes :
AttrInfoSingle and AttrInfoMultiple that both extends AttributeInfo.
The Historical class if also refactorized to become more generic, some code
was staying there but was indeed specific to multi-valued attribute.

This change also add a number of unit tests for single valued attribute, and enable
an old test from HistoricalTest.java that was previously disabled because
conflict resolution for single valued attribute was not yet implemented.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2004 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

02 Jun, 2007

1 commit

  • 0590a0a6   Update the server to provide a lockdown mode. This is a mode in which the ... Browse Dir » 
    server will only allow client connections over loopback interfaces and will
reject requests from non-root users.  This can be used in cases where it would
be helpful for the server to be online to address a problem, but there might be
security risks in having it fully available (e.g., the server detects a
malformed access control rule on startup, and we don't want to allow normal
access to the server since that rule might be intended to prevent users from
seeing sensitive information and not having it interpreted properly could be
dangerous).

This mode is designed so that server components like the access control
subsystem can place the server in this mode if a problem is detected, but it
also includes tasks that can be used to manually place the server into and out
of the lockdown mode.  These tasks will only be allowed to be invoked by root
users over a loopback connection.

OpenDS Issue Number:  1758


git-svn-id: https://svn.forgerock.org/opendj/trunk@2002 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

01 Jun, 2007

4 commits

  • cde660b0   Update the way that privileges are evaluated by the server. Previously, they were ... Browse Dir » 
    always based on the authentication identity rather than the authorization identity.  This
means that when the two are different, the result could be incorrect.  One key example of
this is the use of the proxied authorization control by a root user.  In this case, the
proxied authorization would not be subject to access control because the authenticated
user (but not the authorized user) had the bypass-acl privilege.

This change ensures that the proxied-auth privilege is always evaluated as the
authentication identity, but all other priviliges are always evaluated as the
authorization identity.

I have also updated a number of test cases that were incorrectly depending on the
former behavior.

OpenDS Issue Number:  1749


git-svn-id: https://svn.forgerock.org/opendj/trunk@1997 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 72e913c2   Modify the DurationPropertyDefinition and DurationUnit classes so that they have… ... Browse Dir » 
    … more user-friendly encode/decode methods:

* the DurationPropertyDefinition encoder is unchanged: it uses the base property's base unit
* the DurationPropertyDefinition decoder now supports a mixed format in addition to the old format: now users can specify durations using a mixture of units such as 1h30m instead of 90m (both are permitted)
* the DurationUnit class has a toString(long) method which applications can use to get the above mixed unit representation (e.g. CLI)

The unit tests are updated. During the precommit the password policy test cases failed because they were testing some invalid durations which were not being checked in the DurationPropertyDefinition test suite. I've put these missing test cases in the DurationPropertyDefinition test suite. In addition, I've numbered the PWP test data entries so that they are easier to debug in future.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1995 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 5d7b3127   Add a new method for retrieving the "best-fit" size unit appropriate for a given… ... Browse Dir » 
    … number of bytes. This is intended for use in user interfaces since the value returned maybe a floating point value and subject to small errors. For LDAP encoding/decoding we still have the original getBestFitUnit() method but it has been renamed to getBestFitUnitExact(). Both methods are class methods.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1991 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 73e08ef2   Update the access logger so that it will not suppress internal operations when ... Browse Dir » 
    running the test cases.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1987 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

31 May, 2007

1 commit

30 May, 2007

1 commit

29 May, 2007

2 commits

  • 4cb23fdd   Fix issue 1580: support overriding of property default values. ... Browse Dir » 
    It is now possible to override the default behavior and required admin action of an inherited property definition using a "property-override" element. This makes it possible to specify default values for inherited properties like java-implementation-class and will, ultimately, make a client tools much more user-friendly.

A subsequent change will add default values for java-implementation-class properties in all managed object definitions.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1969 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 7c4bc1f5   Contribution commit from Chris Drake for issue 1103 : Add monitor data for naming/modify conflicts ... Browse Dir » 
    This makes available 3 new counters in the replication monitoring information providing : 
 - the number of unresolved naming conflicts since last startup : unresolved-naming-conflicts 
 - the number of resolved naming conflicts since last startup : resolved-naming-conflicts 
 - the number of resolved modify conflicts since ast startup : resolved-modify-conflicts
 
Note that modify conflicts are always resolved automatically.
Also note that these counters are reset when the server is restarted.

This commit also include a new test for modify conflicts with some checks of the counters values
and update to the naming conflict test in order to test the counter implementation.

Thanks again to Chris

git-svn-id: https://svn.forgerock.org/opendj/trunk@1966 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

28 May, 2007

1 commit

  • 7b92b893   Fix the following issues: ... Browse Dir » 
    * 1444: implement inherited default values
* 1445: prevent commit if mandatory properties are missing
* 1446: refactor managed object factory method API in generated APIs
* 1625: allow read-only properties to be defined during managed object construction and add support for "monitoring" properties (e.g. a property which is server generated and contains the list of support ciphers)

These issues have been fixed in a single change as they depend upon each (issue 1446 being the main issue).

[Reviewed by Josu]


git-svn-id: https://svn.forgerock.org/opendj/trunk@1960 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     

24 May, 2007

1 commit

22 May, 2007

2 commits

  • b85c8893   Remove the dependence on AspectJ for all non method-entry and method-exit relate… ... Browse Dir » 
    …d debug messages. All debug statements will now work w/o 
weaving enabled. However, method-entry and method-exit debug messages work only with weaving enabled.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1942 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • f74ef984   Various improvements and refactorings of the admin framework client API, including: ... Browse Dir » 
    * client API methods are much more specific about what sort of exceptions they can throw

* new exceptions for wrapping underlying transport related error conditions (e.g. IO problems, authorization problems)

* improved Javadoc generation for client APIs

* pull-up AbstractPropertyDefinitionVisitor into PropertyDefinitionVisitor and improve type-safety of EnumPropertyDefinition visitor method

* refactor the LDAP client implementation (remove LDAPChangeBuilder, introduce JNDI DirContext wrapper interface called LDAPConnection to make the client APIs more testable)

* move various unit test classes out of the admin server-side unit tests so that they can be re-used by client unit tests

* introduce "mock" client connections and property providers to facilitate testing of the admin client API

* implement client API unit tests


git-svn-id: https://svn.forgerock.org/opendj/trunk@1931 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     

21 May, 2007

1 commit

  • 384d42f4   Correct problem QA found with fix for issue 1606, where the attribute(s) still w… ... Browse Dir » 
    …ere not being returned when they should be. Also, corrected problem where userattr bind rule was using filtered resource entry for userattr bind rule evaluation, causing the bind rule to sometimes not be evaluated correctly if the attribute isn't present during a userattr attribute value expression.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1926 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan