org.forgerock / org.forgerock.opendj

28 Aug, 2007

1 commit

  • 2ebd3085   Add an SMTP account status notification handler, which can be configured to ... Browse Dir » 
    send e-mail messages whenever an account status notification is generated.  The
message can be sent to the end user impacted by the notification (based on an
attribute in the user's entry) and/or a fixed set of recipients.

The messages that will be generated are created from template files, which can
include tokens that will be replced with things like:

- The name of the notification type
- The notification message
- The DN of the target user's entry
- Attribute values from the target user's entry
- Values of account status notification properties, which may vary based on the
  type of notification

This change also includes a fix for a problem that could allow password
expiration warning messages to be sent to a client even if the bind was not
successful.


OpenDS Issue Number:  581


git-svn-id: https://svn.forgerock.org/opendj/trunk@2824 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

27 Aug, 2007

9 commits

  • f6f75dc2   This adds the numSubordinates and hasSubordinates operational attribute support in OpenDS. ... Browse Dir » 
    - Implemented as virtual attributes
   - They are enabled by default
   - numSubordinates and hasSubordinates methods added to the backend API and implemented for all existing backends
   - JE implementation uses the id2children index to keep count of the number of subordinates for each entry.
   - The behavior of exceeding the index-entry-limit (ALL-IDs) has changed to store a 8 byte entry ID set count with the most significant bit 
set to 1 instead of a 0 byte array to signify the index-entry-limit has been exceeded. The previous format is still compatible but all requests 
for numSubordinates will return undefined (-1).
   - The DBTest tool is also included in this fix. This can be used to list root containers, entry containers, database containers, index 
status, as well as dumping a database with or without decoding the data. 

Fix for issues 43 and 72


git-svn-id: https://svn.forgerock.org/opendj/trunk@2820 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 4e066a48   Use byte[] instead of String for the certificate value because it is a binary attribute. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2819 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     
  • bcbaa8c5   Fix infinite loop in ServerDescriptor#updateAdsPropertiesWithServerProperties ... Browse Dir » 
    Test case:

1. Create initial instance as stand-alone (no replication or ADS);
2. Create second instance as part of replication toplogy, specifying instance created in step 1.

Configuration of instance 2 hangs in registering server with ADS.

Works after this change; however, now get on OS X:

$ ./setup
Launching graphical setup...
2007-08-27 12:11:07.058 java[3932] CFLog (0): CFMessagePort: bootstrap_register(): failed 1103 (0x44f), port = 0x12503, name = 'java.ServiceProvider'
See /usr/include/servers/bootstrap_defs.h for the error codes.
2007-08-27 12:11:07.061 java[3932] CFLog (99): CFMessagePortCreateLocal(): failed to name Mach port (java.ServiceProvider)


git-svn-id: https://svn.forgerock.org/opendj/trunk@2818 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 93f26c55   Issue 466 (partial) ... Browse Dir » 
    rename "ds-cfg-ads-certificate" to "ds-cfg-public-key-certificate"
use "ds-cfg-public-key-certificate;binary"


git-svn-id: https://svn.forgerock.org/opendj/trunk@2817 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • c8007b0a   Removed {@inheritDoc} tags from messages package method declarations that inheri… ... Browse Dir » 
    …t directly from Java core methods and replaced them with comments derived in most part from the parent methods

git-svn-id: https://svn.forgerock.org/opendj/trunk@2815 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     
  • 837c578a   Issue 466 preparation. ... Browse Dir » 
    Cleanup around requesting instance public-key certificate from truststore backend.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2814 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 0a3e13e9   complement for issue 2097 : total update fails sending a Message to ReplicationCache ... Browse Dir » 
    When debugging 2097 I've noticed that during a replication total update,
if the updated server fails, the publisher thread on the other server hangs.

The hang happens because normally the publisher thread never tries to reconnect
after a protocol session failure but waits for the receiver threads to do the job but
here the publishing activity is done in a receiver thread that holding the session lock
and therefore prevent the other thread from doing there job.

The solution is to move this work outside of the lock.

I've tested this manually as it is difficult to automate.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2811 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     
  • e388649a   fix for issue 2150 : ConcurrentModificationException in InitializeTask ... Browse Dir » 
    The updates done to the task entry during an initialize task was 
sometime causing ConcurrentModificationException because they 
were done in an internal thread that can be in concurrence
with the operation threads.

The fix is to use the taskScheduler lock when updating the task entry

git-svn-id: https://svn.forgerock.org/opendj/trunk@2810 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     
  • 086b4439   Fix for issue 2167. ... Browse Dir » 
    Update the code so that the log messages we received are written to the installer log file and also add some code to supress the output of certain operations in the progress dialog of the installer (in the case of the creation of the top entry).


git-svn-id: https://svn.forgerock.org/opendj/trunk@2809 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     

26 Aug, 2007

10 commits

25 Aug, 2007

2 commits

  • c1b21025   - [Issue 2030] new configuration attribute to enforce entry compression: ... Browse Dir » 
    allow for backend-compact-encoding property, enabled by default.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2796 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • 439c9fa4   Issue 466 preparation. ... Browse Dir » 
    This is a followup to commit r2774.

Secure replication depends on ADS containing at least the instance-to-be-initialized's instance key public-key certificate in the ADS-based truststore because the existing replication domain server requires it to "trust" the new server. (The new server trusts the domain server by some future ADSContext code that will fetch the domain host's public-key certificate and write it into the new server's truststore backend - all via LDAP.)

Subsequent to commit r2774, we discovered that configuring replication results in the replication server opening its server socket and configuring it for TLS. The TLS configuration requires the local truststore to be initialized with the local instance key and the instance key of any to-be-replicated servers must be added. Hence, the Installer's ADS configuration step must be run before its replication configuration step.

In the current implementation of the ADS configuration step, ADS replication is configured and initialized (distinct from the suffixes specified by the user). These changes 1) move the ADS replication configuration and initialization from the ADS configuration step, and merge them into the code that handles configuring and initializing replication of the user specified suffixes (Installer.java); and 2) move the invocation of the ADS configuration ahead of the replication configuration (OfflineInstaller,WebStartInstaller.java).

M      src/quicksetup/org/opends/quicksetup/installer/offline/OfflineInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/webstart/WebStartInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/Installer.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.

I'm not sure how to test the WebStartInstaller, but the code and changes are identical to the OfflineInstaller, so perhaps it is ok.

---
Thanks to Josu for reviewing.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2795 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

24 Aug, 2007

9 commits

  • 53772a0b   Add a mechanism for generating an RC script that can be used on UNIX systems to ... Browse Dir » 
    configure the server to automatically start when the system boots.

Also, update the stop-ds script so that if the server is to be stopped via kill
but no PID file is present, the stop script will generate an error instead of
trying to invoke the stop task (which is guaranteed to fail since the attempt
will be made anonymously, and this will give a confusing error message).

OpenDS Issue Number:  526


git-svn-id: https://svn.forgerock.org/opendj/trunk@2788 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8914e062   Fix checkstyle failures. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2787 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c941f3de   Added a setter method for the lock manager fair ordering property introduced in revision 2783 ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2786 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • d9bbb494   Issue 466 preparation. ... Browse Dir » 
    Each instance has an associated public-private key-pair called the "instance key". The collection of public-key certificates from all instances forms an ADS-domain truststore. Secure replication uses this truststore in its TLS setup.

The instance key is maintained by the local instance using a new "truststore" backend type that manages a local keystore file. The backend is induced to generate and self-sign a key when an entry with a special dn is written to it.  Once the truststore has been so initialized, the public-key certificate can be retrieved with an LDAP search operation.

This change adds a method to the ADSContext to retrieve the instance key public-key certificate from the instance to which the context is bound, and set a field in the context with the cert. The method detects if it needs to induce the backend to produce the key. A subsequent change will publish the key in ADS.  For now (until Andy commits the truststore backend code), the attempt to retrieve the key is guarded by a check for the ads-truststore backend's presence.

There is also some minor cleanup of existing code, and some additional code related to upcoming CryptoManager related ADS setup.

M      src/ads/org/opends/admin/ads/ADSContext.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2785 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 463e14e4   Added property to enable or disable fair ordering for the entry lock manager. By… ... Browse Dir » 
    … default, fair ordering will be used.




git-svn-id: https://svn.forgerock.org/opendj/trunk@2783 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • c0d40aa1   Add a tool that can be used to base64 encode or decode information. The source ... Browse Dir » 
    can be provided as a string, contained in a file, or piped in via standard
input, and the result can be sent to standard output or written to a file.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2781 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • b82d6371   - fix an NPE found by the entry cache concurrency test. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2779 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • d3ae5ead   Fix for issue 2153. Add uninstall-gui to the list of files that must have executable permissions. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2776 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     
  • 3c27fed9   Issue 466 preparation. ... Browse Dir » 
    Secure replication depends on ADS containing at least the instance-to-be-initialized's instance key public-key certificate in the ADS-based truststore because the existing replication domain server requires it to "trust" the new server. (The new server trusts the domain server by some future ADSContext code that will fetch the domain host's public-key certificate and write it into the new server's truststore backend - all via LDAP.)

Hence, this change reverses the invocation order of Installer.initializeSuffixes and Installer.updateADS so that the latter is now run first (but still subsequent to Installer.configureReplication).  Note that Installer.updateADS does require Installer.configureReplication to have been run, since it configures replication for and initializes "cn=admin data".

M      src/quicksetup/org/opends/quicksetup/installer/offline/OfflineInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/webstart/WebStartInstaller.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.

I'm not sure how to test the WebStartInstaller, but the code and changes are identical to the OfflineInstaller, so perhaps it is ok.

--
Thanks to Josu for the review.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2774 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

23 Aug, 2007

9 commits

  • a21d35ef   Added the JE backend configuration attribute to enable or disable compression wh… ... Browse Dir » 
    …en encoding entries for ID2Entry. When backend-compact-encoding 
is enabled, attribute type descriptions and object class sets will be encoded using a compressed form. This behavior is enabled by default.

Fix for issue 2135


git-svn-id: https://svn.forgerock.org/opendj/trunk@2772 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 8e413859   Fix a issue where adding entries below a parent entry and modifying the parent e… ... Browse Dir » 
    …ntry causes lock expirations. All writer threads for the modify 
operations were being starved by the reader threads for the add operations. Changed the LockManager to observe fairness rules when granting 
locks so waiting write locks are granted before read locks.

Fix for issue 1896


git-svn-id: https://svn.forgerock.org/opendj/trunk@2771 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 39a3a362   Add missing periods to the end of javadoc descriptions. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2770 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 01ab48cd   Add a main method to the org.opends.server.util.EMailMessage class that can be ... Browse Dir » 
    used to send an e-mail message from the command line.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2769 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c22cf17c   standardized the tools various option forms for suppressing output to -Q/--quiet ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2768 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     
  • 3ddfe564   Add missing CDDL headers to a couple of build tool classes. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2764 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 7b56f5cb   Issue 466 preparation. ... Browse Dir » 
    As part of https://opends.dev.java.net/issues/show_bug.cgi?id=466 org.opends.admin.ads.ADSContext#registerServer will add an entry for the instance key public-key certificate under 'cn=instance keys,cn=admin data'.

Conversely, the ADSContext#unregisterServer method will deprecate the instance key public-key certificate (i.e., add ds-cfg-key-deprecation-time to the key entry under cn=instance keys,cn=admin data) associated with the server.

Adding or deprecating a instance key public-key certificate entry in ADS has side effects across the ADS domain hosts. In particular, if the instance is an ADS host, each shared secret (encryption) key is wrapped in the instance's public key certificate, so on an addition, the keys are wrapped and added to ADS, while on a certificate deprecation, the keys wrapped with that certificate are deleted.

In the current implementation of org.opends.quicksetup.installer.Installer#updateADS , if the installer detects an ADS entry for the to-be-registered server, it calls ADSContext.unregisterServer then ADSContext.registerServer.  To avoid the perturbation in the ADS-based key distribution, I have replaced the unregister-register sequence with a call to ADSContext.updateServer (which does an LDAP modify replace for the attribute values in the server attribute map). This change was accomplished by calling ADSContext.registerOrUpdateServer.

The changes also include some minor code cleanup, comments, and tidying to eliminate IDEA warnings in ADSContext.

Tests:

I have run the precommit target and done some simple tests to ensure a 1) a remote standalone instance can be promoted to an ADS during an new instance creation; 2) an instance can be created as an ADS and another new instance can be created and added to that ADS; and 3) an instance already in ADS can be destroyed (without unregistering) and recreated and re-added to the ADS (the updateServer scenario). The message for that case is now:

Aug 23, 2007 11:04:05 AM org.opends.quicksetup.installer.Installer updateADS
WARNING: Server was already registered. Updating server registration.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2759 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 99ee2706   Message/MessageDescriptor performance improvements: ... Browse Dir » 
    - MessageDescriptors cache format strings by Locale
- Check for whether or not the Formatter is required is performed only as needed by MessageDescriptors and not upon Message.toString()


git-svn-id: https://svn.forgerock.org/opendj/trunk@2758 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     
  • aeba0177   Expands the interfaces of backup and restore with arguments for specifying an LD… ... Browse Dir » 
    …AP connection that can be used to schedule these operations as tasks in addition to the current behavior of operating locally.

- In order to add the LDAP connection arguments I changed the short identifier for the -h/--hash argument of back up to be -A

- BooleanArgument was changed to have an implicit value equal to that of the value of isPresent() and a default value of "false".

- Scheduling an ImportLDIF task now respects the quiet argument and does not print a confirmation message if present.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2757 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter