org.forgerock / org.forgerock.opendj

10 Sep, 2007

4 commits

4b3ded37 Fix an issue in non-interactive mode for the initialize subcommand. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@3003 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
jvergara
2007-09-10 14:38:46 +0000
1858ca50 Apply the fix for 2242 also in the start-ds.bat script. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@3002 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
jvergara
2007-09-10 13:54:01 +0000

183d8d03 Disable the JMX checkPostConnectDisconnectPlugin test case because it is ... Browse Code »

frequently causing test failures.  Further, rename the class containing it so
that it begins with a capital letter as per Java naming conventions.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3001 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-10 01:39:12 +0000

c6ff7b0f Add support for password storage schemes using AES, 3DES, RC4, and Blowfish. ... Browse Code »

The AES, RC4, and Blowfish implementations all use 128-bit ciphers, and the
3DES implementation uses a 168-bit cipher.

Note that while these password storage schemes are functional, they rely on the
crypto manager, which is not fully implemented.  The storage schemes are not
exposed in the server configuration because the crypto manager does not have
any mechanism to persist secret keys for symmetric encryption.  Until the
crypto manager provides persistence for these keys, passwords encoded using
these schemes will not be usable after the server is restarted.  Once the
crypto manager implementation is complete, these schemes should be exposed in
the server configuration.

OpenDS Issue Numbers:  315, 316, 317, 318


git-svn-id: https://svn.forgerock.org/opendj/trunk@3000 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-10 00:56:52 +0000

09 Sep, 2007

3 commits

1f7dbdf6 Update the server to provide a basic framework for controlling when plugins ... Browse Code »

will be invoked.  There are two basic changes:

- Add a new ds-cfg-invoke-for-internal-operations configuration attribute for
  all plugins, which indicates whether the plugin should be invoked for
  internal operations.  If this is false, then the plugin will only be invoked
  for externally-requested operations.

- Add four new plugin types:  postSynchronizationAdd,
  postSynchronizationDelete, postSynchronizationModify, and
  postSynchronizationModifyDN.  These allow a plugin to perform a limited set
  of processing for changes that are successfully applied through
  synchronization.


The unique attribute plugin has also been updated to support the
post-synchronization plugin types so that if a conflict is introduced
concurrently on two different servers within the propagation delay, an
administrative alert will be generated to indicate that manual intervention is
required to address the problem.

Finally, ensure that audit logging is enabled during the unit tests, and
update the audit logger to include the connection ID and operation ID for the
operation being logged.


OpenDS Issue Number:  2057


git-svn-id: https://svn.forgerock.org/opendj/trunk@2999 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-09 23:08:09 +0000

1058f0e4 - [Issue 1594] entry caches should have monitor information: ... Browse Code »

implement generic entry cache monitor provider which allows any entry cache implementation current or future
  to provide a common or custom set of entry cache state data. update all existing entry cache implementations
  so that they provide their common state data to the entry cache monitor provider.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2998 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-09 14:48:37 +0000

b0c3feb3 Issue 466 partial ... Browse Code »

CryptoManager
Refactor to separate key and key entry generation from key retrieval.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2997 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-09 03:04:33 +0000

08 Sep, 2007

1 commit

a25824b1 Issue 466 partial ... Browse Code »

CryptoManager encryption

Allow key size different from block size for block ciphers that support it (e.g., Blowfish as in Blowfish/CFB/NoPadding", 128) and block ciphers modes that use no initialization vector (e.g., ECB as in "DES/ECB/PKCS5Padding", 64). Note that this is accomplished without adding an initialization vector parameter to the encryption API. Instead, if the Cipher.getBlockSize is non-zero, the Cipher object is first instantiated with that size initialization vector, and if that fails, initialized without an initialization vector.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2996 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-08 03:46:06 +0000

07 Sep, 2007

12 commits

43542d9d Fixed the authentication password syntax functional tests to account for the rec… ... Browse Code »
```
…ent property name chnages.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2995 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
mkeyes
2007-09-07 20:06:28 +0000

d3d56c28 On start-up create the self-signed certificate in the local ADS trust store if i… ... Browse Code »

…t does not exist. It will be needed by a stand-alone server instance to encrypt secret keys.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2994 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-07 20:05:01 +0000

df0d2f18 separated CLI code from context creation for reuse ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2993 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
kenneth_suter
2007-09-07 18:38:05 +0000
231cab8c Handle the base DN of the trust store backend properly, taking it from the confi… ... Browse Code »
```
…guration entry instead of hard-wiring it.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2992 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
coulbeck
2007-09-07 18:08:46 +0000
e3a43058 Fixed functional tests which added a new password policy with the new property names. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2991 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
mkeyes
2007-09-07 15:35:30 +0000
685b5285 increase the sleep for Restart command ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2990 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
smaguin
2007-09-07 15:20:04 +0000
dde42911 Fixed root user password functional tests to account for the recent property name changes. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2989 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
mkeyes
2007-09-07 15:07:30 +0000
60010c23 Fixed sasl functional test cases to accomodate the new property name changes. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2988 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
mkeyes
2007-09-07 14:26:26 +0000
f4dcdb53 limit the search in isAlive function to dn ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2987 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
smaguin
2007-09-07 13:46:39 +0000

65490aff The following changes in the replication server provide an implementation of the… ... Browse Code »

… backend API for the replication server changes database.
In a first step, the implemented features are backup/restore.
The coming ones will be export/search to have an LDAP access of the content of the replication server DB.

I also cleaned/shared some code on replication unit tests.
Also fixed a potential bug in the replication plugin on the total update by replacing any object dependency from the ReplicationDomain to the associated 
backend because the configuration changes on the backend object may replace this object by another instance, so keeping a reference on the backend instance is 
buggy. The instance must be retrieved when needed.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2986 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-07 08:57:27 +0000

80aaf149 Interim update to allow stream ciphers where no initialization vector is allowed… ... Browse Code »

… (e.g., "RC4"). Cipher.getBlockSize equal to 0 is used to detect this case, hence this implementation likely still does not support block cipher modes that do not accept initialization vectors (e.g., ECB).

One additional remaining inadequacy is the case where the initialization vector is not the same length as the encryption key (e.g., ""Blowfish/CFB/NoPadding" allows a key length up to 448 bits, but the initialization vector is always 64 bits).


git-svn-id: https://svn.forgerock.org/opendj/trunk@2985 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-07 05:00:12 +0000

dfebe155 - Use runtime cast to workaround a bug in JDK versions prior to 1.5.0_08. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2984 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
abobrov
2007-09-07 03:33:29 +0000

06 Sep, 2007

13 commits

02030f35 Eliminate a javadoc warning. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2983 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
neil_a_wilson
2007-09-06 22:29:36 +0000

b4245137 Update the start-ds script to eliminate a warning message about the inability ... Browse Code »

to acquire a lock file.  The server was functioning properly, but the message
should not have been printed.

OpenDS Issue Number:  2242


git-svn-id: https://svn.forgerock.org/opendj/trunk@2982 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 21:53:56 +0000

3e142acc Disable the use of the Invocation Counter Plugin in our test cases to make ... Browse Code »

assertions about the number of times that various kinds of plugins were
invoked.  A number of test cases making assertions about the invocation counts
were failing pretty frequently, and after analyzing the problem it is not
something that can be easily addressed.

The underlying causes include:
- Processing on unbind operations continuing in a separate thread from a
  previous test case.  Whenever the client sends an unbind request to the 
  server, it immediately disconnects and moves on to the next test case.
  However, the server may continue to read and process that unbind operation
  (including invoking plugins on it) in a separate thread.

- For modify DN operations, the referential integrity plugin was sometimes
  responsible for invoking operations in the background that could increase the
  invocation count.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2981 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 21:10:39 +0000

289230e6 Updated password storage scheme functional tests to account for code changes from revision 2974. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2980 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
arnaud_lacour
2007-09-06 19:13:46 +0000
cd0802e4 fix for entity truststore (interactive mode) ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2979 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
lutoff
2007-09-06 14:24:48 +0000
c14510e1 add block ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2978 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
smaguin
2007-09-06 14:15:09 +0000
b2b91cd3 add block ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2977 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
smaguin
2007-09-06 14:14:27 +0000
01f55f81 add known issue and fixe testsuite with the change of interface for dsconfig option -m ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2976 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
smaguin
2007-09-06 14:13:29 +0000
8bba6507 - typo in the code. ( "StartTLS" instead of "StartTSL" ) ... Browse Code »
```
- dsconfig interactive secure connection enhancement

git-svn-id: https://svn.forgerock.org/opendj/trunk@2975 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
lutoff
2007-09-06 12:55:04 +0000

9a4423a6 Update password storage scheme references in the server so that they use DNs ... Browse Code »

rather than storage scheme names.  This will allow better consistency in the
configuration, since all other references between configuration objects are
DN-based, and it will work better with the upcoming aggregation support.
It also eliminates the need to know the storage scheme name, which is not
obvious from looking at the configuration entry for the storage scheme, and
can actually vary in some implementations depending on whether it's used with a
user password or auth password syntax attribute.

OpenDS Issue Number:  2155


git-svn-id: https://svn.forgerock.org/opendj/trunk@2974 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 01:14:54 +0000

fac2c0de 1. Ensure transformations specified as algorithm/mode/padding (e.g., "AES/CBC/PK… ... Browse Code »

…CS5Padding") or just algorithm (e.g., "AES") supply only the algorithm name to the SecretKeySpec initialization.
2. ByteString, ASN1OctetString -> ByteArray, ByteArray for Map key type.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2973 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 01:11:59 +0000

c3f1736a Add partial support for performing server-side referential integrity. This chang… ... Browse Code »

…e adds a constraint which prevents configuration of dangling references. A subsequent change will add a constraint which will prevent removal of referenced components.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2972 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 00:26:13 +0000

6f0707aa Add support for generating property type specific code immediately after the pro… ... Browse Code »
```
…perty definition is constructed.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2971 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
matthew_swift
2007-09-06 00:23:08 +0000

05 Sep, 2007

7 commits

12a299b2 Remove unused legacy class. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2970 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
matthew_swift
2007-09-05 22:59:43 +0000

dae96b96 Improvements to the server-side constraint violation APIs. Now there are just tw… ... Browse Code »

…o server-side constraint enforcement call-backs: isUsable and isDeleteAllowed. The first is invoked whenever a managed object is decoded (except in the case where it's about to be deleted). The second is invoked whenever a managed object is about to be deleted. With this change we will now detect constraint violations during server initialization, not just when config change/add/delete events occur.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2969 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 22:57:40 +0000

a16850f8 More case conversion for some aci functional tests. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2968 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
mkeyes
2007-09-05 20:46:07 +0000

4d7b96b5 Partial fix for issue 1449: administration framework aggregation support ... Browse Code »

This change adds support for "aggregation" properties, which are properties which reference other managed objects (see issue 1449 for more details). Subsequent changes will add server-side and client-side referential integrity support, as well as migrating components over to using them (this will be post MS1.0).



git-svn-id: https://svn.forgerock.org/opendj/trunk@2967 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 20:12:11 +0000

1a5553aa Enable replication session authentication. ... Browse Code »

- Adds a thread to synchronize the server instance certificates from the admin data branch to the local trust store backend.
- Replaces the blind trust managers in the replication session with trust managers that use the local trust store.

Note that replication must be configured using either setup-gui or the dsreplication command.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2966 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 19:44:39 +0000

522f5000 Fixed a situation where OpenDs is now returning roomNumber and telephoneNumber r… ... Browse Code »
```
…ather than roomnumber and telephonenumber some of the functional tests.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2965 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
mkeyes
2007-09-05 18:59:50 +0000

4afdc27f Update CryptoManager secret key encryption public API: ... Browse Code »

1. Encapsulate Cipher object in CryptoManager instance.
2. Cipher key identifier (tag) and initialization vector prefix the cipher text.
3. New API consists of encrypt and getOutputCipherStream (with optional cipher transformation parameter), and decrypt and getInputCipherStream.

Limitations:
This is an update of the API only. The keys are stored in a Map object in the CryptoManager instance, so 
1. The implementation works for a single instance only (e.g., no encrypted passwords in a replication domain).
2. The key map does not persists across instance restarts.
Both persistent key storage in a stand-alone instance and the secret key distribution protocol (via ADS) for replicated topologies needs to be implemented.

Other shortcomings:
1. The exception messages need to be added to the message catalogue.
2. The implementation could benefit from a review.
3. Only simple success test cases are implemented in the unit tests.
4. The uses of getInputCipherStream and getOutputCipherStream should be reviewed, since the cipher transformation used - as of now it is always the preferred (default) cipher transformation - is still stored in the backup info file, where it might be informative, but is redundant (the cipher info is encoded as the prologue of the backup data).
5. The preferred cipher, etc., should be configurable.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2964 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 17:58:40 +0000