org.forgerock / org.forgerock.opendj

10 Sep, 2007

2 commits

4b3ded37 Fix an issue in non-interactive mode for the initialize subcommand. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@3003 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
jvergara
2007-09-10 14:38:46 +0000

c6ff7b0f Add support for password storage schemes using AES, 3DES, RC4, and Blowfish. ... Browse Dir »

The AES, RC4, and Blowfish implementations all use 128-bit ciphers, and the
3DES implementation uses a 168-bit cipher.

Note that while these password storage schemes are functional, they rely on the
crypto manager, which is not fully implemented.  The storage schemes are not
exposed in the server configuration because the crypto manager does not have
any mechanism to persist secret keys for symmetric encryption.  Until the
crypto manager provides persistence for these keys, passwords encoded using
these schemes will not be usable after the server is restarted.  Once the
crypto manager implementation is complete, these schemes should be exposed in
the server configuration.

OpenDS Issue Numbers:  315, 316, 317, 318


git-svn-id: https://svn.forgerock.org/opendj/trunk@3000 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-10 00:56:52 +0000

09 Sep, 2007

3 commits

1f7dbdf6 Update the server to provide a basic framework for controlling when plugins ... Browse Dir »

will be invoked.  There are two basic changes:

- Add a new ds-cfg-invoke-for-internal-operations configuration attribute for
  all plugins, which indicates whether the plugin should be invoked for
  internal operations.  If this is false, then the plugin will only be invoked
  for externally-requested operations.

- Add four new plugin types:  postSynchronizationAdd,
  postSynchronizationDelete, postSynchronizationModify, and
  postSynchronizationModifyDN.  These allow a plugin to perform a limited set
  of processing for changes that are successfully applied through
  synchronization.


The unique attribute plugin has also been updated to support the
post-synchronization plugin types so that if a conflict is introduced
concurrently on two different servers within the propagation delay, an
administrative alert will be generated to indicate that manual intervention is
required to address the problem.

Finally, ensure that audit logging is enabled during the unit tests, and
update the audit logger to include the connection ID and operation ID for the
operation being logged.


OpenDS Issue Number:  2057


git-svn-id: https://svn.forgerock.org/opendj/trunk@2999 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-09 23:08:09 +0000

1058f0e4 - [Issue 1594] entry caches should have monitor information: ... Browse Dir »

implement generic entry cache monitor provider which allows any entry cache implementation current or future
  to provide a common or custom set of entry cache state data. update all existing entry cache implementations
  so that they provide their common state data to the entry cache monitor provider.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2998 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-09 14:48:37 +0000

b0c3feb3 Issue 466 partial ... Browse Dir »

CryptoManager
Refactor to separate key and key entry generation from key retrieval.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2997 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-09 03:04:33 +0000

08 Sep, 2007

1 commit

a25824b1 Issue 466 partial ... Browse Dir »

CryptoManager encryption

Allow key size different from block size for block ciphers that support it (e.g., Blowfish as in Blowfish/CFB/NoPadding", 128) and block ciphers modes that use no initialization vector (e.g., ECB as in "DES/ECB/PKCS5Padding", 64). Note that this is accomplished without adding an initialization vector parameter to the encryption API. Instead, if the Cipher.getBlockSize is non-zero, the Cipher object is first instantiated with that size initialization vector, and if that fails, initialized without an initialization vector.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2996 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-08 03:46:06 +0000

07 Sep, 2007

6 commits

d3d56c28 On start-up create the self-signed certificate in the local ADS trust store if i… ... Browse Dir »

…t does not exist. It will be needed by a stand-alone server instance to encrypt secret keys.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2994 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-07 20:05:01 +0000

df0d2f18 separated CLI code from context creation for reuse ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2993 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
kenneth_suter
2007-09-07 18:38:05 +0000
231cab8c Handle the base DN of the trust store backend properly, taking it from the confi… ... Browse Dir »
```
…guration entry instead of hard-wiring it.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2992 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
coulbeck
2007-09-07 18:08:46 +0000

65490aff The following changes in the replication server provide an implementation of the… ... Browse Dir »

… backend API for the replication server changes database.
In a first step, the implemented features are backup/restore.
The coming ones will be export/search to have an LDAP access of the content of the replication server DB.

I also cleaned/shared some code on replication unit tests.
Also fixed a potential bug in the replication plugin on the total update by replacing any object dependency from the ReplicationDomain to the associated 
backend because the configuration changes on the backend object may replace this object by another instance, so keeping a reference on the backend instance is 
buggy. The instance must be retrieved when needed.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2986 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-07 08:57:27 +0000

80aaf149 Interim update to allow stream ciphers where no initialization vector is allowed… ... Browse Dir »

… (e.g., "RC4"). Cipher.getBlockSize equal to 0 is used to detect this case, hence this implementation likely still does not support block cipher modes that do not accept initialization vectors (e.g., ECB).

One additional remaining inadequacy is the case where the initialization vector is not the same length as the encryption key (e.g., ""Blowfish/CFB/NoPadding" allows a key length up to 448 bits, but the initialization vector is always 64 bits).


git-svn-id: https://svn.forgerock.org/opendj/trunk@2985 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-07 05:00:12 +0000

dfebe155 - Use runtime cast to workaround a bug in JDK versions prior to 1.5.0_08. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2984 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
abobrov
2007-09-07 03:33:29 +0000

06 Sep, 2007

6 commits

02030f35 Eliminate a javadoc warning. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2983 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
neil_a_wilson
2007-09-06 22:29:36 +0000
cd0802e4 fix for entity truststore (interactive mode) ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2979 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
lutoff
2007-09-06 14:24:48 +0000

8bba6507 - typo in the code. ( "StartTLS" instead of "StartTSL" ) ... Browse Dir »

- dsconfig interactive secure connection enhancement

git-svn-id: https://svn.forgerock.org/opendj/trunk@2975 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 12:55:04 +0000

9a4423a6 Update password storage scheme references in the server so that they use DNs ... Browse Dir »

rather than storage scheme names.  This will allow better consistency in the
configuration, since all other references between configuration objects are
DN-based, and it will work better with the upcoming aggregation support.
It also eliminates the need to know the storage scheme name, which is not
obvious from looking at the configuration entry for the storage scheme, and
can actually vary in some implementations depending on whether it's used with a
user password or auth password syntax attribute.

OpenDS Issue Number:  2155


git-svn-id: https://svn.forgerock.org/opendj/trunk@2974 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 01:14:54 +0000

fac2c0de 1. Ensure transformations specified as algorithm/mode/padding (e.g., "AES/CBC/PK… ... Browse Dir »

…CS5Padding") or just algorithm (e.g., "AES") supply only the algorithm name to the SecretKeySpec initialization.
2. ByteString, ASN1OctetString -> ByteArray, ByteArray for Map key type.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2973 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 01:11:59 +0000

c3f1736a Add partial support for performing server-side referential integrity. This chang… ... Browse Dir »

…e adds a constraint which prevents configuration of dangling references. A subsequent change will add a constraint which will prevent removal of referenced components.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2972 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-06 00:26:13 +0000

05 Sep, 2007

12 commits

12a299b2 Remove unused legacy class. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2970 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
matthew_swift
2007-09-05 22:59:43 +0000

dae96b96 Improvements to the server-side constraint violation APIs. Now there are just tw… ... Browse Dir »

…o server-side constraint enforcement call-backs: isUsable and isDeleteAllowed. The first is invoked whenever a managed object is decoded (except in the case where it's about to be deleted). The second is invoked whenever a managed object is about to be deleted. With this change we will now detect constraint violations during server initialization, not just when config change/add/delete events occur.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2969 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 22:57:40 +0000

4d7b96b5 Partial fix for issue 1449: administration framework aggregation support ... Browse Dir »

This change adds support for "aggregation" properties, which are properties which reference other managed objects (see issue 1449 for more details). Subsequent changes will add server-side and client-side referential integrity support, as well as migrating components over to using them (this will be post MS1.0).



git-svn-id: https://svn.forgerock.org/opendj/trunk@2967 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 20:12:11 +0000

1a5553aa Enable replication session authentication. ... Browse Dir »

- Adds a thread to synchronize the server instance certificates from the admin data branch to the local trust store backend.
- Replaces the blind trust managers in the replication session with trust managers that use the local trust store.

Note that replication must be configured using either setup-gui or the dsreplication command.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2966 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 19:44:39 +0000

4afdc27f Update CryptoManager secret key encryption public API: ... Browse Dir »

1. Encapsulate Cipher object in CryptoManager instance.
2. Cipher key identifier (tag) and initialization vector prefix the cipher text.
3. New API consists of encrypt and getOutputCipherStream (with optional cipher transformation parameter), and decrypt and getInputCipherStream.

Limitations:
This is an update of the API only. The keys are stored in a Map object in the CryptoManager instance, so 
1. The implementation works for a single instance only (e.g., no encrypted passwords in a replication domain).
2. The key map does not persists across instance restarts.
Both persistent key storage in a stand-alone instance and the secret key distribution protocol (via ADS) for replicated topologies needs to be implemented.

Other shortcomings:
1. The exception messages need to be added to the message catalogue.
2. The implementation could benefit from a review.
3. Only simple success test cases are implemented in the unit tests.
4. The uses of getInputCipherStream and getOutputCipherStream should be reviewed, since the cipher transformation used - as of now it is always the preferred (default) cipher transformation - is still stored in the backup info file, where it might be informative, but is redundant (the cipher info is encoded as the prologue of the backup data).
5. The preferred cipher, etc., should be configurable.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2964 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 17:58:40 +0000

8ba45d0f Have more specific error messages and fix a bug in initialization in non-prompt mode. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2963 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
jvergara
2007-09-05 17:01:23 +0000
8bfa30f6 Expanded the number or arguments that indicate that a remote operation is to be … ... Browse Dir »
```
…performed from just -h (host) to also include -p (port) and -D (bind DN)

git-svn-id: https://svn.forgerock.org/opendj/trunk@2961 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
kenneth_suter
2007-09-05 12:44:51 +0000

259da68a - remove useless test ... Browse Dir »

- fix a buf (we don't need bindDN if client side authentication is required)

git-svn-id: https://svn.forgerock.org/opendj/trunk@2960 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 12:14:16 +0000

62c5793d Improve line break utilisation in the replication command-line. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2958 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
jvergara
2007-09-05 10:08:29 +0000

0284cd38 Implement support for delete and modify operations in the task backend as ... Browse Dir »

follows:

- Pending tasks and completed tasks may be deleted.  Running tasks may not be
  deleted.
- Any attributes in pending tasks may be modified.
- Only the task state in running tasks may be modified, and only to cancel the
  task.
- No attributes of a completed task may be modified.

OpenDS Issue Number:  2181


git-svn-id: https://svn.forgerock.org/opendj/trunk@2955 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 06:51:34 +0000

4fc245e1 The following changes are targetted to fix a certain number of issues related to… ... Browse Dir »

… the setup command line:

    * 1257 setup cli/gui symetry -- allow to start after slient install
    * 1264 silent install option is not silent
    * 1326 Update setup CLI to integrate common install scenario (partial fix)
    * 1404 different CLI/GUI behavior running setup
    * 1859 spin off GUI specific CLI commands
    * 2184 setup quite/no-prompt
    * 2185 setup --cli -Q throws error

The changes basically consist on splitting the current setup command-line into two (the same way we have done for the uninstall). Know we will have one command to launch the setup in CLI mode (setup and setup.bat) and one command to launch the setup in GUI mode (setup-gui and setup-gui.bat).

The behavior of the graphical interface has not changed. However the capabilities of the CLI setup have been extended to allow to match those in the graphical interface (excluding the replication configuration capabilities):

    * Configure the LDAPS and StartTLS on the server.
    * Start the server.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2954 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 06:40:30 +0000

af9dc2f1 Fixed some issues with the connection handling in the ReplicationCliMain, and im… ... Browse Dir »

…provded the messages when we prompt for the type of connection that the user wants to use to update configuration.

Fixed a localization bug in SubCommandArgumentParser.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2953 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-05 02:02:17 +0000

04 Sep, 2007

10 commits

e6e5d3c2 Add a new LDIF connection handler, which can be used to watch for new LDIF ... Browse Dir »

files to be created in a directory, at which point the changes contained in
those LDIF files will be processed by the server using internal operations.
This can potentially be used to make configuration changes or invoke tasks if
the server is unresponsive to external clients (e.g., all worker threads are
busy).

Note that in the default configuration, the LDIF connection handler is enabled
but the target directory doesn't exist.  In this configuration, it will simply
not do anything until the target directory is created and one or more LDIF
files are placed in it.  This is a safeguard against an administrator
inadvertently placing a file in that directory without understanding the
potential consequences of that action.  It also means that we can use it to
perform debugging operations (e.g., "dump all") without having to restart the
server if it becomes unresponsive.

OpenDS Issue Number:  2216


git-svn-id: https://svn.forgerock.org/opendj/trunk@2950 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-04 23:54:02 +0000

997f4930 Fix bug which was preventing detailed error reporting in dsconfig when a managed… ... Browse Dir »

… object cannot be decoded properly (due to missing properties, invalid syntax, etc).


git-svn-id: https://svn.forgerock.org/opendj/trunk@2949 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-04 23:02:20 +0000

ad39ad18 Fix typo in LDAP attribute mapping for send-message-without-end-user-address property. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2948 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
matthew_swift
2007-09-04 22:40:33 +0000

31432ffe Move the DNBuilder implementation into the core ManagedObjectPath ... Browse Dir »

class and add the following methods:

  ManagedObjectPath.toDN()

    Converts a ManagedObjectPath to a DN


  ManagedObjectPath.matches(ManagedObjectPath)
  
    Compares the two paths to see if they refer to the same location.
    This differs from equals() which performs an exact comparisons
    where types must match as well.

This will be required in order to support aggregations, where
property values are represented using just their common name,
but their LDAP encoding is the full DN.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2946 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-04 19:27:20 +0000

8785fc4f Improve content of CommunicationException when they contain only a cause. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2945 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
matthew_swift
2007-09-04 18:57:19 +0000
16922ba1 Improve display of OperationRejectedExceptions in dsconfig. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2944 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
matthew_swift
2007-09-04 18:26:12 +0000
ad0ec592 Fix bug which prevented the underlying LDAP error message from being accessible … ... Browse Dir »
```
…in OperationRejectedExceptions.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2943 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
matthew_swift
2007-09-04 18:25:33 +0000
98eec2e9 - remove message severity already defined by message macro from message string itself. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/opendj/trunk@2941 41b1ffd8-f28e-4786-ab96-9950f0a78031
```
abobrov
2007-09-04 16:20:31 +0000

9e97fd76 entry cache cleanup: ... Browse Dir »

- remove obsolete methods, fields and messages.
- aggregate filters evaluation for config phases.
- simplify filters evaluation and error reporting.
- use a single set of filter messages.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2938 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-04 16:01:28 +0000

43261eb2 Fix for issue #1830 (dsconfig: add support for secure connections) ... Browse Dir »

Standard secure args are now part of dsconfig CLI.

it' also include the following dsconfig interface changes:

    use -z instead of -Z for --unit-size short option
    use -m instead of -M for --unit-time short option (consistency with --unit-size short option) 

git-svn-id: https://svn.forgerock.org/opendj/trunk@2935 41b1ffd8-f28e-4786-ab96-9950f0a78031

2007-09-04 14:48:13 +0000