org.forgerock / org.forgerock.opendj

26 Aug, 2007

2 commits

  • a94bdd4e   - fix entry cache mutable properties [properties that can be changed on the fly without ... Browse Dir » 
    any admin action required] functionality which got broken presumably when
  migrating to new admin framework.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2799 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • 28f1c3cb   Update configuration definitions to make a few different types of changes: ... Browse Dir » 
    - Add CDDL headers to files that were missing them
- Change the syntax for some attributes whose values were supposed to be
  attribute types into "attribute-type"
- Add appropriate base values for some properties with the DN syntax
- Change a couple of descriptions that had inaccuracies or copy-and-paste typos
- Change a couple of default values to match what's defined in the config file
- Provide a couple of overrides for classes in config definitions that extend a
  parent definition (in particular, override classes for attribute syntax
  implementations)


git-svn-id: https://svn.forgerock.org/opendj/trunk@2797 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

25 Aug, 2007

2 commits

  • c1b21025   - [Issue 2030] new configuration attribute to enforce entry compression: ... Browse Dir » 
    allow for backend-compact-encoding property, enabled by default.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2796 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • 439c9fa4   Issue 466 preparation. ... Browse Dir » 
    This is a followup to commit r2774.

Secure replication depends on ADS containing at least the instance-to-be-initialized's instance key public-key certificate in the ADS-based truststore because the existing replication domain server requires it to "trust" the new server. (The new server trusts the domain server by some future ADSContext code that will fetch the domain host's public-key certificate and write it into the new server's truststore backend - all via LDAP.)

Subsequent to commit r2774, we discovered that configuring replication results in the replication server opening its server socket and configuring it for TLS. The TLS configuration requires the local truststore to be initialized with the local instance key and the instance key of any to-be-replicated servers must be added. Hence, the Installer's ADS configuration step must be run before its replication configuration step.

In the current implementation of the ADS configuration step, ADS replication is configured and initialized (distinct from the suffixes specified by the user). These changes 1) move the ADS replication configuration and initialization from the ADS configuration step, and merge them into the code that handles configuring and initializing replication of the user specified suffixes (Installer.java); and 2) move the invocation of the ADS configuration ahead of the replication configuration (OfflineInstaller,WebStartInstaller.java).

M      src/quicksetup/org/opends/quicksetup/installer/offline/OfflineInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/webstart/WebStartInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/Installer.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.

I'm not sure how to test the WebStartInstaller, but the code and changes are identical to the OfflineInstaller, so perhaps it is ok.

---
Thanks to Josu for reviewing.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2795 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

24 Aug, 2007

9 commits

  • 53772a0b   Add a mechanism for generating an RC script that can be used on UNIX systems to ... Browse Dir » 
    configure the server to automatically start when the system boots.

Also, update the stop-ds script so that if the server is to be stopped via kill
but no PID file is present, the stop script will generate an error instead of
trying to invoke the stop task (which is guaranteed to fail since the attempt
will be made anonymously, and this will give a confusing error message).

OpenDS Issue Number:  526


git-svn-id: https://svn.forgerock.org/opendj/trunk@2788 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8914e062   Fix checkstyle failures. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2787 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c941f3de   Added a setter method for the lock manager fair ordering property introduced in revision 2783 ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2786 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • d9bbb494   Issue 466 preparation. ... Browse Dir » 
    Each instance has an associated public-private key-pair called the "instance key". The collection of public-key certificates from all instances forms an ADS-domain truststore. Secure replication uses this truststore in its TLS setup.

The instance key is maintained by the local instance using a new "truststore" backend type that manages a local keystore file. The backend is induced to generate and self-sign a key when an entry with a special dn is written to it.  Once the truststore has been so initialized, the public-key certificate can be retrieved with an LDAP search operation.

This change adds a method to the ADSContext to retrieve the instance key public-key certificate from the instance to which the context is bound, and set a field in the context with the cert. The method detects if it needs to induce the backend to produce the key. A subsequent change will publish the key in ADS.  For now (until Andy commits the truststore backend code), the attempt to retrieve the key is guarded by a check for the ads-truststore backend's presence.

There is also some minor cleanup of existing code, and some additional code related to upcoming CryptoManager related ADS setup.

M      src/ads/org/opends/admin/ads/ADSContext.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2785 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 463e14e4   Added property to enable or disable fair ordering for the entry lock manager. By… ... Browse Dir » 
    … default, fair ordering will be used.




git-svn-id: https://svn.forgerock.org/opendj/trunk@2783 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • c0d40aa1   Add a tool that can be used to base64 encode or decode information. The source ... Browse Dir » 
    can be provided as a string, contained in a file, or piped in via standard
input, and the result can be sent to standard output or written to a file.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2781 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • b82d6371   - fix an NPE found by the entry cache concurrency test. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2779 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • d3ae5ead   Fix for issue 2153. Add uninstall-gui to the list of files that must have executable permissions. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2776 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     
  • 3c27fed9   Issue 466 preparation. ... Browse Dir » 
    Secure replication depends on ADS containing at least the instance-to-be-initialized's instance key public-key certificate in the ADS-based truststore because the existing replication domain server requires it to "trust" the new server. (The new server trusts the domain server by some future ADSContext code that will fetch the domain host's public-key certificate and write it into the new server's truststore backend - all via LDAP.)

Hence, this change reverses the invocation order of Installer.initializeSuffixes and Installer.updateADS so that the latter is now run first (but still subsequent to Installer.configureReplication).  Note that Installer.updateADS does require Installer.configureReplication to have been run, since it configures replication for and initializes "cn=admin data".

M      src/quicksetup/org/opends/quicksetup/installer/offline/OfflineInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/webstart/WebStartInstaller.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.

I'm not sure how to test the WebStartInstaller, but the code and changes are identical to the OfflineInstaller, so perhaps it is ok.

--
Thanks to Josu for the review.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2774 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

23 Aug, 2007

15 commits

  • a21d35ef   Added the JE backend configuration attribute to enable or disable compression wh… ... Browse Dir » 
    …en encoding entries for ID2Entry. When backend-compact-encoding 
is enabled, attribute type descriptions and object class sets will be encoded using a compressed form. This behavior is enabled by default.

Fix for issue 2135


git-svn-id: https://svn.forgerock.org/opendj/trunk@2772 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 8e413859   Fix a issue where adding entries below a parent entry and modifying the parent e… ... Browse Dir » 
    …ntry causes lock expirations. All writer threads for the modify 
operations were being starved by the reader threads for the add operations. Changed the LockManager to observe fairness rules when granting 
locks so waiting write locks are granted before read locks.

Fix for issue 1896


git-svn-id: https://svn.forgerock.org/opendj/trunk@2771 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 39a3a362   Add missing periods to the end of javadoc descriptions. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2770 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 01ab48cd   Add a main method to the org.opends.server.util.EMailMessage class that can be ... Browse Dir » 
    used to send an e-mail message from the command line.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2769 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c22cf17c   standardized the tools various option forms for suppressing output to -Q/--quiet ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2768 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     
  • 3ddfe564   Add missing CDDL headers to a couple of build tool classes. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2764 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 7b56f5cb   Issue 466 preparation. ... Browse Dir » 
    As part of https://opends.dev.java.net/issues/show_bug.cgi?id=466 org.opends.admin.ads.ADSContext#registerServer will add an entry for the instance key public-key certificate under 'cn=instance keys,cn=admin data'.

Conversely, the ADSContext#unregisterServer method will deprecate the instance key public-key certificate (i.e., add ds-cfg-key-deprecation-time to the key entry under cn=instance keys,cn=admin data) associated with the server.

Adding or deprecating a instance key public-key certificate entry in ADS has side effects across the ADS domain hosts. In particular, if the instance is an ADS host, each shared secret (encryption) key is wrapped in the instance's public key certificate, so on an addition, the keys are wrapped and added to ADS, while on a certificate deprecation, the keys wrapped with that certificate are deleted.

In the current implementation of org.opends.quicksetup.installer.Installer#updateADS , if the installer detects an ADS entry for the to-be-registered server, it calls ADSContext.unregisterServer then ADSContext.registerServer.  To avoid the perturbation in the ADS-based key distribution, I have replaced the unregister-register sequence with a call to ADSContext.updateServer (which does an LDAP modify replace for the attribute values in the server attribute map). This change was accomplished by calling ADSContext.registerOrUpdateServer.

The changes also include some minor code cleanup, comments, and tidying to eliminate IDEA warnings in ADSContext.

Tests:

I have run the precommit target and done some simple tests to ensure a 1) a remote standalone instance can be promoted to an ADS during an new instance creation; 2) an instance can be created as an ADS and another new instance can be created and added to that ADS; and 3) an instance already in ADS can be destroyed (without unregistering) and recreated and re-added to the ADS (the updateServer scenario). The message for that case is now:

Aug 23, 2007 11:04:05 AM org.opends.quicksetup.installer.Installer updateADS
WARNING: Server was already registered. Updating server registration.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2759 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 99ee2706   Message/MessageDescriptor performance improvements: ... Browse Dir » 
    - MessageDescriptors cache format strings by Locale
- Check for whether or not the Formatter is required is performed only as needed by MessageDescriptors and not upon Message.toString()


git-svn-id: https://svn.forgerock.org/opendj/trunk@2758 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     
  • aeba0177   Expands the interfaces of backup and restore with arguments for specifying an LD… ... Browse Dir » 
    …AP connection that can be used to schedule these operations as tasks in addition to the current behavior of operating locally.

- In order to add the LDAP connection arguments I changed the short identifier for the -h/--hash argument of back up to be -A

- BooleanArgument was changed to have an implicit value equal to that of the value of isPresent() and a default value of "false".

- Scheduling an ImportLDIF task now respects the quiet argument and does not print a confirmation message if present.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2757 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     
  • 7ff582e4   Fix the issue where changing the time-interval of a logger doesn't work if the p… ... Browse Dir » 
    …revious value is longer then the new value. If the previous 
value was set to a long time (ie 5 hours), the new value wouldn't take effect until the previous 5 hours has expired. With this fix, the new 
value will take effect immediately by interrupting the rotator thread if its asleep.

Fix for issue 2103


git-svn-id: https://svn.forgerock.org/opendj/trunk@2755 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 3c0ddb4c   Modify wrapText() to support optional indentation. The method now supports a thi… ... Browse Dir » 
    …rd argument which is the number of spaces to indent each wrapped line. There are also delegate wrapText() methods which simulate the old behavior by passing an indentation of 0.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2754 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 0c09b22c   Clean up bad javadoc. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2753 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • e97b2a91   Very minor code clean-up. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2752 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 908a08a7   Add support for overriding the user friendly singlular and plural names of components. ... Browse Dir » 
    The user friendly names (UFN) are usually derived automatically from the component's "name" and "plural-name" attribute. However, sometimes these names are not that user friendly. For example, the names may be abbreviated forms (e.g. replication -> repl or password policy -> pwp). In these cases it would be nice to be abled to display the full human friendly name in help and documentation.

This change includes an overridden UFN for the global configuration. So we should stop seeing messages in applications like "The Global was updated successfully".


git-svn-id: https://svn.forgerock.org/opendj/trunk@2751 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • f919894b   fix for issue 2097 : total update fails sending a Message to ReplicationCache ... Browse Dir » 
    The total update was failing because the updated server was badly exiting the loop
of meessage reception when it was receiving a message other than total update messages.

This was caused by a mis-placed return null statement .



git-svn-id: https://svn.forgerock.org/opendj/trunk@2750 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

22 Aug, 2007

6 commits

  • bb1d5155   Fixed issue where name of the base-object search scope used in VLV index configu… ... Browse Dir » 
    …ration was incorrectly called "base-level"

Fix for issue 2134


git-svn-id: https://svn.forgerock.org/opendj/trunk@2748 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • edb672ea   Expands the interface of both the export-ldif and import-ldif tools to include a… ... Browse Dir » 
    …rguments that allow the task to be scheduled to run in the directory server's JVM through the task interface as well as through the existing method or operating within the running JVM.

- This introduces several classes that handle the plumbing of scheduling a task:

LDAPConnectionArgumentParser:  an argument parser that comes pre-populated with the common options used to specify an LDAP connection and includes a method for creating a connection

TaskScheduleInformation:  source of information important for creating the scheduled task entry in the backend

TaskScheduleClient:  interacts on behalf of clients that wish to schedule tasks

TaskTool:  base class that the tools can implement to handle decision about whether to operate locally or remotely

- For export-ldif I removed the short identifier -w for the wrap options since it conflicted with the -w password option.

- For import-ldif I removed the short identifiers -K for skipFile and -q for quiet since they conflicted with the options for specifying the keystore path and startTLS options respectively. 


git-svn-id: https://svn.forgerock.org/opendj/trunk@2743 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     
  • f5d072af   fix task to corrently store message ID instead of ordinal for added log messages ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2742 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     
  • fded5520   issue 2119 : replication servers do not connect to each other when using setup ... Browse Dir » 
    When using the setup to configure 2 servers in multimaster mode.
The setup first creates the configuration of the first server and start it
When the second setup is run to configure the second server, the setup updates
the configuration of the replication-server on the first server, however the code for handling this dynamic configuration was not yet written and this
information is not taken into account.

The replication servers are therefore not connected and the replication server
on the new host therefore does not get the updates.

These changes implement the dynamic configuration of replication servers so that
the same scenario works fine.

The only properties that is now not dynamically configurable is the
path of the changelog database.

A new test has been added for these changes.
I've also tested manually that this does fix the replication server problem
after configuration using the setup program. 

git-svn-id: https://svn.forgerock.org/opendj/trunk@2740 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     
  • 8084a202   issue 1804 : Ensure that conflicts are visible to administrators ... Browse Dir » 
    The replication monitoring information already provides the
attribute unresolved-naming-conflicts that counts the number of conflicts
that was not automatically resolved since last startup.

The conflicting entries are also marked with the ds-sync-confict attribute
so that administrators can look for these entries 
using filter ds-sync-confict=*

This code add the generation of an administrative alert when a conflict is
detected so that administrators can be made aware of the problem.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2737 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     
  • caf1f215   Fix for 1602 : removing root entries of domain cause replay of many changes ... Browse Dir » 
    Before this fix, If one remove the root entry of a replication domain,
then stop the server The PersistentServerState is lost.
Therefore when later restarting the server all the changes from
the replication server are replayed on the database.

To avoid this the fix is simply to store the PersistentServerState to the configuration entry when the root entry does not exist.

I have not developed a unit test for this scenario because I believe that it is not possible to restart the server during the unit test.
I have done manual tests to check that the PersistentServerState
is correctly saved and reread. 

git-svn-id: https://svn.forgerock.org/opendj/trunk@2736 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

21 Aug, 2007

5 commits

  • 089f67e8   - fix map inconsistency bug in clearBackend method. ... Browse Dir » 
    - sanitize backend handling in clearSubtree method.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2734 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • 727a8141   Update the messages in admin_tool.properties to use the proper severity and not … ... Browse Dir » 
    …only the INFO severity.

Add some methods in the SecureConnectionCliParser that will be used by the replication CLI utilities.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2733 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     
  • 7c162010   Remove method accidently included in commit. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2725 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     
  • 1908be4d   Remove unused message file. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2722 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • d2ec5826   Add attribute uniqueness plugin implementation that provides single-server ... Browse Dir » 
    attribute uniqueness. The plugin has the following features:

- provides ability to specify a group of attribute types that must have
  unique values; if no attribute types are specified then the plugin allows
  the operations to proceed with no checking

- provides ability to specify a set of base DNs that limit the scope of the
  uniqueness checking; if no base DNs are specified the server's public
  naming contexts are used

- allow changing of these configuration options without server restart

- allows the uniqueness checking to span multiple base DNs; if the server's
  public naming contexts are used, then the specified attribute type values must
  be globally unique within the server


Two configuration attributes have been added:

1. ds-cfg-unique-attribute-type used to specify the unique attribute type(s)
2. ds-cfg-unique-attribute-base-dn used specify the base DN(s) to limit the search scope

A disabled plugin configuration has been added to the config.ldif file for the uid attribute:

dn: cn=UID Unique Attribute ,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
objectClass: ds-cfg-unique-attribute-plugin
cn: UID Unique Attribute
ds-cfg-plugin-class: org.opends.server.plugins.UniqueAttributePlugin
ds-cfg-plugin-enabled: false
ds-cfg-plugin-type: preOperationAdd
ds-cfg-plugin-type: preOperationModify
ds-cfg-plugin-type: preOperationModifyDN
ds-cfg-unique-attribute-type: uid

Issue 258.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2721 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

20 Aug, 2007

1 commit