org.forgerock / org.forgerock.opendj

15 Feb, 2007

2 commits

13 Feb, 2007

1 commit

12 Feb, 2007

4 commits

  • 54aa9b09   OpenDS Issue 1229 ... Browse Dir » 
    This enhancement adds a convenience method to ConditionResult to return the inverse of a value of the CondtionResult type: e.g., inverseOf(TRUE) is FALSE.

New unit test is included.

Reviewed by neil_a_wilson.



git-svn-id: https://svn.forgerock.org/opendj/trunk@1138 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 8adb6465   Update the ldif-diff tool so that it provides an option that allows ... Browse Dir » 
    differences between entries to be split into multiple modifications each of
which has only a single value (as opposed to one modification containing all
changes to the entry).  This can be useful when attempting to apply
configuration changes during an upgrade.

OpenDS Issue Number:  1228


git-svn-id: https://svn.forgerock.org/opendj/trunk@1137 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • ea09487f   Fix a bug in the ldif-diff tool that creates the potential that an entry ... Browse Dir » 
    contained in both the source and target LDIF files will be included in the
output as an "add" record (potentially even if it also appears earlier in the
output as a "modify" record).

OpenDS Issue Number:  1227


git-svn-id: https://svn.forgerock.org/opendj/trunk@1136 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • fd6361f4   Implement support for the proxied-auth privilege, which will be required in ... Browse Dir » 
    order to use the proxied authorization control.  This privilege is also used
to determine whether a user can specify an alternate authorization identity for
the SASL DIGEST-MD5 and PLAIN mechanisms.

OpenDS Issue Number:  476


git-svn-id: https://svn.forgerock.org/opendj/trunk@1135 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

09 Feb, 2007

2 commits

  • de73e635   Add an initial set of privilege support to OpenDS. The current privileges are ... Browse Dir » 
    currently defined and implemented:
* config-read (allow reading the configuration)
* config-write (allow updating the configuration)
* ldif-import (allow invoking LDIF import tasks)
* ldif-export (allow invoking LDIF export tasks)
* backend-backup (allow invoking backup tasks)
* backend-restore (allow invoking restore tasks)
* server-shutdown (allow invoking server shutdown tasks)
* server-restart (allow invoking server restart tasks)
* server-restart (allow invoking server restart tasks)
* password-reset (allow resetting user passwords)
* update-schema (allow updating the server schema)
* privilege-change (allow changing the set of privileges for a user)

The following privileges are also defined but not yet implemented:
* bypass-acl (allow bypassing access control evaluation)
* modify-acl (allow updating access control definitions)
* jmx-read (allow reading information over JMX)
* jmx-write (allow updating information over JMX)
* jmx-notify (allow subscribing to JMX notifications)
* proxied-auth (allow the use of proxied authorization and SASL authzid)
* disconnect-request (allow terminating arbitrary client connections)
* cancel-request (allow canceling arbitrary client connections)
* search-unindexed (allow requesting unindexed searches)
* data-sync (allow participating in a data synchronization environment)

Root users automatically inherit a subset of these privileges by default, and
users can also be explicitly granted or forbidden the use of specified
privileges.

OpenDS Issue Numbers:  468, 472, 474, 475, 477, 1213


git-svn-id: https://svn.forgerock.org/opendj/trunk@1134 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c3187663   Minor synchronization code changes: ... Browse Dir » 
    - Add a test case for two conflicting adds of a single-valued attribute (no fix yet, hence disabled).
- Revised fix for attribute options (using an empty set of options rather than null).
- Fix potential bugs in AttrInfo, make sure the given change number is newer whenever setting the last update or last delete time.

Thanks to Gilles for advice on these changes.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1133 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     

08 Feb, 2007

1 commit

  • 51c8e4ad   Update the AuthenticationInfo object to store the entries for the authentication ... Browse Dir » 
    and authorization identities rather than just their DNs.  This includes a
mechanism to keep those entries up to date as changes occur in the server, and
also includes a hook for ClientConnection subclasses to perform processing
whenever a connection is terminated.

This also includes an update to the code for the proxied authorization v1 and v2
controls so that they are now able to handle "dn:"-style authentication and
authorization IDs that map to one of the alternate bind DNs for a root user.

OpenDS Issue Numbers:  1201, 1202


git-svn-id: https://svn.forgerock.org/opendj/trunk@1129 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

07 Feb, 2007

1 commit

06 Feb, 2007

1 commit

05 Feb, 2007

2 commits

04 Feb, 2007

1 commit

  • 3a48368e   Update the process that SASL mechanisms use to set authentication info for the ... Browse Dir » 
    bind operation.  Previously, they were setting it directly in the client
connection, which introduced the possibility that a failure in bind processing
which occurred after the SASL credentials were validated could result in a
case in which a failure was returned to the client but the associated connection
could still be authenticated in the server.  SASL mechanism handlers will now
set the authentication info in the bind operation and it will only be updated in
the client connection if all processing associated with the bind operation is
successful.

OpenDS Issue Number: 1203 


git-svn-id: https://svn.forgerock.org/opendj/trunk@1095 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

03 Feb, 2007

1 commit

02 Feb, 2007

4 commits

  • 64d9bdb4   These changes are for issue 787: ... Browse Dir » 
    LDAP server need to detect failure of changelog servers

The synchronization server sends a regular heartbeat message when the session is idle and there are no synchronization updates flowing.  The broker attempts to re-establish a connection to the same or alternative sync server when it detects loss of heartbeats.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1093 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     
  • c2e0c845   Update the code involving change notification listeners to ensure that they are ... Browse Dir » 
    invoked just before the response is sent to the client rather than just after
the response.  This can help avoid race conditions in which the server needs to
use a change notification listener to perform some additional processing for a
given operation, and the client sends a second request that depends on this
processing immediately after receiving a "success" response for the operation
that triggered the change notification.

OpenDS Issue Number: 1200


git-svn-id: https://svn.forgerock.org/opendj/trunk@1092 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 74728d71   1038:Change result code for bind with DN but no password ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@1091 41b1ffd8-f28e-4786-ab96-9950f0a78031
    sin
     
  • 8f5b3ea6   Add initial support for static groups. At present, this does not allow for ... Browse Dir » 
    nested static groups, but it does handle changes to the set of available groups
and to group membership while the server is online.  It also includes a
backend initialization listener API, which makes it possible for components to
perform custom processing when a backend is brought online or offline, and this
is used to identify all groups at the time that the server is started.

OpenDS Issue Number:  422


git-svn-id: https://svn.forgerock.org/opendj/trunk@1090 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

01 Feb, 2007

1 commit

31 Jan, 2007

2 commits

  • f97f6a4c   Fix a problem in the backup backend in which it could throw an internal ... Browse Dir » 
    exception if a search operation was performed whose scope included a backup
directory that didn't contain a descriptor file (which is the case in the
out-of-the-box configuration before any backups have been performed).

OpenDS Issue Number:  1172


git-svn-id: https://svn.forgerock.org/opendj/trunk@1076 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 7e12e84b   Fix for Issue 1162 : Synchronization server deadlock when using multiple masters… ... Browse Dir » 
    … and max delay feature

When using multiple masters and configuring the server for maxSendDelays the
synchronization server sometimes stop all activities and never resume it.

The problem was a deadlock between the max delays mechanism and the protocol window mechanism.

This deadlock occurs because the reader threads of the synchronization server are blocked when
the maximum configured delay is reached ans therefore can't process
the WindowMessages anymore.

The solution is not to block the reader thread anymore but to stop sending Window messages to
block the servers that are creating too much delay.

The writer thread then need to check if it is necessary to send again Window messages when
their queue become smaller than the configured threshold.

This fix allows to pass the test :
org.opends.server.stcnhronization.changelog.ChangelogTest.MultipleWriterMultipleReader
This commit therefore also enable this test.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1074 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

30 Jan, 2007

4 commits

  • 6e2523b7   Make sure that the modifyTimestamp in the schema entry gets updated when the ... Browse Dir » 
    add schema file task is used to update the server schema.

OpenDS Issue Number:  1170


git-svn-id: https://svn.forgerock.org/opendj/trunk@1065 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 4af7398d   Add a new task that may be used to cause the server to load the contents of a ... Browse Dir » 
    new file into the schema without the need to restart.

OpenDS Issue Number:  367


git-svn-id: https://svn.forgerock.org/opendj/trunk@1063 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 762f90c4   Add a catch for the following null pointer exception that Neil got while running… ... Browse Dir » 
    … synchro tests on his machine.
The root cause for this exception requires a deeper investigation.

    [testng] Failed Test: 
org.opends.server.synchronization.changelog.ChangelogTest#changelogChaining
    [testng] Failure Cause:  java.lang.NullPointerException
    [testng] 
org.opends.server.synchronization.changelog.Changelog.shutdown(Changelog.java:566)
    [testng] 
org.opends.server.synchronization.changelog.ChangelogTest.changelogChaining(ChangelogTest.java:726)

git-svn-id: https://svn.forgerock.org/opendj/trunk@1060 41b1ffd8-f28e-4786-ab96-9950f0a78031
    pgamba
     
  • e5b0db30   Fix for the deadlock appeared in the last daily build. ... Browse Dir » 
    The root cause is a concurrent access to the db resource of the
changelog server when the shutdown() method is called.

   [testng] Java stack information for the threads listed above:
   [testng] ===================================================
   [testng] "Changelog Server 11 zone35.gridzones.com:43150 dc=example,dc=com reader":
   [testng] 	at com.sleepycat.je.Database.removeCursor(Database.java:1055)
   [testng] 	- waiting to lock <0xf4f36310> (a com.sleepycat.je.Database)
   [testng] 	at com.sleepycat.je.Cursor.close(Cursor.java:254)
   [testng] 	- locked <0xf4f36430> (a com.sleepycat.je.Cursor)
   [testng] 	at org.opends.server.synchronization.changelog.ChangelogDB.readFirstChange(ChangelogDB.java:212)
   [testng] 	at org.opends.server.synchronization.changelog.DbHandler.<init>(DbHandler.java:103)
   [testng] 	at org.opends.server.synchronization.changelog.Changelog.newDbHandler(Changelog.java:600)
   [testng] 	at org.opends.server.synchronization.changelog.ChangelogCache.put(ChangelogCache.java:167)
   [testng] 	- locked <0xf4f57688> (a java.util.concurrent.ConcurrentHashMap)
   [testng] 	at org.opends.server.synchronization.changelog.ServerReader.run(ServerReader.java:111)
   [testng] "main":
   [testng] 	at com.sleepycat.je.Cursor.close(Cursor.java:251)
   [testng] 	- waiting to lock <0xf4f36430> (a com.sleepycat.je.Cursor)
   [testng] 	at com.sleepycat.je.Database.closeInternal(Database.java:273)
   [testng] 	at com.sleepycat.je.Database.close(Database.java:238)
   [testng] 	- locked <0xf4f36310> (a com.sleepycat.je.Database)
   [testng] 	at com.sleepycat.je.Environment.close(Environment.java:273)
   [testng] 	- locked <0xf4f124a8> (a com.sleepycat.je.Environment)
   [testng] 	at org.opends.server.synchronization.changelog.ChangelogDbEnv.shutdown(ChangelogDbEnv.java:234)
   [testng] 	at org.opends.server.synchronization.changelog.Changelog.shutdown(Changelog.java:583)
   [testng] 	at org.opends.server.synchronization.changelog.ChangelogTest.changelogChaining(ChangelogTest.java:724)




git-svn-id: https://svn.forgerock.org/opendj/trunk@1059 41b1ffd8-f28e-4786-ab96-9950f0a78031
    pgamba
     

29 Jan, 2007

3 commits

  • 55d25232   Fix a mismatch between the expected and given parameters for a message in the ... Browse Dir » 
    NameFormSyntax class.

OpenDS Issue Number:  1169


git-svn-id: https://svn.forgerock.org/opendj/trunk@1057 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • f2541a50   - Fix issue 1160 : synchronization is flushing the msgQueue to the database too often ... Browse Dir » 
    The synchronization server is flushing all the queues of the messages
received from a LDAP server each time a server needs to retrieve some
changes that are not in memory anymore.

This cause the reading process of old changes very slow when there is also new changes coming in.

The servers that are already late can therefore become more and more late.

The solution is to detect the conditions when a flush is necessary by comparing the date of the changeNumber where
we want to start with the date of the first ChangeNumber
and only flush in those cases.

- Also fix some warning at compilation time and when using java 6

- Also fix an problem between test ConfigurableComponentTestCase and the ChangelogTest
because ConfigurableComponentTestCase expect all component to be configurable while
the dynamic configuration code for the Changelog is not yet implemented.

- 2 new unit tests are also included :

. scalability test of a synchronization server when one LDAP server
is used as a master and several other LDAP servers are used as
read only servers :
org.opends.server.synchronization.changelog.ChangelogTest.OneWriterMultipleReader()

. scalability test of a sycnhronization server when several LDAP Servers are used as master simultaneously : org.opends.server.synchronization.changelog.ChangelogTest.MultipleWriterMultipleReader()

These tests do not instantiate the LDAP servers but simulate them
by using directly the ChangelogBroker API.

The second is failing (issue 1162) and is therefore disabled. 

git-svn-id: https://svn.forgerock.org/opendj/trunk@1056 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     
  • 371b1525   Fix #794 unit test should cover changelog to changelog communications ... Browse Dir » 
    This does not allow to cover the code that deals with changelog server to
changelog server communications.

In order to have more than one changelog services running in the same instance
and instance layout, the serverID has been added to the changelogstate dbName.

Changelog db path is now configurable, 

The 2 following tests have been implemented:

+  /**
+   * Chaining tests of the changelog code with 2 changelog servers involved
+   * 2 tests are done here (itest=0 or itest=1)
+   * 
+   * Test 1
+   * - Create changelog server 1
+   * - Create changelog server 2 connected with changelog server 1
+   * - Create and connect client 1 to changelog server 1
+   * - Create and connect client 2 to changelog server 2
+   * - Make client1 publish changes
+   * - Check that client 2 receives the changes published by client 1
+   * 
+   * Test 2
+   * - Create changelog server 1
+   * - Create and connect client1 to changelog server 1
+   * - Make client1 publish changes
+   * - Create changelog server 2 connected with changelog server 1
+   * - Create and connect client 2 to changelog server 2
+   * - Check that client 2 receives the changes published by client 1
+   * 
+   */


git-svn-id: https://svn.forgerock.org/opendj/trunk@1054 41b1ffd8-f28e-4786-ab96-9950f0a78031
    pgamba
     

28 Jan, 2007

2 commits

  • dfbc8f4a   Update files created or modified since the beginning of the year to include ... Browse Dir » 
    2007 in their copyright notices.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1051 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c5a478bb   Add features into our build process that can make use of the SVNKit library to ... Browse Dir » 
    interact with the Subversion workspace.  This includes three components:

- A new Ant task that stores the current workspace revision number in an Ant
  property which gets built into DynamicConstants.java and exposed in the
  --fullversion and "cn=version,cn=monitor" information.

- A new Ant task that checks all files that have been locally modified in the
  current workspace for potential cases in which a copyright date needs to be
  updated to include the current year.

- A change to the coveragediff tool so that it uses the SVNKit library to
  obtain the diff rather than trying to execute the external svn/svn.exe
  command.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1047 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

26 Jan, 2007

1 commit

25 Jan, 2007

1 commit

  • c7c63b45   Make a number of updates to schema processing, all of which fall under the ... Browse Dir » 
    umbrella of issue #1163.  The individual issues addressed include:

* 1139 -- Properly handle OBSOLETE flag in schema elements.  The OBSOLETE flag
is now recognized when processing matching rules, attribute types, object
classes, name forms, DIT content rules, DIT structure rules, and matching rule
uses.  It essentially provides a way to "deprecate" a schema element so that
existing data that makes use of them will still be treated properly, but the
server will not allow newly-created elements to reference them.

* 1145 -- Consider updating X-ORIGIN to reference newer RFCs.  When the schema
configuration files were originally written, there were a number of references
to RFC 2252 and RFC 2256 that were updated in RFC 4512 and RFC 4519, among
others.  The X-ORIGIN extension for each element in the 00-core.ldif schema
configuration file should now reference the latest specification that contains
that element.

* 1146 -- Consider enforcing object class inheritance restrictions.  The server
will now ensure that abstract classes can only inherit from other abstract
classes, that auxiliary classes can only inherit from abstract classes and
other auxiliary classes, and that structural classes can only inherit from
abstract classes and other structural classes.  Further, all structural object
classes must include the "top" abstract class as the root of their inheritance
chain.

* 1147 -- Consider enforcing attribute type inheritance restrictions.  The
server will now ensure that a subordinate attribute type will have the same
usage as its superior type.  Further, the server will enforce that a
subordinate attribute type may be collective if and only if its superior type
is collective.  Due to the subjective nature of the "refinement" clause for
syntax inheritance, no check will be made regarding the syntax relationship
between a superior and subordinate attribute type.

* 1151 -- DIT content rule validation isn't handled correctly.  The server will
now allow attribute types to appear in an entry if they are included in the
required or optional attribute type lists for a DIT content rule even if those
attributes are not allowed by any of the entry's associated object classes.
Further, the DIT content rule validation process will now ensure that none of
the prohibited attribute types are required by the structural object class or
any of the allowed auxiliary object classes.

* 1158 -- Attribute syntaxes describing schema elements aren't strict enough.
Previously, in most cases that one schema element referenced another element
that was not defined (e.g., an object class allows an attribute type that is
not defined in the server schema), the server would ignore the unresolved
dependency.  The server will now fail to validate schema elements that depend
on other schema elements which are not defined in the server schema.
Similarly, there were cases in which the server did not properly validate that
an object class was of the appropriate type (e.g., for a DIT content rule,
there was no check to ensure that the structural object class was actually
declared structural, or that all of the allowed auxiliary objectclasses were
actually declared auxiliary).  The server will also fail to validate schema
elements with these kinds of problems.

* 1159 -- Incomplete attribute type usage constraints.  The server did not
properly ensure that COLLECTIVE attribute types had a usage of
userApplications, and that NO-USER-MODIFICATION attribute types had an
operational usage.

* 1164 -- Need more complete DIT structure rule validation.  The server did not
properly ensure that if an entry's parent was associated with a DIT structure
rule, that entry would only be valid if it was covered by a DIT structure rule
which listed the parent's DIT structure rule as a superior rule.

* 1165 -- Consider reduced name form and DIT structure rule checking.  The
server would often perform more schema validation than necessary for most types
of operations.  In particular, name form and DIT structure rule validation
should not be required for modify operations, and DIT structure rule validation
should also not be required for LDIF import operations since we cannot
guarantee that the parent will be accessible.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1036 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

24 Jan, 2007

1 commit

  • 115c328d   fix for issue 1161 : too much code inside the pendingChanges lock ... Browse Dir » 
    When doing scalability tests I've noticed that some of the code inside
the SynchronizationDomain.pendingChanges lock is not usefull.

I've therefore moved it outside of the lock.
There are no tests for this because this is only a small perf improvement. 

git-svn-id: https://svn.forgerock.org/opendj/trunk@1033 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

23 Jan, 2007

2 commits

19 Jan, 2007

1 commit

  • 40c60302   Update the schema backend so that the creatorsName, createTimestamp, ... Browse Dir » 
    modifiersName, and modifyTimestamp attributes are included in the subschema
subentry as recommended in RFC 4512 section 4.2.  The create timestamp will be
set to the oldest modification time of all the schema configuration files.  The
modify timestamp will be initially set to the youngest modification time of all
the schema configuration files, but if the schema is updated with the server
online then the modifiersName and modifyTimestamp will be updated accordingly.

OpenDS Issue Number:  1157


git-svn-id: https://svn.forgerock.org/opendj/trunk@1004 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

18 Jan, 2007

2 commits