org.forgerock / org.forgerock.opendj

22 Jan, 2008

1 commit

18 Jan, 2008

1 commit

16 Jan, 2008

1 commit

  • 19ee981f   This fix removes the option to use nanosecond etime resolution as a JVM property… ... Browse Dir » 
    …. It is now a global configuration attribute. Due to the 10% throughput decrease I saw when using System.nanoTime, the default still uses System.currentTimeMillis to timestamp operations. System.nanoTime will only be used when the ds-cfg-etime-resolution attribute is set to nano-seconds.

Fix for issue 2499


git-svn-id: https://svn.forgerock.org/opendj/trunk@3686 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

08 Jan, 2008

1 commit

03 Jan, 2008

1 commit

02 Dec, 2007

1 commit

14 Nov, 2007

1 commit

02 Nov, 2007

1 commit

  • a0cfc24d   Make various corrections to schema elements, including: ... Browse Dir » 
    - Replace a couple of errant uses of SUBSTRINGS with SUBSTR.

- Replace an errant "TOP" with "SUP top" in an object class definition.

- Insert a missing space between the last attribute name and the closing
  parenthesis in the MAY list of an object class definition.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3402 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

30 Oct, 2007

1 commit

  • ee0ceaa1   s set of files provides the workflow configuration manual mode. ... Browse Dir » 
    Until now, the workflows were automatically configured-a wokflow
was created for each base DN in the backends. When new suffixes
were added or when a backend was added, the associated workflows
were also created (and simillarly workflows were deleted as suffixes
or backends were removed).

With the manual mode, each and every workflow in the server must
be defined explicitely in the configuration. By default, the server is
running in automatic configuration mode. To have a server running
with manual configuration mode one must set the attribute in
cn=config:

    dn: cn=config
    ...
    ds-cfg-workflow-configuration-mode: auto|manual


No attribute means "auto" mode.

The workflow configuration consist of 3 parts:
- the configuration of workfow elements
- the configuration of workfows
- the configuration of network groups


The Workflow Elements - A workflow element is a basic task in a
workflow. The workflow elements are organized in trees and the
simplest tree is made of one element. For example, the workflow
element that wraps a local backend is configured as follow:

    dn: ds-cfg-workflow-element-id=userRoot,cn=workflow elements,cn=config
    objectClass: top
    objectClass: ds-cfg-workflow-element
    objectClass: ds-cfg-local-backend-workflow-element
    ds-cfg-workflow-element-id: userRoot
    ds-cfg-enabled: true
    ds-cfg-java-class: org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement
    ds-cfg-backend: ds-cfg-backend-id=userRoot,cn=Backends,cn=config

From an admin standpoint, the local backend workflow element
is an aggregation of a single backend (attribute ds-cfg-backend).
So we cannot disable/delete a backend as long as it is used by a
local backend workflow element.


The Workflows - A workflow is a chain of processing and it's
targeting all the entries under a given baseDN. The processing
is actually identified by the root node of the task tree described
above. The configuration of a workflow looks like:

    dn: ds-cfg-workflow-id=userRoot,cn=workflows,cn=config
    objectClass: top
    objectClass: ds-cfg-workflow
    ds-cfg-workflow-id: userRoot
    ds-cfg-enabled: true
    ds-cfg-workflow-element: ds-cfg-workflow-element-id=userRoot,cn=workflow elements,cn=config
    ds-cfg-base-dn:  dc=example,dc=com

From an admin standpoint, the local workflow is an aggregation
of a single elements (attribute ds-cfg-workflow-element).
So we cannot disable/delete a workflow element as long as it is used
by a local workflow.


The Network Groups - A network group defines categories for
client connection. The network group contains a set of workflows
and each client operation is routed to one (or more) workflow(s).
By default, the server create a default network group which contains
all the workflows defined in the server. The default network group
looks like:

    dn: ds-cfg-id=defaultNetworkGroup2,cn=network groups,cn=config
    objectClass: top
    objectClass: ds-cfg-network-group
    ds-cfg-id: defaultNetworkGroup2
    ds-cfg-enabled: true
    ds-cfg-workflow: ds-cfg-workflow-id=adminRoot,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=ads-truststore,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=backup,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=config,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=monitor,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=schema,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=tasks,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=userRoot,cn=Workflows,cn=config

From an admin standpoint, the network group is an aggregation
of several workflows (attribute ds-cfg-workflow). So we cannot
disable/delete a workflow as long as it is used by a network group.


A unit test named WorkflowConfigurationTest tests the configuration
of network groups, workflows and workflow elements.



git-svn-id: https://svn.forgerock.org/opendj/trunk@3388 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jdemendi
     

23 Oct, 2007

1 commit

  • 338c53a5   Fix for issue 2505 (Provide monitoring information about the number of entries on a given base DN) ... Browse Dir » 
    The following changes are aimed to include a new attribute in the backend monitor entry to provide the number or entries per base DN. This information is used by the status, status-panel, dsreplication and graphical setup to be able to display the number of entries under a given base DN even when there are several base DNs defined in the same database.

The way the new attribute appears in the monitoring entry is:

ldapsearch -w s -p 1389 -b cn=monitor ds-backend-id=userRoot ds-base-dn-entry-countdn: cn=userRoot Backend,cn=monitor
ds-base-dn-entry-count: 0 dc=ta
ds-base-dn-entry-count: 1 dc=ti
ds-base-dn-entry-count: 1 dc=to

I prefer this approach because in my opinion having the number of entries is more important that the suffix.  Anyway I think the discussion around the structure of the value is not crucial as long as the value is easy to parse (which is the case).

The new attribute is defined in the schema and the new OID assigned to it is 1.3.6.1.4.1.26027.1.1.434.

In order to have a minimum impact on performances, the method backend.numSubordinates is only called when there are several base DNs defined in the database.





git-svn-id: https://svn.forgerock.org/opendj/trunk@3361 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     

10 Oct, 2007

1 commit

02 Oct, 2007

1 commit

  • e986cdcf   More changes for issue 466. ... Browse Dir » 
    - Defines the schema for secret keys.
- Keeps the crypto manager secret key cache up to date with secret keys published in ADS.

git-svn-id: https://svn.forgerock.org/opendj/trunk@3238 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     

26 Sep, 2007

4 commits

  • 09155e12   Update the 02-config.ldif schema configuration file to compact the OID ... Browse Dir » 
    allocations after the earlier refactoring to use a more consistent naming
for our configuration properties.  I have also updated the OID registry on
our wiki to reflect these changes.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3221 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • e2517750   Update the Get Symmetric Key extended operation handler so that it has its own ... Browse Dir » 
    object class and config definition rather than relying on the generic
configuration.  This makes it easier to use through dsconfig.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3211 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 5abb86e7   Merge branches/temp-admin@3208 onto trunk@3208. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@3209 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • d72d5ef1   Update the backend API to include new isIndexed methods that can be used to ... Browse Dir » 
    determine whether a given attribute is indexed in a specified manner, or that
can be used to determine whether a specified filter is indexed.  At present,
all backends except the JE backend and the replication backend are considered
always indexed for all operations.  The JE backend is only considered indexed
based on its index configuration.  The replication backend is never considered
indexed.

Update the following components to make use of this new isIndexed capability:
- The DSEE-compatible access control handler will now log a warning message at
  startup if it detects that there is no presence index for the aci attribute,
  which can make startup take a long time on a big database.
- The group manager will now log a warning message at startup if any of the
  group implementation filters are unindexed, which can make startup take a
  long time on a big database.
- The referential integrity plugin now requires that all of the attributes for
  which referential integrity is to be maintained must be configured with
  equality indexes.
- The unique attribute plugin now requires that all of the attributes for which
  uniqueness is to be enforced must be configured with equality indexes.

This commit also updates the LDIF backend so that it is possible to
indicate via configuration whether its base DNs should be registered as public
or private base DNs.  The LDIF backend used as the admin root has been
updated so that it is considered a private backend.  The replication backend
has also been updated so that it is considered a private backend.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3206 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

23 Sep, 2007

1 commit

  • ef5e5493   Add support for an LDIF backend. Entries in this backend will be held in ... Browse Dir » 
    memory, and all read operations will be served from memory, but the underlying
data will be stored in an LDIF file on disk and any write operation will cause
that LDIF file to be updated.

This backend supports all major operations, including moving/renaming non-leaf
entries with the modify DN operation, and also supports the subtree delete
control and LDIF import and export operations.  Backup and restore operations
are not currently supported.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3160 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

20 Sep, 2007

1 commit

19 Sep, 2007

1 commit

  • 94e99606   Add a new monitor provider that can be used to monitor memory usage within the ... Browse Dir » 
    JVM, including:

- The total number of garbage collections (per memory pool)
- The total duration of all garbage collections (per memory pool)
- The averge duration for a garbage collection (per memory pool)
- The duration of the most recent garbage collection (per memory pool)
- The current size of each memory region
- The size of each memory region after the last garbage collection


git-svn-id: https://svn.forgerock.org/opendj/trunk@3120 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

14 Sep, 2007

1 commit

  • e77570a5   Add support for the groupOfEntries group type as defined in ... Browse Dir » 
    draft-findlay-ldap-groupofentries.  Entries with the groupOfEntries object
class should be treated in a manner that is virtually identical to entries with
the groupOfNames object class (technically, groupOfNames does not allow
zero-member groups, but the OpenDS implementation does allow this).

OpenDS Issue Number:  2277


git-svn-id: https://svn.forgerock.org/opendj/trunk@3076 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

10 Sep, 2007

1 commit

  • c6ff7b0f   Add support for password storage schemes using AES, 3DES, RC4, and Blowfish. ... Browse Dir » 
    The AES, RC4, and Blowfish implementations all use 128-bit ciphers, and the
3DES implementation uses a 168-bit cipher.

Note that while these password storage schemes are functional, they rely on the
crypto manager, which is not fully implemented.  The storage schemes are not
exposed in the server configuration because the crypto manager does not have
any mechanism to persist secret keys for symmetric encryption.  Until the
crypto manager provides persistence for these keys, passwords encoded using
these schemes will not be usable after the server is restarted.  Once the
crypto manager implementation is complete, these schemes should be exposed in
the server configuration.

OpenDS Issue Numbers:  315, 316, 317, 318


git-svn-id: https://svn.forgerock.org/opendj/trunk@3000 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

09 Sep, 2007

2 commits

  • 1f7dbdf6   Update the server to provide a basic framework for controlling when plugins ... Browse Dir » 
    will be invoked.  There are two basic changes:

- Add a new ds-cfg-invoke-for-internal-operations configuration attribute for
  all plugins, which indicates whether the plugin should be invoked for
  internal operations.  If this is false, then the plugin will only be invoked
  for externally-requested operations.

- Add four new plugin types:  postSynchronizationAdd,
  postSynchronizationDelete, postSynchronizationModify, and
  postSynchronizationModifyDN.  These allow a plugin to perform a limited set
  of processing for changes that are successfully applied through
  synchronization.


The unique attribute plugin has also been updated to support the
post-synchronization plugin types so that if a conflict is introduced
concurrently on two different servers within the propagation delay, an
administrative alert will be generated to indicate that manual intervention is
required to address the problem.

Finally, ensure that audit logging is enabled during the unit tests, and
update the audit logger to include the connection ID and operation ID for the
operation being logged.


OpenDS Issue Number:  2057


git-svn-id: https://svn.forgerock.org/opendj/trunk@2999 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 1058f0e4   - [Issue 1594] entry caches should have monitor information: ... Browse Dir » 
    implement generic entry cache monitor provider which allows any entry cache implementation current or future
  to provide a common or custom set of entry cache state data. update all existing entry cache implementations
  so that they provide their common state data to the entry cache monitor provider.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2998 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     

06 Sep, 2007

1 commit

  • 9a4423a6   Update password storage scheme references in the server so that they use DNs ... Browse Dir » 
    rather than storage scheme names.  This will allow better consistency in the
configuration, since all other references between configuration objects are
DN-based, and it will work better with the upcoming aggregation support.
It also eliminates the need to know the storage scheme name, which is not
obvious from looking at the configuration entry for the storage scheme, and
can actually vary in some implementations depending on whether it's used with a
user password or auth password syntax attribute.

OpenDS Issue Number:  2155


git-svn-id: https://svn.forgerock.org/opendj/trunk@2974 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

04 Sep, 2007

3 commits

  • e6e5d3c2   Add a new LDIF connection handler, which can be used to watch for new LDIF ... Browse Dir » 
    files to be created in a directory, at which point the changes contained in
those LDIF files will be processed by the server using internal operations.
This can potentially be used to make configuration changes or invoke tasks if
the server is unresponsive to external clients (e.g., all worker threads are
busy).

Note that in the default configuration, the LDIF connection handler is enabled
but the target directory doesn't exist.  In this configuration, it will simply
not do anything until the target directory is created and one or more LDIF
files are placed in it.  This is a safeguard against an administrator
inadvertently placing a file in that directory without understanding the
potential consequences of that action.  It also means that we can use it to
perform debugging operations (e.g., "dump all") without having to restart the
server if it becomes unresponsive.

OpenDS Issue Number:  2216


git-svn-id: https://svn.forgerock.org/opendj/trunk@2950 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 54a66c1e   - remove ds-cfg-je-database which is now obsolete. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2939 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • a7ca5f6a   Add a 7-bit clean plugin, which can be used to ensure that values for a ... Browse Dir » 
    specified set of attributes (optionally only for entries below a specified set
of base DNs) are 7-bit clean.

OpenDS Issue Number:  261


git-svn-id: https://svn.forgerock.org/opendj/trunk@2932 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

03 Sep, 2007

2 commits

  • ecb7f164   Implement support for a maximum blocked write time limit in the LDAP connection ... Browse Dir » 
    handler, which can be used to terminate client connections if an attempt to
write data to the client has been blocked for too long.  This will generally
occur if the client has become unresponsive or there is a network outage.

OpenDS Issue Number:  139


git-svn-id: https://svn.forgerock.org/opendj/trunk@2926 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • a219300c   Commit plugin for maintaining referential integrity. Issue 257. ... Browse Dir » 
    New configuration  attributes:

- ds-cfg-referential-integrity-attribute-type Specify attribute types that referential integrity will be checked on; this is a mandatory attribute

-ds-cfg-referential-integrity-base-dn Specify base DN that will limit scope of reference check; if not specified the server's public naming contexts are used

- ds-cfg-referential-integrity-update-interval Specify update interval for background referential integrity processing; if update interval > 0 plugin performs background processing; default is 0

-ds-cfg-referential-integrity-log-file Specify log file location for update records when background processing is enabled; default is <instance>/logs/referint

The plugin is disabled by default:

dn: cn=Referential Integrity,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
objectClass: ds-cfg-referential-integrity-plugin
cn: Referential Integrity
ds-cfg-plugin-class: org.opends.server.plugins.ReferentialIntegrityPlugin
ds-cfg-plugin-enabled: false
ds-cfg-plugin-type: postOperationDelete
ds-cfg-plugin-type: postOperationModifyDN
ds-cfg-plugin-type: subordinateModifyDN
ds-cfg-referential-integrity-attribute-type: member
ds-cfg-referential-integrity-attribute-type: uniqueMember



git-svn-id: https://svn.forgerock.org/opendj/trunk@2913 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

02 Sep, 2007

3 commits

01 Sep, 2007

1 commit

  • 36df03f9   Issue 466 partial ... Browse Dir » 
    Update schema and config files with OIDs issued by Neil.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2895 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

31 Aug, 2007

1 commit

  • 27113fd3   Create configuration definitions for "generic" objects in the server ... Browse Dir » 
    configuration.  This also includes allocating object classes for each of these
types.  This will help make it easier for users to create new instances of
these kinds of configuration objects because they will not need to know the
fully-qualified name of the Java class that implements the associated logic.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2894 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

28 Aug, 2007

3 commits

  • f25ee9b7   Fix conflict from previous commit ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2831 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     
  • 2bc97056   Changes for replication security issues 511, 512, 608. ... Browse Dir » 
    There is a new backend representing the certificate trust store, which allows the setup code to query and populate the trust store over protocol. However, we are using blind trust until that piece of the setup code is ready.

The encryption settings are currently global to the server instance in a new crypto manager config entry. Authentication will always be performed so the main setting is whether to use encryption or not. In the future (post 1.0) we will need to allow encryption to be configured on or off depending on which replication server we are connecting to but we need some discussion on the best way to specify that in configuration.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2829 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     
  • 2ebd3085   Add an SMTP account status notification handler, which can be configured to ... Browse Dir » 
    send e-mail messages whenever an account status notification is generated.  The
message can be sent to the end user impacted by the notification (based on an
attribute in the user's entry) and/or a fixed set of recipients.

The messages that will be generated are created from template files, which can
include tokens that will be replced with things like:

- The name of the notification type
- The notification message
- The DN of the target user's entry
- Attribute values from the target user's entry
- Values of account status notification properties, which may vary based on the
  type of notification

This change also includes a fix for a problem that could allow password
expiration warning messages to be sent to a client even if the bind was not
successful.


OpenDS Issue Number:  581


git-svn-id: https://svn.forgerock.org/opendj/trunk@2824 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

27 Aug, 2007

1 commit

  • f6f75dc2   This adds the numSubordinates and hasSubordinates operational attribute support in OpenDS. ... Browse Dir » 
    - Implemented as virtual attributes
   - They are enabled by default
   - numSubordinates and hasSubordinates methods added to the backend API and implemented for all existing backends
   - JE implementation uses the id2children index to keep count of the number of subordinates for each entry.
   - The behavior of exceeding the index-entry-limit (ALL-IDs) has changed to store a 8 byte entry ID set count with the most significant bit 
set to 1 instead of a 0 byte array to signify the index-entry-limit has been exceeded. The previous format is still compatible but all requests 
for numSubordinates will return undefined (-1).
   - The DBTest tool is also included in this fix. This can be used to list root containers, entry containers, database containers, index 
status, as well as dumping a database with or without decoding the data. 

Fix for issues 43 and 72


git-svn-id: https://svn.forgerock.org/opendj/trunk@2820 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

26 Aug, 2007

1 commit

25 Aug, 2007

1 commit