org.forgerock / org.forgerock.opendj

02 Aug, 2007

3 commits

01 Aug, 2007

5 commits

  • 674218db   Fixed a typo for the max block size attribute in the VLV index configuration ... Browse Dir » 
    Fixed issue 2045. The import will delete the database files if only one base DN is used with the backend being imported instead of calling the 
JE clear method.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2544 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • b3fa4bb7   Fix a problem in the way that the Netscape password expired control was being ... Browse Dir » 
    encoded.  It was previously thought to have no value, but in actuality it
should have always have a value whose string representation should be "0".


git-svn-id: https://svn.forgerock.org/opendj/trunk@2542 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • fe1a14b9   Use DsframeworkReturnCode enum in a more 'classical' way ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2541 41b1ffd8-f28e-4786-ab96-9950f0a78031
    lutoff
     
  • bbd1be5b   Fix for issues #1342 and #1343 ... Browse Dir » 
    Modifications done in dsframework CLI are:
      - implement subcommand for global admin user management inside
        the admin registry

The dsframework help output is in attachment in addition to the svndiff
file and new added file.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2540 41b1ffd8-f28e-4786-ab96-9950f0a78031
    lutoff
     
  • 5667d12e   Add ACI support to control whether a "smart referral" (named subordinate references -- RFC 3296) ... Browse Dir » 
    may be returned to a client. Smart referral entries contain the referral objectclass and
have one or more "ref" attributes containing LDAP URLS. The ref attribute type has usage
distributedOperation, so the operational shorthand '+' character can be used to match it:

(targetattr="+")(version 3.0; acl "ref wild-card"; allow(read) userdn="ldap:///anyone";)

or it can be explicitly used:

(targetattr="ref")(version 3.0; acl "ref"; allow(read) userdn="ldap:///anyone";)

It is also possible to add an ACI on the referral entry itself:

dn: uid=smart, ou=People, dc=example, dc=com
objectclass: top
objectClass: extensibleobject
objectClass: referral
ref: ldap://kansashost/OU=People,O=Kansas,C=US
ref: ldap://texashost/OU=People,O=Texas,C=US
aci: (targetattr = "ref")(version 3.0; acl "add_aci"; allow (read) userdn="ldap://anyone";)

git-svn-id: https://svn.forgerock.org/opendj/trunk@2539 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

31 Jul, 2007

5 commits

  • 35521901   This fixes serveral issues LDIF import and VLV features: ... Browse Dir » 
    - Added the ability to use both a backend ID and include branch arguments for LDIF imports 
(Issue 1971)
- Fixed incorrect search scope enum in the VLV index configuration
- Added unit tests for partial LDIF imports
- Fixed issue where using overlapping include branches during an import would result in a ConcurrentModificationException (Issue 2039)



git-svn-id: https://svn.forgerock.org/opendj/trunk@2538 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • a1de0414   Update the password policy code so that the sum of the minimum password age and ... Browse Dir » 
    the password expiration warning interval must always be less than the maximum
password age.  This ensures that the minimum password age will itself always be
less than the maximum age, and will also prevent a scenario in which the user
could receive password expiration warning messages during a period when he/she
cannot change the password due to the minimum age.

OpenDS Issue Number:  2032


git-svn-id: https://svn.forgerock.org/opendj/trunk@2535 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 74d8b9db   Minor improvements to ArgParser and SubCommandArgParser parsing related error me… ... Browse Dir » 
    …ssages. Any argument name references are now double-quoted and always preceded by a dash or double-dash as appropriate. This is to avoid potential ambiguity in some error messages and to also be consistent.

Fixes issue 2000.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2534 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • ab47e16d   Fix issue 1991: dsconfig: split "component" field in list-properties ... Browse Dir » 
    Make the list-properties sub-command more consistent with the rest of dsconfig. Rather than display the full component name in the left hand column, dsconfig now splits the name into two columns: the first being the generic component name and the second containing the sub-type name. For example, previously an LDAP connection handler would have the component name "ldap-connection-handler". Now the name is split in two using the generic name "connection-handler" and the sub-type "ldap". This is consistent with the create-xxx sub-commands, where the generic name is typically the sub-command suffix (e.g. create-connection-handler) and the sub-type is the value of the -t flag (e.g. ldap).

To make the sub-command more usable, it now has the following three additional options:

-c, --category {CATEGORY}
    The category of components whose properties should be described
-t, --type {TYPE}
    The type of components whose properties should be described. The value for
    TYPE must be one of the component types associated with the CATEGORY
    specified using the "--category" option
--inherited
    Modifies the display output to show the inherited properties of components

The CATEGORY can be either a generic component name (e.g. backend or connection-handler), or it can be one of the --help-xxx categories (e.g. logging). The TYPE, if specified, must be a sub-type associated with the specified CATEGORY (e.g. ldap or jmx for connection handlers). The option "inherited" forces the sub-command to display all the properties associated with each component type, including inherited properties.

All the options are optional (e.g. the -t option does not require the -c option).


git-svn-id: https://svn.forgerock.org/opendj/trunk@2533 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 2aa7c20f   Fix typo ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2532 41b1ffd8-f28e-4786-ab96-9950f0a78031
    lutoff
     

30 Jul, 2007

13 commits

  • 86b3ac12   Update the task backend to provide a mechanism for sending e-mail messages to ... Browse Dir » 
    notify administrators whenever a given task has been completed.  It is possible
to specify a set of administrators that should be notified only if the task
does not complete successfully, and/or a set of administrators that should be
notified regardless of the task's success or failure.  The basic framework for
this capability has always been in place, and this change only provides the
final implementation that actually generates and sends the e-mail message.

This also includes a change to the way that log messages are handled so that
any messages logged by a thread executing a task (or any DirectoryThread
subclass created by a task thread) will be captured as part of that task.
These messages will also be included in the notification e-mail message.

OpenDS Issue Numbers:  2033, 2034


git-svn-id: https://svn.forgerock.org/opendj/trunk@2529 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c580d11d   The following modifications are done in order to be able to handle properly secu… ... Browse Dir » 
    …re connections in both the status command-line and the status panel.  Some options to specify a keystore, a trustore, etc. have been added to the status command-line so that is consistent with the other command-lines that use LDAP.  As for these command-lines if the user does not specify to use Start TLS or LDAPS, the command-line will try to use LDAP to connect. But if there is no LDAP port enabled, the command-line will try to connect to the LDAPS port.

Concerning the status panel, it will try to use the most secure method to connect to the server, if the servers is configured to use SSL or Start TLS and the presented certificate is not trusted by default by the JDK, we will present to the user in order to be accepted. 


git-svn-id: https://svn.forgerock.org/opendj/trunk@2521 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     
  • 9d361597   Increase the number of tries when we initialize the ADS from 1 to 5. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2520 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     
  • c58095aa   Modify the HelpSubCommandHandler so that it is no longer a singleton. Being a si… ... Browse Dir » 
    …ngleton meant that multiple instances of dsconfig would share the same help sub-system and re-initialize it, potentially causing problems.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2519 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 059fcb4f   Code and Comments cleaning ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2518 41b1ffd8-f28e-4786-ab96-9950f0a78031
    lutoff
     
  • 1079a972   Move dsconfig messages out of a properties file and into the ToolMessages.java m… ... Browse Dir » 
    …essage file in anticipation of forthcoming i18n improvements.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2517 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 27431a7e   Remove unused import ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2516 41b1ffd8-f28e-4786-ab96-9950f0a78031
    lutoff
     
  • cb3c1c29   Partial fix for Issue 2026: installer should ensure 1.5 or later JAVA_HOME setting. ... Browse Dir » 
    Force the processes launched by the installer and the upgrader to use the same JVM as the tools (th
is is done by setting the JAVA_HOME environment variable when creating the processes).



git-svn-id: https://svn.forgerock.org/opendj/trunk@2515 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     
  • 2762f930   Update the server to provide an idle time limit configuration option that can ... Browse Dir » 
    be used to terminate client connections that have been idle for too long.  This
can be controlled on a server-wide default level using the
ds-cfg-idle-time-limit configuration attribute in the cn=config entry, but it
can also be overridden on a per-user level with the ds-rlim-idle-time-limit
operational attribute in the user's entry.

Note that while the idle time limit support is server wide, it needs help from
the connection handler to provide an idle time for client connections.  At this
time, only the LDAP connection handler provides this capability.  It is not
appropriate for internal connections, and it is not seen as important for JMX
connections at this time (although such support could be added in the future if
the need arises).

OpenDS Issue Number:  118


git-svn-id: https://svn.forgerock.org/opendj/trunk@2514 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 0ccdb664   Provide valid OIDs for the ds-cfg-ssl-protocol and ds-cfg-ssl-cipher-suite ... Browse Dir » 
    configuration attributes and define them in the server schema, and make the
names singular instead of plural.  Also, update some of the configuration
definitions to align the OIDs used in them with the OIDs used in the server
schema.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2513 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • b38806e7   Add two new configuration attributes, ds-cfg-enabled-alert-type and ... Browse Dir » 
    ds-cfg-disabled-alert-type to alert handler configuration entries.  If a set of
enabled alert types is given, then only alerts with one of those types will be
passed to the associated alert handler.  If a set of disabled alert types is
given, then only alerts without one of those types will be passed to the
associated alert handler.  If both enabled and disabled lists are provided,
then only alerts with a type on the enabled list and not on the disabled list
will be processed.

OpenDS Issue Number:  2027


git-svn-id: https://svn.forgerock.org/opendj/trunk@2512 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 71e273b1   Provide a configuration option that makes it possible for the administrator to ... Browse Dir » 
    control whether responses to failed bind operations include an error message
that explains the problem.  By default, failed bind operations will return a
response that indicates the operation failed, but will not include any error
message (although it will be written to the access log).  However, if the
administrator decides that the benefit of providing this information to the
client outweighs any potential security risk, then this option may be used to
include that message in the response to the client as well as having it written
to the access log.

OpenDS Issue Number:  1787


git-svn-id: https://svn.forgerock.org/opendj/trunk@2509 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • af857725   Provide a mechanism to disable privileges in the server if necessary. If a ... Browse Dir » 
    privilege is disabled, then the server will behave as if all users have that
privilege.  This can help improve compatibility with environments that expect
a feature to always be available, or to only be governed by access control.


OpenDS Issue Number:  1683


git-svn-id: https://svn.forgerock.org/opendj/trunk@2508 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

29 Jul, 2007

3 commits

27 Jul, 2007

8 commits

  • fb01d651   Fix targetattr not equal operator giving access to an operational attribute bas… ... Browse Dir » 
    …ed on a user attribute not matching, or access given to a user attribute based on an operational attribute not matching. For example:

(targetattr != userpassword) 

should not give access to the operational attribute
createtimestamp.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2500 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     
  • 7439e734   These set of changes implement VLV and filter capability to OpenDS: ... Browse Dir » 
    - A VLV index is defined by a name, base DN, search filter, search scope, sort order. A search request must match these parameters exactly to 
use the VLV index.
- A VLV index made up of the entry IDs matching the definition criteria (above) and the corresponding attribute values that are part of the sort 
order in the sort order. This information is broken up into blocks of sorted sets. The block size can be configured through admin framework. 
Default block size is 4000. In the database, the sorted set is stored with the following format:

      4 byte set size | entry IDs of 8 bytes each ... | attribute values of 16 bytes each ...

- Each sorted set is keyed by the entry ID and attribute values of the largest entry in the sorted set. A special comparator (VLVKeyComparator) 
is used to sort the keys in the database in the order of the specified sort order.
- When entries are added to the VLV index, its sort values are extracted and inserted into the sorted set whose key (also the largest entry in 
the set) is the smallest key that represents a entry that is greater or equal to the entry being inserted. If the sorted set exceeds the block 
size, it is divided in two and stored back into the database with the new key. In this implementation, a sorted set's key is never changed after 
it is created.
- On importing from LDIF, each entry's sort values and ID is written out to a intermediate file in order. These files are later merged and 
inserted into the database.
- Index rebuild and verify also works with VLV indexes. The verify job ensures that all the entries stored in the VLV index is in the correct 
order.
- With this implementation, once a VLV index is created, it can not be changed without a rebuild. The server will NOT warn the user if 
the index 
has changed offline. Until a rebuild is done, it can return incorrect results. This should be fixed later.
- Performance wise, modify, add, and delete performance will be degraded if the entry matches the indexing criteria. Searches not using the VLV 
index should not see any notable performance degradation. If the block size is set too big, there is a potential that a large number of updates 
will result in some JE lock timeouts since the few sorted sets are hotly contested. However, if the block size is too small, searches using the 
VLV control with offsets could be slow since there are more records to look through. This area need further investigation to determine the 
optimal default value.

Fix for issue 38


git-svn-id: https://svn.forgerock.org/opendj/trunk@2499 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 9e4af66c   Fix inconsistent Format Checking for ACI targattrfilter. ... Browse Dir » 
    Issue 1473.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2492 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     
  • 8e6e45ff   Partial 95% fix for issue 1831 - dsconfig interactive mode. ... Browse Dir » 
    This change implements the remaining functionality for the dsconfig interactive mode. It is now possible to interactively create and modify components. This change adds support for interactively querying the user for property values. It is implemented using a text-based menu driven model, whereby users can select which properties they want to modify and how they want to modify them (e.g. reset, add a value, remove a value, etc).

This change is not a complete fix for issue 1831, since there are some minor usability enhancements that can be made. These include:

* general consistency of menus (e.g. being able to cancel and go back, get help on a property, etc)

* when displaying the menu option for resetting a property to its defaults it should display what those are exactly

* when incrementally modifying a property, it would be nicer if it displayed the current state

The aim of this change is principally to get people to use the interactive mode and to identify any major usability design issues.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2490 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 3e7941dc   Add a method for retrieving the current default values of a property. This can b… ... Browse Dir » 
    …e useful in client applications wishing to indicate to a user what will happen if they reset a property back to its defaults.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2489 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 969a8087   Fix message references. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2487 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 571dd7b9   modifications to fix issue #2022. ... Browse Dir » 
    These modifications also include a new ReturnCode definition:
QuickSetupCli return code and ApplicationExceptionType have been grouped into a new class: ApplicationErrorCode. Return code are now handled as emun.
In order to fix issue #2022, CANCELLED value is 0 (SUCCESSFUL).


git-svn-id: https://svn.forgerock.org/opendj/trunk@2486 41b1ffd8-f28e-4786-ab96-9950f0a78031
    lutoff
     
  • 2f15d90c   corrected category bit mask sequence ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2485 41b1ffd8-f28e-4786-ab96-9950f0a78031
    kenneth_suter
     

26 Jul, 2007

3 commits

  • 0ae0e6cb   This fixes issue 1971 and allows partial non-append imports of a backend: ... Browse Dir » 
    - When using import with backend IDs, the entire backend is only cleaned if the new clearBackend option is true or if the backend only contains 
one base DN.
- If a backend's base DN is one of the include branch DNs, only that base DN will be cleared.
- If the include branch DN is below one of the backend's base DNs, a temporary entry container will be created for the same backend base DN. All 
entries not in the include branch will be migrated to the temporary entry container. The entries from LDIF will then be imported. Lastly, All 
entries in the exclude branches will be migrated. The original entry container is then deleted and the temporary entry container renamed.
- When using include branches, they all must be under one backend ID. If an exclude branch become orphaned by the LDIF import, the migrated 
entries will be rejected due to non parent.
- The LDIFImport tool is updated to reflect the new behaviors and options.
- The import task is updated to reflect the new behaviors.  The options are checked when the task is initialized instead at run time to catch 
errors are soon as possible. 



git-svn-id: https://svn.forgerock.org/opendj/trunk@2483 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 031c45ce   Minor beautifying of the dsconfig interactive mode. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2481 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 88d86daf   Partial fix for issue 1831 - dsconfig interactive mode. ... Browse Dir » 
    With this change, dsconfig now prompts for component names if they are not specified on the command-line. Where more than one choice is available, dsconfig displays a list of choices. For create-xxx sub-commands dsconfig also prompts for  the component type (-t flag) if it is not specified. Users can, at this point, request help which displays a detailed description of each type.

A subsequent change will add support for interactively setting property values.

A major part of this change includes improvements to the type-safety of the client admin APIs (e.g. use of raw types), which were being flagged in the latest version of Eclipse (apologies: I should have committed these separately, but they got too tangled up in this change).


git-svn-id: https://svn.forgerock.org/opendj/trunk@2480 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift