org.forgerock / org.forgerock.opendj

23 Feb, 2007

9 commits

  • 9a70c175   Recommit for issue 740. A debug logging helper method (EntryContainer#debugAcces… ... Browse Dir » 
    …s) did not check for null OperationStatus objects being passed in and caused an NullPointerException whenever EntryCount was called. Added a null check.

Changed ID2Entry#getRecordCount to use the Database#count method in JE 3.1.0. The JE backend no longer keeps a count of entries in entry ID 0. Modified TestVerifyJob unit test to no longer simulate a incorrect entry count.

It was a clear case that using Database#count is much faster then keeping a count at entryID 0. At the least, it can eliminate a database read and write on every entry add and delete operation. In addition, calling Database#count is faster then getting an entry out of the database as the following shows.

Time took to get entry count 100 times (w/o transactions):

Duration using Database#count: 16731000 ns
Duration using old entry counter: 22094000 ns

Duration using Database#count: 17124000 ns
Duration using old entry counter: 39434000 ns

Duration using Database#count: 15522000 ns
Duration using old entry counter: 20069000 ns

Duration using Database#count: 15873000 ns
Duration using old entry counter: 19732000 ns

Duration using Database#count: 15871000 ns
Duration using old entry counter: 20594000 ns

Duration using Database#count: 21099000 ns
Duration using old entry counter: 21877000 ns

Fix for issue 740

git-svn-id: https://svn.forgerock.org/opendj/trunk@1247 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 35fe56e5   Revert the changes in revision #1237 (for issue #740) because they have ... Browse Dir » 
    introduced a large number of test failures.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1245 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 292f121d   This change prepares the unit tests for when the ACI handler will get enabled by… ... Browse Dir » 
    … default.  Most of the failing tests are fixed by adding bypass-acl privilege to the entries of the users the failing tests bind as.

This change also includes an important fix to the server for operations carrying the proxied auth control.  The ACI check in the core operation is moved after the controls processing to ensure that the correct authorization user is picked up, and the ACI handler now gets the authorization user from the operation rather than the connection.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1244 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     
  • 46c3a6ac   Update the entry schema checking code to ensure that all attributes have at ... Browse Dir » 
    least one value.  This will prevent add requests from being able to add entries
containing attributes with no values.

OpenDS Issue Number:  1275


git-svn-id: https://svn.forgerock.org/opendj/trunk@1241 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • aa0bbc0d   Add a new SSL trust manager that can be used to interactively prompt the user ... Browse Dir » 
    about whether a given SSL certificate should be trusted.  This will be used for
all of our client tools in the case when no trust store is available and the
user has not requested the "--trustAll" option.

OpenDS Issue Number:  1274


git-svn-id: https://svn.forgerock.org/opendj/trunk@1240 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 81e7f7e8   Move access control initialization ahead of backend initialization ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@1239 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     
  • 613017ce   Add a new org.opends.server.interop package where we can place source code that ... Browse Dir » 
    we don't need in the core server but can help other applications interoperate
with OpenDS.

Also, add a class org.opends.server.interop.LazyDN which is a
lazily-initialized version of the org.opends.server.types.DN class.  This makes
it possible to have very fast DN processing when you need to create a DN from
a String and the only thing that will be called on that DN is the toString()
method.  This commit includes test cases to ensure that the public methods of
the DN and LazyDN classes stay in sync.

OpenDS Issue Number:  1276


git-svn-id: https://svn.forgerock.org/opendj/trunk@1238 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 10347c82   Changed ID2Entry#getRecordCount to use the Database#count method in JE 3.1.0. Th… ... Browse Dir » 
    …e JE backend no longer keeps a count of entries in entry ID 0. Modified TestVerifyJob unit test to no longer simulate a incorrect entry count.

Fix for issue 740

git-svn-id: https://svn.forgerock.org/opendj/trunk@1237 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 37144303   Update the DN class to remove the "public" modifier from a few methods that ... Browse Dir » 
    are intended only for internal use.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1230 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

22 Feb, 2007

3 commits

  • c4009404   Update the access control config manager to send an administrative alert ... Browse Dir » 
    notification whenever the access control handler is enabled or disabled.

OpenDS Issue Number:  1269


git-svn-id: https://svn.forgerock.org/opendj/trunk@1229 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • d4d0fcf8   Update the start-ds script and associated Directory Server code to ensure that ... Browse Dir » 
    the PID file is only written if the server is not already running.  If it's not
being used to try to start the server, then just invoke the command without a
PID file.  If it is trying to start the server but the server is already
running, then exit with an error.

OpenDS Issue Number:  1251


git-svn-id: https://svn.forgerock.org/opendj/trunk@1220 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • b2f50ba6   Fix for Issues #1025 and #1248 ('stop-ds.bat should be able to stop server even … ... Browse Dir » 
    …if LDAP port' and 'cannot stop server through status panel').

The goal of these changes is to be able to have exactly the same user interface in Windows and Unix to stop the server.  In windows we force the user to provide LDAP credentials even if the command is going to be run locally.  The goal is to allow to stop the server using only system credentials (as we do in UNIX) when the user does not provide arguments when calling stop-ds.bat.

In order to do this I have written some native code.  This native code is called when we start the server to:
1. Launch the java process and get the associated PID.
2. Create a server.pid file as we do for UNIX systems to store the PID of the process.

The native code that stops the server reads the PID file contents and tries to stop the process associated with the PID.

In order to allow the users to be able to build the product with independence of the platform, the binaries will be included with the source code.  The code used to generate these binaries will also be provided.

I have generated 1 executable called winlauncher.exe.  The binaries will be committed in the source tree under lib (with activation.jar and mail.jar).  They will also be installed under <server root>\lib.

The native code is in the files winlauncher.c and winlauncher.h.  These files are placed under the new directory build-tools/src/windows.

I have tried to keep the native code simple and leave as much logic as I could into the batch files (for instance everything related to the discovery of the java binaries) so that the administrators can play with them.

A README file has been also been included to explain how to generate the binaries.

Extras:
When we call start-ds from the command line, the server will not stop when the command prompt window is closed (unless start-ds was called to run in not-detached mode).  The next step is to register DS as a service to avoid the server to be stopped when the user logs out.

When we call setup (with no arguments) or the statuspanel the generated process (and windows) will no longer get killed when the command prompt window is killed.

When the user double-clicks on the setup.bat or the statuspanel.bat files, the command prompt window only appears briefly.  Today when we do this a command prompt window stays open until we close setup or the status panel window.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1216 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     

21 Feb, 2007

5 commits

20 Feb, 2007

1 commit

19 Feb, 2007

1 commit

  • eff37a32   fix for issue 1212 namingConflict test trigger an assert from the static group ... Browse Dir » 
    When it is enabled, the synchronization code can sometimes decide to abandon
an add operation. In such case the handleConflictResolution() method
of the SynchronizationProvider will return a code indicating to stop the
OperationProcessing.
However when doing this, the ChangeListener are still invoked
at the end of the AddOperation processing.
Since the operation has not been processed, the ChangeListeners are given
a null entry parameter but the StaticGroup code that runs as a ChangeListener
makes the assumptions that the entry is always non null at this point.
This currently causes the following assert when running the test
synchronization.UpdateOperationTest.namingConflicts()

The change notification listeners will only be invoked if the result
code for the operation is "SUCCESS", and at that point in the processing
it should only be SUCCESS if the update was actually applied.  If the
synchronization code decided to abort the operation the
the provider.handleConflictResolution() therefore now set
a Cancel Result code.







git-svn-id: https://svn.forgerock.org/opendj/trunk@1201 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

18 Feb, 2007

3 commits

17 Feb, 2007

1 commit

  • b0460e07   [issue 1215] Prevent operations referencing an inconsistent Password Policy ... Browse Dir » 
    https://opends.dev.java.net/issues/show_bug.cgi?id=1215

The PasswordPolicy configurable component needs to be split in  order to avoid
the possibility of an operation referencing an  inconsistent PasswordPolicy
object (i.e., one in the middle of an  update).

Reviewed by neil_a_wilson, who noticed a coding error that would have resulted in intermittent NPEs.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1192 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

16 Feb, 2007

3 commits

15 Feb, 2007

2 commits

13 Feb, 2007

1 commit

12 Feb, 2007

4 commits

  • 54aa9b09   OpenDS Issue 1229 ... Browse Dir » 
    This enhancement adds a convenience method to ConditionResult to return the inverse of a value of the CondtionResult type: e.g., inverseOf(TRUE) is FALSE.

New unit test is included.

Reviewed by neil_a_wilson.



git-svn-id: https://svn.forgerock.org/opendj/trunk@1138 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 8adb6465   Update the ldif-diff tool so that it provides an option that allows ... Browse Dir » 
    differences between entries to be split into multiple modifications each of
which has only a single value (as opposed to one modification containing all
changes to the entry).  This can be useful when attempting to apply
configuration changes during an upgrade.

OpenDS Issue Number:  1228


git-svn-id: https://svn.forgerock.org/opendj/trunk@1137 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • ea09487f   Fix a bug in the ldif-diff tool that creates the potential that an entry ... Browse Dir » 
    contained in both the source and target LDIF files will be included in the
output as an "add" record (potentially even if it also appears earlier in the
output as a "modify" record).

OpenDS Issue Number:  1227


git-svn-id: https://svn.forgerock.org/opendj/trunk@1136 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • fd6361f4   Implement support for the proxied-auth privilege, which will be required in ... Browse Dir » 
    order to use the proxied authorization control.  This privilege is also used
to determine whether a user can specify an alternate authorization identity for
the SASL DIGEST-MD5 and PLAIN mechanisms.

OpenDS Issue Number:  476


git-svn-id: https://svn.forgerock.org/opendj/trunk@1135 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

09 Feb, 2007

2 commits

  • de73e635   Add an initial set of privilege support to OpenDS. The current privileges are ... Browse Dir » 
    currently defined and implemented:
* config-read (allow reading the configuration)
* config-write (allow updating the configuration)
* ldif-import (allow invoking LDIF import tasks)
* ldif-export (allow invoking LDIF export tasks)
* backend-backup (allow invoking backup tasks)
* backend-restore (allow invoking restore tasks)
* server-shutdown (allow invoking server shutdown tasks)
* server-restart (allow invoking server restart tasks)
* server-restart (allow invoking server restart tasks)
* password-reset (allow resetting user passwords)
* update-schema (allow updating the server schema)
* privilege-change (allow changing the set of privileges for a user)

The following privileges are also defined but not yet implemented:
* bypass-acl (allow bypassing access control evaluation)
* modify-acl (allow updating access control definitions)
* jmx-read (allow reading information over JMX)
* jmx-write (allow updating information over JMX)
* jmx-notify (allow subscribing to JMX notifications)
* proxied-auth (allow the use of proxied authorization and SASL authzid)
* disconnect-request (allow terminating arbitrary client connections)
* cancel-request (allow canceling arbitrary client connections)
* search-unindexed (allow requesting unindexed searches)
* data-sync (allow participating in a data synchronization environment)

Root users automatically inherit a subset of these privileges by default, and
users can also be explicitly granted or forbidden the use of specified
privileges.

OpenDS Issue Numbers:  468, 472, 474, 475, 477, 1213


git-svn-id: https://svn.forgerock.org/opendj/trunk@1134 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c3187663   Minor synchronization code changes: ... Browse Dir » 
    - Add a test case for two conflicting adds of a single-valued attribute (no fix yet, hence disabled).
- Revised fix for attribute options (using an empty set of options rather than null).
- Fix potential bugs in AttrInfo, make sure the given change number is newer whenever setting the last update or last delete time.

Thanks to Gilles for advice on these changes.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1133 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     

08 Feb, 2007

1 commit

  • 51c8e4ad   Update the AuthenticationInfo object to store the entries for the authentication ... Browse Dir » 
    and authorization identities rather than just their DNs.  This includes a
mechanism to keep those entries up to date as changes occur in the server, and
also includes a hook for ClientConnection subclasses to perform processing
whenever a connection is terminated.

This also includes an update to the code for the proxied authorization v1 and v2
controls so that they are now able to handle "dn:"-style authentication and
authorization IDs that map to one of the alternate bind DNs for a root user.

OpenDS Issue Numbers:  1201, 1202


git-svn-id: https://svn.forgerock.org/opendj/trunk@1129 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

07 Feb, 2007

1 commit

06 Feb, 2007

1 commit

05 Feb, 2007

2 commits