org.forgerock / org.forgerock.opendj

26 Aug, 2007

5 commits

25 Aug, 2007

7 commits

  • c1b21025   - [Issue 2030] new configuration attribute to enforce entry compression: ... Browse Code » 
    allow for backend-compact-encoding property, enabled by default.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2796 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • 439c9fa4   Issue 466 preparation. ... Browse Code » 
    This is a followup to commit r2774.

Secure replication depends on ADS containing at least the instance-to-be-initialized's instance key public-key certificate in the ADS-based truststore because the existing replication domain server requires it to "trust" the new server. (The new server trusts the domain server by some future ADSContext code that will fetch the domain host's public-key certificate and write it into the new server's truststore backend - all via LDAP.)

Subsequent to commit r2774, we discovered that configuring replication results in the replication server opening its server socket and configuring it for TLS. The TLS configuration requires the local truststore to be initialized with the local instance key and the instance key of any to-be-replicated servers must be added. Hence, the Installer's ADS configuration step must be run before its replication configuration step.

In the current implementation of the ADS configuration step, ADS replication is configured and initialized (distinct from the suffixes specified by the user). These changes 1) move the ADS replication configuration and initialization from the ADS configuration step, and merge them into the code that handles configuring and initializing replication of the user specified suffixes (Installer.java); and 2) move the invocation of the ADS configuration ahead of the replication configuration (OfflineInstaller,WebStartInstaller.java).

M      src/quicksetup/org/opends/quicksetup/installer/offline/OfflineInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/webstart/WebStartInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/Installer.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.

I'm not sure how to test the WebStartInstaller, but the code and changes are identical to the OfflineInstaller, so perhaps it is ok.

---
Thanks to Josu for reviewing.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2795 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • 6f694208   Disable the compact entry encoding by default because it introduces new ... Browse Code » 
    dependencies in backup/restore and binary copy that could cause problems for
administrators if they're not aware of them.  We should leave it disabled
until issue #2158 has been addressed.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2794 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • b471d4e0   massive retrofit of the logging tests into the framework ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2793 41b1ffd8-f28e-4786-ab96-9950f0a78031
    al_xipe
     
  • b028f719   fix for replication resynchronization tests to account for the new index key map ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2792 41b1ffd8-f28e-4786-ab96-9950f0a78031
    al_xipe
     
  • 6981af83   fix for replication binary copy tests ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2791 41b1ffd8-f28e-4786-ab96-9950f0a78031
    al_xipe
     
  • 9e0349cf   fix for groups test suite ... Browse Code » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2790 41b1ffd8-f28e-4786-ab96-9950f0a78031
    al_xipe
     

24 Aug, 2007

17 commits

  • 7b572b65   Temporarily disable the replication dependency test cases because they are ... Browse Code » 
    frequently failing.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2789 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 53772a0b   Add a mechanism for generating an RC script that can be used on UNIX systems to ... Browse Code » 
    configure the server to automatically start when the system boots.

Also, update the stop-ds script so that if the server is to be stopped via kill
but no PID file is present, the stop script will generate an error instead of
trying to invoke the stop task (which is guaranteed to fail since the attempt
will be made anonymously, and this will give a confusing error message).

OpenDS Issue Number:  526


git-svn-id: https://svn.forgerock.org/opendj/trunk@2788 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8914e062   Fix checkstyle failures. ... Browse Code » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2787 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • c941f3de   Added a setter method for the lock manager fair ordering property introduced in revision 2783 ... Browse Code » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2786 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • d9bbb494   Issue 466 preparation. ... Browse Code » 
    Each instance has an associated public-private key-pair called the "instance key". The collection of public-key certificates from all instances forms an ADS-domain truststore. Secure replication uses this truststore in its TLS setup.

The instance key is maintained by the local instance using a new "truststore" backend type that manages a local keystore file. The backend is induced to generate and self-sign a key when an entry with a special dn is written to it.  Once the truststore has been so initialized, the public-key certificate can be retrieved with an LDAP search operation.

This change adds a method to the ADSContext to retrieve the instance key public-key certificate from the instance to which the context is bound, and set a field in the context with the cert. The method detects if it needs to induce the backend to produce the key. A subsequent change will publish the key in ADS.  For now (until Andy commits the truststore backend code), the attempt to retrieve the key is guarded by a check for the ads-truststore backend's presence.

There is also some minor cleanup of existing code, and some additional code related to upcoming CryptoManager related ADS setup.

M      src/ads/org/opends/admin/ads/ADSContext.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2785 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • f0b1ecf7   Fixed a bug where some functional tests were using the incorrect configuration s… ... Browse Code » 
    …tring for the default-password-storage-scheme.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2784 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mkeyes
     
  • 463e14e4   Added property to enable or disable fair ordering for the entry lock manager. By… ... Browse Code » 
    … default, fair ordering will be used.




git-svn-id: https://svn.forgerock.org/opendj/trunk@2783 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • b0f8fd28   Adding functional tests for creating and deleting sasl mechanisms. ... Browse Code » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2782 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mkeyes
     
  • c0d40aa1   Add a tool that can be used to base64 encode or decode information. The source ... Browse Code » 
    can be provided as a string, contained in a file, or piped in via standard
input, and the result can be sent to standard output or written to a file.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2781 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 5d09d8a6   Update the default configuration to ensure that the uniqueMember attribute type ... Browse Code » 
    is indexed for equality by default.  Also, include the
ds-cfg-backend-compact-encoding in the userRoot configuration entry so that
it's more obvious what the value is when looking at the configuration.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2780 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • b82d6371   - fix an NPE found by the entry cache concurrency test. ... Browse Code » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2779 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • dd1f5e83   Added functional test cases for adding a new password storage scheme. ... Browse Code » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2778 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mkeyes
     
  • 2deb0393   - add assertions covering cache maps out of sync. ... Browse Code » 
    - replace atomic init followed by clear in favor of before/after group to improve concurrency.
- fix FIFO rotation test bug to assert for all rotated entries.
 

git-svn-id: https://svn.forgerock.org/opendj/trunk@2777 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     
  • d3ae5ead   Fix for issue 2153. Add uninstall-gui to the list of files that must have executable permissions. ... Browse Code » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2776 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     
  • a91d73a9   Adding functional test cases using multiple password validators. The tests inclu… ... Browse Code » 
    …de dsconfig commands to create, modify, and delete a custom password validator.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2775 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mkeyes
     
  • 3c27fed9   Issue 466 preparation. ... Browse Code » 
    Secure replication depends on ADS containing at least the instance-to-be-initialized's instance key public-key certificate in the ADS-based truststore because the existing replication domain server requires it to "trust" the new server. (The new server trusts the domain server by some future ADSContext code that will fetch the domain host's public-key certificate and write it into the new server's truststore backend - all via LDAP.)

Hence, this change reverses the invocation order of Installer.initializeSuffixes and Installer.updateADS so that the latter is now run first (but still subsequent to Installer.configureReplication).  Note that Installer.updateADS does require Installer.configureReplication to have been run, since it configures replication for and initializes "cn=admin data".

M      src/quicksetup/org/opends/quicksetup/installer/offline/OfflineInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/webstart/WebStartInstaller.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.

I'm not sure how to test the WebStartInstaller, but the code and changes are identical to the OfflineInstaller, so perhaps it is ok.

--
Thanks to Josu for the review.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2774 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     
  • ba48c438   change -s to -Q for setup ... Browse Code » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@2773 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gary_williams
     

23 Aug, 2007

11 commits