org.forgerock / org.forgerock.opendj

28 Sep, 2007

1 commit

27 Sep, 2007

1 commit

  • c40a66ed   Improvements to aggregation support and foundation work for expressing arbitrary… ... Browse Dir » 
    … constraints within components.

This change adds support for defining arbitrary conditions which can be used to test properties and their values. Conditions can be used within aggregations to define 1) when a referenced managed object needs enabling and 2) when it is enabled. For example, the LDAP connection handler requires that its key manager provider and trust manager provider are enabled when it is enable and when either SSL or StartTLS are enabled.

Conditions are also intended for use within the existing constraint/dependency support. For example, it should be possible to indicate that a property "min" is always less than or equal to a property "max", or that when "use-ssl" is set to true, any required SSL configuration related properties are also defined. This will be implemented in a subsequent change (this change just focuses on the work required to resolve issue 1449).

This change adds support for the following conditions:

* logical "not"
* logical "and"
* logical "or"
* logical "implies"
* contains - determines if a property contains a particular value
* is-present - determines if a property has any values (incl. defaults)

More will be added as required.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3229 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     

26 Sep, 2007

3 commits

  • e2517750   Update the Get Symmetric Key extended operation handler so that it has its own ... Browse Dir » 
    object class and config definition rather than relying on the generic
configuration.  This makes it easier to use through dsconfig.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3211 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 5abb86e7   Merge branches/temp-admin@3208 onto trunk@3208. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@3209 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • d72d5ef1   Update the backend API to include new isIndexed methods that can be used to ... Browse Dir » 
    determine whether a given attribute is indexed in a specified manner, or that
can be used to determine whether a specified filter is indexed.  At present,
all backends except the JE backend and the replication backend are considered
always indexed for all operations.  The JE backend is only considered indexed
based on its index configuration.  The replication backend is never considered
indexed.

Update the following components to make use of this new isIndexed capability:
- The DSEE-compatible access control handler will now log a warning message at
  startup if it detects that there is no presence index for the aci attribute,
  which can make startup take a long time on a big database.
- The group manager will now log a warning message at startup if any of the
  group implementation filters are unindexed, which can make startup take a
  long time on a big database.
- The referential integrity plugin now requires that all of the attributes for
  which referential integrity is to be maintained must be configured with
  equality indexes.
- The unique attribute plugin now requires that all of the attributes for which
  uniqueness is to be enforced must be configured with equality indexes.

This commit also updates the LDIF backend so that it is possible to
indicate via configuration whether its base DNs should be registered as public
or private base DNs.  The LDIF backend used as the admin root has been
updated so that it is considered a private backend.  The replication backend
has also been updated so that it is considered a private backend.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3206 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

23 Sep, 2007

1 commit

  • ef5e5493   Add support for an LDIF backend. Entries in this backend will be held in ... Browse Dir » 
    memory, and all read operations will be served from memory, but the underlying
data will be stored in an LDIF file on disk and any write operation will cause
that LDIF file to be updated.

This backend supports all major operations, including moving/renaming non-leaf
entries with the modify DN operation, and also supports the subtree delete
control and LDIF import and export operations.  Backup and restore operations
are not currently supported.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3160 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

21 Sep, 2007

1 commit

19 Sep, 2007

1 commit

  • 94e99606   Add a new monitor provider that can be used to monitor memory usage within the ... Browse Dir » 
    JVM, including:

- The total number of garbage collections (per memory pool)
- The total duration of all garbage collections (per memory pool)
- The averge duration for a garbage collection (per memory pool)
- The duration of the most recent garbage collection (per memory pool)
- The current size of each memory region
- The size of each memory region after the last garbage collection


git-svn-id: https://svn.forgerock.org/opendj/trunk@3120 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

14 Sep, 2007

1 commit

13 Sep, 2007

1 commit

10 Sep, 2007

1 commit

  • c6ff7b0f   Add support for password storage schemes using AES, 3DES, RC4, and Blowfish. ... Browse Dir » 
    The AES, RC4, and Blowfish implementations all use 128-bit ciphers, and the
3DES implementation uses a 168-bit cipher.

Note that while these password storage schemes are functional, they rely on the
crypto manager, which is not fully implemented.  The storage schemes are not
exposed in the server configuration because the crypto manager does not have
any mechanism to persist secret keys for symmetric encryption.  Until the
crypto manager provides persistence for these keys, passwords encoded using
these schemes will not be usable after the server is restarted.  Once the
crypto manager implementation is complete, these schemes should be exposed in
the server configuration.

OpenDS Issue Numbers:  315, 316, 317, 318


git-svn-id: https://svn.forgerock.org/opendj/trunk@3000 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

09 Sep, 2007

2 commits

  • 1f7dbdf6   Update the server to provide a basic framework for controlling when plugins ... Browse Dir » 
    will be invoked.  There are two basic changes:

- Add a new ds-cfg-invoke-for-internal-operations configuration attribute for
  all plugins, which indicates whether the plugin should be invoked for
  internal operations.  If this is false, then the plugin will only be invoked
  for externally-requested operations.

- Add four new plugin types:  postSynchronizationAdd,
  postSynchronizationDelete, postSynchronizationModify, and
  postSynchronizationModifyDN.  These allow a plugin to perform a limited set
  of processing for changes that are successfully applied through
  synchronization.


The unique attribute plugin has also been updated to support the
post-synchronization plugin types so that if a conflict is introduced
concurrently on two different servers within the propagation delay, an
administrative alert will be generated to indicate that manual intervention is
required to address the problem.

Finally, ensure that audit logging is enabled during the unit tests, and
update the audit logger to include the connection ID and operation ID for the
operation being logged.


OpenDS Issue Number:  2057


git-svn-id: https://svn.forgerock.org/opendj/trunk@2999 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 1058f0e4   - [Issue 1594] entry caches should have monitor information: ... Browse Dir » 
    implement generic entry cache monitor provider which allows any entry cache implementation current or future
  to provide a common or custom set of entry cache state data. update all existing entry cache implementations
  so that they provide their common state data to the entry cache monitor provider.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2998 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     

06 Sep, 2007

1 commit

  • 9a4423a6   Update password storage scheme references in the server so that they use DNs ... Browse Dir » 
    rather than storage scheme names.  This will allow better consistency in the
configuration, since all other references between configuration objects are
DN-based, and it will work better with the upcoming aggregation support.
It also eliminates the need to know the storage scheme name, which is not
obvious from looking at the configuration entry for the storage scheme, and
can actually vary in some implementations depending on whether it's used with a
user password or auth password syntax attribute.

OpenDS Issue Number:  2155


git-svn-id: https://svn.forgerock.org/opendj/trunk@2974 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

04 Sep, 2007

3 commits

  • e6e5d3c2   Add a new LDIF connection handler, which can be used to watch for new LDIF ... Browse Dir » 
    files to be created in a directory, at which point the changes contained in
those LDIF files will be processed by the server using internal operations.
This can potentially be used to make configuration changes or invoke tasks if
the server is unresponsive to external clients (e.g., all worker threads are
busy).

Note that in the default configuration, the LDIF connection handler is enabled
but the target directory doesn't exist.  In this configuration, it will simply
not do anything until the target directory is created and one or more LDIF
files are placed in it.  This is a safeguard against an administrator
inadvertently placing a file in that directory without understanding the
potential consequences of that action.  It also means that we can use it to
perform debugging operations (e.g., "dump all") without having to restart the
server if it becomes unresponsive.

OpenDS Issue Number:  2216


git-svn-id: https://svn.forgerock.org/opendj/trunk@2950 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • ad39ad18   Fix typo in LDAP attribute mapping for send-message-without-end-user-address property. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2948 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • a7ca5f6a   Add a 7-bit clean plugin, which can be used to ensure that values for a ... Browse Dir » 
    specified set of attributes (optionally only for entries below a specified set
of base DNs) are 7-bit clean.

OpenDS Issue Number:  261


git-svn-id: https://svn.forgerock.org/opendj/trunk@2932 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

03 Sep, 2007

3 commits

  • ecb7f164   Implement support for a maximum blocked write time limit in the LDAP connection ... Browse Dir » 
    handler, which can be used to terminate client connections if an attempt to
write data to the client has been blocked for too long.  This will generally
occur if the client has become unresponsive or there is a network outage.

OpenDS Issue Number:  139


git-svn-id: https://svn.forgerock.org/opendj/trunk@2926 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8fcff6b4   Add default values for plugin-type property and remove unnecessary default behav… ... Browse Dir » 
    …ior for referential integrity attribute property.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2916 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • a219300c   Commit plugin for maintaining referential integrity. Issue 257. ... Browse Dir » 
    New configuration  attributes:

- ds-cfg-referential-integrity-attribute-type Specify attribute types that referential integrity will be checked on; this is a mandatory attribute

-ds-cfg-referential-integrity-base-dn Specify base DN that will limit scope of reference check; if not specified the server's public naming contexts are used

- ds-cfg-referential-integrity-update-interval Specify update interval for background referential integrity processing; if update interval > 0 plugin performs background processing; default is 0

-ds-cfg-referential-integrity-log-file Specify log file location for update records when background processing is enabled; default is <instance>/logs/referint

The plugin is disabled by default:

dn: cn=Referential Integrity,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
objectClass: ds-cfg-referential-integrity-plugin
cn: Referential Integrity
ds-cfg-plugin-class: org.opends.server.plugins.ReferentialIntegrityPlugin
ds-cfg-plugin-enabled: false
ds-cfg-plugin-type: postOperationDelete
ds-cfg-plugin-type: postOperationModifyDN
ds-cfg-plugin-type: subordinateModifyDN
ds-cfg-referential-integrity-attribute-type: member
ds-cfg-referential-integrity-attribute-type: uniqueMember



git-svn-id: https://svn.forgerock.org/opendj/trunk@2913 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

02 Sep, 2007

6 commits

01 Sep, 2007

1 commit

  • 36df03f9   Issue 466 partial ... Browse Dir » 
    Update schema and config files with OIDs issued by Neil.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2895 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

31 Aug, 2007

2 commits

28 Aug, 2007

3 commits

  • c91a1738   Files missing from previous commit ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2830 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     
  • 2bc97056   Changes for replication security issues 511, 512, 608. ... Browse Dir » 
    There is a new backend representing the certificate trust store, which allows the setup code to query and populate the trust store over protocol. However, we are using blind trust until that piece of the setup code is ready.

The encryption settings are currently global to the server instance in a new crypto manager config entry. Authentication will always be performed so the main setting is whether to use encryption or not. In the future (post 1.0) we will need to allow encryption to be configured on or off depending on which replication server we are connecting to but we need some discussion on the best way to specify that in configuration.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2829 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     
  • 2ebd3085   Add an SMTP account status notification handler, which can be configured to ... Browse Dir » 
    send e-mail messages whenever an account status notification is generated.  The
message can be sent to the end user impacted by the notification (based on an
attribute in the user's entry) and/or a fixed set of recipients.

The messages that will be generated are created from template files, which can
include tokens that will be replced with things like:

- The name of the notification type
- The notification message
- The DN of the target user's entry
- Attribute values from the target user's entry
- Values of account status notification properties, which may vary based on the
  type of notification

This change also includes a fix for a problem that could allow password
expiration warning messages to be sent to a client even if the bind was not
successful.


OpenDS Issue Number:  581


git-svn-id: https://svn.forgerock.org/opendj/trunk@2824 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

26 Aug, 2007

2 commits

25 Aug, 2007

1 commit

23 Aug, 2007

2 commits

  • a21d35ef   Added the JE backend configuration attribute to enable or disable compression wh… ... Browse Dir » 
    …en encoding entries for ID2Entry. When backend-compact-encoding 
is enabled, attribute type descriptions and object class sets will be encoded using a compressed form. This behavior is enabled by default.

Fix for issue 2135


git-svn-id: https://svn.forgerock.org/opendj/trunk@2772 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 908a08a7   Add support for overriding the user friendly singlular and plural names of components. ... Browse Dir » 
    The user friendly names (UFN) are usually derived automatically from the component's "name" and "plural-name" attribute. However, sometimes these names are not that user friendly. For example, the names may be abbreviated forms (e.g. replication -> repl or password policy -> pwp). In these cases it would be nice to be abled to display the full human friendly name in help and documentation.

This change includes an overridden UFN for the global configuration. So we should stop seeing messages in applications like "The Global was updated successfully".


git-svn-id: https://svn.forgerock.org/opendj/trunk@2751 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     

22 Aug, 2007

1 commit

21 Aug, 2007

1 commit

  • d2ec5826   Add attribute uniqueness plugin implementation that provides single-server ... Browse Dir » 
    attribute uniqueness. The plugin has the following features:

- provides ability to specify a group of attribute types that must have
  unique values; if no attribute types are specified then the plugin allows
  the operations to proceed with no checking

- provides ability to specify a set of base DNs that limit the scope of the
  uniqueness checking; if no base DNs are specified the server's public
  naming contexts are used

- allow changing of these configuration options without server restart

- allows the uniqueness checking to span multiple base DNs; if the server's
  public naming contexts are used, then the specified attribute type values must
  be globally unique within the server


Two configuration attributes have been added:

1. ds-cfg-unique-attribute-type used to specify the unique attribute type(s)
2. ds-cfg-unique-attribute-base-dn used specify the base DN(s) to limit the search scope

A disabled plugin configuration has been added to the config.ldif file for the uid attribute:

dn: cn=UID Unique Attribute ,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
objectClass: ds-cfg-unique-attribute-plugin
cn: UID Unique Attribute
ds-cfg-plugin-class: org.opends.server.plugins.UniqueAttributePlugin
ds-cfg-plugin-enabled: false
ds-cfg-plugin-type: preOperationAdd
ds-cfg-plugin-type: preOperationModify
ds-cfg-plugin-type: preOperationModifyDN
ds-cfg-unique-attribute-type: uid

Issue 258.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2721 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

20 Aug, 2007

1 commit

  • 30852b5b   These changes rovides the ability to repair ... Browse Dir » 
    the consistency in the replication topology in the (hopefully) rare case
when hardware failure or software bugs could break it (issue 788 and 791)

There are several parts in this commit :
- a new log file called replication was added.
  It's purpose is to store all the consistency errors detected by the replication
  with enough information to allow the administrator to repair the problem.
  This file is configured by default and contain only the replication errors,
  To achieve the a new log severity keyword "None" has been created so that
  the associated error log publisher does not print any error not related to
  replication. (I will update the reference guide after this commit)

- a new control (the replication repair control) has been added.
  When this control is used in a MODIFY, DELETE, ADD or MODDN operation
  the operation is marked as a non-replicated replication operation.
  This cause the following :
  - The operation is allowed to modify attributes that are normally not
    allowed to be modified or added (NO-USER-MODIFCATION) such as
    entryuuid and ds-sync-hist
   To achieve this I add to move those checks from the
    AddOperationBasis.getObjectClasses() or AddOperationBasis.getUserAttributes()
    to the LocalBackendWorkflowElement.processAdd() but this has already
    been reviewed.
  - no change number is associated to the operation.
  - the operation is not published to the replication server and is therefore
    a local only operation.
  - the replication don't try to solve conflict or generate historical information
    for this operation.
 
The intended usage of this control is that the administrator will check
for errors in the replication log, determine the entries that have inconsistent
values and use the control to repair them.
I will write some documentation explaining in more details how to do this.

- even though this is not related to replication repair I also took advantage of
  this change to add the multimaster replication synchronization provider
  in the default configuration.
  This will make configuration of replication using dsconfig easier because
  the user will now only need to configure the replication servers and
  replication domains.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2687 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato