org.forgerock / org.forgerock.opendj

13 Dec, 2006

1 commit

12 Dec, 2006

1 commit

  • 215cfb24   Publish a separate monitor entry for each connection handler, which includes ... Browse Dir » 
    the protocol, listen address/port, number of established connections, and
information about each connection.

Also, update the monitor API to make it possible to include a custom
objectclass in each monitor entry.  Connection handler monitor entries now
include the ds-connectionhandler-monitor-entry objectclass.  Backend monitor
entries now include the ds-backend-monitor-entry objectclass.

OpenDS Issue Numbers:  1066 and 1091


git-svn-id: https://svn.forgerock.org/opendj/trunk@866 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

08 Dec, 2006

2 commits

05 Dec, 2006

1 commit

  • 4b376839   Update the base DN registration process to address a number of issues: ... Browse Dir » 
    - It fixes problems with base DN registration when attempting to use nested
  backends.

- It changes the terminology that is in use.  Previously, the term "suffix" was
  used everywhere, even when it wasn't really correct.  Now "naming context" is
  used when it's talking about a top-level base DN, and "base DN" is used for
  any base DN regardless of whether it's a naming context.

- It adds a new ds-private-naming-contexts operational attribute to the root
  DSE to list the private naming contexts defined in the server.

- It updates the backend API to get rid of the abstract supportsControl and
  supportsFeature methods and replace them with a default concrete
  implementation.


OpenDS Issue Numbers:  546, 750


git-svn-id: https://svn.forgerock.org/opendj/trunk@844 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

30 Nov, 2006

1 commit

  • 28f11fd3   Update the schema backend so that the attributes used to represent schema ... Browse Dir » 
    information are treated correctly according to their definitions.  In
particular, attributeTypes, objectClasses, matchingRules, and ldapSyntaxes are
now properly treated as operational attributes and not returned unless
explicitly requested.  It is possible to override this behavior for backward
compatibility with clients that expect them to always be returned, but this
may be deprecated in the future.

OpenDS Issue Number:  1039


git-svn-id: https://svn.forgerock.org/opendj/trunk@831 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

29 Nov, 2006

2 commits

17 Nov, 2006

1 commit

  • 315ee7f8   The synchronization changelog monitoring information has a counter named ... Browse Dir » 
    waiting-changes that publish the number of updates known by the changelog
server that have not yest been sent to each ldap server because they are too slow to replay them.

This is calculated from the list of changes in memory when this list is small
enough. However when this list becomes too large it is not possible to keep
all the changes in memory and the changes therefore goes to disk.
This monitoring information therefore becomes unavailable and currently returns MAXINT.

This is unfortunate because this is the time when it is the most important.

Unfortunately the Java edition of the berkeley DB does not provide a way to
know the record number of a given db entry and therefore we can't rely on the DB
to tell us how many changes stay in the db after the current change.

This fix therefore change the format of the ChangeNumber so that the ChangeNumber
now uses consecutive numbers for its seqnum part.

The number of missing changes can therefore be calculated by a simple substraction
of the current seqnum and the largest seqnum.
the drawback of this method is that it is only accurate if the majority of update
operations done on the masters are successfull because this method also count the failed
operations.

This fix also modify the ProtocolWindowTest in order to add  tests of this waiting-changes
monitoring information.

This fix also makes the size of the memory queue of messages configurable.


git-svn-id: https://svn.forgerock.org/opendj/trunk@741 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

15 Nov, 2006

2 commits

  • 990c1532   Update the OID for the ds-pwp-password-policy-dn attribute so that it no longer ... Browse Dir » 
    conflicts with the OID for the ds-cfg-window-size attribute.

OpenDS Issue Number:  1012


git-svn-id: https://svn.forgerock.org/opendj/trunk@728 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • cbfd0c70   Update the password policy implementation to use ds-pwp-password-policy-dn ... Browse Dir » 
    instead of pwdPolicySubentry for indicating which password policy should be
applied for a given user.  The new attribute is not marked NO-USER-MODIFICATION
so that it can be directly altered by administrators in addition to having a
value populated by a virtual attribute.  The pwdPolicySubentry attribute is
defined in the IETF draft as NO-USER-MODIFICATION and is only intended to be
virtually defined, making it more difficult to configure a special policy for
an individual user.

This also eliminates the possibility that clients will see this attribute and
will expect the corresponding password policy configuration to be based on the
specification in the IETF draft, which is not the case for OpenDS.

OpenDS Issue Number:  1003


git-svn-id: https://svn.forgerock.org/opendj/trunk@723 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

10 Nov, 2006

1 commit

  • 3431c6f0   issue 508 ... Browse Dir » 
    These changes implement a window mechanism in the sycnhronization protocol.

Up to now the flow control mechanism used by the synchronization
was  the TCP flow control mechanism. However, since TCP is not aware about
the type of the synchronization mechanism this was not allowing sending
of ACK messages when the TCP connection was saturated.
This was also preventing the implementation of the prioritized synchronization.

With these changes the TCP windows are set to a very large value and the
flow control is based on a configurable window size on the changelog servers
and on the LDAP servers.

These changes also add monitoring informations for the current and max window sizes.

I also took the opportunity to remove most the static variables and methods that were
preventing multi instantiation of the Changelog class.

I have also added tests for the incoding/decoding of ServerStartMessage and
ChangelogStartMessage, WindowMessage and for testing the window mechanism.

Also add the possibility to choose the port number used by the LDAP server when running
the unit test using property : org.opends.server.LdapPort
This can be usefull for debugging purpose.

reviewed by Daniel


git-svn-id: https://svn.forgerock.org/opendj/trunk@700 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

09 Nov, 2006

1 commit

  • 184db24e   Update the schema definitions based on RFC 2739 to correct a number of ... Browse Dir » 
    problems in the specification, including:

- The calEntry objectclass has been updated so that the calCalAdrURI and
  calOtherCalAdrURIs attributes are now allowed.

- The invalid "SUBSTRING" token has been replaced with the correct "SUBSTR"
  value.

- The reference to the invalid "caseIgnoreMatch" substring matching rule has
  been replaced with the correct "caseIgnoreSubstringsMatch" value.


OpenDS Issue Number:  977


git-svn-id: https://svn.forgerock.org/opendj/trunk@697 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

22 Oct, 2006

2 commits

  • 9a22963d   Add the nsUniqueId operational attribute to the OpenDS schema. We don't ... Browse Dir » 
    intend to use it, but it can help provide compatibility with the Sun Java
System Directory Server, as that server includes the nsUniqueId attribute when
performing LDIF exports.

OpenDS Issue Number:  853


git-svn-id: https://svn.forgerock.org/opendj/trunk@629 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 530b327a   Update the groupOfNames objectclass to make the member attribute optional, and ... Browse Dir » 
    update the groupOfUniqueNames objectclass to make the uniqueMember attribute
optional.  This varies from the standard definition in RFC 4519, but it makes
more sense for them to be optional.  It provides better compatibility with the
Sun Java System Directory Server, and it greatly simplifies problems like how
to handle an attempt to delete a user account if referential integrity is
enabled and that user is the last remaining member in a group.

OpenDS Issue Number:  619


git-svn-id: https://svn.forgerock.org/opendj/trunk@628 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

19 Sep, 2006

1 commit

17 Sep, 2006

1 commit

15 Sep, 2006

1 commit

  • 488aecbe   This uses the new FilePermission framework to set permissions on the ... Browse Dir » 
    directory holding the database files. The new config attribute
ds-cfg-backend-mode is optional and by default has a value of 700. The
permissions are set on backend initialization as well as on the fly via
LDAP. The server will make sure the file permissions will allow owner
access before setting. Any exceptions encountered while setting the
attribute will result in non fatal errors which are logged. However, any
configuration exceptions will keep the backend from starting.

Fix for issue 50

git-svn-id: https://svn.forgerock.org/opendj/trunk@353 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

31 Aug, 2006

1 commit

24 Aug, 2006

1 commit

  • 2e426489   Add a configuration option to limit the number of entries that will be checked f… ... Browse Dir » 
    …or matches during a search operation. A value of -1 or 0 will remove the limit, like the behavior of DS 5 and 6. Changed the "unlimited" values of size and time limits to be consistent with the lookthrough limit (-1 or 0). 

- It adds a new server wide config attribute (ds-cfg-lookthrough-limit)
with default of 5000

- It adds a new operational attribute (ds-rlim-lookthrough-limit) so
that a user's entry can be checked for a custom lookthrough limit on
bind for per user configurations.

- cn=Directory Manager by default will not have a lookthrough limit

Fix for issue 52

git-svn-id: https://svn.forgerock.org/opendj/trunk@201 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

16 Aug, 2006

1 commit

15 Aug, 2006

1 commit

14 Aug, 2006

1 commit

  • 44338cb2   Make a few changes in the area of account status notifications: ... Browse Dir » 
    - Update the account status notification type structure to include the DN of
  the associated user.

- Update the bind processing code to generate account status notifications for
  the following conditions:
  * Bind failed due to an expired account
  * Bind failed due to a reset-locked account
  * Bind failed due to an idle-locked account
  * Bind failed due to an expired password
  * The first time a password expiration warning is generated
  * If the bind failure count limit is reached and the account becomes locked

- An error log account status notification handler has been added, which can
  write messages to the error log when an account status notification is
  generated.


git-svn-id: https://svn.forgerock.org/opendj/trunk@162 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

10 Aug, 2006

1 commit

04 Aug, 2006

2 commits

02 Aug, 2006

1 commit

  • f2ebe4a6   Add a new account expiration feature to the password policy. This will make it ... Browse Dir » 
    possible for accounts to be given an expiration time, after which it will not
be possible to authenticate as that user or target that user with the proxied
authorization control.

If the ds-pwp-account-expiration-time operational attribute is included in the
user's entry and it references a time in the past, then the user's account will
be considered expired.  If it references a time in the future, then it will be
expired at that time.  If this attribute is absent, then the account will not
expire.

OpenDS Issue Number:  543


git-svn-id: https://svn.forgerock.org/opendj/trunk@131 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

24 Jul, 2006

1 commit

  • e7ede7bc   Update the synchronization configuration to ... Browse Dir » 
    - put changelog configuration below cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config
- use ds-cfg-changelog-server-id and ds-cfg-directory-server-id instead of ds-cfg-server-id
- don't require the ds-cfg-changelog-server attribute in changelog configuration (ds-cfg-synchronization-changelog-server-config objectclass)

Use dc=example,dc=com instead of dc=com in he synchronization configuration example

improve the javadoc

git-svn-id: https://svn.forgerock.org/opendj/trunk@30 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

23 Jul, 2006

1 commit

22 Jul, 2006

1 commit

18 Jul, 2006

1 commit

  • a53374ad   Update the FIFO and soft reference entry cache implementations to convert the ... Browse Dir » 
    lock timeout attribute to use an integer with unit syntax rather than just an
integer.

Also, update the FIFO entry cache implementation to get rid of the calls to run
the garbage collector.  Instead, if we detect that too much memory is being
used, we'll not store the new entry and get rid of an old entry.  This is much
more palatable in terms of performance and response time when the cache gets
full.


git-svn-id: https://svn.forgerock.org/opendj/trunk@19 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

16 Jul, 2006

1 commit

28 Jun, 2006

1 commit