org.forgerock / org.forgerock.opendj

14 Jun, 2007

4 commits

13 Jun, 2007

3 commits

12 Jun, 2007

7 commits

11 Jun, 2007

5 commits

08 Jun, 2007

1 commit

07 Jun, 2007

4 commits

  • b49fe277   Eliminate the search-unindexed privilege, since the feature was implemented to ... Browse Dir » 
    use a privilege of "unindexed-search" instead.  Also, eliminate the
index-rebuild privilege and fold all of its functionality into ldif-import,
since having a separate privilege for it doesn't provide much benefit and
creates additional administrative overhead.

OpenDS Issue Numbers:  1765, 1776


git-svn-id: https://svn.forgerock.org/opendj/trunk@2051 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 630ba039   Add a virtual attribute provider that can be used to assign entryUUID values ... Browse Dir » 
    for entries in private backends (e.g., the root DSE, schema, monitor entries,
config entries, etc.).  The entryUUID value that will be generated is based on
an MD5 hash of the entry DN, but this shouldn't be a problem for entries in
private backends because none of them allow modify DN operations.  User entries
should have a real entryUUID value generated when the entry is created (either
via an LDAP add or an LDIF import).

OpenDS Isssue Number:  1775


git-svn-id: https://svn.forgerock.org/opendj/trunk@2050 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8a0ca9cb   Provide a new mechanism for encoding entries. This method adds an extra ... Browse Dir » 
    element that includes flags that indicate how the entry was encoded.  The
flags currently defined include:

- Whether to exclude the DN from the encoded entry.  This may be useful for the
  filesystem entry cache, since it will already have a reference to the DN.

- Whether to compress the set of object classes contained in the entry with a
  binary token.

- Whether to compress the attribute descriptions in the entry with binary
  tokens.

These changes can help improve the encode/decode performance, and can reduce
the entry footprint (by about 30% for entries based on the example.template).
None of these options are enabled at the present time, but components which
call the Entry.encode() method will be able to indicate which of them should be
used for that entry.

OpenDS Issue Numbers:  660, 1675, 1770


git-svn-id: https://svn.forgerock.org/opendj/trunk@2049 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 2872c1cf   Fix for issue 1633 (JMX port should be disabled by default) ... Browse Dir » 
    Considering the limited added value that the JMX port will provide on 1.0 and the fact that we do not want to expose it on the QuickSetup, in the admin group we consider to disable this port by default.  Before committing a fix for this maybe we should send a Heads Up message to the users mailing list.

Basically after the changes the JMX connection handler will not be enabled if the server is installed using the graphical setup.  For the command line setup, JMX will not be enabled unless the user explicitly includes de -x option (for the JMX port) when invoking the command-line.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2046 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     

06 Jun, 2007

3 commits

05 Jun, 2007

2 commits

04 Jun, 2007

4 commits

02 Jun, 2007

1 commit

  • 0590a0a6   Update the server to provide a lockdown mode. This is a mode in which the ... Browse Dir » 
    server will only allow client connections over loopback interfaces and will
reject requests from non-root users.  This can be used in cases where it would
be helpful for the server to be online to address a problem, but there might be
security risks in having it fully available (e.g., the server detects a
malformed access control rule on startup, and we don't want to allow normal
access to the server since that rule might be intended to prevent users from
seeing sensitive information and not having it interpreted properly could be
dangerous).

This mode is designed so that server components like the access control
subsystem can place the server in this mode if a problem is detected, but it
also includes tasks that can be used to manually place the server into and out
of the lockdown mode.  These tasks will only be allowed to be invoked by root
users over a loopback connection.

OpenDS Issue Number:  1758


git-svn-id: https://svn.forgerock.org/opendj/trunk@2002 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

01 Jun, 2007

6 commits

  • 80f3bceb   With the new setup and clean of each testsuites I had to add ... Browse Dir » 
    a function that creates a backup that's used in the restore1 testcase.



git-svn-id: https://svn.forgerock.org/opendj/trunk@1999 41b1ffd8-f28e-4786-ab96-9950f0a78031
    tdj_tx
     
  • 7a59dd93   Adjusted some of the test cases for inheritance with ACI bind rules. Finishes off Issue 1600. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@1998 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mkeyes
     
  • cde660b0   Update the way that privileges are evaluated by the server. Previously, they were ... Browse Dir » 
    always based on the authentication identity rather than the authorization identity.  This
means that when the two are different, the result could be incorrect.  One key example of
this is the use of the proxied authorization control by a root user.  In this case, the
proxied authorization would not be subject to access control because the authenticated
user (but not the authorized user) had the bypass-acl privilege.

This change ensures that the proxied-auth privilege is always evaluated as the
authentication identity, but all other priviliges are always evaluated as the
authorization identity.

I have also updated a number of test cases that were incorrectly depending on the
former behavior.

OpenDS Issue Number:  1749


git-svn-id: https://svn.forgerock.org/opendj/trunk@1997 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 14877bda   Added some functional tests based on statements and examples in the wiki documentation. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@1996 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mkeyes
     
  • 72e913c2   Modify the DurationPropertyDefinition and DurationUnit classes so that they have… ... Browse Dir » 
    … more user-friendly encode/decode methods:

* the DurationPropertyDefinition encoder is unchanged: it uses the base property's base unit
* the DurationPropertyDefinition decoder now supports a mixed format in addition to the old format: now users can specify durations using a mixture of units such as 1h30m instead of 90m (both are permitted)
* the DurationUnit class has a toString(long) method which applications can use to get the above mixed unit representation (e.g. CLI)

The unit tests are updated. During the precommit the password policy test cases failed because they were testing some invalid durations which were not being checked in the DurationPropertyDefinition test suite. I've put these missing test cases in the DurationPropertyDefinition test suite. In addition, I've numbered the PWP test data entries so that they are easier to debug in future.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1995 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • b52dc85c   aclRightsInfo test case. ... Browse Dir » 
    
git-svn-id: https://svn.forgerock.org/opendj/trunk@1994 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mkeyes