org.forgerock / org.forgerock.opendj

23 Jun, 2007

1 commit

  • 34309988   Provide a way to control the order in which plugins are invoked. This ... Browse Dir » 
    implementation is similar to that used by DSEE 6.  The "cn=Plugins,cn=config"
configuration entry now supports a number of new configuration attributes
(one per plugin type) that can be used to control the invocation order for
plugins of that type.  The plugin order specification should be a string that
is a comma-delimited list of the names of the plugins in the order in which
they should be invoked, and it should also include an asterisk to indicate
the order in which any unmatched plugins should be invoked.

For example:

     ds-cfg-plugin-order-pre-operation-add: Entry UUID, *

This indicates that the "Entry UUID" plugin should be invoked before any other
pre-operation add plugins.

The plugin order is evaluated only at startup, and any problems or
inconsistencies detected (e.g., the same plugin name listed twice in the order,
or a plugin order that does not contain a wildcard character) will generate
warning messages in the server's error log.

OpenDS Issue Number:  253


git-svn-id: https://svn.forgerock.org/opendj/trunk@2157 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

20 Jun, 2007

1 commit

  • 79382956   This refactoring includes the following changes to the JE backend: ... Browse Dir » 
    - Extracted common interface DatabaseContainer from DN2ID, ID2Entry, etc... classes.
- Moved database read and write methods from EntryContainer to DatabaseContainer.
- Added index configuration to the XML based admin framework.
- Removed redundant configuration objects (Config, IndexConfig).
- Added exclusive/shared lock to EntryContainer. All access to an EntryContainer must acquire a lock before using the internal 
DatabaseContainers or making configuration changes.
- Added the ability to add/remove/modify indexes with the backend online. Server will issue rebuild required warning when adding new indexes 
or sub-indexes (equality, substring, presence...).
- Added the ability to change the index entry limit for both the backend and each index with the backend online. Server will issue rebuild 
required warning if the previous limit has been exceeded.
- Added the ability to change entry compression and index substring length setting while the backend is online.
- Added a persistent state database to each EntryContainer to persist backend configuration between server restarts. Server will issue 
rebuild required warning if a new index is added when the backend is offline.
- Added a trusted flag to indexes so that non existent keys will not be interpreted as an empty entry ID set when an index is untrusted. An 
index is untrusted when it is added to an non-empty EntryContainer or an inconsistency is detected. Server will issue warning on startup to 
rebuild the index. 
- Fixed a issue where the LDIF import process stops responding if the temporary import dir is full or unwritable. 

Fix for issue 1480 1455 1575


git-svn-id: https://svn.forgerock.org/opendj/trunk@2135 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

11 Jun, 2007

1 commit

08 Jun, 2007

1 commit

05 Jun, 2007

1 commit

10 May, 2007

1 commit

03 May, 2007

2 commits

  • 5ec7b4df   Major changes made to the logging framework. It should resolve the following issues: ... Browse Dir » 
    1. Migrated configuration to the new admin framework.
2. Removed all dependencies on the JDK logger. (Issue 1503)
3. Added option to set the file permissions on all log files. (Issue 202)
4. Added option to write log files asynchronously.
5. Retention and rotation policies are now separate managed objects registered to the Directory Server.
6. Rotation and retention policies are not extensible.
6. Post-rotation actions are not yet implemented in this set of changes.
7. Tools and tasks can now use a custom log publisher that only picks up messages generated by a specific thread or thread group.
8. Debug logger no longer creates a log record object for every message. 
9. Configurable Log File Paths (Issue 174)
10. Log Level Support by Category/Severity. This capability is limited for error logger. (Issue 177)
11. Support log file rotation (Issue 188)
12. Sized-based, Time-based rotation policies (Issues 190, 191)
13. Time-based, max size-based, file count-based retention policies (Issues 199, 201, 202)
14. Debug logger configurable via the admin framework (Issue 836)



git-svn-id: https://svn.forgerock.org/opendj/trunk@1805 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • be7a211f   Minor fixes to replication related schema definitions (e.g. missing attributes i… ... Browse Dir » 
    …n object class definitions).

git-svn-id: https://svn.forgerock.org/opendj/trunk@1777 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     

02 May, 2007

1 commit

27 Apr, 2007

1 commit

  • e43a5550   This is is the last part of the replication renaming (issue 1090) ... Browse Dir » 
    and is the renaming of the configuration.

The change in the configurations are quite simples, basically the changelog string
has been replaced by the replication-server and the synchronization string
has been replaced by replication except when it is used as synchronization provider. 

The schema is a bit more complex because I've decided to keep the old objectclass
names and the old attribute names as alias of the new names.
This would allow the previous configuration to work, however my testing has shown that
the admin framework does not seem to deal well with objectclass aliases and therefore
this is not entirely true.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1725 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

25 Apr, 2007

1 commit

23 Apr, 2007

1 commit

  • e1f53ff3   This integrates the multi-master synchronization with the new admin framework (issue 1477) ... Browse Dir » 
    and makes possible to dynamically add or remove changelog server and
synchronization domains in a running server (issue 639).

It was necessary to slightly modify the configuration :

- The objectclass ds-cfg-multimaster-synchronization-provider must be added to
 the entry : cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config
- the domains must be configured under
 cn=domains, cn=Multimaster Synchronization,cn=Synchronization Providers,cn=config
 instead of being directly under this entry.

The synchronization.ldif file has been updated to reflect these changes.
I will update the configuration doc in the wiki

git-svn-id: https://svn.forgerock.org/opendj/trunk@1680 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

20 Apr, 2007

1 commit

17 Apr, 2007

1 commit

13 Apr, 2007

2 commits

11 Apr, 2007

2 commits

10 Apr, 2007

3 commits

  • 8138f02c   Add support for two new password validators: ... Browse Dir » 
    - Issue #338:  Prevent users from selecting a password that matches the value
  of any attribute (or a specified set of attributes) in that user's entry.

- Issue #341:  Prevent users from selecting a password that matches a value
  contained in a dictionary.

Both validators support both forward and reverse matching, and for the
dictionary password validator I have compiled a dictionary from public domain
word lists.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1611 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8c3beb87   Re-numbered OIDs added in revision 1607 that caused conflicts with OIDs alreadly ... Browse Dir » 
    assigned.



git-svn-id: https://svn.forgerock.org/opendj/trunk@1610 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 59b9d1d7   Added the following capabilities to OpenDS: ... Browse Dir » 
    - Index rebuilding capabilities. All indexes including system and attribute indexes can 
be rebuilt. Each index will be rebuilt by a seperate thread to increase performance. A 
max number of rebuild threads could be set to limit the resources used by large rebuild 
jobs. Partial rebuilds of attribute indexes could also be done by specifying the 
attribute index type after the attribute type (ie. sn.approximate).
- Index rebuilding standalone tool. Rebuilding of attribute indexes could be done with 
the backend online. However, rebuilds including system indexes must be done with the 
backend offline.
- Index rebuilding task. Rebuilding of attribute indexes are done with the backend 
online. Rebuilds that include system indexes will be performed after bring the backend 
offline. The user must have index-rebuild privilages to rebuild indexes.
- Approxitae indexing capability. The value of the attribute will be normalized using 
the approximate maching rule of that attribute type. This is used as the key for the 
index. Approximate indexes are fully supported by the index verify, rebuild, and import 
jobs.
- Fixed bug in build.xml where weave is enabled even if a test.* property is set.
- Consolidated some common tool messages.
- Consolidated some JE backend methods common to all tools.
- Added unit tests for rebuild job and approximate indexes.

Fix for issues 35, 39, 40, 41


git-svn-id: https://svn.forgerock.org/opendj/trunk@1607 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

03 Apr, 2007

1 commit

  • cc5a59f0   Add initial support for a virtual attribute subsystem, and implement a few ... Browse Dir » 
    different kinds of virtual attributes.  This commit addresses the following
issues:

- Issue #1475 -- General virtual attribute support
- Issue #539  -- Support for the isMemberOf virtual attribute
- Issue #544  -- Support for the entryDN virtual attribute
- Issue #1056 -- Support for the subschemaSubentry virtual attribute
- Issue #85   -- Support for the real attributes only control
- Issue #86   -- Support for the virutal attributes only control

In general, virtual attribute support consists of three parts:

- An implementation of the org.opends.server.api.VirtualAttributeProvider
  class, which provides the logic for actually generating the values, providing
  support for various kinds of matching, and potentially the ability to process
  search operations involving the virtual attribute that might not otherwise be
  indexed.

- The org.opends.server.types.VirtualAttribute class, which is a subclass of
  org.opends.server.types.Attribute and uses the virtual attribute provider to
  generate its values.

- The org.opends.server.types.VirtualAttributeRule class, which associates a
  virtual attribute provider with a given attribute type, and also with a set
  of criteria that controls which entries should have the attribute.


The virtual attribute rule currently supports the following criteria that can
be used to decide whether an entry should have a given virtual attribute:

- Zero or more base DNs.  If any base DNs are provided, then any entry which
  falls below one of those base DNs will be a candidate to get the virtual
  attribute.  If no base DNs are provided, then DIT location will not be taken
  into account when determining eligibility.

- Zero or more group DNs.  If any group DNs are provided, then any entry that
  belongs to one of the specified groups will be a candidate to get the virtual
  attribute.  If no group DNs are provided, then group membership will not be
  taken into account when determining eligibility.

- Zero or more search filters.  If any filters are provided, then any entry
  that matches one of the specified filters will be a candidate to get the
  virtual attribute.  If no filters are provided, then the contents of the
  entry will not be taken into account when determining eligibility.


In addition to that criteria, virtual attribute rules define a conflict
behavior, which controls how to behave when the entry already has one or more
real values for the attribute.  The conflict behavior can be
"real-overrides-virtual" (to only show the real values),
"virtual-overrides-real" (to only show the virtual values), or
"merge-real-and-virtual" (to show both real and virtual values).

The virtual attribute implementation has been designed so that there should be
virtually no performance impact unless the attribute needs to be returned to
the client or it is referenced in a search filter, and you can completely
disable virtual attributes if you don't need them.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1562 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

29 Mar, 2007

3 commits

  • 43046057   Back out the commit included in revision 1539 because it does not build ... Browse Dir » 
    properly (it appears to reference classes that are not in the repository).


git-svn-id: https://svn.forgerock.org/opendj/trunk@1541 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 19d4b093   [Issue #605] Total Update over protocol ... Browse Dir » 
    These changes implies :
- new messages in the protocol and their tests
- new logic in the SynchronizationDomain to handle the import and the export
- new logic in the Changelog server to forward the messages for this feature
- new tasks to trigger the total update
Object class
1.3.6.1.4.1.26027.1.2.91: ds-task-initialize-from-remote-replica
1.3.6.1.4.1.26027.1.2.92: ds-task-initialize-remote-replica
Attributes - same for both tasks :
1.3.6.1.4.1.26027.1.1.332: ds-task-initialize-domain-dn
1.3.6.1.4.1.26027.1.1.333: ds-task-initialize-replica-server-id
1.3.6.1.4.1.26027.1.1.334: ds-task-unprocessed-entry-count
1.3.6.1.4.1.26027.1.1.335: ds-task-processed-entry-count
- a bunch of unit tests to tests the export and the import, on the producer
side and on the consumer side



git-svn-id: https://svn.forgerock.org/opendj/trunk@1539 41b1ffd8-f28e-4786-ab96-9950f0a78031
    pgamba
     
  • 3afa7c15   Update the core server schema to ensure that it includes all of the pilot ... Browse Dir » 
    schema elements from RFC 1274.  Where elements already existed but with a
different name (e.g., 'uid' instead of 'userid'), I updated them to include
both names.

OpenDS Issue Number:  1466


git-svn-id: https://svn.forgerock.org/opendj/trunk@1535 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

26 Mar, 2007

2 commits

  • 5e3f132a   Add two new password validators to OpenDS: ... Browse Dir » 
    - A validator which enforces a restriction that passwords must have at least a
  specified number of unique characters (issue #1219).

- A validator which enforces a restriction that passwords may not have any
  character which appears more than a specified number of times in a row (issue
  #1220).


git-svn-id: https://svn.forgerock.org/opendj/trunk@1520 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 3eef5bcc   Add a new password validator that determines whether a proposed new password ... Browse Dir » 
    is acceptable based on how similar it is to the user's current password.  The
processing uses the Levenshtein Distance algorithm to determine the number of
changes required to convert the current password into the new password (a
change may be either inserting a new character, removing an existing character,
or replacing an existing character).

Contributed By:  Ales Novak
OpenDS Issue Number:  340


git-svn-id: https://svn.forgerock.org/opendj/trunk@1511 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

22 Mar, 2007

1 commit

20 Mar, 2007

1 commit

19 Mar, 2007

1 commit

  • 0635d3fb   Add support for: ... Browse Dir » 
    1. global ACI implementation using the ds-cfg-global-aci attribute type
2. re-adds support  for ACIs in the "cn=config" naming context



git-svn-id: https://svn.forgerock.org/opendj/trunk@1452 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

08 Mar, 2007

1 commit

01 Mar, 2007

1 commit

28 Feb, 2007

2 commits

  • c7992bba   This set of changes allow to have the schema synchronization working by ... Browse Dir » 
    configuring synchronization for suffix cn=schema (issue 613) .

You may want to read the schema Synchronization documents before reviewing this
https://opends.dev.java.net/public/docs/dev-docs/SchemaSyncFeatureRequirements.html   and
https://opends.dev.java.net/public/docs/dev-docs/SchemaSyncDesign.html

It includes :

- Change the PersistentServerState to use attribute ds-sync-state in the base entry
 instead of a specific entry.
 Add new unit test for the PersistentServerState class.
 Change attribute ds-sync-state to be an operational attribute.

- Change the schema backend to allow storage of the ds-synch-state attribute in the
 schema ldif File.
 This change is arguable because  I have chosen to make this as simple as possible
 and therefore only allowed the storage of this attribute in the schema File.
 While this has the advantage of being very simple it has
 the drawback of adding some code in the schema backend that is only related to synchronization.
 The other choice would be to add a generic service in the schema backend for storing
 any type of attribute.
 Please tell me if you think that this would be better.

- Disable the conflict resolution for cn=schema so that we don't polute the ldif entries
 with the historical information

- Add unit test for schema synchronization

The work for schema synchronization is not complete with this.
A second round of modification is necessary for synchronizing the schema changes
done by manually editing the files or by dynamically loading a file.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1275 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     
  • d0638f14   Fix for issue 517 : Configurable purge delay ... Browse Dir » 
    This change makes possible to configure the Changelog purge delay that
was previously hard-coded using the ds-cfg-changelog-purge-delay attribute.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1274 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

26 Feb, 2007

1 commit

  • 6eccf279   Add three new certificate mappers to the server: ... Browse Dir » 
    - One which will take attributes from the certificate subject and map them to
  attributes in user entries (Issue #1278).

- One which will search for the subjects of the presented certificates in user
  entries (Issue #1279).

- One which will search for the MD5 or SHA1 fingerprints of the presented
  certificates in user entries (Issue #1280).


git-svn-id: https://svn.forgerock.org/opendj/trunk@1254 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

21 Feb, 2007

1 commit

  • 7950ddbe   Redesign the server to support multiple key manager providers, trust manager ... Browse Dir » 
    providers, and certificate mappers, and update the components which need access
to those elements so that they can specify which one they want to use.  Among
other things, this will provide the ability to use different certificates for
different listeners, and provide template configuration entries that make it
easier for users to enable SSL and/or StartTLS.

OpenDS Issue Number:  561


git-svn-id: https://svn.forgerock.org/opendj/trunk@1212 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

09 Feb, 2007

1 commit

  • de73e635   Add an initial set of privilege support to OpenDS. The current privileges are ... Browse Dir » 
    currently defined and implemented:
* config-read (allow reading the configuration)
* config-write (allow updating the configuration)
* ldif-import (allow invoking LDIF import tasks)
* ldif-export (allow invoking LDIF export tasks)
* backend-backup (allow invoking backup tasks)
* backend-restore (allow invoking restore tasks)
* server-shutdown (allow invoking server shutdown tasks)
* server-restart (allow invoking server restart tasks)
* server-restart (allow invoking server restart tasks)
* password-reset (allow resetting user passwords)
* update-schema (allow updating the server schema)
* privilege-change (allow changing the set of privileges for a user)

The following privileges are also defined but not yet implemented:
* bypass-acl (allow bypassing access control evaluation)
* modify-acl (allow updating access control definitions)
* jmx-read (allow reading information over JMX)
* jmx-write (allow updating information over JMX)
* jmx-notify (allow subscribing to JMX notifications)
* proxied-auth (allow the use of proxied authorization and SASL authzid)
* disconnect-request (allow terminating arbitrary client connections)
* cancel-request (allow canceling arbitrary client connections)
* search-unindexed (allow requesting unindexed searches)
* data-sync (allow participating in a data synchronization environment)

Root users automatically inherit a subset of these privileges by default, and
users can also be explicitly granted or forbidden the use of specified
privileges.

OpenDS Issue Numbers:  468, 472, 474, 475, 477, 1213


git-svn-id: https://svn.forgerock.org/opendj/trunk@1134 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

02 Feb, 2007

2 commits

  • 64d9bdb4   These changes are for issue 787: ... Browse Dir » 
    LDAP server need to detect failure of changelog servers

The synchronization server sends a regular heartbeat message when the session is idle and there are no synchronization updates flowing.  The broker attempts to re-establish a connection to the same or alternative sync server when it detects loss of heartbeats.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1093 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     
  • 8f5b3ea6   Add initial support for static groups. At present, this does not allow for ... Browse Dir » 
    nested static groups, but it does handle changes to the set of available groups
and to group membership while the server is online.  It also includes a
backend initialization listener API, which makes it possible for components to
perform custom processing when a backend is brought online or offline, and this
is used to identify all groups at the time that the server is started.

OpenDS Issue Number:  422


git-svn-id: https://svn.forgerock.org/opendj/trunk@1090 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

30 Jan, 2007

1 commit