org.forgerock / org.forgerock.opendj

25 Jun, 2007

2 commits

24 Jun, 2007

2 commits

23 Jun, 2007

1 commit

  • 34309988   Provide a way to control the order in which plugins are invoked. This ... Browse Dir » 
    implementation is similar to that used by DSEE 6.  The "cn=Plugins,cn=config"
configuration entry now supports a number of new configuration attributes
(one per plugin type) that can be used to control the invocation order for
plugins of that type.  The plugin order specification should be a string that
is a comma-delimited list of the names of the plugins in the order in which
they should be invoked, and it should also include an asterisk to indicate
the order in which any unmatched plugins should be invoked.

For example:

     ds-cfg-plugin-order-pre-operation-add: Entry UUID, *

This indicates that the "Entry UUID" plugin should be invoked before any other
pre-operation add plugins.

The plugin order is evaluated only at startup, and any problems or
inconsistencies detected (e.g., the same plugin name listed twice in the order,
or a plugin order that does not contain a wildcard character) will generate
warning messages in the server's error log.

OpenDS Issue Number:  253


git-svn-id: https://svn.forgerock.org/opendj/trunk@2157 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

22 Jun, 2007

1 commit

21 Jun, 2007

3 commits

20 Jun, 2007

1 commit

  • 79382956   This refactoring includes the following changes to the JE backend: ... Browse Dir » 
    - Extracted common interface DatabaseContainer from DN2ID, ID2Entry, etc... classes.
- Moved database read and write methods from EntryContainer to DatabaseContainer.
- Added index configuration to the XML based admin framework.
- Removed redundant configuration objects (Config, IndexConfig).
- Added exclusive/shared lock to EntryContainer. All access to an EntryContainer must acquire a lock before using the internal 
DatabaseContainers or making configuration changes.
- Added the ability to add/remove/modify indexes with the backend online. Server will issue rebuild required warning when adding new indexes 
or sub-indexes (equality, substring, presence...).
- Added the ability to change the index entry limit for both the backend and each index with the backend online. Server will issue rebuild 
required warning if the previous limit has been exceeded.
- Added the ability to change entry compression and index substring length setting while the backend is online.
- Added a persistent state database to each EntryContainer to persist backend configuration between server restarts. Server will issue 
rebuild required warning if a new index is added when the backend is offline.
- Added a trusted flag to indexes so that non existent keys will not be interpreted as an empty entry ID set when an index is untrusted. An 
index is untrusted when it is added to an non-empty EntryContainer or an inconsistency is detected. Server will issue warning on startup to 
rebuild the index. 
- Fixed a issue where the LDIF import process stops responding if the temporary import dir is full or unwritable. 

Fix for issue 1480 1455 1575


git-svn-id: https://svn.forgerock.org/opendj/trunk@2135 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

17 Jun, 2007

1 commit

15 Jun, 2007

5 commits

14 Jun, 2007

7 commits

12 Jun, 2007

1 commit

11 Jun, 2007

4 commits

08 Jun, 2007

1 commit

07 Jun, 2007

4 commits

  • b49fe277   Eliminate the search-unindexed privilege, since the feature was implemented to ... Browse Dir » 
    use a privilege of "unindexed-search" instead.  Also, eliminate the
index-rebuild privilege and fold all of its functionality into ldif-import,
since having a separate privilege for it doesn't provide much benefit and
creates additional administrative overhead.

OpenDS Issue Numbers:  1765, 1776


git-svn-id: https://svn.forgerock.org/opendj/trunk@2051 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 630ba039   Add a virtual attribute provider that can be used to assign entryUUID values ... Browse Dir » 
    for entries in private backends (e.g., the root DSE, schema, monitor entries,
config entries, etc.).  The entryUUID value that will be generated is based on
an MD5 hash of the entry DN, but this shouldn't be a problem for entries in
private backends because none of them allow modify DN operations.  User entries
should have a real entryUUID value generated when the entry is created (either
via an LDAP add or an LDIF import).

OpenDS Isssue Number:  1775


git-svn-id: https://svn.forgerock.org/opendj/trunk@2050 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8a0ca9cb   Provide a new mechanism for encoding entries. This method adds an extra ... Browse Dir » 
    element that includes flags that indicate how the entry was encoded.  The
flags currently defined include:

- Whether to exclude the DN from the encoded entry.  This may be useful for the
  filesystem entry cache, since it will already have a reference to the DN.

- Whether to compress the set of object classes contained in the entry with a
  binary token.

- Whether to compress the attribute descriptions in the entry with binary
  tokens.

These changes can help improve the encode/decode performance, and can reduce
the entry footprint (by about 30% for entries based on the example.template).
None of these options are enabled at the present time, but components which
call the Entry.encode() method will be able to indicate which of them should be
used for that entry.

OpenDS Issue Numbers:  660, 1675, 1770


git-svn-id: https://svn.forgerock.org/opendj/trunk@2049 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 2872c1cf   Fix for issue 1633 (JMX port should be disabled by default) ... Browse Dir » 
    Considering the limited added value that the JMX port will provide on 1.0 and the fact that we do not want to expose it on the QuickSetup, in the admin group we consider to disable this port by default.  Before committing a fix for this maybe we should send a Heads Up message to the users mailing list.

Basically after the changes the JMX connection handler will not be enabled if the server is installed using the graphical setup.  For the command line setup, JMX will not be enabled unless the user explicitly includes de -x option (for the JMX port) when invoking the command-line.



git-svn-id: https://svn.forgerock.org/opendj/trunk@2046 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jvergara
     

06 Jun, 2007

1 commit

  • 3379f481   Update the server to provide better interoperability with the Penrose virtual ... Browse Dir » 
    directory.  In particular, this commit exposes the
LDAPClientConnection.sendLDAPMessage() method, and fixes a case in which
short-circuiting out of the add operation processing in the pre-parse code with
a success response could have resulted in a null pointer exception.

OpenDS Issue Number:  1729


git-svn-id: https://svn.forgerock.org/opendj/trunk@2045 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

04 Jun, 2007

1 commit

  • 6d466d23   single valued attribute conflict resolution : issue 609 ... Browse Dir » 
    The resolution procedure for single valued attribute needs to be slightly different
from the mult-valued attribute procedure :
- less historical information can be kept
- the procedure must take into account the fact that only one value is allowed
 at a given time.

This Change splits the AttrInfo class into 2 classes :
AttrInfoSingle and AttrInfoMultiple that both extends AttributeInfo.
The Historical class if also refactorized to become more generic, some code
was staying there but was indeed specific to multi-valued attribute.

This change also add a number of unit tests for single valued attribute, and enable
an old test from HistoricalTest.java that was previously disabled because
conflict resolution for single valued attribute was not yet implemented.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2004 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

02 Jun, 2007

1 commit

  • 0590a0a6   Update the server to provide a lockdown mode. This is a mode in which the ... Browse Dir » 
    server will only allow client connections over loopback interfaces and will
reject requests from non-root users.  This can be used in cases where it would
be helpful for the server to be online to address a problem, but there might be
security risks in having it fully available (e.g., the server detects a
malformed access control rule on startup, and we don't want to allow normal
access to the server since that rule might be intended to prevent users from
seeing sensitive information and not having it interpreted properly could be
dangerous).

This mode is designed so that server components like the access control
subsystem can place the server in this mode if a problem is detected, but it
also includes tasks that can be used to manually place the server into and out
of the lockdown mode.  These tasks will only be allowed to be invoked by root
users over a loopback connection.

OpenDS Issue Number:  1758


git-svn-id: https://svn.forgerock.org/opendj/trunk@2002 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

01 Jun, 2007

4 commits

  • cde660b0   Update the way that privileges are evaluated by the server. Previously, they were ... Browse Dir » 
    always based on the authentication identity rather than the authorization identity.  This
means that when the two are different, the result could be incorrect.  One key example of
this is the use of the proxied authorization control by a root user.  In this case, the
proxied authorization would not be subject to access control because the authenticated
user (but not the authorized user) had the bypass-acl privilege.

This change ensures that the proxied-auth privilege is always evaluated as the
authentication identity, but all other priviliges are always evaluated as the
authorization identity.

I have also updated a number of test cases that were incorrectly depending on the
former behavior.

OpenDS Issue Number:  1749


git-svn-id: https://svn.forgerock.org/opendj/trunk@1997 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 72e913c2   Modify the DurationPropertyDefinition and DurationUnit classes so that they have… ... Browse Dir » 
    … more user-friendly encode/decode methods:

* the DurationPropertyDefinition encoder is unchanged: it uses the base property's base unit
* the DurationPropertyDefinition decoder now supports a mixed format in addition to the old format: now users can specify durations using a mixture of units such as 1h30m instead of 90m (both are permitted)
* the DurationUnit class has a toString(long) method which applications can use to get the above mixed unit representation (e.g. CLI)

The unit tests are updated. During the precommit the password policy test cases failed because they were testing some invalid durations which were not being checked in the DurationPropertyDefinition test suite. I've put these missing test cases in the DurationPropertyDefinition test suite. In addition, I've numbered the PWP test data entries so that they are easier to debug in future.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1995 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 5d7b3127   Add a new method for retrieving the "best-fit" size unit appropriate for a given… ... Browse Dir » 
    … number of bytes. This is intended for use in user interfaces since the value returned maybe a floating point value and subject to small errors. For LDAP encoding/decoding we still have the original getBestFitUnit() method but it has been renamed to getBestFitUnitExact(). Both methods are class methods.

git-svn-id: https://svn.forgerock.org/opendj/trunk@1991 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 73e08ef2   Update the access logger so that it will not suppress internal operations when ... Browse Dir » 
    running the test cases.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1987 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson