org.forgerock / org.forgerock.opendj

14 Jan, 2008

1 commit

08 Jan, 2008

1 commit

19 Dec, 2007

2 commits

17 Dec, 2007

1 commit

13 Dec, 2007

1 commit

08 Dec, 2007

1 commit

04 Dec, 2007

1 commit

02 Dec, 2007

1 commit

16 Nov, 2007

2 commits

  • edb0c4c5   Tag components as advanced or intended for customization. ... Browse Dir » 
    This relates to issue 1829.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3462 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • b3106d3b   Advanced properties phase 1: tag advanced properties and perform ... Browse Dir » 
    various clean-up to the XML definitions:

   * clean up typos and any bad grammar in the synopsis/description
     elements

   * fixed common errors. For example, there were many places where the
     synopsis was repeated in the description (the description is only
     ever used in conjunction with the synopsis). There were also many
     places where the <adm:user-friendly-name> was being used in
     property definition description elements to refer to the property
     name, when it actually refers to the managed object name

   * split big synopsis (not sure of the plural form - synopsi?) where
     possible - there were lots of cases where we'd have a big synopsis
     but no description

   * overrode properties with sensible default values where
     appropriate (for example, I provided sensible default values for
     some of the attribute-type properties in the virtual attribute
     definitions)

   * generally made documentation more consistent across the definitions

   * removed unneeded XML attributes of the form 'mandatory="false"'.
     Attributes only need to be specified if their value is true as
     they default to false. Adding redundant attributes just makes the
     XML harder to read

   * removed any documentation that referred to the configuration in
     LDAP related terms (with one exception in the Schema backend). All
     documentation now refers to other properties using the property
     names, not their associated LDAP attribute.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3456 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     

13 Nov, 2007

1 commit

06 Nov, 2007

1 commit

  • 6eee8e2f   Fix for 2423 : remove some replication configuration parameters ... Browse Dir » 
    The attributes :
 ds-cfg-max-receive-queue,
 ds-cfg-max-receive-delay,
 ds-cfg-max-send-queue,
 ds-cfg-max-send-delay
 
were left from some prototyping I did a while ago and not usefull
for now.

I've therefore removed them from the configuration of the
Replication Domain.

  

git-svn-id: https://svn.forgerock.org/opendj/trunk@3415 41b1ffd8-f28e-4786-ab96-9950f0a78031
    gbellato
     

30 Oct, 2007

1 commit

  • ee0ceaa1   s set of files provides the workflow configuration manual mode. ... Browse Dir » 
    Until now, the workflows were automatically configured-a wokflow
was created for each base DN in the backends. When new suffixes
were added or when a backend was added, the associated workflows
were also created (and simillarly workflows were deleted as suffixes
or backends were removed).

With the manual mode, each and every workflow in the server must
be defined explicitely in the configuration. By default, the server is
running in automatic configuration mode. To have a server running
with manual configuration mode one must set the attribute in
cn=config:

    dn: cn=config
    ...
    ds-cfg-workflow-configuration-mode: auto|manual


No attribute means "auto" mode.

The workflow configuration consist of 3 parts:
- the configuration of workfow elements
- the configuration of workfows
- the configuration of network groups


The Workflow Elements - A workflow element is a basic task in a
workflow. The workflow elements are organized in trees and the
simplest tree is made of one element. For example, the workflow
element that wraps a local backend is configured as follow:

    dn: ds-cfg-workflow-element-id=userRoot,cn=workflow elements,cn=config
    objectClass: top
    objectClass: ds-cfg-workflow-element
    objectClass: ds-cfg-local-backend-workflow-element
    ds-cfg-workflow-element-id: userRoot
    ds-cfg-enabled: true
    ds-cfg-java-class: org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement
    ds-cfg-backend: ds-cfg-backend-id=userRoot,cn=Backends,cn=config

From an admin standpoint, the local backend workflow element
is an aggregation of a single backend (attribute ds-cfg-backend).
So we cannot disable/delete a backend as long as it is used by a
local backend workflow element.


The Workflows - A workflow is a chain of processing and it's
targeting all the entries under a given baseDN. The processing
is actually identified by the root node of the task tree described
above. The configuration of a workflow looks like:

    dn: ds-cfg-workflow-id=userRoot,cn=workflows,cn=config
    objectClass: top
    objectClass: ds-cfg-workflow
    ds-cfg-workflow-id: userRoot
    ds-cfg-enabled: true
    ds-cfg-workflow-element: ds-cfg-workflow-element-id=userRoot,cn=workflow elements,cn=config
    ds-cfg-base-dn:  dc=example,dc=com

From an admin standpoint, the local workflow is an aggregation
of a single elements (attribute ds-cfg-workflow-element).
So we cannot disable/delete a workflow element as long as it is used
by a local workflow.


The Network Groups - A network group defines categories for
client connection. The network group contains a set of workflows
and each client operation is routed to one (or more) workflow(s).
By default, the server create a default network group which contains
all the workflows defined in the server. The default network group
looks like:

    dn: ds-cfg-id=defaultNetworkGroup2,cn=network groups,cn=config
    objectClass: top
    objectClass: ds-cfg-network-group
    ds-cfg-id: defaultNetworkGroup2
    ds-cfg-enabled: true
    ds-cfg-workflow: ds-cfg-workflow-id=adminRoot,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=ads-truststore,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=backup,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=config,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=monitor,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=schema,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=tasks,cn=Workflows,cn=config
    ds-cfg-workflow: ds-cfg-workflow-id=userRoot,cn=Workflows,cn=config

From an admin standpoint, the network group is an aggregation
of several workflows (attribute ds-cfg-workflow). So we cannot
disable/delete a workflow as long as it is used by a network group.


A unit test named WorkflowConfigurationTest tests the configuration
of network groups, workflows and workflow elements.



git-svn-id: https://svn.forgerock.org/opendj/trunk@3388 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jdemendi
     

19 Oct, 2007

1 commit

18 Oct, 2007

1 commit

  • cca8fa34   no issue ... Browse Dir » 
    CryptoManager
1. remove shared secret key wrapping transformation (ds-cfg-key-wrapping-transformation) from configuration
2. other miscellaneous cleanup, including adding TODOs with issue numbers for some recently opened issues.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3328 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

17 Oct, 2007

1 commit

  • 845f11b5   no issue ... Browse Dir » 
    CryptoManager
RC4 -> RC4/NONE/NoPadding


git-svn-id: https://svn.forgerock.org/opendj/trunk@3324 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

13 Oct, 2007

1 commit

  • 4d0792f3   No issue. ... Browse Dir » 
    CryptoManager
Step 1 to factor a CryptoManager interface from the implementation.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3303 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

10 Oct, 2007

1 commit

28 Sep, 2007

1 commit

27 Sep, 2007

1 commit

  • c40a66ed   Improvements to aggregation support and foundation work for expressing arbitrary… ... Browse Dir » 
    … constraints within components.

This change adds support for defining arbitrary conditions which can be used to test properties and their values. Conditions can be used within aggregations to define 1) when a referenced managed object needs enabling and 2) when it is enabled. For example, the LDAP connection handler requires that its key manager provider and trust manager provider are enabled when it is enable and when either SSL or StartTLS are enabled.

Conditions are also intended for use within the existing constraint/dependency support. For example, it should be possible to indicate that a property "min" is always less than or equal to a property "max", or that when "use-ssl" is set to true, any required SSL configuration related properties are also defined. This will be implemented in a subsequent change (this change just focuses on the work required to resolve issue 1449).

This change adds support for the following conditions:

* logical "not"
* logical "and"
* logical "or"
* logical "implies"
* contains - determines if a property contains a particular value
* is-present - determines if a property has any values (incl. defaults)

More will be added as required.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3229 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     

26 Sep, 2007

3 commits

  • e2517750   Update the Get Symmetric Key extended operation handler so that it has its own ... Browse Dir » 
    object class and config definition rather than relying on the generic
configuration.  This makes it easier to use through dsconfig.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3211 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 5abb86e7   Merge branches/temp-admin@3208 onto trunk@3208. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@3209 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • d72d5ef1   Update the backend API to include new isIndexed methods that can be used to ... Browse Dir » 
    determine whether a given attribute is indexed in a specified manner, or that
can be used to determine whether a specified filter is indexed.  At present,
all backends except the JE backend and the replication backend are considered
always indexed for all operations.  The JE backend is only considered indexed
based on its index configuration.  The replication backend is never considered
indexed.

Update the following components to make use of this new isIndexed capability:
- The DSEE-compatible access control handler will now log a warning message at
  startup if it detects that there is no presence index for the aci attribute,
  which can make startup take a long time on a big database.
- The group manager will now log a warning message at startup if any of the
  group implementation filters are unindexed, which can make startup take a
  long time on a big database.
- The referential integrity plugin now requires that all of the attributes for
  which referential integrity is to be maintained must be configured with
  equality indexes.
- The unique attribute plugin now requires that all of the attributes for which
  uniqueness is to be enforced must be configured with equality indexes.

This commit also updates the LDIF backend so that it is possible to
indicate via configuration whether its base DNs should be registered as public
or private base DNs.  The LDIF backend used as the admin root has been
updated so that it is considered a private backend.  The replication backend
has also been updated so that it is considered a private backend.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3206 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

23 Sep, 2007

1 commit

  • ef5e5493   Add support for an LDIF backend. Entries in this backend will be held in ... Browse Dir » 
    memory, and all read operations will be served from memory, but the underlying
data will be stored in an LDIF file on disk and any write operation will cause
that LDIF file to be updated.

This backend supports all major operations, including moving/renaming non-leaf
entries with the modify DN operation, and also supports the subtree delete
control and LDIF import and export operations.  Backup and restore operations
are not currently supported.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3160 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

21 Sep, 2007

1 commit

19 Sep, 2007

1 commit

  • 94e99606   Add a new monitor provider that can be used to monitor memory usage within the ... Browse Dir » 
    JVM, including:

- The total number of garbage collections (per memory pool)
- The total duration of all garbage collections (per memory pool)
- The averge duration for a garbage collection (per memory pool)
- The duration of the most recent garbage collection (per memory pool)
- The current size of each memory region
- The size of each memory region after the last garbage collection


git-svn-id: https://svn.forgerock.org/opendj/trunk@3120 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

14 Sep, 2007

1 commit

13 Sep, 2007

1 commit

10 Sep, 2007

1 commit

  • c6ff7b0f   Add support for password storage schemes using AES, 3DES, RC4, and Blowfish. ... Browse Dir » 
    The AES, RC4, and Blowfish implementations all use 128-bit ciphers, and the
3DES implementation uses a 168-bit cipher.

Note that while these password storage schemes are functional, they rely on the
crypto manager, which is not fully implemented.  The storage schemes are not
exposed in the server configuration because the crypto manager does not have
any mechanism to persist secret keys for symmetric encryption.  Until the
crypto manager provides persistence for these keys, passwords encoded using
these schemes will not be usable after the server is restarted.  Once the
crypto manager implementation is complete, these schemes should be exposed in
the server configuration.

OpenDS Issue Numbers:  315, 316, 317, 318


git-svn-id: https://svn.forgerock.org/opendj/trunk@3000 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

09 Sep, 2007

2 commits

  • 1f7dbdf6   Update the server to provide a basic framework for controlling when plugins ... Browse Dir » 
    will be invoked.  There are two basic changes:

- Add a new ds-cfg-invoke-for-internal-operations configuration attribute for
  all plugins, which indicates whether the plugin should be invoked for
  internal operations.  If this is false, then the plugin will only be invoked
  for externally-requested operations.

- Add four new plugin types:  postSynchronizationAdd,
  postSynchronizationDelete, postSynchronizationModify, and
  postSynchronizationModifyDN.  These allow a plugin to perform a limited set
  of processing for changes that are successfully applied through
  synchronization.


The unique attribute plugin has also been updated to support the
post-synchronization plugin types so that if a conflict is introduced
concurrently on two different servers within the propagation delay, an
administrative alert will be generated to indicate that manual intervention is
required to address the problem.

Finally, ensure that audit logging is enabled during the unit tests, and
update the audit logger to include the connection ID and operation ID for the
operation being logged.


OpenDS Issue Number:  2057


git-svn-id: https://svn.forgerock.org/opendj/trunk@2999 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 1058f0e4   - [Issue 1594] entry caches should have monitor information: ... Browse Dir » 
    implement generic entry cache monitor provider which allows any entry cache implementation current or future
  to provide a common or custom set of entry cache state data. update all existing entry cache implementations
  so that they provide their common state data to the entry cache monitor provider.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2998 41b1ffd8-f28e-4786-ab96-9950f0a78031
    abobrov
     

06 Sep, 2007

1 commit

  • 9a4423a6   Update password storage scheme references in the server so that they use DNs ... Browse Dir » 
    rather than storage scheme names.  This will allow better consistency in the
configuration, since all other references between configuration objects are
DN-based, and it will work better with the upcoming aggregation support.
It also eliminates the need to know the storage scheme name, which is not
obvious from looking at the configuration entry for the storage scheme, and
can actually vary in some implementations depending on whether it's used with a
user password or auth password syntax attribute.

OpenDS Issue Number:  2155


git-svn-id: https://svn.forgerock.org/opendj/trunk@2974 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

04 Sep, 2007

3 commits

  • e6e5d3c2   Add a new LDIF connection handler, which can be used to watch for new LDIF ... Browse Dir » 
    files to be created in a directory, at which point the changes contained in
those LDIF files will be processed by the server using internal operations.
This can potentially be used to make configuration changes or invoke tasks if
the server is unresponsive to external clients (e.g., all worker threads are
busy).

Note that in the default configuration, the LDIF connection handler is enabled
but the target directory doesn't exist.  In this configuration, it will simply
not do anything until the target directory is created and one or more LDIF
files are placed in it.  This is a safeguard against an administrator
inadvertently placing a file in that directory without understanding the
potential consequences of that action.  It also means that we can use it to
perform debugging operations (e.g., "dump all") without having to restart the
server if it becomes unresponsive.

OpenDS Issue Number:  2216


git-svn-id: https://svn.forgerock.org/opendj/trunk@2950 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • ad39ad18   Fix typo in LDAP attribute mapping for send-message-without-end-user-address property. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@2948 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • a7ca5f6a   Add a 7-bit clean plugin, which can be used to ensure that values for a ... Browse Dir » 
    specified set of attributes (optionally only for entries below a specified set
of base DNs) are 7-bit clean.

OpenDS Issue Number:  261


git-svn-id: https://svn.forgerock.org/opendj/trunk@2932 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

03 Sep, 2007

3 commits

  • ecb7f164   Implement support for a maximum blocked write time limit in the LDAP connection ... Browse Dir » 
    handler, which can be used to terminate client connections if an attempt to
write data to the client has been blocked for too long.  This will generally
occur if the client has become unresponsive or there is a network outage.

OpenDS Issue Number:  139


git-svn-id: https://svn.forgerock.org/opendj/trunk@2926 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • 8fcff6b4   Add default values for plugin-type property and remove unnecessary default behav… ... Browse Dir » 
    …ior for referential integrity attribute property.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2916 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • a219300c   Commit plugin for maintaining referential integrity. Issue 257. ... Browse Dir » 
    New configuration  attributes:

- ds-cfg-referential-integrity-attribute-type Specify attribute types that referential integrity will be checked on; this is a mandatory attribute

-ds-cfg-referential-integrity-base-dn Specify base DN that will limit scope of reference check; if not specified the server's public naming contexts are used

- ds-cfg-referential-integrity-update-interval Specify update interval for background referential integrity processing; if update interval > 0 plugin performs background processing; default is 0

-ds-cfg-referential-integrity-log-file Specify log file location for update records when background processing is enabled; default is <instance>/logs/referint

The plugin is disabled by default:

dn: cn=Referential Integrity,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
objectClass: ds-cfg-referential-integrity-plugin
cn: Referential Integrity
ds-cfg-plugin-class: org.opends.server.plugins.ReferentialIntegrityPlugin
ds-cfg-plugin-enabled: false
ds-cfg-plugin-type: postOperationDelete
ds-cfg-plugin-type: postOperationModifyDN
ds-cfg-plugin-type: subordinateModifyDN
ds-cfg-referential-integrity-attribute-type: member
ds-cfg-referential-integrity-attribute-type: uniqueMember



git-svn-id: https://svn.forgerock.org/opendj/trunk@2913 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

02 Sep, 2007

1 commit