org.forgerock / org.forgerock.opendj

18 Jul, 2011

1 commit

  • ff7407dc   Fix OPENDJ-233: Integrate Samba password sync plugin into OpenDJ (contributed by Profiq S.R.O) ... Browse Dir » 
    Many thanks to Nemanja Lukic and his colleagues at Profiq S.R.O for this kind contribution.

The contribution has been modified as follows:

*) integrate as core feature of OpenDJ, not extension
*) rename package names accordingly
*) remove dependency on BouncyCastle.org MD4 implementation, by porting implementation to OpenDJ
*) re-implement setOddParity method in order to avoid potential copyright issues with existing implementations.
*) simplify configuration model and validation.

TODO:

*) support u: and dn: authid in password modify extended operation.


git-svn-id: https://svn.forgerock.org/opendj/trunk@7116 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew
     

23 Jun, 2011

1 commit

10 Jun, 2011

1 commit

06 Jun, 2011

1 commit

01 Jun, 2011

1 commit

07 Apr, 2011

2 commits

18 Mar, 2011

1 commit

  • a6808279   Fix issue with OPENDJ-91 : Unique Attribute plugin rejects valid modification of unique value. ... Browse Dir » 
    The issue was in the XML definition of the plugin configuration. The registration of post operation callbacks were missing. The default uid unique attribute plugin has them properly set in config/config.ldif, so enabling that plugin worked. But adding a new copy of the plugin with dsconfig create-plugin would create an invalid configuration inducing errors and memory leaks.


git-svn-id: https://svn.forgerock.org/opendj/trunk@6778 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludo
     

26 Nov, 2010

1 commit

26 Oct, 2010

1 commit

  • c295d24a   Resolves Enhancement request OpenDJ-5: Support Linux md5 crypt storage for password ... Browse Dir » 
    This changes are adding support for the BSD MD5 crypt hash as part of the CRYPT password storage scheme.
A new parameter has been added to the configuration of the storage scheme to select whether new passwords should be hashed with the unix algo (default) or the md5 one.
When it comes to authentication, the scheme is able to detect the algo (based on the $1$ prefix) and match appropriately.
Unit tests have been added, including test again passwords already hashed on Linux systems.

git-svn-id: https://svn.forgerock.org/opendj/trunk@6641 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludo
     

17 Sep, 2010

4 commits

20 Aug, 2010

2 commits

18 Aug, 2010

3 commits

30 Jul, 2010

3 commits

  • a3e04413   Implements a configurable limit in the number of persistent searches a server can handle. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@6558 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludovicp
     
  • b5b3ffea   Implements index analysis features. ... Browse Dir » 
    There are 2 components:
Index Filter Analyzer : Part of DatabaseEnvironmentProvider, it gathers search filter statistics and displays the index filter, number of hits, max matching entries, and a message. Compound filters are broken down to their basic elements. f an index was not utilized while evaluating the search filter, max matching entries will be -1 and a diagnostic message will be included. The monitor entry also includes when the analyzer was enabled along with the number of total index and unindexed searches processed. 

Attribute Index Analysis, part of the dbtest tool. It cursors through all the indexes and finds the number of 100%, 95%, 90%, and 80% undefined index keys.  It also displays the value of the undefined keys along with the total number of keys in the index. The process is currently single threaded and might not scale to 10 mil+ DBs. However, this is currently unavoidable without the ability for JE to cursor through the records in log order.


git-svn-id: https://svn.forgerock.org/opendj/trunk@6555 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludovicp
     
  • e883d7f5   Implements a disk space thresholds feature, preventing the server from crashing … ... Browse Dir » 
    …or exiting of disks full.

Each instance of the monitor have two thresholds: "low" and "full". Other components can register their own handlers if they wish to receive notifications when the thresholds are reached. It extends the MonitorProvider interface and utilizes the update interval mechanism to poll the free disk space. The current free space and state of all monitor instances are exposed through the cn=monitor interface under the cn=Disk Space Monitor branch. The only component using the monitor now is the JE backend. When the "low" threshold is reached, write operations will only be permitted to users with the BYPASS_LOCKDOWN privilege. When the "full" threshold is reached, the backend is placed in read-only mode. The default "low" and "full" thresholds are 100 MB and 10MB respectively. Along with the new feature, this patch also added two privileges: SERVER_LOCKDOWN and BYPASS_LOCKDOWN. Any user with the SERVER_LOCKDOWN privilege can put and take the server out of lockdown mode. Any user with the BYPASS_LOCKDOWN mode can bypass lockdown mode. This was restricted to only "root" users before. In addition, the MonitorProvider abstract class no longer extends DirectoryThread. It now uses a static single threaded ScheduledExecutorService to update provider states. Any provider that wishes to have its state updated periodically needs to register its updater runnable with the scheduleUpdate method.

git-svn-id: https://svn.forgerock.org/opendj/trunk@6549 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludovicp
     

05 Jul, 2010

1 commit

  • d236c278   Apply SleepyCat recommendations regarding JE default tunings. ... Browse Dir » 
    The max log size is decreased to 10MB and checkpointer to 20MB.
Also increases the number of cleaners to match the default number of workers.
These new settings are helping with reducing the etimes on write operations

git-svn-id: https://svn.forgerock.org/opendj/trunk@6537 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludovicp
     

25 Jun, 2010

1 commit

07 Jun, 2010

1 commit

31 May, 2010

2 commits

28 May, 2010

1 commit

27 May, 2010

1 commit

29 Apr, 2010

1 commit

  • 73570c1e   Last batch of changes for this week. ... Browse Dir » 
    This adds support for the IETF based Password Policy for LDAP as SubEntry.
Also resolves the following issues :
- 4544 :  initializeBackend() should not set JE env config params directly.
- 4478 : ECL in draft compat mode / search lastchangenumber can be very long
- 4538 : Virtual attributes not retrieved when entry cache configured
- 4547 : Search Filter Matching differ for cn=Directory Manager and plain user.
- 4514 : Logs shows unexpected message with replication monitoring data missing (Partial fix)
- 4534 : Replication using security does not work after server restart
- 4516 : SEVERE_ERROR: servers (...) have the same ServerId
In addition, they also improve reliability and performance in various areas including CollectiveAttributes, Virtual Attributes and Subentries management, Schema loading, Replication...

git-svn-id: https://svn.forgerock.org/opendj/trunk@6400 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludovicp
     

27 Apr, 2010

1 commit

  • a220e4aa   Fixing several issues with the Control Panel, the QuickSetup, Core server and Replication. ... Browse Dir » 
    Also improves unit, functional tests.
More specifically this commit resolves the following open issues:
4385 - NPE when using ExtensibleMatch filter without a matching rule
4521 - dynamic lookup in attribut selection when selecting the sort order attribut while defining VLV index
4531 - Control Panel creates virtual static groups using groupOfURLs as objectclass
4533 - NullPointerException when configuring replication between 2 OpenDS
4539 - DSML Gateway - jaxb.properties Exception


git-svn-id: https://svn.forgerock.org/opendj/trunk@6396 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludovicp
     

19 Jan, 2010

2 commits

  • 7eae4844   Additional fix for issue 4477 (Increase maximum size of database log file from 1… ... Browse Dir » 
    …0MBto 100MB): decrease default checkpoint frequency from 20MB to 100MB in order to reduce frequency of fsyncs. This should not increase recovery times significantly since modern hardware is capable of recovering 100MB of log very quickly.



git-svn-id: https://svn.forgerock.org/opendj/trunk@6364 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • e3225018   This is about refactoring the way the directory server chooses the ... Browse Dir » 
    replication server it will connect to. This also introduces a new 
(weighed) load balancing feature that spreads DS connections across the 
RSs, according to the RS weights defined by the administrator,

Issue 4343: https://opends.dev.java.net/issues/show_bug.cgi?id=4343

The commit includes necessary modifications for implementing what is 
described in this document:

https://www.opends.org/wiki/page/ReplicationServerSelection

There is a little "implementation" section in this document that 
explains some important stuff.

Also good to know for these code modifications:

- The topology info related to RSs and kept by the ReplicationBroker is 
now fully kept in a new map of a new ReplicationServerInfo bag class. 
This map is updated upon reception of a TopologyMsg.
- Protocol change: the TopologyMsg now includes the RS url in the RSInfo 
list
- The dynamic change of the weight of a RS triggers a new TopologyMsg 
being fired, to support dynamic change of weights and automatic topology 
re-connections
- SameGroupIdPoller thread has disappeared and its functionality is 
replaced by the mechanism that re-evaluates the more suitable RS (see 
section 5, in the document for more details)

git-svn-id: https://svn.forgerock.org/opendj/trunk@6362 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mrossign
     

14 Jan, 2010

1 commit

12 Jan, 2010

1 commit

25 Dec, 2009

1 commit

10 Nov, 2009

2 commits

06 Nov, 2009

2 commits

  • 8562d6b0   - Corrected an error that made monitoring retrieval timeout ... Browse Dir » 
    - Allow 0 value for monitoring publisher period to allow disable it by configuration 



git-svn-id: https://svn.forgerock.org/opendj/trunk@6105 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mrossign
     
  • c3c3cf15   In order to support a more clever algorithm for the DS to choose his RS, ... Browse Dir » 
    we introduce:



- a weigth, which is an integer affected to each RS that combined with 
each others will define a percentage value which matches the number of 
DSs (compared with total number od DSs in the topology) that can be 
connected to the RS at a time in the topology. In these modif, this 
configuration of the weight is added as well as dynamic changes. Also 
transported in Topo messages. No modification of the connection 
algorithm yet



- Also to support the future connection algorithm, these modifs 
introduces a Monitoring Publisher thread which is a thread that sens 
every 3 seconds a Monitoring message (unchanged format) to every DSs 
that are connected to him. These information will be used by the DSs to 
potentially reconnect to another RSs with a newer server state (info 
included in monitoring messages)



The new connection algorithm will take into account:

- group id

- generation id

- server states

- locality (same VM)

- weight (load)



git-svn-id: https://svn.forgerock.org/opendj/trunk@6097 41b1ffd8-f28e-4786-ab96-9950f0a78031
    mrossign