org.forgerock / org.forgerock.opendj

11 Jun, 2013

1 commit

18 Aug, 2011

1 commit

  • bd256e2e   Initial checkpoint of work for OPENDJ-262: Implement pass through authentication (PTA) ... Browse Dir » 
    Refactor PasswordPolicy implementation so that we now have a common parent type, "AuthenticatioPolicy", which will act as a common entry point for all authentication policies. In particular, password policies can be thought of as a specific type of authentication policy: one where authentication and the user's credentials are managed locally. PTA can be thought of as a non-local authentication policy: the password is managed by a third party.

With this change we still only have one type of authentication policy and no attempt has been made to refactor code which uses it. More specifically, code such as the local backend WFE just type-casts the authentication policy to a password policy.

Another implication of this change is that sub-entry based password policies now automatically inherit run-time changes made to the default password policy, whereas before a server restart was required.


git-svn-id: https://svn.forgerock.org/opendj/trunk@7192 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew
     

15 Jun, 2011

1 commit

17 Aug, 2009

1 commit

24 Jul, 2009

1 commit

23 Oct, 2008

1 commit

  • 6fa99b6e   The commit will bring the following features : ... Browse Dir » 
    - An updated version of the underlying database. BDB JE 3.3 is now used.
    - Attribute API refactoring providing a better abstraction and offering improved performances.
    - A new GUI called the Control-Panel to replace the Status-Panel: the specifications for this
      GUI are available on OpenDS Wiki and contains a link to a mockup. 
      See <https://www.opends.org/wiki/page/ControlPanelUISpecification>.
    - Some changes in the replication protocol to implement "Assured Replication Mode". The 
      specifications are on OpenDS Wiki at <https://www.opends.org/wiki/page/AssuredMode> and section 7
      described some of the replication changes required to support this. Assured Replication is not finished,
      but the main replication protocol changes to support it are done. As explained by Gilles on an email on
      the Dev mailing list (http://markmail.org/message/46rgo3meq3vriy4a), with these changes the newer versions
      of OpenDS may not be able to replicate with OpenDS 1.0 instances.
    - Support for Service Tags on the platforms where the functionality is available and enabled. Specifications
      are published at <https://www.opends.org/wiki/page/OpenDSServiceTagEnabled>. For more information on
      Service Tags see <http://wikis.sun.com/display/ServiceTag/Sun+Service+Tag+FAQ>.
    - The Admin Connector service. In order to provide agentry of the OpenDS server at any time, a new service
      has been added, dedicated to the administration, configuration and monitoring of the server.
      An overview of the Admin Connector service and it's use is available on the
      OpenDS wiki <https://www.opends.org/wiki/page/ManagingAdministrationTrafficToTheServer>
    - Updates to the various command line tools to support the Admin Connector service.
    - Some internal re-architecting of the server to put the foundation of future developments such as virtual
      directory services. The new NetworkGroups and WorkFlow internal services which have been specified in
      <https://www.opends.org/wiki/page/BasicOperationRoutingThroughNetworkGroup> are now implemented.
    - Many bug fixes...

This set of changes may have an impact on current clients and deployments, however it should be possible to
upgrade existing 1.0 instances. 

Some of the changes impacting the clients include :
    - Scripts using the command line tools including dsconfig will need to be updated (usually to remove
      some no longer required options).



git-svn-id: https://svn.forgerock.org/opendj/trunk@4531 41b1ffd8-f28e-4786-ab96-9950f0a78031
    jcduff
     

02 Jul, 2008

1 commit

04 Jun, 2008

1 commit

  • 3577e468   Fix for issues 3255, 3265, and 3269: ... Browse Dir » 
    Issue 3255: Added ds-cfg-max-allowed-client-connections configuration parameter to prevent using up all file descriptors. By default the server will still allow unlimited number of connections just like before. The user will have to adjust this for their system. This might be automatically set for the OS in the future.

Issue 3265: Subtree deletes and mod DN operations will now always use a JE transaction throughout the entire operation. This makes sure the operations are always executed atomically.

Issue 3269: Added checks for canceled operations in JE backend code. 



git-svn-id: https://svn.forgerock.org/opendj/trunk@4328 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

06 May, 2008

1 commit

  • e5322448   Fixed an issue where a NPE could be thrown when the server processes a mod DN op… ... Browse Dir » 
    …eration with a new superior entry thats in the subtree to be moved. An informative error message is added so the user can fix the mistake. 

This patch also enables the debug logger to print the cause of an exception message as well as all the stack frames by default. It also removes the deadlock retry configuration parameter from the JE backend configuration definition since deadlocks can no longer occur in the JE backend.

Fix for issue 3236


git-svn-id: https://svn.forgerock.org/opendj/trunk@4231 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

21 Apr, 2008

1 commit

  • 43222c1e   This patch adds index buffering capabilities to the JE backend as to avoid using… ... Browse Dir » 
    … a fixed lock timeout for subtree delete and mod DN operations. Previously, any index modifications to subordinate entries of the affected operations will be performed with dn2id and id2entry modifications. This creates multiple random access to index database keys which could cause deadlocks in face of multiple parallel operations. With this fix, all index modifications are buffered up until the end of the operation so that each key of each index will be accessed once and in order. This maintains the DB access ordering in the JE backend of dn2id, id2entry, dn2uri, indexes in config order, VLV indexes in config order, and finally id2children and id2subtree. Since deadlocks should no longer occur in the JE backend, JE lock timeouts are now disabled at the JE environment level instead of the txn level. With this change, the performance of subtree deletes and mod DN operations have increased dramatically.

In order to add buffering capabilities to the VLV index, the format of the index records had to be changed. Previous DBs with VLVs configured will no longer be compatible with this new revision. 

Cursors operations for subtree mod DN and delete operations are now taken with READ_COMMITTED JE isolation level to avoid locking un-affected entries and possibility causing deadlocks. Write operations affecting the DN2ID and ID2ENTRY databases will aquire an write lock directly as early as possible to avoid deadlocks.

A issue is also fixed where the debug log genereated during unit tests does not include stack traces.

Fix for issues 2980, 2186, 2979


git-svn-id: https://svn.forgerock.org/opendj/trunk@4180 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

17 Mar, 2008

1 commit

  • 094e1f14   These changes remove the temporary file limitation from import-ldif. Several oth… ... Browse Dir » 
    …er changes were made also:

- the cleaner is run at the end of the import

- the cleaner is run periodically during import if database eviction is detected

- the substring indexes are buffered to help boost performance during substring index processing

- the import files have been moved into its own package  org.opends.server.backends.jeb.importLDIF

- the work threads do most of the processing

- import aborts if a work thread throws a runtime exception

- messages for the various stages of the import have been added (e.g. environment close)

The only functionality missing is VLV index processing. Also, there is a  2G limit on the
max entry ID value that can be used in a substring index.

The following configuration attributes have been removed:

- ds-cfg-import-temp-directory
- ds-cfg-import-buffer-size
- ds-cfg-import-pass-size

The should be removed from your config.ldif file.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3979 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

21 Jan, 2008

1 commit

  • 5c98ae82   Fix issues 2831 and 1948. ... Browse Dir » 
    Change local DB backend configuration so that db-directory and import-temp-directory properties now name a parent directory within which a sub-directory is created having the same name as the backend-id. This simplifies configuration and reduces the risk of name collisions.

git-svn-id: https://svn.forgerock.org/opendj/trunk@3708 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     

31 Oct, 2007

1 commit

  • 69733d3a   This set of fixes mainly address the issues where the JE backend does not handle… ... Browse Dir » 
    … attributes with options and subtypes correctly when they are being indexed. 
With this fix:
- All values of an indexed attribute type will be indexed correctly on modifies, adds, and deletes. 
- Updates to subordinate types will now update the superior type if its indexed. 
- Adding and deleting superior attribute types that are not allowed by any object classes (ie. name) will be correctly handled
- Deleting all values from an attribute with no options will no longer delete the values from the same attribute but with options.
 


git-svn-id: https://svn.forgerock.org/opendj/trunk@3395 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

10 Oct, 2007

1 commit

  • c7c53423   issues 315, 316, 317, 318 ... Browse Dir » 
    Enable password storage schemes based on encryption now that issue 466 (CryptoManager) features are implemented.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3285 41b1ffd8-f28e-4786-ab96-9950f0a78031
    david_page
     

26 Sep, 2007

3 commits

  • 5abb86e7   Merge branches/temp-admin@3208 onto trunk@3208. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@3209 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew_swift
     
  • 5aee225b   Update the appropriate identity mappers and certificate mappers to use the new ... Browse Dir » 
    isIndexed API in the backend to ensure that all referenced attributes are
indexed for equality.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3207 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     
  • d72d5ef1   Update the backend API to include new isIndexed methods that can be used to ... Browse Dir » 
    determine whether a given attribute is indexed in a specified manner, or that
can be used to determine whether a specified filter is indexed.  At present,
all backends except the JE backend and the replication backend are considered
always indexed for all operations.  The JE backend is only considered indexed
based on its index configuration.  The replication backend is never considered
indexed.

Update the following components to make use of this new isIndexed capability:
- The DSEE-compatible access control handler will now log a warning message at
  startup if it detects that there is no presence index for the aci attribute,
  which can make startup take a long time on a big database.
- The group manager will now log a warning message at startup if any of the
  group implementation filters are unindexed, which can make startup take a
  long time on a big database.
- The referential integrity plugin now requires that all of the attributes for
  which referential integrity is to be maintained must be configured with
  equality indexes.
- The unique attribute plugin now requires that all of the attributes for which
  uniqueness is to be enforced must be configured with equality indexes.

This commit also updates the LDIF backend so that it is possible to
indicate via configuration whether its base DNs should be registered as public
or private base DNs.  The LDIF backend used as the admin root has been
updated so that it is considered a private backend.  The replication backend
has also been updated so that it is considered a private backend.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3206 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

23 Sep, 2007

1 commit

  • ef5e5493   Add support for an LDIF backend. Entries in this backend will be held in ... Browse Dir » 
    memory, and all read operations will be served from memory, but the underlying
data will be stored in an LDIF file on disk and any write operation will cause
that LDIF file to be updated.

This backend supports all major operations, including moving/renaming non-leaf
entries with the modify DN operation, and also supports the subtree delete
control and LDIF import and export operations.  Backup and restore operations
are not currently supported.


git-svn-id: https://svn.forgerock.org/opendj/trunk@3160 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

10 Sep, 2007

1 commit

  • c6ff7b0f   Add support for password storage schemes using AES, 3DES, RC4, and Blowfish. ... Browse Dir » 
    The AES, RC4, and Blowfish implementations all use 128-bit ciphers, and the
3DES implementation uses a 168-bit cipher.

Note that while these password storage schemes are functional, they rely on the
crypto manager, which is not fully implemented.  The storage schemes are not
exposed in the server configuration because the crypto manager does not have
any mechanism to persist secret keys for symmetric encryption.  Until the
crypto manager provides persistence for these keys, passwords encoded using
these schemes will not be usable after the server is restarted.  Once the
crypto manager implementation is complete, these schemes should be exposed in
the server configuration.

OpenDS Issue Numbers:  315, 316, 317, 318


git-svn-id: https://svn.forgerock.org/opendj/trunk@3000 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

09 Sep, 2007

1 commit

  • 1f7dbdf6   Update the server to provide a basic framework for controlling when plugins ... Browse Dir » 
    will be invoked.  There are two basic changes:

- Add a new ds-cfg-invoke-for-internal-operations configuration attribute for
  all plugins, which indicates whether the plugin should be invoked for
  internal operations.  If this is false, then the plugin will only be invoked
  for externally-requested operations.

- Add four new plugin types:  postSynchronizationAdd,
  postSynchronizationDelete, postSynchronizationModify, and
  postSynchronizationModifyDN.  These allow a plugin to perform a limited set
  of processing for changes that are successfully applied through
  synchronization.


The unique attribute plugin has also been updated to support the
post-synchronization plugin types so that if a conflict is introduced
concurrently on two different servers within the propagation delay, an
administrative alert will be generated to indicate that manual intervention is
required to address the problem.

Finally, ensure that audit logging is enabled during the unit tests, and
update the audit logger to include the connection ID and operation ID for the
operation being logged.


OpenDS Issue Number:  2057


git-svn-id: https://svn.forgerock.org/opendj/trunk@2999 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

06 Sep, 2007

1 commit

  • 9a4423a6   Update password storage scheme references in the server so that they use DNs ... Browse Dir » 
    rather than storage scheme names.  This will allow better consistency in the
configuration, since all other references between configuration objects are
DN-based, and it will work better with the upcoming aggregation support.
It also eliminates the need to know the storage scheme name, which is not
obvious from looking at the configuration entry for the storage scheme, and
can actually vary in some implementations depending on whether it's used with a
user password or auth password syntax attribute.

OpenDS Issue Number:  2155


git-svn-id: https://svn.forgerock.org/opendj/trunk@2974 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

03 Sep, 2007

1 commit

  • a219300c   Commit plugin for maintaining referential integrity. Issue 257. ... Browse Dir » 
    New configuration  attributes:

- ds-cfg-referential-integrity-attribute-type Specify attribute types that referential integrity will be checked on; this is a mandatory attribute

-ds-cfg-referential-integrity-base-dn Specify base DN that will limit scope of reference check; if not specified the server's public naming contexts are used

- ds-cfg-referential-integrity-update-interval Specify update interval for background referential integrity processing; if update interval > 0 plugin performs background processing; default is 0

-ds-cfg-referential-integrity-log-file Specify log file location for update records when background processing is enabled; default is <instance>/logs/referint

The plugin is disabled by default:

dn: cn=Referential Integrity,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
objectClass: ds-cfg-referential-integrity-plugin
cn: Referential Integrity
ds-cfg-plugin-class: org.opends.server.plugins.ReferentialIntegrityPlugin
ds-cfg-plugin-enabled: false
ds-cfg-plugin-type: postOperationDelete
ds-cfg-plugin-type: postOperationModifyDN
ds-cfg-plugin-type: subordinateModifyDN
ds-cfg-referential-integrity-attribute-type: member
ds-cfg-referential-integrity-attribute-type: uniqueMember



git-svn-id: https://svn.forgerock.org/opendj/trunk@2913 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

02 Sep, 2007

1 commit

  • 990f858a   There are several improvements to the unit test framework in this commit. ... Browse Dir » 
    * Test methods are no longer interleaved between classes.  All test
methods in a class are run together, with @BeforeClass and @AfterClass
methods called immediately before and after the methods are run.  As
part of this fix, you are now required to include sequential=true in
every class level @Test annotation.  If you don't do this, the build
will complain.

* Added a TestCaseUtils.restartServer() method that will do an in core 
restart of the directory server during the tests.  This can be used in a 
@BeforeClass method to ensure that the tests start with a clean 
directory server, and also in an @AfterClass method to cleanup after a 
test that makes a lot of configuration changes.  So if you introduce a 
new test that runs fine in isolation but fails when run with other 
tests, you could try calling TestCaseUtils.restartServer() in its 
@BeforeClass method.  The TestCaseUtils.restartServer() method will 
reinitialize the server and reload the original test configuration, but 
it's not quite the same as creating a completely new process.  
Specifically, it cannot undo any changes that were made to static member 
variables of a class.  I've fixed a handful of places in the server 
where this was a problem, but there might be more lurking.  If you write 
a test that changes static member variables of a class, please make sure 
that it cleans up after itself in an @AfterMethod or @AfterClass test.

* The tests now use significantly much less memory.  I saw a peak of
only 80MB.  There were two main problems.  1) TestNG holds on to all
parameters and results for the whole test, and 2) since the test
classes themselves live for the duration of the tests, their member
variables were holding onto a lot of garbage.  The in-core restart
made this problem much worse because we ended up with lots of copies
of the Schema, ConfigEntryS, etc.  I've introduced some hacks to fix
this.  Basically the code uses devious methos to go in and null out
the parameters and member variables after the test has run.  If you're
curious about the details of how we've addressed this take a look at
the comments in DirectoryServerTestCase.  From now on, all test
classes must inherit directly or indirectly from
DirectoryServerTestCase.  The build will fail if they don't.

* Upgrade to TestNG b5.7.  There is a fix in this release that helps
our tests to run in order, and I've had to make a couple of more
fixes, which they will eventually put back into the trunk.

* In classes with a class-level @Test annotation, TestNG treats any
public method (except @Before/After* methods) as a test method.  The
build now points this out and asks you to either add a specific @Test
annotation to the method or change the method to be non-public.  I've
fixed up several places where a test wasn't annotated and others where
a non-test method was being treated as a test method.

* The tests now report progress as they run.  Run 'build testhelp' to
see details on how to control the output.


I've also added some new test properties, mainly to make debugging the 
tests easier

* test.remote.debug.port:  This test property allows you to remotely 
attach a debugger to the unit tests.  If you provide a valid port value, 
the unit tests will not start to run until the debugger is attached.

* testng.verbosity0to5:  This test property controls the debugging 
output of TestNG.  This output is useful to check the order in which 
test methods are invoked or other details on what TestNG is doing.  
Valid values are integer values from 0 (no output) to 5 (maximum 
output).  Since this implicitly sets 
-Dorg.opends.test.suppressOutput=false, other stderr/stdout output 
generated by the unit tests will also be displayed.

* org.opends.test.copyClassesToTestPackage=true:  This test property 
copies the classes into the test server root.  This enables you to run 
the server tools on the test server.  It can slow down the test startup 
so the files are no longer copied by default.

Thanks to Neil for trying out these changes and to him and Bo for
helping me track down some of the memory leaks.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2902 41b1ffd8-f28e-4786-ab96-9950f0a78031
    davidely
     

28 Aug, 2007

1 commit

  • 2bc97056   Changes for replication security issues 511, 512, 608. ... Browse Dir » 
    There is a new backend representing the certificate trust store, which allows the setup code to query and populate the trust store over protocol. However, we are using blind trust until that piece of the setup code is ready.

The encryption settings are currently global to the server instance in a new crypto manager config entry. Authentication will always be performed so the main setting is whether to use encryption or not. In the future (post 1.0) we will need to allow encryption to be configured on or off depending on which replication server we are connecting to but we need some discussion on the best way to specify that in configuration.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2829 41b1ffd8-f28e-4786-ab96-9950f0a78031
    coulbeck
     

27 Aug, 2007

1 commit

  • f6f75dc2   This adds the numSubordinates and hasSubordinates operational attribute support in OpenDS. ... Browse Dir » 
    - Implemented as virtual attributes
   - They are enabled by default
   - numSubordinates and hasSubordinates methods added to the backend API and implemented for all existing backends
   - JE implementation uses the id2children index to keep count of the number of subordinates for each entry.
   - The behavior of exceeding the index-entry-limit (ALL-IDs) has changed to store a 8 byte entry ID set count with the most significant bit 
set to 1 instead of a 0 byte array to signify the index-entry-limit has been exceeded. The previous format is still compatible but all requests 
for numSubordinates will return undefined (-1).
   - The DBTest tool is also included in this fix. This can be used to list root containers, entry containers, database containers, index 
status, as well as dumping a database with or without decoding the data. 

Fix for issues 43 and 72


git-svn-id: https://svn.forgerock.org/opendj/trunk@2820 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

26 Aug, 2007

1 commit

21 Aug, 2007

1 commit

  • d2ec5826   Add attribute uniqueness plugin implementation that provides single-server ... Browse Dir » 
    attribute uniqueness. The plugin has the following features:

- provides ability to specify a group of attribute types that must have
  unique values; if no attribute types are specified then the plugin allows
  the operations to proceed with no checking

- provides ability to specify a set of base DNs that limit the scope of the
  uniqueness checking; if no base DNs are specified the server's public
  naming contexts are used

- allow changing of these configuration options without server restart

- allows the uniqueness checking to span multiple base DNs; if the server's
  public naming contexts are used, then the specified attribute type values must
  be globally unique within the server


Two configuration attributes have been added:

1. ds-cfg-unique-attribute-type used to specify the unique attribute type(s)
2. ds-cfg-unique-attribute-base-dn used specify the base DN(s) to limit the search scope

A disabled plugin configuration has been added to the config.ldif file for the uid attribute:

dn: cn=UID Unique Attribute ,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
objectClass: ds-cfg-unique-attribute-plugin
cn: UID Unique Attribute
ds-cfg-plugin-class: org.opends.server.plugins.UniqueAttributePlugin
ds-cfg-plugin-enabled: false
ds-cfg-plugin-type: preOperationAdd
ds-cfg-plugin-type: preOperationModify
ds-cfg-plugin-type: preOperationModifyDN
ds-cfg-unique-attribute-type: uid

Issue 258.

git-svn-id: https://svn.forgerock.org/opendj/trunk@2721 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

07 Aug, 2007

1 commit

  • e661e49c   Add support for a new type of plugin which can be used to detect changes and ... Browse Dir » 
    take some action whenever a subordinate entry is modified as a result of a
modify DN operation that targets an entry that has one or more children (i.e.,
a subtree move or subtree rename operation).  At present, subordinate modify DN
plugins are not allowed to change the contents of the entry as it is being
moved/renamed, but an appropriate API is in place if we decide to add this
functionality in the future.

This commit also includes a significant amount of cleanup for plugin result
code, including corrections to copy-and-paste errors in the javadoc
documentation.

OpenDS Issue Number:  752


git-svn-id: https://svn.forgerock.org/opendj/trunk@2584 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

03 Aug, 2007

1 commit

30 Jul, 2007

1 commit

  • b38806e7   Add two new configuration attributes, ds-cfg-enabled-alert-type and ... Browse Dir » 
    ds-cfg-disabled-alert-type to alert handler configuration entries.  If a set of
enabled alert types is given, then only alerts with one of those types will be
passed to the associated alert handler.  If a set of disabled alert types is
given, then only alerts without one of those types will be passed to the
associated alert handler.  If both enabled and disabled lists are provided,
then only alerts with a type on the enabled list and not on the disabled list
will be processed.

OpenDS Issue Number:  2027


git-svn-id: https://svn.forgerock.org/opendj/trunk@2512 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

27 Jul, 2007

1 commit

  • 7439e734   These set of changes implement VLV and filter capability to OpenDS: ... Browse Dir » 
    - A VLV index is defined by a name, base DN, search filter, search scope, sort order. A search request must match these parameters exactly to 
use the VLV index.
- A VLV index made up of the entry IDs matching the definition criteria (above) and the corresponding attribute values that are part of the sort 
order in the sort order. This information is broken up into blocks of sorted sets. The block size can be configured through admin framework. 
Default block size is 4000. In the database, the sorted set is stored with the following format:

      4 byte set size | entry IDs of 8 bytes each ... | attribute values of 16 bytes each ...

- Each sorted set is keyed by the entry ID and attribute values of the largest entry in the sorted set. A special comparator (VLVKeyComparator) 
is used to sort the keys in the database in the order of the specified sort order.
- When entries are added to the VLV index, its sort values are extracted and inserted into the sorted set whose key (also the largest entry in 
the set) is the smallest key that represents a entry that is greater or equal to the entry being inserted. If the sorted set exceeds the block 
size, it is divided in two and stored back into the database with the new key. In this implementation, a sorted set's key is never changed after 
it is created.
- On importing from LDIF, each entry's sort values and ID is written out to a intermediate file in order. These files are later merged and 
inserted into the database.
- Index rebuild and verify also works with VLV indexes. The verify job ensures that all the entries stored in the VLV index is in the correct 
order.
- With this implementation, once a VLV index is created, it can not be changed without a rebuild. The server will NOT warn the user if 
the index 
has changed offline. Until a rebuild is done, it can return incorrect results. This should be fixed later.
- Performance wise, modify, add, and delete performance will be degraded if the entry matches the indexing criteria. Searches not using the VLV 
index should not see any notable performance degradation. If the block size is set too big, there is a potential that a large number of updates 
will result in some JE lock timeouts since the few sorted sets are hotly contested. However, if the block size is too small, searches using the 
VLV control with offsets could be slow since there are more records to look through. This area need further investigation to determine the 
optimal default value.

Fix for issue 38


git-svn-id: https://svn.forgerock.org/opendj/trunk@2499 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

25 Jul, 2007

1 commit

  • 8c7e39b1   Add new ACI keyword "extop" that can be used to enforce access ... Browse Dir » 
    based on the OID of an extended operation. For example, a new global
access extended operation rule is also being added:

ds-cfg-global-aci: 
(extop="1.3.6.1.4.1.26027.1.6.1 || 1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037 || 1.3.6.1.4.1.4203.1.11.3")
 (version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";)

which allows anonymous access to the following extended operations:

- StartTLS 1.3.6.1.4.1.1466.20037 
- password policy state 1.3.6.1.4.1.26027.1.6.1
- password modify 1.3.6.1.4.1.4203.1.11.1
- Who Am I 1.3.6.1.4.1.4203.1.11.3

A wildcard can also be specified:

aci: (extop="*")(version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";)

Issue #443.


git-svn-id: https://svn.forgerock.org/opendj/trunk@2479 41b1ffd8-f28e-4786-ab96-9950f0a78031
    dugan
     

20 Jun, 2007

1 commit

  • 79382956   This refactoring includes the following changes to the JE backend: ... Browse Dir » 
    - Extracted common interface DatabaseContainer from DN2ID, ID2Entry, etc... classes.
- Moved database read and write methods from EntryContainer to DatabaseContainer.
- Added index configuration to the XML based admin framework.
- Removed redundant configuration objects (Config, IndexConfig).
- Added exclusive/shared lock to EntryContainer. All access to an EntryContainer must acquire a lock before using the internal 
DatabaseContainers or making configuration changes.
- Added the ability to add/remove/modify indexes with the backend online. Server will issue rebuild required warning when adding new indexes 
or sub-indexes (equality, substring, presence...).
- Added the ability to change the index entry limit for both the backend and each index with the backend online. Server will issue rebuild 
required warning if the previous limit has been exceeded.
- Added the ability to change entry compression and index substring length setting while the backend is online.
- Added a persistent state database to each EntryContainer to persist backend configuration between server restarts. Server will issue 
rebuild required warning if a new index is added when the backend is offline.
- Added a trusted flag to indexes so that non existent keys will not be interpreted as an empty entry ID set when an index is untrusted. An 
index is untrusted when it is added to an non-empty EntryContainer or an inconsistency is detected. Server will issue warning on startup to 
rebuild the index. 
- Fixed a issue where the LDIF import process stops responding if the temporary import dir is full or unwritable. 

Fix for issue 1480 1455 1575


git-svn-id: https://svn.forgerock.org/opendj/trunk@2135 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     

11 May, 2007

1 commit

03 May, 2007

2 commits

  • 5ec7b4df   Major changes made to the logging framework. It should resolve the following issues: ... Browse Dir » 
    1. Migrated configuration to the new admin framework.
2. Removed all dependencies on the JDK logger. (Issue 1503)
3. Added option to set the file permissions on all log files. (Issue 202)
4. Added option to write log files asynchronously.
5. Retention and rotation policies are now separate managed objects registered to the Directory Server.
6. Rotation and retention policies are not extensible.
6. Post-rotation actions are not yet implemented in this set of changes.
7. Tools and tasks can now use a custom log publisher that only picks up messages generated by a specific thread or thread group.
8. Debug logger no longer creates a log record object for every message. 
9. Configurable Log File Paths (Issue 174)
10. Log Level Support by Category/Severity. This capability is limited for error logger. (Issue 177)
11. Support log file rotation (Issue 188)
12. Sized-based, Time-based rotation policies (Issues 190, 191)
13. Time-based, max size-based, file count-based retention policies (Issues 199, 201, 202)
14. Debug logger configurable via the admin framework (Issue 836)



git-svn-id: https://svn.forgerock.org/opendj/trunk@1805 41b1ffd8-f28e-4786-ab96-9950f0a78031
    boli
     
  • 2606575c   This is a checkin for Issue #311 "CRYPT Storage Scheme Support". This ... Browse Dir » 
    code was contributed externally by java.net user bdamm.

The crypt implementation itself was ported from the C-based one
OpenSolaris.  Since the OpenSolaris code is covered under the CDDL,
we're okay to include it in OpenDS, but I've opened issue 1573 to
remind us to make sure that we got all of the copyrights right etc.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1801 41b1ffd8-f28e-4786-ab96-9950f0a78031
    davidely
     

02 May, 2007

1 commit

24 Apr, 2007

1 commit

  • 01792e94   Make several significant changes to the OpenDS code base, including: ... Browse Dir » 
    - Narrow down the set of packages that external developers will need to access
  in order to write a plugin or other type of extension.  Hopefully, for most
  things developers will only need to interact with the following packages (and
  their sub-packages):
  * org.opends.server.admin
  * org.opends.server.api
  * org.opends.server.config
  * org.opends.server.protocols.internal
  * org.opends.server.types
  * org.opends.server.util

- As part of the attempted narrowing of packages that external developers need
  to access, I have moved the org.opends.server.core.Operation and
  org.opends.server.protocols.ldap.LDAPException classes to the
  org.opends.server.types package.  I have also created
  org.opends.server.types.RawAttribute to wrap the
  org.opends.server.protocols.ldap.LDAPAttribute class, and
  org.opends.server.types.RawModification to wrap the
  org.opends.server.protocols.ldap.LDAPModification class.

- I have updated the internal operations API to add a few new convenience
  methods when performing internal operations.

- I have updated all of our message strings so that none of them end in periods
  (except those that end with an ellipsis).  This will help us avoid the
  problem in which we see multiple periods due to embedding one message in
  another.

- I have moved a message file from a synchronizaiton package to the messages
  package and resolved conflicts with existing message IDs.

- I have updated a number of cases in which
  StaticUtils.stackTraceToSingleLineString() was used in client-facing code to
  replace those calls with StaticUtils.getExceptionMessage() instead.  This
  should provide a more user-friendly message that will hopefully not reduce
  our ability to debug problems that may arise.

- I have cleaned up some of the code in the org.opends.server.api package so
  that all of the classes use consistent formatting, and to fix a couple of
  potential Javadoc problems.

- I have moved the build-tools/src directory to src/build-tools to be more
  consistent with other components of the server.

- I have updated the build script so that the xslt task will no longer dump
  lots of output to the terminal when generating code.  I have also gotten rid
  of warnings about run.classpath not being set properly.


git-svn-id: https://svn.forgerock.org/opendj/trunk@1695 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson
     

20 Apr, 2007

1 commit

13 Apr, 2007

1 commit

  • acfbc4a5   Update the member virtual attribute implementation so that it provides a ... Browse Dir » 
    mechanism for preventing the entire member list from being returned, which can
be a very expensive operation.  When running with this configuration, the
attribute will handle requests that determine whether a given user is a member
of the group, but will not list the entire set of membership.

OpenDS Issue Number:  1506


git-svn-id: https://svn.forgerock.org/opendj/trunk@1628 41b1ffd8-f28e-4786-ab96-9950f0a78031
    neil_a_wilson