]>
git.sur5r.net Git - openldap/log
Hallvard Furuseth [Thu, 1 Sep 2011 11:08:06 +0000 (13:08 +0200)]
tests: Add $MAINDB, $INDEXDB for [bhn]db tests.
Simplifies tests for the DB storage backends.
Adds indexing etc to ndb in some cases, to match bdb/hdb.
This also fixes some broken back-null/back-ldif settings.
Quanah Gibson-Mount [Thu, 8 Sep 2011 21:05:56 +0000 (14:05 -0700)]
Fix loglevel <integer> to be loglevel <level> to match reality (and olcLogLevel description too!)
Howard Chu [Thu, 1 Sep 2011 00:35:06 +0000 (17:35 -0700)]
Also track skipped (non-executable) tests
Howard Chu [Wed, 31 Aug 2011 22:15:39 +0000 (15:15 -0700)]
Add NOEXIT envvar to run all tests and tally failures
Quanah Gibson-Mount [Fri, 28 Oct 2011 02:41:32 +0000 (19:41 -0700)]
ITS#7035
Howard Chu [Wed, 7 Sep 2011 04:13:49 +0000 (21:13 -0700)]
ITS#7035 don't loop forever in wait4msg
Quanah Gibson-Mount [Fri, 28 Oct 2011 02:34:25 +0000 (19:34 -0700)]
ITS#7073
Howard Chu [Sat, 27 Aug 2011 21:35:31 +0000 (14:35 -0700)]
Relax entry_header, zero-length entries are valid.
Howard Chu [Fri, 26 Aug 2011 21:31:35 +0000 (14:31 -0700)]
Fix moduleload path
Quanah Gibson-Mount [Fri, 28 Oct 2011 02:19:57 +0000 (19:19 -0700)]
ITS#7030
Howard Chu [Fri, 26 Aug 2011 03:51:30 +0000 (20:51 -0700)]
ITS#7030 fix overlay_insert() with specific index
Quanah Gibson-Mount [Fri, 28 Oct 2011 02:17:29 +0000 (19:17 -0700)]
ITS#6983
Howard Chu [Thu, 25 Aug 2011 21:47:23 +0000 (14:47 -0700)]
ITS#6983 fix duplicate entry in HDB subtree IDL
Quanah Gibson-Mount [Fri, 28 Oct 2011 02:14:38 +0000 (19:14 -0700)]
ITS#7014
ITS#7022
ITS#7023
ITS#7028
Jan Vcelak [Wed, 24 Aug 2011 17:21:35 +0000 (19:21 +0200)]
ITS#7028 man: ldap_sync(3) ldap_sync_destroy type
Jan Vcelak [Wed, 24 Aug 2011 17:19:09 +0000 (19:19 +0200)]
ITS#7028 man: slapo-unique(5) quoting keywords
Francis Swasey [Thu, 18 Aug 2011 16:01:35 +0000 (12:01 -0400)]
ITS#7023 document TLSCACertificateFile in the man page as it is in the Admin Guide
Howard Chu [Wed, 24 Aug 2011 22:37:52 +0000 (15:37 -0700)]
ITS#7022 cleanup prev commit
Rich Megginson [Tue, 16 Aug 2011 18:01:16 +0000 (12:01 -0600)]
ITS#7022 NSS_Init* functions are not thread safe
The NSS_InitContext et. al, and their corresponding shutdown functions,
are not thread safe. There can only be one thread at a time calling
these functions. Protect the calls with a mutex. Create the mutex
using a PR_CallOnce to ensure that the mutex is only created once and
not used before created. Move the registration of the nss shutdown
callback to also use a PR_CallOnce. Removed the call to
SSL_ClearSessionCache() because it is always called at shutdown, and we must
not call it more than once.
Jan Vcelak [Tue, 9 Aug 2011 13:21:34 +0000 (15:21 +0200)]
ITS#7014 TLS: don't check hostname if reqcert is 'allow'
If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.
Howard Chu [Wed, 24 Aug 2011 21:57:36 +0000 (14:57 -0700)]
More abandon paranoia
Howard Chu [Mon, 22 Aug 2011 21:05:58 +0000 (14:05 -0700)]
Don't replicate refint repair ops
Pierangelo Masarati [Mon, 22 Aug 2011 14:43:21 +0000 (08:43 -0600)]
error messages from ldapsearch changed
Pierangelo Masarati [Mon, 22 Aug 2011 17:18:07 +0000 (11:18 -0600)]
further cleanup of ldapsearch response
Pierangelo Masarati [Mon, 22 Aug 2011 15:07:54 +0000 (09:07 -0600)]
referral is a legitimate result
Pierangelo Masarati [Mon, 22 Aug 2011 15:02:02 +0000 (09:02 -0600)]
make sure size limits are passed to ldapsearch
Quanah Gibson-Mount [Thu, 6 Oct 2011 23:51:40 +0000 (16:51 -0700)]
ITS#7021
Pierangelo Masarati [Sun, 21 Aug 2011 01:02:06 +0000 (19:02 -0600)]
add notes about pwdAllowUserChange (more about ITS#7021)
Pierangelo Masarati [Sun, 21 Aug 2011 00:50:33 +0000 (18:50 -0600)]
according to draft-behera, this attribute only affects password modifies by self (ITS#7021)
Howard Chu [Thu, 18 Aug 2011 08:52:52 +0000 (01:52 -0700)]
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:58:19 +0000 (16:58 -0700)]
ITS#7017
Pierangelo Masarati [Wed, 17 Aug 2011 18:56:55 +0000 (12:56 -0600)]
fix TTL tolerance (ITS#7017, patch by jvcelak@redhat.com)
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:57:21 +0000 (16:57 -0700)]
ITS#7016
Pierangelo Masarati [Wed, 17 Aug 2011 04:17:43 +0000 (22:17 -0600)]
make sure frontend gets the {-1} (ITS#7016)
Howard Chu [Tue, 16 Aug 2011 20:51:10 +0000 (13:51 -0700)]
hack for #6982 - keep o_abandon set in op_free
Howard Chu [Tue, 16 Aug 2011 20:49:27 +0000 (13:49 -0700)]
Revert "More for ITS#6892"
This reverts commit
3cb2ca8bbd1ec8da8f27a608deefc7a2d45aa538 .
Patch has no benefit
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:52:12 +0000 (16:52 -0700)]
ITS#6892 again
Howard Chu [Mon, 15 Aug 2011 22:40:46 +0000 (15:40 -0700)]
More for ITS#6892
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:50:32 +0000 (16:50 -0700)]
ITS#7018
Pierangelo Masarati [Sat, 13 Aug 2011 21:33:19 +0000 (23:33 +0200)]
host part of unique URI must be empty (ITS#7018)
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:48:57 +0000 (16:48 -0700)]
ITS#7015
Pierangelo Masarati [Thu, 11 Aug 2011 15:33:08 +0000 (17:33 +0200)]
cleanup slapd.ldif; install it (ITS#7015)
Pierangelo Masarati [Thu, 11 Aug 2011 15:02:25 +0000 (17:02 +0200)]
typo in comment
Pierangelo Masarati [Thu, 11 Aug 2011 10:16:01 +0000 (12:16 +0200)]
use ldap_search_ext(timelimit) instead of ldap_set_option(LDAP_OPT_TIMELIMIT) (related to ITS#7009)
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:46:29 +0000 (16:46 -0700)]
ITS#7009
Pierangelo Masarati [Wed, 10 Aug 2011 20:39:16 +0000 (22:39 +0200)]
honor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken)
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:45:20 +0000 (16:45 -0700)]
ITS#7012
Pierangelo Masarati [Wed, 10 Aug 2011 18:22:33 +0000 (20:22 +0200)]
make sure 2-arg statements have exactly 2 args (related to ITS#7012)
Pierangelo Masarati [Wed, 10 Aug 2011 17:40:20 +0000 (19:40 +0200)]
TLS config statements always need an argument (related to ITS#7012)
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:42:53 +0000 (16:42 -0700)]
ITS#6999
Howard Chu [Fri, 29 Jul 2011 20:05:45 +0000 (13:05 -0700)]
ITS#6999 fix syncrepl timeout in refreshAndPersist
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:41:45 +0000 (16:41 -0700)]
ITS#7001
ITS#7002
Rich Megginson [Thu, 28 Jul 2011 21:08:37 +0000 (14:08 -0700)]
ITS#7002 MozNSS: fix VerifyCert allow/try behavior
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set. This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
Rich Megginson [Tue, 26 Jul 2011 02:27:59 +0000 (20:27 -0600)]
ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:38:00 +0000 (16:38 -0700)]
ITS#7000
Howard Chu [Thu, 28 Jul 2011 20:52:47 +0000 (13:52 -0700)]
ITS#7000 fix bad patch in ITS#6472
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:19:24 +0000 (16:19 -0700)]
ITS#6992,ITS#6998,ITS#7003
Howard Chu [Thu, 28 Jul 2011 20:48:08 +0000 (13:48 -0700)]
ITS#7003 fix typo
Jan Vcelak [Wed, 20 Jul 2011 16:55:33 +0000 (18:55 +0200)]
ITS#6998 MozNSS: when cert not required, ignore issuer expiration
When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.
Pierangelo Masarati [Fri, 8 Jul 2011 06:47:28 +0000 (08:47 +0200)]
blind fix build on solaris native compilers (ITS#6992)
Howard Chu [Mon, 18 Jul 2011 19:53:23 +0000 (12:53 -0700)]
Only return requested attrs in sssvlv response
Howard Chu [Mon, 18 Jul 2011 19:41:51 +0000 (12:41 -0700)]
ITS#6985 fix sssvlv target offset, ordering match
Quanah Gibson-Mount [Wed, 7 Sep 2011 00:22:36 +0000 (17:22 -0700)]
ITS#6986
Pierangelo Masarati [Thu, 7 Jul 2011 06:14:14 +0000 (08:14 +0200)]
fix config emit (ITS#6986)
Quanah Gibson-Mount [Wed, 7 Sep 2011 00:21:18 +0000 (17:21 -0700)]
ITS#6982
Howard Chu [Sat, 2 Jul 2011 05:55:06 +0000 (22:55 -0700)]
ITS#6982 fix md5 memset invocation
Quanah Gibson-Mount [Tue, 6 Sep 2011 20:02:43 +0000 (13:02 -0700)]
ITS#6873
Pierangelo Masarati [Thu, 30 Jun 2011 19:52:28 +0000 (21:52 +0200)]
authTimestamp should be manageable (ITS#6873)
Quanah Gibson-Mount [Tue, 6 Sep 2011 20:01:20 +0000 (13:01 -0700)]
ITS#6886
Pierangelo Masarati [Thu, 30 Jun 2011 19:20:54 +0000 (21:20 +0200)]
response tag is [1] according to RFC 2589 (ITS#6886)
Quanah Gibson-Mount [Tue, 6 Sep 2011 20:00:04 +0000 (13:00 -0700)]
ITS#6980
Rich Megginson [Wed, 29 Jun 2011 16:47:10 +0000 (10:47 -0600)]
ITS#6980 free the result of SSL_PeerCertificate
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate. This value is allocated and/or cached. We must
destroy it using CERT_DestroyCertificate.
Quanah Gibson-Mount [Tue, 6 Sep 2011 19:57:09 +0000 (12:57 -0700)]
ITS#6734,ITS#7029,ITS#7031: Add support for delta-syncrepl based MMR
Howard Chu [Wed, 31 Aug 2011 02:14:56 +0000 (19:14 -0700)]
For test063
add hex timestamp to lutil_debug() output
Fix LASTMOD race condition in accesslog.c
Set refreshInterval even if using refreshAndPersist, since
fallbacks will use refresh params
Howard Chu [Fri, 26 Aug 2011 23:56:18 +0000 (16:56 -0700)]
ITS#7029,#7031 More for prev commit
Howard Chu [Wed, 24 Aug 2011 23:09:37 +0000 (16:09 -0700)]
ITS#7029 fix uninit'd nvalue
Howard Chu [Mon, 20 Jun 2011 17:57:57 +0000 (10:57 -0700)]
More fixes, add test script
Howard Chu [Mon, 20 Jun 2011 13:51:33 +0000 (06:51 -0700)]
Fix missing si_syncCookie numcsns
Howard Chu [Mon, 20 Jun 2011 11:27:11 +0000 (04:27 -0700)]
More tweaks for delta-mmr
Howard Chu [Mon, 20 Jun 2011 03:03:01 +0000 (20:03 -0700)]
delta-mmr conflict resolution
Howard Chu [Mon, 20 Jun 2011 00:04:19 +0000 (17:04 -0700)]
More for conflict detection
Howard Chu [Sun, 19 Jun 2011 22:54:45 +0000 (15:54 -0700)]
Setup delta-mmr using an overlay
Quanah Gibson-Mount [Tue, 6 Sep 2011 19:47:42 +0000 (12:47 -0700)]
ITS#6561 (Required for delta-syncrepl MMR support)
Howard Chu [Fri, 4 Mar 2011 07:54:06 +0000 (07:54 +0000)]
More for #6561 - delete returns NO_SUCH_ATTRIBUTE, not TYPE_OR_VALUE_EXISTS
Pierangelo Masarati [Tue, 7 Sep 2010 13:21:20 +0000 (13:21 +0000)]
add support for ADD_IF_NOT_PRESENT and SOFTDEL internal modification types (ITS#6561)
Quanah Gibson-Mount [Fri, 2 Sep 2011 17:42:05 +0000 (10:42 -0700)]
Return to release engineering
Kurt Zeilenga [Thu, 30 Jun 2011 15:13:36 +0000 (08:13 -0700)]
Update for release
Quanah Gibson-Mount [Tue, 28 Jun 2011 18:32:47 +0000 (11:32 -0700)]
Prep for release
Howard Chu [Tue, 28 Jun 2011 01:43:31 +0000 (18:43 -0700)]
ITS#6828 set ld_errno on connect failures
Rein Tollevik [Mon, 27 Jun 2011 12:17:39 +0000 (14:17 +0200)]
ITS#6716 Extend test where consumer/provider holds CSNs with differing SIDs.
Quanah Gibson-Mount [Mon, 27 Jun 2011 21:49:19 +0000 (14:49 -0700)]
Merge branch 'OPENLDAP_REL_ENG_2_4' of ssh://git-master.openldap.org/~git/git/openldap into OPENLDAP_REL_ENG_2_4
Howard Chu [Mon, 27 Jun 2011 11:48:25 +0000 (04:48 -0700)]
ITS#6872 re-enable test058
Howard Chu [Mon, 27 Jun 2011 11:46:43 +0000 (04:46 -0700)]
ITS#6872 fix test058 breakage from prev patch
Jan Vcelak [Mon, 27 Jun 2011 15:39:10 +0000 (17:39 +0200)]
update on ITS #6870 - provide ldif.h interface
Howard Chu [Sat, 25 Jun 2011 01:03:11 +0000 (18:03 -0700)]
ITS#6828 silence warning in prev commit
Howard Chu [Fri, 24 Jun 2011 20:22:38 +0000 (13:22 -0700)]
ITS#6977 fix verbose check in client tools
Howard Chu [Fri, 24 Jun 2011 20:10:01 +0000 (13:10 -0700)]
ITS#6978 bail out on invalid LDIF
Howard Chu [Wed, 23 Feb 2011 03:44:54 +0000 (03:44 +0000)]
ITS#6815 delimited verbstring parsing
Quanah Gibson-Mount [Wed, 22 Jun 2011 22:16:08 +0000 (15:16 -0700)]
Disable test058 until it someone can track down what's wrong with it
Howard Chu [Wed, 22 Jun 2011 07:29:47 +0000 (00:29 -0700)]
ITS#6716 Use sorted CSNs in syncrepl too