]>
git.sur5r.net Git - openldap/log
Pierangelo Masarati [Mon, 22 Aug 2011 17:18:07 +0000 (11:18 -0600)]
further cleanup of ldapsearch response
Pierangelo Masarati [Mon, 22 Aug 2011 15:07:54 +0000 (09:07 -0600)]
referral is a legitimate result
Pierangelo Masarati [Mon, 22 Aug 2011 15:02:02 +0000 (09:02 -0600)]
make sure size limits are passed to ldapsearch
Pierangelo Masarati [Mon, 22 Aug 2011 14:43:21 +0000 (08:43 -0600)]
error messages from ldapsearch changed
Pierangelo Masarati [Sun, 21 Aug 2011 01:02:06 +0000 (19:02 -0600)]
add notes about pwdAllowUserChange (more about ITS#7021)
Pierangelo Masarati [Sun, 21 Aug 2011 00:50:33 +0000 (18:50 -0600)]
according to draft-behera, this attribute only affects password modifies by self (ITS#7021)
Howard Chu [Thu, 18 Aug 2011 08:52:52 +0000 (01:52 -0700)]
Pierangelo Masarati [Wed, 17 Aug 2011 18:56:55 +0000 (12:56 -0600)]
fix TTL tolerance (ITS#7017, patch by jvcelak@redhat.com)
Pierangelo Masarati [Wed, 17 Aug 2011 04:17:43 +0000 (22:17 -0600)]
make sure frontend gets the {-1} (ITS#7016)
Howard Chu [Tue, 16 Aug 2011 20:51:10 +0000 (13:51 -0700)]
hack for #6982 - keep o_abandon set in op_free
Howard Chu [Tue, 16 Aug 2011 20:49:27 +0000 (13:49 -0700)]
Revert "More for ITS#6892"
This reverts commit
3cb2ca8bbd1ec8da8f27a608deefc7a2d45aa538 .
Patch has no benefit
Howard Chu [Mon, 15 Aug 2011 22:40:46 +0000 (15:40 -0700)]
More for ITS#6892
Pierangelo Masarati [Sat, 13 Aug 2011 21:33:19 +0000 (23:33 +0200)]
host part of unique URI must be empty (ITS#7018)
Pierangelo Masarati [Thu, 11 Aug 2011 15:33:08 +0000 (17:33 +0200)]
cleanup slapd.ldif; install it (ITS#7015)
Pierangelo Masarati [Thu, 11 Aug 2011 15:02:25 +0000 (17:02 +0200)]
typo in comment
Pierangelo Masarati [Thu, 11 Aug 2011 10:16:01 +0000 (12:16 +0200)]
use ldap_search_ext(timelimit) instead of ldap_set_option(LDAP_OPT_TIMELIMIT) (related to ITS#7009)
Pierangelo Masarati [Wed, 10 Aug 2011 20:39:16 +0000 (22:39 +0200)]
honor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken)
Pierangelo Masarati [Wed, 10 Aug 2011 18:22:33 +0000 (20:22 +0200)]
make sure 2-arg statements have exactly 2 args (related to ITS#7012)
Pierangelo Masarati [Wed, 10 Aug 2011 17:40:20 +0000 (19:40 +0200)]
TLS config statements always need an argument (related to ITS#7012)
Howard Chu [Fri, 29 Jul 2011 20:05:45 +0000 (13:05 -0700)]
ITS#6999 fix syncrepl timeout in refreshAndPersist
Rich Megginson [Thu, 28 Jul 2011 21:08:37 +0000 (14:08 -0700)]
ITS#7002 MozNSS: fix VerifyCert allow/try behavior
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set. This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
Rich Megginson [Tue, 26 Jul 2011 02:27:59 +0000 (20:27 -0600)]
ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.
Howard Chu [Thu, 28 Jul 2011 20:52:47 +0000 (13:52 -0700)]
ITS#7000 fix bad patch in ITS#6472
Howard Chu [Thu, 28 Jul 2011 20:48:08 +0000 (13:48 -0700)]
ITS#7003 fix typo
Jan Vcelak [Wed, 20 Jul 2011 16:55:33 +0000 (18:55 +0200)]
ITS#6998 MozNSS: when cert not required, ignore issuer expiration
When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.
Howard Chu [Mon, 18 Jul 2011 19:53:23 +0000 (12:53 -0700)]
Only return requested attrs in sssvlv response
Howard Chu [Mon, 18 Jul 2011 19:41:51 +0000 (12:41 -0700)]
ITS#6985 fix sssvlv target offset, ordering match
Pierangelo Masarati [Fri, 8 Jul 2011 06:47:28 +0000 (08:47 +0200)]
blind fix build on solaris native compilers (ITS#6992)
Pierangelo Masarati [Thu, 7 Jul 2011 06:14:14 +0000 (08:14 +0200)]
fix config emit (ITS#6986)
Howard Chu [Sat, 2 Jul 2011 05:55:06 +0000 (22:55 -0700)]
ITS#6982 fix md5 memset invocation
Pierangelo Masarati [Thu, 30 Jun 2011 19:52:28 +0000 (21:52 +0200)]
authTimestamp should be manageable (ITS#6873)
Pierangelo Masarati [Thu, 30 Jun 2011 19:20:54 +0000 (21:20 +0200)]
response tag is [1] according to RFC 2589 (ITS#6886)
Rich Megginson [Wed, 29 Jun 2011 16:47:10 +0000 (10:47 -0600)]
ITS#6980 free the result of SSL_PeerCertificate
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate. This value is allocated and/or cached. We must
destroy it using CERT_DestroyCertificate.
Howard Chu [Tue, 28 Jun 2011 01:43:31 +0000 (18:43 -0700)]
ITS#6828 set ld_errno on connect failures
Rein Tollevik [Mon, 27 Jun 2011 12:21:35 +0000 (14:21 +0200)]
Merge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap
Rein Tollevik [Mon, 27 Jun 2011 12:17:39 +0000 (14:17 +0200)]
ITS#6716 Extend test where consumer/provider holds CSNs with differing SIDs.
Howard Chu [Mon, 27 Jun 2011 11:48:25 +0000 (04:48 -0700)]
ITS#6872 re-enable test058
Howard Chu [Mon, 27 Jun 2011 11:46:43 +0000 (04:46 -0700)]
ITS#6872 fix test058 breakage from prev patch
Howard Chu [Sat, 25 Jun 2011 01:03:11 +0000 (18:03 -0700)]
ITS#6828 silence warning in prev commit
Howard Chu [Fri, 24 Jun 2011 00:10:37 +0000 (17:10 -0700)]
ITS#6977 fix verbose check in client tools
Howard Chu [Thu, 23 Jun 2011 20:17:08 +0000 (13:17 -0700)]
ITS#6978 bail out on invalid input
Howard Chu [Thu, 23 Jun 2011 03:03:02 +0000 (20:03 -0700)]
Fix NO_THREADS typo
Quanah Gibson-Mount [Wed, 22 Jun 2011 22:16:08 +0000 (15:16 -0700)]
Disable test058 until it someone can track down what's wrong with it
Howard Chu [Wed, 22 Jun 2011 07:29:47 +0000 (00:29 -0700)]
ITS#6716 Use sorted CSNs in syncrepl too
Howard Chu [Wed, 22 Jun 2011 04:42:44 +0000 (21:42 -0700)]
ITS#6716 use sorted CSNs, fix sessionlog
track a CSN per SID in the log->sl_mincsn
Howard Chu [Wed, 22 Jun 2011 03:44:53 +0000 (20:44 -0700)]
ITS#6716 Keep CSN lists sorted by SID
Howard Chu [Wed, 22 Jun 2011 00:05:53 +0000 (17:05 -0700)]
ITS#6817 fix RE24 build breakage
Should SLAP_AUTH_DN be #defined in release now?
Rich Megginson [Tue, 21 Jun 2011 22:58:49 +0000 (15:58 -0700)]
ITS#6862 MozNSS - workaround PR_SetEnv bug
Rich Megginson [Tue, 21 Jun 2011 00:28:48 +0000 (18:28 -0600)]
ITS#6975 MozNSS - allow cacertdir in most cases
OpenLDAP built with OpenSSL allows most any value of cacertdir - directory
is a file, directory does not contain any CA certs, directory does not
exist - users expect if they specify TLS_REQCERT=never, no matter what
the TLS_CACERTDIR setting is, TLS/SSL will just work.
TLS_CACERT, on the other hand, is a hard error. Even if TLS_REQCERT=never,
if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will
fail. This patch makes CACERT errors hard errors, and makes CACERTDIR
errors "soft" errors. The code checks CACERT first and, even though
the function will return an error, checks CACERTDIR anyway so that if the
user sets TRACE mode they will get CACERTDIR processing messages.
Howard Chu [Tue, 21 Jun 2011 09:40:38 +0000 (02:40 -0700)]
ITS#6973 need limits_check if overlay is global
Jan Vcelak [Mon, 20 Jun 2011 15:31:57 +0000 (17:31 +0200)]
ITS#6947 Handle missing '\n' termination in LDIF input
Ondrej Kuznik [Thu, 16 Jun 2011 09:12:27 +0000 (11:12 +0200)]
ITS#6974 (Re)moving stray cleanup code.
Hallvard Furuseth [Mon, 20 Jun 2011 19:33:50 +0000 (21:33 +0200)]
Tweak back-ldif messages about CRC checksums.
Hallvard Furuseth [Mon, 20 Jun 2011 19:20:29 +0000 (21:20 +0200)]
Cleanup back-ldif CRC code.
Handle interrupted write() again. Fix warnings/types. #ifdef LDAP_DEBUG.
Howard Chu [Mon, 20 Jun 2011 17:57:57 +0000 (10:57 -0700)]
More fixes, add test script
Howard Chu [Mon, 20 Jun 2011 13:51:33 +0000 (06:51 -0700)]
Fix missing si_syncCookie numcsns
Howard Chu [Mon, 20 Jun 2011 11:27:11 +0000 (04:27 -0700)]
More tweaks for delta-mmr
Howard Chu [Mon, 20 Jun 2011 03:03:01 +0000 (20:03 -0700)]
delta-mmr conflict resolution
Howard Chu [Mon, 20 Jun 2011 00:04:19 +0000 (17:04 -0700)]
More for conflict detection
Howard Chu [Sun, 19 Jun 2011 22:54:45 +0000 (15:54 -0700)]
Setup delta-mmr using an overlay
Ralf Haferkamp [Wed, 15 Jun 2011 13:28:55 +0000 (15:28 +0200)]
Additional getter methods for LDAPModification
Howard Chu [Mon, 13 Jun 2011 20:54:56 +0000 (13:54 -0700)]
ITS#6657/6691 use proper SQL length data type
Quanah Gibson-Mount [Mon, 13 Jun 2011 20:46:01 +0000 (13:46 -0700)]
ITS#6971 correct option is --enable-wrappers
Howard Chu [Fri, 10 Jun 2011 10:27:40 +0000 (03:27 -0700)]
ITS#6944 limit op cache to 10 ops per thread
Howard Chu [Fri, 10 Jun 2011 09:11:26 +0000 (02:11 -0700)]
Add LDAP_OPT_X_TLS_PACKAGE
to return the name of the underlying TLS implementation
Howard Chu [Fri, 10 Jun 2011 08:44:30 +0000 (01:44 -0700)]
ITS#6892 shortcut for non-replicated ops
Howard Chu [Fri, 10 Jun 2011 08:35:19 +0000 (01:35 -0700)]
ITS#6967 normalize schema RDN
Howard Chu [Fri, 10 Jun 2011 04:09:41 +0000 (21:09 -0700)]
Add CRC32 checksum to back-ldif files
Currently just logs a complaint on checksum mismatch. Could get
more obnoxious later.
Howard Chu [Fri, 10 Jun 2011 01:07:13 +0000 (18:07 -0700)]
Fix prev commit
Howard Chu [Fri, 10 Jun 2011 00:59:08 +0000 (17:59 -0700)]
Try to discourage editing back-ldif files
Howard Chu [Thu, 9 Jun 2011 22:37:11 +0000 (15:37 -0700)]
Revert "ITS#6688 enforce search ACL in back-perl"
This reverts commit
53bb95a2e3456806b503415fb745eae1146c0627 .
Code was working as designed/documented. Changing now will
probably break other users.
Howard Chu [Thu, 9 Jun 2011 22:25:32 +0000 (15:25 -0700)]
ITS#6688 enforce search ACL in back-perl
Quanah Gibson-Mount [Thu, 9 Jun 2011 18:05:09 +0000 (11:05 -0700)]
ITS#6889 regenerate configure
cmikk@qwest.net [Tue, 29 Mar 2011 21:49:53 +0000 (21:49 +0000)]
ITS#6872
Perform the internal FIND_CSN search based at the backend's suffix with the
privileges of the backend's root DN.
SATOH Fumiyasu [Thu, 26 May 2011 15:41:54 +0000 (00:41 +0900)]
ITS#6955 smbk5pwd: Support shadowLastChange
Fix typo -- hyc
Howard Chu [Thu, 9 Jun 2011 08:01:06 +0000 (01:01 -0700)]
ITS#6936 add connID and peername to auditlog
From ksmith @ ycp.edu, with fixes by hyc
Tim Mooney [Tue, 12 Apr 2011 22:57:57 +0000 (17:57 -0500)]
ITS#6906 Update cachesize recommendations
to remove references to indexes in Hash format
Fix whitespace error -- hyc
Tim Mooney [Tue, 12 Apr 2011 20:54:03 +0000 (15:54 -0500)]
ITS#6905 Update intro of slapd-config/slapd.conf
Tim Mooney [Tue, 12 Apr 2011 16:31:31 +0000 (11:31 -0500)]
ITS#6904 Update to reflect that hdb is preferred
Tweak wording -- hyc
Howard Chu [Thu, 9 Jun 2011 07:21:47 +0000 (00:21 -0700)]
ITS#6934 fix typo
Howard Chu [Thu, 9 Jun 2011 02:17:50 +0000 (19:17 -0700)]
ITS#6901 fix filter with zero-length values
Howard Chu [Thu, 9 Jun 2011 01:52:52 +0000 (18:52 -0700)]
ITS#6889 libfetch is a libldap dependency
Howard Chu [Thu, 9 Jun 2011 01:27:54 +0000 (18:27 -0700)]
ITS#6828 fix TLS setup with async connect
Ondrej Kuznik [Fri, 6 May 2011 11:07:53 +0000 (13:07 +0200)]
ITS#6641 Bypass checks on ops with managedsait
Document the uniqueness changes
Fix whitespace in original patch -- hyc
Pierangelo Masarati [Wed, 8 Jun 2011 20:14:54 +0000 (22:14 +0200)]
ITS#6899
tag read entry response control value with [APPLICATION 4] (SearchResultEntry)
Pierangelo Masarati [Tue, 7 Jun 2011 22:29:39 +0000 (00:29 +0200)]
fix typo in previous commit
Howard Chu [Tue, 7 Jun 2011 02:55:09 +0000 (19:55 -0700)]
ITS#6948 partial revert of #6837, unnecessary
Howard Chu [Sun, 5 Jun 2011 20:59:19 +0000 (13:59 -0700)]
ITS#6948 fix ITS#6837 patch
Howard Chu [Sat, 4 Jun 2011 20:40:57 +0000 (13:40 -0700)]
ITS#6963 config entries' objectclass is read-only
Howard Chu [Sat, 4 Jun 2011 05:22:48 +0000 (22:22 -0700)]
ITS#6831 don't push stack unless needed
Howard Chu [Sat, 4 Jun 2011 04:55:22 +0000 (21:55 -0700)]
Fix
ce9bbd2 missing success return
Howard Chu [Sat, 4 Jun 2011 04:40:27 +0000 (21:40 -0700)]
ITS#6831 additional filter cmp fixes
Howard Chu [Sat, 4 Jun 2011 02:31:29 +0000 (19:31 -0700)]
ITS#6946 fix double-free, broken by
77a7ef0
Howard Chu [Sat, 4 Jun 2011 02:13:24 +0000 (19:13 -0700)]
ITS#6831 fix filter comparison
Howard Chu [Fri, 3 Jun 2011 18:51:11 +0000 (11:51 -0700)]
ITS#6959 document ldap_dnfree()
Howard Chu [Fri, 3 Jun 2011 18:24:19 +0000 (11:24 -0700)]
Drop note about slapcat for mirrormode
slapcat will always be self-consistent since the contextCSN is
snapshotted at the beginning of the dump.
Howard Chu [Wed, 1 Jun 2011 18:29:39 +0000 (11:29 -0700)]
More for ITS#6961 - deadlock checking
Howard Chu [Wed, 1 Jun 2011 08:44:51 +0000 (01:44 -0700)]
Fix for sparse ranges, get next ID from DB
Instead of iterating thru potentially many nonexistent IDs
Ralf Haferkamp [Thu, 26 May 2011 12:49:23 +0000 (14:49 +0200)]
ITS#6954 fix consistency checker prematurely deleting cached queries
Ralf Haferkamp [Thu, 26 May 2011 11:48:11 +0000 (13:48 +0200)]
fix uninitialized bindref_time (found with valgrind)