]> git.sur5r.net Git - openldap/log
openldap
13 years agomake sure size limits are passed to ldapsearch
Pierangelo Masarati [Mon, 22 Aug 2011 15:02:02 +0000 (09:02 -0600)]
make sure size limits are passed to ldapsearch

13 years agoerror messages from ldapsearch changed
Pierangelo Masarati [Mon, 22 Aug 2011 14:43:21 +0000 (08:43 -0600)]
error messages from ldapsearch changed

13 years agoadd notes about pwdAllowUserChange (more about ITS#7021)
Pierangelo Masarati [Sun, 21 Aug 2011 01:02:06 +0000 (19:02 -0600)]
add notes about pwdAllowUserChange (more about ITS#7021)

13 years agoaccording to draft-behera, this attribute only affects password modifies by self...
Pierangelo Masarati [Sun, 21 Aug 2011 00:50:33 +0000 (18:50 -0600)]
according to draft-behera, this attribute only affects password modifies by self (ITS#7021)

13 years agoFor #6982 fix a66fb16
Howard Chu [Thu, 18 Aug 2011 08:52:52 +0000 (01:52 -0700)]
For #6982 fix a66fb16

13 years agofix TTL tolerance (ITS#7017, patch by jvcelak@redhat.com)
Pierangelo Masarati [Wed, 17 Aug 2011 18:56:55 +0000 (12:56 -0600)]
fix TTL tolerance (ITS#7017, patch by jvcelak@redhat.com)

13 years agomake sure frontend gets the {-1} (ITS#7016)
Pierangelo Masarati [Wed, 17 Aug 2011 04:17:43 +0000 (22:17 -0600)]
make sure frontend gets the {-1} (ITS#7016)

13 years agohack for #6982 - keep o_abandon set in op_free
Howard Chu [Tue, 16 Aug 2011 20:51:10 +0000 (13:51 -0700)]
hack for #6982 - keep o_abandon set in op_free

13 years agoRevert "More for ITS#6892"
Howard Chu [Tue, 16 Aug 2011 20:49:27 +0000 (13:49 -0700)]
Revert "More for ITS#6892"

This reverts commit 3cb2ca8bbd1ec8da8f27a608deefc7a2d45aa538.
Patch has no benefit

13 years agoMore for ITS#6892
Howard Chu [Mon, 15 Aug 2011 22:40:46 +0000 (15:40 -0700)]
More for ITS#6892

13 years agohost part of unique URI must be empty (ITS#7018)
Pierangelo Masarati [Sat, 13 Aug 2011 21:33:19 +0000 (23:33 +0200)]
host part of unique URI must be empty (ITS#7018)

13 years agocleanup slapd.ldif; install it (ITS#7015)
Pierangelo Masarati [Thu, 11 Aug 2011 15:33:08 +0000 (17:33 +0200)]
cleanup slapd.ldif; install it (ITS#7015)

13 years agotypo in comment
Pierangelo Masarati [Thu, 11 Aug 2011 15:02:25 +0000 (17:02 +0200)]
typo in comment

13 years agouse ldap_search_ext(timelimit) instead of ldap_set_option(LDAP_OPT_TIMELIMIT) (relate...
Pierangelo Masarati [Thu, 11 Aug 2011 10:16:01 +0000 (12:16 +0200)]
use ldap_search_ext(timelimit) instead of ldap_set_option(LDAP_OPT_TIMELIMIT) (related to ITS#7009)

13 years agohonor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken)
Pierangelo Masarati [Wed, 10 Aug 2011 20:39:16 +0000 (22:39 +0200)]
honor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken)

13 years agomake sure 2-arg statements have exactly 2 args (related to ITS#7012)
Pierangelo Masarati [Wed, 10 Aug 2011 18:22:33 +0000 (20:22 +0200)]
make sure 2-arg statements have exactly 2 args (related to ITS#7012)

13 years agoTLS config statements always need an argument (related to ITS#7012)
Pierangelo Masarati [Wed, 10 Aug 2011 17:40:20 +0000 (19:40 +0200)]
TLS config statements always need an argument (related to ITS#7012)

13 years agoITS#6999 fix syncrepl timeout in refreshAndPersist
Howard Chu [Fri, 29 Jul 2011 20:05:45 +0000 (13:05 -0700)]
ITS#6999 fix syncrepl timeout in refreshAndPersist

13 years agoITS#7002 MozNSS: fix VerifyCert allow/try behavior
Rich Megginson [Thu, 28 Jul 2011 21:08:37 +0000 (14:08 -0700)]
ITS#7002 MozNSS: fix VerifyCert allow/try behavior

If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set.  This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.

13 years agoITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key
Rich Megginson [Tue, 26 Jul 2011 02:27:59 +0000 (20:27 -0600)]
ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key

If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.

13 years agoITS#7000 fix bad patch in ITS#6472
Howard Chu [Thu, 28 Jul 2011 20:52:47 +0000 (13:52 -0700)]
ITS#7000 fix bad patch in ITS#6472

13 years agoITS#7003 fix typo
Howard Chu [Thu, 28 Jul 2011 20:48:08 +0000 (13:48 -0700)]
ITS#7003 fix typo

13 years agoITS#6998 MozNSS: when cert not required, ignore issuer expiration
Jan Vcelak [Wed, 20 Jul 2011 16:55:33 +0000 (18:55 +0200)]
ITS#6998 MozNSS: when cert not required, ignore issuer expiration

When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.

13 years agoOnly return requested attrs in sssvlv response
Howard Chu [Mon, 18 Jul 2011 19:53:23 +0000 (12:53 -0700)]
Only return requested attrs in sssvlv response

13 years agoITS#6985 fix sssvlv target offset, ordering match
Howard Chu [Mon, 18 Jul 2011 19:41:51 +0000 (12:41 -0700)]
ITS#6985 fix sssvlv target offset, ordering match

13 years agoblind fix build on solaris native compilers (ITS#6992)
Pierangelo Masarati [Fri, 8 Jul 2011 06:47:28 +0000 (08:47 +0200)]
blind fix build on solaris native compilers (ITS#6992)

13 years agofix config emit (ITS#6986)
Pierangelo Masarati [Thu, 7 Jul 2011 06:14:14 +0000 (08:14 +0200)]
fix config emit (ITS#6986)

13 years agoITS#6982 fix md5 memset invocation
Howard Chu [Sat, 2 Jul 2011 05:55:06 +0000 (22:55 -0700)]
ITS#6982 fix md5 memset invocation

13 years agoauthTimestamp should be manageable (ITS#6873)
Pierangelo Masarati [Thu, 30 Jun 2011 19:52:28 +0000 (21:52 +0200)]
authTimestamp should be manageable (ITS#6873)

13 years agoresponse tag is [1] according to RFC 2589 (ITS#6886)
Pierangelo Masarati [Thu, 30 Jun 2011 19:20:54 +0000 (21:20 +0200)]
response tag is [1] according to RFC 2589 (ITS#6886)

13 years agoITS#6980 free the result of SSL_PeerCertificate
Rich Megginson [Wed, 29 Jun 2011 16:47:10 +0000 (10:47 -0600)]
ITS#6980 free the result of SSL_PeerCertificate

In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.

13 years agoITS#6828 set ld_errno on connect failures
Howard Chu [Tue, 28 Jun 2011 01:43:31 +0000 (18:43 -0700)]
ITS#6828 set ld_errno on connect failures

13 years agoMerge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap
Rein Tollevik [Mon, 27 Jun 2011 12:21:35 +0000 (14:21 +0200)]
Merge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap

13 years agoITS#6716 Extend test where consumer/provider holds CSNs with differing SIDs.
Rein Tollevik [Mon, 27 Jun 2011 12:17:39 +0000 (14:17 +0200)]
ITS#6716 Extend test where consumer/provider holds CSNs with differing SIDs.

13 years agoITS#6872 re-enable test058
Howard Chu [Mon, 27 Jun 2011 11:48:25 +0000 (04:48 -0700)]
ITS#6872 re-enable test058

13 years agoITS#6872 fix test058 breakage from prev patch
Howard Chu [Mon, 27 Jun 2011 11:46:43 +0000 (04:46 -0700)]
ITS#6872 fix test058 breakage from prev patch

13 years agoITS#6828 silence warning in prev commit
Howard Chu [Sat, 25 Jun 2011 01:03:11 +0000 (18:03 -0700)]
ITS#6828 silence warning in prev commit

13 years agoITS#6977 fix verbose check in client tools
Howard Chu [Fri, 24 Jun 2011 00:10:37 +0000 (17:10 -0700)]
ITS#6977 fix verbose check in client tools

13 years agoITS#6978 bail out on invalid input
Howard Chu [Thu, 23 Jun 2011 20:17:08 +0000 (13:17 -0700)]
ITS#6978 bail out on invalid input

13 years agoFix NO_THREADS typo
Howard Chu [Thu, 23 Jun 2011 03:03:02 +0000 (20:03 -0700)]
Fix NO_THREADS typo

13 years agoDisable test058 until it someone can track down what's wrong with it
Quanah Gibson-Mount [Wed, 22 Jun 2011 22:16:08 +0000 (15:16 -0700)]
Disable test058 until it someone can track down what's wrong with it

13 years agoITS#6716 Use sorted CSNs in syncrepl too
Howard Chu [Wed, 22 Jun 2011 07:29:47 +0000 (00:29 -0700)]
ITS#6716 Use sorted CSNs in syncrepl too

13 years agoITS#6716 use sorted CSNs, fix sessionlog
Howard Chu [Wed, 22 Jun 2011 04:42:44 +0000 (21:42 -0700)]
ITS#6716 use sorted CSNs, fix sessionlog

track a CSN per SID in the log->sl_mincsn

13 years agoITS#6716 Keep CSN lists sorted by SID
Howard Chu [Wed, 22 Jun 2011 03:44:53 +0000 (20:44 -0700)]
ITS#6716 Keep CSN lists sorted by SID

13 years agoITS#6817 fix RE24 build breakage
Howard Chu [Wed, 22 Jun 2011 00:05:53 +0000 (17:05 -0700)]
ITS#6817 fix RE24 build breakage

Should SLAP_AUTH_DN be #defined in release now?

13 years agoITS#6862 MozNSS - workaround PR_SetEnv bug
Rich Megginson [Tue, 21 Jun 2011 22:58:49 +0000 (15:58 -0700)]
ITS#6862 MozNSS - workaround PR_SetEnv bug

13 years agoITS#6975 MozNSS - allow cacertdir in most cases
Rich Megginson [Tue, 21 Jun 2011 00:28:48 +0000 (18:28 -0600)]
ITS#6975 MozNSS - allow cacertdir in most cases

OpenLDAP built with OpenSSL allows most any value of cacertdir - directory
is a file, directory does not contain any CA certs, directory does not
exist - users expect if they specify TLS_REQCERT=never, no matter what
the TLS_CACERTDIR setting is, TLS/SSL will just work.
TLS_CACERT, on the other hand, is a hard error.  Even if TLS_REQCERT=never,
if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will
fail.  This patch makes CACERT errors hard errors, and makes CACERTDIR
errors "soft" errors.  The code checks CACERT first and, even though
the function will return an error, checks CACERTDIR anyway so that if the
user sets TRACE mode they will get CACERTDIR processing messages.

13 years agoITS#6973 need limits_check if overlay is global
Howard Chu [Tue, 21 Jun 2011 09:40:38 +0000 (02:40 -0700)]
ITS#6973 need limits_check if overlay is global

13 years agoITS#6947 Handle missing '\n' termination in LDIF input
Jan Vcelak [Mon, 20 Jun 2011 15:31:57 +0000 (17:31 +0200)]
ITS#6947 Handle missing '\n' termination in LDIF input

13 years agoITS#6974 (Re)moving stray cleanup code.
Ondrej Kuznik [Thu, 16 Jun 2011 09:12:27 +0000 (11:12 +0200)]
ITS#6974 (Re)moving stray cleanup code.

13 years agoTweak back-ldif messages about CRC checksums.
Hallvard Furuseth [Mon, 20 Jun 2011 19:33:50 +0000 (21:33 +0200)]
Tweak back-ldif messages about CRC checksums.

13 years agoCleanup back-ldif CRC code.
Hallvard Furuseth [Mon, 20 Jun 2011 19:20:29 +0000 (21:20 +0200)]
Cleanup back-ldif CRC code.

Handle interrupted write() again.  Fix warnings/types.  #ifdef LDAP_DEBUG.

13 years agoMore fixes, add test script deltammr
Howard Chu [Mon, 20 Jun 2011 17:57:57 +0000 (10:57 -0700)]
More fixes, add test script

13 years agoFix missing si_syncCookie numcsns
Howard Chu [Mon, 20 Jun 2011 13:51:33 +0000 (06:51 -0700)]
Fix missing si_syncCookie numcsns

13 years agoMore tweaks for delta-mmr
Howard Chu [Mon, 20 Jun 2011 11:27:11 +0000 (04:27 -0700)]
More tweaks for delta-mmr

13 years agodelta-mmr conflict resolution
Howard Chu [Mon, 20 Jun 2011 03:03:01 +0000 (20:03 -0700)]
delta-mmr conflict resolution

13 years agoMore for conflict detection
Howard Chu [Mon, 20 Jun 2011 00:04:19 +0000 (17:04 -0700)]
More for conflict detection

13 years agoSetup delta-mmr using an overlay
Howard Chu [Sun, 19 Jun 2011 22:54:45 +0000 (15:54 -0700)]
Setup delta-mmr using an overlay

13 years agoAdditional getter methods for LDAPModification
Ralf Haferkamp [Wed, 15 Jun 2011 13:28:55 +0000 (15:28 +0200)]
Additional getter methods for LDAPModification

13 years agoITS#6657/6691 use proper SQL length data type
Howard Chu [Mon, 13 Jun 2011 20:54:56 +0000 (13:54 -0700)]
ITS#6657/6691 use proper SQL length data type

13 years agoITS#6971 correct option is --enable-wrappers
Quanah Gibson-Mount [Mon, 13 Jun 2011 20:46:01 +0000 (13:46 -0700)]
ITS#6971 correct option is --enable-wrappers

13 years agoITS#6944 limit op cache to 10 ops per thread
Howard Chu [Fri, 10 Jun 2011 10:27:40 +0000 (03:27 -0700)]
ITS#6944 limit op cache to 10 ops per thread

13 years agoAdd LDAP_OPT_X_TLS_PACKAGE
Howard Chu [Fri, 10 Jun 2011 09:11:26 +0000 (02:11 -0700)]
Add LDAP_OPT_X_TLS_PACKAGE

to return the name of the underlying TLS implementation

13 years agoITS#6892 shortcut for non-replicated ops
Howard Chu [Fri, 10 Jun 2011 08:44:30 +0000 (01:44 -0700)]
ITS#6892 shortcut for non-replicated ops

13 years agoITS#6967 normalize schema RDN
Howard Chu [Fri, 10 Jun 2011 08:35:19 +0000 (01:35 -0700)]
ITS#6967 normalize schema RDN

13 years agoAdd CRC32 checksum to back-ldif files
Howard Chu [Fri, 10 Jun 2011 04:09:41 +0000 (21:09 -0700)]
Add CRC32 checksum to back-ldif files

Currently just logs a complaint on checksum mismatch. Could get
more obnoxious later.

13 years agoFix prev commit
Howard Chu [Fri, 10 Jun 2011 01:07:13 +0000 (18:07 -0700)]
Fix prev commit

13 years agoTry to discourage editing back-ldif files
Howard Chu [Fri, 10 Jun 2011 00:59:08 +0000 (17:59 -0700)]
Try to discourage editing back-ldif files

13 years agoRevert "ITS#6688 enforce search ACL in back-perl"
Howard Chu [Thu, 9 Jun 2011 22:37:11 +0000 (15:37 -0700)]
Revert "ITS#6688 enforce search ACL in back-perl"

This reverts commit 53bb95a2e3456806b503415fb745eae1146c0627.
Code was working as designed/documented. Changing now will
probably break other users.

13 years agoITS#6688 enforce search ACL in back-perl
Howard Chu [Thu, 9 Jun 2011 22:25:32 +0000 (15:25 -0700)]
ITS#6688 enforce search ACL in back-perl

13 years agoITS#6889 regenerate configure
Quanah Gibson-Mount [Thu, 9 Jun 2011 18:05:09 +0000 (11:05 -0700)]
ITS#6889 regenerate configure

13 years agoITS#6872
cmikk@qwest.net [Tue, 29 Mar 2011 21:49:53 +0000 (21:49 +0000)]
ITS#6872

Perform the internal FIND_CSN search based at the backend's suffix with the
privileges of the backend's root DN.

13 years agoITS#6955 smbk5pwd: Support shadowLastChange
SATOH Fumiyasu [Thu, 26 May 2011 15:41:54 +0000 (00:41 +0900)]
ITS#6955 smbk5pwd: Support shadowLastChange

Fix typo -- hyc

13 years agoITS#6936 add connID and peername to auditlog
Howard Chu [Thu, 9 Jun 2011 08:01:06 +0000 (01:01 -0700)]
ITS#6936 add connID and peername to auditlog

From ksmith @ ycp.edu, with fixes by hyc

13 years agoITS#6906 Update cachesize recommendations
Tim Mooney [Tue, 12 Apr 2011 22:57:57 +0000 (17:57 -0500)]
ITS#6906 Update cachesize recommendations

to remove references to indexes in Hash format

Fix whitespace error -- hyc

13 years agoITS#6905 Update intro of slapd-config/slapd.conf
Tim Mooney [Tue, 12 Apr 2011 20:54:03 +0000 (15:54 -0500)]
ITS#6905 Update intro of slapd-config/slapd.conf

13 years agoITS#6904 Update to reflect that hdb is preferred
Tim Mooney [Tue, 12 Apr 2011 16:31:31 +0000 (11:31 -0500)]
ITS#6904 Update to reflect that hdb is preferred

Tweak wording -- hyc

13 years agoITS#6934 fix typo
Howard Chu [Thu, 9 Jun 2011 07:21:47 +0000 (00:21 -0700)]
ITS#6934 fix typo

13 years agoITS#6901 fix filter with zero-length values
Howard Chu [Thu, 9 Jun 2011 02:17:50 +0000 (19:17 -0700)]
ITS#6901 fix filter with zero-length values

13 years agoITS#6889 libfetch is a libldap dependency
Howard Chu [Thu, 9 Jun 2011 01:52:52 +0000 (18:52 -0700)]
ITS#6889 libfetch is a libldap dependency

13 years agoITS#6828 fix TLS setup with async connect
Howard Chu [Thu, 9 Jun 2011 01:27:54 +0000 (18:27 -0700)]
ITS#6828 fix TLS setup with async connect

13 years agoITS#6641 Bypass checks on ops with managedsait
Ondrej Kuznik [Fri, 6 May 2011 11:07:53 +0000 (13:07 +0200)]
ITS#6641 Bypass checks on ops with managedsait

Document the uniqueness changes

Fix whitespace in original patch -- hyc

13 years agoITS#6899
Pierangelo Masarati [Wed, 8 Jun 2011 20:14:54 +0000 (22:14 +0200)]
ITS#6899

tag read entry response control value with [APPLICATION 4] (SearchResultEntry)

13 years agofix typo in previous commit
Pierangelo Masarati [Tue, 7 Jun 2011 22:29:39 +0000 (00:29 +0200)]
fix typo in previous commit

13 years agoITS#6948 partial revert of #6837, unnecessary
Howard Chu [Tue, 7 Jun 2011 02:55:09 +0000 (19:55 -0700)]
ITS#6948 partial revert of #6837, unnecessary

13 years agoITS#6948 fix ITS#6837 patch
Howard Chu [Sun, 5 Jun 2011 20:59:19 +0000 (13:59 -0700)]
ITS#6948 fix ITS#6837 patch

13 years agoITS#6963 config entries' objectclass is read-only
Howard Chu [Sat, 4 Jun 2011 20:40:57 +0000 (13:40 -0700)]
ITS#6963 config entries' objectclass is read-only

13 years agoITS#6831 don't push stack unless needed
Howard Chu [Sat, 4 Jun 2011 05:22:48 +0000 (22:22 -0700)]
ITS#6831 don't push stack unless needed

13 years agoFix ce9bbd2 missing success return
Howard Chu [Sat, 4 Jun 2011 04:55:22 +0000 (21:55 -0700)]
Fix ce9bbd2 missing success return

13 years agoITS#6831 additional filter cmp fixes
Howard Chu [Sat, 4 Jun 2011 04:40:27 +0000 (21:40 -0700)]
ITS#6831 additional filter cmp fixes

13 years agoITS#6946 fix double-free, broken by 77a7ef0
Howard Chu [Sat, 4 Jun 2011 02:31:29 +0000 (19:31 -0700)]
ITS#6946 fix double-free, broken by 77a7ef0

13 years agoITS#6831 fix filter comparison
Howard Chu [Sat, 4 Jun 2011 02:13:24 +0000 (19:13 -0700)]
ITS#6831 fix filter comparison

13 years agoITS#6959 document ldap_dnfree()
Howard Chu [Fri, 3 Jun 2011 18:51:11 +0000 (11:51 -0700)]
ITS#6959 document ldap_dnfree()

13 years agoDrop note about slapcat for mirrormode
Howard Chu [Fri, 3 Jun 2011 18:24:19 +0000 (11:24 -0700)]
Drop note about slapcat for mirrormode

slapcat will always be self-consistent since the contextCSN is
snapshotted at the beginning of the dump.

13 years agoMore for ITS#6961 - deadlock checking
Howard Chu [Wed, 1 Jun 2011 18:29:39 +0000 (11:29 -0700)]
More for ITS#6961 - deadlock checking

13 years agoFix for sparse ranges, get next ID from DB
Howard Chu [Wed, 1 Jun 2011 08:44:51 +0000 (01:44 -0700)]
Fix for sparse ranges, get next ID from DB

Instead of iterating thru potentially many nonexistent IDs

13 years agoITS#6954 fix consistency checker prematurely deleting cached queries
Ralf Haferkamp [Thu, 26 May 2011 12:49:23 +0000 (14:49 +0200)]
ITS#6954 fix consistency checker prematurely deleting cached queries

13 years agofix uninitialized bindref_time (found with valgrind)
Ralf Haferkamp [Thu, 26 May 2011 11:48:11 +0000 (13:48 +0200)]
fix uninitialized bindref_time (found with valgrind)

13 years agoITS#6953 do not use the cache db when refreshing
Ralf Haferkamp [Thu, 26 May 2011 07:05:01 +0000 (09:05 +0200)]
ITS#6953 do not use the cache db when refreshing

13 years agoITS#6915 document replication behavior
Howard Chu [Tue, 24 May 2011 18:20:12 +0000 (11:20 -0700)]
ITS#6915 document replication behavior