]> git.sur5r.net Git - openldap/log
openldap
13 years agoITS#7028 man: slapo-unique(5) quoting keywords
Jan Vcelak [Wed, 24 Aug 2011 17:19:09 +0000 (19:19 +0200)]
ITS#7028 man: slapo-unique(5) quoting keywords

13 years agoITS#7023 document TLSCACertificateFile in the man page as it is in the Admin Guide
Francis Swasey [Thu, 18 Aug 2011 16:01:35 +0000 (12:01 -0400)]
ITS#7023 document TLSCACertificateFile in the man page as it is in the Admin Guide

13 years agoITS#7022 cleanup prev commit
Howard Chu [Wed, 24 Aug 2011 22:37:52 +0000 (15:37 -0700)]
ITS#7022 cleanup prev commit

13 years agoITS#7022 NSS_Init* functions are not thread safe
Rich Megginson [Tue, 16 Aug 2011 18:01:16 +0000 (12:01 -0600)]
ITS#7022 NSS_Init* functions are not thread safe

The NSS_InitContext et. al, and their corresponding shutdown functions,
are not thread safe.  There can only be one thread at a time calling
these functions.  Protect the calls with a mutex.  Create the mutex
using a PR_CallOnce to ensure that the mutex is only created once and
not used before created.  Move the registration of the nss shutdown
callback to also use a PR_CallOnce.  Removed the call to
SSL_ClearSessionCache() because it is always called at shutdown, and we must
not call it more than once.

13 years agoITS#7014 TLS: don't check hostname if reqcert is 'allow'
Jan Vcelak [Tue, 9 Aug 2011 13:21:34 +0000 (15:21 +0200)]
ITS#7014 TLS: don't check hostname if reqcert is 'allow'

If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.

13 years agoMore abandon paranoia
Howard Chu [Wed, 24 Aug 2011 21:57:36 +0000 (14:57 -0700)]
More abandon paranoia

13 years agoDon't replicate refint repair ops
Howard Chu [Mon, 22 Aug 2011 21:05:58 +0000 (14:05 -0700)]
Don't replicate refint repair ops

13 years agoerror messages from ldapsearch changed
Pierangelo Masarati [Mon, 22 Aug 2011 14:43:21 +0000 (08:43 -0600)]
error messages from ldapsearch changed

13 years agofurther cleanup of ldapsearch response
Pierangelo Masarati [Mon, 22 Aug 2011 17:18:07 +0000 (11:18 -0600)]
further cleanup of ldapsearch response

13 years agoreferral is a legitimate result
Pierangelo Masarati [Mon, 22 Aug 2011 15:07:54 +0000 (09:07 -0600)]
referral is a legitimate result

13 years agomake sure size limits are passed to ldapsearch
Pierangelo Masarati [Mon, 22 Aug 2011 15:02:02 +0000 (09:02 -0600)]
make sure size limits are passed to ldapsearch

13 years agoITS#7021
Quanah Gibson-Mount [Thu, 6 Oct 2011 23:51:40 +0000 (16:51 -0700)]
ITS#7021

13 years agoadd notes about pwdAllowUserChange (more about ITS#7021)
Pierangelo Masarati [Sun, 21 Aug 2011 01:02:06 +0000 (19:02 -0600)]
add notes about pwdAllowUserChange (more about ITS#7021)

13 years agoaccording to draft-behera, this attribute only affects password modifies by self...
Pierangelo Masarati [Sun, 21 Aug 2011 00:50:33 +0000 (18:50 -0600)]
according to draft-behera, this attribute only affects password modifies by self (ITS#7021)

13 years agoFor #6982 fix a66fb16
Howard Chu [Thu, 18 Aug 2011 08:52:52 +0000 (01:52 -0700)]
For #6982 fix a66fb16

13 years agoITS#7017
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:58:19 +0000 (16:58 -0700)]
ITS#7017

13 years agofix TTL tolerance (ITS#7017, patch by jvcelak@redhat.com)
Pierangelo Masarati [Wed, 17 Aug 2011 18:56:55 +0000 (12:56 -0600)]
fix TTL tolerance (ITS#7017, patch by jvcelak@redhat.com)

13 years agoITS#7016
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:57:21 +0000 (16:57 -0700)]
ITS#7016

13 years agomake sure frontend gets the {-1} (ITS#7016)
Pierangelo Masarati [Wed, 17 Aug 2011 04:17:43 +0000 (22:17 -0600)]
make sure frontend gets the {-1} (ITS#7016)

13 years agohack for #6982 - keep o_abandon set in op_free
Howard Chu [Tue, 16 Aug 2011 20:51:10 +0000 (13:51 -0700)]
hack for #6982 - keep o_abandon set in op_free

13 years agoRevert "More for ITS#6892"
Howard Chu [Tue, 16 Aug 2011 20:49:27 +0000 (13:49 -0700)]
Revert "More for ITS#6892"

This reverts commit 3cb2ca8bbd1ec8da8f27a608deefc7a2d45aa538.
Patch has no benefit

13 years agoITS#6892 again
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:52:12 +0000 (16:52 -0700)]
ITS#6892 again

13 years agoMore for ITS#6892
Howard Chu [Mon, 15 Aug 2011 22:40:46 +0000 (15:40 -0700)]
More for ITS#6892

13 years agoITS#7018
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:50:32 +0000 (16:50 -0700)]
ITS#7018

13 years agohost part of unique URI must be empty (ITS#7018)
Pierangelo Masarati [Sat, 13 Aug 2011 21:33:19 +0000 (23:33 +0200)]
host part of unique URI must be empty (ITS#7018)

13 years agoITS#7015
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:48:57 +0000 (16:48 -0700)]
ITS#7015

13 years agocleanup slapd.ldif; install it (ITS#7015)
Pierangelo Masarati [Thu, 11 Aug 2011 15:33:08 +0000 (17:33 +0200)]
cleanup slapd.ldif; install it (ITS#7015)

13 years agotypo in comment
Pierangelo Masarati [Thu, 11 Aug 2011 15:02:25 +0000 (17:02 +0200)]
typo in comment

13 years agouse ldap_search_ext(timelimit) instead of ldap_set_option(LDAP_OPT_TIMELIMIT) (relate...
Pierangelo Masarati [Thu, 11 Aug 2011 10:16:01 +0000 (12:16 +0200)]
use ldap_search_ext(timelimit) instead of ldap_set_option(LDAP_OPT_TIMELIMIT) (related to ITS#7009)

13 years agoITS#7009
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:46:29 +0000 (16:46 -0700)]
ITS#7009

13 years agohonor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken)
Pierangelo Masarati [Wed, 10 Aug 2011 20:39:16 +0000 (22:39 +0200)]
honor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken)

13 years agoITS#7012
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:45:20 +0000 (16:45 -0700)]
ITS#7012

13 years agomake sure 2-arg statements have exactly 2 args (related to ITS#7012)
Pierangelo Masarati [Wed, 10 Aug 2011 18:22:33 +0000 (20:22 +0200)]
make sure 2-arg statements have exactly 2 args (related to ITS#7012)

13 years agoTLS config statements always need an argument (related to ITS#7012)
Pierangelo Masarati [Wed, 10 Aug 2011 17:40:20 +0000 (19:40 +0200)]
TLS config statements always need an argument (related to ITS#7012)

13 years agoITS#6999
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:42:53 +0000 (16:42 -0700)]
ITS#6999

13 years agoITS#6999 fix syncrepl timeout in refreshAndPersist
Howard Chu [Fri, 29 Jul 2011 20:05:45 +0000 (13:05 -0700)]
ITS#6999 fix syncrepl timeout in refreshAndPersist

13 years agoITS#7001
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:41:45 +0000 (16:41 -0700)]
ITS#7001
ITS#7002

13 years agoITS#7002 MozNSS: fix VerifyCert allow/try behavior
Rich Megginson [Thu, 28 Jul 2011 21:08:37 +0000 (14:08 -0700)]
ITS#7002 MozNSS: fix VerifyCert allow/try behavior

If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set.  This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.

13 years agoITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key
Rich Megginson [Tue, 26 Jul 2011 02:27:59 +0000 (20:27 -0600)]
ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key

If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.

13 years agoITS#7000
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:38:00 +0000 (16:38 -0700)]
ITS#7000

13 years agoITS#7000 fix bad patch in ITS#6472
Howard Chu [Thu, 28 Jul 2011 20:52:47 +0000 (13:52 -0700)]
ITS#7000 fix bad patch in ITS#6472

13 years agoITS#6992,ITS#6998,ITS#7003
Quanah Gibson-Mount [Wed, 5 Oct 2011 23:19:24 +0000 (16:19 -0700)]
ITS#6992,ITS#6998,ITS#7003

13 years agoITS#7003 fix typo
Howard Chu [Thu, 28 Jul 2011 20:48:08 +0000 (13:48 -0700)]
ITS#7003 fix typo

13 years agoITS#6998 MozNSS: when cert not required, ignore issuer expiration
Jan Vcelak [Wed, 20 Jul 2011 16:55:33 +0000 (18:55 +0200)]
ITS#6998 MozNSS: when cert not required, ignore issuer expiration

When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.

13 years agoblind fix build on solaris native compilers (ITS#6992)
Pierangelo Masarati [Fri, 8 Jul 2011 06:47:28 +0000 (08:47 +0200)]
blind fix build on solaris native compilers (ITS#6992)

13 years agoOnly return requested attrs in sssvlv response
Howard Chu [Mon, 18 Jul 2011 19:53:23 +0000 (12:53 -0700)]
Only return requested attrs in sssvlv response

13 years agoITS#6985 fix sssvlv target offset, ordering match
Howard Chu [Mon, 18 Jul 2011 19:41:51 +0000 (12:41 -0700)]
ITS#6985 fix sssvlv target offset, ordering match

13 years agoITS#6986
Quanah Gibson-Mount [Wed, 7 Sep 2011 00:22:36 +0000 (17:22 -0700)]
ITS#6986

13 years agofix config emit (ITS#6986)
Pierangelo Masarati [Thu, 7 Jul 2011 06:14:14 +0000 (08:14 +0200)]
fix config emit (ITS#6986)

13 years agoITS#6982
Quanah Gibson-Mount [Wed, 7 Sep 2011 00:21:18 +0000 (17:21 -0700)]
ITS#6982

13 years agoITS#6982 fix md5 memset invocation
Howard Chu [Sat, 2 Jul 2011 05:55:06 +0000 (22:55 -0700)]
ITS#6982 fix md5 memset invocation

13 years agoITS#6873
Quanah Gibson-Mount [Tue, 6 Sep 2011 20:02:43 +0000 (13:02 -0700)]
ITS#6873

13 years agoauthTimestamp should be manageable (ITS#6873)
Pierangelo Masarati [Thu, 30 Jun 2011 19:52:28 +0000 (21:52 +0200)]
authTimestamp should be manageable (ITS#6873)

13 years agoITS#6886
Quanah Gibson-Mount [Tue, 6 Sep 2011 20:01:20 +0000 (13:01 -0700)]
ITS#6886

13 years agoresponse tag is [1] according to RFC 2589 (ITS#6886)
Pierangelo Masarati [Thu, 30 Jun 2011 19:20:54 +0000 (21:20 +0200)]
response tag is [1] according to RFC 2589 (ITS#6886)

13 years agoITS#6980
Quanah Gibson-Mount [Tue, 6 Sep 2011 20:00:04 +0000 (13:00 -0700)]
ITS#6980

13 years agoITS#6980 free the result of SSL_PeerCertificate
Rich Megginson [Wed, 29 Jun 2011 16:47:10 +0000 (10:47 -0600)]
ITS#6980 free the result of SSL_PeerCertificate

In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.

13 years agoITS#6734,ITS#7029,ITS#7031: Add support for delta-syncrepl based MMR
Quanah Gibson-Mount [Tue, 6 Sep 2011 19:57:09 +0000 (12:57 -0700)]
ITS#6734,ITS#7029,ITS#7031: Add support for delta-syncrepl based MMR

13 years agoFor test063
Howard Chu [Wed, 31 Aug 2011 02:14:56 +0000 (19:14 -0700)]
For test063

add hex timestamp to lutil_debug() output
Fix LASTMOD race condition in accesslog.c
Set refreshInterval even if using refreshAndPersist, since
fallbacks will use refresh params

13 years agoITS#7029,#7031 More for prev commit
Howard Chu [Fri, 26 Aug 2011 23:56:18 +0000 (16:56 -0700)]
ITS#7029,#7031 More for prev commit

13 years agoITS#7029 fix uninit'd nvalue
Howard Chu [Wed, 24 Aug 2011 23:09:37 +0000 (16:09 -0700)]
ITS#7029 fix uninit'd nvalue

13 years agoMore fixes, add test script
Howard Chu [Mon, 20 Jun 2011 17:57:57 +0000 (10:57 -0700)]
More fixes, add test script

13 years agoFix missing si_syncCookie numcsns
Howard Chu [Mon, 20 Jun 2011 13:51:33 +0000 (06:51 -0700)]
Fix missing si_syncCookie numcsns

13 years agoMore tweaks for delta-mmr
Howard Chu [Mon, 20 Jun 2011 11:27:11 +0000 (04:27 -0700)]
More tweaks for delta-mmr

13 years agodelta-mmr conflict resolution
Howard Chu [Mon, 20 Jun 2011 03:03:01 +0000 (20:03 -0700)]
delta-mmr conflict resolution

13 years agoMore for conflict detection
Howard Chu [Mon, 20 Jun 2011 00:04:19 +0000 (17:04 -0700)]
More for conflict detection

13 years agoSetup delta-mmr using an overlay
Howard Chu [Sun, 19 Jun 2011 22:54:45 +0000 (15:54 -0700)]
Setup delta-mmr using an overlay

13 years agoITS#6561 (Required for delta-syncrepl MMR support)
Quanah Gibson-Mount [Tue, 6 Sep 2011 19:47:42 +0000 (12:47 -0700)]
ITS#6561 (Required for delta-syncrepl MMR support)

13 years agoMore for #6561 - delete returns NO_SUCH_ATTRIBUTE, not TYPE_OR_VALUE_EXISTS
Howard Chu [Fri, 4 Mar 2011 07:54:06 +0000 (07:54 +0000)]
More for #6561 - delete returns NO_SUCH_ATTRIBUTE, not TYPE_OR_VALUE_EXISTS

13 years agoadd support for ADD_IF_NOT_PRESENT and SOFTDEL internal modification types (ITS#6561)
Pierangelo Masarati [Tue, 7 Sep 2010 13:21:20 +0000 (13:21 +0000)]
add support for ADD_IF_NOT_PRESENT and SOFTDEL internal modification types (ITS#6561)

13 years agoReturn to release engineering
Quanah Gibson-Mount [Fri, 2 Sep 2011 17:42:05 +0000 (10:42 -0700)]
Return to release engineering

13 years agoUpdate for release OPENLDAP_REL_ENG_2_4_26
Kurt Zeilenga [Thu, 30 Jun 2011 15:13:36 +0000 (08:13 -0700)]
Update for release

13 years agoPrep for release
Quanah Gibson-Mount [Tue, 28 Jun 2011 18:32:47 +0000 (11:32 -0700)]
Prep for release

13 years agoITS#6828 set ld_errno on connect failures
Howard Chu [Tue, 28 Jun 2011 01:43:31 +0000 (18:43 -0700)]
ITS#6828 set ld_errno on connect failures

13 years agoITS#6716 Extend test where consumer/provider holds CSNs with differing SIDs.
Rein Tollevik [Mon, 27 Jun 2011 12:17:39 +0000 (14:17 +0200)]
ITS#6716 Extend test where consumer/provider holds CSNs with differing SIDs.

13 years agoMerge branch 'OPENLDAP_REL_ENG_2_4' of ssh://git-master.openldap.org/~git/git/openlda...
Quanah Gibson-Mount [Mon, 27 Jun 2011 21:49:19 +0000 (14:49 -0700)]
Merge branch 'OPENLDAP_REL_ENG_2_4' of ssh://git-master.openldap.org/~git/git/openldap into OPENLDAP_REL_ENG_2_4

13 years agoITS#6872 re-enable test058
Howard Chu [Mon, 27 Jun 2011 11:48:25 +0000 (04:48 -0700)]
ITS#6872 re-enable test058

13 years agoITS#6872 fix test058 breakage from prev patch
Howard Chu [Mon, 27 Jun 2011 11:46:43 +0000 (04:46 -0700)]
ITS#6872 fix test058 breakage from prev patch

13 years agoupdate on ITS #6870 - provide ldif.h interface
Jan Vcelak [Mon, 27 Jun 2011 15:39:10 +0000 (17:39 +0200)]
update on ITS #6870 - provide ldif.h interface

13 years agoITS#6828 silence warning in prev commit
Howard Chu [Sat, 25 Jun 2011 01:03:11 +0000 (18:03 -0700)]
ITS#6828 silence warning in prev commit

13 years agoITS#6977 fix verbose check in client tools
Howard Chu [Fri, 24 Jun 2011 20:22:38 +0000 (13:22 -0700)]
ITS#6977 fix verbose check in client tools

13 years agoITS#6978 bail out on invalid LDIF
Howard Chu [Fri, 24 Jun 2011 20:10:01 +0000 (13:10 -0700)]
ITS#6978 bail out on invalid LDIF

13 years agoITS#6815 delimited verbstring parsing
Howard Chu [Wed, 23 Feb 2011 03:44:54 +0000 (03:44 +0000)]
ITS#6815 delimited verbstring parsing

13 years agoDisable test058 until it someone can track down what's wrong with it
Quanah Gibson-Mount [Wed, 22 Jun 2011 22:16:08 +0000 (15:16 -0700)]
Disable test058 until it someone can track down what's wrong with it

13 years agoITS#6716 Use sorted CSNs in syncrepl too
Howard Chu [Wed, 22 Jun 2011 07:29:47 +0000 (00:29 -0700)]
ITS#6716 Use sorted CSNs in syncrepl too

13 years agoITS#6716 use sorted CSNs, fix sessionlog
Howard Chu [Wed, 22 Jun 2011 04:42:44 +0000 (21:42 -0700)]
ITS#6716 use sorted CSNs, fix sessionlog

track a CSN per SID in the log->sl_mincsn

13 years agoITS#6716 Keep CSN lists sorted by SID
Howard Chu [Wed, 22 Jun 2011 03:44:53 +0000 (20:44 -0700)]
ITS#6716 Keep CSN lists sorted by SID

13 years agoITS#6817
Quanah Gibson-Mount [Wed, 22 Jun 2011 00:54:02 +0000 (17:54 -0700)]
ITS#6817

13 years agoITS#6817 fix RE24 build breakage
Howard Chu [Wed, 22 Jun 2011 00:05:53 +0000 (17:05 -0700)]
ITS#6817 fix RE24 build breakage

Should SLAP_AUTH_DN be #defined in release now?

13 years agoITS#6862
Quanah Gibson-Mount [Wed, 22 Jun 2011 00:51:41 +0000 (17:51 -0700)]
ITS#6862
ITS#6975

13 years agoITS#6862 MozNSS - workaround PR_SetEnv bug
Rich Megginson [Tue, 21 Jun 2011 22:58:49 +0000 (15:58 -0700)]
ITS#6862 MozNSS - workaround PR_SetEnv bug

13 years agoITS#6975 MozNSS - allow cacertdir in most cases
Rich Megginson [Tue, 21 Jun 2011 00:28:48 +0000 (18:28 -0600)]
ITS#6975 MozNSS - allow cacertdir in most cases

OpenLDAP built with OpenSSL allows most any value of cacertdir - directory
is a file, directory does not contain any CA certs, directory does not
exist - users expect if they specify TLS_REQCERT=never, no matter what
the TLS_CACERTDIR setting is, TLS/SSL will just work.
TLS_CACERT, on the other hand, is a hard error.  Even if TLS_REQCERT=never,
if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will
fail.  This patch makes CACERT errors hard errors, and makes CACERTDIR
errors "soft" errors.  The code checks CACERT first and, even though
the function will return an error, checks CACERTDIR anyway so that if the
user sets TRACE mode they will get CACERTDIR processing messages.

13 years agoITS#6973
Quanah Gibson-Mount [Tue, 21 Jun 2011 20:06:59 +0000 (13:06 -0700)]
ITS#6973

13 years agoITS#6973 need limits_check if overlay is global
Howard Chu [Tue, 21 Jun 2011 09:40:38 +0000 (02:40 -0700)]
ITS#6973 need limits_check if overlay is global

13 years agoITS#6947
Quanah Gibson-Mount [Tue, 21 Jun 2011 20:05:27 +0000 (13:05 -0700)]
ITS#6947

13 years agoITS#6947 Handle missing '\n' termination in LDIF input
Jan Vcelak [Mon, 20 Jun 2011 15:31:57 +0000 (17:31 +0200)]
ITS#6947 Handle missing '\n' termination in LDIF input

13 years agoITS#6974
Quanah Gibson-Mount [Tue, 21 Jun 2011 20:04:22 +0000 (13:04 -0700)]
ITS#6974

13 years agoITS#6974 (Re)moving stray cleanup code.
Ondrej Kuznik [Thu, 16 Jun 2011 09:12:27 +0000 (11:12 +0200)]
ITS#6974 (Re)moving stray cleanup code.

13 years agoTweak back-ldif messages about CRC checksums.
Hallvard Furuseth [Mon, 20 Jun 2011 19:33:50 +0000 (21:33 +0200)]
Tweak back-ldif messages about CRC checksums.

13 years agoCleanup back-ldif CRC code.
Hallvard Furuseth [Mon, 20 Jun 2011 19:20:29 +0000 (21:20 +0200)]
Cleanup back-ldif CRC code.

Handle interrupted write() again.  Fix warnings/types.  #ifdef LDAP_DEBUG.