]>
git.sur5r.net Git - openldap/log
Howard Chu [Sun, 9 Apr 2017 21:45:36 +0000 (22:45 +0100)]
Fix autoca schema init
Wait for core.schema to get loaded
Howard Chu [Sun, 9 Apr 2017 20:37:55 +0000 (21:37 +0100)]
Cleanup test066 comments
Howard Chu [Sun, 9 Apr 2017 19:48:37 +0000 (20:48 +0100)]
autoca manpage updates
Howard Chu [Sun, 9 Apr 2017 19:33:50 +0000 (20:33 +0100)]
Add autoca test script
Howard Chu [Sun, 9 Apr 2017 19:31:11 +0000 (20:31 +0100)]
autoca fixups
Move install of CA cert to a pool thread, otherwise cn=config deadlocks
on dynamically loaded overlay.
Dup/release entry before attempting to modify it, to avoid deadlocks
in back-bdb/hdb.
Always use PKCS#8 format when storing private keys.
Howard Chu [Sun, 9 Apr 2017 19:29:47 +0000 (20:29 +0100)]
Fixup for ;binary config attrs
Use the plain attributeDescription when searching config tables
Howard Chu [Sun, 9 Apr 2017 15:40:25 +0000 (16:40 +0100)]
Add localDN config
If a cert is generated for this DN, configure it as the local
TLS cert/key
Howard Chu [Sun, 9 Apr 2017 14:42:17 +0000 (15:42 +0100)]
Set the CA cert in cn=config if none was already set
Howard Chu [Sun, 9 Apr 2017 14:41:16 +0000 (15:41 +0100)]
Fixup pause handling, silence warnings
Don't try to resume the pool if pausing failed.
Howard Chu [Sun, 9 Apr 2017 14:39:44 +0000 (15:39 +0100)]
Fixup handle_pause()
Return -1 if running on the main thread - which means there
are no worker threads to pause.
Howard Chu [Sun, 9 Apr 2017 14:39:13 +0000 (15:39 +0100)]
Fixup cacert option
Howard Chu [Sun, 9 Apr 2017 14:35:05 +0000 (15:35 +0100)]
Add ldap_pvt_thread_pool_queues decl
Was missing from
0ef9e6107baf45d29e194442991132df6c190adb
Howard Chu [Sun, 9 Apr 2017 13:51:25 +0000 (14:51 +0100)]
Support setting cacert/cert/key directly in cn=config entry
Howard Chu [Sun, 9 Apr 2017 13:49:48 +0000 (14:49 +0100)]
Fixup cacert/cert/key options
Add get_option support, allow delete by setting a NULL arg.
Howard Chu [Sun, 9 Apr 2017 13:15:28 +0000 (14:15 +0100)]
Move privateKey schema into slapd
Howard Chu [Sun, 9 Apr 2017 10:30:39 +0000 (11:30 +0100)]
Flesh out experimental OIDs
Howard Chu [Sun, 9 Apr 2017 02:55:01 +0000 (03:55 +0100)]
Catalog of assigned OID arcs
With some specific elements as well, but not exhaustively listed.
Patches welcome.
Howard Chu [Sun, 9 Apr 2017 01:21:06 +0000 (02:21 +0100)]
Add config support for binary values
Use base64 for .conf files, straight binary for back-config
Howard Chu [Sat, 8 Apr 2017 23:13:42 +0000 (00:13 +0100)]
Add options to use DER format cert+keys directly
Instead of loading from files.
Howard Chu [Fri, 7 Apr 2017 14:25:37 +0000 (15:25 +0100)]
Add autoca overlay
Automated certificate authority
Ondřej Kuzník [Tue, 4 Apr 2017 17:24:57 +0000 (18:24 +0100)]
ITS#6545 Update accesslog format and syncrepl consumer
Make two successive modifications of the same attribute separate. This
lets the consumer interpret the log entry the same way as the server
that produced it.
Still depends on the log entry attributes being read in the same order
as they were written.
Quanah Gibson-Mount [Fri, 7 Apr 2017 20:39:11 +0000 (13:39 -0700)]
ITS#8353, ITS#8533 - Cleanup for libldap_r
Quanah Gibson-Mount [Thu, 6 Apr 2017 22:12:02 +0000 (15:12 -0700)]
ITS#8353, ITS#8533 - Fix libldap_r compilation
Quanah Gibson-Mount [Thu, 6 Apr 2017 18:47:06 +0000 (11:47 -0700)]
ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later
Ondřej Kuzník [Sun, 22 Nov 2015 18:36:45 +0000 (18:36 +0000)]
ITS#8266 Allow empty mods
Quanah Gibson-Mount [Wed, 29 Mar 2017 21:29:25 +0000 (14:29 -0700)]
ITS#7700 - Update documentation about the "limits" configuration option
Quanah Gibson-Mount [Wed, 29 Mar 2017 20:47:13 +0000 (13:47 -0700)]
ITS#7700 - Update syncrepl configuration bits with missing parameters
Quanah Gibson-Mount [Wed, 29 Mar 2017 19:36:42 +0000 (12:36 -0700)]
ITS#7177, ITS#6339 - Fix VV option information
Jan Vcelak [Wed, 22 Feb 2012 12:04:49 +0000 (13:04 +0100)]
ITS#7177 add SASL_NOCANON option to ldap.conf(5)
Quanah Gibson-Mount [Wed, 29 Mar 2017 19:00:26 +0000 (12:00 -0700)]
ITS#7341 Fix typo in access control so that it is attrs= not attr=
Gerardo Santana [Sun, 11 Sep 2016 15:43:16 +0000 (10:43 -0500)]
ITS#8499 Fix typo in admin guide
Ondřej Kuzník [Sun, 9 Oct 2016 10:07:36 +0000 (11:07 +0100)]
ITS#8513 Update TOTP README
Quanah Gibson-Mount [Wed, 29 Mar 2017 17:44:55 +0000 (10:44 -0700)]
ITS#8587 - Fix typos
Ondřej Kuzník [Tue, 28 Mar 2017 14:32:27 +0000 (15:32 +0100)]
ITS#8625 Separate Avlnode and TAvlnode types
Switch AVL_CHILD/AVL_THREAD values and set Avlnode bits to AVL_CHILD for
better compatibility between avl and tavl as suggested by Howard.
Howard Chu [Thu, 16 Mar 2017 14:21:31 +0000 (14:21 +0000)]
ITS#8054 add queue time to log
Show time spent in conn+threadpool queues before an op actually executes.
Also clean up timestamp handling
Howard Chu [Wed, 15 Mar 2017 11:13:09 +0000 (11:13 +0000)]
Fixes for multiple threadpool queues
Remove poolq_hash, it wasn't distributing work evenly to the queues.
Just walk through all queues and use the one with smallest
active+pending count. Since pool_retract also relied on the hash,
a different means of locating the thread to retract was needed.
Add pool_submit2 which returns the threadpool task structure,
and record which poolq this task lives on.
Ondřej Kuzník [Wed, 22 Feb 2017 18:24:48 +0000 (18:24 +0000)]
ITS#8574 - Deal with rDN correctly
This fixes issues with values that need escaping in the rDN when an
incorrect value would be passed to the handler and back-ldif.
Howard Guo [Thu, 10 Nov 2016 14:39:03 +0000 (15:39 +0100)]
ITS#8529 Avoid hiding the error if user specified CA does not load
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.
This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
Quanah Gibson-Mount [Wed, 22 Feb 2017 00:02:17 +0000 (16:02 -0800)]
ITS8589 - This modifies the test so that it will not trigger the issue described in the ITS.
Quanah Gibson-Mount [Tue, 21 Feb 2017 23:27:13 +0000 (15:27 -0800)]
ITS#8253 - Further clarification around replication information
Howard Chu [Tue, 7 Feb 2017 12:56:35 +0000 (12:56 +0000)]
ITS#8585 Fail ldap_result if handle is already bad
Quanah Gibson-Mount [Mon, 6 Feb 2017 23:27:25 +0000 (15:27 -0800)]
ITS#8253 - better document options for the syncprov module
Howard Chu [Mon, 6 Feb 2017 09:30:51 +0000 (09:30 +0000)]
Document threadqueues option
Implemented in
34f832faee9f215dfdb61de52506f2905258b147
Quanah Gibson-Mount [Fri, 3 Feb 2017 22:30:30 +0000 (14:30 -0800)]
Correctly exit if the backend is back-ldap
Quanah Gibson-Mount [Thu, 2 Feb 2017 18:43:01 +0000 (10:43 -0800)]
Tweak examples to use back-mdb
Howard Chu [Wed, 1 Feb 2017 11:10:31 +0000 (11:10 +0000)]
ITS#8576 Revert "LDAP_TAILQ fix"
This reverts commit
8ee824832844c16d4199f3aacd8b1d613933a7d5 .
Quanah Gibson-Mount [Wed, 1 Feb 2017 00:17:02 +0000 (16:17 -0800)]
Fix comparison error
Howard Chu [Thu, 26 Jan 2017 10:28:38 +0000 (10:28 +0000)]
More for large multival attrs
Fix
23352855028923acb8e8a4a1d5c427006085bfeb
Use custom dupsort function, pass attributeDescription in so
it can use the actual matching rule for sorting.
Quanah Gibson-Mount [Tue, 24 Jan 2017 17:14:11 +0000 (09:14 -0800)]
Ensure BCMD is always defined
Quanah Gibson-Mount [Fri, 20 Jan 2017 19:41:47 +0000 (11:41 -0800)]
Fix regression test suite logic
Quanah Gibson-Mount [Fri, 20 Jan 2017 01:03:54 +0000 (17:03 -0800)]
Fix typo
Quanah Gibson-Mount [Thu, 19 Jan 2017 18:57:06 +0000 (10:57 -0800)]
Remove bashism
Quanah Gibson-Mount [Wed, 18 Jan 2017 21:32:23 +0000 (13:32 -0800)]
Fix grammar
Quanah Gibson-Mount [Wed, 18 Jan 2017 20:43:45 +0000 (12:43 -0800)]
use /bin/bash because dash
Emmanuel Lecharny [Wed, 18 Jan 2017 08:24:09 +0000 (09:24 +0100)]
ITS#8571 Added testsuite to cover the proxyauthz configuration for proxycache and back-ldap
Emily Backes [Mon, 16 Jan 2017 20:59:52 +0000 (12:59 -0800)]
ITS#8569 Add a manpage for slapo-autogroup
Quanah Gibson-Mount [Wed, 18 Jan 2017 15:56:59 +0000 (07:56 -0800)]
ITS#8544 - Grammar and escaping fixes
Quanah Gibson-Mount [Wed, 18 Jan 2017 15:50:23 +0000 (07:50 -0800)]
ITS#8565 - Clearly document rootdn requirement for the ppolicy overlay
Quanah Gibson-Mount [Tue, 17 Jan 2017 18:40:45 +0000 (10:40 -0800)]
ITS#8563 - Fix missing mentions of back-mdb
Quanah Gibson-Mount [Tue, 17 Jan 2017 18:35:32 +0000 (10:35 -0800)]
ITS#8562 - Various typo fixes
Quanah Gibson-Mount [Tue, 17 Jan 2017 16:49:26 +0000 (08:49 -0800)]
ITS#8570 - Fix typo
Quanah Gibson-Mount [Sun, 15 Jan 2017 23:11:53 +0000 (15:11 -0800)]
ITS#8568
Howard Chu [Sat, 14 Jan 2017 19:24:33 +0000 (19:24 +0000)]
Merge remote-tracking branch 'origin/mdb.RE/0.9'
Howard Chu [Sat, 14 Jan 2017 19:22:34 +0000 (19:22 +0000)]
Further fix
f8ce8a82717ddefdc912fa47c07f1bdee2a3336b
Fully revert the change to GET_MULTIPLE
Howard Chu [Thu, 12 Jan 2017 13:36:35 +0000 (13:36 +0000)]
0.9.20 still baking
Howard Chu [Thu, 12 Jan 2017 13:35:31 +0000 (13:35 +0000)]
Howard Chu [Wed, 11 Jan 2017 16:23:54 +0000 (16:23 +0000)]
Merge remote-tracking branch 'origin/mdb.RE/0.9'
Howard Chu [Wed, 11 Jan 2017 16:19:33 +0000 (16:19 +0000)]
Release 0.9.20
Howard Chu [Wed, 11 Jan 2017 14:39:08 +0000 (14:39 +0000)]
Happy New Year
Howard Chu [Wed, 11 Jan 2017 14:11:34 +0000 (14:11 +0000)]
ITS#8533 OpenSSL 1.1.0c compat
Howard Chu [Wed, 11 Jan 2017 11:23:26 +0000 (11:23 +0000)]
ITS#8557
Howard Chu [Wed, 11 Jan 2017 10:33:28 +0000 (10:33 +0000)]
Tweak cursor_next C_EOF check
Allow C_EOF flag to be stale
Howard Chu [Wed, 11 Jan 2017 09:51:43 +0000 (09:51 +0000)]
ITS#8557 fix mdb_cursor_last
Optimize mdb_page_search_root(PS_LAST) when cursor is already near
last position, ignoring C_EOF flag for now.
Quanah Gibson-Mount [Tue, 10 Jan 2017 19:30:15 +0000 (11:30 -0800)]
Checkpoint for ITS8444 work. Need to improve failure scenario, as this can take 250+ iterations to trigger
Howard Chu [Fri, 6 Jan 2017 19:50:36 +0000 (19:50 +0000)]
RE 0.9.20
Howard Chu [Fri, 6 Jan 2017 19:48:58 +0000 (19:48 +0000)]
ITS#8558 fix mdb_load with escaped plaintext
Quanah Gibson-Mount [Tue, 3 Jan 2017 20:36:47 +0000 (12:36 -0800)]
Happy New Year!
Quanah Gibson-Mount [Thu, 29 Dec 2016 22:04:08 +0000 (14:04 -0800)]
Delete extraneous line
Howard Chu [Wed, 28 Dec 2016 18:37:40 +0000 (18:37 +0000)]
Merge remote-tracking branch 'origin/mdb.RE/0.9'
Howard Chu [Wed, 28 Dec 2016 18:35:05 +0000 (18:35 +0000)]
Release 0.9.19
Howard Chu [Wed, 28 Dec 2016 18:33:10 +0000 (18:33 +0000)]
ITS#8554
Howard Chu [Wed, 28 Dec 2016 18:32:14 +0000 (18:32 +0000)]
ITS#8554 kFreeBSD is like BSD
Doesn't have POSIX robust mutexes - GNU userland on BSD kernel
Hallvard Furuseth [Wed, 21 Dec 2016 20:40:14 +0000 (21:40 +0100)]
More MDB_node doc
Hallvard Furuseth [Wed, 21 Dec 2016 15:33:47 +0000 (16:33 +0100)]
Doxygen fixes. Use DISTRIBUTE_GROUP_DOC.
- DISTRIBUTE_GROUP_DOC makes doxygen give several fields the
same doc: mn_hi + mn_lo in MDB_node.
- With mdb_mutex_t + mdb_mutexref_t, instead split them up.
Howard Chu [Wed, 21 Dec 2016 14:39:47 +0000 (14:39 +0000)]
Fix its6794 test
Must NULL out indexing cursors when closing tool txn
Howard Chu [Wed, 21 Dec 2016 13:02:00 +0000 (13:02 +0000)]
More 0.9.19 updates
Hallvard Furuseth [Thu, 20 Oct 2016 07:51:22 +0000 (09:51 +0200)]
ITS#8504 Fix prev commit: mc_error, #ifdef SIGPIPE
Never clear mc_error, we could lose a failure in the other thread.
Lorenz Bauer [Thu, 20 Oct 2016 07:51:22 +0000 (09:51 +0200)]
ITS#8504 mdb_env_copyfd2(): Don't abort on SIGPIPE
Return EPIPE instead.
Hallvard Furuseth [Tue, 13 Dec 2016 23:23:01 +0000 (00:23 +0100)]
ITS#8542 mdb_dbi_open(): Protect mainDB cursors
Hallvard Furuseth [Wed, 7 Dec 2016 18:04:19 +0000 (19:04 +0100)]
doxygen cleanup
Hallvard Furuseth [Wed, 7 Dec 2016 17:55:21 +0000 (18:55 +0100)]
Note functions which must set MDB_TXN_ERROR on failure
Other functions depend on them to do so.
For mdb_node_read(), instead remove such a dependence.
Hallvard Furuseth [Tue, 27 Sep 2016 05:03:45 +0000 (07:03 +0200)]
Only set me_mfd if needed. Drop unused read access.
Hallvard Furuseth [Tue, 27 Sep 2016 05:03:42 +0000 (07:03 +0200)]
ITS#8505 Clarify fork() caveat, mdb_env_get_fd(), flock->fcntl.
Hallvard Furuseth [Tue, 27 Sep 2016 05:03:40 +0000 (07:03 +0200)]
ITS#8505 Protect parent from fork()-pthread_exit()
Hallvard Furuseth [Tue, 27 Sep 2016 05:03:38 +0000 (07:03 +0200)]
ITS#8505 Set FD_CLOEXEC for me_mfd,env_copy as well
Hallvard Furuseth [Tue, 27 Sep 2016 05:03:34 +0000 (07:03 +0200)]
Move opening files to mdb_fopen()
No change in functionality.
Hallvard Furuseth [Sat, 17 Sep 2016 19:31:04 +0000 (21:31 +0200)]
Factor filename handling out to mdb_fname_*()
No change in functionality, except needs less mallocing.
Hallvard Furuseth [Tue, 6 Sep 2016 16:12:01 +0000 (18:12 +0200)]
ITS#7992 Tighter utf8_to_utf16(), fix errcodes
The 0xFFFD check seems due to misleading MultiByteToWideChar() doc.
Bad UTF-8 gives 0xFFFD in the output string, not the return value.
Hallvard Furuseth [Tue, 6 Sep 2016 15:56:13 +0000 (17:56 +0200)]
Clean up strange fcntl result check
...and check !MDB_CLOEXEC in an 'if' rather than '#if'
to match its non-zero usage.
Hallvard Furuseth [Tue, 6 Sep 2016 15:48:31 +0000 (17:48 +0200)]
Drop spurious Errcode() call