Branch '389-ds-base-1.3.2' - ldap/admin
by Mark Reynolds
ldap/admin/src/logconv.pl | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
New commits:
commit 147238158be0a0a2303d90235ab62b6c6e1f2e4b
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue May 27 10:57:32 2014 -0400
Ticket 47713 - Logconv.pl with an empty access log gives lots of errors
Description: Was missing a check to see if a log file was empty,
also fixed some "experimental" warnings in perl 5.18
caused by the use of "my $_".
https://fedorahosted.org/389/ticket/47713
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit c476d41935397f250f6d942dc653851b82019953)
diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
index 99e0efd..ea33544 100755
--- a/ldap/admin/src/logconv.pl
+++ b/ldap/admin/src/logconv.pl
@@ -196,8 +196,8 @@ if ($sizeCount eq "all"){$sizeCount = "100000";}
# #
#######################################
-print "\nAccess Log Analyzer $logversion\n";
-print "\nCommand: logconv.pl @ARGV\n\n";
+print "Access Log Analyzer $logversion\n";
+print "Command: logconv.pl @ARGV\n";
my $rootDNBindCount = 0;
my $anonymousBindCount = 0;
@@ -414,19 +414,27 @@ for (my $count=0; $count < $file_count; $count++){
if($file_count > 1 && $count == 0 && $skipFirstFile == 1){
next;
}
- $linesProcessed = 0; $lineBlockCount = 0;
+ if($file_count > 1 && $count == 0 && $skipFirstFile == 1){
+ next;
+ }
+ if (-z $files[$count]){
+ # access log is empty
+ print "Skipping empty access log ($files[$count])...\n";
+ next;
+ }
+ $linesProcessed = 0; $lineBlockCount = 0;
+ my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$atime,$mtime,$ctime,$blksize,$blocks);
+ ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$cursize,
+ $atime,$mtime,$ctime,$blksize,$blocks) = stat($files[$count]);
+ print sprintf "[%03d] %-30s\tsize (bytes): %12s\n",$logCount, $files[$count], $cursize;
$logCount--;
- my $logCountStr;
+ my $logCountStr;
if($logCount < 10 ){
# add a zero for formatting purposes
$logCountStr = "0" . $logCount;
} else {
$logCountStr = $logCount;
}
- my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$atime,$mtime,$ctime,$blksize,$blocks);
- ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$cursize,
- $atime,$mtime,$ctime,$blksize,$blocks) = stat($files[$count]);
- print sprintf "[%s] %-30s\tsize (bytes): %12s\n",$logCountStr, $files[$count], $cursize;
open(LOG,"$files[$count]") or do { openFailed($!, $files[$count]) };
my $firstline = "yes";
@@ -452,7 +460,12 @@ for (my $count=0; $count < $file_count; $count++){
print_stats_block( $s_stats );
print_stats_block( $m_stats );
$totalLineCount = $totalLineCount + $linesProcessed;
- statusreport();
+ statusreport();
+}
+
+if ($totalLineCount eq "0"){
+ print "There was no logging to process, exiting...\n";
+ exit 1;
}
print "\n\nTotal Log Lines Analysed: " . ($totalLineCount - 1) . "\n";
@@ -1366,7 +1379,7 @@ sub displayUsage {
print "Usage:\n\n";
- print " ./logconv.pl [-h] [-d|--rootdn <rootDN>] [-s|--sizeLimit <size limit>] [-v|verison] [-Vi|verbose]\n";
+ print " ./logconv.pl [-h] [-d|--rootdn <rootDN>] [-s|--sizeLimit <size limit>] [-v|verison] [-V|verbose]\n";
print " [-S|--startTime <start time>] [-E|--endTime <end time>] \n";
print " [-efcibaltnxrgjuyp] [ access log ... ... ]\n\n";
@@ -2440,7 +2453,7 @@ removeDataFiles
$needCleanup = 0;
}
-END { print "Cleaning up temp files . . .\n"; removeDataFiles(); print "Done\n"; }
+END { print "Cleaning up temp files...\n"; removeDataFiles(); print "Done.\n"; }
sub
getIPfromConn
8 years, 10 months
ldap/admin
by Mark Reynolds
ldap/admin/src/logconv.pl | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
New commits:
commit c476d41935397f250f6d942dc653851b82019953
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue May 27 10:57:32 2014 -0400
Ticket 47713 - Logconv.pl with an empty access log gives lots of errors
Description: Was missing a check to see if a log file was empty,
also fixed some "experimental" warnings in perl 5.18
caused by the use of "my $_".
https://fedorahosted.org/389/ticket/47713
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
index c835e1a..23776be 100755
--- a/ldap/admin/src/logconv.pl
+++ b/ldap/admin/src/logconv.pl
@@ -200,8 +200,8 @@ if ($sizeCount eq "all"){$sizeCount = "100000";}
# #
#######################################
-print "\nAccess Log Analyzer $logversion\n";
-print "\nCommand: logconv.pl @ARGV\n\n";
+print "Access Log Analyzer $logversion\n";
+print "Command: logconv.pl @ARGV\n";
my $rootDNBindCount = 0;
my $anonymousBindCount = 0;
@@ -415,12 +415,12 @@ my $logline;
my $totalLineCount = 0;
sub isTarArchive {
- my $_ = shift;
+ local $_ = shift;
return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/;
}
sub isCompressed {
- my $_ = shift;
+ local $_ = shift;
return /\.gz$/ || /\.bz2$/ || /\.xz$/;
}
@@ -431,6 +431,11 @@ for (my $count=0; $count < $file_count; $count++){
if($file_count > 1 && $count == 0 && $skipFirstFile == 1){
next;
}
+ if (-z $logname){
+ # access log is empty
+ print "Skipping empty access log ($logname)...\n";
+ next;
+ }
$linesProcessed = 0; $lineBlockCount = 0;
my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$atime,$mtime,$ctime,$blksize,$blocks);
($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$cursize,
@@ -510,6 +515,11 @@ for (my $count=0; $count < $file_count; $count++){
}
}
+if ($totalLineCount eq "0"){
+ print "There was no logging to process, exiting...\n";
+ exit 1;
+}
+
print "\n\nTotal Log Lines Analysed: " . ($totalLineCount - 1) . "\n";
$allOps = $srchCount + $modCount + $addCount + $cmpCount + $delCount + $modrdnCount + $bindCount + $extopCount + $abandonCount + $vlvCount;
@@ -2582,7 +2592,7 @@ removeDataFiles
$needCleanup = 0;
}
-END { print "Cleaning up temp files . . .\n"; removeDataFiles(); print "Done\n"; }
+END { print "Cleaning up temp files...\n"; removeDataFiles(); print "Done.\n"; }
sub
getIPfromConn
8 years, 10 months
ldap/servers
by Ludwig Krispenz
ldap/servers/plugins/sync/sync_persist.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
New commits:
commit fc8def62bb569197a27d083ee113b90606fb1fb8
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Tue May 27 15:27:17 2014 +0200
Ticket 47805 - syncrepl doesn't send notification when attribute in search filter changes
Bug Description: if an entry is modified so that it no longer matches
the search filter specified in teh sync repl
request a delete info should be sent
Fix Description: check pre and post entry for mods to determine if an entry
moves in or out of scope. Same logic as modrdn
https://fedorahosted.org/389/ticket/47805
Reviewed by: Mark, thanks
diff --git a/ldap/servers/plugins/sync/sync_persist.c b/ldap/servers/plugins/sync/sync_persist.c
index 4216a87..4fb4574 100644
--- a/ldap/servers/plugins/sync/sync_persist.c
+++ b/ldap/servers/plugins/sync/sync_persist.c
@@ -97,14 +97,15 @@ int sync_del_persist_post_op(Slapi_PBlock *pb)
int sync_mod_persist_post_op(Slapi_PBlock *pb)
{
- Slapi_Entry *e;
+ Slapi_Entry *e, *e_prev;
if ( !SYNC_IS_INITIALIZED()) {
return(0);
}
slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &e);
- sync_queue_change(e, NULL, LDAP_REQ_MODIFY);
+ slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &e_prev);
+ sync_queue_change(e, e_prev, LDAP_REQ_MODIFY);
return( 0 );
}
@@ -180,7 +181,7 @@ sync_queue_change( Slapi_Entry *e, Slapi_Entry *eprev, ber_int_t chgtype )
/* if the change is a modrdn then we need to check if the entry was
* moved into scope, out of scope, or stays in scope
*/
- if (chgtype == LDAP_REQ_MODRDN)
+ if (chgtype == LDAP_REQ_MODRDN || chgtype == LDAP_REQ_MODIFY)
prev_match = slapi_sdn_scope_test( slapi_entry_get_sdn_const(eprev), base, scope ) &&
( 0 == slapi_vattr_filter_test( req->req_pblock, eprev, req->req_filter, 0 /* verify_access */ ));
@@ -194,9 +195,8 @@ sync_queue_change( Slapi_Entry *e, Slapi_Entry *eprev, ber_int_t chgtype )
matched++;
node = (SyncQueueNode *)slapi_ch_calloc( 1, sizeof( SyncQueueNode ));
- node->sync_entry = slapi_entry_dup( e );
- if ( chgtype == LDAP_REQ_MODRDN) {
+ if ( chgtype == LDAP_REQ_MODRDN || chgtype == LDAP_REQ_MODIFY) {
if (prev_match && cur_match)
node->sync_chgtype = LDAP_REQ_MODIFY;
else if (prev_match)
@@ -206,6 +206,12 @@ sync_queue_change( Slapi_Entry *e, Slapi_Entry *eprev, ber_int_t chgtype )
} else {
node->sync_chgtype = chgtype;
}
+ if (node->sync_chgtype == LDAP_REQ_DELETE && chgtype == LDAP_REQ_MODIFY ) {
+ /* use previous entry to pass the filter test in sync_send_results */
+ node->sync_entry = slapi_entry_dup( eprev );
+ } else {
+ node->sync_entry = slapi_entry_dup( e );
+ }
/* Put it on the end of the list for this sync search */
PR_Lock( req->req_lock );
pOldtail = req->ps_eq_tail;
8 years, 10 months
Branch '389-ds-base-1.3.2' - 2 commits - ldap/servers VERSION.sh
by Ludwig Krispenz
VERSION.sh | 2 +-
ldap/servers/slapd/attr.c | 4 ++--
ldap/servers/slapd/entrywsi.c | 8 ++++----
3 files changed, 7 insertions(+), 7 deletions(-)
New commits:
commit 27f2fab636b852d8245edd1804d5a5aa0281fa75
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Tue May 27 14:14:15 2014 +0200
Ticket 47806 - Failed deletion of aci: no such attribute
Bug Description: an aci can be retrieved by doing an ldapsearch,
but the attemt to delete this specific aci
fails with err=16
Fix Description: the root cause for this problem is that there are many acis in
this entry and the valuearray has an array of sorting
indexes to use the performance improvement from ticket #346
But in replication update resolution values are moved using
functions which are not aware of the attribute syntax
and so the sorting gets out of order and the value to be
deleted isn't found.
NOTE 1: after restart the value could be deleted
NOTE 2: with the latest fix for ticket 346 (comment 81) the bug
isn't visible since the comparison functions used in both
scenarios are similar. but the correct functions should be
called.
https://fedorahosted.org/389/ticket/47806
Reviewed by: Mark, Thanks
diff --git a/ldap/servers/slapd/attr.c b/ldap/servers/slapd/attr.c
index 39c6e99..a4cf6cb 100644
--- a/ldap/servers/slapd/attr.c
+++ b/ldap/servers/slapd/attr.c
@@ -840,7 +840,7 @@ attr_value_find_wsi(Slapi_Attr *a, const struct berval *bval, Slapi_Value **valu
int
slapi_attr_add_value(Slapi_Attr *a, const Slapi_Value *v)
{
- slapi_valueset_add_value( &a->a_present_values, v);
+ slapi_valueset_add_attr_value_ext( a, &a->a_present_values, (Slapi_Value *)v, 0);
return 0;
}
@@ -869,7 +869,7 @@ slapi_attr_set_valueset(Slapi_Attr *a, const Slapi_ValueSet *vs)
int
attr_add_deleted_value(Slapi_Attr *a, const Slapi_Value *v)
{
- slapi_valueset_add_value( &a->a_deleted_values, v);
+ slapi_valueset_add_attr_value_ext( a, &a->a_deleted_values, (Slapi_Value *)v, 0);
return 0;
}
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
index 7a25489..5059457 100644
--- a/ldap/servers/slapd/entrywsi.c
+++ b/ldap/servers/slapd/entrywsi.c
@@ -52,7 +52,7 @@ entry_present_value_to_deleted_value(Slapi_Attr *a, Slapi_Value *v)
Slapi_Value *r= valueset_remove_value(a, &a->a_present_values, v);
if(r!=NULL)
{
- slapi_valueset_add_value_ext(&a->a_deleted_values, r, SLAPI_VALUE_FLAG_PASSIN);
+ slapi_valueset_add_attr_value_ext(a, &a->a_deleted_values, r, SLAPI_VALUE_FLAG_PASSIN);
}
return LDAP_SUCCESS;
}
@@ -77,7 +77,7 @@ entry_deleted_value_to_present_value(Slapi_Attr *a, Slapi_Value *v)
Slapi_Value *r= valueset_remove_value(a, &a->a_deleted_values, v);
if(r!=NULL)
{
- slapi_valueset_add_value_ext(&a->a_present_values, r, SLAPI_VALUE_FLAG_PASSIN);
+ slapi_valueset_add_attr_value_ext(a, &a->a_present_values, r, SLAPI_VALUE_FLAG_PASSIN);
}
return LDAP_SUCCESS;
}
@@ -1273,9 +1273,9 @@ resolve_attribute_state_to_present_or_deleted(Slapi_Entry *e, Slapi_Attr *a, Sla
if((csn_compare(vucsn,deletedcsn)>=0) ||
value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
{
- slapi_valueset_add_value_ext(&a->a_present_values, valuestoupdate[i], SLAPI_VALUE_FLAG_PASSIN);
+ slapi_valueset_add_attr_value_ext(a, &a->a_present_values, valuestoupdate[i], SLAPI_VALUE_FLAG_PASSIN);
} else {
- slapi_valueset_add_value_ext(&a->a_deleted_values, valuestoupdate[i], SLAPI_VALUE_FLAG_PASSIN);
+ slapi_valueset_add_attr_value_ext(a, &a->a_deleted_values, valuestoupdate[i], SLAPI_VALUE_FLAG_PASSIN);
}
}
}
commit c52014ccc9b339d296a906463ccb75e5852726ca
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Mon May 26 10:18:26 2014 +0200
bump version
diff --git a/VERSION.sh b/VERSION.sh
index 609e298..fef5a76 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=3
-VERSION_MAINT=2.15
+VERSION_MAINT=2.16
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
8 years, 10 months
ldap/servers
by Ludwig Krispenz
ldap/servers/slapd/attr.c | 4 ++--
ldap/servers/slapd/entrywsi.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
New commits:
commit d5c64615f4658d9025b97a50f7add888a6c2e3bd
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Tue May 27 14:14:15 2014 +0200
Ticket 47806 - Failed deletion of aci: no such attribute
Bug Description: an aci can be retrieved by doing an ldapsearch,
but the attemt to delete this specific aci
fails with err=16
Fix Description: the root cause for this problem is that there are many acis in
this entry and the valuearray has an array of sorting
indexes to use the performance improvement from ticket #346
But in replication update resolution values are moved using
functions which are not aware of the attribute syntax
and so the sorting gets out of order and the value to be
deleted isn't found.
NOTE 1: after restart the value could be deleted
NOTE 2: with the latest fix for ticket 346 (comment 81) the bug
isn't visible since the comparison functions used in both
scenarios are similar. but the correct functions should be
called.
https://fedorahosted.org/389/ticket/47806
Reviewed by: Mark, Thanks
diff --git a/ldap/servers/slapd/attr.c b/ldap/servers/slapd/attr.c
index 39c6e99..a4cf6cb 100644
--- a/ldap/servers/slapd/attr.c
+++ b/ldap/servers/slapd/attr.c
@@ -840,7 +840,7 @@ attr_value_find_wsi(Slapi_Attr *a, const struct berval *bval, Slapi_Value **valu
int
slapi_attr_add_value(Slapi_Attr *a, const Slapi_Value *v)
{
- slapi_valueset_add_value( &a->a_present_values, v);
+ slapi_valueset_add_attr_value_ext( a, &a->a_present_values, (Slapi_Value *)v, 0);
return 0;
}
@@ -869,7 +869,7 @@ slapi_attr_set_valueset(Slapi_Attr *a, const Slapi_ValueSet *vs)
int
attr_add_deleted_value(Slapi_Attr *a, const Slapi_Value *v)
{
- slapi_valueset_add_value( &a->a_deleted_values, v);
+ slapi_valueset_add_attr_value_ext( a, &a->a_deleted_values, (Slapi_Value *)v, 0);
return 0;
}
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
index 7a25489..5059457 100644
--- a/ldap/servers/slapd/entrywsi.c
+++ b/ldap/servers/slapd/entrywsi.c
@@ -52,7 +52,7 @@ entry_present_value_to_deleted_value(Slapi_Attr *a, Slapi_Value *v)
Slapi_Value *r= valueset_remove_value(a, &a->a_present_values, v);
if(r!=NULL)
{
- slapi_valueset_add_value_ext(&a->a_deleted_values, r, SLAPI_VALUE_FLAG_PASSIN);
+ slapi_valueset_add_attr_value_ext(a, &a->a_deleted_values, r, SLAPI_VALUE_FLAG_PASSIN);
}
return LDAP_SUCCESS;
}
@@ -77,7 +77,7 @@ entry_deleted_value_to_present_value(Slapi_Attr *a, Slapi_Value *v)
Slapi_Value *r= valueset_remove_value(a, &a->a_deleted_values, v);
if(r!=NULL)
{
- slapi_valueset_add_value_ext(&a->a_present_values, r, SLAPI_VALUE_FLAG_PASSIN);
+ slapi_valueset_add_attr_value_ext(a, &a->a_present_values, r, SLAPI_VALUE_FLAG_PASSIN);
}
return LDAP_SUCCESS;
}
@@ -1273,9 +1273,9 @@ resolve_attribute_state_to_present_or_deleted(Slapi_Entry *e, Slapi_Attr *a, Sla
if((csn_compare(vucsn,deletedcsn)>=0) ||
value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
{
- slapi_valueset_add_value_ext(&a->a_present_values, valuestoupdate[i], SLAPI_VALUE_FLAG_PASSIN);
+ slapi_valueset_add_attr_value_ext(a, &a->a_present_values, valuestoupdate[i], SLAPI_VALUE_FLAG_PASSIN);
} else {
- slapi_valueset_add_value_ext(&a->a_deleted_values, valuestoupdate[i], SLAPI_VALUE_FLAG_PASSIN);
+ slapi_valueset_add_attr_value_ext(a, &a->a_deleted_values, valuestoupdate[i], SLAPI_VALUE_FLAG_PASSIN);
}
}
}
8 years, 10 months
ldap/servers
by Mark Reynolds
ldap/servers/slapd/daemon.c | 8 +++++---
ldap/servers/slapd/libglobs.c | 17 +++--------------
ldap/servers/slapd/slap.h | 1 +
3 files changed, 9 insertions(+), 17 deletions(-)
New commits:
commit 933cbd5c1cb956c5a668a7dc8c4f611b3c08d2d7
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Thu May 22 15:27:02 2014 -0400
Ticket 47636 - errorlog-level 16384 is listed as 0 in cn=config
Bug Description: Even if the nsslapd-errorlog-level is set to the
default value(16384), a search on cn=config returns
the value "0". This is inconsistent and confusing
with the server documentation.
Fix Description: Do not convert the default errorlog level to zero when
updating the internal configuration. We still allow
zero to be set from a ldap client to return the logging
to the default state, but that zero will still be stored
as 16384.
https://fedorahosted.org/389/ticket/47636
Reviewed by: rmeggins & nhosoi(Thanks!!)
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index b0cdcc1..9d24b37 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -798,10 +798,12 @@ disk_monitoring_thread(void *nothing)
*/
if(verbose_logging != 0 && verbose_logging != LDAP_DEBUG_ANY){
LDAPDebug(LDAP_DEBUG_ANY, "Disk space is low on disk (%s), remaining space: %" NSPRIu64 " Kb, "
- "temporarily setting error loglevel to zero.\n", dirstr,
- (disk_space / 1024), 0);
+ "temporarily setting error loglevel to the default level(%d).\n", dirstr,
+ (disk_space / 1024), SLAPD_DEFAULT_ERRORLOG_LEVEL);
/* Setting the log level back to zero, actually sets the value to LDAP_DEBUG_ANY */
- config_set_errorlog_level(CONFIG_LOGLEVEL_ATTRIBUTE, "0", errorbuf, CONFIG_APPLY);
+ config_set_errorlog_level(CONFIG_LOGLEVEL_ATTRIBUTE,
+ STRINGIFYDEFINE(SLAPD_DEFAULT_ERRORLOG_LEVEL),
+ errorbuf, CONFIG_APPLY);
continue;
}
/*
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 040649b..fbe10ff 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -118,7 +118,6 @@ typedef enum {
CONFIG_CONSTANT_STRING, /* for #define values, e.g. */
CONFIG_SPECIAL_REFERRALLIST, /* this is a berval list */
CONFIG_SPECIAL_SSLCLIENTAUTH, /* maps strings to an enumeration */
- CONFIG_SPECIAL_ERRORLOGLEVEL, /* requires & with LDAP_DEBUG_ANY */
CONFIG_STRING_OR_EMPTY, /* use an empty string */
CONFIG_SPECIAL_ANON_ACCESS_SWITCH, /* maps strings to an enumeration */
CONFIG_SPECIAL_VALIDATE_CERT_SWITCH, /* maps strings to an enumeration */
@@ -289,7 +288,7 @@ slapi_onoff_t init_mempool_switch;
static int
isInt(ConfigVarType type)
{
- return type == CONFIG_INT || type == CONFIG_ON_OFF || type == CONFIG_SPECIAL_SSLCLIENTAUTH || type == CONFIG_SPECIAL_ERRORLOGLEVEL;
+ return type == CONFIG_INT || type == CONFIG_ON_OFF || type == CONFIG_SPECIAL_SSLCLIENTAUTH;
}
/* the caller will typically have to cast the result based on the ConfigVarType */
@@ -339,7 +338,7 @@ static struct config_get_and_set {
{CONFIG_LOGLEVEL_ATTRIBUTE, config_set_errorlog_level,
NULL, 0,
(void**)&global_slapdFrontendConfig.errorloglevel,
- CONFIG_SPECIAL_ERRORLOGLEVEL, NULL, NULL},
+ CONFIG_INT, NULL, STRINGIFYDEFINE(SLAPD_DEFAULT_ERRORLOG_LEVEL)},
{CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE, NULL,
log_set_logging, SLAPD_ERROR_LOG,
(void**)&global_slapdFrontendConfig.errorlog_logging_enabled,
@@ -1520,7 +1519,7 @@ FrontendConfig_init () {
cfg->errorlog_minfreespace = 5;
cfg->errorlog_exptime = 1;
cfg->errorlog_exptimeunit = slapi_ch_strdup(INIT_ERRORLOG_EXPTIMEUNIT);
- cfg->errorloglevel = 0;
+ cfg->errorloglevel = SLAPD_DEFAULT_ERRORLOG_LEVEL;
init_auditlog_logging_enabled = cfg->auditlog_logging_enabled = LDAP_OFF;
cfg->auditlog_mode = slapi_ch_strdup(INIT_AUDITLOG_MODE);
@@ -7475,16 +7474,6 @@ config_set_value(
*((char **)value) : "unknown");
break;
- case CONFIG_SPECIAL_ERRORLOGLEVEL:
- if (value) {
- int ival = *(int *)value;
- ival &= ~LDAP_DEBUG_ANY;
- slapi_entry_attr_set_int(e, cgas->attr_name, ival);
- }
- else
- slapi_entry_attr_set_charptr(e, cgas->attr_name, "");
- break;
-
case CONFIG_SPECIAL_ANON_ACCESS_SWITCH:
if (!value) {
slapi_entry_attr_set_charptr(e, cgas->attr_name, "off");
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 5401a66..bbc1dc5 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -272,6 +272,7 @@ typedef void (*VFPV)(); /* takes undefined arguments */
#define SLAPD_DEFAULT_DIR_MODE S_IRWXU
#endif
+#define SLAPD_DEFAULT_ERRORLOG_LEVEL 16384
#define SLAPD_DEFAULT_IDLE_TIMEOUT 0 /* seconds - 0 == never */
#define SLAPD_DEFAULT_SIZELIMIT 2000 /* use -1 for no limit */
#define SLAPD_DEFAULT_TIMELIMIT 3600 /* use -1 for no limit */
8 years, 10 months
Branch '389-ds-base-1.3.2' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/dn.c | 45 ++++++++++++++++++++++++++++++++++++++++
ldap/servers/slapd/libglobs.c | 34 ++++++++++++++++++++++++++++++
ldap/servers/slapd/proto-slap.h | 2 +
ldap/servers/slapd/slap.h | 3 ++
4 files changed, 84 insertions(+)
New commits:
commit 4ad3bd1c62b68b41bbec83d46299d648b2d5a873
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu May 22 15:38:53 2014 -0700
Ticket #47720 - Normalization from old DN format to New DN format doesnt handel condition properly when there is space in a suffix after the seperator operator.
Description: DN normalizer (slapi_dn_normalize_ext) follows RFC 4514
and keeps a white space if the RDN attribute type is not based on the
DN syntax. But Directory server's configuration entry sometimes uses
"cn" to store a DN value (e.g., dn: cn="dc=A,dc=com",cn=mapping tree,
cn=config), which expects the value of cn treated as DN although cn
is not a DN syntax type. To solve the problem, this patch introduces
a configuration parameter "nsslapd-cn-uses-dn-syntax-in-dns" to "cn=
config" which takes "on" or "off". If "on" is set, if the value of
cn under "cn=config" is quoted, it's processed as DN. By default,
nsslapd-cn-uses-dn-syntax-in-dns: off
https://fedorahosted.org/389/ticket/47720
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!)
(cherry picked from commit b22970e26da3f812c7ff6c177583603005eb3702)
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 76b33da..cea593b 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -61,6 +61,7 @@ static void reset_rdn_avs( struct berval **rdn_avsp, int *rdn_av_countp );
static void sort_rdn_avs( struct berval *avs, int count, int escape );
static int rdn_av_cmp( struct berval *av1, struct berval *av2 );
static void rdn_av_swap( struct berval *av1, struct berval *av2, int escape );
+static int does_cn_uses_dn_syntax_in_dns(char *type, char *dn);
/* normalized dn cache related definitions*/
struct
@@ -621,6 +622,10 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
/* Reset the character we modified. */
*d = savechar;
+ if (!is_dn_syntax) {
+ is_dn_syntax = does_cn_uses_dn_syntax_in_dns(typestart, src);
+ }
+
state = B4VALUE;
*d++ = *s++;
} else if (ISCLOSEBRACKET(*s)) { /* special care for ACL macro */
@@ -639,6 +644,10 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
/* Reset the character we modified. */
*d = savechar;
+ if (!is_dn_syntax) {
+ is_dn_syntax = does_cn_uses_dn_syntax_in_dns(typestart, src);
+ }
+
state = INVALUE; /* skip a trailing space */
*d++ = *s++;
} else if (ISSPACE(*s)) {
@@ -657,6 +666,10 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
/* Reset the character we modified. */
*d = savechar;
+ if (!is_dn_syntax) {
+ is_dn_syntax = does_cn_uses_dn_syntax_in_dns(typestart, src);
+ }
+
state = B4EQUAL; /* skip a trailing space */
} else if (ISQUOTE(*s) || SEPARATOR(*s)) {
/* type includes quote / separator; not a valid dn */
@@ -1030,6 +1043,18 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
s++;
}
}
+ } else if (ISSPACE(*s)) {
+ while (ISSPACE(*s)) {
+ s++;
+ }
+ /*
+ * dn_syntax_attr=ABC, XYZ --> dn_syntax_attr=ABC,XYZ
+ * non_dn_syntax_attr=ABC, XYZ --> dn_syntax_attr=ABC, XYZ
+ */
+ if (!is_dn_syntax) {
+ --s;
+ *d++ = *s++;
+ }
} else {
*d++ = *s++;
}
@@ -3172,3 +3197,23 @@ slapi_sdn_common_ancestor(Slapi_DN *dn1, Slapi_DN *dn2)
charray_free(dns2);
return slapi_sdn_new_ndn_passin(common);
}
+
+/*
+ * Return 1 - if nsslapd-cn-uses-dn-syntax-in-dns is true &&
+ * the type is "cn" && dn is under "cn=config"
+ * Return 0 - otherwise
+ */
+static int
+does_cn_uses_dn_syntax_in_dns(char *type, char *dn)
+{
+ int rc = 0; /* by default off */
+ char *ptr = NULL;
+ if (type && dn && config_get_cn_uses_dn_syntax_in_dns() &&
+ (PL_strcasecmp(type, "cn") == 0) && (ptr = PL_strrchr(dn, ','))) {
+ if (PL_strcasecmp(++ptr, "cn=config") == 0) {
+ rc = 1;
+ }
+ }
+ return rc;
+}
+
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 5d476ef..2a8e05d 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -268,6 +268,7 @@ slapi_onoff_t init_plugin_logging;
slapi_int_t init_connection_buffer;
slapi_int_t init_listen_backlog_size;
slapi_onoff_t init_ignore_time_skew;
+slapi_onoff_t init_cn_uses_dn_syntax_in_dns;
#if defined (LINUX)
slapi_int_t init_malloc_mxfast;
slapi_int_t init_malloc_trim_threshold;
@@ -1080,6 +1081,10 @@ static struct config_get_and_set {
NULL, 0,
(void**)&global_slapdFrontendConfig.listen_backlog_size, CONFIG_INT,
(ConfigGetFunc)config_get_listen_backlog_size, &init_listen_backlog_size},
+ {CONFIG_CN_USES_DN_SYNTAX_IN_DNS, config_set_cn_uses_dn_syntax_in_dns,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.cn_uses_dn_syntax_in_dns, CONFIG_ON_OFF,
+ (ConfigGetFunc)config_get_cn_uses_dn_syntax_in_dns, &init_cn_uses_dn_syntax_in_dns},
#if defined(LINUX)
{CONFIG_MALLOC_MXFAST, config_set_malloc_mxfast,
NULL, 0,
@@ -1544,6 +1549,7 @@ FrontendConfig_init () {
init_plugin_logging = cfg->plugin_logging = LDAP_OFF;
init_listen_backlog_size = cfg->listen_backlog_size = DAEMON_LISTEN_SIZE;
init_ignore_time_skew = cfg->ignore_time_skew = LDAP_OFF;
+ init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = LDAP_OFF;
#if defined(LINUX)
init_malloc_mxfast = cfg->malloc_mxfast = DEFAULT_MALLOC_UNSET;
init_malloc_trim_threshold = cfg->malloc_trim_threshold = DEFAULT_MALLOC_UNSET;
@@ -3249,6 +3255,34 @@ config_set_plugin_tracking( const char *attrname, char *value, char *errorbuf, i
}
int
+config_set_cn_uses_dn_syntax_in_dns(const char *attrname, char *value, char *errorbuf, int apply)
+{
+ int retVal = LDAP_SUCCESS;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ retVal = config_set_onoff ( attrname,
+ value,
+ &(slapdFrontendConfig->cn_uses_dn_syntax_in_dns),
+ errorbuf,
+ apply);
+
+ return retVal;
+}
+
+int
+config_get_cn_uses_dn_syntax_in_dns()
+{
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ int retVal;
+
+ CFG_ONOFF_LOCK_READ(slapdFrontendConfig);
+ retVal = (int)slapdFrontendConfig->cn_uses_dn_syntax_in_dns;
+ CFG_ONOFF_UNLOCK_READ(slapdFrontendConfig);
+
+ return retVal;
+}
+
+int
config_set_security( const char *attrname, char *value, char *errorbuf, int apply ) {
int retVal = LDAP_SUCCESS;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 14ed6f7..a0b9b12 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -582,6 +582,8 @@ int config_get_plugin_logging();
int config_set_connection_nocanon(const char *attrname, char *value, char *errorbuf, int apply);
int config_set_plugin_logging(const char *attrname, char *value, char *errorbuf, int apply);
int config_get_listen_backlog_size(void);
+int config_set_cn_uses_dn_syntax_in_dns(const char *attrname, char *value, char *errorbuf, int apply);
+int config_get_cn_uses_dn_syntax_in_dns();
PLHashNumber hashNocaseString(const void *key);
PRIntn hashNocaseCompare(const void *v1, const void *v2);
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 7ef532b..5a53113 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2140,6 +2140,8 @@ typedef struct _slapdEntryPoints {
#define CONFIG_PLUGIN_LOGGING "nsslapd-plugin-logging"
#define CONFIG_LISTEN_BACKLOG_SIZE "nsslapd-listen-backlog-size"
+#define CONFIG_CN_USES_DN_SYNTAX_IN_DNS "nsslapd-cn-uses-dn-syntax-in-dns"
+
/* getenv alternative */
#define CONFIG_MALLOC_MXFAST "nsslapd-malloc-mxfast"
#define CONFIG_MALLOC_TRIM_THRESHOLD "nsslapd-malloc-trim-threshold"
@@ -2401,6 +2403,7 @@ typedef struct _slapdFrontendConfig {
slapi_onoff_t connection_nocanon; /* if "on" sets LDAP_OPT_X_SASL_NOCANON */
slapi_onoff_t plugin_logging; /* log all internal plugin operations */
slapi_onoff_t ignore_time_skew;
+ slapi_onoff_t cn_uses_dn_syntax_in_dns; /* indicates the cn value in dns has dn syntax */
#if defined(LINUX)
int malloc_mxfast; /* mallopt M_MXFAST */
int malloc_trim_threshold; /* mallopt M_TRIM_THRESHOLD */
8 years, 10 months
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/dn.c | 45 ++++++++++++++++++++++++++++++++++++++++
ldap/servers/slapd/libglobs.c | 35 +++++++++++++++++++++++++++++++
ldap/servers/slapd/proto-slap.h | 2 +
ldap/servers/slapd/slap.h | 3 ++
4 files changed, 85 insertions(+)
New commits:
commit b22970e26da3f812c7ff6c177583603005eb3702
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu May 22 13:48:43 2014 -0700
Ticket #47720 - Normalization from old DN format to New DN format doesnt handel condition properly when there is space in a suffix after the seperator operator.
Description: DN normalizer (slapi_dn_normalize_ext) follows RFC 4514
and keeps a white space if the RDN attribute type is not based on the
DN syntax. But Directory server's configuration entry sometimes uses
"cn" to store a DN value (e.g., dn: cn="dc=A,dc=com",cn=mapping tree,
cn=config), which expects the value of cn treated as DN although cn
is not a DN syntax type. To solve the problem, this patch introduces
a configuration parameter "nsslapd-cn-uses-dn-syntax-in-dns" to "cn=
config" which takes "on" or "off". If "on" is set, if the value of
cn under "cn=config" is quoted, it's processed as DN. By default,
nsslapd-cn-uses-dn-syntax-in-dns: off
https://fedorahosted.org/389/ticket/47720
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!)
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 76b33da..cea593b 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -61,6 +61,7 @@ static void reset_rdn_avs( struct berval **rdn_avsp, int *rdn_av_countp );
static void sort_rdn_avs( struct berval *avs, int count, int escape );
static int rdn_av_cmp( struct berval *av1, struct berval *av2 );
static void rdn_av_swap( struct berval *av1, struct berval *av2, int escape );
+static int does_cn_uses_dn_syntax_in_dns(char *type, char *dn);
/* normalized dn cache related definitions*/
struct
@@ -621,6 +622,10 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
/* Reset the character we modified. */
*d = savechar;
+ if (!is_dn_syntax) {
+ is_dn_syntax = does_cn_uses_dn_syntax_in_dns(typestart, src);
+ }
+
state = B4VALUE;
*d++ = *s++;
} else if (ISCLOSEBRACKET(*s)) { /* special care for ACL macro */
@@ -639,6 +644,10 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
/* Reset the character we modified. */
*d = savechar;
+ if (!is_dn_syntax) {
+ is_dn_syntax = does_cn_uses_dn_syntax_in_dns(typestart, src);
+ }
+
state = INVALUE; /* skip a trailing space */
*d++ = *s++;
} else if (ISSPACE(*s)) {
@@ -657,6 +666,10 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
/* Reset the character we modified. */
*d = savechar;
+ if (!is_dn_syntax) {
+ is_dn_syntax = does_cn_uses_dn_syntax_in_dns(typestart, src);
+ }
+
state = B4EQUAL; /* skip a trailing space */
} else if (ISQUOTE(*s) || SEPARATOR(*s)) {
/* type includes quote / separator; not a valid dn */
@@ -1030,6 +1043,18 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
s++;
}
}
+ } else if (ISSPACE(*s)) {
+ while (ISSPACE(*s)) {
+ s++;
+ }
+ /*
+ * dn_syntax_attr=ABC, XYZ --> dn_syntax_attr=ABC,XYZ
+ * non_dn_syntax_attr=ABC, XYZ --> dn_syntax_attr=ABC, XYZ
+ */
+ if (!is_dn_syntax) {
+ --s;
+ *d++ = *s++;
+ }
} else {
*d++ = *s++;
}
@@ -3172,3 +3197,23 @@ slapi_sdn_common_ancestor(Slapi_DN *dn1, Slapi_DN *dn2)
charray_free(dns2);
return slapi_sdn_new_ndn_passin(common);
}
+
+/*
+ * Return 1 - if nsslapd-cn-uses-dn-syntax-in-dns is true &&
+ * the type is "cn" && dn is under "cn=config"
+ * Return 0 - otherwise
+ */
+static int
+does_cn_uses_dn_syntax_in_dns(char *type, char *dn)
+{
+ int rc = 0; /* by default off */
+ char *ptr = NULL;
+ if (type && dn && config_get_cn_uses_dn_syntax_in_dns() &&
+ (PL_strcasecmp(type, "cn") == 0) && (ptr = PL_strrchr(dn, ','))) {
+ if (PL_strcasecmp(++ptr, "cn=config") == 0) {
+ rc = 1;
+ }
+ }
+ return rc;
+}
+
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index d1a3dc0..040649b 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -271,6 +271,7 @@ slapi_int_t init_connection_buffer;
slapi_int_t init_listen_backlog_size;
slapi_onoff_t init_ignore_time_skew;
slapi_onoff_t init_dynamic_plugins;
+slapi_onoff_t init_cn_uses_dn_syntax_in_dns;
#if defined (LINUX)
slapi_int_t init_malloc_mxfast;
slapi_int_t init_malloc_trim_threshold;
@@ -1092,6 +1093,10 @@ static struct config_get_and_set {
NULL, 0,
(void**)&global_slapdFrontendConfig.dynamic_plugins, CONFIG_ON_OFF,
(ConfigGetFunc)config_get_dynamic_plugins, &init_dynamic_plugins},
+ {CONFIG_CN_USES_DN_SYNTAX_IN_DNS, config_set_cn_uses_dn_syntax_in_dns,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.cn_uses_dn_syntax_in_dns, CONFIG_ON_OFF,
+ (ConfigGetFunc)config_get_cn_uses_dn_syntax_in_dns, &init_cn_uses_dn_syntax_in_dns},
#if defined(LINUX)
{CONFIG_MALLOC_MXFAST, config_set_malloc_mxfast,
NULL, 0,
@@ -1558,6 +1563,7 @@ FrontendConfig_init () {
init_listen_backlog_size = cfg->listen_backlog_size = DAEMON_LISTEN_SIZE;
init_ignore_time_skew = cfg->ignore_time_skew = LDAP_OFF;
init_dynamic_plugins = cfg->dynamic_plugins = LDAP_OFF;
+ init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = LDAP_OFF;
#if defined(LINUX)
init_malloc_mxfast = cfg->malloc_mxfast = DEFAULT_MALLOC_UNSET;
init_malloc_trim_threshold = cfg->malloc_trim_threshold = DEFAULT_MALLOC_UNSET;
@@ -3289,6 +3295,7 @@ config_set_dynamic_plugins( const char *attrname, char *value, char *errorbuf, i
return retVal;
}
+
int
config_get_dynamic_plugins() {
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
@@ -3302,6 +3309,34 @@ config_get_dynamic_plugins() {
}
int
+config_set_cn_uses_dn_syntax_in_dns(const char *attrname, char *value, char *errorbuf, int apply)
+{
+ int retVal = LDAP_SUCCESS;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ retVal = config_set_onoff ( attrname,
+ value,
+ &(slapdFrontendConfig->cn_uses_dn_syntax_in_dns),
+ errorbuf,
+ apply);
+
+ return retVal;
+}
+
+int
+config_get_cn_uses_dn_syntax_in_dns()
+{
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ int retVal;
+
+ CFG_ONOFF_LOCK_READ(slapdFrontendConfig);
+ retVal = (int)slapdFrontendConfig->cn_uses_dn_syntax_in_dns;
+ CFG_ONOFF_UNLOCK_READ(slapdFrontendConfig);
+
+ return retVal;
+}
+
+int
config_set_security( const char *attrname, char *value, char *errorbuf, int apply ) {
int retVal = LDAP_SUCCESS;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 4c3e517..34c4ac6 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -586,6 +586,8 @@ int config_set_plugin_logging(const char *attrname, char *value, char *errorbuf,
int config_get_listen_backlog_size(void);
int config_set_dynamic_plugins(const char *attrname, char *value, char *errorbuf, int apply);
int config_get_dynamic_plugins();
+int config_set_cn_uses_dn_syntax_in_dns(const char *attrname, char *value, char *errorbuf, int apply);
+int config_get_cn_uses_dn_syntax_in_dns();
PLHashNumber hashNocaseString(const void *key);
PRIntn hashNocaseCompare(const void *v1, const void *v2);
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 642f3b2..5401a66 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2152,6 +2152,8 @@ typedef struct _slapdEntryPoints {
#define CONFIG_DYNAMIC_PLUGINS "nsslapd-dynamic-plugins"
#define CONFIG_RETURN_DEFAULT_OPATTR "nsslapd-return-default-opattr"
+#define CONFIG_CN_USES_DN_SYNTAX_IN_DNS "nsslapd-cn-uses-dn-syntax-in-dns"
+
/* getenv alternative */
#define CONFIG_MALLOC_MXFAST "nsslapd-malloc-mxfast"
#define CONFIG_MALLOC_TRIM_THRESHOLD "nsslapd-malloc-trim-threshold"
@@ -2415,6 +2417,7 @@ typedef struct _slapdFrontendConfig {
slapi_onoff_t plugin_logging; /* log all internal plugin operations */
slapi_onoff_t ignore_time_skew;
slapi_onoff_t dynamic_plugins; /* allow plugins to be dynamically enabled/disabled */
+ slapi_onoff_t cn_uses_dn_syntax_in_dns; /* indicates the cn value in dns has dn syntax */
#if defined(LINUX)
int malloc_mxfast; /* mallopt M_MXFAST */
int malloc_trim_threshold; /* mallopt M_TRIM_THRESHOLD */
8 years, 10 months
Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/acl/acllas.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
New commits:
commit 7fbf16bdd9a45dcef00b8607474dfa21c645c2f7
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed May 21 14:36:01 2014 -0400
Ticket 47670 - Aci warnings in error log
Bug Description: Some aci warnings are unneccesarily written to the
error log.
Fix Description: Lower the log messaages from SLAPI_LOG_FATAL to SLAPI_LOG_ACL
Patch provided by: chatfield(Thanks!)
https://fedorahosted.org/389/ticket/47670
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 4f14e7df8215e30d6dd1205638886a877f46a70c)
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index a71d04f..81e486f 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -3624,7 +3624,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
/* Check the scope */
if ( ludp->lud_scope == LDAP_SCOPE_SUBTREE ) {
if (!slapi_dn_issuffix(n_clientdn, ludp->lud_dn)) {
- slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
+ slapi_log_error( SLAPI_LOG_ACL, plugin_name,
"acllas__client_match_URL: url [%s] scope is subtree but dn [%s] "
"is not a suffix of [%s]\n",
normed, ludp->lud_dn, n_clientdn );
@@ -3634,7 +3634,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
char *parent = slapi_dn_parent (n_clientdn);
if (slapi_utf8casecmp ((ACLUCHP)parent, (ACLUCHP)ludp->lud_dn) != 0 ) {
- slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
+ slapi_log_error( SLAPI_LOG_ACL, plugin_name,
"acllas__client_match_URL: url [%s] scope is onelevel but dn [%s] "
"is not a direct child of [%s]\n",
normed, ludp->lud_dn, parent );
@@ -3644,7 +3644,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
slapi_ch_free_string(&parent);
} else { /* default */
if (slapi_utf8casecmp ( (ACLUCHP)n_clientdn, (ACLUCHP)ludp->lud_dn) != 0 ) {
- slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
+ slapi_log_error( SLAPI_LOG_ACL, plugin_name,
"acllas__client_match_URL: url [%s] scope is base but dn [%s] "
"does not match [%s]\n",
normed, ludp->lud_dn, n_clientdn );
8 years, 10 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/acl/acllas.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
New commits:
commit d8b7eb81ea6136f423f043df7b3e9fb6b333f5cd
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed May 21 14:36:01 2014 -0400
Ticket 47670 - Aci warnings in error log
Bug Description: Some aci warnings are unneccesarily written to the
error log.
Fix Description: Lower the log messaages from SLAPI_LOG_FATAL to SLAPI_LOG_ACL
Patch provided by: chatfield(Thanks!)
https://fedorahosted.org/389/ticket/47670
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 4f14e7df8215e30d6dd1205638886a877f46a70c)
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index ee113bc..4d9b236 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -3616,7 +3616,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
/* Check the scope */
if ( ludp->lud_scope == LDAP_SCOPE_SUBTREE ) {
if (!slapi_dn_issuffix(n_clientdn, ludp->lud_dn)) {
- slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
+ slapi_log_error( SLAPI_LOG_ACL, plugin_name,
"acllas__client_match_URL: url [%s] scope is subtree but dn [%s] "
"is not a suffix of [%s]\n",
normed, ludp->lud_dn, n_clientdn );
@@ -3626,7 +3626,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
char *parent = slapi_dn_parent (n_clientdn);
if (slapi_utf8casecmp ((ACLUCHP)parent, (ACLUCHP)ludp->lud_dn) != 0 ) {
- slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
+ slapi_log_error( SLAPI_LOG_ACL, plugin_name,
"acllas__client_match_URL: url [%s] scope is onelevel but dn [%s] "
"is not a direct child of [%s]\n",
normed, ludp->lud_dn, parent );
@@ -3636,7 +3636,7 @@ acllas__client_match_URL (struct acl_pblock *aclpb, char *n_clientdn, char *url
slapi_ch_free_string(&parent);
} else { /* default */
if (slapi_utf8casecmp ( (ACLUCHP)n_clientdn, (ACLUCHP)ludp->lud_dn) != 0 ) {
- slapi_log_error( SLAPI_LOG_FATAL, plugin_name,
+ slapi_log_error( SLAPI_LOG_ACL, plugin_name,
"acllas__client_match_URL: url [%s] scope is base but dn [%s] "
"does not match [%s]\n",
normed, ludp->lud_dn, n_clientdn );
8 years, 10 months