bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=526141
>
>
> Noriko Hosoi <nhosoi(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nhosoi(a)redhat.com
> Devel Whiteboard|comment#1.review? |comment#1.review+nhosoi
>
Thanks - pushed to master
https://bugzilla.redhat.com/show_bug.cgi?id=526141
Resolves: bug 526141
Bug Description: allow empty groups
Reviewed by: ???
Fix Description: Change groupOfNames and groupOfUniqueNames to allow
empty
groups by changing the member/uniqueMember attribute from MUST to MAY.
NOTE: This is the way it was before 1.2.1 changed it. Also note
that this is a temporary hack until we solve the problem of LDAP
grouping with a better solution, one that eases migration of existing
installations.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=363112&action=diff
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=520921
>
>
> Nathan Kinder <nkinder(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nkinder(a)redhat.com
> Devel Whiteboard|comment#5.review? |comment#5.review+nkinder
>
Thanks - pushed to master
https://bugzilla.redhat.com/show_bug.cgi?id=520921
Resolves: bug 520921
Bug Description: Config schema not included in core schema
Reviewed by: ???
Fix Description: Just had to move a few schema from 02common and
30ns-common into 01core389.ldif. I also added 01core389.ldif to the
list of schema installed when install_full_schema=0 is specified with
setup-ds.pl. I also added these schema files to the list of schema
files to upgrade.
With these changes, the server starts up fine. The only error is this:
[29/Sep/2009:16:47:53 -0600] - Entry "cn=PAM Pass Through
Auth,cn=plugins,cn
=config" has unknown object class "pamConfig"
This is because the pam pass through plugin is included in the
default config. I'd rather not move that schema file. That plugin can
be removed from the default config during setup by specifying a
slapd.ConfigFile directive with contents like this:
dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
changetype: delete
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=363060&action=diff
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=526319
>
>
> Nathan Kinder <nkinder(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nkinder(a)redhat.com
> Devel Whiteboard|comment#1.review? |comment#1.review+nkinder
>
Thanks - pushed to master
https://bugzilla.redhat.com/show_bug.cgi?id=526319
Resolves: bug 526319
Bug Description: SASL IO sometimes loops with "error: would block"
Reviewed by: ???
Fix Description: The semantics for recv() are that it returns -1 for
errors,
0 for connection closed, and non-zero for some bytes received. The
sasl code w
as not using those semantics - it was returning 0 for successful read
and -1 for
error. Although I have not been able to reproduce the exact failure,
what I be
lieve is happening is that the initial read of the packet length in
sasl_io_star
t_packet() works, and the sasl IO is received. At some point, the
connection is
closed by the client, and the PR_Recv return of 0 is not handled
correctly,
and somehow the errno gets set to EWOULDBLOCK. From this point on,
PR_Recv() wi
ll return -1 (since the socket has been closed) and errno is not reset
from EWOU
LDBLOCK.
The fix is to make sure the sasl IO code handles the PR_Recv()
return value
correctly.
Note that with CONNS (8) error log level, you may still occasionally
see "wo
uld block" errors, but as long as they are not endlessly repeating, this
should
be ok.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=363058&action=diff
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=525785
>
>
> Nathan Kinder <nkinder(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nkinder(a)redhat.com
> Devel Whiteboard|comment#1.review? |comment#1.review+nkinder
>
thanks - pushed to master
Summary: ldif2db replaces existing modify/create name and timestamps
https://bugzilla.redhat.com/show_bug.cgi?id=525007
[Problem Description]
LDIF that is imported might contain createTimestamp, creatorsName,
modifyTimestamp, or modifiersName. The import code since FDS 1.2 inserts
these attributes but it should only do so if they're missing; any
existing values should take precedence.
[Fix Description]
Only insert the attributes if they don't already exist in the entry.
attrlist_find() rather than slapi_entry_attr_find() is used because the
latter reports attributes with empty values as being missing attributes.
[Proposed Fix]
https://bugzilla.redhat.com/attachment.cgi?id=362157
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=518514
>
>
> Noriko Hosoi <nhosoi(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nhosoi(a)redhat.com
> Devel Whiteboard|comment#1.review? |comment#1.review+nhosoi
>
>
Thanks - pushed to master
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=516305
>
>
> Noriko Hosoi <nhosoi(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nhosoi(a)redhat.com
> Devel Whiteboard| |comment#18.review+nhosoi
>
>
>
>
> --- Comment #19 from Noriko Hosoi <nhosoi(a)redhat.com> 2009-09-24 12:52:52 EDT ---
> Your fix looks good. Thanks, Rich!
>
Thanks - pushed to master
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=513308
>
>
> Noriko Hosoi <nhosoi(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nhosoi(a)redhat.com
> Devel Whiteboard|comment#3.review? |comment#4.review+nhosoi
>
Thanks - pushed to master
https://bugzilla.redhat.com/show_bug.cgi?id=513308
Resolves: bug 513308
Bug Description: empty principal name used when using server to server
sasl for db chaining
Reviewed by: ???
Fix Description: Change the logic to check if the username is a valid
principal name. A valid principal name in this context will be a
non-empty string that does not contain the '=' character (which will be
a bind DN in this context).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=362330&action=diff
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=519455
>
>
> Nathan Kinder <nkinder(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nkinder(a)redhat.com
> Devel Whiteboard|comment#6.review? |comment#6.review+nkinder
>
Thanks - pushed to master
https://bugzilla.redhat.com/show_bug.cgi?id=519455
Resolves: bug 519455
Bug Description: Should not attempt to pop SASL IO layer if not
using SASL IO
Reviewed by: ???
Fix Description: Before attempting to pop the SASL IO layer from the
prfd,
first make sure we are using sasl IO, the prfd is not NULL, and the prfd
has a SASL IO layer on it.
This also fixes a bug with setting nsslapd-localhost in the
bootstrap code -
if you are using a system that does not have DNS configured
correctly, you
may want to force the SASL code to use the nsslapd-localhost for the
FQDN.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=362324&action=diff
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=518279
>
>
> Nathan Kinder <nkinder(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nkinder(a)redhat.com
> Devel Whiteboard|comment#2.review? |comment#2.review+nkinder
>
>
Thanks - pushed to master
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=495522
>
>
> Nathan Kinder <nkinder(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nkinder(a)redhat.com
> Devel Whiteboard|comment#1.review? |comment#1.review+nkinder
>
>
Thanks - pushed to master
Start script hardcodes file permissions mask to 077 (600), so the
nsslapd-*l
https://bugzilla.redhat.com/show_bug.cgi?id=495522
Resolves: bug 495522
Bug Description: Start script hardcodes file permissions mask to 077
(600),
Reviewed by: ???
Fix Description: Use umask 002 for the directory server process
Note that I'm not sure why the init script set the umask to 077 in the
first place - probably copied from some boilerplate - it's probably ok
to use 000, but 002 at least affords some minimal protection.
Platforms tested: Fedora 11 x86_64
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=362142&action=diff
bugzilla(a)redhat.com wrote:
> Please do not reply directly to this email. All additional
> comments should be made in the comments box of this bug.
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=520483
>
>
> Nathan Kinder <nkinder(a)redhat.com> changed:
>
> What |Removed |Added
> ----------------------------------------------------------------------------
> CC| |nkinder(a)redhat.com
> Devel Whiteboard|comment#2.review? |comment#2.review+nkinder
>
Thanks - pushed to master.