January 2010 - 389-devel - Fedora Mailing-Lists

Please review: [Bug 559016] Attempting to rename suffix returns inappropriate errors

by Noriko Hosoi

[Problem Description] Renaming suffix returns the return code LDAP_UNWILLING_TO_PERFORM with the message "Renaming suffix is not allowe", which does not describe the problem correctly. $ ldapmodify -D 'cn=directory manager' -w pw dn: dc=example,dc=com changetype: modrdn newrdn: dc=new deleteoldrdn: -1 modifying RDN of entry dc=example,dc=com ldap_rename: DSA is unwilling to perform ldap_rename: additional info: Cannot move entries accross backends The right error code/message should be ldap_rename: DSA is unwilling to perform ldap_rename: additional info: Renaming suffix is not allowed [Fix Description] If the target dn of the modrdn operation is a suffix, check if the new dn already exists or not. If it exists, it returns LDAP_ALREADY_EXISTS. If the backend associated with the new dn does not exist, it returns LDAP_NO_SUCH_OBJECT. Otherwise, it returns LDAP_NAMING_VIOLATION. If the target dn of the modrdn is attempted to move across backends, it returns LDAP_AFFECTS_MULTIPLE_DSAS instead of LDAP_UNWILLING_TO_PERFORM. Modrdn (op_shared_rename) was logging the parameter errors in the clients request as SLAPI_LOG_FATAL. Reduced the level to SLAPI_LOG_ARGS. Also, replaced ldap_explode_dn with slapi_dn_syntax_check to verify the newsuperior. By the replacement, 2 bugs in slapi_dn_syntax_check were found. 1) The key for the DN in the hashtable of the attribute syntax has to be "distinguishedName". 2) Argument type for plg_syntax_validate was not correct. [Proposed Fix] Created an attachment (id=387689) <https://bugzilla.redhat.com/attachment.cgi?id=387689&action=diff> [details] <https://bugzilla.redhat.com/attachment.cgi?id=387689&action=edit> git patch file

13 years, 10 months

1
0
0 / 0

Please review: [Bug 247413] Incorrect error on multiple identical value add

by Noriko Hosoi

https://bugzilla.redhat.com/show_bug.cgi?id=247413 [Problem Description] Adding multiple identical values returns "Operations error (LDAP_OPERATIONS_ERROR == 0x1)" instead of "Type or value exists (LDAP_TYPE_OR_VALUE_EXISTS == 0x14)" E.g., dn: ou=test,dc=example,dc=com changetype: modify replace: description description: test description: test modifying entry "ou=test,dc=example,dc=com" ldap_modify: Operations error (1) [Fix Description] API valueset_replace used to override any error from the lower layer with LDAP_OPERATIONS_ERROR. If the error is LDAP_TYPE_OR_VALUE_EXISTS, the error is now returned as is. [Proposed Fix] --> (https://bugzilla.redhat.com/attachment.cgi?id=387210) git diff ldap/servers/slapd/valueset.c

13 years, 10 months

1
0
0 / 0

Please review: [Bug 557224] subtree rename breaks the referential integrity plug-in

by Noriko Hosoi

https://bugzilla.redhat.com/show_bug.cgi?id=557224 Description of problem: Analysis by andrey.ivanov(a)polytechnique.fr > I'm pretty sure the referential integrity plug-in will not work for > modrdn operations with a new superior. Looking more thoroughly through > the code ( ldap / servers / plugins / referint / referint.c) confirms > my suspicion that new rdn superior is not taken into account. The > function referint_postop_modrdn extracts from the parameter block > only SLAPI_MODRDN_TARGET and SLAPI_MODRDN_NEWRDN, it does not extract > SLAPI_MODRDN_NEWSUPERIOR neither passes it further down the utility > functions - update_integrity(argv, dn, newrdn, logChanges) and > writeintegritylog(argv[1],dn, newrdn). The same applies to the delayed > referint operations (the plug-in writes to the special integrity log > file only the old DN and the new RDN, but never the new superior : > writeintegritylog(argv[1],dn, newrdn);) Another thought on the subject of referential integrity plug-in - in the previous mail i have only mentioned one-entry renames with a new superior. The things get even worse when we rename a whole non-empty sub-tree. It means that the referential integrity plug-in should change to the new DNs all the references to all the entries of the whole sub-tree, not only for one entry. And what if we rename a sub-tree containing both the referenced entry and the entry referencing the first one's DN in one of its "integrity" attributes? It actually means that we need at first make the rename and then all the searches and replacements. Though it seems it's already the case as it's a post-op(?) plug-in... Fix Description: The referential integrity plugin has not supported the subtree rename (modrdn with newsuperior). This patch is adding the support. Created an attachment (id=386896) <https://bugzilla.redhat.com/attachment.cgi?id=386896&action=diff> git patch for ldap/servers/plugins/referint/referint.c

13 years, 10 months

2
3
0 / 0

Please Review: (549554) Trim single-valued attributes before sending to AD

by Nathan Kinder

https://bugzilla.redhat.com/show_bug.cgi?id=549554 https://bugzilla.redhat.com/attachment.cgi?id=386936&action=diff https://bugzilla.redhat.com/attachment.cgi?id=386936&action=edit

13 years, 10 months

1
0
0 / 0

Please Review: (549554) Trim single-valued attributes before sending to AD

by Nathan Kinder

https://bugzilla.redhat.com/show_bug.cgi?id=549554 https://bugzilla.redhat.com/attachment.cgi?id=386936&action=diff https://bugzilla.redhat.com/attachment.cgi?id=386936&action=edit

13 years, 10 months

1
0
0 / 0

Please review: Bug 537466 - nsslapd-distribution-plugin should not require plugin name to begin with "lib"

by Rich Megginson

https://bugzilla.redhat.com/show_bug.cgi?id=537466 Fix Description: We use the function PL_GetLibraryName from NSPR to get the platform specific DLL/shared lib filename suffix. Unfortunately, this funct also prepends the string "lib" to the given name if the given file has no suffix. If the given name already has the correct suffix, it does not prepe the "lib" to the name. get_plugin_name() should look for the original library name in the string returned by PL_GetLibraryName. If it is there, a has something before it in the string, see if it is "/lib" - if so, remove t extraneous "lib" string. If "/lib" is not there, then just pass the string through as is. To summarize: /full/path/to/name.so -> /full/path/to/name.so - error if /full/path/to/name name -> /default/plugin/path/libname.so -> /default/plugin/path/name.so name.so -> /default/plugin/path/name.so Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=386889&action=edit https://bugzilla.redhat.com/attachment.cgi?id=386889&action=diff

13 years, 10 months

1
0
0 / 0

Please review: Bug 543080 - Bitwise plugin fails to return the exact matched entries for Bitwise search filter

by Rich Megginson

https://bugzilla.redhat.com/show_bug.cgi?id=543080 Fix Description: The Microsoft Windows AD bitwise filters do not work exactl like the usual bitwise AND (&) and OR (|) operators. For the AND case the matching rule is true only if all bits from the value given in the filter value match the value from the entry. For the OR case, the matching rule is true if any bits from the value given in the filter match the value from the entry. For the AND case, this means that even though (a & b) is True, if (a & b) != b, the matching rule will return False. For the OR case, this means that even though (a | b) is True, this may be because there are bits in a. But we only care about bits in a that are also in b. So we do (a & b) - this will return what we want, which is to return True if any of the bits in b are also in a. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=386875&action=edit https://bugzilla.redhat.com/attachment.cgi?id=386875&action=diff

13 years, 10 months

1
0
0 / 0

Please review: Bug 554887 - Net::LDAP password modify extop breaks; msgid in response is 0xFF

by Rich Megginson

https://bugzilla.redhat.com/show_bug.cgi?id=554887 Fix Description: We use a fake conn for the internal password modify operation so that we can use the real credentials. Unfortunately, this messes up the result code - because there is a real, non-NULL conn, it thinks it needs to send the result back to a real client rather than handle it as an internal operation. It looks as though o_result_handler is only used for internal operations. The fix is to change the result handling code to check for an internal op OR conn == NULL to see if we should use the result handler instead. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=386746&action=edit https://bugzilla.redhat.com/attachment.cgi?id=386746&action=diff

13 years, 10 months

2
1
0 / 0

q about bug 554887 - Net::LDAP password modify extop breaks; msgid in response is 0xFF

by Rich Megginson

https://bugzilla.redhat.com/show_bug.cgi?id=554887 The problem appears to be this - passwd_extop.c line 173: /* We copy the connection from the original pblock into the * pblock we use for the internal modify operation. We do * this to allow the password policy code to be able to tell * that the password change was initiated by the user who * sent the extended operation instead of always assuming * that it was done by the root DN. */ pb.pb_conn = pb_orig->pb_conn; This makes the internal ops think this is a real connection, and therefore it attempts to send back the result of the internal operation as a real result back to the client: send_ldap_result_ext() result.c line 357: if ( conn == NULL ) { if ( operation->o_result_handler != NULL ) { operation->o_result_handler( conn, operation, err, matched, text, nentries, urls ); logit = 1; } goto log_and_return; } I don't think the passwd_extop code should use the entire connection. I'm thinking that perhaps just the authentication parts of the connection for ACI purposes. Does anyone know exactly what parts of the conn were needed to fulfill the requirements above?

13 years, 10 months

2
1
0 / 0

Spelling typos

by Michele Baldessari

Hi all, a couple of one liners to fix spelling typos. (Against 1.2.5) regards, Michele diff -urNad trunk~/ldap/servers/plugins/chainingdb/cb_conn_stateless.c trunk/ldap/servers/plugins/chainingdb/cb_conn_stateless.c --- trunk~/ldap/servers/plugins/chainingdb/cb_conn_stateless.c 2010-01-12 19:54:28.000000000 +0100 +++ trunk/ldap/servers/plugins/chainingdb/cb_conn_stateless.c 2010-01-24 14:57:28.000000000 +0100 @@ -412,7 +412,7 @@ { /* Bind is successful but password has expired */ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM, - "Succesfully bound as %s to remote server %s:%d, " + "Successfully bound as %s to remote server %s:%d, " "but password has expired.\n", binddn, hostname, port); } @@ -424,7 +424,7 @@ { int password_expiring = atoi( serverctrls[ i ]->ldctl_value.bv_val ); slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM, - "Succesfully bound as %s to remote server %s:%d, " + "Successfully bound as %s to remote server %s:%d, " "but password is expiring in %d seconds.\n", binddn, hostname, port, password_expiring); } diff -urNad trunk~/ldap/servers/plugins/replication/repl5_connection.c trunk/ldap/servers/plugins/replication/repl5_connection.c --- trunk~/ldap/servers/plugins/replication/repl5_connection.c 2010-01-12 19:54:28.000000000 +0100 +++ trunk/ldap/servers/plugins/replication/repl5_connection.c 2010-01-24 14:57:28.000000000 +0100 @@ -1696,7 +1696,7 @@ { /* Bind is successfull but password has expired */ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "%s: Succesfully bound %s to consumer, " + "%s: Successfully bound %s to consumer, " "but password has expired on consumer.\n", agmt_get_long_name(conn->agmt), binddn); } @@ -1708,7 +1708,7 @@ { int password_expiring = atoi( ctrls[ i ]->ldctl_value.bv_val ); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "%s: Succesfully bound %s to consumer, " + "%s: Successfully bound %s to consumer, " "but password is expiring on consumer in %d seconds.\n", agmt_get_long_name(conn->agmt), binddn, password_expiring); } diff -urNad trunk~/ldap/servers/plugins/replication/windows_connection.c trunk/ldap/servers/plugins/replication/windows_connection.c --- trunk~/ldap/servers/plugins/replication/windows_connection.c 2010-01-12 19:54:28.000000000 +0100 +++ trunk/ldap/servers/plugins/replication/windows_connection.c 2010-01-24 14:57:28.000000000 +0100 @@ -658,7 +658,7 @@ nummessages = ldap_count_messages(conn->ld, res); numentries = ldap_count_entries(conn->ld, res); numreferences = ldap_count_references(conn->ld, res); - LDAPDebug( LDAP_DEBUG_REPL, "windows_search_entry: recieved %d messages, %d entries, %d references\n", + LDAPDebug( LDAP_DEBUG_REPL, "windows_search_entry: received %d messages, %d entries, %d references\n", nummessages, numentries, numreferences ); } @@ -1743,7 +1743,7 @@ { /* Bind is successfull but password has expired */ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "%s: Succesfully bound %s to consumer, " + "%s: Successfully bound %s to consumer, " "but password has expired on consumer.\n", agmt_get_long_name(conn->agmt), binddn); } @@ -1755,7 +1755,7 @@ { int password_expiring = atoi( ctrls[ i ]->ldctl_value.bv_val ); slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, - "%s: Succesfully bound %s to consumer, " + "%s: Successfully bound %s to consumer, " "but password is expiring on consumer in %d seconds.\n", agmt_get_long_name(conn->agmt), binddn, password_expiring); } diff -urNad trunk~/ldap/servers/slapd/connection.c trunk/ldap/servers/slapd/connection.c --- trunk~/ldap/servers/slapd/connection.c 2010-01-12 19:54:28.000000000 +0100 +++ trunk/ldap/servers/slapd/connection.c 2010-01-24 14:57:53.000000000 +0100 @@ -631,7 +631,7 @@ if (conn->c_refcnt <= 0) { slapi_log_error(SLAPI_LOG_FATAL, "connection", - "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not aquired\n", + "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not acquired\n", conn->c_connid, conn->c_sd); PR_ASSERT (PR_FALSE); return -1; diff -urNad trunk~/ldap/servers/slapd/entry.c trunk/ldap/servers/slapd/entry.c --- trunk~/ldap/servers/slapd/entry.c 2010-01-12 19:54:28.000000000 +0100 +++ trunk/ldap/servers/slapd/entry.c 2010-01-24 14:57:28.000000000 +0100 @@ -391,7 +391,7 @@ { LDAPDebug( LDAP_DEBUG_ANY, "str2entry_fast: entry %s exceeded max attribute value cound %ld\n", - slapi_entry_get_dn_const(e)?slapi_entry_get_dn_const(e):"unkown", + slapi_entry_get_dn_const(e)?slapi_entry_get_dn_const(e):"unknown", attr_val_cnt, 0 ); } if (read_stateinfo && maxcsn) diff -urNad trunk~/ldap/servers/slapd/sslerrstrs.h trunk/ldap/servers/slapd/sslerrstrs.h --- trunk~/ldap/servers/slapd/sslerrstrs.h 2010-01-12 19:54:28.000000000 +0100 +++ trunk/ldap/servers/slapd/sslerrstrs.h 2010-01-24 14:57:28.000000000 +0100 @@ -256,7 +256,7 @@ "SSL peer was not expecting a handshake message it received.") ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), -"SSL peer was unable to succesfully decompress an SSL record it received.") +"SSL peer was unable to successfully decompress an SSL record it received.") ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), "SSL peer was unable to negotiate an acceptable set of security parameters.") diff -urNad trunk~/ldap/servers/slapd/uniqueidgen.c trunk/ldap/servers/slapd/uniqueidgen.c --- trunk~/ldap/servers/slapd/uniqueidgen.c 2010-01-12 19:54:28.000000000 +0100 +++ trunk/ldap/servers/slapd/uniqueidgen.c 2010-01-24 14:57:28.000000000 +0100 @@ -119,7 +119,7 @@ if (uId == NULL) { slapi_log_error (SLAPI_LOG_FATAL, MODULE, "uniqueIDGenerate: " - "NULL paramter is passed to the function.\n"); + "NULL parameter is passed to the function.\n"); return UID_BADDATA; } @@ -179,7 +179,7 @@ if (uId == NULL || uIdBase == NULL || name == NULL || namelen <= 0) { slapi_log_error (SLAPI_LOG_FATAL, MODULE, "uniqueIDGenerateMT: " - "invalid paramter is passed to the function.\n"); + "invalid parameter is passed to the function.\n"); return UID_BADDATA; } diff -urNad trunk~/man/man1/cl-dump.1 trunk/man/man1/cl-dump.1 --- trunk~/man/man1/cl-dump.1 2010-01-12 19:54:28.000000000 +0100 +++ trunk/man/man1/cl-dump.1 2010-01-24 14:57:28.000000000 +0100 @@ -63,7 +63,7 @@ .TP .B \-r replica\-roots Specify replica roots whose changelog you want to dump. The replica -roots may be seperated by comma. All the replica roots would be +roots may be separated by comma. All the replica roots would be dumped if the option is omitted. .TP .B \-v diff -urNad trunk~/man/man1/logconv.pl.1 trunk/man/man1/logconv.pl.1 --- trunk~/man/man1/logconv.pl.1 2010-01-12 19:54:28.000000000 +0100 +++ trunk/man/man1/logconv.pl.1 2010-01-24 14:57:28.000000000 +0100 @@ -45,11 +45,11 @@ Print version of the tool .TP .B \fB\-S\fR <time to begin analyzing logfile from> -Time to begin analyzing logile from +Time to begin analyzing logfile from E.g. [28/Mar/2002:13:14:22 \fB\-0800]\fR .TP .B \fB\-E\fR <time to stop analyzing logfile> -Time to stop analyzing logile from +Time to stop analyzing logfile from E.g. [28/Mar/2002:13:24:62 \fB\-0800]\fR .TP \fB\-V\fR <enable verbose output \- includes all stats listed below>

13 years, 10 months

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-devel January 2010