upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-17 01:28:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24326 commits 38 branches 313 tags 89 MiB
Commit graph

13130 commits

Author SHA1 Message Date
Ondřej Kuzník
798e215ea6 Add connection number config 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
94ee62a4f4 Switch bindkey to use Backend instead of bindconf 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
59291ba4de Proxyauthz support 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9309bc9402 Make features global 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
639c5912f5 Client authentication 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e5f68bcf7c Option for response handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
4ad8ecd45e Logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f37e7757b1 Response handling, exploit optional bervals 2020-11-17 17:55:45 +00:00
Ondřej Kuzník
2fbc8ca473 Rename backend mutex 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
3d1ea4693e Authenticate the upstream connection if configured 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
5bdb4e1570 Update maximum number or parameters for backend 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
fd5b9cdb91 This is a proxy now 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
93fe1d2bab Operation parsing 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
b49932d637 Connection write support 2020-11-17 17:42:43 +00:00
Ondřej Kuzník
79f7e79f15 Set up connections in the worker threads 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
bf66b48fe3 Upstream connection setup 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
1a45249054 Update connection init 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
8e0a6119fa Startup adjustment 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
c596b797ed Backend configuration 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
46ddb4039c lloadd ahoy 2020-11-17 17:15:40 +00:00
Howard Chu
a87ae275e1 ITS#9394 syncprov: ignore duplicate sessionlog entries 2020-11-17 00:31:56 +00:00
Quanah Gibson-Mount
6492012e00 Remove various unused variables 2020-11-12 18:05:59 +00:00
Howard Chu
9eb948529b ITS#9391 remove asserts in UUIDNormalize() 2020-11-11 18:25:31 +00:00
Ondřej Kuzník
ee49c83976 Cleanup use of *alloc() in daemon.c 2020-11-09 16:57:21 +00:00
Ondřej Kuzník
727ec3ae14 ITS#9386 State change issues are still ignored, but at least log them 2020-11-09 11:51:20 +00:00
Ondřej Kuzník
123001c89d ITS#9386 Address compiler warnings 2020-11-09 11:50:37 +00:00
Howard Chu
6b0fc9e034 ITS#9121 fix filtered memberOf 
Broken in 2c0499ae4e adding nesting
 2020-11-03 01:18:32 +00:00
Howard Chu
c0eeb2b9b8 ITS#9384 remove assert in obsolete csnNormalize23() 2020-11-02 16:01:14 +00:00
Howard Chu
265d362f27 ITS#9383 remove assert in certificateListValidate 2020-11-02 13:12:10 +00:00
Howard Chu
87158469eb ITS#9121 fix dynlist_filter_dup for substring filter 2020-10-30 23:30:28 +00:00
Quanah Gibson-Mount
2f0883d161 ITS#9380 - Fix return type for connection_write_resume 2020-10-29 19:55:37 +00:00
Howard Chu
db46f88853 ITS#9379 reject listener URLs with non-empty DNs 2020-10-28 16:50:23 +00:00
Ondřej Kuzník
98a0029dae ITS#9366 Check ldap_install_tls return and remove connection if failed 2020-10-23 20:38:21 +00:00
Howard Chu
6abfd60078 ITS#9370 revert previous commit, alternate fix 
Just skip normalization if there's no equality rule. We accept
DNs without equality rules already.
 2020-10-19 14:14:54 +01:00
Howard Chu
a08a2db406 ITS#9370 check for equality rule on old_rdn 
We should probably just check in dnNormalize instead, and catch
this everywhere DNs are received. It might make us reject some
DNs that are already in use, though (e.g. received from other
directory servers that don't do schema checking).
 2020-10-19 14:03:41 +01:00
Howard Chu
c1912fb7af ITS#9121 don't process nested memberOf if memberOf wasn't requested 2020-10-13 22:11:44 +01:00
Howard Chu
fb587d3d58 ITS#9361 prevent CSN from being generated for purge deletes 2020-10-02 13:25:52 +01:00
Howard Chu
56860fc405 ITS#9342 delta-syncL ignore add of already existing entry 
if the entryCSN is older. Previous patch breaks if writes are
received out of order, e.g. during a refresh.
 2020-10-01 14:27:24 +01:00
Ondřej Kuzník
efc23cddc3 ITS#9295 Do not replace 'op' 2020-09-30 18:55:34 +00:00
Ondřej Kuzník
20024d5ba8 ITS#9359 Do not create an empty add 2020-09-30 19:25:56 +01:00
Howard Chu
ed949bf287 ITS#9342 delta-sync: ignore add if entryCSN is too old 
This check is only needed for ops received without a CSN in their cookie.
This only occurs when the ops completed out of order on the provider.
 2020-09-30 15:45:04 +00:00
Howard Chu
80a545b5ed Partially Revert "ITS#8486 use kbtree for sessionlog" 
This mostly reverts commit 1915cb968a.
Too many concurrency issues. Retains the improvement to
syncprov_sessionlog_cmp
 2020-09-30 15:11:31 +00:00
Howard Chu
2bbb51e20b ITS#9358 Fix reqStart normalizer 
Don't truncate trailing zeroes in reqStart/reqEnd timestamps
 2020-09-29 09:43:37 +01:00
Ondřej Kuzník
67d005ee65 ITS#9348 Stop using plain strerror() 2020-09-25 12:47:46 +01:00
Quanah Gibson-Mount
f3e86d3d93 ITS#8636 - Fix DESC for deltaCRL attribute 2020-09-25 04:29:59 +00:00
Quanah Gibson-Mount
fe3636df9d ITS#8341 - Add matching rule to the namingContexts attr 2020-09-25 02:05:55 +00:00
Howard Chu
1915cb968a ITS#8486 use kbtree for sessionlog 
Saves about 20% CPU time and RAM
 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
98d5c5c6ce ITS#8486 Protect tavl_* calls in play_sessionlog 2020-09-25 00:07:50 +00:00
Howard Chu
8f8774c0b1 ITS#8486 Minor play_sessionlog cleanup 
Fix logmsg uuidstr.
Shortcut finding start of playback.
Allow dup CSNs in log, but with different UUIDs. All
non-present deletes in a refresh use the same CSN.
 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
d2036cec90 ITS#8486 Switch sessionlog to use TAVL 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
3f5293e145 ITS#5422 Save errno before passing it to Debug() 2020-09-24 23:34:36 +00:00
Howard Chu
c3131eb5a3 ITS#9348 replace all uses of STRERROR with AC_STRERROR_R 
Avoid using sys_errlist unless there's no other choice
 2020-09-24 23:34:36 +00:00
Ondřej Kuzník
1b8e6b944b ITS#9355 Propagate errors from overlay_entry_get_ov 2020-09-23 11:10:29 +01:00
Howard Chu
62ecd38bc4 ITS#8102 syncrepl: only use trylock on the cn=config DB 2020-09-22 21:27:15 +01:00
Quanah Gibson-Mount
a3f186880c ITS#9351 - Always build back-monitor as a static backend 2020-09-21 16:52:33 +00:00
Howard Chu
dd82fa5393 ITS#9353 fix monitor_back_register_database for empty suffix DB 
Use the correct database entry instead of the frontendDB entry
 2020-09-20 16:29:38 +01:00
Quanah Gibson-Mount
bc021bb244 ITS#6749 - Change configure monitor warning to DEBUG CONFIG instead of DEBUG ANY 2020-09-18 14:56:43 +00:00
Howard Chu
331e587754 ITS#9352 syncrepl: fix syncrepl_op_modify on entry with no entryCSN 2020-09-17 20:18:20 +01:00
Gabriel Buades
984ecd113a ITS#9349 slapd-mdb: optimize index delete 
Performance improvement for indexed attributes removal
 2020-09-17 18:21:53 +01:00
Howard Chu
2b512ea79c ITS#9339 Fix syncrepl_monitor_init for dynamic monitor backend 
Calling from backend.c only works if back-monitor is a static backend
 2020-09-17 15:22:01 +01:00
Howard Chu
3e181b8453 Silence stupid warnings 2020-09-16 23:27:45 +01:00
Quanah Gibson-Mount
947b8ed9d6 Fix code indentation for recent changes 2020-09-16 21:13:28 +00:00
Howard Chu
d63287e2f4 ITS#9345 fix for cmdline cookie 
Previous commit could cause cmdline cookie to be ignored
 2020-09-15 15:00:57 +00:00
Howard Chu
afc970b11d ITS#9015 syncprov: fix for zero-length suffix 
If the "" glue entry exists and lacks a contextCSN, must perform
an additional search to be sure the DB is otherwise empty. If so,
skip creating the contextCSN.
 2020-09-15 12:08:22 +01:00
Howard Chu
9a3e63ba00 ITS#9338 alternate fix 
Don't resume pending ops unless there are no other threads
waiting to write
 2020-09-13 08:05:31 +00:00
Howard Chu
57643b4347 ITS#9345 syncrepl: call check_syncprov on freshly started consumer 2020-09-12 21:44:31 +01:00
Howard Chu
ef2b505b20 ITS#9043 Fix new log msg crashes 
Solaris stdio hates NULL pointers
 2020-09-11 23:36:41 +00:00
Howard Chu
fdf6ee5059 ITS#8054 fix etime calculation 
Was overlooked in a0cc1d9655
 2020-09-11 23:01:16 +00:00
Howard Chu
72bfa9d488 ITS#9339 fix connection address handling 
valgrind didn't like accesses to si->si_connaddr
Also fix an array bounds check in ITS#9282 merge_state
 2020-09-10 17:03:32 +00:00
Howard Chu
490273fb97 ITS#8102, #9330 partially revert 
Fix a regression in delta-sync, was returning error on old
CSNs instead of ignoring them
 2020-09-10 16:17:13 +00:00
Ondřej Kuzník
eb5f138650 ITS#9043 Only print sessionlog entries we think will apply 2020-09-10 11:04:29 +01:00
Ondřej Kuzník
fdbeb69fd8 ITS#9043 Nul-terminate csn string 2020-09-10 11:03:37 +01:00
Howard Chu
1748ec59a6 ITS#9339 Add syncrepl status to cn=monitor 
Shows connection address, refresh/persist state, time of last
connect attempt and received data, and last sent and
received cookies per consumer.
 2020-09-10 02:29:19 +00:00
Howard Chu
d1283f8161 ITS#9339 slapd-monitor: Add schema arc for overlays 
Not directly related to syncrepl, but adds a necessary schema arc.
Also add a convenience function for obtaining an entry with known ndn.
Also fix to ignore outbound connections.
 2020-09-10 02:29:19 +00:00
Howard Chu
bf40306581 ITS#9043 tweak syncprov play_sessionlog logging 
Don't log cookiecsn at top, it was already logged on receipt.
Only log the "control csn" and "too old" message once for each sid.
 2020-09-09 18:02:49 +01:00
Howard Chu
e02b1d94ca ITS#8102 serialize plain syncrepl 
Using cs_pmutex. Reverts the addition of cs_modmutex in ITS#9330,
use cs_pmutex for both delta and plain writes.

Note that plain syncrepl already used cs_pmutex when a cookie CSN
was present in the op. Now it is used for all writes, regardless
of presence of cookie.
 2020-09-09 15:35:59 +00:00
Howard Chu
8bd2d1fee8 ITS#9342 delta-sync: ignore error if deleting an already deleted entry 2020-09-09 00:19:35 +01:00
Howard Chu
95c5a1698b ITS#9338 Make sure connection gets rescheduled after write blockage clears up 2020-09-04 18:22:40 +01:00
Howard Chu
0b20b92ec1 ITS#9338 syncrepl: Don't reuse existing connection on Refresh fallback 2020-09-04 18:22:32 +01:00
Howard Chu
ed356c55d9 ITS#9334 slapo-ppolicy re-fix ITS#9302 
The mutex_lock was being skipped in the lockout case,
but still calling mutex_unlock at the end.
 2020-09-03 21:30:35 +01:00
Howard Chu
b24ca75993 ITS#9201 fix LDAP_THREAD_DEBUG 
Add missing defs to ldap_thr_debug.h.
slap tools must init libldap so internal mutexes get inited.
 2020-09-03 12:37:32 +01:00
Quanah Gibson-Mount
b51faa5cf0 Revert "Tweak prev commit for RE24 style debug" 
This reverts commit d224e576a9.

Revert, wrong branch
 2020-09-02 19:33:03 +00:00
Quanah Gibson-Mount
d224e576a9 Tweak prev commit for RE24 style debug 2020-09-02 19:31:59 +00:00
Howard Chu
4c7787303c ITS#9121 fix for URLs with no filter 2020-09-02 01:34:07 +01:00
Howard Chu
41396248a2 ITS#9282 more for merge_state 
Don't assume si_cookieState is always newer
 2020-08-31 20:09:52 +01:00
Howard Chu
8699e5f32e ITS#9282 fix crash in nonpresent_callback 
In a standard Refresh present phase, the provider sends no cookie
since it is only listing the entries that existed as of the time
in the cookie the consumer sent. In this case the consumer only
needs to check entryCSNs against its last sent cookie.
 2020-08-31 19:36:10 +01:00
Howard Chu
0ce83b26af ITS#9330 Fully serialize delta-sync 
Don't depend on accesslog overlay's serialization
 2020-08-29 01:13:04 +00:00
Howard Chu
edc94862b7 ITS#7639 fix crash in config_delete 
Additional fix to 41352ea34d
The overlay must be deleted from the backend before the
callback can execute. In particular, it must be done before
the threadpool is unpaused.
 2020-08-29 00:13:19 +00:00
Howard Chu
f883a57593 ITS#8427 don't set tls_ctx if TLS wasn't requested 
Also, set any remaining TLS options that weren't carried along
in the TLS ctx.
 2020-08-28 18:44:35 +01:00
Quanah Gibson-Mount
8d31219647 More for ITS#8845, skip cleanup on async op with extended operations 2020-08-26 21:55:39 +00:00
Howard Chu
9900794af1 ITS#9329 Re-fix merge_state 
A bit uglier but more straightforward.
 2020-08-26 21:00:00 +01:00
Quanah Gibson-Mount
c1411b8199 ITS#9323 - Limit to OpenSSL 1.0.2 or later 2020-08-25 21:52:04 +00:00
Howard Chu
9666306d86 ITS#9329 syncrepl: fix regression from ITS#9282 2020-08-25 21:13:22 +00:00
Fabrice Fontaine
8df03b435e ITS#9327 - Fix stripping when cross-compiling 
Probably-Signed-off-by: Dave Bender <bender@benegon.com>
[yann.morin.1998@free.fr: patch was made by Dave, but he
 forgot his SoB line, so I added it]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/openldap/0001-fix_cross_strip.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2020-08-25 19:54:59 +00:00
Howard Chu
5aa7e0f69b ITS#9324 syncrepl: don't wait forever in Refresh mode 
Just poll for available data, same as Persist mode.
Clarify retry/return states from do_syncrep2
 2020-08-24 15:12:24 +00:00
Howard Chu
88e569d857 ITS#9249 librewrite: fix malloc/free corruption 
If substitution parsing fails, would attempt to free a mapping
that hadn't been allocated yet.

Also, on failure, caller in saslauthz would attempt to free a
rwinfo struct that hadn't been allocated.
 2020-08-23 19:32:51 +00:00
Fredrik Roubert
8a521c17aa ITS#9232 - Implement caseIgnoreListSubstringsMatch. 2020-08-21 21:45:19 +00:00
Quanah Gibson-Mount
aa78299346 ITS#9311 - Correctly mark overlays as singular 2020-08-21 19:34:27 +00:00
Howard Chu
650b1404c2 ITS#9054, #9318 add new TLS options to slapd bindconf 
For use with back-ldap/back-meta/syncrepl/etc
 2020-08-21 20:06:56 +01:00
Howard Chu
12e11c9b84 ITS#9121 slapo-dynlist, -memberof: define memberOf if needed 
Ignore if it's defined already. Make it no-user-mod.
 2020-08-18 23:49:26 +00:00
Howard Chu
9d2f15307d ITS#7926 dynamic changes to olcListenerThreads 
Reallocates sockets from old to new listener threads
 2020-08-18 22:37:50 +01:00
Howard Chu
2f94318f06 ITS#7926 support multiple config cleanup functions per op 
Prep for main changes
 2020-08-18 22:00:58 +01:00
Howard Chu
b0d7308371 ITS#9135 fix index error on collapsed range 2020-08-13 18:18:45 +01:00
Quanah Gibson-Mount
00b14b1e28 ITS#9133 - Fix syncprov to be singular. 2020-08-10 23:41:07 +00:00
Howard Chu
633d40b0ac For ITS#9309 fix check for duplicate overlays 
and pass error message back to frontend
 2020-08-10 16:40:54 +01:00
Howard Chu
c8c39b8468 ITS#9309 don't allow ppolicy to be configured more than once on a backend 2020-08-10 16:07:39 +01:00
Howard Chu
8849d83f75 ITS#9279 fix Netscape password_expired control 2020-08-04 22:04:14 +00:00
Howard Chu
138c492696 ITS#9302 fix pwdFailireTime mutex scope 2020-07-30 17:53:25 +01:00
Arvid Requate
0e675be7ef ITS#9302 ppolicy: avoid pwdFailureTime race condition 2020-07-30 17:32:32 +01:00
Howard Chu
4cf90e84de ITS#9295 use replace on single-valued attrs 
For delta-sync as well as regular sync
 2020-07-29 16:15:42 +01:00
Ondřej Kuzník
917fcc03ee ITS#9279 Send Netscape expired control as a bare string 2020-07-27 14:22:24 +02:00
Ondřej Kuzník
43ebfa8fb4 ITS#6467 Make accesslog a possible sessionlog source 2020-07-22 22:25:10 +01:00
Ondřej Kuzník
66a743f119 ITS#6467 Record minCSN in audit container 2020-07-22 22:25:10 +01:00
Ondřej Kuzník
4b62f3b8d2 ITS#8645 Check for all syncrepl errors 2020-07-22 20:22:50 +00:00
Quanah Gibson-Mount
3716245fec Issue#8511 - Update documentation and configs to correctly use multiprovider 2020-07-22 19:32:49 +00:00
Ondřej Kuzník
a49b553676 ITS#9279 Implement Netscape password policy controls in ppolicy 2020-07-22 18:57:38 +00:00
Ondřej Kuzník
521b8bbe4b ITS#9282 Check entries are covered by new contextCSN before deletion 2020-07-22 18:24:52 +00:00
Ondřej Kuzník
5bbcf38c78 ITS#9282 Build a complete cookie for the search 2020-07-22 18:24:51 +00:00
Howard Chu
2c0499ae4e ITS#9121 support nested groups 2020-07-22 15:11:24 +00:00
Howard Chu
9210ed1618 ITS#9121 add dynamic memberOf support for static groups 2020-07-22 15:11:24 +00:00
Quanah Gibson-Mount
21eef84a49 ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-07-18 16:27:04 +00:00
Ondřej Kuzník
947bbfbf5a ITS#9280 Add olcPPolicyDisableWrite to the objectclass 2020-07-08 14:47:03 +01:00
Ondřej Kuzník
31423439c5 ITS#9043 Make sure uuidstr is initialised on use 2020-07-08 12:54:08 +01:00
Howard Chu
4fab675560 ITS#9285 don't hide ppolicy control 2020-07-07 21:01:32 +01:00
Ondřej Kuzník
bdc9dbc511 ITS#8701 Implement account usability in ppolicy 2020-07-07 16:43:37 +01:00
Quanah Gibson-Mount
c06ac436e2 ITS#9235 Merge libldap_r into libldap 2020-07-03 17:23:14 -07:00
Ondřej Kuzník
e05c09b919 ITS#8762 Clear pwdFailureTime on unlock 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
376d5d65cb ITS#7084 ACL of 'manage' gives pasword administrator access 
Password administrators can bypass safeModify, password quality checks
and trigger reset if policy instructs the server to.
 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
a030aacc39 ITS#7788 Allow pwdFailureTime tracking be disabled in policy 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
0b6ac3fd76 ITS#7788 Skip lockout processing if no policy applies 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
3ec005a097 ITS#7788 Report if there is a policy that applies 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
3e0447f4a6 ITS#7089 Skip lockout checks/modifications if password attribute missing 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
49504c16d2 Fix whitespace in ppolicy.c 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
e24a6bf5c1 ITS#8768 Do not update main CSN during delete phase 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
182ec30a6b ITS#8768 Accept delcsn from the server 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
d1e874c605 ITS#8768 Introduce delcsn into our syncrepl cookies 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
eae2dfde04 ITS#9280 Add ppolicy_disable_write 2020-06-23 15:29:26 +00:00
Quanah Gibson-Mount
58c978825c Issue#9020 - Use consistent namespaces for overlays 2020-06-22 20:44:12 +00:00
Ondřej Kuzník
3e5490f467 ITS#9043 More descriptive logs for syncrepl traffic and decisions 2020-06-22 18:20:22 +00:00
Ondřej Kuzník
799607231d ITS#7796 Move 'not indexed' messages to loglevel filter 2020-06-22 09:28:26 +01:00
Ondřej Kuzník
71560032f4 ITS#8949 Check eblock exists before freeing 
cn=config changes might cause slapi_plugins_used transition from 0
during the lifetime of operation (cn=config change or syncrepl) or
a connection and we should be able to deal with that.
 2020-06-21 22:53:14 +00:00
Ondřej Kuzník
6b46232ab8 ITS#8473 Implement ordering stable (de)registration 2020-06-21 22:53:14 +00:00
Ondřej Kuzník
e5105e706e ITS#8473 Mark olcPlugin as ordered 2020-06-21 22:53:14 +00:00
Quanah Gibson-Mount
0d0d50724a ITS#8140 - Update bind operations to note bind_ssf vs overall connection ssf 2020-06-21 22:04:46 +00:00
Ondřej Kuzník
57b0ed909c ITS#8434 Allow cleanup at the end of a failed back-config add 2020-06-21 18:55:09 +00:00
Howard Chu
2346dfd2a0 ITS#9262 check referral 2020-06-21 00:45:45 +01:00
Quanah Gibson-Mount
4e8f91304e Issue#9239 - Fix case where e->e_dn may be NULL causing a segfault on some platforms 2020-05-27 19:51:16 +00:00
Quanah Gibson-Mount
f926e66723 ITS#8873 - Delete obsolete configuration options from back-ldap, back-meta, and back-asyncmeta 2020-05-26 19:59:56 +00:00
Howard Chu
c70e2e0869 ITS#9264 more for unique locking 2020-05-25 22:38:30 +01:00
Ondřej Kuzník
f3952d947b ITS#9059 Document why we do FIND_CSN 2020-05-22 16:57:53 +00:00
Ondřej Kuzník
709d805f84 ITS#9059 Skip mincsn check if sessionlog replay was successful 2020-05-22 16:57:53 +00:00
Howard Chu
9183abe62c ITS#9264 add an optional lock to slapo-unique 2020-05-22 15:08:20 +01:00
Quanah Gibson-Mount
c91bbe6eea ITS#8614 - slapd must be built threaded 2020-05-14 16:30:17 +00:00
Ryan Tandy
fc8a7b25b8 ITS#9258 More for ITS#6937, don't free user/group 2020-05-10 08:47:54 -07:00
Howard Chu
f5ff1dad7e ITS#9227 fix attr / opattr detection in prev commit 2020-05-08 18:50:58 +01:00
Howard Chu
5462fc26b5 ITS#9227 syncrepl: don't delete non-replicated attrs 2020-05-08 16:23:44 +01:00
Howard Chu
d38d48fc8f ITS#9202 limit depth of nested filters 
Using a hardcoded limit for now; no reasonable apps
should ever run into it.
 2020-04-28 13:58:15 +00:00
Ryan Tandy
8f174209e1 ITS#7573 Fix back-perl dynamic config with threaded slapd 2020-04-27 16:21:12 +00:00
Isaac Boukris
3cd50fa8b3 ITS#9189 rework sasl-cbinding support 
Add LDAP_OPT_X_SASL_CBINDING option to define the binding type to use,
defaults to "none".

Add "tls-endpoint" binding type implementing "tls-server-end-point" from
RCF 5929, which is compatible with Windows.

Fix "tls-unique" to include the prefix in the bindings as per RFC 5056.
 2020-04-23 21:00:39 +02:00
Quanah Gibson-Mount
96fedda628 ITS#5573 - Expose contextCSN, entryCSN in subschema entry 2020-04-22 18:59:38 +00:00
Quanah Gibson-Mount
bc9a92866a ITS#6740 - Always enable rewrite 2020-04-22 14:49:10 +00:00
Howard Chu
bcb0af6262 ITS#6745 slapd daemon: use separate emfile mutex 2020-04-17 02:46:10 +01:00
Ondřej Kuzník
550476b5ad ITS#9112 Silence warnings 2020-04-16 16:41:35 +00:00
Ondřej Kuzník
8f01fdec36 ITS#8731 Remove unused arguments 2020-04-16 16:41:35 +00:00
Ondřej Kuzník
65d0936811 ITS#8245 Silence warning 2020-04-16 16:41:35 +00:00
Quanah Gibson-Mount
a97eed06f0 ITS#6937 - Remove unused proctitle bits 2020-04-15 19:32:28 +00:00
grapvar
a5e17673a6 ITS#9214 slapd-mdb: plug cursor leak in dnSuperiorMatch filter 2020-04-15 00:14:37 +01:00
Ryan Tandy
38f9dd2fb8 ITS#7878 Replace uint32_t with unsigned in back-mdb 
init.c: align mi_dbenv_flags and flags with mdb_dbi_open, which declares
flags as unsigned int.

search.c: align mi_rtxn_size with ARG_UINT; adjust ww_ctx.nentries to
silence a warning about signed/unsigned comparison.

config.c: parse checkpoint config more carefully. Reject negative or
unreasonably large values for kbytes and minutes. Ensure both values are
parsed successfully before making any changes.

Fixes a compilation failure under MinGW, where stdint.h types are not
implicitly pulled in by other headers.
 2020-04-14 10:04:33 -07:00
Ondřej Kuzník
f6d9fdc4f1 ITS#9043 Improve replication loggging 2020-04-14 09:58:03 +01:00
Ryan Tandy
bbe20cbf4c ITS#8731 cleanup unused logbuf 2020-04-13 18:57:50 +00:00
Ryan Tandy
e18764465f ITS#9212 Restore snprintf to caller-provided buffer 
76df74dbea removed some snprintfs to
buffers that are actually returned to the client. Restore these.
 2020-04-13 18:57:50 +00:00
Howard Chu
5bfd8d8888 ITS#9121 Fix MatchingRuleAssertion init 2020-04-07 16:26:35 +01:00
Ondřej Kuzník
6d6a330057 ITS#8245 Use Relax control to avoid uniqueness checks 
Still needs to retrieve the entry for ACL resolution until we can
restrict controls with ACLs.
 2020-04-06 20:44:09 +00:00
Howard Chu
0debad5830 ITS#9121 memberOf shortcut 
Don't try to generate it if it wasn't requested
 2020-04-04 03:48:14 +01:00
Howard Chu
15a922a5a3 ITS#9121 memberof fix 
Fix for groupURI with no filter
 2020-04-03 21:38:41 +01:00
Howard Chu
8180326ffe ITS#9121 typos 2020-04-03 21:29:25 +01:00
Howard Chu
5d82ba4905 ITS#9121 fix typo 2020-04-03 21:27:48 +01:00
Howard Chu
906cab755d ITS#9121 fix memberOf filtering 
Replace (memberOf=<groupDN>) filter with expansion of group's URI
 2020-04-03 21:25:58 +01:00
Howard Chu
015eae8fde ITS#9121 optimize dyngroup membership checking 
parse dyngroup URLs in advance, don't use the ACL engine's
evaluator any more
 2020-04-03 21:25:43 +01:00
Howard Chu
c9ff501e6d ITS#9121 memberof counting 
Keep track of number of uses of memberOf in config, to
allow bypassing code if not in use.
 2020-04-03 21:25:34 +01:00
Ryan Tandy
1d562a7a52 ITS#6035 olcAuthIDRewrite insert/delete support 2020-04-02 09:10:51 -07:00
Ryan Tandy
c4db906107 ITS#6035 olcAuthzRegexp insert/delete support 2020-04-02 09:10:51 -07:00
Ryan Tandy
822ed8c11d ITS#6035 saslauthz cleanups (no functional change) 
- give authid-rewrite's argument a name
- tidy saslauthz.c whitespace (mixed spaces/tabs)
- always declare slap_sasl_regexp_destroy: fixes an implicit declaration
  warning when configured without librewrite
- delete dead code: ENABLE_REWRITE implies SLAP_AUTH_REWRITE, so this
  code is never compiled
- make slap_sasl_regexp_rewrite_config static
- omit sasl_regexp unused fields when built with librewrite
 2020-04-02 09:10:51 -07:00
Emily Backes
f4bfb5e0a5 ITS#7074 - change olcDatabaseDummy initialization for windows 2020-03-20 19:08:22 +00:00
Howard Chu
2d87a1c7b5 ITS#9182 pcache: fix private DB init 2020-03-11 19:17:10 +00:00
Howard Chu
1c05dce379 ITS#9121 fix filter error message 
Filters use parentheses, not brackets.
 2020-03-06 17:29:44 +00:00
Howard Chu
2c6fccb49b ITS#9121 plug entry leak 2020-02-25 18:06:15 +00:00
Ondřej Kuzník
a2a859fd0b Correct cyrus-sasl version verison check 2020-02-21 10:44:59 +00:00
Ondřej Kuzník
140b676bc1 ITS#9171 Insert callback in the right place 2020-02-21 10:44:59 +00:00
Howard Chu
299fb490a2 ITS#9121 fix prev commit 
Only flush entry if dynlist_prepare_entry altered it
 2020-02-14 22:32:03 +00:00
Ondřej Kuzník
47e0e3fdb5 ITS#9160 OOM handling in back-asyncmeta 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
7336827769 ITS#9160 OOM handling in back-meta 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
816d94b221 ITS#9160 OOM handling in slapd 2020-02-07 09:46:52 +00:00
Howard Chu
02eb0b6fe8 ITS#9121 fix filtering of dyngroups with memberof 2020-02-04 16:36:42 +00:00
Quanah Gibson-Mount
165c632249 Move CONFIG_DELETE out from behind LDAP_DEVEL 2020-02-03 16:55:34 +00:00
Quanah Gibson-Mount
7244a7b6d8 ITS#8040 - Move LAZY_COMMIT to be active outside of LDAP_DEVEL 2020-02-02 19:02:18 +00:00
Quanah Gibson-Mount
0dbbe8c012 ITS#8040 - Fix missing ifdefs for LAZY_COMMIT 2020-02-02 19:00:34 +00:00
Quanah Gibson-Mount
707d2a9211 ITS#8966 - Remove DO_DSEE ifdef Remove ifdef for DO_DSEE as it's required to be defined for syncrepl.c to compile 2020-02-02 19:00:31 +00:00
Quanah Gibson-Mount
4d2fa65969 Remove LDAP_FEATURE_X_CANCHAINOPS from behind LDAP_DEVEL 2020-01-30 18:54:36 +00:00
Ondřej Kuzník
76c43165ea Remove LDAP_X_TXN and rename accordingly 2020-01-28 12:09:09 +00:00
Ondřej Kuzník
0cf2b12154 ITS#9156 Fix leftover typo 2020-01-27 14:11:59 +00:00
Ondřej Kuzník
16793977ff ITS#9156 Add pwdCheckModuleArg to ppolicy 2020-01-23 23:47:04 +00:00
Ondřej Kuzník
419b9ad202 ITS#9156 Implement pwdMaxIdle 2020-01-23 23:46:58 +00:00
Ondřej Kuzník
8c10b0481a ITS#9156 Implement pwdMinDelay and pwdMaxDelay 2020-01-23 23:46:54 +00:00
Ondřej Kuzník
c0ae078afd ITS#9156 Implement pwdStartTime and pwdEndTime 2020-01-23 23:46:50 +00:00
Ondřej Kuzník
9ce2d2f9d2 ITS#9156 Implement pwdMaxLength 2020-01-23 23:46:43 +00:00
Ondřej Kuzník
f60e41bc14 ITS#9156 Implement pwdGraceExpiry 2020-01-23 23:46:38 +00:00
Ondřej Kuzník
79728709e9 ITS#9156 Keep module info around for longer 2020-01-23 23:46:28 +00:00
Ondřej Kuzník
4bc54d104a ITS#9156 Update ppolicy schema to the latest draft 2020-01-23 23:46:16 +00:00
Ondřej Kuzník
44191183be ITS#9156 Move ppolicy schema into the module 2020-01-23 23:45:41 +00:00
Ondřej Kuzník
254b62b803 ITS#9126 Add a missed normalised copy of pwdChangedTime 2020-01-23 23:15:09 +00:00
Howard Chu
f860fff714 ITS#9121 more memberof tweaks 2020-01-21 23:36:56 +00:00
Howard Chu
8e2291275a ITS#9121 dynlist: fix not filters 2020-01-21 11:27:21 +00:00
Howard Chu
c06807ec45 ITS#9120 fix tm2time compat breakage 
Add lutil_tm2gtime for Proleptic Gregorian calendar,
revert lutil_tm2time to previous behavior using Unix epoch
 2020-01-19 19:05:04 +00:00
Howard Chu
e7538fa462 ITS#9154 back-mdb add number of entries to cn=monitor 2020-01-18 12:53:07 +00:00
Howard Chu
cb42a6e91a ITS#9121 fix memberOf eval 
Must disable ACL group caching when checking membership
 2020-01-17 14:49:58 +00:00
Howard Chu
9a8d7f305b ITS#9150 fix nosync FALSE config 2020-01-11 04:24:54 +00:00
Quanah Gibson-Mount
f6ad222e41 Happy New Year! 2020-01-09 16:50:21 +00:00
Howard Chu
57dbe995b8 ITS#9146 syncprov: fix sessionlog init 2020-01-08 22:22:14 +00:00
Ondřej Kuzník
8550e91fcc ITS#9124 BerElement sits on the stack 2020-01-03 11:49:17 +00:00
Howard Chu
14d4215bc1 ITS#9121 more for dynamic memmber/memberOf 2019-12-18 20:37:58 +00:00
Howard Chu
62ec3d99c0 ITS#9121 schema update for prev commit 2019-12-18 20:34:50 +00:00
Howard Chu
c458744e32 ITS#9121 cleanup 
Delete unused code, add comments
 2019-12-16 18:42:57 +00:00
Howard Chu
90b0abd894 ITS#9121 dynlist enhancements 
1) allow filtering on dynamic attribute values
2) populate an optionally configured memberOf attribute

test044 script still needs to be extended to test these
enhancements. We need to define an interim attributeType
for testing memberOf functionality.
 2019-12-16 18:31:12 +00:00
Arvid Requate
44a7b4632e ITS#9128 fix bus error in strchrlen 2019-12-04 20:50:44 +00:00
Ondřej Kuzník
b71235ac45 ITS#8629 Make sure pwcons is around for slapauth 
Long term, overlay callbacks should not be running in tool mode at all.
 2019-12-02 13:28:10 +00:00
Howard Chu
1a0ab3d269 ITS#9125 check HAVE_TLS 2019-12-01 19:04:27 +00:00
Ondřej Kuzník
1dbf0e9441 ITS#9124 Check we have data to process in Cancel Exop 2019-11-29 10:04:08 +00:00
Howard Chu
63922b076c ITS#9119 fix global operation counter reporting 2019-11-15 16:26:14 +00:00
Howard Chu
4d7be1c161 ITS#9112 cleaner error handling during connection setup 
And additional debug code for tracking errant close()s
 2019-10-28 23:01:08 +00:00
Howard Chu
230b469669 ITS#9100 relax domainScope check for absent value 2019-10-28 19:01:36 +00:00
Howard Chu
379f138098 ITS#9091 drop attr mappings added in an aborted txn 
If a txn is aborted in id2entry_put, attribute index mappings
added during that txn must also be dropped from memory.
 2019-10-14 18:34:07 +01:00
Howard Chu
4bc333c5e7 ITS#9095 insert missing commit at end of slapindex processing 2019-10-11 20:48:51 +01:00
Ondřej Kuzník
81025cc8bf ITS#9077 Let the loop finish 2019-09-23 16:37:38 +01:00
Ondřej Kuzník
dc3e450104 ITS#8731 Remove extra args 2019-09-10 19:00:24 +01:00
Ondřej Kuzník
a14fb731ac ITS#9076 Set oldctrls correctly 2019-09-10 19:00:24 +01:00
Julia Bremer
8514f2a771 ITS#9067 fix syntax evaluation of preferredDeliveryMethod 2019-08-26 17:14:25 +01:00
Howard Chu
92b03e82e0 ITS#7657 honor unchecked limit 2019-07-17 10:17:43 +01:00
Howard Chu
e90e8c7d3c ITS#7657 back-mdb improve alias deref 
Don't search for scopes of entries with no children
 2019-07-15 16:47:18 +01:00
Ondřej Kuzník
230b853488 ITS#8427 Take late TLS configuration into account 2019-07-15 17:01:08 +02:00
Howard Chu
5fec7b777f ITS#8977 don't use any stack allocated IDLs 
Trying again, fixed previous attempt
 2019-07-11 15:47:03 +01:00
Howard Chu
0fa0f8ff07 ITS#9052 zero out sasl_ssf in connection_init 2019-07-10 21:29:39 +01:00
Howard Chu
f6766f1a1f Revert "ITS#8977 don't use any stack allocated IDLs" 
This reverts commit bfe9152c4c.
 2019-07-03 17:20:34 +01:00
Howard Chu
bfe9152c4c ITS#8977 don't use any stack allocated IDLs 2019-07-03 16:59:53 +01:00
Howard Chu
ec411582d6 ITS#8977 make sure olcBackend entry is created 2019-06-27 15:33:09 +01:00
Ondřej Kuzník
c06dc95cf9 ITS#8799 Let the common backend be configured through cn=config 2019-06-20 17:03:27 +02:00
Ondřej Kuzník
747679256c Resolve conflict between ITS#7492 and ITS#7520 2019-06-20 17:03:27 +02:00
Ondřej Kuzník
75e0eba1f7 ITS#9000 memberof: noop a noop rename 2019-06-20 16:55:13 +02:00
Howard Chu
fbe5611e60 ITS#9038 restrict rootDN proxyauthz to its own DBs. 
Treat as normal user for any other DB.
 2019-06-19 12:40:19 +01:00
Quanah Gibson-Mount
bc61773904 ITS#8286 - Add missing matching rules 
Add missing matching rules for the cn=config schema elements for:

slapd-null
slapd-relay
slapo-chain
 2019-06-18 17:31:55 +00:00
Quanah Gibson-Mount
85ccf7bbac ITS#8997 - Fix segfault by setting return code value 
Fix case with back-ldap where an entry was returned but didn't match the filter being applied by setting the return code value before dropping to cleanup.
 2019-06-17 17:15:00 +00:00
Ondřej Kuzník
be55ce8087 ITS#8637 Reject multiple chain URIs just like slapd.conf 2019-06-17 16:05:44 +00:00
HAMANO Tsukasa
77119a1f6f ITS#8349 - Fix ppolicy behavior when pwdInHistory is changed 2019-06-17 15:55:15 +00:00
Ondřej Kuzník
d40b357f5d ITS#8964 Do not free original filter 2019-06-17 12:49:25 +02:00
Ondřej Kuzník
02df0b485a ITS#8427 Only do StartTLS if configured 2019-06-13 12:12:54 +02:00
Ondřej Kuzník
1273a38eda ITS#8427 Set up TLS settings on each reconnection 2019-06-12 16:40:04 +02:00
Quanah Gibson-Mount
ec2cb12e68 ITS#9010 - Delete back-bdb/back-hdb 
This commits deletes all references and code for back-bdb and back-hdb.
There is some follow up work still necessary to flush out the admin
guide for back-mdb.
 2019-05-13 17:20:28 +00:00
Ondřej Kuzník
5957cbb660 ITS#8743 Initialise the metafilter we allocate 2019-05-13 13:07:11 +01:00
Ondřej Kuzník
7ca538ff87 ITS#9015 Treat an empty cookie from a FALLBACK search as a success 2019-05-08 15:42:12 +01:00
Ondřej Kuzník
abcf0e8f23 ITS#9015 Don't generate contextCSN on empty DB 2019-05-08 15:42:12 +01:00
Ondřej Kuzník
1df2b85c32 ITS#9015 Generate contextCSN unless we're a pure replica. 
Essentially reverts part of cd8ff37629 to
make sure there is always a contextCSN if the server is in charge of its
own serverID.
 2019-05-08 15:42:12 +01:00
Howard Chu
c42c996966 ITS#9012 one more Win64 fix 
Was omitted from dda779d83e
 2019-04-21 22:10:03 +01:00
Ondřej Kuzník
3bda24173d Do not leak memory in slappasswd 2019-03-27 10:54:42 +00:00
Howard Chu
8b7f21c7aa ITS#8999 more for prev commit 2019-03-26 13:12:26 +00:00
Howard Chu
d8c90a2fee ITS#8999 fix telephoneNumberNormalize, cert DN validation 2019-03-26 11:18:55 +00:00
Howard Chu
47102fcced Add persist support 2019-03-20 08:47:48 -07:00
Howard Chu
4534528fe1 ITS#8990 pickup SLAP_MOD_SOFT modops 2019-03-11 18:52:26 +00:00
Howard Chu
c825edf67e ITS#8989 fix bitshift integer overflow 2019-03-10 14:26:08 +00:00
Quanah Gibson-Mount
a32cab8b72 write waiter handling cleanup 
Follow on to commit 88d22a1ca3

Remove dead code
 2019-03-07 23:31:44 +00:00
Nadezhda Ivanova
ea1eb19303 Use LDAP_OPT_KEEPCONN to prevent the target connection from being freed 
On error, the ldap connection was freed and under some circumstances the fd was being reused,
which caused an assertion error in connection_init.
 2019-02-28 17:28:04 +00:00
Nadezhda Ivanova
e9fa4af4d8 Move initialization of Connection mutexes to connections_init 2019-02-28 17:27:45 +00:00
Nadezhda Ivanova
bb7e14d201 ITS#8734 Fixes for many back-asyncmeta issues 
Includes all the changes necessary to fix back-asyncmeta issues
discovered during on-site testing since the start of 2016.
These include:
Issues with stability - crashes and assetion failures
Incorrect behavior during unstable network conditions, such as inability to reset connections
or process responses, or "hanging" to wait for a response that would never be received.
Memory leaks and memory management fixes - major redesign of the way back-asyncmeta
works with memory contexts.
Rewrite was replaced with suffix-massage in configuration, and the network-timeout value was changed to milliseconds.
Incorrect behavior when SASL is used to bind to a target.
Many problems caused by race conditions
Fixes for compiler warnings, and tests.
Cleanup of unused code.
 2019-02-28 16:22:11 +00:00
Ondřej Kuzník
117dcbc54d Silence compiler warnings 2019-02-19 10:28:08 +00:00
Ondřej Kuzník
f4a68297a0 Actually check for mi->bi_extra 2019-02-19 10:28:08 +00:00
Ondřej Kuzník
cd914149a6 Make prototypes available where needed 2019-02-19 10:26:39 +00:00
Ondřej Kuzník
7a98f7de5d ITS#8731 Remove more unused buffers 2019-02-19 10:24:43 +00:00
Howard Chu
d26b1049de ITS#8977 missed a commit 2019-02-16 13:51:56 +00:00
Ondřej Kuzník
cf9fea9379 ITS#8731 Manual adjustment post doc/devel/variadic_debug/07-shortcut.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
76df74dbea ITS#8731 Apply doc/devel/variadic_debug/07-shortcut.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
abbabbb3d7 ITS#8731 Manual work not picked up by coccinelle 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
97a310b312 ITS#8731 Apply doc/devel/variadic_debug/04-variadic.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
e1e643ea41 ITS#8731 Manual adjustments 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
254d2adab0 ITS#8731 Rework logging 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
129dcfbd86 ITS#8731 General Debug() related fixes 2019-02-15 16:51:53 +00:00
Howard Chu
a70b887e6c ITS#8977 fix prev commit 2019-02-15 16:12:41 +00:00
Howard Chu
c8b806b676 ITS#8977 make IDL size configurable 2019-02-15 14:37:51 +00:00
Nadezhda Ivanova
17f1e32b65 ITS#8841 Fix an assertion error in back-meta when network interface is unavailable 
Because an API error code was assigned to sr_err, on network error back-meta would cause
an assert error at result.c: 830

assert( !LDAP_API_ERROR( rs->sr_err ) );
 2019-02-14 14:41:42 +00:00
Howard Chu
6e2bac6465 ITS#7770 schema fixup 2019-02-04 02:50:17 +00:00
Howard Chu
e19c683c41 ITS#7770 add mdb_stat info to cn=monitor 2019-02-03 11:08:24 +00:00
Howard Chu
299a6ca0f4 ITS#8971 tweak prev commit 
Check for BVISNULL, maybe rootDSE is a valid reqDN
 2019-02-02 22:48:53 +00:00
Howard Chu
f052e94593 ITS#8971 most exops have no reqDN 2019-02-02 21:45:04 +00:00
Howard Chu
765dfaf0e4 ITS#8963 use BIND timeout for start_tls 
Since we only support it in conjunction with Bind anyway, not
as a standalone op
 2019-01-31 23:37:03 +00:00
Howard Chu
86b486e20a Schema cleanup 2019-01-30 14:06:09 +00:00
Howard Chu
e8c62bf8b4 ITS#8966 add changelog support to syncrepl consumer 
Tested against DSEE7. The DSEE binaries must be in your path to run the test script.
 2019-01-29 18:51:43 -08:00
Howard Chu
7b587018ec ITS#8472 only do index cleanup if DB is running 2019-01-25 18:11:58 +00:00
Howard Chu
e33d1c5461 ITS#6300 fix kqueue initialization 2019-01-15 21:39:46 +00:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Ondřej Kuzník
518e857c03 ITS#8663 Fix memberof SLAP_CONFIG_EMIT 2019-01-14 11:44:35 +00:00
Howard Chu
054c91335b ITS#8952 use msec for epoll / devpoll event wait 2019-01-02 21:51:48 +00:00
Howard Chu
dd760f2abc More for NULL modrdn modlist 2018-12-22 12:58:08 -08:00
Howard Chu
43d5d99494 More for NULL modrdn modlist 2018-12-22 10:40:59 -08:00
Howard Chu
ff6a671e64 MSAD dirsync fixes 
Don't hijack whenCreated attribute for createTimestamp
Don't add RDN to entry on modrdn
free cookie on cleanup
 2018-12-22 09:08:10 -08:00
Howard Chu
48461cbf7f Allow NULL modlist in modrdn 
For compat with MSAD which doesn't add the naming attribute to
the entry during a rename
 2018-12-22 09:00:34 -08:00
Howard Chu
6e6e6083b0 cleanup attr.c 
rename attr_list to attrs_list to avoid confusion with at.c in gdb
 2018-12-22 08:59:20 -08:00
Howard Chu
b4364baca7 Dirsync delete/modrdn fixes 
Delete could try to queue a NULL syncCSN (dirsync has none)
Modrdn could try to delete a nonexistent oldRDN (leftover from #7144)
 2018-12-22 05:21:56 -08:00
Thorsten Glaser
e0a7049ee5 ITS#8890 fix benign typos 
No functional impact
 2018-12-18 22:56:18 +00:00
Howard Chu
d8f8a60be8 More for privateKey tweak 
Leave olcTLSCertificateKey as its own attr, not a subtype
 2018-12-18 21:59:59 +00:00
Howard Chu
0e8c2d5a54 Tweak privateKey schema 
We're using PKCS#8 syntax, drop the OpenLDAP syntax OID.
Rename attribute accordingly.
Tweak validator to accept encrypted keys.
 2018-12-18 21:27:24 +00:00
Quanah Gibson-Mount
4e23cfc4a9 ITS#8286 - Additional fixes 
Fix incorrect matching rules for olcTLSCertificateKey and olcDbCryptKey
Fix SYNTAX for olcRootPW to be octetString
 2018-12-18 21:05:09 +00:00
Quanah Gibson-Mount
71a5d7cc0f Fix integerMatch to booleanMatch 2018-12-18 19:26:37 +00:00
Quanah Gibson-Mount
3add82a3bb ITS#8286 -- Add matching rules for attributes 
Add matching rules for all cases where it was missing.  Cleanup
incorrect types for a few attributes as well.  Fix network-timeout
handling in back-ldap/meta/asyncmeta.
 2018-12-18 19:14:06 +00:00
Ondřej Kuzník
c29542c418 ITS#8845 sc_extendedops is read-only 2018-12-18 18:34:23 +01:00
Howard Chu
190fccbcdc Missed a schema conflict 2018-12-17 16:21:03 -08:00
Howard Chu
9cc97ea9e1 MS AD DirSync support 
Requires "attribute_option range=" in config.
No test script provided yet, since testing requires an actual AD server.
 2018-12-17 16:11:25 -08:00
Howard Chu
2731ff0c23 ITS#5927 additional fix 
Fix 2ee43073e9 to recognize range tags
 2018-12-17 13:44:25 -08:00
Howard Chu
12dbcc0eb3 More for revert batched writes 2018-12-14 12:39:07 -08:00
Howard Chu
79ced664b8 Revert batched writes experimental code 
Reverts
bea2c5d438
535cf92ff4
5a3a54333c
afa9a9c3e0
due to backend deadlocks
 2018-12-13 06:34:54 -08:00
Howard Chu
6081a0307c ITS#8752 cleanup prev commit 2018-12-06 10:26:33 -08:00
Howard Chu
34823321c3 ITS#8752 more for accesslog deadlock 
Restructure response/cleanup invocation to avoid cleanup happening before response
 2018-12-06 10:03:27 -08:00
Howard Chu
a4fddc7b11 ITS#8932 check rdnNormalize success 2018-11-09 21:16:10 +00:00
Ondřej Kuzník
04a52cef40 ITS#8927 ppolicy: accept replicated changes even in MMR 2018-10-31 09:51:22 +00:00
Ondřej Kuzník
c351616ccd ITS#8866 Fix use-after free 2018-10-26 15:16:41 +01:00
Quanah Gibson-Mount
cd82de56c8 ITS#8866 (cont) slapo-unique 
use correct memory allocation/free functions
 2018-10-26 01:58:35 +00:00
Michael Ströder
7359a5413a ITS#8866 slapo-unique to return filter used in diagnostic message 2018-10-26 01:54:39 +00:00
Ondřej Kuzník
a2d93d69f0 ITS#8772 Remove reliance on the local rmutex implementation 2018-10-19 13:08:10 +01:00
Nadezhda Ivanova
33876e22d6 ITS#8859 Allow backends which do not need a database to work 2018-10-19 13:08:09 +01:00
Nadezhda Ivanova
d10fc664f7 ITS#8859 Enable backend configuration 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
1f2caff7b9 ITS#8859 Record the correct RDN 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
7127d5db11 ITS#8850 Wait until backends are closed before freeing connection_pool 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
f4e824c8da ITS#8849 Introduce (un)pause callbacks to backends 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
0f4d656a57 ITS#8849 Use server pause facility during config changes 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
fa2ba35ae8 ITS#8849 Introduce slap_(un)pause_server 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
df83989f0f Skip ITS#6545 transition markers when we change mod op 2018-10-18 10:41:43 +01:00
Howard Chu
1e30640037 ITS#8923 fix dyngroup NO_SUCH_OBJECT error handling 2018-10-03 21:58:32 +01:00
Howard Chu
38f95b9ab8 ITS#8918 fix typo 2018-09-24 13:47:09 +01:00
Howard Chu
78229b3a5b ITS#8912 omit hidden DBs from rootDse 2018-09-05 11:42:05 +01:00
Howard Chu
a29391d495 More for multival 
fix index record detection
 2018-09-01 13:07:58 +01:00
Howard Chu
ba80b97505 Fix index delete 
Deleting all indices should also reset default mask
 2018-08-31 14:33:22 +01:00
Howard Chu
83acffd83c More for multival 
Fix clashes with index records
 2018-08-31 14:27:23 +01:00
Howard Chu
8ec9a3bcca More for multival 
Tweak config validity check
 2018-08-30 15:47:16 +01:00
Howard Chu
111329a2dc More for back-mdb multival 
Allow configuring thresholds for specific attributes
 2018-08-30 11:24:25 +01:00
Howard Chu
6c221e7730 ITS#8909 additional tweak 
Set error code on failure
 2018-08-29 02:02:13 +01:00
Howard Chu
36e4dd2828 ITS#8909 fix "authz-policy all" condition 
Broken since original commit 113727ba
 2018-08-29 01:14:19 +01:00
Ondřej Kuzník
0f320b3442 Fail if we can't change to a directory 2018-07-25 16:19:54 +01:00
Howard Chu
776de6d796 More for back-mdb multival 
Make sure a->a_numvals matches id2v counts
 2018-07-18 17:58:10 +01:00
Ondřej Kuzník
b06f5b0493 ITS#8663 Improve memberof cn=config handling 2018-07-02 16:19:54 +01:00
Ondřej Kuzník
dac02c7ef1 ITS#8667 Do not finish glue initialisation in tool mode unless requested 2018-07-02 16:19:48 +01:00
Ondřej Kuzník
242ab9c6ef ITS#8845 Recognise control-exop compatibility 2018-07-02 16:18:26 +01:00
Howard Chu
8568716376 ITS#8868 don't convert IDL to range needlessly 
in idl_intersection. It may lose precision in a subsequent union.
 2018-06-22 00:31:04 +01:00
Ondřej Kuzník
8a259e3df1 ITS#8573 allow all libldap options in tools -o option 2018-06-14 16:19:10 +01:00
Howard Chu
5292fb3a3b Fix ldif-wrap errmsg typo 2018-06-13 16:19:04 +01:00
Howard Chu
9069cbe543 ITS#8616 don't check for existing value when deleting values 2018-05-24 17:53:10 +01:00
Ondřej Kuzník
77e87690c0 Make syntax highlighting/folding happier 2018-05-10 11:58:21 +01:00
Howard Chu
0ba50a1d06 ITS#8843 check for NULL modlist 2018-05-02 16:51:49 +01:00
Quanah Gibson-Mount
f32384ef44 ITS#8840 Fix domainScope control to ensure the control value is absent as per Microsoft specification (https://msdn.microsoft.com/en-us/library/aa366979%28v=vs.85%29.aspx). 2018-04-30 17:33:22 +00:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Howard Chu
8300eee017 back-mdb Multival fixes 
Fix multival logic on Replace
Fix return codes from modify_internal, id2entry_put
 2018-02-28 22:37:38 +00:00
Howard Chu
08851a8200 ITS#8789 revert previous patch 
And try another approach. Always write contextCSN updates, but
don't set dont_replicate for updates we want propagated.
 2018-02-28 22:19:57 +00:00
Howard Chu
e0cc94a0b7 ITS#8789 avoid unnecessary writes of context entry 
If syncprov is present, only write contextCSN attribute on
actual state changes, not on per-entry modifications.
Continue to update in-memory cookieState. Saves overhead,
syncprov will eventually checkpoint it into the DB anyway.
 2018-02-21 19:51:59 +00:00
Howard Chu
434c306cbe Add debug msg if adding entry to logDB fails 2018-02-21 19:50:45 +00:00
Howard Chu
9fc6b894ec ITS#8752 accesslog: partially revert 3bb8b737ed 2018-02-21 19:48:02 +00:00
Howard Chu
dc3b3be429 ITS#8486 Don't keep sl_mutex locked when playing the sessionlog 2018-02-11 16:47:47 +00:00
Howard Chu
0c1ebd178c ITS#8801 Fix CSN queue processing 2018-02-08 00:18:00 +00:00
Howard Chu
4d1077ffa4 ITS#8800 remove originator check in syncprov_search_response 
Let the entryCSN check do all the work. Reloading a server from an old
backup needs this to go thru.
 2018-02-08 00:17:07 +00:00
Howard Chu
0eb577632f ITS#8607 Don't record checkpoints 2018-02-08 00:16:50 +00:00
Howard Chu
ca7f697e14 ITS#8100 fixes for delta-syncrepl with empty accesslog 
Update syncprov contextCSNs when context entry is added.
Fix accesslog to properly tag Add op when adding context entry.
 2018-01-30 21:40:05 +00:00
Ondřej Kuzník
52f7daab01 ITS#8796 Fix SSF reset 
Maintain the SSF across SASL binds.
 2018-01-15 16:58:58 +00:00
Hallvard Furuseth
57253688b3 ITS#8778 Fix telephoneNumberNormalize("-" or " ") 2017-11-26 21:22:23 +01:00
Quanah Gibson-Mount
c5b73dd85b ITS#6300 -- Update for multi-listener support 2017-10-19 14:55:01 -07:00
Bryan Duncan
a25046535c ITS #6300: Added support for using kqueue in slapd (for systems that support kqueue(2). 
Patch obtained from:
        http://public.me.com/bryan.duncan/bryan-duncan.kqueue.090922.patch

 # This patch file is derived from OpenLDAP Software. All of the
 # modifications to OpenLDAP Software represented in the following
 # patch(es) were developed by Apple.  I, Bryan Duncan, am authorized by
 # Apple, my employer, to release this work under the following terms.
 #
 # Copyright 2009 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted only as authorized by the OpenLDAP
 # Public License.
 #
 # A copy of this license is available in file LICENSE in the
 # top-level directory of the distribution or, alternatively, at
 # http://www.OpenLDAP.org/license.html.
 #
 2017-10-19 14:54:50 -07:00
Howard Chu
3bb8b737ed ITS#8752 accesslog: cleanup should only be called on failures 2017-10-14 11:22:53 +01:00
Howard Chu
03ee55d725 Revert "ITS#8752 ppolicy: don't call same cleanup twice" 
This reverts commit 1c963f4739.

Revert "ITS#8752 make sure all cleanups are called in overlay_op_walk"

This reverts commit b0ad788b8a.
 2017-10-13 18:47:25 +01:00
Howard Chu
1c963f4739 ITS#8752 ppolicy: don't call same cleanup twice 
fallout from b0ad788b8a
 2017-10-13 17:39:37 +01:00
Howard Chu
0d7489b908 ITS#8752 fix syncrepl deadlock from updateCookie 
Must release cookieState->cs_mutex before invoking backend.
Add a condvar to serialize calls of updateCookie, so we can
release the mutex and still update sequentially.

Also added tid logging, useful in conjunction with
7ab0e1aff0cc48cdfb299ca7dbd27900a9e3d1a8
 2017-10-13 17:28:57 +01:00
Howard Chu
4a574324fd ITS#8752 additional debug info, thread ID of rmutex lockers 2017-10-13 17:28:46 +01:00
Howard Chu
b0ad788b8a ITS#8752 make sure all cleanups are called in overlay_op_walk 2017-10-13 17:28:38 +01:00
Howard Chu
065b315f0d fix syncprov_qtask race, test062 crashes 
Keep s_mutex locked until we know we're removed from queue.
Remember qtask cookie so we can retract if ineeded when deleting
the overlay from running slapd.

config_delete is still unsafe, overlay_remove is running with active
threadpool instead of paused pool.
 2017-10-13 17:28:28 +01:00
Josh Soref
10566c8be3 ITS#8605 - spelling fixes 
* javascript
* kernel
* ldap
* length
* macros
* maintained
* manager
* matching
* maximum
* mechanism
* memory
* method
* mimic
* minimum
* modifiable
* modifiers
* modifying
* multiple
* necessary
* normalized
* objectclass
* occurrence
* occurring
* offered
* operation
* original
* overridden
* parameter
* permanent
* preemptively
* printable
* protocol
* provider
* really
* redistribution
* referenced
* refresh
* regardless
* registered
* request
* reserved
* resource
* response
* sanity
* separated
* setconcurrency
* should
* specially
* specifies
* structure
* structures
* subordinates
* substitution
* succeed
* successful
* successfully
* sudoers
* sufficient
* superiors
* supported
* synchronization
* terminated
* they're
* through
* traffic
* transparent
* unsigned
* unsupported
* version
* absence
* achieves
* adamson
* additional
* address
* against
* appropriate
* architecture
* associated
* async
* attribute
* authentication
* authorized
* auxiliary
* available
* begin
* beginning
* buffered
* canonical
* certificate
* charray
* check
* class
* compatibility
* compilation
* component
* configurable
* configuration
* configure
* conjunction
* constraints
* constructor
* contained
* containing
* continued
* control
* convenience
* correspond
* credentials
* cyrillic
* database
* definitions
* deloldrdn
* dereferencing
* destroy
* distinguish
* documentation
* emmanuel
* enabled
* entry
* enumerated
* everything
* exhaustive
* existence
* existing
* explicitly
* extract
* fallthru
* fashion
* february
* finally
* function
* generically
* groupname
* happened
* implementation
* including
* initialization
* initializes
* insensitive
* instantiated
* instantiation
* integral
* internal
* iterate
 2017-10-11 14:39:38 -07:00
Quanah Gibson-Mount
fd5ad3ef39 ITS#8527 - Add additional debug logging on consumer/provider state when the consumer has a newer cookie than the provider 2017-10-11 14:32:25 -07:00
Ondřej Kuzník
3258bf40eb ITS#8291 Reopen cursor after delete 2017-10-11 14:32:08 -07:00
Emmanuel Lécharny
77408ac781 ITS#8153 - olcTimeLimit should be Single Value 2017-10-11 14:31:51 -07:00
Ivan Nejgebauer
cb9a4d01bc ITS#8037 - Add support for relax control to delta-syncrepl 2017-10-11 14:31:45 -07:00
Michael Ströder
636b63b5fd ITS#8692 let back-sock generate increment: line in case of LDAP_MOD_INCREMENT (see RFC 4525, section 3) 2017-10-11 13:04:38 -07:00
sca+openldap@andreasschulze.de
90835da72f ITS#8578 - remove unused-variables in RE24 testing call (2.4.45) 2017-10-06 10:45:08 -07:00
Nadezhda Ivanova
da170cbe3b ITS#8404 Fix an assertion failure during modify of olcDbRewrite in back-meta 2017-10-06 10:44:54 -07:00
Ted C. Cheng
e20ac6b539 ITS#7520 - back-ldap omit-unknown-schema changes 2017-10-06 10:44:31 -07:00
Ondřej Kuzník
08492987a0 ITS#7100 Update entryTtl behaviour to match RFC 2589 2017-10-06 10:43:48 -07:00
Howard Chu
70e54d2527 ITS#8752 fix syncrepl null_callback 
Make sure it's last in callback stack
 2017-10-05 22:13:39 +01:00
Quanah Gibson-Mount
0d4cd89786 LDAP_FEATURE_SUBORDINATE_SCOPE is from expired draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL 2017-09-26 11:51:27 -07:00
Quanah Gibson-Mount
30e2a904dc Move a bunch of featuers back behind LDAP_DEVEL for 2.5 
SLAP_AUXPROP_DONTUSECOPY is ok for release
 2017-09-26 11:35:50 -07:00
Quanah Gibson-Mount
86105092bd CHECK_CSN is a debug only flag for testing. It should always remain 
behind LDAP_DEVEL
 2017-09-26 11:30:50 -07:00
Quanah Gibson-Mount
a9ff0e97fc ITS#6817 - back-meta work for SLAP_AUTH_DN was never finished according 
to the ITS notes.  In addition, this would need man page updates for the
feature
 2017-09-26 11:27:15 -07:00
Quanah Gibson-Mount
41a9010773 The support for unindexed attributes being tracked in back-monitor needs 
to remain behind LDAP_DEVEL for now.  Right now, the mutex in
back-monitor cannot properly handle the load if the server had a lot
of unindexed attributes that were being accessed in search filters.
 2017-09-26 11:04:45 -07:00
Quanah Gibson-Mount
7246da8a66 Whitespace cleanup 2017-09-26 10:33:01 -07:00
Quanah Gibson-Mount
04cfd144d9 Fix additional compile for /dev/poll support. /dev/poll is neither tested nor supported. 2017-09-22 12:05:18 -07:00
Quanah Gibson-Mount
2085def079 Merge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap 2017-09-19 15:21:56 -07:00
Quanah Gibson-Mount
09bec057e5 Fix calls to SLAP_DEVPOLL_SOCK_LX for multi-listener support. Support 
for /dev/poll is neither enabled nor tested, so other issues may exist.
 2017-09-19 15:20:56 -07:00
Howard Chu
20e46d8494 ITS#8725 fix 75999a18c3 
Not needed since callback uses tmpalloc
 2017-09-08 21:36:05 +01:00
Nadezhda Ivanova
82737719c8 ITS#8725 Always remove listener descriptors from daemon on shutdown 2017-09-08 19:43:59 +01:00
Howard Chu
db3909d27d ITS#8725 add slap_sl_mark / slap_sl_release 
For fast cleanup after constructing disposable entries
 2017-09-08 17:39:22 +01:00
Howard Chu
68e064ca84 ITS#8725 Avoid listener thread startup race 
Typically only shows up under valgrind, not in regular runs
 2017-09-08 17:39:22 +01:00
Howard Chu
8b1fb962fc ITS#8725 connection fixes 
Fix op_finish, must resched connection to pick up pending ops.
Fix op completion counter.
 2017-09-08 17:39:14 +01:00
Howard Chu
63308ef6bb ITS#8725 backover fixes for async 
Fix some valgrind race conditions - wait for frontend to finish up
Don't set callbacks for abandon or unbind - since they have no response
Use tmpalloc for backover callback
 2017-09-08 17:25:55 +01:00
Nadezhda Ivanova
c6e00c7b0f ITS#8725 Fix an invalid data access during add operations if backend is asynchronous 2017-09-08 16:51:27 +01:00
Howard Chu
75999a18c3 ITS#8725 Add SLAPD_ASYNCOP return code 
Tell frontend the op will finish asynchronously, leave it alone
 2017-09-07 18:07:39 +01:00
Howard Chu
afa861bf22 ITS#8719 add crypt_r() support 2017-09-06 21:25:16 +01:00
Michael Ströder
b65e0b5731 ITS#8714 Send out EXTENDED operation message from back-sock 2017-09-06 15:32:28 +01:00
Howard Chu
bb62d9cb73 ITS#8270 use the configured exop timeout for StartTLS 
Also, there's no need for a retry loop here. Just wait for
the specified timeout or give up.
 2017-08-31 16:53:45 +01:00
Ondřej Kuzník
9e156bf914 ITS#8444 Do not clear the pending operation when checkpointing 
When a checkpoint happens, if we remove the CSN from the pending list,
accesslog won't pass it onto the accesslog DB. But in a delta-mmr
scenario, an accesslog entry without a CSN faces a race where it might
be applied twice - that usually fails and causes a full refresh, other
times it can cause a silent desync - both are undesirable.
 2017-08-25 16:52:13 +01:00
Howard Chu
a9f462d615 ITS#8690 one more time 2017-08-04 20:58:07 +01:00
Howard Chu
c9e56b80f3 ITS#8690 fix again 2017-08-04 13:40:34 +01:00
Howard Chu
bcc6601091 Revert "ITS#8690 refix" 
This reverts commit a5f3a2885c.
 2017-08-04 13:34:03 +01:00
Howard Chu
a5f3a2885c ITS#8690 refix 
Don't double-queue delete ops
 2017-08-02 00:52:13 +01:00
Howard Chu
221dd43399 ITS#8226 optimization 
Don't release read txn unless there has actually been a new write txn
 2017-08-01 22:08:50 +01:00
Howard Chu
9827569ff0 ITS#8690 fix prev commit 2017-08-01 21:57:02 +01:00
Howard Chu
5bd89a1f1f Cleanup uninit'd vars 2017-08-01 21:47:15 +01:00
Howard Chu
1fbc0dff88 ITS#8690 plug memleak on Delete ops 2017-07-21 19:04:08 +01:00
Quanah Gibson-Mount
50d1588b2e ITS#8697 - For Windows builds with newer MINGW, remove refptr symbols 
mappings from slapd.def
 2017-07-20 17:11:01 -07:00
Howard Chu
375db33d13 ITS#8678 temporary hack 2017-06-22 18:09:48 +01:00
Ryan Tandy
0cee1ffb60 ITS#8655 fix double free on paged search with pagesize 0 
Fixes a double free when a search includes the Paged Results control
with a page size of 0 and the search base matches the filter.
 2017-05-20 18:28:54 +00:00
Kevin Lam
11bf6bc10a ITS#8592 Fix double free in sssvlv overlay 2017-04-26 11:05:00 -07:00
Howard Chu
2975a1d6f1 Tweaks for OpenSSL 1.1 API deprecations 2017-04-19 20:19:09 +01:00
Howard Chu
c0ff8e8a21 Delete extraneous #define 
Was only for convenience during testing
 2017-04-19 19:27:02 +01:00
Quanah Gibson-Mount
87f3477626 Fix autoca build with OpenSSL 1.1.0 2017-04-18 13:40:05 -07:00
Ondřej Kuzník
1b14198ad9 ITS#8631 Initialize sal 2017-04-10 14:24:56 +01:00
Howard Chu
29833786ad Cleanup unused vars 2017-04-10 00:54:21 +01:00
Howard Chu
d089b3c0d1 Tweak privateKeyValidate 
Only accept PKCS#8 private keys
 2017-04-10 00:51:09 +01:00
Howard Chu
25dc9e99ea Cleanup warnings, unused vars, etc. 2017-04-09 23:42:22 +01:00
Howard Chu
cff264c6e1 Fix autoca schema init 
Wait for core.schema to get loaded
 2017-04-09 22:45:36 +01:00
Howard Chu
268f71cb27 autoca fixups 
Move install of CA cert to a pool thread, otherwise cn=config deadlocks
on dynamically loaded overlay.

Dup/release entry before attempting to modify it, to avoid deadlocks
in back-bdb/hdb.

Always use PKCS#8 format when storing private keys.
 2017-04-09 20:31:11 +01:00
Howard Chu
f33c7d1ee6 Fixup for ;binary config attrs 
Use the plain attributeDescription when searching config tables
 2017-04-09 20:29:47 +01:00
Howard Chu
0f9ec8322f Add localDN config 
If a cert is generated for this DN, configure it as the local
TLS cert/key
 2017-04-09 16:44:14 +01:00
Howard Chu
b939bb519e Set the CA cert in cn=config if none was already set 2017-04-09 15:42:17 +01:00
Howard Chu
c9ccdf8554 Fixup pause handling, silence warnings 
Don't try to resume the pool if pausing failed.
 2017-04-09 15:41:16 +01:00
Howard Chu
7b41feed83 Support setting cacert/cert/key directly in cn=config entry 2017-04-09 14:51:25 +01:00
Howard Chu
2860fd4c6c Move privateKey schema into slapd 2017-04-09 14:16:56 +01:00
Howard Chu
2012795d3b Add config support for binary values 
Use base64 for .conf files, straight binary for back-config
 2017-04-09 02:26:41 +01:00
Howard Chu
2b920ecaec Add autoca overlay 
Automated certificate authority
 2017-04-08 02:51:08 +01:00
Ondřej Kuzník
ec5af7b5e7 ITS#6545 Update accesslog format and syncrepl consumer 
Make two successive modifications of the same attribute separate. This
lets the consumer interpret the log entry the same way as the server
that produced it.

Still depends on the log entry attributes being read in the same order
as they were written.
 2017-04-07 14:39:07 -07:00
Ondřej Kuzník
46c85a32ae ITS#8266 Allow empty mods 2017-03-30 15:27:45 -07:00
Quanah Gibson-Mount
2c84446240 ITS#8587 - Fix typos 2017-03-29 10:44:55 -07:00
Ondřej Kuzník
e56a849e5d ITS#8625 Separate Avlnode and TAvlnode types 
Switch AVL_CHILD/AVL_THREAD values and set Avlnode bits to AVL_CHILD for
better compatibility between avl and tavl as suggested by Howard.
 2017-03-29 14:52:44 +01:00
Howard Chu
a0cc1d9655 ITS#8054 add queue time to log 
Show time spent in conn+threadpool queues before an op actually executes.
Also clean up timestamp handling
 2017-03-16 14:21:31 +00:00
Howard Chu
e12ca8b6fe Fixes for multiple threadpool queues 
Remove poolq_hash, it wasn't distributing work evenly to the queues.
Just walk through all queues and use the one with smallest
active+pending count. Since pool_retract also relied on the hash,
a different means of locating the thread to retract was needed.
Add pool_submit2 which returns the threadpool task structure,
and record which poolq this task lives on.
 2017-03-15 11:13:09 +00:00
Ondřej Kuzník
53c6c9d16b ITS#8574 - Deal with rDN correctly 
This fixes issues with values that need escaping in the rDN when an
incorrect value would be passed to the handler and back-ldif.
 2017-03-08 15:32:17 -08:00
Howard Chu
451a9623f3 ITS#8576 Revert "LDAP_TAILQ fix" 
This reverts commit 8ee8248328.
 2017-02-01 11:58:54 +00:00
Howard Chu
2e9f95cbac More for large multival attrs 
Fix 2335285502
Use custom dupsort function, pass attributeDescription in so
it can use the actual matching rule for sorting.
 2017-01-26 10:58:55 +00:00
Quanah Gibson-Mount
cf8dc030c0 ITS#8568 2017-01-15 15:11:53 -08:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Howard Chu
e3c8beb8d0 Fix its6794 test 
Must NULL out indexing cursors when closing tool txn
 2016-12-21 14:39:47 +00:00
Quanah Gibson-Mount
131203ec5d More for multival attrs 
check for enumerated delete that deletes all values
 2016-11-03 15:50:26 -07:00
Howard Chu
589331ea75 More for ITS#8460 
accesslog can alter the timestamp on contextCSN updates
 2016-08-11 17:27:35 +01:00
Howard Chu
f6510ec83b ITS#8460 fix slap_op_time 
broken in 2d5996ac60
Was allowing tv_usec to exceed 999999
 2016-07-28 23:40:57 +01:00
Howard Chu
5e6aadd779 More for multival attrs 
Fix id2entry_delete when deleting last multival entry in DB
 2016-07-22 10:30:57 +01:00
Howard Chu
3d5601e0ba Fix a4c7943d39 
Modify/replace was broken if attr didn't already exist
 2016-07-21 00:36:32 +01:00
Hallvard Furuseth
3e2f62ed0b ITS#8442 Fix uninitialized rs->sr_text in back-meta 2016-06-12 10:18:50 +02:00
Hallvard Furuseth
4a961ed6ed Catch slapmodify entry setup errors 2016-06-12 08:35:25 +02:00
Hallvard Furuseth
1899118e91 ITS#8435 Move sc_writewait to end of slap_callback 
So any initializers in code predating sc_writewait
will find sc_private in the expected position.
 2016-06-12 08:31:18 +02:00
Hallvard Furuseth
23c5d6bbdd ITS#8435 Fix uninited slap_callback.sc_writewait 2016-06-12 08:30:58 +02:00
Howard Chu
92724fd39e ITS#8432 fix infinite looping mods in delta-mmr 2016-06-09 22:37:54 +01:00
Howard Chu
2e60bf5ed0 ITS#8428 init sc_writewait 2016-05-18 12:30:31 +01:00
Howard Chu
b7c1a5d6b8 ITS#8423 check for pause in accesslog_purge 2016-05-15 00:51:14 +01:00
Howard Chu
3efde72cbe ITS#8413 fix prev commit 
Filter needs AttributeAssertions
 2016-04-28 10:54:47 +01:00
Howard Chu
b61d02d942 ITS#8413 don't use str2filter on precomputable filters 
and more importantly, avoid escaping requirements that str2filter has
 2016-04-28 03:04:16 +01:00
Howard Chu
2335285502 More for large multival attrs 
We can't persist the sorted flag since the sort order between
DB and attr schema don't necessarily agree
 2016-04-01 18:49:59 +01:00
Nadezhda Ivanova
500398180e ITS#8303 Track pending ops per a_metasingleconn_t 
so that unused target connections can be properly reset.
 2016-02-29 17:09:00 +00:00
Nadezhda Ivanova
26f88817f6 ITS#8303 Fixed an assertion error during test022 
The error was introduced with
commit 6cafdfa8d8
 2016-02-29 17:08:51 +00:00
Howard Chu
76d9be0196 More for large multival attrs 
Fix a4c7943d39 entry delete
Ignore when id2v table is empty
 2016-02-05 21:59:43 +00:00
Howard Chu
d6f3440d94 ITS#8365 partially revert ITS#8281 
Must setup psearch before snapshotting ctxcsn
 2016-02-02 19:41:13 +00:00
Nadezhda Ivanova
6cafdfa8d8 ITS#8303 Asynchronous meta back-end for OpenLDAP 2016-02-01 14:35:47 +00:00
Howard Chu
a4c7943d39 Large multivalued attr support 
Store attrs with a large number of values separately from the
main entry blob. Note - we need support for large DUPSORT values
for this to be generally usable.
 2016-01-31 15:35:11 +00:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Quanah Gibson-Mount
606d633290 Minor fix BDB -> MDB 2016-01-29 13:21:55 -06:00
Howard Chu
4a9f4439be ITS#8360 tweak for LDAP_TXNs too 2016-01-26 13:39:53 +00:00
Howard Chu
4001eb054f ITS#8360 fix ad info after failed txn 
If an add or modify op referenced a previously unused attrtype,
the mi_ads/mi_numads would be incremented to include it. If the
op fails to commit, these additions must also be reverted.
 2016-01-26 13:33:24 +00:00
Howard Chu
a9df031d0d ITS#8354 move abandon check 2016-01-23 16:06:32 +00:00
Howard Chu
6d2eb36ccb ITS#8354 tweak prev commit 
Delay mutex init to avoid leaking the mutex
 2016-01-22 20:46:23 +00:00
Howard Chu
4773850d42 ITS#8354 fix syncprov abandon 
Check for abandon just before recording psearch
 2016-01-22 20:41:48 +00:00
Howard Chu
eaee3b39ba ITS#8351 fix accesslog callback init 2016-01-15 10:37:56 +00:00
Howard Chu
901fe3318f ITS#8337 fix missing olcDbChecksum config attr 2015-12-12 16:14:45 +00:00
Howard Chu
af0c7ae038 ITS#8329 finish prev commit 2015-12-03 19:25:32 +00:00
Paul Terry
33ed03a64b ITS#8329 Add the id_query config item. 2015-12-03 19:21:46 +00:00
Howard Chu
3a305253a0 ITS#8327 fix ppolicy_get_default 
pwdMaxRecordedFailure must never be zero
 2015-12-03 00:58:33 +00:00
Howard Chu
2d5996ac60 ITS#8054 Cleanup duration patch 
Don't need op->o_hr_time, just use o_tincr, that's what it
was intended for anyway. Use "etime=" like other products do.
Simplify ifdefs. Use gettimeofday, it's always available now.
 2015-10-31 11:57:06 +00:00
Emily Backes
5324d283d9 ITS#8054 operation duration logging 2015-10-31 11:55:23 +00:00
Howard Chu
291b6a1a22 ITS#8215 fix cd9980c48b 
Wrong function signature
 2015-10-27 11:46:08 +00:00
Howard Chu
0d9b8ebe4b ITS#8289 fix mod Increment with inherited attr type 2015-10-27 03:41:17 +00:00
HAMANO Tsukasa
c05c9619a6 ITS#8114 LDAP MODIFY handling 2015-10-25 09:13:27 +00:00
HAMANO Tsukasa
30f80a005d ITS#8114 suppress warn message 2015-10-25 09:12:02 +00:00
Ondřej Kuzník
cd9980c48b ITS#8215 Add config tool delete support 2015-10-25 09:04:40 +00:00
Ondřej Kuzník
085eb2e8df ITS#8215 Add mdb tool delete support 2015-10-25 09:04:21 +00:00
Ondřej Kuzník
f3e8aa5849 ITS#8215 Add bdb tool delete support 2015-10-25 09:04:00 +00:00
Ondřej Kuzník
8b8890bddc ITS#8215 Change BI_tool_entry_delete signature 2015-10-25 09:02:59 +00:00
Ondřej Kuzník
6f1544c51e ITS#8215 Make editing of invalid entries possible 
If the database does not conform to any known schema, make it possible
to edit such a database using slapmodify when schema-checking is
disabled.
 2015-10-25 09:02:39 +00:00
Ondřej Kuzník
5a6a93035d ITS#8215 Do not crash on an empty entry 2015-10-25 09:02:06 +00:00
Ondřej Kuzník
b47f32f6f2 ITS#8215 Remove a memory leak 2015-10-25 09:01:46 +00:00
Ondřej Kuzník
f1cd76db75 ITS#8215 Use the correct transaction 2015-10-25 09:01:22 +00:00
Howard Chu
a39e3a0712 ITS#8284 olcRelay needs quotes 2015-10-25 08:19:03 +00:00
Howard Chu
e635a53ff0 Cleanup 
Log the same pointer in queue_csn as graduate_
 2015-10-24 06:48:41 +01:00
Howard Chu
71c907fb88 ITS#8281 more for prev commit 2015-10-24 06:34:24 +01:00
Howard Chu
cd8ff37629 ITS#8281 fix delta-mmr with interrupted refresh 
Prevent spurious contextCSN generation
and ignore consumers when we have no contextCSN yet.
But make sure to propagate valid contextCSN updates to
accesslog/syncprov for delta consumers.
 2015-10-24 06:06:49 +01:00
Howard Chu
ad93b9e652 ITS#8277 simpler check for syncrepl on config DB 
Windows mutexes are recursive so the trylock test will succeed
even though the mutex is already locked. Just compare be pointers.
 2015-10-20 21:30:00 +01:00
Howard Chu
756a6b8683 ITS#8261 change sl_mem_detach to sl_mem_setctx 2015-10-01 23:55:10 +01:00
Howard Chu
32f9754bf1 ITS#8233 (#8251) 
Schema parsing ignores some slapd.conf rules
 2015-09-22 21:43:02 +01:00
Howard Chu
91ab49c37d ITS#8249 add option to return search entry 2015-09-17 20:43:37 +01:00
Howard Chu
05b32b4992 ITS#8244 skip client controls in ldap_back_entry_get() 2015-09-14 05:43:35 +01:00
Ryan Tandy
f5100665e3 ITS#7964 avoid double-unescaping rewrite rules 
config_fp_parse_line processes backslash escapes. When existing rewrite
rules were reloaded while inserting a new rule, this caused backslashes
to be lost from every rule except the most recently inserted one.
config_parse_ldif performs similar splitting, but leaves backslashes
alone.
 2015-09-06 21:34:03 -07:00
Ryan Tandy
e27108e7cb ITS#7889 add olcDropUnrequested to olcRwmConfig 2015-09-05 17:59:38 -07:00
Ryan Tandy
1b7a5871c2 ITS#8234 revert to default policy on failure 2015-09-01 19:19:57 -07:00
Ryan Tandy
572ad2b037 ITS#7537 release entry on failure 2015-09-01 18:56:19 -07:00
Howard Chu
62813f55af ITS#8233 reject lines with unbalanced quotes 2015-09-01 01:09:46 +01:00
Howard Chu
86ae4e0126 ITS#8226 leave nested ops alone 2015-08-31 14:55:35 +01:00
Howard Chu
bea2c5d438 More for batched writes 
Only usable if backend supports txns
 2015-08-30 05:46:01 +01:00
Howard Chu
535cf92ff4 More for batched writes 2015-08-30 05:34:42 +01:00
Howard Chu
5a3a54333c More for batched write 2015-08-30 05:14:17 +01:00
Howard Chu
35f17e023d ITS#8226 revert unintended commit 2015-08-30 05:01:59 +01:00
Howard Chu
21bf33b0e8 ITS#8226 limit size of read txns in searches 2015-08-30 04:54:22 +01:00
Howard Chu
2160427f89 ITS#8232 avoid redundant abandon processing 2015-08-29 19:44:33 +01:00
Howard Chu
2eaf8eb213 ITS#8231 fix ITS#8042 regression 2015-08-29 18:29:32 +01:00
Howard Chu
79157d314f ITS#8220 fix prev commit 
Dynamic startup was failing
 2015-08-21 11:40:02 +01:00
HAMANO Tsukasa
61c95e7669 ITS#8114 OpenLDAP WiredTiger Backend 2015-08-19 18:13:27 +01:00
Howard Chu
f385fd5ad1 ITS#8082 plug benign memleak 2015-08-19 17:44:08 +01:00
Howard Chu
a96fc51ebb ITS#8218 zero filter after freeing 
This appears to be cruft leftover from rev e8c58b4e7f
 2015-08-19 15:35:45 +01:00
Howard Chu
7fb9bb93bf ITS#8220 restore refint performance 2015-08-19 14:04:15 +01:00
Howard Chu
150cf51c34 ITS#8185 fix OID collision 2015-08-15 01:42:12 +01:00
Howard Chu
e5b9bdd8c5 ITS#8185 missing schema reference 2015-08-15 00:56:50 +01:00
Howard Chu
cb28f28354 Strip down even more 
syslogd always overrides the timestamp, so just omit it
Don't use *printf if we don't need to.
 2015-08-14 17:48:59 +01:00
Howard Chu
afa9a9c3e0 Use batched write txns in refresh 
Experimental - write 500 updates per txn instead of 1:1
 2015-08-14 17:43:03 +01:00
Ryan Tandy
1c49424134 ITS#8133 avoid mods during dds_db_open 
If dds is present early in the overlay stack, the modify ops from
dds_expire can trigger other overlays before they have initialized.
Avoid that by delaying the first expiry until startup has finished.
 2015-08-14 08:46:56 -07:00
Howard Chu
b0950f4d44 Fix copy/paste error in prev commit 2015-08-14 15:33:32 +01:00
Howard Chu
af27b7032e ITS#8185 add pwdMaxRecordedFailure 
Limit the number of pwdFailureTime stamps to record, regardless
of lockout settings.
 2015-08-14 15:19:46 +01:00
Ryan Tandy
7380354270 ITS#8213 fix deleting rewrite rules 
From ITS#5940. Add path has the same code.
 2015-08-08 07:49:15 +00:00
Howard Chu
fa705a1814 ITS#8203 plug leak in prev commit 2015-07-24 19:32:19 +01:00
Howard Chu
3033f89eef ITS#8203 more fixes for #8036/#7904. 2015-07-24 18:35:28 +01:00
Ryan Tandy
b48d0169d0 ITS#8199 fix NULL ptr dereference in at_next 
Deleting all values of olcAttributeTypes and then adding a value with
index > 0 triggers a NULL dereference when config_generic tries to
append to a list that doesn't exist yet.

Already fixed for olcObjectClasses in ITS#5388.
 2015-07-17 16:09:46 -07:00
Howard Chu
e5c778fa43 ITS#8173 fix SEGV after failed retry 2015-07-16 03:29:06 +01:00
Howard Chu
624c1fac8b ITS#8184 avoid redundant mod ops 
If multiple ppolicy overlays are present on a glued tree, they all
attempt to update the policy operational attributes in response to
password-related activities. The redundant mod ops will cause the
entire op to fail. Check for these ops before inserting new ones.
 2015-07-10 14:04:29 +01:00
Howard Chu
eb25ece469 Revert unintended commit 2015-07-08 14:25:52 +01:00
Howard Chu
b7a291a488 Experimental syslog() replacement 
2-3x faster than libc. Add it to the Makefile yourself if you want to test it.
 2015-07-08 14:22:29 +01:00
Howard Chu
66ab6bafa8 ITS#8142 cleanup prev commit 
Only drop connection if user originally bound to this backend,
and rebind-as-user was set. Sessions from other backends would
use idassert-bind so loss of creds doesn't affect them.
 2015-05-21 01:20:16 +01:00
Howard Chu
5f70fd13d2 ITS#8129 fix typo from ITS#6613 2015-05-20 23:46:51 +01:00
Ryan Tandy
3b90232022 ITS#8150 let check_name_index handle frontend 
The fix for ITS#7016 only adjusted the frontend entry's DN, but not the
naming attribute in the entry. check_name_index knows how to do both.
 2015-05-20 23:36:42 +01:00
Howard Chu
3f119767f7 ITS#8146 fix off-by-1 in prev commit 2015-05-19 21:21:54 +01:00
Howard Chu
117edd79ce ITS#8142 drop client connection on remote failure 
also cleanup of return-code handling
 2015-05-19 15:37:24 +01:00
Howard Chu
4f05e3d966 ITS#8146 tweak prev commit 
Test less likely condition first
 2015-05-18 18:06:58 +01:00
Howard Chu
1e768c1cda ITS#8146 fix mdb_filter_candidates for unindexed attr 
Change result of MDB_IDL_ALL() to use the last entryID in the DB
instead of NOID.
 2015-05-18 17:55:04 +01:00
Howard Chu
fc05c63b63 ITS#8127 fix ftello for Win32 2015-05-07 10:48:42 +01:00
Emmanuel Lécharny
9f9bf53d61 ITS#8131 fix typo in prev commit 2015-05-06 16:50:41 +01:00
Howard Chu
930decf5ff ITS#8131 improve back-meta logs 2015-05-06 16:40:14 +01:00
Hallvard Furuseth
a59f336a61 ITS#8092 fix previous fix. 
slap_auxprop_lookup() returns void with old sasl versions.
 2015-05-04 21:05:57 +02:00
Hallvard Furuseth
f2b96c19cc Fallback typedef for slap_sasl_cb_ft 2015-05-04 20:52:00 +02:00
Quanah Gibson-Mount
2c34d2fda6 ITS#8120 Move final CHECK_CSN block to before the mutex is unlocked. 2015-04-29 22:30:17 -05:00
Jan Synacek
fb1bf1caa8 More for ITS#8105 
Fix multiple argument handling. For example:

perlModuleConfig homedir /home/jsynacek

should be converted to

olcPerlModuleConfig: homedir /home/jsynacek

and not to

olcPerlModuleConfig: homedir
olcPerlModuleConfig: /home/jsynacek
 2015-04-27 11:19:20 +01:00
Howard Chu
da0639a7e6 Silence warnings 2015-04-23 06:10:40 +01:00
Howard Chu
d7bf6fcaae ITS#8108 silence rootdn check on hidden backends 
select_backend() skips hidden backends so it fails to match the
rootdn of a database that has been hidden. rootpw tries to see
if the rootdn matches the current backend but the check fails
when hidden. Ignore this check on hidden backends since one
cannot Bind to a hidden backend anyway.
 2015-04-23 05:58:50 +01:00
Ryan Tandy
4f82c10120 ITS#8107 don't shadow rc 2015-04-23 05:16:12 +01:00
Jan Synacek
25bbf116ad ITS#8105 back-perl: correctly convert perlModuleConfig 
perlModuleConfig lines are not converted when using slaptest -f -F.
 2015-04-16 02:55:56 +01:00
Howard Chu
15347d1180 ITS#8103 fix crash with more than 65535 aliases in a scope 2015-04-13 13:11:29 -07:00
Howard Chu
dcd0fd27f6 ITS#8040 use NOMETASYNC for lazycommit 
not NOSYNC. Might be configurable in the future, but we don't
really want to add more config options at present
 2015-04-09 15:56:22 +01:00
Ondřej Kuzník
cf3e10ee15 ITS#8057 Use an actual entry for modify/modrdn checks 2015-04-08 23:26:27 +01:00
Howard Chu
525aa23800 ITS#8040 document lazycommit 2015-04-08 23:18:03 +01:00
Howard Chu
012b7f0e7d ITS#8092 no-op if there's no context 2015-04-01 21:17:35 +01:00
Howard Chu
ff7c0e5779 ITS#8081 - more for #8063 
Prev patch broke underlying assumption that mods queue and execute
in order. Now must search list for matching mod to dequeue.
 2015-03-21 21:32:48 +00:00
Howard Chu
8eb9aa7dc5 ITS#8063 more for prev commit 2015-02-25 06:11:44 +00:00
Howard Chu
8ad64c8f9a ITS#8063 don't block our own thread 2015-02-25 05:44:07 +00:00
Ondřej Kuzník
4b84b6af14 ITS#8057 Enforce uniqueness unless permitted by ACL 2015-02-16 17:30:59 +00:00
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Howard Chu
129299a933 ITS#8051 use a regexp 2015-02-04 05:21:46 +00:00
Howard Chu
2fbecdd756 ITS#8051 add DN qualifier 2015-02-04 03:53:13 +00:00
Howard Chu
3b130b65a4 ITS#8049 fix typo 2015-02-04 02:40:30 +00:00
Howard Chu
2f1a2dd329 ITS#8046 fix vrFilter_free 2015-02-04 02:03:55 +00:00
Howard Chu
3349ca0bee ITS#8048 fix slapo-sock result 2015-02-03 10:35:52 +00:00
Howard Chu
cb3952db4b ITS#8039 more cleanup 2015-02-03 10:23:39 +00:00
Howard Chu
a32a2da33a ITS#8040 experimental Lazy Commit 2015-02-02 10:50:22 +00:00
Howard Chu
b1d1c74247 Cleanup prev commit 2015-02-02 08:45:57 +00:00
Howard Chu
bb9287ba1a More for ITS#8043 2015-02-02 08:42:28 +00:00
Howard Chu
bc1e08e296 ITS#8043 don't leave dangling syncops 2015-01-31 13:04:53 +00:00
Howard Chu
edf359795c ITS#8039 cleanup 2015-01-31 12:52:56 +00:00
Howard Chu
c4b43c0077 More for presentlist_free 2015-01-31 01:12:54 +00:00
Howard Chu
4929ad5e81 More for presentlist (ITS#8042) 2015-01-31 01:03:23 +00:00
Howard Chu
c8d40af0d2 ITS#8039 fix prev commit 
Don't overload ri_csn with cookie, use a separate berval
 2015-01-31 00:12:29 +00:00
Howard Chu
a2d4ed146d ITS#8039 plug syncprov memleak 
Rewrote the psearch result handling to keep track of which
queues are using which results.
 2015-01-30 08:55:47 +00:00
Howard Chu
3f5e705996 Fix prev commit 2015-01-30 08:06:11 +00:00
Howard Chu
1fa702e968 Streamline presentlist 
This reduces presentlist memory usage by about 50%. It's still
about 2.5x greater than it should be.
 2015-01-30 00:54:21 +00:00
Howard Chu
84fde1bb02 ITS#8038 free presentlist at end of refresh 2015-01-29 05:15:33 +00:00
Howard Chu
97ed9736e5 ITS#8036 cleanup prev commit 2015-01-27 23:53:19 +00:00
Howard Chu
217d6ffcdb ITS#8036 more for prev commit 2015-01-27 23:39:46 +00:00
Howard Chu
969d477168 ITS#8036 fix regression from ITS#7904 2015-01-27 22:26:33 +00:00
Howard Chu
b53d813413 ITS#8035 plug memleaks in syncrepl 2015-01-27 20:29:34 +00:00
Howard Chu
c5378df634 ITS#8011 fix prev patch 
Remove assert. This is merely a cache of parent DNs, failure to
insert doesn't affect outcome.
 2015-01-27 18:30:23 +00:00
Howard Chu
c32e74763f ITS#8027 require non-empty AttributeList 2015-01-20 11:35:40 +00:00
Howard Chu
047f275987 Fix 0e66a3d1bf 
clear rc, otherwise syncrepl stops
 2015-01-14 20:27:49 +00:00
Howard Chu
869324ff9f Fix typo in 45146ba21a 2015-01-14 19:05:17 +00:00
Howard Chu
30ae5fa2cf GSER issuer quoting fix (coverity) 2015-01-14 18:56:12 +00:00
Howard Chu
59ee92213b Minor cleanup (coverity) 2015-01-14 17:52:22 +00:00
Howard Chu
fccca0ead9 Minor cleanup (coverity) 2015-01-14 16:59:54 +00:00
Howard Chu
bc3dbcbde9 Minor cleanup (coverity) 2015-01-14 13:27:45 +00:00
Howard Chu
c25208cd14 Minor cleanup (coverity) 2015-01-14 12:48:44 +00:00
Howard Chu
0677f67d29 Minor cleanup (coverity) 2015-01-14 12:23:19 +00:00
Howard Chu
86d81fa153 Minor cleanup (coverity) 2015-01-14 12:16:24 +00:00
Howard Chu
e861305d50 Minor cleanup (coverity) 2015-01-14 11:30:33 +00:00
Howard Chu
0e5f63ae6d Minor cleanup (coverity) 2015-01-14 11:08:51 +00:00
Howard Chu
651804842f Fix missing error return (coverity) 2015-01-14 10:37:13 +00:00
Howard Chu
45146ba21a Fix UTF8stringvalidate loop termination (coverity) 2015-01-14 10:35:20 +00:00
Howard Chu
67c13d0ccf Fix NULL in debug output (coverity) 2015-01-14 10:22:50 +00:00
Howard Chu
0e66a3d1bf check ber_scanf(syncUUIDs) result (coverity) 2015-01-14 10:13:16 +00:00
Howard Chu
14a3efa48a plug unlikely memleak (coverity) 2015-01-13 22:48:07 +00:00
Howard Chu
74d89e567c plug memleak in cr index (coverity) 2015-01-13 22:01:17 +00:00
Howard Chu
19af642a2d ACL write/manage fixes (coverity) 2015-01-13 21:43:22 +00:00
Howard Chu
975dce7ffb varargs cleanup (coverity) 2015-01-13 18:32:28 +00:00
Howard Chu
79cce59ad4 Fix insecure chroot (coverity) 2015-01-13 18:23:16 +00:00
Howard Chu
2cf553563b Fix fprintf format (coverity) 2015-01-13 18:11:49 +00:00
Howard Chu
6046584531 ITS#8022 don't skip TLS init for ldaps:// targets 2015-01-12 22:25:53 +00:00
Howard Chu
9266a43d6c ITS#8016 return errmsg for unknown envflags 2015-01-05 09:37:27 +00:00
Leo Yuriev
67a65ec701 ITS#8011: few corrections for lmdb-backend; 
dn2id.c:
  + assertion for mdb_id2l_insert() result;
  - unnecessary assignment;

search.c:
  - unused variable 'first';
  + range-check for mdb_idl_search() result;
 2015-01-04 07:41:07 +00:00
Leo Yuriev
7c2951819f ITS#5452,#8012: fix syncprov syncops freeing 
Detaching a syncops record from op-list conditionally,
only when it was freed by syncprov_free_syncop.

The syncprov_free_syncop() and syncprov_drop_psearch() now
returns a flag, which is nonzero if the given syncops was freed.
 2015-01-04 07:27:29 +00:00
Howard Chu
0b2438fbec ITS#8013 fix syncprov_matchops test_filter usage 2015-01-04 07:20:41 +00:00
Howard Chu
c5cc2f241f ITS#8014 plug onetime leak in slapadd -w 2015-01-04 07:01:47 +00:00
Howard Chu
2930a68808 ITS#7780,#7781 fix prev commit 2014-12-18 19:35:09 +00:00
Ondřej Kuzník
8958d2b7cb ITS#7780,ITS#7781 Fix slapo-constraint with 0 count 2014-12-18 19:34:55 +00:00
Howard Chu
e8771b785c ITS#8007 fix d06f5e7c1b 
duplicate OID, oops
 2014-12-16 20:08:32 +00:00
Howard Chu
d06f5e7c1b ITS#8007 Add maxentrysize config option 2014-12-15 21:35:48 +00:00
Ondřej Kuzník
508f4158bc ITS#7797 Fix segfault in slapo-collect 2014-12-12 01:35:30 +00:00
Howard Chu
9accfbb73a ITS#7995 fix slap_bv2undef_ad 2014-12-10 02:06:50 +00:00
Leo Yuriev
8ba5a27829 ITS#7968 add locks for syncrepl cookiestate 
Mutex must be held even for a read-access of a cookie state,
as there may be a race with write in other thread.
 2014-12-05 19:44:19 +00:00
Howard Chu
b0225e8e60 ITS#7976 fix delta-mmr/accesslog interaction 2014-10-30 15:00:13 +00:00
Howard Chu
e6e073d31e ITS#7975 fix onelevel search 2014-10-29 18:05:00 +00:00
Howard Chu
10d5815c62 Fix typo in cancel config 2014-10-15 11:21:19 +01:00
Leo Yuriev
b0e46fb9f9 ITS#7965 mdb_dn2id 
heap corruption due to returning a reference to a local variable
 2014-10-14 13:15:16 +01:00
Quanah Gibson-Mount
db564ab516 Silence compiler warning by adding explicit return 0 to ppolicy_db_destroy 2014-10-03 15:35:39 -05:00
Howard Chu
766103a912 Fix mdb_txn cleanup 2014-09-19 19:22:14 +01:00
Howard Chu
8bdd54c4c1 ITS#7942 tweak previous commit 
Only free when cleaning up operation controls, not response controls.
(This only makes a difference on search requests, which may have
multiple responses with the same set of controls.)
 2014-09-18 06:49:26 +01:00
Howard Chu
9d9913392a ITS#7942 plug leak in controls 2014-09-18 02:06:38 +01:00
Howard Chu
af8f1e0741 ITS#7941 fix for repeated tags 
Make sure ntags isn't incremented if we're skippnig the tag
 2014-09-18 00:33:33 +01:00
Howard Chu
09137b6646 Consolidate LDAP_TXN precheck 
This commit was accidentally omitted from previous push
 2014-09-16 00:09:10 +01:00
Howard Chu
f9cb538fbd Add updateControls to txn response 2014-09-15 23:49:26 +01:00
Howard Chu
32f05e96f7 Flesh out txn support 
Only in back-mdb; back-bdb needs work but it's deprecated;
not worth the effort. In particular txn, retry after deadlocks
makes the whole thing too messy.
 2014-09-15 23:48:23 +01:00
Howard Chu
11594db633 ITS#7937 flush data to socket 2014-09-11 10:24:09 +01:00
Leo Yuriev
c1f04881be ITS#7915 fix memory leaks in previous patch 2014-09-10 11:51:44 +01:00
Howard Chu
4f66cfa1b4 ITS#7935 partially revert prev patch 
Can't allow special chars in RDN, not all OSs/filesystems support it.
 2014-09-09 14:40:11 +01:00
Howard Chu
f88970efc1 ITS#7935 fix schema RDN normalization 2014-09-09 14:35:43 +01:00
Howard Chu
3d52e63366 ITS#7929 don't log internal searches 2014-09-08 15:40:28 +01:00
Howard Chu
4ea2fe90e8 ITS#7934 add missing normalization of attrs 2014-09-08 14:57:57 +01:00
Jan Synacek
1ad90643b5 ITS#7933 fix frontend config 2014-09-08 14:04:38 +01:00
hyc
846cf30842 ITS#7930 additional fix 
bypass cleanup handlers for suppressed search result msgs
 2014-09-06 09:49:32 +01:00
hyc
18d9470984 ITS#7930 partial fix 
Only restore op->o_req_dn if no one else changed it on us.
 2014-09-06 09:14:46 +01:00
Howard Chu
92c7a89130 ITS#7928 fix syncprov abandon cleanup 2014-08-29 02:19:35 +01:00
Howard Chu
9a8cb6091a ITS#7702 better fix 
Check for duplicate scopes in search_aliases, not later.
 2014-08-28 18:21:21 +01:00
Howard Chu
f42c7c6bbc Revert "ITS#7702 fix results with aliases" 
This reverts commit cac00c6a97.
 2014-08-28 17:51:46 +01:00
Howard Chu
b669f5b706 ITS#7904 init wwctx earlier 2014-08-27 11:50:32 +01:00
Howard Chu
cac00c6a97 ITS#7702 fix results with aliases 
Aliases pointing within the original search scope could cause
the same entry to be returned multiple times. Check for subtree
scope and duplicate scopes.
 2014-08-26 20:07:40 +01:00
Howard Chu
e5f5a4ab5f ITS#7927 fix double-free of searchref 2014-08-26 19:17:33 +01:00
Howard Chu
b07e31aa02 Cleanup mdb_ad_get 2014-08-21 20:26:00 -07:00
Howard Chu
be02e8ddd0 ITS#7906,#7923 Don't free configinfo in _db_close 2014-08-20 13:49:37 -07:00
Howard Chu
3feffb9a0a ITS#7904 more tweaks 
Must save/restore mcd cursor if we're doing a scope-based search.
 2014-08-20 13:06:51 -07:00
Howard Chu
cd02e6054e ITS#7922 delete dead code 
Harmless, but stupid.
 2014-08-19 20:31:20 -07:00
Quanah Gibson-Mount
9c54ff2f0b Fix typo 2014-08-18 12:18:44 -05:00
Howard Chu
27f3ef2cfd ITS#7920 fix for slapacl 
This needs to be streamlined in 2.5, current tool API is a mess.
 2014-08-13 20:49:05 -07:00
Howard Chu
3f0839d8df ITS#7838 fix typos in prev commit 2014-08-13 19:53:56 -07:00
Howard Chu
10b6c9f0f2 ITS#7919 fix cache DB config 
Don't accept config directives for cache DB until the cache backend type
has been set.
 2014-08-13 19:22:17 -07:00
Howard Chu
d8e280e87c ITS#7906 more cleanup 
db_open/close were not symmetric with init/destroy
 2014-08-11 13:48:29 -07:00
Howard Chu
8b89b45615 ITS#7906 minor cleanup 
rename ppolicy_close -> ppolicy_db_close for consistency
 2014-08-05 19:37:28 -07:00
Howard Chu
08792a77fd ITS#7906 better fix 
don't free pwcons unless we're actually destroying this DB
 2014-08-05 19:36:30 -07:00
Howard Chu
7f7a82c0f5 ITS#7915 fix translucent_modify 
Go directly to local backend when fetching local entry
 2014-08-04 13:42:35 -07:00
Howard Chu
d8c060104d ITS#7915 fix mdb_entry_release 
In server mode, make sure the entry was actually ours
 2014-08-04 13:36:48 -07:00
Howard Chu
f7a2438112 ITS#7895 drop toolmode checks in str2entry 
They were obsoleted by ITS#6737 and have been redundant ever since.
(commit 15f1e7bdb7)
 2014-08-02 11:17:12 -07:00
Howard Chu
5ac3dbefcd ITS#7912 fix index config 2014-07-31 11:31:14 -07:00
Howard Chu
e5dae640f2 ITS#7909 fix slap_callback init 2014-07-30 06:55:36 -07:00
Quanah Gibson-Mount
e091e0bb63 ITS#7908 
Add olcSssVlvMaxPerConn to the olcSssVlvConfig objectClass
 2014-07-28 13:04:43 -05:00
Howard Chu
05402c396d ITS#7906 fix ppolicy_connection_destroy 
It can still run after ppolicy_close has freed the connection table
 2014-07-24 17:04:56 -07:00
Howard Chu
e17878933f ITS#7904 writewait patch 
Assigned ITS#, tweaking. This ITS includes
	4f05d992f2
	716b35e191
	be792fae2c
 2014-07-23 13:12:51 -07:00
Howard Chu
4f05d992f2 Fix prev commit 2014-07-22 21:55:23 -07:00
Howard Chu
716b35e191 More for writewait callback 
Must also reset search cursors
 2014-07-22 21:52:24 -07:00
Howard Chu
031640456b ITS#7903 preserve Sorted status of attrs 2014-07-22 20:24:58 -07:00
Howard Chu
f0475bab5a ITS#7902 fix str2entry / sorted vals 2014-07-22 20:21:35 -07:00
Howard Chu
be792fae2c Add sc_writewait callback 
Invoked before a blocked writer waits for socket to be writable.
Use in back-mdb to release reader txn while waiting.
 2014-07-22 19:17:15 -07:00
Ondřej Kuzník
a773a0cc14 ITS#7894 Let back-config use backend to release entries 2014-07-22 14:49:20 -07:00
Howard Chu
03d927485e ITS#7249 partial fix for memberof on frontendDB 2014-07-21 08:44:42 -07:00
Michael Stroeder
8605eedb31 ITS#7838 add ORDERING rules to ppolicy attrs 2014-07-18 13:04:15 -07:00
Howard Chu
8c62b323ba ITS#7868 fix slapo-sock db_init 2014-07-18 12:03:07 -07:00
Howard Chu
1f168a0b8f ITS#7893 (#6508) fix a_numvals 2014-07-09 13:07:53 -07:00
Howard Chu
b9abbdf623 Add missing mdb_strerror calls to debug msgs 2014-07-09 11:21:41 -07:00
Ondrej Kuznik
01f698bce9 ITS#7256 A few issues discovered during testing slapmodify. 
- bdb deallocates cursor after some tool operations but expects it to be
  around every time it is called
- mdb tries to allocate a second transaction while it already holds one,
  deadlocking
- op->o_hdr must exist for most uses of op, but o_tmpmfuncs need not
- what about indexing after a tool modify? Does it happen automatically?
 2014-07-08 17:28:12 -07:00
Ondrej Kuznik
d3a5ab824d ITS#7256 Consolidate cleanup code at one location. 2014-07-08 17:28:12 -07:00
Ondrej Kuznik
07c563b8a5 ITS#7256 Rework entry retrieval and cleanup. 
When doing deletes, lastmod has no entry to work on.
 2014-07-08 17:28:11 -07:00
Ondrej Kuznik
fde1f80aa8 ITS#7256 Add some necessary checks. 2014-07-08 17:28:10 -07:00
Ondrej Kuznik
304c0cbbff ITS#7256 Set backend for operation. 
slap_tool_entry_check does it but it is not called every time.
 2014-07-08 17:28:09 -07:00
Ondrej Kuznik
7810dccdff ITS#7256 Let slapmodify ignore unknown operations 
ldapmodify already does the same.
 2014-07-08 17:28:07 -07:00
Ondrej Kuznik
cede821cef ITS#7256 Allow deletes with slapmodify 2014-07-08 17:28:06 -07:00
Ondrej Kuznik
f05602927d ITS#7256 mplement bi_tool_entry_delete for back-ldif 2014-07-08 17:28:04 -07:00
Ondrej Kuznik
c048b7cad6 ITS#7256 Introduce bi_tool_entry_delete 2014-07-08 17:26:05 -07:00
Ondrej Kuznik
17e223b896 ITS#7212 rudimentary slapmodify support for back-config 2014-07-08 17:25:58 -07:00
Ondrej Kuznik
5ee5251fa4 ITS#7212 slapmodify support for back-ldif 2014-07-08 17:25:58 -07:00
Howard Chu
282d215924 Fixup for win64 commit 
couldn't avoid ifdefs. Silence warnings.
 2014-06-23 08:21:36 -07:00
Howard Chu
dda779d83e Windows64 32/64 silliness 
On Windows64, long is the same size as int. Use size_t when we
need an actual 64 bit unsigned long.
 2014-06-23 08:00:11 -07:00
Paul B. Henson
85d467aca6 ITS#7161 ppolicy pwdFailureTime resolution should be better than 1 second 2014-06-15 13:42:46 -07:00
Howard Chu
8fc7e06d22 Revert "ITS#7616 defer searches while consumer refreshing" 
This reverts commit cf4aa8f9d9.

There appears to be no safe way for this to work with MMR.
 2014-06-12 13:23:29 -07:00
Howard Chu
e4e265c153 ITS#7873 check for pauses 2014-06-04 14:24:20 -07:00
Howard Chu
4afa10d059 ITS#7872 plug memleak of matchedDN 2014-06-04 14:02:06 -07:00
Howard Chu
45ff842542 Plug one-time leaks 2014-06-04 02:23:18 -07:00
Howard Chu
a01d3f965b ITS#7870 ignore index DBs in slapcat 2014-06-03 20:38:21 -07:00
Howard Chu
33e12f4de3 Don't do any merging if manageDSAit was used 
Just passthru search to local DB
 2014-05-27 18:12:49 -07:00
Howard Chu
932a11ac76 ITS#7849 make sure to send cookie after fallback 2014-05-23 06:56:56 -07:00
Howard Chu
cf4aa8f9d9 ITS#7616 defer searches while consumer refreshing 2014-05-23 06:56:16 -07:00
Howard Chu
5a08b66141 ITS#7705,#7800 fix prev commit 
Better check for missing IDs
 2014-05-15 21:27:21 -07:00
Howard Chu
437f21b16e ITS#7705,#7800 fix back-mdb pagedResults search 
mdb_idscopes was remembering the IDs of every entry it checked;
it should only have been saving the IDs of entries that were
actually in the search scope. The extra entries filled the scopes
array, causing a loop searching for a parent entry that was
never inserted.
 2014-05-15 21:06:17 -07:00
Howard Chu
141f168093 ITS#7850 catch invalid naming attr 2014-05-09 11:29:45 -07:00
Quanah Gibson-Mount
e5443fd279 Relocate the maxsize bit 2014-04-25 14:43:12 -05:00
Quanah Gibson-Mount
ea2fbe2152 Sample slapd.ldif is missing the olcDbMaxSize parameter 2014-04-25 14:36:09 -05:00
Howard Chu
c84ae5db07 ITS#7827 slapacl requires a valid suffix 2014-03-25 15:18:17 -07:00
Howard Chu
052aef5960 ITS#7587 fix double-free 
Related to bb3e14ddba (ITS#6254)
 2014-03-18 11:47:31 -07:00
Howard Chu
5f92a0bb16 ITS#7803 reference slapd-config(5) 
Also replace BDB example with LMDB
 2014-02-28 12:52:39 -08:00
Howard Chu
5cab6b77e4 ITS#7798 fix mdb_entry_decode() 2014-02-07 03:02:33 -08:00
Kurt Zeilenga
5c878c1bf2 Happy new year (belated) 2014-01-25 05:21:25 -08:00
Howard Chu
b1ed3bf10a ITS#7778 fix regression from #7329 2014-01-13 11:26:46 -08:00
Pierangelo Masarati
3be02f83df handle softadd/softdel (internal modifications; ITS#7773) 2013-12-28 16:20:08 +01:00
Hallvard Furuseth
5415e1e6de ITS#6758 Rewrite code for contrib:wrap_slap_ops. 
Tweak slapd code so wrap_slap_ops can process it: Use pointers
BackendInfo *bi instead of array "func" = &bi->bi_op_bind. In
slapo-chain, keep a slap_operation_t instead of a function ptr.
 2013-12-11 14:40:45 +01:00
Hallvard Furuseth
7bb8b706c5 ITS#6758 Add SLAP_OP() &co, contrib:wrap_slap_ops. 
Add framework for debug macros SLAP_OP(), slap_be_op(),
slap_bi_op() around LDAP-operation backend calls.

contrib/slapd-tools/wrap_slap_ops converts code to use them.

Code compiles as before by default.  #define USE_RS_ASSERT
enables debugging, $NO_RS_ASSERT tweaks it. See slapd/result.c.
 2013-12-11 14:40:45 +01:00
Howard Chu
26ce222b6a ITS#7761 bail out of search if config is pausing 2013-12-10 18:08:36 -08:00
Howard Chu
ac9ac0094e ITS#7749 more for prev commit 2013-11-21 11:18:24 -08:00
Howard Chu
a4b9cab04f ITS#7750 fix olcDbConfig modification 2013-11-18 20:39:35 -08:00
Howard Chu
1682691f50 Fix typo for Windows 2013-11-14 21:17:13 -08:00
Howard Chu
06e384d55b ITS#7749 propagate op->o_extra in syncprov_findbase 2013-11-14 19:16:57 -08:00
Howard Chu
5328340d35 ITS#7746 fix for cert with NULL issuerDN 2013-11-14 03:02:07 -08:00
Howard Chu
66bb780b16 ITS#7743 Fix indexed AND filter 
Partially revert 47f6aec61e
Was using RANGE_FIRST/RANGE_LAST on an IDL known to *not* be a range.
 2013-11-11 21:01:33 -08:00
Howard Chu
3d1a0bb17e ITS#7741 Fix entryDN index lookup 
DN notfound is authoritative, don't ignore the result
 2013-11-06 09:41:42 -08:00
Howard Chu
6711876a35 Fix CONFIG_DELETE crash 
Closing a connection can abandon its ops without going thru the threadpool,
so make sure to lock the si_ops_mutex before walking the list.
 2013-11-05 12:59:56 -08:00
Howard Chu
a12bedc2d8 ITS#7735 fix memctx usage in prev commit 2013-11-05 11:49:43 -08:00
Howard Chu
eef667fd49 ITS#7739 fix for empty nested include 2013-11-05 07:34:30 -08:00
Jorge Perez Burgos
66e0d6017a ITS#7740 back-meta: avoid blocking other threads 
Don't lock other threads while trying to connect to remote node.
 2013-11-05 06:45:40 -08:00
Howard Chu
ed09222963 Fix slap_reparse_sync_cookie prototype 2013-11-02 14:20:15 -07:00
Howard Chu
0645878d5d ITS#7735 plug memleak 
Introduced in commit 48cdd54d9a
 2013-11-01 11:07:51 -07:00
Quanah Gibson-Mount
e70bc5dd64 ITS#7737 Add a matching rule for OlcDbEnvFlgs 2013-11-01 09:57:20 -07:00
Howard Chu
80d8c56afd ITS#7725 add nordahead envflag 2013-10-12 16:25:33 -07:00
Howard Chu
d47524d8f9 ITS#7692 no-op if target entry doesn't exist 2013-10-12 15:35:05 -07:00
Ted C. Cheng
a2e1b9b545 ITS#7699 fixed one dds start-up assertion failure 2013-10-12 15:23:19 -07:00
Howard Chu
d51ee964fc ITS#7694 more for IPv6 CLDAP, slapd fix 2013-10-10 10:48:08 -07:00
Howard Chu
63314e9c4a ITS#7710 fix typo 2013-10-10 04:04:44 -07:00
Howard Chu
44504848ac ITS#7329 optimize index update for simple add ops 
Don't need to reindex all the attr values if there were no deletes.
 2013-10-09 07:55:50 -07:00
Howard Chu
c350b51a63 ITS#7710 fix for non-replicated internal ops 
Their completion was making slap_graduate_commit_csn() cleanup
their parent op's CSN, thus preventing that CSN from propagating
to any consumers.
 2013-10-09 04:58:37 -07:00
Howard Chu
c82dcab9bd ITS#7720 don't do ptr arithmetic on void *s 2013-10-08 10:40:51 -07:00
Quanah Gibson-Mount
a672161ab7 Add maxsize parameter for mdb examples 2013-09-19 15:03:53 -07:00
Quanah Gibson-Mount
74c52fb136 Switch example slapd.conf to use mdb instead of bdb 2013-09-19 14:23:11 -07:00
Quanah Gibson-Mount
1a712bf18e Enable features that were hidden behind LDAP_DEVEL 2013-09-19 09:50:52 -07:00
Pierangelo Masarati
919a0f5b54 ITS#7687: password modify can muck with controls (quick fix) 2013-09-10 22:03:32 +02:00
Howard Chu
819566415e ITS#7381 more for prev commit 2013-09-09 04:59:20 -07:00
Howard Chu
c0e2961f81 Drop unused var in prev commit 2013-09-07 14:58:18 -07:00
Howard Chu
88d22a1ca3 Simplify write waiter handling 
Writer threads do their own wait using select/poll instead of
asking the listener thread. Eliminates one mutex+one condvar
per conn plus multiple wakeups of the listener thread. Also
fixes writetimeout to wait an exact time, instead of the
approximation used in the listener thread.
 2013-09-07 14:53:02 -07:00
Howard Chu
7d6d6944c5 ITS#7683 log tls prot/cipher info 
Note: I could not test the MozNSS patch due to the absence of
NSS PEM support on my machine. Given the review comments in
https://bugzilla.mozilla.org/show_bug.cgi?id=402712 I doubt that
trustworthy PEM support will be appearing for MozNSS any time soon.
 2013-09-07 12:22:09 -07:00
Howard Chu
69f810d549 ITS#7685 add missing olcTLSProtocolMin 2013-09-07 10:00:11 -07:00