upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-08 08:02:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
23060 commits 38 branches 309 tags 68 MiB
Commit graph

12395 commits

Author SHA1 Message Date
Howard Chu
8699e5f32e ITS#9282 fix crash in nonpresent_callback 
In a standard Refresh present phase, the provider sends no cookie
since it is only listing the entries that existed as of the time
in the cookie the consumer sent. In this case the consumer only
needs to check entryCSNs against its last sent cookie.
 2020-08-31 19:36:10 +01:00
Howard Chu
0ce83b26af ITS#9330 Fully serialize delta-sync 
Don't depend on accesslog overlay's serialization
 2020-08-29 01:13:04 +00:00
Howard Chu
edc94862b7 ITS#7639 fix crash in config_delete 
Additional fix to 41352ea34d
The overlay must be deleted from the backend before the
callback can execute. In particular, it must be done before
the threadpool is unpaused.
 2020-08-29 00:13:19 +00:00
Howard Chu
f883a57593 ITS#8427 don't set tls_ctx if TLS wasn't requested 
Also, set any remaining TLS options that weren't carried along
in the TLS ctx.
 2020-08-28 18:44:35 +01:00
Quanah Gibson-Mount
8d31219647 More for ITS#8845, skip cleanup on async op with extended operations 2020-08-26 21:55:39 +00:00
Howard Chu
9900794af1 ITS#9329 Re-fix merge_state 
A bit uglier but more straightforward.
 2020-08-26 21:00:00 +01:00
Quanah Gibson-Mount
c1411b8199 ITS#9323 - Limit to OpenSSL 1.0.2 or later 2020-08-25 21:52:04 +00:00
Howard Chu
9666306d86 ITS#9329 syncrepl: fix regression from ITS#9282 2020-08-25 21:13:22 +00:00
Fabrice Fontaine
8df03b435e ITS#9327 - Fix stripping when cross-compiling 
Probably-Signed-off-by: Dave Bender <bender@benegon.com>
[yann.morin.1998@free.fr: patch was made by Dave, but he
 forgot his SoB line, so I added it]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/openldap/0001-fix_cross_strip.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2020-08-25 19:54:59 +00:00
Howard Chu
5aa7e0f69b ITS#9324 syncrepl: don't wait forever in Refresh mode 
Just poll for available data, same as Persist mode.
Clarify retry/return states from do_syncrep2
 2020-08-24 15:12:24 +00:00
Howard Chu
88e569d857 ITS#9249 librewrite: fix malloc/free corruption 
If substitution parsing fails, would attempt to free a mapping
that hadn't been allocated yet.

Also, on failure, caller in saslauthz would attempt to free a
rwinfo struct that hadn't been allocated.
 2020-08-23 19:32:51 +00:00
Fredrik Roubert
8a521c17aa ITS#9232 - Implement caseIgnoreListSubstringsMatch. 2020-08-21 21:45:19 +00:00
Quanah Gibson-Mount
aa78299346 ITS#9311 - Correctly mark overlays as singular 2020-08-21 19:34:27 +00:00
Howard Chu
650b1404c2 ITS#9054, #9318 add new TLS options to slapd bindconf 
For use with back-ldap/back-meta/syncrepl/etc
 2020-08-21 20:06:56 +01:00
Howard Chu
12e11c9b84 ITS#9121 slapo-dynlist, -memberof: define memberOf if needed 
Ignore if it's defined already. Make it no-user-mod.
 2020-08-18 23:49:26 +00:00
Howard Chu
9d2f15307d ITS#7926 dynamic changes to olcListenerThreads 
Reallocates sockets from old to new listener threads
 2020-08-18 22:37:50 +01:00
Howard Chu
2f94318f06 ITS#7926 support multiple config cleanup functions per op 
Prep for main changes
 2020-08-18 22:00:58 +01:00
Howard Chu
b0d7308371 ITS#9135 fix index error on collapsed range 2020-08-13 18:18:45 +01:00
Quanah Gibson-Mount
00b14b1e28 ITS#9133 - Fix syncprov to be singular. 2020-08-10 23:41:07 +00:00
Howard Chu
633d40b0ac For ITS#9309 fix check for duplicate overlays 
and pass error message back to frontend
 2020-08-10 16:40:54 +01:00
Howard Chu
c8c39b8468 ITS#9309 don't allow ppolicy to be configured more than once on a backend 2020-08-10 16:07:39 +01:00
Howard Chu
8849d83f75 ITS#9279 fix Netscape password_expired control 2020-08-04 22:04:14 +00:00
Howard Chu
138c492696 ITS#9302 fix pwdFailireTime mutex scope 2020-07-30 17:53:25 +01:00
Arvid Requate
0e675be7ef ITS#9302 ppolicy: avoid pwdFailureTime race condition 2020-07-30 17:32:32 +01:00
Howard Chu
4cf90e84de ITS#9295 use replace on single-valued attrs 
For delta-sync as well as regular sync
 2020-07-29 16:15:42 +01:00
Ondřej Kuzník
917fcc03ee ITS#9279 Send Netscape expired control as a bare string 2020-07-27 14:22:24 +02:00
Ondřej Kuzník
43ebfa8fb4 ITS#6467 Make accesslog a possible sessionlog source 2020-07-22 22:25:10 +01:00
Ondřej Kuzník
66a743f119 ITS#6467 Record minCSN in audit container 2020-07-22 22:25:10 +01:00
Ondřej Kuzník
4b62f3b8d2 ITS#8645 Check for all syncrepl errors 2020-07-22 20:22:50 +00:00
Quanah Gibson-Mount
3716245fec Issue#8511 - Update documentation and configs to correctly use multiprovider 2020-07-22 19:32:49 +00:00
Ondřej Kuzník
a49b553676 ITS#9279 Implement Netscape password policy controls in ppolicy 2020-07-22 18:57:38 +00:00
Ondřej Kuzník
521b8bbe4b ITS#9282 Check entries are covered by new contextCSN before deletion 2020-07-22 18:24:52 +00:00
Ondřej Kuzník
5bbcf38c78 ITS#9282 Build a complete cookie for the search 2020-07-22 18:24:51 +00:00
Howard Chu
2c0499ae4e ITS#9121 support nested groups 2020-07-22 15:11:24 +00:00
Howard Chu
9210ed1618 ITS#9121 add dynamic memberOf support for static groups 2020-07-22 15:11:24 +00:00
Quanah Gibson-Mount
21eef84a49 ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-07-18 16:27:04 +00:00
Ondřej Kuzník
947bbfbf5a ITS#9280 Add olcPPolicyDisableWrite to the objectclass 2020-07-08 14:47:03 +01:00
Ondřej Kuzník
31423439c5 ITS#9043 Make sure uuidstr is initialised on use 2020-07-08 12:54:08 +01:00
Howard Chu
4fab675560 ITS#9285 don't hide ppolicy control 2020-07-07 21:01:32 +01:00
Ondřej Kuzník
bdc9dbc511 ITS#8701 Implement account usability in ppolicy 2020-07-07 16:43:37 +01:00
Quanah Gibson-Mount
c06ac436e2 ITS#9235 Merge libldap_r into libldap 2020-07-03 17:23:14 -07:00
Ondřej Kuzník
e05c09b919 ITS#8762 Clear pwdFailureTime on unlock 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
376d5d65cb ITS#7084 ACL of 'manage' gives pasword administrator access 
Password administrators can bypass safeModify, password quality checks
and trigger reset if policy instructs the server to.
 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
a030aacc39 ITS#7788 Allow pwdFailureTime tracking be disabled in policy 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
0b6ac3fd76 ITS#7788 Skip lockout processing if no policy applies 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
3ec005a097 ITS#7788 Report if there is a policy that applies 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
3e0447f4a6 ITS#7089 Skip lockout checks/modifications if password attribute missing 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
49504c16d2 Fix whitespace in ppolicy.c 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
e24a6bf5c1 ITS#8768 Do not update main CSN during delete phase 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
182ec30a6b ITS#8768 Accept delcsn from the server 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
d1e874c605 ITS#8768 Introduce delcsn into our syncrepl cookies 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
eae2dfde04 ITS#9280 Add ppolicy_disable_write 2020-06-23 15:29:26 +00:00
Quanah Gibson-Mount
58c978825c Issue#9020 - Use consistent namespaces for overlays 2020-06-22 20:44:12 +00:00
Ondřej Kuzník
3e5490f467 ITS#9043 More descriptive logs for syncrepl traffic and decisions 2020-06-22 18:20:22 +00:00
Ondřej Kuzník
799607231d ITS#7796 Move 'not indexed' messages to loglevel filter 2020-06-22 09:28:26 +01:00
Ondřej Kuzník
71560032f4 ITS#8949 Check eblock exists before freeing 
cn=config changes might cause slapi_plugins_used transition from 0
during the lifetime of operation (cn=config change or syncrepl) or
a connection and we should be able to deal with that.
 2020-06-21 22:53:14 +00:00
Ondřej Kuzník
6b46232ab8 ITS#8473 Implement ordering stable (de)registration 2020-06-21 22:53:14 +00:00
Ondřej Kuzník
e5105e706e ITS#8473 Mark olcPlugin as ordered 2020-06-21 22:53:14 +00:00
Quanah Gibson-Mount
0d0d50724a ITS#8140 - Update bind operations to note bind_ssf vs overall connection ssf 2020-06-21 22:04:46 +00:00
Ondřej Kuzník
57b0ed909c ITS#8434 Allow cleanup at the end of a failed back-config add 2020-06-21 18:55:09 +00:00
Howard Chu
2346dfd2a0 ITS#9262 check referral 2020-06-21 00:45:45 +01:00
Quanah Gibson-Mount
4e8f91304e Issue#9239 - Fix case where e->e_dn may be NULL causing a segfault on some platforms 2020-05-27 19:51:16 +00:00
Quanah Gibson-Mount
f926e66723 ITS#8873 - Delete obsolete configuration options from back-ldap, back-meta, and back-asyncmeta 2020-05-26 19:59:56 +00:00
Howard Chu
c70e2e0869 ITS#9264 more for unique locking 2020-05-25 22:38:30 +01:00
Ondřej Kuzník
f3952d947b ITS#9059 Document why we do FIND_CSN 2020-05-22 16:57:53 +00:00
Ondřej Kuzník
709d805f84 ITS#9059 Skip mincsn check if sessionlog replay was successful 2020-05-22 16:57:53 +00:00
Howard Chu
9183abe62c ITS#9264 add an optional lock to slapo-unique 2020-05-22 15:08:20 +01:00
Quanah Gibson-Mount
c91bbe6eea ITS#8614 - slapd must be built threaded 2020-05-14 16:30:17 +00:00
Ryan Tandy
fc8a7b25b8 ITS#9258 More for ITS#6937, don't free user/group 2020-05-10 08:47:54 -07:00
Howard Chu
f5ff1dad7e ITS#9227 fix attr / opattr detection in prev commit 2020-05-08 18:50:58 +01:00
Howard Chu
5462fc26b5 ITS#9227 syncrepl: don't delete non-replicated attrs 2020-05-08 16:23:44 +01:00
Howard Chu
d38d48fc8f ITS#9202 limit depth of nested filters 
Using a hardcoded limit for now; no reasonable apps
should ever run into it.
 2020-04-28 13:58:15 +00:00
Ryan Tandy
8f174209e1 ITS#7573 Fix back-perl dynamic config with threaded slapd 2020-04-27 16:21:12 +00:00
Isaac Boukris
3cd50fa8b3 ITS#9189 rework sasl-cbinding support 
Add LDAP_OPT_X_SASL_CBINDING option to define the binding type to use,
defaults to "none".

Add "tls-endpoint" binding type implementing "tls-server-end-point" from
RCF 5929, which is compatible with Windows.

Fix "tls-unique" to include the prefix in the bindings as per RFC 5056.
 2020-04-23 21:00:39 +02:00
Quanah Gibson-Mount
96fedda628 ITS#5573 - Expose contextCSN, entryCSN in subschema entry 2020-04-22 18:59:38 +00:00
Quanah Gibson-Mount
bc9a92866a ITS#6740 - Always enable rewrite 2020-04-22 14:49:10 +00:00
Howard Chu
bcb0af6262 ITS#6745 slapd daemon: use separate emfile mutex 2020-04-17 02:46:10 +01:00
Ondřej Kuzník
550476b5ad ITS#9112 Silence warnings 2020-04-16 16:41:35 +00:00
Ondřej Kuzník
8f01fdec36 ITS#8731 Remove unused arguments 2020-04-16 16:41:35 +00:00
Ondřej Kuzník
65d0936811 ITS#8245 Silence warning 2020-04-16 16:41:35 +00:00
Quanah Gibson-Mount
a97eed06f0 ITS#6937 - Remove unused proctitle bits 2020-04-15 19:32:28 +00:00
grapvar
a5e17673a6 ITS#9214 slapd-mdb: plug cursor leak in dnSuperiorMatch filter 2020-04-15 00:14:37 +01:00
Ryan Tandy
38f9dd2fb8 ITS#7878 Replace uint32_t with unsigned in back-mdb 
init.c: align mi_dbenv_flags and flags with mdb_dbi_open, which declares
flags as unsigned int.

search.c: align mi_rtxn_size with ARG_UINT; adjust ww_ctx.nentries to
silence a warning about signed/unsigned comparison.

config.c: parse checkpoint config more carefully. Reject negative or
unreasonably large values for kbytes and minutes. Ensure both values are
parsed successfully before making any changes.

Fixes a compilation failure under MinGW, where stdint.h types are not
implicitly pulled in by other headers.
 2020-04-14 10:04:33 -07:00
Ondřej Kuzník
f6d9fdc4f1 ITS#9043 Improve replication loggging 2020-04-14 09:58:03 +01:00
Ryan Tandy
bbe20cbf4c ITS#8731 cleanup unused logbuf 2020-04-13 18:57:50 +00:00
Ryan Tandy
e18764465f ITS#9212 Restore snprintf to caller-provided buffer 
76df74dbea removed some snprintfs to
buffers that are actually returned to the client. Restore these.
 2020-04-13 18:57:50 +00:00
Howard Chu
5bfd8d8888 ITS#9121 Fix MatchingRuleAssertion init 2020-04-07 16:26:35 +01:00
Ondřej Kuzník
6d6a330057 ITS#8245 Use Relax control to avoid uniqueness checks 
Still needs to retrieve the entry for ACL resolution until we can
restrict controls with ACLs.
 2020-04-06 20:44:09 +00:00
Howard Chu
0debad5830 ITS#9121 memberOf shortcut 
Don't try to generate it if it wasn't requested
 2020-04-04 03:48:14 +01:00
Howard Chu
15a922a5a3 ITS#9121 memberof fix 
Fix for groupURI with no filter
 2020-04-03 21:38:41 +01:00
Howard Chu
8180326ffe ITS#9121 typos 2020-04-03 21:29:25 +01:00
Howard Chu
5d82ba4905 ITS#9121 fix typo 2020-04-03 21:27:48 +01:00
Howard Chu
906cab755d ITS#9121 fix memberOf filtering 
Replace (memberOf=<groupDN>) filter with expansion of group's URI
 2020-04-03 21:25:58 +01:00
Howard Chu
015eae8fde ITS#9121 optimize dyngroup membership checking 
parse dyngroup URLs in advance, don't use the ACL engine's
evaluator any more
 2020-04-03 21:25:43 +01:00
Howard Chu
c9ff501e6d ITS#9121 memberof counting 
Keep track of number of uses of memberOf in config, to
allow bypassing code if not in use.
 2020-04-03 21:25:34 +01:00
Ryan Tandy
1d562a7a52 ITS#6035 olcAuthIDRewrite insert/delete support 2020-04-02 09:10:51 -07:00
Ryan Tandy
c4db906107 ITS#6035 olcAuthzRegexp insert/delete support 2020-04-02 09:10:51 -07:00
Ryan Tandy
822ed8c11d ITS#6035 saslauthz cleanups (no functional change) 
- give authid-rewrite's argument a name
- tidy saslauthz.c whitespace (mixed spaces/tabs)
- always declare slap_sasl_regexp_destroy: fixes an implicit declaration
  warning when configured without librewrite
- delete dead code: ENABLE_REWRITE implies SLAP_AUTH_REWRITE, so this
  code is never compiled
- make slap_sasl_regexp_rewrite_config static
- omit sasl_regexp unused fields when built with librewrite
 2020-04-02 09:10:51 -07:00
Emily Backes
f4bfb5e0a5 ITS#7074 - change olcDatabaseDummy initialization for windows 2020-03-20 19:08:22 +00:00
Howard Chu
2d87a1c7b5 ITS#9182 pcache: fix private DB init 2020-03-11 19:17:10 +00:00