[389-ds-base] branch 389-ds-base-1.4.0 updated: Issue 50536 - Audit log heading written to log after every update
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new 0f5d020 Issue 50536 - Audit log heading written to log after every update
0f5d020 is described below
commit 0f5d02090c7346ad84ec8c3852b2b4e35d528d32
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Wed Aug 7 16:57:17 2019 -0400
Issue 50536 - Audit log heading written to log after every update
Bug Description: Once the audit log is rotated the log "title" is incorrectly
written to the log after every single update. This happened
becuase when we udpated the state of the log it was applied
to a local variable, and not the log info structure itself.
Fix Description: After writting the "title", update the state of the log using
a pointer to the log info structure.
relates: https://pagure.io/389-ds-base/issue/50536
Reviewed by: lkrispenz(Thanks!)
---
ldap/servers/slapd/log.c | 14 +++++++-------
ldap/servers/slapd/proto-slap.h | 2 +-
src/cockpit/389-console/src/servers.html | 8 ++++----
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index 2456abf..f308a48 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -2073,11 +2073,11 @@ slapd_log_audit(
int retval = LDAP_SUCCESS;
int lbackend = loginfo.log_backend; /* We copy this to make these next checks atomic */
- int state = 0;
+ int *state;
if (sourcelog == SLAPD_AUDIT_LOG) {
- state = loginfo.log_audit_state;
+ state = &loginfo.log_audit_state;
} else if (sourcelog == SLAPD_AUDITFAIL_LOG) {
- state = loginfo.log_auditfail_state;
+ state = &loginfo.log_auditfail_state;
} else {
/* How did we even get here! */
return 1;
@@ -2106,9 +2106,9 @@ int
slapd_log_audit_internal(
char *buffer,
int buf_len,
- int state)
+ int *state)
{
- if ((state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL)) {
+ if ((*state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL)) {
LOG_AUDIT_LOCK_WRITE();
if (log__needrotation(loginfo.log_audit_fdes,
SLAPD_AUDIT_LOG) == LOG_ROTATE) {
@@ -2122,9 +2122,9 @@ slapd_log_audit_internal(
loginfo.log_audit_rotationsyncclock += PR_ABS(loginfo.log_audit_rotationtime_secs);
}
}
- if (state & LOGGING_NEED_TITLE) {
+ if (*state & LOGGING_NEED_TITLE) {
log_write_title(loginfo.log_audit_fdes);
- state &= ~LOGGING_NEED_TITLE;
+ *state &= ~LOGGING_NEED_TITLE;
}
LOG_WRITE_NOW_NO_ERR(loginfo.log_audit_fdes, buffer, buf_len, 0);
LOG_AUDIT_UNLOCK_WRITE();
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index dce4243..932828d 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -787,7 +787,7 @@ int slapi_log_access(int level, char *fmt, ...)
;
#endif
int slapd_log_audit(char *buffer, int buf_len, int sourcelog);
-int slapd_log_audit_internal(char *buffer, int buf_len, int state);
+int slapd_log_audit_internal(char *buffer, int buf_len, int *state);
int slapd_log_auditfail(char *buffer, int buf_len);
int slapd_log_auditfail_internal(char *buffer, int buf_len);
void log_access_flush(void);
diff --git a/src/cockpit/389-console/src/servers.html b/src/cockpit/389-console/src/servers.html
index 8f40883..820c29c 100644
--- a/src/cockpit/389-console/src/servers.html
+++ b/src/cockpit/389-console/src/servers.html
@@ -519,7 +519,7 @@
<label for="nsslapd-accesslog-logrotationtime" class="ds-config-sub-label" title="Access log rotation time settings (nsslapd-accesslog-logrotationtime).">Create New Log Every...</label><input
class="ds-input" type="text" id="nsslapd-accesslog-logrotationtime" size="40"/> <select class="btn btn-default dropdown" id="nsslapd-accesslog-logrotationtimeunit">
<option>minute</option>
- <option>hours</option>
+ <option>hour</option>
<option>day</option>
<option>week</option>
<option>month</option>
@@ -608,7 +608,7 @@
<label for="nsslapd-auditlog-logrotationtime" class="ds-config-sub-label" title="Audit log rotation time settings (nsslapd-auditlog-logrotationtime).">Create New Log Every...</label><input
class="ds-input" type="text" id="nsslapd-auditlog-logrotationtime" size="40"/> <select class="btn btn-default dropdown" id="nsslapd-auditlog-logrotationtimeunit">
<option>minute</option>
- <option>hours</option>
+ <option>hour</option>
<option>day</option>
<option>week</option>
<option>month</option>
@@ -667,7 +667,7 @@
<label for="nsslapd-auditfaillog-logrotationtime" class="ds-config-sub-label" title="Audit failure log rotation time settings (nsslapd-auditlog-logrotationtime).">Create New Log Every...</label><input
class="ds-input" type="text" id="nsslapd-auditfaillog-logrotationtime" size="40"/> <select class="btn btn-default dropdown" id="nsslapd-auditfaillog-logrotationtimeunit">
<option>minute</option>
- <option>hours</option>
+ <option>hour</option>
<option>day</option>
<option>week</option>
<option>month</option>
@@ -724,7 +724,7 @@
<label for="nsslapd-errorlog-logrotationtime" class="ds-config-sub-label" title="Errors log rotation time settings (nsslapd-errorlog-logrotationtime).">Create New Log Every...</label><input
class="ds-input" type="text" id="nsslapd-errorlog-logrotationtime" size="40"/> <select class="btn btn-default dropdown" id="nsslapd-errorlog-logrotationtimeunit">
<option>minute</option>
- <option>hours</option>
+ <option>hour</option>
<option>day</option>
<option>week</option>
<option>month</option>
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 9 months
[389-ds-base] branch 389-ds-base-1.3.10 updated: Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.3.10 by this push:
new 66969b2 Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
66969b2 is described below
commit 66969b22c684baa9ad67ea6cafb342ff0d10ca0c
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Thu Aug 1 16:50:34 2019 -0400
Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
Bug Description:
If you delete the suffix that is set as the default naming context, the attribute
is not reset.
Also using dsconf to delete a backend/suffix fails if there are vlv indexes, encrypted
attributes, or replication is configured.
Fix Description:
As for the default naming context, if there is a second suffix configured, it will be
automatically set as the new default naming context, otherwise the attribute is not
modified.
For dsconf backend delete issue, it now checks and removes replication configuration
and agreements, and removes all the child entries under the backend entry.
relates: https://pagure.io/389-ds-base/issue/50525
Reviewed by: spichugi(Thanks!)
---
.../be_del_and_default_naming_attr_test.py | 90 ++++++++++++++++++++++
ldap/servers/slapd/mapping_tree.c | 50 +++++++-----
src/lib389/lib389/backend.py | 17 ++--
src/lib389/lib389/replica.py | 2 +-
4 files changed, 132 insertions(+), 27 deletions(-)
diff --git a/dirsrvtests/tests/suites/mapping_tree/be_del_and_default_naming_attr_test.py b/dirsrvtests/tests/suites/mapping_tree/be_del_and_default_naming_attr_test.py
new file mode 100644
index 0000000..34a2de2
--- /dev/null
+++ b/dirsrvtests/tests/suites/mapping_tree/be_del_and_default_naming_attr_test.py
@@ -0,0 +1,90 @@
+import logging
+import pytest
+import os
+from lib389._constants import DEFAULT_SUFFIX
+from lib389.topologies import topology_m1 as topo
+from lib389.backend import Backends
+from lib389.encrypted_attributes import EncryptedAttrs
+
+DEBUGGING = os.getenv("DEBUGGING", default=False)
+if DEBUGGING:
+ logging.getLogger(__name__).setLevel(logging.DEBUG)
+else:
+ logging.getLogger(__name__).setLevel(logging.INFO)
+log = logging.getLogger(__name__)
+
+SECOND_SUFFIX = 'o=namingcontext'
+THIRD_SUFFIX = 'o=namingcontext2'
+
+def test_be_delete(topo):
+ """Test that we can delete a backend that contains replication
+ configuration and encrypted attributes. The default naming
+ context should also be updated to reflect the next available suffix
+
+ :id: 5208f897-7c95-4925-bad0-9ceb95fee678
+ :setup: Master Instance
+ :steps:
+ 1. Create second backend/suffix
+ 2. Add an encrypted attribute to the default suffix
+ 2. Delete default suffix
+ 3. Check the nsslapd-defaultnamingcontext is updated
+ 4. Delete the last backend
+ 5. Check the namingcontext has not changed
+ 6. Add new backend
+ 7. Set default naming context
+ 8. Verify the naming context is correct
+ :expectedresults:
+ 1. Success
+ 2. Success
+ 3. Success
+ 4. Success
+ 5. Success
+ 6. Success
+ 7. Success
+ 8. Success
+ """
+
+ inst = topo.ms["master1"]
+
+ # Create second suffix
+ backends = Backends(inst)
+ default_backend = backends.get(DEFAULT_SUFFIX)
+ new_backend = backends.create(properties={'nsslapd-suffix': SECOND_SUFFIX,
+ 'name': 'namingRoot'})
+
+ # Add encrypted attribute entry under default suffix
+ encrypt_attrs = EncryptedAttrs(inst, basedn='cn=encrypted attributes,{}'.format(default_backend.dn))
+ encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
+
+ # Delete default suffix
+ default_backend.delete()
+
+ # Check that the default naming context is set to the new/second suffix
+ default_naming_ctx = inst.config.get_attr_val_utf8('nsslapd-defaultnamingcontext')
+ assert default_naming_ctx == SECOND_SUFFIX
+
+ # delete new backend, but the naming context should not change
+ new_backend.delete()
+
+ # Check that the default naming context is still set to the new/second suffix
+ default_naming_ctx = inst.config.get_attr_val_utf8('nsslapd-defaultnamingcontext')
+ assert default_naming_ctx == SECOND_SUFFIX
+
+ # Add new backend
+ new_backend = backends.create(properties={'nsslapd-suffix': THIRD_SUFFIX,
+ 'name': 'namingRoot2'})
+
+ # manaully set naming context
+ inst.config.set('nsslapd-defaultnamingcontext', THIRD_SUFFIX)
+
+ # Verify naming context is correct
+ default_naming_ctx = inst.config.get_attr_val_utf8('nsslapd-defaultnamingcontext')
+ assert default_naming_ctx == THIRD_SUFFIX
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main(["-s", CURRENT_FILE])
+
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index 834949a..25e9fb8 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -1521,26 +1521,36 @@ done:
strcpy_unescape_value(escaped, suffix);
}
if (escaped && (0 == strcasecmp(escaped, default_naming_context))) {
- int rc = _mtn_update_config_param(LDAP_MOD_DELETE,
- CONFIG_DEFAULT_NAMING_CONTEXT,
- NULL);
- if (rc) {
- slapi_log_err(SLAPI_LOG_ERR,
- "mapping_tree_entry_delete_callback",
- "deleting config param %s failed: RC=%d\n",
- CONFIG_DEFAULT_NAMING_CONTEXT, rc);
- }
- if (LDAP_SUCCESS == rc) {
- char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
- /* Removing defaultNamingContext from cn=config entry
- * was successful. The remove does not reset the
- * global parameter. We need to reset it separately. */
- if (config_set_default_naming_context(
- CONFIG_DEFAULT_NAMING_CONTEXT,
- NULL, errorbuf, CONFIG_APPLY)) {
- slapi_log_err(SLAPI_LOG_ERR, "mapping_tree_entry_delete_callback",
- "Setting NULL to %s failed. %s\n",
- CONFIG_DEFAULT_NAMING_CONTEXT, errorbuf);
+ /*
+ * We can not delete the default naming attribute, so instead
+ * replace it only if there is another suffix available
+ */
+ void *node = NULL;
+ Slapi_DN *sdn;
+ sdn = slapi_get_first_suffix(&node, 0);
+ if (sdn) {
+ char *replacement_suffix = (char *)slapi_sdn_get_dn(sdn);
+ int rc = _mtn_update_config_param(LDAP_MOD_REPLACE,
+ CONFIG_DEFAULT_NAMING_CONTEXT,
+ replacement_suffix);
+ if (rc) {
+ slapi_log_err(SLAPI_LOG_ERR,
+ "mapping_tree_entry_delete_callback",
+ "replacing config param %s failed: RC=%d\n",
+ CONFIG_DEFAULT_NAMING_CONTEXT, rc);
+ }
+ if (LDAP_SUCCESS == rc) {
+ char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
+ /* Replacing defaultNamingContext from cn=config entry
+ * was successful. The replace does not reset the
+ * global parameter. We need to reset it separately. */
+ if (config_set_default_naming_context(
+ CONFIG_DEFAULT_NAMING_CONTEXT,
+ replacement_suffix, errorbuf, CONFIG_APPLY)) {
+ slapi_log_err(SLAPI_LOG_ERR, "mapping_tree_entry_delete_callback",
+ "Setting %s tp %s failed. %s\n",
+ CONFIG_DEFAULT_NAMING_CONTEXT, replacement_suffix, errorbuf);
+ }
}
}
}
diff --git a/src/lib389/lib389/backend.py b/src/lib389/lib389/backend.py
index 6f4c869..4d32038 100644
--- a/src/lib389/lib389/backend.py
+++ b/src/lib389/lib389/backend.py
@@ -17,6 +17,7 @@ from lib389 import Entry
from lib389._mapped_object import DSLdapObjects, DSLdapObject
from lib389.mappingTree import MappingTrees, MappingTree
from lib389.exceptions import NoSuchEntryError, InvalidArgumentError
+from lib389.replica import Replicas
# We need to be a factor to the backend monitor
from lib389.monitor import MonitorBackend
@@ -507,20 +508,24 @@ class Backend(DSLdapObject):
mt = self._mts.get(selector=bename)
# Assert the type is "backend"
# Are these the right types....?
- if mt.get_attr_val('nsslapd-state') != ensure_bytes('backend'):
+ if mt.get_attr_val('nsslapd-state').lower() != ensure_bytes('backend'):
raise ldap.UNWILLING_TO_PERFORM('Can not delete the mapping tree, not for a backend! You may need to delete this backend via cn=config .... ;_; ')
+
+ # Delete replicas first
+ try:
+ Replicas(self._instance).get(mt.get_attr_val_utf8('cn')).delete()
+ except ldap.NO_SUCH_OBJECT:
+ # No replica, no problem
+ pass
+
# Delete our mapping tree if it exists.
mt.delete()
except ldap.NO_SUCH_OBJECT:
# Righto, it's already gone! Do nothing ...
pass
- # Delete all our related indices
- self._instance.index.delete_all(bename)
# Now remove our children, this is all ldbm config
- self._instance.delete_branch_s(self._dn, ldap.SCOPE_ONELEVEL)
- # The super will actually delete ourselves.
- super(Backend, self).delete()
+ self._instance.delete_branch_s(self._dn, ldap.SCOPE_SUBTREE)
def _lint_mappingtree(self):
"""Backend lint
diff --git a/src/lib389/lib389/replica.py b/src/lib389/lib389/replica.py
index cdd0a97..7b45683 100644
--- a/src/lib389/lib389/replica.py
+++ b/src/lib389/lib389/replica.py
@@ -458,7 +458,7 @@ class ReplicaLegacy(object):
try:
self.deleteAgreements(nsuffix)
except ldap.LDAPError as e:
- self.log.fatal('Failed to delete replica agreements!')
+ self.log.fatal('Failed to delete replica agreements! ' + str(e))
raise
# Delete the replica
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 9 months
[389-ds-base] branch 389-ds-base-1.4.0 updated: Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new c1e1b80 Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
c1e1b80 is described below
commit c1e1b80e9659342f0e71f1c4817453db468a748d
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Thu Aug 1 16:50:34 2019 -0400
Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted
Bug Description:
If you delete the suffix that is set as the default naming context, the attribute
is not reset.
Also using dsconf to delete a backend/suffix fails if there are vlv indexes, encrypted
attributes, or replication is configured.
Fix Description:
As for the default naming context, if there is a second suffix configured, it will be
automatically set as the new default naming context, otherwise the attribute is not
modified.
For dsconf backend delete issue, it now checks and removes replication configuration
and agreements, and removes all the child entries under the backend entry.
relates: https://pagure.io/389-ds-base/issue/50525
Reviewed by: spichugi(Thanks!)
---
.../be_del_and_default_naming_attr_test.py | 90 ++++++++++++++++++++++
ldap/servers/slapd/mapping_tree.c | 50 +++++++-----
src/lib389/lib389/backend.py | 20 ++---
src/lib389/lib389/replica.py | 2 +-
4 files changed, 132 insertions(+), 30 deletions(-)
diff --git a/dirsrvtests/tests/suites/mapping_tree/be_del_and_default_naming_attr_test.py b/dirsrvtests/tests/suites/mapping_tree/be_del_and_default_naming_attr_test.py
new file mode 100644
index 0000000..34a2de2
--- /dev/null
+++ b/dirsrvtests/tests/suites/mapping_tree/be_del_and_default_naming_attr_test.py
@@ -0,0 +1,90 @@
+import logging
+import pytest
+import os
+from lib389._constants import DEFAULT_SUFFIX
+from lib389.topologies import topology_m1 as topo
+from lib389.backend import Backends
+from lib389.encrypted_attributes import EncryptedAttrs
+
+DEBUGGING = os.getenv("DEBUGGING", default=False)
+if DEBUGGING:
+ logging.getLogger(__name__).setLevel(logging.DEBUG)
+else:
+ logging.getLogger(__name__).setLevel(logging.INFO)
+log = logging.getLogger(__name__)
+
+SECOND_SUFFIX = 'o=namingcontext'
+THIRD_SUFFIX = 'o=namingcontext2'
+
+def test_be_delete(topo):
+ """Test that we can delete a backend that contains replication
+ configuration and encrypted attributes. The default naming
+ context should also be updated to reflect the next available suffix
+
+ :id: 5208f897-7c95-4925-bad0-9ceb95fee678
+ :setup: Master Instance
+ :steps:
+ 1. Create second backend/suffix
+ 2. Add an encrypted attribute to the default suffix
+ 2. Delete default suffix
+ 3. Check the nsslapd-defaultnamingcontext is updated
+ 4. Delete the last backend
+ 5. Check the namingcontext has not changed
+ 6. Add new backend
+ 7. Set default naming context
+ 8. Verify the naming context is correct
+ :expectedresults:
+ 1. Success
+ 2. Success
+ 3. Success
+ 4. Success
+ 5. Success
+ 6. Success
+ 7. Success
+ 8. Success
+ """
+
+ inst = topo.ms["master1"]
+
+ # Create second suffix
+ backends = Backends(inst)
+ default_backend = backends.get(DEFAULT_SUFFIX)
+ new_backend = backends.create(properties={'nsslapd-suffix': SECOND_SUFFIX,
+ 'name': 'namingRoot'})
+
+ # Add encrypted attribute entry under default suffix
+ encrypt_attrs = EncryptedAttrs(inst, basedn='cn=encrypted attributes,{}'.format(default_backend.dn))
+ encrypt_attrs.create(properties={'cn': 'employeeNumber', 'nsEncryptionAlgorithm': 'AES'})
+
+ # Delete default suffix
+ default_backend.delete()
+
+ # Check that the default naming context is set to the new/second suffix
+ default_naming_ctx = inst.config.get_attr_val_utf8('nsslapd-defaultnamingcontext')
+ assert default_naming_ctx == SECOND_SUFFIX
+
+ # delete new backend, but the naming context should not change
+ new_backend.delete()
+
+ # Check that the default naming context is still set to the new/second suffix
+ default_naming_ctx = inst.config.get_attr_val_utf8('nsslapd-defaultnamingcontext')
+ assert default_naming_ctx == SECOND_SUFFIX
+
+ # Add new backend
+ new_backend = backends.create(properties={'nsslapd-suffix': THIRD_SUFFIX,
+ 'name': 'namingRoot2'})
+
+ # manaully set naming context
+ inst.config.set('nsslapd-defaultnamingcontext', THIRD_SUFFIX)
+
+ # Verify naming context is correct
+ default_naming_ctx = inst.config.get_attr_val_utf8('nsslapd-defaultnamingcontext')
+ assert default_naming_ctx == THIRD_SUFFIX
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main(["-s", CURRENT_FILE])
+
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index b904249..b50ebd4 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -1519,26 +1519,36 @@ done:
strcpy_unescape_value(escaped, suffix);
}
if (escaped && (0 == strcasecmp(escaped, default_naming_context))) {
- int rc = _mtn_update_config_param(LDAP_MOD_DELETE,
- CONFIG_DEFAULT_NAMING_CONTEXT,
- NULL);
- if (rc) {
- slapi_log_err(SLAPI_LOG_ERR,
- "mapping_tree_entry_delete_callback",
- "deleting config param %s failed: RC=%d\n",
- CONFIG_DEFAULT_NAMING_CONTEXT, rc);
- }
- if (LDAP_SUCCESS == rc) {
- char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
- /* Removing defaultNamingContext from cn=config entry
- * was successful. The remove does not reset the
- * global parameter. We need to reset it separately. */
- if (config_set_default_naming_context(
- CONFIG_DEFAULT_NAMING_CONTEXT,
- NULL, errorbuf, CONFIG_APPLY)) {
- slapi_log_err(SLAPI_LOG_ERR, "mapping_tree_entry_delete_callback",
- "Setting NULL to %s failed. %s\n",
- CONFIG_DEFAULT_NAMING_CONTEXT, errorbuf);
+ /*
+ * We can not delete the default naming attribute, so instead
+ * replace it only if there is another suffix available
+ */
+ void *node = NULL;
+ Slapi_DN *sdn;
+ sdn = slapi_get_first_suffix(&node, 0);
+ if (sdn) {
+ char *replacement_suffix = (char *)slapi_sdn_get_dn(sdn);
+ int rc = _mtn_update_config_param(LDAP_MOD_REPLACE,
+ CONFIG_DEFAULT_NAMING_CONTEXT,
+ replacement_suffix);
+ if (rc) {
+ slapi_log_err(SLAPI_LOG_ERR,
+ "mapping_tree_entry_delete_callback",
+ "replacing config param %s failed: RC=%d\n",
+ CONFIG_DEFAULT_NAMING_CONTEXT, rc);
+ }
+ if (LDAP_SUCCESS == rc) {
+ char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
+ /* Replacing defaultNamingContext from cn=config entry
+ * was successful. The replace does not reset the
+ * global parameter. We need to reset it separately. */
+ if (config_set_default_naming_context(
+ CONFIG_DEFAULT_NAMING_CONTEXT,
+ replacement_suffix, errorbuf, CONFIG_APPLY)) {
+ slapi_log_err(SLAPI_LOG_ERR, "mapping_tree_entry_delete_callback",
+ "Setting %s tp %s failed. %s\n",
+ CONFIG_DEFAULT_NAMING_CONTEXT, replacement_suffix, errorbuf);
+ }
}
}
}
diff --git a/src/lib389/lib389/backend.py b/src/lib389/lib389/backend.py
index 353a3e1..5405e20 100644
--- a/src/lib389/lib389/backend.py
+++ b/src/lib389/lib389/backend.py
@@ -18,6 +18,7 @@ from lib389 import Entry
from lib389._mapped_object import DSLdapObjects, DSLdapObject
from lib389.mappingTree import MappingTrees
from lib389.exceptions import NoSuchEntryError, InvalidArgumentError
+from lib389.replica import Replicas
# We need to be a factor to the backend monitor
from lib389.monitor import MonitorBackend
@@ -530,23 +531,24 @@ class Backend(DSLdapObject):
mt = self._mts.get(selector=bename)
# Assert the type is "backend"
# Are these the right types....?
- if mt.get_attr_val('nsslapd-state').lower() != ensure_bytes('backend'):
+ if mt.get_attr_val_utf8('nsslapd-state').lower() != 'backend':
raise ldap.UNWILLING_TO_PERFORM('Can not delete the mapping tree, not for a backend! You may need to delete this backend via cn=config .... ;_; ')
+
+ # Delete replicas first
+ try:
+ Replicas(self._instance).get(mt.get_attr_val_utf8('cn')).delete()
+ except ldap.NO_SUCH_OBJECT:
+ # No replica, no problem
+ pass
+
# Delete our mapping tree if it exists.
mt.delete()
except ldap.NO_SUCH_OBJECT:
# Righto, it's already gone! Do nothing ...
pass
- # Delete all our related indices
- self._instance.index.delete_all(bename)
# Now remove our children, this is all ldbm config
-
- configs = self._instance.search_s(self._dn, ldap.SCOPE_ONELEVEL)
- for c in configs:
- self._instance.delete_branch_s(c.dn, ldap.SCOPE_SUBTREE)
- # The super will actually delete ourselves.
- super(Backend, self).delete()
+ self._instance.delete_branch_s(self._dn, ldap.SCOPE_SUBTREE)
def _lint_mappingtree(self):
"""Backend lint
diff --git a/src/lib389/lib389/replica.py b/src/lib389/lib389/replica.py
index ab20775..456e493 100644
--- a/src/lib389/lib389/replica.py
+++ b/src/lib389/lib389/replica.py
@@ -470,7 +470,7 @@ class ReplicaLegacy(object):
try:
self.deleteAgreements(nsuffix)
except ldap.LDAPError as e:
- self.log.fatal('Failed to delete replica agreements!')
+ self.log.fatal('Failed to delete replica agreements! ' + str(e))
raise
# Delete the replica
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 9 months
[389-ds-base] branch 389-ds-base-1.4.0 updated: Issue 50534 - CLI change schema edit subcommand to replace
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new a14dd18 Issue 50534 - CLI change schema edit subcommand to replace
a14dd18 is described below
commit a14dd18abc8f6f65507e3ebb8967650bbd9d9a2c
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Wed Aug 7 12:36:33 2019 -0400
Issue 50534 - CLI change schema edit subcommand to replace
Description: The way the CLI currently edits an attribute or objectclass
is that it deletes it, and then adds the new attribute using
only the params specified in "edit". So the subcommand "edit"
is misleading as previous/untouched values will get overwritten,
it should be "replace" instead to avoid confusion.
relates: https://pagure.io/389-ds-base/issue/50534
Reviewed by: spichugi(Thanks!)
---
src/cockpit/389-console/src/schema.html | 5 -----
src/cockpit/389-console/src/schema.js | 9 +++------
src/lib389/lib389/cli_conf/schema.py | 4 ++--
3 files changed, 5 insertions(+), 13 deletions(-)
diff --git a/src/cockpit/389-console/src/schema.html b/src/cockpit/389-console/src/schema.html
index 449f3a2..35fcdfc 100644
--- a/src/cockpit/389-console/src/schema.html
+++ b/src/cockpit/389-console/src/schema.html
@@ -228,11 +228,6 @@
</select>
</div>
</div>
- <div>
- <label for="oc-x-origin" class="ds-config-label-lrg"
- title="The objectClass X-ORIGIN (keep 'user defined' if it's a non-standard objectClass)"><b
- >ObjectClass X-ORIGIN</b></label><input class="ds-input" type="text" id="oc-x-origin" size="40"/>
- </div>
</div>
</form>
<div id="save-oc-spinner" class="ds-center" hidden>
diff --git a/src/cockpit/389-console/src/schema.js b/src/cockpit/389-console/src/schema.js
index c2073fc..94cebe5 100644
--- a/src/cockpit/389-console/src/schema.js
+++ b/src/cockpit/389-console/src/schema.js
@@ -84,7 +84,6 @@ function clear_oc_form() {
$("#schema-list").prop('selectedIndex',-1);
$('#oc-required-list').find('option').remove();
$('#oc-allowed-list').find('option').remove();
- $("#oc-x-origin").val("");
$("#save-oc-button").attr('disabled', false);
}
@@ -106,7 +105,6 @@ function clear_attr_form() {
$("#attr-eq-mr-select").prop('selectedIndex',0);
$("#attr-order-mr-select").prop('selectedIndex',0);
$("#attr-sub-mr-select").prop('selectedIndex',0);
- $("#attr-x-origin").val("");
$("#save-attr-button").attr('disabled', false);
}
@@ -410,7 +408,7 @@ $(document).ready( function() {
var oc_parent = $("#oc-parent").val();
var oc_kind = $("#oc-kind").val();
var oc_desc = $("#oc-desc").val();
- var oc_x_origin = $("#oc-x-origin").val();
+ var oc_x_origin = "user defined";
var oc_required_list = $('#oc-required-list option').map(function() { return $(this).val(); }).get();
var oc_allowed_list = $('#oc-allowed-list option').map(function() { return $(this).val(); }).get();
@@ -418,7 +416,7 @@ $(document).ready( function() {
var edit = false;
if ( $("#add-edit-oc-header").text().indexOf("Edit Objectclass") != -1){
edit = true;
- action = 'edit';
+ action = 'replace';
}
if (oc_name == '') {
report_err($("#oc-name"), 'You must provide an objectClass name');
@@ -584,7 +582,7 @@ $(document).ready( function() {
var edit = false;
if ( $("#add-edit-attr-header").text().indexOf("Edit Attribute") != -1){
edit = true;
- action = 'edit';
+ action = 'replace';
}
if (attr_name == '') {
@@ -804,7 +802,6 @@ $(document).ready( function() {
$("#oc-oid").val(edit_oc_oid);
$("#oc-kind")[0].value = edit_oc_kind;
$("#oc-desc").val(edit_oc_desc);
- $("#oc-x-origin").val(edit_oc_x_origin);
$("#oc-parent")[0].value = edit_oc_parent;
$.each(edit_oc_required, function (i, item) {
if (item) {
diff --git a/src/lib389/lib389/cli_conf/schema.py b/src/lib389/lib389/cli_conf/schema.py
index d5d2011..7764356 100644
--- a/src/lib389/lib389/cli_conf/schema.py
+++ b/src/lib389/lib389/cli_conf/schema.py
@@ -326,7 +326,7 @@ def create_parser(subparsers):
at_add_parser.set_defaults(func=add_attributetype)
_add_parser_args(at_add_parser, 'attributetypes')
at_add_parser.add_argument('--syntax', required=True, help='OID of the LDAP syntax assigned to the attribute')
- at_edit_parser = attributetypes_subcommands.add_parser('edit', help='Edit an attribute type on this system')
+ at_edit_parser = attributetypes_subcommands.add_parser('replace', help='Replace an attribute type on this system')
at_edit_parser.set_defaults(func=edit_attributetype)
_add_parser_args(at_edit_parser, 'attributetypes')
at_edit_parser.add_argument('--syntax', help='OID of the LDAP syntax assigned to the attribute')
@@ -344,7 +344,7 @@ def create_parser(subparsers):
oc_add_parser = objectclasses_subcommands.add_parser('add', help='Add an objectClass to this system')
oc_add_parser.set_defaults(func=add_objectclass)
_add_parser_args(oc_add_parser, 'objectclasses')
- oc_edit_parser = objectclasses_subcommands.add_parser('edit', help='Edit an objectClass on this system')
+ oc_edit_parser = objectclasses_subcommands.add_parser('replace', help='Replace an objectClass on this system')
oc_edit_parser.set_defaults(func=edit_objectclass)
_add_parser_args(oc_edit_parser, 'objectclasses')
oc_remove_parser = objectclasses_subcommands.add_parser('remove', help='Remove an objectClass on this system')
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 9 months
[389-ds-base] branch 389-ds-base-1.4.0 updated: Issue 50534 - backport UI schema editing fix
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new f3c18b1 Issue 50534 - backport UI schema editing fix
f3c18b1 is described below
commit f3c18b15665fa4298eabdc57c6426fa9e713127a
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Wed Aug 7 11:28:18 2019 -0400
Issue 50534 - backport UI schema editing fix
Description: Editing custom schema was some issues where values
would get incorrectly overwritten.
relates: https://pagure.io/389-ds-base/issue/50534
Reviewed by: spichugi(Thanks!)
---
src/cockpit/389-console/src/schema.html | 5 ---
src/cockpit/389-console/src/schema.js | 58 +++++++++++++++++++--------------
src/lib389/lib389/schema.py | 12 +++++++
3 files changed, 45 insertions(+), 30 deletions(-)
diff --git a/src/cockpit/389-console/src/schema.html b/src/cockpit/389-console/src/schema.html
index b677d5b..449f3a2 100644
--- a/src/cockpit/389-console/src/schema.html
+++ b/src/cockpit/389-console/src/schema.html
@@ -144,11 +144,6 @@
</div>
</div>
</div>
- <div>
- <label for="attr-x-origin" class="ds-config-label-lrg"
- title="The attribute X-ORIGIN (keep 'user defined' if it's a non-standard attribute)"><b
- >Attribute X-ORIGIN</b></label><input class="ds-input" type="text" id="attr-x-origin" size="40"/>
- </div>
</div>
<div id="save-attr-spinner" class="ds-center" hidden>
<p></p>
diff --git a/src/cockpit/389-console/src/schema.js b/src/cockpit/389-console/src/schema.js
index 501a921..c2073fc 100644
--- a/src/cockpit/389-console/src/schema.js
+++ b/src/cockpit/389-console/src/schema.js
@@ -51,17 +51,20 @@ function is_x_origin_user_defined(x_origin) {
$.fn.dataTable.ext.search.push(
function(settings, searchData, index, rowData, counter) {
var x_origin;
- if ( $("#attr-user-defined").is(":checked") ) {
- x_origin = rowData[10];
- if (!is_x_origin_user_defined(x_origin)) {
- return false;
- }
- }
- if ( $("#oc-user-defined").is(":checked") ) {
- x_origin = rowData[6];
- if (!is_x_origin_user_defined(x_origin)) {
- return false;
- }
+ if ( settings.sTableId == "attr-table" ) {
+ if ( $("#attr-user-defined").is(":checked") ) {
+ x_origin = rowData[10];
+ if (!is_x_origin_user_defined(x_origin)) {
+ return false;
+ }
+ }
+ } else {
+ if ( $("#oc-user-defined").is(":checked") ) {
+ x_origin = rowData[6];
+ if (!is_x_origin_user_defined(x_origin)) {
+ return false;
+ }
+ }
}
return true;
}
@@ -423,22 +426,28 @@ $(document).ready( function() {
}
var cmd = [DSCONF, server_inst, 'schema', 'objectclasses', action, oc_name];
// Process and validate parameters
- cmd.push.apply(cmd, ["--oid", oc_oid]);
- cmd.push.apply(cmd, ["--sup", oc_parent]);
- cmd.push.apply(cmd, ["--kind", oc_kind]);
- cmd.push.apply(cmd, ["--desc", oc_desc]);
- cmd.push.apply(cmd, ["--x-origin", oc_x_origin]);
- cmd.push.apply(cmd, ["--must"]);
+ if (oc_oid != "") {
+ cmd.push.apply(cmd, ["--oid", oc_oid]);
+ }
+ if (oc_parent != "") {
+ cmd.push.apply(cmd, ["--sup", oc_parent]);
+ }
+ if (oc_kind != "") {
+ cmd.push.apply(cmd, ["--kind", oc_kind]);
+ }
+ if (oc_desc != "") {
+ cmd.push.apply(cmd, ["--desc", oc_desc]);
+ }
+ if (oc_x_origin != "") {
+ cmd.push.apply(cmd, ["--x-origin=\"" + oc_x_origin + "\""]);
+ }
if (oc_required_list.length !== 0) {
+ cmd.push.apply(cmd, ["--must"]);
cmd.push.apply(cmd, oc_required_list);
- } else {
- cmd.push.apply(cmd, [""]);
}
- cmd.push.apply(cmd, ["--may"]);
if (oc_allowed_list.length !== 0) {
+ cmd.push.apply(cmd, ["--may"]);
cmd.push.apply(cmd, oc_allowed_list);
- } else {
- cmd.push.apply(cmd, [""]);
}
$("#save-oc-spinner").show();
@@ -557,7 +566,7 @@ $(document).ready( function() {
var attr_syntax_text = $("#attr-syntax :selected").text();
var attr_usage = $('#attr-usage').val();
var attr_desc = $('#attr-desc').val();
- var attr_x_origin= $('#attr-x-origin').val();
+ var attr_x_origin= "user defined";
var attr_parent = $('#attr-parent').val();
var attr_aliases = $('#attr-alias').val().split(" ");
var eq_mr= $('#attr-eq-mr-select').val();
@@ -680,7 +689,7 @@ $(document).ready( function() {
}).
fail(function(data) {
$("#save-attr-spinner").hide();
- popup_err("Error", "Failed to save the attribute\n" + data.message);
+ popup_err("Error", "Failed to save the attribute: " + data.message);
$("#add-edit-attr-form").modal('toggle');
});
});
@@ -718,7 +727,6 @@ $(document).ready( function() {
$("#attr-usage")[0].value = edit_attr_usage;
$("#attr-parent")[0].value = edit_attr_parent;
$("#attr-desc").val(edit_attr_desc);
- $("#attr-x-origin").val(edit_attr_x_origin);
if (edit_attr_aliases) {
$("#attr-alias").val(edit_attr_aliases.join(" "));
}
diff --git a/src/lib389/lib389/schema.py b/src/lib389/lib389/schema.py
index 2499c15..60d444c 100755
--- a/src/lib389/lib389/schema.py
+++ b/src/lib389/lib389/schema.py
@@ -228,6 +228,18 @@ class Schema(DSLdapObject):
if value is not None:
value = self._validate_ldap_schema_value(value)
setattr(schema_object, oc_param.lower(), value)
+ else:
+ if getattr(schema_object, oc_param, False):
+ # Need to set the correct "type" for the empty value
+ if oc_param in ['may', 'must', 'x-origin', 'sup']:
+ # Expects tuple
+ setattr(schema_object, oc_param, ())
+ elif oc_param in ['desc', 'oid']:
+ # Expects None
+ setattr(schema_object, oc_param, None)
+ elif oc_param in ['obsolete', 'kind']:
+ # Expects numberic
+ setattr(schema_object, oc_param, 0)
schema_object_str = str(schema_object)
if schema_object_str == schema_object_str_old:
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 9 months
[389-ds-base] branch 389-ds-base-1.4.0 updated: Bump version to 1.4.0.27
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new 320a1b6 Bump version to 1.4.0.27
320a1b6 is described below
commit 320a1b6519610fc149daef7cbb338e9509b90d45
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Tue Aug 6 11:31:59 2019 -0400
Bump version to 1.4.0.27
---
VERSION.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/VERSION.sh b/VERSION.sh
index 40304a2..f8b5c57 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=4
-VERSION_MAINT=0.26
+VERSION_MAINT=0.27
# NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
VERSION_PREREL=
VERSION_DATE=$(date -u +%Y%m%d)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 10 months
[389-ds-base] branch 389-ds-base-1.4.0 updated: Ticket 50208 - make instances mark off based on dse.ldif not sysconfig
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.4.0
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.4.0 by this push:
new 4cf65b3 Ticket 50208 - make instances mark off based on dse.ldif not sysconfig
4cf65b3 is described below
commit 4cf65b3afea9ae86088c1444cca2e15403f9d1f3
Author: William Brown <william(a)blackhats.net.au>
AuthorDate: Mon Feb 11 12:02:25 2019 +1000
Ticket 50208 - make instances mark off based on dse.ldif not sysconfig
Bug Description: As sysconfig isn't cross platform compatible, and
there are some potential plans to remove it from our systemd files,
we need to make sure that lib389 can handle this file not being present
in new installs.
Fix Description: Thankfully, we have a file we can always guarantee
exists: dse.ldif. This makes /etc/dirsrv/slapd-instance the only
fixed location in the server now, all other locations can be "moved".
This patch:
* Fixes a large number of removal regressions
* Add comments and warnings throughout remove and setup to help
prevent future regresions
* Create no longer creates /etc/sysconfig/dirsrv-instance
* Create makes dse.ldif *first* as it's the marker location
* Remove works when there is no marker file (but will remove if it
exists)
* Listing now ignores /etc/sysconfig, and reads dse.ldif instead
with a follow up https://pagure.io/389-ds-base/issue/50207 to
parse data from this file for offline
https://pagure.io/389-ds-base/issue/50208
Author: William Brown <william(a)blackhats.net.au>
Review by: spichugi, abbra (Thanks)
---
Makefile.am | 10 ----------
rpm/389-ds-base.spec.in | 2 --
wrappers/systemd.template.service.in | 15 ++------------
wrappers/systemd.template.sysconfig | 30 ----------------------------
wrappers/systemd.template.xsan.service.in | 33 ++++++++++++++++++++++++++++---
5 files changed, 32 insertions(+), 58 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 864eee5..a2bc2e0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -648,7 +648,6 @@ dist_noinst_DATA = \
$(srcdir)/LICENSE.* \
$(srcdir)/VERSION.sh \
$(srcdir)/wrappers/*.in \
- $(srcdir)/wrappers/systemd.template.sysconfig \
$(srcdir)/dirsrvtests \
$(srcdir)/src/lib389/setup.py \
$(srcdir)/src/lib389
@@ -901,14 +900,9 @@ init_SCRIPTS = wrappers/$(PACKAGE_NAME) \
endif
endif
-if SYSTEMD
-initconfig_DATA = ldap/admin/src/$(PACKAGE_NAME) \
- wrappers/$(PACKAGE_NAME).systemd
-else
if INITDDIR
initconfig_DATA = ldap/admin/src/$(PACKAGE_NAME)
endif
-endif
inf_DATA = ldap/admin/src/slapd.inf \
ldap/admin/src/scripts/dscreate.map \
@@ -2343,10 +2337,6 @@ endif
fi; \
$(fixupcmd) $$service_template > $@
-%/$(PACKAGE_NAME).systemd: %/systemd.template.sysconfig
- if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
- $(fixupcmd) $^ > $@
-
%/$(systemdgroupname): %/systemd.group.in
if [ ! -d $(dir $@) ] ; then mkdir -p $(dir $@) ; fi
$(fixupcmd) $^ > $@
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index df8de5c..63cc389 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -598,8 +598,6 @@ exit 0
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
-%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
-%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd
%{_datadir}/%{pkgname}
%exclude %{_datadir}/%{pkgname}/script-templates
%exclude %{_datadir}/%{pkgname}/updates
diff --git a/wrappers/systemd.template.service.in b/wrappers/systemd.template.service.in
index 978bbbb..85fd1ba 100644
--- a/wrappers/systemd.template.service.in
+++ b/wrappers/systemd.template.service.in
@@ -21,22 +21,11 @@ Before=radiusd.service
[Service]
Type=notify
NotifyAccess=all
-TimeoutStartSec=0
-TimeoutStopSec=600
-EnvironmentFile=@initconfigdir@/@package_name@
-EnvironmentFile=@initconfigdir@/@package_name@-%i
+EnvironmentFile=-@initconfigdir@/@package_name@
+EnvironmentFile=-@initconfigdir@/@package_name@-%i
PIDFile=@localstatedir@/run/@package_name(a)/slapd-%i.pid
ExecStartPre=@libexecdir@/ds_systemd_ask_password_acl @instconfigdir(a)/slapd-%i/dse.ldif
ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name(a)/slapd-%i.pid
-# Hardening options:
-# PrivateDevices=true
-# ProtectSystem=true
-# ProtectHome=true
-# PrivateTmp=true
-
-# if you need to set other directives e.g. LimitNOFILE=8192
-# set them in this file
-.include @initconfigdir@/@package_name@.systemd
[Install]
WantedBy=multi-user.target
diff --git a/wrappers/systemd.template.sysconfig b/wrappers/systemd.template.sysconfig
deleted file mode 100644
index 76c004d..0000000
--- a/wrappers/systemd.template.sysconfig
+++ /dev/null
@@ -1,30 +0,0 @@
-[Service]
-# These are from man systemd.exec and man systemd.resource-control
-
-# This controls the resources to the direct child of systemd, in
-# this case ns-slapd. Because we are type notify we recieve these
-# limits correctly.
-
-# This controls the number of file handles avaliable. File handles
-# correlate to sockets for the process, and our access to logs and
-# databases. Note, the configuration setting in Directory Server,
-# "nsslapd-maxdescriptors", can override this limit.
-LimitNOFILE=16384
-
-# You can limit the memory in the cgroup with these, and ns-slapd
-# will account for them in it's autotuning.
-# Memory account may be controlled by DefaultMemoryAccounting= in systemd-system.conf
-# MemoryAccounting=true
-# MemoryLimit=bytes
-
-# Limits on the size of coredump that may be produced by the process. It's not
-# specified how this interacts with coredumpd.
-# 0 means not to produce cores.
-# This value is 64G
-LimitCORE=68719476736
-
-# Limit number of processes (threads) we may spawn. We don't advise you change
-# this as DS will autodetect your threads / cpus and adjust as needed.
-# LimitNPROC=
-
-
diff --git a/wrappers/systemd.template.xsan.service.in b/wrappers/systemd.template.xsan.service.in
index 1a4d7dc..541392f 100644
--- a/wrappers/systemd.template.xsan.service.in
+++ b/wrappers/systemd.template.xsan.service.in
@@ -35,15 +35,42 @@ LimitCORE=infinity
ExecStartPre=@libexecdir@/ds_systemd_ask_password_acl @instconfigdir(a)/slapd-%i/dse.ldif
ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name(a)/slapd-%i.pid
+#### To change any of these values or directives, you should use a drop in file
+# such as: /etc/systemd/system/dirsrv@<instance>.d/custom.conf
+
+# These are from man systemd.exec and man systemd.resource-control
+
+# This controls the resources to the direct child of systemd, in
+# this case ns-slapd. Because we are type notify we recieve these
+# limits correctly.
+
+# This controls the number of file handles avaliable. File handles
+# correlate to sockets for the process, and our access to logs and
+# databases.
+LimitNOFILE=16384
+
+# You can limit the memory in the cgroup with these, and ns-slapd
+# will account for them in it's autotuning.
+# Memory account may be controlled by DefaultMemoryAccounting= in systemd-system.conf
+# MemoryAccounting=true
+# MemoryLimit=bytes
+
+# Limits on the size of coredump that may be produced by the process. It's not
+# specified how this interacts with coredumpd.
+# 0 means not to produce cores.
+# This value is 64G
+LimitCORE=68719476736
+
+# Limit number of processes (threads) we may spawn. We don't advise you change
+# this as DS will autodetect your threads / cpus and adjust as needed.
+# LimitNPROC=
+
# Hardening options:
# PrivateDevices=true
# ProtectSystem=true
# ProtectHome=true
# PrivateTmp=true
-# if you need to set other directives e.g. LimitNOFILE=8192
-# set them in this file
-.include @initconfigdir@/@package_name@.systemd
[Install]
WantedBy=multi-user.target
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 10 months
[389-ds-base] branch 389-ds-base-1.3.8 updated: Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.8
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.3.8 by this push:
new 071b13e Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
071b13e is described below
commit 071b13ee6ef5251fea8e40fbe2d162b6c69d7d69
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Aug 2 14:36:24 2019 -0400
Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
Bug Description: A regression was introduced some time back that changed the
behavior of how the server handled the "1.1" requested attribute
in a search request. If "1.1" was requested along with other
attributes then no attibutes were returned, but in this case "1.1"
is expected to be ignroed.
Fix Description: Only comply with "1.1" if it is the only requested attribute
relates: https://pagure.io/389-ds-base/issue/50530
Reviewed by: firstyear(Thanks!)
---
dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++++++++++---
ldap/servers/slapd/result.c | 7 +++-
2 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
index dc366cd..1e0b4d1 100644
--- a/dirsrvtests/tests/suites/basic/basic_test.py
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
@@ -28,6 +28,7 @@ log = logging.getLogger(__name__)
USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
+USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
ROOTDSE_DEF_ATTR_LIST = ('namingContexts',
'supportedLDAPVersion',
@@ -409,8 +410,8 @@ def test_basic_acl(topology_st, import_example_ldif):
'uid': 'user1',
'userpassword': PASSWORD})))
except ldap.LDAPError as e:
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
- + ': error ' + e.message['desc'])
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+ ': error ' + e.message['desc'])
assert False
try:
@@ -421,8 +422,8 @@ def test_basic_acl(topology_st, import_example_ldif):
'uid': 'user2',
'userpassword': PASSWORD})))
except ldap.LDAPError as e:
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
- + ': error ' + e.message['desc'])
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+ ': error ' + e.message['desc'])
assert False
#
@@ -572,6 +573,50 @@ def test_basic_searches(topology_st, import_example_ldif):
log.info('test_basic_searches: PASSED')
+(a)pytest.fixture(scope="module")
+def add_test_entry(topology_st, request):
+ # Add test entry
+ topology_st.standalone.add_s(Entry((USER4_DN,
+ {'objectclass': "top extensibleObject".split(),
+ 'cn': 'user1', 'uid': 'user1'})))
+
+
+search_params = [(['1.1'], 'cn', False),
+ (['1.1', 'cn'], 'cn', True),
+ (['+'], 'nsUniqueId', True),
+ (['*'], 'cn', True),
+ (['cn'], 'cn', True)]
+(a)pytest.mark.parametrize("attrs, attr, present", search_params)
+def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present):
+ """Test requested attributes in search operations.
+ :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e
+ :setup: Standalone instance
+ :steps:
+ 1. Test "1.1" does not return any attributes.
+ 2. Test "1.1" is ignored if there are other requested attributes
+ 3. Test "+" returns all operational attributes
+ 4. Test "*" returns all attributes
+ 5. Test requested attributes
+
+ :expectedresults:
+ 1. Success
+ 2. Success
+ 3. Success
+ 4. Success
+ 5. Success
+ """
+
+ log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present))
+ entry = topology_st.standalone.search_s(USER4_DN,
+ ldap.SCOPE_BASE,
+ 'objectclass=top',
+ attrs)
+ if present:
+ assert entry[0].hasAttr(attr)
+ else:
+ assert not entry[0].hasAttr(attr)
+
+
def test_basic_referrals(topology_st, import_example_ldif):
"""Test LDAP server in referral mode.
@@ -716,8 +761,8 @@ def test_basic_systemctl(topology_st, import_example_ldif):
log.info('Attempting to start the server with broken dse.ldif...')
try:
topology_st.standalone.start()
- except:
- log.info('Server failed to start as expected')
+ except Exception as e:
+ log.info('Server failed to start as expected: ' + str(e))
log.info('Check the status...')
assert (not topology_st.standalone.status())
log.info('Server failed to start as expected')
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index d9f431c..34ddd85 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext(
* "+" means all operational attributes (rfc3673)
* operational attributes are only retrieved if they are named
* specifically or when "+" is specified.
+ * In the case of "1.1", if there are other requested attributes
+ * then "1.1" should be ignored.
*/
/* figure out if we want all user attributes or no attributes at all */
@@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext(
if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) {
alluserattrs = 1;
} else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) {
- noattrs = 1;
+ /* "1.1" is only valid if it's the only requested attribute */
+ if (i == 0 && attrs[1] == NULL) {
+ noattrs = 1;
+ }
} else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) {
alloperationalattrs = 1;
} else {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 10 months
[389-ds-base] branch 389-ds-base-1.3.9 updated: Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.9
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.3.9 by this push:
new 060aa81 Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
060aa81 is described below
commit 060aa815425a0c4346d9678b8e0fce993af4f1d4
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Aug 2 14:36:24 2019 -0400
Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
Bug Description: A regression was introduced some time back that changed the
behavior of how the server handled the "1.1" requested attribute
in a search request. If "1.1" was requested along with other
attributes then no attibutes were returned, but in this case "1.1"
is expected to be ignroed.
Fix Description: Only comply with "1.1" if it is the only requested attribute
relates: https://pagure.io/389-ds-base/issue/50530
Reviewed by: firstyear(Thanks!)
---
dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++++++++++---
ldap/servers/slapd/result.c | 7 +++-
2 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
index 0f7536b..cea4f6b 100644
--- a/dirsrvtests/tests/suites/basic/basic_test.py
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
@@ -28,6 +28,7 @@ log = logging.getLogger(__name__)
USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
+USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
ROOTDSE_DEF_ATTR_LIST = ('namingContexts',
'supportedLDAPVersion',
@@ -409,8 +410,8 @@ def test_basic_acl(topology_st, import_example_ldif):
'uid': 'user1',
'userpassword': PASSWORD})))
except ldap.LDAPError as e:
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
- + ': error ' + e.message['desc'])
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+ ': error ' + e.message['desc'])
assert False
try:
@@ -421,8 +422,8 @@ def test_basic_acl(topology_st, import_example_ldif):
'uid': 'user2',
'userpassword': PASSWORD})))
except ldap.LDAPError as e:
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
- + ': error ' + e.message['desc'])
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+ ': error ' + e.message['desc'])
assert False
#
@@ -572,6 +573,50 @@ def test_basic_searches(topology_st, import_example_ldif):
log.info('test_basic_searches: PASSED')
+(a)pytest.fixture(scope="module")
+def add_test_entry(topology_st, request):
+ # Add test entry
+ topology_st.standalone.add_s(Entry((USER4_DN,
+ {'objectclass': "top extensibleObject".split(),
+ 'cn': 'user1', 'uid': 'user1'})))
+
+
+search_params = [(['1.1'], 'cn', False),
+ (['1.1', 'cn'], 'cn', True),
+ (['+'], 'nsUniqueId', True),
+ (['*'], 'cn', True),
+ (['cn'], 'cn', True)]
+(a)pytest.mark.parametrize("attrs, attr, present", search_params)
+def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present):
+ """Test requested attributes in search operations.
+ :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e
+ :setup: Standalone instance
+ :steps:
+ 1. Test "1.1" does not return any attributes.
+ 2. Test "1.1" is ignored if there are other requested attributes
+ 3. Test "+" returns all operational attributes
+ 4. Test "*" returns all attributes
+ 5. Test requested attributes
+
+ :expectedresults:
+ 1. Success
+ 2. Success
+ 3. Success
+ 4. Success
+ 5. Success
+ """
+
+ log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present))
+ entry = topology_st.standalone.search_s(USER4_DN,
+ ldap.SCOPE_BASE,
+ 'objectclass=top',
+ attrs)
+ if present:
+ assert entry[0].hasAttr(attr)
+ else:
+ assert not entry[0].hasAttr(attr)
+
+
def test_basic_referrals(topology_st, import_example_ldif):
"""Test LDAP server in referral mode.
@@ -716,8 +761,8 @@ def test_basic_systemctl(topology_st, import_example_ldif):
log.info('Attempting to start the server with broken dse.ldif...')
try:
topology_st.standalone.start()
- except:
- log.info('Server failed to start as expected')
+ except Exception as e:
+ log.info('Server failed to start as expected: ' + str(e))
log.info('Check the status...')
assert (not topology_st.standalone.status())
log.info('Server failed to start as expected')
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index d9f431c..34ddd85 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext(
* "+" means all operational attributes (rfc3673)
* operational attributes are only retrieved if they are named
* specifically or when "+" is specified.
+ * In the case of "1.1", if there are other requested attributes
+ * then "1.1" should be ignored.
*/
/* figure out if we want all user attributes or no attributes at all */
@@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext(
if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) {
alluserattrs = 1;
} else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) {
- noattrs = 1;
+ /* "1.1" is only valid if it's the only requested attribute */
+ if (i == 0 && attrs[1] == NULL) {
+ noattrs = 1;
+ }
} else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) {
alloperationalattrs = 1;
} else {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 10 months
[389-ds-base] branch 389-ds-base-1.3.10 updated: Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
by pagure@pagure.io
This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.10
in repository 389-ds-base.
The following commit(s) were added to refs/heads/389-ds-base-1.3.10 by this push:
new 9c64ebd Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
9c64ebd is described below
commit 9c64ebd997d5e900adf9a5fe721ce41d1a359133
Author: Mark Reynolds <mreynolds(a)redhat.com>
AuthorDate: Fri Aug 2 14:36:24 2019 -0400
Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1"
Bug Description: A regression was introduced some time back that changed the
behavior of how the server handled the "1.1" requested attribute
in a search request. If "1.1" was requested along with other
attributes then no attibutes were returned, but in this case "1.1"
is expected to be ignroed.
Fix Description: Only comply with "1.1" if it is the only requested attribute
relates: https://pagure.io/389-ds-base/issue/50530
Reviewed by: firstyear(Thanks!)
---
dirsrvtests/tests/suites/basic/basic_test.py | 57 +++++++++++++++++++++++++---
ldap/servers/slapd/result.c | 7 +++-
2 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py
index 0f7536b..cea4f6b 100644
--- a/dirsrvtests/tests/suites/basic/basic_test.py
+++ b/dirsrvtests/tests/suites/basic/basic_test.py
@@ -28,6 +28,7 @@ log = logging.getLogger(__name__)
USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
+USER4_DN = 'uid=user4,' + DEFAULT_SUFFIX
ROOTDSE_DEF_ATTR_LIST = ('namingContexts',
'supportedLDAPVersion',
@@ -409,8 +410,8 @@ def test_basic_acl(topology_st, import_example_ldif):
'uid': 'user1',
'userpassword': PASSWORD})))
except ldap.LDAPError as e:
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
- + ': error ' + e.message['desc'])
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+ ': error ' + e.message['desc'])
assert False
try:
@@ -421,8 +422,8 @@ def test_basic_acl(topology_st, import_example_ldif):
'uid': 'user2',
'userpassword': PASSWORD})))
except ldap.LDAPError as e:
- log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN
- + ': error ' + e.message['desc'])
+ log.fatal('test_basic_acl: Failed to add test user ' + USER1_DN +
+ ': error ' + e.message['desc'])
assert False
#
@@ -572,6 +573,50 @@ def test_basic_searches(topology_st, import_example_ldif):
log.info('test_basic_searches: PASSED')
+(a)pytest.fixture(scope="module")
+def add_test_entry(topology_st, request):
+ # Add test entry
+ topology_st.standalone.add_s(Entry((USER4_DN,
+ {'objectclass': "top extensibleObject".split(),
+ 'cn': 'user1', 'uid': 'user1'})))
+
+
+search_params = [(['1.1'], 'cn', False),
+ (['1.1', 'cn'], 'cn', True),
+ (['+'], 'nsUniqueId', True),
+ (['*'], 'cn', True),
+ (['cn'], 'cn', True)]
+(a)pytest.mark.parametrize("attrs, attr, present", search_params)
+def test_search_req_attrs(topology_st, add_test_entry, attrs, attr, present):
+ """Test requested attributes in search operations.
+ :id: 426a59ff-49b8-4a70-b377-0c0634a29b6e
+ :setup: Standalone instance
+ :steps:
+ 1. Test "1.1" does not return any attributes.
+ 2. Test "1.1" is ignored if there are other requested attributes
+ 3. Test "+" returns all operational attributes
+ 4. Test "*" returns all attributes
+ 5. Test requested attributes
+
+ :expectedresults:
+ 1. Success
+ 2. Success
+ 3. Success
+ 4. Success
+ 5. Success
+ """
+
+ log.info("Testing attrs: {} attr: {} present: {}".format(attrs, attr, present))
+ entry = topology_st.standalone.search_s(USER4_DN,
+ ldap.SCOPE_BASE,
+ 'objectclass=top',
+ attrs)
+ if present:
+ assert entry[0].hasAttr(attr)
+ else:
+ assert not entry[0].hasAttr(attr)
+
+
def test_basic_referrals(topology_st, import_example_ldif):
"""Test LDAP server in referral mode.
@@ -716,8 +761,8 @@ def test_basic_systemctl(topology_st, import_example_ldif):
log.info('Attempting to start the server with broken dse.ldif...')
try:
topology_st.standalone.start()
- except:
- log.info('Server failed to start as expected')
+ except Exception as e:
+ log.info('Server failed to start as expected: ' + str(e))
log.info('Check the status...')
assert (not topology_st.standalone.status())
log.info('Server failed to start as expected')
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index d9f431c..34ddd85 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1546,6 +1546,8 @@ send_ldap_search_entry_ext(
* "+" means all operational attributes (rfc3673)
* operational attributes are only retrieved if they are named
* specifically or when "+" is specified.
+ * In the case of "1.1", if there are other requested attributes
+ * then "1.1" should be ignored.
*/
/* figure out if we want all user attributes or no attributes at all */
@@ -1560,7 +1562,10 @@ send_ldap_search_entry_ext(
if (strcmp(LDAP_ALL_USER_ATTRS, attrs[i]) == 0) {
alluserattrs = 1;
} else if (strcmp(LDAP_NO_ATTRS, attrs[i]) == 0) {
- noattrs = 1;
+ /* "1.1" is only valid if it's the only requested attribute */
+ if (i == 0 && attrs[1] == NULL) {
+ noattrs = 1;
+ }
} else if (strcmp(LDAP_ALL_OPERATIONAL_ATTRS, attrs[i]) == 0) {
alloperationalattrs = 1;
} else {
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
4 years, 10 months