diff --git a/0006-Issue-7166-db_config_set-asserts-because-of-dynamic-.patch b/0006-Issue-7166-db_config_set-asserts-because-of-dynamic-.patch deleted file mode 100644 index 47a4845..0000000 --- a/0006-Issue-7166-db_config_set-asserts-because-of-dynamic-.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 4eea3051931f552ee1df36e70c7278aaa36124a1 Mon Sep 17 00:00:00 2001 -From: progier389 -Date: Mon, 5 Jan 2026 14:38:38 +0100 -Subject: [PATCH] Issue 7166 - db_config_set asserts because of dynamic list - (#7167) - -Avoid assertion in db_config_set when args does not contains dynamic list attributes - -Issue: #7166 - -Reviewed by: @tbordaz (Thanks!) ---- - src/lib389/lib389/cli_conf/backend.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib389/lib389/cli_conf/backend.py b/src/lib389/lib389/cli_conf/backend.py -index dcf57d006..f8735e08e 100644 ---- a/src/lib389/lib389/cli_conf/backend.py -+++ b/src/lib389/lib389/cli_conf/backend.py -@@ -542,7 +542,7 @@ def db_config_set(inst, basedn, log, args): - did_something = False - replace_list = [] - -- if args.enable_dynamic_lists and args.disable_dynamic_lists: -+ if getattr(args,'enable_dynamic_lists', None) and getattr(args, 'disable_dynamic_lists', None): - raise ValueError("You can not enable and disable dynamic lists at the same time") - - for attr, value in list(attrs.items()): --- -2.52.0 - diff --git a/0008-Issue-7189-DSBLE0007-generates-incorrect-remediation.patch b/0006-Issue-7189-DSBLE0007-generates-incorrect-remediation.patch similarity index 99% rename from 0008-Issue-7189-DSBLE0007-generates-incorrect-remediation.patch rename to 0006-Issue-7189-DSBLE0007-generates-incorrect-remediation.patch index 15a7113..010e099 100644 --- a/0008-Issue-7189-DSBLE0007-generates-incorrect-remediation.patch +++ b/0006-Issue-7189-DSBLE0007-generates-incorrect-remediation.patch @@ -1,4 +1,4 @@ -From ed02c78055406b020089947459954142df3b1fea Mon Sep 17 00:00:00 2001 +From c5aab4f8ba822572daa9ef69a0109577bf2147e1 Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Tue, 20 Jan 2026 09:52:47 +0100 Subject: [PATCH] Issue 7189 - DSBLE0007 generates incorrect remediation diff --git a/0007-Issue-7184-argparse.HelpFormatter-_format_actions_us.patch b/0007-Issue-7184-argparse.HelpFormatter-_format_actions_us.patch new file mode 100644 index 0000000..8b06dee --- /dev/null +++ b/0007-Issue-7184-argparse.HelpFormatter-_format_actions_us.patch @@ -0,0 +1,48 @@ +From 327ebf93decaa19bd3919afaeba0dc122eef1990 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Mon, 12 Jan 2026 13:53:05 -0500 +Subject: [PATCH] Issue 7184 - argparse.HelpFormatter _format_actions_usage() + is deprecated + +Description: + +_format_actions_usage() was removed in python 3.15. Instead we can use +_get_actions_usage_parts() but it also behaves differently between +python 3.14 and 3.15 so we need special handling. + +Relates: https://github.com/389ds/389-ds-base/issues/7184 + +Reviewed by: spichugi(Thanks!) +--- + src/lib389/lib389/cli_base/__init__.py | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/lib389/lib389/cli_base/__init__.py b/src/lib389/lib389/cli_base/__init__.py +index 06b8f9964..f1055aadc 100644 +--- a/src/lib389/lib389/cli_base/__init__.py ++++ b/src/lib389/lib389/cli_base/__init__.py +@@ -413,7 +413,20 @@ class CustomHelpFormatter(argparse.HelpFormatter): + + def _format_usage(self, usage, actions, groups, prefix): + usage = super(CustomHelpFormatter, self)._format_usage(usage, actions, groups, prefix) +- formatted_options = self._format_actions_usage(parent_arguments, []) ++ ++ if sys.version_info < (3, 13): ++ # Use _format_actions_usage() for Python 3.12 and earlier ++ formatted_options = self._format_actions_usage(parent_arguments, []) ++ else: ++ # Use _get_actions_usage_parts() for Python 3.13 and later ++ action_parts = self._get_actions_usage_parts(parent_arguments, []) ++ if sys.version_info >= (3, 15): ++ # Python 3.15 returns a tuple (list of actions, count of actions) ++ formatted_options = ' '.join(action_parts[0]) ++ else: ++ # Python 3.13 and 3.14 return a list of actions ++ formatted_options = ' '.join(action_parts) ++ + # If formatted_options already in usage - remove them + if formatted_options in usage: + usage = usage.replace(f' {formatted_options}', '') +-- +2.52.0 + diff --git a/0009-Issue-7027-2nd-389-ds-base-OpenScanHub-Leaks-Detecte.patch b/0008-Issue-7027-2nd-389-ds-base-OpenScanHub-Leaks-Detecte.patch similarity index 96% rename from 0009-Issue-7027-2nd-389-ds-base-OpenScanHub-Leaks-Detecte.patch rename to 0008-Issue-7027-2nd-389-ds-base-OpenScanHub-Leaks-Detecte.patch index ce44451..ec16ee6 100644 --- a/0009-Issue-7027-2nd-389-ds-base-OpenScanHub-Leaks-Detecte.patch +++ b/0008-Issue-7027-2nd-389-ds-base-OpenScanHub-Leaks-Detecte.patch @@ -1,4 +1,4 @@ -From 819a5898d1a4d913f786086f374693c306446abb Mon Sep 17 00:00:00 2001 +From dbabbe6a3c42b979d14960b355925c9748371cad Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Fri, 30 Jan 2026 12:00:13 +0100 Subject: [PATCH] Issue 7027 - (2nd) 389-ds-base OpenScanHub Leaks Detected diff --git a/0009-Issue-7213-MDB_BAD_VALSIZE-error-while-handling-VLV-.patch b/0009-Issue-7213-MDB_BAD_VALSIZE-error-while-handling-VLV-.patch new file mode 100644 index 0000000..229a8d4 --- /dev/null +++ b/0009-Issue-7213-MDB_BAD_VALSIZE-error-while-handling-VLV-.patch @@ -0,0 +1,197 @@ +From 39d47ca91e866d30b35dca41d477ad4ee07f8a14 Mon Sep 17 00:00:00 2001 +From: progier389 +Date: Mon, 2 Feb 2026 15:39:18 +0100 +Subject: [PATCH] Issue 7213 - MDB_BAD_VALSIZE error while handling VLV (#7214) + +* Issue 7213 - MDB_BAD_VALSIZE error while handling VLV +Avoid failing lmdb operation when handling VLV index by truncating the key so that key+data is small enough. + +Issue: #7213 + +Reviewed by: @mreynolds389 , @vashirov (Thanks!) + +Assisted by: Claude A/I + +(cherry picked from commit 5ebce22d4214bec5ed94ad84c4448164be99389a) +--- + .../tests/suites/vlv/regression_test.py | 110 ++++++++++++++++++ + .../slapd/back-ldbm/db-mdb/mdb_layer.c | 5 + + ldap/servers/slapd/back-ldbm/vlv.c | 7 +- + 3 files changed, 121 insertions(+), 1 deletion(-) + +diff --git a/dirsrvtests/tests/suites/vlv/regression_test.py b/dirsrvtests/tests/suites/vlv/regression_test.py +index c8db94b19..1cc03c303 100644 +--- a/dirsrvtests/tests/suites/vlv/regression_test.py ++++ b/dirsrvtests/tests/suites/vlv/regression_test.py +@@ -1178,6 +1178,116 @@ def test_vlv_with_mr(vlv_setup_with_uid_mr): + + + ++def test_vlv_long_attribute_value(topology_st, request): ++ """ ++ Test VLV with an entry containing a very long attribute value (2K). ++ ++ :id: 99126fa4-003e-11f1-b7d6-c85309d5c3e3 ++ :setup: Standalone instance. ++ :steps: ++ 1. Cleanup leftover from previous tests ++ 2. Create VLV search and index on cn attribute ++ 3. Reindex VLV ++ 4. Add an entry with a cn attribute having 2K character value ++ 5. Verify the entry was added successfully ++ 6. Perform a VLV search to ensure it still works ++ 7. Add another entry with a cn attribute having 2K character value ++ 8. Verify the entry was added successfully ++ 9. Perform a VLV search to ensure it still works ++ :expectedresults: ++ 1. Should Success. ++ 2. Should Success. ++ 3. Should Success. ++ 4. Should Success. ++ 5. Should Success. ++ 6. Should Success. ++ 7. Should Success. ++ 8. Should Success. ++ 9. Should Success. ++ """ ++ inst = topology_st.standalone ++ reindex_task = Tasks(inst) ++ ++ users_to_delete = [] ++ ++ def fin(): ++ cleanup(inst) ++ # Clean the added users ++ for user in users_to_delete: ++ user.delete() ++ ++ if not DEBUGGING: ++ request.addfinalizer(fin) ++ ++ # Clean previous tests leftover ++ fin() ++ ++ # Create VLV search and index ++ vlv_search, vlv_index = create_vlv_search_and_index(inst) ++ assert reindex_task.reindex( ++ suffix=DEFAULT_SUFFIX, ++ attrname=vlv_index.rdn, ++ args={TASK_WAIT: True}, ++ vlv=True ++ ) == 0 ++ ++ # Add a few regular users first ++ add_users(inst, 10) ++ ++ # Create a very long cn value (2K characters) ++ long_cn_value = 'a' * 2048 + '1' ++ ++ # Add an entry with the long cn attribute ++ users = UserAccounts(inst, DEFAULT_SUFFIX) ++ user_properties = { ++ 'uid': 'longcnuser1', ++ 'cn': long_cn_value, ++ 'sn': 'user1', ++ 'uidNumber': '99999', ++ 'gidNumber': '99999', ++ 'homeDirectory': '/home/longcnuser1' ++ } ++ user = users.create(properties=user_properties) ++ users_to_delete.append(user); ++ ++ # Verify the entry was created and has the long cn value ++ entry = user.get_attr_vals_utf8('cn') ++ assert entry[0] == long_cn_value ++ log.info(f'Successfully created user with cn length: {len(entry[0])}') ++ ++ # Perform VLV search to ensure VLV still works with long attribute values ++ conn = open_new_ldapi_conn(inst.serverid) ++ count = len(conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, "(uid=*)")) ++ assert count > 0 ++ log.info(f'VLV search successful with {count} entries including entry with 2K cn value') ++ ++ # Add another entry with the long cn attribute ++ long_cn_value = 'a' * 2048 + '2' ++ ++ user_properties = { ++ 'uid': 'longcnuser2', ++ 'cn': long_cn_value, ++ 'sn': 'user2', ++ 'uidNumber': '99998', ++ 'gidNumber': '99998', ++ 'homeDirectory': '/home/longcnuser2' ++ } ++ user = users.create(properties=user_properties) ++ users_to_delete.append(user); ++ ++ # Verify the entry was created and has the long cn value ++ entry = user.get_attr_vals_utf8('cn') ++ assert entry[0] == long_cn_value ++ log.info(f'Successfully created user with cn length: {len(entry[0])}') ++ ++ # Perform VLV search to ensure VLV still works with long attribute values ++ conn = open_new_ldapi_conn(inst.serverid) ++ count = len(conn.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, "(uid=*)")) ++ assert count > 1 ++ log.info(f'VLV search successful with {count} entries including entry with 2K cn value') ++ ++ ++ + if __name__ == "__main__": + # Run isolated + # -s for DEBUG mode +diff --git a/ldap/servers/slapd/back-ldbm/db-mdb/mdb_layer.c b/ldap/servers/slapd/back-ldbm/db-mdb/mdb_layer.c +index c6e9f8b01..ffbd6609f 100644 +--- a/ldap/servers/slapd/back-ldbm/db-mdb/mdb_layer.c ++++ b/ldap/servers/slapd/back-ldbm/db-mdb/mdb_layer.c +@@ -2138,10 +2138,15 @@ void *dbmdb_recno_cache_build(void *arg) + recno = 1; + } + while (rc == 0) { ++ struct ldbminfo *li = (struct ldbminfo *)rcctx->cursor->be->be_database->plg_private; + slapi_log_err(SLAPI_LOG_DEBUG, "dbmdb_recno_cache_build", "recno=%d\n", recno); + if (recno % RECNO_CACHE_INTERVAL == 1) { + /* Prepare the cache data */ + len = sizeof(*rce) + data.mv_size + key.mv_size; ++ if (len > li->li_max_key_len) { ++ key.mv_size = li->li_max_key_len - data.mv_size - sizeof(*rce); ++ len = li->li_max_key_len; ++ } + rce = (dbmdb_recno_cache_elmt_t*)slapi_ch_malloc(len); + rce->len = len; + rce->recno = recno; +diff --git a/ldap/servers/slapd/back-ldbm/vlv.c b/ldap/servers/slapd/back-ldbm/vlv.c +index 18431799c..a1cd226f4 100644 +--- a/ldap/servers/slapd/back-ldbm/vlv.c ++++ b/ldap/servers/slapd/back-ldbm/vlv.c +@@ -866,6 +866,7 @@ do_vlv_update_index(back_txn *txn, struct ldbminfo *li, Slapi_PBlock *pb, struct + struct vlv_key *key = NULL; + dbi_val_t data = {0}; + dblayer_private *priv = NULL; ++ size_t key_size_limit = li->li_max_key_len - sizeof(entry->ep_id); + + slapi_pblock_get(pb, SLAPI_BACKEND, &be); + priv = (dblayer_private *)li->li_dblayer_private; +@@ -886,6 +887,10 @@ do_vlv_update_index(back_txn *txn, struct ldbminfo *li, Slapi_PBlock *pb, struct + return rc; + } + ++ /* Truncate the key if it is too long */ ++ if (key->key.size > key_size_limit) { ++ key->key.size = key_size_limit; ++ } + if (NULL != txn) { + db_txn = txn->back_txn_txn; + } else { +@@ -930,7 +935,7 @@ do_vlv_update_index(back_txn *txn, struct ldbminfo *li, Slapi_PBlock *pb, struct + if (txn && txn->back_special_handling_fn) { + rc = txn->back_special_handling_fn(be, BTXNACT_VLV_DEL, db, &key->key, &data, txn); + } else { +- rc = dblayer_db_op(be, db, db_txn, DBI_OP_DEL, &key->key, NULL); ++ rc = dblayer_db_op(be, db, db_txn, DBI_OP_DEL, &key->key, &data); + } + if (rc == 0) { + if (txn && txn->back_special_handling_fn) { +-- +2.52.0 + diff --git a/0010-Issue-6542-RPM-build-errors-on-Fedora-42.patch b/0010-Issue-6542-RPM-build-errors-on-Fedora-42.patch new file mode 100644 index 0000000..8581df5 --- /dev/null +++ b/0010-Issue-6542-RPM-build-errors-on-Fedora-42.patch @@ -0,0 +1,43 @@ +From 70d323d4d9ca4d1d682ab4a273178946922c6929 Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Fri, 24 Jan 2025 11:10:45 +0100 +Subject: [PATCH] Issue 6542 - RPM build errors on Fedora 42 + +Bug Description: +Fedora 42 has unified `/bin` and `/sbin`: https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin +https://docs.fedoraproject.org/en-US/packaging-guidelines/#_merged_file_system_layout + +This change causes RPM build to fail with: +``` +RPM build errors: + File not found: /builddir/build/BUILD/389-ds-base-3.1.2-build/BUILDROOT/usr/bin/openldap_to_ds +``` + +Fix Description: +Patch `setup.py.in` based on Fedora or RHEL version that support unified +`/bin` and `/sbin`. + +Fixes: https://github.com/389ds/389-ds-base/issues/6542 + +Reviewed by: @mreynolds389, @droideck (Thanks!) +--- + rpm/389-ds-base.spec.in | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in +index 258d94698..44a158ce5 100644 +--- a/rpm/389-ds-base.spec.in ++++ b/rpm/389-ds-base.spec.in +@@ -522,6 +522,9 @@ autoreconf -fiv + + %if 0%{?rhel} > 7 || 0%{?fedora} + # lib389 ++%if 0%{?fedora} >= 42 || 0%{?rhel} >= 11 ++ sed -i "/prefix/s@sbin@bin@g" src/lib389/setup.py.in ++%endif + make src/lib389/setup.py + pushd ./src/lib389 + %py3_build +-- +2.52.0 + diff --git a/0011-Issue-6476-Fix-build-failure-with-GCC-15.patch b/0011-Issue-6476-Fix-build-failure-with-GCC-15.patch new file mode 100644 index 0000000..e8b17e2 --- /dev/null +++ b/0011-Issue-6476-Fix-build-failure-with-GCC-15.patch @@ -0,0 +1,3318 @@ +From 9043425312dcf1ff7bf9a211a3d5a387d346a9fa Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Tue, 28 Jan 2025 15:49:46 -0500 +Subject: [PATCH] Issue 6476 - Fix build failure with GCC 15 + +Description: + +Most of the failures are our use of function pointer with a generic +typedef with unknown parameters (e.g. IFP) + +There are other IFP we use, but they are not triggering build failures +yet. + +Relates: https://github.com/389ds/389-ds-base/issues/6476 + +Reviewed by: tbordaz & spichugi (Thanks!!) +--- + .../suites/replication/acceptance_test.py | 4 +- + .../suites/replication/changelog_test.py | 11 +- + ldap/include/avl.h | 15 +- + ldap/libraries/libavl/avl.c | 44 ++-- + ldap/servers/plugins/acl/acllist.c | 23 +- + ldap/servers/plugins/collation/orfilter.c | 218 ++++++++--------- + ldap/servers/plugins/pwdstorage/md5c.c | 87 +++---- + ldap/servers/plugins/roles/roles_cache.c | 37 +-- + ldap/servers/plugins/syntaxes/bin.c | 3 +- + ldap/servers/plugins/syntaxes/syntax.h | 21 +- + ldap/servers/plugins/syntaxes/syntax_common.c | 2 +- + ldap/servers/slapd/attrsyntax.c | 23 +- + .../slapd/back-ldbm/db-bdb/bdb_import.c | 8 +- + .../slapd/back-ldbm/db-mdb/mdb_import.c | 21 +- + .../back-ldbm/db-mdb/mdb_import_threads.c | 14 +- + .../slapd/back-ldbm/db-mdb/mdb_instance.c | 6 +- + ldap/servers/slapd/back-ldbm/filterindex.c | 2 +- + ldap/servers/slapd/back-ldbm/ldbm_attr.c | 28 ++- + ldap/servers/slapd/back-ldbm/matchrule.c | 6 +- + ldap/servers/slapd/back-ldbm/misc.c | 2 +- + .../servers/slapd/back-ldbm/proto-back-ldbm.h | 2 +- + ldap/servers/slapd/back-ldbm/vlv.c | 4 +- + ldap/servers/slapd/backend.c | 55 ++--- + ldap/servers/slapd/dse.c | 16 +- + ldap/servers/slapd/entry.c | 4 +- + ldap/servers/slapd/filtercmp.c | 4 +- + ldap/servers/slapd/getfilelist.c | 8 +- + ldap/servers/slapd/pblock.c | 219 +++++++++--------- + ldap/servers/slapd/pblock_v3.h | 2 +- + ldap/servers/slapd/plugin.c | 10 +- + ldap/servers/slapd/plugin_mmr.c | 20 +- + ldap/servers/slapd/plugin_mr.c | 13 +- + ldap/servers/slapd/plugin_syntax.c | 16 +- + ldap/servers/slapd/pw.c | 4 +- + ldap/servers/slapd/slap.h | 157 ++++++------- + ldap/servers/slapd/slapi-private.h | 2 +- + ldap/servers/slapd/task.c | 2 +- + 37 files changed, 558 insertions(+), 555 deletions(-) + +diff --git a/dirsrvtests/tests/suites/replication/acceptance_test.py b/dirsrvtests/tests/suites/replication/acceptance_test.py +index 547aee995..af3d4eaae 100644 +--- a/dirsrvtests/tests/suites/replication/acceptance_test.py ++++ b/dirsrvtests/tests/suites/replication/acceptance_test.py +@@ -597,7 +597,7 @@ def test_double_delete(topo_m4, create_entry): + time.sleep(5) + else: + time.sleep(1) +- ++ + log.info('Make searches to check if server is alive') + entries = get_repl_entries(topo_m4, TEST_ENTRY_NAME, ["uid"]) + assert not entries, "Entry deletion {} wasn't replicated successfully".format(TEST_ENTRY_DN) +@@ -688,7 +688,7 @@ def test_invalid_agmt(topo_m4): + assert False + + +-def test_warining_for_invalid_replica(topo_m4): ++def test_warning_for_invalid_replica(topo_m4): + """Testing logs to indicate the inconsistency when configuration is performed. + + :id: dd689d03-69b8-4bf9-a06e-2acd19d5e2c8 +diff --git a/dirsrvtests/tests/suites/replication/changelog_test.py b/dirsrvtests/tests/suites/replication/changelog_test.py +index b12521789..b74650a69 100644 +--- a/dirsrvtests/tests/suites/replication/changelog_test.py ++++ b/dirsrvtests/tests/suites/replication/changelog_test.py +@@ -14,6 +14,7 @@ import pytest + import time + import subprocess + import glob ++import re + from lib389.properties import TASK_WAIT + from lib389.replica import Replicas + from lib389.idm.user import UserAccounts +@@ -46,10 +47,11 @@ else: + logging.getLogger(__name__).setLevel(logging.INFO) + log = logging.getLogger(__name__) + ++ + def _check_repl_changelog_backup(instance, backup_dir): + # Note: there is no way to check dbi on lmdb backup + # That said dbscan may perhaps do it ... +- if instance.get_db_lib() is 'bdb': ++ if instance.get_db_lib() == 'bdb': + if ds_supports_new_changelog(): + backup_checkdir = os.path.join(backup_dir, DEFAULT_BENAME, BDB_CL_FILENAME) + else: +@@ -60,6 +62,7 @@ def _check_repl_changelog_backup(instance, backup_dir): + log.fatal('test_changelog5: backup directory does not exist : {}*'.format(backup_checkdir)) + assert False + ++ + def _perform_ldap_operations(topo): + """Add a test user, modify description, modrdn user and delete it""" + +@@ -760,7 +763,7 @@ def test_changelog_pagesize(topo): + 3. Should not have any 4K page size in db_stat output + """ + +- s1=topo.ms["supplier1"] ++ s1 = topo.ms["supplier1"] + fs_pagesize = os.statvfs(s1.ds_paths.db_home_dir).f_bsize + if fs_pagesize != 4096: + pytest.skip("This test requires that database filesystem prefered block size is 4K.") +@@ -770,8 +773,8 @@ def test_changelog_pagesize(topo): + log.debug(f"DEBUG: Running {cmd}") + output = subprocess.check_output(cmd, universal_newlines=True, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError as e: +- self.log.error(f'Failed to gather db statistics {cmd}: "{e.output.decode()}') +- self.log.error(e) ++ log.error(f'Failed to gather db statistics {cmd}: "{e.output.decode()}') ++ log.error(e) + raise e + assert not re.match("^4096 *Page size", output, flags=re.MULTILINE) + +diff --git a/ldap/include/avl.h b/ldap/include/avl.h +index cafe810ac..57086de23 100644 +--- a/ldap/include/avl.h ++++ b/ldap/include/avl.h +@@ -64,14 +64,15 @@ typedef int (*IFP)(); /* takes undefined arguments */ + /* avl routines */ + #define avl_getone(x) (x == 0 ? 0 : (x)->avl_data) + #define avl_onenode(x) (x == 0 || ((x)->avl_left == 0 && (x)->avl_right == 0)) +-extern int avl_insert(Avlnode **root, void *data, IFP fcmp, IFP fdup); +-extern caddr_t avl_delete(Avlnode **root, void *data, IFP fcmp); +-extern caddr_t avl_find(Avlnode *root, void *data, IFP fcmp); ++ ++extern int avl_insert(Avlnode **root, caddr_t data, int32_t(*fcmp)(caddr_t, caddr_t), int32_t(*fdup)(caddr_t, caddr_t)); ++extern caddr_t avl_delete(Avlnode **root, caddr_t data, int32_t(*fcmp)(caddr_t, caddr_t)); ++extern caddr_t avl_find(Avlnode *root, caddr_t data, int32_t(*fcmp)(caddr_t, caddr_t)); + extern caddr_t avl_getfirst(Avlnode *root); + extern caddr_t avl_getnext(void); +-extern int avl_dup_error(void); +-extern int avl_apply(Avlnode *root, IFP fn, void *arg, int stopflag, int type); +-extern int avl_free(Avlnode *root, IFP dfree); ++extern int avl_dup_error(caddr_t a, caddr_t b); ++extern int avl_apply(Avlnode *root, int32_t(*fn)(caddr_t, caddr_t), void *arg, int stopflag, int type); ++extern int avl_free(Avlnode *root, int32_t(*dfree)(caddr_t)); + + /* apply traversal types */ + #define AVL_PREORDER 1 +@@ -80,6 +81,6 @@ extern int avl_free(Avlnode *root, IFP dfree); + /* what apply returns if it ran out of nodes */ + #define AVL_NOMORE -6 + +-caddr_t avl_find_lin(Avlnode *root, caddr_t data, IFP fcmp); ++caddr_t avl_find_lin(Avlnode *root, caddr_t data, int32_t(*fcmp)(caddr_t, caddr_t)); + + #endif /* _AVL */ +diff --git a/ldap/libraries/libavl/avl.c b/ldap/libraries/libavl/avl.c +index 517e08098..84a50308a 100644 +--- a/ldap/libraries/libavl/avl.c ++++ b/ldap/libraries/libavl/avl.c +@@ -69,8 +69,8 @@ ravl_insert( + Avlnode **iroot, + caddr_t data, + int *taller, +- IFP fcmp, /* comparison function */ +- IFP fdup, /* function to call for duplicates */ ++ int32_t (*fcmp)(caddr_t, caddr_t), /* comparison function */ ++ int32_t (*fdup)(caddr_t, caddr_t), /* function to call for duplicates */ + int depth) + { + int rc, cmp, tallersub; +@@ -226,13 +226,13 @@ ravl_insert( + int + avl_insert( + Avlnode **root, +- void *data, +- IFP fcmp, +- IFP fdup) ++ caddr_t data, ++ int32_t (*fcmp)(caddr_t, caddr_t), ++ int32_t (*fdup)(caddr_t, caddr_t)) + { + int taller; + +- return ravl_insert(root, (caddr_t)data, &taller, fcmp, fdup, 0); ++ return ravl_insert(root, data, &taller, fcmp, fdup, 0); + } + + /* +@@ -374,7 +374,7 @@ static caddr_t + ravl_delete( + Avlnode **root, + caddr_t data, +- IFP fcmp, ++ int32_t (*fcmp)(caddr_t, caddr_t), + int *shorter) + { + int shortersubtree = 0; +@@ -464,15 +464,15 @@ ravl_delete( + */ + + caddr_t +-avl_delete(Avlnode **root, void *data, IFP fcmp) ++avl_delete(Avlnode **root, caddr_t data, int32_t(*fcmp)(caddr_t, caddr_t)) + { + int shorter; + +- return ravl_delete(root, (caddr_t)data, fcmp, &shorter); ++ return ravl_delete(root, data, fcmp, &shorter); + } + + static int +-avl_inapply(Avlnode *root, IFP fn, caddr_t arg, int stopflag) ++avl_inapply(Avlnode *root, int32_t(*fn)(caddr_t, caddr_t), caddr_t arg, int stopflag) + { + if (root == 0) + return (AVL_NOMORE); +@@ -491,7 +491,7 @@ avl_inapply(Avlnode *root, IFP fn, caddr_t arg, int stopflag) + } + + static int +-avl_postapply(Avlnode *root, IFP fn, caddr_t arg, int stopflag) ++avl_postapply(Avlnode *root, int32_t(*fn)(caddr_t, caddr_t), caddr_t arg, int stopflag) + { + if (root == 0) + return (AVL_NOMORE); +@@ -508,7 +508,7 @@ avl_postapply(Avlnode *root, IFP fn, caddr_t arg, int stopflag) + } + + static int +-avl_preapply(Avlnode *root, IFP fn, caddr_t arg, int stopflag) ++avl_preapply(Avlnode *root, int32_t(*fn)(caddr_t, caddr_t), caddr_t arg, int stopflag) + { + if (root == 0) + return (AVL_NOMORE); +@@ -537,7 +537,7 @@ avl_preapply(Avlnode *root, IFP fn, caddr_t arg, int stopflag) + int + avl_apply( + Avlnode *root, +- IFP fn, ++ int32_t (*fn)(caddr_t, caddr_t), + void *arg, + int stopflag, + int type) +@@ -572,9 +572,9 @@ int + avl_prefixapply( + Avlnode *root, + caddr_t data, +- IFP fmatch, ++ int32_t (*fmatch)(caddr_t, caddr_t), + caddr_t marg, +- IFP fcmp, ++ int32_t (*fcmp)(caddr_t, caddr_t, caddr_t), + caddr_t carg, + int stopflag) + { +@@ -619,7 +619,7 @@ avl_prefixapply( + */ + + int +-avl_free(Avlnode *root, IFP dfree) ++avl_free(Avlnode *root, int32_t (*dfree)(caddr_t)) + { + int nleft, nright; + +@@ -649,11 +649,11 @@ avl_free(Avlnode *root, IFP dfree) + */ + + caddr_t +-avl_find(Avlnode *root, void *data, IFP fcmp) ++avl_find(Avlnode *root, caddr_t data, int32_t (*fcmp)(caddr_t, caddr_t)) + { + int cmp; + +- while (root != 0 && (cmp = (*fcmp)((caddr_t)data, root->avl_data)) != 0) { ++ while (root != 0 && (cmp = (*fcmp)(data, root->avl_data)) != 0) { + if (cmp < 0) + root = root->avl_left; + else +@@ -671,7 +671,7 @@ avl_find(Avlnode *root, void *data, IFP fcmp) + */ + + caddr_t +-avl_find_lin(Avlnode *root, caddr_t data, IFP fcmp) ++avl_find_lin(Avlnode *root, caddr_t data, int32_t (*fcmp)(caddr_t, caddr_t)) + { + caddr_t res; + +@@ -699,7 +699,7 @@ static int avl_nextlist = 0; + + /* ARGSUSED */ + static int +-avl_buildlist(caddr_t data, int arg __attribute__((unused))) ++avl_buildlist(caddr_t data, caddr_t arg __attribute__((unused))) + { + static int slots = 0; + +@@ -766,8 +766,10 @@ avl_getnext(void) + return (avl_list[avl_nextlist++]); + } + ++/* This is always called from avl_insert, where the dup function expects two ++ * caddr_t paramters */ + int +-avl_dup_error(void) ++avl_dup_error(caddr_t a __attribute__((unused)), caddr_t b __attribute__((unused))) + { + return (-1); + } +diff --git a/ldap/servers/plugins/acl/acllist.c b/ldap/servers/plugins/acl/acllist.c +index e80c567c3..bf1168691 100644 +--- a/ldap/servers/plugins/acl/acllist.c ++++ b/ldap/servers/plugins/acl/acllist.c +@@ -233,14 +233,14 @@ __acllist_add_aci(aci_t *aci) + slapi_sdn_set_ndn_byval(aciListHead->acic_sdn, slapi_sdn_get_ndn(aci->aci_sdn)); + + /* insert the aci */ +- switch (avl_insert(&acllistRoot, aciListHead, __acllist_aciContainer_node_cmp, ++ switch (avl_insert(&acllistRoot, (caddr_t)aciListHead, __acllist_aciContainer_node_cmp, + __acllist_aciContainer_node_dup)) { + + case 1: /* duplicate ACL on the same entry */ + + /* Find the node that contains the acl. */ +- if (NULL == (head = (AciContainer *)avl_find(acllistRoot, aciListHead, +- (IFP)__acllist_aciContainer_node_cmp))) { ++ if (NULL == (head = (AciContainer *)avl_find(acllistRoot, (caddr_t)aciListHead, ++ __acllist_aciContainer_node_cmp))) { + slapi_log_err(SLAPI_PLUGIN_ACL, plugin_name, + "__acllist_add_aci - Can't insert the acl in the tree\n"); + rv = 1; +@@ -356,8 +356,8 @@ acllist_remove_aci_needsLock(const Slapi_DN *sdn, const struct berval *attr) + slapi_sdn_set_ndn_byval(aciListHead->acic_sdn, slapi_sdn_get_ndn(sdn)); + + /* now find it */ +- if (NULL == (root = (AciContainer *)avl_find(acllistRoot, aciListHead, +- (IFP)__acllist_aciContainer_node_cmp))) { ++ if (NULL == (root = (AciContainer *)avl_find(acllistRoot, (caddr_t)aciListHead, ++ __acllist_aciContainer_node_cmp))) { + /* In that case we don't have any acl for this entry. cool !!! */ + + acllist_free_aciContainer(&aciListHead); +@@ -389,7 +389,7 @@ acllist_remove_aci_needsLock(const Slapi_DN *sdn, const struct berval *attr) + slapi_log_err(SLAPI_LOG_ACL, plugin_name, + "acllist_remove_aci_needsLock - Removing container[%d]=%s\n", root->acic_index, + slapi_sdn_get_ndn(root->acic_sdn)); +- dContainer = (AciContainer *)avl_delete(&acllistRoot, aciListHead, ++ dContainer = (AciContainer *)avl_delete(&acllistRoot, (caddr_t)aciListHead, + __acllist_aciContainer_node_cmp); + acllist_free_aciContainer(&dContainer); + +@@ -472,8 +472,9 @@ acllist_done_aciContainer(AciContainer *head) + } + + static int +-free_aci_avl_container(AciContainer *data) ++free_aci_avl_container(caddr_t d) + { ++ AciContainer *data = (AciContainer *)d; + aci_t *head, *next = NULL; + + head = data->acic_list; +@@ -658,7 +659,7 @@ acllist_init_scan(Slapi_PBlock *pb, int scope __attribute__((unused)), const cha + + root = (AciContainer *)avl_find(acllistRoot, + (caddr_t)aclpb->aclpb_aclContainer, +- (IFP)__acllist_aciContainer_node_cmp); ++ __acllist_aciContainer_node_cmp); + if (index >= aclpb_max_selected_acls - 2) { + aclpb->aclpb_handles_index[0] = -1; + slapi_ch_free_string(&basedn); +@@ -750,7 +751,7 @@ acllist_aciscan_update_scan(Acl_PBlock *aclpb, char *edn) + + root = (AciContainer *)avl_find(acllistRoot, + (caddr_t)aclpb->aclpb_aclContainer, +- (IFP)__acllist_aciContainer_node_cmp); ++ __acllist_aciContainer_node_cmp); + + slapi_log_err(SLAPI_LOG_ACL, plugin_name, + "acllist_aciscan_update_scan - Searching AVL tree for update:%s: container:%d\n", +@@ -910,8 +911,8 @@ acllist_moddn_aci_needsLock(Slapi_DN *oldsdn, char *newdn) + slapi_sdn_free(&aciListHead->acic_sdn); + aciListHead->acic_sdn = oldsdn; + +- if (NULL == (head = (AciContainer *)avl_find(acllistRoot, aciListHead, +- (IFP)__acllist_aciContainer_node_cmp))) { ++ if (NULL == (head = (AciContainer *)avl_find(acllistRoot, (caddr_t)aciListHead, ++ __acllist_aciContainer_node_cmp))) { + + slapi_log_err(SLAPI_PLUGIN_ACL, plugin_name, + "acllist_moddn_aci_needsLock - Can't find the acl in the tree for moddn operation:olddn%s\n", +diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c +index 1ed17c097..22fa7607d 100644 +--- a/ldap/servers/plugins/collation/orfilter.c ++++ b/ldap/servers/plugins/collation/orfilter.c +@@ -54,7 +54,7 @@ typedef struct or_filter_t + static or_filter_t * + or_filter_get(Slapi_PBlock *pb) + { +- auto void *obj = NULL; ++ void *obj = NULL; + if (!slapi_pblock_get(pb, SLAPI_PLUGIN_OBJECT, &obj)) { + return (or_filter_t *)obj; + } +@@ -64,7 +64,7 @@ or_filter_get(Slapi_PBlock *pb) + static int + or_filter_destroy(Slapi_PBlock *pb) + { +- auto or_filter_t * or = or_filter_get(pb); ++ or_filter_t * or = or_filter_get(pb); + slapi_log_err(SLAPI_LOG_FILTER, COLLATE_PLUGIN_SUBSYSTEM, + "or_filter_destroy - (%p)\n", (void *) or); + if (or != NULL) { +@@ -105,10 +105,10 @@ ss_match(struct berval *value, + * -1 nothing in value will match; give up + */ + { +- auto struct berval *vals[2]; +- auto struct berval val; +- auto struct berval key; +- auto size_t attempts = MAX_CHAR_COMBINING; ++ struct berval *vals[2]; ++ struct berval val; ++ struct berval key; ++ size_t attempts = MAX_CHAR_COMBINING; + + vals[0] = &val; + vals[1] = NULL; +@@ -117,9 +117,9 @@ ss_match(struct berval *value, + key.bv_val = key0->bv_val; + key.bv_len = key0->bv_len - 1; + while (1) { +- auto struct berval **vkeys = ix->ix_index(ix, vals, NULL); ++ struct berval **vkeys = ix->ix_index(ix, vals, NULL); + if (vkeys && vkeys[0]) { +- auto const struct berval *vkey = vkeys[0]; ++ const struct berval *vkey = vkeys[0]; + if (vkey->bv_len > key.bv_len) { + if (--attempts <= 0) { + break; /* No match at this starting point */ +@@ -138,7 +138,7 @@ ss_match(struct berval *value, + val.bv_len += LDAP_UTF8LEN(val.bv_val + val.bv_len); + } + if (value->bv_len > 0) { +- auto size_t one = LDAP_UTF8LEN(value->bv_val); ++ size_t one = LDAP_UTF8LEN(value->bv_val); + value->bv_len -= one; + value->bv_val += one; + return 1; +@@ -153,12 +153,12 @@ ss_filter_match(or_filter_t * or, struct berval **vals) + * >0 an LDAP error code + */ + { +- auto int rc = -1; /* no match */ +- auto indexer_t *ix = or->or_indexer; ++ int rc = -1; /* no match */ ++ indexer_t *ix = or->or_indexer; + if (vals != NULL) + for (; *vals; ++vals) { +- auto struct berval v; +- auto struct berval **k = or->or_match_keys; ++ struct berval v; ++ struct berval **k = or->or_match_keys; + if (k == NULL || *k == NULL) { + rc = 0; /* present */ + break; +@@ -180,12 +180,12 @@ ss_filter_match(or_filter_t * or, struct berval **vals) + break; + } + } else { /* final */ +- auto size_t attempts = MAX_CHAR_COMBINING; +- auto char *limit = v.bv_val; +- auto char *end; +- auto struct berval **vkeys; +- auto struct berval *final_vals[2]; +- auto struct berval key; ++ size_t attempts = MAX_CHAR_COMBINING; ++ char *limit = v.bv_val; ++ char *end; ++ struct berval **vkeys; ++ struct berval *final_vals[2]; ++ struct berval key; + + rc = -1; + final_vals[0] = &v; +@@ -211,7 +211,7 @@ ss_filter_match(or_filter_t * or, struct berval **vals) + v.bv_len = end - v.bv_val + 1; + vkeys = ix->ix_index(ix, final_vals, NULL); + if (vkeys && vkeys[0]) { +- auto const struct berval *vkey = vkeys[0]; ++ const struct berval *vkey = vkeys[0]; + if (vkey->bv_len > key.bv_len) { + if (--attempts <= 0) { + break; +@@ -239,11 +239,11 @@ ss_filter_match(or_filter_t * or, struct berval **vals) + static int + op_filter_match(or_filter_t * or, struct berval **vals) + { +- auto indexer_t *ix = or->or_indexer; +- auto struct berval **v = ix->ix_index(ix, vals, NULL); ++ indexer_t *ix = or->or_indexer; ++ struct berval **v = ix->ix_index(ix, vals, NULL); + if (v != NULL) + for (; *v; ++v) { +- auto struct berval **k = or->or_match_keys; ++ struct berval **k = or->or_match_keys; + if (k != NULL) + for (; *k; ++k) { + switch (or->or_op) { +@@ -282,11 +282,11 @@ or_filter_match(void *obj, Slapi_Entry *entry, Slapi_Attr *attr) + * >0 an LDAP error code + */ + { +- auto int rc = -1; /* no match */ +- auto or_filter_t * or = (or_filter_t *)obj; ++ int rc = -1; /* no match */ ++ or_filter_t * or = (or_filter_t *)obj; + for (; attr != NULL; slapi_entry_next_attr(entry, attr, &attr)) { +- auto char *type = NULL; +- auto struct berval **vals = NULL; ++ char *type = NULL; ++ struct berval **vals = NULL; + + /* + * XXXmcs 1-March-2001: This code would perform better if it did not make +@@ -352,7 +352,7 @@ static struct berval * + slapi_ch_bvdup0(struct berval *val) + /* Return a copy of val, with a 0 byte following the end. */ + { +- auto struct berval *result = (struct berval *) ++ struct berval *result = (struct berval *) + slapi_ch_malloc(sizeof(struct berval)); + slapi_ber_bvcpy(result, val); + return result; +@@ -372,12 +372,12 @@ static struct berval ** + ss_filter_values(struct berval *pattern, int *query_op) + /* Split the pattern into its substrings and return them. */ + { +- auto struct berval **result; +- auto struct berval val; +- auto size_t n; +- auto char *s; +- auto char *p; +- auto char *plimit = pattern->bv_val + pattern->bv_len; ++ struct berval **result; ++ struct berval val; ++ size_t n; ++ char *s; ++ char *p; ++ char *plimit = pattern->bv_val + pattern->bv_len; + + /* Compute the length of the result array, and + the maximum bv_len of any of its elements. */ +@@ -389,7 +389,7 @@ ss_filter_values(struct berval *pattern, int *query_op) + case WILDCARD: + ++n; + { +- auto const size_t len = (p - s); ++ const size_t len = (p - s); + if (val.bv_len < len) + val.bv_len = len; + } +@@ -402,8 +402,8 @@ ss_filter_values(struct berval *pattern, int *query_op) + } + } + if (n == 2) { /* no wildcards in pattern */ +- auto struct berval **pvec = (struct berval **)slapi_ch_malloc(sizeof(struct berval *) * 2); +- auto struct berval *pv = slapi_ch_bvdup(pattern); ++ struct berval **pvec = (struct berval **)slapi_ch_malloc(sizeof(struct berval *) * 2); ++ struct berval *pv = slapi_ch_bvdup(pattern); + pvec[0] = pv; + pvec[1] = NULL; + ss_unescape(pv); +@@ -413,7 +413,7 @@ ss_filter_values(struct berval *pattern, int *query_op) + return NULL; /* presence */ + } + { +- auto const size_t len = (p - s); ++ const size_t len = (p - s); + if (val.bv_len < len) + val.bv_len = len; + } +@@ -449,7 +449,7 @@ ss_filter_key(indexer_t *ix, struct berval *val) + struct berval *key = (struct berval *)slapi_ch_calloc(1, sizeof(struct berval)); + if (val->bv_len > 0) { + struct berval **keys = NULL; +- auto struct berval *vals[2]; ++ struct berval *vals[2]; + vals[0] = val; + vals[1] = NULL; + keys = ix->ix_index(ix, vals, NULL); +@@ -477,10 +477,10 @@ ss_filter_keys(indexer_t *ix, struct berval **values) + an empty key definitely implies an absent value. + */ + { +- auto struct berval **keys = NULL; ++ struct berval **keys = NULL; + if (values != NULL) { +- auto size_t n; /* how many substring values */ +- auto struct berval **val; ++ size_t n; /* how many substring values */ ++ struct berval **val; + for (n = 0, val = values; *val != NULL; ++n, ++val) + ; + keys = (struct berval **)slapi_ch_malloc((n + 1) * sizeof(struct berval *)); +@@ -497,25 +497,25 @@ static int or_filter_index(Slapi_PBlock *pb); + static int + or_filter_create(Slapi_PBlock *pb) + { +- auto int rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* failed to initialize */ +- auto char *mrOID = NULL; +- auto char *mrTYPE = NULL; +- auto struct berval *mrVALUE = NULL; +- auto or_filter_t * or = NULL; ++ int rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* failed to initialize */ ++ char *mrOID = NULL; ++ char *mrTYPE = NULL; ++ struct berval *mrVALUE = NULL; ++ or_filter_t * or = NULL; + + if (!slapi_pblock_get(pb, SLAPI_PLUGIN_MR_OID, &mrOID) && mrOID != NULL && + !slapi_pblock_get(pb, SLAPI_PLUGIN_MR_TYPE, &mrTYPE) && mrTYPE != NULL && + !slapi_pblock_get(pb, SLAPI_PLUGIN_MR_VALUE, &mrVALUE) && mrVALUE != NULL) { +- auto size_t len = mrVALUE->bv_len; +- auto indexer_t *ix = NULL; +- auto int op = SLAPI_OP_EQUAL; +- auto struct berval bv; +- auto int reusable = MRF_ANY_TYPE; ++ size_t len = mrVALUE->bv_len; ++ indexer_t *ix = NULL; ++ int op = SLAPI_OP_EQUAL; ++ struct berval bv; ++ int reusable = MRF_ANY_TYPE; + + slapi_log_err(SLAPI_LOG_FILTER, COLLATE_PLUGIN_SUBSYSTEM, + "or_filter_create - (oid %s; type %s)\n", mrOID, mrTYPE); + if (len > 1 && (ix = indexer_create(mrOID)) != NULL) { +- auto char *val = mrVALUE->bv_val; ++ char *val = mrVALUE->bv_val; + switch (val[0]) { + case '=': + break; +@@ -537,7 +537,7 @@ or_filter_create(Slapi_PBlock *pb) + bv.bv_val = (len > 0) ? val : NULL; + } else { /* mrOID does not identify an ordering rule. */ + /* Is it an ordering rule OID with a relational operator suffix? */ +- auto size_t oidlen = strlen(mrOID); ++ size_t oidlen = strlen(mrOID); + if (oidlen > 2 && mrOID[oidlen - 2] == '.') { + op = atoi(mrOID + oidlen - 1); + switch (op) { +@@ -547,7 +547,7 @@ or_filter_create(Slapi_PBlock *pb) + case SLAPI_OP_GREATER_OR_EQUAL: + case SLAPI_OP_GREATER: + case SLAPI_OP_SUBSTRING: { +- auto char *or_oid = slapi_ch_strdup(mrOID); ++ char *or_oid = slapi_ch_strdup(mrOID); + or_oid[oidlen - 2] = '\0'; + ix = indexer_create(or_oid); + if (ix != NULL) { +@@ -575,7 +575,7 @@ or_filter_create(Slapi_PBlock *pb) + or->or_values[1] = NULL; + } + { +- auto struct berval **val = or->or_values; ++ struct berval **val = or->or_values; + if (val) + for (; *val; ++val) { + slapi_log_err(SLAPI_LOG_FILTER, COLLATE_PLUGIN_SUBSYSTEM, +@@ -607,7 +607,7 @@ or_filter_create(Slapi_PBlock *pb) + static indexer_t * + op_indexer_get(Slapi_PBlock *pb) + { +- auto void *obj = NULL; ++ void *obj = NULL; + if (!slapi_pblock_get(pb, SLAPI_PLUGIN_OBJECT, &obj)) { + return (indexer_t *)obj; + } +@@ -617,7 +617,7 @@ op_indexer_get(Slapi_PBlock *pb) + static int + op_indexer_destroy(Slapi_PBlock *pb) + { +- auto indexer_t *ix = op_indexer_get(pb); ++ indexer_t *ix = op_indexer_get(pb); + slapi_log_err(SLAPI_LOG_FILTER, COLLATE_PLUGIN_SUBSYSTEM, + "op_indexer_destroy - (%p)\n", (void *)ix); + if (ix != NULL) { +@@ -632,8 +632,8 @@ static int + op_index_entry(Slapi_PBlock *pb) + /* Compute collation keys (when writing an entry). */ + { +- auto indexer_t *ix = op_indexer_get(pb); +- auto int rc; ++ indexer_t *ix = op_indexer_get(pb); ++ int rc; + struct berval **values; + if (ix != NULL && ix->ix_index != NULL && + !slapi_pblock_get(pb, SLAPI_PLUGIN_MR_VALUES, &values) && +@@ -651,10 +651,10 @@ static int + op_index_search(Slapi_PBlock *pb) + /* Compute collation keys (when searching for entries). */ + { +- auto or_filter_t * or = or_filter_get(pb); +- auto int rc = LDAP_OPERATIONS_ERROR; ++ or_filter_t * or = or_filter_get(pb); ++ int rc = LDAP_OPERATIONS_ERROR; + if (or != NULL) { +- auto indexer_t *ix = or->or_indexer; ++ indexer_t *ix = or->or_indexer; + struct berval **values; + if (or->or_index_keys == NULL && ix != NULL && ix->ix_index != NULL && !slapi_pblock_get(pb, SLAPI_PLUGIN_MR_VALUES, &values)) { + or->or_index_keys = slapi_ch_bvecdup(ix->ix_index(ix, values, NULL)); +@@ -688,7 +688,7 @@ ss_indexer_free(ss_indexer_t *ss) + static ss_indexer_t * + ss_indexer_get(Slapi_PBlock *pb) + { +- auto void *obj = NULL; ++ void *obj = NULL; + if (!slapi_pblock_get(pb, SLAPI_PLUGIN_OBJECT, &obj)) { + return (ss_indexer_t *)obj; + } +@@ -698,7 +698,7 @@ ss_indexer_get(Slapi_PBlock *pb) + static void + ss_indexer_destroy(Slapi_PBlock *pb) + { +- auto ss_indexer_t *ss = ss_indexer_get(pb); ++ ss_indexer_t *ss = ss_indexer_get(pb); + slapi_log_err(SLAPI_LOG_FILTER, COLLATE_PLUGIN_SUBSYSTEM, + "ss_indexer_destroy - (%p)\n", (void *)ss); + if (ss) { +@@ -722,9 +722,9 @@ static int + long_enough(struct berval *bval, size_t enough) + { + if (bval) { +- auto size_t len = 0; +- auto char *next = bval->bv_val; +- auto char *last = next + bval->bv_len; ++ size_t len = 0; ++ char *next = bval->bv_val; ++ char *last = next + bval->bv_len; + while (next < last) { + LDAP_UTF8INC(next); + if (++len >= enough) { +@@ -742,23 +742,23 @@ static int + ss_index_entry(Slapi_PBlock *pb) + /* Compute substring index keys (when writing an entry). */ + { +- auto int rc = LDAP_OPERATIONS_ERROR; +- auto size_t substringsLen = 0; ++ int rc = LDAP_OPERATIONS_ERROR; ++ size_t substringsLen = 0; + struct berval **values; +- auto ss_indexer_t *ss = ss_indexer_get(pb); +- auto indexer_t *ix = ss ? ss->ss_indexer : NULL; ++ ss_indexer_t *ss = ss_indexer_get(pb); ++ indexer_t *ix = ss ? ss->ss_indexer : NULL; + if (ix != NULL && ix->ix_index != NULL && + !slapi_pblock_get(pb, SLAPI_PLUGIN_MR_VALUES, &values)) { +- auto struct berval *substrings = NULL; +- auto struct berval **prefixes = NULL; +- auto struct berval **value; ++ struct berval *substrings = NULL; ++ struct berval **prefixes = NULL; ++ struct berval **value; + for (value = values; *value != NULL; ++value) { +- auto struct berval substring; ++ struct berval substring; + substring.bv_val = (*value)->bv_val; + substring.bv_len = (*value)->bv_len; + if (long_enough(&substring, SS_INDEX_LENGTH - 1)) { +- auto struct berval *prefix = &ss_index_initial; +- auto size_t offset; ++ struct berval *prefix = &ss_index_initial; ++ size_t offset; + for (offset = 0; 1; ++offset) { + ++substringsLen; + substrings = (struct berval *) +@@ -782,9 +782,9 @@ ss_index_entry(Slapi_PBlock *pb) + } + } + if (substrings != NULL) { +- auto struct berval **vector = (struct berval **) ++ struct berval **vector = (struct berval **) + slapi_ch_malloc((substringsLen + 1) * sizeof(struct berval *)); +- auto size_t i; ++ size_t i; + for (i = 0; i < substringsLen; ++i) + vector[i] = &(substrings[i]); + vector[substringsLen] = NULL; +@@ -804,21 +804,21 @@ static int + ss_index_search(Slapi_PBlock *pb) + /* Compute substring search keys (when searching for entries). */ + { +- auto int rc = LDAP_OPERATIONS_ERROR; +- auto or_filter_t * or = or_filter_get(pb); ++ int rc = LDAP_OPERATIONS_ERROR; ++ or_filter_t * or = or_filter_get(pb); + if (or) { + if (or->or_index_keys == NULL /* not yet computed */ && + or->or_values && or->or_indexer && or->or_indexer->ix_index) { +- auto size_t substringsLen = 0; +- auto struct berval *substrings = NULL; +- auto struct berval **prefixes = NULL; +- auto struct berval **value; ++ size_t substringsLen = 0; ++ struct berval *substrings = NULL; ++ struct berval **prefixes = NULL; ++ struct berval **value; + for (value = or->or_values; *value != NULL; ++value) { +- auto size_t offset; +- auto struct berval substring; ++ size_t offset; ++ struct berval substring; + substring.bv_val = (*value)->bv_val; + for (offset = 0; 1; ++offset, LDAP_UTF8INC(substring.bv_val)) { +- auto struct berval *prefix = NULL; ++ struct berval *prefix = NULL; + substring.bv_len = (*value)->bv_len - (substring.bv_val - (*value)->bv_val); + if (offset == 0 && value == or->or_values) { + if (long_enough(&substring, SS_INDEX_LENGTH - 1)) { +@@ -845,10 +845,10 @@ ss_index_search(Slapi_PBlock *pb) + } + } + if (substrings != NULL) { +- auto indexer_t *ix = or->or_indexer; +- auto struct berval **vector = (struct berval **) ++ indexer_t *ix = or->or_indexer; ++ struct berval **vector = (struct berval **) + slapi_ch_malloc((substringsLen + 1) * sizeof(struct berval *)); +- auto size_t i; ++ size_t i; + for (i = 0; i < substringsLen; ++i) + vector[i] = &(substrings[i]); + vector[substringsLen] = NULL; +@@ -872,10 +872,10 @@ static int + ss_indexable(struct berval **values) + /* at least one of the values is long enough to index */ + { +- auto struct berval **val = values; ++ struct berval **val = values; + if (val) + for (; *val; ++val) { +- auto struct berval value; ++ struct berval value; + value.bv_val = (*val)->bv_val; + value.bv_len = (*val)->bv_len; + if (val == values) { /* initial */ +@@ -899,12 +899,12 @@ static int + or_filter_index(Slapi_PBlock *pb) + /* Return an indexer and values that accelerate the given filter. */ + { +- auto or_filter_t * or = or_filter_get(pb); +- auto int rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; +- auto IFP mrINDEX_FN = NULL; +- auto struct berval **mrVALUES = NULL; +- auto char *mrOID = NULL; +- auto int mrQUERY_OPERATOR; ++ or_filter_t * or = or_filter_get(pb); ++ int rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; ++ int32_t (*mrINDEX_FN)(Slapi_PBlock *) = NULL; ++ struct berval **mrVALUES = NULL; ++ char *mrOID = NULL; ++ int mrQUERY_OPERATOR; + if (or && or->or_indexer && or->or_indexer->ix_index) { + switch (or->or_op) { + case SLAPI_OP_LESS: +@@ -920,7 +920,7 @@ or_filter_index(Slapi_PBlock *pb) + case SLAPI_OP_SUBSTRING: + if (ss_indexable(or->or_values)) { + if (or->or_oid == NULL) { +- auto const size_t len = strlen(or->or_indexer->ix_oid); ++ const size_t len = strlen(or->or_indexer->ix_oid); + or->or_oid = slapi_ch_malloc(len + 3); + memcpy(or->or_oid, or->or_indexer->ix_oid, len); + sprintf(or->or_oid + len, ".%1i", SLAPI_OP_SUBSTRING); +@@ -952,15 +952,15 @@ or_filter_index(Slapi_PBlock *pb) + static int + or_indexer_create(Slapi_PBlock *pb) + { +- auto int rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* failed to initialize */ +- auto char *mrOID = NULL; +- auto void *mrOBJECT = NULL; ++ int rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; /* failed to initialize */ ++ char *mrOID = NULL; ++ void *mrOBJECT = NULL; + if (slapi_pblock_get(pb, SLAPI_PLUGIN_MR_OID, &mrOID) || mrOID == NULL) { + slapi_log_err(SLAPI_LOG_FILTER, COLLATE_PLUGIN_SUBSYSTEM, + "or_indexer_create - No OID parameter\n"); + } else { +- auto indexer_t *ix = indexer_create(mrOID); +- auto char *mrTYPE = NULL; ++ indexer_t *ix = indexer_create(mrOID); ++ char *mrTYPE = NULL; + slapi_pblock_get(pb, SLAPI_PLUGIN_MR_TYPE, &mrTYPE); + slapi_log_err(SLAPI_LOG_FILTER, "or_indexer_create", "(oid %s; type %s)\n", + mrOID, mrTYPE ? mrTYPE : ""); +@@ -977,14 +977,14 @@ or_indexer_create(Slapi_PBlock *pb) + } + } else { /* mrOID does not identify an ordering rule. */ + /* Is it an ordering rule OID with the substring suffix? */ +- auto size_t oidlen = strlen(mrOID); ++ size_t oidlen = strlen(mrOID); + if (oidlen > 2 && mrOID[oidlen - 2] == '.' && + atoi(mrOID + oidlen - 1) == SLAPI_OP_SUBSTRING) { +- auto char *or_oid = slapi_ch_strdup(mrOID); ++ char *or_oid = slapi_ch_strdup(mrOID); + or_oid[oidlen - 2] = '\0'; + ix = indexer_create(or_oid); + if (ix != NULL) { +- auto ss_indexer_t *ss = (ss_indexer_t *)slapi_ch_malloc(sizeof(ss_indexer_t)); ++ ss_indexer_t *ss = (ss_indexer_t *)slapi_ch_malloc(sizeof(ss_indexer_t)); + ss->ss_indexer = ix; + oidlen = strlen(ix->ix_oid); + ss->ss_oid = slapi_ch_malloc(oidlen + 3); +diff --git a/ldap/servers/plugins/pwdstorage/md5c.c b/ldap/servers/plugins/pwdstorage/md5c.c +index e7085a68d..8075dcb80 100644 +--- a/ldap/servers/plugins/pwdstorage/md5c.c ++++ b/ldap/servers/plugins/pwdstorage/md5c.c +@@ -1,6 +1,6 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2005-2025 Red Hat, Inc. + * All rights reserved. + * + * License: GPL (version 3 or any later version). +@@ -69,20 +69,17 @@ static unsigned char PADDING[64] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + +-/* F, G, H and I are basic MD5 functions. +- */ ++/* F, G, H and I are basic MD5 functions. */ + #define F(x, y, z) (((x) & (y)) | ((~(x)) & (z))) + #define G(x, y, z) (((x) & (z)) | ((y) & (~(z)))) + #define H(x, y, z) ((x) ^ (y) ^ (z)) + #define I(x, y, z) ((y) ^ ((x) | (~(z)))) + +-/* ROTATE_LEFT rotates x left n bits. +- */ ++/* ROTATE_LEFT rotates x left n bits. */ + #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) + + /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. +-Rotation is separate from addition to prevent recomputation. +- */ ++ * Rotation is separate from addition to prevent recomputation. */ + #define FF(a, b, c, d, x, s, ac) \ + { \ + (a) += F((b), (c), (d)) + (x) + (UINT4)(ac); \ +@@ -108,14 +105,11 @@ Rotation is separate from addition to prevent recomputation. + (a) += (b); \ + } + +-/* MD5 initialization. Begins an MD5 operation, writing a new context. +- */ +-void mta_MD5Init(context) +- mta_MD5_CTX *context; /* context */ ++/* MD5 initialization. Begins an MD5 operation, writing a new context. */ ++void mta_MD5Init(mta_MD5_CTX *context) + { + context->count[0] = context->count[1] = 0; +- /* Load magic initialization constants. +-*/ ++ /* Load magic initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; +@@ -123,13 +117,9 @@ void mta_MD5Init(context) + } + + /* MD5 block update operation. Continues an MD5 message-digest +- operation, processing another message block, and updating the +- context. +- */ +-void mta_MD5Update(context, input, inputLen) +- mta_MD5_CTX *context; /* context */ +-const unsigned char *input; /* input block */ +-unsigned int inputLen; /* length of input block */ ++ * operation, processing another message block, and updating the ++ * context. */ ++void mta_MD5Update(mta_MD5_CTX *context, const unsigned char *input, unsigned int inputLen) + { + unsigned int i, index, partLen; + +@@ -143,8 +133,7 @@ unsigned int inputLen; /* length of input block */ + + partLen = 64 - index; + +- /* Transform as many times as possible. +-*/ ++ /* Transform as many times as possible. */ + if (inputLen >= partLen) { + MD5_memcpy((POINTER)&context->buffer[index], (POINTER)input, partLen); + MD5Transform(context->state, context->buffer); +@@ -162,10 +151,8 @@ unsigned int inputLen; /* length of input block */ + } + + /* MD5 finalization. Ends an MD5 message-digest operation, writing the +- the message digest and zeroizing the context. +- */ +-void mta_MD5Final(digest, context) unsigned char digest[16]; /* message digest */ +-mta_MD5_CTX *context; /* context */ ++ * the message digest and zeroizing the context. */ ++void mta_MD5Final(unsigned char digest[16], mta_MD5_CTX *context) + { + unsigned char bits[8]; + unsigned int index, padLen; +@@ -173,8 +160,7 @@ mta_MD5_CTX *context; /* context */ + /* Save number of bits */ + Encode(bits, context->count, 8); + +- /* Pad out to 56 mod 64. +-*/ ++ /* Pad out to 56 mod 64.*/ + index = (unsigned int)((context->count[0] >> 3) & 0x3f); + padLen = (index < 56) ? (56 - index) : (120 - index); + mta_MD5Update(context, PADDING, padLen); +@@ -185,16 +171,12 @@ mta_MD5_CTX *context; /* context */ + /* Store state in digest */ + Encode(digest, context->state, 16); + +- /* Zeroize sensitive information. +-*/ ++ /* Zeroize sensitive information.*/ + MD5_memset((POINTER)context, 0, sizeof(*context)); + } + +-/* MD5 basic transformation. Transforms state based on block. +- */ +-static void MD5Transform(state, block) +- UINT4 state[4]; +-const unsigned char block[64]; ++/* MD5 basic transformation. Transforms state based on block. */ ++static void MD5Transform(UINT4 state[4], const unsigned char block[64]) + { + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + +@@ -277,17 +259,13 @@ const unsigned char block[64]; + state[2] += c; + state[3] += d; + +- /* Zeroize sensitive information. +-*/ ++ /* Zeroize sensitive information. */ + MD5_memset((POINTER)x, 0, sizeof(x)); + } + + /* Encodes input (UINT4) into output (unsigned char). Assumes len is +- a multiple of 4. +- */ +-static void Encode(output, input, len) unsigned char *output; +-const UINT4 *input; +-unsigned int len; ++ * a multiple of 4. */ ++static void Encode(unsigned char *output, const UINT4 *input, unsigned int len) + { + unsigned int i, j; + +@@ -300,12 +278,8 @@ unsigned int len; + } + + /* Decodes input (unsigned char) into output (UINT4). Assumes len is +- a multiple of 4. +- */ +-static void Decode(output, input, len) +- UINT4 *output; +-const unsigned char *input; +-unsigned int len; ++ * a multiple of 4. */ ++static void Decode(UINT4 *output, const unsigned char *input, unsigned int len) + { + unsigned int i, j; + +@@ -314,13 +288,8 @@ unsigned int len; + (((UINT4)input[j + 2]) << 16) | (((UINT4)input[j + 3]) << 24); + } + +-/* Note: Replace "for loop" with standard memcpy if possible. +- */ +- +-static void MD5_memcpy(output, input, len) +- POINTER output; +-const POINTER input; +-unsigned int len; ++/* Note: Replace "for loop" with standard memcpy if possible. */ ++static void MD5_memcpy(POINTER output, const POINTER input, unsigned int len) + { + unsigned int i; + +@@ -328,12 +297,8 @@ unsigned int len; + output[i] = input[i]; + } + +-/* Note: Replace "for loop" with standard memset if possible. +- */ +-static void MD5_memset(output, value, len) +- POINTER output; +-int value; +-unsigned int len; ++/* Note: Replace "for loop" with standard memset if possible. */ ++static void MD5_memset(POINTER output, int value, unsigned int len) + { + unsigned int i; + +diff --git a/ldap/servers/plugins/roles/roles_cache.c b/ldap/servers/plugins/roles/roles_cache.c +index 60f5a919a..9fadcdfc4 100644 +--- a/ldap/servers/plugins/roles/roles_cache.c ++++ b/ldap/servers/plugins/roles/roles_cache.c +@@ -156,8 +156,8 @@ static int roles_is_inscope(Slapi_Entry *entry_to_check, role_object *this_role) + static void berval_set_string(struct berval *bv, const char *string); + static void roles_cache_role_def_delete(roles_cache_def *role_def); + static void roles_cache_role_def_free(roles_cache_def *role_def); +-static void roles_cache_role_object_free(role_object *this_role); +-static int roles_cache_role_object_nested_free(role_object_nested *this_role); ++static int roles_cache_role_object_free(caddr_t this_role); ++static int roles_cache_role_object_nested_free(caddr_t this_role); + static int roles_cache_dump(caddr_t data, caddr_t arg); + static int roles_cache_add_entry_cb(Slapi_Entry *e, void *callback_data); + static void roles_cache_result_cb(int rc, void *callback_data); +@@ -578,11 +578,11 @@ roles_cache_update(roles_cache_def *suffix_to_update) + if ((operation == SLAPI_OPERATION_MODIFY) || + (operation == SLAPI_OPERATION_DELETE)) { + +- to_delete = (role_object *)avl_delete(&(suffix_to_update->avl_tree), dn, roles_cache_find_node); +- roles_cache_role_object_free(to_delete); ++ to_delete = (role_object *)avl_delete(&(suffix_to_update->avl_tree), (caddr_t)dn, roles_cache_find_node); ++ roles_cache_role_object_free((caddr_t)to_delete); + to_delete = NULL; + if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN)) { +- avl_apply(suffix_to_update->avl_tree, (IFP)roles_cache_dump, &rc, -1, AVL_INORDER); ++ avl_apply(suffix_to_update->avl_tree, roles_cache_dump, &rc, -1, AVL_INORDER); + } + } + if ((operation == SLAPI_OPERATION_MODIFY) || +@@ -1513,7 +1513,7 @@ roles_cache_listroles_ext(vattr_context *c, Slapi_Entry *entry, int return_value + /* XXX really need a mutex for this read operation ? */ + slapi_rwlock_rdlock(roles_cache->cache_lock); + +- avl_apply(roles_cache->avl_tree, (IFP)roles_cache_build_nsrole, &arg, -1, AVL_INORDER); ++ avl_apply(roles_cache->avl_tree, roles_cache_build_nsrole, &arg, -1, AVL_INORDER); + + slapi_rwlock_unlock(roles_cache->cache_lock); + +@@ -1630,7 +1630,7 @@ roles_check(Slapi_Entry *entry_to_check, Slapi_DN *role_dn, int *present) + } + slapi_rwlock_unlock(global_lock); + +- this_role = (role_object *)avl_find(roles_cache->avl_tree, role_dn, (IFP)roles_cache_find_node); ++ this_role = (role_object *)avl_find(roles_cache->avl_tree, (caddr_t)role_dn, roles_cache_find_node); + + /* MAB: For some reason the assumption made by this function (the role exists and is in scope) + * does not seem to be true... this_role might be NULL after the avl_find call (is the avl_tree +@@ -1768,7 +1768,7 @@ roles_is_entry_member_of_object_ext(vattr_context *c, caddr_t data, caddr_t argu + case ROLE_TYPE_NESTED: { + /* Go through the tree of the nested DNs */ + get_nsrole->hint++; +- avl_apply(this_role->avl_tree, (IFP)roles_check_nested, get_nsrole, 0, AVL_INORDER); ++ avl_apply(this_role->avl_tree, roles_check_nested, get_nsrole, 0, AVL_INORDER); + get_nsrole->hint--; + + /* kexcoff?? */ +@@ -1904,12 +1904,12 @@ roles_check_nested(caddr_t data, caddr_t arg) + } + + if (slapi_is_loglevel_set(SLAPI_LOG_PLUGIN)) { +- avl_apply(roles_cache->avl_tree, (IFP)roles_cache_dump, &rc, -1, AVL_INORDER); ++ avl_apply(roles_cache->avl_tree, roles_cache_dump, &rc, -1, AVL_INORDER); + } + + this_role = (role_object *)avl_find(roles_cache->avl_tree, +- current_nested_role->dn, +- (IFP)roles_cache_find_node); ++ (caddr_t)current_nested_role->dn, ++ roles_cache_find_node); + + if (this_role == NULL) { + /* the nested role doesn't exist */ +@@ -2029,7 +2029,7 @@ roles_cache_role_def_free(roles_cache_def *role_def) + + slapi_lock_mutex(role_def->stop_lock); + +- avl_free(role_def->avl_tree, (IFP)roles_cache_role_object_free); ++ avl_free(role_def->avl_tree, roles_cache_role_object_free); + slapi_sdn_free(&(role_def->suffix_dn)); + slapi_destroy_rwlock(role_def->cache_lock); + role_def->cache_lock = NULL; +@@ -2060,14 +2060,16 @@ roles_cache_role_def_free(roles_cache_def *role_def) + /* roles_cache_role_object_free + ---------------------------- + */ +-static void +-roles_cache_role_object_free(role_object *this_role) ++static int ++roles_cache_role_object_free(caddr_t tr) + { ++ role_object *this_role = (role_object *)tr; ++ + slapi_log_err(SLAPI_LOG_PLUGIN, + ROLES_PLUGIN_SUBSYSTEM, "--> roles_cache_role_object_free\n"); + + if (this_role == NULL) { +- return; ++ return 0; + } + + switch (this_role->type) { +@@ -2097,14 +2099,17 @@ roles_cache_role_object_free(role_object *this_role) + + slapi_log_err(SLAPI_LOG_PLUGIN, + ROLES_PLUGIN_SUBSYSTEM, "<-- roles_cache_role_object_free\n"); ++ return 0; + } + + /* roles_cache_role_object_nested_free + ------------------------------------ + */ + static int +-roles_cache_role_object_nested_free(role_object_nested *this_role) ++roles_cache_role_object_nested_free(caddr_t tr) + { ++ role_object_nested *this_role = (role_object_nested *)tr; ++ + slapi_log_err(SLAPI_LOG_PLUGIN, + ROLES_PLUGIN_SUBSYSTEM, "--> roles_cache_role_object_nested_free\n"); + +diff --git a/ldap/servers/plugins/syntaxes/bin.c b/ldap/servers/plugins/syntaxes/bin.c +index ab67cecf9..f793f3539 100644 +--- a/ldap/servers/plugins/syntaxes/bin.c ++++ b/ldap/servers/plugins/syntaxes/bin.c +@@ -139,7 +139,8 @@ static struct mr_plugin_def mr_plugin_table[] = { + NULL, + bin_compare, + NULL /* mr_normalize */ +- }}; ++ } ++}; + /* + certificateExactMatch + certificateListExactMatch +diff --git a/ldap/servers/plugins/syntaxes/syntax.h b/ldap/servers/plugins/syntaxes/syntax.h +index c743532c1..7e53c3586 100644 +--- a/ldap/servers/plugins/syntaxes/syntax.h ++++ b/ldap/servers/plugins/syntaxes/syntax.h +@@ -104,21 +104,22 @@ struct mr_plugin_def + Slapi_PluginDesc mr_plg_desc; /* for SLAPI_PLUGIN_DESCRIPTION */ + const char **mr_names; /* list of oid and names, NULL terminated SLAPI_PLUGIN_MR_NAMES */ + /* these are optional for new style mr plugins */ +- IFP mr_filter_create; /* old style factory function SLAPI_PLUGIN_MR_FILTER_CREATE_FN */ +- IFP mr_indexer_create; /* old style factory function SLAPI_PLUGIN_MR_INDEXER_CREATE_FN */ ++ int32_t (*mr_filter_create)(Slapi_PBlock *); /* old style factory function SLAPI_PLUGIN_MR_FILTER_CREATE_FN */ ++ int32_t (*mr_indexer_create)(Slapi_PBlock *); /* old style factory function SLAPI_PLUGIN_MR_INDEXER_CREATE_FN */ + /* new style syntax plugin functions */ + /* not all functions will apply to all matching rule types */ + /* e.g. a SUBSTR rule will not have a filter_ava func */ +- IFP mr_filter_ava; /* SLAPI_PLUGIN_MR_FILTER_AVA */ +- IFP mr_filter_sub; /* SLAPI_PLUGIN_MR_FILTER_SUB */ +- IFP mr_values2keys; /* SLAPI_PLUGIN_MR_VALUES2KEYS */ +- IFP mr_assertion2keys_ava; /* SLAPI_PLUGIN_MR_ASSERTION2KEYS_AVA */ +- IFP mr_assertion2keys_sub; /* SLAPI_PLUGIN_MR_ASSERTION2KEYS_SUB */ +- IFP mr_compare; /* SLAPI_PLUGIN_MR_COMPARE - only for ORDERING */ +- VFPV mr_normalize; ++ int32_t (*mr_filter_ava)(Slapi_PBlock *, struct berval *, Slapi_Value **, int32_t, Slapi_Value **); /* SLAPI_PLUGIN_MR_FILTER_AVA */ ++ int32_t (*mr_filter_sub)(Slapi_PBlock *, char *, char **, char *, Slapi_Value **); /* SLAPI_PLUGIN_MR_FILTER_SUB */ ++ int32_t (*mr_values2keys)(Slapi_PBlock *, Slapi_Value **, Slapi_Value ***, int32_t); /* SLAPI_PLUGIN_MR_VALUES2KEYS */ ++ int32_t (*mr_assertion2keys_ava)(Slapi_PBlock *, Slapi_Value *, Slapi_Value ***, int32_t); ++ int32_t (*mr_assertion2keys_sub)(Slapi_PBlock *, char *, char **, char *, Slapi_Value ***); /* SLAPI_PLUGIN_MR_ASSERTION2KEYS_SUB */ ++ int32_t (*mr_compare)(struct berval *, struct berval *); /* SLAPI_PLUGIN_MR_COMPARE - only for ORDERING */ ++ void (*mr_normalize)(Slapi_PBlock *, char *, int32_t, char **); + }; + +-int syntax_register_matching_rule_plugins(struct mr_plugin_def mr_plugin_table[], size_t mr_plugin_table_size, IFP matching_rule_plugin_init); ++int syntax_register_matching_rule_plugins(struct mr_plugin_def mr_plugin_table[], size_t mr_plugin_table_size, ++ int32_t (*matching_rule_plugin_init)(Slapi_PBlock *)); + int syntax_matching_rule_plugin_init(Slapi_PBlock *pb, struct mr_plugin_def mr_plugin_table[], size_t mr_plugin_table_size); + + #endif +diff --git a/ldap/servers/plugins/syntaxes/syntax_common.c b/ldap/servers/plugins/syntaxes/syntax_common.c +index 821d4d557..7407f0b9c 100644 +--- a/ldap/servers/plugins/syntaxes/syntax_common.c ++++ b/ldap/servers/plugins/syntaxes/syntax_common.c +@@ -16,7 +16,7 @@ int + syntax_register_matching_rule_plugins( + struct mr_plugin_def mr_plugin_table[], + size_t mr_plugin_table_size, +- IFP matching_rule_plugin_init) ++ int32_t (*matching_rule_plugin_init)(Slapi_PBlock *)) + { + int rc = -1; + size_t ii; +diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c +index 6bbcb05ac..e03ea6478 100644 +--- a/ldap/servers/slapd/attrsyntax.c ++++ b/ldap/servers/slapd/attrsyntax.c +@@ -608,10 +608,11 @@ attr_syntax_exists(const char *attr_name) + + static void default_dirstring_normalize_int(char *s, int trim_spaces); + +-static int +-default_dirstring_filter_ava(struct berval *bvfilter __attribute__((unused)), +- Slapi_Value **bvals __attribute__((unused)), +- int ftype __attribute__((unused)), ++static int32_t ++default_dirstring_filter_ava(Slapi_PBlock *pb __attribute__((unused)), ++ const struct berval *bv __attribute__((unused)), ++ Slapi_Value **vals __attribute__((unused)), ++ int32_t ftype __attribute__((unused)), + Slapi_Value **retVal __attribute__((unused))) + { + return (0); +@@ -621,7 +622,7 @@ static int + default_dirstring_values2keys(Slapi_PBlock *pb __attribute__((unused)), + Slapi_Value **bvals, + Slapi_Value ***ivals, +- int ftype) ++ int32_t ftype) + { + int numbvals = 0; + Slapi_Value **nbvals, **nbvlp; +@@ -664,11 +665,11 @@ default_dirstring_values2keys(Slapi_PBlock *pb __attribute__((unused)), + return (0); + } + +-static int ++static int32_t + default_dirstring_assertion2keys_ava(Slapi_PBlock *pb __attribute__((unused)), + Slapi_Value *val __attribute__((unused)), + Slapi_Value ***ivals __attribute__((unused)), +- int ftype __attribute__((unused))) ++ int32_t ftype __attribute__((unused))) + { + return (0); + } +@@ -759,11 +760,11 @@ attr_syntax_default_plugin(const char *nameoroid) + pi->plg_syntax_oid = slapi_ch_strdup(nameoroid); + + +- pi->plg_syntax_filter_ava = (IFP)default_dirstring_filter_ava; +- pi->plg_syntax_values2keys = (IFP)default_dirstring_values2keys; +- pi->plg_syntax_assertion2keys_ava = (IFP)default_dirstring_assertion2keys_ava; ++ pi->plg_syntax_filter_ava = default_dirstring_filter_ava; ++ pi->plg_syntax_values2keys = default_dirstring_values2keys; ++ pi->plg_syntax_assertion2keys_ava = default_dirstring_assertion2keys_ava; + pi->plg_syntax_compare = (IFP)default_dirstring_cmp; +- pi->plg_syntax_normalize = (VFPV)default_dirstring_normalize; ++ pi->plg_syntax_normalize = default_dirstring_normalize; + + return (pi); + } +diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c +index 2bb6b0267..23dd7983f 100644 +--- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c ++++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_import.c +@@ -1298,8 +1298,10 @@ bdb_update_subordinatecounts(backend *be, ImportJob *job, DB_TXN *txn) + + /* Function used to gather a list of indexed attrs */ + static int +-bdb_import_attr_callback(void *node, void *param) ++bdb_import_attr_callback(caddr_t n, caddr_t p) + { ++ void *node = (void *)n; ++ void *param = (void *)p; + ImportJob *job = (ImportJob *)param; + struct attrinfo *a = (struct attrinfo *)node; + +@@ -2215,9 +2217,9 @@ bdb_public_bdb_import_main(void *arg) + /* Here, we get an AVL tree which contains nodes for all attributes + * in the schema. Given this tree, we need to identify those nodes + * which are marked for indexing. */ +- avl_apply(job->inst->inst_attrs, (IFP)bdb_import_attr_callback, ++ avl_apply(job->inst->inst_attrs, bdb_import_attr_callback, + (caddr_t)job, -1, AVL_INORDER); +- vlv_getindices((IFP)bdb_import_attr_callback, (void *)job, be); ++ vlv_getindices(bdb_import_attr_callback, (void *)job, be); + } + + /* Determine how much index buffering space to allocate to each index */ +diff --git a/ldap/servers/slapd/back-ldbm/db-mdb/mdb_import.c b/ldap/servers/slapd/back-ldbm/db-mdb/mdb_import.c +index d0efc1bca..f945f5a59 100644 +--- a/ldap/servers/slapd/back-ldbm/db-mdb/mdb_import.c ++++ b/ldap/servers/slapd/back-ldbm/db-mdb/mdb_import.c +@@ -347,9 +347,11 @@ dbmdb_update_subordinatecounts(backend *be, ImportJob *job, dbi_txn_t *txn) + } + + /* Function used to gather a list of indexed attrs */ +-static int +-dbmdb_import_attr_callback(void *node, void *param) ++static int32_t ++dbmdb_import_attr_callback(caddr_t n, caddr_t p) + { ++ void *node = (void *)n; ++ void *param = (void *)p; + ImportJob *job = (ImportJob *)param; + struct attrinfo *a = (struct attrinfo *)node; + +@@ -788,11 +790,11 @@ dbmdb_import_all_done(ImportJob *job, int ret) + /* Bring backend online again: + * In lmdb case, the import framework is also used for reindexing + * while in bdb case reindexing uses its own code. +- * So dbmdb_import_all_done is called either after ++ * So dbmdb_import_all_done is called either after + * dbmdb_ldif2db or after dbmdb_db2index while + * bdb_import_all_done is only called after bdb_ldif2db. + * +- * dbmdb_db2index uses instance_set_busy_and_readonly ++ * dbmdb_db2index uses instance_set_busy_and_readonly + * while dbmdb_ldif2db uses slapi_mtn_be_disable + * and these functions have to be reverted accordingly. + */ +@@ -821,9 +823,12 @@ dbmdb_import_all_done(ImportJob *job, int ret) + + /* vlv_getindices callback that truncate vlv index (in reindex case) */ + static int +-truncate_index_dbi(struct attrinfo *ai, ImportCtx_t *ctx) ++truncate_index_dbi(caddr_t a, caddr_t c) + { ++ struct attrinfo *ai = (struct attrinfo *)a; ++ ImportCtx_t *ctx = (ImportCtx_t *)c; + int rc = 0; ++ + if (is_reindexed_attr(ai->ai_type, ctx, ctx->indexVlvs)) { + backend *be = ctx->job->inst->inst_be; + dbmdb_dbi_t *dbi = NULL; +@@ -878,9 +883,9 @@ dbmdb_public_dbmdb_import_main(void *arg) + /* Here, we get an AVL tree which contains nodes for all attributes + * in the schema. Given this tree, we need to identify those nodes + * which are marked for indexing. */ +- avl_apply(job->inst->inst_attrs, (IFP)dbmdb_import_attr_callback, ++ avl_apply(job->inst->inst_attrs, dbmdb_import_attr_callback, + (caddr_t)job, -1, AVL_INORDER); +- vlv_getindices((IFP)dbmdb_import_attr_callback, (void *)job, be); ++ vlv_getindices(dbmdb_import_attr_callback, (void *)job, be); + } + + /* insure all dbi get open */ +@@ -901,7 +906,7 @@ dbmdb_public_dbmdb_import_main(void *arg) + pthread_mutex_unlock(&job->wire_lock); + break; + case IM_INDEX: +- vlv_getindices((IFP)truncate_index_dbi, ctx, job->inst->inst_be); ++ vlv_getindices(truncate_index_dbi, ctx, job->inst->inst_be); + default: + break; + } +diff --git a/ldap/servers/slapd/back-ldbm/db-mdb/mdb_import_threads.c b/ldap/servers/slapd/back-ldbm/db-mdb/mdb_import_threads.c +index 6978bf5e3..545099b5f 100644 +--- a/ldap/servers/slapd/back-ldbm/db-mdb/mdb_import_threads.c ++++ b/ldap/servers/slapd/back-ldbm/db-mdb/mdb_import_threads.c +@@ -2895,7 +2895,7 @@ look4indexinfo(ImportCtx_t *ctx, const char *attrname) + { + MdbIndexInfo_t searched_mii = {0}; + searched_mii.name = (char*) attrname; +- return (MdbIndexInfo_t *)avl_find(ctx->indexes, &searched_mii, cmp_mii); ++ return (MdbIndexInfo_t *)avl_find(ctx->indexes, (caddr_t)&searched_mii, cmp_mii); + } + + /* Prepare key and data for updating parentid or ancestorid indexes */ +@@ -3460,7 +3460,7 @@ dbmdb_add_import_index(ImportCtx_t *ctx, const char *name, IndexInfo *ii) + + DBG_LOG(DBGMDB_LEVEL_OTHER,"Calling dbmdb_open_dbi_from_filename for %s flags = 0x%x", mii->name, dbi_flags); + dbmdb_open_dbi_from_filename(&mii->dbi, job->inst->inst_be, mii->name, mii->ai, dbi_flags); +- avl_insert(&ctx->indexes, mii, cmp_mii, NULL); ++ avl_insert(&ctx->indexes, (caddr_t)mii, cmp_mii, NULL); + } + + /* +@@ -3486,7 +3486,7 @@ dbmdb_open_redirect_db(ImportCtx_t *ctx) + mii->ai = ai; + mii->flags = MII_SKIP | MII_NOATTR; + dbmdb_open_dbi_from_filename(&mii->dbi, be, mii->name, mii->ai, dbi_flags); +- avl_insert(&ctx->indexes, mii, cmp_mii, NULL); ++ avl_insert(&ctx->indexes, (caddr_t)mii, cmp_mii, NULL); + ctx->redirect = mii; + } + +@@ -3532,11 +3532,13 @@ dbmdb_build_import_index_list(ImportCtx_t *ctx) + + } + +-void +-free_ii(MdbIndexInfo_t *ii) ++static int32_t ++free_ii(caddr_t i) + { ++ MdbIndexInfo_t *ii = (MdbIndexInfo_t *)i; + slapi_ch_free_string(&ii->name); + slapi_ch_free((void**)&ii); ++ return 0; + } + + /* +@@ -4338,7 +4340,7 @@ dbmdb_free_import_ctx(ImportJob *job) + dbmdb_import_q_destroy(&ctx->bulkq); + slapi_ch_free((void**)&ctx->id2entry->name); + slapi_ch_free((void**)&ctx->id2entry); +- avl_free(ctx->indexes, (IFP) free_ii); ++ avl_free(ctx->indexes, free_ii); + ctx->indexes = NULL; + charray_free(ctx->indexAttrs); + charray_free(ctx->indexVlvs); +diff --git a/ldap/servers/slapd/back-ldbm/db-mdb/mdb_instance.c b/ldap/servers/slapd/back-ldbm/db-mdb/mdb_instance.c +index 682fd70e2..145811237 100644 +--- a/ldap/servers/slapd/back-ldbm/db-mdb/mdb_instance.c ++++ b/ldap/servers/slapd/back-ldbm/db-mdb/mdb_instance.c +@@ -336,8 +336,10 @@ int add_dbi(dbi_open_ctx_t *octx, backend *be, const char *fname, int flags) + + /* avlapply callback to open/create the dbi needed to handle an index */ + static int +-add_index_dbi(struct attrinfo *ai, dbi_open_ctx_t *octx) ++add_index_dbi(caddr_t attr, caddr_t otx) + { ++ struct attrinfo *ai = (struct attrinfo *)attr; ++ dbi_open_ctx_t *octx = (dbi_open_ctx_t *)otx; + int flags = octx->ctx->readonly ? MDB_RDONLY: MDB_CREATE; + char *rcdbname = NULL; + +@@ -473,7 +475,7 @@ dbmdb_open_all_files(dbmdb_ctx_t *ctx, backend *be) + } + if (be->vlvSearchList_lock) { + /* vlv search list is initialized so we can use it */ +- vlv_getindices((IFP)add_index_dbi, &octx, be); ++ vlv_getindices(add_index_dbi, &octx, be); + } else if (vlv_list) { + char *rcdbname = NULL; + for (size_t i=0; rc == 0 && vlv_list[i]; i++) { +diff --git a/ldap/servers/slapd/back-ldbm/filterindex.c b/ldap/servers/slapd/back-ldbm/filterindex.c +index 8bb22570b..c01a58ccd 100644 +--- a/ldap/servers/slapd/back-ldbm/filterindex.c ++++ b/ldap/servers/slapd/back-ldbm/filterindex.c +@@ -462,7 +462,7 @@ extensible_candidates( + case SLAPI_OP_EQUAL: + case SLAPI_OP_GREATER_OR_EQUAL: + case SLAPI_OP_GREATER: { +- IFP mrINDEX = NULL; ++ int32_t (*mrINDEX)(Slapi_PBlock *) = NULL; + void *mrOBJECT = NULL; + struct berval **mrVALUES = NULL; + char *mrOID = NULL; +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c +index 30bfd1349..7fe6f1405 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c +@@ -68,7 +68,7 @@ attrinfo_delete(struct attrinfo **pp) + } + + static int +-attrinfo_internal_delete(caddr_t data, caddr_t arg __attribute__((unused))) ++attrinfo_internal_delete(caddr_t data) + { + struct attrinfo *n = (struct attrinfo *)data; + attrinfo_delete(&n); +@@ -85,16 +85,19 @@ attrinfo_deletetree(ldbm_instance *inst) + static int + ainfo_type_cmp( + char *type, +- struct attrinfo *a) ++ caddr_t val) + { ++ struct attrinfo *a = (struct attrinfo *)val; + return (strcasecmp(type, a->ai_type)); + } + + static int + ainfo_cmp( +- struct attrinfo *a, +- struct attrinfo *b) ++ caddr_t val1, ++ caddr_t val2) + { ++ struct attrinfo *a = (struct attrinfo *)val1; ++ struct attrinfo *b = (struct attrinfo *)val2; + return (strcasecmp(a->ai_type, b->ai_type)); + } + +@@ -102,7 +105,7 @@ void + attrinfo_delete_from_tree(backend *be, struct attrinfo *ai) + { + ldbm_instance *inst = (ldbm_instance *)be->be_instance_info; +- avl_delete(&inst->inst_attrs, ai, ainfo_cmp); ++ avl_delete(&inst->inst_attrs, (caddr_t)ai, ainfo_cmp); + } + + /* +@@ -117,9 +120,12 @@ attrinfo_delete_from_tree(backend *be, struct attrinfo *ai) + + static int + ainfo_dup( +- struct attrinfo *a, +- struct attrinfo *b) ++ caddr_t val1, ++ caddr_t val2) + { ++ struct attrinfo *a = (struct attrinfo *)val1; ++ struct attrinfo *b = (struct attrinfo *)val2; ++ + /* merge duplicate indexing information */ + if (b->ai_indexmask == 0 || b->ai_indexmask == INDEX_OFFLINE) { + a->ai_indexmask = INDEX_OFFLINE; /* turns off all indexes */ +@@ -203,7 +209,7 @@ attr_index_parse_idlistsize_values(Slapi_Attr *attr, struct index_idlistsizeinfo + char *lasts = NULL; + char *val; + int syntaxcheck = config_get_syntaxcheck(); +- IFP syntax_validate_fn = syntaxcheck ? attr->a_plugin->plg_syntax_validate : NULL; ++ int32_t (*syntax_validate_fn)(struct berval *) = syntaxcheck ? attr->a_plugin->plg_syntax_validate : NULL; + char staticfiltstrbuf[1024]; /* for small filter strings */ + char *filtstrbuf = staticfiltstrbuf; /* default if not malloc'd */ + size_t filtstrbuflen = sizeof(staticfiltstrbuf); /* default if not malloc'd */ +@@ -880,7 +886,7 @@ attr_index_config( + * It would improve speed to save the indexer, for future use. + * But, for simplicity, we destroy it now: + */ +- IFP mrDESTROY = NULL; ++ int32_t (*mrDESTROY)(Slapi_PBlock *) = NULL; + if (!slapi_pblock_get(pb, SLAPI_PLUGIN_DESTROY_FN, &mrDESTROY) && + mrDESTROY != NULL) { + mrDESTROY(pb); +@@ -941,7 +947,7 @@ attr_index_config( + } + } + +- if (avl_insert(&inst->inst_attrs, a, ainfo_cmp, ainfo_dup) != 0) { ++ if (avl_insert(&inst->inst_attrs, (caddr_t)a, ainfo_cmp, ainfo_dup) != 0) { + /* duplicate - existing version updated */ + attrinfo_delete(&a); + } +@@ -964,7 +970,7 @@ attr_create_empty(backend *be, char *type, struct attrinfo **ai) + struct attrinfo *a = attrinfo_new(); + slapi_attr_init(&a->ai_sattr, type); + a->ai_type = slapi_ch_strdup(type); +- if (avl_insert(&inst->inst_attrs, a, ainfo_cmp, ainfo_dup) != 0) { ++ if (avl_insert(&inst->inst_attrs, (caddr_t)a, ainfo_cmp, ainfo_dup) != 0) { + /* duplicate - existing version updated */ + attrinfo_delete(&a); + ainfo_get(be, type, &a); +diff --git a/ldap/servers/slapd/back-ldbm/matchrule.c b/ldap/servers/slapd/back-ldbm/matchrule.c +index 5365e8acf..85ff87b95 100644 +--- a/ldap/servers/slapd/back-ldbm/matchrule.c ++++ b/ldap/servers/slapd/back-ldbm/matchrule.c +@@ -79,7 +79,7 @@ int + destroy_matchrule_indexer(Slapi_PBlock *pb) + { + Slapi_Value **keys = NULL; +- IFP mrDESTROY = NULL; ++ int32_t (*mrDESTROY)(Slapi_PBlock *) = NULL; + if (!slapi_pblock_get(pb, SLAPI_PLUGIN_DESTROY_FN, &mrDESTROY)) { + if (mrDESTROY != NULL) { + mrDESTROY(pb); +@@ -109,7 +109,7 @@ destroy_matchrule_indexer(Slapi_PBlock *pb) + int + matchrule_values_to_keys(Slapi_PBlock *pb, Slapi_Value **input_values, struct berval ***output_values) + { +- IFP mrINDEX = NULL; ++ int32_t (*mrINDEX)(Slapi_PBlock *) = NULL; + + slapi_pblock_get(pb, SLAPI_PLUGIN_MR_INDEX_FN, &mrINDEX); + slapi_pblock_set(pb, SLAPI_PLUGIN_MR_VALUES, input_values); +@@ -130,7 +130,7 @@ matchrule_values_to_keys(Slapi_PBlock *pb, Slapi_Value **input_values, struct be + int + matchrule_values_to_keys_sv(Slapi_PBlock *pb, Slapi_Value **input_values, Slapi_Value ***output_values) + { +- IFP mrINDEX = NULL; ++ int32_t (*mrINDEX)(Slapi_PBlock *) = NULL; + + slapi_pblock_get(pb, SLAPI_PLUGIN_MR_INDEX_SV_FN, &mrINDEX); + if (NULL == mrINDEX) { /* old school - does not have SV function */ +diff --git a/ldap/servers/slapd/back-ldbm/misc.c b/ldap/servers/slapd/back-ldbm/misc.c +index 309cc8a94..4ced0f1da 100644 +--- a/ldap/servers/slapd/back-ldbm/misc.c ++++ b/ldap/servers/slapd/back-ldbm/misc.c +@@ -329,7 +329,7 @@ ldbm_txn_ruv_modify_context(Slapi_PBlock *pb, modify_context *mc) + Slapi_Mods *smods = NULL; + struct backentry *bentry; + entry_address bentry_addr; +- IFP fn = NULL; ++ int32_t (*fn)(Slapi_PBlock *, char **, Slapi_Mods **) = NULL; + int rc = 0; + back_txn txn = {NULL}; + +diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +index f16c37d73..29d196f39 100644 +--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h ++++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +@@ -499,7 +499,7 @@ int vlv_trim_candidates_txn(backend *be, const IDList *candidates, const sort_sp + int vlv_trim_candidates(backend *be, const IDList *candidates, const sort_spec *sort_control, const struct vlv_request *vlv_request_control, IDList **filteredCandidates, struct vlv_response *pResponse); + int vlv_parse_request_control(backend *be, struct berval *vlv_spec_ber, struct vlv_request *vlvp); + int vlv_make_response_control(Slapi_PBlock *pb, const struct vlv_response *vlvp); +-void vlv_getindices(IFP callback_fn, void *param, backend *be); ++void vlv_getindices(int32_t (*callback_fn)(caddr_t, caddr_t), void *param, backend *be); + void vlv_print_access_log(Slapi_PBlock *pb, struct vlv_request *vlvi, struct vlv_response *vlvo); + void vlv_grok_new_import_entry(const struct backentry *e, backend *be, int *seen_them_all); + IDList *vlv_find_index_by_filter(struct backend *be, const char *base, Slapi_Filter *f); +diff --git a/ldap/servers/slapd/back-ldbm/vlv.c b/ldap/servers/slapd/back-ldbm/vlv.c +index a1cd226f4..b5dd1ea55 100644 +--- a/ldap/servers/slapd/back-ldbm/vlv.c ++++ b/ldap/servers/slapd/back-ldbm/vlv.c +@@ -673,7 +673,7 @@ vlv_getindexnames(backend *be) + /* Return the list of VLV indices to the import code. Added read lock */ + + void +-vlv_getindices(IFP callback_fn, void *param, backend *be) ++vlv_getindices(int32_t (*callback_fn)(caddr_t, caddr_t), void *param, backend *be) + { + /* Traverse the list, calling the import code's callback function */ + struct vlvSearch *ps = NULL; +@@ -683,7 +683,7 @@ vlv_getindices(IFP callback_fn, void *param, backend *be) + for (; ps != NULL; ps = ps->vlv_next) { + struct vlvIndex *pi = ps->vlv_index; + for (; pi != NULL; pi = pi->vlv_next) { +- callback_fn(pi->vlv_attrinfo, param); ++ callback_fn((caddr_t)(pi->vlv_attrinfo), (caddr_t)param); + } + } + slapi_rwlock_unlock(be->vlvSearchList_lock); +diff --git a/ldap/servers/slapd/backend.c b/ldap/servers/slapd/backend.c +index 0a2555a9b..cf3c2ebbc 100644 +--- a/ldap/servers/slapd/backend.c ++++ b/ldap/servers/slapd/backend.c +@@ -502,6 +502,7 @@ slapi_be_getentrypoint(Slapi_Backend *be, int entrypoint, void **ret_fnptr, Slap + return 0; + } + ++ + int + slapi_be_setentrypoint(Slapi_Backend *be, int entrypoint, void *ret_fnptr, Slapi_PBlock *pb) + { +@@ -517,61 +518,61 @@ slapi_be_setentrypoint(Slapi_Backend *be, int entrypoint, void *ret_fnptr, Slapi + + switch (entrypoint) { + case SLAPI_PLUGIN_DB_BIND_FN: +- be->be_bind = (IFP)ret_fnptr; ++ be->be_bind = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_UNBIND_FN: +- be->be_unbind = (IFP)ret_fnptr; ++ be->be_unbind = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_SEARCH_FN: +- be->be_search = (IFP)ret_fnptr; ++ be->be_search = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_COMPARE_FN: +- be->be_compare = (IFP)ret_fnptr; ++ be->be_compare = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_MODIFY_FN: +- be->be_modify = (IFP)ret_fnptr; ++ be->be_modify = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_MODRDN_FN: +- be->be_modrdn = (IFP)ret_fnptr; ++ be->be_modrdn = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_ADD_FN: +- be->be_add = (IFP)ret_fnptr; ++ be->be_add = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_DELETE_FN: +- be->be_delete = (IFP)ret_fnptr; ++ be->be_delete = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_ABANDON_FN: +- be->be_abandon = (IFP)ret_fnptr; ++ be->be_abandon = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_CONFIG_FN: +- be->be_config = (IFP)ret_fnptr; ++ be->be_config = ret_fnptr; + break; + case SLAPI_PLUGIN_CLOSE_FN: +- be->be_close = (IFP)ret_fnptr; ++ be->be_close = ret_fnptr; + break; + case SLAPI_PLUGIN_START_FN: +- be->be_start = (IFP)ret_fnptr; ++ be->be_start = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_RESULT_FN: +- be->be_result = (IFP)ret_fnptr; ++ be->be_result = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_LDIF2DB_FN: +- be->be_ldif2db = (IFP)ret_fnptr; ++ be->be_ldif2db = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_DB2LDIF_FN: +- be->be_db2ldif = (IFP)ret_fnptr; ++ be->be_db2ldif = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_ARCHIVE2DB_FN: +- be->be_archive2db = (IFP)ret_fnptr; ++ be->be_archive2db = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_DB2ARCHIVE_FN: +- be->be_db2archive = (IFP)ret_fnptr; ++ be->be_db2archive = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_FN: +- be->be_next_search_entry = (IFP)ret_fnptr; ++ be->be_next_search_entry = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_EXT_FN: +- be->be_next_search_entry_ext = (IFP)ret_fnptr; ++ be->be_next_search_entry_ext = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_SEARCH_RESULTS_RELEASE_FN: + be->be_search_results_release = (VFPP)ret_fnptr; +@@ -580,19 +581,19 @@ slapi_be_setentrypoint(Slapi_Backend *be, int entrypoint, void *ret_fnptr, Slapi + be->be_prev_search_results = (VFP)ret_fnptr; + break; + case SLAPI_PLUGIN_DB_TEST_FN: +- be->be_dbtest = (IFP)ret_fnptr; ++ be->be_dbtest = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_RMDB_FN: +- be->be_rmdb = (IFP)ret_fnptr; ++ be->be_rmdb = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_SEQ_FN: +- be->be_seq = (IFP)ret_fnptr; ++ be->be_seq = ret_fnptr; + break; + case SLAPI_PLUGIN_DB_DB2INDEX_FN: +- be->be_db2index = (IFP)ret_fnptr; ++ be->be_db2index = ret_fnptr; + break; + case SLAPI_PLUGIN_CLEANUP_FN: +- be->be_cleanup = (IFP)ret_fnptr; ++ be->be_cleanup = ret_fnptr; + break; + default: + slapi_log_err(SLAPI_LOG_ERR, "slapi_be_setentrypoint", +@@ -682,7 +683,7 @@ slapi_back_ctrl_info(Slapi_Backend *be, int cmd, void *info) + int + slapi_back_transaction_begin(Slapi_PBlock *pb) + { +- IFP txn_begin; ++ int32_t (*txn_begin)(Slapi_PBlock *); + if (slapi_pblock_get(pb, SLAPI_PLUGIN_DB_BEGIN_FN, (void *)&txn_begin) || + !txn_begin) { + return SLAPI_BACK_TRANSACTION_NOT_SUPPORTED; +@@ -695,7 +696,7 @@ slapi_back_transaction_begin(Slapi_PBlock *pb) + int + slapi_back_transaction_commit(Slapi_PBlock *pb) + { +- IFP txn_commit; ++ int32_t (*txn_commit)(Slapi_PBlock *); + if (slapi_pblock_get(pb, SLAPI_PLUGIN_DB_COMMIT_FN, (void *)&txn_commit) || + !txn_commit) { + return SLAPI_BACK_TRANSACTION_NOT_SUPPORTED; +@@ -708,7 +709,7 @@ slapi_back_transaction_commit(Slapi_PBlock *pb) + int + slapi_back_transaction_abort(Slapi_PBlock *pb) + { +- IFP txn_abort; ++ int32_t (*txn_abort)(Slapi_PBlock *); + if (slapi_pblock_get(pb, SLAPI_PLUGIN_DB_ABORT_FN, (void *)&txn_abort) || + !txn_abort) { + return SLAPI_BACK_TRANSACTION_NOT_SUPPORTED; +diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c +index a0db367b2..bec3e32f4 100644 +--- a/ldap/servers/slapd/dse.c ++++ b/ldap/servers/slapd/dse.c +@@ -120,7 +120,7 @@ typedef struct dse_search_set + + static int dse_permission_to_write(struct dse *pdse, int loglevel); + static int dse_write_file_nolock(struct dse *pdse); +-static int dse_apply_nolock(struct dse *pdse, IFP fp, caddr_t arg); ++static int dse_apply_nolock(struct dse *pdse, int32_t (*fp)(caddr_t, caddr_t), caddr_t arg); + static int dse_replace_entry(struct dse *pdse, Slapi_Entry *e, int write_file, int use_lock); + static dse_search_set *dse_search_set_new(void); + static void dse_search_set_delete(dse_search_set *ss); +@@ -257,7 +257,7 @@ dse_find_node(struct dse *pdse, const Slapi_DN *dn) + slapi_entry_set_sdn(fe, dn); + searchNode.entry = fe; + +- n = (struct dse_node *)avl_find(pdse->dse_tree, &searchNode, entry_dn_cmp); ++ n = (struct dse_node *)avl_find(pdse->dse_tree, (caddr_t)&searchNode, entry_dn_cmp); + + slapi_entry_free(fe); + } +@@ -491,7 +491,7 @@ dse_new_with_filelist(char *filename, char *tmpfilename, char *backfilename, cha + } + + static int +-dse_internal_delete_entry(caddr_t data, caddr_t arg __attribute__((unused))) ++dse_internal_delete_entry(caddr_t data) + { + struct dse_node *n = (struct dse_node *)data; + dse_node_delete(&n); +@@ -1290,9 +1290,9 @@ dse_add_entry_pb(struct dse *pdse, Slapi_Entry *e, Slapi_PBlock *pb) + /* keep write lock during both tree update and file write operations */ + dse_lock_write(pdse, DSE_USE_LOCK); + if (merge) { +- rc = avl_insert(&(pdse->dse_tree), n, entry_dn_cmp, dupentry_merge); ++ rc = avl_insert(&(pdse->dse_tree), (caddr_t)n, entry_dn_cmp, dupentry_merge); + } else { +- rc = avl_insert(&(pdse->dse_tree), n, entry_dn_cmp, dupentry_disallow); ++ rc = avl_insert(&(pdse->dse_tree), (caddr_t)n, entry_dn_cmp, dupentry_disallow); + } + if (-1 != rc) { + /* update num sub of parent with no lock; we already hold the write lock */ +@@ -1479,7 +1479,7 @@ dse_replace_entry(struct dse *pdse, Slapi_Entry *e, int write_file, int use_lock + if (NULL != e) { + struct dse_node *n = dse_node_new(e); + dse_lock_write(pdse, use_lock); +- rc = avl_insert(&(pdse->dse_tree), n, entry_dn_cmp, dupentry_replace); ++ rc = avl_insert(&(pdse->dse_tree), (caddr_t)n, entry_dn_cmp, dupentry_replace); + if (write_file) + dse_write_file_nolock(pdse); + /* If the entry was replaced i.e. not added as a new entry, we need to +@@ -1554,7 +1554,7 @@ dse_read_next_entry(char *buf, char **lastp) + * searching, a read lock, for modifying in place, a write lock + */ + static int +-dse_apply_nolock(struct dse *pdse, IFP fp, caddr_t arg) ++dse_apply_nolock(struct dse *pdse, int32_t (*fp)(caddr_t, caddr_t), caddr_t arg) + { + avl_apply(pdse->dse_tree, fp, arg, STOP_TRAVERSAL, AVL_INORDER); + return 1; +@@ -1576,7 +1576,7 @@ dse_delete_entry(struct dse *pdse, Slapi_PBlock *pb, const Slapi_Entry *e) + + /* keep write lock for both tree deleting and file writing */ + dse_lock_write(pdse, DSE_USE_LOCK); +- if ((deleted_node = (struct dse_node *)avl_delete(&pdse->dse_tree, n, entry_dn_cmp))) { ++ if ((deleted_node = (struct dse_node *)avl_delete(&pdse->dse_tree, (caddr_t)n, entry_dn_cmp))) { + dse_node_delete(&deleted_node); + } + dse_node_delete(&n); +diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c +index 235410e45..6040eb419 100644 +--- a/ldap/servers/slapd/entry.c ++++ b/ldap/servers/slapd/entry.c +@@ -709,7 +709,7 @@ entry_attrs_add(entry_attrs *ea, const char *atname, int atarrayindex) + ead->ead_attrarrayindex = atarrayindex; + ead->ead_attrtypename = atname; /* a reference, not a strdup! */ + +- avl_insert(&(ea->ea_attrlist), ead, attr_type_node_cmp, avl_dup_error); ++ avl_insert(&(ea->ea_attrlist), (caddr_t)ead, attr_type_node_cmp, avl_dup_error); + } + + /* +@@ -723,7 +723,7 @@ entry_attrs_find(entry_attrs *ea, char *type) + entry_attr_data *foundead; + + tmpead.ead_attrtypename = type; +- foundead = (entry_attr_data *)avl_find(ea->ea_attrlist, &tmpead, ++ foundead = (entry_attr_data *)avl_find(ea->ea_attrlist, (caddr_t)&tmpead, + attr_type_node_cmp); + return (NULL != foundead) ? foundead->ead_attrarrayindex : -1; + } +diff --git a/ldap/servers/slapd/filtercmp.c b/ldap/servers/slapd/filtercmp.c +index 3e17796e9..0d8764b5a 100644 +--- a/ldap/servers/slapd/filtercmp.c ++++ b/ldap/servers/slapd/filtercmp.c +@@ -86,7 +86,7 @@ get_mr_normval(char *oid, char *type, struct berval **inval, struct berval ***ou + { + Slapi_PBlock *pb = slapi_pblock_new(); + unsigned int sort_indicator = SLAPI_PLUGIN_MR_USAGE_SORT; +- IFP mrIndex = NULL; ++ int32_t (*mrIndex)(Slapi_PBlock *) = NULL; + + if (!pb) { + return NULL; +@@ -118,7 +118,7 @@ get_mr_normval(char *oid, char *type, struct berval **inval, struct berval ***ou + static void + done_mr_normval(Slapi_PBlock *pb) + { +- IFP mrDestroy = NULL; ++ int32_t (*mrDestroy)(Slapi_PBlock *) = NULL; + + if (slapi_pblock_get(pb, SLAPI_PLUGIN_DESTROY_FN, &mrDestroy) == 0) { + if (mrDestroy) +diff --git a/ldap/servers/slapd/getfilelist.c b/ldap/servers/slapd/getfilelist.c +index dd5deb282..2fd164baf 100644 +--- a/ldap/servers/slapd/getfilelist.c ++++ b/ldap/servers/slapd/getfilelist.c +@@ -46,9 +46,11 @@ struct path_wrapper + int order; + }; + +-static int +-path_wrapper_cmp(struct path_wrapper *p1, struct path_wrapper *p2) ++static int32_t ++path_wrapper_cmp(caddr_t pwc1, caddr_t pwc2) + { ++ struct path_wrapper *p1 = (struct path_wrapper *)pwc1; ++ struct path_wrapper *p2 = (struct path_wrapper *)pwc2; + if (p1->order < p2->order) { + /* p1 is "earlier" so put it first */ + return -1; +@@ -217,7 +219,7 @@ get_filelist( + pw_ptr->path = slapi_ch_smprintf("%s/%s", dirname, dirent->name); + pw_ptr->filename = slapi_ch_strdup(dirent->name); + pw_ptr->order = i; +- avl_insert(&filetree, pw_ptr, path_wrapper_cmp, 0); ++ avl_insert(&filetree, (caddr_t)pw_ptr, path_wrapper_cmp, 0); + num++; + } + } +diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c +index 3801326c4..76e26cb86 100644 +--- a/ldap/servers/slapd/pblock.c ++++ b/ldap/servers/slapd/pblock.c +@@ -1,6 +1,6 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2005-2025 Red Hat, Inc. + * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. + * All rights reserved. + * +@@ -783,25 +783,25 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_bind; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_bind; + break; + case SLAPI_PLUGIN_DB_UNBIND_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_unbind; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_unbind; + break; + case SLAPI_PLUGIN_DB_SEARCH_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_search; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_search; + break; + case SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_next_search_entry; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_next_search_entry; + break; + case SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_EXT_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { +@@ -825,37 +825,37 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_compare; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_compare; + break; + case SLAPI_PLUGIN_DB_MODIFY_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_modify; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_modify; + break; + case SLAPI_PLUGIN_DB_MODRDN_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_modrdn; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_modrdn; + break; + case SLAPI_PLUGIN_DB_ADD_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_add; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_add; + break; + case SLAPI_PLUGIN_DB_DELETE_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_delete; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_delete; + break; + case SLAPI_PLUGIN_DB_ABANDON_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_abandon; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_abandon; + break; + case SLAPI_PLUGIN_DB_CONFIG_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { +@@ -867,7 +867,7 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + (*(IFP *)value) = pblock->pb_plugin->plg_close; + break; + case SLAPI_PLUGIN_CLEANUP_FN: +- (*(IFP *)value) = pblock->pb_plugin->plg_cleanup; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_cleanup; + break; + case SLAPI_PLUGIN_START_FN: + (*(IFP *)value) = pblock->pb_plugin->plg_start; +@@ -876,22 +876,22 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + (*(IFP *)value) = pblock->pb_plugin->plg_poststart; + break; + case SLAPI_PLUGIN_DB_WIRE_IMPORT_FN: +- (*(IFP *)value) = pblock->pb_plugin->plg_wire_import; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_wire_import; + break; + case SLAPI_PLUGIN_DB_GET_INFO_FN: +- (*(IFP *)value) = pblock->pb_plugin->plg_get_info; ++ (*(int32_t (**)(struct backend *, int32_t, void **))value) = pblock->pb_plugin->plg_get_info; + break; + case SLAPI_PLUGIN_DB_SET_INFO_FN: +- (*(IFP *)value) = pblock->pb_plugin->plg_set_info; ++ (*(int32_t (**)(struct backend *, int32_t, void **))value) = pblock->pb_plugin->plg_set_info; + break; + case SLAPI_PLUGIN_DB_CTRL_INFO_FN: +- (*(IFP *)value) = pblock->pb_plugin->plg_ctrl_info; ++ (*(int32_t (**)(struct backend *, int32_t, void **))value) = pblock->pb_plugin->plg_ctrl_info; + break; + case SLAPI_PLUGIN_DB_SEQ_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_seq; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_seq; + break; + case SLAPI_PLUGIN_DB_ENTRY_FN: + (*(IFP *)value) = SLAPI_PBLOCK_GET_PLUGIN_RELATED_POINTER(pblock, +@@ -915,55 +915,55 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_ldif2db; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_ldif2db; + break; + case SLAPI_PLUGIN_DB_DB2LDIF_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_db2ldif; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_db2ldif; + break; + case SLAPI_PLUGIN_DB_COMPACT_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_dbcompact; ++ (*(int32_t (**)(struct backend *, bool))value) = pblock->pb_plugin->plg_dbcompact; + break; + case SLAPI_PLUGIN_DB_DB2INDEX_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_db2index; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_db2index; + break; + case SLAPI_PLUGIN_DB_ARCHIVE2DB_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_archive2db; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_archive2db; + break; + case SLAPI_PLUGIN_DB_DB2ARCHIVE_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_db2archive; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_db2archive; + break; + case SLAPI_PLUGIN_DB_UPGRADEDB_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_upgradedb; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_upgradedb; + break; + case SLAPI_PLUGIN_DB_UPGRADEDNFORMAT_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_upgradednformat; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_upgradednformat; + break; + case SLAPI_PLUGIN_DB_DBVERIFY_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_dbverify; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_dbverify; + break; + case SLAPI_PLUGIN_DB_BEGIN_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { +@@ -1007,7 +1007,7 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_exhandler; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_exhandler; + break; + case SLAPI_PLUGIN_EXT_OP_OIDLIST: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && +@@ -1028,7 +1028,7 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_be_exhandler; ++ (*(int32_t (**)(Slapi_PBlock *, Slapi_Backend **))value) = pblock->pb_plugin->plg_be_exhandler; + break; + + /* preoperation plugin functions */ +@@ -1474,31 +1474,32 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_syntax_filter_ava; ++ (*(int32_t (**)(Slapi_PBlock *, const struct berval *, Slapi_Value **, ++ int32_t, Slapi_Value **))value) = pblock->pb_plugin->plg_syntax_filter_ava; + break; + case SLAPI_PLUGIN_SYNTAX_FILTER_SUB: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_syntax_filter_sub; ++ (*(int32_t (**)(Slapi_PBlock*, char *, char **, char *, Slapi_Value**))value) = pblock->pb_plugin->plg_syntax_filter_sub; + break; + case SLAPI_PLUGIN_SYNTAX_VALUES2KEYS: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_syntax_values2keys; ++ (*(int32_t (**)(Slapi_PBlock *, Slapi_Value **, Slapi_Value ***, int32_t))value) = pblock->pb_plugin->plg_syntax_values2keys; + break; + case SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_AVA: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_syntax_assertion2keys_ava; ++ (*(int32_t (**)(Slapi_PBlock *, Slapi_Value *, Slapi_Value ***, int32_t))value) = pblock->pb_plugin->plg_syntax_assertion2keys_ava; + break; + case SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_SUB: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_syntax_assertion2keys_sub; ++ (*(int32_t (**)(Slapi_PBlock *, char *, char **, char *, Slapi_Value ***))value) = pblock->pb_plugin->plg_syntax_assertion2keys_sub; + break; + case SLAPI_PLUGIN_SYNTAX_NAMES: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { +@@ -1535,13 +1536,13 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_syntax_validate; ++ (*(int32_t (**)(struct berval *))value) = pblock->pb_plugin->plg_syntax_validate; + break; + case SLAPI_PLUGIN_SYNTAX_NORMALIZE: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- (*(VFPV *)value) = pblock->pb_plugin->plg_syntax_normalize; ++ (*(void (**)(Slapi_PBlock *, char *, int32_t, char **))value) = pblock->pb_plugin->plg_syntax_normalize; + break; + + /* controls we know about */ +@@ -1799,11 +1800,12 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + /* matching rule plugin functions */ + case SLAPI_PLUGIN_MR_FILTER_CREATE_FN: + SLAPI_PLUGIN_TYPE_CHECK(pblock, SLAPI_PLUGIN_MATCHINGRULE); +- (*(IFP *)value) = pblock->pb_plugin->plg_mr_filter_create; ++ ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_mr_filter_create; + break; + case SLAPI_PLUGIN_MR_INDEXER_CREATE_FN: + SLAPI_PLUGIN_TYPE_CHECK(pblock, SLAPI_PLUGIN_MATCHINGRULE); +- (*(IFP *)value) = pblock->pb_plugin->plg_mr_indexer_create; ++ (*(int32_t (**)(Slapi_PBlock *))value) = pblock->pb_plugin->plg_mr_indexer_create; + break; + case SLAPI_PLUGIN_MR_FILTER_MATCH_FN: + if (pblock->pb_mr != NULL) { +@@ -1904,31 +1906,31 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_mr_filter_ava; ++ (*(int32_t (**)(Slapi_PBlock *, const struct berval *, Slapi_Value **, int32_t, Slapi_Value **))value) = pblock->pb_plugin->plg_mr_filter_ava; + break; + case SLAPI_PLUGIN_MR_FILTER_SUB: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_mr_filter_sub; ++ (*(int32_t (**)(Slapi_PBlock *, char *, char **, char*, Slapi_Value **))value) = pblock->pb_plugin->plg_mr_filter_sub; + break; + case SLAPI_PLUGIN_MR_VALUES2KEYS: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_mr_values2keys; ++ (*(int32_t (**)(Slapi_PBlock *, Slapi_Value **, Slapi_Value ***, int32_t))value) = pblock->pb_plugin->plg_mr_values2keys; + break; + case SLAPI_PLUGIN_MR_ASSERTION2KEYS_AVA: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_mr_assertion2keys_ava; ++ (*(int32_t (**)(Slapi_PBlock *, Slapi_Value *, Slapi_Value ***, int32_t))value) = pblock->pb_plugin->plg_mr_assertion2keys_ava; + break; + case SLAPI_PLUGIN_MR_ASSERTION2KEYS_SUB: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_mr_assertion2keys_sub; ++ (*(int32_t (**)(Slapi_PBlock *, char *, char **, char *, Slapi_Value ***))value) = pblock->pb_plugin->plg_mr_assertion2keys_sub; + break; + case SLAPI_PLUGIN_MR_FLAGS: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { +@@ -1946,13 +1948,13 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- (*(IFP *)value) = pblock->pb_plugin->plg_mr_compare; ++ (*(int32_t (**)(struct berval *, struct berval *))value) = pblock->pb_plugin->plg_mr_compare; + break; + case SLAPI_PLUGIN_MR_NORMALIZE: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- (*(VFPV *)value) = pblock->pb_plugin->plg_mr_normalize; ++ (*(void (**)(Slapi_PBlock *, char *, int32_t, char **))value) = pblock->pb_plugin->plg_mr_normalize; + break; + + /* seq arguments */ +@@ -2145,9 +2147,9 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + break; + case SLAPI_TXN_RUV_MODS_FN: + if (pblock->pb_intop != NULL) { +- (*(IFP *)value) = pblock->pb_intop->pb_txn_ruv_mods_fn; ++ (*(int32_t(**)(Slapi_PBlock *, char **, Slapi_Mods **))value) = pblock->pb_intop->pb_txn_ruv_mods_fn; + } else { +- (*(IFP *)value) = NULL; ++ (*(int32_t(**)(Slapi_PBlock *, char **, Slapi_Mods **))value) = NULL; + } + break; + +@@ -2221,24 +2223,25 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + (*(IFP *)value) = pblock->pb_plugin->plg_acl_init; + break; + case SLAPI_PLUGIN_ACL_SYNTAX_CHECK: +- (*(IFP *)value) = pblock->pb_plugin->plg_acl_syntax_check; ++ (*(int32_t (**)(Slapi_PBlock *, Slapi_Entry *, char **))value) = pblock->pb_plugin->plg_acl_syntax_check; + break; + case SLAPI_PLUGIN_ACL_ALLOW_ACCESS: +- (*(IFP *)value) = pblock->pb_plugin->plg_acl_access_allowed; ++ (*(int32_t (**)(Slapi_PBlock *, Slapi_Entry *, char **, struct berval *, ++ int32_t, int32_t, char **))value) = pblock->pb_plugin->plg_acl_access_allowed; + break; + case SLAPI_PLUGIN_ACL_MODS_ALLOWED: +- (*(IFP *)value) = pblock->pb_plugin->plg_acl_mods_allowed; ++ (*(int32_t (**)(Slapi_PBlock *, Slapi_Entry *, LDAPMod **, void *))value) = pblock->pb_plugin->plg_acl_mods_allowed; + break; + case SLAPI_PLUGIN_ACL_MODS_UPDATE: +- (*(IFP *)value) = pblock->pb_plugin->plg_acl_mods_update; ++ (*(int32_t (**)(Slapi_PBlock *, int32_t, Slapi_DN *, void *))value) = pblock->pb_plugin->plg_acl_mods_update; + break; + /* MMR Plugin */ + case SLAPI_PLUGIN_MMR_BETXN_PREOP: +- (*(IFP *)value) = pblock->pb_plugin->plg_mmr_betxn_preop; +- break; ++ (*(int32_t (**)(Slapi_PBlock *, int32_t))value) = pblock->pb_plugin->plg_mmr_betxn_preop; ++ break; + case SLAPI_PLUGIN_MMR_BETXN_POSTOP: +- (*(IFP *)value) = pblock->pb_plugin->plg_mmr_betxn_postop; +- break; ++ (*(int32_t (**)(Slapi_PBlock *, int32_t))value) = pblock->pb_plugin->plg_mmr_betxn_postop; ++ break; + + case SLAPI_REQUESTOR_DN: + /* NOTE: It's not a copy of the DN */ +@@ -2362,11 +2365,11 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value) + + /* entry fetch/store plugin */ + case SLAPI_PLUGIN_ENTRY_FETCH_FUNC: +- (*(IFP *)value) = pblock->pb_plugin->plg_entryfetchfunc; ++ (*(int32_t (**)(char **, uint32_t *))value) = pblock->pb_plugin->plg_entryfetchfunc; + break; + + case SLAPI_PLUGIN_ENTRY_STORE_FUNC: +- (*(IFP *)value) = pblock->pb_plugin->plg_entrystorefunc; ++ (*(int32_t (**)(char **, uint32_t *))value) = pblock->pb_plugin->plg_entrystorefunc; + break; + + case SLAPI_PLUGIN_ENABLED: +@@ -2723,25 +2726,25 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_bind = (IFP)value; ++ pblock->pb_plugin->plg_bind = value; + break; + case SLAPI_PLUGIN_DB_UNBIND_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_unbind = (IFP)value; ++ pblock->pb_plugin->plg_unbind = value; + break; + case SLAPI_PLUGIN_DB_SEARCH_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_search = (IFP)value; ++ pblock->pb_plugin->plg_search = value; + break; + case SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_next_search_entry = (IFP)value; ++ pblock->pb_plugin->plg_next_search_entry = value; + break; + case SLAPI_PLUGIN_DB_NEXT_SEARCH_ENTRY_EXT_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { +@@ -2765,37 +2768,37 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_compare = (IFP)value; ++ pblock->pb_plugin->plg_compare = value; + break; + case SLAPI_PLUGIN_DB_MODIFY_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_modify = (IFP)value; ++ pblock->pb_plugin->plg_modify = value; + break; + case SLAPI_PLUGIN_DB_MODRDN_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_modrdn = (IFP)value; ++ pblock->pb_plugin->plg_modrdn = value; + break; + case SLAPI_PLUGIN_DB_ADD_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_add = (IFP)value; ++ pblock->pb_plugin->plg_add = value; + break; + case SLAPI_PLUGIN_DB_DELETE_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_delete = (IFP)value; ++ pblock->pb_plugin->plg_delete = value; + break; + case SLAPI_PLUGIN_DB_ABANDON_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_abandon = (IFP)value; ++ pblock->pb_plugin->plg_abandon = value; + break; + case SLAPI_PLUGIN_DB_CONFIG_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { +@@ -2807,7 +2810,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + pblock->pb_plugin->plg_close = (IFP)value; + break; + case SLAPI_PLUGIN_CLEANUP_FN: +- pblock->pb_plugin->plg_cleanup = (IFP)value; ++ pblock->pb_plugin->plg_cleanup = value; + break; + case SLAPI_PLUGIN_START_FN: + pblock->pb_plugin->plg_start = (IFP)value; +@@ -2816,22 +2819,22 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + pblock->pb_plugin->plg_poststart = (IFP)value; + break; + case SLAPI_PLUGIN_DB_WIRE_IMPORT_FN: +- pblock->pb_plugin->plg_wire_import = (IFP)value; ++ pblock->pb_plugin->plg_wire_import = value; + break; + case SLAPI_PLUGIN_DB_GET_INFO_FN: +- pblock->pb_plugin->plg_get_info = (IFP)value; ++ pblock->pb_plugin->plg_get_info = value; + break; + case SLAPI_PLUGIN_DB_SET_INFO_FN: +- pblock->pb_plugin->plg_set_info = (IFP)value; ++ pblock->pb_plugin->plg_set_info = value; + break; + case SLAPI_PLUGIN_DB_CTRL_INFO_FN: +- pblock->pb_plugin->plg_ctrl_info = (IFP)value; ++ pblock->pb_plugin->plg_ctrl_info = value; + break; + case SLAPI_PLUGIN_DB_SEQ_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_seq = (IFP)value; ++ pblock->pb_plugin->plg_seq = value; + break; + case SLAPI_PLUGIN_DB_ENTRY_FN: + pblock->pb_plugin->plg_entry = (IFP)value; +@@ -2852,49 +2855,49 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_ldif2db = (IFP)value; ++ pblock->pb_plugin->plg_ldif2db = value; + break; + case SLAPI_PLUGIN_DB_DB2LDIF_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_db2ldif = (IFP)value; ++ pblock->pb_plugin->plg_db2ldif = value; + break; + case SLAPI_PLUGIN_DB_DB2INDEX_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_db2index = (IFP)value; ++ pblock->pb_plugin->plg_db2index = value; + break; + case SLAPI_PLUGIN_DB_ARCHIVE2DB_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_archive2db = (IFP)value; ++ pblock->pb_plugin->plg_archive2db = value; + break; + case SLAPI_PLUGIN_DB_DB2ARCHIVE_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_db2archive = (IFP)value; ++ pblock->pb_plugin->plg_db2archive = value; + break; + case SLAPI_PLUGIN_DB_UPGRADEDB_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_upgradedb = (IFP)value; ++ pblock->pb_plugin->plg_upgradedb = value; + break; + case SLAPI_PLUGIN_DB_UPGRADEDNFORMAT_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_upgradednformat = (IFP)value; ++ pblock->pb_plugin->plg_upgradednformat = value; + break; + case SLAPI_PLUGIN_DB_DBVERIFY_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_dbverify = (IFP)value; ++ pblock->pb_plugin->plg_dbverify = value; + break; + case SLAPI_PLUGIN_DB_BEGIN_FN: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { +@@ -2934,7 +2937,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_DATABASE) { + return (-1); + } +- pblock->pb_plugin->plg_dbcompact = (IFP)value; ++ pblock->pb_plugin->plg_dbcompact = value; + break; + + /* extendedop plugin functions */ +@@ -2943,7 +2946,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP) { + return (-1); + } +- pblock->pb_plugin->plg_exhandler = (IFP)value; ++ pblock->pb_plugin->plg_exhandler = value; + break; + case SLAPI_PLUGIN_EXT_OP_OIDLIST: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP && +@@ -2965,7 +2968,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP) { + return (-1); + } +- pblock->pb_plugin->plg_be_exhandler = (IFP)value; ++ pblock->pb_plugin->plg_be_exhandler = value; + break; + + /* preoperation plugin functions */ +@@ -3331,31 +3334,31 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- pblock->pb_plugin->plg_syntax_filter_ava = (IFP)value; ++ pblock->pb_plugin->plg_syntax_filter_ava = value; + break; + case SLAPI_PLUGIN_SYNTAX_FILTER_SUB: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- pblock->pb_plugin->plg_syntax_filter_sub = (IFP)value; ++ pblock->pb_plugin->plg_syntax_filter_sub = value; + break; + case SLAPI_PLUGIN_SYNTAX_VALUES2KEYS: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- pblock->pb_plugin->plg_syntax_values2keys = (IFP)value; ++ pblock->pb_plugin->plg_syntax_values2keys = value; + break; + case SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_AVA: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- pblock->pb_plugin->plg_syntax_assertion2keys_ava = (IFP)value; ++ pblock->pb_plugin->plg_syntax_assertion2keys_ava = value; + break; + case SLAPI_PLUGIN_SYNTAX_ASSERTION2KEYS_SUB: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- pblock->pb_plugin->plg_syntax_assertion2keys_sub = (IFP)value; ++ pblock->pb_plugin->plg_syntax_assertion2keys_sub = value; + break; + case SLAPI_PLUGIN_SYNTAX_NAMES: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { +@@ -3391,13 +3394,13 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- pblock->pb_plugin->plg_syntax_validate = (IFP)value; ++ pblock->pb_plugin->plg_syntax_validate = value; + break; + case SLAPI_PLUGIN_SYNTAX_NORMALIZE: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_SYNTAX) { + return (-1); + } +- pblock->pb_plugin->plg_syntax_normalize = (VFPV)value; ++ pblock->pb_plugin->plg_syntax_normalize = value; + break; + case SLAPI_ENTRY_PRE_OP: + _pblock_assert_pb_intop(pblock); +@@ -3723,11 +3726,11 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + /* matching rule plugin functions */ + case SLAPI_PLUGIN_MR_FILTER_CREATE_FN: + SLAPI_PLUGIN_TYPE_CHECK(pblock, SLAPI_PLUGIN_MATCHINGRULE); +- pblock->pb_plugin->plg_mr_filter_create = (IFP)value; ++ pblock->pb_plugin->plg_mr_filter_create = value; + break; + case SLAPI_PLUGIN_MR_INDEXER_CREATE_FN: + SLAPI_PLUGIN_TYPE_CHECK(pblock, SLAPI_PLUGIN_MATCHINGRULE); +- pblock->pb_plugin->plg_mr_indexer_create = (IFP)value; ++ pblock->pb_plugin->plg_mr_indexer_create = value; + break; + case SLAPI_PLUGIN_MR_FILTER_MATCH_FN: + _pblock_assert_pb_mr(pblock); +@@ -3789,31 +3792,31 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- pblock->pb_plugin->plg_mr_filter_ava = (IFP)value; ++ pblock->pb_plugin->plg_mr_filter_ava = value; + break; + case SLAPI_PLUGIN_MR_FILTER_SUB: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- pblock->pb_plugin->plg_mr_filter_sub = (IFP)value; ++ pblock->pb_plugin->plg_mr_filter_sub = value; + break; + case SLAPI_PLUGIN_MR_VALUES2KEYS: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- pblock->pb_plugin->plg_mr_values2keys = (IFP)value; ++ pblock->pb_plugin->plg_mr_values2keys = value; + break; + case SLAPI_PLUGIN_MR_ASSERTION2KEYS_AVA: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- pblock->pb_plugin->plg_mr_assertion2keys_ava = (IFP)value; ++ pblock->pb_plugin->plg_mr_assertion2keys_ava = value; + break; + case SLAPI_PLUGIN_MR_ASSERTION2KEYS_SUB: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- pblock->pb_plugin->plg_mr_assertion2keys_sub = (IFP)value; ++ pblock->pb_plugin->plg_mr_assertion2keys_sub = value; + break; + case SLAPI_PLUGIN_MR_FLAGS: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { +@@ -3832,13 +3835,13 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- pblock->pb_plugin->plg_mr_compare = (IFP)value; ++ pblock->pb_plugin->plg_mr_compare = value; + break; + case SLAPI_PLUGIN_MR_NORMALIZE: + if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_MATCHINGRULE) { + return (-1); + } +- pblock->pb_plugin->plg_mr_normalize = (VFPV)value; ++ pblock->pb_plugin->plg_mr_normalize = value; + break; + + /* seq arguments */ +@@ -3957,7 +3960,7 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + break; + case SLAPI_TXN_RUV_MODS_FN: + _pblock_assert_pb_intop(pblock); +- pblock->pb_intop->pb_txn_ruv_mods_fn = (IFP)value; ++ pblock->pb_intop->pb_txn_ruv_mods_fn = value; + break; + + /* Search results set */ +@@ -4027,23 +4030,23 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + break; + + case SLAPI_PLUGIN_ACL_SYNTAX_CHECK: +- pblock->pb_plugin->plg_acl_syntax_check = (IFP)value; ++ pblock->pb_plugin->plg_acl_syntax_check = value; + break; + case SLAPI_PLUGIN_ACL_ALLOW_ACCESS: +- pblock->pb_plugin->plg_acl_access_allowed = (IFP)value; ++ pblock->pb_plugin->plg_acl_access_allowed = value; + break; + case SLAPI_PLUGIN_ACL_MODS_ALLOWED: +- pblock->pb_plugin->plg_acl_mods_allowed = (IFP)value; ++ pblock->pb_plugin->plg_acl_mods_allowed = value; + break; + case SLAPI_PLUGIN_ACL_MODS_UPDATE: +- pblock->pb_plugin->plg_acl_mods_update = (IFP)value; ++ pblock->pb_plugin->plg_acl_mods_update = value; + break; + /* MMR Plugin */ + case SLAPI_PLUGIN_MMR_BETXN_PREOP: +- pblock->pb_plugin->plg_mmr_betxn_preop = (IFP) value; ++ pblock->pb_plugin->plg_mmr_betxn_preop = value; + break; + case SLAPI_PLUGIN_MMR_BETXN_POSTOP: +- pblock->pb_plugin->plg_mmr_betxn_postop = (IFP) value; ++ pblock->pb_plugin->plg_mmr_betxn_postop = value; + break; + + case SLAPI_CLIENT_DNS: +@@ -4106,11 +4109,11 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value) + + /* entry fetch store */ + case SLAPI_PLUGIN_ENTRY_FETCH_FUNC: +- pblock->pb_plugin->plg_entryfetchfunc = (IFP)value; ++ pblock->pb_plugin->plg_entryfetchfunc = value; + break; + + case SLAPI_PLUGIN_ENTRY_STORE_FUNC: +- pblock->pb_plugin->plg_entrystorefunc = (IFP)value; ++ pblock->pb_plugin->plg_entrystorefunc = value; + break; + + case SLAPI_PLUGIN_ENABLED: +diff --git a/ldap/servers/slapd/pblock_v3.h b/ldap/servers/slapd/pblock_v3.h +index ef15ee457..82dcb8ebf 100644 +--- a/ldap/servers/slapd/pblock_v3.h ++++ b/ldap/servers/slapd/pblock_v3.h +@@ -117,7 +117,7 @@ typedef struct _slapi_pblock_intop + void *op_stack_elem; + + void *pb_txn; /* transaction ID */ +- IFP pb_txn_ruv_mods_fn; /* Function to fetch RUV mods for txn */ ++ int32_t (*pb_txn_ruv_mods_fn)(Slapi_PBlock *, char **, Slapi_Mods **); /* Function to fetch RUV mods for txn */ + passwdPolicy *pwdpolicy; + LDAPControl **pb_ctrls_arg; /* allows to pass controls as arguments before + operation object is created */ +diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c +index 1528d5593..52d25e19e 100644 +--- a/ldap/servers/slapd/plugin.c ++++ b/ldap/servers/slapd/plugin.c +@@ -663,7 +663,7 @@ slapi_send_ldap_intermediate(Slapi_PBlock *pb, LDAPControl **ectrls, char *respo + int + slapi_send_ldap_search_entry(Slapi_PBlock *pb, Slapi_Entry *e, LDAPControl **ectrls, char **attrs, int attrsonly) + { +- IFP fn = NULL; ++ int32_t (*fn)(Slapi_PBlock *, Slapi_Entry *, LDAPControl **, char **, int32_t) = NULL; + slapi_pblock_get(pb, SLAPI_PLUGIN_DB_ENTRY_FN, (void *)&fn); + if (NULL == fn) { + return -1; +@@ -698,7 +698,7 @@ slapi_send_ldap_result_from_pb(Slapi_PBlock *pb) + int err; + char *matched; + char *text; +- IFP fn = NULL; ++ int32_t (*fn)(Slapi_PBlock*, int32_t, char*, char*, int32_t, struct berval **) = NULL; + + slapi_pblock_get(pb, SLAPI_RESULT_CODE, &err); + slapi_pblock_get(pb, SLAPI_RESULT_TEXT, &text); +@@ -713,7 +713,7 @@ slapi_send_ldap_result_from_pb(Slapi_PBlock *pb) + void + slapi_send_ldap_result(Slapi_PBlock *pb, int err, char *matched, char *text, int nentries, struct berval **urls) + { +- IFP fn = NULL; ++ int32_t (*fn)(Slapi_PBlock*, int32_t, char*, char*, int32_t, struct berval **) = NULL; + Slapi_Operation *operation; + long op_type; + +@@ -751,7 +751,7 @@ slapi_send_ldap_result(Slapi_PBlock *pb, int err, char *matched, char *text, int + int + slapi_send_ldap_referral(Slapi_PBlock *pb, Slapi_Entry *e, struct berval **refs, struct berval ***urls) + { +- IFP fn = NULL; ++ int32_t (*fn)(Slapi_PBlock*, Slapi_Entry*, struct berval **, struct berval ***) = NULL; + slapi_pblock_get(pb, SLAPI_PLUGIN_DB_REFERRAL_FN, (void *)&fn); + if (NULL == fn) { + return -1; +@@ -1964,7 +1964,7 @@ plugin_call_func(struct slapdplugin *list, int operation, Slapi_PBlock *pb, int + int count = 0; + + for (; list != NULL; list = list->plg_next) { +- IFP func = NULL; ++ int32_t (*func)(Slapi_PBlock *) = NULL; + + slapi_pblock_set(pb, SLAPI_PLUGIN, list); + set_db_default_result_handlers(pb); /* JCM: What's this do? Is it needed here? */ +diff --git a/ldap/servers/slapd/plugin_mmr.c b/ldap/servers/slapd/plugin_mmr.c +index f58120543..845e8f0ad 100644 +--- a/ldap/servers/slapd/plugin_mmr.c ++++ b/ldap/servers/slapd/plugin_mmr.c +@@ -1,10 +1,10 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2005-2025 Red Hat, Inc. + * All rights reserved. + * + * License: GPL (version 3 or any later version). +- * See LICENSE for details. ++ * See LICENSE for details. + * END COPYRIGHT BLOCK **/ + + #ifdef HAVE_CONFIG_H +@@ -19,11 +19,11 @@ + #include "slap.h" + + int +-plugin_call_mmr_plugin_preop ( Slapi_PBlock *pb, Slapi_Entry *e, int flags) ++plugin_call_mmr_plugin_preop(Slapi_PBlock *pb, Slapi_Entry *e, int flags) + { +- struct slapdplugin *p; +- int rc = LDAP_INSUFFICIENT_ACCESS; +- Operation *operation; ++ struct slapdplugin *p; ++ int rc = LDAP_INSUFFICIENT_ACCESS; ++ Operation *operation; + + slapi_pblock_get (pb, SLAPI_OPERATION, &operation); + +@@ -45,11 +45,11 @@ plugin_call_mmr_plugin_preop ( Slapi_PBlock *pb, Slapi_Entry *e, int flags) + } + + int +-plugin_call_mmr_plugin_postop ( Slapi_PBlock *pb, Slapi_Entry *e, int flags) ++plugin_call_mmr_plugin_postop(Slapi_PBlock *pb, Slapi_Entry *e, int flags) + { +- struct slapdplugin *p; +- int rc = LDAP_INSUFFICIENT_ACCESS; +- Operation *operation; ++ struct slapdplugin *p; ++ int rc = LDAP_INSUFFICIENT_ACCESS; ++ Operation *operation; + + slapi_pblock_get (pb, SLAPI_OPERATION, &operation); + +diff --git a/ldap/servers/slapd/plugin_mr.c b/ldap/servers/slapd/plugin_mr.c +index 67051a5ff..757355dbc 100644 +--- a/ldap/servers/slapd/plugin_mr.c ++++ b/ldap/servers/slapd/plugin_mr.c +@@ -1,6 +1,6 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2005-2025 Red Hat, Inc. + * All rights reserved. + * + * License: GPL (version 3 or any later version). +@@ -35,7 +35,7 @@ struct mr_private + const struct berval *value; /* orig value from filter */ + int ftype; /* filter type */ + int op; /* query op type */ +- IFP match_fn; /* match func to use */ ++ int32_t (*match_fn)(Slapi_PBlock *, const struct berval *, Slapi_Value **, int32_t, Slapi_Value **); /* match func to use */ + /* note - substring matching rules not currently supported */ + char *initial; /* these are for substring matches */ + char *any[2]; /* at most one value for extensible filter */ +@@ -225,7 +225,7 @@ int /* an LDAP error code, hopefully LDAP_SUCCESS */ + int rc; + char *oid; + if (!(rc = slapi_pblock_get(opb, SLAPI_PLUGIN_MR_OID, &oid))) { +- IFP createFn = NULL; ++ int32_t (*createFn)(Slapi_PBlock *) = NULL; + struct slapdplugin *mrp = plugin_mr_find_registered(oid); + if (mrp != NULL) { + /* Great the matching OID -> MR plugin was already found, just reuse it */ +@@ -251,7 +251,6 @@ int /* an LDAP error code, hopefully LDAP_SUCCESS */ + rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; + + for (mrp = get_plugin_list(PLUGIN_LIST_MATCHINGRULE); mrp != NULL; mrp = mrp->plg_next) { +- + Slapi_PBlock *pb = slapi_pblock_new(); + mr_indexer_init_pb(opb, pb); + slapi_pblock_set(pb, SLAPI_PLUGIN, mrp); +@@ -263,8 +262,8 @@ int /* an LDAP error code, hopefully LDAP_SUCCESS */ + } + + if (createFn && !createFn(pb)) { +- IFP indexFn = NULL; +- IFP indexSvFn = NULL; ++ int32_t (*indexFn)(void) = NULL; ++ int32_t (*indexSvFn)(void) = NULL; + /* These however, are in the pblock direct, so we need to copy them. */ + slapi_pblock_get(pb, SLAPI_PLUGIN_MR_INDEX_FN, &indexFn); + slapi_pblock_get(pb, SLAPI_PLUGIN_MR_INDEX_SV_FN, &indexSvFn); +@@ -624,7 +623,7 @@ static int + attempt_mr_filter_create(mr_filter_t *f, struct slapdplugin *mrp, Slapi_PBlock *pb) + { + int rc; +- IFP mrf_create = NULL; ++ int32_t (*mrf_create)(Slapi_PBlock *) = NULL; + f->mrf_match = NULL; + slapi_pblock_init(pb); + if (!(rc = slapi_pblock_set(pb, SLAPI_PLUGIN, mrp)) && +diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c +index f8a133f96..68f7bcb4b 100644 +--- a/ldap/servers/slapd/plugin_syntax.c ++++ b/ldap/servers/slapd/plugin_syntax.c +@@ -1,6 +1,6 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2005-2025 Red Hat, Inc. + * All rights reserved. + * + * License: GPL (version 3 or any later version). +@@ -95,7 +95,7 @@ plugin_call_syntax_filter_ava_sv( + int useDeletedValues) + { + int rc; +- IFP ava_fn = NULL; ++ int32_t (*ava_fn)(Slapi_PBlock *, const struct berval *, Slapi_Value **, int32_t, Slapi_Value **) = NULL; + + slapi_log_err(SLAPI_LOG_FILTER, + "plugin_call_syntax_filter_ava_sv", "=> %s=%s\n", ava->ava_type, +@@ -207,7 +207,7 @@ plugin_call_syntax_filter_sub_sv( + struct subfilt *fsub) + { + int rc; +- IFP sub_fn = NULL; ++ int32_t (*sub_fn)(Slapi_PBlock *, char *, char **, char*, Slapi_Value **) = NULL; + int filter_normalized = 0; + + slapi_log_err(SLAPI_LOG_FILTER, +@@ -396,7 +396,7 @@ slapi_entry_syntax_check( + /* iterate through each value to check if it's valid */ + while (val != NULL) { + bval = slapi_value_get_berval(val); +- if ((a->a_plugin->plg_syntax_validate(bval)) != 0) { ++ if ((a->a_plugin->plg_syntax_validate((struct berval *)bval)) != 0) { + if (syntaxlogging) { + slapi_log_err(SLAPI_LOG_ERR, "slapi_entry_syntax_check", + "\"%s\": (%s) value #%d invalid per syntax\n", +@@ -586,7 +586,7 @@ slapi_attr_values2keys_sv_pb( + { + int rc; + struct slapdplugin *pi = NULL; +- IFP v2k_fn = NULL; ++ int32_t (*v2k_fn)(Slapi_PBlock*, Slapi_Value**, Slapi_Value***, int32_t) = NULL; + + if ((sattr->a_plugin == NULL)) { + /* could be lazy plugin initialization, get it now */ +@@ -748,7 +748,7 @@ slapi_attr_assertion2keys_ava_sv( + { + int rc; + struct slapdplugin *pi = NULL; +- IFP a2k_fn = NULL; ++ int32_t (*a2k_fn)(Slapi_PBlock *, Slapi_Value *, Slapi_Value ***, int32_t) = NULL; + + slapi_log_err(SLAPI_LOG_FILTER, + "slapi_attr_assertion2keys_ava_sv", "=>\n"); +@@ -880,7 +880,7 @@ slapi_attr_assertion2keys_sub_sv_pb( + Slapi_PBlock *work_pb = NULL; + struct slapdplugin *pi = NULL; + struct slapdplugin *origpi = NULL; +- IFP a2k_fn = NULL; ++ int32_t (*a2k_fn)(Slapi_PBlock *, char *, char **, char *, Slapi_Value ***) = NULL; + + slapi_log_err(SLAPI_LOG_FILTER, + "slapi_attr_assertion2keys_sub_sv_pb", "=>\n"); +@@ -951,7 +951,7 @@ slapi_attr_value_normalize_ext( + unsigned long filter_type) + { + Slapi_Attr myattr = {0}; +- VFPV norm_fn = NULL; ++ void (*norm_fn)(Slapi_PBlock *, char *, int32_t, char **) = NULL; + + if (!sattr) { + sattr = slapi_attr_init(&myattr, type); +diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c +index 65e491590..cda1c404f 100644 +--- a/ldap/servers/slapd/pw.c ++++ b/ldap/servers/slapd/pw.c +@@ -3243,7 +3243,7 @@ slapi_pw_set_entry_ext(Slapi_Entry *entry, Slapi_Value **vals, int flags) + } + + int +-pw_copy_entry_ext(Slapi_Entry *src_e, Slapi_Entry *dest_e) ++pw_copy_entry_ext(const Slapi_Entry *src_e, Slapi_Entry *dest_e) + { + struct slapi_pw_entry_ext *src_extp = NULL; + struct slapi_pw_entry_ext *dest_extp = NULL; +@@ -3254,7 +3254,7 @@ pw_copy_entry_ext(Slapi_Entry *src_e, Slapi_Entry *dest_e) + + src_extp = (struct slapi_pw_entry_ext *)slapi_get_object_extension( + pw_entry_objtype, +- src_e, ++ (void *)src_e, + pw_entry_handle); + if (NULL == src_extp) { + return LDAP_NO_SUCH_ATTRIBUTE; +diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h +index f2395cfa2..fee5a6ab5 100644 +--- a/ldap/servers/slapd/slap.h ++++ b/ldap/servers/slapd/slap.h +@@ -1,7 +1,7 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2009 Red Hat, Inc. + * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. ++ * Copyright (C) 2009-2025 Red Hat, Inc. + * All rights reserved. + * + * Contributors: +@@ -870,10 +870,10 @@ struct slapi_entry + struct attrs_in_extension + { + char *ext_type; +- IFP ext_get; +- IFP ext_set; +- IFP ext_copy; +- IFP ext_get_size; ++ int32_t (*ext_get)(Slapi_Entry *, Slapi_Value ***); ++ int32_t (*ext_set)(Slapi_Entry *, Slapi_Value **, int32_t); ++ int32_t (*ext_copy)(const Slapi_Entry *, Slapi_Entry *); ++ int32_t (*ext_get_size)(Slapi_Entry *, size_t *); + }; + + extern struct attrs_in_extension attrs_in_extension[]; +@@ -1045,7 +1045,7 @@ struct slapdplugin + int plg_precedence; /* for plugin execution ordering */ + struct slapdplugin *plg_group; /* pointer to the group to which this plugin belongs */ + struct pluginconfig plg_conf; /* plugin configuration parameters */ +- IFP plg_cleanup; /* cleanup function */ ++ int32_t (*plg_cleanup)(Slapi_PBlock *); /* cleanup function */ + IFP plg_start; /* start function */ + IFP plg_poststart; /* poststart function */ + int plg_closed; /* mark plugin as closed */ +@@ -1055,47 +1055,47 @@ struct slapdplugin + Slapi_Counter *plg_op_counter; /* operation counter, used for shutdown */ + + /* NOTE: These LDIF2DB and DB2LDIF fn pointers are internal only for now. +- I don't believe you can get these functions from a plug-in and +- then call them without knowing what IFP or VFP0 are. (These aren't +- declared in slapi-plugin.h.) More importantly, it's a pretty ugly +- way to get to these functions. (Do we want people to get locked into +- this?) +- +- The correct way to do this would be to expose these functions as +- front-end API functions. We can fix this for the next release. +- (No one has the time right now.) +- */ ++ * I don't believe you can get these functions from a plug-in and ++ * then call them without knowing what IFP or VFP0 are. (These aren't ++ * declared in slapi-plugin.h.) More importantly, it's a pretty ugly ++ * way to get to these functions. (Do we want people to get locked into ++ * this?) ++ * ++ * The correct way to do this would be to expose these functions as ++ * front-end API functions. We can fix this for the next release. ++ * (No one has the time right now.) ++ */ + union + { /* backend database plugin structure */ + struct plg_un_database_backend + { +- IFP plg_un_db_bind; /* bind */ +- IFP plg_un_db_unbind; /* unbind */ +- IFP plg_un_db_search; /* search */ +- IFP plg_un_db_next_search_entry; /* iterate */ ++ int32_t (*plg_un_db_bind)(Slapi_PBlock *); /* bind */ ++ int32_t (*plg_un_db_unbind)(Slapi_PBlock *); /* undbind */ ++ int32_t (*plg_un_db_search)(Slapi_PBlock *); /* search */ ++ int32_t (*plg_un_db_next_search_entry)(Slapi_PBlock *); /* iterate */ + IFP plg_un_db_next_search_entry_ext; +- VFPP plg_un_db_search_results_release; /* PAGED RESULTS */ +- VFP plg_un_db_prev_search_results; /* PAGED RESULTS */ +- IFP plg_un_db_entry_release; +- IFP plg_un_db_compare; /* compare */ +- IFP plg_un_db_modify; /* modify */ +- IFP plg_un_db_modrdn; /* modrdn */ +- IFP plg_un_db_add; /* add */ +- IFP plg_un_db_delete; /* delete */ +- IFP plg_un_db_abandon; /* abandon */ +- IFP plg_un_db_config; /* config */ +- IFP plg_un_db_seq; /* sequence */ +- IFP plg_un_db_entry; /* entry send */ +- IFP plg_un_db_referral; /* referral send */ +- IFP plg_un_db_result; /* result send */ +- IFP plg_un_db_ldif2db; /* ldif 2 database */ +- IFP plg_un_db_db2ldif; /* database 2 ldif */ +- IFP plg_un_db_db2index; /* database 2 index */ +- IFP plg_un_db_dbcompact; /* compact database */ +- IFP plg_un_db_archive2db; /* ldif 2 database */ +- IFP plg_un_db_db2archive; /* database 2 ldif */ +- IFP plg_un_db_upgradedb; /* convert old idl to new */ +- IFP plg_un_db_upgradednformat; /* convert old dn format to new */ ++ VFPP plg_un_db_search_results_release; /* Paged results */ ++ VFP plg_un_db_prev_search_results; /* Paged results */ ++ int32_t (*plg_un_db_entry_release)(Slapi_PBlock *, void *); /* Releas entry from cache */ ++ int32_t (*plg_un_db_compare)(Slapi_PBlock *); /* compare */ ++ int32_t (*plg_un_db_modify)(Slapi_PBlock *); /* modify */ ++ int32_t (*plg_un_db_modrdn)(Slapi_PBlock *); /* modrdn */ ++ int32_t (*plg_un_db_add)(Slapi_PBlock *); /* add */ ++ int32_t (*plg_un_db_delete)(Slapi_PBlock *); /* delete */ ++ int32_t (*plg_un_db_abandon)(Slapi_PBlock *); /* abandon */ ++ IFP plg_un_db_config; /* config */ ++ int32_t (*plg_un_db_seq)(Slapi_PBlock *); /* sequence */ ++ IFP plg_un_db_entry; /* entry send */ ++ IFP plg_un_db_referral; /* referral send */ ++ IFP plg_un_db_result; ++ int32_t (*plg_un_db_ldif2db)(Slapi_PBlock *); /* ldif 2 database */ ++ int32_t (*plg_un_db_db2ldif)(Slapi_PBlock *); /* database 2 ldif */ ++ int32_t (*plg_un_db_db2index)(Slapi_PBlock *); /* database 2 index */ ++ int32_t (*plg_un_db_dbcompact)(Slapi_Backend *, bool); /* compact database */ ++ int32_t (*plg_un_db_archive2db)(Slapi_PBlock *); /* ldif 2 database */ ++ int32_t (*plg_un_db_db2archive)(Slapi_PBlock *); /* database 2 ldif */ ++ int32_t (*plg_un_db_upgradedb)(Slapi_PBlock *); /* convert old idl to new */ ++ int32_t (*plg_un_db_upgradednformat)(Slapi_PBlock *); /* convert old dn format to new */ + IFP plg_un_db_begin; /* dbase txn begin */ + IFP plg_un_db_commit; /* dbase txn commit */ + IFP plg_un_db_abort; /* dbase txn abort */ +@@ -1105,12 +1105,12 @@ struct slapdplugin + IFP plg_un_db_register_dn_callback; /* Register a function to call when a operation is applied to a given DN */ + IFP plg_un_db_register_oc_callback; /* Register a function to call when a operation is applied to a given ObjectClass */ + IFP plg_un_db_init_instance; /* initializes new db instance */ +- IFP plg_un_db_wire_import; /* fast replica update */ +- IFP plg_un_db_verify; /* verify db files */ +- IFP plg_un_db_add_schema; /* add schema */ +- IFP plg_un_db_get_info; /* get info */ +- IFP plg_un_db_set_info; /* set info */ +- IFP plg_un_db_ctrl_info; /* ctrl info */ ++ int32_t (*plg_un_db_wire_import)(Slapi_PBlock *); /* fast replica update */ ++ int32_t (*plg_un_db_verify)(Slapi_PBlock *); /* verify db files */ ++ IFP plg_un_db_add_schema; /* add schema */ ++ int32_t (*plg_un_db_get_info)(Slapi_Backend *, int32_t, void **); /* get info */ ++ int32_t (*plg_un_db_set_info)(Slapi_Backend *, int32_t, void **); /* set info */ ++ int32_t (*plg_un_db_ctrl_info)(Slapi_Backend *, int32_t, void **); /* ctrl info */ + } plg_un_db; + #define plg_bind plg_un.plg_un_db.plg_un_db_bind + #define plg_unbind plg_un.plg_un_db.plg_un_db_unbind +@@ -1155,10 +1155,10 @@ struct slapdplugin + { + char **plg_un_pe_exoids; /* exop oids */ + char **plg_un_pe_exnames; /* exop names (may be NULL) */ +- IFP plg_un_pe_exhandler; /* handler */ ++ int32_t (*plg_un_pe_exhandler)(Slapi_PBlock *); /* handler */ + IFP plg_un_pe_pre_exhandler; /* pre extop */ + IFP plg_un_pe_post_exhandler; /* post extop */ +- IFP plg_un_pe_be_exhandler; /* handler to retrieve the be name for the operation */ ++ int32_t (*plg_un_pe_be_exhandler)(Slapi_PBlock *, Slapi_Backend **); /* handler to retrieve the be name for the operation */ + } plg_un_pe; + #define plg_exoids plg_un.plg_un_pe.plg_un_pe_exoids + #define plg_exnames plg_un.plg_un_pe.plg_un_pe_exnames +@@ -1294,20 +1294,20 @@ struct slapdplugin + /* matching rule plugin structure */ + struct plg_un_matching_rule + { +- IFP plg_un_mr_filter_create; /* factory function */ +- IFP plg_un_mr_indexer_create; /* factory function */ ++ int32_t (*plg_un_mr_filter_create)(Slapi_PBlock *); /* factory function */ ++ int32_t (*plg_un_mr_indexer_create)(Slapi_PBlock *); /* factory function */ + /* new style syntax plugin functions */ + /* not all functions will apply to all matching rule types */ + /* e.g. a SUBSTR rule will not have a filter_ava func */ +- IFP plg_un_mr_filter_ava; +- IFP plg_un_mr_filter_sub; +- IFP plg_un_mr_values2keys; +- IFP plg_un_mr_assertion2keys_ava; +- IFP plg_un_mr_assertion2keys_sub; ++ int32_t (*plg_un_mr_filter_ava)(Slapi_PBlock *, const struct berval *, Slapi_Value **, int32_t, Slapi_Value **); ++ int32_t (*plg_un_mr_filter_sub)(Slapi_PBlock *, char *, char **, char*, Slapi_Value **); ++ int32_t (*plg_un_mr_values2keys)(Slapi_PBlock *, Slapi_Value **, Slapi_Value ***, int32_t); ++ int32_t (*plg_un_mr_assertion2keys_ava)(Slapi_PBlock *, Slapi_Value *, Slapi_Value ***, int32_t); ++ int32_t (*plg_un_mr_assertion2keys_sub)(Slapi_PBlock *, char *, char **, char *, Slapi_Value ***); + int plg_un_mr_flags; + char **plg_un_mr_names; +- IFP plg_un_mr_compare; /* only for ORDERING */ +- VFPV plg_un_mr_normalize; ++ int32_t (*plg_un_mr_compare)(struct berval *, struct berval *); /* only for ORDERING */ ++ void (*plg_un_mr_normalize)(Slapi_PBlock *, char *, int32_t, char **); + } plg_un_mr; + #define plg_mr_filter_create plg_un.plg_un_mr.plg_un_mr_filter_create + #define plg_mr_indexer_create plg_un.plg_un_mr.plg_un_mr_indexer_create +@@ -1324,25 +1324,25 @@ struct slapdplugin + /* syntax plugin structure */ + struct plg_un_syntax_struct + { +- IFP plg_un_syntax_filter_ava; ++ int32_t (*plg_un_syntax_filter_ava)(Slapi_PBlock *, const struct berval *, Slapi_Value **, int32_t, Slapi_Value **); + IFP plg_un_syntax_filter_ava_sv; +- IFP plg_un_syntax_filter_sub; ++ int32_t (*plg_un_syntax_filter_sub)(Slapi_PBlock*, char *, char **, char *, Slapi_Value**); + IFP plg_un_syntax_filter_sub_sv; +- IFP plg_un_syntax_values2keys; ++ int32_t (*plg_un_syntax_values2keys)(Slapi_PBlock*, Slapi_Value**, Slapi_Value***, int32_t); + IFP plg_un_syntax_values2keys_sv; +- IFP plg_un_syntax_assertion2keys_ava; +- IFP plg_un_syntax_assertion2keys_sub; ++ int32_t (*plg_un_syntax_assertion2keys_ava)(Slapi_PBlock*, Slapi_Value*, Slapi_Value***, int32_t); ++ int32_t (*plg_un_syntax_assertion2keys_sub)(Slapi_PBlock*, char*, char**, char*, Slapi_Value***); + int plg_un_syntax_flags; + /* +- from slapi-plugin.h +-#define SLAPI_PLUGIN_SYNTAX_FLAG_ORKEYS 1 +-#define SLAPI_PLUGIN_SYNTAX_FLAG_ORDERING 2 +-*/ ++ * from slapi-plugin.h ++#define SLAPI_PLUGIN_SYNTAX_FLAG_ORKEYS 1 ++#define SLAPI_PLUGIN_SYNTAX_FLAG_ORDERING 2 ++ */ + char **plg_un_syntax_names; + char *plg_un_syntax_oid; + IFP plg_un_syntax_compare; +- IFP plg_un_syntax_validate; +- VFPV plg_un_syntax_normalize; ++ int32_t (*plg_un_syntax_validate)(struct berval *); ++ void (*plg_un_syntax_normalize)(Slapi_PBlock *, char *, int32_t, char **); + } plg_un_syntax; + #define plg_syntax_filter_ava plg_un.plg_un_syntax.plg_un_syntax_filter_ava + #define plg_syntax_filter_sub plg_un.plg_un_syntax.plg_un_syntax_filter_sub +@@ -1359,10 +1359,11 @@ struct slapdplugin + struct plg_un_acl_struct + { + IFP plg_un_acl_init; +- IFP plg_un_acl_syntax_check; +- IFP plg_un_acl_access_allowed; +- IFP plg_un_acl_mods_allowed; +- IFP plg_un_acl_mods_update; ++ int32_t (*plg_un_acl_syntax_check)(Slapi_PBlock *, Slapi_Entry *, char **); ++ int32_t (*plg_un_acl_access_allowed)(Slapi_PBlock *, Slapi_Entry*, char **, struct berval *, int32_t, int32_t, char **); ++ int32_t (*plg_un_acl_mods_allowed)(Slapi_PBlock *, Slapi_Entry *, LDAPMod **, void *); ++ int32_t (*plg_un_acl_mods_update)(Slapi_PBlock *, int32_t, Slapi_DN *, void *); ++ + } plg_un_acl; + #define plg_acl_init plg_un.plg_un_acl.plg_un_acl_init + #define plg_acl_syntax_check plg_un.plg_un_acl.plg_un_acl_syntax_check +@@ -1372,8 +1373,8 @@ struct slapdplugin + + struct plg_un_mmr_struct + { +- IFP plg_un_mmr_betxn_preop; +- IFP plg_un_mmr_betxn_postop; ++ int32_t (*plg_un_mmr_betxn_preop)(Slapi_PBlock *, int32_t); ++ int32_t (*plg_un_mmr_betxn_postop)(Slapi_PBlock *, int32_t); + } plg_un_mmr; + #define plg_mmr_betxn_preop plg_un.plg_un_mmr.plg_un_mmr_betxn_preop + #define plg_mmr_betxn_postop plg_un.plg_un_mmr.plg_un_mmr_betxn_postop +@@ -1394,8 +1395,8 @@ struct slapdplugin + /* entry fetch/store */ + struct plg_un_entry_fetch_store_struct + { +- IFP plg_un_entry_fetch_func; +- IFP plg_un_entry_store_func; ++ int32_t (*plg_un_entry_fetch_func)(char **, uint32_t *); ++ int32_t (*plg_un_entry_store_func)(char **, uint32_t *); + } plg_un_entry_fetch_store; + #define plg_entryfetchfunc plg_un.plg_un_entry_fetch_store.plg_un_entry_fetch_func + #define plg_entrystorefunc plg_un.plg_un_entry_fetch_store.plg_un_entry_store_func +diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h +index ec4b540c3..533c4e428 100644 +--- a/ldap/servers/slapd/slapi-private.h ++++ b/ldap/servers/slapd/slapi-private.h +@@ -1409,7 +1409,7 @@ int slapi_add_internal_attr_syntax(const char *name, const char *oid, const char + + /* pw.c */ + void pw_exp_init(void); +-int pw_copy_entry_ext(Slapi_Entry *src_e, Slapi_Entry *dest_e); ++int pw_copy_entry_ext(const Slapi_Entry *src_e, Slapi_Entry *dest_e); + int pw_get_ext_size(Slapi_Entry *e, size_t *size); + + /* op_shared.c */ +diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c +index c14af83e0..d2a9a1b48 100644 +--- a/ldap/servers/slapd/task.c ++++ b/ldap/servers/slapd/task.c +@@ -2036,7 +2036,7 @@ task_upgradedb_add(Slapi_PBlock *pb __attribute__((unused)), + int32_t task_flags = SLAPI_TASK_RUNNING_AS_TASK; + slapi_pblock_set(mypb, SLAPI_TASK_FLAGS, &task_flags); + +- rv = (be->be_database->plg_upgradedb)(&mypb); ++ rv = (be->be_database->plg_upgradedb)(mypb); + if (rv == 0) { + slapi_entry_attr_set_charptr(e, TASK_LOG_NAME, ""); + slapi_entry_attr_set_charptr(e, TASK_STATUS_NAME, ""); +-- +2.52.0 + diff --git a/0010-Issue-7223-Revert-index-scan-limits-for-system-index.patch b/0012-Issue-7223-Revert-index-scan-limits-for-system-index.patch similarity index 99% rename from 0010-Issue-7223-Revert-index-scan-limits-for-system-index.patch rename to 0012-Issue-7223-Revert-index-scan-limits-for-system-index.patch index d2ea7ef..c3fde35 100644 --- a/0010-Issue-7223-Revert-index-scan-limits-for-system-index.patch +++ b/0012-Issue-7223-Revert-index-scan-limits-for-system-index.patch @@ -1,4 +1,4 @@ -From 41c72bf9900a7e28e0f589384f6e0ce292607e9d Mon Sep 17 00:00:00 2001 +From 7a45b50bf3d9cfc8f7e805379fcb39d5669d6c8b Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Thu, 5 Feb 2026 12:17:06 +0100 Subject: [PATCH] Issue 7223 - Revert index scan limits for system indexes @@ -729,7 +729,7 @@ index d3c9ccf35..1d9be4683 100644 'nsslapd-import-cachesize', 'nsslapd-idl-switch', diff --git a/src/lib389/lib389/cli_conf/backend.py b/src/lib389/lib389/cli_conf/backend.py -index f8735e08e..ec9b5debe 100644 +index dcf57d006..80008d22d 100644 --- a/src/lib389/lib389/cli_conf/backend.py +++ b/src/lib389/lib389/cli_conf/backend.py @@ -39,7 +39,6 @@ arg_to_attr = { diff --git a/0011-Issue-7223-Add-upgrade-function-to-remove-nsIndexIDL.patch b/0013-Issue-7223-Add-upgrade-function-to-remove-nsIndexIDL.patch similarity index 99% rename from 0011-Issue-7223-Add-upgrade-function-to-remove-nsIndexIDL.patch rename to 0013-Issue-7223-Add-upgrade-function-to-remove-nsIndexIDL.patch index f2bcdad..b55d17b 100644 --- a/0011-Issue-7223-Add-upgrade-function-to-remove-nsIndexIDL.patch +++ b/0013-Issue-7223-Add-upgrade-function-to-remove-nsIndexIDL.patch @@ -1,4 +1,4 @@ -From 450015057d84bb032996e0bd76941b1ab6e1c08c Mon Sep 17 00:00:00 2001 +From a58212943da2604091e7d5a20829ab54970d41c9 Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Thu, 5 Feb 2026 12:17:06 +0100 Subject: [PATCH] Issue 7223 - Add upgrade function to remove diff --git a/0014-Issue-7223-Add-upgrade-function-to-remove-ancestorid.patch b/0014-Issue-7223-Add-upgrade-function-to-remove-ancestorid.patch new file mode 100644 index 0000000..494a3e1 --- /dev/null +++ b/0014-Issue-7223-Add-upgrade-function-to-remove-ancestorid.patch @@ -0,0 +1,313 @@ +From 9a9446b9bafe25eacf97039e66d6ef19d366315c Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Thu, 5 Feb 2026 12:17:06 +0100 +Subject: [PATCH] Issue 7223 - Add upgrade function to remove ancestorid index + config entry + +Description: +Add `upgrade_remove_ancestorid_index_config()` function that removes: +* ancestorid from `cn=default indexes` +* ancestorid index config entries from each backend's `cn=index` + +Also remove ancestorid index configuration from template-dse.ldif. + +Relates: https://github.com/389ds/389-ds-base/issues/7223 + +Reviewed by: @progier389, @tbordaz, @droideck (Thanks!) +--- + .../healthcheck/health_system_indexes_test.py | 85 +++++++++++ + ldap/ldif/template-dse.ldif.in | 8 -- + ldap/servers/slapd/upgrade.c | 133 +++++++++++++++++- + 3 files changed, 214 insertions(+), 12 deletions(-) + +diff --git a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py +index b0d7a99ec..4b0c58835 100644 +--- a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py ++++ b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py +@@ -501,6 +501,91 @@ def test_upgrade_removes_parentid_scanlimit(topology_st): + + log.info("Upgrade successfully removed nsIndexIDListScanLimit from parentid index") + ++ # Verify idempotency - restart again and ensure no errors ++ log.info("Restart server again to verify idempotency (no errors on second run)") ++ standalone.restart() ++ # Verify the attribute is still absent ++ scanlimit_after_second = parentid_index.get_attr_vals_utf8("nsIndexIDListScanLimit") ++ assert not scanlimit_after_second, \ ++ f"nsIndexIDListScanLimit should still be absent after second restart but found: {scanlimit_after_second}" ++ log.info("Idempotency verified - no issues on second restart") ++ ++ ++def test_upgrade_removes_ancestorid_index_config(topology_st): ++ """Check if upgrade function removes ancestorid index config entry ++ ++ :id: 3f3d6e9b-75ac-4f0d-b2ce-7204e6eacd0a ++ :setup: Standalone instance ++ :steps: ++ 1. Create DS instance ++ 2. Stop the server ++ 3. Use DSEldif to add an ancestorid index config entry ++ 4. Start the server (triggers upgrade) ++ 5. Verify ancestorid index config entry is removed ++ :expectedresults: ++ 1. Success ++ 2. Success ++ 3. Success ++ 4. Success ++ 5. ancestorid index config entry is no longer present ++ """ ++ from lib389.dseldif import DSEldif ++ ++ standalone = topology_st.standalone ++ ANCESTORID_DN = "cn=ancestorid,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" ++ ++ log.info("Stop the server") ++ standalone.stop() ++ ++ log.info("Add ancestorid index config entry using DSEldif") ++ dse_ldif = DSEldif(standalone) ++ ++ # Create a fake ancestorid index entry ++ ancestorid_entry = [ ++ "dn: {}\n".format(ANCESTORID_DN), ++ "objectClass: top\n", ++ "objectClass: nsIndex\n", ++ "cn: ancestorid\n", ++ "nsSystemIndex: true\n", ++ "nsIndexType: eq\n", ++ "nsMatchingRule: integerOrderingMatch\n", ++ "\n" ++ ] ++ dse_ldif.add_entry(ancestorid_entry) ++ ++ # Verify it was added by re-reading dse.ldif ++ dse_ldif2 = DSEldif(standalone) ++ cn_value = dse_ldif2.get(ANCESTORID_DN, "cn") ++ assert cn_value is not None, "Failed to add ancestorid index config entry" ++ log.info(f"Added ancestorid index entry with cn: {cn_value}") ++ ++ log.info("Start the server (triggers upgrade)") ++ standalone.start() ++ ++ log.info("Verify ancestorid index config entry was removed by upgrade") ++ # Check via LDAP - the upgrade should have removed the entry ++ try: ++ ancestorid_index = Index(standalone, ANCESTORID_DN) ++ # If we can get the entry, it wasn't removed - this is a failure ++ cn_after = ancestorid_index.get_attr_vals_utf8("cn") ++ assert False, f"ancestorid index config entry should have been removed but still exists: {cn_after}" ++ except Exception as e: ++ # Entry should not exist - this is expected ++ log.info(f"ancestorid index config entry correctly removed (got exception: {e})") ++ ++ log.info("Upgrade successfully removed ancestorid index config entry") ++ ++ # Verify idempotency - restart again and ensure no errors ++ log.info("Restart server again to verify idempotency (no errors on second run)") ++ standalone.restart() ++ # Verify the entry is still absent ++ try: ++ ancestorid_index = Index(standalone, ANCESTORID_DN) ++ cn_after_second = ancestorid_index.get_attr_vals_utf8("cn") ++ assert False, f"ancestorid index config entry should still be absent after second restart but found: {cn_after_second}" ++ except Exception as e: ++ log.info(f"Idempotency verified - ancestorid still absent after second restart (got exception: {e})") ++ + + if __name__ == "__main__": + # Run isolated +diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in +index 6f97d492b..70e7a85ac 100644 +--- a/ldap/ldif/template-dse.ldif.in ++++ b/ldap/ldif/template-dse.ldif.in +@@ -990,14 +990,6 @@ cn: aci + nssystemindex: true + nsindextype: pres + +-dn: cn=ancestorid,cn=default indexes, cn=config,cn=ldbm database,cn=plugins,cn=config +-objectclass: top +-objectclass: nsIndex +-cn: ancestorid +-nssystemindex: true +-nsindextype: eq +-nsmatchingrule: integerOrderingMatch +- + dn: cn=cn,cn=default indexes, cn=config,cn=ldbm database,cn=plugins,cn=config + objectclass: top + objectclass: nsIndex +diff --git a/ldap/servers/slapd/upgrade.c b/ldap/servers/slapd/upgrade.c +index adfec63de..d9156cae9 100644 +--- a/ldap/servers/slapd/upgrade.c ++++ b/ldap/servers/slapd/upgrade.c +@@ -380,6 +380,126 @@ upgrade_remove_index_scanlimit(void) + return uresult; + } + ++/* ++ * Remove ancestorid index configuration entry if present. ++ * ++ * The ancestorid index is special - it has no corresponding attribute type ++ * and should not have a DSE config entry. If an entry exists, remove it. ++ * ++ * This function removes: ++ * 1. The ancestorid entry from cn=default indexes (to prevent re-creation on startup) ++ * 2. The ancestorid entry from each backend's cn=index (if it exists) ++ */ ++static upgrade_status ++upgrade_remove_ancestorid_index_config(void) ++{ ++ struct slapi_pblock *pb = slapi_pblock_new(); ++ Slapi_Entry **backends = NULL; ++ const char *be_base_dn = "cn=ldbm database,cn=plugins,cn=config"; ++ const char *be_filter = "(objectclass=nsBackendInstance)"; ++ upgrade_status uresult = UPGRADE_SUCCESS; ++ int rc; ++ ++ /* ++ * First, remove ancestorid from cn=default indexes to prevent ++ * ldbm_instance_create_default_user_indexes() from re-creating it. ++ */ ++ { ++ Slapi_PBlock *def_pb = slapi_pblock_new(); ++ char *def_idx_dn = slapi_create_dn_string( ++ "cn=ancestorid,cn=default indexes,cn=config,%s", be_base_dn); ++ ++ if (def_idx_dn) { ++ slapi_delete_internal_set_pb( ++ def_pb, def_idx_dn, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_delete_internal_pb(def_pb); ++ slapi_pblock_get(def_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); ++ ++ if (rc == LDAP_SUCCESS) { ++ slapi_log_err(SLAPI_LOG_NOTICE, "upgrade_remove_ancestorid_index_config", ++ "Removed 'ancestorid' from default indexes.\n"); ++ } else if (rc != LDAP_NO_SUCH_OBJECT) { ++ slapi_log_err(SLAPI_LOG_ERR, "upgrade_remove_ancestorid_index_config", ++ "Failed to remove 'ancestorid' from default indexes: error %d\n", rc); ++ } ++ ++ slapi_ch_free_string(&def_idx_dn); ++ } ++ slapi_pblock_destroy(def_pb); ++ } ++ ++ /* Search for all backend instances */ ++ slapi_search_internal_set_pb( ++ pb, be_base_dn, ++ LDAP_SCOPE_ONELEVEL, ++ be_filter, NULL, 0, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_search_internal_pb(pb); ++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &backends); ++ ++ if (backends) { ++ for (size_t be_idx = 0; backends[be_idx] != NULL; be_idx++) { ++ const char *be_dn = slapi_entry_get_dn_const(backends[be_idx]); ++ const char *be_name = slapi_entry_attr_get_ref(backends[be_idx], "cn"); ++ if (!be_dn || !be_name) { ++ continue; ++ } ++ ++ struct slapi_pblock *idx_pb = slapi_pblock_new(); ++ Slapi_Entry **idx_entries = NULL; ++ char *idx_dn = slapi_create_dn_string("cn=ancestorid,cn=index,%s", ++ be_dn); ++ char *idx_filter = "(objectclass=nsIndex)"; ++ ++ if (!idx_dn) { ++ slapi_pblock_destroy(idx_pb); ++ continue; ++ } ++ ++ slapi_search_internal_set_pb( ++ idx_pb, idx_dn, ++ LDAP_SCOPE_BASE, ++ idx_filter, NULL, 0, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_search_internal_pb(idx_pb); ++ slapi_pblock_get(idx_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &idx_entries); ++ ++ if (idx_entries && idx_entries[0]) { ++ /* ancestorid index entry exists - delete it */ ++ Slapi_PBlock *del_pb = slapi_pblock_new(); ++ ++ slapi_delete_internal_set_pb( ++ del_pb, idx_dn, NULL, NULL, ++ plugin_get_default_component_id(), 0); ++ slapi_delete_internal_pb(del_pb); ++ slapi_pblock_get(del_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); ++ ++ if (rc == LDAP_SUCCESS) { ++ slapi_log_err(SLAPI_LOG_NOTICE, "upgrade_remove_ancestorid_index_config", ++ "Removed 'ancestorid' index config entry in backend '%s'.\n", ++ be_name); ++ } else if (rc != LDAP_NO_SUCH_OBJECT) { ++ slapi_log_err(SLAPI_LOG_ERR, "upgrade_remove_ancestorid_index_config", ++ "Failed to remove 'ancestorid' index config entry in backend '%s': error %d\n", ++ be_name, rc); ++ } ++ ++ slapi_pblock_destroy(del_pb); ++ } ++ ++ slapi_ch_free_string(&idx_dn); ++ slapi_free_search_results_internal(idx_pb); ++ slapi_pblock_destroy(idx_pb); ++ } ++ } ++ ++ slapi_free_search_results_internal(pb); ++ slapi_pblock_destroy(pb); ++ ++ return uresult; ++} ++ + /* + * Check if parentid/ancestorid indexes are missing the integerOrderingMatch + * matching rule. +@@ -394,7 +514,7 @@ upgrade_check_id_index_matching_rule(void) + Slapi_Entry **backends = NULL; + const char *be_base_dn = "cn=ldbm database,cn=plugins,cn=config"; + const char *be_filter = "(objectclass=nsBackendInstance)"; +- const char *attrs_to_check[] = {"parentid", "ancestorid", NULL}; ++ const char *attrs_to_check[] = {"parentid", NULL}; + upgrade_status uresult = UPGRADE_SUCCESS; + + /* Search for all backend instances */ +@@ -408,8 +528,9 @@ upgrade_check_id_index_matching_rule(void) + + if (backends) { + for (size_t be_idx = 0; backends[be_idx] != NULL; be_idx++) { ++ const char *be_dn = slapi_entry_get_dn_const(backends[be_idx]); + const char *be_name = slapi_entry_attr_get_ref(backends[be_idx], "cn"); +- if (!be_name) { ++ if (!be_dn || !be_name) { + continue; + } + +@@ -418,8 +539,8 @@ upgrade_check_id_index_matching_rule(void) + const char *attr_name = attrs_to_check[attr_idx]; + struct slapi_pblock *idx_pb = slapi_pblock_new(); + Slapi_Entry **idx_entries = NULL; +- char *idx_dn = slapi_create_dn_string("cn=%s,cn=index,cn=%s,%s", +- attr_name, be_name, be_base_dn); ++ char *idx_dn = slapi_create_dn_string("cn=%s,cn=index,%s", ++ attr_name, be_dn); + char *idx_filter = "(objectclass=nsIndex)"; + PRBool has_matching_rule = PR_FALSE; + +@@ -512,6 +633,10 @@ upgrade_server(void) + return UPGRADE_FAILURE; + } + ++ if (upgrade_remove_ancestorid_index_config() != UPGRADE_SUCCESS) { ++ return UPGRADE_FAILURE; ++ } ++ + if (upgrade_check_id_index_matching_rule() != UPGRADE_SUCCESS) { + return UPGRADE_FAILURE; + } +-- +2.52.0 + diff --git a/0012-Issue-7223-Detect-and-log-index-ordering-mismatch-du.patch b/0015-Issue-7223-Detect-and-log-index-ordering-mismatch-du.patch similarity index 99% rename from 0012-Issue-7223-Detect-and-log-index-ordering-mismatch-du.patch rename to 0015-Issue-7223-Detect-and-log-index-ordering-mismatch-du.patch index 2661363..0960428 100644 --- a/0012-Issue-7223-Detect-and-log-index-ordering-mismatch-du.patch +++ b/0015-Issue-7223-Detect-and-log-index-ordering-mismatch-du.patch @@ -1,4 +1,4 @@ -From 46154ef03c7543a452b17540460dc808805bd4b7 Mon Sep 17 00:00:00 2001 +From b5bee921b7f4cfbf7a2edbe55d4291f487f4a140 Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Thu, 5 Feb 2026 12:17:06 +0100 Subject: [PATCH] Issue 7223 - Detect and log index ordering mismatch during diff --git a/0013-Issue-7223-Add-dsctl-index-check-command-for-offline.patch b/0016-Issue-7223-Add-dsctl-index-check-command-for-offline.patch similarity index 99% rename from 0013-Issue-7223-Add-dsctl-index-check-command-for-offline.patch rename to 0016-Issue-7223-Add-dsctl-index-check-command-for-offline.patch index b42800c..c3af0f1 100644 --- a/0013-Issue-7223-Add-dsctl-index-check-command-for-offline.patch +++ b/0016-Issue-7223-Add-dsctl-index-check-command-for-offline.patch @@ -1,4 +1,4 @@ -From c741eceaf0ba751d95153f032826c20249838de5 Mon Sep 17 00:00:00 2001 +From 04eca1fe36480561bc2f59440d971e000133d213 Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Thu, 5 Feb 2026 12:17:06 +0100 Subject: [PATCH] Issue 7223 - Add dsctl index-check command for offline index @@ -24,11 +24,11 @@ Reviewed by: @progier389, @tbordaz, @droideck (Thanks!) 4 files changed, 1068 insertions(+), 29 deletions(-) diff --git a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py -index b0d7a99ec..55b9d2f6d 100644 +index 4b0c58835..571465562 100644 --- a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py +++ b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py -@@ -502,6 +502,599 @@ def test_upgrade_removes_parentid_scanlimit(topology_st): - log.info("Upgrade successfully removed nsIndexIDListScanLimit from parentid index") +@@ -587,6 +587,599 @@ def test_upgrade_removes_ancestorid_index_config(topology_st): + log.info(f"Idempotency verified - ancestorid still absent after second restart (got exception: {e})") +def test_index_check_basic(topology_st): @@ -628,10 +628,10 @@ index b0d7a99ec..55b9d2f6d 100644 # Run isolated # -s for DEBUG mode diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in -index 258d94698..94d8c04c9 100644 +index 44a158ce5..0175dfa7c 100644 --- a/rpm/389-ds-base.spec.in +++ b/rpm/389-ds-base.spec.in -@@ -642,42 +642,45 @@ if ! getent passwd $USERNAME >/dev/null ; then +@@ -645,42 +645,45 @@ if ! getent passwd $USERNAME >/dev/null ; then fi # Reload our sysctl before we restart (if we can) diff --git a/0014-Issue-7096-2nd-During-replication-online-total-init-.patch b/0017-Issue-7096-2nd-During-replication-online-total-init-.patch similarity index 98% rename from 0014-Issue-7096-2nd-During-replication-online-total-init-.patch rename to 0017-Issue-7096-2nd-During-replication-online-total-init-.patch index 7274644..724a0b7 100644 --- a/0014-Issue-7096-2nd-During-replication-online-total-init-.patch +++ b/0017-Issue-7096-2nd-During-replication-online-total-init-.patch @@ -1,4 +1,4 @@ -From d1886fbc7d97e49ac0b8bc5bd6ae7e3263bb0cfb Mon Sep 17 00:00:00 2001 +From c1f0756b453b7ea219add236f60a72b3fc660af0 Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Tue, 27 Jan 2026 14:26:29 +0100 Subject: [PATCH] Issue 7096 - (2nd) During replication online total init the diff --git a/0015-Issue-7076-6992-6784-6214-Fix-CI-test-failures-7077.patch b/0018-Issue-7076-6992-6784-6214-Fix-CI-test-failures-7077.patch similarity index 99% rename from 0015-Issue-7076-6992-6784-6214-Fix-CI-test-failures-7077.patch rename to 0018-Issue-7076-6992-6784-6214-Fix-CI-test-failures-7077.patch index e208679..dfd9482 100644 --- a/0015-Issue-7076-6992-6784-6214-Fix-CI-test-failures-7077.patch +++ b/0018-Issue-7076-6992-6784-6214-Fix-CI-test-failures-7077.patch @@ -1,4 +1,4 @@ -From 42c38a7a95e898a6185ac7c71ad89119ef406509 Mon Sep 17 00:00:00 2001 +From 35237d57daf6fdf20a42c3cef27130ba70f0cdc2 Mon Sep 17 00:00:00 2001 From: Akshay Adhikari Date: Tue, 18 Nov 2025 21:57:10 +0530 Subject: [PATCH] Issue 7076, 6992, 6784, 6214 - Fix CI test failures (#7077) @@ -53,7 +53,7 @@ index be825efe9..e9b611439 100644 log.info(f'Backup directory is {backup_dir}') diff --git a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py -index 55b9d2f6d..da7673283 100644 +index 571465562..4cd4d0c70 100644 --- a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py +++ b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py @@ -172,6 +172,7 @@ def test_missing_parentid(topology_st, log_buffering_enabled): diff --git a/0016-Issue-7076-Fix-revert_cache-never-called-in-modrdn-7.patch b/0019-Issue-7076-Fix-revert_cache-never-called-in-modrdn-7.patch similarity index 97% rename from 0016-Issue-7076-Fix-revert_cache-never-called-in-modrdn-7.patch rename to 0019-Issue-7076-Fix-revert_cache-never-called-in-modrdn-7.patch index df4c71b..9036d72 100644 --- a/0016-Issue-7076-Fix-revert_cache-never-called-in-modrdn-7.patch +++ b/0019-Issue-7076-Fix-revert_cache-never-called-in-modrdn-7.patch @@ -1,4 +1,4 @@ -From b5a8ab96ec5c2a0cc0d478c5a906f3d2bfb4f6c5 Mon Sep 17 00:00:00 2001 +From 04a0f5560ea741972b9c264af23b377893ab7133 Mon Sep 17 00:00:00 2001 From: Akshay Adhikari Date: Thu, 5 Feb 2026 15:41:09 +0530 Subject: [PATCH] Issue 7076 - Fix revert_cache() never called in modrdn diff --git a/0017-Issue-6947-Fix-health_system_indexes_test.py.patch b/0020-Issue-6947-Fix-health_system_indexes_test.py.patch similarity index 89% rename from 0017-Issue-6947-Fix-health_system_indexes_test.py.patch rename to 0020-Issue-6947-Fix-health_system_indexes_test.py.patch index b878751..6d15057 100644 --- a/0017-Issue-6947-Fix-health_system_indexes_test.py.patch +++ b/0020-Issue-6947-Fix-health_system_indexes_test.py.patch @@ -1,4 +1,4 @@ -From cd530816544b9a583adc517db2ff34cdfa84fc43 Mon Sep 17 00:00:00 2001 +From fb8acf6141b069e250be3821c1e70ee7ed448720 Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Wed, 11 Feb 2026 19:53:44 +0100 Subject: [PATCH] Issue 6947 - Fix health_system_indexes_test.py @@ -8,7 +8,7 @@ Subject: [PATCH] Issue 6947 - Fix health_system_indexes_test.py 1 file changed, 1 insertion(+) diff --git a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py -index da7673283..932857dd6 100644 +index 4cd4d0c70..3b3651b38 100644 --- a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py +++ b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py @@ -99,6 +99,7 @@ def run_healthcheck_and_flush_log(topology, instance, searched_code, json, searc diff --git a/0018-Issue-7121-2nd-LeakSanitizer-various-leaks-during-re.patch b/0021-Issue-7121-2nd-LeakSanitizer-various-leaks-during-re.patch similarity index 98% rename from 0018-Issue-7121-2nd-LeakSanitizer-various-leaks-during-re.patch rename to 0021-Issue-7121-2nd-LeakSanitizer-various-leaks-during-re.patch index 6783f40..777be86 100644 --- a/0018-Issue-7121-2nd-LeakSanitizer-various-leaks-during-re.patch +++ b/0021-Issue-7121-2nd-LeakSanitizer-various-leaks-during-re.patch @@ -1,4 +1,4 @@ -From 64dcdbcbba3e8e2239a2e099787c40713c8a0a7e Mon Sep 17 00:00:00 2001 +From 8761b28fd2f2cf3d2e2119bdf1b348bc7d2d1834 Mon Sep 17 00:00:00 2001 From: Viktor Ashirov Date: Mon, 9 Feb 2026 13:18:09 +0100 Subject: [PATCH] Issue 7121 - (2nd) LeakSanitizer: various leaks during diff --git a/0019-Issue-7150-Compressed-access-log-rotations-skipped-a.patch b/0022-Issue-7150-Compressed-access-log-rotations-skipped-a.patch similarity index 99% rename from 0019-Issue-7150-Compressed-access-log-rotations-skipped-a.patch rename to 0022-Issue-7150-Compressed-access-log-rotations-skipped-a.patch index de880d8..5f7b711 100644 --- a/0019-Issue-7150-Compressed-access-log-rotations-skipped-a.patch +++ b/0022-Issue-7150-Compressed-access-log-rotations-skipped-a.patch @@ -1,4 +1,4 @@ -From eaa2077433bc3a38dee60ae5255f067aa3113691 Mon Sep 17 00:00:00 2001 +From 86b15d688949197a9efe3d5fc7a7eadcdd46e115 Mon Sep 17 00:00:00 2001 From: Simon Pichugin Date: Tue, 16 Dec 2025 15:48:35 -0800 Subject: [PATCH] Issue 7150 - Compressed access log rotations skipped, diff --git a/0007-Issue-7224-CI-Test-Simplify-test_reserve_descriptor_.patch b/0023-Issue-7224-CI-Test-Simplify-test_reserve_descriptor_.patch similarity index 98% rename from 0007-Issue-7224-CI-Test-Simplify-test_reserve_descriptor_.patch rename to 0023-Issue-7224-CI-Test-Simplify-test_reserve_descriptor_.patch index 49e10e0..d3cd410 100644 --- a/0007-Issue-7224-CI-Test-Simplify-test_reserve_descriptor_.patch +++ b/0023-Issue-7224-CI-Test-Simplify-test_reserve_descriptor_.patch @@ -1,4 +1,4 @@ -From 8c7de629b83fe12a36cabe89e2b19124dcd6c937 Mon Sep 17 00:00:00 2001 +From 524cae18721234e1bc8d958c89684008d62e6b30 Mon Sep 17 00:00:00 2001 From: James Chapman Date: Thu, 5 Feb 2026 15:33:08 +0000 Subject: [PATCH] Issue 7224 - CI Test - Simplify diff --git a/0024-Issue-7231-Sync-repl-tests-fail-in-FIPS-mode-due-to-.patch b/0024-Issue-7231-Sync-repl-tests-fail-in-FIPS-mode-due-to-.patch new file mode 100644 index 0000000..3f6ae94 --- /dev/null +++ b/0024-Issue-7231-Sync-repl-tests-fail-in-FIPS-mode-due-to-.patch @@ -0,0 +1,92 @@ +From 91e03f431d8ee0b1d316ebd7add232bf49360db2 Mon Sep 17 00:00:00 2001 +From: James Chapman +Date: Thu, 12 Feb 2026 10:42:09 +0000 +Subject: [PATCH] Issue 7231 - Sync repl tests fail in FIPS mode due to non + FIPS compliant crypto (#7232) + +Description: +Several sync_repl tests fail when running on a FIPS enabled system. The failures +are caused by the sync repl client (Sync_persist), using TLS options and ciphers +that are not FIPS compatible. + +Fix: +Update the sync repl client to use FIPS approved TLS version. + +Fixes: https://github.com/389ds/389-ds-base/issues/7231 + +Reviewed by: @progier389, @droideck (Thank you) +--- + .../tests/suites/syncrepl_plugin/basic_test.py | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py +index c22331eb5..1e9a530bb 100644 +--- a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py ++++ b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py +@@ -20,7 +20,7 @@ from lib389.idm.group import Groups + from lib389.topologies import topology_st as topology + from lib389.topologies import topology_m2 as topo_m2 + from lib389.paths import Paths +-from lib389.utils import ds_is_older ++from lib389.utils import ds_is_older, is_fips + from lib389.plugins import RetroChangelogPlugin, ContentSyncPlugin, AutoMembershipPlugin, MemberOfPlugin, MemberOfSharedConfig, AutoMembershipDefinitions, MEPTemplates, MEPConfigs, ManagedEntriesPlugin, MEPTemplate + from lib389._constants import * + +@@ -214,6 +214,12 @@ class Sync_persist(threading.Thread, ReconnectLDAPObject, SyncreplConsumer): + def run(self): + """Start a sync repl client""" + ldap_connection = TestSyncer(self.inst.toLDAPURL()) ++ ldap_connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) ++ ldap_connection.set_option(ldap.OPT_X_TLS_CACERTFILE, os.path.join(self.inst.get_config_dir(), "ca.crt")) ++ if is_fips(): ++ ldap_connection.set_option(ldap.OPT_X_TLS_PROTOCOL_MIN, ldap.OPT_X_TLS_PROTOCOL_TLS1_2) ++ ldap_connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0) ++ + ldap_connection.simple_bind_s('cn=directory manager', 'password') + ldap_search = ldap_connection.syncrepl_search( + "dc=example,dc=com", +@@ -253,6 +259,7 @@ def test_sync_repl_mep(topology, request): + 5. Success + """ + inst = topology[0] ++ inst.enable_tls() + + # Enable/configure retroCL + plugin = RetroChangelogPlugin(inst) +@@ -338,6 +345,7 @@ def test_sync_repl_cookie(topology, init_sync_repl_plugins, request): + 5.: succeeds + """ + inst = topology[0] ++ inst.enable_tls() + + # create a sync repl client and wait 5 seconds to be sure it is running + sync_repl = Sync_persist(inst) +@@ -404,6 +412,8 @@ def test_sync_repl_cookie_add_del(topology, init_sync_repl_plugins, request): + 6.: succeeds + """ + inst = topology[0] ++ inst.enable_tls() ++ + # create a sync repl client and wait 5 seconds to be sure it is running + sync_repl = Sync_persist(inst) + sync_repl.start() +@@ -547,6 +557,7 @@ def test_sync_repl_cenotaph(topo_m2, request): + 5. Should succeeds + """ + m1 = topo_m2.ms["supplier1"] ++ m1.enable_tls() + # Enable/configure retroCL + plugin = RetroChangelogPlugin(m1) + plugin.disable() +@@ -605,7 +616,7 @@ def test_sync_repl_dynamic_plugin(topology, request): + 3. Should succeeds + 4. Should succeeds + """ +- ++ topology.standalone.enable_tls() + # Reset the instance in a default config + # Disable content sync plugin + topology.standalone.plugins.disable(name=PLUGIN_REPL_SYNC) +-- +2.52.0 + diff --git a/0025-Issue-7248-CLI-attribute-uniqueness-fix-usage-for-ex.patch b/0025-Issue-7248-CLI-attribute-uniqueness-fix-usage-for-ex.patch new file mode 100644 index 0000000..35619dd --- /dev/null +++ b/0025-Issue-7248-CLI-attribute-uniqueness-fix-usage-for-ex.patch @@ -0,0 +1,33 @@ +From bd57467f6efd8e398eb2e608331711bdd571d3ac Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Thu, 12 Feb 2026 09:58:54 -0500 +Subject: [PATCH] Issue 7248 - CLI - attribute uniqueness - fix usage for + exclude subtree option + +Description: + +Fix typo in usage message for the exclude subtree option + +relates: https://github.com/389ds/389-ds-base/issues/7248 + +Reviewed by: progier (Thanks!) +--- + src/lib389/lib389/cli_conf/plugins/attruniq.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib389/lib389/cli_conf/plugins/attruniq.py b/src/lib389/lib389/cli_conf/plugins/attruniq.py +index bc925eb1c..26ca5d819 100644 +--- a/src/lib389/lib389/cli_conf/plugins/attruniq.py ++++ b/src/lib389/lib389/cli_conf/plugins/attruniq.py +@@ -127,7 +127,7 @@ def _add_parser_args(parser): + help='Sets the DN under which the plug-in checks for uniqueness of ' + 'the attributes value. This attribute is multi-valued (uniqueness-subtrees)') + parser.add_argument('--exclude-subtree', nargs='+', +- help='Sets subtrees that should not excludedfrom attribute uniqueness. ' ++ help='Sets subtrees that should be excluded from attribute uniqueness checks. ' + 'This attribute is multi-valued (uniqueness-exclude-subtrees)') + parser.add_argument('--across-all-subtrees', choices=['on', 'off'], type=str.lower, + help='If enabled (on), the plug-in checks that the attribute is unique across all subtrees ' +-- +2.52.0 + diff --git a/0026-Issue-CLI-dsctl-db2index-needs-some-hardening-with-M.patch b/0026-Issue-CLI-dsctl-db2index-needs-some-hardening-with-M.patch new file mode 100644 index 0000000..9e5ff53 --- /dev/null +++ b/0026-Issue-CLI-dsctl-db2index-needs-some-hardening-with-M.patch @@ -0,0 +1,201 @@ +From 180329d9ca672306f8e90d599890be3a6a8aa95c Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Thu, 12 Feb 2026 11:13:45 -0500 +Subject: [PATCH] Issue - CLI - dsctl db2index needs some hardening with MBD + +Description: + +The usage for dsctl db2index was confusing. The way the attr options and +backend name were displayed it looks like the backend name could come after +the attributes, but instead the backend name was treated as an attribute. + +Instead make the backend name required, and change the attribute naming to +require individual options instead of a list of values. + +Relates: https://github.com/389ds/389-ds-base/issues/7250 + +Reviewed by: progier(Thanks!) +--- + .../tests/suites/import/import_test.py | 2 +- + src/lib389/lib389/__init__.py | 40 ++++++------------- + src/lib389/lib389/cli_ctl/dbtasks.py | 37 +++++++---------- + 3 files changed, 27 insertions(+), 52 deletions(-) + +diff --git a/dirsrvtests/tests/suites/import/import_test.py b/dirsrvtests/tests/suites/import/import_test.py +index 18caec633..058a4b3c7 100644 +--- a/dirsrvtests/tests/suites/import/import_test.py ++++ b/dirsrvtests/tests/suites/import/import_test.py +@@ -512,7 +512,7 @@ def test_entry_with_escaped_characters_fails_to_import_and_index(topo, _import_c + count += 1 + # Now re-index the database + topo.standalone.stop() +- topo.standalone.db2index() ++ topo.standalone.db2index(bename="userroot") + topo.standalone.start() + # Should not return error. + assert not topo.standalone.searchErrorsLog('error') +diff --git a/src/lib389/lib389/__init__.py b/src/lib389/lib389/__init__.py +index 39a2852e5..ec47987be 100644 +--- a/src/lib389/lib389/__init__.py ++++ b/src/lib389/lib389/__init__.py +@@ -2985,7 +2985,7 @@ class DirSrv(SimpleLDAPObject, object): + + return True + +- def db2index(self, bename=None, suffixes=None, attrs=None, vlvTag=None): ++ def db2index(self, bename, suffixes=None, attrs=None, vlvTag=None): + """ + @param bename - The backend name to reindex + @param suffixes - List/tuple of suffixes to reindex, currently unused +@@ -2998,34 +2998,18 @@ class DirSrv(SimpleLDAPObject, object): + if self.status(): + self.log.error("db2index: Can not operate while directory server is running") + return False +- cmd = [prog, ] +- # No backend specified, do an upgrade on all backends +- # Backend and no attrs specified, reindex with all backend indexes +- # Backend and attr/s specified, reindex backend with attr/s +- if bename: +- cmd.append('db2index') +- cmd.append('-n') +- cmd.append(bename) +- if attrs: +- for attr in attrs: +- cmd.append('-t') +- cmd.append(attr) +- else: +- dse_ldif = DSEldif(self) +- indexes = dse_ldif.get_indexes(bename) +- if indexes: +- for idx in indexes: +- cmd.append('-t') +- cmd.append(idx) ++ cmd = [prog, 'db2index', '-n', bename, '-D', self.get_config_dir()] ++ if attrs: ++ for attr in attrs: ++ cmd.append('-t') ++ cmd.append(attr) + else: +- cmd.append('upgradedb') +- cmd.append('-a') +- now = datetime.now().isoformat() +- cmd.append(os.path.join(self.get_bak_dir(), 'reindex_%s' % now)) +- cmd.append('-f') +- +- cmd.append('-D') +- cmd.append(self.get_config_dir()) ++ dse_ldif = DSEldif(self) ++ indexes = dse_ldif.get_indexes(bename) ++ if indexes: ++ for idx in indexes: ++ cmd.append('-t') ++ cmd.append(idx) + + try: + result = subprocess.check_output(cmd, encoding='utf-8') +diff --git a/src/lib389/lib389/cli_ctl/dbtasks.py b/src/lib389/lib389/cli_ctl/dbtasks.py +index 16da966d1..cd96cdaf7 100644 +--- a/src/lib389/lib389/cli_ctl/dbtasks.py ++++ b/src/lib389/lib389/cli_ctl/dbtasks.py +@@ -26,32 +26,18 @@ class IndexOrdering(Enum): + + + def dbtasks_db2index(inst, log, args): +- rtn = False +- if not args.backend: +- if not inst.db2index(): +- rtn = False +- else: +- rtn = True +- elif args.backend and not args.attr: +- if not inst.db2index(bename=args.backend): +- rtn = False +- else: +- rtn = True ++ inst.log = log ++ if not inst.db2index(bename=args.backend, attrs=args.attr): ++ log.fatal("db2index failed") ++ return False + else: +- if not inst.db2index(bename=args.backend, attrs=args.attr): +- rtn = False +- else: +- rtn = True +- if rtn: + log.info("db2index successful") +- return rtn +- else: +- log.fatal("db2index failed") +- return rtn ++ return True + + + def dbtasks_db2bak(inst, log, args): + # Needs an output name? ++ inst.log = log + if not inst.db2bak(args.archive): + log.fatal("db2bak failed") + return False +@@ -61,6 +47,7 @@ def dbtasks_db2bak(inst, log, args): + + def dbtasks_bak2db(inst, log, args): + # Needs the archive to restore. ++ inst.log = log + if not inst.bak2db(args.archive): + log.fatal("bak2db failed") + return False +@@ -70,6 +57,7 @@ def dbtasks_bak2db(inst, log, args): + + def dbtasks_db2ldif(inst, log, args): + # If export filename is provided, check if file path exists ++ inst.log = log + if args.ldif: + path = Path(args.ldif) + parent = path.parent.absolute() +@@ -88,6 +76,7 @@ def dbtasks_db2ldif(inst, log, args): + + def dbtasks_ldif2db(inst, log, args): + # Check if ldif file exists ++ inst.log = log + if not os.path.exists(args.ldif): + raise ValueError("The LDIF file does not exist: " + args.ldif) + +@@ -103,6 +92,7 @@ def dbtasks_ldif2db(inst, log, args): + + + def dbtasks_backups(inst, log, args): ++ inst.log = log + if args.delete: + # Delete backup + inst.del_backup(args.delete[0]) +@@ -117,6 +107,7 @@ def dbtasks_backups(inst, log, args): + + + def dbtasks_ldifs(inst, log, args): ++ inst.log = log + if args.delete: + # Delete LDIF file + inst.del_ldif(args.delete[0]) +@@ -131,6 +122,7 @@ def dbtasks_ldifs(inst, log, args): + + + def dbtasks_verify(inst, log, args): ++ inst.log = log + if not inst.dbverify(bename=args.backend): + log.fatal("dbverify failed") + return False +@@ -521,9 +513,8 @@ def dbtasks_index_check(inst, log, args): + + def create_parser(subcommands): + db2index_parser = subcommands.add_parser('db2index', help="Initialise a reindex of the server database. The server must be stopped for this to proceed.", formatter_class=CustomHelpFormatter) +- # db2index_parser.add_argument('suffix', help="The suffix to reindex. IE dc=example,dc=com.") +- db2index_parser.add_argument('backend', nargs="?", help="The backend to reindex. IE userRoot", default=False) +- db2index_parser.add_argument('--attr', nargs="*", help="The attribute's to reindex. IE --attr aci cn givenname", default=False) ++ db2index_parser.add_argument('backend', help="The backend to reindex. IE userRoot") ++ db2index_parser.add_argument('--attr', action='append', help="An attribute to reindex. IE: --attr member --attr cn ...") + db2index_parser.set_defaults(func=dbtasks_db2index) + + db2bak_parser = subcommands.add_parser('db2bak', help="Initialise a BDB backup of the database. The server must be stopped for this to proceed.", formatter_class=CustomHelpFormatter) +-- +2.52.0 + diff --git a/0027-Issue-7184-2nd-argparse.HelpFormatter-_format_action.patch b/0027-Issue-7184-2nd-argparse.HelpFormatter-_format_action.patch new file mode 100644 index 0000000..0886182 --- /dev/null +++ b/0027-Issue-7184-2nd-argparse.HelpFormatter-_format_action.patch @@ -0,0 +1,41 @@ +From c831a7af2afb7cfd2eb958476a7a8d421ac5d339 Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Fri, 13 Feb 2026 15:38:52 +0100 +Subject: [PATCH] Issue 7184 - (2nd) argparse.HelpFormatter + _format_actions_usage() is deprecated (#7257) + +Description: +`_format_actions_usage()` was also removed in Python 3.14.3. +Replace version check with `isinstance()` to handle the return type of +`_get_actions_usage_parts()` more robustly across Python versions. + +Relates: https://github.com/389ds/389-ds-base/issues/7184 +Fixes: https://github.com/389ds/389-ds-base/issues/7253 + +Reviewed by: @progier389 (Thanks!) +--- + src/lib389/lib389/cli_base/__init__.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lib389/lib389/cli_base/__init__.py b/src/lib389/lib389/cli_base/__init__.py +index f1055aadc..3af8a46e6 100644 +--- a/src/lib389/lib389/cli_base/__init__.py ++++ b/src/lib389/lib389/cli_base/__init__.py +@@ -420,11 +420,11 @@ class CustomHelpFormatter(argparse.HelpFormatter): + else: + # Use _get_actions_usage_parts() for Python 3.13 and later + action_parts = self._get_actions_usage_parts(parent_arguments, []) +- if sys.version_info >= (3, 15): +- # Python 3.15 returns a tuple (list of actions, count of actions) ++ if isinstance(action_parts, tuple): ++ # Python 3.14.3+ and 3.15+ return a tuple (list of actions, count of actions) + formatted_options = ' '.join(action_parts[0]) + else: +- # Python 3.13 and 3.14 return a list of actions ++ # Earlier versions return a list of actions + formatted_options = ' '.join(action_parts) + + # If formatted_options already in usage - remove them +-- +2.52.0 + diff --git a/0028-Issue-7213-2nd-MDB_BAD_VALSIZE-error-while-handling-.patch b/0028-Issue-7213-2nd-MDB_BAD_VALSIZE-error-while-handling-.patch new file mode 100644 index 0000000..d016d69 --- /dev/null +++ b/0028-Issue-7213-2nd-MDB_BAD_VALSIZE-error-while-handling-.patch @@ -0,0 +1,32 @@ +From a7f8eb79dde03ac771de2335a2acb4aed48483a2 Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Fri, 13 Feb 2026 16:27:25 +0100 +Subject: [PATCH] Issue 7213 - (2nd) MDB_BAD_VALSIZE error while handling VLV + (#7258) + +Decription: +Disable test_vlv_long_attribute_value on BDB as it hangs sometimes in +CI, blocking other pipelines. + +Relates: https://github.com/389ds/389-ds-base/issues/7213 + +Reviewed by: @progier389 (Thanks!) +--- + dirsrvtests/tests/suites/vlv/regression_test.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/dirsrvtests/tests/suites/vlv/regression_test.py b/dirsrvtests/tests/suites/vlv/regression_test.py +index 1cc03c303..94001af62 100644 +--- a/dirsrvtests/tests/suites/vlv/regression_test.py ++++ b/dirsrvtests/tests/suites/vlv/regression_test.py +@@ -1178,6 +1178,7 @@ def test_vlv_with_mr(vlv_setup_with_uid_mr): + + + ++@pytest.mark.skipif(get_default_db_lib() == "bdb", reason="Hangs on BDB") + def test_vlv_long_attribute_value(topology_st, request): + """ + Test VLV with an entry containing a very long attribute value (2K). +-- +2.52.0 + diff --git a/0029-Issue-7223-Use-lexicographical-order-for-ancestorid-.patch b/0029-Issue-7223-Use-lexicographical-order-for-ancestorid-.patch new file mode 100644 index 0000000..d57c972 --- /dev/null +++ b/0029-Issue-7223-Use-lexicographical-order-for-ancestorid-.patch @@ -0,0 +1,34 @@ +From 75b1213dfb94495160a735c2688cee03d6be5a9a Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Fri, 13 Feb 2026 16:58:24 +0100 +Subject: [PATCH] Issue 7223 - Use lexicographical order for ancestorid (#7256) + +Description: +`ldbm_instance_create_default_indexes()` configured ancestorid with +integerOrderingMatch in the in-memory attrinfo, but ancestorid on disk +might be using lexicographic ordering (data before the upgrade or after +ldif2db import). + +Relates: https://github.com/389ds/389-ds-base/issues/7223 + +Reviewed by: @tbordaz (Thanks!) +--- + ldap/servers/slapd/back-ldbm/instance.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/back-ldbm/instance.c b/ldap/servers/slapd/back-ldbm/instance.c +index 3fcdb5554..563cf96db 100644 +--- a/ldap/servers/slapd/back-ldbm/instance.c ++++ b/ldap/servers/slapd/back-ldbm/instance.c +@@ -239,7 +239,7 @@ ldbm_instance_create_default_indexes(backend *be) + * ancestorid is special, there is actually no such attr type + * but we still want to use the attr index file APIs. + */ +- e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, "integerOrderingMatch"); ++ e = ldbm_instance_init_config_entry(LDBM_ANCESTORID_STR, "eq", 0, 0, 0, 0); + attr_index_config(be, "ldbm index init", 0, e, 1, 0, NULL); + slapi_entry_free(e); + } +-- +2.52.0 + diff --git a/0030-Issue-7066-7052-allow-password-history-to-be-set-to-.patch b/0030-Issue-7066-7052-allow-password-history-to-be-set-to-.patch new file mode 100644 index 0000000..ccab1a6 --- /dev/null +++ b/0030-Issue-7066-7052-allow-password-history-to-be-set-to-.patch @@ -0,0 +1,89 @@ +From 7809104b9edb2d05ceee7ca819152f365cc1beb0 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 11 Feb 2026 15:51:47 -0500 +Subject: [PATCH] Issue 7066/7052 - allow password history to be set to zero + and remove history + +Description: + +For local password policies the server was incorrectly rejecting updates that +set the value to zero. When password history is set to zero the old passwords +in the entry history are not cleaned as expected. + +relates: https://github.com/389ds/389-ds-base/issues/7052 +relates: https://github.com/389ds/389-ds-base/issues/7066 + +Reviewed by: progier(Thanks!) +--- + .../tests/suites/password/pwp_history_test.py | 9 ++++++--- + ldap/servers/slapd/modify.c | 2 +- + ldap/servers/slapd/pw.c | 13 ++++++++++++- + 3 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/dirsrvtests/tests/suites/password/pwp_history_test.py b/dirsrvtests/tests/suites/password/pwp_history_test.py +index 8a15a1986..387824bc5 100644 +--- a/dirsrvtests/tests/suites/password/pwp_history_test.py ++++ b/dirsrvtests/tests/suites/password/pwp_history_test.py +@@ -108,8 +108,12 @@ def test_history_is_not_overwritten(topology_st, user): + user.set('userpassword', USER_PWD) + + +-def test_basic(topology_st, user): +- """Test basic password policy history feature functionality ++@pytest.mark.parametrize('policy', ++ [(pytest.param('global')), ++ (pytest.param('subtree')), ++ (pytest.param('user'))]) ++def test_basic(topology_st, user, policy): ++ """Test basic password policy history feature functionality with dynamic count reduction + + :id: 83d74f7d-3036-4944-8839-1b40bbf265ff + :setup: Standalone instance, a test user +@@ -238,7 +242,6 @@ def test_basic(topology_st, user): + + # + # Reset password by Directory Manager(admin reset) +- # + dm = DirectoryManager(topology_st.standalone) + dm.rebind() + time.sleep(.5) +diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c +index b0066faf8..d76427886 100644 +--- a/ldap/servers/slapd/modify.c ++++ b/ldap/servers/slapd/modify.c +@@ -87,7 +87,7 @@ static struct attr_value_check + {CONFIG_PW_WARNING_ATTRIBUTE, check_pw_duration_value, 0, -1}, + {CONFIG_PW_MINLENGTH_ATTRIBUTE, attr_check_minmax, 2, 512}, + {CONFIG_PW_MAXFAILURE_ATTRIBUTE, attr_check_minmax, 1, 32767}, +- {CONFIG_PW_INHISTORY_ATTRIBUTE, attr_check_minmax, 1, 24}, ++ {CONFIG_PW_INHISTORY_ATTRIBUTE, attr_check_minmax, 0, 24}, + {CONFIG_PW_LOCKDURATION_ATTRIBUTE, check_pw_duration_value, -1, -1}, + {CONFIG_PW_RESETFAILURECOUNT_ATTRIBUTE, check_pw_resetfailurecount_value, -1, -1}, + {CONFIG_PW_GRACELIMIT_ATTRIBUTE, attr_check_minmax, 0, -1}, +diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c +index cda1c404f..12cf759ce 100644 +--- a/ldap/servers/slapd/pw.c ++++ b/ldap/servers/slapd/pw.c +@@ -1532,7 +1532,18 @@ update_pw_history(Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw) + pwpolicy = new_passwdPolicy(pb, dn); + + if (pwpolicy->pw_inhistory == 0){ +- /* We are only enforcing the current password, just return */ ++ /* We are only enforcing the current password, just return but first ++ * cleanup any old passwords in the history */ ++ attribute.mod_type = "passwordHistory"; ++ attribute.mod_op = LDAP_MOD_REPLACE; ++ attribute.mod_values = NULL; ++ list_of_mods[0] = &attribute; ++ list_of_mods[1] = NULL; ++ mod_pb = slapi_pblock_new(); ++ slapi_modify_internal_set_pb_ext(mod_pb, sdn, list_of_mods, NULL, NULL, pw_get_componentID(), 0); ++ slapi_modify_internal_pb(mod_pb); ++ slapi_pblock_destroy(mod_pb); ++ + return res; + } + +-- +2.52.0 + diff --git a/0031-Issue-7243-UI-fix-certificate-table-and-modal.patch b/0031-Issue-7243-UI-fix-certificate-table-and-modal.patch new file mode 100644 index 0000000..8420bcd --- /dev/null +++ b/0031-Issue-7243-UI-fix-certificate-table-and-modal.patch @@ -0,0 +1,260 @@ +From 4209ff65310c54b6ab55594984201b1214fb75b2 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Mon, 16 Feb 2026 16:52:52 -0500 +Subject: [PATCH] Issue 7243 - UI - fix certificate table and modal + +Description: + +The certificate table was not handling sorting and pagination correctly, and +the add cert modal was not correctly selecting certs on disk + +This was fixed upstream for the hot cetificate features, but only backporting +the table/modal changes to older branches + +relates: https://github.com/389ds/389-ds-base/issues/7243 + +Reviewed by: spichugi(Thanks!) +--- + .../src/lib/security/securityModals.jsx | 4 +- + .../src/lib/security/securityTables.jsx | 85 ++++++------------- + 2 files changed, 29 insertions(+), 60 deletions(-) + +diff --git a/src/cockpit/389-console/src/lib/security/securityModals.jsx b/src/cockpit/389-console/src/lib/security/securityModals.jsx +index a42aa50d6..c4af753c0 100644 +--- a/src/cockpit/389-console/src/lib/security/securityModals.jsx ++++ b/src/cockpit/389-console/src/lib/security/securityModals.jsx +@@ -298,7 +298,9 @@ export class SecurityAddCertModal extends React.Component { + { ++ handleCertSelect(str); ++ }} + aria-label="FormSelect Input" + className="ds-cert-select" + validated={selectValidated} +diff --git a/src/cockpit/389-console/src/lib/security/securityTables.jsx b/src/cockpit/389-console/src/lib/security/securityTables.jsx +index fce4cb04e..a6c64e6c1 100644 +--- a/src/cockpit/389-console/src/lib/security/securityTables.jsx ++++ b/src/cockpit/389-console/src/lib/security/securityTables.jsx +@@ -4,7 +4,6 @@ import { + Grid, + GridItem, + Pagination, +- PaginationVariant, + SearchInput, + Tooltip, + } from '@patternfly/react-core'; +@@ -94,10 +93,10 @@ class KeyTable extends React.Component { + ]; + + handleSort(_event, index, direction) { +- const sortedRows = [...this.state.rows].sort((a, b) => ++ const sortedRows = [...this.state.rows].sort((a, b) => + (a[index] < b[index] ? -1 : a[index] > b[index] ? 1 : 0) + ); +- ++ + this.setState({ + sortBy: { + index, +@@ -127,7 +126,7 @@ class KeyTable extends React.Component { + > + {_("What is an orphan key?")} + +- + + {columns.map((column, idx) => ( +-
+- + +@@ -224,7 +223,7 @@ class CSRTable extends React.Component { + } + + handleSort(_event, index, direction) { +- const sortedRows = [...this.state.rows].sort((a, b) => ++ const sortedRows = [...this.state.rows].sort((a, b) => + (a[index] < b[index] ? -1 : a[index] > b[index] ? 1 : 0) + ); + this.setState({ +@@ -316,7 +315,7 @@ class CSRTable extends React.Component { + onClear={(evt) => this.handleSearchChange(evt, '')} + /> + } +- + + {columns.map((column, idx) => ( +-
+- + +@@ -418,41 +417,11 @@ class CertTable extends React.Component { + } + + handleSort(_event, columnIndex, direction) { +- const sorted_rows = []; +- const rows = []; +- let count = 0; +- +- // Convert the rows pairings into a sortable array +- for (let idx = 0; idx < this.state.rows.length; idx += 2) { +- sorted_rows.push({ +- expandedRow: this.state.rows[idx + 1], +- 1: this.state.rows[idx].cells[0].content, +- 2: this.state.rows[idx].cells[1].content, +- 3: this.state.rows[idx].cells[2].content, +- issuer: this.state.rows[idx].issuer, +- flags: this.state.rows[idx].flags +- }); +- } ++ const rows = [...this.state.rows]; + +- sorted_rows.sort((a, b) => (a[columnIndex + 1] > b[columnIndex + 1]) ? 1 : -1); ++ rows.sort((a, b) => (a.cells[columnIndex].content > b.cells[columnIndex].content) ? 1 : -1); + if (direction !== SortByDirection.asc) { +- sorted_rows.reverse(); +- } +- +- for (const srow of sorted_rows) { +- rows.push({ +- isOpen: false, +- cells: [ +- { content: srow[1] }, +- { content: srow[2] }, +- { content: srow[3] } +- ], +- issuer: srow.issuer, +- flags: srow.flags, +- }); +- srow.expandedRow.parent = count; +- rows.push(srow.expandedRow); +- count += 2; ++ rows.reverse(); + } + + this.setState({ +@@ -534,18 +503,16 @@ class CertTable extends React.Component { + rows.push( + { + isOpen: false, +- cells: [cert.attrs.nickname, cert.attrs.subject, cert.attrs.expires], ++ cells: [ ++ { content: cert.attrs.nickname }, ++ { content: cert.attrs.subject }, ++ { content: cert.attrs.expires } ++ ], + issuer: cert.attrs.issuer, + flags: cert.attrs.flags, +- +- }, +- { +- parent: count, +- fullWidth: true, +- cells: [{ title: this.getExpandedRow(cert.attrs.issuer, cert.attrs.flags) }] +- }, ++ } + ); +- count += 2; ++ count += 1; + } + + this.setState({ +@@ -587,7 +554,7 @@ class CertTable extends React.Component { + onChange={this.handleSearchChange} + onClear={(evt) => this.handleSearchChange(evt, '')} + />} +- +@@ -626,7 +593,7 @@ class CertTable extends React.Component { + + ))} + +@@ -646,7 +613,7 @@ class CertTable extends React.Component { +
+- +
+ {hasRows && + this.handleSearchChange(evt, '')} + /> +- + + + {this.state.columns.map((column, idx) => ( +-
+- + +-- +2.52.0 + diff --git a/0032-Issue-7223-Remove-integerOrderingMatch-requirement-f.patch b/0032-Issue-7223-Remove-integerOrderingMatch-requirement-f.patch new file mode 100644 index 0000000..39bc237 --- /dev/null +++ b/0032-Issue-7223-Remove-integerOrderingMatch-requirement-f.patch @@ -0,0 +1,538 @@ +From 09b6f770f15ee8d333377b7902e18b78f4f7008c Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Wed, 18 Feb 2026 09:26:57 +0100 +Subject: [PATCH] Issue 7223 - Remove integerOrderingMatch requirement for + parentid (#7264) + +Description: +integerOrderingMatch was introduced as a requirement for parentid and +ancestorid indexes for performance reasons. But after #7096 the order +for parentid doesn't make a lot of difference. + +Fix Description: +* Remove integerOrderingMatch requirement for parentid. +* Read only first 100 keys from dbscan in index ordering check +* Do not run dsctl index-check during RPM upgrade + +Relates: https://github.com/389ds/389-ds-base/pull/7223 + +Reviewed by: @progier389, @tbordaz (Thanks!) +--- + .../healthcheck/health_system_indexes_test.py | 83 ++++---------- + ldap/servers/slapd/upgrade.c | 105 ------------------ + rpm/389-ds-base.spec.in | 3 - + src/lib389/lib389/backend.py | 5 +- + src/lib389/lib389/cli_ctl/dbtasks.py | 99 ++++++++--------- + 5 files changed, 73 insertions(+), 222 deletions(-) + +diff --git a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py +index 3b3651b38..71a9f590a 100644 +--- a/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py ++++ b/dirsrvtests/tests/suites/healthcheck/health_system_indexes_test.py +@@ -180,7 +180,8 @@ def test_missing_parentid(topology_st, log_buffering_enabled): + + + def test_missing_matching_rule(topology_st, log_buffering_enabled): +- """Check if healthcheck returns DSBLE0007 code when parentId index is missing integerOrderingMatch ++ """Check that healthcheck does NOT report DSBLE0007 when parentId index is missing integerOrderingMatch. ++ Both lexicographic and integer orderings are valid for parentid. + + :id: 7ffa71db-8995-430a-bed8-59bce944221c + :setup: Standalone instance +@@ -190,19 +191,14 @@ def test_missing_matching_rule(topology_st, log_buffering_enabled): + 3. Use healthcheck without --json option + 4. Use healthcheck with --json option + 5. Re-add the matching rule +- 6. Use healthcheck without --json option +- 7. Use healthcheck with --json option + :expectedresults: + 1. Success + 2. Success +- 3. healthcheck reports DSBLE0007 code and related details +- 4. healthcheck reports DSBLE0007 code and related details ++ 3. healthcheck reports no issues found ++ 4. healthcheck reports no issues found + 5. Success +- 6. healthcheck reports no issues found +- 7. healthcheck reports no issues found + """ + +- RET_CODE = "DSBLE0007" + PARENTID_DN = "cn=parentid,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" + + standalone = topology_st.standalone +@@ -211,17 +207,14 @@ def test_missing_matching_rule(topology_st, log_buffering_enabled): + parentid_index = Index(standalone, PARENTID_DN) + parentid_index.remove("nsMatchingRule", "integerOrderingMatch") + +- run_healthcheck_and_flush_log(topology_st, standalone, json=False, searched_code=RET_CODE) +- run_healthcheck_and_flush_log(topology_st, standalone, json=True, searched_code=RET_CODE) ++ run_healthcheck_and_flush_log(topology_st, standalone, json=False, searched_code=CMD_OUTPUT) ++ run_healthcheck_and_flush_log(topology_st, standalone, json=True, searched_code=JSON_OUTPUT) + + log.info("Re-add the integerOrderingMatch matching rule") + parentid_index = Index(standalone, PARENTID_DN) + parentid_index.add("nsMatchingRule", "integerOrderingMatch") + standalone.restart() + +- run_healthcheck_and_flush_log(topology_st, standalone, json=False, searched_code=CMD_OUTPUT) +- run_healthcheck_and_flush_log(topology_st, standalone, json=True, searched_code=JSON_OUTPUT) +- + + def test_usn_plugin_missing_entryusn(topology_st, usn_plugin_enabled, log_buffering_enabled): + """Check if healthcheck returns DSBLE0007 code when USN plugin is enabled but entryusn index is missing +@@ -911,7 +904,9 @@ def test_index_check_fixes_ancestorid_config(topology_st): + + + def test_index_check_fixes_missing_matching_rule(topology_st): +- """Check if dsctl index-check --fix adds missing integerOrderingMatch ++ """Check that removing integerOrderingMatch from parentid config is not ++ flagged as an issue when disk ordering cannot be determined. ++ Both lexicographic and integer orderings are valid for parentid. + + :id: 6c1d4e9f-0a3b-4d5c-1e7f-8a9b0c2d3e4f + :setup: Standalone instance +@@ -919,18 +914,14 @@ def test_index_check_fixes_missing_matching_rule(topology_st): + 1. Create DS instance + 2. Stop the server + 3. Remove integerOrderingMatch from parentid index using DSEldif +- 4. Run dsctl index-check (should detect issue) +- 5. Run dsctl index-check --fix +- 6. Verify integerOrderingMatch was added back +- 7. Start the server ++ 4. Run dsctl index-check (should NOT detect issue since disk ordering is unknown) ++ 5. Start the server + :expectedresults: + 1. Success + 2. Success + 3. Success +- 4. index-check returns False and detects missing matching rule +- 5. index-check returns True after fix +- 6. integerOrderingMatch is present +- 7. Success ++ 4. index-check returns True (no issues, disk ordering unknown) ++ 5. Success + """ + from lib389.cli_ctl.dbtasks import dbtasks_index_check + from lib389.dseldif import DSEldif +@@ -964,34 +955,20 @@ def test_index_check_fixes_missing_matching_rule(topology_st): + f"integerOrderingMatch should be removed, but found: {mr}" + log.info("integerOrderingMatch removed from parentid index") + +- log.info("Run index-check without --fix (should detect issue)") ++ log.info("Run index-check (should NOT detect issue - disk ordering unknown)") + args = FakeArgs() + args.backend = "userRoot" + args.fix = False + + result = dbtasks_index_check(standalone, topology_st.logcap.log, args) +- assert result is False, "index-check should detect missing matching rule" +- assert topology_st.logcap.contains("missing integerOrderingMatch") ++ assert result is True, \ ++ "index-check should not flag missing integerOrderingMatch when disk ordering is unknown" ++ assert topology_st.logcap.contains("could not determine disk ordering") + topology_st.logcap.flush() + +- log.info("Run index-check with --fix") +- args.fix = True +- result = dbtasks_index_check(standalone, topology_st.logcap.log, args) +- assert result is True, "index-check --fix should succeed" +- assert topology_st.logcap.contains("integerOrderingMatch") +- topology_st.logcap.flush() +- +- log.info("Verify integerOrderingMatch was added back") +- dse_ldif = DSEldif(standalone) # Reload to get fresh data +- matching_rules = dse_ldif.get(parentid_dn, "nsMatchingRule") +- assert matching_rules is not None, "nsMatchingRule should be present" +- found_int_order = False +- for mr in matching_rules: +- if "integerorderingmatch" in mr.lower(): +- found_int_order = True +- break +- assert found_int_order, f"integerOrderingMatch should be present, got: {matching_rules}" +- log.info("integerOrderingMatch successfully added back") ++ log.info("Restore integerOrderingMatch and start the server") ++ dse_ldif = DSEldif(standalone) ++ dse_ldif.add(parentid_dn, "nsMatchingRule", "integerOrderingMatch") + + log.info("Start the server") + standalone.start() +@@ -1081,7 +1058,7 @@ def test_index_check_fixes_multiple_issues(topology_st): + :steps: + 1. Create DS instance + 2. Stop the server +- 3. Add multiple issues: scanlimit, ancestorid config, missing matching rule ++ 3. Add multiple issues: scanlimit and ancestorid config + 4. Run dsctl index-check (should detect all issues) + 5. Run dsctl index-check --fix + 6. Verify all issues were fixed +@@ -1123,14 +1100,6 @@ def test_index_check_fixes_multiple_issues(topology_st): + ] + dse_ldif.add_entry(ancestorid_entry) + +- log.info("Add issue 3: Remove integerOrderingMatch from parentid") +- dse_ldif = DSEldif(standalone) # Reload +- matching_rules = dse_ldif.get(parentid_dn, "nsMatchingRule") +- if matching_rules: +- for mr in matching_rules: +- if "integerorderingmatch" in mr.lower(): +- dse_ldif.delete(parentid_dn, "nsMatchingRule", mr) +- + log.info("Run index-check without --fix (should detect all issues)") + args = FakeArgs() + args.backend = "userRoot" +@@ -1161,16 +1130,6 @@ def test_index_check_fixes_multiple_issues(topology_st): + cn_value = dse_ldif.get(ancestorid_dn, "cn", single=True) + assert cn_value is None, f"ancestorid config should be removed, got: {cn_value}" + +- # Check matching rule added back +- matching_rules = dse_ldif.get(parentid_dn, "nsMatchingRule") +- found_int_order = False +- if matching_rules: +- for mr in matching_rules: +- if "integerorderingmatch" in mr.lower(): +- found_int_order = True +- break +- assert found_int_order, f"integerOrderingMatch should be present, got: {matching_rules}" +- + log.info("All issues verified as fixed") + + log.info("Run index-check again to confirm all clear") +diff --git a/ldap/servers/slapd/upgrade.c b/ldap/servers/slapd/upgrade.c +index d9156cae9..537c38feb 100644 +--- a/ldap/servers/slapd/upgrade.c ++++ b/ldap/servers/slapd/upgrade.c +@@ -500,107 +500,6 @@ upgrade_remove_ancestorid_index_config(void) + return uresult; + } + +-/* +- * Check if parentid/ancestorid indexes are missing the integerOrderingMatch +- * matching rule. +- * +- * This function logs a warning if we detect this condition, advising +- * the administrator to reindex the affected attributes. +- */ +-static upgrade_status +-upgrade_check_id_index_matching_rule(void) +-{ +- struct slapi_pblock *pb = slapi_pblock_new(); +- Slapi_Entry **backends = NULL; +- const char *be_base_dn = "cn=ldbm database,cn=plugins,cn=config"; +- const char *be_filter = "(objectclass=nsBackendInstance)"; +- const char *attrs_to_check[] = {"parentid", NULL}; +- upgrade_status uresult = UPGRADE_SUCCESS; +- +- /* Search for all backend instances */ +- slapi_search_internal_set_pb( +- pb, be_base_dn, +- LDAP_SCOPE_ONELEVEL, +- be_filter, NULL, 0, NULL, NULL, +- plugin_get_default_component_id(), 0); +- slapi_search_internal_pb(pb); +- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &backends); +- +- if (backends) { +- for (size_t be_idx = 0; backends[be_idx] != NULL; be_idx++) { +- const char *be_dn = slapi_entry_get_dn_const(backends[be_idx]); +- const char *be_name = slapi_entry_attr_get_ref(backends[be_idx], "cn"); +- if (!be_dn || !be_name) { +- continue; +- } +- +- /* Check each attribute that should have integerOrderingMatch */ +- for (size_t attr_idx = 0; attrs_to_check[attr_idx] != NULL; attr_idx++) { +- const char *attr_name = attrs_to_check[attr_idx]; +- struct slapi_pblock *idx_pb = slapi_pblock_new(); +- Slapi_Entry **idx_entries = NULL; +- char *idx_dn = slapi_create_dn_string("cn=%s,cn=index,%s", +- attr_name, be_dn); +- char *idx_filter = "(objectclass=nsIndex)"; +- PRBool has_matching_rule = PR_FALSE; +- +- if (!idx_dn) { +- slapi_pblock_destroy(idx_pb); +- continue; +- } +- +- slapi_search_internal_set_pb( +- idx_pb, idx_dn, +- LDAP_SCOPE_BASE, +- idx_filter, NULL, 0, NULL, NULL, +- plugin_get_default_component_id(), 0); +- slapi_search_internal_pb(idx_pb); +- slapi_pblock_get(idx_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &idx_entries); +- +- if (idx_entries && idx_entries[0]) { +- /* Index exists, check if it has integerOrderingMatch */ +- Slapi_Attr *mr_attr = NULL; +- if (slapi_entry_attr_find(idx_entries[0], "nsMatchingRule", &mr_attr) == 0) { +- Slapi_Value *sval = NULL; +- int idx; +- for (idx = slapi_attr_first_value(mr_attr, &sval); +- idx != -1; +- idx = slapi_attr_next_value(mr_attr, idx, &sval)) { +- const struct berval *bval = slapi_value_get_berval(sval); +- if (bval && bval->bv_val && +- strcasecmp(bval->bv_val, "integerOrderingMatch") == 0) { +- has_matching_rule = PR_TRUE; +- break; +- } +- } +- } +- +- if (!has_matching_rule) { +- /* Index exists but doesn't have integerOrderingMatch, log a warning */ +- slapi_log_err(SLAPI_LOG_ERR, "upgrade_check_id_index_matching_rule", +- "Index '%s' in backend '%s' is missing 'nsMatchingRule: integerOrderingMatch'. " +- "Incorrectly configured system indexes can lead to poor search performance, replication issues, and other operational problems. " +- "To fix this, add the matching rule and reindex: " +- "dsconf backend index set --add-mr integerOrderingMatch --attr %s %s && " +- "dsconf backend index reindex --attr %s %s. " +- "WARNING: Reindexing can be resource-intensive and may impact server performance on a live system. " +- "Consider scheduling reindexing during maintenance windows or periods of low activity.\n", +- attr_name, be_name, attr_name, be_name, attr_name, be_name); +- } +- } +- +- slapi_ch_free_string(&idx_dn); +- slapi_free_search_results_internal(idx_pb); +- slapi_pblock_destroy(idx_pb); +- } +- } +- } +- +- slapi_free_search_results_internal(pb); +- slapi_pblock_destroy(pb); +- +- return uresult; +-} + + upgrade_status + upgrade_server(void) +@@ -637,10 +536,6 @@ upgrade_server(void) + return UPGRADE_FAILURE; + } + +- if (upgrade_check_id_index_matching_rule() != UPGRADE_SUCCESS) { +- return UPGRADE_FAILURE; +- } +- + return UPGRADE_SUCCESS; + } + +diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in +index 0175dfa7c..f78258f6a 100644 +--- a/rpm/389-ds-base.spec.in ++++ b/rpm/389-ds-base.spec.in +@@ -667,9 +667,6 @@ for dir in "$instbase"/slapd-* ; do + else + echo "instance $inst is not running" >> "$output" 2>&1 || : + fi +- # Run index-check on all instances (running or not) +- # This fixes index ordering mismatches from older versions +- dsctl "$inst_name" index-check --fix >> "$output2" 2>&1 || : + ninst=$((ninst + 1)) + done + +diff --git a/src/lib389/lib389/backend.py b/src/lib389/lib389/backend.py +index 1d9be4683..29a1796ac 100644 +--- a/src/lib389/lib389/backend.py ++++ b/src/lib389/lib389/backend.py +@@ -617,9 +617,10 @@ class Backend(DSLdapObject): + # Default system indexes taken from ldap/servers/slapd/back-ldbm/instance.c + # Note: entryrdn and ancestorid are internal system indexes that are not + # exposed in cn=config - they are managed internally by the server. +- # Only parentid has a DSE config entry (for the integerOrderingMatch rule). ++ # parentid works correctly with both lexicographic and integer ordering, ++ # so integerOrderingMatch is not required. + expected_system_indexes = { +- 'parentid': {'types': ['eq'], 'matching_rule': 'integerOrderingMatch'}, ++ 'parentid': {'types': ['eq'], 'matching_rule': None}, + 'objectClass': {'types': ['eq'], 'matching_rule': None}, + 'aci': {'types': ['pres'], 'matching_rule': None}, + 'nscpEntryDN': {'types': ['eq'], 'matching_rule': None}, +diff --git a/src/lib389/lib389/cli_ctl/dbtasks.py b/src/lib389/lib389/cli_ctl/dbtasks.py +index cd96cdaf7..b02de203f 100644 +--- a/src/lib389/lib389/cli_ctl/dbtasks.py ++++ b/src/lib389/lib389/cli_ctl/dbtasks.py +@@ -10,6 +10,7 @@ + import glob + import os + import re ++import signal + import subprocess + from enum import Enum + from lib389._constants import TaskWarning +@@ -263,45 +264,53 @@ def _check_disk_ordering(db_dir, backend, index_name, dbscan_path, is_mdb, log): + if not index_file: + return IndexOrdering.UNKNOWN + ++ # Only read the first 100 lines from dbscan to avoid scanning the ++ # entire index (which can take hours on large databases). + try: +- result = subprocess.run( ++ proc = subprocess.Popen( + [dbscan_path, "-f", index_file], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + universal_newlines=True, +- timeout=60, + ) + +- if result.returncode != 0: +- log.warning(" dbscan returned non-zero exit code for %s", index_file) +- return IndexOrdering.UNKNOWN +- +- # Parse keys from dbscan output + keys = [] +- for line in result.stdout.split("\n"): ++ line_count = 0 ++ assert proc.stdout is not None ++ for line in proc.stdout: ++ line_count += 1 ++ if line_count > 100: ++ break + line = line.strip() + if line.startswith("="): + match = re.match(r"^=(\d+)", line) + if match: + keys.append(int(match.group(1))) + ++ proc.terminate() ++ try: ++ proc.wait(timeout=5) ++ except subprocess.TimeoutExpired: ++ proc.kill() ++ proc.wait() ++ ++ if proc.returncode not in (0, -signal.SIGTERM): ++ log.warning(" dbscan returned non-zero exit code for %s", index_file) ++ return IndexOrdering.UNKNOWN ++ + if len(keys) < 2: + return IndexOrdering.UNKNOWN + + # Check if keys are in integer order by looking for decreasing numeric values + # (which would indicate lexicographic ordering, e.g., "3" < "30" < "4") + prev_id = keys[0] +- for i in range(1, min(len(keys), 100)): +- current_id = keys[i] ++ for current_id in keys[1:]: + if prev_id > current_id: + return IndexOrdering.LEXICOGRAPHIC + prev_id = current_id + + return IndexOrdering.INTEGER + +- except subprocess.TimeoutExpired: +- log.warning(" dbscan timed out for %s", index_file) +- return IndexOrdering.UNKNOWN + except OSError as e: + log.warning(" Error running dbscan: %s", e) + return IndexOrdering.UNKNOWN +@@ -375,8 +384,7 @@ def dbtasks_index_check(inst, log, args): + + # Track all issues found + all_ok = True +- mismatches = [] # (backend, index_name) tuples needing reindex +- missing_matching_rules = [] # (backend, index_name) tuples missing integerOrderingMatch ++ config_fixes = [] # (backend, index_name, action) tuples: action is "add_mr" or "remove_mr" + scan_limits_to_remove = [] # (backend, index_name) tuples with nsIndexIDListScanLimit + ancestorid_configs_to_remove = [] # backend names with ancestorid config entries + remove_ancestorid_from_defaults = False # Flag to remove from cn=default indexes +@@ -409,13 +417,6 @@ def dbtasks_index_check(inst, log, args): + + if disk_ordering == IndexOrdering.UNKNOWN: + log.info(" %s - could not determine disk ordering, skipping", index_name) +- # For parentid, still check if matching rule is missing +- if index_name == "parentid": +- config_has_int_order = _has_integer_ordering_match(dse_ldif, backend, index_name) +- if not config_has_int_order: +- log.warning(" %s - missing integerOrderingMatch in config", index_name) +- missing_matching_rules.append((backend, index_name)) +- all_ok = False + continue + + config_has_int_order = _has_integer_ordering_match(dse_ldif, backend, index_name) +@@ -423,18 +424,15 @@ def dbtasks_index_check(inst, log, args): + log.info(" %s - config: %s, disk: %s", + index_name, config_desc, disk_ordering.value) + +- # For parentid, the desired state is always integer ordering ++ # Both orderings are valid for parentid, but config must match disk. + if index_name == "parentid": +- if not config_has_int_order: +- log.warning(" %s - missing integerOrderingMatch in config", index_name) +- if (backend, index_name) not in missing_matching_rules: +- missing_matching_rules.append((backend, index_name)) ++ if config_has_int_order and disk_ordering == IndexOrdering.LEXICOGRAPHIC: ++ log.warning(" %s - MISMATCH: config has integerOrderingMatch but disk is lexicographic", index_name) ++ config_fixes.append((backend, index_name, "remove_mr")) + all_ok = False +- +- if disk_ordering == IndexOrdering.LEXICOGRAPHIC: +- log.warning(" %s - disk ordering is lexicographic, needs reindex", index_name) +- if (backend, index_name) not in mismatches: +- mismatches.append((backend, index_name)) ++ elif not config_has_int_order and disk_ordering == IndexOrdering.INTEGER: ++ log.warning(" %s - MISMATCH: config is lexicographic but disk has integer ordering", index_name) ++ config_fixes.append((backend, index_name, "add_mr")) + all_ok = False + + # Handle issues +@@ -480,26 +478,27 @@ def dbtasks_index_check(inst, log, args): + log.error(" Failed to remove ancestorid config from backend %s: %s", backend, e) + return False + +- # Add missing matching rules to dse.ldif +- for backend, index_name in missing_matching_rules: ++ # Fix config-vs-disk ordering mismatches by adjusting config to match disk ++ for backend, index_name, action in config_fixes: + index_dn = "cn={},cn=index,cn={},cn=ldbm database,cn=plugins,cn=config".format( + index_name, backend + ) +- log.info(" Adding integerOrderingMatch to %s in backend %s...", index_name, backend) +- try: +- dse_ldif.add(index_dn, "nsMatchingRule", "integerOrderingMatch") +- log.info(" Updated dse.ldif with integerOrderingMatch for %s", index_name) +- except Exception as e: +- log.error(" Failed to update dse.ldif for %s: %s", index_name, e) +- return False +- +- # Reindex indexes with disk ordering issues +- for backend, index_name in mismatches: +- log.info(" Reindexing %s in backend %s...", index_name, backend) +- if not inst.db2index(bename=backend, attrs=[index_name]): +- log.error(" Failed to reindex %s", index_name) +- return False +- log.info(" Reindex of %s completed successfully", index_name) ++ if action == "add_mr": ++ log.info(" Adding integerOrderingMatch to %s in backend %s...", index_name, backend) ++ try: ++ dse_ldif.add(index_dn, "nsMatchingRule", "integerOrderingMatch") ++ log.info(" Updated dse.ldif with integerOrderingMatch for %s", index_name) ++ except Exception as e: ++ log.error(" Failed to update dse.ldif for %s: %s", index_name, e) ++ return False ++ elif action == "remove_mr": ++ log.info(" Removing integerOrderingMatch from %s in backend %s...", index_name, backend) ++ try: ++ dse_ldif.delete(index_dn, "nsMatchingRule", "integerOrderingMatch") ++ log.info(" Removed integerOrderingMatch from %s", index_name) ++ except Exception as e: ++ log.error(" Failed to remove integerOrderingMatch from %s: %s", index_name, e) ++ return False + + log.info("All issues fixed") + return True +@@ -563,5 +562,5 @@ def create_parser(subcommands): + index_check_parser.add_argument('backend', nargs='?', default=None, + help="Backend to check. If not specified, all backends are checked.") + index_check_parser.add_argument('--fix', action='store_true', default=False, +- help="Fix mismatches by reindexing affected indexes") ++ help="Fix mismatches by adjusting config to match on-disk data") + index_check_parser.set_defaults(func=dbtasks_index_check) +-- +2.52.0 + diff --git a/0033-Issue-7053-Remove-memberof_del_dn_from_groups-from-M.patch b/0033-Issue-7053-Remove-memberof_del_dn_from_groups-from-M.patch new file mode 100644 index 0000000..adbc1fb --- /dev/null +++ b/0033-Issue-7053-Remove-memberof_del_dn_from_groups-from-M.patch @@ -0,0 +1,202 @@ +From 31bef3852f7064c73f66974d7c41262d2a724eab Mon Sep 17 00:00:00 2001 +From: Alex Kulberg +Date: Tue, 9 Dec 2025 17:11:56 +0300 +Subject: [PATCH] Issue 7053 - Remove memberof_del_dn_from_groups from MemberOf + plugin (#7064) + +Bug Description: + +The member plugin creates redundant changes to the member attribute +in groups when deleting a user, although the referential integrity +of the member attribute should be controlled by the Referential Integrity plugin. +Furthermore, memberof doesn't take replication of operations into account +and performs the change on every server instance in the topology. + +Fix Description: + +Remove the `memberof_del_dn_from_groups` function from the MemberOf plugin, +completely transferring responsibility for deleting users from groups +to the Referential Integrity plugin. + +Relates: https://github.com/389ds/389-ds-base/issues/7053 + +Reviewed by: @tbordaz +--- + .../memberof_include_scopes_test.py | 13 ++- + ldap/servers/plugins/memberof/memberof.c | 79 ------------------- + 2 files changed, 9 insertions(+), 83 deletions(-) + +diff --git a/dirsrvtests/tests/suites/memberof_plugin/memberof_include_scopes_test.py b/dirsrvtests/tests/suites/memberof_plugin/memberof_include_scopes_test.py +index e1d3b0a96..347eb880f 100644 +--- a/dirsrvtests/tests/suites/memberof_plugin/memberof_include_scopes_test.py ++++ b/dirsrvtests/tests/suites/memberof_plugin/memberof_include_scopes_test.py +@@ -13,7 +13,7 @@ import time + from lib389.utils import ensure_str + from lib389.topologies import topology_st as topo + from lib389._constants import * +-from lib389.plugins import MemberOfPlugin ++from lib389.plugins import MemberOfPlugin, ReferentialIntegrityPlugin + from lib389.idm.user import UserAccount, UserAccounts + from lib389.idm.group import Group, Groups + from lib389.idm.nscontainer import nsContainers +@@ -77,6 +77,13 @@ def test_multiple_scopes(topo): + + inst = topo.standalone + ++ EXCLUDED_SUBTREE = 'cn=exclude,%s' % SUFFIX ++ # enable Referential Integrity plugin ++ # to correctly process the 'member' attribute ++ refint = ReferentialIntegrityPlugin(inst) ++ refint.add_excludescope(EXCLUDED_SUBTREE) ++ refint.enable() ++ + # configure plugin + memberof = MemberOfPlugin(inst) + memberof.enable() +@@ -106,7 +113,6 @@ def test_multiple_scopes(topo): + check_membership(inst, f'uid=test_m3,{SUBTREE_3}', f'cn=g3,{SUBTREE_3}', False) + + # Set exclude scope +- EXCLUDED_SUBTREE = 'cn=exclude,%s' % SUFFIX + EXCLUDED_USER = f"uid=test_m1,{EXCLUDED_SUBTREE}" + INCLUDED_USER = f"uid=test_m1,{SUBTREE_1}" + GROUP_DN = f'cn=g1,{SUBTREE_1}' +@@ -122,9 +128,8 @@ def test_multiple_scopes(topo): + # Check memberOf and group are cleaned up + check_membership(inst, EXCLUDED_USER, GROUP_DN, False) + group = Group(topo.standalone, dn=GROUP_DN) +- assert not group.present("member", EXCLUDED_USER) + assert not group.present("member", INCLUDED_USER) +- ++ assert not group.present("member", EXCLUDED_USER) + + if __name__ == '__main__': + # Run isolated +diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c +index c4b5afee7..5de2e9e72 100644 +--- a/ldap/servers/plugins/memberof/memberof.c ++++ b/ldap/servers/plugins/memberof/memberof.c +@@ -151,7 +151,6 @@ static void memberof_set_plugin_id(void *plugin_id); + static int memberof_compare(MemberOfConfig *config, const void *a, const void *b); + static int memberof_qsort_compare(const void *a, const void *b); + static void memberof_load_array(Slapi_Value **array, Slapi_Attr *attr); +-static int memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_Entry *e, Slapi_DN *sdn); + static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_DN *sdn, MemberOfConfig *config, char **types, plugin_search_entry_callback callback, void *callback_data, int *cached, PRBool use_grp_cache); + static int memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn, Slapi_Value *memberdn); + static int memberof_is_grouping_attr(char *type, MemberOfConfig *config); +@@ -540,21 +539,6 @@ deferred_modrdn_func(MemberofDeferredModrdnTask *task) + * attributes to refer to the new name. */ + if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) { + if (!memberof_entry_in_scope(&configCopy, &post_entry_info)) { +- /* +- * After modrdn the group contains both the pre and post DN's as +- * members, so we need to cleanup both in this case. +- */ +- if ((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_e, pre_sdn))) { +- slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, +- "deferred_modrdn_func - Delete dn failed for preop entry(%s), error (%d)\n", +- slapi_sdn_get_dn(pre_sdn), ret); +- } +- if ((ret = memberof_del_dn_from_groups(pb, &configCopy, post_e, post_sdn))) { +- slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, +- "deferred_modrdn_func - Delete dn failed for postop entry(%s), error (%d)\n", +- slapi_sdn_get_dn(post_sdn), ret); +- } +- + if (ret == LDAP_SUCCESS && pre_e && configCopy.group_filter && + 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) + { +@@ -638,16 +622,6 @@ deferred_del_func(MemberofDeferredDelTask *task) + free_configCopy = PR_TRUE; + memberof_unlock_config(); + +- /* remove this DN from the +- * membership lists of groups +- */ +- if ((ret = memberof_del_dn_from_groups(pb, &configCopy, e, sdn))) { +- slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, +- "deferred_del_func - Error deleting dn (%s) from group. Error (%d)\n", +- slapi_sdn_get_dn(sdn), ret); +- goto bail; +- } +- + /* is the entry of interest as a group? */ + if (e && configCopy.group_filter && 0 == slapi_filter_test_simple(e, configCopy.group_filter)) { + Slapi_Attr *attr = 0; +@@ -1456,16 +1430,6 @@ memberof_postop_del(Slapi_PBlock *pb) + memberof_copy_config(&configCopy, memberof_get_config()); + memberof_unlock_config(); + +- /* remove this DN from the +- * membership lists of groups +- */ +- if ((ret = memberof_del_dn_from_groups(pb, &configCopy, e, sdn))) { +- slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, +- "memberof_postop_del - Error deleting dn (%s) from group. Error (%d)\n", +- slapi_sdn_get_dn(sdn), ret); +- goto bail; +- } +- + /* is the entry of interest as a group? */ + if (e && configCopy.group_filter && 0 == slapi_filter_test_simple(e, configCopy.group_filter)) { + Slapi_Attr *attr = 0; +@@ -1496,34 +1460,6 @@ done: + } + + +-/* Deletes a member dn from all groups that refer to it. */ +-static int +-memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_Entry *e, Slapi_DN *sdn) +-{ +- char *groupattrs[2] = {0, 0}; +- int rc = LDAP_SUCCESS; +- int cached = 0; +- +- /* Loop through each grouping attribute to find groups that have +- * dn as a member. For any matches, delete the dn value from the +- * same grouping attribute. */ +- for (size_t i = 0; config->groupattrs && config->groupattrs[i] && rc == LDAP_SUCCESS; i++) { +- memberof_del_dn_data data = {(char *)slapi_sdn_get_dn(sdn), +- config->groupattrs[i], config}; +- +- groupattrs[0] = config->groupattrs[i]; +- +- slapi_log_err(SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM, +- "memberof_del_dn_from_groups: Ancestors of %s attr: %s\n", +- slapi_sdn_get_dn(sdn), +- groupattrs[0]); +- rc = memberof_call_foreach_dn(pb, e, sdn, config, groupattrs, +- memberof_del_dn_type_callback, &data, &cached, PR_FALSE); +- } +- +- return rc; +-} +- + int + memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data) + { +@@ -1904,21 +1840,6 @@ memberof_postop_modrdn(Slapi_PBlock *pb) + * attributes to refer to the new name. */ + if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) { + if (!memberof_entry_in_scope(&configCopy, &post_entry_info)) { +- /* +- * After modrdn the group contains both the pre and post DN's as +- * members, so we need to cleanup both in this case. +- */ +- if ((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_e, pre_sdn))) { +- slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, +- "memberof_postop_modrdn - Delete dn failed for preop entry(%s), error (%d)\n", +- slapi_sdn_get_dn(pre_sdn), ret); +- } +- if ((ret = memberof_del_dn_from_groups(pb, &configCopy, post_e, post_sdn))) { +- slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, +- "memberof_postop_modrdn - Delete dn failed for postop entry(%s), error (%d)\n", +- slapi_sdn_get_dn(post_sdn), ret); +- } +- + if (ret == LDAP_SUCCESS && pre_e && configCopy.group_filter && + 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) { + /* is the entry of interest as a group? */ +-- +2.52.0 + diff --git a/389-ds-base.spec b/389-ds-base.spec index bbdfe78..fd4d47e 100644 --- a/389-ds-base.spec +++ b/389-ds-base.spec @@ -47,7 +47,7 @@ ExcludeArch: i686 Summary: 389 Directory Server (base) Name: 389-ds-base Version: 2.8.0 -Release: 3%{?dist} +Release: 4%{?dist} License: GPL-3.0-or-later WITH GPL-3.0-389-ds-base-exception AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR LGPL-2.1-or-later OR MIT) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-3.0 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0 AND Zlib URL: https://www.port389.org Conflicts: selinux-policy-base < 3.9.8 @@ -471,20 +471,34 @@ Patch: 0002-Issue-7096-During-replication-online-total-init-the-.patc Patch: 0003-Issue-Revise-paged-result-search-locking.patch Patch: 0004-Issue-7172-Index-ordering-mismatch-after-upgrade-717.patch Patch: 0005-Issue-7172-2nd-Index-ordering-mismatch-after-upgrade.patch -Patch: 0006-Issue-7166-db_config_set-asserts-because-of-dynamic-.patch -Patch: 0007-Issue-7224-CI-Test-Simplify-test_reserve_descriptor_.patch -Patch: 0008-Issue-7189-DSBLE0007-generates-incorrect-remediation.patch -Patch: 0009-Issue-7027-2nd-389-ds-base-OpenScanHub-Leaks-Detecte.patch -Patch: 0010-Issue-7223-Revert-index-scan-limits-for-system-index.patch -Patch: 0011-Issue-7223-Add-upgrade-function-to-remove-nsIndexIDL.patch -Patch: 0012-Issue-7223-Detect-and-log-index-ordering-mismatch-du.patch -Patch: 0013-Issue-7223-Add-dsctl-index-check-command-for-offline.patch -Patch: 0014-Issue-7096-2nd-During-replication-online-total-init-.patch -Patch: 0015-Issue-7076-6992-6784-6214-Fix-CI-test-failures-7077.patch -Patch: 0016-Issue-7076-Fix-revert_cache-never-called-in-modrdn-7.patch -Patch: 0017-Issue-6947-Fix-health_system_indexes_test.py.patch -Patch: 0018-Issue-7121-2nd-LeakSanitizer-various-leaks-during-re.patch -Patch: 0019-Issue-7150-Compressed-access-log-rotations-skipped-a.patch +Patch: 0006-Issue-7189-DSBLE0007-generates-incorrect-remediation.patch +Patch: 0007-Issue-7184-argparse.HelpFormatter-_format_actions_us.patch +Patch: 0008-Issue-7027-2nd-389-ds-base-OpenScanHub-Leaks-Detecte.patch +Patch: 0009-Issue-7213-MDB_BAD_VALSIZE-error-while-handling-VLV-.patch +Patch: 0010-Issue-6542-RPM-build-errors-on-Fedora-42.patch +Patch: 0011-Issue-6476-Fix-build-failure-with-GCC-15.patch +Patch: 0012-Issue-7223-Revert-index-scan-limits-for-system-index.patch +Patch: 0013-Issue-7223-Add-upgrade-function-to-remove-nsIndexIDL.patch +Patch: 0014-Issue-7223-Add-upgrade-function-to-remove-ancestorid.patch +Patch: 0015-Issue-7223-Detect-and-log-index-ordering-mismatch-du.patch +Patch: 0016-Issue-7223-Add-dsctl-index-check-command-for-offline.patch +Patch: 0017-Issue-7096-2nd-During-replication-online-total-init-.patch +Patch: 0018-Issue-7076-6992-6784-6214-Fix-CI-test-failures-7077.patch +Patch: 0019-Issue-7076-Fix-revert_cache-never-called-in-modrdn-7.patch +Patch: 0020-Issue-6947-Fix-health_system_indexes_test.py.patch +Patch: 0021-Issue-7121-2nd-LeakSanitizer-various-leaks-during-re.patch +Patch: 0022-Issue-7150-Compressed-access-log-rotations-skipped-a.patch +Patch: 0023-Issue-7224-CI-Test-Simplify-test_reserve_descriptor_.patch +Patch: 0024-Issue-7231-Sync-repl-tests-fail-in-FIPS-mode-due-to-.patch +Patch: 0025-Issue-7248-CLI-attribute-uniqueness-fix-usage-for-ex.patch +Patch: 0026-Issue-CLI-dsctl-db2index-needs-some-hardening-with-M.patch +Patch: 0027-Issue-7184-2nd-argparse.HelpFormatter-_format_action.patch +Patch: 0028-Issue-7213-2nd-MDB_BAD_VALSIZE-error-while-handling-.patch +Patch: 0029-Issue-7223-Use-lexicographical-order-for-ancestorid-.patch +Patch: 0030-Issue-7066-7052-allow-password-history-to-be-set-to-.patch +Patch: 0031-Issue-7243-UI-fix-certificate-table-and-modal.patch +Patch: 0032-Issue-7223-Remove-integerOrderingMatch-requirement-f.patch +Patch: 0033-Issue-7053-Remove-memberof_del_dn_from_groups-from-M.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes @@ -782,9 +796,6 @@ for dir in "$instbase"/slapd-* ; do else echo "instance $inst is not running" >> "$output" 2>&1 || : fi - # Run index-check on all instances (running or not) - # This fixes index ordering mismatches from older versions - dsctl "$inst_name" index-check --fix >> "$output2" 2>&1 || : ninst=$((ninst + 1)) done @@ -937,6 +948,15 @@ exit 0 %endif %changelog +* Fri Feb 20 2026 Viktor Ashirov - 2.8.0-4 +- Resolves: RHEL-117050 - Replication online reinitialization of a large database gets stalled. [rhel-9] +- Resolves: RHEL-123279 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue [rhel-9] +- Resolves: RHEL-140275 - ipa-healthcheck is complaining about missing or incorrectly configured system indexes. [rhel-9] +- Resolves: RHEL-142980 - Scalability issue of replication online initialization with large database [rhel-9] +- Resolves: RHEL-146899 - memory corruption in alias entry plugin [rhel-9] +- Resolves: RHEL-147212 - Access logs are not getting deleted as configured. [rhel-9] +- Resolves: RHEL-150907 - Remove memberof_del_dn_from_groups from MemberOf plugin [rhel-9] + * Thu Feb 12 2026 Viktor Ashirov - 2.8.0-3 - Resolves: RHEL-117050 - Replication online reinitialization of a large database gets stalled. [rhel-9] - Resolves: RHEL-123244 - Attribute uniqueness is not enforced upon modrdn operation [rhel-9]