- Resolves: #1127833
Ticket 47869 - unauthenticated information disclosure (Bug 1123477)
- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted.
- Ticket 47862 - repl-monitor fails to convert "*" to default values
- Ticket 47824 - paged results control is not working in some cases when we have a subsuffix.
- Ticket 47862 - Repl-monitor.pl ignores the provided connection parameters
- Ticket 346 - Fixing memory leaks
- Ticket 47753 - Add switch to disable pre-hashed password checking
- Ticket 47861 - Certain schema files are not replaced during upgrade
- Ticket 47858 - Internal searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can crash the server
- Ticket 47797 - DB deadlock when two threads (on separated backend) try to record changes in retroCL
- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted.
- Ticket 47692 - single valued attribute replicated ADD does not work
- Ticket 47781 - Server deadlock if online import started while server is under load
- Ticket 47779 - Potential deadlock after startup if a dna configuration change is made
- Ticket 47839 - 389-ds production segfault: __memcpy_sse2_unaligned...
- Ticket 47750 - Creating a glue fails if one above level is a conflict or missing
- Ticket 47763 - winsync plugin modify is broken
- Ticket 47821 - deref plugin cannot handle complex acis
- Ticket 47831 - server restart wipes out index config if there is a default index
- Ticket 47817 - The error result text message should be obtained just prior to sending result
- Ticket 47815 - Add operations rejected by betxn plugins remain in cache
- Ticket 47809 - find a way to remove replication plugin errors messages "changelog iteration code returned a dummy entry with csn %s, skipping ..."
- Ticket 47704 - invalid sizelimits in aci group evaluation
- Ticket 47813 - remove "goto bail" from previous commit
- Ticket 47813 - managed entry plugin fails to update member pointer on modrdn operation
- Ticket 47808 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed.
- Ticket 47770 - #481 breaks possibility to reassemble memberuid list
- Ticket 47446 - logconv.pl memory continually grows
- Ticket 47713 - Logconv.pl with an empty access log gives lots of errors
- Ticket 47806 - Failed deletion of aci: no such attribute
- bump version
- Ticket 47720 - Normalization from old DN format to New DN format doesnt handel condition properly when there is space in a suffix after the seperator operator.
- Ticket 47670 - Aci warnings in error log
- Ticket 47721 - Schema Replication Issue (follow up)
- Ticket 47721 - Schema Replication Issue (follow up + cleanup)
- Ticket 47721 - Schema Replication Issue
- Ticket 47676 - (cont.) Replication of the schema fails 'master branch' -> 1.2.11 or 1.3.1
- Ticket 47676 - Replication of the schema fails 'master branch' -> 1.2.11 or 1.3.1
- Ticket 47541 - Fix Jenkins errors
- Ticket 47541 - Replication of the schema may overwrite consumer 'attributetypes' even if consumer definition is a superset
- Ticket 47804 - db2bak.pl error with changelogdb
- Ticket 47780 - Some VLV search request causes memory leaks
- Ticket 47787 - A replicated MOD fails (Unwilling to perform) if it targets a tombstone
- Ticket 47764 - Problem with deletion while replicated
- Ticket 47750 - Creating a glue fails if one above level is a conflict or missing; Ticket 47696 - Large Searches Hang - Possibly entryrdn related
- Ticket 47772 - fix coverity issue
- Ticket 47793 - Server crashes if uniqueMember is invalid syntax and memberOf plugin is enabled.
- Ticket 47792 - database plugins need a way to call betxn plugins
- Ticket 47707 - 389 DS Server crashes and dies while handles paged searches from clients
- Ticket 47792 - code cleanup
- Ticket 47779 - Need to lock server list when removing list
- Ticket 47771 - Move parentsdn initialization to avoid crash
- Ticket 47779 - Part of DNA shared configuration is deleted after server restart
- Ticket 346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values
- Ticket 47782 - Parent numbordinate count can be incorrectly updated if an error occurs
- Ticket 47772 - empty modify returns LDAP_INVALID_DN_SYNTAX
- Ticket 47774 - mem leak in do_search - rawbase not freed upon certain errors
- Ticket 47773 - mem leak in do_bind when there is an error
- Ticket 47771 - Performing deletes during tombstone purging results in operation errors
- Ticket 47767 - Nested tombstones become orphaned after purge
- Ticket 47766 - Tombstone purging can crash the server if the backend is stopped/disabled
- Ticket 47759 - Crash in replication when server is under write load
- Ticket 47740 - Fix coverity issues(part 7)
- Ticket 47748 - Simultaneous adding a user and binding as the user could fail in the password policy check
- Ticket 47743 - Memory leak with proxy auth control
- Ticket 47740 - Crash caused by changes to certmap.c
- Ticket 47733 - ds logs many "Operation error fetching Null DN" messages
- Ticket 47740 - Fix coverity issues: null deferences - Part 6
- Ticket 47732 - ds logs many "SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN plugin returned error" messages
- Ticket 47740 - Coverity issue in 1.3.3
- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry
- Ticket 47740 - Fix coverity issues - Part 5
- Ticket 47740 - Fix coverity erorrs - Part 4
- Ticket 47640 - Fix coverity issues - part 3
- Ticket 47740 - Fix sync plugin resource leaks
- Ticket 47538 - RFE: repl-monitor.pl plain text output, cmdline config options
- Ticket 47740 - Coverity Fixes (Mark - part 1)
- Ticket 47734 - Change made in resolving ticket #346 fails on Debian SPARC64
- Ticket 47722 - Fixed filter not correctly identified
- Ticket 47722 - rsearch filter error on any search filter
- Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind
- Ticket 47737 - Under heavy stress, failure of turning a tombstone into glue makes the server hung
- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry
- Ticket 47729 - Directory Server crashes if shutdown during a replication initialization
- Ticket 47637 - rsa_null_sha should not be enabled by default
- Ticket 408 - create a normalized dn cache
- Ticket 571 - Empty control list causes LDAP protocol error is thrown (dup 47361)
- Ticket 408 - create a normalized dn cache
- Ticket 47699 - Propagate plugin precedence to all registered function types
- Ticket 525 - Replication retry time attributes cannot be added
- Ticket 47709 - package issue in 389-ds-base
- Ticket 47700 - Unresolved external symbol references break loading of the ACL plugin
- Ticket 47642 - Windows Sync group issues
- Ticket 525 - Replication retry time attributes cannot be added
- Ticket 47692 - single valued attribute replicated ADD does not work
- Ticket 47615 - Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version
- Ticket 47677 - Size returned by slapi_entry_size is not accurate
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 47653 - Need a way to allow users to create entries assigned to themselves.
- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used
- Ticket 47374 - flush.pl is not included in perl5
- Ticket 47649 - Server hangs in cos_cache when adding a user entry
- Ticket 443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error
- Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit platform
- Ticket 47641 - 7-bit check plugin not checking MODRDN operation
- Ticket 342 - better error message when cache overflows
- Ticket 47516 - replication stops with excessive clock skew
- Ticket 47620 - Unable to delete protocol timeout attribute
- Ticket 408 - Fix crash when disabling/enabling the setting
- Ticket 47629 - random crashes related to sync repl
- Ticket 47571 - targetattr ACIs ignore subtype
- Ticket 47660 - config_set_allowed_to_delete_attrs: Valgrind reports Invalid read
- Revert "Ticket 47653 - Need a way to allow users to create entries assigned to themselves"
- Ticket 447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
- Ticket 47653 - Need a way to allow users to create entries assigned to themselves
- Ticket 47647 - remove bogus definition in 60rfc3712.ldif
- Ticket 47634 - support AttributeTypeDescription USAGE userApplications distributedOperation dSAOperation
- Ticket 47645 - reset stack, op fields to NULL - clean up stacks at shutdown - free unused plugin config entries
- Ticket 47517 - memory leak in range searches and other various leaks
- ticket 47550 - wip (cherry picked from commit 82377636267787be5182457d619d5a0b662d2658)
- Ticket 47550 - logconv: failed logins: Use of uninitialized value in numeric comparison at logconv.pl line 949
- Ticket 47513 - tmpfiles.d references /var/lock when they should reference /run/lock
- Ticket 47551 - logconv: -V does not produce unindexed search report
- Ticket 47490 - Schema replication between DS versions may overwrite newer base schema
- Ticket 48 - Active Directory has certain uids which are reserved and will cause a Directory Server replica initialization of an AD server to abort.
- Ticket 53 - Need to update supported locales
- Ticket 54 - locale "nl" not supported by collation plugin
- Ticket 77 - [RFE] Add ACI support for ldapi
- Ticket 123 - Enhancement request: "whoami" extended operation
- Ticket 153 - Schema file parsing overly picky?
- Ticket 182 - Pwd retry counters replication not enabled by default, and enabling it could lead to undesired results
- Ticket 197 - rhds82 rfe - BDB backend - clear free page files to reduce changelog size
- Ticket 205 - rhds81 rfe - snmp counters index strings for multiple network interfaces with ip addr and tcp port pairs
- Ticket 208 - [RFE] Roles with explicit scoping in RHDS
- Ticket 283 - Expose slapi_eq_* API
- Ticket 314 - ChainOnUpdate: "cn=directory manager" can modify userRoot on consumer without changes being chained or replicated. Directory integrity compromised.
- Ticket 411 - [RFE] mods optimizer
- Ticket 415 - winsync doesn't sync DN valued attributes if DS DN value doesn't exist
- Ticket 428 - posix winsync should support ADD user/group entries from DS to AD
- Ticket 460 - support multiple subtrees and filters
- Ticket 512 - improve performance of vattr code
- Ticket 513 - recycle operation pblocks
- Ticket 514 - investigate connection locking
- Ticket 521 - modrdn + NSMMReplicationPlugin - Consumer failed to replay change
- Ticket 564 - Is ldbm_txn_ruv_modify_context still required ?
- Ticket 568 - using transaction batchval violates durability
- Ticket 569 - examine replication code to reduce amount of stored state information
- Ticket 586 - selinux errors with /usr/sbin/setup-ds-admin.pl
- Ticket 589 - [RFE] Support RFC 4527 Read Entry Controls
- Ticket 601 - multi master replication allows schema violation
- Ticket 602 - replication inconsistency if attribute is modified several times in one operaion
- Ticket 607 - Replication issue: Entry can diverge betwen servers
- Ticket 609 - nsDS5BeginReplicaRefresh attribute accepts any value and it doesn't throw any error when server restarts.
- Ticket 615 - High contention on cos cache lock
- Ticket 617 - Possible to add invalid ACI value
- Ticket 626 - Possible to add nonexistent target to ACI
- Ticket 630 - The backend name provided to bak2db is not validated
- Ticket 47306 - execute index_add_mods only for indexed attributes
- Ticket 47310 - Attribute "dsOnlyMemberUid" not allowed when syncing nested posix groups from AD with posixWinsync
- Ticket 47313 - Indexed search with filter containing '&' and "!" with attribute subtypes gives wrong result
- Ticket 47314 - Winsync should support range retrieval
- Ticket 47316 - Search against 'view' is always reported as unindexed
- Ticket 47317 - should set LDAP_OPT_X_SASL_NOCANON to LDAP_OPT_ON by default
- Ticket 47319 - make connection buffer size adjustable
- Ticket 47320 - put conn on work_q not poll list if conn has buffered more_data
- Ticket 47323 - resurrected entry is not correctly indexed
- Ticket 47326 - idl switch does not work
- Ticket 47329 - Improve slapi_back_transaction_begin() return code when transactions are not available
- Ticket 47331 - Self entry access ACI not working properly
- Ticket 47337 - mep_pre_op: Unable to fetch origin entry
- Ticket 47340 - Deleting a separator ',' in 7-bit check plugin arguments makes the server fail to start with segfault
- Ticket 47350 - Allow search to look up 'in memory RUV'
- Ticket 47354 - Indexed search are logged with 'notes=U' in the access logs
- Ticket 47358 - backend performance - introduce optimization levels
- Ticket 47360 - Delete attribute could crash the server
- Ticket 47363 - 7-bit checking is not necessary for userPassword
- Ticket 47370 - DS crashes with some 7-bit check plugin configurations
- Ticket 47371 - Some updates of "passwordgraceusertime" are useless when updating "userpassword"
- Ticket 47372 - make old-idl tunable
- Ticket 47381 - nsslapd-db-transaction-batch-val turns to -1
- Ticket 47382 - Add a warning message when a connection hits the max number of threads
- Ticket 47384 - Plugin library path validation
- Ticket 47387 - improve logconv.pl performance with large access logs
- Ticket 47388 - [RFE] Support 'Content Synchronization Operation' (SyncRepl) - RFC 4533
- Ticket 47389 - Non-directory manager can change the individual userPassword's storage scheme
- Ticket 47394 - remove-ds.pl should remove /var/lock/dirsrv
- Ticket 47400 - MMR stress test with dna enabled causes a deadlock
- Ticket 47411 - Replace substring search with plain search in referint plugin
- Ticket 47416 - IPA replica's - "SASL encrypted packet length exceeds maximum allowed limit"
- Ticket 47423 - 7-bit check plugin does not work for userpassword attribute
- Ticket 47425 - should only call windows_update_done if repl agmt type is windows
- Ticket 47426 - move compute_idletimeout out of handle_pr_read_ready
- Ticket 47433 - With SeLinux, ports can be labelled per range. setup-ds.pl or setup-ds-admin.pl fail to detect already ranged labelled ports
- Ticket 47463 - IDL-style can become mismatched during partial restoration
- Ticket 47487 - enhance retro changelog
- Ticket 47502 - updates to ruv entry are written to retro changelog
- Ticket 47504 - idlistscanlimit per index/type/value
- Ticket 47505 - get rid of valueset_add_valuearray_ext
- Ticket 47520 - Fix various issues with logconv.pl
- Ticket 47522 - Password administrators should be able to violate password policy
- Ticket 47531 - 1.3.2 with mozldap - need to redo sasl_io_recv
- Ticket 47532 - 1.3.2 with mozldap - crashes in new operation work_q
- Ticket 47539 - Disabling DNA plug-in throws error 53
- Ticket 47543 - mozldap - fix compiler warnings
Ticket 47513 - Set localrundir outside of the "with-fhs" block
Ticket 47513 - Refine the check for @localrundir@
Ticket 47510 - remove unnecessary typedef
Ticket 47510 - Repl Sync does not compile against MozLDAP libraries
Ticket #47534 - RUV tombstone search with scope "one" doesn`t work
Ticket 47510 - 389-ds-base does not compile against MozLDAP libraries
Ticket #47523 - Set up replcation/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch
Ticket 47528 - 389-ds-base built with mozldap can crash from invalid free
Ticket #47504 idlistscanlimit per index/type/value
Ticket 47513 - tmpfiles.d references /var/lock when they should reference /run/lock
Ticket #47492 - PassSync removes User must change password flag on the Windows side
Ticket 47509 - CLEANALLRUV doesnt run across all replicas
Ticket #47516 replication stops with excessive clock skew
6829200 Coverity fix - 11952 - for Ticket 47512
Ticket 47512 - backend txn plugin fixup tasks should be done in a txn
(cherry picked from commit 1edb272d2c60a2e00e2e426094bdad2ad0c87102)
(cherry picked from commit a41e44d78d365c3b15b7c5303930808a97b2e5f3)
- Ticket 449 - Allow macro aci keywords to be case-insensitive
- Ticket 47489 - Under specific values of nsDS5ReplicaName, replication may get broken or updates missing
- Ticket 47507 - automember rebuild task not working as expected
Ticket #47455 - valgrind - value mem leaks, uninit mem usage
- fix breakage in slapi-nis introduced with the previous fix
Ticket 47500 - start-dirsrv/restart-dirsrv/stop-disrv do not register with systemd correctly
- Bug 1002215 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN
- Ticket 47488 - Users from AD sub OU does not sync to IPA
- Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated
- Ticket 47473 - setup-ds.pl doesn't lookup the "root" group correctly
- Ticket 47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negative.
- Ticket 47424 - Replication problem with add-delete requests on single-valued attributes
- Ticket 47367 - (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry
- Ticket 47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry
- Ticket 47421 - memory leaks in set_krb5_creds
- Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute values
- Ticket 47369 version2 - provide default syntax plugin
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
- Ticket 47399 - RHDS denies MODRDN access if ACI list contains any DENY rule
- Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold
- Ticket 47428 - Memory leak in 389-ds-base 1.2.11.15
- Ticket 47392 - ldbm errors when adding/modifying/deleting entries
- Ticket 47385 - Disk Monitoring is not triggered as expected.
- Ticket 47410 - changelog db deadlocks with DNA and replication
- Ticket 47374 - flush.pl is not included in perl5
- Ticket 47391 - deleting and adding userpassword fails to update the password (additional fix)
- Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization
- Ticket 47395 47397 - v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured
- Ticket 47396 - crash on modrdn of tombstone
- Ticket 47400 - MMR stress test with dna enabled causes a deadlock
- Ticket 47409 - allow setting db deadlock rejection policy
- Ticket 47419 - Unhashed userpassword can accidentally get removed from mods
- Ticket 47420 - An upgrade script 80upgradednformat.pl fails to handle a server instance name incuding '-'
The dates in a few of the changelog entries were incorrect. More
specifically, the day of week did not line up with the date. This
corrects the changelog entries.
- Ticket 332 - Command line perl scripts should attempt most secure connection type first
- Ticket 342 - better error message when cache overflows
- Ticket 417 - RFE - forcing passwordmustchange attribute by non-cn=directory manager
- Ticket 419 - logconv.pl - improve memory management
- Ticket 422 - 389-ds-base - Can't call method "getText"
- Ticket 433 - multiple bugs in start-dirsrv, stop-dirsrv, restart-dirsrv scripts
- Ticket 458 - RFE - Make it possible for privileges to be provided to an admin user to import an LDIF file containing hashed passwords
- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used
- Ticket 487 - Possible to add invalid attribute values to PAM PTA plugin configuration
- Ticket 502 - setup-ds.pl script should wait if "semanage.trans.LOCK" presen
- Ticket 505 - use lock-free access name2asi and oid2asi tables (additional)
- Ticket 508 - lock-free access to FrontendConfig structure
- Ticket 511 - allow turning off vattr lookup in search entry return
- Ticket 525 - Introducing a user visible configuration variable for controlling replication retry time
- Ticket 528 - RFE - get rid of instance specific scripts
- Ticket 529 - dn normalization must handle multiple space characters in attributes
- Ticket 532 - RUV is not getting updated for both Master and consumer
- Ticket 533 - only scan for attributes to decrypt if there are encrypted attrs configured
- Ticket 534 - RFE: Add SASL mappings fallback
- Ticket 537 - Improvement of range search
- Ticket 539 - logconv.pl should handle microsecond timing
- Ticket 543 - Sorting with attributes in ldapsearch gives incorrect result
- Ticket 545 - Segfault during initial LDIF import: str2entry_dupcheck()
- Ticket 547 - Incorrect assumption in ndn cache
- Ticket 550 - posix winsync will not create memberuid values if group entry become posix group in the same sync interval
- Ticket 551 - Multivalued rootdn-days-allowed in RootDN Access Control plugin always results in access control violation
- Ticket 552 - Adding rootdn-open-time without rootdn-close-time to RootDN Acess Control results in inconsistent configuration
- Ticket 558 - Replication - make timeout for protocol shutdown configurable
- Ticket 561 - disable writing unhashed#user#password to changelog
- Ticket 563 - DSCreate.pm: Error messages cannot be used in the if expression since they could be localized.
- Ticket 565 - turbo mode and replication - allow disable of turbo mode
- Ticket 571 - server does not accept 0 length LDAP Control sequence
- Ticket 574 - problems with dbcachesize disk space calculation
- Ticket 583 - dirsrv fails to start on reboot due to /var/run/dirsrv permissions
- Ticket 585 - Behaviours of "db2ldif -a <filename>" and "db2ldif.pl -a <filename>" are inconsistent
- Ticket 587 - Replication error messages in the DS error logs
- Ticket 588 - Create MAN pages for command line scripts
- Ticket 600 - Server should return unavailableCriticalExtension when processing a badly formed critical control
- Ticket 603 - A logic error in str2simple
- Ticket 604 - Required attribute not checked during search operation
- Ticket 608 - Posix Winsync plugin throws "posix_winsync_end_update_cb: failed to add task entry" error message
- Ticket 611 - logconv.pl missing stats for StartTLS, LDAPI, and AUTOBIND
- Ticket 612 - improve dbgen rdn generation, output
- Ticket 613 - ldclt: add timestamp, interval, nozeropad, other improvements
- Ticket 616 - High contention on computed attribute lock
- Ticket 618 - Crash at shutdown while stopping replica agreements
- Ticket 620 - Better logging of error messages for 389-ds-base
- Ticket 621 - modify operations without values need to be written to the changelog
- Ticket 622 - DS logging errors "libdb: BDB0171 seek: 2147483648: (262144 * 8192) + 0: No such file or directory
- Ticket 631 - Replication: "Incremental update started" status message without consumer initialized
- Ticket 633 - allow nsslapd-nagle to be disabled, and also tcp cork
- Ticket 47299 - allow cmdline scripts to work with non-root user
- Ticket 47302 - get rid of sbindir start/stop/restart slapd scripts
- Ticket 47303 - start/stop/restart dirsrv scripts should report and error if no instances
- Ticket 47304 - reinitialization of a master with a disabled agreement hangs
- Ticket 47311 - segfault in db2ldif(trigger by a cleanallruv task)
- Ticket 47312 - replace PR_GetFileInfo with PR_GetFileInfo64
- Ticket 47315 - filter option in fixup-memberof requires more clarification
- Ticket 47325 - Crash at shutdown on a replica aggrement
- Ticket 47330 - changelog db extension / upgrade is obsolete
- Ticket 47336 - logconv.pl -m not working for all stats
- Ticket 47341 - logconv.pl -m time calculation is wrong
- Ticket 47343 - 389-ds-base: Does not support aarch64 in f19 and rawhide
- Ticket 47347 - Simple paged results should support async search
- Ticket 47348 - add etimes to per second/minute stats
- Ticket 47349 - DS instance crashes under a high load
- Ticket 47308 - unintended information exposure when anonymous access is set to rootdse
- Ticket 628 - crash in aci evaluation
- Ticket 627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so
- Ticket 634 - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up
- Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC
- Ticket 623 - cleanAllRUV task fails to cleanup config upon completion
- Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
- Ticket 570 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled)
- Ticket 490 - Slow role performance when using a lot of roles
- Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry
- Ticket 549 - DNA plugin no longer reports additional info when range is depleted
- Ticket 541 - need to set plugin as off in ldif template
- Ticket 541 - RootDN Access Control plugin is missing after upgrade
- Trac Ticket #497 - Escaped character cannot be used in the substring search filter
- Ticket 509 - lock-free access to be->be_suffixlock
- Trac Ticket #522 - betxn: upgrade is not implemented yet
- Ticket #322 - Create DOAP description for the 389 Directory Server project
- Trac Ticket #499 - Handling URP results is not corrrect
- Ticket 509 - lock-free access to be->be_suffixlock
- Ticket 456 - improve entry cache sizing
- Trac Ticket #531 - loading an entry from the database should use str2entry_f
- Trac Ticket #536 - Clean up compiler warnings for 1.3
- Trac Ticket #531 - loading an entry from the database should use str2entry_fast
- Ticket 509 - lock-free access to be->be_suffixlock
- Ticket 527 - ns-slapd segfaults if it cannot rename the logs
- Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't
- Ticket 216 - disable replication agreements
- Ticket 518 - dse.ldif is 0 length after server kill or machine kill
- Ticket 393 - Change in winSyncInterval does not take immediate effect
- Ticket 20 - Allow automember to work on entries that have already been added
- Coverity Fixes
- Ticket 349 - nsViewFilter syntax issue in 389DS 1.2.5
- Ticket 337 - improve CLEANRUV functionality
- Fix for ticket 504
- Ticket 394 - modify-delete userpassword
- minor fixes for bdb 4.2/4.3 and mozldap
- Trac Ticket #276 - Multiple threads simultaneously working on connection's private buffer causes ns-slapd to abort
- Fix for ticket 465: cn=monitor showing stats for other db instances
- Ticket 507 - use mutex for FrontendConfig lock instead of rwlock
- Fix for ticket 510 Avoid creating an attribute just to determine the syntax for a type, look up the syntax directly by type
- Coverity defect: Resource leak 13110
- Ticket 517 - crash in DNA if no dnaMagicRegen is specified
- Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry
- Trac Ticket #519 - Search with a complex filter including range search is slow
- Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error
- Trac Ticket #311 - IP lookup failing with multiple DNS entries
- Trac Ticket #447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs
- Trac Ticket #443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error
- Ticket #503 - Improve AD version in winsync log message
- Trac Ticket #190 - Un-resolvable server in replication agreement produces unclear error message
- Coverity fixes
- Trac Ticket #391 - Slapd crashes when deleting backends while operations are still in progress
- Trac Ticket #448 - Possible to set invalid macros in Macro ACIs
- Trac Ticket #498 - Cannot abaondon simple paged result search
- Coverity defects
- Trac Ticket #494 - slapd entered to infinite loop during new index addition
- Fixing compiler warnings in the posix-winsync plugin
- Coverity defects
- Ticket 147 - Internal Password Policy usage very inefficient
- Ticket 495 - internalModifiersname not updated by DNA plugin
- Revert "Ticket 495 - internalModifiersname not updated by DNA plugin"
- Ticket 495 - internalModifiersname not updated by DNA plugin
- Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h])
- Ticket 486 - nsslapd-enablePlugin should not be multivalued
- Ticket 488 - Doc: DS error log messages with typo
- Trac Ticket #451 - Allow db2ldif to be quiet
- Ticket #491 - multimaster_extop_cleanruv returns wrong error codes
- Ticket #481 - expand nested posix groups
- Trac Ticket #455 - Insufficient rights to unhashed#user#password when user deletes his password
- Ticket #446 - anonymous limits are being applied to directory manager
Added the new systemd macros
https://fedorahosted.org/389/ticket/431
Reviewed by: richm(Thanks!)
(cherry picked from commit 81c22d34f83c294f67adbafd1af142bea0b13a69)
Ticket #173 ds-logpipe.py script's man page and script help should be updated for -t option.
Ticket #196 RFE: Interpret IPV6 addresses for ACIs, replication, and chaining
Ticket #218 RFE - Make RIP working with Replicated Entries
Ticket #328 make sure all internal search filters are properly escaped
Ticket #329 389-admin build fails on F-18 with new apache
Ticket #344 deadlock in replica_write_ruv
Ticket #351 use betxn plugins by default
Ticket #352 make cos, roles, views betxn aware
Ticket #356 logconv.pl - RFE - track bind info
Ticket #365 Audit log - clear text password in user changes
Ticket #370 Opening merge qualifier CoS entry using RHDS console changes the entry.
Ticket #372 Setting nsslapd-listenhost or nsslapd-securelistenhost breaks ACI processing
Ticket #386 Overconsumption of memory with large cachememsize and heavy use of ldapmodify
Ticket #402 unhashedTicket #userTicket #password in entry extension
Ticket #408 Create a normalized dn cache
Ticket #453 db2index with -tattrname:type,type fails
Ticket #461 fix build problem with mozldap c sdk
Ticket #462 add test for include file mntent.h
Ticket #463 different parameters of getmntent in Solaris
Trac Ticket #470 - 389 prevents from adding a posixaccount with userpassword after schema reload
Ticket 477 - CLEANALLRUV if there are only winsync agmts task will hang
Ticket 457 - dirsrv init script returns 0 even when few or all instances fail to start
Ticket 473 - change VERSION.sh to have console version be major.minor
Ticket 475 - Root DN Access Control - improve value checking for config
Trac Ticket #466 - entry_apply_mod - ADD: Failed to set unhashed#user#password to extension
Ticket 474 - Root DN Access Control - days allowed not working correctly
Ticket 467 - CLEANALLRUV abort task should be able to ignore down replicas
0b79915 fix compiler warnings in ticket 374 code
Ticket 452 - automember rebuild task adds users to groups that do not match the configuration scope
Ticket 450 - CLEANALLRUV task gets stuck on winsync replication agreement
Ticket 386 - large memory growth with ldapmodify(heap fragmentation)
this patch doesn't fix the bug - it allows us to experiment with
different values of mxfast
Ticket #374 - consumer can go into total update mode for no reason
1) plugin config ldif must contain pluginid, etc. during upgrade or it
will fail due to schema errors
2) posix winsync should have a lower precedence (25) than the default (50)
so that it will be run first
3) posix winsync should support the Winsync API v3 - the v2 functions are
just stubs for now - but the precedence cb is active
8e5087a Coverity defects - 13089: Dereference after null check ldbm_back_delete
- Trac Ticket #437 - variable dn should not be used in ldbm_back_delete
- ba1f5b2 fix coverity resource leak in windows_plugin_add
- e3e81db Simplify program flow: change while loops to for
- a0d5dc0 Fix logic errors: del_mod should be latched (might not be last mod), and avoid skipping add-mods (int value 0)
- 0808f7e Simplify program flow: make adduids/moduids/deluids action blocks all similar
- 77eb760 Simplify program flow: eliminate unnecessary continue
- c9e9db7 Memory leaks: unmatched slapi_attr_get_valueset and slapi_value_new
- a4ca0cc Change "return"s in modGroupMembership to "break"s to avoid leaking
- d49035c Factorize into new isPosixGroup function
- 3b61c03 coverity - posix winsync mem leaks, null check, deadcode, null ref, use after free
- 33ce2a9 fix mem leaks with parent dn log message, setting winsync windows domain
- Ticket #440 - periodic dirsync timed event causes server to loop repeatedly
- Ticket #355 - winsync should not delete entry that appears to be out of scope
- Ticket 436 - nsds5ReplicaEnabled can be set with any invalid values.
- 487932d coverity - mbo dead code - winsync leaks, deadcode, null check, test code
- 2734a71 CLEANALLRUV coverity fixes
- Ticket #426 - support posix schema for user and group sync
- Ticket #430 - server to server ssl client auth broken with latest openldap
Ticket 429 - added nsslapd-readonly to DS schema
Ticket 403 - fix CLEANALLRUV regression from last commit
Trac Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values
Ticket #425 - support multiple winsync plugins
Ticket 403 - cleanallruv coverity fixes
Ticket 407 - memory leak in dna plugin
Ticket 403 - CLEANALLRUV feature
Ticket 413 - "Server is unwilling to perform" when running ldapmodify on nsds5ReplicaStripAttrs
3168f04 Coverity defects
5ff0a02 COVERITY FIXES
Ticket #388 - Improve replication agreement status messages
0760116 Update the slapi-plugin documentation on new slapi functions, and added a slapi function for checking on shutdowns
Ticket #369 - restore of replica ldif file on second master after deleting two records shows only 1 deletion
Ticket #409 - Report during startup if nsslapd-cachememsize is too small
Ticket #412 - memberof performance enhancement
12813: Uninitialized pointer read string_values2keys
Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values
Ticket #346 - Slow ldapmodify operation time for large quantities of multi-valued attribute values
Ticket #410 - Referential integrity plug-in does not work when update interval is not zero
Ticket #406 - Impossible to rename entry (modrdn) with Attribute Uniqueness plugin enabled
Ticket #405 - referint modrdn not working if case is different
Ticket 399 - slapi_ldap_bind() doesn't check bind results
Ticket #378 - audit log does not log unhashed password: enabled, by default.
Ticket #378 - unhashed#user#password visible after changing password
Ticket #365 - passwords in clear text in the audit log
Ticket #387 - managed entry sometimes doesn't delete the managed entry
5903815 improve txn test index handling
Ticket #360 - ldapmodify returns Operations error - fix delete caching
bcfa9e3 Coverity Fix
Trac Ticket #335 - transaction retries need to be cache aware
Ticket #389 - ADD operations not in audit log
44cdc84 fix coverity issues with uninit vals, no return checking
1b4b9d5 Ticket 368 - Make the cleanAllRUV task one step
8f17da5 Ticket #110 - RFE limiting root DN by host, IP, time of day, day of week
NRUV
Ticket #360 - ldapmodify returns Operations error
Ticket #321 - krbExtraData is being null modified and replicated on each ssh login
Trac Ticket #359 - Database RUV could mismatch the one in changelog under the stress
Ticket #361: Bad DNs in ACIs can segfault ns-slapd
Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object
Ticket #337 - Improve CLEANRUV task
(cherry picked from commit 21635dcd44f96846bb8158963508374f489a355c)
Ticket #351 - use betxn plugins by default
revert - make no plugins betxn by default - too great a risk
for deadlocks until we can test this better
Ticket #348 - crash in ldap_initialize with multiple threads
fixes PR_Init problem in ldclt
- f227f11 Suppress alert on unavailable port with forced setup
- Ticket #353 - coverity 12625-12629 - leaks, dead code, unchecked return
- Ticket #351 - use betxn plugins by default
- Trac Ticket #345 - db deadlock return should not log error
- Ticket #348 - crash in ldap_initialize with multiple threads
- Ticket #214 - Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied
- Ticket #207 - [RFE] enable attribute that tracks when a password was last set
- Ticket #216 - RFE - Disable replication agreements
- Ticket #337 - RFE - Improve CLEANRUV functionality
- Ticket #326 - MemberOf plugin should work on all backends
- Trac Ticket #19 - Convert entryUSN plugin to transaction aware type
- Ticket #347 - IPA dirsvr seg-fault during system longevity test
- Trac Ticket #310 - Avoid calling escape_string() for logged DNs
- Trac Ticket #338 - letters in object's cn get converted to lowercase when renaming object
- Ticket #183 - passwordMaxFailure should lockout password one sooner
- Trac Ticket #335 - transaction retries need to be cache aware
- Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
- Ticket #325 - logconv.pl : use of getopts to parse command line options
- Ticket #336 - [abrt] 389-ds-base-1.2.10.4-2.fc16: index_range_read_ext: Process /usr/sbin/ns-slapd was killed by signal 11 (SIGSEGV)
- 554e29d Coverity Fixes
- Trac Ticket #46 - (additional 2) setup-ds-admin.pl does not like ipv6 only hostnames
- Ticket #183 - passwordMaxFailure should lockout password one sooner - and should be configurable to avoid regressions
- Ticket #315 - small fix to libglobs
- Ticket #315 - ns-slapd exits/crashes if /var fills up
- Ticket #20 - Allow automember to work on entries that have already been added
- Trac Ticket #45 - Fine Grained Password policy: if passwordHistory is on, deleting the password fails.
453eb97 schema def must have DESC '' - close paren must be preceded by space
Trac Ticket #46 - (additional) setup-ds-admin.pl does not like ipv6 only hostnames
Ticket #331 - transaction errors with db 4.3 and db 4.2
Ticket #261 - Add Solaris i386
Ticket #316 and Ticket #70 - add post add/mod and AD add callback hooks
Ticket #324 - Sync with group attribute containing () fails
Ticket #319 - ldap-agent crashes on start with signal SIGSEGV
77cacd9 coverity 12606 Logically dead code
Trac Ticket #303 - make DNA range requests work with transactions
Ticket #320 - allow most plugins to be betxn plugins
Ticket #24 - Add nsTLS1 to the DS schema
Ticket #271 - Slow shutdown when you have 100+ replication agreements
TIcket #285 - compilation fixes for '--format-security'
Ticket 211 - Avoid preop range requests non-DNA operations
Ticket #271 - replication code cleanup
Ticket 317 - RHDS fractional replication with excluded password policy attributes leads to wrong error messages.
Ticket #308 - Automembership plugin fails if data and config area mixed in the plugin configuration
Ticket #292 - logconv.pl reporting unindexed search with different search base than shown in access logs
6f8680a coverity 12563 Read from pointer after free (fix 2)
e6a9b22 coverity 12563 Read from pointer after free
245d494 Config changes fail because of unknown attribute "internalModifiersname"
Ticket #191 - Implement SO_KEEPALIVE in network calls
Ticket #289 - allow betxn plugin config changes
93adf5f destroy the entry cache and dn cache in the dse post op delete callback
e2532d8 init txn thread private data for all database modes
Ticket #291 - cannot use & in a sasl map search filter
6bf6e79 Schema Reload crash fix
60b2d12 Fixing compiler warnings
Trac Ticket #260 - 389 DS does not support multiple paging controls on a single connection
Ticket #302 - use thread local storage for internalModifiersName & internalCreatorsName
fdcc256 Minor bug fix introcuded by commit 69c9f3bf7dd9fe2cadd5eae0ab72ce218b78820e
Ticket #306 - void function cannot return value
ticket 181 - Allow PAM passthru plug-in to have multiple config entries
ticket 211 - Use of uninitialized variables in ldbm_back_modify()
Ticket #74 - Add schema for DNA plugin (RFE)
Ticket #301 - implement transaction support using thread local storage
Ticket #211 - dnaNextValue gets incremented even if the user addition fails
144af59 coverity uninit var and resource leak
Trac Ticket #34 - remove-ds.pl does not remove everything
Trac Ticket #169 - allow 389 to use db5
bc78101 fix compiler warning in acct policy plugin
Trac Ticket #84 - 389 Directory Server Unnecessary Checkpoints
Trac Ticket #27 - SASL/PLAIN binds do not work
Ticket #129 - Should only update modifyTimestamp/modifiersName on MODIFYops
Ticket #17 - new replication optimizations
https://fedorahosted.org/389/ticket/46https://fedorahosted.org/389/ticket/66
Fix Description:
Adding IPv6 friendly perl packages to Requires list:
Requires: perl-Socket
or
Requires: perl-Socket6
depending upon the perl Socket module availability.
Adding gcc-c++ to the build dependency
BuildRequires: gcc-c++
changelog:
- Ticket #46 - (revised) setup-ds-admin.pl does not like ipv6 only hostnames
- Ticket #66 - 389-ds-base spec file does not have a BuildRequires on gcc-c++
b05139b memleak in normalize_mods2bvals
c0eea24 memleak in mep_parse_config_entry
90bc9eb handle null smods
Ticket #305 - Certain CMP operations hang or cause ns-slapd to crash
Ticket #306 - void function cannot return value
ticket 304 - Fix kernel version checking in dsktune
Trac Ticket #298 - crash when replicating orphaned tombstone entry
Ticket #281 - TLS not working with latest openldap
Trac Ticket #290 - server hangs during shutdown if betxn pre/post op fails
Trac Ticket #26 - Please support setting defaultNamingContext in the rootdse
Ticket #281 - TLS not working with latest openldap
Ticket #280 - extensible binary filters do not work
Ticket #279 - filter normalization does not use matching rules
Trac Ticket #275 - Invalid read reported by valgrind
Ticket #277 - cannot set repl referrals or state
Ticket #278 - Schema replication update failed: Invalid syntax
Ticket #39 - Account Policy Plugin does not work for simple binds when PAM Pass Through Auth plugin is enabled
Ticket #13 - slapd process exits when put the database on read only mode while updates are coming to the server
Ticket #87 - Manpages fixes
c493fb4 fix a couple of minor coverity issues
Ticket #55 - Limit of 1024 characters for nsMatchingRule
Trac Ticket #274 - Reindexing entryrdn fails if ancestors are also tombstoned
Ticket #6 - protocol error from proxied auth operation
Ticket #38 - nisDomain schema is incorrect
Ticket #273 - ruv tombstone searches don't work after reindex entryrdn
Ticket #29 - Samba3-schema is missing sambaTrustedDomainPassword
Ticket #22 - RFE: Support sendmail LDAP routing schema
Ticket #161 - Review and address latest Coverity issues
Ticket #140 - incorrect memset parameters
Trac Ticket 35 - Log not clear enough on schema errors
Trac Ticket 139 - eliminate the use of char *dn in favor of Slapi_DN *dn
Trac Ticket #52 - FQDN set to nsslapd-listenhost makes the server start fail if IPv4-mapped-IPv6 address is given
fixes for systemd - remove .pid files after shutting down servers
Ticket #263 - add systemd include directive
Ticket #264 - upgrade needs better check for "server is running"
(cherry picked from commit 7dfddf14e3e83bc1ad68c3fd1182344f60b4a132)
Ticket #262 - pid file not removed with systemd
Ticket #50 - server should not call a plugin after the plugin close function is called
Ticket #18 - Data inconsitency during replication
Ticket #49 - better handling for server shutdown while long running tasks are active
Ticket #15 - Get rid of rwlock.h/rwlock.c and just use slapi_rwlock instead
Ticket #257 - repl-monitor doesn't work if leftmost hostnames are the same
Ticket #12 - 389 DS DNA Plugin / Replication failing on GSSAPI
6aaeb77 add a hack to disable sasl hostname canonicalization
Ticket 168 - minssf should not apply to rootdse
Ticket #177 - logconv.pl doesn't detect restarts
Ticket #159 - Managed Entry Plugin runs against managed entries upon any update without validating
Ticket 75 - Unconfigure plugin opperations are being called.
Ticket 26 - Please support setting defaultNamingContext in the rootdse.
Ticket #71 - unable to delete managed entry config
Ticket #167 - Mixing transaction and non-transaction plugins can cause deadlock
Ticket #256 - debug build assertion in ACL_EvalDestroy()
Ticket #4 - bak2db gets stuck in infinite loop
Ticket #162 - Infinite loop / spin inside strcmpi_fast, acl_read_access_allowed_on_attr, server DoS
Ticket #3: acl cache overflown problem
Ticket 1 - pre-normalize filter and pre-compile substring regex - and other optimizations
Ticket 2 - If node entries are tombstone'd, subordinate entries fail to get the full DN.
Bug 755725 - 389 programs linked against openldap crash during shutdown
Bug 755754 - Unable to start dirsrv service using systemd
Bug 745259 - Incorrect entryUSN index under high load in replicated environment
d439e3a use slapi_hexchar2int and slapi_str_to_u8 everywhere
5910551 csn_init_as_string should not use sscanf
b53ba00 reduce calls to csn_as_string and slapi_log_error
c897267 fix member variable name error in slapi_uniqueIDFormat
66808e5 uniqueid formatting - use slapi_u8_to_hex instead of sprintf
580a875 csn_as_string - use slapi_uN_to_hex instead of sprintf
Bug 751645 - crash when simple paged fails to send entry to client
Bug 752155 - Use restorecon after creating init script lock file
Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD'
Bug 750625 750624 750622 744946 Coverity issues
Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication
Bug 748575 - rhds81 modrn operation and 100% cpu use in replication
Bug 745259 - Incorrect entryUSN index under high load in replicated environment
f639711 Reduce the number of DN normalization
c06a8fa Keep unhashed password psuedo-attribute in the adding entry
Bug 744945 - nsslapd-counters attribute value cannot be set to "off"
8d3b921 Use new PLUGIN_CONFIG_ENTRY feature to allow switching between txn and regular
d316a67 Change referential integrity to be a betxnpostoperation plugin
Bug 741744 - part3 - MOD operations with chained delete/add get back error 53
1d2f5a0 make memberof transaction aware and able to be a betxnpostoperation plug in
b6d3ba7 pass the plugin config entry to the plugin init function
28f7bfb set the ENTRY_POST_OP for modrdn betxnpostoperation plugins
Bug 743966 - Compiler warnings in account usability plugin
resource limits for simple paged results
Bug 740942 - allow resource limits to be set for paged searches independently of limits for other searches/operations
Bug 741744 - MOD operations with chained delete/add get back error 53 on backend config
Bug 742324 - allow nsslapd-idlistscanlimit to be set dynamically and per-user
Bug 722292 - (cov#11030) Leak of mapped_sdn in winsync rename code
Bug 703990 - cross-platform - Support upgrade from Red Hat Directory Server
Introducing an environment variable USE_VALGRIND to clean up the entry cache and dn cache on exit.
389-ds-base-1.2.9.7 - bugfix update
Bug 733103 - large targetattr list with syntax errors cause server to crash or hang
Bug 633803 - passwordisglobalpolicy attribute brakes TLS chaining
Bug 732541 - Ignore error 32 when adding automember config
Bug 728592 - Allow ns-slapd to start with an invalid server cert
winsync, upgrade, and ruv/counter bug fixes
Bug 728510 - Run dirsync after sending updates to AD
Bug 729717 - Fatal error messages when syncing deletes from AD
Bug 729369 - upgrade DB to upgrade from entrydn to entryrdn format is not working.
Bug 729378 - delete user subtree container in AD + modify password in DS == DS crash
Bug 723937 - Slapi_Counter API broken on 32-bit F15
fixed again - separate tests for atomic ops and atomic bool cas
the 389-ds-base-1.2.9.1 release
Bug 663752 - Cert renewal for attrcrypt and encchangelog
this was "re-fixed" due to a deadlock condition with cl2ldif task cancel
Bug 725953 - Winsync: DS entries fail to sync to AD, if the User's CN entry contains a comma
Bug 725743 - Make memberOf use PRMonitor for it's operation lock
Bug 725542 - Instance upgrade fails when upgrading 389-ds-base package
Bug 723937 - Slapi_Counter API broken on 32-bit F15
The 1.2.9.0 release - several bug fixes
Bug 720059 - RDN with % can cause crashes or missing entries
Bug 709468 - RSA Authentication Server timeouts when using simple paged results on RHDS 8.2.
Bug 691313 - Need TLS/SSL error messages in repl status and errors log
Bug 712855 - Directory Server 8.2 logs "Netscape Portable Runtime error -5961 (TCP connection reset by peer.)" to error log whereas Directory Server 8.1 did not
Bug 713209 - Update sudo schema
Bug 719069 - clean up compiler warnings in 389-ds-base 1.2.9
Bug 718303 - Intensive updates on masters could break the consumer's cache
Bug 711679 - unresponsive LDAP service when deleting vlv on replica
look for separate openldap ldif library
Split automember regex rules into separate entries
writing Inf file shows SchemaFile = ARRAY(0xhexnum)
add support for ldif files with changetype: add
Bug 716980 - winsync uses old AD entry if new one not found
Bug 697694 - rhds82 - incr update state stop_fatal_error "requires administrator action", with extop_result: 9
bump console version to 1.2.6
Bug 711679 - unresponsive LDAP service when deleting vlv on replica
Bug 703703 - setup-ds-admin.pl asks for legal agreement to a non-existant file
Bug 706209 - LEGAL: RHEL6.1 License issue for 389-ds-base package
Bug 663752 - Cert renewal for attrcrypt and encchangelog
Bug 706179 - DS can not restart after create a new objectClass has entryusn attribute
Bug 711906 - ns-slapd segfaults using suffix referrals
Bug 707384 - only allow FIPS approved cipher suites in FIPS mode
Bug 710377 - Import with chain-on-update crashes ns-slapd
Bug 709826 - Memory leak: when extra referrals configured
389-ds-base-1.2.8.3
Bug 700145 - userpasswd not replicating
Bug 700557 - Linked attrs callbacks access free'd pointers after close
Bug 694336 - Group sync hangs Windows initial Sync
Bug 700215 - ldclt core dumps
Bug 695779 - windows sync can lose old values when a new value is added
Bug 697027 - 12 - minor memory leaks found by Valgrind + TET
389-ds-base-1.2.8.0
Bug 693473 - rhds82 rfe - windows_tot_run to log Sizelimit exceeded instead of LDAP error - -1
Bug 692991 - rhds82 - windows_tot_run: failed to obtain data to send to the consumer; LDAP error - -1
Bug 693466 - Unable to change schema online
Bug 693503 - matching rules do not inherit from superior attribute type
Bug 693455 - nsMatchingRule does not work with multiple values
Bug 693451 - cannot use localized matching rules
Bug 692331 - Segfault on index update during full replication push on 1.2.7.5
389-ds-base-1.2.8.rc4
Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv
ice is restarted
389-ds-base-1.2.8.rc3
Bug 690955 - Mrclone fails due to the replica generation id mismatch
389-ds-base-1.2.8 release candidate 2 - git tag 389-ds-base-1.2.8.rc2
Bug 689537 - (cov#10610) Fix Coverity NULL pointer dereferences
Bug 689866 - ns-newpwpolicy.pl needs to use the new DN format
Bug 681015 - RFE: allow fine grained password policy duration attributes
in days, hours, minutes, as well
Bug 684996 - Exported tombstone cannot be imported correctly
Bug 683250 - slapd crashing when traffic replayed
Bug 668909 - Can't modify replication agreement in some cases
Bug 504803 - Allow maxlogsize to be set if logmaxdiskspace is -1
Bug 644784 - Memory leak in "testbind.c" plugin
Bug 680558 - Winsync plugin fails to restrain itself to the configured subtree
389-ds-base-1.2.8 release candidate 1 - git tag 389-ds-base-1.2.8.rc1
Bug 518890 - setup-ds-admin.pl - improve hostname validation
Bug 681015 - RFE: allow fine grained password policy duration attributes in
days, hours, minutes, as well
Bug 514190 - setup-ds-admin.pl --debug does not log to file
Bug 680555 - ns-slapd segfaults if I have more than 100 DBs
Bug 681345 - setup-ds.pl should set SuiteSpotGroup automatically
Bug 674852 - crash in ldap-agent when using OpenLDAP
Bug 679978 - modifying attr value crashes the server, which is supposed to
be indexed as substring type, but has octetstring syntax
Bug 676655 - winsync stops working after server restart
Bug 677705 - ds-logpipe.py script is failing to validate "-s" and
"--serverpid" options with "-t".
Bug 625424 - repl-monitor.pl doesn't work in hub node
split out a separate -libs subpackage - 389-ds-base-libs contains
libslapd.so.* (and owns the libdir) - 389-ds-base-devel contains
libslapd.so (the symlink) and the header and pkgconfig files
389-ds-base contains everything else
389-ds-base and 389-ds-base-devel both depend on 389-ds-base-libs but
do not depend on each other
do not create /var/run/dirsrv - setup will create it instead
remove the fedora-ds initscript upgrade stuff - we do not support that anymore
convert the remaining lua stuff to plain old shell script
Reviewed by: nkinder, nhosoi (Thanks!)
- 1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
- Bug 675320 - empty modify operation with repl on or lastmod off will crash server
- Bug 675265 - preventryusn gets added to entries on a failed delete
- Bug 677774 - added support for tmpfiles.d
- Bug 666076 - dirsrv crash (1.2.7.5) with multiple simple paged result search
es
- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
- Bug 671199 - Don't allow other to write to rundir
- Bug 678646 - Ignore tombstone operations in managed entry plug-in
- Bug 676053 - export task followed by import task causes cache assertion
- Bug 677440 - clean up compiler warnings in 389-ds-base 1.2.8
- Bug 675113 - ns-slapd core dump in windows_tot_run if oneway sync is used
- Bug 676689 - crash while adding a new user to be synced to windows
- Bug 604881 - admin server log files have incorrect permissions/ownerships
- Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv
ice is restarted
- Bug 675853 - dirsrv crash segfault in need_new_pw()
1.2.8.a2 release - git tag 389-ds-base-1.2.8.a2
Bug 674430 - Improve error messages for attribute uniqueness
Bug 616213 - insufficient stack size for HP-UX on PA-RISC
Bug 615052 - intrinsics and 64-bit atomics code fails to compile
on PA-RISC
Bug 151705 - Need to update Console Cipher Preferences with new ciphers
Bug 668862 - init scripts return wrong error code
Bug 670616 - Allow SSF to be set for local (ldapi) connections
Bug 667935 - DS pipe log script's logregex.py plugin is not redirecting the
log output to the text file
Bug 668619 - slapd stops responding
Bug 624547 - attrcrypt should query the given slot/token for
supported ciphers
Bug 646381 - Faulty password for nsmultiplexorcredentials does not give any
error message in logs
- Bug 643979 - Strange byte sequence for attribute with no values (nsslapd-referral)
- Bug 635009 - Add one-way AD sync capability
- Bug 572018 - Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot
- put replication config entries in separate file
- Bug 567282 - server can not abandon searchRequest of "simple paged results"
- Bug 329751 - "nested" filtered roles searches candidates more than needed
- Bug 521088 - DNA should check ACLs before getting a value from the range
This removes the dirsrv selinux policy from 389-ds-base. The same
policy is being implemented in the selinux-policy-base package now,
so we no longer need to build and carry it here.
- Bug 643979 - Strange byte sequence for attribute with no values (nsslapd-referral)
- Bug 635009 - Add one-way AD sync capability
- Bug 572018 - Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot
- put replication config entries in separate file
- Bug 567282 - server can not abandon searchRequest of "simple paged results"
- Bug 329751 - "nested" filtered roles searches candidates more than needed
- Bug 521088 - DNA should check ACLs before getting a value from the range
this is the 1.2.7.a3 release
Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
Bug 629681 - Retro Changelog trimming does not behave as expected
Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif
are not upgraded in the server instance schema dir
added several more bug fixes to 1.2.6.1
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
Bug 612264 - ACI issue with (targetattr='userPassword')
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
Bug 631862 - crash - delete entries not in cache + referint
