From fedora-directory-commits at redhat.com Thu Nov 1 20:24:09 2007
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Thu, 1 Nov 2007 16:24:09 -0400
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd vattr.c,
1.7, 1.8
Message-ID: <200711012024.lA1KO90i009709@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9625
Modified Files:
vattr.c
Log Message:
Resolves: #193724
Summary: "nested" filtered roles result in deadlock
Description: Function slapi_vattr_values_get_sp used to use the context
allocated on the stack. Changed it to call vattr_context_new to set the
locally created pblock (local_pb). The pblock is used to pass the context
loop info as the stack gets deeper to prevent the stack overflow. At the
end of this function slapi_vattr_values_get_sp, slapi_pblock_destroy is
called if the context is local (use_local_ctx). The function cleans up
pb_vattr_context internally.
Index: vattr.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/vattr.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- vattr.c 12 Oct 2007 18:03:42 -0000 1.7
+++ vattr.c 1 Nov 2007 20:24:07 -0000 1.8
@@ -630,163 +630,162 @@
*/
SLAPI_DEPRECATED int
slapi_vattr_values_get_sp(vattr_context *c,
- /* Entry we're interested in */ Slapi_Entry *e,
- /* attr type name */ char *type,
- /* pointer to result set */ Slapi_ValueSet** results,
- int *type_name_disposition,
- char** actual_type_name, int flags,
- int *buffer_flags)
-{
-
- PRBool use_local_ctx=PR_FALSE;
- vattr_context ctx;
- int rc = 0;
- int sp_bit = 0; /* Set if an SP supplied an answer */
- vattr_sp_handle_list *list = NULL;
-
- vattr_get_thang my_get = {0};
-
- if (c != NULL) {
- rc = vattr_context_grok(&c);
- if (0 != rc) {
- if(!vattr_context_is_loop_msg_displayed(&c))
- {
- /* Print a handy error log message */
- LDAPDebug(LDAP_DEBUG_ANY,"Detected virtual attribute loop in get on entry %s, attribute %s\n", slapi_entry_get_dn_const(e), type, 0);
- vattr_context_set_loop_msg_displayed(&c);
- }
- return rc;
- }
- } else {
- use_local_ctx=PR_TRUE;
- ctx.vattr_context_loop_count=1;
- ctx.error_displayed = 0;
- }
-
- /* For attributes which are in the entry, we just need to get to the Slapi_Attr structure and yank out the slapi_value_set
- structure. We either return a pointer directly to it, or we copy it, depending upon whether the caller asked us to try to
- avoid copying.
- */
-
- /* First grok the entry, and remember what we saw. This call does no more than walk down the entry attribute list, do some string compares and copy pointers. */
- vattr_helper_get_entry_conts(e,type, &my_get);
- /* Having done that, we now consult the attribute map to find service providers who are interested */
- /* Look for attribute in the map */
- if(!(flags & SLAPI_REALATTRS_ONLY))
- {
- list = vattr_map_sp_getlist(type);
- if (list) {
- vattr_sp_handle *current_handle = NULL;
- void *hint = NULL;
- /* first lets consult the cache to save work */
- int cache_status;
-
- cache_status =
- slapi_entry_vattrcache_find_values_and_type(e, type,
- results,
- actual_type_name);
- switch(cache_status)
- {
- case SLAPI_ENTRY_VATTR_RESOLVED_EXISTS: /* cached vattr */
- {
- sp_bit = 1;
-
- /* Complete analysis of type matching */
- if ( 0 == slapi_attr_type_cmp( type , *actual_type_name, SLAPI_TYPE_CMP_EXACT) )
- {
- *type_name_disposition = SLAPI_VIRTUALATTRS_TYPE_NAME_MATCHED_EXACTLY_OR_ALIAS;
- } else {
- *type_name_disposition = SLAPI_VIRTUALATTRS_TYPE_NAME_MATCHED_SUBTYPE;
- }
-
- break;
- }
-
- case SLAPI_ENTRY_VATTR_RESOLVED_ABSENT: /* does not exist */
- break; /* look in entry */
-
- case SLAPI_ENTRY_VATTR_NOT_RESOLVED: /* not resolved */
- default: /* any other result, resolve */
- {
- for (current_handle = vattr_map_sp_first(list,&hint); current_handle; current_handle = vattr_map_sp_next(current_handle,&hint))
- {
- if (use_local_ctx)
- {
- rc = vattr_call_sp_get_value(current_handle,&ctx,e,&my_get,type,results,type_name_disposition,actual_type_name,flags,buffer_flags, hint);
- }
- else
- {
- /* call this SP */
- rc = vattr_call_sp_get_value(current_handle,c,e,&my_get,type,results,type_name_disposition,actual_type_name,flags,buffer_flags, hint);
- }
-
- if (0 == rc)
- {
- sp_bit = 1;
- break;
- }
- }
-
- if(!sp_bit)
- {
- /* clean up, we have failed and must now examine the
- * entry itself
- * But first lets cache the no result
- * Creates the type (if necessary).
- */
- slapi_entry_vattrcache_merge_sv(e, type, NULL );
-
- }
- else
- {
- /*
- * we need to cache the virtual attribute
- * creates the type (if necessary) and dups
- * results.
- */
- slapi_entry_vattrcache_merge_sv(e, *actual_type_name,
- *results );
- }
-
- break;
- }
- }
- }
- }
- /* If no SP supplied the answer, take it from the entry */
- if (!sp_bit && !(flags & SLAPI_VIRTUALATTRS_ONLY))
- {
- rc = 0; /* reset return code (cause an sp must have failed) */
- *type_name_disposition = my_get.get_name_disposition;
-
- if (my_get.get_present) {
- if (flags & SLAPI_VIRTUALATTRS_REQUEST_POINTERS) {
- *results = my_get.get_present_values;
- *actual_type_name = my_get.get_type_name;
- } else {
- *results = valueset_dup(my_get.get_present_values);
- if (NULL == *results) {
- rc = ENOMEM;
- } else {
- *actual_type_name = slapi_ch_strdup(my_get.get_type_name);
- if (NULL == *actual_type_name) {
- rc = ENOMEM;
- }
- }
- }
- if (flags & SLAPI_VIRTUALATTRS_REQUEST_POINTERS) {
- *buffer_flags = SLAPI_VIRTUALATTRS_RETURNED_POINTERS;
- } else {
- *buffer_flags = SLAPI_VIRTUALATTRS_RETURNED_COPIES;
- }
- } else {
- rc = SLAPI_VIRTUALATTRS_NOT_FOUND;
- }
- }
- if (!use_local_ctx) {
- vattr_context_ungrok(&c);
- }
- return rc;
+ /* Entry we're interested in */ Slapi_Entry *e,
+ /* attr type name */ char *type,
+ /* pointer to result set */ Slapi_ValueSet** results,
+ int *type_name_disposition,
+ char** actual_type_name, int flags,
+ int *buffer_flags)
+{
+ PRBool use_local_ctx = PR_FALSE;
+ Slapi_PBlock *local_pb = NULL;
+ vattr_context *ctx = NULL;
+ int rc = 0;
+ int sp_bit = 0; /* Set if an SP supplied an answer */
+ vattr_sp_handle_list *list = NULL;
+
+ vattr_get_thang my_get = {0};
+
+ if (c != NULL) {
+ rc = vattr_context_grok(&c);
+ if (0 != rc) {
+ if(!vattr_context_is_loop_msg_displayed(&c))
+ {
+ /* Print a handy error log message */
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "Detected virtual attribute loop in get on entry %s, attribute %s\n",
+ slapi_entry_get_dn_const(e), type, 0);
+ vattr_context_set_loop_msg_displayed(&c);
+ }
+ return rc;
+ }
+ ctx = c;
+ } else {
+ use_local_ctx = PR_TRUE;
+ local_pb = slapi_pblock_new();
+ ctx = vattr_context_new( local_pb );
+ ctx->vattr_context_loop_count = 1;
+ ctx->error_displayed = 0;
+ }
+
+ /* For attributes which are in the entry, we just need to get to the Slapi_Attr structure and yank out the slapi_value_set
+ structure. We either return a pointer directly to it, or we copy it, depending upon whether the caller asked us to try to
+ avoid copying.
+ */
+
+ /* First grok the entry, and remember what we saw. This call does no more than walk down the entry attribute list, do some string compares and copy pointers. */
+ vattr_helper_get_entry_conts(e,type, &my_get);
+ /* Having done that, we now consult the attribute map to find service providers who are interested */
+ /* Look for attribute in the map */
+ if(!(flags & SLAPI_REALATTRS_ONLY))
+ {
+ list = vattr_map_sp_getlist(type);
+ if (list) {
+ vattr_sp_handle *current_handle = NULL;
+ void *hint = NULL;
+ /* first lets consult the cache to save work */
+ int cache_status;
+
+ cache_status =
+ slapi_entry_vattrcache_find_values_and_type(e, type,
+ results,
+ actual_type_name);
+ switch(cache_status)
+ {
+ case SLAPI_ENTRY_VATTR_RESOLVED_EXISTS: /* cached vattr */
+ {
+ sp_bit = 1;
+
+ /* Complete analysis of type matching */
+ if ( 0 == slapi_attr_type_cmp( type , *actual_type_name, SLAPI_TYPE_CMP_EXACT) )
+ {
+ *type_name_disposition = SLAPI_VIRTUALATTRS_TYPE_NAME_MATCHED_EXACTLY_OR_ALIAS;
+ } else {
+ *type_name_disposition = SLAPI_VIRTUALATTRS_TYPE_NAME_MATCHED_SUBTYPE;
+ }
+
+ break;
+ }
+
+ case SLAPI_ENTRY_VATTR_RESOLVED_ABSENT: /* does not exist */
+ break; /* look in entry */
+
+ case SLAPI_ENTRY_VATTR_NOT_RESOLVED: /* not resolved */
+ default: /* any other result, resolve */
+ {
+ for (current_handle = vattr_map_sp_first(list,&hint); current_handle; current_handle = vattr_map_sp_next(current_handle,&hint))
+ {
+ rc = vattr_call_sp_get_value(current_handle,ctx,e,&my_get,type,results,type_name_disposition,actual_type_name,flags,buffer_flags, hint);
+ if (0 == rc)
+ {
+ sp_bit = 1;
+ break;
+ }
+ }
+
+ if(!sp_bit)
+ {
+ /* clean up, we have failed and must now examine the
+ * entry itself
+ * But first lets cache the no result
+ * Creates the type (if necessary).
+ */
+ slapi_entry_vattrcache_merge_sv(e, type, NULL );
+
+ }
+ else
+ {
+ /*
+ * we need to cache the virtual attribute
+ * creates the type (if necessary) and dups
+ * results.
+ */
+ slapi_entry_vattrcache_merge_sv(e, *actual_type_name,
+ *results );
+ }
+
+ break;
+ }
+ }
+ }
+ }
+ /* If no SP supplied the answer, take it from the entry */
+ if (!sp_bit && !(flags & SLAPI_VIRTUALATTRS_ONLY))
+ {
+ rc = 0; /* reset return code (cause an sp must have failed) */
+ *type_name_disposition = my_get.get_name_disposition;
+
+ if (my_get.get_present) {
+ if (flags & SLAPI_VIRTUALATTRS_REQUEST_POINTERS) {
+ *results = my_get.get_present_values;
+ *actual_type_name = my_get.get_type_name;
+ } else {
+ *results = valueset_dup(my_get.get_present_values);
+ if (NULL == *results) {
+ rc = ENOMEM;
+ } else {
+ *actual_type_name = slapi_ch_strdup(my_get.get_type_name);
+ if (NULL == *actual_type_name) {
+ rc = ENOMEM;
+ }
+ }
+ }
+ if (flags & SLAPI_VIRTUALATTRS_REQUEST_POINTERS) {
+ *buffer_flags = SLAPI_VIRTUALATTRS_RETURNED_POINTERS;
+ } else {
+ *buffer_flags = SLAPI_VIRTUALATTRS_RETURNED_COPIES;
+ }
+ } else {
+ rc = SLAPI_VIRTUALATTRS_NOT_FOUND;
+ }
+ }
+ if (use_local_ctx) {
+ /* slapi_pblock_destroy cleans up pb_vattr_context, as well */
+ slapi_pblock_destroy(local_pb);
+ } else {
+ vattr_context_ungrok(&c);
+ }
+ return rc;
}
/*
From fedora-directory-commits at redhat.com Tue Nov 6 18:13:59 2007
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Tue, 6 Nov 2007 13:13:59 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts
template-verify-db.pl.in, 1.8, 1.9
Message-ID: <200711061813.lA6IDxqY005584@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4861
Modified Files:
template-verify-db.pl.in
Log Message:
Resolves: #367671
Summary: verify-db.pl : can't find dbverify (comment #5)
Fix: added the inst_dir to PATH to tell verify-db.pl where dbverify is located.
Index: template-verify-db.pl.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-verify-db.pl.in,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- template-verify-db.pl.in 7 Sep 2007 19:08:45 -0000 1.8
+++ template-verify-db.pl.in 6 Nov 2007 18:13:57 -0000 1.9
@@ -169,7 +169,7 @@
my $dbdirs = getDbDir($startpoint);
my $prefix = "{{DS-ROOT}}";
-$ENV{'PATH'} = "$prefix at db_bindir@:$prefix/usr/bin:@db_bindir@:/usr/bin";
+$ENV{'PATH'} = "{{SERVER-DIR}}/{{PRODUCT-NAME}}-{{SERV-ID}}:$prefix at db_bindir@:$prefix/usr/bin:@db_bindir@:/usr/bin";
$ENV{'LD_LIBRARY_PATH'} = "@db_libdir@:@libdir@";
$ENV{'SHLIB_PATH'} = "@db_libdir@:@libdir@";
From fedora-directory-commits at redhat.com Tue Nov 6 18:16:04 2007
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Tue, 6 Nov 2007 13:16:04 -0500
Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40
ds_create.in, 1.5, 1.6
Message-ID: <200711061816.lA6IG410006293@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6264/adminserver/admserv/cgi-src40
Modified Files:
ds_create.in
Log Message:
Resolves: bug 367941
Bug Description: On HPUX, Unable to create a 2nd instance of DS using console
Reviewed by: nhosoi, nkinder (Thanks!)
Fix Description: We weren't looking in the with-fhs-opt location for the start-slapd script. But we shouldn't call this script directly anyway, we should use the DSCreate::startServer method.
Platforms tested: HP-UX
Flag Day: no
Doc impact: no
QA impact: This impacts instance creation with the console on all platforms, so we'll have to test those.
New Tests integrated into TET: none
Index: ds_create.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ds_create.in,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ds_create.in 2 Aug 2007 14:44:10 -0000 1.5
+++ ds_create.in 6 Nov 2007 18:16:02 -0000 1.6
@@ -72,24 +72,10 @@
my $servid = $query->param('servid');
if (!defined($start_server) or $start_server) {
- # ok to use here because not only will createDSInstance have validated that
- # servid contains only good characters, but we test for the existence
- # of this file first
- my $prog = "@dslibdir@/slapd-$servid/start-slapd";
- if (-x $prog) {
- $? = 0;
- # run the CGI
- my $output = `$prog 2>&1`;
- my $status = $?;
- if ($status) {
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: Could not start directory server: $output\n";
- print "NMC_Status: $status\n";
- exit $status;
- }
- } else {
+ $inf->{slapd}->{start_server} = 1;
+ if (@errs = DSCreate::startServer($inf)) {
print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: The program $prog does not exist\n";
+ print "NMC_ErrInfo: ", $res->getText(@errs), "\n";
print "NMC_Status: 1\n";
exit 1;
}
From fedora-directory-commits at redhat.com Wed Nov 7 15:08:24 2007
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 7 Nov 2007 10:08:24 -0500
Subject: [Fedora-directory-commits] ldapserver configure, 1.76,
1.77 configure.ac, 1.43, 1.44 aclocal.m4, 1.59, 1.60 missing,
1.44, 1.45 install-sh, 1.44, 1.45 depcomp, 1.44, 1.45 compile,
1.43, 1.44 config.sub, 1.43, 1.44 config.guess, 1.43,
1.44 Makefile.in, 1.80, 1.81
Message-ID: <200711071508.lA7F8OGh023078@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/ldapserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23009/ldapserver
Modified Files:
configure configure.ac aclocal.m4 missing install-sh depcomp
compile config.sub config.guess Makefile.in
Log Message:
bump source code version to 1.1.0 beta 2
Index: configure
===================================================================
RCS file: /cvs/dirsec/ldapserver/configure,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- configure 26 Oct 2007 22:04:37 -0000 1.76
+++ configure 7 Nov 2007 15:08:21 -0000 1.77
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for dirsrv 1.1.0b1.
+# Generated by GNU Autoconf 2.59 for dirsrv 1.1.0b2.
#
# Report bugs to
-Enter full path to CRL/CKL file. Provide the full path to the file containing the CRL or CKL. +Enter CRL/CKL file. Provide the name of the file containing the CRL or CKL. This file must exist in the same directory as your key and cert database.
File contains a Certificate Revocation List (CRL). Select this option if the file contains a CRL. Index: certificate_information_detail.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/certificate_information_detail.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- certificate_information_detail.html 9 Aug 2007 16:04:04 -0000 1.1 +++ certificate_information_detail.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -7,7 +7,23 @@
-Organizational Unit. If an organizational unit was specified during the certificate request process, it is displayed here. +Locality. If a locality was specified during the certificate request process, it is displayed here. +
+ ++Organization. If an organization was specified during the certificate request process, it is displayed here. +
+ ++Organization Unit. If an organization unit was specified during the certificate request process, it is displayed here. +
+ ++State. If a state was specified during the certificate request process, it is displayed here. +
+ ++Country. If a country was specified during the certificate request process, it is displayed here.
Index: certificate_request_wizard_introduction.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/certificate_request_wizard_introduction.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- certificate_request_wizard_introduction.html 9 Aug 2007 16:04:04 -0000 1.1 +++ certificate_request_wizard_introduction.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -3,7 +3,7 @@
-You can use Management Console to generate a manual or automatic certificate request. A manual request requires you to submit information to a CA. An automatic request is submitted for you by Console. In order to send an automatic request to a CA, you need to obtain a plug-in. For more information, contact your CA. +You can use the Management Console to generate a manual or automatic certificate request. A manual request requires you to submit information to a CA. An automatic request is submitted for you by Console. In order to send an automatic request to a CA, you need to obtain a plug-in. For more information, contact your CA.
Index: configure_administration_server_access.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/configure_administration_server_access.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configure_administration_server_access.html 9 Aug 2007 16:04:04 -0000 1.1 +++ configure_administration_server_access.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -3,13 +3,10 @@
-Use this tab to specify a user name and password for the Administration Server Administrator and to enable or disable Directory Server Gateway access. +Use this tab to specify a user name and password for the Administration Server Administrator.
-The Administration Server Administrator is a special user that has full access to all features in the Administration Server. This user is created during installation for the purpose of starting Console if a Directory Server is unavailable. The Administration Server Administrator user name and password are stored in the file <server_root>/admin-serv/config/admpw
.
-
-The Directory Server Gateway is a service that provides web-based access to the entire user directory. The Directory Server Gateway must be installed before you can use this option.
+The Administration Server Administrator is a special user that has full access to all features in the Administration Server. This user is created during installation. The Administration Server Administrator user name and password are stored in the file admpw
in your Administration Server configuration directory.
User name. Enter the user ID for the Administration Server Administrator. Index: configure_administration_server_configuration_ds.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/configure_administration_server_configuration_ds.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configure_administration_server_configuration_ds.html 9 Aug 2007 16:04:04 -0000 1.1 +++ configure_administration_server_configuration_ds.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -15,5 +15,5 @@ LDAP Port. Enter the port number for the configuration directory that this Administration Server uses.
-Secure Connection. Select this option if the configuration directory is already SSL enabled. +Secure Connection. Select this option if you would like the Administration Server to communicate with the configuration directory using SSL.
Index: configure_administration_server_encryption.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/configure_administration_server_encryption.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configure_administration_server_encryption.html 9 Aug 2007 16:04:04 -0000 1.1 +++ configure_administration_server_encryption.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -9,7 +9,7 @@ Enable SSL for this server. Select this option if you want to secure this server with Secure Sockets Layer (SSL) encryption. All other SSL encryption options listed here become available to you only when you enable SSL by checking this box.-Use this cipher family. When you enable SSL encryption, the cipher families available to you are listed here. The Management Console currently supports two cipher families: RSA and Fortezza. The internal security device supports only RSA. If you're using a Fortezza card, you'll also see the Fortezza cipher family listed in the Encryption tab. Select the cipher families you want to use. +Use this cipher family. When you enable SSL encryption, the cipher families available to you are listed here. The internal security device supports only the RSA cipher family.
Security Device. Choose internal (software) if the key is stored in the local key database. All other choices on this list are available only if you are using an external module. Index: configure_administration_server_network.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/configure_administration_server_network.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configure_administration_server_network.html 9 Aug 2007 16:04:04 -0000 1.1 +++ configure_administration_server_network.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -9,16 +9,16 @@ Port. Enter the port number you want the Administration Server to use. The port number can be any number between 1 and 65535, but it is typically a random number greater than 1024.
-IP Address. Enter the IP address you want the server to use for incoming requests and connections. +IP Address. Enter the IP address you want the server to use for incoming requests and connections. Leaving this field empty will cause the Administration Server to listen on all available network interfaces.
-Connection Restrictions. Displays a list of hosts currently allowed to connect to the Administration Server. Use the drop-down list to indicate whether you're adding to the list by DNS name or by IP address. The list is evaluated first by host name and then by IP address. +Connection Restrictions. Displays a list of hosts currently allowed to connect to the Administration Server. Use the drop-down list to indicate whether you're adding to the list by host name or by IP address. The list is evaluated first by host name and then by IP address.
Add. Displays a dialog box for adding a host to the list of computers allowed to connect to the Administration Server.
-Edit. Displays a dialog box for editing a Host IP address or DNS name on the list of computers allowed to connect to the Administration Server. +Edit. Displays a dialog box for editing a host name or IP address on the list of computers allowed to connect to the Administration Server.
Remove. Removes a selected entry from the list of allowed hosts. Index: configure_administration_server_user_ds.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/configure_administration_server_user_ds.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configure_administration_server_user_ds.html 9 Aug 2007 16:04:04 -0000 1.1 +++ configure_administration_server_user_ds.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -3,7 +3,7 @@
-Use this screen to specify one or more Directory Servers to use when authenticating users. +Use this screen to specify one or more Directory Servers to use when authenticating users to this Administration Server.
Use Default User Directory. Choose this option if you want to use the user directory associated with the domain. Its LDAP URL is displayed here.
@@ -41,9 +41,6 @@
-
-
-
Secure Connection. Select this option if the new user directory is already SSL enabled.
Index: create_user_administrator.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/create_user_administrator.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- create_user_administrator.html 9 Aug 2007 16:04:04 -0000 1.1 +++ create_user_administrator.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -32,6 +32,3 @@Fax. (Optional) Enter the user or administrator's fax number.
--Access Permissions Help. Provides information on setting access controls that apply to users and groups. -
Index: host_information.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/host_information.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- host_information.html 9 Aug 2007 16:04:04 -0000 1.1 +++ host_information.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -12,10 +12,10 @@ You can edit the following information about the selected host:
-Host name. Specifies the name of the host machine as displayed in the navigation tree. The host name is usually the fully qualified machine name, but any label is acceptable. For example, a host name could be eastcoast.example.com
or East Coast Sun ES10000
.
+Host name. Specifies the name of the host machine as displayed in the navigation tree. The host name is usually the fully qualified machine name, but any label is acceptable. For example, a host name could be westcoast.example.com
or West Coast Server
.
-Description. (Optional) Contains a brief description of this host. For example, Sun ES10000 for the East Coast division of Example Corporation. +Description. (Optional) Contains a brief description of this host. For example, Server for the West Coast division of Example Corporation.
Location. (Optional) Specifies the physical location of this host. For example, Cube 17043 or Building 15 - Third Floor - Lab No. 1. @@ -24,8 +24,8 @@ You can view, but not edit, the following information about the selected host:
-Platform. Indicates the host machine's architecture. For example, Intel. +Platform. Indicates the host machine's architecture. For example, i686.
-Operating system. Indicates the operating system that this host is running. For example, Windows NT 4.0 (Build 1381). +Operating system. Indicates the operating system that this host is running as reported by uname. For example, Linux westcoast.example.com 2.6.9-55.0.9.ELsmp Tue Sep 25 02:17:24 EDT i686 i686 i386 GNU/Linux.
Index: logging_options.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/logging_options.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- logging_options.html 9 Aug 2007 16:04:04 -0000 1.1 +++ logging_options.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -3,13 +3,13 @@-The Administration Server uses an access log and an error log. The access log monitors activity while the error log keeps track of server events and problems. Use this panel to indicate where to store each of these log files. +The Administration Server uses an access log and an error log. The access log monitors activity while the error log keeps track of server events and problems. Use this panel to indicate the filename to use for each of these log files.
-Access Log - Log File. Enter a path and filename for the access log. This path can be absolute or relative to the server root. Example: /export/server_logs/access
.
+Access Log - Log File. Enter a filename for the access log. This must be a filename with no path provided.
-Error Log - Log File. Enter a path and filename for the error log. This path can be absolute or relative to the server root. Example: /export/server_logs/error
.
+Error Log - Log File. Enter a filename for the error log. This must be a filename with no path provided.
-Use this dialog to view, request, and manage Certificate Authority (CA) certificates. +Use this dialog to view and manage Certificate Authority (CA) certificates.
Security Device. Choose the security device that you want to manage. Unless you have installed an external device, only internal (software) will be available. Index: manage_certificates_revoked_certs.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/manage_certificates_revoked_certs.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- manage_certificates_revoked_certs.html 9 Aug 2007 16:04:04 -0000 1.1 +++ manage_certificates_revoked_certs.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -3,7 +3,7 @@
-Use this dialog to view, request, and manage Certificate Revocation Lists (CRLs) and Compromised Key Lists (CKLs). +Use this dialog to view and manage Certificate Revocation Lists (CRLs) and Compromised Key Lists (CKLs).
Index: select_organizational_unit.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/select_organizational_unit.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- select_organizational_unit.html 9 Aug 2007 16:04:04 -0000 1.1 +++ select_organizational_unit.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -7,5 +7,5 @@
-An organizational unit is a type of branch point in an LDAP directory. Typically, it is used to represent a major entity in your enterprise. This can be a real-life division such as Engineering or a logical grouping of directory entries such as People or Groups. In Distinguished Name (DN) syntax, an organizational unit is represented by ou
. The Engineering division of a company might exist under ou=Engineering, o=example.com
. Employees may be stored under ou=People, o=example.com
.
+An organizational unit is a type of branch point in an LDAP directory. Typically, it is used to represent a major entity in your enterprise. This can be a real-life division such as Engineering or a logical grouping of directory entries such as People or Groups. In Distinguished Name (DN) syntax, an organizational unit is represented by ou
. The Engineering division of a company might exist under ou=Engineering, dc=example, dc=com
. Employees may be stored under ou=People, dc=example, dc=com
.
-Group name. Specifies the name of the server group as displayed in the network tree. The group name usually indicates the type of group that is selected. For example, Western Sales Servers, Finance Department's Directory Server, or Example Corporation's Messaging Servers. +Group name. Specifies the name of the server group as displayed in the network tree. The group name usually indicates the type of group that is selected. For example, Western Sales Servers or Example Corporation's Directory Servers.
Description. (Optional) Contains a brief description of this server group. For example, Servers for the Western region sales force.
--You can view, but not edit, the following information about the selected server group: -
--Installation path. Indicates the path to this server group. This path is also called the "server root." -
Index: server_information.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/server_information.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- server_information.html 9 Aug 2007 16:04:04 -0000 1.1 +++ server_information.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -15,7 +15,7 @@ You can edit the following information about the selected server:-Server Name. Specifies the name of the server as displayed in the network tree. The server name usually indicates the type of server that is selected. For example, Administration Server, Messaging Server, or Directory Server. +Server Name. Specifies the name of the server as displayed in the network tree. The server name usually indicates the type of server that is selected. For example, Administration Server or Directory Server.
Description. (Optional) Contains a brief description of this server. For example, Directory Server for the Eastern region sales force. @@ -27,9 +27,6 @@ Installation Date. Indicates date and time the server was installed.
-Server Root. Indicates directory where the server binaries are installed. -
-Product Name. Indicates the server's official product name.
@@ -45,7 +42,7 @@ Revision. Indicates whether this server has been upgraded or patched. If no value is present, this is an unpatched installation.
-Security Level. Indicates whether the server uses domestic (US based, 128-bit ciphers) or export (non-US based, 40-bit ciphers) encryption levels. +Security Level. Indicates whether the server uses domestic (128-bit ciphers) or export (40-bit ciphers) encryption levels.
Server Status. Indicates whether the server is on or off. Index: set_security_device_password_change_security_device_password.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/set_security_device_password_change_security_device_password.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- set_security_device_password_change_security_device_password.html 9 Aug 2007 16:04:04 -0000 1.1 +++ set_security_device_password_change_security_device_password.html 14 Nov 2007 16:46:16 -0000 1.2 @@ -10,7 +10,7 @@ The first time you use Administration Server's security features, you are prompted to specify a password for the internal (software) security device.
-Search Filter. Enter the search filter you want to use in this text box and then click OK.
+ ++Search (button). Click to begin searching. +
+ ++Basic (button). Click to go back to the basic search. +
Index: configtab_rootnode.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_rootnode.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_rootnode.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_rootnode.html 15 Nov 2007 18:28:07 -0000 1.2 @@ -7,6 +7,11 @@+Network Settings +
+ +Port. Port number used for non-SSL communications. By default, the port number is 389.
@@ -17,6 +22,7 @@Referrals to. LDAP URL of the default referral returned to client applications who submit requests based at a DN not maintained by your directory.
+Make entire server read-only. Causes the server to be placed in read-only mode. Selecting this option also places all databases managed by the server into read-only mode, meaning you cannot create, modify, or delete any entries. Index: configtab_rootnode3.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_rootnode3.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_rootnode3.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_rootnode3.html 15 Nov 2007 18:28:07 -0000 1.2 @@ -14,6 +14,7 @@ Use this cipher family. Select the checkbox next to the cipher family or families you want the server to use for SSL communications.
+Security Device. Select the device you want the server to use.
@@ -25,8 +26,7 @@Cipher settings. Opens the Encryption Preferences dialog box, where you can select which ciphers you want the server to use from the cipher families you have already selected. By default, Directory Server comes with the following SSL ciphers:
-@@ -128,10 +128,14 @@ |
+Client Authentication +
+Do not allow client authentication. Select this option if you want client applications to connect to the server using only simple authentication.
@@ -155,6 +159,7 @@If you use this option with client authentication, communication between the Management Console and the server will take place over a secure channel, but without client authentication.
+Check hostname against name in certificate for outbound SSL connections. Select this check box if you want an SSL-enabled Directory Server (with certificate based client authentication turned on) to verify authenticity of a request by matching the hostname against the value assigned to the Common Name (CN) attribute of the subject name in the certificate being presented. Index: dir_browser2.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/dir_browser2.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- dir_browser2.html 13 Aug 2007 22:28:09 -0000 1.1 +++ dir_browser2.html 15 Nov 2007 18:28:07 -0000 1.2 @@ -11,6 +11,11 @@
+User Password Change +
+ +User must change password after reset. When selected, users must change their passwords when they first log in or after the administrator resets the passwords.
@@ -29,8 +34,13 @@Remember X passwords. If the server is keeping a password history, this option specifies how many old passwords the server should store in the history list. The valid value range is from 2 to 24. The default value is 6.
++Password Expiration +
+Password never expires. Select this if you do not require users to change their passwords periodically.
@@ -53,35 +63,78 @@Allow up to X attempt(s) after password expires. Indicates the number of grace logins permitted after a user's password has expired. Grace logins are not permitted by default.
++Password Syntax +
+Check password syntax. Select this checkbox to enforce password syntax checking. Syntax checking ensures that the password strings conform to the syntax guidelines, such as minimum password length.
-Password minimum length. If syntax checking is on, this option specifies the minimum number of characters that must be used in directory server passwords. The valid value range is from 2 to 512 characters. The default value is 6. +Password minimum length. If syntax checking is on, this option specifies the minimum number of characters that must be used in directory server passwords. The valid value range is from 2 to 512 characters. The default value is 8. +
+ ++Minimum required digit characters. If syntax checking is on, this option specifies the minimum number of digit characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required alpha characters. If syntax checking is on, this option specifies the minimum number of alpha characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required uppercase characters. If syntax checking is on, this option specifies the minimum number of uppercase characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required lowercase characters. If syntax checking is on, this option specifies the minimum number of lowercase characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required special characters. If syntax checking is on, this option specifies the minimum number of special characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required 8-bit characters. If syntax checking is on, this option specifies the minimum number of 8-bit characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Maximum number of repeated characters. If syntax checking is on, this option specifies the maximum number of repeated characters that is allowed to used in directory server passwords. The valid value range is from 0 to 64 characters. If 0 is set, the server does not check the repeated characters. The default value is 0. +
+ ++Minimum required character categories. If syntax checking is on, this option specifies the minimum number of character categories that must be used in directory server passwords. The valid value range is from 1 to 5 characters. The default value is 3. +
+ ++Minimum token length. If syntax checking is on, this option specifies the minimum token length that must be used in directory server passwords. The valid value range is from 1 to 64 characters. The default value is 3.
+Password encryption. Identifies how user passwords are stored in the directory. You can specify one of the following encryption formats:
+Salted Secure Hashing Algorithm (SSHA). This method is recommended as the most secure. SSHA is the default encryption method. +
+ ++UNIX crypt algorithm (CRYPT). Provided for compatibility with UNIX passwords. +
+ ++Secure Hashing Algorithm (SHA, SHA256, SHA384, SHA512). One-way hash algorithms. +
+ ++No encryption (CLEAR). This encryption type indicates that the password will appear in plain text. +
+Index: dir_browser3.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/dir_browser3.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- dir_browser3.html 13 Aug 2007 22:28:09 -0000 1.1 +++ dir_browser3.html 15 Nov 2007 18:28:07 -0000 1.2 @@ -11,6 +11,10 @@
+Password Lockout +
+Lockout account after X login failures. Specify the number of times a user can fail to bind before they are locked out of the directory. Valid values are 1 to 32,767 attempts. This option is available only if account lockout is enabled.
@@ -25,3 +29,4 @@Lockout duration X minutes. Select this option to indicate the amount of time a user will be locked out of the directory after a series of failed bind attempts. If you select this option, you must enter a number of minutes in the text box. Valid values are 1 to 35,791,394 minutes. This option is available only if account lockout is enabled.
+-Description. Enter a description of your class of service. +Description (Optional). Enter a description of your class of service.
Index: dirtab_role.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/dirtab_role.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- dirtab_role.html 13 Aug 2007 22:28:09 -0000 1.1 +++ dirtab_role.html 15 Nov 2007 18:28:07 -0000 1.2 @@ -7,30 +7,12 @@-LDAP filter. Enter the filter in this text field or click Construct to be guided through the construction of an LDAP filter. The Construct dialog box contains the following fields: +LDAP filter. Enter the filter in this text field or click Construct to be guided through the construction of an LDAP filter.
-+Construct... (button). Click to use the Construct dialog box to generate a filter. +
Test. Click this button to try your filter. The entries matching your filter appear in the table. The following information is displayed: Index: property_editor.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/property_editor.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- property_editor.html 13 Aug 2007 22:28:09 -0000 1.1 +++ property_editor.html 15 Nov 2007 18:28:07 -0000 1.2 @@ -7,6 +7,8 @@
+View +
Show Attribute Names. Select this option if you want the property editor to display the names of the attributes as they appear in the schema. For example, mail
instead of Email address
.
+Show Effective Rights. Select this checkbox if you want to view the entry's effective rights. +
+ + ++Edit + +
Add Value. If the currently selected attribute is not the objectclass
attribute or a binary attribute, you can use this command to insert a blank text box for the currently selected attribute. Enter the new value in the text box.
Delete Attribute. Use this command to delete the currently selected attribute from the entry.
+ Index: statustab_performance.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/statustab_performance.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- statustab_performance.html 13 Aug 2007 22:28:09 -0000 1.1 +++ statustab_performance.html 15 Nov 2007 18:28:07 -0000 1.2 @@ -7,6 +7,11 @@+General Information +
+ +Server version. Identifies the current server version.
@@ -17,9 +22,10 @@Current time on server. Displays the current date and time on the server.
+-Refresh. Click refresh to update the current display. +Refresh (button). Click refresh to update the current display.
@@ -31,25 +37,25 @@
+Connections. Gives the total number of connections to this server since startup and the average number of connections per minute since startup. +
+ ++Operations Initiated. Gives the total number of operations initiated since server startup and the average number of operations per minute since startup. +
+ ++Operations Completed. Gives the total number of operations completed by the server since startup and the average number of operations per minute since server startup. +
+ ++Entries Sent To Clients. Gives the total number of entries sent to client applications since server startup in response to search requests and the average number of entries sent to client application per minute since server startup. +
+ ++Bytes Sent To Clients. Gives the total number of bytes sent to client applications and the average number of bytes sent to client applications since server startup. +
@@ -57,25 +63,25 @@
+Active Threads. Current number of active threads used for handling requests. +
+ ++Open Connections. Total number of open connections. +
+ ++Remaining Available Connections. Total number of remaining connections that the server can concurrently open. +
+ ++Threads Waiting To Read From Client. Provides the current total. This condition occurs when the server starts to receive a request from a client application and then the transmission is halted. This total generally indicates a slow network or client application. +
+ ++Database In Use. Total number of databases being used by the server. +
@@ -83,25 +89,25 @@
+Time opened. Indicates when the connection was opened. +
+ ++Started. Indicates the number of operations initiated by this connection. +
+ ++Completed. Indicates the number of operations completed by the server for this connection. +
+ ++Bound As. Indicates the DN used by the client application to connect to the server. +
+ ++Read/Write. Indicates whether the server is currently blocked for read or write access by the client application. +
@@ -109,35 +115,32 @@
+Hits. Indicates the number of times the server could process a request by obtaining data from the cache rather than by going to the disk. +
+ ++Tries. The total number of requests performed on your directory since server startup. +
+ ++Hit Ratio. The ratio of cache tries to successful cache lookups. The closer this number is to 100% the better. +
+ ++Pages read in. Indicates the number of pages read from disk into the cache. +
+ ++Pages written out. Indicates the number of pages written from the cache back to disk. +
+ ++Read-only page evicts. Indicates the number of read-only pages discarded from the cache to make room for new pages. Pages discarded from the cache have to be written to disk, possibly affecting server performance. The lower the number of page evicts the better. +
+ +
+Read-write page evicts. Indicates the number of read-write pages discarded from the cache to make room for new pages. This value differs from Pages Written Out in that these are discarded read-write pages that have not been modified.
Pages discarded from the cache have to be written to disk, possibly affecting server performance. The lower the number of page evicts the better.
-
+General Information. +
+ +Database. Identifies the type of database being monitored.
Configuration DN. Identifies the distinguished name you can use to obtain these results using the ldapsearch
command-line utility.
-Refresh. Click refresh to update the current display. +Refresh (button). Click refresh to update the current display.
@@ -27,29 +33,29 @@
+Read-only status. Indicates whether the database is currently in read-only mode. +
+ ++Entry cache hits. Indicates the number of times the server could process a search request by obtaining data from the cache rather than by going to the disk. +
+ ++Entry cache tries. The total number of search operations performed against your server since server startup. +
+ ++Entry cache hit ratio. The ratio of entry cache tries to successful entry cache lookups. The closer this number is to 100% the better. +
+ ++Current size of entry cache (in bytes). Total number of bytes currently used by the entry cache. +
+ ++Maximum size of entry cache (in bytes). Maximum number of bytes available to the entry cache. +
@@ -57,19 +63,19 @@
+Cache hits. Indicates the number of times the server could process a request by obtaining data from the cache rather than by going to the disk. +
+ ++Cache misses. Number of times the cache does not contain the information being requested by the client application. +
+ ++Pages read in. Number of pages read from disk into the database cache. +
+ ++Pages written out. Number of pages written from the cache back to disk. +
+New Database Link info +
+ ++Database suffix. Suffix the database link is created from. +
+ +Database link name. Unique name of the database link.
@@ -22,6 +31,7 @@ Remote server(s) information. In this section you provide information about the remote data sources used by the database link. +Use a secure LDAP connection between servers. Selecting this checkbox indicates that the connection between the server and the remote server is secure.
@@ -41,7 +51,9 @@Port. Port number of an alternative remote server.
+LDAP URL. This field contains a dynamically created LDAP URL that combines the server names and port numbers you specified in the remote server information fields.
++Managed DSA control. This control returns smart referrals as entries rather than following the referral. This allows you to modify or delete the smart referral itself. The OID for this control is 2.16.840.1.113730.3.4.2. +
+Virtual list view (VLV) control. This control provides lists of parts of entries rather than returning all entry information. The OID of this control is 2.16.840.1.113730.3.4.9. +
+Server side sorting control. This control sorts entries according to their attribute values. The OID for this control is 1.2.840.113556.1.4.473. +
Loop detection control. This control contains a count that is decremented each time the server tries to chain. When the server receives a count of 0 it determines that a loop has been detected and notifies the client application. The OID for this control is 1.3.6.1.4.1.1466.29539.12. +
Index: configtab_chaindb3.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_chaindb3.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_chaindb3.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_chaindb3.html 19 Nov 2007 18:21:38 -0000 1.2 @@ -31,19 +31,6 @@
-2.16.840.1.113730.3.4.3 -
-Persistent search control. -
-This control is used with a search request to indicate that the server should not complete the request when all the matching entries have been returned. Instead, the server should keep the operation active and send results to the client whenever an entry matching the search filter is added, deleted, or modified. -
2.16.840.1.113730.3.4.4
+2.16.840.1.113730.3.4.19 +
+Virtual attributes only request control. +
+This control requests that the server return only attributes generated by the roles and class of service features. +
+1.3.6.1.4.1.42.2.27.8.5.1 +
+Password policy request control. +
++1.3.6.1.4.1.42.2.27.9.5.2 +
+Get effective rights request control. +
+2.16.840.1.113730.3.4.14
+2.16.840.1.113730.3.4.20 +
+Extended version of Search on specific database control. +
+This control can be used when the database name is supplied or not supplied. When it is not supplied,it retrieves the database name from the base of the search. +
2.16.840.1.113730.3.4.12
+2.16.840.1.113730.3.4.18 +
+Proxied authorization (new "version 2" specification) control. +
+Allows the client to assume another identity for the duration of a request +
2.16.840.1.113730.3.4.13
+User Password Change +
+ +User must change password after reset. When selected, users must change their passwords when they first log in or after the administrator resets the passwords.
@@ -29,8 +34,13 @@Remember X passwords. If the server is keeping a password history, this option specifies how many old passwords the server should store in the history list. The valid value range is from 2 to 24. The default value is 6.
++Password Expiration +
+Password never expires. Select this if you do not require users to change their passwords periodically.
@@ -51,37 +61,80 @@-Allow up to X login attempt(s) after password expires. Indicates the number of grace logins permitted after a user's password has expired. Grace logins are not permitted by default. +Allow up to X attempt(s) after password expires. Indicates the number of grace logins permitted after a user's password has expired. Grace logins are not permitted by default.
++Password Syntax +
+Check password syntax. Select this checkbox to enforce password syntax checking. Syntax checking ensures that the password strings conform to the syntax guidelines, such as minimum password length.
-Password minimum length. If syntax checking is on, this option specifies the minimum number of characters that must be used in directory server passwords. The valid value range is from 2 to 512 characters. The default value is 6. +Password minimum length. If syntax checking is on, this option specifies the minimum number of characters that must be used in directory server passwords. The valid value range is from 2 to 512 characters. The default value is 8. +
+ ++Minimum required digit characters. If syntax checking is on, this option specifies the minimum number of digit characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required alpha characters. If syntax checking is on, this option specifies the minimum number of alpha characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required uppercase characters. If syntax checking is on, this option specifies the minimum number of uppercase characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required lowercase characters. If syntax checking is on, this option specifies the minimum number of lowercase characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required special characters. If syntax checking is on, this option specifies the minimum number of special characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Minimum required 8-bit characters. If syntax checking is on, this option specifies the minimum number of 8-bit characters that must be used in directory server passwords. The valid value range is from 0 to 64 characters. The default value is 0. +
+ ++Maximum number of repeated characters. If syntax checking is on, this option specifies the maximum number of repeated characters that is allowed to used in directory server passwords. The valid value range is from 0 to 64 characters. If 0 is set, the server does not check the repeated characters. The default value is 0. +
+ ++Minimum required character categories. If syntax checking is on, this option specifies the minimum number of character categories that must be used in directory server passwords. The valid value range is from 1 to 5 characters. The default value is 3. +
+ ++Minimum token length. If syntax checking is on, this option specifies the minimum token length that must be used in directory server passwords. The valid value range is from 1 to 64 characters. The default value is 3.
+Password encryption. Identifies how user passwords are stored in the directory. You can specify one of the following encryption formats:
+Salted Secure Hashing Algorithm (SSHA). This method is recommended as the most secure. SSHA is the default encryption method. +
+ ++UNIX crypt algorithm (CRYPT). Provided for compatibility with UNIX passwords. +
+ ++Secure Hashing Algorithm (SHA, SHA256, SHA384, SHA512). One-way hash algorithms. +
+ ++No encryption (CLEAR). This encryption type indicates that the password will appear in plain text. +
+Index: configtab_db5.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_db5.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_db5.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_db5.html 19 Nov 2007 18:21:38 -0000 1.2 @@ -15,10 +15,6 @@
-Maximum entries in cache. Maximum number of entries stored in the database cache for processing client search requests. A value of -1 indicates no limit. For performance tuning purposes. -
- -Memory available for cache. Maximum memory available to the database for storing cached entries, in bytes. For performance tuning purposes.
Index: configtab_ldbmdb.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_ldbmdb.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_ldbmdb.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_ldbmdb.html 19 Nov 2007 18:21:38 -0000 1.2 @@ -7,11 +7,12 @@-Suffix Name. This field appears only when you create a new database in an existing suffix. Gives the name of the suffix contained by the database. +Database information. Use these options to specify the database name and location.
+-Database information. Use these options to specify the database name and location. +Suffix Name. This field appears only when you create a new database in an existing suffix. Gives the name of the suffix contained by the database.
@@ -21,3 +22,4 @@
Create database in. Enter the full path to the location on your machine where you want the new database to reside. Click Browse to locate a directory.
+Use the Databases. Select this option if you want the databases and database links to be used for processing all requests made by client applications.
@@ -29,3 +30,4 @@Return Referrals for Update Operations. Select this option to return a referral only during update requests. This is useful for redirecting client requests made to read-only databases.
+-Enter a new referral. Enter a referral in LDAP URL format, or click Construct to be guided through the process. Click Add to add the referral to the list. +Current referrals for this suffix. Lists the referrals currently in place for this suffix. The entire list of referrals is returned to client applications in response to a request, when you select Referral or Referral on Update in the Suffix Settings tab. Click Delete to remove a referral from the list.
-Current referrals for this suffix. Lists the referrals currently in place for this suffix. The entire list of referrals is returned to client applications in response to a request, when you select Referral or Referral on Update in the Suffix Settings tab. Click Delete to remove a referral from the list. +Enter a new referral. Enter a referral in LDAP URL format, or click Construct to be guided through the process. Click Add to add the referral to the list.
+ Index: configtab_rootnode6.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_rootnode6.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_rootnode6.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_rootnode6.html 19 Nov 2007 18:21:38 -0000 1.2 @@ -24,7 +24,7 @@Name. The name of the SASL identity. +
+Regular Expression. A regular expression that maps the SASL identity. +
+Search Base DN. The base DN for the SASL mapping identity search. +
Search Filter. The search filter for the SASL mapping identity search. +
+Kerberos uid mapping, rfc 2829 dn syntax, rfc 2829 u syntax, and uid mapping are configured by default. +
From fedora-directory-commits at redhat.com Mon Nov 19 19:23:31 2007 From: fedora-directory-commits at redhat.com (Jack Magne (jmagne)) Date: Mon, 19 Nov 2007 14:23:31 -0500 Subject: [Fedora-directory-commits] esc/src/app/xul/esc/chrome/content/esc ESC.js, 1.13, 1.13.4.1 Message-ID: <200711191923.lAJJNVlO015778@cvs-int.fedora.redhat.com> Author: jmagne Update of /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15660 Modified Files: Tag: RHPKI_7_3_BRANCH ESC.js Log Message: Add code to read a global phone home pref under strict circumstances. Bug#352991. Index: ESC.js =================================================================== RCS file: /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v retrieving revision 1.13 retrieving revision 1.13.4.1 diff -u -r1.13 -r1.13.4.1 --- ESC.js 5 Apr 2007 18:39:52 -0000 1.13 +++ ESC.js 19 Nov 2007 19:23:29 -0000 1.13.4.1 @@ -51,6 +51,8 @@ const ESC_FACE_TO_FACE_MODE = "esc.face.to.face.mode"; const ESC_SECURITY_URL="esc.security.url"; const ESC_SECURE_URL="esc.secure.url"; +const ESC_GLOBAL_PHONE_HOME_URL= "esc.global.phone.home.url"; +const SPECIAL_ATR="3B769400FF6276010000"; const CLEAN_TOKEN = "cleanToken"; const UNINITIALIZED = 1; @@ -280,6 +282,11 @@ return true; } + //Check for special key since we have no phone home info. + + + home = GetGlobalPhoneHomeUrl(keyType,keyID); + var homeRes = false; @@ -291,8 +298,9 @@ // Launch the config dialog only if we can't // Phone Home and we are not in the special security mode + // or if we are not using a special key - if(!homeRes && !CheckForSecurityMode()) + if(!homeRes && !CheckForSecurityMode() ) { recordMessage("About to launch CONFIG , non secmode..."); @@ -301,6 +309,48 @@ return homeRes; } + +//Get global phone home url only for a special key + +function GetGlobalPhoneHomeUrl(keyType,keyID) +{ + + var globalIssuerURL=null; + var specialATR=SPECIAL_ATR; + var phonHomeURL= DoCoolKeyGetATR(keyType,keyID); + + var specialAppletVerMaj=1; + var specialAppletVerMin=1; + + + var appletVerMaj = DoGetCoolKeyGetAppletVer(keyType, keyID , true); + var appletVerMin = DoGetCoolKeyGetAppletVer(keyType, keyID, false); + + if( (appletVerMaj != specialAppletVerMaj) || + ( appletVerMin != specialAppletVerMin)) { + + return null; + } + + var keyATR = DoCoolKeyGetATR(keyType,keyID); + + if( keyATR != specialATR) { + + return null; + + } + + globalIssuerURL = DoCoolKeyGetConfigValue(ESC_GLOBAL_PHONE_HOME_URL); + + if(globalIssuerURL==null) { + return null; + } + + return globalIssuerURL; + +} + + //Test Phone Home url in config UI function DoPhoneHomeTest() From fedora-directory-commits at redhat.com Tue Nov 20 17:35:11 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 20 Nov 2007 12:35:11 -0500 Subject: [Fedora-directory-commits] directoryconsole/help/en/help configtab_replication.html, 1.1, 1.2 configtab_replication2.html, 1.1, 1.2 configtab_replication3.html, 1.1, 1.2 configtab_replication8.html, 1.1, 1.2 replication_wizard.html, 1.1, 1.2 replication_wizard4.html, 1.1, 1.2 replication_wizard6.html, 1.1, 1.2 synchronization_wizard2.html, 1.1, 1.2 Message-ID: <200711201735.lAKHZBVh002338@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/directoryconsole/help/en/help In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2062/help Modified Files: configtab_replication.html configtab_replication2.html configtab_replication3.html configtab_replication8.html replication_wizard.html replication_wizard4.html replication_wizard6.html synchronization_wizard2.html Log Message: Resolves: #379191 Summary: Online help: Directory Console (ds-console) (Comment #8) Description: help pages referred from Directory Console | Configuration Tab | Replication tree 1) format change (added indentation for grouping). 2) eliminated "serverRoot" as well as obsolete descriptions. 3) repl/win-sync agreement summary panel is shared. added notes on both. Index: configtab_replication.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_replication.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_replication.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_replication.html 20 Nov 2007 17:35:08 -0000 1.2 @@ -11,13 +11,19 @@
+Authentication +
+ +Supplier DN. Use this field to specify the distinguished name that any supplier server must use to bind to this consumer server to send replication updates. The supplier DN must correspond to an entry that is stored on the consumer server. This entry must not be part of the replicated database.
-New supplier password. If a password is specified, the supplier server uses this password to bind to the consumer server. +New supplier password (min 8 char). If a password is specified, the supplier server uses this password to bind to the consumer server. Minimum 8 characters.
Confirm new supplier password. Confirms that the password entered in the "New supplier password" field is correct.
++Replication Changelog +
+ +Changelog database directory. The directory in which the supplier server stores the change log.
-Browse. If you want the server to display a file selector so that you can select a directory for storing the change log database, click this button. +Browse (button). If you want the server to display a file selector so that you can select a directory for storing the change log database, click this button.
-Use default. If you want the server to suggest a default path name for the change log database, click this button. +Use default (button). If you want the server to suggest a default path name for the change log database, click this button.
@@ -29,6 +34,7 @@
Max changelog age. When an entry in the change log reaches the age specified here, the server removes the entry from the change log. If you select the Unlimited checkbox, the server does not remove entries from the change log based on age.
+To remove a change log database that has grown too big, you must manually delete it. Index: configtab_replication3.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_replication3.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_replication3.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_replication3.html 20 Nov 2007 17:35:08 -0000 1.2 @@ -11,6 +11,11 @@
+Replica Role. Select one of the replica roles +
+ +Single Master. Select this radio button if you want this Directory Server to act as the single supplier server for this database.
@@ -25,13 +30,19 @@Dedicated Consumer. Select this radio button if you want this Directory Server to accept updates from a supplier server. A dedicated consumer can service search operations but not update operations. Update operations will be referred to a supplier server.
+-Replica ID. An integer between 1 and 255 that identifies the replica. The replica IDs of the master replicas must be unique. In other words, master replicas involved in the same multi-master configuration must have different replica IDs. However, two master replicas (corresponding to different suffixes) on the same server can have the same replica ID. +Common Settings.
+-If the ID is incorrect, the field labels turn red and the Save button is disabled. +Replica ID. An integer between 1 and 255 that identifies the replica. The replica IDs of the master replicas must be unique. In other words, master replicas involved in the same multi-master configuration must have different replica IDs. However, two master replicas (corresponding to different suffixes) on the same server can have the same replica ID. +
+ ++If the ID is incorrect, the field labels turn red and the Save button is disabled. Dedicated Consumer does not require Replica ID.
@@ -41,11 +52,18 @@
Updatable by a 4.x Replica. Check this checkbox if you want this Directory Server to act as a legacy consumer of a 4.x supplier server.
++Update Settings. +
+-Current Supplier DNs. This field lists the supplier bind DNs that supplier servers must use to update this replica. You can now specify multiple supplier bind DNs per replica, but only one supplier DN per replication agreement. Use the "Enter a new Supplier DN" field to specify a new supplier DN and click Add to add it to this list. If you have configured replication over SSL, specify the DN of the entry that contains the supplier's certificate in the "Enter a new Supplier DN" field and click Add to add it to this list. +Current Supplier DNs. This field lists the supplier bind DNs that supplier servers must use to update this replica. You can now specify multiple supplier bind DNs per replica, but only one supplier DN per replication agreement. Use the "Enter a new Supplier DN" field to specify a new supplier DN and click Add to add it to this list. If you have configured replication over SSL, specify the DN of the entry that contains the supplier's certificate in the "Enter a new Supplier DN" field and click Add to add it to this list.
Current URLs for referrals (Optional). Directory Server uses the information contained in the replication agreement to create referrals from the consumer server to the appropriate supplier servers. This field lists the URLs you specify in addition to the automatic URLs which will be set up automatically. If you want the consumer to return an ldaps://
URL, so that clients will bind to the supplier servers using SSL, enter the URL in the "Enter a new URL" field and click Add to add it to this list of current URLs. In the same way, if you have a cascading replication scenario and you want the referral returned to clients to point to the original supplier instead of the hub supplier, enter the corresponding URL in the "Enter a new URL" field and click Add to add it to this list of current URLs.
-LDIF file (on remote machine). Enter the full path to the LDIF file. Click Browse to locate it on your machine. By default, if you are running the console locally, the file is stored in the current directory. -
- -
-When the Browse button is not enabled, by default the file is stored in the serverRoot/slapd-
serverID/ldif
+LDIF file. Enter the full path to the LDIF file. Or click Browse to locate it on your machine.
-Consumer. Select the consumer server in the replication agreement from this drop-down menu. To ensure that all servers in your deployment appear in this drop-down menu, you must bind as Administrator. If the consumer server you want still does not appear in the list, click Other to enter the host and port of the consumer. +Consumer. Select the consumer server in the replication agreement from this drop-down menu. To ensure that all servers in your deployment appear in this drop-down menu, you must bind as Administrator. If the consumer server you want still does not appear in the list, click Other button to enter the host and port of the consumer.
-Other. Click this button to manually enter the host and port of a consumer server +Connection
+Using Encrypted SSL Connection. If you want the supplier and consumer servers to use SSL for secure communication, select this checkbox. To use this option, you must have first configured your servers to use SSL.
@@ -51,6 +52,7 @@Password. If you are not using SSL, or you are using SSL with simple authentication, enter the Supplier DN password in the Password field.
+Subtree. Identifies the content to be replicated. Index: replication_wizard4.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/replication_wizard4.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- replication_wizard4.html 13 Aug 2007 22:28:09 -0000 1.1 +++ replication_wizard4.html 20 Nov 2007 17:35:08 -0000 1.2 @@ -7,5 +7,11 @@
+Replication agreement wizard. If you selected "Initialize Consumer Now" in the Initialize Consumer dialog box, the consumer is initialized immediately. Synchronization begins immediately.
+ ++Windows Sync Agreement wizard. +The server creates the synchronization agreement and dismisses the synchronization wizard. Synchronization begins immediately. +
Index: replication_wizard6.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/replication_wizard6.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- replication_wizard6.html 13 Aug 2007 22:28:09 -0000 1.1 +++ replication_wizard6.html 20 Nov 2007 17:35:08 -0000 1.2 @@ -11,17 +11,17 @@-Add All. If any or all attributes have been moved to the "Excluded" column on the left, selecting this button will move them back to the "Included" column. This button is grayed out unless the "Enable Fractional Replication" checkbox is selected. +Add All (button). If any or all attributes have been moved to the "Excluded" column on the left, selecting this button will move them back to the "Included" column. This button is grayed out unless the "Enable Fractional Replication" checkbox is selected.
-Add ->. This button will move the highlight entry/entries from the "Excluded" column on the left to the "Included" column on the right. This button is grayed out unless the "Enable Fractional Replication" checkbox is selected. +Add -> (button). This button will move the highlight entry/entries from the "Excluded" column on the left to the "Included" column on the right. This button is grayed out unless the "Enable Fractional Replication" checkbox is selected.
-<- Remove. This button will move the highlight entry/entries from the "Included" column on the right to the "Excluded" column on the left. This button is grayed out unless the "Enable Fractional Replication" checkbox is selected. +<- Remove (button). This button will move the highlight entry/entries from the "Included" column on the right to the "Excluded" column on the left. This button is grayed out unless the "Enable Fractional Replication" checkbox is selected.
-Remove All. This button will move all the attributes from the "Included" column to the "Excluded" column. This button is grayed out unless the "Enable Fractional Replication" checkbox is selected. +Remove All (button). This button will move all the attributes from the "Included" column to the "Excluded" column. This button is grayed out unless the "Enable Fractional Replication" checkbox is selected.
Index: synchronization_wizard2.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/synchronization_wizard2.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- synchronization_wizard2.html 13 Aug 2007 22:28:09 -0000 1.1 +++ synchronization_wizard2.html 20 Nov 2007 17:35:08 -0000 1.2 @@ -11,6 +11,11 @@+Windows Domain Information +
+ +Windows Domain Name. This is the name of the Windows domain that contains the Windows subtree which you are synchronizing with the Directory Server subtree. For example: example.com
@@ -19,6 +24,10 @@+Sync New Windows Groups. Check this checkbox if you want to add new Windows groups automatically to the Directory Server. +
+ +Windows Subtree. This is the Windows subtree which you are synchronizing with the Directory Server subtree. If the subtree which you are synchronizing is ou=People, than the Windows subtree is set by default to cn=Users, and the remaining information is supplied by the Windows domain information.
@@ -33,7 +42,13 @@Port Num. The Windows domain controller port number. By default, this is 389; this is automatically reset to 636 if you check the "Using encrypted SSL connection" checkbox (even if you had previously set a different value).
++Connection +
+Using Encrypted SSL Connection. If you want the Directory Server and Windows servers to use SSL for secure communication, select this checkbox. To use this option, you must have first configured your servers to use SSL. It is strongly recommended that you use an SSL connection. Passwords will not be synchronized if you do not enable SSL.
@@ -45,6 +60,7 @@Password. Enter the supplier DN password in the Password field.
+When you are creating a new synchronization agreement from the Replication folder, you can choose the subtree you want to synchronize. If you are creating a new synchronization agreement from a database under the Replication folder, the subtree is the same as that contained by the database and cannot be changed. From fedora-directory-commits at redhat.com Tue Nov 20 18:32:08 2007 From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder)) Date: Tue, 20 Nov 2007 13:32:08 -0500 Subject: [Fedora-directory-commits] directoryconsole/help/en/help configtab_logs.html, 1.1, 1.2 configtab_logs2.html, 1.1, 1.2 configtab_logs3.html, 1.1, 1.2 configtab_plugins.html, 1.1, 1.2 configtab_schema.html, 1.1, 1.2 configtab_schema2.html, 1.1, 1.2 configtab_schema3.html, 1.1, 1.2 configtab_schema4.html, 1.1, 1.2 configtab_schema5.html, 1.1, 1.2 Message-ID: <200711201832.lAKIW8Rm013368@cvs-int.fedora.redhat.com> Author: nkinder Update of /cvs/dirsec/directoryconsole/help/en/help In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13335 Modified Files: configtab_logs.html configtab_logs2.html configtab_logs3.html configtab_plugins.html configtab_schema.html configtab_schema2.html configtab_schema3.html configtab_schema4.html configtab_schema5.html Log Message: Resolves: 379191 Summary: Corrected formatting and path issues in online help files. Index: configtab_logs.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_logs.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_logs.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_logs.html 20 Nov 2007 18:32:06 -0000 1.2 @@ -15,11 +15,7 @@
-Log File. Contains the full path and name of the access log file. By default, the value is: -
- -
-serverRoot/slapd-serverID/logs/access
+Log File. Contains the full path and name of the access log file.
Index: configtab_logs2.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_logs2.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_logs2.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_logs2.html 20 Nov 2007 18:32:06 -0000 1.2 @@ -15,12 +15,7 @@
-Log File. Contains the full path and filename of the error log. By default, the value is: -
- --serverRoot/slapd-serverID/logs/errors - +Log File. Contains the full path and filename of the error log.
@@ -48,7 +43,7 @@
-Maximum number of logs. The number of logs to archive per directory. The default value is 1 log, meaning that the server does not rotate the log and it grows indefinitely. +Maximum number of logs. The number of logs to archive per directory.
Index: configtab_logs3.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_logs3.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_logs3.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_logs3.html 20 Nov 2007 18:32:06 -0000 1.2 @@ -15,11 +15,7 @@
-Log File. Contains the full path and name of the audit log. By default, the value is: -
- --serverRoot/slapd-serverID/logs/audit +Log File. Contains the full path and name of the audit log.
Index: configtab_plugins.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_plugins.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_plugins.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_plugins.html 20 Nov 2007 18:32:06 -0000 1.2 @@ -35,7 +35,7 @@
-Plug-in module path. Gives the name and path of the shared object or dynamic link library that contains the plug-in. +Plug-in module path. Gives the name and path of the shared object that contains the plug-in. The path and shared object suffix can be omitted if the plug-in is in the server's default plug-in directory.
Index: configtab_schema.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_schema.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_schema.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_schema.html 20 Nov 2007 18:32:06 -0000 1.2 @@ -3,7 +3,7 @@
-Use this tab to view information about all object classes that currently exist in your directory schema. You can also delete an object class that you have created using this tab. You cannot edit or delete standard object classes. +Use this tab to view information about all object classes that currently exist in your directory schema as well as create new object classes. You can also edit or delete an object class that you have created using this tab. You cannot edit or delete standard object classes.
Index: configtab_schema2.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_schema2.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_schema2.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_schema2.html 20 Nov 2007 18:32:06 -0000 1.2 @@ -1,5 +1,5 @@
-Create Object Class +Create/Edit Object Class
Index: configtab_schema3.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_schema3.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_schema3.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_schema3.html 20 Nov 2007 18:32:06 -0000 1.2 @@ -10,7 +10,7 @@ Standard Attributes (Read-Only). The Standard Attributes table lists all standard attributes along with their OIDs and corresponding attribute syntax. The alphabetical listing of all available attributes helps you determine whether or not you need to create a new attribute. The information in the table is defined below.
--Create Attribute Dialog Box +Create/Edit Attribute
@@ -23,7 +23,7 @@
-Syntax. Select a syntax that describes the data to be held by the attribute. Available syntaxes are Integer, IA5String, Case Exact String, Case Ignore String, URI, GeneralizedTime, DistinguishedName (DN), TelephoneNumber, Boolean, Binary, DirectoryString, CountryName, PostalAddress, and Octet String. The default value is DirectoryString. +Syntax. Select a syntax that describes the data to be held by the attribute.
Index: configtab_schema5.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_schema5.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_schema5.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_schema5.html 20 Nov 2007 18:32:06 -0000 1.2 @@ -26,7 +26,7 @@ The possible name types include:
--Import +Initialize Databases
@@ -11,13 +11,26 @@
-The following two options apply only if you operate the console from a machine remote to the server containing the LDIF file. +on console machine. +Select this radio button to initialize the database with a file on the local machine. +This option is not visible if you are running Directory Server Console on the directory's host. +By default, the console looks for a file stored in the current directory.
-From local machine. Select this radio button to indicate that the LDIF file is located on the local server. By default, the console looks for a file stored in the current directory. +on server machine. +Select this radio button to initialize the database with a file on the server's host machine. +This option is not visible if you are running Directory Server Console on the directory's host.
-From server machine. Select this radio button to indicate that the LDIF file is located on a remote server. By default, the console looks for the file in the following directory: /opt/productID/slapd-
serverID/ldif
.
+Database Name. Backend database name
+
+Suffix of the Database. Suffix of the database +
+ ++Initialize Database. Select database to initialize with the LDIF file
Index: configtab_db8.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/help/configtab_db8.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- configtab_db8.html 13 Aug 2007 22:28:09 -0000 1.1 +++ configtab_db8.html 21 Nov 2007 02:00:41 -0000 1.2 @@ -10,16 +10,11 @@ LDIF file. Enter the full path to the LDIF file you want to import. Click Browse to locate it on your machine. --If you are operating the console from a machine remote to the server containing the LDIF file, select one of the following options: -
+on console machine. +Select this radio button to initialize the database with a file on the local machine. +This option is not visible if you are running Directory Server Console on the directory's host. +By default, the console looks in the current directory for the LDIF file. --To Local Machine. Choose this option to export the database to a local file. This option is not visible if you are running Directory Server Console on the directory's host. +on console machine. Choose this option to export the database to a local file. This option is not visible if you are running Directory Server Console on the directory's host.
-To Server Machine. Choose this option to export the database to a file on the server's host machine. If you choose this option, you cannot Browse to select a different file. This option is not visible if you are running Directory Server Console on the directory's host. +on server machine. +Choose this option to export the database to a file on the server's host machine. If you choose this option, you cannot Browse to select a different file. This option is not visible if you are running Directory Server Console on the directory's host.
From fedora-directory-commits at redhat.com Wed Nov 21 16:54:48 2007
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 21 Nov 2007 11:54:48 -0500
Subject: [Fedora-directory-commits]
console/src/com/netscape/management/client Framework.java, 1.4,
1.5 default.properties, 1.8, 1.9
Message-ID: <200711211654.lALGsmDs007940@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/console/src/com/netscape/management/client
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7916/src/com/netscape/management/client
Modified Files:
Framework.java default.properties
Log Message:
Resolves: 393461
Summary: Move documentation home link to theme package.
Index: Framework.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/Framework.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Framework.java 2 Jul 2007 18:49:16 -0000 1.4
+++ Framework.java 21 Nov 2007 16:54:46 -0000 1.5
@@ -797,7 +797,8 @@
{
// Launch a browser
Browser browser = new Browser();
- boolean res = browser.open(i18n("menu", "HelpDocHome"), Browser.NEW_WINDOW);
+ boolean res = browser.open(_resource_theme.getString("menu", "HelpDocHome"),
+ Browser.NEW_WINDOW);
}
else
Debug.println("Unrecognized Help Menu ID: " + menuID);
Index: default.properties
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/default.properties,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- default.properties 26 Jul 2007 15:53:02 -0000 1.8
+++ default.properties 21 Nov 2007 16:54:46 -0000 1.9
@@ -64,7 +64,6 @@
menu-HelpIndex=&Index
menu-HelpWebHelp=Web-based &Resources
menu-HelpSuiteSpot=Documentation &Home
-menu-HelpDocHome=directory.fedora.redhat.com
menu-HelpBookshelf=&Bookshelf
menu-HelpAbout=&About...
From fedora-directory-commits at redhat.com Wed Nov 21 16:55:23 2007
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Wed, 21 Nov 2007 11:55:23 -0500
Subject: [Fedora-directory-commits]
fedora-idm-console/com/netscape/management/client/theme
theme.properties, 1.1.1.1, 1.2
Message-ID: <200711211655.lALGtNVe007989@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/fedora-idm-console/com/netscape/management/client/theme
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7955/com/netscape/management/client/theme
Modified Files:
theme.properties
Log Message:
Resolves: 393461
Summary: Move documentation home link to theme package.
Index: theme.properties
===================================================================
RCS file: /cvs/dirsec/fedora-idm-console/com/netscape/management/client/theme/theme.properties,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- theme.properties 1 Aug 2007 23:08:51 -0000 1.1.1.1
+++ theme.properties 21 Nov 2007 16:55:20 -0000 1.2
@@ -31,5 +31,4 @@
CertInstallTypePage-defaultServerName=Fedora Server
CertInstallTypePage-defaultSIE=Fedora Server Instance
-
-
+menu-HelpDocHome=http://directory.fedoraproject.org
From fedora-directory-commits at redhat.com Wed Nov 21 20:27:40 2007
From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins))
Date: Wed, 21 Nov 2007 15:27:40 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts
DSDialogs.pm, 1.5, 1.6 Util.pm.in, 1.12, 1.13 setup-ds.res.in,
1.11, 1.12
Message-ID: <200711212027.lALKReYN019212@cvs-int.fedora.redhat.com>
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19191/ldapserver/ldap/admin/src/scripts
Modified Files:
DSDialogs.pm Util.pm.in setup-ds.res.in
Log Message:
Resolves: bug 371771
Bug Description: '.' (dot) in the server ID
Reviewed by: nkinder (Thanks!)
Fix Description: Remove . and , from the characters allowed in the server ID. Also use the more descriptive error message.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: DSDialogs.pm
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSDialogs.pm,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- DSDialogs.pm 15 Aug 2007 22:04:31 -0000 1.5
+++ DSDialogs.pm 21 Nov 2007 20:27:38 -0000 1.6
@@ -99,9 +99,9 @@
my $res = $DialogManager::SAME;
my $path = $self->{manager}->{setup}->{configdir} . "/slapd-" . $ans;
if (!isValidServerID($ans)) {
- $self->{manager}->alert("dialog_dsserverid_error", $ans);
+ $self->{manager}->alert("error_invalid_serverid", $ans);
} elsif (-d $path) {
- $self->{manager}->alert("dialog_dsserverid_inuse", $ans);
+ $self->{manager}->alert("error_server_already_exists", $path);
} else {
$res = $DialogManager::NEXT;
$self->{manager}->{inf}->{slapd}->{ServerIdentifier} = $ans;
Index: Util.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Util.pm.in,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- Util.pm.in 14 Sep 2007 02:41:13 -0000 1.12
+++ Util.pm.in 21 Nov 2007 20:27:38 -0000 1.13
@@ -107,7 +107,7 @@
sub isValidServerID {
my $servid = shift;
- my $validchars = '#%,.:\w at _-';
+ my $validchars = '#%:\w at _-';
return $servid =~ /^[$validchars]+$/o;
}
Index: setup-ds.res.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/setup-ds.res.in,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- setup-ds.res.in 11 Oct 2007 14:10:00 -0000 1.11
+++ setup-ds.res.in 21 Nov 2007 20:27:38 -0000 1.12
@@ -108,7 +108,7 @@
program, or low port restriction. Please choose another value for\
ServerPort. Error: $!\n
error_invalid_serverid = The ServerIdentifier '%s' contains invalid characters. It must\
-contain only alphanumeric characters and the following: #%,.:@_-\n
+contain only alphanumeric characters and the following: #%:@_-\n\n
error_opening_scripttmpl = Could not open the script template file '%s'. Error: %s\n
error_creating_directory = Could not create directory '%s'. Error: %s\n
error_chowning_directory = Could not change ownership of directory '%s' to userid '%s': Error: %s\n
From fedora-directory-commits at redhat.com Tue Nov 27 16:55:51 2007
From: fedora-directory-commits at redhat.com (Nathan Kinder (nkinder))
Date: Tue, 27 Nov 2007 11:55:51 -0500
Subject: [Fedora-directory-commits]
adminserver/admserv/cgi-src40 security.c, 1.13, 1.14
Message-ID: <200711271655.lARGtpc4027977@cvs-int.fedora.redhat.com>
Author: nkinder
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27940
Modified Files:
security.c
Log Message:
Resolves: 370071
Summary: Fixed malloc issue when importing a CRL.
Index: security.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- security.c 14 Nov 2007 23:42:43 -0000 1.13
+++ security.c 27 Nov 2007 16:55:49 -0000 1.14
@@ -1571,7 +1571,7 @@
*end = '\0';
/* don't copy the header */
- DERCert = (char*)PORT_ZAlloc(PORT_Strlen(begin - headerlen + 1));
+ DERCert = (char*)PORT_ZAlloc(PORT_Strlen(begin) - headerlen + 1);
strcpy(DERCert, (begin + headerlen));
if ( SECFailure == ATOB_ConvertAsciiToItem(&derCrl, DERCert) ) {
From fedora-directory-commits at redhat.com Wed Nov 28 17:21:42 2007
From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi))
Date: Wed, 28 Nov 2007 12:21:42 -0500
Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/tools
dbscan.c, 1.18, 1.19
Message-ID: <200711281721.lASHLgFg025509@cvs-int.fedora.redhat.com>
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25334
Modified Files:
dbscan.c
Log Message:
Resolves: #345671
Summary: clu test failures (Comment #7)
Description: 1) Removing obsolete PATH info from Usage
2) Replacing "idl" with "ID list" following the suggestion from Doc.
Index: dbscan.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/dbscan.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- dbscan.c 18 Oct 2007 00:08:34 -0000 1.18
+++ dbscan.c 28 Nov 2007 17:21:39 -0000 1.19
@@ -68,7 +68,7 @@
#if ( defined( hpux ) )
#ifdef _XOPEN_SOURCE_EXTENDED
-#include