From rmeggins at redhat.com Wed Feb 4 16:03:12 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 04 Feb 2009 09:03:12 -0700 Subject: [Fedora-directory-devel] Please review: Bug 480642 - HPUX: Server to Server SASL - Unknown Authentication Method Message-ID: <4989BC40.8020100@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=480642 Resolves: bug 480642 Bug Description: HPUX: Server to Server SASL - Unknown Authentication Method Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: On some platforms, we do not install the sasl auth method plugins in a standard location, so we have the nsslapd-saslpath config setting to provide that location in a CB_GETPATH callback provided to sasl_server_init. This works fine for being a SASL server. However, to be an LDAP SASL client, we have to provide that callback to sasl_client_init too. This call happens the first time the mozldap client library is initialized. mozldap has a hardcoded list of sasl callbacks it provides, and does not allow callers to augment that list. So, we simply replace the list with one that contains the CB_GETPATH callback. Platforms tested: HP-UX 11.23 64-bit Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=330875&action=diff From rmeggins at redhat.com Wed Feb 4 18:27:17 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 04 Feb 2009 11:27:17 -0700 Subject: [Fedora-directory-devel] Please review: Bug 483256 - DS crash when modify entry that does not exist in AD Message-ID: <4989DE05.3060500@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=483256 Resolves: bug 483256 Bug Description: DS crash when modify entry that does not exist in AD Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The function that checks to see if the mod has already been made to the AD entry should just return 0 if the AD entry does not exist or could not be found - in this case, the regular windows replay code will handle it. Platforms tested: RHEL5 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=330901&action=diff From rmeggins at redhat.com Wed Feb 4 23:01:56 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 04 Feb 2009 16:01:56 -0700 Subject: [Fedora-directory-devel] Please review: Bug 483254 - Modification of nsViewFilter of a virtual view OU crashes the server Message-ID: <498A1E64.50308@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=483254 Resolves: bug 483254 Bug Description: Modification of nsViewFilter of a virtual view OU crashes the server Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: When we delete a node, not only do we need to have the parent node discover its new children, we need to have each child discover a new parent. Platforms tested: RHEL5 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=330931&action=diff From osereme.osobase at gtbank.com Wed Feb 4 18:24:37 2009 From: osereme.osobase at gtbank.com (osereme.osobase) Date: Wed, 4 Feb 2009 19:24:37 +0100 Subject: [Fedora-directory-devel] Challenges with Fedora DS Message-ID: <131b01c986f5$d6237fd0$2b05020a@SDETEST> Hi, I currently use Fedora-DS integrated with Samba as my domain controller in an organization with 141 offices. With only one domain controller I am able to authenticate a user population of 5000 users, however as my organization grows I have challenges daily with authentication. Every morning users trying to logon to my Windows domain keep getting errors while siging on and this frequently leads to account lockouts and frustation of users. After going through your documentation on multiple load balanced FDS server installation I still have all traffic coming to one server on the network. My challenge is setting up FDS in the data centre on multiple servers to authenticate my users while accommodating growth. Is there any suggestion you can offer me or documentation where I can go through setup of a centalized FDS cluster for a large user base? I will greatly appreciate any help you can proffer. Regards Osereme Osobase Enterprise Infrastructure Support Technology GTBank Nigeria - http://www.gtbank.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrey.ivanov at polytechnique.fr Thu Feb 5 16:56:27 2009 From: andrey.ivanov at polytechnique.fr (Andrey Ivanov) Date: Thu, 5 Feb 2009 17:56:27 +0100 Subject: [Fedora-directory-devel] Challenges with Fedora DS In-Reply-To: <131b01c986f5$d6237fd0$2b05020a@SDETEST> References: <131b01c986f5$d6237fd0$2b05020a@SDETEST> Message-ID: <1601b8650902050856y3561ab8eqf053a32a128acf01@mail.gmail.com> Try to analyze the logs and find the unindexed searches (with "notes=U" in access logs). Index the necessary attributes. I think it should be already an important performance improvement. You can analyze your logs with logconv.pl (part of the distribution ). 2009/2/4 osereme.osobase > Hi, > I currently use Fedora-DS integrated with Samba as my domain controller in > an organization with 141 offices. With only one domain controller I am able > to authenticate a user population of 5000 users, however as my organization > grows I have challenges daily with authentication. Every morning users > trying to logon to my Windows domain keep getting errors while siging on and > this frequently leads to account lockouts and frustation of users. > > After going through your documentation on multiple load balanced FDS server > installation I still have all traffic coming to one server on the network. > My challenge is setting up FDS in the data centre on multiple servers to > authenticate my users while accommodating growth. Is there any suggestion > you can offer me or documentation where I can go through setup of a > centalized FDS cluster for a large user base? > > I will greatly appreciate any help you can proffer. > > Regards > > Osereme Osobase > Enterprise Infrastructure Support > Technology > GTBank Nigeria - http://www.gtbank.com > > -- > Fedora-directory-devel mailing list > Fedora-directory-devel at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From premodd at decho.com Fri Feb 6 08:55:04 2009 From: premodd at decho.com (Premod Dev) Date: Fri, 6 Feb 2009 01:55:04 -0700 (MST) Subject: [Fedora-directory-devel] Re: [Fedora-directory-users] Challenges with Fedora DS In-Reply-To: <9545476.101233910493853.JavaMail.premod@premod.picorp.com> Message-ID: <29209447.121233910685575.JavaMail.premod@premod.picorp.com> Hi Oserome, Why cant you try as follows, ? Create multiple masters (multi master replication) ? Use a load balancer ( hardware or software ie like linux virtual server) for load balance between these multi master servers. ? Give a common fqdn in SAMBA which should resolve to load balancer and rest will do the load balancer. Thanks, Premod ----- Original Message ----- From: "osereme.osobase" To: fedora-directory-devel at redhat.com Cc: fedora-directory-users at redhat.com Sent: Wednesday, February 4, 2009 11:54:37 PM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi Subject: [Fedora-directory-users] Challenges with Fedora DS Hi, I currently use Fedora-DS integrated with Samba as my domain controller in an organization with 141 offices. With only one domain controller I am able to authenticate a user population of 5000 users, however as my organization grows I have challenges daily with authentication. Every morning users trying to logon to my Windows domain keep getting errors while siging on and this frequently leads to account lockouts and frustation of users. After going through your documentation on multiple load balanced FDS server installation I still have all traffic coming to one server on the network. My challenge is setting up FDS in the data centre on multiple servers to authenticate my users while accommodating growth. Is there any suggestion you can offer me or documentation where I can go through setup of a centalized FDS cluster for a large user base? I will greatly appreciate any help you can proffer. Regards Osereme Osobase Enterprise Infrastructure Support Technology GTBank Nigeria - http://www.gtbank.com -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From jsullivan at opensourcedevel.com Fri Feb 6 14:14:12 2009 From: jsullivan at opensourcedevel.com (John A. Sullivan III) Date: Fri, 06 Feb 2009 09:14:12 -0500 Subject: [Fedora-directory-devel] Re: [Fedora-directory-users] Challenges with Fedora DS In-Reply-To: <29209447.121233910685575.JavaMail.premod@premod.picorp.com> References: <29209447.121233910685575.JavaMail.premod@premod.picorp.com> Message-ID: <1233929652.6507.2.camel@jaspav.missionsit.net.missionsit.net> Out of curiosity (I am still learning much about LDAP and DS), is a load balancer necessary or could it be done simply through round robin dns? For example, in our testing, we set up a replica ds. One is ldap01, the other is ldap02 and their certificates both have ldap as well as ldap01 or ldap01 in their subjAltNames. There are two entries in DNS for ldap - one pointing to ldap01 and the other to ldap02. Will such a setup work? For simply logging in, is a master necessary or can one use a read-only replica? Thanks - John On Fri, 2009-02-06 at 01:55 -0700, Premod Dev wrote: > Hi Oserome, > > Why cant you try as follows, > * Create multiple masters (multi master replication) > * Use a load balancer ( hardware or software ie like linux > virtual server) for load balance between these multi master > servers. > * Give a common fqdn in SAMBA which should resolve to load > balancer and rest will do the load balancer. > > Thanks, > Premod > > ----- Original Message ----- > From: "osereme.osobase" > To: fedora-directory-devel at redhat.com > Cc: fedora-directory-users at redhat.com > Sent: Wednesday, February 4, 2009 11:54:37 PM GMT +05:30 Chennai, > Kolkata, Mumbai, New Delhi > Subject: [Fedora-directory-users] Challenges with Fedora DS > > Hi, > > I currently use Fedora-DS integrated with Samba as my domain > controller in an organization with 141 offices. With only one domain > controller I am able to authenticate a user population of 5000 users, > however as my organization grows I have challenges daily with > authentication. Every morning users trying to logon to my Windows > domain keep getting errors while siging on and this frequently leads > to account lockouts and frustation of users. > > After going through your documentation on multiple load balanced FDS > server installation I still have all traffic coming to one server on > the network. My challenge is setting up FDS in the data centre on > multiple servers to authenticate my users while accommodating growth. > Is there any suggestion you can offer me or documentation where I can > go through setup of a centalized FDS cluster for a large user base? > > I will greatly appreciate any help you can proffer. > > Regards > > Osereme Osobase > Enterprise Infrastructure Support > Technology > GTBank Nigeria - http://www.gtbank.com > > -- Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society From michael at stroeder.com Fri Feb 6 16:09:57 2009 From: michael at stroeder.com (=?ISO-8859-1?Q?Michael_Str=F6der?=) Date: Fri, 06 Feb 2009 17:09:57 +0100 Subject: [Fedora-directory-devel] Re: [Fedora-directory-users] Challenges with Fedora DS In-Reply-To: <1233929652.6507.2.camel@jaspav.missionsit.net.missionsit.net> References: <29209447.121233910685575.JavaMail.premod@premod.picorp.com> <1233929652.6507.2.camel@jaspav.missionsit.net.missionsit.net> Message-ID: <498C60D5.7020403@stroeder.com> John A. Sullivan III wrote: > Out of curiosity (I am still learning much about LDAP and DS), is a load > balancer necessary or could it be done simply through round robin dns? Round robin DNS is just for load-balancing but not for automatic failover. Ciao, Michael. From premodd at decho.com Fri Feb 6 17:09:24 2009 From: premodd at decho.com (Premod Dev) Date: Fri, 6 Feb 2009 10:09:24 -0700 (MST) Subject: [Fedora-directory-devel] Re: [Fedora-directory-users] Challenges with Fedora DS In-Reply-To: <1233929652.6507.2.camel@jaspav.missionsit.net.missionsit.net> Message-ID: <7478930.01233940351865.JavaMail.premod@premod.picorp.com> If clients directly hitting Directory server for auth, DNS round robin is sufficient, but if the hit to directory from a single host (say as in Oserome's case SAMBA PDC), it will hit the next server only after the TTL value got expired. Otherwise it will hit o the same server only. And for logging purpose it doesn't require Master, replica will be fine. ----- Original Message ----- From: "John A. Sullivan III" To: "General discussion list for the Fedora Directory server project." Cc: fedora-directory-devel at redhat.com Sent: Friday, February 6, 2009 7:44:12 PM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi Subject: Re: [Fedora-directory-users] Challenges with Fedora DS Out of curiosity (I am still learning much about LDAP and DS), is a load balancer necessary or could it be done simply through round robin dns? For example, in our testing, we set up a replica ds. One is ldap01, the other is ldap02 and their certificates both have ldap as well as ldap01 or ldap01 in their subjAltNames. There are two entries in DNS for ldap - one pointing to ldap01 and the other to ldap02. Will such a setup work? For simply logging in, is a master necessary or can one use a read-only replica? Thanks - John On Fri, 2009-02-06 at 01:55 -0700, Premod Dev wrote: > Hi Oserome, > > Why cant you try as follows, > * Create multiple masters (multi master replication) > * Use a load balancer ( hardware or software ie like linux > virtual server) for load balance between these multi master > servers. > * Give a common fqdn in SAMBA which should resolve to load > balancer and rest will do the load balancer. > > Thanks, > Premod > > ----- Original Message ----- > From: "osereme.osobase" > To: fedora-directory-devel at redhat.com > Cc: fedora-directory-users at redhat.com > Sent: Wednesday, February 4, 2009 11:54:37 PM GMT +05:30 Chennai, > Kolkata, Mumbai, New Delhi > Subject: [Fedora-directory-users] Challenges with Fedora DS > > Hi, > > I currently use Fedora-DS integrated with Samba as my domain > controller in an organization with 141 offices. With only one domain > controller I am able to authenticate a user population of 5000 users, > however as my organization grows I have challenges daily with > authentication. Every morning users trying to logon to my Windows > domain keep getting errors while siging on and this frequently leads > to account lockouts and frustation of users. > > After going through your documentation on multiple load balanced FDS > server installation I still have all traffic coming to one server on > the network. My challenge is setting up FDS in the data centre on > multiple servers to authenticate my users while accommodating growth. > Is there any suggestion you can offer me or documentation where I can > go through setup of a centalized FDS cluster for a large user base? > > I will greatly appreciate any help you can proffer. > > Regards > > Osereme Osobase > Enterprise Infrastructure Support > Technology > GTBank Nigeria - http://www.gtbank.com > > -- Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmeggins at redhat.com Tue Feb 10 17:42:46 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 10 Feb 2009 10:42:46 -0700 Subject: [Fedora-directory-devel] Please review: Bug 483276 - Certificate Management: Adding Trusted CA from Console, does not save the trust flags Message-ID: <4991BC96.5030206@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=483276 Resolves: bug 483276 Bug Description: Certificate Management: Adding Trusted CA from Console, does not save the trust flags Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: In comment https://bugzilla.redhat.com/show_bug.cgi?id=483276#c13 there is a report of a memory error coming from the security CGI. While I could not reproduce this with the latest code, I did find a minor valgrind error with a buffer size. Platforms tested: RHEL5 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=331439&action=diff From rmeggins at redhat.com Fri Feb 13 20:51:15 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 13 Feb 2009 13:51:15 -0700 Subject: [Fedora-directory-devel] Please review: Bug 471408 - PassSync logs a bogus error message Message-ID: <4995DD43.5060608@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=471408 Resolves: bug 471408 Bug Description: PassSync logs a bogus error message Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Just see if the file does not yet exist. If that is the case (err == ENOENT), then return a non-fatal error. I also fixed a usage of list iterator - apparently it is not a pointer type, and should be passed by reference rather than by value. Without this fix, I could not compile using Visual C++ 9.0 Express Edition Platforms tested: Windows 2003 Server Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=331871&action=diff From rmeggins at redhat.com Sat Feb 14 00:12:17 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 13 Feb 2009 17:12:17 -0700 Subject: [Fedora-directory-devel] Please review: Bug 482892 - Passsync service start and stop messages in Windows event viewer are not logged correctly Message-ID: <49960C61.4070709@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=482892 Resolves: bug 482892 Bug Description: Passsync service start and stop messages in Windows event viewer are not logged correctly Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Looks like someone had started to tie in the message catalog/resources, but didn't get far enough. 1) I used rc to compile the .rc file into a .res file - this new .res file is being added to CVS (cvs add -kb) 2) I added dssynchmsg.res to the link line 3) I made sure the passsync.exe main called the Install() method which installs the message catalog where the Event Viewer can find it. I had to make that code smarter, so it would not attempt to create/install something that was already there. Platforms tested: Windows 2003 Server Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=331886&action=diff From rmeggins at redhat.com Mon Feb 23 21:39:04 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Mon, 23 Feb 2009 14:39:04 -0700 Subject: [Fedora-directory-devel] Please review: Bug 468474 - migration results in incomplete admin server sie Message-ID: <49A31778.9020508@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=468474 Resolves: bug 468474 Bug Description: migration results in incomplete admin server sie Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: This is a redesign of one of the core pieces of the setup/migration code - the code that adds the LDAP entries in various places. For starters, I removed the code that would implicitly delete existing trees. This is the root cause of this bug, and other similar problems with setup/instance creation that have been reported. We should never implicitly delete entries. Instead, we should explicitly delete entries by using the changetype: delete in an LDIF template file. Another source of problems was that to update an entry, we would delete it and add it back. This caused some configuration settings to be wiped out (e.g. encryption settings). We cannot do this any more. The LDIF template entries have been modified to have two sets of information for each entry that requires update - the entry to add if no entry exists (the full entry) or the changes to make to the entry if it does exist. The code in Util.pm has been changed to ignore duplicate entries and to ignore changes made to entries that do not exist. Another source of problems with migration is that the error checking was not adequate, especially with FileConn and dse.ldif reading. The fix is to add better error checking and reporting in these areas of code, including error messages. Yet another problem is the run_dir handling. On many platforms the run_dir is shared among all DS instances and the admin server. Older versions of the software allowed you to run the servers as root. We have to make sure run_dir is usable by the least privileged user of all of the servers. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=332973&action=diff https://bugzilla.redhat.com/attachment.cgi?id=332974&action=diff From rmeggins at redhat.com Tue Feb 24 16:32:32 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Tue, 24 Feb 2009 09:32:32 -0700 Subject: [Fedora-directory-devel] Please review: Bug 486474 - overriding arguments to setup causes setup to fail Message-ID: <49A42120.9010909@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=486474 Resolves: bug 486474 Bug Description: overriding arguments to setup causes setup to fail Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Parameters specified on the command line should override and replace (not add to) any parameters specified in a given .inf file. I refactored the code a little too - I moved the argv processing into the Inf module out of the Setup and Migration modules. The code will first process the args and store the values in a temporary hash ref. Then it will process the temp hash ref, replacing the values in the main inf with the values from the hash. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333059&action=diff From nkinder at redhat.com Wed Feb 25 20:08:56 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Wed, 25 Feb 2009 12:08:56 -0800 Subject: [Fedora-directory-devel] Please Review: (486402) setup-ds.pl + register-ds-admin.pl generates different aci's then setup-ds-admin.pl Message-ID: <49A5A558.9030401@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=486402 Resolves: bug 486402 Bug Description: Using setup-ds.pl and then registering the instance with an admin server using register-ds-admin.pl does not add the proper ACI's to allow admin to manage the instance. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Add the appropriate aci's when running register-ds-admin.pl/ Platforms tested: F9 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333215&action=diff From rmeggins at redhat.com Thu Feb 26 21:07:14 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 26 Feb 2009 14:07:14 -0700 Subject: [Fedora-directory-devel] Please review: Bug 480869 - DS console: Can not delete DS instance Message-ID: <49A70482.60502@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=480869 Resolves: bug 480869 Bug Description: DS console: Can not delete DS instance Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration. I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl. I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this. Finally, I added some man pages to the admin package for those commonly used commands. Platforms tested: RHEL4 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333382&action=diff https://bugzilla.redhat.com/attachment.cgi?id=333383&action=diff From nkinder at redhat.com Thu Feb 26 21:26:17 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Thu, 26 Feb 2009 13:26:17 -0800 Subject: [Fedora-directory-devel] Please review: (487574) Crash in DNA plug-in when deleting a value Message-ID: <49A708F9.3010208@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=487574 Resolves: bug 487574 Bug Description: A crash occurs in the DNA plug-in when you delete an existing value of a managed attribute. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: The DNA code was always expecting a value to be present when processing a modify operation. The delete and replace modify operations can be issues with no values. These operations were an oversight in the DNA code. The fix adds cases to handle delete and replace modify operations. For a replace, we check if we are replacing all values with nothing, and generate a new value from the range. If we're processing a delete with no values specified, we also generate a new value. If the delete has values specified, we check to see if the operation leaves any values in the existing entry. If no existing values would remain after the operation, we generate a new value. Platforms tested: F9 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333386&action=diff From rmeggins at redhat.com Fri Feb 27 03:49:48 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Thu, 26 Feb 2009 20:49:48 -0700 Subject: [Fedora-directory-devel] Please review: Bug 450575 - unbind or abandon with unsupported critical controls does not close connection Message-ID: <49A762DC.1040607@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=450575 Resolves: bug 450575 Bug Description: unbind or abandon with unsupported critical controls does not close connection Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: When an unbind request is received that has controls marked as critical, and we do not support those controls, we must treat them as non-critical controls and continue processing. Platforms tested: RHEL4, RHEL5 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333434&action=diff From nkinder at redhat.com Fri Feb 27 17:05:26 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Fri, 27 Feb 2009 09:05:26 -0800 Subject: [Fedora-directory-devel] Please Review: (486402) setup-ds.pl + register-ds-admin.pl generates different aci's then setup-ds-admin.pl Message-ID: <49A81D56.4090904@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=486402 Resolves: bug 486402 Bug Description: Using setup-ds.pl and then registering the instance with an admin server using register-ds-admin.pl does not add the proper ACI's to allow admin to manage the instance. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: Add the appropriate aci's when running register-ds-admin.pl. There were a few other issues to deal with in addition to the missing ACIs. The PTA plug-in was not being configured since the LDIF template that was used was an entire new PTA plug-in entry, which never gets added since it already exists. I changed this to a LDIF mod template. We also only want to configure PTA if it is not already configured, or if we are switching the config DS. This will prevent overwriting any custom tweaks to the PTA plug-in, such as using LDAPS to communicate with the config DS. I found another issue during testing with the ldapStart parameter in adm.conf getting set incorrectly after running register-ds-admin.pl. This parameter is supposed to point to the start-slapd script of the config DS, but register-ds-admin.pl was always changing this to the last instance that it registered (which will never be the config DS if you have more than one instance). We need to ensure that the slapd info in the inf is the config DS before updating the Admin Server config files. Platforms tested: F9 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333508&action=diff https://bugzilla.redhat.com/attachment.cgi?id=333503 From nkinder at redhat.com Fri Feb 27 19:24:12 2009 From: nkinder at redhat.com (Nathan Kinder) Date: Fri, 27 Feb 2009 11:24:12 -0800 Subject: [Fedora-directory-devel] Please Review: (487725) modification of non-posix group to posix group doesn't catch magic number Message-ID: <49A83DDC.8080104@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=487725 Resolves: bug 487725 Bug Description: Performing a MOD operation to bring an entry into the scope of a DNA managed range doesn't trigger DNA to generate a new value. This happens since we check the DNA filter against the existing entry instead of the resulting entry after the mods are applied. Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: This patch handles modify operations that bring entries into or out of scope of a managed range. If you bring an entry into scope (say by adding the appropriate objectclass), this will assign a value from the range if the magic value or no value is supplied for the managed type. Platforms tested: F9 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333521&action=diff From rmeggins at redhat.com Sat Feb 28 03:35:09 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Fri, 27 Feb 2009 20:35:09 -0700 Subject: [Fedora-directory-devel] Please review: Bug 487831 - Tabbed Panel display throws NullPointerException Message-ID: <49A8B0ED.5020500@redhat.com> https://bugzilla.redhat.com/show_bug.cgi?id=487831 Resolves: bug 487831 Bug Description: Tabbed Panel display throws NullPointerException Reviewed by: ??? Files: see diff Branch: HEAD Fix Description: A couple of panels were defining an isValid method to use for clean/dirty validation. However, the Component class which these panels inherit from also defines the isValid method for a different purpose. Our code must not use the isValid method, so I renamed those methods to something more meaningful in their context. I also found another problem with a null pointer access in some schema code. Platforms tested: RHEL5 Flag Day: no Doc impact: no https://bugzilla.redhat.com/attachment.cgi?id=333586&action=diff