------------------------------------------------------------------------ r2442 | lutoff | 2007-07-20 01:06:46 -0700 (Fri, 20 Jul 2007) | 30 lines When command grouping is used (in dscondig for instance) the top level help displays: $ dsconfig --help This utility may be used to define a base configuration for the Directory Server Usage: dsconfig {subcommand} {options} Available subcommands: --help-core Display subcommands relating to core server --help-database Display subcommands relating to caching and back-ends <...> This modification replaces the help sentence ("Available subcommands") by "To get the list of subcommands use:" dsconfig --help This utility may be used to define a base configuration for the Directory Server Usage: dsconfig {subcommand} {options} To get the list of subcommands use: --help-core Display subcommands relating to core server --help-database Display subcommands relating to caching and back-ends <...> ------------------------------------------------------------------------ r2443 | lutoff | 2007-07-20 01:14:08 -0700 (Fri, 20 Jul 2007) | 1 line Make this class public in order to use it in other packages ------------------------------------------------------------------------ r2444 | matthew_swift | 2007-07-20 01:43:07 -0700 (Fri, 20 Jul 2007) | 5 lines Fix issues 1966 and 1792. Add support for hiding relations and, using this feature, prevent users from access root DN user configurations through the CLI. To make it easier to add new features to relation definitions in the future I have refactored the RelationDefinition classes so that they provide a Builder API for incrementally constructing new definitions. ------------------------------------------------------------------------ r2445 | matthew_swift | 2007-07-20 02:51:30 -0700 (Fri, 20 Jul 2007) | 3 lines Fix issue 2001 - unusual odyssey when attempting to create a virtual attribute configuration. The conflict-behavior was defined as being optional with a defined default value. However, the LDAP schema for the associated virtual attribute object class labeled the attribute as mandatory. This change updates the schema to align it with the XML definition. ------------------------------------------------------------------------ r2446 | jvergara | 2007-07-20 08:24:15 -0700 (Fri, 20 Jul 2007) | 6 lines Fix for issue 1986. In the Java Web Start installer and in the setup.bat script check that the current path does not contain a % character. ------------------------------------------------------------------------ r2447 | jvergara | 2007-07-20 10:11:56 -0700 (Fri, 20 Jul 2007) | 4 lines Fix for issue 2006. Compare the values provided by the user for the different ports. If they match, display an error message. ------------------------------------------------------------------------ r2448 | neil_a_wilson | 2007-07-20 13:04:30 -0700 (Fri, 20 Jul 2007) | 6 lines Add a general framework for OpenDS to send e-mail messages, and add an SMTP alert handler that can be used to send e-mail messages in response to administrative alerts generated within the server. OpenDS Issue Number: 221 ------------------------------------------------------------------------ r2449 | dugan | 2007-07-20 17:56:42 -0700 (Fri, 20 Jul 2007) | 24 lines Add the new ACI keyword "targetcontrol" that can be used to enforce access based on the OID of a control. For example, a new global access control rule is also being added: ds-cfg-global-aci: (targetcontrol="2.16.840.1.113730.3.4.2 || 2.16.840.1.113730.3.4.17 || 2.16.840.1.113730.3.4.19 || 1.3.6.1.4.1.4203.1.10.2") (version 3.0; acl "Anonymous control access"; allow(read) userdn="ldap:///anyone";) which allows anonymous access to the following controls: - Manage DSA IT (2.16.840.1.113730.3.4.2) - Real Attributes Only (2.16.840.1.113730.3.4.17) - Virtual Attributes Only (2.16.840.1.113730.3.4.19) - LDAP No-Op Control (1.3.6.1.4.1.4203.1.10.2) A wildcard can also be specified. The following ACI rule allows access to all controls: (targetcontrol="*") (version 3.0; acl "All control access example"; allow(read) userdn="ldap:///self";) This ACI could be put on a users entry -- it doesn't need to be a global ACI. Issue #452. ------------------------------------------------------------------------ r2450 | lutoff | 2007-07-23 01:04:48 -0700 (Mon, 23 Jul 2007) | 8 lines This commit corresponds to the following issues: https://opends.dev.java.net/issues/show_bug.cgi?id=1340 https://opends.dev.java.net/issues/show_bug.cgi?id=1341 Modifications done in dsframework CLI are: - add subcommand grouping - implement subcommand for server registration inside the admin registry ------------------------------------------------------------------------ r2451 | jvergara | 2007-07-23 02:32:53 -0700 (Mon, 23 Jul 2007) | 4 lines Fix for issue 1985. Use the short version of the path to call other scripts and to generate the CLASSPATH. This reduces the possibility of hitting the maximum environment variable size allowed on Windows. ------------------------------------------------------------------------ r2452 | lutoff | 2007-07-23 06:26:31 -0700 (Mon, 23 Jul 2007) | 2 lines Fix for issue 2008 add-to-group checks if the server in registered in the ADS ------------------------------------------------------------------------ r2453 | matthew_swift | 2007-07-23 06:56:41 -0700 (Mon, 23 Jul 2007) | 1 line Improve documentation for property definition element "mandatory" attribute. ------------------------------------------------------------------------ r2454 | lutoff | 2007-07-23 07:04:01 -0700 (Mon, 23 Jul 2007) | 3 lines Fix for issue #2009 (dsframework needs to have the default "all-servers" group) The "all-servers" group is now created when the ADS structure is created. ------------------------------------------------------------------------ r2455 | mkeyes | 2007-07-23 07:28:31 -0700 (Mon, 23 Jul 2007) | 2 lines In preparation for the refactoring of the Security test suites to use dsconfig, the attached changes are made to the functional test library functions. ------------------------------------------------------------------------ r2456 | dugan | 2007-07-23 09:19:45 -0700 (Mon, 23 Jul 2007) | 1 line Remove "targetcontrol" global ACI erroneously committed. ------------------------------------------------------------------------ r2457 | matthew_swift | 2007-07-23 10:55:12 -0700 (Mon, 23 Jul 2007) | 14 lines Fix issue 1819: add support for tagging properties as advanced. It is now possible to tag a property as advanced. This is achieved by adding the "advanced" attribute to XML property definitions. For example: ... Advanced properties must be either option or, if they are mandatory, have default values (defined or inherited). This constraint is enforced except for abstract property definitions where sub-definitions can override the property and give it a default (this is the case for java implementation class properties). Dsconfig has been modified so that get-xxx-prop and list-properties sub-commands only display advanced properties if the user provides the "--advanced" command line option. There will be similar support for set-xxx-prop and create-xxx sub-commands once they have a fully functional interactive mode (issue 1831). This change just adds support for advanced properties. A subsequent change (for issue 1829) will designate which properties are advanced. ------------------------------------------------------------------------ r2458 | kenneth_suter | 2007-07-23 11:25:05 -0700 (Mon, 23 Jul 2007) | 17 lines This commit does some initial work in anticipation of the reverter tool: - Defines new tool messages for the reverter CLI. - Moved some common upgrader methods for writing to the historical log to Application for use by the reversion tool. Theoretically these also be called by the installers to record when the installation was installed. - Makes the existing ArgumentParser's created for usage messages further available for the arg parsing. - Creates a progress notification delegate class. - Changes the name of VersionOracle and UpgradeOracle to VersionIssueNotifier and UpgradeVersionNotifier. Ludo's suggestion was interesting but a esoteric :) - Removed the CurrentInstallStatus arg from the createUserData since it was not being used. - Made QuickSetupCLI exit from event loop dependent upon termination of the CLI app thread rather than the isFinished method so that it more reliably exits properly. ------------------------------------------------------------------------ r2459 | dugan | 2007-07-23 11:54:58 -0700 (Mon, 23 Jul 2007) | 2 lines Back out changes made for issue #1985 due to apparent problems with windows 2000. ------------------------------------------------------------------------ r2460 | matthew_swift | 2007-07-23 12:21:06 -0700 (Mon, 23 Jul 2007) | 2 lines Fix message numbering conflicts introduced in two previous revisions. ------------------------------------------------------------------------ r2461 | dugan | 2007-07-23 13:45:49 -0700 (Mon, 23 Jul 2007) | 2 lines Fix for debugsearchindex operational attribute does not support double negation. Issue #1849. ------------------------------------------------------------------------ r2462 | mkeyes | 2007-07-23 14:23:22 -0700 (Mon, 23 Jul 2007) | 2 lines Refactored about half of the Security test suite to use dsconfig and modifyAnAttribute. Many ldif files can be eliminated as a result. ------------------------------------------------------------------------ r2463 | mkeyes | 2007-07-23 14:31:35 -0700 (Mon, 23 Jul 2007) | 2 lines New startup file for one of the Security test suites. ------------------------------------------------------------------------ r2464 | lutoff | 2007-07-24 00:53:59 -0700 (Tue, 24 Jul 2007) | 3 lines Fix for issue #2011 (dsframework register-server doesn't add the server into the default all-servers group) When register-server is called, we also add the server inside to "all-servers" group ------------------------------------------------------------------------ r2465 | al_xipe | 2007-07-24 05:24:18 -0700 (Tue, 24 Jul 2007) | 4 lines 1. allow to bypass proxy check in functional tests wrapper 2. add modify index test cases 3. add the rebuild-index CLI wrapper in utils.xml 4. add the ability in runFunction to set a test case status upon failure to reflect an exception being thrown or things like that ------------------------------------------------------------------------ r2466 | lutoff | 2007-07-24 06:12:08 -0700 (Tue, 24 Jul 2007) | 3 lines Fix for issue #2012 (dsframework add-to-group/remove-from-group doesn't update the server prop "GROUPS") ------------------------------------------------------------------------ r2467 | lutoff | 2007-07-24 07:13:28 -0700 (Tue, 24 Jul 2007) | 3 lines Fix for issue #2013 (dsframework unregister-server doesn't update groups which contain this server) unregister-server now updates all groups in which serverId was added to. ------------------------------------------------------------------------ r2468 | boli | 2007-07-24 11:41:36 -0700 (Tue, 24 Jul 2007) | 7 lines Fix for issue 1794: - Attribute index no longer need the backend index entry limit parameter on construction. This is now handled by the admin framework. - Updated test cases to reflect the change Fix for issue 1846 - The debug string returned when using the debugsearchindex attribute now includes the indexes used during evaluation. ------------------------------------------------------------------------ r2469 | mkeyes | 2007-07-24 12:26:08 -0700 (Tue, 24 Jul 2007) | 2 lines Refactored the new dsconfig librayr functions so that common code resides in one function called dsconfigSet. ------------------------------------------------------------------------ r2470 | mkeyes | 2007-07-24 13:12:27 -0700 (Tue, 24 Jul 2007) | 2 lines Refactored the sasl security functional tests to use dsconfig library functions and modifyAnAttribute. ------------------------------------------------------------------------ r2471 | dugan | 2007-07-24 21:00:20 -0700 (Tue, 24 Jul 2007) | 2 lines Use work-around for long filename bug in Windows 2000. Issue #1985. ------------------------------------------------------------------------ r2472 | lutoff | 2007-07-25 02:42:50 -0700 (Wed, 25 Jul 2007) | 3 lines fix for issue #2019 (dsframework delete-group doesn't update server property "GROUPS") group is now removed from the "GROUPS" server properties ------------------------------------------------------------------------ r2473 | lutoff | 2007-07-25 07:37:33 -0700 (Wed, 25 Jul 2007) | 1 line fix typo ------------------------------------------------------------------------ r2474 | david_page | 2007-07-25 10:12:37 -0700 (Wed, 25 Jul 2007) | 2 lines Temporarily disable password history test due to spurious failures in nightly builds. ------------------------------------------------------------------------ r2475 | coulbeck | 2007-07-25 10:31:32 -0700 (Wed, 25 Jul 2007) | 3 lines Fix for issue #1015: ldapsearch --verbose option doesn't work. This change causes ldapsearch and ldapmodify verbose options to trace the contents of incoming and outgoing LDAP messages and ASN.1 elements to standard error stream. It excludes search-result-entry messages from the trace since this would be rather too verbose and not very useful. The main use for verbose output is to investigate connection problems, referral following and such. A possible improvement would be to use a separate option for the ASN.1 tracing, and add session related output such as connection details, security context details and auth details as well as referral chasing details (all this must currently be derived from the protocol trace). ------------------------------------------------------------------------ r2476 | mkeyes | 2007-07-25 12:39:20 -0700 (Wed, 25 Jul 2007) | 2 lines Refactored the password policy functional tests in the security test suite to use dsconfig and modifyAnAttribute. ------------------------------------------------------------------------ r2477 | mkeyes | 2007-07-25 13:22:07 -0700 (Wed, 25 Jul 2007) | 2 lines Added a call to dsconfig. ------------------------------------------------------------------------ r2478 | mkeyes | 2007-07-25 14:24:06 -0700 (Wed, 25 Jul 2007) | 2 lines Added one more dsconfig functional call. ------------------------------------------------------------------------ r2479 | dugan | 2007-07-25 16:12:49 -0700 (Wed, 25 Jul 2007) | 21 lines Add new ACI keyword "extop" that can be used to enforce access based on the OID of an extended operation. For example, a new global access extended operation rule is also being added: ds-cfg-global-aci: (extop="1.3.6.1.4.1.26027.1.6.1 || 1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037 || 1.3.6.1.4.1.4203.1.11.3") (version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";) which allows anonymous access to the following extended operations: - StartTLS 1.3.6.1.4.1.1466.20037 - password policy state 1.3.6.1.4.1.26027.1.6.1 - password modify 1.3.6.1.4.1.4203.1.11.1 - Who Am I 1.3.6.1.4.1.4203.1.11.3 A wildcard can also be specified: aci: (extop="*")(version 3.0; acl "Anonymous extended operation access"; allow(read) userdn="ldap:///anyone";) Issue #443. ------------------------------------------------------------------------ r2480 | matthew_swift | 2007-07-26 05:01:44 -0700 (Thu, 26 Jul 2007) | 8 lines Partial fix for issue 1831 - dsconfig interactive mode. With this change, dsconfig now prompts for component names if they are not specified on the command-line. Where more than one choice is available, dsconfig displays a list of choices. For create-xxx sub-commands dsconfig also prompts for the component type (-t flag) if it is not specified. Users can, at this point, request help which displays a detailed description of each type. A subsequent change will add support for interactively setting property values. A major part of this change includes improvements to the type-safety of the client admin APIs (e.g. use of raw types), which were being flagged in the latest version of Eclipse (apologies: I should have committed these separately, but they got too tangled up in this change). ------------------------------------------------------------------------ r2481 | matthew_swift | 2007-07-26 05:56:58 -0700 (Thu, 26 Jul 2007) | 2 lines Minor beautifying of the dsconfig interactive mode. ------------------------------------------------------------------------ r2482 | mkeyes | 2007-07-26 07:59:17 -0700 (Thu, 26 Jul 2007) | 2 lines Fix a bug in the recent refactoring. ------------------------------------------------------------------------ r2483 | boli | 2007-07-26 09:31:34 -0700 (Thu, 26 Jul 2007) | 15 lines This fixes issue 1971 and allows partial non-append imports of a backend: - When using import with backend IDs, the entire backend is only cleaned if the new clearBackend option is true or if the backend only contains one base DN. - If a backend's base DN is one of the include branch DNs, only that base DN will be cleared. - If the include branch DN is below one of the backend's base DNs, a temporary entry container will be created for the same backend base DN. All entries not in the include branch will be migrated to the temporary entry container. The entries from LDIF will then be imported. Lastly, All entries in the exclude branches will be migrated. The original entry container is then deleted and the temporary entry container renamed. - When using include branches, they all must be under one backend ID. If an exclude branch become orphaned by the LDIF import, the migrated entries will be rejected due to non parent. - The LDIFImport tool is updated to reflect the new behaviors and options. - The import task is updated to reflect the new behaviors. The options are checked when the task is initialized instead at run time to catch errors are soon as possible. ------------------------------------------------------------------------ r2484 | al_xipe | 2007-07-26 16:07:07 -0700 (Thu, 26 Jul 2007) | 1 line commit to reflect the change in indexes interface ------------------------------------------------------------------------ r2485 | kenneth_suter | 2007-07-27 08:11:04 -0700 (Fri, 27 Jul 2007) | 1 line corrected category bit mask sequence ------------------------------------------------------------------------ r2486 | lutoff | 2007-07-27 08:26:22 -0700 (Fri, 27 Jul 2007) | 6 lines modifications to fix issue #2022. These modifications also include a new ReturnCode definition: QuickSetupCli return code and ApplicationExceptionType have been grouped into a new class: ApplicationErrorCode. Return code are now handled as emun. In order to fix issue #2022, CANCELLED value is 0 (SUCCESSFUL). ------------------------------------------------------------------------ r2487 | matthew_swift | 2007-07-27 08:31:20 -0700 (Fri, 27 Jul 2007) | 2 lines Fix message references. ------------------------------------------------------------------------ r2488 | mkeyes | 2007-07-27 09:41:51 -0700 (Fri, 27 Jul 2007) | 3 lines Cleaned up some functional ACI tests in light of a partial fix committed for Issue 1473. ------------------------------------------------------------------------ r2489 | matthew_swift | 2007-07-27 10:22:33 -0700 (Fri, 27 Jul 2007) | 1 line Add a method for retrieving the current default values of a property. This can be useful in client applications wishing to indicate to a user what will happen if they reset a property back to its defaults. ------------------------------------------------------------------------ r2490 | matthew_swift | 2007-07-27 10:29:33 -0700 (Fri, 27 Jul 2007) | 14 lines Partial 95% fix for issue 1831 - dsconfig interactive mode. This change implements the remaining functionality for the dsconfig interactive mode. It is now possible to interactively create and modify components. This change adds support for interactively querying the user for property values. It is implemented using a text-based menu driven model, whereby users can select which properties they want to modify and how they want to modify them (e.g. reset, add a value, remove a value, etc). This change is not a complete fix for issue 1831, since there are some minor usability enhancements that can be made. These include: * general consistency of menus (e.g. being able to cancel and go back, get help on a property, etc) * when displaying the menu option for resetting a property to its defaults it should display what those are exactly * when incrementally modifying a property, it would be nicer if it displayed the current state The aim of this change is principally to get people to use the interactive mode and to identify any major usability design issues. ------------------------------------------------------------------------ r2491 | ugaston | 2007-07-27 10:36:20 -0700 (Fri, 27 Jul 2007) | 1 line New dsconfig wrappers + refactorying for replication configuration ------------------------------------------------------------------------ r2492 | dugan | 2007-07-27 11:09:28 -0700 (Fri, 27 Jul 2007) | 3 lines Fix inconsistent Format Checking for ACI targattrfilter. Issue 1473. ------------------------------------------------------------------------ r2493 | mkeyes | 2007-07-27 11:39:30 -0700 (Fri, 27 Jul 2007) | 2 lines Fixed an ACI test case to account for the commit in revision 2449. ------------------------------------------------------------------------ r2494 | davidely | 2007-07-27 12:20:42 -0700 (Fri, 27 Jul 2007) | 1 line Altered test code to get around build failures with pre-1.5.0_08 JVMs. This problem especially affected Mac users since 1.5.0_08 JVM is not available on that platform. ------------------------------------------------------------------------ r2495 | mkeyes | 2007-07-27 12:33:46 -0700 (Fri, 27 Jul 2007) | 2 lines More upgrades to the ACI functional tests to reflect the recent commit in revision 2449. ------------------------------------------------------------------------ r2496 | mkeyes | 2007-07-27 12:43:31 -0700 (Fri, 27 Jul 2007) | 2 lines More upgrades to the ACI functional tests to reflect the recent commit in revision 2449. ------------------------------------------------------------------------ r2497 | mkeyes | 2007-07-27 13:05:32 -0700 (Fri, 27 Jul 2007) | 2 lines Removing a function call that was needed way back before global ACIs were implemented. This function call is no longer needed for the ACI test suites. ------------------------------------------------------------------------ r2498 | mkeyes | 2007-07-27 13:11:12 -0700 (Fri, 27 Jul 2007) | 2 lines An ldif file that is no longer needed in the functional tests suites. ------------------------------------------------------------------------ r2499 | boli | 2007-07-27 14:06:35 -0700 (Fri, 27 Jul 2007) | 31 lines These set of changes implement VLV and filter capability to OpenDS: - A VLV index is defined by a name, base DN, search filter, search scope, sort order. A search request must match these parameters exactly to use the VLV index. - A VLV index made up of the entry IDs matching the definition criteria (above) and the corresponding attribute values that are part of the sort order in the sort order. This information is broken up into blocks of sorted sets. The block size can be configured through admin framework. Default block size is 4000. In the database, the sorted set is stored with the following format: 4 byte set size | entry IDs of 8 bytes each ... | attribute values of 16 bytes each ... - Each sorted set is keyed by the entry ID and attribute values of the largest entry in the sorted set. A special comparator (VLVKeyComparator) is used to sort the keys in the database in the order of the specified sort order. - When entries are added to the VLV index, its sort values are extracted and inserted into the sorted set whose key (also the largest entry in the set) is the smallest key that represents a entry that is greater or equal to the entry being inserted. If the sorted set exceeds the block size, it is divided in two and stored back into the database with the new key. In this implementation, a sorted set's key is never changed after it is created. - On importing from LDIF, each entry's sort values and ID is written out to a intermediate file in order. These files are later merged and inserted into the database. - Index rebuild and verify also works with VLV indexes. The verify job ensures that all the entries stored in the VLV index is in the correct order. - With this implementation, once a VLV index is created, it can not be changed without a rebuild. The server will NOT warn the user if the index has changed offline. Until a rebuild is done, it can return incorrect results. This should be fixed later. - Performance wise, modify, add, and delete performance will be degraded if the entry matches the indexing criteria. Searches not using the VLV index should not see any notable performance degradation. If the block size is set too big, there is a potential that a large number of updates will result in some JE lock timeouts since the few sorted sets are hotly contested. However, if the block size is too small, searches using the VLV control with offsets could be slow since there are more records to look through. This area need further investigation to determine the optimal default value. Fix for issue 38 ------------------------------------------------------------------------ r2500 | dugan | 2007-07-27 15:44:09 -0700 (Fri, 27 Jul 2007) | 6 lines Fix targetattr not equal operator giving access to an operational attribute based on a user attribute not matching, or access given to a user attribute based on an operational attribute not matching. For example: (targetattr != userpassword) should not give access to the operational attribute createtimestamp. ------------------------------------------------------------------------ r2501 | davidely | 2007-07-27 19:39:43 -0700 (Fri, 27 Jul 2007) | 1 line Reduce unit test memory usage by clearing out test case parameters for successful tests. ------------------------------------------------------------------------ r2502 | neil_a_wilson | 2007-07-29 12:57:09 -0700 (Sun, 29 Jul 2007) | 3 lines Disable the org.opends.server.tasks.TestImportAndExport.testImportExport() test case because it is broken after the commit in revision 2483 for issue 1971. ------------------------------------------------------------------------ r2503 | neil_a_wilson | 2007-07-29 13:58:29 -0700 (Sun, 29 Jul 2007) | 14 lines Add support for a new disconnect client task that can be used to allow an administrator to terminate a client connection if the need arises. The requester must have the disconnect-client privilege. The task entry should contain the ds-task-disconnect object class, which requires the ds-task-disconnect-connection-id attribute type and optionally allows the ds-task-disconnect-notify-client and ds-task-disconnect-message attribute types. Also, add support for a "Get Connection ID" extended operation, which allows a client to determine the connection ID associated with its connection in the server. OpenDS Issue Numbers: 429, 478, 2025 ------------------------------------------------------------------------ r2504 | neil_a_wilson | 2007-07-29 14:06:03 -0700 (Sun, 29 Jul 2007) | 3 lines Fix a copy-and-paste error in the implementation of the Get Connection ID extended operation. ------------------------------------------------------------------------ r2505 | neil_a_wilson | 2007-07-29 14:30:06 -0700 (Sun, 29 Jul 2007) | 7 lines Implement support for restricting the set of tasks that can be invoked in the server. A new configuration attribute, ds-cfg-allowed-task, is now available in the cn=config entry, and any attempt to invoke a task whose fully-qualified class name is not included in this attribute will be rejected. OpenDS Issue Number: 2024 ------------------------------------------------------------------------ r2506 | neil_a_wilson | 2007-07-29 14:32:52 -0700 (Sun, 29 Jul 2007) | 4 lines Update a number of tasks test cases so that the getCompletedTask method is made available in the parent TasksTestCase class rather than duplicated in each test class that needs this functionality. ------------------------------------------------------------------------ r2507 | al_xipe | 2007-07-29 16:07:35 -0700 (Sun, 29 Jul 2007) | 7 lines 1. addition of a 10 second sleep to fix a windows file lock issue on restart 2. a property to bypass proxy detection when running tests 3. display of the functional tests success rate in the ant text output 4. declaration of NO_CHECK variable in runTestJob.xml 5. fool proofing runTestJob.xml in the way it parses the testcase name (in case it does not conform to the implicit naming convention) 6. fix the testcase name for the sample test suite ------------------------------------------------------------------------ r2508 | neil_a_wilson | 2007-07-29 17:42:18 -0700 (Sun, 29 Jul 2007) | 8 lines Provide a mechanism to disable privileges in the server if necessary. If a privilege is disabled, then the server will behave as if all users have that privilege. This can help improve compatibility with environments that expect a feature to always be available, or to only be governed by access control. OpenDS Issue Number: 1683 ------------------------------------------------------------------------ r2509 | neil_a_wilson | 2007-07-29 18:05:28 -0700 (Sun, 29 Jul 2007) | 12 lines Provide a configuration option that makes it possible for the administrator to control whether responses to failed bind operations include an error message that explains the problem. By default, failed bind operations will return a response that indicates the operation failed, but will not include any error message (although it will be written to the access log). However, if the administrator decides that the benefit of providing this information to the client outweighs any potential security risk, then this option may be used to include that message in the response to the client as well as having it written to the access log. OpenDS Issue Number: 1787 ------------------------------------------------------------------------ r2510 | neil_a_wilson | 2007-07-29 18:20:03 -0700 (Sun, 29 Jul 2007) | 4 lines Provide a test case to ensure that the set of server privileges will always stay in sync with the set of available default root privileges and the set of privileges that may be disabled. ------------------------------------------------------------------------ r2511 | al_xipe | 2007-07-29 19:40:58 -0700 (Sun, 29 Jul 2007) | 3 lines 1. removed hard coded references to the product SHORT_NAME from build file 2. updated the x-test installer 3. updated the oulu tests files ------------------------------------------------------------------------ r2512 | neil_a_wilson | 2007-07-29 22:22:32 -0700 (Sun, 29 Jul 2007) | 11 lines Add two new configuration attributes, ds-cfg-enabled-alert-type and ds-cfg-disabled-alert-type to alert handler configuration entries. If a set of enabled alert types is given, then only alerts with one of those types will be passed to the associated alert handler. If a set of disabled alert types is given, then only alerts without one of those types will be passed to the associated alert handler. If both enabled and disabled lists are provided, then only alerts with a type on the enabled list and not on the disabled list will be processed. OpenDS Issue Number: 2027 ------------------------------------------------------------------------ r2513 | neil_a_wilson | 2007-07-29 22:43:54 -0700 (Sun, 29 Jul 2007) | 6 lines Provide valid OIDs for the ds-cfg-ssl-protocol and ds-cfg-ssl-cipher-suite configuration attributes and define them in the server schema, and make the names singular instead of plural. Also, update some of the configuration definitions to align the OIDs used in them with the OIDs used in the server schema. ------------------------------------------------------------------------ r2514 | neil_a_wilson | 2007-07-29 23:26:11 -0700 (Sun, 29 Jul 2007) | 16 lines Update the server to provide an idle time limit configuration option that can be used to terminate client connections that have been idle for too long. This can be controlled on a server-wide default level using the ds-cfg-idle-time-limit configuration attribute in the cn=config entry, but it can also be overridden on a per-user level with the ds-rlim-idle-time-limit operational attribute in the user's entry. Note that while the idle time limit support is server wide, it needs help from the connection handler to provide an idle time for client connections. At this time, only the LDAP connection handler provides this capability. It is not appropriate for internal connections, and it is not seen as important for JMX connections at this time (although such support could be added in the future if the need arises). OpenDS Issue Number: 118 ------------------------------------------------------------------------ r2515 | jvergara | 2007-07-30 05:26:33 -0700 (Mon, 30 Jul 2007) | 5 lines Partial fix for Issue 2026: installer should ensure 1.5 or later JAVA_HOME setting. Force the processes launched by the installer and the upgrader to use the same JVM as the tools (th is is done by setting the JAVA_HOME environment variable when creating the processes). ------------------------------------------------------------------------ r2516 | lutoff | 2007-07-30 06:21:57 -0700 (Mon, 30 Jul 2007) | 1 line Remove unused import ------------------------------------------------------------------------ r2517 | matthew_swift | 2007-07-30 06:41:25 -0700 (Mon, 30 Jul 2007) | 1 line Move dsconfig messages out of a properties file and into the ToolMessages.java message file in anticipation of forthcoming i18n improvements. ------------------------------------------------------------------------ r2518 | lutoff | 2007-07-30 07:15:55 -0700 (Mon, 30 Jul 2007) | 1 line Code and Comments cleaning ------------------------------------------------------------------------ r2519 | matthew_swift | 2007-07-30 07:49:00 -0700 (Mon, 30 Jul 2007) | 2 lines Modify the HelpSubCommandHandler so that it is no longer a singleton. Being a singleton meant that multiple instances of dsconfig would share the same help sub-system and re-initialize it, potentially causing problems. ------------------------------------------------------------------------ r2520 | jvergara | 2007-07-30 08:48:04 -0700 (Mon, 30 Jul 2007) | 2 lines Increase the number of tries when we initialize the ADS from 1 to 5. ------------------------------------------------------------------------ r2521 | jvergara | 2007-07-30 08:53:44 -0700 (Mon, 30 Jul 2007) | 4 lines The following modifications are done in order to be able to handle properly secure connections in both the status command-line and the status panel. Some options to specify a keystore, a trustore, etc. have been added to the status command-line so that is consistent with the other command-lines that use LDAP. As for these command-lines if the user does not specify to use Start TLS or LDAPS, the command-line will try to use LDAP to connect. But if there is no LDAP port enabled, the command-line will try to connect to the LDAPS port. Concerning the status panel, it will try to use the most secure method to connect to the server, if the servers is configured to use SSL or Start TLS and the presented certificate is not trusted by default by the JDK, we will present to the user in order to be accepted. ------------------------------------------------------------------------ r2522 | mkeyes | 2007-07-30 09:15:55 -0700 (Mon, 30 Jul 2007) | 2 lines Created an xml function for modifying global ACIs with dsconfig and using that function to change global ACIs in some functional tests. ------------------------------------------------------------------------ r2523 | mkeyes | 2007-07-30 09:29:26 -0700 (Mon, 30 Jul 2007) | 2 lines Cleanup of test code based on a fix for Issue 1621. ------------------------------------------------------------------------ r2524 | mkeyes | 2007-07-30 12:55:54 -0700 (Mon, 30 Jul 2007) | 2 lines Converted the ACI functional test suites to use dsconfig to modify the global ACIs. ------------------------------------------------------------------------ r2525 | mkeyes | 2007-07-30 13:09:28 -0700 (Mon, 30 Jul 2007) | 2 lines Cleaned up a functional test case in light of the recent fix for Issue 1473. ------------------------------------------------------------------------ r2526 | mkeyes | 2007-07-30 13:42:12 -0700 (Mon, 30 Jul 2007) | 2 lines Removed an ACI test suite that has been obsoleted with recent upgrades to the ACI test suites. ------------------------------------------------------------------------ r2527 | al_xipe | 2007-07-30 15:56:17 -0700 (Mon, 30 Jul 2007) | 1 line 1. fix for search index \n2. added add index with dsconfig\n3.added delete index with dsconfig\n4.added entry limit test but disabled for now ------------------------------------------------------------------------ r2528 | al_xipe | 2007-07-30 15:57:31 -0700 (Mon, 30 Jul 2007) | 1 line removed call to checkRC in runFunction ------------------------------------------------------------------------ r2529 | neil_a_wilson | 2007-07-30 16:30:38 -0700 (Mon, 30 Jul 2007) | 15 lines Update the task backend to provide a mechanism for sending e-mail messages to notify administrators whenever a given task has been completed. It is possible to specify a set of administrators that should be notified only if the task does not complete successfully, and/or a set of administrators that should be notified regardless of the task's success or failure. The basic framework for this capability has always been in place, and this change only provides the final implementation that actually generates and sends the e-mail message. This also includes a change to the way that log messages are handled so that any messages logged by a thread executing a task (or any DirectoryThread subclass created by a task thread) will be captured as part of that task. These messages will also be included in the notification e-mail message. OpenDS Issue Numbers: 2033, 2034 ------------------------------------------------------------------------ r2530 | al_xipe | 2007-07-30 19:26:17 -0700 (Mon, 30 Jul 2007) | 1 line Forgot to add those test data files along with my previous commit, therefore breaking the functional tests. ------------------------------------------------------------------------ r2531 | al_xipe | 2007-07-30 20:01:56 -0700 (Mon, 30 Jul 2007) | 2 lines 1. fixed 2 ldap filter invalid syntaxes 2. fixed bad function call for indexes_remove ------------------------------------------------------------------------ r2532 | lutoff | 2007-07-31 05:45:47 -0700 (Tue, 31 Jul 2007) | 1 line Fix typo ------------------------------------------------------------------------ r2533 | matthew_swift | 2007-07-31 05:48:50 -0700 (Tue, 31 Jul 2007) | 19 lines Fix issue 1991: dsconfig: split "component" field in list-properties Make the list-properties sub-command more consistent with the rest of dsconfig. Rather than display the full component name in the left hand column, dsconfig now splits the name into two columns: the first being the generic component name and the second containing the sub-type name. For example, previously an LDAP connection handler would have the component name "ldap-connection-handler". Now the name is split in two using the generic name "connection-handler" and the sub-type "ldap". This is consistent with the create-xxx sub-commands, where the generic name is typically the sub-command suffix (e.g. create-connection-handler) and the sub-type is the value of the -t flag (e.g. ldap). To make the sub-command more usable, it now has the following three additional options: -c, --category {CATEGORY} The category of components whose properties should be described -t, --type {TYPE} The type of components whose properties should be described. The value for TYPE must be one of the component types associated with the CATEGORY specified using the "--category" option --inherited Modifies the display output to show the inherited properties of components The CATEGORY can be either a generic component name (e.g. backend or connection-handler), or it can be one of the --help-xxx categories (e.g. logging). The TYPE, if specified, must be a sub-type associated with the specified CATEGORY (e.g. ldap or jmx for connection handlers). The option "inherited" forces the sub-command to display all the properties associated with each component type, including inherited properties. All the options are optional (e.g. the -t option does not require the -c option). ------------------------------------------------------------------------ r2534 | matthew_swift | 2007-07-31 06:42:07 -0700 (Tue, 31 Jul 2007) | 4 lines Minor improvements to ArgParser and SubCommandArgParser parsing related error messages. Any argument name references are now double-quoted and always preceded by a dash or double-dash as appropriate. This is to avoid potential ambiguity in some error messages and to also be consistent. Fixes issue 2000. ------------------------------------------------------------------------ r2535 | neil_a_wilson | 2007-07-31 10:31:26 -0700 (Tue, 31 Jul 2007) | 9 lines Update the password policy code so that the sum of the minimum password age and the password expiration warning interval must always be less than the maximum password age. This ensures that the minimum password age will itself always be less than the maximum age, and will also prevent a scenario in which the user could receive password expiration warning messages during a period when he/she cannot change the password due to the minimum age. OpenDS Issue Number: 2032 ------------------------------------------------------------------------ r2536 | mkeyes | 2007-07-31 11:45:43 -0700 (Tue, 31 Jul 2007) | 2 lines Converted Privileges test suites to use dsconfig for changing global ACIs. ------------------------------------------------------------------------ r2537 | kenneth_suter | 2007-07-31 12:59:16 -0700 (Tue, 31 Jul 2007) | 1 line disabled quicksetup tests that stop/start server as they are causing memory use problems with the test machines ------------------------------------------------------------------------ r2538 | boli | 2007-07-31 14:38:45 -0700 (Tue, 31 Jul 2007) | 9 lines This fixes serveral issues LDIF import and VLV features: - Added the ability to use both a backend ID and include branch arguments for LDIF imports (Issue 1971) - Fixed incorrect search scope enum in the VLV index configuration - Added unit tests for partial LDIF imports - Fixed issue where using overlapping include branches during an import would result in a ConcurrentModificationException (Issue 2039) ------------------------------------------------------------------------ r2539 | dugan | 2007-07-31 18:15:44 -0700 (Tue, 31 Jul 2007) | 20 lines Add ACI support to control whether a "smart referral" (named subordinate references -- RFC 3296) may be returned to a client. Smart referral entries contain the referral objectclass and have one or more "ref" attributes containing LDAP URLS. The ref attribute type has usage distributedOperation, so the operational shorthand '+' character can be used to match it: (targetattr="+")(version 3.0; acl "ref wild-card"; allow(read) userdn="ldap:///anyone";) or it can be explicitly used: (targetattr="ref")(version 3.0; acl "ref"; allow(read) userdn="ldap:///anyone";) It is also possible to add an ACI on the referral entry itself: dn: uid=smart, ou=People, dc=example, dc=com objectclass: top objectClass: extensibleobject objectClass: referral ref: ldap://kansashost/OU=People,O=Kansas,C=US ref: ldap://texashost/OU=People,O=Texas,C=US aci: (targetattr = "ref")(version 3.0; acl "add_aci"; allow (read) userdn="ldap://anyone";) ------------------------------------------------------------------------ r2540 | lutoff | 2007-08-01 01:31:17 -0700 (Wed, 01 Aug 2007) | 9 lines Fix for issues #1342 and #1343 Modifications done in dsframework CLI are: - implement subcommand for global admin user management inside the admin registry The dsframework help output is in attachment in addition to the svndiff file and new added file. ------------------------------------------------------------------------ r2541 | lutoff | 2007-08-01 02:40:28 -0700 (Wed, 01 Aug 2007) | 1 line Use DsframeworkReturnCode enum in a more 'classical' way ------------------------------------------------------------------------ r2542 | neil_a_wilson | 2007-08-01 14:26:43 -0700 (Wed, 01 Aug 2007) | 4 lines Fix a problem in the way that the Netscape password expired control was being encoded. It was previously thought to have no value, but in actuality it should have always have a value whose string representation should be "0". ------------------------------------------------------------------------ r2544 | boli | 2007-08-01 15:41:18 -0700 (Wed, 01 Aug 2007) | 5 lines Fixed a typo for the max block size attribute in the VLV index configuration Fixed issue 2045. The import will delete the database files if only one base DN is used with the backend being imported instead of calling the JE clear method. ------------------------------------------------------------------------ r2545 | lutoff | 2007-08-02 01:03:24 -0700 (Thu, 02 Aug 2007) | 1 line fix typo (issue #2047) ------------------------------------------------------------------------ r2546 | lutoff | 2007-08-02 01:25:19 -0700 (Thu, 02 Aug 2007) | 1 line Code cleaning ------------------------------------------------------------------------ r2547 | mkeyes | 2007-08-02 06:31:58 -0700 (Thu, 02 Aug 2007) | 4 lines Expanding the functionality of dsconfigSet xml function for the functional tests. Now --remove, --add, and --reset are options that can be used with set-xxx-yyy-prop command for dsconfig. --set is the default option. ------------------------------------------------------------------------ r2548 | mkeyes | 2007-08-02 06:48:52 -0700 (Thu, 02 Aug 2007) | 2 lines Converted more Security functional test cases to use dsconfig. ------------------------------------------------------------------------ r2549 | smaguin | 2007-08-02 07:43:10 -0700 (Thu, 02 Aug 2007) | 2 lines add a robust wrapper on dsconfig ------------------------------------------------------------------------ r2550 | neil_a_wilson | 2007-08-02 14:47:09 -0700 (Thu, 02 Aug 2007) | 3 lines Fix a potential deadlock in the task code that could occur if a client tried to retrieve the task entry at the same time that it was being updated. ------------------------------------------------------------------------