mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-02-17 14:00:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
23,502 Commits 38 Branches 307 Tags 76 MiB
1d5e16fa54
Commit Graph

2587 Commits

Author SHA1 Message Date
Jaak Ristioja
44e36a4943 ITS#9448 doc, Admin Guide: Fixed LDIF example not matching description 2021-02-04 19:55:42 +00:00
Quanah Gibson-Mount
70488c22bf ITS#9322 - Update recommended dependency verions 
Update OpenSSL to recommend 1.1.1 series or later (1.0.2+ required)
Update GnuTLS to recommend 3.6.0 series or later (3.3.6+ required)
Update Cyrus-SASL to recommend 2.1.27 or later
Remove Kerberos section, since we no longer directly link to the krb5 libraries
Add section for LDAP load balancing proxy engine
 2021-01-28 22:09:16 +00:00
David Barchiesi
0799f58533 ITS#9442 Add negregex constraint type for not allowing values based on a regex. 2021-01-28 18:54:03 +00:00
Quanah Gibson-Mount
e768dcd062 ITS#6406 - Note accesslog storage requirements 
Update slapo-accesslog(5) man page to note that the database backend storing the data must support an ordered return of results.
 2021-01-26 18:06:05 +00:00
Quanah Gibson-Mount
7d096281ef ITS#8214 - Fix man page to require rwm prefix 2021-01-26 15:59:43 +00:00
Quanah Gibson-Mount
26d5fdc854 Happy New Year! 2021-01-25 21:51:59 +00:00
Quanah Gibson-Mount
efaf9a4a17 Happy New Year! 2021-01-11 19:25:53 +00:00
Howard Chu
354e678ce9 ITS#9426 dynlist: don't add unexpanded groups at end of search 
if pagedResults is in use
 2020-12-15 22:55:47 +00:00
Ondřej Kuzník
b49f51879f Implement client pending operation limits 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
25a4d684fc Permit lloadd to share slapd TLS context 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
513659c610 Document config behaviour 2020-11-17 17:58:15 +00:00
Nadezhda Ivanova
678fa100f7 Convert the load balancer into a backend 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
37cd5f21d5 Enable compilation of the load balancer as a module 
To compile the balancer as a slapd module, pass --enable-balancer=mod to ./configure
Use --enable-balancer(=yes) to compile as standalone server.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
0cfd4fca4d Make timeouts common and redo connection read timeouts 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ccf75c96c4 Update write timeout to timeval 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
7b413f9ed4 Update docs and defaults 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9d3b998abd Document new bind configuration 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
a8a0fe26b0 Documentation updates 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
495dfa69a2 Split client/upstream PDU size limits 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
3fa8a0cdf2 Rename listener-threads to reflect the option 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8d85912ab9 lloadd documentation 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
46ddb4039c lloadd ahoy 2020-11-17 17:15:40 +00:00
Quanah Gibson-Mount
4041848587 Add documentation on ACL requirements for psuedo-attribute entryDN 
Also fix up the example for replacing the memberOf overlay
 2020-11-10 23:30:47 +00:00
Quanah Gibson-Mount
66af4cfd5d ITS#8618 - Remove deprecated -h and -p options to client tools 2020-10-01 21:27:59 +00:00
Quanah Gibson-Mount
a3f186880c ITS#9351 - Always build back-monitor as a static backend 2020-09-21 16:52:33 +00:00
Lukas Juhrich
c8ba729f84 Issue#8769 - Fix oid search extension syntax in documentation 
The option string, e.g. '<oid>=:dn:' is parsed like a LDIF entry starting from
the '=' and replacing the '=' with a dummy variable 'x'.  In this case, said
string is 'x:dn:', so the resulting effective value is 'dn:'.  This also implies
that base64 values have to be passed in the form '<oid>=::<b64value>'.
 2020-09-04 22:39:53 +00:00
Quanah Gibson-Mount
e749750a8f ITS#8159 - Add missing "hard" parameter to size.prtotal 2020-09-01 19:40:36 +00:00
Quanah Gibson-Mount
04124c1f70 ITS#8175 - Fix missing descriptions for olcDisallows for proxy_authz_non_critical and dontusecopy_non_critical 2020-09-01 18:04:06 +00:00
Howard Chu
d5ed7c5027 ITS#9054, #9318 document new TLS options in slapd 2020-08-28 11:09:25 +01:00
Howard Chu
608a822349 ITS#9318 add TLS_REQSAN option 
Add an option to specify how subjectAlternativeNames should be
handled when validating the names in a server certificate.
 2020-08-21 18:05:08 +00:00
Howard Chu
2386a11649 ITS#9054 Add support for multiple EECDH curves 
Requires OpenSSL 1.0.2 or newer
 2020-08-21 07:58:07 +01:00
Quanah Gibson-Mount
85399807b4 ITS#9279 - Add draft for vchu-ldap-pwd-policy 2020-08-07 21:39:19 +00:00
Ondřej Kuzník
43ebfa8fb4 ITS#6467 Make accesslog a possible sessionlog source 2020-07-22 22:25:10 +01:00
Quanah Gibson-Mount
3716245fec Issue#8511 - Update documentation and configs to correctly use multiprovider 2020-07-22 19:32:49 +00:00
Ondřej Kuzník
a49b553676 ITS#9279 Implement Netscape password policy controls in ppolicy 2020-07-22 18:57:38 +00:00
Howard Chu
c470af3749 ITS#9121 add examples to manpage 2020-07-22 15:11:24 +00:00
Howard Chu
2c0499ae4e ITS#9121 support nested groups 2020-07-22 15:11:24 +00:00
Howard Chu
9210ed1618 ITS#9121 add dynamic memberOf support for static groups 2020-07-22 15:11:24 +00:00
Ondřej Kuzník
c7b008eede ITS#8701 Fix documentation 2020-07-21 10:48:47 +01:00
Quanah Gibson-Mount
21eef84a49 ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-07-18 16:27:04 +00:00
Quanah Gibson-Mount
75ce891a82 Issue#9289 - Update URL from DMOZ to Curlie 2020-07-15 17:29:07 +00:00
Quanah Gibson-Mount
b180833da8 ITS#9020 - Fix typo 2020-07-14 15:22:25 +00:00
Ondřej Kuzník
bdc9dbc511 ITS#8701 Implement account usability in ppolicy 2020-07-07 16:43:37 +01:00
Quanah Gibson-Mount
c06ac436e2 ITS#9235 Merge libldap_r into libldap 2020-07-03 17:23:14 -07:00
Ondřej Kuzník
376d5d65cb ITS#7084 ACL of 'manage' gives pasword administrator access 
Password administrators can bypass safeModify, password quality checks
and trigger reset if policy instructs the server to.
 2020-07-03 20:42:14 +00:00
Quanah Gibson-Mount
58c978825c Issue#9020 - Use consistent namespaces for overlays 2020-06-22 20:44:12 +00:00
Quanah Gibson-Mount
f3e0707e34 Cleanup links to old ITS system 2020-06-21 16:37:48 +00:00
Quanah Gibson-Mount
479745365d Issue #8888 - Change numbered list to Note format 2020-06-01 19:05:26 +00:00
Ondřej Kuzník
528ab11f66 ITS#9271 Document ldap_parse_intermediate 2020-05-28 16:02:02 +00:00
Quanah Gibson-Mount
f926e66723 ITS#8873 - Delete obsolete configuration options from back-ldap, back-meta, and back-asyncmeta 2020-05-26 19:59:56 +00:00
Howard Chu
9183abe62c ITS#9264 add an optional lock to slapo-unique 2020-05-22 15:08:20 +01:00
Quanah Gibson-Mount
005c870d68 ITS#8154 - olcTimeLimit and olcSizeLimit are single valued, fix docs 2020-05-18 20:49:25 +00:00
Quanah Gibson-Mount
83217b9842 ITS#8614 - documentation updates 2020-05-18 19:37:47 +00:00
Ryan Tandy
9282e6edea ITS#8155 Support cacertdir with GnuTLS 2020-05-14 07:56:28 -07:00
Ryan Tandy
7dfbcfa151 Fix typos 2020-04-28 11:24:48 -07:00
Quanah Gibson-Mount
af5b31b2a7 2.5 version updates 2020-04-27 23:25:19 +00:00
Isaac Boukris
3cd50fa8b3 ITS#9189 rework sasl-cbinding support 
Add LDAP_OPT_X_SASL_CBINDING option to define the binding type to use,
defaults to "none".

Add "tls-endpoint" binding type implementing "tls-server-end-point" from
RCF 5929, which is compatible with Windows.

Fix "tls-unique" to include the prefix in the bindings as per RFC 5056.
 2020-04-23 21:00:39 +02:00
Quanah Gibson-Mount
1f4d4c9536 ITS#9230 - Update truncate man page information for 2.5 and later 2020-04-22 00:37:23 +00:00
Quanah Gibson-Mount
a019e7fe1a ITS#9207 - Remove MozNSS code and documentation 2020-04-20 21:38:01 +00:00
Ondřej Kuzník
6d6a330057 ITS#8245 Use Relax control to avoid uniqueness checks 
Still needs to retrieve the entry for ACL resolution until we can
restrict controls with ACLs.
 2020-04-06 20:44:09 +00:00
Quanah Gibson-Mount
4358ab5d73 ITS#9184 - Document V[V[V]] option to slapd 2020-04-06 18:46:01 +00:00
Quanah Gibson-Mount
a5b8a41c13 ITS#9003 
Note that with slapd-ldap, the special character "*" actually allows anonymous rather than denies, as is the case with authz-policy
 2020-04-01 19:40:27 +00:00
Ryan Tandy
5d8c491fa1 ITS#9166 Fix slapdconfig.sdf mismatched braces 2020-02-12 10:55:08 -08:00
Ondřej Kuzník
ba290f1c35 ITS#9156 Document ppolicy changes 2020-01-23 23:47:14 +00:00
Ondřej Kuzník
419b9ad202 ITS#9156 Implement pwdMaxIdle 2020-01-23 23:46:58 +00:00
Ondřej Kuzník
2b007d01db ITS#9156 Document corner cases and omissions 2020-01-23 23:46:10 +00:00
Quanah Gibson-Mount
f6ad222e41 Happy New Year! 2020-01-09 16:50:21 +00:00
Howard Chu
90b0abd894 ITS#9121 dynlist enhancements 
1) allow filtering on dynamic attribute values
2) populate an optionally configured memberOf attribute

test044 script still needs to be extended to test these
enhancements. We need to define an interim attributeType
for testing memberOf functionality.
 2019-12-16 18:31:12 +00:00
Ondřej Kuzník
5b304a3ae6 ITS#9071 Document "tls none" for back-ldap 2019-08-30 14:02:31 +01:00
Quanah Gibson-Mount
efbfc1fe95 ITS#9065 - Document correct attribute pwdGraceAuthnLimit 2019-08-19 15:45:31 +00:00
Quanah Gibson-Mount
7cc34fa722 ITS#9063 -- Fix missing bold tag for tls_reqcert 2019-08-12 23:49:50 +00:00
Quanah Gibson-Mount
c4df431c6c ITS#8977 - Note allowed value range for idlexp 2019-06-26 18:15:32 +00:00
Ondřej Kuzník
17b5b3d7f8 Separate VERSION to its own paragraph 2019-06-21 13:44:06 +02:00
Ondřej Kuzník
6a5e30674b ITS#8671 Expose OpenLDAP specific interfaces in openldap.h 2019-06-14 11:52:35 +02:00
Quanah Gibson-Mount
86bffa713e ITS#9010 - More BDB/HDB cleanup 
Remove some remaining documentation bits referencing bdb/hdb databases
Remove regression test specific to back-bdb
 2019-06-07 17:31:53 +00:00
Quanah Gibson-Mount
71599e4ef4 ITS#9031 - Fix missing reqDN index 2019-06-07 17:26:36 +00:00
Quanah Gibson-Mount
98442e3272 ITS#9031 - Add missing reqDN index for delta-syncrepl 2019-06-07 16:32:35 +00:00
Quanah Gibson-Mount
1aa1d9e4c3 Fix examples by removing quotes 2019-05-21 20:34:32 +00:00
Quanah Gibson-Mount
ec2cb12e68 ITS#9010 - Delete back-bdb/back-hdb 
This commits deletes all references and code for back-bdb and back-hdb.
There is some follow up work still necessary to flush out the admin
guide for back-mdb.
 2019-05-13 17:20:28 +00:00
Ondřej Kuzník
a5ad0e0643 ITS#8693 Tweak previous commit 2019-05-08 15:31:13 +01:00
Ondřej Kuzník
a4e2d5c501 ITS#8693 Document unused but generated starttls parameter 2019-05-08 15:12:08 +01:00
Quanah Gibson-Mount
6d79439630 ITS#8881 - Note MDB is the primary backend 
Update to note that MDB is the primary backend and HDB/BDB are
deprecated.
 2019-04-17 23:52:51 +00:00
Quanah Gibson-Mount
c5ad08c1a4 ITS#8771 - Note back-mdb is recommended 
Commit 279594c22f officially marked
slapd-mdb as being the recommended backend for OpenLDAP, superseding
back-hdb.  This man page was missed during that update.
 2019-04-17 23:49:08 +00:00
Ondřej Kuzník
4a136c7651 ITS#8731 Improve sample processing script 2019-03-21 10:29:03 +00:00
Nadezhda Ivanova
f239bbd3c6 Add LDAP_OPT_KEEPCONN option 
This option instructs try_read1msg to not free the connection on read error
or on Notice of disconnections, but leave it to the caller. It is needed,
for example, by back-asyncmeta, who expects to have control on when
its target connections are freed. Must be used with caution.
 2019-02-28 17:27:54 +00:00
Nadezhda Ivanova
bb7e14d201 ITS#8734 Fixes for many back-asyncmeta issues 
Includes all the changes necessary to fix back-asyncmeta issues
discovered during on-site testing since the start of 2016.
These include:
Issues with stability - crashes and assetion failures
Incorrect behavior during unstable network conditions, such as inability to reset connections
or process responses, or "hanging" to wait for a response that would never be received.
Memory leaks and memory management fixes - major redesign of the way back-asyncmeta
works with memory contexts.
Rewrite was replaced with suffix-massage in configuration, and the network-timeout value was changed to milliseconds.
Incorrect behavior when SASL is used to bind to a target.
Many problems caused by race conditions
Fixes for compiler warnings, and tests.
Cleanup of unused code.
 2019-02-28 16:22:11 +00:00
Ondřej Kuzník
e5b5232516 ITS#8731 Add the documentation and scripts 2019-02-15 16:51:53 +00:00
Howard Chu
c8b806b676 ITS#8977 make IDL size configurable 2019-02-15 14:37:51 +00:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Howard Chu
52ace4554e More for privateKey tweak 2018-12-18 21:56:18 +00:00
Quanah Gibson-Mount
3add82a3bb ITS#8286 -- Add matching rules for attributes 
Add matching rules for all cases where it was missing.  Cleanup
incorrect types for a few attributes as well.  Fix network-timeout
handling in back-ldap/meta/asyncmeta.
 2018-12-18 19:14:06 +00:00
Quanah Gibson-Mount
2f27605811 ITS#8887 
Fix repeated use of the word is
 2018-11-16 22:31:16 +00:00
Quanah Gibson-Mount
9d4a5f64b6 Change backend reference from slapd-bdb to slapd-mdb 2018-11-14 21:28:01 +00:00
Ondřej Kuzník
5c0b820c4a ITS#8772 Remove cthread support 2018-10-19 13:08:10 +01:00
Howard Chu
111329a2dc More for back-mdb multival 
Allow configuring thresholds for specific attributes
 2018-08-30 11:24:25 +01:00
Ondřej Kuzník
8a259e3df1 ITS#8573 allow all libldap options in tools -o option 2018-06-14 16:19:10 +01:00
Ondřej Kuzník
18afc2446d Fix quoting example 2018-06-14 16:19:10 +01:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Howard Chu
f183b81a68 ITS#8818 SASL_MECH/SASL_REALM are not user-only 
Changed as of ITS#4327 commit 86d10729
 2018-03-13 18:57:53 +00:00
Ondřej Kuzník
4035016796 ITS#6656 Docs for reqEntryUUID 2017-10-26 11:53:50 +01:00