Commit Graph

22212 Commits

Author SHA1 Message Date
Howard Chu
29833786ad Cleanup unused vars 2017-04-10 00:54:21 +01:00
Howard Chu
d089b3c0d1 Tweak privateKeyValidate
Only accept PKCS#8 private keys
2017-04-10 00:51:09 +01:00
Howard Chu
9e051001d4 Add GnuTLS support for direct DER config of cacert/cert/key
Followon to b402a2805f
2017-04-10 00:21:08 +01:00
Howard Chu
25dc9e99ea Cleanup warnings, unused vars, etc. 2017-04-09 23:42:22 +01:00
Howard Chu
cff264c6e1 Fix autoca schema init
Wait for core.schema to get loaded
2017-04-09 22:45:36 +01:00
Howard Chu
44a3653d90 Cleanup test066 comments 2017-04-09 21:37:55 +01:00
Howard Chu
dacf15475f autoca manpage updates 2017-04-09 20:48:37 +01:00
Howard Chu
9bafb16e1b Add autoca test script 2017-04-09 20:33:50 +01:00
Howard Chu
268f71cb27 autoca fixups
Move install of CA cert to a pool thread, otherwise cn=config deadlocks
on dynamically loaded overlay.

Dup/release entry before attempting to modify it, to avoid deadlocks
in back-bdb/hdb.

Always use PKCS#8 format when storing private keys.
2017-04-09 20:31:11 +01:00
Howard Chu
f33c7d1ee6 Fixup for ;binary config attrs
Use the plain attributeDescription when searching config tables
2017-04-09 20:29:47 +01:00
Howard Chu
0f9ec8322f Add localDN config
If a cert is generated for this DN, configure it as the local
TLS cert/key
2017-04-09 16:44:14 +01:00
Howard Chu
b939bb519e Set the CA cert in cn=config if none was already set 2017-04-09 15:42:17 +01:00
Howard Chu
c9ccdf8554 Fixup pause handling, silence warnings
Don't try to resume the pool if pausing failed.
2017-04-09 15:41:16 +01:00
Howard Chu
13c39b98b5 Fixup handle_pause()
Return -1 if running on the main thread - which means there
are no worker threads to pause.
2017-04-09 15:39:44 +01:00
Howard Chu
2e011eeb67 Fixup cacert option 2017-04-09 15:39:13 +01:00
Howard Chu
a336241e0e Add ldap_pvt_thread_pool_queues decl
Was missing from 0ef9e6107b
2017-04-09 15:35:05 +01:00
Howard Chu
7b41feed83 Support setting cacert/cert/key directly in cn=config entry 2017-04-09 14:51:25 +01:00
Howard Chu
83fb515555 Fixup cacert/cert/key options
Add get_option support, allow delete by setting a NULL arg.
2017-04-09 14:49:48 +01:00
Howard Chu
2860fd4c6c Move privateKey schema into slapd 2017-04-09 14:16:56 +01:00
Howard Chu
6b573cea57 Flesh out experimental OIDs 2017-04-09 13:47:25 +01:00
Howard Chu
79284a06d3 Catalog of assigned OID arcs
With some specific elements as well, but not exhaustively listed.
Patches welcome.
2017-04-09 03:55:01 +01:00
Howard Chu
2012795d3b Add config support for binary values
Use base64 for .conf files, straight binary for back-config
2017-04-09 02:26:41 +01:00
Howard Chu
b402a2805f Add options to use DER format cert+keys directly
Instead of loading from files.
2017-04-09 00:13:42 +01:00
Howard Chu
2b920ecaec Add autoca overlay
Automated certificate authority
2017-04-08 02:51:08 +01:00
Ondřej Kuzník
ec5af7b5e7 ITS#6545 Update accesslog format and syncrepl consumer
Make two successive modifications of the same attribute separate. This
lets the consumer interpret the log entry the same way as the server
that produced it.

Still depends on the log entry attributes being read in the same order
as they were written.
2017-04-07 14:39:07 -07:00
Quanah Gibson-Mount
eb8f1a7247 ITS#8353, ITS#8533 - Cleanup for libldap_r 2017-04-07 13:39:11 -07:00
Quanah Gibson-Mount
6ced84af79 ITS#8353, ITS#8533 - Fix libldap_r compilation 2017-04-06 15:12:02 -07:00
Quanah Gibson-Mount
01cbb7f4c6 ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later 2017-04-06 11:47:06 -07:00
Ondřej Kuzník
46c85a32ae ITS#8266 Allow empty mods 2017-03-30 15:27:45 -07:00
Quanah Gibson-Mount
207fde15eb ITS#7700 - Update documentation about the "limits" configuration option 2017-03-29 14:29:25 -07:00
Quanah Gibson-Mount
515ac60fdc ITS#7700 - Update syncrepl configuration bits with missing parameters 2017-03-29 13:47:13 -07:00
Quanah Gibson-Mount
b1e1904a8c ITS#7177, ITS#6339 - Fix VV option information 2017-03-29 12:36:42 -07:00
Jan Vcelak
54c4df72dd ITS#7177 add SASL_NOCANON option to ldap.conf(5) 2017-03-29 12:35:09 -07:00
Quanah Gibson-Mount
92559cc663 ITS#7341 Fix typo in access control so that it is attrs= not attr= 2017-03-29 12:00:26 -07:00
Gerardo Santana
1ae58200fe ITS#8499 Fix typo in admin guide 2017-03-29 10:52:48 -07:00
Ondřej Kuzník
59fbc28dbc ITS#8513 Update TOTP README 2017-03-29 10:51:22 -07:00
Quanah Gibson-Mount
2c84446240 ITS#8587 - Fix typos 2017-03-29 10:44:55 -07:00
Ondřej Kuzník
e56a849e5d ITS#8625 Separate Avlnode and TAvlnode types
Switch AVL_CHILD/AVL_THREAD values and set Avlnode bits to AVL_CHILD for
better compatibility between avl and tavl as suggested by Howard.
2017-03-29 14:52:44 +01:00
Howard Chu
a0cc1d9655 ITS#8054 add queue time to log
Show time spent in conn+threadpool queues before an op actually executes.
Also clean up timestamp handling
2017-03-16 14:21:31 +00:00
Howard Chu
e12ca8b6fe Fixes for multiple threadpool queues
Remove poolq_hash, it wasn't distributing work evenly to the queues.
Just walk through all queues and use the one with smallest
active+pending count. Since pool_retract also relied on the hash,
a different means of locating the thread to retract was needed.
Add pool_submit2 which returns the threadpool task structure,
and record which poolq this task lives on.
2017-03-15 11:13:09 +00:00
Ondřej Kuzník
53c6c9d16b ITS#8574 - Deal with rDN correctly
This fixes issues with values that need escaping in the rDN when an
incorrect value would be passed to the handler and back-ldif.
2017-03-08 15:32:17 -08:00
Howard Guo
4962dd6083 ITS#8529 Avoid hiding the error if user specified CA does not load
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.

This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
2017-02-22 09:56:17 -08:00
Quanah Gibson-Mount
ef60799568 ITS8589 - This modifies the test so that it will not trigger the issue described in the ITS. 2017-02-21 16:02:17 -08:00
Quanah Gibson-Mount
2af41ec852 ITS#8253 - Further clarification around replication information 2017-02-21 15:27:13 -08:00
Howard Chu
9773f43b11 ITS#8585 Fail ldap_result if handle is already bad 2017-02-07 13:00:05 +00:00
Quanah Gibson-Mount
45018fef17 ITS#8253 - better document options for the syncprov module 2017-02-06 15:27:25 -08:00
Howard Chu
6f3c970f47 Document threadqueues option
Implemented in 34f832faee
2017-02-06 09:35:05 +00:00
Quanah Gibson-Mount
5c21726f62 Correctly exit if the backend is back-ldap 2017-02-03 14:30:30 -08:00
Quanah Gibson-Mount
c01bbc7e3b Tweak examples to use back-mdb 2017-02-02 10:43:01 -08:00
Howard Chu
451a9623f3 ITS#8576 Revert "LDAP_TAILQ fix"
This reverts commit 8ee8248328.
2017-02-01 11:58:54 +00:00