Commit Graph

22312 Commits

Author SHA1 Message Date
Ondřej Kuzník
3258bf40eb ITS#8291 Reopen cursor after delete 2017-10-11 14:32:08 -07:00
Ondřej Kuzník
5e531214b5 ITS#8291 Enable slapmodify logging in tests 2017-10-11 14:32:04 -07:00
Emmanuel Lécharny
77408ac781 ITS#8153 - olcTimeLimit should be Single Value 2017-10-11 14:31:51 -07:00
Ivan Nejgebauer
cb9a4d01bc ITS#8037 - Add support for relax control to delta-syncrepl 2017-10-11 14:31:45 -07:00
ck@test-centos64.cksoft.de
44e9bda0e4 ITS#7721 - Allow authTimestamp updates to be forwarded via updateref 2017-10-11 14:31:38 -07:00
Nathaniel McCallum
29f6260364 ITS#7532 - Add new function ldap_connect().
This function is used to manually establish a connection after
a call to ldap_initialize(). This is primarily so that a file
descriptor can be obtained before any requests are sent for the
purposes of polling for writability.
2017-10-11 14:31:22 -07:00
Quanah Gibson-Mount
9bef357403 ITS#6475 - Man page updates to slapd.conf/slapd-config for the new olcSaslAuxpropsDontUseCopy and olcSaslAuxpropsDontUseCopyIgnore parameters for use with SASL/OTP 2017-10-11 14:31:01 -07:00
Michael Ströder
636b63b5fd ITS#8692 let back-sock generate increment: line in case of LDAP_MOD_INCREMENT (see RFC 4525, section 3) 2017-10-11 13:04:38 -07:00
Jan Vcelak
cbf5f03476 ITS#7389 - MozNSS: load certificates from certdb, fallback to PEM
If TLS_CACERT pointed to a PEM file and TLS_CACERTDIR was set to NSS
certificate database, the backend assumed that the certificate is always
located in the certificate database. This assumption might be wrong.

This patch makes the library to try to load the certificate from NSS
database and fallback to PEM file if unsuccessfull.
2017-10-06 13:59:07 -07:00
Ian Puleston
46c93e41f4 ITS#8167 Fix non-blocking TLS with referrals 2017-10-06 13:57:13 -07:00
Quanah Gibson-Mount
35a880c53e ITS#8687 - EGD is disabled by default in OpenSSL 1.1. We need to comment out this block if it is not detected. Particularly affects cross compilation. 2017-10-06 13:48:40 -07:00
Quanah Gibson-Mount
a795d7cc0b ITS#8583 - Fix C++ LDAP Control structure 2017-10-06 10:45:21 -07:00
sca+openldap@andreasschulze.de
90835da72f ITS#8578 - remove unused-variables in RE24 testing call (2.4.45) 2017-10-06 10:45:08 -07:00
Nadezhda Ivanova
da170cbe3b ITS#8404 Fix an assertion failure during modify of olcDbRewrite in back-meta 2017-10-06 10:44:54 -07:00
Quanah Gibson-Mount
fba60ab2ed ITS#8121 - Note ldap_sasl_bind and ldap_sasl_bind_s can be used to make simple binds via the LDAP_SASL_SIMPLE mechanism 2017-10-06 10:44:38 -07:00
Ted C. Cheng
e20ac6b539 ITS#7520 - back-ldap omit-unknown-schema changes 2017-10-06 10:44:31 -07:00
Jan Vcelak
19fd969d21 ITS#7374 - MozNSS: better file name matching for hashed CA certificate directory
CA certificate files in OpenSSL compatible CACERTDIR were loaded if the
file extension was '.0'. However the file name should be 8 letters long
certificate hash of the certificate subject name, followed by a numeric
suffix which is used to differentiate between two certificates with the
same subject name.

Wit this patch, certificate file names are matched correctly (using
regular expressions).
2017-10-06 10:44:13 -07:00
Jan Vcelak
acc5b88661 ITS#7373 - TLS: do not reuse tls_session if hostname check fails
If multiple servers are specified, the connection to the first one
succeeds, and the hostname verification fails, *tls_session is not
dropped, but reused when connecting to the second server.

This is a problem with Mozilla NSS backend because another handshake
cannot be performed on the same file descriptor. From this reason,
hostname checking was moved into ldap_int_tls_connect() before
connection error handling.
2017-10-06 10:44:07 -07:00
Ondřej Kuzník
08492987a0 ITS#7100 Update entryTtl behaviour to match RFC 2589 2017-10-06 10:43:48 -07:00
Ondřej Kuzník
61cfb80f8d ITS#7100 Test for entryTtl reflecting time to live 2017-10-06 10:40:20 -07:00
Quanah Gibson-Mount
44b9fd1c81 ITS#5048 - index on entryCSN is mandatory 2017-10-06 10:39:43 -07:00
Howard Chu
70e54d2527 ITS#8752 fix syncrepl null_callback
Make sure it's last in callback stack
2017-10-05 22:13:39 +01:00
Quanah Gibson-Mount
78626aeb4a Fix script so it exits 2017-10-05 09:23:02 -07:00
Quanah Gibson-Mount
ae2a2a794b ITS#8444 - Fix description to match the actual issue that was fixed 2017-10-04 20:42:54 -07:00
Quanah Gibson-Mount
53a41a22da ITS#8752 - Add regression test 2017-10-04 20:36:25 -07:00
Hallvard Furuseth
ff2d7cc798 ITS#8733 Allow a raw integer to be decoded from a berval 2017-09-28 14:15:06 +01:00
Hallvard Furuseth
62811e8f65 ITS#8733 Allow extraction of the complete ber element 2017-09-28 14:14:55 +01:00
Ondřej Kuzník
6aa6daf2f0 ITS#8732 Extend CIRCLEQ macros 2017-09-28 08:53:58 +01:00
Quanah Gibson-Mount
0d4cd89786 LDAP_FEATURE_SUBORDINATE_SCOPE is from expired draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL 2017-09-26 11:51:27 -07:00
Quanah Gibson-Mount
30e2a904dc Move a bunch of featuers back behind LDAP_DEVEL for 2.5
SLAP_AUXPROP_DONTUSECOPY is ok for release
2017-09-26 11:35:50 -07:00
Quanah Gibson-Mount
86105092bd CHECK_CSN is a debug only flag for testing. It should always remain
behind LDAP_DEVEL
2017-09-26 11:30:50 -07:00
Quanah Gibson-Mount
a9ff0e97fc ITS#6817 - back-meta work for SLAP_AUTH_DN was never finished according
to the ITS notes.  In addition, this would need man page updates for the
feature
2017-09-26 11:27:15 -07:00
Quanah Gibson-Mount
41a9010773 The support for unindexed attributes being tracked in back-monitor needs
to remain behind LDAP_DEVEL for now.  Right now, the mutex in
back-monitor cannot properly handle the load if the server had a lot
of unindexed attributes that were being accessed in search filters.
2017-09-26 11:04:45 -07:00
Quanah Gibson-Mount
43a039eba4 ITS#7428 - Non-blocking TLS is not compatible with MOZNSS 2017-09-26 10:59:08 -07:00
Quanah Gibson-Mount
7246da8a66 Whitespace cleanup 2017-09-26 10:33:01 -07:00
Ondřej Kuzník
a8f01cc885 ITS#8638 Add a recursive mutex to libldap_r for libevent
Most thread implementations suppport a native recursive mutex, use that
where possible (especially when a regular mutex is recursive already).

Also provide a macro for applications to test whether they can use the
lock functions interchangeably.
2017-09-26 16:26:33 +01:00
Ondřej Kuzník
5adcdb7642 Fix warnings issued by autoconf 2.68+ 2017-09-26 14:41:11 +01:00
Quanah Gibson-Mount
04cfd144d9 Fix additional compile for /dev/poll support. /dev/poll is neither tested nor supported. 2017-09-22 12:05:18 -07:00
Quanah Gibson-Mount
2085def079 Merge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap 2017-09-19 15:21:56 -07:00
Quanah Gibson-Mount
09bec057e5 Fix calls to SLAP_DEVPOLL_SOCK_LX for multi-listener support. Support
for /dev/poll is neither enabled nor tested, so other issues may exist.
2017-09-19 15:20:56 -07:00
Howard Chu
20e46d8494 ITS#8725 fix 75999a18c3
Not needed since callback uses tmpalloc
2017-09-08 21:36:05 +01:00
Quanah Gibson-Mount
c1512eea58 Fix typo "errror" -> "error" 2017-09-08 12:03:02 -07:00
Nadezhda Ivanova
82737719c8 ITS#8725 Always remove listener descriptors from daemon on shutdown 2017-09-08 19:43:59 +01:00
Howard Chu
db3909d27d ITS#8725 add slap_sl_mark / slap_sl_release
For fast cleanup after constructing disposable entries
2017-09-08 17:39:22 +01:00
Howard Chu
68e064ca84 ITS#8725 Avoid listener thread startup race
Typically only shows up under valgrind, not in regular runs
2017-09-08 17:39:22 +01:00
Howard Chu
8b1fb962fc ITS#8725 connection fixes
Fix op_finish, must resched connection to pick up pending ops.
Fix op completion counter.
2017-09-08 17:39:14 +01:00
Howard Chu
63308ef6bb ITS#8725 backover fixes for async
Fix some valgrind race conditions - wait for frontend to finish up
Don't set callbacks for abandon or unbind - since they have no response
Use tmpalloc for backover callback
2017-09-08 17:25:55 +01:00
Nadezhda Ivanova
c6e00c7b0f ITS#8725 Fix an invalid data access during add operations if backend is asynchronous 2017-09-08 16:51:27 +01:00
Howard Chu
01a5eeac1d ITS#8727 plug ber leaks 2017-09-08 16:35:32 +01:00
Howard Chu
75999a18c3 ITS#8725 Add SLAPD_ASYNCOP return code
Tell frontend the op will finish asynchronously, leave it alone
2017-09-07 18:07:39 +01:00