[389-devel] Please review (coverity fix): [389 Project] #48: Active Directory has certain uids which are reserved and will cause a Directory Server replica initialization of an AD server to abort.

2013-08-22 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/48

https://fedorahosted.org/389/attachment/ticket/48/0001-Ticket-48-Active-Directory-has-certain-uids-which-ar.2.patch
git patch file (master) -- fixing Coverity CID 11943

 Coverity CID 11943 - Logically dead code

 Fix description: The following commit mistakenly put the "Ignoring
 ALREADY EXIST case" code before retrieving the ldap_result_code.
 This patch fixes the order.
   commit b00b8acca54267560c6d7ec614bc52cfe541200a
   Author: Noriko Hosoi 
   Date:   Fri Aug 16 14:04:27 2013 -0700


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #605: support TLS 1.1 - adding backward compatibility

2013-12-04 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/605

https://fedorahosted.org/389/attachment/ticket/605/0001-Ticket-605-support-TLS-1.1-adding-backward-compatibi.patch

 Description: commit 88d4beccb9d9f7bb89f5e24c47828d7516ba7ca8 always
 expected the NSS version supporting TLS 1.2. It broke the build on
 the system having the NSS version that only supports TLS 1.1 (and
 older). This patch checks the NSS version and switches the supported
 TLS in ssl.c based upon the version info.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Resending...: Please review: [389 Project] #537: Improvement of range search

2013-01-09 Thread Noriko Hosoi 

(2013/01/07 15:57), Noriko Hosoi wrote:

https://fedorahosted.org/389/ticket/537

https://fedorahosted.org/389/attachment/ticket/537/0001-Ticket-537-Improvement-of-range-search.patch 



 Fix description: The index range search function index_range
 _read_ext was written to call idl_fetch_ext to get an idlist
 belonging to one key. Then add it to the main idlist as long
 as the key satisfiles the range search filter condition.
 This patch introduces a new range search function idl_new_
 range_fetch to the new idl code, which generates an idlist
 in one idl function that eliminates the redundancy such as
 generating idlist and cursor per key.

 This patch only implements the new idl version.  If idl_new
 is not set, the existing code is executed.



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #576: DNA: use event queue for config update only at the start up.

2013-02-08 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/576

https://fedorahosted.org/389/attachment/ticket/576/0001-Ticket-576-DNA-use-event-queue-for-config-update-onl.patch

 Bug description: DNA config updates were always put into the
 event queue and executed in 30 seconds, which increased a chance
 to conflict with the ordinary modify operations and cause db
 deadlocks.

 Fix description: The 30 seconds delay is necessary at the start-
 up time when MMR is configured to guarantee the shared config is
 logged in the changelog.  This patch leaves the behaviour of the
 config update at the start-up as it is; the rest won't be queued
 but updated immediately.



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #603: A logic error in str2simple

2013-02-28 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/603

https://fedorahosted.org/389/attachment/ticket/603/0001-Ticket-603-A-logic-error-in-str2simple.patch

Fix description: str2simple sets the strdup'ed type this way:

   if ( f->f_choice == LDAP_FILTER_PRESENT ) {

   f->f_type = slapi_ch_strdup( str );

   } else if ( unescape_filter ) {

   f->f_avtype = slapi_ch_strdup( str );

   } if ( !unescape_filter ) {

   f->f_avtype = slapi_ch_strdup( str );

   }

If f_choice is LDAP_FILTER_PRESENT and !unescape_filter is
true, the first strdup'ed string is leaked since f_type
and f_avtype share the same memory. But currently, str2simple
is not called with (unescape_filter == 0). Thus there is no
chance to satisfy the condition. This patch fixes the flaw.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (additinal fix): [389 Project] #47391: deleting and adding userpassword fails to update the password

2013-06-17 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/47391

https://fedorahosted.org/389/attachment/ticket/47391/0001-Ticket-47391-deleting-and-adding-userpassword-fails-.patch

 Bug description: ldapmodify with changetype "modify" is supposed
 to skip checking unhashed password in acl_check_mods.  "delete"
 and "replace" were being skipped, but not "add".

 Fix description: "add" also skips to check unhashed password.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: Ticket #47384 - Plugin library path validation

2013-07-03 Thread Noriko Hosoi 
https://fedorahosted.org/389/ticket/47384

https://fedorahosted.org/389/attachment/ticket/47384/0001-Ticket-47384-Plugin-library-path-validation.3.patch

Description: commit a4b81c0ae59a4246d2d44790efea093a62fc972c

only checks the invalid plugin path when the value is modified.
This patch adds the check when a plugin entry is added.
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #47367: ldapdelete returns non-leaf entry error while trying to remove a leaf entry

2013-07-18 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/47367

https://fedorahosted.org/389/attachment/ticket/47367/0001-Ticket-47367-phase-1-ldapdelete-returns-non-leaf-ent.2.patch
git patch file (master) - phase1: ported from 1.2.11
The difference from 1.2.11:
[urp.c]
  2) The urp calling timing was moved from SLAPI_PLUGIN_BE_TXN_PRE_* to
  SLAPI_PLUGIN_BE_PRE_*.  (Note: SLAPI_PLUGIN_BE_PRE_* is also in the
  backend transaction.)  This is necessary since urp needs to be done
  prior to parent checking.
[ldbm_add.c] Moved SLAPI_PLUGIN_BE_PRE_ADD_FN inside of the transaction.
  Other operations are already calling SLAPI_PLUGIN_BE_PRE function at the
  timing.

https://fedorahosted.org/389/attachment/ticket/47367/0002-Ticket-47367-phase-2-ldapdelete-returns-non-leaf-ent.patch
git patch file (master) - phase2
Fix description:
1) Make sure add/modify/modrdn/delete plug-in callbacks return
SLAPI_PLUGIN_SUCCESS (==0) on SUCCESS and SLAPI_PLUGIN_FAILURE
(==-1) on FAILURE.  And set error code to SLAPI_RESULT_CODE in
pblock, if any.
2) replication: eliminated multimaster_betxnpreop_* which were
used for calling urp.  Urp needs to be processed at bepreop
timing.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #47435: Very large entryusn values after enabling the USN plugin and the lastusn value is negative.

2013-07-19 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/47435

https://fedorahosted.org/389/attachment/ticket/47435/0001-Ticket-47435-Very-large-entryusn-values-after-enabli.patch

 1. Bug description: The initial value of lastusn is -1, but since
 the entryusn has the unsigned long long integer type, the server
 returns 18446744073709551615 == 0X.

 Fix description: The initial value "-1" is returned as it is.

 2. Bug description: Entryusn syntax is defined as an integer in
 the schema.  If negative values are accidentally stored in the
 entryusn value in the database, it was casted to the unsigned
 integer in the entryusn initialization code (usn_get_last_usn).

 Fix description: When an entryusn value is retrieved from the
 database, it's checked as a singed integer once and if it is
 negative, it's replaced with the initial value "-1".


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 622903] fix coverity Defect Type: Code maintainability issues

2010-08-11 Thread Noriko Hosoi 

 https://bugzilla.redhat.com/show_bug.cgi?id=622903

https://bugzilla.redhat.com/attachment.cgi?id=437967&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=437967&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=437971&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=437971&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=437988&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=437988&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=437992&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=437992&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=437996&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=437996&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438002&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438002&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438016&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438016&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438018&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438018&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438021&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438021&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438029&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438029&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438031&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438031&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438034&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438034&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438042&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438042&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438237&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438237&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=438247&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=438247&action=edit

Thanks,
--noriko



smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 629710] escape_string does not check '\'

2010-09-02 Thread Noriko Hosoi 



https://bugzilla.redhat.com/show_bug.cgi?id=629710

https://bugzilla.redhat.com/attachment.cgi?id=442728&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=442728&action=edit

Description: do_escape_string (core of escape_string) converts
'\\ (backslash)' to '\5C' even if the following 2 characters are
hex digits.  That is, the character is already escaped.  This
patch checks the case and if it is, it does not escape it further.

File: ldap/servers/slapd/util.c

Thanks,
--noriko




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 625014] SubTree Renames: ModRDN operation fails and the server hangs if the entry is moved to "under" the same DN.

2010-09-13 Thread Noriko Hosoi 



https://bugzilla.redhat.com/show_bug.cgi?id=625014

https://bugzilla.redhat.com/attachment.cgi?id=447045&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=447045&action=edit

Description: adding a check if the newsuperior is the entry itself
or its descendent.  If it is, modrdn returns LDAP_UNWILLING_TO_PERFORM.

Thanks,
--noriko




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: Only check modrdn ops for backend/suffix correctness if not the default backend

2010-09-13 Thread Noriko Hosoi 

 On 09/13/2010 03:42 PM, Rich Megginson wrote:

This fix allows the datainterop tests to pass at 100%

ack.
--noriko



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] 1.2.6-1 crash

2010-09-29 Thread Noriko Hosoi 

 On 09/29/2010 12:49 PM, Rich Megginson wrote:

Gary Morris wrote:

ah.. sorry.. ok.. just retried with 1.2.6.1-1.. /

[r...@dalp-ct02 logs]# rpm -qa | grep 389
389-dsgw-1.1.5-1.fc13.x86_64
389-admin-console-1.1.5-1.fc13.noarch
389-admin-1.1.11-1.fc13.x86_64
389-ds-base-1.2.6.1-1.fc13.x86_64
389-ds-console-1.2.3-1.fc13.noarch
389-admin-console-doc-1.1.5-1.fc13.noarch
389-console-1.1.4-1.fc13.noarch
389-adminutil-1.1.9-1.fc13.x86_64
389-ds-console-doc-1.2.3-1.fc13.noarch
389-ds-1.2.1-1.fc13.noarch

I got some gdb output. I tried 5 times and got 3 distinct functions..
the output in order is below:

So 1.2.6.1 is still crashing :-(
in gdb, do this:
thread apply all bt
and post the output here

Before running the crash test, could you install 389-ds-base-debuginfo?

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f81897fb710 (LWP 5328)]
0x7f81adc5be28 in attrlist_delete () from
/usr/lib64/dirsrv/libslapd.so.0
(gdb)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f4012dea710 (LWP 6263)]
0x7f40432ca01c in attrlist_find_or_create_locking_optional () from
/usr/lib64/dirsrv/libslapd.so.0
(gdb)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fe3b03f9710 (LWP 6778)]
0x7fe3d6f3aea1 in valuearray_add_valuearray_fast () from
/usr/lib64/dirsrv/libslapd.so.0
(gdb)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f5c31bf5710 (LWP 7275)]
0x7f5c59549ea1 in valuearray_add_valuearray_fast () from
/usr/lib64/dirsrv/libslapd.so.0
(gdb)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ff0485e6710 (LWP 7556)]
0x7ff079a4e01c in attrlist_find_or_create_locking_optional () from
/usr/lib64/dirsrv/libslapd.so.0

I'm happy to assist in any way I can to resolve.

much thanks!
-gary

On Wed, Sep 29, 2010 at 10:14 AM, Rich Megginsonmailto:rmegg...@redhat.com>>  wrote:

 Gary Morris wrote:
 >
 >  ok.. it pulled 389-ds-base-1.2.6-2.fc13.x86_64.. is that ok or do i
 >  need to be on 1.2.6-1?  On 1.2.6-2 I'm having the same problem.  As
 >  soon as I start an application that is ldap intensive, the directory
 >  server crashes real quick.  No errors of any sort reported.
 No, it should be 1.2.6.1-1, not 1.2.6-1, not 1.2.6-2.
 Looks like 1.2.6.1-1 is not yet in the mirrors, so if you want to
 try it
 in the meantime, you'll have to install it directly from koji:
 http://koji.fedoraproject.org/koji/buildinfo?buildID=196612
 >
 >  On Tue, Sep 28, 2010 at 11:16 PM, Rich Megginson
 mailto:rmegg...@redhat.com>
 >  >>  wrote:
 >
 >  Gary Morris wrote:
 >  >  Hi guys.. i'm running 389-ds-base-1.2.6-1.fc13.x86_64 and
 the server
 >  >  is crashing repeatedly, mostly under load.  There are
 about 390,000
 >  >  ldap entries in the database. I tried installing on a
 couple of
 >  >  different servers (Fedora 13) with the same problem.  The
 >  problem does
 >  >  not seem to be happening on 1.2.6-0.1.  I would be happy
 to send you
 >  >  more details on what is causing the crash if I could
 figure out
 >  how to
 >  >  do that.  When I put any load on the server, it crashes,
 and often
 >  >  crashes before it can even fully start.  It does not seem
 to crash
 >  >  when I turn on the heavy debugging, but then again,
 performance is
 >  >  very slow on full debug.  If anyone has some suggestions
 on what
 >  I can
 >  >  do to give more information, i'd be happy to.
 >  There were a couple of crashing bugs that have been fixed in
 >  1.2.6.1-1 -
 >  now available in the Testing repos.  Please try to install
 >  389-ds-base-1.2.6.1-1 from the updates-testing repo and see
 if that
 >  fixes your problem.
 >  >
 >  >  -gary
 >  >
 >
 
 >  >
 >  >  --
 >  >  389-devel mailing list
 >  >  389-de...@lists.fedoraproject.org
 
 >  >
 >  >  https://admin.fedoraproject.org/mailman/listinfo/389-devel
 >
 >  --
 >  389-devel mailing list
 >  389-de...@lists.fedoraproject.org
 
 >  >
 >  https://admin.fedoraproject.org/mailman/listinfo/389-devel
 >
 >
 >
 
 >
 >  --
 >  389-devel mailing list
 >  389-de...@lists.fedoraproject.org

Re: [389-devel] 1.2.6-1 crash

2010-09-29 Thread Noriko Hosoi 
 Could you do "thread apply all bt", once you see this Segmentation 
fault message?


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fe4a23e9710 (LWP 9557)]
0x7fe4d1fc601c in attrlist_find_or_create_locking_optional () from 
/usr/lib64/dirsrv/libslapd.so.0

(gdb) thread apply all bt


On 09/29/2010 01:29 PM, Gary Morris wrote:

sure.. i'll do that and rerun them..

On Wed, Sep 29, 2010 at 4:25 PM, Noriko Hosoi <mailto:nho...@redhat.com>> wrote:


 On 09/29/2010 12:49 PM, Rich Megginson wrote:

Gary Morris wrote:

ah.. sorry.. ok.. just retried with 1.2.6.1-1.. /

[r...@dalp-ct02 logs]# rpm -qa | grep 389
389-dsgw-1.1.5-1.fc13.x86_64
389-admin-console-1.1.5-1.fc13.noarch
389-admin-1.1.11-1.fc13.x86_64
389-ds-base-1.2.6.1-1.fc13.x86_64
389-ds-console-1.2.3-1.fc13.noarch
389-admin-console-doc-1.1.5-1.fc13.noarch
389-console-1.1.4-1.fc13.noarch
389-adminutil-1.1.9-1.fc13.x86_64
389-ds-console-doc-1.2.3-1.fc13.noarch
389-ds-1.2.1-1.fc13.noarch

I got some gdb output. I tried 5 times and got 3 distinct
functions..
the output in order is below:

So 1.2.6.1 is still crashing :-(
in gdb, do this:
thread apply all bt
and post the output here

Before running the crash test, could you install
389-ds-base-debuginfo?

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f81897fb710 (LWP 5328)]
0x7f81adc5be28 in attrlist_delete () from
/usr/lib64/dirsrv/libslapd.so.0
(gdb)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f4012dea710 (LWP 6263)]
0x7f40432ca01c in
attrlist_find_or_create_locking_optional () from
/usr/lib64/dirsrv/libslapd.so.0
(gdb)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fe3b03f9710 (LWP 6778)]
0x7fe3d6f3aea1 in valuearray_add_valuearray_fast () from
/usr/lib64/dirsrv/libslapd.so.0
(gdb)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f5c31bf5710 (LWP 7275)]
0x7f5c59549ea1 in valuearray_add_valuearray_fast () from
/usr/lib64/dirsrv/libslapd.so.0
(gdb)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ff0485e6710 (LWP 7556)]
0x7ff079a4e01c in
attrlist_find_or_create_locking_optional () from
/usr/lib64/dirsrv/libslapd.so.0

I'm happy to assist in any way I can to resolve.

much thanks!
-gary

On Wed, Sep 29, 2010 at 10:14 AM, Rich
Megginsonmailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>>
 wrote:

Gary Morris wrote:
>
>  ok.. it pulled 389-ds-base-1.2.6-2.fc13.x86_64.. is
that ok or do i
>  need to be on 1.2.6-1?  On 1.2.6-2 I'm having the same
problem.  As
>  soon as I start an application that is ldap intensive,
the directory
>  server crashes real quick.  No errors of any sort reported.
No, it should be 1.2.6.1-1, not 1.2.6-1, not 1.2.6-2.
Looks like 1.2.6.1-1 is not yet in the mirrors, so if
you want to
try it
in the meantime, you'll have to install it directly
from koji:
http://koji.fedoraproject.org/koji/buildinfo?buildID=196612
>
>  On Tue, Sep 28, 2010 at 11:16 PM, Rich Megginson
mailto:rmegg...@redhat.com><mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>
> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com><mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>  wrote:
>
>  Gary Morris wrote:
> >  Hi guys.. i'm running 389-ds-base-1.2.6-1.fc13.x86_64 and
the server
> >  is crashing repeatedly, mostly under load.  There are
about 390,000
> >  ldap entries in the database. I tried installing on a
couple of
> >  different servers (Fedora 13) with the same problem.  The
>  problem does
> >  not seem to be happening on 1.2.6-0.1.  I would be happy
to send you
> >  more details on what is causing

[389-devel] Please review (take 2): [Bug 602456] Allow to add any cn=config attributes; allow to delete some cn=config attributes

2010-10-13 Thread Noriko Hosoi 

 https://bugzilla.redhat.com/show_bug.cgi?id=602456

https://bugzilla.redhat.com/attachment.cgi?id=453261&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=453261&action=edit

Thanks to Nathan for his review on the first proposal.  I'm adding this 
change following Rich's suggestion.


Following the suggestion by Rich, adding "nsslapd-securelistenhost" to the
default nsslapd-allowed-to-delete-attrs list.

diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 6b58dde..a7cc1bc 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -1013,6 +1013,8 @@ FrontendConfig_init () {
   cfg->entryusn_global = LDAP_OFF;
   slapi_ch_array_add(&(cfg->allowed_to_delete_attrs),
  slapi_ch_strdup("nsslapd-listenhost"));
+  slapi_ch_array_add(&(cfg->allowed_to_delete_attrs),
+ slapi_ch_strdup("nsslapd-securelistenhost"));

 #ifdef MEMPOOL_EXPERIMENTAL
   cfg->mempool_switch = LDAP_ON;



Description:
1. Originally, configuration attributes are designed not to allow
adding or deleting, but to allow just replacing.  Due to a defect
in checking the add operation, adding (LDAP_MOD_ADD) is not rejected.
Instead of fixing the add checking to disallow adding, this patch
logs the operation in the error log.
2. On the other hand, deleting configuration attributes is rejected
by LDAP_UNWILLING_TO_PERFORM.  We have a request that some attributes
need to allow to delete.  This patch introduces a config attribute
nsslapd-allowed-to-delete-attrs, which value is configuration
attributes separated by a space ' '.  If an attribute is in the list,
the attribute is allowed to delete.  The delete operation is also
logged in the error log.
By default, the list contains "nsslapd-listenhost" and 
"nsslapd-securelistenhost".



Files:
 ldap/servers/slapd/configdse.c
 ldap/servers/slapd/libglobs.c
 ldap/servers/slapd/proto-slap.h
 ldap/servers/slapd/slap.h


Thanks,
--noriko


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 244229] targetattr not verified against schema when setting an aci

2010-10-14 Thread Noriko Hosoi 


https://bugzilla.redhat.com/show_bug.cgi?id=244229

https://bugzilla.redhat.com/attachment.cgi?id=453598&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=453598&action=edi

Description:
1. When acl contains targetattr keyword:
(targetattr [!]= "attribute_1 || attribute_2 ...|| attribute_n"),
where attribute_n does not contain '*', the current ACL plugin
accepts any attribute_n value even if it is not defined in the
schema.  This patch rejects the aci if it contains attribute_n
not defined in schema with this error message:
  NSACLPlugin - targetattr "attribute_n" does not exist in schema.
  Please add attributeTypes "attribute_n" to schema if necessary.
2. To implement 1, slapi APIs slapi_attr_syntax_exists and
slapi_vattr_type_exists are added.
3. An attributeTypes "connection" is added to 01core389.ldif which
is referred in an aci of cn=monitor.

Files:
  ldap/schema/01core389.ldif
  ldap/servers/plugins/acl/aclparse.c
  ldap/servers/slapd/attrsyntax.c
  ldap/servers/slapd/slapi-plugin.h
  ldap/servers/slapd/vattr.c

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2): [Bug 244229] targetattr not verified against schema when setting an aci

2010-10-15 Thread Noriko Hosoi 

 https://bugzilla.redhat.com/show_bug.cgi?id=244229

https://bugzilla.redhat.com/attachment.cgi?id=453769&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=453769&action=edit

Following the comments by Rich, revised the proposal so that:
1) the error message is sent to the client, as well.
2) removed the useless virtual attribute type name checking.

Thanks,
--noriko



smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 567282] server can not abandon searchRequest of "simple paged results"

2010-11-03 Thread Noriko Hosoi 


https://bugzilla.redhat.com/show_bug.cgi?id=567282

https://bugzilla.redhat.com/attachment.cgi?id=457550&action=edit
https://bugzilla.redhat.com/attachment.cgi?id=457550&action=diff

Description: Simple Paged Results search keeps the connection
per paging, but not an operation.  When an abandon request is
issued, the operation referred by the request has already finished.
This patch introduces pagedresults_cleanup function to check
whether the connection is for the simple paged results or not, and
if it is, the simple paged results is cleaned up.  If it is not,
pagedresults_cleanup does nothing.  The function is called from
do_abandon as well as from connection_cleanup.

Files:
  ldap/servers/slapd/abandon.c
  ldap/servers/slapd/connection.c
  ldap/servers/slapd/opshared.c
  ldap/servers/slapd/pagedresults.c
  ldap/servers/slapd/proto-slap.h

Thanks,
--noriko

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 651571] When attrcrypt is on, entrydn is stored in the backend db

2010-11-09 Thread Noriko Hosoi 
  https://bugzilla.redhat.com/show_bug.cgi?id=651571

https://bugzilla.redhat.com/attachment.cgi?id=459236&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=459236&action=edit

Description: If an entry contains a to-be-encrypted attribute,
id2entry_add_ext handles a copy of the entry in which the attribute
is encrypted, then the copy is being stored in the backend db.
On the other hand, an entrydn attribute is supposed to remove from
the entry before storing the entry in the db.  There was a bug
there: the removal was done on the original entry, but not on the
encrypted copy.  This patch correctly removes the entrydn attribute
from the encrypted entry to be stored in the db.

Thanks,
--noriko
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #260: 389 DS does not support multiple paging controls on a single connection

2012-02-28 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/260

https://fedorahosted.org/389/attachment/ticket/260/0001-Trac-Ticket-260-389-DS-does-not-support-multiple.patch

 Fix description:
 1. "Connection" object holds the paged results related values.
Now they are packaged in one PagedResults object.  And the
array of PagedResults with its length and used count are
placed in PagedResultList, which is stashed in Connection
(slap.h).
 2. The pagedresults APIs are extended to take the index of Paged-
Results array.  The index is set to the cookie in the Paged-
Results control before returning it to the client.  When a
client sends a paged results request, the cookie field in the
first request control is supposed to be empty.  The result
control is returned with the search results.  The result
control stores the index in the cookie and the client sets
it to the following request control to get the next pages.
When the paged search is done, empty cookie is returned.
 3. The array grows if multiple simple paged results requests
over a single connection come in.  The array does not get
released every time, but it is when the server is shutdown.
 4. Simple paged results connection is timed out when it exeeds
the timelimit.  If multiple requests are served, it won't
be disconnected until all the requests are timed out.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: coverity 12563 Read from pointer after free

2012-03-06 Thread Noriko Hosoi 

Rich Megginson wrote:





--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

ack.
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #303: make DNA range requests work with transactions

2012-03-13 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/303

https://fedorahosted.org/389/attachment/ticket/303/0001-Trac-Ticket-303-make-DNA-range-requests-work-with-tr.patch

 Fix Description:
 1. pre_op: Adding missing dnatypes (e.g., uidNumber) should be done
in the pre op phase (outside of the transaction) to satisfy the
schema checking. To avoid calling the internal search for modify,
set the target entry before calling pre op plugin in op_shared_
modify (modify.c).
Also, if the operation is a replication op, the pre_op is skipped.
 2. post_op: Moving dna_config_check_post_op to BE_TXN_POST_OP.
If it is an internal operation, the dna post op is being skipped
to avoid self re-entrant deadlock.
 3. Fixed memory leaks on DNA_NEEDS_UPDATE and an uninitialized
variable access.



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: coverity 12606 Logically dead code

2012-03-15 Thread Noriko Hosoi 
The previous fix (commit 325abca7135d06225adf5380d726de60dacda5a4)
for "Ticket #303 - make DNA range requests work with transactions"
introduced this dead code. Since dna_pre_op does not allocate
an entry "e", there is no need to check the flag "free_entry" and
free it.
>From 4e0c70fd1a52d4bc943613bc496751fab2e390c0 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi 
Date: Thu, 15 Mar 2012 09:17:33 -0700
Subject: [PATCH] coverity 12606 Logically dead code

The previous fix (commit 325abca7135d06225adf5380d726de60dacda5a4)
for "Ticket #303 - make DNA range requests work with transactions"
introduced this dead code.  Since dna_pre_op does not allocate
an entry "e", there is no need to check the flag "free_entry" and
free it.
---
 ldap/servers/plugins/dna/dna.c |4 
 1 files changed, 0 insertions(+), 4 deletions(-)

diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index c744e0a..ce2486e 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -3214,7 +3214,6 @@ dna_pre_op(Slapi_PBlock * pb, int modtype)
 char *dn = NULL;
 Slapi_Mods *smods = NULL;
 LDAPMod **mods;
-int free_entry = 0;
 int ret = 0;
 
 slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
@@ -3308,9 +3307,6 @@ dna_pre_op(Slapi_PBlock * pb, int modtype)
 slapi_mods_free(&smods);
 }
 bail:
-if (free_entry && e)
-slapi_entry_free(e);
-
 if (resulting_e)
 slapi_entry_free(resulting_e);
 
-- 
1.7.7.6

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: schema def must have DESC '' - close paren must be preceded by space

2012-03-30 Thread Noriko Hosoi 

Rich Megginson wrote:




--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

ack.
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #19: Convert entryUSN plugin to transaction aware type

2012-04-23 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/19

https://fedorahosted.org/389/attachment/ticket/19/0001-Trac-Ticket-19-Convert-entryUSN-plugin-to-transactio.patch

 Fix description:
 * Separated usn_bepreop operations from usn_betxnpreop operations.
   usn_bepreop_modify and _modrdn add "entryusn: #" to the mods,
   which should be handled before the transaction starts.
 * Introduced SLAPI_PLUGIN_BE_TXN_PRE_DELETE_TOMBSTONE_FN plugin
   hook to modify the tombstone entry at the betxn timing.
 * Eliminated preventryusn (SLAPI_ATTR_ENTRYUSN_PREV). It was used
   to undo the incremented entryusn when the deletion fails.
   Since the operation is now executed in the transaction and it
   is aborted if the operation fails, the explicit undo is not
   needed in the usn postop.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2'): [389 Project] #359: Database RUV could mismatch the one in changelog under the stress

2012-05-09 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/359

 Please review these 2 patches:
  
https://fedorahosted.org/389/attachment/ticket/359/0001-Trac-Ticket-359-Database-RUV-could-mismatch-the-one.2.patch
 (389-ds-base-1.2.10)

  
https://fedorahosted.org/389/attachment/ticket/359/0001-Trac-Ticket-359-Database-RUV-could-mismatch-the-one.3.patch
 (master)

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: coverity - mbo dead code - winsync leaks, deadcode, null check, test code

2012-08-21 Thread Noriko Hosoi 

Rich Megginson wrote:





--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

ack.
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2): [389 Project] #351: use betxn plugins by default

2012-09-05 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/351

https://fedorahosted.org/389/attachment/ticket/351/0001-Trac-Ticket-351-use-betxn-plugins-by-default.2.patch

Fix description:
 In addition to the fixes following the Rich's suggestions (comment 11),
 the take 2 patch contains ...
 . to register cos_post_op are POSTOP only to avoid the deadlock between
 the transaction and cos change_lock.
 . to move transaction begin before "finding" an backend entry in
 ldbm_back_add/delete/modify/modrdn to avoid the deadlock between the
 serial lock and the individual entry cache lock.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2): [389 Project] #453: db2index with -tattrname:type, type fails

2012-10-03 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/453

https://fedorahosted.org/389/attachment/ticket/453/0001-Trac-Ticket-453-db2index-with-tattrname-type-type-fa.patch

Fix Description:
1) db2index and db2index.pl did not handle options with no space
between the option type and the value. This patch properly parses
them.
2) db2index_add_indexed_attr now converts the comma delimited list
of index types into multiple values for the nsIndexType attribute.
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: add skin support to admin server

2011-06-16 Thread Noriko Hosoi 

On 06/16/2011 11:28 AM, Rich Megginson wrote:




--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Looks good to me.  ACK.
--noriko
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 719069] clean up compiler warnings in 389-ds-base 1.2.9

2011-07-05 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=719069

https://bugzilla.redhat.com/attachment.cgi?id=511349&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=511349&action=edit

Thanks,
--noriko

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: make sure the DBVERSION file ends in a newline

2011-08-10 Thread Noriko Hosoi 

ack.  Thanks, Rich!!
--noriko

Rich Megginson wrote:



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: Introducing an environment variable USE_VALGRIND to clean up the entry cache and dn cache on exit.

2011-08-31 Thread Noriko Hosoi 
Description: If any string is set to an environment variable USE_VALGRIND,
when running a memory leak checking tool (e.g., valgrind),
it reduces the noise generated by the entry cache and dn cache.

Sample valgrind outputs from the same operations.
1. with USE_VALGRIND
==16525== LEAK SUMMARY:
==16525== definitely lost: 5,102 bytes in 155 blocks
==16525== indirectly lost: 24,655 bytes in 950 blocks
==16525== possibly lost: *13,294* bytes in 433 blocks
==16525== still reachable: 2,209,801 bytes in 17,937 blocks
==16525== suppressed: 0 bytes in 0 blocks
==16525== Reachable blocks (those to which a pointer was found) are not
shown.
==16525== To see them, rerun with: --leak-check=full --show-reachable=yes

2. no USE_VALGRIND
==25738== LEAK SUMMARY:
==25738== definitely lost: 5,102 bytes in 155 blocks
==25738== indirectly lost: 24,655 bytes in 950 blocks
==25738== possibly lost: *23,862,444* bytes in 863,885 blocks
==25738== still reachable: 3,093,988 bytes in 41,603 blocks
==25738== suppressed: 0 bytes in 0 blocks
==25738== Reachable blocks (those to which a pointer was found) are not
shown.
==25738== To see them, rerun with: --leak-check=full --show-reachable=yes

Thanks,
--noriko
From 40ac246939d8e7bf8138c85ea00f30beece094d5 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi 
Date: Wed, 31 Aug 2011 11:09:42 -0700
Subject: [PATCH] Introducing an environment variable USE_VALGRIND to clean up
 the entry cache and dn cache on exit.

---
 ldap/servers/slapd/back-ldbm/dblayer.c |   23 +--
 1 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c 
b/ldap/servers/slapd/back-ldbm/dblayer.c
index b3931a4..b158311 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -2589,16 +2589,19 @@ int dblayer_instance_close(backend *be)
 if (NULL == inst)
 return -1;
 
-#if defined(_USE_VALGRIND)
-/* When running a memory leak checking tool (e.g., valgrind),
-   it reduces the noise by enabling this code. */
-LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s: Cleaning up entry cache\n",
-  inst->inst_name);
-cache_clear(&inst->inst_cache, CACHE_TYPE_ENTRY);
-LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s: Cleaning up dn cache\n",
-  inst->inst_name);
-cache_clear(&inst->inst_dncache, CACHE_TYPE_DN);
-#endif
+if (getenv("USE_VALGRIND")) {
+/* 
+ * if any string is set to an environment variable USE_VALGRIND,
+ * when running a memory leak checking tool (e.g., valgrind),
+ * it reduces the noise by enabling this code.
+ */
+LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s: Cleaning up entry cache\n",
+  inst->inst_name);
+cache_clear(&inst->inst_cache, CACHE_TYPE_ENTRY);
+LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s: Cleaning up dn cache\n",
+  inst->inst_name);
+cache_clear(&inst->inst_dncache, CACHE_TYPE_DN);
+}
 
 if (attrcrypt_cleanup_private(inst)) {
 LDAPDebug(LDAP_DEBUG_ANY,
-- 
1.7.4.4

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 182507] clear-password mod from replica is discarded before changelogged

2010-12-07 Thread Noriko Hosoi 


https://bugzilla.redhat.com/show_bug.cgi?id=182507

https://bugzilla.redhat.com/attachment.cgi?id=467113&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=467113&action=edit

Description:
Replication drops unhashed passwords which is necessary for
the AD password sync.  This patch allows the passwords replicated
and introduces a method to encrypt logs in the changelog.

See also http://directory.fedoraproject.org/wiki/Changelog_Encryption

Thanks,
--noriko

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: [Bug 182507] clear-password mod from replica is discarded before changelogged

2010-12-14 Thread Noriko Hosoi 
  Hi Andrey,

Andrey Ivanov wrote:
> Hi Noriko,
>
> i've read the changelog encryption design document. Indeed, it's a
> sound idea to make AD-389 replication more robust. I have two
> questions about it:
>
> * if i understand correctly you say that the server needs a
> certificate in order to generate the symmetric key. Is this key
> generated only once?
That is correct.  If a wrapped symmetric key is not found in 
cn=changelog5,cn=config, the key is generated.
> I mean, if we change the expired server
> certificate it won't trigger the symmetric key regeneration?
That's tricky.  If your changelog DB contains 2 sets of encrypted value 
-- one is encrypted with the expired cert, the other with the new cert, 
it'd be hard to recover old ones.  Automation makes it happen easier...
> * The replication changelog that contains the mixed entries
> (cleartext, encrypted 3DES, encrypted AES etc) - is it still readable
> by the server?
I don't think so.  We should avoid it, too.
> Does each changelog entry contain a flag that describes
> whether the entry is cleartext/AES/3DES? Can the server "detect" in
> any other way whether the changelog entry is encrypted and if yes with
> what type of cypher?
The answer is no.  Each value has no info about the type -- 
cleartext/AES/3DES.

Thanks for the questions, Andrey!
--noriko

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 616850] ldapmodify failed to reject the replace operation if its targeted for an Unknown attribute

2011-01-19 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=616850

https://bugzilla.redhat.com/attachment.cgi?id=474335&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=474335&action=edit

Description: Attempting to modify an unknown attribute in the
config entry fails with LDAP_UNWILLING_TO_PERFORM, while starting
up just ignores unknown attributes and the server successfully
starts.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (admin server): [Bug 616260] libds-admin-serv linking fails due to unresolved link-time dependencies

2011-02-04 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=616260

https://bugzilla.redhat.com/attachment.cgi?id=476923&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=476923&action=edit

Description:
1) Do not use nodist_property_DATA for ICU resource files, but
use BUILT_SOURCES to keep them just in the built source area
and directly copy them to the install location using the
script defined in install-data-hook.
2) Added macros ADMINUTIL_LINK, NSPR_LINK, NSS_LINK, SASL_LINK
and ICU_LINK, and let DEFAULT_LIBS_NOCGI and libds_admin_
serv_la_LIBADD use them.  ADMINUTIL_LINK now contains
adminutil, NSS, NSPR, SASL, LDAPSDK/OPENLDAP, ICU in the
library search path.

Note: the patch is big, but only Makefile.am needs to be reviewed.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 675265] preventryusn gets added to entries on a failed delete

2011-02-07 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=675265

https://bugzilla.redhat.com/attachment.cgi?id=477486&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=477486&action=edit

Description: When an entry is deleted with Entry USN plugin enabled,
an operational attribute preventryusn is added to handle indexes and
entryusn tombstone.  The attribute must have been added only when
the delete was successful, but it was added regardless of the result
from the operation.  This patch checks the delete result in the
newly added entryusn delete bepost plugin (usn_bepostop_delete).
If it is not successful, the bepost plugin cleans up the attribute.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 3) Admin Server: [Bug 245278] Changing to a password with a single quote does not work

2011-02-12 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=245278

https://bugzilla.redhat.com/attachment.cgi?id=478422&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=478422&action=edit

Thanks to Rich for his comments.  Instead of doing the in-place escape, changed
to duplicate the given password and work on the copy.

Description: When the Admin User password is changed on the Admin
Console, the console escapes the password then sends it to the
Admin Server.  This patch adds the apache API ap_unescape_url to
mod_admserv to unescape the password before handling it.  Since
ap_unescape_url does the unescape in place, it duplicates the
given password and escapes on the duplicated memory.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 668909] Can't modify replication agreement in some cases

2011-03-11 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=668909

https://bugzilla.redhat.com/attachment.cgi?id=483808&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=483808&action=edit

Description: Code to modify nsds5ReplicaPort in replication agreement
was not implemented.  This patch adds it.

When an agreement change is detected in conn_connect, it resets
the values needed to make a connection including the port number.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 684996] Exported tombstone cannot be imported correctly.

2011-03-17 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=684996

https://bugzilla.redhat.com/attachment.cgi?id=486083&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=486083&action=edit

Description: When nsslapd-subtree-rename-switch is on,
a tombstone entry has a special RDN which looks like this:
   nsuniqueid=042d8081-...-ca8fe9f7,
This special format was not treated properly.

This patch adds the code to handle the special tombstone
RDN, where an internal entry has the above RDN and points
the correct parent entry.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 689866] ns-newpwpolicy.pl needs to use the new DN format

2011-03-22 Thread Noriko Hosoi 

https://bugzilla.redhat.com/show_bug.cgi?id=689866

https://bugzilla.redhat.com/attachment.cgi?id=486852&action=diff  

https://bugzilla.redhat.com/attachment.cgi?id=486852&action=edit  


Description:  template-ns-newpwpolicy.pl.in hasn't been modified
to adjust to the new DN format.  It escapes only ',' in the nested
DN, in which '=' also needs to be escaped.  This patch fixed it.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: Allow modrdn to move subtree and rename non-leaf node

2010-01-12 Thread Noriko Hosoi 

 Allow modrdn to move subtree and rename non-leaf node

This patch includes
- replacing the entrydn index with the entryrdn index
- replacing a full DN in each entry in the DB with an RDN
- extending Slapi_Entry, entry2str, and str2entry to absorb the 
changes made on the entry

- adding DN/RDN helper functions
- adding DN cache
- adding a utility and a migration script to convert the DN format 
database to the RDN format

- extending a database dump utility dbscan to support the entryrdn

In addition to the above, compile warnings and memory leaks found 
in testing the new feature are fixed.


For more details, see the feature design document at:

   http://directory.fedoraproject.org/wiki/Subtree_Rename

The patch is too big to attach to the email.  It is located here:

http://nhosoi.fedorapeople.org/0001-Allow-modrdn-to-move-subtree-and-rename-non-leaf-nod.patch

Thanks,
--noriko



smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 557224] subtree rename breaks the referential integrity plug-in

2010-01-26 Thread Noriko Hosoi 

https://bugzilla.redhat.com/show_bug.cgi?id=557224

Description of problem:
Analysis by andrey.iva...@polytechnique.fr

 I'm pretty sure the referential integrity plug-in will not work for
 modrdn operations with a new superior. Looking more thoroughly through
 the code ( ldap / servers / plugins / referint / referint.c) confirms
 my suspicion that new rdn superior is not taken into account. The
 function  referint_postop_modrdn extracts from the parameter block
 only SLAPI_MODRDN_TARGET and SLAPI_MODRDN_NEWRDN, it does not extract
 SLAPI_MODRDN_NEWSUPERIOR neither passes it further down the utility
 functions - update_integrity(argv, dn, newrdn, logChanges) and
 writeintegritylog(argv[1],dn, newrdn). The same applies to the delayed
 referint operations (the plug-in writes to the special integrity log
 file only the old DN and the new RDN, but never the new superior :
 writeintegritylog(argv[1],dn, newrdn);)


Another thought on the subject of referential integrity plug-in - in
the previous mail i have only mentioned one-entry renames with a new
superior. The things get even worse when we rename a whole non-empty
sub-tree. It means that the referential integrity plug-in should
change to the new DNs all the references to all the entries of the
whole sub-tree, not only for one entry.

And what if we rename a sub-tree containing both the referenced entry
and the entry referencing the first one's DN in one of its "integrity"
attributes? It actually means that we need at first make the rename
and then all the searches and replacements. Though it seems it's
already the case as it's a post-op(?) plug-in...

Fix Description: The referential integrity plugin has not supported
the subtree rename (modrdn with newsuperior).  This patch is adding
the support.

Created an attachment (id=386896)  

git patch for ldap/servers/plugins/referint/referint.c


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (revised): [Bug 560827] Admin Server templates: DistinguishName validation fails

2010-02-03 Thread Noriko Hosoi 
Thanks to Rich and Nathan for their comments and even debugging my code 
:).  I revised the proposal based upon their suggestions.


Summary: Admin Server templates: DistinguishName validation fails

https://bugzilla.redhat.com/show_bug.cgi?id=560827

Description of problem:
Some template file contains double quotes in the DN string, which
are not escaped.

Sample broken entry in 01nsroot.ldif.tmpl
dn: ou="uid=%as_uid%, ou=Administrators, ou=TopologyManagement,
o=NetscapeRoot",ou=UserPreferences, ou=%domain%, o=NetscapeRoot
objectClass: top
objectClass: organizationalUnit
aci: (targetattr=*)(version 3.0; acl "UserDNControl"; allow (all)
userdnattr="creatorsname";)
ou: uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot

Related bug:
https://bugzilla.redhat.com/show_bug.cgi?id=77
77 -  Syntax validation fails for "ou=NetscapeRoot" tree

[Proposed fix (ldapserver)]
 -->  (https://bugzilla.redhat.com/attachment.cgi?id=388648)
git patch file (ldapserver)

Description: adding a perl subroutine dnEscape to escape special
characters and eliminate spaces around ',', which is to make
the given dn compliant with RFC4514.

[Proposed fix (adminserver)]
 -->  (https://bugzilla.redhat.com/attachment.cgi?id=388650)
git patch file (adminserver)

Description:
admserv/newinst/src/dirserver.map.in
   /register_param.map.in
 --- added escapedrootdn key, which is an escaped rootdn compliant
 with RFC4514
admserv/schema/ldif/*.tmpl
 --- removed unescaped '"' from dn strings, which violates RFC4514.
 escaped special characters ('=' and ',') which used to be a
 value surrounded in the double quotes '"'.
 removed spaces around ','




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 527848] make sure db upgrade to 4.7 and later works correctly

2010-02-18 Thread Noriko Hosoi 

https://bugzilla.redhat.com/show_bug.cgi?id=527848

Subject: make sure db upgrade to 4.7 and later works correctly

Proposed Fix:
https://bugzilla.redhat.com/attachment.cgi?id=395003&action=diff

Change Description:
https://bugzilla.redhat.com/attachment.cgi?id=395003&action=edit

Thanks,
--noriko




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: fix various memory leaks

2010-03-04 Thread Noriko Hosoi 

On 03/04/2010 01:03 PM, Rich Megginson wrote:

Fixes for various memory leaks found during testing.



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

ack.  (Thanks, Rich!!)
--noriko


smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2): [Bug 570667] MMR: simultaneous total updates on the masters cause deadlock and data loss

2010-03-05 Thread Noriko Hosoi 

Subject: MMR: simultaneous total updates on the masters cause deadlock and data 
loss

https://bugzilla.redhat.com/show_bug.cgi?id=570667

[Revised proposal]
 -->  (https://bugzilla.redhat.com/attachment.cgi?id=398089)
git patch file

I revised the previous patch to allow sending simultaneous total updates
against other replicas.  I think it's no need to disallow it.

Thank you!
--noriko



Description: In the MMR topology, if a master receives a total
update request to initialize the other master and being initialized
by the other master at the same time, the 2 replication threads hang
and the replicated backend instance could be wiped out.

To prevent the server running the total update supplier and the
consumer at the same time, REPLICA_TOTAL_EXCLUSIVE bit has
been introduced and set to the replica state flag by the either
operation.  Once the bit is detected, the other operation fails with
the error.

Files:
 ldap/servers/plugins/replication/repl5.h
 ldap/servers/plugins/replication/repl5_protocol.c
 ldap/servers/plugins/replication/repl_extop.c


[Fix proposal]
 -->  (https://bugzilla.redhat.com/attachment.cgi?id=397962)
git patch file



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: cleanup build warnings

2010-03-05 Thread Noriko Hosoi 

On 03/05/2010 02:56 PM, Rich Megginson wrote:



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

ack.
--noriko


smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 199923] subtree search fails to find items under a db containing special characters

2010-03-08 Thread Noriko Hosoi 
Subject: subtree search fails to find items under a db containing 
special characters


https://bugzilla.redhat.com/show_bug.cgi?id=199923

This bug had been reopened due to the regression.

[Proposed Fix]
https://bugzilla.redhat.com/attachment.cgi?id=398612&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=398612&action=edit

Files:
  ldap/servers/plugins/syntaxes/validate.c
  ldap/servers/slapd/dn.c

Problem Description:
A simple failed case observed before applying the patch:
$ /usr/lib64/mozldap/ldapmodify -p 10389 -D 'cn=directory manager' -w pw<<  EOF
dn: ou=\#\<,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: \#\<
EOF
ldap_add: Invalid DN syntax
ldap_add: additional info: DN value invalid per syntax

Fix Description:
dn.c: Based upon RFC 4514, '#', '+', ';', '<','>', and '=' need to be escaped
in addition to '\\' and '"' if it appears in the DN string.
validate.c: Using the above example, if an escaped character (\<) followed by
an escaped character (\#), the pointer was moved twice skipping '\' before '<'
and it makes the validation fail.

==
Breakpoint 2, rdn_validate (
begin=0x7fd090001ed0 "ou=\\#\\<,dc=example,dc=com",
end=0x7fd090001ee8 "m", last=0x7fd0a9bedac0)
at ldap/servers/plugins/syntaxes/validate.c:430
430int rc = 0; /* Assume RDN is valid */
(gdb) p p
$35 = 0x7fd090001ed3 "\\#\\<,dc=example,dc=com"
(gdb) p end
$36 = 0x7fd090001ee8 "m"
(gdb) p *p
$37 = 92 '\\'
(gdb) n
472if (numericform) {
(gdb) n
498if (IS_UTF1(*p)&&  !IS_ESC(*p)&&  !IS_LUTF1(*p)) {
(gdb) n
507if (numericform) {
(gdb) n
517if (IS_UTF1(*p)) {
(gdb) n
520if ((p == end)&&  !IS_TUTF1(*p)) {
(gdb) n
524} else if (IS_ESC(*p)) {
(gdb) n
528p++;<== *p is '#'
(gdb) n
529if (!IS_ESC(*p)&&  !IS_SPECIAL(*p)) {
(gdb) n
538p++;<== move the pointer to the next char '\\'
(gdb) p *p
$40 = 92 '\\'
(gdb) n
545p++;<== another move to '<', which needs to be escaped
(gdb) n
517if (IS_UTF1(*p)) {
(gdb) n
520if ((p == end)&&  !IS_TUTF1(*p)) {
(gdb) n
524} else if (IS_ESC(*p)) {
(gdb) n
540} else if (!IS_SUTF1(*p)) {
(gdb) n
541rc = 1;<== failed.





smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: Add support for additional schema/matching rules included with 389

2010-03-09 Thread Noriko Hosoi 

(2010?03?08? 19:54), Rich Megginson wrote:



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

ack.
--noriko
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2): [Bug 199923] subtree search fails to find items under a db containing special characters

2010-03-10 Thread Noriko Hosoi 
Subject: subtree search fails to find items under a db containing 
special characters


https://bugzilla.redhat.com/show_bug.cgi?id=199923

Files:
 ldap/servers/plugins/syntaxes/validate.c
 ldap/servers/slapd/back-ldbm/ldbm_add.c
 ldap/servers/slapd/dn.c

Fix Description:
dn.c: Based upon RFC 4514, the following characters in the RDN
values need to be escaped:
  '+', ';', '<','>', and '=' for the intermediate characters
  '+', ';', '<','>', '=', '#' and ' ' for leading characters
  '+', ';', '<','>', '=', and ' ' for trailing characters

validate.c: If an escaped character followed by another escaped
character, e.g., \#\<,  the pointer was moved twice skipping '\'
before '<' and it makes the validation fail.

ldbm_add.c: a local variable addr was not initialized.

Thanks to Nathan for his review.  I revised dn.c based upon
his review comments.

Proposed Fix:
https://bugzilla.redhat.com/attachment.cgi?id=399189&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=399189&action=edit





smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] DN normalisation design document

2010-03-17 Thread Noriko Hosoi 

On 03/17/2010 01:13 PM, Andrey Ivanov wrote:



In order to support "Old DN format including DN in the double
quotes" another cn=config switch may be necessary. It seems there
was recently a new switch introduced to make the dn syntax
validation a little more "relaxed" - nsslapd-dn-validate-strict.
Maybe this one could be used to allow for DNs with double-quoted
values?

Actually, the way how we are going to handle the old style 'dn:
="",' is converting the old style to a
new style in the normalization when the server receives DNs from
clients and the converted new style DN is used in the rest of the
process.  The nsslapd-dn-validate-strict value is examined in the
DN syntax validation code for now.  Unless we change it, the DN
syntax validation code always receives the new DN style.

Ok. What i wanted to say is that we should avoid any new config 
parameters in cn=config. The way you propose to handle the problem is 
the best one - it is completely transparent to the user, the server 
back-end "sees" only the normalised DNs so it does not complain and no 
additional configuration

parameters are necessary.

That being said, are you suggesting if nsslapd-dn-validate-strict
is on, we should not convert an old style DN to a new style? 
That'd be really strict.  I'm leaning toward to the other side

accepting the both old and new style with no restriction.  Do you
see any disadvantages in allowing the old style?

No, absolutely not, i agree completely with your reasoning. The code 
should be strict but not completely rigid :) Taking care of the 
"legacy" presentation in a transparent manner is the ideal solution.



Thanks so much for the confirmation, Andrey.  I'm working on the issue 
based on the design...

--noriko


smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please Review: Fix parsing of start-slapd scripts

2010-04-01 Thread Noriko Hosoi 

On 04/01/2010 11:18 AM, Nathan Kinder wrote:

On 03/31/2010 10:04 PM, Nathan Kinder wrote:

On 03/31/2010 09:52 PM, Endi Sukma Dewata wrote:

- "Nathan Kinder"   wrote:



The admin server CGIs parse the start-slapd scripts to determine the
DS instance names.  A recent format change to start-slapd caused 
this

parsing to break.  These patches make the instance name easier to
parse from the script.  One patch is for DS itself and one is for 
the

Admin Server.



ack - much better



Thanks, but I need to nak my own patch since it's imcomplete.

This isn't going to work well when upgrading an instance.  We don't
regenerate the start-slapd script when running 'setup-ds.pl -u'.  This
means that an upgraded instance will not work properly with any of the
admin server CGIs that need to parse the instance name from
start-slapd.  This issue is already a problem not related to this 
patch,

but it seems we should fix it along with this issue.

I suppose the right thing to do is to make 'setup-ds.pl -u' generate a
new start-slapd script for the existing instances as well as a new
instance specific initconfig script if one doesn't exist.  I think we
need to avoid wiping out an existing instance specific sysconfig 
script

since it may have been modified by an admin to add other stuff to it
(like KRB5_KTNAME for Kerberos).  Do you see any problems with this
approach?
I've attached a new set of patches that implements the solution 
outlined above.

ack.
--noriko



smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: Make all backend operations transaction aware

2011-09-15 Thread Noriko Hosoi 
Rich Megginson wrote:
> http://rmeggins.fedorapeople.org/patches/0001-Make-all-backend-operations-transaction-aware.patch
ack.
--noriko

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: convert memberof to use transactions

2011-10-06 Thread Noriko Hosoi 

Rich Megginson wrote:
There are 3 patches.  0001 fixes a problem with betxn and modrdn to 
make the ENTRY_POST_OP available to betxnpostop plugins.  0002 allows 
us to pass the plugin config entry to plugin_init functions (yay! 
finally!).  0003 is the actual change to memberof.

ack.
ack.
ack.
So, once "betxn" is set to the memberof plugin type, memberof mod 
operations are included in the same transaction?



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: Fix Coverity Defects

2011-11-02 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=750622
https://bugzilla.redhat.com/attachment.cgi?id=531391&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=531391&action=edit

https://bugzilla.redhat.com/show_bug.cgi?id=750624
https://bugzilla.redhat.com/attachment.cgi?id=531390&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=531390&action=edit

https://bugzilla.redhat.com/show_bug.cgi?id=750625

Attachments (Terms of Use)
<https://bugzilla.redhat.com/page.cgi?id=terms-conditions.html>
*Fix Coverity (11066) Unused pointer value; git patch file (master)*
<https://bugzilla.redhat.com/attachment.cgi?id=531392> (1.04 KB, patch)
2011-11-02 13:05 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531392>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531392&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531392&action=diff>
*Fix Coverity (11065) Uninitialized pointer read; git patch file
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531393> (1.13
KB, patch)
2011-11-02 13:06 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531393>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531393&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531393&action=diff>
*Fix Coverity (11064) Dereference before null check; git patch file
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531394> (1.16
KB, patch)
2011-11-02 13:09 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531394>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531394&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531394&action=diff>
*Fix Coverity (11061) Resource leak; git patch file (master)*
<https://bugzilla.redhat.com/attachment.cgi?id=531395> (2.15 KB, patch)
2011-11-02 13:10 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531395>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531395&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531395&action=diff>
*Fix Coverity (11060) Dereference null return value; git patch file
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531396> (2.02
KB, patch)
2011-11-02 13:11 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531396>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531396&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531396&action=diff>
*Fix Coverity (11058, 11059) Dereference null return value; git patch
file (master)* <https://bugzilla.redhat.com/attachment.cgi?id=531397>
(3.89 KB, patch)
2011-11-02 13:12 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531397>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531397&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531397&action=diff>
*Fix Coverity (11057) Dereference null return value; git patch file
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531398> (1.37
KB, patch)
2011-11-02 13:13 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531398>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531398&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531398&action=diff>
*Fix Coverity (11055) Explicit null dereferenced; git patch file
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531399> (1.45
KB, patch)
2011-11-02 13:14 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531399>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531399&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531399&action=diff>
*Fix Coverity (11054) Dereference after null check; git patch file
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531400> (2.92
KB, patch)
2011-11-02 13:15 EDT
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531400>,
Noriko Hosoi <mailto:nho...@redhat.com> nhosoi: review?
Details
<https://bugzilla.redhat.com/attachment.cgi?id=531400&action=edit> |
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531400&action=diff>
*Fix

[389-devel] Please review: [Bug 750625] Fix Coverity minor defects

2011-11-03 Thread Noriko Hosoi 

Additional coverity fixes...

https://bugzilla.redhat.com/show_bug.cgi?id=750625

*Fix Coverity (11055-2) Explicit null dereferenced; git patch file 
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531631> (1.41 
KB, patch)
2011-11-03 14:40 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531631>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	nhosoi: review?
	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=531631&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531631&action=diff>
*Fix Coverity (11062) Resource leak; git patch file (master)* 
<https://bugzilla.redhat.com/attachment.cgi?id=531632> (4.37 KB, patch)
2011-11-03 14:41 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531632>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	nhosoi: review?
	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=531632&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531632&action=diff>
*Fix Coverity (11066-2) Unused pointer value; git patch file (master)* 
<https://bugzilla.redhat.com/attachment.cgi?id=531634> (1.09 KB, patch)
2011-11-03 14:43 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531634>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	nhosoi: review?
	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=531634&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531634&action=diff>
*Fix Coverity (12195) Dereference after null check; git patch file 
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531635> (1.11 
KB, patch)
2011-11-03 14:47 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531635>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	nhosoi: review?
	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=531635&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531635&action=diff>
*Fix Coverity (12196) Dereference before null check; git patch file 
(master)* <https://bugzilla.redhat.com/attachment.cgi?id=531636> (5.64 
KB, patch)
2011-11-03 14:48 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=750625#attach_531636>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	nhosoi: review?
	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=531636&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=531636&action=diff>


Thanks!
--noriko


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #18: Data inconsitency during replication

2012-01-19 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/18

https://fedorahosted.org/389/attachment/ticket/18/0001-Trac-Ticket-18-Data-inconsitency-during-replication.patch

Bug description: If promote a hub server to a new master and
assign the same replica ID as the original master server had,
some new adds/modifies to the new server may dropped and not
be replicated to the consumers.
Fix description: If a hub is promoted to a master, consumer's
RUV is updated.  It only updated the master's URL, but not the
CSN and min CSN.  This patch resets the CSNs if the URL needs
to be updated.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

Re: [389-devel] Please review: Remove redundant code - make a global into a static

2012-01-20 Thread Noriko Hosoi 

Rich Megginson wrote:




--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

ack.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #139: RFE: eliminate the use of char *dn in favor of Slapi_DN *dn

2012-01-23 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/139

https://fedorahosted.org/389/attachment/ticket/139/0001-Trac-Ticket-139-eliminate-the-use-of-char-dn-in-favo.patch

Fix description: The oritinal RFE had been already implemented in
the commit f6397113666f06848412bb12f754f04258cfa5fa:
Reduce the number of DN normalization
In this patch, the Slapi_DN creation (slapi_sdn_{new,set,init}_dn_*)
are replaced with corresponding _normdn_ or _ndn_ APIs which takes
advantage of the knowledge that the DN is already optimized or not.

Note: With the patch applied, the slapi_dn_normalize_ext count called in 
the start-up 8682 (times) was lowered to 1113 (times).


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #52: FQDN set to nsslapd-listenhost makes the server start fail if IPv4-mapped-IPv6 address is given

2012-01-24 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/52

https://fedorahosted.org/389/attachment/ticket/52/0001-Trac-Ticket-52-FQDN-set-to-nsslapd-listenhost.patch

Fix description: Added a code to check netaddr is duplicated or
not.  When the address is IPv4-mapped-IPv6, cut the IPv4 part
out of the address and use it to compare.

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #35: Log not clear enough on schema errors

2012-01-25 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/35

https://fedorahosted.org/389/attachment/ticket/35/0001-Trac-Ticket-35-Log-not-clear-enough-on-schema-errors.patch


Comment:

  Fix description: Cryptic error message:
dse - parsing dse entry [attributeTypes]
  is now replaced with:
dse - Parsing entry in file /path/to/schema/03bad.ldif failed.
dse - Invalid section [attributeTypes:  ...]

  Full sample log:
  [] - str2entry_dupcheck: entry has no dn
  [] dse - Parsing entry in file /etc/dirsrv/slapd-ID/schema/03bad.ldif
  failed.
  [] dse - Invalid section [# attributes
  attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC
  'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN
  'Changelog Internet Draft' )
  attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog
  ...]
  [] dse - Please edit the file to correct the reported problems and then
  restart the server.

  The file which failed to parse is now in the error log.  The previous
  error "entry has no dn" explains the cause of the failure.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2): [389 Project] #35: Log not clear enough on schema errors

2012-01-25 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/35

https://fedorahosted.org/389/attachment/ticket/35/0001-Trac-Ticket-35-Log-not-clear-enough-on-schema-errors.patch

Thanks to Rich for his review.  The new patch logs the lineno of the 
corrupted entry in the input ldif file.

Comment:

  Improved the error message to print the line number.
  Fix description: Cryptic error message:
dse - parsing dse entry [attributeTypes]
  is replaced with:
dse_read_one_file - Parsing entry in file
 /path/to/schema/03bad.ldif failed . (lineno: ##)
dse_read_one_file - Invalid section [attributeTypes:
   ...]

  Sample log:
  [] - str2entry_dupcheck: entry has no dn
  [] dse_read_one_file - Parsing entry in file /path/to/schema/03bad.ldif
  failed. (lineno: 13)
  [] dse_read_one_file - Invalid section [#
  attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC
  'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN
  'Changelog Internet Draft' )
  attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC
  'Changelog attrib ...]



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #27: SASL/PLAIN binds do not work

2012-02-07 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/27

https://fedorahosted.org/389/attachment/ticket/27/0001-Trac-Ticket-27-SASL-PLAIN-binds-do-not-work.patch

Bug description: ids_sasl_canon_user failed to set "dn: " in front of 
the dn string in the output argument out_user. The dn string is used in 
the next session and the corresponding entry was not found due to the 
bad dn format (missing "dn: ").


Fix description: This patch adds the proper prefix.
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review (take 2): [389 Project] #27: SASL/PLAIN binds do not work

2012-02-08 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/27

https://fedorahosted.org/389/attachment/ticket/27/0001-Trac-Ticket-27-SASL-PLAIN-binds-do-not-work.patch

Thanks to Rich for his comment.  Fixed the code based upon his suggestions.
--noriko
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #84: 389 Directory Server Unnecessary Checkpoints

2012-02-08 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/84

https://fedorahosted.org/389/attachment/ticket/84/0001-Trac-Ticket-84-389-Directory-Server-Unnecessary-Chec.patch


 Fix description: txn_checkpoint was always called with DB_FORCE flag.
 This patch introduces db_force arg to dblayer_txn_checkpoint and
 DB_FORCE is passed only from dblayer_force_checkpoint.

 Note: checkpoint_threadmain is one of the BDB housekeeping threads.
 It calls txn_checkpoint periodically. The interval is specified in
 the ldbm database config:
   dn: cn=config,cn=ldbm database,cn=plugins,cn=config
   nsslapd-db-checkpoint-interval:
 Even if DB_FORCE is not set and there is no db modify activities,
 as long as checkpoint thread is functioning, some disk IO is
 observed due to updating the lock table and mempool to check if
 there is any data to flush.



--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [389 Project] #169: allow 389 to use db5

2012-02-10 Thread Noriko Hosoi 

https://fedorahosted.org/389/ticket/169

https://fedorahosted.org/389/attachment/ticket/169/0001-Trac-Ticket-169-allow-389-to-use-db5.patch
git patch file (master) -- excluded autogen files

 Fix description:
 1. DB suffix ".db4" is changed to ".db" if the server is linked
with db5 (libdb); it remains ".db4" if linked with db4.
 2. Fixed DB_VERSION macro to pick up the correct APIs for db5.
 3. DB upgrade flag DBVERSION_UPGRADE_4_5 is introduced and set
once it is found the db4 to db5 upgrade is necessary.
Upgrade from db4 to 5 requires cleaning up the region files
(__db.##) then update transaction log files.  The database
files are compatible.
 4. Added a code to db.m4 to check /usr/include/libdb/db.h.
If /usr/include/db4/db.h does not exists AND libdb does,
the db5 (libdb) header file is used.
Note: package db4-devel and libdb-devel cannot coexist.


--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 597375] Deleting LDBM database causes backup/restore problem

2010-06-03 Thread Noriko Hosoi 

https://bugzilla.redhat.com/attachment.cgi?id=419482&action=diff

https://bugzilla.redhat.com/attachment.cgi?id=419482&action=edit

Fix Description:
1) When a backend is removed, the db instance directory was removed
as well (See also 463774 - index files for database should be deleted
when db is deleted).  In case DB_RECOVER_FATAL is set in the DB open
after the removal (e.g., in restore), the logs in the transaction
logs are replayed and compared with the contents of the DB files.
At that time, if the db instance directory does not exist, libdb
returns FATAL error.  To prevent the problem, we have to leave the
empty directory.
2) When removing index files, we don't have to open index files
with CREAT flag.




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 578296] Attribute type entrydn needs to be added when subtree rename switch is on.

2010-06-24 Thread Noriko Hosoi 

https://bugzilla.redhat.com/show_bug.cgi?id=578296

https://bugzilla.redhat.com/attachment.cgi?id=426726&action=diff

https://bugzilla.redhat.com/attachment.cgi?id=426726&action=edit

Files:
 ldap/servers/slapd/back-ldbm/back-ldbm.h
 ldap/servers/slapd/back-ldbm/id2entry.c
 ldap/servers/slapd/back-ldbm/index.c
 ldap/servers/slapd/back-ldbm/ldbm_search.c
 ldap/servers/slapd/back-ldbm/proto-back-ldbm.h

Description:
Attribute type entrydn needs to be added when subtree rename switch is on.
Also, it should be allowed to use entrydn in the filter.

Change Description:
1) ldbm_back_next_search_entry_ext (ldbm_search.c)
   When getting an entry from ID using id2entry_ext, pass a flag
   ID2ENTRY_ADD_ENTRYDN to add entrydn to the entry.
2) id2entry_ext (id2entry.c)
   Added id2entry_ext to handle the flag ID2ENTRY_ADD_ENTRYDN.
   If ID2ENTRY_ADD_ENTRYDN is set in the flags variable and
   entryrdn switch is enabled, entrydn is added to the entry.
3) index_read_ext (index.c)
   If entryrdn switch is on and the attribute type is entrydn and
   the search type is equality, then call entryrdn_index_read
   to get the ID directly.

Thanks,
--noriko




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 610281] fix coverity Defect Type: Control flow issues

2010-07-08 Thread Noriko Hosoi 

https://bugzilla.redhat.com/show_bug.cgi?id=610281

Attachments
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429110> (1.53 KB, patch)
2010-07-02 12:42 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429110>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429110&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429110&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429117> (1.12 KB, patch)
2010-07-02 13:06 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429117>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429117&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429117&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429121> (1.54 KB, patch)
2010-07-02 13:32 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429121>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429121&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429121&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429127> (1.88 KB, patch)
2010-07-02 13:48 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429127>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429127&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429127&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429131> (1.54 KB, patch)
2010-07-02 14:05 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429131>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429131&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429131&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429139> (1.64 KB, patch)
2010-07-02 14:37 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429139>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429139&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429139&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429143> (1.38 KB, patch)
2010-07-02 14:47 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429143>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429143&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429143&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429159> (2.27 KB, patch)
2010-07-02 16:38 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429159>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429159&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429159&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429165> (1.79 KB, patch)
2010-07-02 16:55 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429165>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429165&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429165&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429183> (6.19 KB, patch)
2010-07-02 18:16 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429183>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429183&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429183&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429187> (2.83 KB, patch)
2010-07-02 18:47 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429187>, 
Noriko Hosoi <mailto:nho...@redhat.com> 	/no flags/ 	Details 
<https://bugzilla.redhat.com/attachment.cgi?id=429187&action=edit> | 
Diff <https://bugzilla.redhat.com/attachment.cgi?id=429187&action=diff>
*git patch file (9.0)* 
<https://bugzilla.redhat.com/attachment.cgi?id=429188> (2.38 KB, patch)
2010-07-02 19:05 EDT 
<https://bugzilla.redhat.com/show_bug.cgi?id=610281#attach_429188>, 
Noriko Hoso

[389-devel] Please review: [Bug 619595] Upgrading sub suffix under non-normalized suffix disappears

2010-07-30 Thread Noriko Hosoi 

https://bugzilla.redhat.com/show_bug.cgi?id=619595

https://bugzilla.redhat.com/attachment.cgi?id=435442&action=diff

https://bugzilla.redhat.com/attachment.cgi?id=435442&action=edit

Fix Description:
The cause of this problem is the config attribute nsslapd-parent-suffix
was not defined as an attribute of DN syntax.  Because of the missing
definition, the value is not the target of the DN normalization and
the match fails after upgraded.  Adding the attribute to the schema
solves this problem.

Plus upgradedb does backup the DB before upgrade, and if it fails
it restores from the backed up DB.  Use dblayer_restore instead
of copying DB files one by one.




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 616608] SIGBUS in RDN index reads on platforms with strict alignments

2010-07-30 Thread Noriko Hosoi 

https://bugzilla.redhat.com/show_bug.cgi?id=616608

https://bugzilla.redhat.com/attachment.cgi?id=434877&action=diff

https://bugzilla.redhat.com/attachment.cgi?id=434877&action=edit

Fix description:
Use the marshall/unmarshall technique for the entryrdn index data.
Introduced sizeushort_internal_to_stored/sizeushort_stored_to_internal
for the size data to store in 2 bytes.

Entryrdn related functions in the dbscan utility are also modified
to support marshalled data.

Reviewed by ulf.welt...@hp.com and fixed bugs found by him.

Updated the design doc:
http://directory.fedoraproject.org/wiki/Subtree_Rename#Entryrdn_index




smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 194531] db2bak is too noisy

2010-08-05 Thread Noriko Hosoi 

 https://bugzilla.redhat.com/show_bug.cgi?id=194531

https://bugzilla.redhat.com/attachment.cgi?id=436980&action=diff

https://bugzilla.redhat.com/attachment.cgi?id=436980&action=edit

Description:
Added -v option to db2bak and bak2db and moved the Backing up/
Restoring logs to the verbose mode output.  To implement the
backend verbose mode, log level SLAPI_LOG_BACKLDBM has been
introduced.
  Usage: db2bak [archivedir] [-v]
  Usage: bak2db archivedir [-n backendname] [-v]

Files:
 ldap/admin/src/scripts/template-bak2db.in
 ldap/admin/src/scripts/template-db2bak.in
 ldap/include/ldaplog.h
 ldap/servers/slapd/back-ldbm/archive.c
 ldap/servers/slapd/back-ldbm/dblayer.c
 ldap/servers/slapd/log.c
 ldap/servers/slapd/main.c
 ldap/servers/slapd/slapi-plugin.h

Thanks,
--noriko


smime.p7s
Description: S/MIME Cryptographic Signature
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 621928] Unable to enable replica (rdn problem?) on 1.2.6 rc6

2010-08-09 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=621928

https://bugzilla.redhat.com/attachment.cgi?id=437670&action=diff

https://bugzilla.redhat.com/attachment.cgi?id=437670&action=edit

Description: RUV (nsuniqueid=---,)
needs to be allowed to add to the DB before  is added.  To allow
it, entryrdn prepares the rdn exception list (rdn_exceptions).  If the
to-be-added entry (in this case RUV; and currently only RUV is in the
list) is in the list,  is added to the entryrdn index with the
temporary entry ID 0 (note: not to the primary db file id2entry.db#).
When the suffix is indeed added to the DB, the temporary ID 0 is replaced
with the given real ID.

Thanks,
--noriko
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel

[389-devel] Please review: [Bug 622628] fix coverity Defect Type: Integer handling issues

2010-08-10 Thread Noriko Hosoi 
https://bugzilla.redhat.com/show_bug.cgi?id=622628

https://bugzilla.redhat.com/attachment.cgi?id=437950&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=437950&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=437952&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=437952&action=edit

https://bugzilla.redhat.com/attachment.cgi?id=437960&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=437960&action=edit

Thanks,
--noriko

--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel