From 7c7f2927f715ce0e96e4dead403a9f5f46e5a6a8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2016 06:06:09 +0000 Subject: import 389-ds-base-1.3.5.10-11.el7 --- diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata index c23be8f..e422dd9 100644 --- a/.389-ds-base.metadata +++ b/.389-ds-base.metadata @@ -1,2 +1,2 @@ -edf4fc7da08f84699a07586e21d55856e5be7d4f SOURCES/389-ds-base-1.3.4.0.tar.bz2 -7e52309f61c38b241fcdaf0284559d683f3ba700 SOURCES/nunc-stans-0.1.5.tar.bz2 +b598dfe4a27f2518a6625f3852f8462553a6a483 SOURCES/389-ds-base-1.3.5.10.tar.bz2 +835c9788650d1b9ef0896c267b06b9e529612835 SOURCES/nunc-stans-0.1.8.tar.bz2 diff --git a/.gitignore b/.gitignore index 61b66d3..cf11ad0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/389-ds-base-1.3.4.0.tar.bz2 -SOURCES/nunc-stans-0.1.5.tar.bz2 +SOURCES/389-ds-base-1.3.5.10.tar.bz2 +SOURCES/nunc-stans-0.1.8.tar.bz2 diff --git a/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch b/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch new file mode 100644 index 0000000..42ca5ca --- /dev/null +++ b/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch @@ -0,0 +1,36 @@ +From e39b61ea17ae2cecbadee304678f6506d228c504 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Thu, 7 Jul 2016 14:53:48 -0400 +Subject: [PATCH 0/3] Ticket 48743 - If a cipher is disabled do not attempt to + look it up + +Description: Even if a SSL cipher is disabled the server still attempts + to locate the cipher in the security library. If the disabled + cipher is unknown it logs a warning at server startup, but + if it's disabled there is no reason to check if it exists. + +https://fedorahosted.org/389/ticket/48743 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit 6b61e05e04661312871c0b1c6121901d786d54c3) +--- + ldap/servers/slapd/ssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c +index 12a0360..b176460 100644 +--- a/ldap/servers/slapd/ssl.c ++++ b/ldap/servers/slapd/ssl.c +@@ -749,7 +749,7 @@ _conf_setciphers(char *ciphers, int flags) + if (lookup) { /* lookup with old cipher name and get NSS cipherSuiteName */ + for (i = 0; _lookup_cipher[i].alias; i++) { + if (!PL_strcasecmp(ciphers, _lookup_cipher[i].alias)) { +- if (!_lookup_cipher[i].name[0]) { ++ if (enabled && !_lookup_cipher[i].name[0]) { + slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d. Ignoring %s", + ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers); + continue; +-- +2.4.11 + diff --git a/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch b/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch deleted file mode 100644 index ee98694..0000000 --- a/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 97da9cb32b41d87d9dc5930a2ad931df559ae7f5 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 23 Jun 2015 14:48:13 -0700 -Subject: [PATCH 1/2] Ticket #48203 - Fix coverity issues - 06/22/2015 - -Description: -13294 Uninitialized scalar variable -- retrocl_init_trimming (introduced by #47669) -13293 Resource leak -- retrocl_init_trimming (introduced by #47669) - -2. Defect type: CHECKED_RETURN -50. ldap/servers/slapd/tools/ldclt/ldapfct.c:1945: -9. ldap/servers/slapd/tools/ldclt/ldapfct.c:952: - check_return: Calling "addErrorStat" without checking return value - (as is done elsewhere 26 out of 28 times). - -1. Defect type: COMPILER_WARNING -2. ldap/servers/slapd/daemon.c:1412:21: - warning: 'tp' may be used uninitialized in this function [-Wmaybe-uninitialized] - -https://fedorahosted.org/389/ticket/48203 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit 32d45c74231545ad91934147962bfb676dcdd391) ---- - ldap/servers/plugins/retrocl/retrocl_trim.c | 3 ++- - ldap/servers/slapd/daemon.c | 2 +- - ldap/servers/slapd/tools/ldclt/ldapfct.c | 4 ++-- - 3 files changed, 5 insertions(+), 4 deletions(-) - -diff --git a/ldap/servers/plugins/retrocl/retrocl_trim.c b/ldap/servers/plugins/retrocl/retrocl_trim.c -index 65f3015..b09f669 100644 ---- a/ldap/servers/plugins/retrocl/retrocl_trim.c -+++ b/ldap/servers/plugins/retrocl/retrocl_trim.c -@@ -412,7 +412,7 @@ void retrocl_housekeeping ( time_t cur_time, void *noarg ) - void retrocl_init_trimming (void) - { - const char *cl_maxage; -- time_t ageval; -+ time_t ageval = 0; /* Don't trim, by default */ - const char *cl_trim_interval; - - cl_maxage = retrocl_get_config_str(CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE); -@@ -425,6 +425,7 @@ void retrocl_init_trimming (void) - "retrocl_init_trimming: ignoring invalid %s value %s; " - "not trimming retro changelog.\n", - CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE, cl_maxage); -+ slapi_ch_free_string((char **)&cl_maxage); - return; - } - } -diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c -index 436f3d5..ba73da3 100644 ---- a/ldap/servers/slapd/daemon.c -+++ b/ldap/servers/slapd/daemon.c -@@ -1026,7 +1026,7 @@ void slapd_daemon( daemon_ports_t *ports ) - int threads; - int in_referral_mode = config_check_referral_mode(); - #ifdef ENABLE_NUNC_STANS -- ns_thrpool_t *tp; -+ ns_thrpool_t *tp = NULL; - struct ns_thrpool_config tp_config; - #endif - int connection_table_size = get_configured_connection_table_size(); -diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c -index bc8c89d..f906c5a 100644 ---- a/ldap/servers/slapd/tools/ldclt/ldapfct.c -+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c -@@ -949,7 +949,7 @@ connectToServer ( - fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n", - mctx.pid, tttctx->thrdNum, ret,strerror (ret)); - fflush (stderr); -- addErrorStat(ret); -+ (void)addErrorStat(ret); - return (-1); - } - tttctx->ldapCtx = NULL; -@@ -1942,7 +1942,7 @@ createMissingNodes ( - printf ("ldclt[%d]: T%03d: Cannot add (%s), error=%d (%s)\n", - mctx.pid, tttctx->thrdNum, nodeDN, ret, my_ldap_err2string (ret)); - fflush (stdout); -- addErrorStat(ret); -+ (void)addErrorStat(ret); - return (-1); - } - --- -1.9.3 - diff --git a/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch b/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch new file mode 100644 index 0000000..bb5a3b0 --- /dev/null +++ b/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch @@ -0,0 +1,33 @@ +From e23985aa9123b5dda2c7fe6d5205356d3fc4f5b7 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Thu, 7 Jul 2016 16:38:13 -0700 +Subject: [PATCH 1/3] Ticket #48755 - moving an entry could make the online + init fail + +Description: The upgrade script template 91reindex.pl.in had a syntax error. +See also Bug 1353592 - Setup-ds.pl --update fails + +https://fedorahosted.org/389/ticket/48755 + +Note: one character fix. +(cherry picked from commit aa64641d1974bb52fc4d02808362e76dd86d9cd0) +--- + ldap/admin/src/scripts/91reindex.pl.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/admin/src/scripts/91reindex.pl.in b/ldap/admin/src/scripts/91reindex.pl.in +index c861f64..99b08e3 100644 +--- a/ldap/admin/src/scripts/91reindex.pl.in ++++ b/ldap/admin/src/scripts/91reindex.pl.in +@@ -12,7 +12,7 @@ sub runinst { + # rdn-format value. See $rdn_format set below. + # If equal to or greater than this value, no need to reindex. + # If it needs to be unconditionally reindexed, set 0. +- my @rdnconditions = (4) ++ my @rdnconditions = (4); + + my $config = $conn->search("cn=config", "base", "(objectclass=*)"); + if (!$config) { +-- +2.4.11 + diff --git a/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch b/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch deleted file mode 100644 index f6890db..0000000 --- a/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0ad9acb61f83244af02081ffd79c350af831f21c Mon Sep 17 00:00:00 2001 -From: Ludwig Krispenz -Date: Thu, 18 Jun 2015 15:22:54 +0200 -Subject: [PATCH 2/2] Ticket 48195 - Slow replication when deleting large - quantities of multi-valued attributes - -https://fedorahosted.org/389/ticket/48195 - -In update resoultion for entry deletion, there is still use of valuearray_find() to find an existingvalue to update its csn. -with the fix for ticket #346 there exists slapi_valueset_find() which uses the possibility to do a binary search on the -values. -Fix: do not use valuearray_find - -Review: Rich, Thanks -(cherry picked from commit 09ab8c799fc3d87db7a5b3aa07eccf9b41ea43d5) -(cherry picked from commit a980b795ac03200fd01a2d05ce568691681d50ef) ---- - ldap/servers/slapd/valueset.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c -index 73208f5..0cf3ded 100644 ---- a/ldap/servers/slapd/valueset.c -+++ b/ldap/servers/slapd/valueset.c -@@ -1411,12 +1411,12 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a, - int del_index = -1, del_count = 0; - for (i=0;valuestoupdate[i]!=NULL;++i) - { -- int index= valuearray_find(a, vs->va, valuestoupdate[i]); -- if(index!=-1) -+ Slapi_Value *v = slapi_valueset_find(a, vs, valuestoupdate[i]); -+ if(v) - { -- value_update_csn(vs->va[index],t,csn); -+ value_update_csn(v,t,csn); - if (csnref_updated) -- valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(vs->va[index]); -+ valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v); - valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]); - valuestoupdate[i]= NULL; - del_count++; --- -1.9.3 - diff --git a/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch b/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch new file mode 100644 index 0000000..163431f --- /dev/null +++ b/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch @@ -0,0 +1,209 @@ +From 320ad877fc74b2396fd5dad59cfa990c3ace09f9 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Sat, 9 Jul 2016 18:36:17 -0700 +Subject: [PATCH 2/3] Ticket #48914 - db2bak.pl task enters infinitive loop + when bak fs is almost full + +Description: A backend helper function dblayer_copyfile returns an error +when any of the copy operation fails. But one of the caller functions +dblayer_backup ignored the error. + +This patch checks the error returned from dblayer_copyfile and abort the +back-up. + +Also, more error info is added to the log messages. + +https://fedorahosted.org/389/ticket/48914 + +Reviewed by mreynolds@redhat.com (Thank you, Mark!!) + +(cherry picked from commit ff997cd6fa5f2a0678721ba0b6a56fdce327feb0) +--- + ldap/servers/slapd/back-ldbm/dblayer.c | 95 ++++++++++++++++++++++------------ + 1 file changed, 61 insertions(+), 34 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c +index 93d42be..783d104 100644 +--- a/ldap/servers/slapd/back-ldbm/dblayer.c ++++ b/ldap/servers/slapd/back-ldbm/dblayer.c +@@ -5643,18 +5643,16 @@ dblayer_copyfile(char *source, char *destination, int overwrite, int mode) + source_fd = OPEN_FUNCTION(source,O_RDONLY,0); + if (-1 == source_fd) + { +- LDAPDebug1Arg(LDAP_DEBUG_ANY, +- "dblayer_copyfile: failed to open source file: %s\n", +- source); ++ LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to open source file %s by \"%s\"\n", ++ source, strerror(errno)); + goto error; + } + /* Open destination file */ + dest_fd = OPEN_FUNCTION(destination,O_CREAT | O_WRONLY, mode); + if (-1 == dest_fd) + { +- LDAPDebug1Arg(LDAP_DEBUG_ANY, +- "dblayer_copyfile: failed to open dest file: %s\n", +- destination); ++ LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to open dest file %s by \"%s\"\n", ++ destination, strerror(errno)); + goto error; + } + LDAPDebug2Args(LDAP_DEBUG_BACKLDBM, +@@ -5662,24 +5660,38 @@ dblayer_copyfile(char *source, char *destination, int overwrite, int mode) + /* Loop round reading data and writing it */ + while (1) + { ++ int i; ++ char *ptr = NULL; + return_value = read(source_fd,buffer,64*1024); +- if (return_value <= 0) +- { ++ if (return_value <= 0) { + /* means error or EOF */ +- if (return_value < 0) +- { +- LDAPDebug1Arg(LDAP_DEBUG_ANY, +- "dblayer_copyfile: failed to read: %d\n", errno); ++ if (return_value < 0) { ++ LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to read by \"%s\": rval = %d\n", ++ strerror(errno), return_value); + } + break; + } + bytes_to_write = return_value; +- return_value = write(dest_fd,buffer,bytes_to_write); +- if (return_value != bytes_to_write) +- { +- /* means error */ +- LDAPDebug1Arg(LDAP_DEBUG_ANY, +- "dblayer_copyfile: failed to write: %d\n", errno); ++ ptr = buffer; ++#define CPRETRY 4 ++ for (i = 0; i < CPRETRY; i++) { /* retry twice */ ++ return_value = write(dest_fd, ptr, bytes_to_write); ++ if (return_value == bytes_to_write) { ++ break; ++ } else { ++ /* means error */ ++ LDAPDebug(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to write by \"%s\"; real: %d bytes, exp: %d bytes\n", ++ strerror(errno), return_value, bytes_to_write); ++ if (return_value > 0) { ++ bytes_to_write -= return_value; ++ ptr += return_value; ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "dblayer_copyfile: retrying to write %d bytes\n", bytes_to_write); ++ } else { ++ break; ++ } ++ } ++ } ++ if ((CPRETRY == i) || (return_value < 0)) { + return_value = -1; + break; + } +@@ -5906,10 +5918,15 @@ dblayer_copy_directory(struct ldbminfo *li, + return_value = dblayer_copyfile(filename1, filename2, + 0, priv->dblayer_file_mode); + } ++ if (return_value < 0) { ++ LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copy_directory: Failed to copy file %s to %s\n", ++ filename1, filename2); ++ slapi_ch_free((void**)&filename1); ++ slapi_ch_free((void**)&filename2); ++ break; ++ } + slapi_ch_free((void**)&filename1); + slapi_ch_free((void**)&filename2); +- if (0 > return_value) +- break; + + (*cnt)++; + } +@@ -6165,9 +6182,14 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task) + changelog_destdir, DBVERSION_FILENAME); + return_value = dblayer_copyfile(pathname1, pathname2, + 0, priv->dblayer_file_mode); +- slapi_ch_free_string(&pathname1); + slapi_ch_free_string(&pathname2); + slapi_ch_free_string(&changelog_destdir); ++ if (0 > return_value) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "Backup: Failed to copy file %s\n", pathname1); ++ slapi_ch_free_string(&pathname1); ++ goto bail; ++ } ++ slapi_ch_free_string(&pathname1); + } + if (priv->dblayer_enable_transactions) { + /* now, get the list of logfiles that still exist */ +@@ -6240,15 +6262,15 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task) + return_value = dblayer_copyfile(pathname1, pathname2, + 0, priv->dblayer_file_mode); + if (0 > return_value) { +- LDAPDebug2Args(LDAP_DEBUG_ANY, "Backup: error in " +- "copying file '%s' (err=%d) -- Starting over...\n", +- pathname1, return_value); ++ LDAPDebug2Args(LDAP_DEBUG_ANY, "Backup: error in copying file '%s' (err=%d)\n", ++ pathname1, return_value); + if (task) { +- slapi_task_log_notice(task, +- "Error copying file '%s' (err=%d) -- Starting " +- "over...", pathname1, return_value); ++ slapi_task_log_notice(task, "Error copying file '%s' (err=%d)", ++ pathname1, return_value); + } +- ok = 0; ++ slapi_ch_free((void **)&pathname1); ++ slapi_ch_free((void **)&pathname2); ++ goto bail; + } + if ( g_get_shutdown() || c_get_shutdown() ) { + LDAPDebug0Args(LDAP_DEBUG_ANY, "Backup aborted\n"); +@@ -6276,9 +6298,8 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task) + slapi_task_log_notice(task, "Backing up file %d (%s)", cnt, pathname2); + slapi_task_log_status(task, "Backing up file %d (%s)", cnt, pathname2); + } +- return_value = +- dblayer_copyfile(pathname1, pathname2, 0, priv->dblayer_file_mode); +- if (return_value) { ++ return_value = dblayer_copyfile(pathname1, pathname2, 0, priv->dblayer_file_mode); ++ if (0 > return_value) { + LDAPDebug(LDAP_DEBUG_ANY, + "Backup: error in copying version file " + "(%s -> %s): err=%d\n", +@@ -6458,11 +6479,12 @@ static int dblayer_copy_dirand_contents(char* src_dir, char* dst_dir, int mode, + slapi_task_log_status(task, "Moving file %s", + filename2); + } +- return_value = dblayer_copyfile(filename1, filename2, 0, +- mode); ++ return_value = dblayer_copyfile(filename1, filename2, 0, mode); + } +- if (0 > return_value) ++ if (0 > return_value) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "dblayer_copy_dirand_contents: failed to copy file %s\n", filename1); + break; ++ } + } + PR_CloseDir(dirhandle); + } +@@ -6838,6 +6860,10 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char * + changelogdir, DBVERSION_FILENAME); + return_value = dblayer_copyfile(filename1, filename2, + 0, priv->dblayer_file_mode); ++ if (0 > return_value) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "Restore: failed to copy file %s\n", filename1); ++ goto error_out; ++ } + } + continue; + } +@@ -6897,6 +6923,7 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char * + return_value = dblayer_copyfile(filename1, filename2, 0, + priv->dblayer_file_mode); + if (0 > return_value) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "Restore: failed to copy file %s\n", filename1); + goto error_out; + } + cnt++; +-- +2.4.11 + diff --git a/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch b/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch deleted file mode 100644 index 93e3d89..0000000 --- a/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 2ad324a00c8e429171d5c096a56c32aed3206466 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 1 Jul 2015 18:16:20 -0700 -Subject: [PATCH 3/7] Ticket #48212 - Dynamic nsMatchingRule changes had no - effect on the attrinfo thus following reindexing, as well. - -Description: When nsMatchingRule was dynamically updated in an index entry, -the value was set to the configuration but was not applied to the attribute -info. On-line reindexing following the nsMatchingRule change actually ignored -the setting. On the other hand, the standalone utility dbverify independently -picked up the nsMatchingRule from the configuration and generated the attribute -info, which expected the index reindexed based upon the new nsMatchingRule. But -it was actually not and dbverify reported the index corruption. - -This patch applies the changes to the attribute info when nsMatchingRule is -modified. - -https://fedorahosted.org/389/ticket/48212 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!) - -(cherry picked from commit d9679725e69df1d191864ca00bad6b79b13e7362) -(cherry picked from commit d15beff66fd28902bd8ca80af12ad76a7ecbe57d) ---- - ldap/servers/slapd/back-ldbm/ldbm_attr.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c -index 62ed6e1..092b6b5 100644 ---- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c -+++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c -@@ -127,7 +127,16 @@ ainfo_dup( - attrinfo_delete_idlistinfo(&a->ai_idlistinfo); - a->ai_idlistinfo = b->ai_idlistinfo; - b->ai_idlistinfo = NULL; -- -+ -+ /* copy cmp functions and substr lengths */ -+ a->ai_key_cmp_fn = b->ai_key_cmp_fn; -+ a->ai_dup_cmp_fn = b->ai_dup_cmp_fn; -+ if (b->ai_substr_lens) { -+ size_t substrlen = sizeof(int) * INDEX_SUBSTRLEN; -+ a->ai_substr_lens = (int *)slapi_ch_calloc(1, substrlen); -+ memcpy(a->ai_substr_lens, b->ai_substr_lens, substrlen); -+ } -+ - return( 1 ); - } - --- -1.9.3 - diff --git a/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch b/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch new file mode 100644 index 0000000..47a9740 --- /dev/null +++ b/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch @@ -0,0 +1,64 @@ +From 6e3de01c0a6f07f82d514d0d7f546a4eb408a445 Mon Sep 17 00:00:00 2001 +From: Viktor Ashirov +Date: Mon, 11 Jul 2016 10:10:42 +0200 +Subject: [PATCH 3/3] Ticket #48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't + install 389-ds-base-snmp + +Bug description: +During upgrade from 389-ds-base version <1.3.5.5 additional +package 389-ds-base-snmp is not installed. + +Fix description: +Move "Obsoletes:" section from %description to %package. + +https://fedorahosted.org/389/ticket/48918 + +Reviewed by: nhosoi@redhat.com. + +(cherry picked from commit f593ae7790e3372c6812bfe59e58e6d709ec171f) +--- + rpm/389-ds-base.spec.in | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in +index d08d379..0924cb5 100644 +--- a/rpm/389-ds-base.spec.in ++++ b/rpm/389-ds-base.spec.in +@@ -47,6 +47,8 @@ Group: System Environment/Daemons + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + Obsoletes: %{name}-selinux + Conflicts: selinux-policy-base < 3.9.8 ++# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp ++Obsoletes: %{name} <= 1.3.5.4 + Requires: %{name}-libs = %{version}-%{release} + Provides: ldif2ldbm + +@@ -152,9 +154,6 @@ isn't what you want. Please contact support immediately. + Please see http://seclists.org/oss-sec/2016/q1/363 for more information. + %endif + +-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp +-Obsoletes: %{name} <= 1.3.5.4 +- + %package libs + Summary: Core libraries for 389 Directory Server (%{variant}) + Group: System Environment/Daemons +@@ -213,13 +212,12 @@ Development Libraries and headers for the 389 Directory Server base package. + Summary: SNMP Agent for 389 Directory Server + Group: System Environment/Daemons + Requires: %{name} = %{version}-%{release} ++# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp ++Obsoletes: %{name} <= 1.3.5.4 + + %description snmp + SNMP Agent for the 389 Directory Server base package. + +-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp +-Obsoletes: %{name} <= 1.3.5.4 +- + %package tests + Summary: The lib389 Continuous Integration Tests + Group: Development/Libraries +-- +2.4.11 + diff --git a/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch deleted file mode 100644 index e3e8236..0000000 --- a/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch +++ /dev/null @@ -1,17261 +0,0 @@ -From b9de59847038d4baecacfb911c21798f78e3c52a Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 1 Jul 2015 18:23:22 -0700 -Subject: [PATCH 4/7] Ticket #48212 - CI test: added test cases for ticket - 48212 - -Description: Dynamic nsMatchingRule changes had no effect on the attrinfo - thus following reindexing, as well. - -https://fedorahosted.org/389/ticket/48212 -(cherry picked from commit a533145d1dc3c11bb0aa7745f656049b287e501e) -(cherry picked from commit 0e079ab39f7ee3d5fe77b505fb40c647d149f1b0) ---- - dirsrvtests/data/ticket48212/example1k_posix.ldif | 17017 ++++++++++++++++++++ - dirsrvtests/tickets/ticket48212_test.py | 210 + - 2 files changed, 17227 insertions(+) - create mode 100644 dirsrvtests/data/ticket48212/example1k_posix.ldif - create mode 100644 dirsrvtests/tickets/ticket48212_test.py - -diff --git a/dirsrvtests/data/ticket48212/example1k_posix.ldif b/dirsrvtests/data/ticket48212/example1k_posix.ldif -new file mode 100644 -index 0000000..50000f2 ---- /dev/null -+++ b/dirsrvtests/data/ticket48212/example1k_posix.ldif -@@ -0,0 +1,17017 @@ -+dn: dc=example,dc=com -+objectClass: top -+objectClass: domain -+dc: example -+aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "acl1"; allow(write) userdn = "ldap:///self";) -+aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "acl2"; allow(read, search, compare) userdn = "ldap:///anyone";) -+ -+dn: ou=People,dc=example,dc=com -+objectClass: top -+objectClass: organizationalunit -+ou: People -+ -+dn: ou=Groups,dc=example,dc=com -+objectClass: top -+objectClass: organizationalunit -+ou: Groups -+ -+dn: cn=user0,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user0 -+sn: user0 -+uid: uid0 -+givenname: givenname0 -+description: description0 -+userPassword: password0 -+mail: uid0 -+uidnumber: 0 -+gidnumber: 0 -+homeDirectory: /home/uid0 -+ -+dn: cn=user1,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user1 -+sn: user1 -+uid: uid1 -+givenname: givenname1 -+description: description1 -+userPassword: password1 -+mail: uid1 -+uidnumber: 1 -+gidnumber: 1 -+homeDirectory: /home/uid1 -+ -+dn: cn=user2,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user2 -+sn: user2 -+uid: uid2 -+givenname: givenname2 -+description: description2 -+userPassword: password2 -+mail: uid2 -+uidnumber: 2 -+gidnumber: 2 -+homeDirectory: /home/uid2 -+ -+dn: cn=user3,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user3 -+sn: user3 -+uid: uid3 -+givenname: givenname3 -+description: description3 -+userPassword: password3 -+mail: uid3 -+uidnumber: 3 -+gidnumber: 3 -+homeDirectory: /home/uid3 -+ -+dn: cn=user4,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user4 -+sn: user4 -+uid: uid4 -+givenname: givenname4 -+description: description4 -+userPassword: password4 -+mail: uid4 -+uidnumber: 4 -+gidnumber: 4 -+homeDirectory: /home/uid4 -+ -+dn: cn=user5,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user5 -+sn: user5 -+uid: uid5 -+givenname: givenname5 -+description: description5 -+userPassword: password5 -+mail: uid5 -+uidnumber: 5 -+gidnumber: 5 -+homeDirectory: /home/uid5 -+ -+dn: cn=user6,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user6 -+sn: user6 -+uid: uid6 -+givenname: givenname6 -+description: description6 -+userPassword: password6 -+mail: uid6 -+uidnumber: 6 -+gidnumber: 6 -+homeDirectory: /home/uid6 -+ -+dn: cn=user7,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user7 -+sn: user7 -+uid: uid7 -+givenname: givenname7 -+description: description7 -+userPassword: password7 -+mail: uid7 -+uidnumber: 7 -+gidnumber: 7 -+homeDirectory: /home/uid7 -+ -+dn: cn=user8,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user8 -+sn: user8 -+uid: uid8 -+givenname: givenname8 -+description: description8 -+userPassword: password8 -+mail: uid8 -+uidnumber: 8 -+gidnumber: 8 -+homeDirectory: /home/uid8 -+ -+dn: cn=user9,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user9 -+sn: user9 -+uid: uid9 -+givenname: givenname9 -+description: description9 -+userPassword: password9 -+mail: uid9 -+uidnumber: 9 -+gidnumber: 9 -+homeDirectory: /home/uid9 -+ -+dn: cn=user10,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user10 -+sn: user10 -+uid: uid10 -+givenname: givenname10 -+description: description10 -+userPassword: password10 -+mail: uid10 -+uidnumber: 10 -+gidnumber: 10 -+homeDirectory: /home/uid10 -+ -+dn: cn=user11,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user11 -+sn: user11 -+uid: uid11 -+givenname: givenname11 -+description: description11 -+userPassword: password11 -+mail: uid11 -+uidnumber: 11 -+gidnumber: 11 -+homeDirectory: /home/uid11 -+ -+dn: cn=user12,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user12 -+sn: user12 -+uid: uid12 -+givenname: givenname12 -+description: description12 -+userPassword: password12 -+mail: uid12 -+uidnumber: 12 -+gidnumber: 12 -+homeDirectory: /home/uid12 -+ -+dn: cn=user13,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user13 -+sn: user13 -+uid: uid13 -+givenname: givenname13 -+description: description13 -+userPassword: password13 -+mail: uid13 -+uidnumber: 13 -+gidnumber: 13 -+homeDirectory: /home/uid13 -+ -+dn: cn=user14,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user14 -+sn: user14 -+uid: uid14 -+givenname: givenname14 -+description: description14 -+userPassword: password14 -+mail: uid14 -+uidnumber: 14 -+gidnumber: 14 -+homeDirectory: /home/uid14 -+ -+dn: cn=user15,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user15 -+sn: user15 -+uid: uid15 -+givenname: givenname15 -+description: description15 -+userPassword: password15 -+mail: uid15 -+uidnumber: 15 -+gidnumber: 15 -+homeDirectory: /home/uid15 -+ -+dn: cn=user16,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user16 -+sn: user16 -+uid: uid16 -+givenname: givenname16 -+description: description16 -+userPassword: password16 -+mail: uid16 -+uidnumber: 16 -+gidnumber: 16 -+homeDirectory: /home/uid16 -+ -+dn: cn=user17,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user17 -+sn: user17 -+uid: uid17 -+givenname: givenname17 -+description: description17 -+userPassword: password17 -+mail: uid17 -+uidnumber: 17 -+gidnumber: 17 -+homeDirectory: /home/uid17 -+ -+dn: cn=user18,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user18 -+sn: user18 -+uid: uid18 -+givenname: givenname18 -+description: description18 -+userPassword: password18 -+mail: uid18 -+uidnumber: 18 -+gidnumber: 18 -+homeDirectory: /home/uid18 -+ -+dn: cn=user19,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user19 -+sn: user19 -+uid: uid19 -+givenname: givenname19 -+description: description19 -+userPassword: password19 -+mail: uid19 -+uidnumber: 19 -+gidnumber: 19 -+homeDirectory: /home/uid19 -+ -+dn: cn=user20,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user20 -+sn: user20 -+uid: uid20 -+givenname: givenname20 -+description: description20 -+userPassword: password20 -+mail: uid20 -+uidnumber: 20 -+gidnumber: 20 -+homeDirectory: /home/uid20 -+ -+dn: cn=user21,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user21 -+sn: user21 -+uid: uid21 -+givenname: givenname21 -+description: description21 -+userPassword: password21 -+mail: uid21 -+uidnumber: 21 -+gidnumber: 21 -+homeDirectory: /home/uid21 -+ -+dn: cn=user22,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user22 -+sn: user22 -+uid: uid22 -+givenname: givenname22 -+description: description22 -+userPassword: password22 -+mail: uid22 -+uidnumber: 22 -+gidnumber: 22 -+homeDirectory: /home/uid22 -+ -+dn: cn=user23,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user23 -+sn: user23 -+uid: uid23 -+givenname: givenname23 -+description: description23 -+userPassword: password23 -+mail: uid23 -+uidnumber: 23 -+gidnumber: 23 -+homeDirectory: /home/uid23 -+ -+dn: cn=user24,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user24 -+sn: user24 -+uid: uid24 -+givenname: givenname24 -+description: description24 -+userPassword: password24 -+mail: uid24 -+uidnumber: 24 -+gidnumber: 24 -+homeDirectory: /home/uid24 -+ -+dn: cn=user25,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user25 -+sn: user25 -+uid: uid25 -+givenname: givenname25 -+description: description25 -+userPassword: password25 -+mail: uid25 -+uidnumber: 25 -+gidnumber: 25 -+homeDirectory: /home/uid25 -+ -+dn: cn=user26,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user26 -+sn: user26 -+uid: uid26 -+givenname: givenname26 -+description: description26 -+userPassword: password26 -+mail: uid26 -+uidnumber: 26 -+gidnumber: 26 -+homeDirectory: /home/uid26 -+ -+dn: cn=user27,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user27 -+sn: user27 -+uid: uid27 -+givenname: givenname27 -+description: description27 -+userPassword: password27 -+mail: uid27 -+uidnumber: 27 -+gidnumber: 27 -+homeDirectory: /home/uid27 -+ -+dn: cn=user28,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user28 -+sn: user28 -+uid: uid28 -+givenname: givenname28 -+description: description28 -+userPassword: password28 -+mail: uid28 -+uidnumber: 28 -+gidnumber: 28 -+homeDirectory: /home/uid28 -+ -+dn: cn=user29,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user29 -+sn: user29 -+uid: uid29 -+givenname: givenname29 -+description: description29 -+userPassword: password29 -+mail: uid29 -+uidnumber: 29 -+gidnumber: 29 -+homeDirectory: /home/uid29 -+ -+dn: cn=user30,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user30 -+sn: user30 -+uid: uid30 -+givenname: givenname30 -+description: description30 -+userPassword: password30 -+mail: uid30 -+uidnumber: 30 -+gidnumber: 30 -+homeDirectory: /home/uid30 -+ -+dn: cn=user31,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user31 -+sn: user31 -+uid: uid31 -+givenname: givenname31 -+description: description31 -+userPassword: password31 -+mail: uid31 -+uidnumber: 31 -+gidnumber: 31 -+homeDirectory: /home/uid31 -+ -+dn: cn=user32,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user32 -+sn: user32 -+uid: uid32 -+givenname: givenname32 -+description: description32 -+userPassword: password32 -+mail: uid32 -+uidnumber: 32 -+gidnumber: 32 -+homeDirectory: /home/uid32 -+ -+dn: cn=user33,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user33 -+sn: user33 -+uid: uid33 -+givenname: givenname33 -+description: description33 -+userPassword: password33 -+mail: uid33 -+uidnumber: 33 -+gidnumber: 33 -+homeDirectory: /home/uid33 -+ -+dn: cn=user34,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user34 -+sn: user34 -+uid: uid34 -+givenname: givenname34 -+description: description34 -+userPassword: password34 -+mail: uid34 -+uidnumber: 34 -+gidnumber: 34 -+homeDirectory: /home/uid34 -+ -+dn: cn=user35,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user35 -+sn: user35 -+uid: uid35 -+givenname: givenname35 -+description: description35 -+userPassword: password35 -+mail: uid35 -+uidnumber: 35 -+gidnumber: 35 -+homeDirectory: /home/uid35 -+ -+dn: cn=user36,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user36 -+sn: user36 -+uid: uid36 -+givenname: givenname36 -+description: description36 -+userPassword: password36 -+mail: uid36 -+uidnumber: 36 -+gidnumber: 36 -+homeDirectory: /home/uid36 -+ -+dn: cn=user37,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user37 -+sn: user37 -+uid: uid37 -+givenname: givenname37 -+description: description37 -+userPassword: password37 -+mail: uid37 -+uidnumber: 37 -+gidnumber: 37 -+homeDirectory: /home/uid37 -+ -+dn: cn=user38,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user38 -+sn: user38 -+uid: uid38 -+givenname: givenname38 -+description: description38 -+userPassword: password38 -+mail: uid38 -+uidnumber: 38 -+gidnumber: 38 -+homeDirectory: /home/uid38 -+ -+dn: cn=user39,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user39 -+sn: user39 -+uid: uid39 -+givenname: givenname39 -+description: description39 -+userPassword: password39 -+mail: uid39 -+uidnumber: 39 -+gidnumber: 39 -+homeDirectory: /home/uid39 -+ -+dn: cn=user40,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user40 -+sn: user40 -+uid: uid40 -+givenname: givenname40 -+description: description40 -+userPassword: password40 -+mail: uid40 -+uidnumber: 40 -+gidnumber: 40 -+homeDirectory: /home/uid40 -+ -+dn: cn=user41,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user41 -+sn: user41 -+uid: uid41 -+givenname: givenname41 -+description: description41 -+userPassword: password41 -+mail: uid41 -+uidnumber: 41 -+gidnumber: 41 -+homeDirectory: /home/uid41 -+ -+dn: cn=user42,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user42 -+sn: user42 -+uid: uid42 -+givenname: givenname42 -+description: description42 -+userPassword: password42 -+mail: uid42 -+uidnumber: 42 -+gidnumber: 42 -+homeDirectory: /home/uid42 -+ -+dn: cn=user43,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user43 -+sn: user43 -+uid: uid43 -+givenname: givenname43 -+description: description43 -+userPassword: password43 -+mail: uid43 -+uidnumber: 43 -+gidnumber: 43 -+homeDirectory: /home/uid43 -+ -+dn: cn=user44,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user44 -+sn: user44 -+uid: uid44 -+givenname: givenname44 -+description: description44 -+userPassword: password44 -+mail: uid44 -+uidnumber: 44 -+gidnumber: 44 -+homeDirectory: /home/uid44 -+ -+dn: cn=user45,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user45 -+sn: user45 -+uid: uid45 -+givenname: givenname45 -+description: description45 -+userPassword: password45 -+mail: uid45 -+uidnumber: 45 -+gidnumber: 45 -+homeDirectory: /home/uid45 -+ -+dn: cn=user46,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user46 -+sn: user46 -+uid: uid46 -+givenname: givenname46 -+description: description46 -+userPassword: password46 -+mail: uid46 -+uidnumber: 46 -+gidnumber: 46 -+homeDirectory: /home/uid46 -+ -+dn: cn=user47,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user47 -+sn: user47 -+uid: uid47 -+givenname: givenname47 -+description: description47 -+userPassword: password47 -+mail: uid47 -+uidnumber: 47 -+gidnumber: 47 -+homeDirectory: /home/uid47 -+ -+dn: cn=user48,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user48 -+sn: user48 -+uid: uid48 -+givenname: givenname48 -+description: description48 -+userPassword: password48 -+mail: uid48 -+uidnumber: 48 -+gidnumber: 48 -+homeDirectory: /home/uid48 -+ -+dn: cn=user49,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user49 -+sn: user49 -+uid: uid49 -+givenname: givenname49 -+description: description49 -+userPassword: password49 -+mail: uid49 -+uidnumber: 49 -+gidnumber: 49 -+homeDirectory: /home/uid49 -+ -+dn: cn=user50,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user50 -+sn: user50 -+uid: uid50 -+givenname: givenname50 -+description: description50 -+userPassword: password50 -+mail: uid50 -+uidnumber: 50 -+gidnumber: 50 -+homeDirectory: /home/uid50 -+ -+dn: cn=user51,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user51 -+sn: user51 -+uid: uid51 -+givenname: givenname51 -+description: description51 -+userPassword: password51 -+mail: uid51 -+uidnumber: 51 -+gidnumber: 51 -+homeDirectory: /home/uid51 -+ -+dn: cn=user52,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user52 -+sn: user52 -+uid: uid52 -+givenname: givenname52 -+description: description52 -+userPassword: password52 -+mail: uid52 -+uidnumber: 52 -+gidnumber: 52 -+homeDirectory: /home/uid52 -+ -+dn: cn=user53,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user53 -+sn: user53 -+uid: uid53 -+givenname: givenname53 -+description: description53 -+userPassword: password53 -+mail: uid53 -+uidnumber: 53 -+gidnumber: 53 -+homeDirectory: /home/uid53 -+ -+dn: cn=user54,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user54 -+sn: user54 -+uid: uid54 -+givenname: givenname54 -+description: description54 -+userPassword: password54 -+mail: uid54 -+uidnumber: 54 -+gidnumber: 54 -+homeDirectory: /home/uid54 -+ -+dn: cn=user55,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user55 -+sn: user55 -+uid: uid55 -+givenname: givenname55 -+description: description55 -+userPassword: password55 -+mail: uid55 -+uidnumber: 55 -+gidnumber: 55 -+homeDirectory: /home/uid55 -+ -+dn: cn=user56,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user56 -+sn: user56 -+uid: uid56 -+givenname: givenname56 -+description: description56 -+userPassword: password56 -+mail: uid56 -+uidnumber: 56 -+gidnumber: 56 -+homeDirectory: /home/uid56 -+ -+dn: cn=user57,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user57 -+sn: user57 -+uid: uid57 -+givenname: givenname57 -+description: description57 -+userPassword: password57 -+mail: uid57 -+uidnumber: 57 -+gidnumber: 57 -+homeDirectory: /home/uid57 -+ -+dn: cn=user58,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user58 -+sn: user58 -+uid: uid58 -+givenname: givenname58 -+description: description58 -+userPassword: password58 -+mail: uid58 -+uidnumber: 58 -+gidnumber: 58 -+homeDirectory: /home/uid58 -+ -+dn: cn=user59,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user59 -+sn: user59 -+uid: uid59 -+givenname: givenname59 -+description: description59 -+userPassword: password59 -+mail: uid59 -+uidnumber: 59 -+gidnumber: 59 -+homeDirectory: /home/uid59 -+ -+dn: cn=user60,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user60 -+sn: user60 -+uid: uid60 -+givenname: givenname60 -+description: description60 -+userPassword: password60 -+mail: uid60 -+uidnumber: 60 -+gidnumber: 60 -+homeDirectory: /home/uid60 -+ -+dn: cn=user61,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user61 -+sn: user61 -+uid: uid61 -+givenname: givenname61 -+description: description61 -+userPassword: password61 -+mail: uid61 -+uidnumber: 61 -+gidnumber: 61 -+homeDirectory: /home/uid61 -+ -+dn: cn=user62,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user62 -+sn: user62 -+uid: uid62 -+givenname: givenname62 -+description: description62 -+userPassword: password62 -+mail: uid62 -+uidnumber: 62 -+gidnumber: 62 -+homeDirectory: /home/uid62 -+ -+dn: cn=user63,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user63 -+sn: user63 -+uid: uid63 -+givenname: givenname63 -+description: description63 -+userPassword: password63 -+mail: uid63 -+uidnumber: 63 -+gidnumber: 63 -+homeDirectory: /home/uid63 -+ -+dn: cn=user64,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user64 -+sn: user64 -+uid: uid64 -+givenname: givenname64 -+description: description64 -+userPassword: password64 -+mail: uid64 -+uidnumber: 64 -+gidnumber: 64 -+homeDirectory: /home/uid64 -+ -+dn: cn=user65,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user65 -+sn: user65 -+uid: uid65 -+givenname: givenname65 -+description: description65 -+userPassword: password65 -+mail: uid65 -+uidnumber: 65 -+gidnumber: 65 -+homeDirectory: /home/uid65 -+ -+dn: cn=user66,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user66 -+sn: user66 -+uid: uid66 -+givenname: givenname66 -+description: description66 -+userPassword: password66 -+mail: uid66 -+uidnumber: 66 -+gidnumber: 66 -+homeDirectory: /home/uid66 -+ -+dn: cn=user67,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user67 -+sn: user67 -+uid: uid67 -+givenname: givenname67 -+description: description67 -+userPassword: password67 -+mail: uid67 -+uidnumber: 67 -+gidnumber: 67 -+homeDirectory: /home/uid67 -+ -+dn: cn=user68,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user68 -+sn: user68 -+uid: uid68 -+givenname: givenname68 -+description: description68 -+userPassword: password68 -+mail: uid68 -+uidnumber: 68 -+gidnumber: 68 -+homeDirectory: /home/uid68 -+ -+dn: cn=user69,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user69 -+sn: user69 -+uid: uid69 -+givenname: givenname69 -+description: description69 -+userPassword: password69 -+mail: uid69 -+uidnumber: 69 -+gidnumber: 69 -+homeDirectory: /home/uid69 -+ -+dn: cn=user70,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user70 -+sn: user70 -+uid: uid70 -+givenname: givenname70 -+description: description70 -+userPassword: password70 -+mail: uid70 -+uidnumber: 70 -+gidnumber: 70 -+homeDirectory: /home/uid70 -+ -+dn: cn=user71,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user71 -+sn: user71 -+uid: uid71 -+givenname: givenname71 -+description: description71 -+userPassword: password71 -+mail: uid71 -+uidnumber: 71 -+gidnumber: 71 -+homeDirectory: /home/uid71 -+ -+dn: cn=user72,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user72 -+sn: user72 -+uid: uid72 -+givenname: givenname72 -+description: description72 -+userPassword: password72 -+mail: uid72 -+uidnumber: 72 -+gidnumber: 72 -+homeDirectory: /home/uid72 -+ -+dn: cn=user73,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user73 -+sn: user73 -+uid: uid73 -+givenname: givenname73 -+description: description73 -+userPassword: password73 -+mail: uid73 -+uidnumber: 73 -+gidnumber: 73 -+homeDirectory: /home/uid73 -+ -+dn: cn=user74,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user74 -+sn: user74 -+uid: uid74 -+givenname: givenname74 -+description: description74 -+userPassword: password74 -+mail: uid74 -+uidnumber: 74 -+gidnumber: 74 -+homeDirectory: /home/uid74 -+ -+dn: cn=user75,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user75 -+sn: user75 -+uid: uid75 -+givenname: givenname75 -+description: description75 -+userPassword: password75 -+mail: uid75 -+uidnumber: 75 -+gidnumber: 75 -+homeDirectory: /home/uid75 -+ -+dn: cn=user76,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user76 -+sn: user76 -+uid: uid76 -+givenname: givenname76 -+description: description76 -+userPassword: password76 -+mail: uid76 -+uidnumber: 76 -+gidnumber: 76 -+homeDirectory: /home/uid76 -+ -+dn: cn=user77,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user77 -+sn: user77 -+uid: uid77 -+givenname: givenname77 -+description: description77 -+userPassword: password77 -+mail: uid77 -+uidnumber: 77 -+gidnumber: 77 -+homeDirectory: /home/uid77 -+ -+dn: cn=user78,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user78 -+sn: user78 -+uid: uid78 -+givenname: givenname78 -+description: description78 -+userPassword: password78 -+mail: uid78 -+uidnumber: 78 -+gidnumber: 78 -+homeDirectory: /home/uid78 -+ -+dn: cn=user79,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user79 -+sn: user79 -+uid: uid79 -+givenname: givenname79 -+description: description79 -+userPassword: password79 -+mail: uid79 -+uidnumber: 79 -+gidnumber: 79 -+homeDirectory: /home/uid79 -+ -+dn: cn=user80,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user80 -+sn: user80 -+uid: uid80 -+givenname: givenname80 -+description: description80 -+userPassword: password80 -+mail: uid80 -+uidnumber: 80 -+gidnumber: 80 -+homeDirectory: /home/uid80 -+ -+dn: cn=user81,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user81 -+sn: user81 -+uid: uid81 -+givenname: givenname81 -+description: description81 -+userPassword: password81 -+mail: uid81 -+uidnumber: 81 -+gidnumber: 81 -+homeDirectory: /home/uid81 -+ -+dn: cn=user82,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user82 -+sn: user82 -+uid: uid82 -+givenname: givenname82 -+description: description82 -+userPassword: password82 -+mail: uid82 -+uidnumber: 82 -+gidnumber: 82 -+homeDirectory: /home/uid82 -+ -+dn: cn=user83,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user83 -+sn: user83 -+uid: uid83 -+givenname: givenname83 -+description: description83 -+userPassword: password83 -+mail: uid83 -+uidnumber: 83 -+gidnumber: 83 -+homeDirectory: /home/uid83 -+ -+dn: cn=user84,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user84 -+sn: user84 -+uid: uid84 -+givenname: givenname84 -+description: description84 -+userPassword: password84 -+mail: uid84 -+uidnumber: 84 -+gidnumber: 84 -+homeDirectory: /home/uid84 -+ -+dn: cn=user85,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user85 -+sn: user85 -+uid: uid85 -+givenname: givenname85 -+description: description85 -+userPassword: password85 -+mail: uid85 -+uidnumber: 85 -+gidnumber: 85 -+homeDirectory: /home/uid85 -+ -+dn: cn=user86,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user86 -+sn: user86 -+uid: uid86 -+givenname: givenname86 -+description: description86 -+userPassword: password86 -+mail: uid86 -+uidnumber: 86 -+gidnumber: 86 -+homeDirectory: /home/uid86 -+ -+dn: cn=user87,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user87 -+sn: user87 -+uid: uid87 -+givenname: givenname87 -+description: description87 -+userPassword: password87 -+mail: uid87 -+uidnumber: 87 -+gidnumber: 87 -+homeDirectory: /home/uid87 -+ -+dn: cn=user88,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user88 -+sn: user88 -+uid: uid88 -+givenname: givenname88 -+description: description88 -+userPassword: password88 -+mail: uid88 -+uidnumber: 88 -+gidnumber: 88 -+homeDirectory: /home/uid88 -+ -+dn: cn=user89,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user89 -+sn: user89 -+uid: uid89 -+givenname: givenname89 -+description: description89 -+userPassword: password89 -+mail: uid89 -+uidnumber: 89 -+gidnumber: 89 -+homeDirectory: /home/uid89 -+ -+dn: cn=user90,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user90 -+sn: user90 -+uid: uid90 -+givenname: givenname90 -+description: description90 -+userPassword: password90 -+mail: uid90 -+uidnumber: 90 -+gidnumber: 90 -+homeDirectory: /home/uid90 -+ -+dn: cn=user91,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user91 -+sn: user91 -+uid: uid91 -+givenname: givenname91 -+description: description91 -+userPassword: password91 -+mail: uid91 -+uidnumber: 91 -+gidnumber: 91 -+homeDirectory: /home/uid91 -+ -+dn: cn=user92,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user92 -+sn: user92 -+uid: uid92 -+givenname: givenname92 -+description: description92 -+userPassword: password92 -+mail: uid92 -+uidnumber: 92 -+gidnumber: 92 -+homeDirectory: /home/uid92 -+ -+dn: cn=user93,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user93 -+sn: user93 -+uid: uid93 -+givenname: givenname93 -+description: description93 -+userPassword: password93 -+mail: uid93 -+uidnumber: 93 -+gidnumber: 93 -+homeDirectory: /home/uid93 -+ -+dn: cn=user94,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user94 -+sn: user94 -+uid: uid94 -+givenname: givenname94 -+description: description94 -+userPassword: password94 -+mail: uid94 -+uidnumber: 94 -+gidnumber: 94 -+homeDirectory: /home/uid94 -+ -+dn: cn=user95,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user95 -+sn: user95 -+uid: uid95 -+givenname: givenname95 -+description: description95 -+userPassword: password95 -+mail: uid95 -+uidnumber: 95 -+gidnumber: 95 -+homeDirectory: /home/uid95 -+ -+dn: cn=user96,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user96 -+sn: user96 -+uid: uid96 -+givenname: givenname96 -+description: description96 -+userPassword: password96 -+mail: uid96 -+uidnumber: 96 -+gidnumber: 96 -+homeDirectory: /home/uid96 -+ -+dn: cn=user97,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user97 -+sn: user97 -+uid: uid97 -+givenname: givenname97 -+description: description97 -+userPassword: password97 -+mail: uid97 -+uidnumber: 97 -+gidnumber: 97 -+homeDirectory: /home/uid97 -+ -+dn: cn=user98,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user98 -+sn: user98 -+uid: uid98 -+givenname: givenname98 -+description: description98 -+userPassword: password98 -+mail: uid98 -+uidnumber: 98 -+gidnumber: 98 -+homeDirectory: /home/uid98 -+ -+dn: cn=user99,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user99 -+sn: user99 -+uid: uid99 -+givenname: givenname99 -+description: description99 -+userPassword: password99 -+mail: uid99 -+uidnumber: 99 -+gidnumber: 99 -+homeDirectory: /home/uid99 -+ -+dn: cn=user100,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user100 -+sn: user100 -+uid: uid100 -+givenname: givenname100 -+description: description100 -+userPassword: password100 -+mail: uid100 -+uidnumber: 100 -+gidnumber: 100 -+homeDirectory: /home/uid100 -+ -+dn: cn=user101,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user101 -+sn: user101 -+uid: uid101 -+givenname: givenname101 -+description: description101 -+userPassword: password101 -+mail: uid101 -+uidnumber: 101 -+gidnumber: 101 -+homeDirectory: /home/uid101 -+ -+dn: cn=user102,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user102 -+sn: user102 -+uid: uid102 -+givenname: givenname102 -+description: description102 -+userPassword: password102 -+mail: uid102 -+uidnumber: 102 -+gidnumber: 102 -+homeDirectory: /home/uid102 -+ -+dn: cn=user103,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user103 -+sn: user103 -+uid: uid103 -+givenname: givenname103 -+description: description103 -+userPassword: password103 -+mail: uid103 -+uidnumber: 103 -+gidnumber: 103 -+homeDirectory: /home/uid103 -+ -+dn: cn=user104,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user104 -+sn: user104 -+uid: uid104 -+givenname: givenname104 -+description: description104 -+userPassword: password104 -+mail: uid104 -+uidnumber: 104 -+gidnumber: 104 -+homeDirectory: /home/uid104 -+ -+dn: cn=user105,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user105 -+sn: user105 -+uid: uid105 -+givenname: givenname105 -+description: description105 -+userPassword: password105 -+mail: uid105 -+uidnumber: 105 -+gidnumber: 105 -+homeDirectory: /home/uid105 -+ -+dn: cn=user106,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user106 -+sn: user106 -+uid: uid106 -+givenname: givenname106 -+description: description106 -+userPassword: password106 -+mail: uid106 -+uidnumber: 106 -+gidnumber: 106 -+homeDirectory: /home/uid106 -+ -+dn: cn=user107,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user107 -+sn: user107 -+uid: uid107 -+givenname: givenname107 -+description: description107 -+userPassword: password107 -+mail: uid107 -+uidnumber: 107 -+gidnumber: 107 -+homeDirectory: /home/uid107 -+ -+dn: cn=user108,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user108 -+sn: user108 -+uid: uid108 -+givenname: givenname108 -+description: description108 -+userPassword: password108 -+mail: uid108 -+uidnumber: 108 -+gidnumber: 108 -+homeDirectory: /home/uid108 -+ -+dn: cn=user109,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user109 -+sn: user109 -+uid: uid109 -+givenname: givenname109 -+description: description109 -+userPassword: password109 -+mail: uid109 -+uidnumber: 109 -+gidnumber: 109 -+homeDirectory: /home/uid109 -+ -+dn: cn=user110,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user110 -+sn: user110 -+uid: uid110 -+givenname: givenname110 -+description: description110 -+userPassword: password110 -+mail: uid110 -+uidnumber: 110 -+gidnumber: 110 -+homeDirectory: /home/uid110 -+ -+dn: cn=user111,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user111 -+sn: user111 -+uid: uid111 -+givenname: givenname111 -+description: description111 -+userPassword: password111 -+mail: uid111 -+uidnumber: 111 -+gidnumber: 111 -+homeDirectory: /home/uid111 -+ -+dn: cn=user112,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user112 -+sn: user112 -+uid: uid112 -+givenname: givenname112 -+description: description112 -+userPassword: password112 -+mail: uid112 -+uidnumber: 112 -+gidnumber: 112 -+homeDirectory: /home/uid112 -+ -+dn: cn=user113,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user113 -+sn: user113 -+uid: uid113 -+givenname: givenname113 -+description: description113 -+userPassword: password113 -+mail: uid113 -+uidnumber: 113 -+gidnumber: 113 -+homeDirectory: /home/uid113 -+ -+dn: cn=user114,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user114 -+sn: user114 -+uid: uid114 -+givenname: givenname114 -+description: description114 -+userPassword: password114 -+mail: uid114 -+uidnumber: 114 -+gidnumber: 114 -+homeDirectory: /home/uid114 -+ -+dn: cn=user115,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user115 -+sn: user115 -+uid: uid115 -+givenname: givenname115 -+description: description115 -+userPassword: password115 -+mail: uid115 -+uidnumber: 115 -+gidnumber: 115 -+homeDirectory: /home/uid115 -+ -+dn: cn=user116,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user116 -+sn: user116 -+uid: uid116 -+givenname: givenname116 -+description: description116 -+userPassword: password116 -+mail: uid116 -+uidnumber: 116 -+gidnumber: 116 -+homeDirectory: /home/uid116 -+ -+dn: cn=user117,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user117 -+sn: user117 -+uid: uid117 -+givenname: givenname117 -+description: description117 -+userPassword: password117 -+mail: uid117 -+uidnumber: 117 -+gidnumber: 117 -+homeDirectory: /home/uid117 -+ -+dn: cn=user118,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user118 -+sn: user118 -+uid: uid118 -+givenname: givenname118 -+description: description118 -+userPassword: password118 -+mail: uid118 -+uidnumber: 118 -+gidnumber: 118 -+homeDirectory: /home/uid118 -+ -+dn: cn=user119,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user119 -+sn: user119 -+uid: uid119 -+givenname: givenname119 -+description: description119 -+userPassword: password119 -+mail: uid119 -+uidnumber: 119 -+gidnumber: 119 -+homeDirectory: /home/uid119 -+ -+dn: cn=user120,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user120 -+sn: user120 -+uid: uid120 -+givenname: givenname120 -+description: description120 -+userPassword: password120 -+mail: uid120 -+uidnumber: 120 -+gidnumber: 120 -+homeDirectory: /home/uid120 -+ -+dn: cn=user121,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user121 -+sn: user121 -+uid: uid121 -+givenname: givenname121 -+description: description121 -+userPassword: password121 -+mail: uid121 -+uidnumber: 121 -+gidnumber: 121 -+homeDirectory: /home/uid121 -+ -+dn: cn=user122,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user122 -+sn: user122 -+uid: uid122 -+givenname: givenname122 -+description: description122 -+userPassword: password122 -+mail: uid122 -+uidnumber: 122 -+gidnumber: 122 -+homeDirectory: /home/uid122 -+ -+dn: cn=user123,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user123 -+sn: user123 -+uid: uid123 -+givenname: givenname123 -+description: description123 -+userPassword: password123 -+mail: uid123 -+uidnumber: 123 -+gidnumber: 123 -+homeDirectory: /home/uid123 -+ -+dn: cn=user124,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user124 -+sn: user124 -+uid: uid124 -+givenname: givenname124 -+description: description124 -+userPassword: password124 -+mail: uid124 -+uidnumber: 124 -+gidnumber: 124 -+homeDirectory: /home/uid124 -+ -+dn: cn=user125,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user125 -+sn: user125 -+uid: uid125 -+givenname: givenname125 -+description: description125 -+userPassword: password125 -+mail: uid125 -+uidnumber: 125 -+gidnumber: 125 -+homeDirectory: /home/uid125 -+ -+dn: cn=user126,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user126 -+sn: user126 -+uid: uid126 -+givenname: givenname126 -+description: description126 -+userPassword: password126 -+mail: uid126 -+uidnumber: 126 -+gidnumber: 126 -+homeDirectory: /home/uid126 -+ -+dn: cn=user127,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user127 -+sn: user127 -+uid: uid127 -+givenname: givenname127 -+description: description127 -+userPassword: password127 -+mail: uid127 -+uidnumber: 127 -+gidnumber: 127 -+homeDirectory: /home/uid127 -+ -+dn: cn=user128,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user128 -+sn: user128 -+uid: uid128 -+givenname: givenname128 -+description: description128 -+userPassword: password128 -+mail: uid128 -+uidnumber: 128 -+gidnumber: 128 -+homeDirectory: /home/uid128 -+ -+dn: cn=user129,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user129 -+sn: user129 -+uid: uid129 -+givenname: givenname129 -+description: description129 -+userPassword: password129 -+mail: uid129 -+uidnumber: 129 -+gidnumber: 129 -+homeDirectory: /home/uid129 -+ -+dn: cn=user130,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user130 -+sn: user130 -+uid: uid130 -+givenname: givenname130 -+description: description130 -+userPassword: password130 -+mail: uid130 -+uidnumber: 130 -+gidnumber: 130 -+homeDirectory: /home/uid130 -+ -+dn: cn=user131,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user131 -+sn: user131 -+uid: uid131 -+givenname: givenname131 -+description: description131 -+userPassword: password131 -+mail: uid131 -+uidnumber: 131 -+gidnumber: 131 -+homeDirectory: /home/uid131 -+ -+dn: cn=user132,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user132 -+sn: user132 -+uid: uid132 -+givenname: givenname132 -+description: description132 -+userPassword: password132 -+mail: uid132 -+uidnumber: 132 -+gidnumber: 132 -+homeDirectory: /home/uid132 -+ -+dn: cn=user133,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user133 -+sn: user133 -+uid: uid133 -+givenname: givenname133 -+description: description133 -+userPassword: password133 -+mail: uid133 -+uidnumber: 133 -+gidnumber: 133 -+homeDirectory: /home/uid133 -+ -+dn: cn=user134,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user134 -+sn: user134 -+uid: uid134 -+givenname: givenname134 -+description: description134 -+userPassword: password134 -+mail: uid134 -+uidnumber: 134 -+gidnumber: 134 -+homeDirectory: /home/uid134 -+ -+dn: cn=user135,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user135 -+sn: user135 -+uid: uid135 -+givenname: givenname135 -+description: description135 -+userPassword: password135 -+mail: uid135 -+uidnumber: 135 -+gidnumber: 135 -+homeDirectory: /home/uid135 -+ -+dn: cn=user136,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user136 -+sn: user136 -+uid: uid136 -+givenname: givenname136 -+description: description136 -+userPassword: password136 -+mail: uid136 -+uidnumber: 136 -+gidnumber: 136 -+homeDirectory: /home/uid136 -+ -+dn: cn=user137,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user137 -+sn: user137 -+uid: uid137 -+givenname: givenname137 -+description: description137 -+userPassword: password137 -+mail: uid137 -+uidnumber: 137 -+gidnumber: 137 -+homeDirectory: /home/uid137 -+ -+dn: cn=user138,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user138 -+sn: user138 -+uid: uid138 -+givenname: givenname138 -+description: description138 -+userPassword: password138 -+mail: uid138 -+uidnumber: 138 -+gidnumber: 138 -+homeDirectory: /home/uid138 -+ -+dn: cn=user139,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user139 -+sn: user139 -+uid: uid139 -+givenname: givenname139 -+description: description139 -+userPassword: password139 -+mail: uid139 -+uidnumber: 139 -+gidnumber: 139 -+homeDirectory: /home/uid139 -+ -+dn: cn=user140,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user140 -+sn: user140 -+uid: uid140 -+givenname: givenname140 -+description: description140 -+userPassword: password140 -+mail: uid140 -+uidnumber: 140 -+gidnumber: 140 -+homeDirectory: /home/uid140 -+ -+dn: cn=user141,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user141 -+sn: user141 -+uid: uid141 -+givenname: givenname141 -+description: description141 -+userPassword: password141 -+mail: uid141 -+uidnumber: 141 -+gidnumber: 141 -+homeDirectory: /home/uid141 -+ -+dn: cn=user142,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user142 -+sn: user142 -+uid: uid142 -+givenname: givenname142 -+description: description142 -+userPassword: password142 -+mail: uid142 -+uidnumber: 142 -+gidnumber: 142 -+homeDirectory: /home/uid142 -+ -+dn: cn=user143,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user143 -+sn: user143 -+uid: uid143 -+givenname: givenname143 -+description: description143 -+userPassword: password143 -+mail: uid143 -+uidnumber: 143 -+gidnumber: 143 -+homeDirectory: /home/uid143 -+ -+dn: cn=user144,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user144 -+sn: user144 -+uid: uid144 -+givenname: givenname144 -+description: description144 -+userPassword: password144 -+mail: uid144 -+uidnumber: 144 -+gidnumber: 144 -+homeDirectory: /home/uid144 -+ -+dn: cn=user145,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user145 -+sn: user145 -+uid: uid145 -+givenname: givenname145 -+description: description145 -+userPassword: password145 -+mail: uid145 -+uidnumber: 145 -+gidnumber: 145 -+homeDirectory: /home/uid145 -+ -+dn: cn=user146,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user146 -+sn: user146 -+uid: uid146 -+givenname: givenname146 -+description: description146 -+userPassword: password146 -+mail: uid146 -+uidnumber: 146 -+gidnumber: 146 -+homeDirectory: /home/uid146 -+ -+dn: cn=user147,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user147 -+sn: user147 -+uid: uid147 -+givenname: givenname147 -+description: description147 -+userPassword: password147 -+mail: uid147 -+uidnumber: 147 -+gidnumber: 147 -+homeDirectory: /home/uid147 -+ -+dn: cn=user148,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user148 -+sn: user148 -+uid: uid148 -+givenname: givenname148 -+description: description148 -+userPassword: password148 -+mail: uid148 -+uidnumber: 148 -+gidnumber: 148 -+homeDirectory: /home/uid148 -+ -+dn: cn=user149,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user149 -+sn: user149 -+uid: uid149 -+givenname: givenname149 -+description: description149 -+userPassword: password149 -+mail: uid149 -+uidnumber: 149 -+gidnumber: 149 -+homeDirectory: /home/uid149 -+ -+dn: cn=user150,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user150 -+sn: user150 -+uid: uid150 -+givenname: givenname150 -+description: description150 -+userPassword: password150 -+mail: uid150 -+uidnumber: 150 -+gidnumber: 150 -+homeDirectory: /home/uid150 -+ -+dn: cn=user151,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user151 -+sn: user151 -+uid: uid151 -+givenname: givenname151 -+description: description151 -+userPassword: password151 -+mail: uid151 -+uidnumber: 151 -+gidnumber: 151 -+homeDirectory: /home/uid151 -+ -+dn: cn=user152,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user152 -+sn: user152 -+uid: uid152 -+givenname: givenname152 -+description: description152 -+userPassword: password152 -+mail: uid152 -+uidnumber: 152 -+gidnumber: 152 -+homeDirectory: /home/uid152 -+ -+dn: cn=user153,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user153 -+sn: user153 -+uid: uid153 -+givenname: givenname153 -+description: description153 -+userPassword: password153 -+mail: uid153 -+uidnumber: 153 -+gidnumber: 153 -+homeDirectory: /home/uid153 -+ -+dn: cn=user154,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user154 -+sn: user154 -+uid: uid154 -+givenname: givenname154 -+description: description154 -+userPassword: password154 -+mail: uid154 -+uidnumber: 154 -+gidnumber: 154 -+homeDirectory: /home/uid154 -+ -+dn: cn=user155,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user155 -+sn: user155 -+uid: uid155 -+givenname: givenname155 -+description: description155 -+userPassword: password155 -+mail: uid155 -+uidnumber: 155 -+gidnumber: 155 -+homeDirectory: /home/uid155 -+ -+dn: cn=user156,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user156 -+sn: user156 -+uid: uid156 -+givenname: givenname156 -+description: description156 -+userPassword: password156 -+mail: uid156 -+uidnumber: 156 -+gidnumber: 156 -+homeDirectory: /home/uid156 -+ -+dn: cn=user157,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user157 -+sn: user157 -+uid: uid157 -+givenname: givenname157 -+description: description157 -+userPassword: password157 -+mail: uid157 -+uidnumber: 157 -+gidnumber: 157 -+homeDirectory: /home/uid157 -+ -+dn: cn=user158,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user158 -+sn: user158 -+uid: uid158 -+givenname: givenname158 -+description: description158 -+userPassword: password158 -+mail: uid158 -+uidnumber: 158 -+gidnumber: 158 -+homeDirectory: /home/uid158 -+ -+dn: cn=user159,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user159 -+sn: user159 -+uid: uid159 -+givenname: givenname159 -+description: description159 -+userPassword: password159 -+mail: uid159 -+uidnumber: 159 -+gidnumber: 159 -+homeDirectory: /home/uid159 -+ -+dn: cn=user160,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user160 -+sn: user160 -+uid: uid160 -+givenname: givenname160 -+description: description160 -+userPassword: password160 -+mail: uid160 -+uidnumber: 160 -+gidnumber: 160 -+homeDirectory: /home/uid160 -+ -+dn: cn=user161,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user161 -+sn: user161 -+uid: uid161 -+givenname: givenname161 -+description: description161 -+userPassword: password161 -+mail: uid161 -+uidnumber: 161 -+gidnumber: 161 -+homeDirectory: /home/uid161 -+ -+dn: cn=user162,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user162 -+sn: user162 -+uid: uid162 -+givenname: givenname162 -+description: description162 -+userPassword: password162 -+mail: uid162 -+uidnumber: 162 -+gidnumber: 162 -+homeDirectory: /home/uid162 -+ -+dn: cn=user163,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user163 -+sn: user163 -+uid: uid163 -+givenname: givenname163 -+description: description163 -+userPassword: password163 -+mail: uid163 -+uidnumber: 163 -+gidnumber: 163 -+homeDirectory: /home/uid163 -+ -+dn: cn=user164,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user164 -+sn: user164 -+uid: uid164 -+givenname: givenname164 -+description: description164 -+userPassword: password164 -+mail: uid164 -+uidnumber: 164 -+gidnumber: 164 -+homeDirectory: /home/uid164 -+ -+dn: cn=user165,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user165 -+sn: user165 -+uid: uid165 -+givenname: givenname165 -+description: description165 -+userPassword: password165 -+mail: uid165 -+uidnumber: 165 -+gidnumber: 165 -+homeDirectory: /home/uid165 -+ -+dn: cn=user166,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user166 -+sn: user166 -+uid: uid166 -+givenname: givenname166 -+description: description166 -+userPassword: password166 -+mail: uid166 -+uidnumber: 166 -+gidnumber: 166 -+homeDirectory: /home/uid166 -+ -+dn: cn=user167,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user167 -+sn: user167 -+uid: uid167 -+givenname: givenname167 -+description: description167 -+userPassword: password167 -+mail: uid167 -+uidnumber: 167 -+gidnumber: 167 -+homeDirectory: /home/uid167 -+ -+dn: cn=user168,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user168 -+sn: user168 -+uid: uid168 -+givenname: givenname168 -+description: description168 -+userPassword: password168 -+mail: uid168 -+uidnumber: 168 -+gidnumber: 168 -+homeDirectory: /home/uid168 -+ -+dn: cn=user169,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user169 -+sn: user169 -+uid: uid169 -+givenname: givenname169 -+description: description169 -+userPassword: password169 -+mail: uid169 -+uidnumber: 169 -+gidnumber: 169 -+homeDirectory: /home/uid169 -+ -+dn: cn=user170,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user170 -+sn: user170 -+uid: uid170 -+givenname: givenname170 -+description: description170 -+userPassword: password170 -+mail: uid170 -+uidnumber: 170 -+gidnumber: 170 -+homeDirectory: /home/uid170 -+ -+dn: cn=user171,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user171 -+sn: user171 -+uid: uid171 -+givenname: givenname171 -+description: description171 -+userPassword: password171 -+mail: uid171 -+uidnumber: 171 -+gidnumber: 171 -+homeDirectory: /home/uid171 -+ -+dn: cn=user172,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user172 -+sn: user172 -+uid: uid172 -+givenname: givenname172 -+description: description172 -+userPassword: password172 -+mail: uid172 -+uidnumber: 172 -+gidnumber: 172 -+homeDirectory: /home/uid172 -+ -+dn: cn=user173,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user173 -+sn: user173 -+uid: uid173 -+givenname: givenname173 -+description: description173 -+userPassword: password173 -+mail: uid173 -+uidnumber: 173 -+gidnumber: 173 -+homeDirectory: /home/uid173 -+ -+dn: cn=user174,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user174 -+sn: user174 -+uid: uid174 -+givenname: givenname174 -+description: description174 -+userPassword: password174 -+mail: uid174 -+uidnumber: 174 -+gidnumber: 174 -+homeDirectory: /home/uid174 -+ -+dn: cn=user175,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user175 -+sn: user175 -+uid: uid175 -+givenname: givenname175 -+description: description175 -+userPassword: password175 -+mail: uid175 -+uidnumber: 175 -+gidnumber: 175 -+homeDirectory: /home/uid175 -+ -+dn: cn=user176,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user176 -+sn: user176 -+uid: uid176 -+givenname: givenname176 -+description: description176 -+userPassword: password176 -+mail: uid176 -+uidnumber: 176 -+gidnumber: 176 -+homeDirectory: /home/uid176 -+ -+dn: cn=user177,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user177 -+sn: user177 -+uid: uid177 -+givenname: givenname177 -+description: description177 -+userPassword: password177 -+mail: uid177 -+uidnumber: 177 -+gidnumber: 177 -+homeDirectory: /home/uid177 -+ -+dn: cn=user178,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user178 -+sn: user178 -+uid: uid178 -+givenname: givenname178 -+description: description178 -+userPassword: password178 -+mail: uid178 -+uidnumber: 178 -+gidnumber: 178 -+homeDirectory: /home/uid178 -+ -+dn: cn=user179,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user179 -+sn: user179 -+uid: uid179 -+givenname: givenname179 -+description: description179 -+userPassword: password179 -+mail: uid179 -+uidnumber: 179 -+gidnumber: 179 -+homeDirectory: /home/uid179 -+ -+dn: cn=user180,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user180 -+sn: user180 -+uid: uid180 -+givenname: givenname180 -+description: description180 -+userPassword: password180 -+mail: uid180 -+uidnumber: 180 -+gidnumber: 180 -+homeDirectory: /home/uid180 -+ -+dn: cn=user181,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user181 -+sn: user181 -+uid: uid181 -+givenname: givenname181 -+description: description181 -+userPassword: password181 -+mail: uid181 -+uidnumber: 181 -+gidnumber: 181 -+homeDirectory: /home/uid181 -+ -+dn: cn=user182,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user182 -+sn: user182 -+uid: uid182 -+givenname: givenname182 -+description: description182 -+userPassword: password182 -+mail: uid182 -+uidnumber: 182 -+gidnumber: 182 -+homeDirectory: /home/uid182 -+ -+dn: cn=user183,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user183 -+sn: user183 -+uid: uid183 -+givenname: givenname183 -+description: description183 -+userPassword: password183 -+mail: uid183 -+uidnumber: 183 -+gidnumber: 183 -+homeDirectory: /home/uid183 -+ -+dn: cn=user184,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user184 -+sn: user184 -+uid: uid184 -+givenname: givenname184 -+description: description184 -+userPassword: password184 -+mail: uid184 -+uidnumber: 184 -+gidnumber: 184 -+homeDirectory: /home/uid184 -+ -+dn: cn=user185,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user185 -+sn: user185 -+uid: uid185 -+givenname: givenname185 -+description: description185 -+userPassword: password185 -+mail: uid185 -+uidnumber: 185 -+gidnumber: 185 -+homeDirectory: /home/uid185 -+ -+dn: cn=user186,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user186 -+sn: user186 -+uid: uid186 -+givenname: givenname186 -+description: description186 -+userPassword: password186 -+mail: uid186 -+uidnumber: 186 -+gidnumber: 186 -+homeDirectory: /home/uid186 -+ -+dn: cn=user187,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user187 -+sn: user187 -+uid: uid187 -+givenname: givenname187 -+description: description187 -+userPassword: password187 -+mail: uid187 -+uidnumber: 187 -+gidnumber: 187 -+homeDirectory: /home/uid187 -+ -+dn: cn=user188,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user188 -+sn: user188 -+uid: uid188 -+givenname: givenname188 -+description: description188 -+userPassword: password188 -+mail: uid188 -+uidnumber: 188 -+gidnumber: 188 -+homeDirectory: /home/uid188 -+ -+dn: cn=user189,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user189 -+sn: user189 -+uid: uid189 -+givenname: givenname189 -+description: description189 -+userPassword: password189 -+mail: uid189 -+uidnumber: 189 -+gidnumber: 189 -+homeDirectory: /home/uid189 -+ -+dn: cn=user190,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user190 -+sn: user190 -+uid: uid190 -+givenname: givenname190 -+description: description190 -+userPassword: password190 -+mail: uid190 -+uidnumber: 190 -+gidnumber: 190 -+homeDirectory: /home/uid190 -+ -+dn: cn=user191,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user191 -+sn: user191 -+uid: uid191 -+givenname: givenname191 -+description: description191 -+userPassword: password191 -+mail: uid191 -+uidnumber: 191 -+gidnumber: 191 -+homeDirectory: /home/uid191 -+ -+dn: cn=user192,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user192 -+sn: user192 -+uid: uid192 -+givenname: givenname192 -+description: description192 -+userPassword: password192 -+mail: uid192 -+uidnumber: 192 -+gidnumber: 192 -+homeDirectory: /home/uid192 -+ -+dn: cn=user193,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user193 -+sn: user193 -+uid: uid193 -+givenname: givenname193 -+description: description193 -+userPassword: password193 -+mail: uid193 -+uidnumber: 193 -+gidnumber: 193 -+homeDirectory: /home/uid193 -+ -+dn: cn=user194,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user194 -+sn: user194 -+uid: uid194 -+givenname: givenname194 -+description: description194 -+userPassword: password194 -+mail: uid194 -+uidnumber: 194 -+gidnumber: 194 -+homeDirectory: /home/uid194 -+ -+dn: cn=user195,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user195 -+sn: user195 -+uid: uid195 -+givenname: givenname195 -+description: description195 -+userPassword: password195 -+mail: uid195 -+uidnumber: 195 -+gidnumber: 195 -+homeDirectory: /home/uid195 -+ -+dn: cn=user196,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user196 -+sn: user196 -+uid: uid196 -+givenname: givenname196 -+description: description196 -+userPassword: password196 -+mail: uid196 -+uidnumber: 196 -+gidnumber: 196 -+homeDirectory: /home/uid196 -+ -+dn: cn=user197,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user197 -+sn: user197 -+uid: uid197 -+givenname: givenname197 -+description: description197 -+userPassword: password197 -+mail: uid197 -+uidnumber: 197 -+gidnumber: 197 -+homeDirectory: /home/uid197 -+ -+dn: cn=user198,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user198 -+sn: user198 -+uid: uid198 -+givenname: givenname198 -+description: description198 -+userPassword: password198 -+mail: uid198 -+uidnumber: 198 -+gidnumber: 198 -+homeDirectory: /home/uid198 -+ -+dn: cn=user199,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user199 -+sn: user199 -+uid: uid199 -+givenname: givenname199 -+description: description199 -+userPassword: password199 -+mail: uid199 -+uidnumber: 199 -+gidnumber: 199 -+homeDirectory: /home/uid199 -+ -+dn: cn=user200,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user200 -+sn: user200 -+uid: uid200 -+givenname: givenname200 -+description: description200 -+userPassword: password200 -+mail: uid200 -+uidnumber: 200 -+gidnumber: 200 -+homeDirectory: /home/uid200 -+ -+dn: cn=user201,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user201 -+sn: user201 -+uid: uid201 -+givenname: givenname201 -+description: description201 -+userPassword: password201 -+mail: uid201 -+uidnumber: 201 -+gidnumber: 201 -+homeDirectory: /home/uid201 -+ -+dn: cn=user202,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user202 -+sn: user202 -+uid: uid202 -+givenname: givenname202 -+description: description202 -+userPassword: password202 -+mail: uid202 -+uidnumber: 202 -+gidnumber: 202 -+homeDirectory: /home/uid202 -+ -+dn: cn=user203,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user203 -+sn: user203 -+uid: uid203 -+givenname: givenname203 -+description: description203 -+userPassword: password203 -+mail: uid203 -+uidnumber: 203 -+gidnumber: 203 -+homeDirectory: /home/uid203 -+ -+dn: cn=user204,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user204 -+sn: user204 -+uid: uid204 -+givenname: givenname204 -+description: description204 -+userPassword: password204 -+mail: uid204 -+uidnumber: 204 -+gidnumber: 204 -+homeDirectory: /home/uid204 -+ -+dn: cn=user205,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user205 -+sn: user205 -+uid: uid205 -+givenname: givenname205 -+description: description205 -+userPassword: password205 -+mail: uid205 -+uidnumber: 205 -+gidnumber: 205 -+homeDirectory: /home/uid205 -+ -+dn: cn=user206,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user206 -+sn: user206 -+uid: uid206 -+givenname: givenname206 -+description: description206 -+userPassword: password206 -+mail: uid206 -+uidnumber: 206 -+gidnumber: 206 -+homeDirectory: /home/uid206 -+ -+dn: cn=user207,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user207 -+sn: user207 -+uid: uid207 -+givenname: givenname207 -+description: description207 -+userPassword: password207 -+mail: uid207 -+uidnumber: 207 -+gidnumber: 207 -+homeDirectory: /home/uid207 -+ -+dn: cn=user208,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user208 -+sn: user208 -+uid: uid208 -+givenname: givenname208 -+description: description208 -+userPassword: password208 -+mail: uid208 -+uidnumber: 208 -+gidnumber: 208 -+homeDirectory: /home/uid208 -+ -+dn: cn=user209,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user209 -+sn: user209 -+uid: uid209 -+givenname: givenname209 -+description: description209 -+userPassword: password209 -+mail: uid209 -+uidnumber: 209 -+gidnumber: 209 -+homeDirectory: /home/uid209 -+ -+dn: cn=user210,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user210 -+sn: user210 -+uid: uid210 -+givenname: givenname210 -+description: description210 -+userPassword: password210 -+mail: uid210 -+uidnumber: 210 -+gidnumber: 210 -+homeDirectory: /home/uid210 -+ -+dn: cn=user211,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user211 -+sn: user211 -+uid: uid211 -+givenname: givenname211 -+description: description211 -+userPassword: password211 -+mail: uid211 -+uidnumber: 211 -+gidnumber: 211 -+homeDirectory: /home/uid211 -+ -+dn: cn=user212,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user212 -+sn: user212 -+uid: uid212 -+givenname: givenname212 -+description: description212 -+userPassword: password212 -+mail: uid212 -+uidnumber: 212 -+gidnumber: 212 -+homeDirectory: /home/uid212 -+ -+dn: cn=user213,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user213 -+sn: user213 -+uid: uid213 -+givenname: givenname213 -+description: description213 -+userPassword: password213 -+mail: uid213 -+uidnumber: 213 -+gidnumber: 213 -+homeDirectory: /home/uid213 -+ -+dn: cn=user214,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user214 -+sn: user214 -+uid: uid214 -+givenname: givenname214 -+description: description214 -+userPassword: password214 -+mail: uid214 -+uidnumber: 214 -+gidnumber: 214 -+homeDirectory: /home/uid214 -+ -+dn: cn=user215,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user215 -+sn: user215 -+uid: uid215 -+givenname: givenname215 -+description: description215 -+userPassword: password215 -+mail: uid215 -+uidnumber: 215 -+gidnumber: 215 -+homeDirectory: /home/uid215 -+ -+dn: cn=user216,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user216 -+sn: user216 -+uid: uid216 -+givenname: givenname216 -+description: description216 -+userPassword: password216 -+mail: uid216 -+uidnumber: 216 -+gidnumber: 216 -+homeDirectory: /home/uid216 -+ -+dn: cn=user217,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user217 -+sn: user217 -+uid: uid217 -+givenname: givenname217 -+description: description217 -+userPassword: password217 -+mail: uid217 -+uidnumber: 217 -+gidnumber: 217 -+homeDirectory: /home/uid217 -+ -+dn: cn=user218,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user218 -+sn: user218 -+uid: uid218 -+givenname: givenname218 -+description: description218 -+userPassword: password218 -+mail: uid218 -+uidnumber: 218 -+gidnumber: 218 -+homeDirectory: /home/uid218 -+ -+dn: cn=user219,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user219 -+sn: user219 -+uid: uid219 -+givenname: givenname219 -+description: description219 -+userPassword: password219 -+mail: uid219 -+uidnumber: 219 -+gidnumber: 219 -+homeDirectory: /home/uid219 -+ -+dn: cn=user220,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user220 -+sn: user220 -+uid: uid220 -+givenname: givenname220 -+description: description220 -+userPassword: password220 -+mail: uid220 -+uidnumber: 220 -+gidnumber: 220 -+homeDirectory: /home/uid220 -+ -+dn: cn=user221,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user221 -+sn: user221 -+uid: uid221 -+givenname: givenname221 -+description: description221 -+userPassword: password221 -+mail: uid221 -+uidnumber: 221 -+gidnumber: 221 -+homeDirectory: /home/uid221 -+ -+dn: cn=user222,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user222 -+sn: user222 -+uid: uid222 -+givenname: givenname222 -+description: description222 -+userPassword: password222 -+mail: uid222 -+uidnumber: 222 -+gidnumber: 222 -+homeDirectory: /home/uid222 -+ -+dn: cn=user223,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user223 -+sn: user223 -+uid: uid223 -+givenname: givenname223 -+description: description223 -+userPassword: password223 -+mail: uid223 -+uidnumber: 223 -+gidnumber: 223 -+homeDirectory: /home/uid223 -+ -+dn: cn=user224,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user224 -+sn: user224 -+uid: uid224 -+givenname: givenname224 -+description: description224 -+userPassword: password224 -+mail: uid224 -+uidnumber: 224 -+gidnumber: 224 -+homeDirectory: /home/uid224 -+ -+dn: cn=user225,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user225 -+sn: user225 -+uid: uid225 -+givenname: givenname225 -+description: description225 -+userPassword: password225 -+mail: uid225 -+uidnumber: 225 -+gidnumber: 225 -+homeDirectory: /home/uid225 -+ -+dn: cn=user226,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user226 -+sn: user226 -+uid: uid226 -+givenname: givenname226 -+description: description226 -+userPassword: password226 -+mail: uid226 -+uidnumber: 226 -+gidnumber: 226 -+homeDirectory: /home/uid226 -+ -+dn: cn=user227,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user227 -+sn: user227 -+uid: uid227 -+givenname: givenname227 -+description: description227 -+userPassword: password227 -+mail: uid227 -+uidnumber: 227 -+gidnumber: 227 -+homeDirectory: /home/uid227 -+ -+dn: cn=user228,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user228 -+sn: user228 -+uid: uid228 -+givenname: givenname228 -+description: description228 -+userPassword: password228 -+mail: uid228 -+uidnumber: 228 -+gidnumber: 228 -+homeDirectory: /home/uid228 -+ -+dn: cn=user229,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user229 -+sn: user229 -+uid: uid229 -+givenname: givenname229 -+description: description229 -+userPassword: password229 -+mail: uid229 -+uidnumber: 229 -+gidnumber: 229 -+homeDirectory: /home/uid229 -+ -+dn: cn=user230,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user230 -+sn: user230 -+uid: uid230 -+givenname: givenname230 -+description: description230 -+userPassword: password230 -+mail: uid230 -+uidnumber: 230 -+gidnumber: 230 -+homeDirectory: /home/uid230 -+ -+dn: cn=user231,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user231 -+sn: user231 -+uid: uid231 -+givenname: givenname231 -+description: description231 -+userPassword: password231 -+mail: uid231 -+uidnumber: 231 -+gidnumber: 231 -+homeDirectory: /home/uid231 -+ -+dn: cn=user232,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user232 -+sn: user232 -+uid: uid232 -+givenname: givenname232 -+description: description232 -+userPassword: password232 -+mail: uid232 -+uidnumber: 232 -+gidnumber: 232 -+homeDirectory: /home/uid232 -+ -+dn: cn=user233,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user233 -+sn: user233 -+uid: uid233 -+givenname: givenname233 -+description: description233 -+userPassword: password233 -+mail: uid233 -+uidnumber: 233 -+gidnumber: 233 -+homeDirectory: /home/uid233 -+ -+dn: cn=user234,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user234 -+sn: user234 -+uid: uid234 -+givenname: givenname234 -+description: description234 -+userPassword: password234 -+mail: uid234 -+uidnumber: 234 -+gidnumber: 234 -+homeDirectory: /home/uid234 -+ -+dn: cn=user235,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user235 -+sn: user235 -+uid: uid235 -+givenname: givenname235 -+description: description235 -+userPassword: password235 -+mail: uid235 -+uidnumber: 235 -+gidnumber: 235 -+homeDirectory: /home/uid235 -+ -+dn: cn=user236,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user236 -+sn: user236 -+uid: uid236 -+givenname: givenname236 -+description: description236 -+userPassword: password236 -+mail: uid236 -+uidnumber: 236 -+gidnumber: 236 -+homeDirectory: /home/uid236 -+ -+dn: cn=user237,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user237 -+sn: user237 -+uid: uid237 -+givenname: givenname237 -+description: description237 -+userPassword: password237 -+mail: uid237 -+uidnumber: 237 -+gidnumber: 237 -+homeDirectory: /home/uid237 -+ -+dn: cn=user238,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user238 -+sn: user238 -+uid: uid238 -+givenname: givenname238 -+description: description238 -+userPassword: password238 -+mail: uid238 -+uidnumber: 238 -+gidnumber: 238 -+homeDirectory: /home/uid238 -+ -+dn: cn=user239,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user239 -+sn: user239 -+uid: uid239 -+givenname: givenname239 -+description: description239 -+userPassword: password239 -+mail: uid239 -+uidnumber: 239 -+gidnumber: 239 -+homeDirectory: /home/uid239 -+ -+dn: cn=user240,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user240 -+sn: user240 -+uid: uid240 -+givenname: givenname240 -+description: description240 -+userPassword: password240 -+mail: uid240 -+uidnumber: 240 -+gidnumber: 240 -+homeDirectory: /home/uid240 -+ -+dn: cn=user241,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user241 -+sn: user241 -+uid: uid241 -+givenname: givenname241 -+description: description241 -+userPassword: password241 -+mail: uid241 -+uidnumber: 241 -+gidnumber: 241 -+homeDirectory: /home/uid241 -+ -+dn: cn=user242,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user242 -+sn: user242 -+uid: uid242 -+givenname: givenname242 -+description: description242 -+userPassword: password242 -+mail: uid242 -+uidnumber: 242 -+gidnumber: 242 -+homeDirectory: /home/uid242 -+ -+dn: cn=user243,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user243 -+sn: user243 -+uid: uid243 -+givenname: givenname243 -+description: description243 -+userPassword: password243 -+mail: uid243 -+uidnumber: 243 -+gidnumber: 243 -+homeDirectory: /home/uid243 -+ -+dn: cn=user244,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user244 -+sn: user244 -+uid: uid244 -+givenname: givenname244 -+description: description244 -+userPassword: password244 -+mail: uid244 -+uidnumber: 244 -+gidnumber: 244 -+homeDirectory: /home/uid244 -+ -+dn: cn=user245,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user245 -+sn: user245 -+uid: uid245 -+givenname: givenname245 -+description: description245 -+userPassword: password245 -+mail: uid245 -+uidnumber: 245 -+gidnumber: 245 -+homeDirectory: /home/uid245 -+ -+dn: cn=user246,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user246 -+sn: user246 -+uid: uid246 -+givenname: givenname246 -+description: description246 -+userPassword: password246 -+mail: uid246 -+uidnumber: 246 -+gidnumber: 246 -+homeDirectory: /home/uid246 -+ -+dn: cn=user247,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user247 -+sn: user247 -+uid: uid247 -+givenname: givenname247 -+description: description247 -+userPassword: password247 -+mail: uid247 -+uidnumber: 247 -+gidnumber: 247 -+homeDirectory: /home/uid247 -+ -+dn: cn=user248,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user248 -+sn: user248 -+uid: uid248 -+givenname: givenname248 -+description: description248 -+userPassword: password248 -+mail: uid248 -+uidnumber: 248 -+gidnumber: 248 -+homeDirectory: /home/uid248 -+ -+dn: cn=user249,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user249 -+sn: user249 -+uid: uid249 -+givenname: givenname249 -+description: description249 -+userPassword: password249 -+mail: uid249 -+uidnumber: 249 -+gidnumber: 249 -+homeDirectory: /home/uid249 -+ -+dn: cn=user250,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user250 -+sn: user250 -+uid: uid250 -+givenname: givenname250 -+description: description250 -+userPassword: password250 -+mail: uid250 -+uidnumber: 250 -+gidnumber: 250 -+homeDirectory: /home/uid250 -+ -+dn: cn=user251,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user251 -+sn: user251 -+uid: uid251 -+givenname: givenname251 -+description: description251 -+userPassword: password251 -+mail: uid251 -+uidnumber: 251 -+gidnumber: 251 -+homeDirectory: /home/uid251 -+ -+dn: cn=user252,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user252 -+sn: user252 -+uid: uid252 -+givenname: givenname252 -+description: description252 -+userPassword: password252 -+mail: uid252 -+uidnumber: 252 -+gidnumber: 252 -+homeDirectory: /home/uid252 -+ -+dn: cn=user253,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user253 -+sn: user253 -+uid: uid253 -+givenname: givenname253 -+description: description253 -+userPassword: password253 -+mail: uid253 -+uidnumber: 253 -+gidnumber: 253 -+homeDirectory: /home/uid253 -+ -+dn: cn=user254,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user254 -+sn: user254 -+uid: uid254 -+givenname: givenname254 -+description: description254 -+userPassword: password254 -+mail: uid254 -+uidnumber: 254 -+gidnumber: 254 -+homeDirectory: /home/uid254 -+ -+dn: cn=user255,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user255 -+sn: user255 -+uid: uid255 -+givenname: givenname255 -+description: description255 -+userPassword: password255 -+mail: uid255 -+uidnumber: 255 -+gidnumber: 255 -+homeDirectory: /home/uid255 -+ -+dn: cn=user256,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user256 -+sn: user256 -+uid: uid256 -+givenname: givenname256 -+description: description256 -+userPassword: password256 -+mail: uid256 -+uidnumber: 256 -+gidnumber: 256 -+homeDirectory: /home/uid256 -+ -+dn: cn=user257,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user257 -+sn: user257 -+uid: uid257 -+givenname: givenname257 -+description: description257 -+userPassword: password257 -+mail: uid257 -+uidnumber: 257 -+gidnumber: 257 -+homeDirectory: /home/uid257 -+ -+dn: cn=user258,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user258 -+sn: user258 -+uid: uid258 -+givenname: givenname258 -+description: description258 -+userPassword: password258 -+mail: uid258 -+uidnumber: 258 -+gidnumber: 258 -+homeDirectory: /home/uid258 -+ -+dn: cn=user259,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user259 -+sn: user259 -+uid: uid259 -+givenname: givenname259 -+description: description259 -+userPassword: password259 -+mail: uid259 -+uidnumber: 259 -+gidnumber: 259 -+homeDirectory: /home/uid259 -+ -+dn: cn=user260,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user260 -+sn: user260 -+uid: uid260 -+givenname: givenname260 -+description: description260 -+userPassword: password260 -+mail: uid260 -+uidnumber: 260 -+gidnumber: 260 -+homeDirectory: /home/uid260 -+ -+dn: cn=user261,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user261 -+sn: user261 -+uid: uid261 -+givenname: givenname261 -+description: description261 -+userPassword: password261 -+mail: uid261 -+uidnumber: 261 -+gidnumber: 261 -+homeDirectory: /home/uid261 -+ -+dn: cn=user262,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user262 -+sn: user262 -+uid: uid262 -+givenname: givenname262 -+description: description262 -+userPassword: password262 -+mail: uid262 -+uidnumber: 262 -+gidnumber: 262 -+homeDirectory: /home/uid262 -+ -+dn: cn=user263,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user263 -+sn: user263 -+uid: uid263 -+givenname: givenname263 -+description: description263 -+userPassword: password263 -+mail: uid263 -+uidnumber: 263 -+gidnumber: 263 -+homeDirectory: /home/uid263 -+ -+dn: cn=user264,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user264 -+sn: user264 -+uid: uid264 -+givenname: givenname264 -+description: description264 -+userPassword: password264 -+mail: uid264 -+uidnumber: 264 -+gidnumber: 264 -+homeDirectory: /home/uid264 -+ -+dn: cn=user265,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user265 -+sn: user265 -+uid: uid265 -+givenname: givenname265 -+description: description265 -+userPassword: password265 -+mail: uid265 -+uidnumber: 265 -+gidnumber: 265 -+homeDirectory: /home/uid265 -+ -+dn: cn=user266,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user266 -+sn: user266 -+uid: uid266 -+givenname: givenname266 -+description: description266 -+userPassword: password266 -+mail: uid266 -+uidnumber: 266 -+gidnumber: 266 -+homeDirectory: /home/uid266 -+ -+dn: cn=user267,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user267 -+sn: user267 -+uid: uid267 -+givenname: givenname267 -+description: description267 -+userPassword: password267 -+mail: uid267 -+uidnumber: 267 -+gidnumber: 267 -+homeDirectory: /home/uid267 -+ -+dn: cn=user268,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user268 -+sn: user268 -+uid: uid268 -+givenname: givenname268 -+description: description268 -+userPassword: password268 -+mail: uid268 -+uidnumber: 268 -+gidnumber: 268 -+homeDirectory: /home/uid268 -+ -+dn: cn=user269,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user269 -+sn: user269 -+uid: uid269 -+givenname: givenname269 -+description: description269 -+userPassword: password269 -+mail: uid269 -+uidnumber: 269 -+gidnumber: 269 -+homeDirectory: /home/uid269 -+ -+dn: cn=user270,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user270 -+sn: user270 -+uid: uid270 -+givenname: givenname270 -+description: description270 -+userPassword: password270 -+mail: uid270 -+uidnumber: 270 -+gidnumber: 270 -+homeDirectory: /home/uid270 -+ -+dn: cn=user271,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user271 -+sn: user271 -+uid: uid271 -+givenname: givenname271 -+description: description271 -+userPassword: password271 -+mail: uid271 -+uidnumber: 271 -+gidnumber: 271 -+homeDirectory: /home/uid271 -+ -+dn: cn=user272,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user272 -+sn: user272 -+uid: uid272 -+givenname: givenname272 -+description: description272 -+userPassword: password272 -+mail: uid272 -+uidnumber: 272 -+gidnumber: 272 -+homeDirectory: /home/uid272 -+ -+dn: cn=user273,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user273 -+sn: user273 -+uid: uid273 -+givenname: givenname273 -+description: description273 -+userPassword: password273 -+mail: uid273 -+uidnumber: 273 -+gidnumber: 273 -+homeDirectory: /home/uid273 -+ -+dn: cn=user274,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user274 -+sn: user274 -+uid: uid274 -+givenname: givenname274 -+description: description274 -+userPassword: password274 -+mail: uid274 -+uidnumber: 274 -+gidnumber: 274 -+homeDirectory: /home/uid274 -+ -+dn: cn=user275,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user275 -+sn: user275 -+uid: uid275 -+givenname: givenname275 -+description: description275 -+userPassword: password275 -+mail: uid275 -+uidnumber: 275 -+gidnumber: 275 -+homeDirectory: /home/uid275 -+ -+dn: cn=user276,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user276 -+sn: user276 -+uid: uid276 -+givenname: givenname276 -+description: description276 -+userPassword: password276 -+mail: uid276 -+uidnumber: 276 -+gidnumber: 276 -+homeDirectory: /home/uid276 -+ -+dn: cn=user277,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user277 -+sn: user277 -+uid: uid277 -+givenname: givenname277 -+description: description277 -+userPassword: password277 -+mail: uid277 -+uidnumber: 277 -+gidnumber: 277 -+homeDirectory: /home/uid277 -+ -+dn: cn=user278,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user278 -+sn: user278 -+uid: uid278 -+givenname: givenname278 -+description: description278 -+userPassword: password278 -+mail: uid278 -+uidnumber: 278 -+gidnumber: 278 -+homeDirectory: /home/uid278 -+ -+dn: cn=user279,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user279 -+sn: user279 -+uid: uid279 -+givenname: givenname279 -+description: description279 -+userPassword: password279 -+mail: uid279 -+uidnumber: 279 -+gidnumber: 279 -+homeDirectory: /home/uid279 -+ -+dn: cn=user280,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user280 -+sn: user280 -+uid: uid280 -+givenname: givenname280 -+description: description280 -+userPassword: password280 -+mail: uid280 -+uidnumber: 280 -+gidnumber: 280 -+homeDirectory: /home/uid280 -+ -+dn: cn=user281,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user281 -+sn: user281 -+uid: uid281 -+givenname: givenname281 -+description: description281 -+userPassword: password281 -+mail: uid281 -+uidnumber: 281 -+gidnumber: 281 -+homeDirectory: /home/uid281 -+ -+dn: cn=user282,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user282 -+sn: user282 -+uid: uid282 -+givenname: givenname282 -+description: description282 -+userPassword: password282 -+mail: uid282 -+uidnumber: 282 -+gidnumber: 282 -+homeDirectory: /home/uid282 -+ -+dn: cn=user283,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user283 -+sn: user283 -+uid: uid283 -+givenname: givenname283 -+description: description283 -+userPassword: password283 -+mail: uid283 -+uidnumber: 283 -+gidnumber: 283 -+homeDirectory: /home/uid283 -+ -+dn: cn=user284,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user284 -+sn: user284 -+uid: uid284 -+givenname: givenname284 -+description: description284 -+userPassword: password284 -+mail: uid284 -+uidnumber: 284 -+gidnumber: 284 -+homeDirectory: /home/uid284 -+ -+dn: cn=user285,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user285 -+sn: user285 -+uid: uid285 -+givenname: givenname285 -+description: description285 -+userPassword: password285 -+mail: uid285 -+uidnumber: 285 -+gidnumber: 285 -+homeDirectory: /home/uid285 -+ -+dn: cn=user286,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user286 -+sn: user286 -+uid: uid286 -+givenname: givenname286 -+description: description286 -+userPassword: password286 -+mail: uid286 -+uidnumber: 286 -+gidnumber: 286 -+homeDirectory: /home/uid286 -+ -+dn: cn=user287,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user287 -+sn: user287 -+uid: uid287 -+givenname: givenname287 -+description: description287 -+userPassword: password287 -+mail: uid287 -+uidnumber: 287 -+gidnumber: 287 -+homeDirectory: /home/uid287 -+ -+dn: cn=user288,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user288 -+sn: user288 -+uid: uid288 -+givenname: givenname288 -+description: description288 -+userPassword: password288 -+mail: uid288 -+uidnumber: 288 -+gidnumber: 288 -+homeDirectory: /home/uid288 -+ -+dn: cn=user289,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user289 -+sn: user289 -+uid: uid289 -+givenname: givenname289 -+description: description289 -+userPassword: password289 -+mail: uid289 -+uidnumber: 289 -+gidnumber: 289 -+homeDirectory: /home/uid289 -+ -+dn: cn=user290,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user290 -+sn: user290 -+uid: uid290 -+givenname: givenname290 -+description: description290 -+userPassword: password290 -+mail: uid290 -+uidnumber: 290 -+gidnumber: 290 -+homeDirectory: /home/uid290 -+ -+dn: cn=user291,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user291 -+sn: user291 -+uid: uid291 -+givenname: givenname291 -+description: description291 -+userPassword: password291 -+mail: uid291 -+uidnumber: 291 -+gidnumber: 291 -+homeDirectory: /home/uid291 -+ -+dn: cn=user292,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user292 -+sn: user292 -+uid: uid292 -+givenname: givenname292 -+description: description292 -+userPassword: password292 -+mail: uid292 -+uidnumber: 292 -+gidnumber: 292 -+homeDirectory: /home/uid292 -+ -+dn: cn=user293,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user293 -+sn: user293 -+uid: uid293 -+givenname: givenname293 -+description: description293 -+userPassword: password293 -+mail: uid293 -+uidnumber: 293 -+gidnumber: 293 -+homeDirectory: /home/uid293 -+ -+dn: cn=user294,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user294 -+sn: user294 -+uid: uid294 -+givenname: givenname294 -+description: description294 -+userPassword: password294 -+mail: uid294 -+uidnumber: 294 -+gidnumber: 294 -+homeDirectory: /home/uid294 -+ -+dn: cn=user295,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user295 -+sn: user295 -+uid: uid295 -+givenname: givenname295 -+description: description295 -+userPassword: password295 -+mail: uid295 -+uidnumber: 295 -+gidnumber: 295 -+homeDirectory: /home/uid295 -+ -+dn: cn=user296,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user296 -+sn: user296 -+uid: uid296 -+givenname: givenname296 -+description: description296 -+userPassword: password296 -+mail: uid296 -+uidnumber: 296 -+gidnumber: 296 -+homeDirectory: /home/uid296 -+ -+dn: cn=user297,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user297 -+sn: user297 -+uid: uid297 -+givenname: givenname297 -+description: description297 -+userPassword: password297 -+mail: uid297 -+uidnumber: 297 -+gidnumber: 297 -+homeDirectory: /home/uid297 -+ -+dn: cn=user298,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user298 -+sn: user298 -+uid: uid298 -+givenname: givenname298 -+description: description298 -+userPassword: password298 -+mail: uid298 -+uidnumber: 298 -+gidnumber: 298 -+homeDirectory: /home/uid298 -+ -+dn: cn=user299,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user299 -+sn: user299 -+uid: uid299 -+givenname: givenname299 -+description: description299 -+userPassword: password299 -+mail: uid299 -+uidnumber: 299 -+gidnumber: 299 -+homeDirectory: /home/uid299 -+ -+dn: cn=user300,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user300 -+sn: user300 -+uid: uid300 -+givenname: givenname300 -+description: description300 -+userPassword: password300 -+mail: uid300 -+uidnumber: 300 -+gidnumber: 300 -+homeDirectory: /home/uid300 -+ -+dn: cn=user301,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user301 -+sn: user301 -+uid: uid301 -+givenname: givenname301 -+description: description301 -+userPassword: password301 -+mail: uid301 -+uidnumber: 301 -+gidnumber: 301 -+homeDirectory: /home/uid301 -+ -+dn: cn=user302,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user302 -+sn: user302 -+uid: uid302 -+givenname: givenname302 -+description: description302 -+userPassword: password302 -+mail: uid302 -+uidnumber: 302 -+gidnumber: 302 -+homeDirectory: /home/uid302 -+ -+dn: cn=user303,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user303 -+sn: user303 -+uid: uid303 -+givenname: givenname303 -+description: description303 -+userPassword: password303 -+mail: uid303 -+uidnumber: 303 -+gidnumber: 303 -+homeDirectory: /home/uid303 -+ -+dn: cn=user304,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user304 -+sn: user304 -+uid: uid304 -+givenname: givenname304 -+description: description304 -+userPassword: password304 -+mail: uid304 -+uidnumber: 304 -+gidnumber: 304 -+homeDirectory: /home/uid304 -+ -+dn: cn=user305,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user305 -+sn: user305 -+uid: uid305 -+givenname: givenname305 -+description: description305 -+userPassword: password305 -+mail: uid305 -+uidnumber: 305 -+gidnumber: 305 -+homeDirectory: /home/uid305 -+ -+dn: cn=user306,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user306 -+sn: user306 -+uid: uid306 -+givenname: givenname306 -+description: description306 -+userPassword: password306 -+mail: uid306 -+uidnumber: 306 -+gidnumber: 306 -+homeDirectory: /home/uid306 -+ -+dn: cn=user307,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user307 -+sn: user307 -+uid: uid307 -+givenname: givenname307 -+description: description307 -+userPassword: password307 -+mail: uid307 -+uidnumber: 307 -+gidnumber: 307 -+homeDirectory: /home/uid307 -+ -+dn: cn=user308,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user308 -+sn: user308 -+uid: uid308 -+givenname: givenname308 -+description: description308 -+userPassword: password308 -+mail: uid308 -+uidnumber: 308 -+gidnumber: 308 -+homeDirectory: /home/uid308 -+ -+dn: cn=user309,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user309 -+sn: user309 -+uid: uid309 -+givenname: givenname309 -+description: description309 -+userPassword: password309 -+mail: uid309 -+uidnumber: 309 -+gidnumber: 309 -+homeDirectory: /home/uid309 -+ -+dn: cn=user310,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user310 -+sn: user310 -+uid: uid310 -+givenname: givenname310 -+description: description310 -+userPassword: password310 -+mail: uid310 -+uidnumber: 310 -+gidnumber: 310 -+homeDirectory: /home/uid310 -+ -+dn: cn=user311,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user311 -+sn: user311 -+uid: uid311 -+givenname: givenname311 -+description: description311 -+userPassword: password311 -+mail: uid311 -+uidnumber: 311 -+gidnumber: 311 -+homeDirectory: /home/uid311 -+ -+dn: cn=user312,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user312 -+sn: user312 -+uid: uid312 -+givenname: givenname312 -+description: description312 -+userPassword: password312 -+mail: uid312 -+uidnumber: 312 -+gidnumber: 312 -+homeDirectory: /home/uid312 -+ -+dn: cn=user313,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user313 -+sn: user313 -+uid: uid313 -+givenname: givenname313 -+description: description313 -+userPassword: password313 -+mail: uid313 -+uidnumber: 313 -+gidnumber: 313 -+homeDirectory: /home/uid313 -+ -+dn: cn=user314,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user314 -+sn: user314 -+uid: uid314 -+givenname: givenname314 -+description: description314 -+userPassword: password314 -+mail: uid314 -+uidnumber: 314 -+gidnumber: 314 -+homeDirectory: /home/uid314 -+ -+dn: cn=user315,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user315 -+sn: user315 -+uid: uid315 -+givenname: givenname315 -+description: description315 -+userPassword: password315 -+mail: uid315 -+uidnumber: 315 -+gidnumber: 315 -+homeDirectory: /home/uid315 -+ -+dn: cn=user316,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user316 -+sn: user316 -+uid: uid316 -+givenname: givenname316 -+description: description316 -+userPassword: password316 -+mail: uid316 -+uidnumber: 316 -+gidnumber: 316 -+homeDirectory: /home/uid316 -+ -+dn: cn=user317,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user317 -+sn: user317 -+uid: uid317 -+givenname: givenname317 -+description: description317 -+userPassword: password317 -+mail: uid317 -+uidnumber: 317 -+gidnumber: 317 -+homeDirectory: /home/uid317 -+ -+dn: cn=user318,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user318 -+sn: user318 -+uid: uid318 -+givenname: givenname318 -+description: description318 -+userPassword: password318 -+mail: uid318 -+uidnumber: 318 -+gidnumber: 318 -+homeDirectory: /home/uid318 -+ -+dn: cn=user319,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user319 -+sn: user319 -+uid: uid319 -+givenname: givenname319 -+description: description319 -+userPassword: password319 -+mail: uid319 -+uidnumber: 319 -+gidnumber: 319 -+homeDirectory: /home/uid319 -+ -+dn: cn=user320,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user320 -+sn: user320 -+uid: uid320 -+givenname: givenname320 -+description: description320 -+userPassword: password320 -+mail: uid320 -+uidnumber: 320 -+gidnumber: 320 -+homeDirectory: /home/uid320 -+ -+dn: cn=user321,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user321 -+sn: user321 -+uid: uid321 -+givenname: givenname321 -+description: description321 -+userPassword: password321 -+mail: uid321 -+uidnumber: 321 -+gidnumber: 321 -+homeDirectory: /home/uid321 -+ -+dn: cn=user322,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user322 -+sn: user322 -+uid: uid322 -+givenname: givenname322 -+description: description322 -+userPassword: password322 -+mail: uid322 -+uidnumber: 322 -+gidnumber: 322 -+homeDirectory: /home/uid322 -+ -+dn: cn=user323,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user323 -+sn: user323 -+uid: uid323 -+givenname: givenname323 -+description: description323 -+userPassword: password323 -+mail: uid323 -+uidnumber: 323 -+gidnumber: 323 -+homeDirectory: /home/uid323 -+ -+dn: cn=user324,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user324 -+sn: user324 -+uid: uid324 -+givenname: givenname324 -+description: description324 -+userPassword: password324 -+mail: uid324 -+uidnumber: 324 -+gidnumber: 324 -+homeDirectory: /home/uid324 -+ -+dn: cn=user325,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user325 -+sn: user325 -+uid: uid325 -+givenname: givenname325 -+description: description325 -+userPassword: password325 -+mail: uid325 -+uidnumber: 325 -+gidnumber: 325 -+homeDirectory: /home/uid325 -+ -+dn: cn=user326,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user326 -+sn: user326 -+uid: uid326 -+givenname: givenname326 -+description: description326 -+userPassword: password326 -+mail: uid326 -+uidnumber: 326 -+gidnumber: 326 -+homeDirectory: /home/uid326 -+ -+dn: cn=user327,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user327 -+sn: user327 -+uid: uid327 -+givenname: givenname327 -+description: description327 -+userPassword: password327 -+mail: uid327 -+uidnumber: 327 -+gidnumber: 327 -+homeDirectory: /home/uid327 -+ -+dn: cn=user328,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user328 -+sn: user328 -+uid: uid328 -+givenname: givenname328 -+description: description328 -+userPassword: password328 -+mail: uid328 -+uidnumber: 328 -+gidnumber: 328 -+homeDirectory: /home/uid328 -+ -+dn: cn=user329,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user329 -+sn: user329 -+uid: uid329 -+givenname: givenname329 -+description: description329 -+userPassword: password329 -+mail: uid329 -+uidnumber: 329 -+gidnumber: 329 -+homeDirectory: /home/uid329 -+ -+dn: cn=user330,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user330 -+sn: user330 -+uid: uid330 -+givenname: givenname330 -+description: description330 -+userPassword: password330 -+mail: uid330 -+uidnumber: 330 -+gidnumber: 330 -+homeDirectory: /home/uid330 -+ -+dn: cn=user331,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user331 -+sn: user331 -+uid: uid331 -+givenname: givenname331 -+description: description331 -+userPassword: password331 -+mail: uid331 -+uidnumber: 331 -+gidnumber: 331 -+homeDirectory: /home/uid331 -+ -+dn: cn=user332,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user332 -+sn: user332 -+uid: uid332 -+givenname: givenname332 -+description: description332 -+userPassword: password332 -+mail: uid332 -+uidnumber: 332 -+gidnumber: 332 -+homeDirectory: /home/uid332 -+ -+dn: cn=user333,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user333 -+sn: user333 -+uid: uid333 -+givenname: givenname333 -+description: description333 -+userPassword: password333 -+mail: uid333 -+uidnumber: 333 -+gidnumber: 333 -+homeDirectory: /home/uid333 -+ -+dn: cn=user334,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user334 -+sn: user334 -+uid: uid334 -+givenname: givenname334 -+description: description334 -+userPassword: password334 -+mail: uid334 -+uidnumber: 334 -+gidnumber: 334 -+homeDirectory: /home/uid334 -+ -+dn: cn=user335,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user335 -+sn: user335 -+uid: uid335 -+givenname: givenname335 -+description: description335 -+userPassword: password335 -+mail: uid335 -+uidnumber: 335 -+gidnumber: 335 -+homeDirectory: /home/uid335 -+ -+dn: cn=user336,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user336 -+sn: user336 -+uid: uid336 -+givenname: givenname336 -+description: description336 -+userPassword: password336 -+mail: uid336 -+uidnumber: 336 -+gidnumber: 336 -+homeDirectory: /home/uid336 -+ -+dn: cn=user337,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user337 -+sn: user337 -+uid: uid337 -+givenname: givenname337 -+description: description337 -+userPassword: password337 -+mail: uid337 -+uidnumber: 337 -+gidnumber: 337 -+homeDirectory: /home/uid337 -+ -+dn: cn=user338,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user338 -+sn: user338 -+uid: uid338 -+givenname: givenname338 -+description: description338 -+userPassword: password338 -+mail: uid338 -+uidnumber: 338 -+gidnumber: 338 -+homeDirectory: /home/uid338 -+ -+dn: cn=user339,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user339 -+sn: user339 -+uid: uid339 -+givenname: givenname339 -+description: description339 -+userPassword: password339 -+mail: uid339 -+uidnumber: 339 -+gidnumber: 339 -+homeDirectory: /home/uid339 -+ -+dn: cn=user340,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user340 -+sn: user340 -+uid: uid340 -+givenname: givenname340 -+description: description340 -+userPassword: password340 -+mail: uid340 -+uidnumber: 340 -+gidnumber: 340 -+homeDirectory: /home/uid340 -+ -+dn: cn=user341,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user341 -+sn: user341 -+uid: uid341 -+givenname: givenname341 -+description: description341 -+userPassword: password341 -+mail: uid341 -+uidnumber: 341 -+gidnumber: 341 -+homeDirectory: /home/uid341 -+ -+dn: cn=user342,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user342 -+sn: user342 -+uid: uid342 -+givenname: givenname342 -+description: description342 -+userPassword: password342 -+mail: uid342 -+uidnumber: 342 -+gidnumber: 342 -+homeDirectory: /home/uid342 -+ -+dn: cn=user343,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user343 -+sn: user343 -+uid: uid343 -+givenname: givenname343 -+description: description343 -+userPassword: password343 -+mail: uid343 -+uidnumber: 343 -+gidnumber: 343 -+homeDirectory: /home/uid343 -+ -+dn: cn=user344,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user344 -+sn: user344 -+uid: uid344 -+givenname: givenname344 -+description: description344 -+userPassword: password344 -+mail: uid344 -+uidnumber: 344 -+gidnumber: 344 -+homeDirectory: /home/uid344 -+ -+dn: cn=user345,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user345 -+sn: user345 -+uid: uid345 -+givenname: givenname345 -+description: description345 -+userPassword: password345 -+mail: uid345 -+uidnumber: 345 -+gidnumber: 345 -+homeDirectory: /home/uid345 -+ -+dn: cn=user346,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user346 -+sn: user346 -+uid: uid346 -+givenname: givenname346 -+description: description346 -+userPassword: password346 -+mail: uid346 -+uidnumber: 346 -+gidnumber: 346 -+homeDirectory: /home/uid346 -+ -+dn: cn=user347,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user347 -+sn: user347 -+uid: uid347 -+givenname: givenname347 -+description: description347 -+userPassword: password347 -+mail: uid347 -+uidnumber: 347 -+gidnumber: 347 -+homeDirectory: /home/uid347 -+ -+dn: cn=user348,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user348 -+sn: user348 -+uid: uid348 -+givenname: givenname348 -+description: description348 -+userPassword: password348 -+mail: uid348 -+uidnumber: 348 -+gidnumber: 348 -+homeDirectory: /home/uid348 -+ -+dn: cn=user349,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user349 -+sn: user349 -+uid: uid349 -+givenname: givenname349 -+description: description349 -+userPassword: password349 -+mail: uid349 -+uidnumber: 349 -+gidnumber: 349 -+homeDirectory: /home/uid349 -+ -+dn: cn=user350,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user350 -+sn: user350 -+uid: uid350 -+givenname: givenname350 -+description: description350 -+userPassword: password350 -+mail: uid350 -+uidnumber: 350 -+gidnumber: 350 -+homeDirectory: /home/uid350 -+ -+dn: cn=user351,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user351 -+sn: user351 -+uid: uid351 -+givenname: givenname351 -+description: description351 -+userPassword: password351 -+mail: uid351 -+uidnumber: 351 -+gidnumber: 351 -+homeDirectory: /home/uid351 -+ -+dn: cn=user352,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user352 -+sn: user352 -+uid: uid352 -+givenname: givenname352 -+description: description352 -+userPassword: password352 -+mail: uid352 -+uidnumber: 352 -+gidnumber: 352 -+homeDirectory: /home/uid352 -+ -+dn: cn=user353,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user353 -+sn: user353 -+uid: uid353 -+givenname: givenname353 -+description: description353 -+userPassword: password353 -+mail: uid353 -+uidnumber: 353 -+gidnumber: 353 -+homeDirectory: /home/uid353 -+ -+dn: cn=user354,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user354 -+sn: user354 -+uid: uid354 -+givenname: givenname354 -+description: description354 -+userPassword: password354 -+mail: uid354 -+uidnumber: 354 -+gidnumber: 354 -+homeDirectory: /home/uid354 -+ -+dn: cn=user355,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user355 -+sn: user355 -+uid: uid355 -+givenname: givenname355 -+description: description355 -+userPassword: password355 -+mail: uid355 -+uidnumber: 355 -+gidnumber: 355 -+homeDirectory: /home/uid355 -+ -+dn: cn=user356,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user356 -+sn: user356 -+uid: uid356 -+givenname: givenname356 -+description: description356 -+userPassword: password356 -+mail: uid356 -+uidnumber: 356 -+gidnumber: 356 -+homeDirectory: /home/uid356 -+ -+dn: cn=user357,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user357 -+sn: user357 -+uid: uid357 -+givenname: givenname357 -+description: description357 -+userPassword: password357 -+mail: uid357 -+uidnumber: 357 -+gidnumber: 357 -+homeDirectory: /home/uid357 -+ -+dn: cn=user358,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user358 -+sn: user358 -+uid: uid358 -+givenname: givenname358 -+description: description358 -+userPassword: password358 -+mail: uid358 -+uidnumber: 358 -+gidnumber: 358 -+homeDirectory: /home/uid358 -+ -+dn: cn=user359,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user359 -+sn: user359 -+uid: uid359 -+givenname: givenname359 -+description: description359 -+userPassword: password359 -+mail: uid359 -+uidnumber: 359 -+gidnumber: 359 -+homeDirectory: /home/uid359 -+ -+dn: cn=user360,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user360 -+sn: user360 -+uid: uid360 -+givenname: givenname360 -+description: description360 -+userPassword: password360 -+mail: uid360 -+uidnumber: 360 -+gidnumber: 360 -+homeDirectory: /home/uid360 -+ -+dn: cn=user361,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user361 -+sn: user361 -+uid: uid361 -+givenname: givenname361 -+description: description361 -+userPassword: password361 -+mail: uid361 -+uidnumber: 361 -+gidnumber: 361 -+homeDirectory: /home/uid361 -+ -+dn: cn=user362,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user362 -+sn: user362 -+uid: uid362 -+givenname: givenname362 -+description: description362 -+userPassword: password362 -+mail: uid362 -+uidnumber: 362 -+gidnumber: 362 -+homeDirectory: /home/uid362 -+ -+dn: cn=user363,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user363 -+sn: user363 -+uid: uid363 -+givenname: givenname363 -+description: description363 -+userPassword: password363 -+mail: uid363 -+uidnumber: 363 -+gidnumber: 363 -+homeDirectory: /home/uid363 -+ -+dn: cn=user364,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user364 -+sn: user364 -+uid: uid364 -+givenname: givenname364 -+description: description364 -+userPassword: password364 -+mail: uid364 -+uidnumber: 364 -+gidnumber: 364 -+homeDirectory: /home/uid364 -+ -+dn: cn=user365,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user365 -+sn: user365 -+uid: uid365 -+givenname: givenname365 -+description: description365 -+userPassword: password365 -+mail: uid365 -+uidnumber: 365 -+gidnumber: 365 -+homeDirectory: /home/uid365 -+ -+dn: cn=user366,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user366 -+sn: user366 -+uid: uid366 -+givenname: givenname366 -+description: description366 -+userPassword: password366 -+mail: uid366 -+uidnumber: 366 -+gidnumber: 366 -+homeDirectory: /home/uid366 -+ -+dn: cn=user367,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user367 -+sn: user367 -+uid: uid367 -+givenname: givenname367 -+description: description367 -+userPassword: password367 -+mail: uid367 -+uidnumber: 367 -+gidnumber: 367 -+homeDirectory: /home/uid367 -+ -+dn: cn=user368,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user368 -+sn: user368 -+uid: uid368 -+givenname: givenname368 -+description: description368 -+userPassword: password368 -+mail: uid368 -+uidnumber: 368 -+gidnumber: 368 -+homeDirectory: /home/uid368 -+ -+dn: cn=user369,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user369 -+sn: user369 -+uid: uid369 -+givenname: givenname369 -+description: description369 -+userPassword: password369 -+mail: uid369 -+uidnumber: 369 -+gidnumber: 369 -+homeDirectory: /home/uid369 -+ -+dn: cn=user370,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user370 -+sn: user370 -+uid: uid370 -+givenname: givenname370 -+description: description370 -+userPassword: password370 -+mail: uid370 -+uidnumber: 370 -+gidnumber: 370 -+homeDirectory: /home/uid370 -+ -+dn: cn=user371,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user371 -+sn: user371 -+uid: uid371 -+givenname: givenname371 -+description: description371 -+userPassword: password371 -+mail: uid371 -+uidnumber: 371 -+gidnumber: 371 -+homeDirectory: /home/uid371 -+ -+dn: cn=user372,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user372 -+sn: user372 -+uid: uid372 -+givenname: givenname372 -+description: description372 -+userPassword: password372 -+mail: uid372 -+uidnumber: 372 -+gidnumber: 372 -+homeDirectory: /home/uid372 -+ -+dn: cn=user373,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user373 -+sn: user373 -+uid: uid373 -+givenname: givenname373 -+description: description373 -+userPassword: password373 -+mail: uid373 -+uidnumber: 373 -+gidnumber: 373 -+homeDirectory: /home/uid373 -+ -+dn: cn=user374,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user374 -+sn: user374 -+uid: uid374 -+givenname: givenname374 -+description: description374 -+userPassword: password374 -+mail: uid374 -+uidnumber: 374 -+gidnumber: 374 -+homeDirectory: /home/uid374 -+ -+dn: cn=user375,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user375 -+sn: user375 -+uid: uid375 -+givenname: givenname375 -+description: description375 -+userPassword: password375 -+mail: uid375 -+uidnumber: 375 -+gidnumber: 375 -+homeDirectory: /home/uid375 -+ -+dn: cn=user376,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user376 -+sn: user376 -+uid: uid376 -+givenname: givenname376 -+description: description376 -+userPassword: password376 -+mail: uid376 -+uidnumber: 376 -+gidnumber: 376 -+homeDirectory: /home/uid376 -+ -+dn: cn=user377,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user377 -+sn: user377 -+uid: uid377 -+givenname: givenname377 -+description: description377 -+userPassword: password377 -+mail: uid377 -+uidnumber: 377 -+gidnumber: 377 -+homeDirectory: /home/uid377 -+ -+dn: cn=user378,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user378 -+sn: user378 -+uid: uid378 -+givenname: givenname378 -+description: description378 -+userPassword: password378 -+mail: uid378 -+uidnumber: 378 -+gidnumber: 378 -+homeDirectory: /home/uid378 -+ -+dn: cn=user379,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user379 -+sn: user379 -+uid: uid379 -+givenname: givenname379 -+description: description379 -+userPassword: password379 -+mail: uid379 -+uidnumber: 379 -+gidnumber: 379 -+homeDirectory: /home/uid379 -+ -+dn: cn=user380,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user380 -+sn: user380 -+uid: uid380 -+givenname: givenname380 -+description: description380 -+userPassword: password380 -+mail: uid380 -+uidnumber: 380 -+gidnumber: 380 -+homeDirectory: /home/uid380 -+ -+dn: cn=user381,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user381 -+sn: user381 -+uid: uid381 -+givenname: givenname381 -+description: description381 -+userPassword: password381 -+mail: uid381 -+uidnumber: 381 -+gidnumber: 381 -+homeDirectory: /home/uid381 -+ -+dn: cn=user382,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user382 -+sn: user382 -+uid: uid382 -+givenname: givenname382 -+description: description382 -+userPassword: password382 -+mail: uid382 -+uidnumber: 382 -+gidnumber: 382 -+homeDirectory: /home/uid382 -+ -+dn: cn=user383,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user383 -+sn: user383 -+uid: uid383 -+givenname: givenname383 -+description: description383 -+userPassword: password383 -+mail: uid383 -+uidnumber: 383 -+gidnumber: 383 -+homeDirectory: /home/uid383 -+ -+dn: cn=user384,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user384 -+sn: user384 -+uid: uid384 -+givenname: givenname384 -+description: description384 -+userPassword: password384 -+mail: uid384 -+uidnumber: 384 -+gidnumber: 384 -+homeDirectory: /home/uid384 -+ -+dn: cn=user385,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user385 -+sn: user385 -+uid: uid385 -+givenname: givenname385 -+description: description385 -+userPassword: password385 -+mail: uid385 -+uidnumber: 385 -+gidnumber: 385 -+homeDirectory: /home/uid385 -+ -+dn: cn=user386,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user386 -+sn: user386 -+uid: uid386 -+givenname: givenname386 -+description: description386 -+userPassword: password386 -+mail: uid386 -+uidnumber: 386 -+gidnumber: 386 -+homeDirectory: /home/uid386 -+ -+dn: cn=user387,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user387 -+sn: user387 -+uid: uid387 -+givenname: givenname387 -+description: description387 -+userPassword: password387 -+mail: uid387 -+uidnumber: 387 -+gidnumber: 387 -+homeDirectory: /home/uid387 -+ -+dn: cn=user388,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user388 -+sn: user388 -+uid: uid388 -+givenname: givenname388 -+description: description388 -+userPassword: password388 -+mail: uid388 -+uidnumber: 388 -+gidnumber: 388 -+homeDirectory: /home/uid388 -+ -+dn: cn=user389,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user389 -+sn: user389 -+uid: uid389 -+givenname: givenname389 -+description: description389 -+userPassword: password389 -+mail: uid389 -+uidnumber: 389 -+gidnumber: 389 -+homeDirectory: /home/uid389 -+ -+dn: cn=user390,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user390 -+sn: user390 -+uid: uid390 -+givenname: givenname390 -+description: description390 -+userPassword: password390 -+mail: uid390 -+uidnumber: 390 -+gidnumber: 390 -+homeDirectory: /home/uid390 -+ -+dn: cn=user391,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user391 -+sn: user391 -+uid: uid391 -+givenname: givenname391 -+description: description391 -+userPassword: password391 -+mail: uid391 -+uidnumber: 391 -+gidnumber: 391 -+homeDirectory: /home/uid391 -+ -+dn: cn=user392,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user392 -+sn: user392 -+uid: uid392 -+givenname: givenname392 -+description: description392 -+userPassword: password392 -+mail: uid392 -+uidnumber: 392 -+gidnumber: 392 -+homeDirectory: /home/uid392 -+ -+dn: cn=user393,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user393 -+sn: user393 -+uid: uid393 -+givenname: givenname393 -+description: description393 -+userPassword: password393 -+mail: uid393 -+uidnumber: 393 -+gidnumber: 393 -+homeDirectory: /home/uid393 -+ -+dn: cn=user394,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user394 -+sn: user394 -+uid: uid394 -+givenname: givenname394 -+description: description394 -+userPassword: password394 -+mail: uid394 -+uidnumber: 394 -+gidnumber: 394 -+homeDirectory: /home/uid394 -+ -+dn: cn=user395,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user395 -+sn: user395 -+uid: uid395 -+givenname: givenname395 -+description: description395 -+userPassword: password395 -+mail: uid395 -+uidnumber: 395 -+gidnumber: 395 -+homeDirectory: /home/uid395 -+ -+dn: cn=user396,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user396 -+sn: user396 -+uid: uid396 -+givenname: givenname396 -+description: description396 -+userPassword: password396 -+mail: uid396 -+uidnumber: 396 -+gidnumber: 396 -+homeDirectory: /home/uid396 -+ -+dn: cn=user397,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user397 -+sn: user397 -+uid: uid397 -+givenname: givenname397 -+description: description397 -+userPassword: password397 -+mail: uid397 -+uidnumber: 397 -+gidnumber: 397 -+homeDirectory: /home/uid397 -+ -+dn: cn=user398,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user398 -+sn: user398 -+uid: uid398 -+givenname: givenname398 -+description: description398 -+userPassword: password398 -+mail: uid398 -+uidnumber: 398 -+gidnumber: 398 -+homeDirectory: /home/uid398 -+ -+dn: cn=user399,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user399 -+sn: user399 -+uid: uid399 -+givenname: givenname399 -+description: description399 -+userPassword: password399 -+mail: uid399 -+uidnumber: 399 -+gidnumber: 399 -+homeDirectory: /home/uid399 -+ -+dn: cn=user400,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user400 -+sn: user400 -+uid: uid400 -+givenname: givenname400 -+description: description400 -+userPassword: password400 -+mail: uid400 -+uidnumber: 400 -+gidnumber: 400 -+homeDirectory: /home/uid400 -+ -+dn: cn=user401,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user401 -+sn: user401 -+uid: uid401 -+givenname: givenname401 -+description: description401 -+userPassword: password401 -+mail: uid401 -+uidnumber: 401 -+gidnumber: 401 -+homeDirectory: /home/uid401 -+ -+dn: cn=user402,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user402 -+sn: user402 -+uid: uid402 -+givenname: givenname402 -+description: description402 -+userPassword: password402 -+mail: uid402 -+uidnumber: 402 -+gidnumber: 402 -+homeDirectory: /home/uid402 -+ -+dn: cn=user403,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user403 -+sn: user403 -+uid: uid403 -+givenname: givenname403 -+description: description403 -+userPassword: password403 -+mail: uid403 -+uidnumber: 403 -+gidnumber: 403 -+homeDirectory: /home/uid403 -+ -+dn: cn=user404,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user404 -+sn: user404 -+uid: uid404 -+givenname: givenname404 -+description: description404 -+userPassword: password404 -+mail: uid404 -+uidnumber: 404 -+gidnumber: 404 -+homeDirectory: /home/uid404 -+ -+dn: cn=user405,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user405 -+sn: user405 -+uid: uid405 -+givenname: givenname405 -+description: description405 -+userPassword: password405 -+mail: uid405 -+uidnumber: 405 -+gidnumber: 405 -+homeDirectory: /home/uid405 -+ -+dn: cn=user406,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user406 -+sn: user406 -+uid: uid406 -+givenname: givenname406 -+description: description406 -+userPassword: password406 -+mail: uid406 -+uidnumber: 406 -+gidnumber: 406 -+homeDirectory: /home/uid406 -+ -+dn: cn=user407,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user407 -+sn: user407 -+uid: uid407 -+givenname: givenname407 -+description: description407 -+userPassword: password407 -+mail: uid407 -+uidnumber: 407 -+gidnumber: 407 -+homeDirectory: /home/uid407 -+ -+dn: cn=user408,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user408 -+sn: user408 -+uid: uid408 -+givenname: givenname408 -+description: description408 -+userPassword: password408 -+mail: uid408 -+uidnumber: 408 -+gidnumber: 408 -+homeDirectory: /home/uid408 -+ -+dn: cn=user409,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user409 -+sn: user409 -+uid: uid409 -+givenname: givenname409 -+description: description409 -+userPassword: password409 -+mail: uid409 -+uidnumber: 409 -+gidnumber: 409 -+homeDirectory: /home/uid409 -+ -+dn: cn=user410,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user410 -+sn: user410 -+uid: uid410 -+givenname: givenname410 -+description: description410 -+userPassword: password410 -+mail: uid410 -+uidnumber: 410 -+gidnumber: 410 -+homeDirectory: /home/uid410 -+ -+dn: cn=user411,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user411 -+sn: user411 -+uid: uid411 -+givenname: givenname411 -+description: description411 -+userPassword: password411 -+mail: uid411 -+uidnumber: 411 -+gidnumber: 411 -+homeDirectory: /home/uid411 -+ -+dn: cn=user412,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user412 -+sn: user412 -+uid: uid412 -+givenname: givenname412 -+description: description412 -+userPassword: password412 -+mail: uid412 -+uidnumber: 412 -+gidnumber: 412 -+homeDirectory: /home/uid412 -+ -+dn: cn=user413,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user413 -+sn: user413 -+uid: uid413 -+givenname: givenname413 -+description: description413 -+userPassword: password413 -+mail: uid413 -+uidnumber: 413 -+gidnumber: 413 -+homeDirectory: /home/uid413 -+ -+dn: cn=user414,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user414 -+sn: user414 -+uid: uid414 -+givenname: givenname414 -+description: description414 -+userPassword: password414 -+mail: uid414 -+uidnumber: 414 -+gidnumber: 414 -+homeDirectory: /home/uid414 -+ -+dn: cn=user415,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user415 -+sn: user415 -+uid: uid415 -+givenname: givenname415 -+description: description415 -+userPassword: password415 -+mail: uid415 -+uidnumber: 415 -+gidnumber: 415 -+homeDirectory: /home/uid415 -+ -+dn: cn=user416,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user416 -+sn: user416 -+uid: uid416 -+givenname: givenname416 -+description: description416 -+userPassword: password416 -+mail: uid416 -+uidnumber: 416 -+gidnumber: 416 -+homeDirectory: /home/uid416 -+ -+dn: cn=user417,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user417 -+sn: user417 -+uid: uid417 -+givenname: givenname417 -+description: description417 -+userPassword: password417 -+mail: uid417 -+uidnumber: 417 -+gidnumber: 417 -+homeDirectory: /home/uid417 -+ -+dn: cn=user418,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user418 -+sn: user418 -+uid: uid418 -+givenname: givenname418 -+description: description418 -+userPassword: password418 -+mail: uid418 -+uidnumber: 418 -+gidnumber: 418 -+homeDirectory: /home/uid418 -+ -+dn: cn=user419,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user419 -+sn: user419 -+uid: uid419 -+givenname: givenname419 -+description: description419 -+userPassword: password419 -+mail: uid419 -+uidnumber: 419 -+gidnumber: 419 -+homeDirectory: /home/uid419 -+ -+dn: cn=user420,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user420 -+sn: user420 -+uid: uid420 -+givenname: givenname420 -+description: description420 -+userPassword: password420 -+mail: uid420 -+uidnumber: 420 -+gidnumber: 420 -+homeDirectory: /home/uid420 -+ -+dn: cn=user421,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user421 -+sn: user421 -+uid: uid421 -+givenname: givenname421 -+description: description421 -+userPassword: password421 -+mail: uid421 -+uidnumber: 421 -+gidnumber: 421 -+homeDirectory: /home/uid421 -+ -+dn: cn=user422,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user422 -+sn: user422 -+uid: uid422 -+givenname: givenname422 -+description: description422 -+userPassword: password422 -+mail: uid422 -+uidnumber: 422 -+gidnumber: 422 -+homeDirectory: /home/uid422 -+ -+dn: cn=user423,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user423 -+sn: user423 -+uid: uid423 -+givenname: givenname423 -+description: description423 -+userPassword: password423 -+mail: uid423 -+uidnumber: 423 -+gidnumber: 423 -+homeDirectory: /home/uid423 -+ -+dn: cn=user424,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user424 -+sn: user424 -+uid: uid424 -+givenname: givenname424 -+description: description424 -+userPassword: password424 -+mail: uid424 -+uidnumber: 424 -+gidnumber: 424 -+homeDirectory: /home/uid424 -+ -+dn: cn=user425,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user425 -+sn: user425 -+uid: uid425 -+givenname: givenname425 -+description: description425 -+userPassword: password425 -+mail: uid425 -+uidnumber: 425 -+gidnumber: 425 -+homeDirectory: /home/uid425 -+ -+dn: cn=user426,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user426 -+sn: user426 -+uid: uid426 -+givenname: givenname426 -+description: description426 -+userPassword: password426 -+mail: uid426 -+uidnumber: 426 -+gidnumber: 426 -+homeDirectory: /home/uid426 -+ -+dn: cn=user427,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user427 -+sn: user427 -+uid: uid427 -+givenname: givenname427 -+description: description427 -+userPassword: password427 -+mail: uid427 -+uidnumber: 427 -+gidnumber: 427 -+homeDirectory: /home/uid427 -+ -+dn: cn=user428,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user428 -+sn: user428 -+uid: uid428 -+givenname: givenname428 -+description: description428 -+userPassword: password428 -+mail: uid428 -+uidnumber: 428 -+gidnumber: 428 -+homeDirectory: /home/uid428 -+ -+dn: cn=user429,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user429 -+sn: user429 -+uid: uid429 -+givenname: givenname429 -+description: description429 -+userPassword: password429 -+mail: uid429 -+uidnumber: 429 -+gidnumber: 429 -+homeDirectory: /home/uid429 -+ -+dn: cn=user430,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user430 -+sn: user430 -+uid: uid430 -+givenname: givenname430 -+description: description430 -+userPassword: password430 -+mail: uid430 -+uidnumber: 430 -+gidnumber: 430 -+homeDirectory: /home/uid430 -+ -+dn: cn=user431,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user431 -+sn: user431 -+uid: uid431 -+givenname: givenname431 -+description: description431 -+userPassword: password431 -+mail: uid431 -+uidnumber: 431 -+gidnumber: 431 -+homeDirectory: /home/uid431 -+ -+dn: cn=user432,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user432 -+sn: user432 -+uid: uid432 -+givenname: givenname432 -+description: description432 -+userPassword: password432 -+mail: uid432 -+uidnumber: 432 -+gidnumber: 432 -+homeDirectory: /home/uid432 -+ -+dn: cn=user433,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user433 -+sn: user433 -+uid: uid433 -+givenname: givenname433 -+description: description433 -+userPassword: password433 -+mail: uid433 -+uidnumber: 433 -+gidnumber: 433 -+homeDirectory: /home/uid433 -+ -+dn: cn=user434,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user434 -+sn: user434 -+uid: uid434 -+givenname: givenname434 -+description: description434 -+userPassword: password434 -+mail: uid434 -+uidnumber: 434 -+gidnumber: 434 -+homeDirectory: /home/uid434 -+ -+dn: cn=user435,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user435 -+sn: user435 -+uid: uid435 -+givenname: givenname435 -+description: description435 -+userPassword: password435 -+mail: uid435 -+uidnumber: 435 -+gidnumber: 435 -+homeDirectory: /home/uid435 -+ -+dn: cn=user436,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user436 -+sn: user436 -+uid: uid436 -+givenname: givenname436 -+description: description436 -+userPassword: password436 -+mail: uid436 -+uidnumber: 436 -+gidnumber: 436 -+homeDirectory: /home/uid436 -+ -+dn: cn=user437,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user437 -+sn: user437 -+uid: uid437 -+givenname: givenname437 -+description: description437 -+userPassword: password437 -+mail: uid437 -+uidnumber: 437 -+gidnumber: 437 -+homeDirectory: /home/uid437 -+ -+dn: cn=user438,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user438 -+sn: user438 -+uid: uid438 -+givenname: givenname438 -+description: description438 -+userPassword: password438 -+mail: uid438 -+uidnumber: 438 -+gidnumber: 438 -+homeDirectory: /home/uid438 -+ -+dn: cn=user439,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user439 -+sn: user439 -+uid: uid439 -+givenname: givenname439 -+description: description439 -+userPassword: password439 -+mail: uid439 -+uidnumber: 439 -+gidnumber: 439 -+homeDirectory: /home/uid439 -+ -+dn: cn=user440,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user440 -+sn: user440 -+uid: uid440 -+givenname: givenname440 -+description: description440 -+userPassword: password440 -+mail: uid440 -+uidnumber: 440 -+gidnumber: 440 -+homeDirectory: /home/uid440 -+ -+dn: cn=user441,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user441 -+sn: user441 -+uid: uid441 -+givenname: givenname441 -+description: description441 -+userPassword: password441 -+mail: uid441 -+uidnumber: 441 -+gidnumber: 441 -+homeDirectory: /home/uid441 -+ -+dn: cn=user442,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user442 -+sn: user442 -+uid: uid442 -+givenname: givenname442 -+description: description442 -+userPassword: password442 -+mail: uid442 -+uidnumber: 442 -+gidnumber: 442 -+homeDirectory: /home/uid442 -+ -+dn: cn=user443,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user443 -+sn: user443 -+uid: uid443 -+givenname: givenname443 -+description: description443 -+userPassword: password443 -+mail: uid443 -+uidnumber: 443 -+gidnumber: 443 -+homeDirectory: /home/uid443 -+ -+dn: cn=user444,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user444 -+sn: user444 -+uid: uid444 -+givenname: givenname444 -+description: description444 -+userPassword: password444 -+mail: uid444 -+uidnumber: 444 -+gidnumber: 444 -+homeDirectory: /home/uid444 -+ -+dn: cn=user445,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user445 -+sn: user445 -+uid: uid445 -+givenname: givenname445 -+description: description445 -+userPassword: password445 -+mail: uid445 -+uidnumber: 445 -+gidnumber: 445 -+homeDirectory: /home/uid445 -+ -+dn: cn=user446,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user446 -+sn: user446 -+uid: uid446 -+givenname: givenname446 -+description: description446 -+userPassword: password446 -+mail: uid446 -+uidnumber: 446 -+gidnumber: 446 -+homeDirectory: /home/uid446 -+ -+dn: cn=user447,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user447 -+sn: user447 -+uid: uid447 -+givenname: givenname447 -+description: description447 -+userPassword: password447 -+mail: uid447 -+uidnumber: 447 -+gidnumber: 447 -+homeDirectory: /home/uid447 -+ -+dn: cn=user448,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user448 -+sn: user448 -+uid: uid448 -+givenname: givenname448 -+description: description448 -+userPassword: password448 -+mail: uid448 -+uidnumber: 448 -+gidnumber: 448 -+homeDirectory: /home/uid448 -+ -+dn: cn=user449,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user449 -+sn: user449 -+uid: uid449 -+givenname: givenname449 -+description: description449 -+userPassword: password449 -+mail: uid449 -+uidnumber: 449 -+gidnumber: 449 -+homeDirectory: /home/uid449 -+ -+dn: cn=user450,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user450 -+sn: user450 -+uid: uid450 -+givenname: givenname450 -+description: description450 -+userPassword: password450 -+mail: uid450 -+uidnumber: 450 -+gidnumber: 450 -+homeDirectory: /home/uid450 -+ -+dn: cn=user451,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user451 -+sn: user451 -+uid: uid451 -+givenname: givenname451 -+description: description451 -+userPassword: password451 -+mail: uid451 -+uidnumber: 451 -+gidnumber: 451 -+homeDirectory: /home/uid451 -+ -+dn: cn=user452,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user452 -+sn: user452 -+uid: uid452 -+givenname: givenname452 -+description: description452 -+userPassword: password452 -+mail: uid452 -+uidnumber: 452 -+gidnumber: 452 -+homeDirectory: /home/uid452 -+ -+dn: cn=user453,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user453 -+sn: user453 -+uid: uid453 -+givenname: givenname453 -+description: description453 -+userPassword: password453 -+mail: uid453 -+uidnumber: 453 -+gidnumber: 453 -+homeDirectory: /home/uid453 -+ -+dn: cn=user454,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user454 -+sn: user454 -+uid: uid454 -+givenname: givenname454 -+description: description454 -+userPassword: password454 -+mail: uid454 -+uidnumber: 454 -+gidnumber: 454 -+homeDirectory: /home/uid454 -+ -+dn: cn=user455,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user455 -+sn: user455 -+uid: uid455 -+givenname: givenname455 -+description: description455 -+userPassword: password455 -+mail: uid455 -+uidnumber: 455 -+gidnumber: 455 -+homeDirectory: /home/uid455 -+ -+dn: cn=user456,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user456 -+sn: user456 -+uid: uid456 -+givenname: givenname456 -+description: description456 -+userPassword: password456 -+mail: uid456 -+uidnumber: 456 -+gidnumber: 456 -+homeDirectory: /home/uid456 -+ -+dn: cn=user457,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user457 -+sn: user457 -+uid: uid457 -+givenname: givenname457 -+description: description457 -+userPassword: password457 -+mail: uid457 -+uidnumber: 457 -+gidnumber: 457 -+homeDirectory: /home/uid457 -+ -+dn: cn=user458,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user458 -+sn: user458 -+uid: uid458 -+givenname: givenname458 -+description: description458 -+userPassword: password458 -+mail: uid458 -+uidnumber: 458 -+gidnumber: 458 -+homeDirectory: /home/uid458 -+ -+dn: cn=user459,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user459 -+sn: user459 -+uid: uid459 -+givenname: givenname459 -+description: description459 -+userPassword: password459 -+mail: uid459 -+uidnumber: 459 -+gidnumber: 459 -+homeDirectory: /home/uid459 -+ -+dn: cn=user460,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user460 -+sn: user460 -+uid: uid460 -+givenname: givenname460 -+description: description460 -+userPassword: password460 -+mail: uid460 -+uidnumber: 460 -+gidnumber: 460 -+homeDirectory: /home/uid460 -+ -+dn: cn=user461,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user461 -+sn: user461 -+uid: uid461 -+givenname: givenname461 -+description: description461 -+userPassword: password461 -+mail: uid461 -+uidnumber: 461 -+gidnumber: 461 -+homeDirectory: /home/uid461 -+ -+dn: cn=user462,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user462 -+sn: user462 -+uid: uid462 -+givenname: givenname462 -+description: description462 -+userPassword: password462 -+mail: uid462 -+uidnumber: 462 -+gidnumber: 462 -+homeDirectory: /home/uid462 -+ -+dn: cn=user463,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user463 -+sn: user463 -+uid: uid463 -+givenname: givenname463 -+description: description463 -+userPassword: password463 -+mail: uid463 -+uidnumber: 463 -+gidnumber: 463 -+homeDirectory: /home/uid463 -+ -+dn: cn=user464,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user464 -+sn: user464 -+uid: uid464 -+givenname: givenname464 -+description: description464 -+userPassword: password464 -+mail: uid464 -+uidnumber: 464 -+gidnumber: 464 -+homeDirectory: /home/uid464 -+ -+dn: cn=user465,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user465 -+sn: user465 -+uid: uid465 -+givenname: givenname465 -+description: description465 -+userPassword: password465 -+mail: uid465 -+uidnumber: 465 -+gidnumber: 465 -+homeDirectory: /home/uid465 -+ -+dn: cn=user466,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user466 -+sn: user466 -+uid: uid466 -+givenname: givenname466 -+description: description466 -+userPassword: password466 -+mail: uid466 -+uidnumber: 466 -+gidnumber: 466 -+homeDirectory: /home/uid466 -+ -+dn: cn=user467,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user467 -+sn: user467 -+uid: uid467 -+givenname: givenname467 -+description: description467 -+userPassword: password467 -+mail: uid467 -+uidnumber: 467 -+gidnumber: 467 -+homeDirectory: /home/uid467 -+ -+dn: cn=user468,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user468 -+sn: user468 -+uid: uid468 -+givenname: givenname468 -+description: description468 -+userPassword: password468 -+mail: uid468 -+uidnumber: 468 -+gidnumber: 468 -+homeDirectory: /home/uid468 -+ -+dn: cn=user469,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user469 -+sn: user469 -+uid: uid469 -+givenname: givenname469 -+description: description469 -+userPassword: password469 -+mail: uid469 -+uidnumber: 469 -+gidnumber: 469 -+homeDirectory: /home/uid469 -+ -+dn: cn=user470,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user470 -+sn: user470 -+uid: uid470 -+givenname: givenname470 -+description: description470 -+userPassword: password470 -+mail: uid470 -+uidnumber: 470 -+gidnumber: 470 -+homeDirectory: /home/uid470 -+ -+dn: cn=user471,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user471 -+sn: user471 -+uid: uid471 -+givenname: givenname471 -+description: description471 -+userPassword: password471 -+mail: uid471 -+uidnumber: 471 -+gidnumber: 471 -+homeDirectory: /home/uid471 -+ -+dn: cn=user472,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user472 -+sn: user472 -+uid: uid472 -+givenname: givenname472 -+description: description472 -+userPassword: password472 -+mail: uid472 -+uidnumber: 472 -+gidnumber: 472 -+homeDirectory: /home/uid472 -+ -+dn: cn=user473,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user473 -+sn: user473 -+uid: uid473 -+givenname: givenname473 -+description: description473 -+userPassword: password473 -+mail: uid473 -+uidnumber: 473 -+gidnumber: 473 -+homeDirectory: /home/uid473 -+ -+dn: cn=user474,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user474 -+sn: user474 -+uid: uid474 -+givenname: givenname474 -+description: description474 -+userPassword: password474 -+mail: uid474 -+uidnumber: 474 -+gidnumber: 474 -+homeDirectory: /home/uid474 -+ -+dn: cn=user475,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user475 -+sn: user475 -+uid: uid475 -+givenname: givenname475 -+description: description475 -+userPassword: password475 -+mail: uid475 -+uidnumber: 475 -+gidnumber: 475 -+homeDirectory: /home/uid475 -+ -+dn: cn=user476,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user476 -+sn: user476 -+uid: uid476 -+givenname: givenname476 -+description: description476 -+userPassword: password476 -+mail: uid476 -+uidnumber: 476 -+gidnumber: 476 -+homeDirectory: /home/uid476 -+ -+dn: cn=user477,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user477 -+sn: user477 -+uid: uid477 -+givenname: givenname477 -+description: description477 -+userPassword: password477 -+mail: uid477 -+uidnumber: 477 -+gidnumber: 477 -+homeDirectory: /home/uid477 -+ -+dn: cn=user478,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user478 -+sn: user478 -+uid: uid478 -+givenname: givenname478 -+description: description478 -+userPassword: password478 -+mail: uid478 -+uidnumber: 478 -+gidnumber: 478 -+homeDirectory: /home/uid478 -+ -+dn: cn=user479,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user479 -+sn: user479 -+uid: uid479 -+givenname: givenname479 -+description: description479 -+userPassword: password479 -+mail: uid479 -+uidnumber: 479 -+gidnumber: 479 -+homeDirectory: /home/uid479 -+ -+dn: cn=user480,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user480 -+sn: user480 -+uid: uid480 -+givenname: givenname480 -+description: description480 -+userPassword: password480 -+mail: uid480 -+uidnumber: 480 -+gidnumber: 480 -+homeDirectory: /home/uid480 -+ -+dn: cn=user481,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user481 -+sn: user481 -+uid: uid481 -+givenname: givenname481 -+description: description481 -+userPassword: password481 -+mail: uid481 -+uidnumber: 481 -+gidnumber: 481 -+homeDirectory: /home/uid481 -+ -+dn: cn=user482,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user482 -+sn: user482 -+uid: uid482 -+givenname: givenname482 -+description: description482 -+userPassword: password482 -+mail: uid482 -+uidnumber: 482 -+gidnumber: 482 -+homeDirectory: /home/uid482 -+ -+dn: cn=user483,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user483 -+sn: user483 -+uid: uid483 -+givenname: givenname483 -+description: description483 -+userPassword: password483 -+mail: uid483 -+uidnumber: 483 -+gidnumber: 483 -+homeDirectory: /home/uid483 -+ -+dn: cn=user484,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user484 -+sn: user484 -+uid: uid484 -+givenname: givenname484 -+description: description484 -+userPassword: password484 -+mail: uid484 -+uidnumber: 484 -+gidnumber: 484 -+homeDirectory: /home/uid484 -+ -+dn: cn=user485,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user485 -+sn: user485 -+uid: uid485 -+givenname: givenname485 -+description: description485 -+userPassword: password485 -+mail: uid485 -+uidnumber: 485 -+gidnumber: 485 -+homeDirectory: /home/uid485 -+ -+dn: cn=user486,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user486 -+sn: user486 -+uid: uid486 -+givenname: givenname486 -+description: description486 -+userPassword: password486 -+mail: uid486 -+uidnumber: 486 -+gidnumber: 486 -+homeDirectory: /home/uid486 -+ -+dn: cn=user487,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user487 -+sn: user487 -+uid: uid487 -+givenname: givenname487 -+description: description487 -+userPassword: password487 -+mail: uid487 -+uidnumber: 487 -+gidnumber: 487 -+homeDirectory: /home/uid487 -+ -+dn: cn=user488,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user488 -+sn: user488 -+uid: uid488 -+givenname: givenname488 -+description: description488 -+userPassword: password488 -+mail: uid488 -+uidnumber: 488 -+gidnumber: 488 -+homeDirectory: /home/uid488 -+ -+dn: cn=user489,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user489 -+sn: user489 -+uid: uid489 -+givenname: givenname489 -+description: description489 -+userPassword: password489 -+mail: uid489 -+uidnumber: 489 -+gidnumber: 489 -+homeDirectory: /home/uid489 -+ -+dn: cn=user490,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user490 -+sn: user490 -+uid: uid490 -+givenname: givenname490 -+description: description490 -+userPassword: password490 -+mail: uid490 -+uidnumber: 490 -+gidnumber: 490 -+homeDirectory: /home/uid490 -+ -+dn: cn=user491,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user491 -+sn: user491 -+uid: uid491 -+givenname: givenname491 -+description: description491 -+userPassword: password491 -+mail: uid491 -+uidnumber: 491 -+gidnumber: 491 -+homeDirectory: /home/uid491 -+ -+dn: cn=user492,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user492 -+sn: user492 -+uid: uid492 -+givenname: givenname492 -+description: description492 -+userPassword: password492 -+mail: uid492 -+uidnumber: 492 -+gidnumber: 492 -+homeDirectory: /home/uid492 -+ -+dn: cn=user493,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user493 -+sn: user493 -+uid: uid493 -+givenname: givenname493 -+description: description493 -+userPassword: password493 -+mail: uid493 -+uidnumber: 493 -+gidnumber: 493 -+homeDirectory: /home/uid493 -+ -+dn: cn=user494,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user494 -+sn: user494 -+uid: uid494 -+givenname: givenname494 -+description: description494 -+userPassword: password494 -+mail: uid494 -+uidnumber: 494 -+gidnumber: 494 -+homeDirectory: /home/uid494 -+ -+dn: cn=user495,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user495 -+sn: user495 -+uid: uid495 -+givenname: givenname495 -+description: description495 -+userPassword: password495 -+mail: uid495 -+uidnumber: 495 -+gidnumber: 495 -+homeDirectory: /home/uid495 -+ -+dn: cn=user496,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user496 -+sn: user496 -+uid: uid496 -+givenname: givenname496 -+description: description496 -+userPassword: password496 -+mail: uid496 -+uidnumber: 496 -+gidnumber: 496 -+homeDirectory: /home/uid496 -+ -+dn: cn=user497,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user497 -+sn: user497 -+uid: uid497 -+givenname: givenname497 -+description: description497 -+userPassword: password497 -+mail: uid497 -+uidnumber: 497 -+gidnumber: 497 -+homeDirectory: /home/uid497 -+ -+dn: cn=user498,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user498 -+sn: user498 -+uid: uid498 -+givenname: givenname498 -+description: description498 -+userPassword: password498 -+mail: uid498 -+uidnumber: 498 -+gidnumber: 498 -+homeDirectory: /home/uid498 -+ -+dn: cn=user499,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user499 -+sn: user499 -+uid: uid499 -+givenname: givenname499 -+description: description499 -+userPassword: password499 -+mail: uid499 -+uidnumber: 499 -+gidnumber: 499 -+homeDirectory: /home/uid499 -+ -+dn: cn=user500,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user500 -+sn: user500 -+uid: uid500 -+givenname: givenname500 -+description: description500 -+userPassword: password500 -+mail: uid500 -+uidnumber: 500 -+gidnumber: 500 -+homeDirectory: /home/uid500 -+ -+dn: cn=user501,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user501 -+sn: user501 -+uid: uid501 -+givenname: givenname501 -+description: description501 -+userPassword: password501 -+mail: uid501 -+uidnumber: 501 -+gidnumber: 501 -+homeDirectory: /home/uid501 -+ -+dn: cn=user502,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user502 -+sn: user502 -+uid: uid502 -+givenname: givenname502 -+description: description502 -+userPassword: password502 -+mail: uid502 -+uidnumber: 502 -+gidnumber: 502 -+homeDirectory: /home/uid502 -+ -+dn: cn=user503,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user503 -+sn: user503 -+uid: uid503 -+givenname: givenname503 -+description: description503 -+userPassword: password503 -+mail: uid503 -+uidnumber: 503 -+gidnumber: 503 -+homeDirectory: /home/uid503 -+ -+dn: cn=user504,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user504 -+sn: user504 -+uid: uid504 -+givenname: givenname504 -+description: description504 -+userPassword: password504 -+mail: uid504 -+uidnumber: 504 -+gidnumber: 504 -+homeDirectory: /home/uid504 -+ -+dn: cn=user505,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user505 -+sn: user505 -+uid: uid505 -+givenname: givenname505 -+description: description505 -+userPassword: password505 -+mail: uid505 -+uidnumber: 505 -+gidnumber: 505 -+homeDirectory: /home/uid505 -+ -+dn: cn=user506,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user506 -+sn: user506 -+uid: uid506 -+givenname: givenname506 -+description: description506 -+userPassword: password506 -+mail: uid506 -+uidnumber: 506 -+gidnumber: 506 -+homeDirectory: /home/uid506 -+ -+dn: cn=user507,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user507 -+sn: user507 -+uid: uid507 -+givenname: givenname507 -+description: description507 -+userPassword: password507 -+mail: uid507 -+uidnumber: 507 -+gidnumber: 507 -+homeDirectory: /home/uid507 -+ -+dn: cn=user508,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user508 -+sn: user508 -+uid: uid508 -+givenname: givenname508 -+description: description508 -+userPassword: password508 -+mail: uid508 -+uidnumber: 508 -+gidnumber: 508 -+homeDirectory: /home/uid508 -+ -+dn: cn=user509,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user509 -+sn: user509 -+uid: uid509 -+givenname: givenname509 -+description: description509 -+userPassword: password509 -+mail: uid509 -+uidnumber: 509 -+gidnumber: 509 -+homeDirectory: /home/uid509 -+ -+dn: cn=user510,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user510 -+sn: user510 -+uid: uid510 -+givenname: givenname510 -+description: description510 -+userPassword: password510 -+mail: uid510 -+uidnumber: 510 -+gidnumber: 510 -+homeDirectory: /home/uid510 -+ -+dn: cn=user511,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user511 -+sn: user511 -+uid: uid511 -+givenname: givenname511 -+description: description511 -+userPassword: password511 -+mail: uid511 -+uidnumber: 511 -+gidnumber: 511 -+homeDirectory: /home/uid511 -+ -+dn: cn=user512,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user512 -+sn: user512 -+uid: uid512 -+givenname: givenname512 -+description: description512 -+userPassword: password512 -+mail: uid512 -+uidnumber: 512 -+gidnumber: 512 -+homeDirectory: /home/uid512 -+ -+dn: cn=user513,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user513 -+sn: user513 -+uid: uid513 -+givenname: givenname513 -+description: description513 -+userPassword: password513 -+mail: uid513 -+uidnumber: 513 -+gidnumber: 513 -+homeDirectory: /home/uid513 -+ -+dn: cn=user514,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user514 -+sn: user514 -+uid: uid514 -+givenname: givenname514 -+description: description514 -+userPassword: password514 -+mail: uid514 -+uidnumber: 514 -+gidnumber: 514 -+homeDirectory: /home/uid514 -+ -+dn: cn=user515,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user515 -+sn: user515 -+uid: uid515 -+givenname: givenname515 -+description: description515 -+userPassword: password515 -+mail: uid515 -+uidnumber: 515 -+gidnumber: 515 -+homeDirectory: /home/uid515 -+ -+dn: cn=user516,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user516 -+sn: user516 -+uid: uid516 -+givenname: givenname516 -+description: description516 -+userPassword: password516 -+mail: uid516 -+uidnumber: 516 -+gidnumber: 516 -+homeDirectory: /home/uid516 -+ -+dn: cn=user517,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user517 -+sn: user517 -+uid: uid517 -+givenname: givenname517 -+description: description517 -+userPassword: password517 -+mail: uid517 -+uidnumber: 517 -+gidnumber: 517 -+homeDirectory: /home/uid517 -+ -+dn: cn=user518,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user518 -+sn: user518 -+uid: uid518 -+givenname: givenname518 -+description: description518 -+userPassword: password518 -+mail: uid518 -+uidnumber: 518 -+gidnumber: 518 -+homeDirectory: /home/uid518 -+ -+dn: cn=user519,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user519 -+sn: user519 -+uid: uid519 -+givenname: givenname519 -+description: description519 -+userPassword: password519 -+mail: uid519 -+uidnumber: 519 -+gidnumber: 519 -+homeDirectory: /home/uid519 -+ -+dn: cn=user520,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user520 -+sn: user520 -+uid: uid520 -+givenname: givenname520 -+description: description520 -+userPassword: password520 -+mail: uid520 -+uidnumber: 520 -+gidnumber: 520 -+homeDirectory: /home/uid520 -+ -+dn: cn=user521,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user521 -+sn: user521 -+uid: uid521 -+givenname: givenname521 -+description: description521 -+userPassword: password521 -+mail: uid521 -+uidnumber: 521 -+gidnumber: 521 -+homeDirectory: /home/uid521 -+ -+dn: cn=user522,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user522 -+sn: user522 -+uid: uid522 -+givenname: givenname522 -+description: description522 -+userPassword: password522 -+mail: uid522 -+uidnumber: 522 -+gidnumber: 522 -+homeDirectory: /home/uid522 -+ -+dn: cn=user523,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user523 -+sn: user523 -+uid: uid523 -+givenname: givenname523 -+description: description523 -+userPassword: password523 -+mail: uid523 -+uidnumber: 523 -+gidnumber: 523 -+homeDirectory: /home/uid523 -+ -+dn: cn=user524,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user524 -+sn: user524 -+uid: uid524 -+givenname: givenname524 -+description: description524 -+userPassword: password524 -+mail: uid524 -+uidnumber: 524 -+gidnumber: 524 -+homeDirectory: /home/uid524 -+ -+dn: cn=user525,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user525 -+sn: user525 -+uid: uid525 -+givenname: givenname525 -+description: description525 -+userPassword: password525 -+mail: uid525 -+uidnumber: 525 -+gidnumber: 525 -+homeDirectory: /home/uid525 -+ -+dn: cn=user526,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user526 -+sn: user526 -+uid: uid526 -+givenname: givenname526 -+description: description526 -+userPassword: password526 -+mail: uid526 -+uidnumber: 526 -+gidnumber: 526 -+homeDirectory: /home/uid526 -+ -+dn: cn=user527,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user527 -+sn: user527 -+uid: uid527 -+givenname: givenname527 -+description: description527 -+userPassword: password527 -+mail: uid527 -+uidnumber: 527 -+gidnumber: 527 -+homeDirectory: /home/uid527 -+ -+dn: cn=user528,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user528 -+sn: user528 -+uid: uid528 -+givenname: givenname528 -+description: description528 -+userPassword: password528 -+mail: uid528 -+uidnumber: 528 -+gidnumber: 528 -+homeDirectory: /home/uid528 -+ -+dn: cn=user529,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user529 -+sn: user529 -+uid: uid529 -+givenname: givenname529 -+description: description529 -+userPassword: password529 -+mail: uid529 -+uidnumber: 529 -+gidnumber: 529 -+homeDirectory: /home/uid529 -+ -+dn: cn=user530,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user530 -+sn: user530 -+uid: uid530 -+givenname: givenname530 -+description: description530 -+userPassword: password530 -+mail: uid530 -+uidnumber: 530 -+gidnumber: 530 -+homeDirectory: /home/uid530 -+ -+dn: cn=user531,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user531 -+sn: user531 -+uid: uid531 -+givenname: givenname531 -+description: description531 -+userPassword: password531 -+mail: uid531 -+uidnumber: 531 -+gidnumber: 531 -+homeDirectory: /home/uid531 -+ -+dn: cn=user532,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user532 -+sn: user532 -+uid: uid532 -+givenname: givenname532 -+description: description532 -+userPassword: password532 -+mail: uid532 -+uidnumber: 532 -+gidnumber: 532 -+homeDirectory: /home/uid532 -+ -+dn: cn=user533,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user533 -+sn: user533 -+uid: uid533 -+givenname: givenname533 -+description: description533 -+userPassword: password533 -+mail: uid533 -+uidnumber: 533 -+gidnumber: 533 -+homeDirectory: /home/uid533 -+ -+dn: cn=user534,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user534 -+sn: user534 -+uid: uid534 -+givenname: givenname534 -+description: description534 -+userPassword: password534 -+mail: uid534 -+uidnumber: 534 -+gidnumber: 534 -+homeDirectory: /home/uid534 -+ -+dn: cn=user535,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user535 -+sn: user535 -+uid: uid535 -+givenname: givenname535 -+description: description535 -+userPassword: password535 -+mail: uid535 -+uidnumber: 535 -+gidnumber: 535 -+homeDirectory: /home/uid535 -+ -+dn: cn=user536,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user536 -+sn: user536 -+uid: uid536 -+givenname: givenname536 -+description: description536 -+userPassword: password536 -+mail: uid536 -+uidnumber: 536 -+gidnumber: 536 -+homeDirectory: /home/uid536 -+ -+dn: cn=user537,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user537 -+sn: user537 -+uid: uid537 -+givenname: givenname537 -+description: description537 -+userPassword: password537 -+mail: uid537 -+uidnumber: 537 -+gidnumber: 537 -+homeDirectory: /home/uid537 -+ -+dn: cn=user538,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user538 -+sn: user538 -+uid: uid538 -+givenname: givenname538 -+description: description538 -+userPassword: password538 -+mail: uid538 -+uidnumber: 538 -+gidnumber: 538 -+homeDirectory: /home/uid538 -+ -+dn: cn=user539,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user539 -+sn: user539 -+uid: uid539 -+givenname: givenname539 -+description: description539 -+userPassword: password539 -+mail: uid539 -+uidnumber: 539 -+gidnumber: 539 -+homeDirectory: /home/uid539 -+ -+dn: cn=user540,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user540 -+sn: user540 -+uid: uid540 -+givenname: givenname540 -+description: description540 -+userPassword: password540 -+mail: uid540 -+uidnumber: 540 -+gidnumber: 540 -+homeDirectory: /home/uid540 -+ -+dn: cn=user541,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user541 -+sn: user541 -+uid: uid541 -+givenname: givenname541 -+description: description541 -+userPassword: password541 -+mail: uid541 -+uidnumber: 541 -+gidnumber: 541 -+homeDirectory: /home/uid541 -+ -+dn: cn=user542,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user542 -+sn: user542 -+uid: uid542 -+givenname: givenname542 -+description: description542 -+userPassword: password542 -+mail: uid542 -+uidnumber: 542 -+gidnumber: 542 -+homeDirectory: /home/uid542 -+ -+dn: cn=user543,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user543 -+sn: user543 -+uid: uid543 -+givenname: givenname543 -+description: description543 -+userPassword: password543 -+mail: uid543 -+uidnumber: 543 -+gidnumber: 543 -+homeDirectory: /home/uid543 -+ -+dn: cn=user544,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user544 -+sn: user544 -+uid: uid544 -+givenname: givenname544 -+description: description544 -+userPassword: password544 -+mail: uid544 -+uidnumber: 544 -+gidnumber: 544 -+homeDirectory: /home/uid544 -+ -+dn: cn=user545,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user545 -+sn: user545 -+uid: uid545 -+givenname: givenname545 -+description: description545 -+userPassword: password545 -+mail: uid545 -+uidnumber: 545 -+gidnumber: 545 -+homeDirectory: /home/uid545 -+ -+dn: cn=user546,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user546 -+sn: user546 -+uid: uid546 -+givenname: givenname546 -+description: description546 -+userPassword: password546 -+mail: uid546 -+uidnumber: 546 -+gidnumber: 546 -+homeDirectory: /home/uid546 -+ -+dn: cn=user547,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user547 -+sn: user547 -+uid: uid547 -+givenname: givenname547 -+description: description547 -+userPassword: password547 -+mail: uid547 -+uidnumber: 547 -+gidnumber: 547 -+homeDirectory: /home/uid547 -+ -+dn: cn=user548,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user548 -+sn: user548 -+uid: uid548 -+givenname: givenname548 -+description: description548 -+userPassword: password548 -+mail: uid548 -+uidnumber: 548 -+gidnumber: 548 -+homeDirectory: /home/uid548 -+ -+dn: cn=user549,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user549 -+sn: user549 -+uid: uid549 -+givenname: givenname549 -+description: description549 -+userPassword: password549 -+mail: uid549 -+uidnumber: 549 -+gidnumber: 549 -+homeDirectory: /home/uid549 -+ -+dn: cn=user550,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user550 -+sn: user550 -+uid: uid550 -+givenname: givenname550 -+description: description550 -+userPassword: password550 -+mail: uid550 -+uidnumber: 550 -+gidnumber: 550 -+homeDirectory: /home/uid550 -+ -+dn: cn=user551,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user551 -+sn: user551 -+uid: uid551 -+givenname: givenname551 -+description: description551 -+userPassword: password551 -+mail: uid551 -+uidnumber: 551 -+gidnumber: 551 -+homeDirectory: /home/uid551 -+ -+dn: cn=user552,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user552 -+sn: user552 -+uid: uid552 -+givenname: givenname552 -+description: description552 -+userPassword: password552 -+mail: uid552 -+uidnumber: 552 -+gidnumber: 552 -+homeDirectory: /home/uid552 -+ -+dn: cn=user553,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user553 -+sn: user553 -+uid: uid553 -+givenname: givenname553 -+description: description553 -+userPassword: password553 -+mail: uid553 -+uidnumber: 553 -+gidnumber: 553 -+homeDirectory: /home/uid553 -+ -+dn: cn=user554,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user554 -+sn: user554 -+uid: uid554 -+givenname: givenname554 -+description: description554 -+userPassword: password554 -+mail: uid554 -+uidnumber: 554 -+gidnumber: 554 -+homeDirectory: /home/uid554 -+ -+dn: cn=user555,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user555 -+sn: user555 -+uid: uid555 -+givenname: givenname555 -+description: description555 -+userPassword: password555 -+mail: uid555 -+uidnumber: 555 -+gidnumber: 555 -+homeDirectory: /home/uid555 -+ -+dn: cn=user556,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user556 -+sn: user556 -+uid: uid556 -+givenname: givenname556 -+description: description556 -+userPassword: password556 -+mail: uid556 -+uidnumber: 556 -+gidnumber: 556 -+homeDirectory: /home/uid556 -+ -+dn: cn=user557,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user557 -+sn: user557 -+uid: uid557 -+givenname: givenname557 -+description: description557 -+userPassword: password557 -+mail: uid557 -+uidnumber: 557 -+gidnumber: 557 -+homeDirectory: /home/uid557 -+ -+dn: cn=user558,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user558 -+sn: user558 -+uid: uid558 -+givenname: givenname558 -+description: description558 -+userPassword: password558 -+mail: uid558 -+uidnumber: 558 -+gidnumber: 558 -+homeDirectory: /home/uid558 -+ -+dn: cn=user559,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user559 -+sn: user559 -+uid: uid559 -+givenname: givenname559 -+description: description559 -+userPassword: password559 -+mail: uid559 -+uidnumber: 559 -+gidnumber: 559 -+homeDirectory: /home/uid559 -+ -+dn: cn=user560,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user560 -+sn: user560 -+uid: uid560 -+givenname: givenname560 -+description: description560 -+userPassword: password560 -+mail: uid560 -+uidnumber: 560 -+gidnumber: 560 -+homeDirectory: /home/uid560 -+ -+dn: cn=user561,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user561 -+sn: user561 -+uid: uid561 -+givenname: givenname561 -+description: description561 -+userPassword: password561 -+mail: uid561 -+uidnumber: 561 -+gidnumber: 561 -+homeDirectory: /home/uid561 -+ -+dn: cn=user562,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user562 -+sn: user562 -+uid: uid562 -+givenname: givenname562 -+description: description562 -+userPassword: password562 -+mail: uid562 -+uidnumber: 562 -+gidnumber: 562 -+homeDirectory: /home/uid562 -+ -+dn: cn=user563,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user563 -+sn: user563 -+uid: uid563 -+givenname: givenname563 -+description: description563 -+userPassword: password563 -+mail: uid563 -+uidnumber: 563 -+gidnumber: 563 -+homeDirectory: /home/uid563 -+ -+dn: cn=user564,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user564 -+sn: user564 -+uid: uid564 -+givenname: givenname564 -+description: description564 -+userPassword: password564 -+mail: uid564 -+uidnumber: 564 -+gidnumber: 564 -+homeDirectory: /home/uid564 -+ -+dn: cn=user565,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user565 -+sn: user565 -+uid: uid565 -+givenname: givenname565 -+description: description565 -+userPassword: password565 -+mail: uid565 -+uidnumber: 565 -+gidnumber: 565 -+homeDirectory: /home/uid565 -+ -+dn: cn=user566,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user566 -+sn: user566 -+uid: uid566 -+givenname: givenname566 -+description: description566 -+userPassword: password566 -+mail: uid566 -+uidnumber: 566 -+gidnumber: 566 -+homeDirectory: /home/uid566 -+ -+dn: cn=user567,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user567 -+sn: user567 -+uid: uid567 -+givenname: givenname567 -+description: description567 -+userPassword: password567 -+mail: uid567 -+uidnumber: 567 -+gidnumber: 567 -+homeDirectory: /home/uid567 -+ -+dn: cn=user568,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user568 -+sn: user568 -+uid: uid568 -+givenname: givenname568 -+description: description568 -+userPassword: password568 -+mail: uid568 -+uidnumber: 568 -+gidnumber: 568 -+homeDirectory: /home/uid568 -+ -+dn: cn=user569,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user569 -+sn: user569 -+uid: uid569 -+givenname: givenname569 -+description: description569 -+userPassword: password569 -+mail: uid569 -+uidnumber: 569 -+gidnumber: 569 -+homeDirectory: /home/uid569 -+ -+dn: cn=user570,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user570 -+sn: user570 -+uid: uid570 -+givenname: givenname570 -+description: description570 -+userPassword: password570 -+mail: uid570 -+uidnumber: 570 -+gidnumber: 570 -+homeDirectory: /home/uid570 -+ -+dn: cn=user571,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user571 -+sn: user571 -+uid: uid571 -+givenname: givenname571 -+description: description571 -+userPassword: password571 -+mail: uid571 -+uidnumber: 571 -+gidnumber: 571 -+homeDirectory: /home/uid571 -+ -+dn: cn=user572,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user572 -+sn: user572 -+uid: uid572 -+givenname: givenname572 -+description: description572 -+userPassword: password572 -+mail: uid572 -+uidnumber: 572 -+gidnumber: 572 -+homeDirectory: /home/uid572 -+ -+dn: cn=user573,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user573 -+sn: user573 -+uid: uid573 -+givenname: givenname573 -+description: description573 -+userPassword: password573 -+mail: uid573 -+uidnumber: 573 -+gidnumber: 573 -+homeDirectory: /home/uid573 -+ -+dn: cn=user574,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user574 -+sn: user574 -+uid: uid574 -+givenname: givenname574 -+description: description574 -+userPassword: password574 -+mail: uid574 -+uidnumber: 574 -+gidnumber: 574 -+homeDirectory: /home/uid574 -+ -+dn: cn=user575,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user575 -+sn: user575 -+uid: uid575 -+givenname: givenname575 -+description: description575 -+userPassword: password575 -+mail: uid575 -+uidnumber: 575 -+gidnumber: 575 -+homeDirectory: /home/uid575 -+ -+dn: cn=user576,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user576 -+sn: user576 -+uid: uid576 -+givenname: givenname576 -+description: description576 -+userPassword: password576 -+mail: uid576 -+uidnumber: 576 -+gidnumber: 576 -+homeDirectory: /home/uid576 -+ -+dn: cn=user577,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user577 -+sn: user577 -+uid: uid577 -+givenname: givenname577 -+description: description577 -+userPassword: password577 -+mail: uid577 -+uidnumber: 577 -+gidnumber: 577 -+homeDirectory: /home/uid577 -+ -+dn: cn=user578,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user578 -+sn: user578 -+uid: uid578 -+givenname: givenname578 -+description: description578 -+userPassword: password578 -+mail: uid578 -+uidnumber: 578 -+gidnumber: 578 -+homeDirectory: /home/uid578 -+ -+dn: cn=user579,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user579 -+sn: user579 -+uid: uid579 -+givenname: givenname579 -+description: description579 -+userPassword: password579 -+mail: uid579 -+uidnumber: 579 -+gidnumber: 579 -+homeDirectory: /home/uid579 -+ -+dn: cn=user580,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user580 -+sn: user580 -+uid: uid580 -+givenname: givenname580 -+description: description580 -+userPassword: password580 -+mail: uid580 -+uidnumber: 580 -+gidnumber: 580 -+homeDirectory: /home/uid580 -+ -+dn: cn=user581,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user581 -+sn: user581 -+uid: uid581 -+givenname: givenname581 -+description: description581 -+userPassword: password581 -+mail: uid581 -+uidnumber: 581 -+gidnumber: 581 -+homeDirectory: /home/uid581 -+ -+dn: cn=user582,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user582 -+sn: user582 -+uid: uid582 -+givenname: givenname582 -+description: description582 -+userPassword: password582 -+mail: uid582 -+uidnumber: 582 -+gidnumber: 582 -+homeDirectory: /home/uid582 -+ -+dn: cn=user583,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user583 -+sn: user583 -+uid: uid583 -+givenname: givenname583 -+description: description583 -+userPassword: password583 -+mail: uid583 -+uidnumber: 583 -+gidnumber: 583 -+homeDirectory: /home/uid583 -+ -+dn: cn=user584,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user584 -+sn: user584 -+uid: uid584 -+givenname: givenname584 -+description: description584 -+userPassword: password584 -+mail: uid584 -+uidnumber: 584 -+gidnumber: 584 -+homeDirectory: /home/uid584 -+ -+dn: cn=user585,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user585 -+sn: user585 -+uid: uid585 -+givenname: givenname585 -+description: description585 -+userPassword: password585 -+mail: uid585 -+uidnumber: 585 -+gidnumber: 585 -+homeDirectory: /home/uid585 -+ -+dn: cn=user586,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user586 -+sn: user586 -+uid: uid586 -+givenname: givenname586 -+description: description586 -+userPassword: password586 -+mail: uid586 -+uidnumber: 586 -+gidnumber: 586 -+homeDirectory: /home/uid586 -+ -+dn: cn=user587,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user587 -+sn: user587 -+uid: uid587 -+givenname: givenname587 -+description: description587 -+userPassword: password587 -+mail: uid587 -+uidnumber: 587 -+gidnumber: 587 -+homeDirectory: /home/uid587 -+ -+dn: cn=user588,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user588 -+sn: user588 -+uid: uid588 -+givenname: givenname588 -+description: description588 -+userPassword: password588 -+mail: uid588 -+uidnumber: 588 -+gidnumber: 588 -+homeDirectory: /home/uid588 -+ -+dn: cn=user589,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user589 -+sn: user589 -+uid: uid589 -+givenname: givenname589 -+description: description589 -+userPassword: password589 -+mail: uid589 -+uidnumber: 589 -+gidnumber: 589 -+homeDirectory: /home/uid589 -+ -+dn: cn=user590,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user590 -+sn: user590 -+uid: uid590 -+givenname: givenname590 -+description: description590 -+userPassword: password590 -+mail: uid590 -+uidnumber: 590 -+gidnumber: 590 -+homeDirectory: /home/uid590 -+ -+dn: cn=user591,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user591 -+sn: user591 -+uid: uid591 -+givenname: givenname591 -+description: description591 -+userPassword: password591 -+mail: uid591 -+uidnumber: 591 -+gidnumber: 591 -+homeDirectory: /home/uid591 -+ -+dn: cn=user592,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user592 -+sn: user592 -+uid: uid592 -+givenname: givenname592 -+description: description592 -+userPassword: password592 -+mail: uid592 -+uidnumber: 592 -+gidnumber: 592 -+homeDirectory: /home/uid592 -+ -+dn: cn=user593,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user593 -+sn: user593 -+uid: uid593 -+givenname: givenname593 -+description: description593 -+userPassword: password593 -+mail: uid593 -+uidnumber: 593 -+gidnumber: 593 -+homeDirectory: /home/uid593 -+ -+dn: cn=user594,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user594 -+sn: user594 -+uid: uid594 -+givenname: givenname594 -+description: description594 -+userPassword: password594 -+mail: uid594 -+uidnumber: 594 -+gidnumber: 594 -+homeDirectory: /home/uid594 -+ -+dn: cn=user595,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user595 -+sn: user595 -+uid: uid595 -+givenname: givenname595 -+description: description595 -+userPassword: password595 -+mail: uid595 -+uidnumber: 595 -+gidnumber: 595 -+homeDirectory: /home/uid595 -+ -+dn: cn=user596,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user596 -+sn: user596 -+uid: uid596 -+givenname: givenname596 -+description: description596 -+userPassword: password596 -+mail: uid596 -+uidnumber: 596 -+gidnumber: 596 -+homeDirectory: /home/uid596 -+ -+dn: cn=user597,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user597 -+sn: user597 -+uid: uid597 -+givenname: givenname597 -+description: description597 -+userPassword: password597 -+mail: uid597 -+uidnumber: 597 -+gidnumber: 597 -+homeDirectory: /home/uid597 -+ -+dn: cn=user598,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user598 -+sn: user598 -+uid: uid598 -+givenname: givenname598 -+description: description598 -+userPassword: password598 -+mail: uid598 -+uidnumber: 598 -+gidnumber: 598 -+homeDirectory: /home/uid598 -+ -+dn: cn=user599,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user599 -+sn: user599 -+uid: uid599 -+givenname: givenname599 -+description: description599 -+userPassword: password599 -+mail: uid599 -+uidnumber: 599 -+gidnumber: 599 -+homeDirectory: /home/uid599 -+ -+dn: cn=user600,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user600 -+sn: user600 -+uid: uid600 -+givenname: givenname600 -+description: description600 -+userPassword: password600 -+mail: uid600 -+uidnumber: 600 -+gidnumber: 600 -+homeDirectory: /home/uid600 -+ -+dn: cn=user601,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user601 -+sn: user601 -+uid: uid601 -+givenname: givenname601 -+description: description601 -+userPassword: password601 -+mail: uid601 -+uidnumber: 601 -+gidnumber: 601 -+homeDirectory: /home/uid601 -+ -+dn: cn=user602,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user602 -+sn: user602 -+uid: uid602 -+givenname: givenname602 -+description: description602 -+userPassword: password602 -+mail: uid602 -+uidnumber: 602 -+gidnumber: 602 -+homeDirectory: /home/uid602 -+ -+dn: cn=user603,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user603 -+sn: user603 -+uid: uid603 -+givenname: givenname603 -+description: description603 -+userPassword: password603 -+mail: uid603 -+uidnumber: 603 -+gidnumber: 603 -+homeDirectory: /home/uid603 -+ -+dn: cn=user604,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user604 -+sn: user604 -+uid: uid604 -+givenname: givenname604 -+description: description604 -+userPassword: password604 -+mail: uid604 -+uidnumber: 604 -+gidnumber: 604 -+homeDirectory: /home/uid604 -+ -+dn: cn=user605,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user605 -+sn: user605 -+uid: uid605 -+givenname: givenname605 -+description: description605 -+userPassword: password605 -+mail: uid605 -+uidnumber: 605 -+gidnumber: 605 -+homeDirectory: /home/uid605 -+ -+dn: cn=user606,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user606 -+sn: user606 -+uid: uid606 -+givenname: givenname606 -+description: description606 -+userPassword: password606 -+mail: uid606 -+uidnumber: 606 -+gidnumber: 606 -+homeDirectory: /home/uid606 -+ -+dn: cn=user607,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user607 -+sn: user607 -+uid: uid607 -+givenname: givenname607 -+description: description607 -+userPassword: password607 -+mail: uid607 -+uidnumber: 607 -+gidnumber: 607 -+homeDirectory: /home/uid607 -+ -+dn: cn=user608,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user608 -+sn: user608 -+uid: uid608 -+givenname: givenname608 -+description: description608 -+userPassword: password608 -+mail: uid608 -+uidnumber: 608 -+gidnumber: 608 -+homeDirectory: /home/uid608 -+ -+dn: cn=user609,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user609 -+sn: user609 -+uid: uid609 -+givenname: givenname609 -+description: description609 -+userPassword: password609 -+mail: uid609 -+uidnumber: 609 -+gidnumber: 609 -+homeDirectory: /home/uid609 -+ -+dn: cn=user610,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user610 -+sn: user610 -+uid: uid610 -+givenname: givenname610 -+description: description610 -+userPassword: password610 -+mail: uid610 -+uidnumber: 610 -+gidnumber: 610 -+homeDirectory: /home/uid610 -+ -+dn: cn=user611,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user611 -+sn: user611 -+uid: uid611 -+givenname: givenname611 -+description: description611 -+userPassword: password611 -+mail: uid611 -+uidnumber: 611 -+gidnumber: 611 -+homeDirectory: /home/uid611 -+ -+dn: cn=user612,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user612 -+sn: user612 -+uid: uid612 -+givenname: givenname612 -+description: description612 -+userPassword: password612 -+mail: uid612 -+uidnumber: 612 -+gidnumber: 612 -+homeDirectory: /home/uid612 -+ -+dn: cn=user613,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user613 -+sn: user613 -+uid: uid613 -+givenname: givenname613 -+description: description613 -+userPassword: password613 -+mail: uid613 -+uidnumber: 613 -+gidnumber: 613 -+homeDirectory: /home/uid613 -+ -+dn: cn=user614,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user614 -+sn: user614 -+uid: uid614 -+givenname: givenname614 -+description: description614 -+userPassword: password614 -+mail: uid614 -+uidnumber: 614 -+gidnumber: 614 -+homeDirectory: /home/uid614 -+ -+dn: cn=user615,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user615 -+sn: user615 -+uid: uid615 -+givenname: givenname615 -+description: description615 -+userPassword: password615 -+mail: uid615 -+uidnumber: 615 -+gidnumber: 615 -+homeDirectory: /home/uid615 -+ -+dn: cn=user616,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user616 -+sn: user616 -+uid: uid616 -+givenname: givenname616 -+description: description616 -+userPassword: password616 -+mail: uid616 -+uidnumber: 616 -+gidnumber: 616 -+homeDirectory: /home/uid616 -+ -+dn: cn=user617,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user617 -+sn: user617 -+uid: uid617 -+givenname: givenname617 -+description: description617 -+userPassword: password617 -+mail: uid617 -+uidnumber: 617 -+gidnumber: 617 -+homeDirectory: /home/uid617 -+ -+dn: cn=user618,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user618 -+sn: user618 -+uid: uid618 -+givenname: givenname618 -+description: description618 -+userPassword: password618 -+mail: uid618 -+uidnumber: 618 -+gidnumber: 618 -+homeDirectory: /home/uid618 -+ -+dn: cn=user619,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user619 -+sn: user619 -+uid: uid619 -+givenname: givenname619 -+description: description619 -+userPassword: password619 -+mail: uid619 -+uidnumber: 619 -+gidnumber: 619 -+homeDirectory: /home/uid619 -+ -+dn: cn=user620,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user620 -+sn: user620 -+uid: uid620 -+givenname: givenname620 -+description: description620 -+userPassword: password620 -+mail: uid620 -+uidnumber: 620 -+gidnumber: 620 -+homeDirectory: /home/uid620 -+ -+dn: cn=user621,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user621 -+sn: user621 -+uid: uid621 -+givenname: givenname621 -+description: description621 -+userPassword: password621 -+mail: uid621 -+uidnumber: 621 -+gidnumber: 621 -+homeDirectory: /home/uid621 -+ -+dn: cn=user622,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user622 -+sn: user622 -+uid: uid622 -+givenname: givenname622 -+description: description622 -+userPassword: password622 -+mail: uid622 -+uidnumber: 622 -+gidnumber: 622 -+homeDirectory: /home/uid622 -+ -+dn: cn=user623,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user623 -+sn: user623 -+uid: uid623 -+givenname: givenname623 -+description: description623 -+userPassword: password623 -+mail: uid623 -+uidnumber: 623 -+gidnumber: 623 -+homeDirectory: /home/uid623 -+ -+dn: cn=user624,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user624 -+sn: user624 -+uid: uid624 -+givenname: givenname624 -+description: description624 -+userPassword: password624 -+mail: uid624 -+uidnumber: 624 -+gidnumber: 624 -+homeDirectory: /home/uid624 -+ -+dn: cn=user625,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user625 -+sn: user625 -+uid: uid625 -+givenname: givenname625 -+description: description625 -+userPassword: password625 -+mail: uid625 -+uidnumber: 625 -+gidnumber: 625 -+homeDirectory: /home/uid625 -+ -+dn: cn=user626,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user626 -+sn: user626 -+uid: uid626 -+givenname: givenname626 -+description: description626 -+userPassword: password626 -+mail: uid626 -+uidnumber: 626 -+gidnumber: 626 -+homeDirectory: /home/uid626 -+ -+dn: cn=user627,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user627 -+sn: user627 -+uid: uid627 -+givenname: givenname627 -+description: description627 -+userPassword: password627 -+mail: uid627 -+uidnumber: 627 -+gidnumber: 627 -+homeDirectory: /home/uid627 -+ -+dn: cn=user628,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user628 -+sn: user628 -+uid: uid628 -+givenname: givenname628 -+description: description628 -+userPassword: password628 -+mail: uid628 -+uidnumber: 628 -+gidnumber: 628 -+homeDirectory: /home/uid628 -+ -+dn: cn=user629,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user629 -+sn: user629 -+uid: uid629 -+givenname: givenname629 -+description: description629 -+userPassword: password629 -+mail: uid629 -+uidnumber: 629 -+gidnumber: 629 -+homeDirectory: /home/uid629 -+ -+dn: cn=user630,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user630 -+sn: user630 -+uid: uid630 -+givenname: givenname630 -+description: description630 -+userPassword: password630 -+mail: uid630 -+uidnumber: 630 -+gidnumber: 630 -+homeDirectory: /home/uid630 -+ -+dn: cn=user631,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user631 -+sn: user631 -+uid: uid631 -+givenname: givenname631 -+description: description631 -+userPassword: password631 -+mail: uid631 -+uidnumber: 631 -+gidnumber: 631 -+homeDirectory: /home/uid631 -+ -+dn: cn=user632,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user632 -+sn: user632 -+uid: uid632 -+givenname: givenname632 -+description: description632 -+userPassword: password632 -+mail: uid632 -+uidnumber: 632 -+gidnumber: 632 -+homeDirectory: /home/uid632 -+ -+dn: cn=user633,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user633 -+sn: user633 -+uid: uid633 -+givenname: givenname633 -+description: description633 -+userPassword: password633 -+mail: uid633 -+uidnumber: 633 -+gidnumber: 633 -+homeDirectory: /home/uid633 -+ -+dn: cn=user634,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user634 -+sn: user634 -+uid: uid634 -+givenname: givenname634 -+description: description634 -+userPassword: password634 -+mail: uid634 -+uidnumber: 634 -+gidnumber: 634 -+homeDirectory: /home/uid634 -+ -+dn: cn=user635,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user635 -+sn: user635 -+uid: uid635 -+givenname: givenname635 -+description: description635 -+userPassword: password635 -+mail: uid635 -+uidnumber: 635 -+gidnumber: 635 -+homeDirectory: /home/uid635 -+ -+dn: cn=user636,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user636 -+sn: user636 -+uid: uid636 -+givenname: givenname636 -+description: description636 -+userPassword: password636 -+mail: uid636 -+uidnumber: 636 -+gidnumber: 636 -+homeDirectory: /home/uid636 -+ -+dn: cn=user637,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user637 -+sn: user637 -+uid: uid637 -+givenname: givenname637 -+description: description637 -+userPassword: password637 -+mail: uid637 -+uidnumber: 637 -+gidnumber: 637 -+homeDirectory: /home/uid637 -+ -+dn: cn=user638,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user638 -+sn: user638 -+uid: uid638 -+givenname: givenname638 -+description: description638 -+userPassword: password638 -+mail: uid638 -+uidnumber: 638 -+gidnumber: 638 -+homeDirectory: /home/uid638 -+ -+dn: cn=user639,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user639 -+sn: user639 -+uid: uid639 -+givenname: givenname639 -+description: description639 -+userPassword: password639 -+mail: uid639 -+uidnumber: 639 -+gidnumber: 639 -+homeDirectory: /home/uid639 -+ -+dn: cn=user640,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user640 -+sn: user640 -+uid: uid640 -+givenname: givenname640 -+description: description640 -+userPassword: password640 -+mail: uid640 -+uidnumber: 640 -+gidnumber: 640 -+homeDirectory: /home/uid640 -+ -+dn: cn=user641,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user641 -+sn: user641 -+uid: uid641 -+givenname: givenname641 -+description: description641 -+userPassword: password641 -+mail: uid641 -+uidnumber: 641 -+gidnumber: 641 -+homeDirectory: /home/uid641 -+ -+dn: cn=user642,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user642 -+sn: user642 -+uid: uid642 -+givenname: givenname642 -+description: description642 -+userPassword: password642 -+mail: uid642 -+uidnumber: 642 -+gidnumber: 642 -+homeDirectory: /home/uid642 -+ -+dn: cn=user643,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user643 -+sn: user643 -+uid: uid643 -+givenname: givenname643 -+description: description643 -+userPassword: password643 -+mail: uid643 -+uidnumber: 643 -+gidnumber: 643 -+homeDirectory: /home/uid643 -+ -+dn: cn=user644,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user644 -+sn: user644 -+uid: uid644 -+givenname: givenname644 -+description: description644 -+userPassword: password644 -+mail: uid644 -+uidnumber: 644 -+gidnumber: 644 -+homeDirectory: /home/uid644 -+ -+dn: cn=user645,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user645 -+sn: user645 -+uid: uid645 -+givenname: givenname645 -+description: description645 -+userPassword: password645 -+mail: uid645 -+uidnumber: 645 -+gidnumber: 645 -+homeDirectory: /home/uid645 -+ -+dn: cn=user646,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user646 -+sn: user646 -+uid: uid646 -+givenname: givenname646 -+description: description646 -+userPassword: password646 -+mail: uid646 -+uidnumber: 646 -+gidnumber: 646 -+homeDirectory: /home/uid646 -+ -+dn: cn=user647,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user647 -+sn: user647 -+uid: uid647 -+givenname: givenname647 -+description: description647 -+userPassword: password647 -+mail: uid647 -+uidnumber: 647 -+gidnumber: 647 -+homeDirectory: /home/uid647 -+ -+dn: cn=user648,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user648 -+sn: user648 -+uid: uid648 -+givenname: givenname648 -+description: description648 -+userPassword: password648 -+mail: uid648 -+uidnumber: 648 -+gidnumber: 648 -+homeDirectory: /home/uid648 -+ -+dn: cn=user649,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user649 -+sn: user649 -+uid: uid649 -+givenname: givenname649 -+description: description649 -+userPassword: password649 -+mail: uid649 -+uidnumber: 649 -+gidnumber: 649 -+homeDirectory: /home/uid649 -+ -+dn: cn=user650,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user650 -+sn: user650 -+uid: uid650 -+givenname: givenname650 -+description: description650 -+userPassword: password650 -+mail: uid650 -+uidnumber: 650 -+gidnumber: 650 -+homeDirectory: /home/uid650 -+ -+dn: cn=user651,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user651 -+sn: user651 -+uid: uid651 -+givenname: givenname651 -+description: description651 -+userPassword: password651 -+mail: uid651 -+uidnumber: 651 -+gidnumber: 651 -+homeDirectory: /home/uid651 -+ -+dn: cn=user652,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user652 -+sn: user652 -+uid: uid652 -+givenname: givenname652 -+description: description652 -+userPassword: password652 -+mail: uid652 -+uidnumber: 652 -+gidnumber: 652 -+homeDirectory: /home/uid652 -+ -+dn: cn=user653,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user653 -+sn: user653 -+uid: uid653 -+givenname: givenname653 -+description: description653 -+userPassword: password653 -+mail: uid653 -+uidnumber: 653 -+gidnumber: 653 -+homeDirectory: /home/uid653 -+ -+dn: cn=user654,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user654 -+sn: user654 -+uid: uid654 -+givenname: givenname654 -+description: description654 -+userPassword: password654 -+mail: uid654 -+uidnumber: 654 -+gidnumber: 654 -+homeDirectory: /home/uid654 -+ -+dn: cn=user655,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user655 -+sn: user655 -+uid: uid655 -+givenname: givenname655 -+description: description655 -+userPassword: password655 -+mail: uid655 -+uidnumber: 655 -+gidnumber: 655 -+homeDirectory: /home/uid655 -+ -+dn: cn=user656,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user656 -+sn: user656 -+uid: uid656 -+givenname: givenname656 -+description: description656 -+userPassword: password656 -+mail: uid656 -+uidnumber: 656 -+gidnumber: 656 -+homeDirectory: /home/uid656 -+ -+dn: cn=user657,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user657 -+sn: user657 -+uid: uid657 -+givenname: givenname657 -+description: description657 -+userPassword: password657 -+mail: uid657 -+uidnumber: 657 -+gidnumber: 657 -+homeDirectory: /home/uid657 -+ -+dn: cn=user658,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user658 -+sn: user658 -+uid: uid658 -+givenname: givenname658 -+description: description658 -+userPassword: password658 -+mail: uid658 -+uidnumber: 658 -+gidnumber: 658 -+homeDirectory: /home/uid658 -+ -+dn: cn=user659,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user659 -+sn: user659 -+uid: uid659 -+givenname: givenname659 -+description: description659 -+userPassword: password659 -+mail: uid659 -+uidnumber: 659 -+gidnumber: 659 -+homeDirectory: /home/uid659 -+ -+dn: cn=user660,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user660 -+sn: user660 -+uid: uid660 -+givenname: givenname660 -+description: description660 -+userPassword: password660 -+mail: uid660 -+uidnumber: 660 -+gidnumber: 660 -+homeDirectory: /home/uid660 -+ -+dn: cn=user661,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user661 -+sn: user661 -+uid: uid661 -+givenname: givenname661 -+description: description661 -+userPassword: password661 -+mail: uid661 -+uidnumber: 661 -+gidnumber: 661 -+homeDirectory: /home/uid661 -+ -+dn: cn=user662,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user662 -+sn: user662 -+uid: uid662 -+givenname: givenname662 -+description: description662 -+userPassword: password662 -+mail: uid662 -+uidnumber: 662 -+gidnumber: 662 -+homeDirectory: /home/uid662 -+ -+dn: cn=user663,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user663 -+sn: user663 -+uid: uid663 -+givenname: givenname663 -+description: description663 -+userPassword: password663 -+mail: uid663 -+uidnumber: 663 -+gidnumber: 663 -+homeDirectory: /home/uid663 -+ -+dn: cn=user664,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user664 -+sn: user664 -+uid: uid664 -+givenname: givenname664 -+description: description664 -+userPassword: password664 -+mail: uid664 -+uidnumber: 664 -+gidnumber: 664 -+homeDirectory: /home/uid664 -+ -+dn: cn=user665,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user665 -+sn: user665 -+uid: uid665 -+givenname: givenname665 -+description: description665 -+userPassword: password665 -+mail: uid665 -+uidnumber: 665 -+gidnumber: 665 -+homeDirectory: /home/uid665 -+ -+dn: cn=user666,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user666 -+sn: user666 -+uid: uid666 -+givenname: givenname666 -+description: description666 -+userPassword: password666 -+mail: uid666 -+uidnumber: 666 -+gidnumber: 666 -+homeDirectory: /home/uid666 -+ -+dn: cn=user667,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user667 -+sn: user667 -+uid: uid667 -+givenname: givenname667 -+description: description667 -+userPassword: password667 -+mail: uid667 -+uidnumber: 667 -+gidnumber: 667 -+homeDirectory: /home/uid667 -+ -+dn: cn=user668,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user668 -+sn: user668 -+uid: uid668 -+givenname: givenname668 -+description: description668 -+userPassword: password668 -+mail: uid668 -+uidnumber: 668 -+gidnumber: 668 -+homeDirectory: /home/uid668 -+ -+dn: cn=user669,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user669 -+sn: user669 -+uid: uid669 -+givenname: givenname669 -+description: description669 -+userPassword: password669 -+mail: uid669 -+uidnumber: 669 -+gidnumber: 669 -+homeDirectory: /home/uid669 -+ -+dn: cn=user670,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user670 -+sn: user670 -+uid: uid670 -+givenname: givenname670 -+description: description670 -+userPassword: password670 -+mail: uid670 -+uidnumber: 670 -+gidnumber: 670 -+homeDirectory: /home/uid670 -+ -+dn: cn=user671,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user671 -+sn: user671 -+uid: uid671 -+givenname: givenname671 -+description: description671 -+userPassword: password671 -+mail: uid671 -+uidnumber: 671 -+gidnumber: 671 -+homeDirectory: /home/uid671 -+ -+dn: cn=user672,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user672 -+sn: user672 -+uid: uid672 -+givenname: givenname672 -+description: description672 -+userPassword: password672 -+mail: uid672 -+uidnumber: 672 -+gidnumber: 672 -+homeDirectory: /home/uid672 -+ -+dn: cn=user673,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user673 -+sn: user673 -+uid: uid673 -+givenname: givenname673 -+description: description673 -+userPassword: password673 -+mail: uid673 -+uidnumber: 673 -+gidnumber: 673 -+homeDirectory: /home/uid673 -+ -+dn: cn=user674,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user674 -+sn: user674 -+uid: uid674 -+givenname: givenname674 -+description: description674 -+userPassword: password674 -+mail: uid674 -+uidnumber: 674 -+gidnumber: 674 -+homeDirectory: /home/uid674 -+ -+dn: cn=user675,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user675 -+sn: user675 -+uid: uid675 -+givenname: givenname675 -+description: description675 -+userPassword: password675 -+mail: uid675 -+uidnumber: 675 -+gidnumber: 675 -+homeDirectory: /home/uid675 -+ -+dn: cn=user676,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user676 -+sn: user676 -+uid: uid676 -+givenname: givenname676 -+description: description676 -+userPassword: password676 -+mail: uid676 -+uidnumber: 676 -+gidnumber: 676 -+homeDirectory: /home/uid676 -+ -+dn: cn=user677,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user677 -+sn: user677 -+uid: uid677 -+givenname: givenname677 -+description: description677 -+userPassword: password677 -+mail: uid677 -+uidnumber: 677 -+gidnumber: 677 -+homeDirectory: /home/uid677 -+ -+dn: cn=user678,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user678 -+sn: user678 -+uid: uid678 -+givenname: givenname678 -+description: description678 -+userPassword: password678 -+mail: uid678 -+uidnumber: 678 -+gidnumber: 678 -+homeDirectory: /home/uid678 -+ -+dn: cn=user679,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user679 -+sn: user679 -+uid: uid679 -+givenname: givenname679 -+description: description679 -+userPassword: password679 -+mail: uid679 -+uidnumber: 679 -+gidnumber: 679 -+homeDirectory: /home/uid679 -+ -+dn: cn=user680,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user680 -+sn: user680 -+uid: uid680 -+givenname: givenname680 -+description: description680 -+userPassword: password680 -+mail: uid680 -+uidnumber: 680 -+gidnumber: 680 -+homeDirectory: /home/uid680 -+ -+dn: cn=user681,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user681 -+sn: user681 -+uid: uid681 -+givenname: givenname681 -+description: description681 -+userPassword: password681 -+mail: uid681 -+uidnumber: 681 -+gidnumber: 681 -+homeDirectory: /home/uid681 -+ -+dn: cn=user682,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user682 -+sn: user682 -+uid: uid682 -+givenname: givenname682 -+description: description682 -+userPassword: password682 -+mail: uid682 -+uidnumber: 682 -+gidnumber: 682 -+homeDirectory: /home/uid682 -+ -+dn: cn=user683,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user683 -+sn: user683 -+uid: uid683 -+givenname: givenname683 -+description: description683 -+userPassword: password683 -+mail: uid683 -+uidnumber: 683 -+gidnumber: 683 -+homeDirectory: /home/uid683 -+ -+dn: cn=user684,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user684 -+sn: user684 -+uid: uid684 -+givenname: givenname684 -+description: description684 -+userPassword: password684 -+mail: uid684 -+uidnumber: 684 -+gidnumber: 684 -+homeDirectory: /home/uid684 -+ -+dn: cn=user685,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user685 -+sn: user685 -+uid: uid685 -+givenname: givenname685 -+description: description685 -+userPassword: password685 -+mail: uid685 -+uidnumber: 685 -+gidnumber: 685 -+homeDirectory: /home/uid685 -+ -+dn: cn=user686,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user686 -+sn: user686 -+uid: uid686 -+givenname: givenname686 -+description: description686 -+userPassword: password686 -+mail: uid686 -+uidnumber: 686 -+gidnumber: 686 -+homeDirectory: /home/uid686 -+ -+dn: cn=user687,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user687 -+sn: user687 -+uid: uid687 -+givenname: givenname687 -+description: description687 -+userPassword: password687 -+mail: uid687 -+uidnumber: 687 -+gidnumber: 687 -+homeDirectory: /home/uid687 -+ -+dn: cn=user688,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user688 -+sn: user688 -+uid: uid688 -+givenname: givenname688 -+description: description688 -+userPassword: password688 -+mail: uid688 -+uidnumber: 688 -+gidnumber: 688 -+homeDirectory: /home/uid688 -+ -+dn: cn=user689,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user689 -+sn: user689 -+uid: uid689 -+givenname: givenname689 -+description: description689 -+userPassword: password689 -+mail: uid689 -+uidnumber: 689 -+gidnumber: 689 -+homeDirectory: /home/uid689 -+ -+dn: cn=user690,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user690 -+sn: user690 -+uid: uid690 -+givenname: givenname690 -+description: description690 -+userPassword: password690 -+mail: uid690 -+uidnumber: 690 -+gidnumber: 690 -+homeDirectory: /home/uid690 -+ -+dn: cn=user691,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user691 -+sn: user691 -+uid: uid691 -+givenname: givenname691 -+description: description691 -+userPassword: password691 -+mail: uid691 -+uidnumber: 691 -+gidnumber: 691 -+homeDirectory: /home/uid691 -+ -+dn: cn=user692,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user692 -+sn: user692 -+uid: uid692 -+givenname: givenname692 -+description: description692 -+userPassword: password692 -+mail: uid692 -+uidnumber: 692 -+gidnumber: 692 -+homeDirectory: /home/uid692 -+ -+dn: cn=user693,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user693 -+sn: user693 -+uid: uid693 -+givenname: givenname693 -+description: description693 -+userPassword: password693 -+mail: uid693 -+uidnumber: 693 -+gidnumber: 693 -+homeDirectory: /home/uid693 -+ -+dn: cn=user694,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user694 -+sn: user694 -+uid: uid694 -+givenname: givenname694 -+description: description694 -+userPassword: password694 -+mail: uid694 -+uidnumber: 694 -+gidnumber: 694 -+homeDirectory: /home/uid694 -+ -+dn: cn=user695,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user695 -+sn: user695 -+uid: uid695 -+givenname: givenname695 -+description: description695 -+userPassword: password695 -+mail: uid695 -+uidnumber: 695 -+gidnumber: 695 -+homeDirectory: /home/uid695 -+ -+dn: cn=user696,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user696 -+sn: user696 -+uid: uid696 -+givenname: givenname696 -+description: description696 -+userPassword: password696 -+mail: uid696 -+uidnumber: 696 -+gidnumber: 696 -+homeDirectory: /home/uid696 -+ -+dn: cn=user697,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user697 -+sn: user697 -+uid: uid697 -+givenname: givenname697 -+description: description697 -+userPassword: password697 -+mail: uid697 -+uidnumber: 697 -+gidnumber: 697 -+homeDirectory: /home/uid697 -+ -+dn: cn=user698,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user698 -+sn: user698 -+uid: uid698 -+givenname: givenname698 -+description: description698 -+userPassword: password698 -+mail: uid698 -+uidnumber: 698 -+gidnumber: 698 -+homeDirectory: /home/uid698 -+ -+dn: cn=user699,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user699 -+sn: user699 -+uid: uid699 -+givenname: givenname699 -+description: description699 -+userPassword: password699 -+mail: uid699 -+uidnumber: 699 -+gidnumber: 699 -+homeDirectory: /home/uid699 -+ -+dn: cn=user700,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user700 -+sn: user700 -+uid: uid700 -+givenname: givenname700 -+description: description700 -+userPassword: password700 -+mail: uid700 -+uidnumber: 700 -+gidnumber: 700 -+homeDirectory: /home/uid700 -+ -+dn: cn=user701,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user701 -+sn: user701 -+uid: uid701 -+givenname: givenname701 -+description: description701 -+userPassword: password701 -+mail: uid701 -+uidnumber: 701 -+gidnumber: 701 -+homeDirectory: /home/uid701 -+ -+dn: cn=user702,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user702 -+sn: user702 -+uid: uid702 -+givenname: givenname702 -+description: description702 -+userPassword: password702 -+mail: uid702 -+uidnumber: 702 -+gidnumber: 702 -+homeDirectory: /home/uid702 -+ -+dn: cn=user703,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user703 -+sn: user703 -+uid: uid703 -+givenname: givenname703 -+description: description703 -+userPassword: password703 -+mail: uid703 -+uidnumber: 703 -+gidnumber: 703 -+homeDirectory: /home/uid703 -+ -+dn: cn=user704,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user704 -+sn: user704 -+uid: uid704 -+givenname: givenname704 -+description: description704 -+userPassword: password704 -+mail: uid704 -+uidnumber: 704 -+gidnumber: 704 -+homeDirectory: /home/uid704 -+ -+dn: cn=user705,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user705 -+sn: user705 -+uid: uid705 -+givenname: givenname705 -+description: description705 -+userPassword: password705 -+mail: uid705 -+uidnumber: 705 -+gidnumber: 705 -+homeDirectory: /home/uid705 -+ -+dn: cn=user706,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user706 -+sn: user706 -+uid: uid706 -+givenname: givenname706 -+description: description706 -+userPassword: password706 -+mail: uid706 -+uidnumber: 706 -+gidnumber: 706 -+homeDirectory: /home/uid706 -+ -+dn: cn=user707,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user707 -+sn: user707 -+uid: uid707 -+givenname: givenname707 -+description: description707 -+userPassword: password707 -+mail: uid707 -+uidnumber: 707 -+gidnumber: 707 -+homeDirectory: /home/uid707 -+ -+dn: cn=user708,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user708 -+sn: user708 -+uid: uid708 -+givenname: givenname708 -+description: description708 -+userPassword: password708 -+mail: uid708 -+uidnumber: 708 -+gidnumber: 708 -+homeDirectory: /home/uid708 -+ -+dn: cn=user709,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user709 -+sn: user709 -+uid: uid709 -+givenname: givenname709 -+description: description709 -+userPassword: password709 -+mail: uid709 -+uidnumber: 709 -+gidnumber: 709 -+homeDirectory: /home/uid709 -+ -+dn: cn=user710,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user710 -+sn: user710 -+uid: uid710 -+givenname: givenname710 -+description: description710 -+userPassword: password710 -+mail: uid710 -+uidnumber: 710 -+gidnumber: 710 -+homeDirectory: /home/uid710 -+ -+dn: cn=user711,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user711 -+sn: user711 -+uid: uid711 -+givenname: givenname711 -+description: description711 -+userPassword: password711 -+mail: uid711 -+uidnumber: 711 -+gidnumber: 711 -+homeDirectory: /home/uid711 -+ -+dn: cn=user712,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user712 -+sn: user712 -+uid: uid712 -+givenname: givenname712 -+description: description712 -+userPassword: password712 -+mail: uid712 -+uidnumber: 712 -+gidnumber: 712 -+homeDirectory: /home/uid712 -+ -+dn: cn=user713,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user713 -+sn: user713 -+uid: uid713 -+givenname: givenname713 -+description: description713 -+userPassword: password713 -+mail: uid713 -+uidnumber: 713 -+gidnumber: 713 -+homeDirectory: /home/uid713 -+ -+dn: cn=user714,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user714 -+sn: user714 -+uid: uid714 -+givenname: givenname714 -+description: description714 -+userPassword: password714 -+mail: uid714 -+uidnumber: 714 -+gidnumber: 714 -+homeDirectory: /home/uid714 -+ -+dn: cn=user715,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user715 -+sn: user715 -+uid: uid715 -+givenname: givenname715 -+description: description715 -+userPassword: password715 -+mail: uid715 -+uidnumber: 715 -+gidnumber: 715 -+homeDirectory: /home/uid715 -+ -+dn: cn=user716,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user716 -+sn: user716 -+uid: uid716 -+givenname: givenname716 -+description: description716 -+userPassword: password716 -+mail: uid716 -+uidnumber: 716 -+gidnumber: 716 -+homeDirectory: /home/uid716 -+ -+dn: cn=user717,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user717 -+sn: user717 -+uid: uid717 -+givenname: givenname717 -+description: description717 -+userPassword: password717 -+mail: uid717 -+uidnumber: 717 -+gidnumber: 717 -+homeDirectory: /home/uid717 -+ -+dn: cn=user718,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user718 -+sn: user718 -+uid: uid718 -+givenname: givenname718 -+description: description718 -+userPassword: password718 -+mail: uid718 -+uidnumber: 718 -+gidnumber: 718 -+homeDirectory: /home/uid718 -+ -+dn: cn=user719,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user719 -+sn: user719 -+uid: uid719 -+givenname: givenname719 -+description: description719 -+userPassword: password719 -+mail: uid719 -+uidnumber: 719 -+gidnumber: 719 -+homeDirectory: /home/uid719 -+ -+dn: cn=user720,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user720 -+sn: user720 -+uid: uid720 -+givenname: givenname720 -+description: description720 -+userPassword: password720 -+mail: uid720 -+uidnumber: 720 -+gidnumber: 720 -+homeDirectory: /home/uid720 -+ -+dn: cn=user721,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user721 -+sn: user721 -+uid: uid721 -+givenname: givenname721 -+description: description721 -+userPassword: password721 -+mail: uid721 -+uidnumber: 721 -+gidnumber: 721 -+homeDirectory: /home/uid721 -+ -+dn: cn=user722,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user722 -+sn: user722 -+uid: uid722 -+givenname: givenname722 -+description: description722 -+userPassword: password722 -+mail: uid722 -+uidnumber: 722 -+gidnumber: 722 -+homeDirectory: /home/uid722 -+ -+dn: cn=user723,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user723 -+sn: user723 -+uid: uid723 -+givenname: givenname723 -+description: description723 -+userPassword: password723 -+mail: uid723 -+uidnumber: 723 -+gidnumber: 723 -+homeDirectory: /home/uid723 -+ -+dn: cn=user724,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user724 -+sn: user724 -+uid: uid724 -+givenname: givenname724 -+description: description724 -+userPassword: password724 -+mail: uid724 -+uidnumber: 724 -+gidnumber: 724 -+homeDirectory: /home/uid724 -+ -+dn: cn=user725,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user725 -+sn: user725 -+uid: uid725 -+givenname: givenname725 -+description: description725 -+userPassword: password725 -+mail: uid725 -+uidnumber: 725 -+gidnumber: 725 -+homeDirectory: /home/uid725 -+ -+dn: cn=user726,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user726 -+sn: user726 -+uid: uid726 -+givenname: givenname726 -+description: description726 -+userPassword: password726 -+mail: uid726 -+uidnumber: 726 -+gidnumber: 726 -+homeDirectory: /home/uid726 -+ -+dn: cn=user727,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user727 -+sn: user727 -+uid: uid727 -+givenname: givenname727 -+description: description727 -+userPassword: password727 -+mail: uid727 -+uidnumber: 727 -+gidnumber: 727 -+homeDirectory: /home/uid727 -+ -+dn: cn=user728,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user728 -+sn: user728 -+uid: uid728 -+givenname: givenname728 -+description: description728 -+userPassword: password728 -+mail: uid728 -+uidnumber: 728 -+gidnumber: 728 -+homeDirectory: /home/uid728 -+ -+dn: cn=user729,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user729 -+sn: user729 -+uid: uid729 -+givenname: givenname729 -+description: description729 -+userPassword: password729 -+mail: uid729 -+uidnumber: 729 -+gidnumber: 729 -+homeDirectory: /home/uid729 -+ -+dn: cn=user730,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user730 -+sn: user730 -+uid: uid730 -+givenname: givenname730 -+description: description730 -+userPassword: password730 -+mail: uid730 -+uidnumber: 730 -+gidnumber: 730 -+homeDirectory: /home/uid730 -+ -+dn: cn=user731,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user731 -+sn: user731 -+uid: uid731 -+givenname: givenname731 -+description: description731 -+userPassword: password731 -+mail: uid731 -+uidnumber: 731 -+gidnumber: 731 -+homeDirectory: /home/uid731 -+ -+dn: cn=user732,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user732 -+sn: user732 -+uid: uid732 -+givenname: givenname732 -+description: description732 -+userPassword: password732 -+mail: uid732 -+uidnumber: 732 -+gidnumber: 732 -+homeDirectory: /home/uid732 -+ -+dn: cn=user733,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user733 -+sn: user733 -+uid: uid733 -+givenname: givenname733 -+description: description733 -+userPassword: password733 -+mail: uid733 -+uidnumber: 733 -+gidnumber: 733 -+homeDirectory: /home/uid733 -+ -+dn: cn=user734,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user734 -+sn: user734 -+uid: uid734 -+givenname: givenname734 -+description: description734 -+userPassword: password734 -+mail: uid734 -+uidnumber: 734 -+gidnumber: 734 -+homeDirectory: /home/uid734 -+ -+dn: cn=user735,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user735 -+sn: user735 -+uid: uid735 -+givenname: givenname735 -+description: description735 -+userPassword: password735 -+mail: uid735 -+uidnumber: 735 -+gidnumber: 735 -+homeDirectory: /home/uid735 -+ -+dn: cn=user736,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user736 -+sn: user736 -+uid: uid736 -+givenname: givenname736 -+description: description736 -+userPassword: password736 -+mail: uid736 -+uidnumber: 736 -+gidnumber: 736 -+homeDirectory: /home/uid736 -+ -+dn: cn=user737,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user737 -+sn: user737 -+uid: uid737 -+givenname: givenname737 -+description: description737 -+userPassword: password737 -+mail: uid737 -+uidnumber: 737 -+gidnumber: 737 -+homeDirectory: /home/uid737 -+ -+dn: cn=user738,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user738 -+sn: user738 -+uid: uid738 -+givenname: givenname738 -+description: description738 -+userPassword: password738 -+mail: uid738 -+uidnumber: 738 -+gidnumber: 738 -+homeDirectory: /home/uid738 -+ -+dn: cn=user739,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user739 -+sn: user739 -+uid: uid739 -+givenname: givenname739 -+description: description739 -+userPassword: password739 -+mail: uid739 -+uidnumber: 739 -+gidnumber: 739 -+homeDirectory: /home/uid739 -+ -+dn: cn=user740,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user740 -+sn: user740 -+uid: uid740 -+givenname: givenname740 -+description: description740 -+userPassword: password740 -+mail: uid740 -+uidnumber: 740 -+gidnumber: 740 -+homeDirectory: /home/uid740 -+ -+dn: cn=user741,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user741 -+sn: user741 -+uid: uid741 -+givenname: givenname741 -+description: description741 -+userPassword: password741 -+mail: uid741 -+uidnumber: 741 -+gidnumber: 741 -+homeDirectory: /home/uid741 -+ -+dn: cn=user742,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user742 -+sn: user742 -+uid: uid742 -+givenname: givenname742 -+description: description742 -+userPassword: password742 -+mail: uid742 -+uidnumber: 742 -+gidnumber: 742 -+homeDirectory: /home/uid742 -+ -+dn: cn=user743,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user743 -+sn: user743 -+uid: uid743 -+givenname: givenname743 -+description: description743 -+userPassword: password743 -+mail: uid743 -+uidnumber: 743 -+gidnumber: 743 -+homeDirectory: /home/uid743 -+ -+dn: cn=user744,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user744 -+sn: user744 -+uid: uid744 -+givenname: givenname744 -+description: description744 -+userPassword: password744 -+mail: uid744 -+uidnumber: 744 -+gidnumber: 744 -+homeDirectory: /home/uid744 -+ -+dn: cn=user745,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user745 -+sn: user745 -+uid: uid745 -+givenname: givenname745 -+description: description745 -+userPassword: password745 -+mail: uid745 -+uidnumber: 745 -+gidnumber: 745 -+homeDirectory: /home/uid745 -+ -+dn: cn=user746,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user746 -+sn: user746 -+uid: uid746 -+givenname: givenname746 -+description: description746 -+userPassword: password746 -+mail: uid746 -+uidnumber: 746 -+gidnumber: 746 -+homeDirectory: /home/uid746 -+ -+dn: cn=user747,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user747 -+sn: user747 -+uid: uid747 -+givenname: givenname747 -+description: description747 -+userPassword: password747 -+mail: uid747 -+uidnumber: 747 -+gidnumber: 747 -+homeDirectory: /home/uid747 -+ -+dn: cn=user748,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user748 -+sn: user748 -+uid: uid748 -+givenname: givenname748 -+description: description748 -+userPassword: password748 -+mail: uid748 -+uidnumber: 748 -+gidnumber: 748 -+homeDirectory: /home/uid748 -+ -+dn: cn=user749,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user749 -+sn: user749 -+uid: uid749 -+givenname: givenname749 -+description: description749 -+userPassword: password749 -+mail: uid749 -+uidnumber: 749 -+gidnumber: 749 -+homeDirectory: /home/uid749 -+ -+dn: cn=user750,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user750 -+sn: user750 -+uid: uid750 -+givenname: givenname750 -+description: description750 -+userPassword: password750 -+mail: uid750 -+uidnumber: 750 -+gidnumber: 750 -+homeDirectory: /home/uid750 -+ -+dn: cn=user751,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user751 -+sn: user751 -+uid: uid751 -+givenname: givenname751 -+description: description751 -+userPassword: password751 -+mail: uid751 -+uidnumber: 751 -+gidnumber: 751 -+homeDirectory: /home/uid751 -+ -+dn: cn=user752,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user752 -+sn: user752 -+uid: uid752 -+givenname: givenname752 -+description: description752 -+userPassword: password752 -+mail: uid752 -+uidnumber: 752 -+gidnumber: 752 -+homeDirectory: /home/uid752 -+ -+dn: cn=user753,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user753 -+sn: user753 -+uid: uid753 -+givenname: givenname753 -+description: description753 -+userPassword: password753 -+mail: uid753 -+uidnumber: 753 -+gidnumber: 753 -+homeDirectory: /home/uid753 -+ -+dn: cn=user754,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user754 -+sn: user754 -+uid: uid754 -+givenname: givenname754 -+description: description754 -+userPassword: password754 -+mail: uid754 -+uidnumber: 754 -+gidnumber: 754 -+homeDirectory: /home/uid754 -+ -+dn: cn=user755,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user755 -+sn: user755 -+uid: uid755 -+givenname: givenname755 -+description: description755 -+userPassword: password755 -+mail: uid755 -+uidnumber: 755 -+gidnumber: 755 -+homeDirectory: /home/uid755 -+ -+dn: cn=user756,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user756 -+sn: user756 -+uid: uid756 -+givenname: givenname756 -+description: description756 -+userPassword: password756 -+mail: uid756 -+uidnumber: 756 -+gidnumber: 756 -+homeDirectory: /home/uid756 -+ -+dn: cn=user757,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user757 -+sn: user757 -+uid: uid757 -+givenname: givenname757 -+description: description757 -+userPassword: password757 -+mail: uid757 -+uidnumber: 757 -+gidnumber: 757 -+homeDirectory: /home/uid757 -+ -+dn: cn=user758,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user758 -+sn: user758 -+uid: uid758 -+givenname: givenname758 -+description: description758 -+userPassword: password758 -+mail: uid758 -+uidnumber: 758 -+gidnumber: 758 -+homeDirectory: /home/uid758 -+ -+dn: cn=user759,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user759 -+sn: user759 -+uid: uid759 -+givenname: givenname759 -+description: description759 -+userPassword: password759 -+mail: uid759 -+uidnumber: 759 -+gidnumber: 759 -+homeDirectory: /home/uid759 -+ -+dn: cn=user760,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user760 -+sn: user760 -+uid: uid760 -+givenname: givenname760 -+description: description760 -+userPassword: password760 -+mail: uid760 -+uidnumber: 760 -+gidnumber: 760 -+homeDirectory: /home/uid760 -+ -+dn: cn=user761,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user761 -+sn: user761 -+uid: uid761 -+givenname: givenname761 -+description: description761 -+userPassword: password761 -+mail: uid761 -+uidnumber: 761 -+gidnumber: 761 -+homeDirectory: /home/uid761 -+ -+dn: cn=user762,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user762 -+sn: user762 -+uid: uid762 -+givenname: givenname762 -+description: description762 -+userPassword: password762 -+mail: uid762 -+uidnumber: 762 -+gidnumber: 762 -+homeDirectory: /home/uid762 -+ -+dn: cn=user763,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user763 -+sn: user763 -+uid: uid763 -+givenname: givenname763 -+description: description763 -+userPassword: password763 -+mail: uid763 -+uidnumber: 763 -+gidnumber: 763 -+homeDirectory: /home/uid763 -+ -+dn: cn=user764,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user764 -+sn: user764 -+uid: uid764 -+givenname: givenname764 -+description: description764 -+userPassword: password764 -+mail: uid764 -+uidnumber: 764 -+gidnumber: 764 -+homeDirectory: /home/uid764 -+ -+dn: cn=user765,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user765 -+sn: user765 -+uid: uid765 -+givenname: givenname765 -+description: description765 -+userPassword: password765 -+mail: uid765 -+uidnumber: 765 -+gidnumber: 765 -+homeDirectory: /home/uid765 -+ -+dn: cn=user766,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user766 -+sn: user766 -+uid: uid766 -+givenname: givenname766 -+description: description766 -+userPassword: password766 -+mail: uid766 -+uidnumber: 766 -+gidnumber: 766 -+homeDirectory: /home/uid766 -+ -+dn: cn=user767,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user767 -+sn: user767 -+uid: uid767 -+givenname: givenname767 -+description: description767 -+userPassword: password767 -+mail: uid767 -+uidnumber: 767 -+gidnumber: 767 -+homeDirectory: /home/uid767 -+ -+dn: cn=user768,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user768 -+sn: user768 -+uid: uid768 -+givenname: givenname768 -+description: description768 -+userPassword: password768 -+mail: uid768 -+uidnumber: 768 -+gidnumber: 768 -+homeDirectory: /home/uid768 -+ -+dn: cn=user769,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user769 -+sn: user769 -+uid: uid769 -+givenname: givenname769 -+description: description769 -+userPassword: password769 -+mail: uid769 -+uidnumber: 769 -+gidnumber: 769 -+homeDirectory: /home/uid769 -+ -+dn: cn=user770,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user770 -+sn: user770 -+uid: uid770 -+givenname: givenname770 -+description: description770 -+userPassword: password770 -+mail: uid770 -+uidnumber: 770 -+gidnumber: 770 -+homeDirectory: /home/uid770 -+ -+dn: cn=user771,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user771 -+sn: user771 -+uid: uid771 -+givenname: givenname771 -+description: description771 -+userPassword: password771 -+mail: uid771 -+uidnumber: 771 -+gidnumber: 771 -+homeDirectory: /home/uid771 -+ -+dn: cn=user772,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user772 -+sn: user772 -+uid: uid772 -+givenname: givenname772 -+description: description772 -+userPassword: password772 -+mail: uid772 -+uidnumber: 772 -+gidnumber: 772 -+homeDirectory: /home/uid772 -+ -+dn: cn=user773,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user773 -+sn: user773 -+uid: uid773 -+givenname: givenname773 -+description: description773 -+userPassword: password773 -+mail: uid773 -+uidnumber: 773 -+gidnumber: 773 -+homeDirectory: /home/uid773 -+ -+dn: cn=user774,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user774 -+sn: user774 -+uid: uid774 -+givenname: givenname774 -+description: description774 -+userPassword: password774 -+mail: uid774 -+uidnumber: 774 -+gidnumber: 774 -+homeDirectory: /home/uid774 -+ -+dn: cn=user775,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user775 -+sn: user775 -+uid: uid775 -+givenname: givenname775 -+description: description775 -+userPassword: password775 -+mail: uid775 -+uidnumber: 775 -+gidnumber: 775 -+homeDirectory: /home/uid775 -+ -+dn: cn=user776,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user776 -+sn: user776 -+uid: uid776 -+givenname: givenname776 -+description: description776 -+userPassword: password776 -+mail: uid776 -+uidnumber: 776 -+gidnumber: 776 -+homeDirectory: /home/uid776 -+ -+dn: cn=user777,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user777 -+sn: user777 -+uid: uid777 -+givenname: givenname777 -+description: description777 -+userPassword: password777 -+mail: uid777 -+uidnumber: 777 -+gidnumber: 777 -+homeDirectory: /home/uid777 -+ -+dn: cn=user778,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user778 -+sn: user778 -+uid: uid778 -+givenname: givenname778 -+description: description778 -+userPassword: password778 -+mail: uid778 -+uidnumber: 778 -+gidnumber: 778 -+homeDirectory: /home/uid778 -+ -+dn: cn=user779,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user779 -+sn: user779 -+uid: uid779 -+givenname: givenname779 -+description: description779 -+userPassword: password779 -+mail: uid779 -+uidnumber: 779 -+gidnumber: 779 -+homeDirectory: /home/uid779 -+ -+dn: cn=user780,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user780 -+sn: user780 -+uid: uid780 -+givenname: givenname780 -+description: description780 -+userPassword: password780 -+mail: uid780 -+uidnumber: 780 -+gidnumber: 780 -+homeDirectory: /home/uid780 -+ -+dn: cn=user781,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user781 -+sn: user781 -+uid: uid781 -+givenname: givenname781 -+description: description781 -+userPassword: password781 -+mail: uid781 -+uidnumber: 781 -+gidnumber: 781 -+homeDirectory: /home/uid781 -+ -+dn: cn=user782,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user782 -+sn: user782 -+uid: uid782 -+givenname: givenname782 -+description: description782 -+userPassword: password782 -+mail: uid782 -+uidnumber: 782 -+gidnumber: 782 -+homeDirectory: /home/uid782 -+ -+dn: cn=user783,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user783 -+sn: user783 -+uid: uid783 -+givenname: givenname783 -+description: description783 -+userPassword: password783 -+mail: uid783 -+uidnumber: 783 -+gidnumber: 783 -+homeDirectory: /home/uid783 -+ -+dn: cn=user784,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user784 -+sn: user784 -+uid: uid784 -+givenname: givenname784 -+description: description784 -+userPassword: password784 -+mail: uid784 -+uidnumber: 784 -+gidnumber: 784 -+homeDirectory: /home/uid784 -+ -+dn: cn=user785,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user785 -+sn: user785 -+uid: uid785 -+givenname: givenname785 -+description: description785 -+userPassword: password785 -+mail: uid785 -+uidnumber: 785 -+gidnumber: 785 -+homeDirectory: /home/uid785 -+ -+dn: cn=user786,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user786 -+sn: user786 -+uid: uid786 -+givenname: givenname786 -+description: description786 -+userPassword: password786 -+mail: uid786 -+uidnumber: 786 -+gidnumber: 786 -+homeDirectory: /home/uid786 -+ -+dn: cn=user787,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user787 -+sn: user787 -+uid: uid787 -+givenname: givenname787 -+description: description787 -+userPassword: password787 -+mail: uid787 -+uidnumber: 787 -+gidnumber: 787 -+homeDirectory: /home/uid787 -+ -+dn: cn=user788,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user788 -+sn: user788 -+uid: uid788 -+givenname: givenname788 -+description: description788 -+userPassword: password788 -+mail: uid788 -+uidnumber: 788 -+gidnumber: 788 -+homeDirectory: /home/uid788 -+ -+dn: cn=user789,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user789 -+sn: user789 -+uid: uid789 -+givenname: givenname789 -+description: description789 -+userPassword: password789 -+mail: uid789 -+uidnumber: 789 -+gidnumber: 789 -+homeDirectory: /home/uid789 -+ -+dn: cn=user790,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user790 -+sn: user790 -+uid: uid790 -+givenname: givenname790 -+description: description790 -+userPassword: password790 -+mail: uid790 -+uidnumber: 790 -+gidnumber: 790 -+homeDirectory: /home/uid790 -+ -+dn: cn=user791,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user791 -+sn: user791 -+uid: uid791 -+givenname: givenname791 -+description: description791 -+userPassword: password791 -+mail: uid791 -+uidnumber: 791 -+gidnumber: 791 -+homeDirectory: /home/uid791 -+ -+dn: cn=user792,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user792 -+sn: user792 -+uid: uid792 -+givenname: givenname792 -+description: description792 -+userPassword: password792 -+mail: uid792 -+uidnumber: 792 -+gidnumber: 792 -+homeDirectory: /home/uid792 -+ -+dn: cn=user793,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user793 -+sn: user793 -+uid: uid793 -+givenname: givenname793 -+description: description793 -+userPassword: password793 -+mail: uid793 -+uidnumber: 793 -+gidnumber: 793 -+homeDirectory: /home/uid793 -+ -+dn: cn=user794,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user794 -+sn: user794 -+uid: uid794 -+givenname: givenname794 -+description: description794 -+userPassword: password794 -+mail: uid794 -+uidnumber: 794 -+gidnumber: 794 -+homeDirectory: /home/uid794 -+ -+dn: cn=user795,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user795 -+sn: user795 -+uid: uid795 -+givenname: givenname795 -+description: description795 -+userPassword: password795 -+mail: uid795 -+uidnumber: 795 -+gidnumber: 795 -+homeDirectory: /home/uid795 -+ -+dn: cn=user796,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user796 -+sn: user796 -+uid: uid796 -+givenname: givenname796 -+description: description796 -+userPassword: password796 -+mail: uid796 -+uidnumber: 796 -+gidnumber: 796 -+homeDirectory: /home/uid796 -+ -+dn: cn=user797,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user797 -+sn: user797 -+uid: uid797 -+givenname: givenname797 -+description: description797 -+userPassword: password797 -+mail: uid797 -+uidnumber: 797 -+gidnumber: 797 -+homeDirectory: /home/uid797 -+ -+dn: cn=user798,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user798 -+sn: user798 -+uid: uid798 -+givenname: givenname798 -+description: description798 -+userPassword: password798 -+mail: uid798 -+uidnumber: 798 -+gidnumber: 798 -+homeDirectory: /home/uid798 -+ -+dn: cn=user799,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user799 -+sn: user799 -+uid: uid799 -+givenname: givenname799 -+description: description799 -+userPassword: password799 -+mail: uid799 -+uidnumber: 799 -+gidnumber: 799 -+homeDirectory: /home/uid799 -+ -+dn: cn=user800,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user800 -+sn: user800 -+uid: uid800 -+givenname: givenname800 -+description: description800 -+userPassword: password800 -+mail: uid800 -+uidnumber: 800 -+gidnumber: 800 -+homeDirectory: /home/uid800 -+ -+dn: cn=user801,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user801 -+sn: user801 -+uid: uid801 -+givenname: givenname801 -+description: description801 -+userPassword: password801 -+mail: uid801 -+uidnumber: 801 -+gidnumber: 801 -+homeDirectory: /home/uid801 -+ -+dn: cn=user802,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user802 -+sn: user802 -+uid: uid802 -+givenname: givenname802 -+description: description802 -+userPassword: password802 -+mail: uid802 -+uidnumber: 802 -+gidnumber: 802 -+homeDirectory: /home/uid802 -+ -+dn: cn=user803,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user803 -+sn: user803 -+uid: uid803 -+givenname: givenname803 -+description: description803 -+userPassword: password803 -+mail: uid803 -+uidnumber: 803 -+gidnumber: 803 -+homeDirectory: /home/uid803 -+ -+dn: cn=user804,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user804 -+sn: user804 -+uid: uid804 -+givenname: givenname804 -+description: description804 -+userPassword: password804 -+mail: uid804 -+uidnumber: 804 -+gidnumber: 804 -+homeDirectory: /home/uid804 -+ -+dn: cn=user805,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user805 -+sn: user805 -+uid: uid805 -+givenname: givenname805 -+description: description805 -+userPassword: password805 -+mail: uid805 -+uidnumber: 805 -+gidnumber: 805 -+homeDirectory: /home/uid805 -+ -+dn: cn=user806,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user806 -+sn: user806 -+uid: uid806 -+givenname: givenname806 -+description: description806 -+userPassword: password806 -+mail: uid806 -+uidnumber: 806 -+gidnumber: 806 -+homeDirectory: /home/uid806 -+ -+dn: cn=user807,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user807 -+sn: user807 -+uid: uid807 -+givenname: givenname807 -+description: description807 -+userPassword: password807 -+mail: uid807 -+uidnumber: 807 -+gidnumber: 807 -+homeDirectory: /home/uid807 -+ -+dn: cn=user808,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user808 -+sn: user808 -+uid: uid808 -+givenname: givenname808 -+description: description808 -+userPassword: password808 -+mail: uid808 -+uidnumber: 808 -+gidnumber: 808 -+homeDirectory: /home/uid808 -+ -+dn: cn=user809,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user809 -+sn: user809 -+uid: uid809 -+givenname: givenname809 -+description: description809 -+userPassword: password809 -+mail: uid809 -+uidnumber: 809 -+gidnumber: 809 -+homeDirectory: /home/uid809 -+ -+dn: cn=user810,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user810 -+sn: user810 -+uid: uid810 -+givenname: givenname810 -+description: description810 -+userPassword: password810 -+mail: uid810 -+uidnumber: 810 -+gidnumber: 810 -+homeDirectory: /home/uid810 -+ -+dn: cn=user811,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user811 -+sn: user811 -+uid: uid811 -+givenname: givenname811 -+description: description811 -+userPassword: password811 -+mail: uid811 -+uidnumber: 811 -+gidnumber: 811 -+homeDirectory: /home/uid811 -+ -+dn: cn=user812,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user812 -+sn: user812 -+uid: uid812 -+givenname: givenname812 -+description: description812 -+userPassword: password812 -+mail: uid812 -+uidnumber: 812 -+gidnumber: 812 -+homeDirectory: /home/uid812 -+ -+dn: cn=user813,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user813 -+sn: user813 -+uid: uid813 -+givenname: givenname813 -+description: description813 -+userPassword: password813 -+mail: uid813 -+uidnumber: 813 -+gidnumber: 813 -+homeDirectory: /home/uid813 -+ -+dn: cn=user814,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user814 -+sn: user814 -+uid: uid814 -+givenname: givenname814 -+description: description814 -+userPassword: password814 -+mail: uid814 -+uidnumber: 814 -+gidnumber: 814 -+homeDirectory: /home/uid814 -+ -+dn: cn=user815,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user815 -+sn: user815 -+uid: uid815 -+givenname: givenname815 -+description: description815 -+userPassword: password815 -+mail: uid815 -+uidnumber: 815 -+gidnumber: 815 -+homeDirectory: /home/uid815 -+ -+dn: cn=user816,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user816 -+sn: user816 -+uid: uid816 -+givenname: givenname816 -+description: description816 -+userPassword: password816 -+mail: uid816 -+uidnumber: 816 -+gidnumber: 816 -+homeDirectory: /home/uid816 -+ -+dn: cn=user817,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user817 -+sn: user817 -+uid: uid817 -+givenname: givenname817 -+description: description817 -+userPassword: password817 -+mail: uid817 -+uidnumber: 817 -+gidnumber: 817 -+homeDirectory: /home/uid817 -+ -+dn: cn=user818,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user818 -+sn: user818 -+uid: uid818 -+givenname: givenname818 -+description: description818 -+userPassword: password818 -+mail: uid818 -+uidnumber: 818 -+gidnumber: 818 -+homeDirectory: /home/uid818 -+ -+dn: cn=user819,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user819 -+sn: user819 -+uid: uid819 -+givenname: givenname819 -+description: description819 -+userPassword: password819 -+mail: uid819 -+uidnumber: 819 -+gidnumber: 819 -+homeDirectory: /home/uid819 -+ -+dn: cn=user820,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user820 -+sn: user820 -+uid: uid820 -+givenname: givenname820 -+description: description820 -+userPassword: password820 -+mail: uid820 -+uidnumber: 820 -+gidnumber: 820 -+homeDirectory: /home/uid820 -+ -+dn: cn=user821,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user821 -+sn: user821 -+uid: uid821 -+givenname: givenname821 -+description: description821 -+userPassword: password821 -+mail: uid821 -+uidnumber: 821 -+gidnumber: 821 -+homeDirectory: /home/uid821 -+ -+dn: cn=user822,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user822 -+sn: user822 -+uid: uid822 -+givenname: givenname822 -+description: description822 -+userPassword: password822 -+mail: uid822 -+uidnumber: 822 -+gidnumber: 822 -+homeDirectory: /home/uid822 -+ -+dn: cn=user823,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user823 -+sn: user823 -+uid: uid823 -+givenname: givenname823 -+description: description823 -+userPassword: password823 -+mail: uid823 -+uidnumber: 823 -+gidnumber: 823 -+homeDirectory: /home/uid823 -+ -+dn: cn=user824,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user824 -+sn: user824 -+uid: uid824 -+givenname: givenname824 -+description: description824 -+userPassword: password824 -+mail: uid824 -+uidnumber: 824 -+gidnumber: 824 -+homeDirectory: /home/uid824 -+ -+dn: cn=user825,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user825 -+sn: user825 -+uid: uid825 -+givenname: givenname825 -+description: description825 -+userPassword: password825 -+mail: uid825 -+uidnumber: 825 -+gidnumber: 825 -+homeDirectory: /home/uid825 -+ -+dn: cn=user826,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user826 -+sn: user826 -+uid: uid826 -+givenname: givenname826 -+description: description826 -+userPassword: password826 -+mail: uid826 -+uidnumber: 826 -+gidnumber: 826 -+homeDirectory: /home/uid826 -+ -+dn: cn=user827,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user827 -+sn: user827 -+uid: uid827 -+givenname: givenname827 -+description: description827 -+userPassword: password827 -+mail: uid827 -+uidnumber: 827 -+gidnumber: 827 -+homeDirectory: /home/uid827 -+ -+dn: cn=user828,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user828 -+sn: user828 -+uid: uid828 -+givenname: givenname828 -+description: description828 -+userPassword: password828 -+mail: uid828 -+uidnumber: 828 -+gidnumber: 828 -+homeDirectory: /home/uid828 -+ -+dn: cn=user829,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user829 -+sn: user829 -+uid: uid829 -+givenname: givenname829 -+description: description829 -+userPassword: password829 -+mail: uid829 -+uidnumber: 829 -+gidnumber: 829 -+homeDirectory: /home/uid829 -+ -+dn: cn=user830,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user830 -+sn: user830 -+uid: uid830 -+givenname: givenname830 -+description: description830 -+userPassword: password830 -+mail: uid830 -+uidnumber: 830 -+gidnumber: 830 -+homeDirectory: /home/uid830 -+ -+dn: cn=user831,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user831 -+sn: user831 -+uid: uid831 -+givenname: givenname831 -+description: description831 -+userPassword: password831 -+mail: uid831 -+uidnumber: 831 -+gidnumber: 831 -+homeDirectory: /home/uid831 -+ -+dn: cn=user832,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user832 -+sn: user832 -+uid: uid832 -+givenname: givenname832 -+description: description832 -+userPassword: password832 -+mail: uid832 -+uidnumber: 832 -+gidnumber: 832 -+homeDirectory: /home/uid832 -+ -+dn: cn=user833,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user833 -+sn: user833 -+uid: uid833 -+givenname: givenname833 -+description: description833 -+userPassword: password833 -+mail: uid833 -+uidnumber: 833 -+gidnumber: 833 -+homeDirectory: /home/uid833 -+ -+dn: cn=user834,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user834 -+sn: user834 -+uid: uid834 -+givenname: givenname834 -+description: description834 -+userPassword: password834 -+mail: uid834 -+uidnumber: 834 -+gidnumber: 834 -+homeDirectory: /home/uid834 -+ -+dn: cn=user835,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user835 -+sn: user835 -+uid: uid835 -+givenname: givenname835 -+description: description835 -+userPassword: password835 -+mail: uid835 -+uidnumber: 835 -+gidnumber: 835 -+homeDirectory: /home/uid835 -+ -+dn: cn=user836,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user836 -+sn: user836 -+uid: uid836 -+givenname: givenname836 -+description: description836 -+userPassword: password836 -+mail: uid836 -+uidnumber: 836 -+gidnumber: 836 -+homeDirectory: /home/uid836 -+ -+dn: cn=user837,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user837 -+sn: user837 -+uid: uid837 -+givenname: givenname837 -+description: description837 -+userPassword: password837 -+mail: uid837 -+uidnumber: 837 -+gidnumber: 837 -+homeDirectory: /home/uid837 -+ -+dn: cn=user838,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user838 -+sn: user838 -+uid: uid838 -+givenname: givenname838 -+description: description838 -+userPassword: password838 -+mail: uid838 -+uidnumber: 838 -+gidnumber: 838 -+homeDirectory: /home/uid838 -+ -+dn: cn=user839,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user839 -+sn: user839 -+uid: uid839 -+givenname: givenname839 -+description: description839 -+userPassword: password839 -+mail: uid839 -+uidnumber: 839 -+gidnumber: 839 -+homeDirectory: /home/uid839 -+ -+dn: cn=user840,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user840 -+sn: user840 -+uid: uid840 -+givenname: givenname840 -+description: description840 -+userPassword: password840 -+mail: uid840 -+uidnumber: 840 -+gidnumber: 840 -+homeDirectory: /home/uid840 -+ -+dn: cn=user841,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user841 -+sn: user841 -+uid: uid841 -+givenname: givenname841 -+description: description841 -+userPassword: password841 -+mail: uid841 -+uidnumber: 841 -+gidnumber: 841 -+homeDirectory: /home/uid841 -+ -+dn: cn=user842,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user842 -+sn: user842 -+uid: uid842 -+givenname: givenname842 -+description: description842 -+userPassword: password842 -+mail: uid842 -+uidnumber: 842 -+gidnumber: 842 -+homeDirectory: /home/uid842 -+ -+dn: cn=user843,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user843 -+sn: user843 -+uid: uid843 -+givenname: givenname843 -+description: description843 -+userPassword: password843 -+mail: uid843 -+uidnumber: 843 -+gidnumber: 843 -+homeDirectory: /home/uid843 -+ -+dn: cn=user844,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user844 -+sn: user844 -+uid: uid844 -+givenname: givenname844 -+description: description844 -+userPassword: password844 -+mail: uid844 -+uidnumber: 844 -+gidnumber: 844 -+homeDirectory: /home/uid844 -+ -+dn: cn=user845,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user845 -+sn: user845 -+uid: uid845 -+givenname: givenname845 -+description: description845 -+userPassword: password845 -+mail: uid845 -+uidnumber: 845 -+gidnumber: 845 -+homeDirectory: /home/uid845 -+ -+dn: cn=user846,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user846 -+sn: user846 -+uid: uid846 -+givenname: givenname846 -+description: description846 -+userPassword: password846 -+mail: uid846 -+uidnumber: 846 -+gidnumber: 846 -+homeDirectory: /home/uid846 -+ -+dn: cn=user847,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user847 -+sn: user847 -+uid: uid847 -+givenname: givenname847 -+description: description847 -+userPassword: password847 -+mail: uid847 -+uidnumber: 847 -+gidnumber: 847 -+homeDirectory: /home/uid847 -+ -+dn: cn=user848,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user848 -+sn: user848 -+uid: uid848 -+givenname: givenname848 -+description: description848 -+userPassword: password848 -+mail: uid848 -+uidnumber: 848 -+gidnumber: 848 -+homeDirectory: /home/uid848 -+ -+dn: cn=user849,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user849 -+sn: user849 -+uid: uid849 -+givenname: givenname849 -+description: description849 -+userPassword: password849 -+mail: uid849 -+uidnumber: 849 -+gidnumber: 849 -+homeDirectory: /home/uid849 -+ -+dn: cn=user850,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user850 -+sn: user850 -+uid: uid850 -+givenname: givenname850 -+description: description850 -+userPassword: password850 -+mail: uid850 -+uidnumber: 850 -+gidnumber: 850 -+homeDirectory: /home/uid850 -+ -+dn: cn=user851,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user851 -+sn: user851 -+uid: uid851 -+givenname: givenname851 -+description: description851 -+userPassword: password851 -+mail: uid851 -+uidnumber: 851 -+gidnumber: 851 -+homeDirectory: /home/uid851 -+ -+dn: cn=user852,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user852 -+sn: user852 -+uid: uid852 -+givenname: givenname852 -+description: description852 -+userPassword: password852 -+mail: uid852 -+uidnumber: 852 -+gidnumber: 852 -+homeDirectory: /home/uid852 -+ -+dn: cn=user853,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user853 -+sn: user853 -+uid: uid853 -+givenname: givenname853 -+description: description853 -+userPassword: password853 -+mail: uid853 -+uidnumber: 853 -+gidnumber: 853 -+homeDirectory: /home/uid853 -+ -+dn: cn=user854,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user854 -+sn: user854 -+uid: uid854 -+givenname: givenname854 -+description: description854 -+userPassword: password854 -+mail: uid854 -+uidnumber: 854 -+gidnumber: 854 -+homeDirectory: /home/uid854 -+ -+dn: cn=user855,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user855 -+sn: user855 -+uid: uid855 -+givenname: givenname855 -+description: description855 -+userPassword: password855 -+mail: uid855 -+uidnumber: 855 -+gidnumber: 855 -+homeDirectory: /home/uid855 -+ -+dn: cn=user856,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user856 -+sn: user856 -+uid: uid856 -+givenname: givenname856 -+description: description856 -+userPassword: password856 -+mail: uid856 -+uidnumber: 856 -+gidnumber: 856 -+homeDirectory: /home/uid856 -+ -+dn: cn=user857,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user857 -+sn: user857 -+uid: uid857 -+givenname: givenname857 -+description: description857 -+userPassword: password857 -+mail: uid857 -+uidnumber: 857 -+gidnumber: 857 -+homeDirectory: /home/uid857 -+ -+dn: cn=user858,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user858 -+sn: user858 -+uid: uid858 -+givenname: givenname858 -+description: description858 -+userPassword: password858 -+mail: uid858 -+uidnumber: 858 -+gidnumber: 858 -+homeDirectory: /home/uid858 -+ -+dn: cn=user859,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user859 -+sn: user859 -+uid: uid859 -+givenname: givenname859 -+description: description859 -+userPassword: password859 -+mail: uid859 -+uidnumber: 859 -+gidnumber: 859 -+homeDirectory: /home/uid859 -+ -+dn: cn=user860,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user860 -+sn: user860 -+uid: uid860 -+givenname: givenname860 -+description: description860 -+userPassword: password860 -+mail: uid860 -+uidnumber: 860 -+gidnumber: 860 -+homeDirectory: /home/uid860 -+ -+dn: cn=user861,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user861 -+sn: user861 -+uid: uid861 -+givenname: givenname861 -+description: description861 -+userPassword: password861 -+mail: uid861 -+uidnumber: 861 -+gidnumber: 861 -+homeDirectory: /home/uid861 -+ -+dn: cn=user862,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user862 -+sn: user862 -+uid: uid862 -+givenname: givenname862 -+description: description862 -+userPassword: password862 -+mail: uid862 -+uidnumber: 862 -+gidnumber: 862 -+homeDirectory: /home/uid862 -+ -+dn: cn=user863,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user863 -+sn: user863 -+uid: uid863 -+givenname: givenname863 -+description: description863 -+userPassword: password863 -+mail: uid863 -+uidnumber: 863 -+gidnumber: 863 -+homeDirectory: /home/uid863 -+ -+dn: cn=user864,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user864 -+sn: user864 -+uid: uid864 -+givenname: givenname864 -+description: description864 -+userPassword: password864 -+mail: uid864 -+uidnumber: 864 -+gidnumber: 864 -+homeDirectory: /home/uid864 -+ -+dn: cn=user865,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user865 -+sn: user865 -+uid: uid865 -+givenname: givenname865 -+description: description865 -+userPassword: password865 -+mail: uid865 -+uidnumber: 865 -+gidnumber: 865 -+homeDirectory: /home/uid865 -+ -+dn: cn=user866,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user866 -+sn: user866 -+uid: uid866 -+givenname: givenname866 -+description: description866 -+userPassword: password866 -+mail: uid866 -+uidnumber: 866 -+gidnumber: 866 -+homeDirectory: /home/uid866 -+ -+dn: cn=user867,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user867 -+sn: user867 -+uid: uid867 -+givenname: givenname867 -+description: description867 -+userPassword: password867 -+mail: uid867 -+uidnumber: 867 -+gidnumber: 867 -+homeDirectory: /home/uid867 -+ -+dn: cn=user868,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user868 -+sn: user868 -+uid: uid868 -+givenname: givenname868 -+description: description868 -+userPassword: password868 -+mail: uid868 -+uidnumber: 868 -+gidnumber: 868 -+homeDirectory: /home/uid868 -+ -+dn: cn=user869,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user869 -+sn: user869 -+uid: uid869 -+givenname: givenname869 -+description: description869 -+userPassword: password869 -+mail: uid869 -+uidnumber: 869 -+gidnumber: 869 -+homeDirectory: /home/uid869 -+ -+dn: cn=user870,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user870 -+sn: user870 -+uid: uid870 -+givenname: givenname870 -+description: description870 -+userPassword: password870 -+mail: uid870 -+uidnumber: 870 -+gidnumber: 870 -+homeDirectory: /home/uid870 -+ -+dn: cn=user871,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user871 -+sn: user871 -+uid: uid871 -+givenname: givenname871 -+description: description871 -+userPassword: password871 -+mail: uid871 -+uidnumber: 871 -+gidnumber: 871 -+homeDirectory: /home/uid871 -+ -+dn: cn=user872,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user872 -+sn: user872 -+uid: uid872 -+givenname: givenname872 -+description: description872 -+userPassword: password872 -+mail: uid872 -+uidnumber: 872 -+gidnumber: 872 -+homeDirectory: /home/uid872 -+ -+dn: cn=user873,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user873 -+sn: user873 -+uid: uid873 -+givenname: givenname873 -+description: description873 -+userPassword: password873 -+mail: uid873 -+uidnumber: 873 -+gidnumber: 873 -+homeDirectory: /home/uid873 -+ -+dn: cn=user874,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user874 -+sn: user874 -+uid: uid874 -+givenname: givenname874 -+description: description874 -+userPassword: password874 -+mail: uid874 -+uidnumber: 874 -+gidnumber: 874 -+homeDirectory: /home/uid874 -+ -+dn: cn=user875,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user875 -+sn: user875 -+uid: uid875 -+givenname: givenname875 -+description: description875 -+userPassword: password875 -+mail: uid875 -+uidnumber: 875 -+gidnumber: 875 -+homeDirectory: /home/uid875 -+ -+dn: cn=user876,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user876 -+sn: user876 -+uid: uid876 -+givenname: givenname876 -+description: description876 -+userPassword: password876 -+mail: uid876 -+uidnumber: 876 -+gidnumber: 876 -+homeDirectory: /home/uid876 -+ -+dn: cn=user877,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user877 -+sn: user877 -+uid: uid877 -+givenname: givenname877 -+description: description877 -+userPassword: password877 -+mail: uid877 -+uidnumber: 877 -+gidnumber: 877 -+homeDirectory: /home/uid877 -+ -+dn: cn=user878,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user878 -+sn: user878 -+uid: uid878 -+givenname: givenname878 -+description: description878 -+userPassword: password878 -+mail: uid878 -+uidnumber: 878 -+gidnumber: 878 -+homeDirectory: /home/uid878 -+ -+dn: cn=user879,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user879 -+sn: user879 -+uid: uid879 -+givenname: givenname879 -+description: description879 -+userPassword: password879 -+mail: uid879 -+uidnumber: 879 -+gidnumber: 879 -+homeDirectory: /home/uid879 -+ -+dn: cn=user880,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user880 -+sn: user880 -+uid: uid880 -+givenname: givenname880 -+description: description880 -+userPassword: password880 -+mail: uid880 -+uidnumber: 880 -+gidnumber: 880 -+homeDirectory: /home/uid880 -+ -+dn: cn=user881,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user881 -+sn: user881 -+uid: uid881 -+givenname: givenname881 -+description: description881 -+userPassword: password881 -+mail: uid881 -+uidnumber: 881 -+gidnumber: 881 -+homeDirectory: /home/uid881 -+ -+dn: cn=user882,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user882 -+sn: user882 -+uid: uid882 -+givenname: givenname882 -+description: description882 -+userPassword: password882 -+mail: uid882 -+uidnumber: 882 -+gidnumber: 882 -+homeDirectory: /home/uid882 -+ -+dn: cn=user883,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user883 -+sn: user883 -+uid: uid883 -+givenname: givenname883 -+description: description883 -+userPassword: password883 -+mail: uid883 -+uidnumber: 883 -+gidnumber: 883 -+homeDirectory: /home/uid883 -+ -+dn: cn=user884,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user884 -+sn: user884 -+uid: uid884 -+givenname: givenname884 -+description: description884 -+userPassword: password884 -+mail: uid884 -+uidnumber: 884 -+gidnumber: 884 -+homeDirectory: /home/uid884 -+ -+dn: cn=user885,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user885 -+sn: user885 -+uid: uid885 -+givenname: givenname885 -+description: description885 -+userPassword: password885 -+mail: uid885 -+uidnumber: 885 -+gidnumber: 885 -+homeDirectory: /home/uid885 -+ -+dn: cn=user886,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user886 -+sn: user886 -+uid: uid886 -+givenname: givenname886 -+description: description886 -+userPassword: password886 -+mail: uid886 -+uidnumber: 886 -+gidnumber: 886 -+homeDirectory: /home/uid886 -+ -+dn: cn=user887,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user887 -+sn: user887 -+uid: uid887 -+givenname: givenname887 -+description: description887 -+userPassword: password887 -+mail: uid887 -+uidnumber: 887 -+gidnumber: 887 -+homeDirectory: /home/uid887 -+ -+dn: cn=user888,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user888 -+sn: user888 -+uid: uid888 -+givenname: givenname888 -+description: description888 -+userPassword: password888 -+mail: uid888 -+uidnumber: 888 -+gidnumber: 888 -+homeDirectory: /home/uid888 -+ -+dn: cn=user889,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user889 -+sn: user889 -+uid: uid889 -+givenname: givenname889 -+description: description889 -+userPassword: password889 -+mail: uid889 -+uidnumber: 889 -+gidnumber: 889 -+homeDirectory: /home/uid889 -+ -+dn: cn=user890,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user890 -+sn: user890 -+uid: uid890 -+givenname: givenname890 -+description: description890 -+userPassword: password890 -+mail: uid890 -+uidnumber: 890 -+gidnumber: 890 -+homeDirectory: /home/uid890 -+ -+dn: cn=user891,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user891 -+sn: user891 -+uid: uid891 -+givenname: givenname891 -+description: description891 -+userPassword: password891 -+mail: uid891 -+uidnumber: 891 -+gidnumber: 891 -+homeDirectory: /home/uid891 -+ -+dn: cn=user892,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user892 -+sn: user892 -+uid: uid892 -+givenname: givenname892 -+description: description892 -+userPassword: password892 -+mail: uid892 -+uidnumber: 892 -+gidnumber: 892 -+homeDirectory: /home/uid892 -+ -+dn: cn=user893,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user893 -+sn: user893 -+uid: uid893 -+givenname: givenname893 -+description: description893 -+userPassword: password893 -+mail: uid893 -+uidnumber: 893 -+gidnumber: 893 -+homeDirectory: /home/uid893 -+ -+dn: cn=user894,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user894 -+sn: user894 -+uid: uid894 -+givenname: givenname894 -+description: description894 -+userPassword: password894 -+mail: uid894 -+uidnumber: 894 -+gidnumber: 894 -+homeDirectory: /home/uid894 -+ -+dn: cn=user895,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user895 -+sn: user895 -+uid: uid895 -+givenname: givenname895 -+description: description895 -+userPassword: password895 -+mail: uid895 -+uidnumber: 895 -+gidnumber: 895 -+homeDirectory: /home/uid895 -+ -+dn: cn=user896,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user896 -+sn: user896 -+uid: uid896 -+givenname: givenname896 -+description: description896 -+userPassword: password896 -+mail: uid896 -+uidnumber: 896 -+gidnumber: 896 -+homeDirectory: /home/uid896 -+ -+dn: cn=user897,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user897 -+sn: user897 -+uid: uid897 -+givenname: givenname897 -+description: description897 -+userPassword: password897 -+mail: uid897 -+uidnumber: 897 -+gidnumber: 897 -+homeDirectory: /home/uid897 -+ -+dn: cn=user898,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user898 -+sn: user898 -+uid: uid898 -+givenname: givenname898 -+description: description898 -+userPassword: password898 -+mail: uid898 -+uidnumber: 898 -+gidnumber: 898 -+homeDirectory: /home/uid898 -+ -+dn: cn=user899,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user899 -+sn: user899 -+uid: uid899 -+givenname: givenname899 -+description: description899 -+userPassword: password899 -+mail: uid899 -+uidnumber: 899 -+gidnumber: 899 -+homeDirectory: /home/uid899 -+ -+dn: cn=user900,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user900 -+sn: user900 -+uid: uid900 -+givenname: givenname900 -+description: description900 -+userPassword: password900 -+mail: uid900 -+uidnumber: 900 -+gidnumber: 900 -+homeDirectory: /home/uid900 -+ -+dn: cn=user901,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user901 -+sn: user901 -+uid: uid901 -+givenname: givenname901 -+description: description901 -+userPassword: password901 -+mail: uid901 -+uidnumber: 901 -+gidnumber: 901 -+homeDirectory: /home/uid901 -+ -+dn: cn=user902,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user902 -+sn: user902 -+uid: uid902 -+givenname: givenname902 -+description: description902 -+userPassword: password902 -+mail: uid902 -+uidnumber: 902 -+gidnumber: 902 -+homeDirectory: /home/uid902 -+ -+dn: cn=user903,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user903 -+sn: user903 -+uid: uid903 -+givenname: givenname903 -+description: description903 -+userPassword: password903 -+mail: uid903 -+uidnumber: 903 -+gidnumber: 903 -+homeDirectory: /home/uid903 -+ -+dn: cn=user904,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user904 -+sn: user904 -+uid: uid904 -+givenname: givenname904 -+description: description904 -+userPassword: password904 -+mail: uid904 -+uidnumber: 904 -+gidnumber: 904 -+homeDirectory: /home/uid904 -+ -+dn: cn=user905,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user905 -+sn: user905 -+uid: uid905 -+givenname: givenname905 -+description: description905 -+userPassword: password905 -+mail: uid905 -+uidnumber: 905 -+gidnumber: 905 -+homeDirectory: /home/uid905 -+ -+dn: cn=user906,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user906 -+sn: user906 -+uid: uid906 -+givenname: givenname906 -+description: description906 -+userPassword: password906 -+mail: uid906 -+uidnumber: 906 -+gidnumber: 906 -+homeDirectory: /home/uid906 -+ -+dn: cn=user907,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user907 -+sn: user907 -+uid: uid907 -+givenname: givenname907 -+description: description907 -+userPassword: password907 -+mail: uid907 -+uidnumber: 907 -+gidnumber: 907 -+homeDirectory: /home/uid907 -+ -+dn: cn=user908,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user908 -+sn: user908 -+uid: uid908 -+givenname: givenname908 -+description: description908 -+userPassword: password908 -+mail: uid908 -+uidnumber: 908 -+gidnumber: 908 -+homeDirectory: /home/uid908 -+ -+dn: cn=user909,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user909 -+sn: user909 -+uid: uid909 -+givenname: givenname909 -+description: description909 -+userPassword: password909 -+mail: uid909 -+uidnumber: 909 -+gidnumber: 909 -+homeDirectory: /home/uid909 -+ -+dn: cn=user910,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user910 -+sn: user910 -+uid: uid910 -+givenname: givenname910 -+description: description910 -+userPassword: password910 -+mail: uid910 -+uidnumber: 910 -+gidnumber: 910 -+homeDirectory: /home/uid910 -+ -+dn: cn=user911,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user911 -+sn: user911 -+uid: uid911 -+givenname: givenname911 -+description: description911 -+userPassword: password911 -+mail: uid911 -+uidnumber: 911 -+gidnumber: 911 -+homeDirectory: /home/uid911 -+ -+dn: cn=user912,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user912 -+sn: user912 -+uid: uid912 -+givenname: givenname912 -+description: description912 -+userPassword: password912 -+mail: uid912 -+uidnumber: 912 -+gidnumber: 912 -+homeDirectory: /home/uid912 -+ -+dn: cn=user913,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user913 -+sn: user913 -+uid: uid913 -+givenname: givenname913 -+description: description913 -+userPassword: password913 -+mail: uid913 -+uidnumber: 913 -+gidnumber: 913 -+homeDirectory: /home/uid913 -+ -+dn: cn=user914,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user914 -+sn: user914 -+uid: uid914 -+givenname: givenname914 -+description: description914 -+userPassword: password914 -+mail: uid914 -+uidnumber: 914 -+gidnumber: 914 -+homeDirectory: /home/uid914 -+ -+dn: cn=user915,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user915 -+sn: user915 -+uid: uid915 -+givenname: givenname915 -+description: description915 -+userPassword: password915 -+mail: uid915 -+uidnumber: 915 -+gidnumber: 915 -+homeDirectory: /home/uid915 -+ -+dn: cn=user916,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user916 -+sn: user916 -+uid: uid916 -+givenname: givenname916 -+description: description916 -+userPassword: password916 -+mail: uid916 -+uidnumber: 916 -+gidnumber: 916 -+homeDirectory: /home/uid916 -+ -+dn: cn=user917,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user917 -+sn: user917 -+uid: uid917 -+givenname: givenname917 -+description: description917 -+userPassword: password917 -+mail: uid917 -+uidnumber: 917 -+gidnumber: 917 -+homeDirectory: /home/uid917 -+ -+dn: cn=user918,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user918 -+sn: user918 -+uid: uid918 -+givenname: givenname918 -+description: description918 -+userPassword: password918 -+mail: uid918 -+uidnumber: 918 -+gidnumber: 918 -+homeDirectory: /home/uid918 -+ -+dn: cn=user919,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user919 -+sn: user919 -+uid: uid919 -+givenname: givenname919 -+description: description919 -+userPassword: password919 -+mail: uid919 -+uidnumber: 919 -+gidnumber: 919 -+homeDirectory: /home/uid919 -+ -+dn: cn=user920,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user920 -+sn: user920 -+uid: uid920 -+givenname: givenname920 -+description: description920 -+userPassword: password920 -+mail: uid920 -+uidnumber: 920 -+gidnumber: 920 -+homeDirectory: /home/uid920 -+ -+dn: cn=user921,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user921 -+sn: user921 -+uid: uid921 -+givenname: givenname921 -+description: description921 -+userPassword: password921 -+mail: uid921 -+uidnumber: 921 -+gidnumber: 921 -+homeDirectory: /home/uid921 -+ -+dn: cn=user922,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user922 -+sn: user922 -+uid: uid922 -+givenname: givenname922 -+description: description922 -+userPassword: password922 -+mail: uid922 -+uidnumber: 922 -+gidnumber: 922 -+homeDirectory: /home/uid922 -+ -+dn: cn=user923,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user923 -+sn: user923 -+uid: uid923 -+givenname: givenname923 -+description: description923 -+userPassword: password923 -+mail: uid923 -+uidnumber: 923 -+gidnumber: 923 -+homeDirectory: /home/uid923 -+ -+dn: cn=user924,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user924 -+sn: user924 -+uid: uid924 -+givenname: givenname924 -+description: description924 -+userPassword: password924 -+mail: uid924 -+uidnumber: 924 -+gidnumber: 924 -+homeDirectory: /home/uid924 -+ -+dn: cn=user925,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user925 -+sn: user925 -+uid: uid925 -+givenname: givenname925 -+description: description925 -+userPassword: password925 -+mail: uid925 -+uidnumber: 925 -+gidnumber: 925 -+homeDirectory: /home/uid925 -+ -+dn: cn=user926,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user926 -+sn: user926 -+uid: uid926 -+givenname: givenname926 -+description: description926 -+userPassword: password926 -+mail: uid926 -+uidnumber: 926 -+gidnumber: 926 -+homeDirectory: /home/uid926 -+ -+dn: cn=user927,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user927 -+sn: user927 -+uid: uid927 -+givenname: givenname927 -+description: description927 -+userPassword: password927 -+mail: uid927 -+uidnumber: 927 -+gidnumber: 927 -+homeDirectory: /home/uid927 -+ -+dn: cn=user928,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user928 -+sn: user928 -+uid: uid928 -+givenname: givenname928 -+description: description928 -+userPassword: password928 -+mail: uid928 -+uidnumber: 928 -+gidnumber: 928 -+homeDirectory: /home/uid928 -+ -+dn: cn=user929,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user929 -+sn: user929 -+uid: uid929 -+givenname: givenname929 -+description: description929 -+userPassword: password929 -+mail: uid929 -+uidnumber: 929 -+gidnumber: 929 -+homeDirectory: /home/uid929 -+ -+dn: cn=user930,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user930 -+sn: user930 -+uid: uid930 -+givenname: givenname930 -+description: description930 -+userPassword: password930 -+mail: uid930 -+uidnumber: 930 -+gidnumber: 930 -+homeDirectory: /home/uid930 -+ -+dn: cn=user931,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user931 -+sn: user931 -+uid: uid931 -+givenname: givenname931 -+description: description931 -+userPassword: password931 -+mail: uid931 -+uidnumber: 931 -+gidnumber: 931 -+homeDirectory: /home/uid931 -+ -+dn: cn=user932,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user932 -+sn: user932 -+uid: uid932 -+givenname: givenname932 -+description: description932 -+userPassword: password932 -+mail: uid932 -+uidnumber: 932 -+gidnumber: 932 -+homeDirectory: /home/uid932 -+ -+dn: cn=user933,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user933 -+sn: user933 -+uid: uid933 -+givenname: givenname933 -+description: description933 -+userPassword: password933 -+mail: uid933 -+uidnumber: 933 -+gidnumber: 933 -+homeDirectory: /home/uid933 -+ -+dn: cn=user934,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user934 -+sn: user934 -+uid: uid934 -+givenname: givenname934 -+description: description934 -+userPassword: password934 -+mail: uid934 -+uidnumber: 934 -+gidnumber: 934 -+homeDirectory: /home/uid934 -+ -+dn: cn=user935,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user935 -+sn: user935 -+uid: uid935 -+givenname: givenname935 -+description: description935 -+userPassword: password935 -+mail: uid935 -+uidnumber: 935 -+gidnumber: 935 -+homeDirectory: /home/uid935 -+ -+dn: cn=user936,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user936 -+sn: user936 -+uid: uid936 -+givenname: givenname936 -+description: description936 -+userPassword: password936 -+mail: uid936 -+uidnumber: 936 -+gidnumber: 936 -+homeDirectory: /home/uid936 -+ -+dn: cn=user937,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user937 -+sn: user937 -+uid: uid937 -+givenname: givenname937 -+description: description937 -+userPassword: password937 -+mail: uid937 -+uidnumber: 937 -+gidnumber: 937 -+homeDirectory: /home/uid937 -+ -+dn: cn=user938,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user938 -+sn: user938 -+uid: uid938 -+givenname: givenname938 -+description: description938 -+userPassword: password938 -+mail: uid938 -+uidnumber: 938 -+gidnumber: 938 -+homeDirectory: /home/uid938 -+ -+dn: cn=user939,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user939 -+sn: user939 -+uid: uid939 -+givenname: givenname939 -+description: description939 -+userPassword: password939 -+mail: uid939 -+uidnumber: 939 -+gidnumber: 939 -+homeDirectory: /home/uid939 -+ -+dn: cn=user940,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user940 -+sn: user940 -+uid: uid940 -+givenname: givenname940 -+description: description940 -+userPassword: password940 -+mail: uid940 -+uidnumber: 940 -+gidnumber: 940 -+homeDirectory: /home/uid940 -+ -+dn: cn=user941,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user941 -+sn: user941 -+uid: uid941 -+givenname: givenname941 -+description: description941 -+userPassword: password941 -+mail: uid941 -+uidnumber: 941 -+gidnumber: 941 -+homeDirectory: /home/uid941 -+ -+dn: cn=user942,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user942 -+sn: user942 -+uid: uid942 -+givenname: givenname942 -+description: description942 -+userPassword: password942 -+mail: uid942 -+uidnumber: 942 -+gidnumber: 942 -+homeDirectory: /home/uid942 -+ -+dn: cn=user943,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user943 -+sn: user943 -+uid: uid943 -+givenname: givenname943 -+description: description943 -+userPassword: password943 -+mail: uid943 -+uidnumber: 943 -+gidnumber: 943 -+homeDirectory: /home/uid943 -+ -+dn: cn=user944,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user944 -+sn: user944 -+uid: uid944 -+givenname: givenname944 -+description: description944 -+userPassword: password944 -+mail: uid944 -+uidnumber: 944 -+gidnumber: 944 -+homeDirectory: /home/uid944 -+ -+dn: cn=user945,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user945 -+sn: user945 -+uid: uid945 -+givenname: givenname945 -+description: description945 -+userPassword: password945 -+mail: uid945 -+uidnumber: 945 -+gidnumber: 945 -+homeDirectory: /home/uid945 -+ -+dn: cn=user946,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user946 -+sn: user946 -+uid: uid946 -+givenname: givenname946 -+description: description946 -+userPassword: password946 -+mail: uid946 -+uidnumber: 946 -+gidnumber: 946 -+homeDirectory: /home/uid946 -+ -+dn: cn=user947,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user947 -+sn: user947 -+uid: uid947 -+givenname: givenname947 -+description: description947 -+userPassword: password947 -+mail: uid947 -+uidnumber: 947 -+gidnumber: 947 -+homeDirectory: /home/uid947 -+ -+dn: cn=user948,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user948 -+sn: user948 -+uid: uid948 -+givenname: givenname948 -+description: description948 -+userPassword: password948 -+mail: uid948 -+uidnumber: 948 -+gidnumber: 948 -+homeDirectory: /home/uid948 -+ -+dn: cn=user949,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user949 -+sn: user949 -+uid: uid949 -+givenname: givenname949 -+description: description949 -+userPassword: password949 -+mail: uid949 -+uidnumber: 949 -+gidnumber: 949 -+homeDirectory: /home/uid949 -+ -+dn: cn=user950,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user950 -+sn: user950 -+uid: uid950 -+givenname: givenname950 -+description: description950 -+userPassword: password950 -+mail: uid950 -+uidnumber: 950 -+gidnumber: 950 -+homeDirectory: /home/uid950 -+ -+dn: cn=user951,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user951 -+sn: user951 -+uid: uid951 -+givenname: givenname951 -+description: description951 -+userPassword: password951 -+mail: uid951 -+uidnumber: 951 -+gidnumber: 951 -+homeDirectory: /home/uid951 -+ -+dn: cn=user952,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user952 -+sn: user952 -+uid: uid952 -+givenname: givenname952 -+description: description952 -+userPassword: password952 -+mail: uid952 -+uidnumber: 952 -+gidnumber: 952 -+homeDirectory: /home/uid952 -+ -+dn: cn=user953,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user953 -+sn: user953 -+uid: uid953 -+givenname: givenname953 -+description: description953 -+userPassword: password953 -+mail: uid953 -+uidnumber: 953 -+gidnumber: 953 -+homeDirectory: /home/uid953 -+ -+dn: cn=user954,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user954 -+sn: user954 -+uid: uid954 -+givenname: givenname954 -+description: description954 -+userPassword: password954 -+mail: uid954 -+uidnumber: 954 -+gidnumber: 954 -+homeDirectory: /home/uid954 -+ -+dn: cn=user955,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user955 -+sn: user955 -+uid: uid955 -+givenname: givenname955 -+description: description955 -+userPassword: password955 -+mail: uid955 -+uidnumber: 955 -+gidnumber: 955 -+homeDirectory: /home/uid955 -+ -+dn: cn=user956,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user956 -+sn: user956 -+uid: uid956 -+givenname: givenname956 -+description: description956 -+userPassword: password956 -+mail: uid956 -+uidnumber: 956 -+gidnumber: 956 -+homeDirectory: /home/uid956 -+ -+dn: cn=user957,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user957 -+sn: user957 -+uid: uid957 -+givenname: givenname957 -+description: description957 -+userPassword: password957 -+mail: uid957 -+uidnumber: 957 -+gidnumber: 957 -+homeDirectory: /home/uid957 -+ -+dn: cn=user958,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user958 -+sn: user958 -+uid: uid958 -+givenname: givenname958 -+description: description958 -+userPassword: password958 -+mail: uid958 -+uidnumber: 958 -+gidnumber: 958 -+homeDirectory: /home/uid958 -+ -+dn: cn=user959,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user959 -+sn: user959 -+uid: uid959 -+givenname: givenname959 -+description: description959 -+userPassword: password959 -+mail: uid959 -+uidnumber: 959 -+gidnumber: 959 -+homeDirectory: /home/uid959 -+ -+dn: cn=user960,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user960 -+sn: user960 -+uid: uid960 -+givenname: givenname960 -+description: description960 -+userPassword: password960 -+mail: uid960 -+uidnumber: 960 -+gidnumber: 960 -+homeDirectory: /home/uid960 -+ -+dn: cn=user961,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user961 -+sn: user961 -+uid: uid961 -+givenname: givenname961 -+description: description961 -+userPassword: password961 -+mail: uid961 -+uidnumber: 961 -+gidnumber: 961 -+homeDirectory: /home/uid961 -+ -+dn: cn=user962,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user962 -+sn: user962 -+uid: uid962 -+givenname: givenname962 -+description: description962 -+userPassword: password962 -+mail: uid962 -+uidnumber: 962 -+gidnumber: 962 -+homeDirectory: /home/uid962 -+ -+dn: cn=user963,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user963 -+sn: user963 -+uid: uid963 -+givenname: givenname963 -+description: description963 -+userPassword: password963 -+mail: uid963 -+uidnumber: 963 -+gidnumber: 963 -+homeDirectory: /home/uid963 -+ -+dn: cn=user964,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user964 -+sn: user964 -+uid: uid964 -+givenname: givenname964 -+description: description964 -+userPassword: password964 -+mail: uid964 -+uidnumber: 964 -+gidnumber: 964 -+homeDirectory: /home/uid964 -+ -+dn: cn=user965,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user965 -+sn: user965 -+uid: uid965 -+givenname: givenname965 -+description: description965 -+userPassword: password965 -+mail: uid965 -+uidnumber: 965 -+gidnumber: 965 -+homeDirectory: /home/uid965 -+ -+dn: cn=user966,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user966 -+sn: user966 -+uid: uid966 -+givenname: givenname966 -+description: description966 -+userPassword: password966 -+mail: uid966 -+uidnumber: 966 -+gidnumber: 966 -+homeDirectory: /home/uid966 -+ -+dn: cn=user967,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user967 -+sn: user967 -+uid: uid967 -+givenname: givenname967 -+description: description967 -+userPassword: password967 -+mail: uid967 -+uidnumber: 967 -+gidnumber: 967 -+homeDirectory: /home/uid967 -+ -+dn: cn=user968,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user968 -+sn: user968 -+uid: uid968 -+givenname: givenname968 -+description: description968 -+userPassword: password968 -+mail: uid968 -+uidnumber: 968 -+gidnumber: 968 -+homeDirectory: /home/uid968 -+ -+dn: cn=user969,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user969 -+sn: user969 -+uid: uid969 -+givenname: givenname969 -+description: description969 -+userPassword: password969 -+mail: uid969 -+uidnumber: 969 -+gidnumber: 969 -+homeDirectory: /home/uid969 -+ -+dn: cn=user970,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user970 -+sn: user970 -+uid: uid970 -+givenname: givenname970 -+description: description970 -+userPassword: password970 -+mail: uid970 -+uidnumber: 970 -+gidnumber: 970 -+homeDirectory: /home/uid970 -+ -+dn: cn=user971,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user971 -+sn: user971 -+uid: uid971 -+givenname: givenname971 -+description: description971 -+userPassword: password971 -+mail: uid971 -+uidnumber: 971 -+gidnumber: 971 -+homeDirectory: /home/uid971 -+ -+dn: cn=user972,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user972 -+sn: user972 -+uid: uid972 -+givenname: givenname972 -+description: description972 -+userPassword: password972 -+mail: uid972 -+uidnumber: 972 -+gidnumber: 972 -+homeDirectory: /home/uid972 -+ -+dn: cn=user973,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user973 -+sn: user973 -+uid: uid973 -+givenname: givenname973 -+description: description973 -+userPassword: password973 -+mail: uid973 -+uidnumber: 973 -+gidnumber: 973 -+homeDirectory: /home/uid973 -+ -+dn: cn=user974,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user974 -+sn: user974 -+uid: uid974 -+givenname: givenname974 -+description: description974 -+userPassword: password974 -+mail: uid974 -+uidnumber: 974 -+gidnumber: 974 -+homeDirectory: /home/uid974 -+ -+dn: cn=user975,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user975 -+sn: user975 -+uid: uid975 -+givenname: givenname975 -+description: description975 -+userPassword: password975 -+mail: uid975 -+uidnumber: 975 -+gidnumber: 975 -+homeDirectory: /home/uid975 -+ -+dn: cn=user976,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user976 -+sn: user976 -+uid: uid976 -+givenname: givenname976 -+description: description976 -+userPassword: password976 -+mail: uid976 -+uidnumber: 976 -+gidnumber: 976 -+homeDirectory: /home/uid976 -+ -+dn: cn=user977,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user977 -+sn: user977 -+uid: uid977 -+givenname: givenname977 -+description: description977 -+userPassword: password977 -+mail: uid977 -+uidnumber: 977 -+gidnumber: 977 -+homeDirectory: /home/uid977 -+ -+dn: cn=user978,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user978 -+sn: user978 -+uid: uid978 -+givenname: givenname978 -+description: description978 -+userPassword: password978 -+mail: uid978 -+uidnumber: 978 -+gidnumber: 978 -+homeDirectory: /home/uid978 -+ -+dn: cn=user979,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user979 -+sn: user979 -+uid: uid979 -+givenname: givenname979 -+description: description979 -+userPassword: password979 -+mail: uid979 -+uidnumber: 979 -+gidnumber: 979 -+homeDirectory: /home/uid979 -+ -+dn: cn=user980,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user980 -+sn: user980 -+uid: uid980 -+givenname: givenname980 -+description: description980 -+userPassword: password980 -+mail: uid980 -+uidnumber: 980 -+gidnumber: 980 -+homeDirectory: /home/uid980 -+ -+dn: cn=user981,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user981 -+sn: user981 -+uid: uid981 -+givenname: givenname981 -+description: description981 -+userPassword: password981 -+mail: uid981 -+uidnumber: 981 -+gidnumber: 981 -+homeDirectory: /home/uid981 -+ -+dn: cn=user982,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user982 -+sn: user982 -+uid: uid982 -+givenname: givenname982 -+description: description982 -+userPassword: password982 -+mail: uid982 -+uidnumber: 982 -+gidnumber: 982 -+homeDirectory: /home/uid982 -+ -+dn: cn=user983,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user983 -+sn: user983 -+uid: uid983 -+givenname: givenname983 -+description: description983 -+userPassword: password983 -+mail: uid983 -+uidnumber: 983 -+gidnumber: 983 -+homeDirectory: /home/uid983 -+ -+dn: cn=user984,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user984 -+sn: user984 -+uid: uid984 -+givenname: givenname984 -+description: description984 -+userPassword: password984 -+mail: uid984 -+uidnumber: 984 -+gidnumber: 984 -+homeDirectory: /home/uid984 -+ -+dn: cn=user985,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user985 -+sn: user985 -+uid: uid985 -+givenname: givenname985 -+description: description985 -+userPassword: password985 -+mail: uid985 -+uidnumber: 985 -+gidnumber: 985 -+homeDirectory: /home/uid985 -+ -+dn: cn=user986,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user986 -+sn: user986 -+uid: uid986 -+givenname: givenname986 -+description: description986 -+userPassword: password986 -+mail: uid986 -+uidnumber: 986 -+gidnumber: 986 -+homeDirectory: /home/uid986 -+ -+dn: cn=user987,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user987 -+sn: user987 -+uid: uid987 -+givenname: givenname987 -+description: description987 -+userPassword: password987 -+mail: uid987 -+uidnumber: 987 -+gidnumber: 987 -+homeDirectory: /home/uid987 -+ -+dn: cn=user988,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user988 -+sn: user988 -+uid: uid988 -+givenname: givenname988 -+description: description988 -+userPassword: password988 -+mail: uid988 -+uidnumber: 988 -+gidnumber: 988 -+homeDirectory: /home/uid988 -+ -+dn: cn=user989,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user989 -+sn: user989 -+uid: uid989 -+givenname: givenname989 -+description: description989 -+userPassword: password989 -+mail: uid989 -+uidnumber: 989 -+gidnumber: 989 -+homeDirectory: /home/uid989 -+ -+dn: cn=user990,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user990 -+sn: user990 -+uid: uid990 -+givenname: givenname990 -+description: description990 -+userPassword: password990 -+mail: uid990 -+uidnumber: 990 -+gidnumber: 990 -+homeDirectory: /home/uid990 -+ -+dn: cn=user991,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user991 -+sn: user991 -+uid: uid991 -+givenname: givenname991 -+description: description991 -+userPassword: password991 -+mail: uid991 -+uidnumber: 991 -+gidnumber: 991 -+homeDirectory: /home/uid991 -+ -+dn: cn=user992,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user992 -+sn: user992 -+uid: uid992 -+givenname: givenname992 -+description: description992 -+userPassword: password992 -+mail: uid992 -+uidnumber: 992 -+gidnumber: 992 -+homeDirectory: /home/uid992 -+ -+dn: cn=user993,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user993 -+sn: user993 -+uid: uid993 -+givenname: givenname993 -+description: description993 -+userPassword: password993 -+mail: uid993 -+uidnumber: 993 -+gidnumber: 993 -+homeDirectory: /home/uid993 -+ -+dn: cn=user994,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user994 -+sn: user994 -+uid: uid994 -+givenname: givenname994 -+description: description994 -+userPassword: password994 -+mail: uid994 -+uidnumber: 994 -+gidnumber: 994 -+homeDirectory: /home/uid994 -+ -+dn: cn=user995,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user995 -+sn: user995 -+uid: uid995 -+givenname: givenname995 -+description: description995 -+userPassword: password995 -+mail: uid995 -+uidnumber: 995 -+gidnumber: 995 -+homeDirectory: /home/uid995 -+ -+dn: cn=user996,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user996 -+sn: user996 -+uid: uid996 -+givenname: givenname996 -+description: description996 -+userPassword: password996 -+mail: uid996 -+uidnumber: 996 -+gidnumber: 996 -+homeDirectory: /home/uid996 -+ -+dn: cn=user997,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user997 -+sn: user997 -+uid: uid997 -+givenname: givenname997 -+description: description997 -+userPassword: password997 -+mail: uid997 -+uidnumber: 997 -+gidnumber: 997 -+homeDirectory: /home/uid997 -+ -+dn: cn=user998,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user998 -+sn: user998 -+uid: uid998 -+givenname: givenname998 -+description: description998 -+userPassword: password998 -+mail: uid998 -+uidnumber: 998 -+gidnumber: 998 -+homeDirectory: /home/uid998 -+ -+dn: cn=user999,ou=People,dc=example,dc=com -+objectClass: top -+objectClass: person -+objectClass: organizationalPerson -+objectClass: inetOrgPerson -+objectClass: posixAccount -+cn: user999 -+sn: user999 -+uid: uid999 -+givenname: givenname999 -+description: description999 -+userPassword: password999 -+mail: uid999 -+uidnumber: 999 -+gidnumber: 999 -+homeDirectory: /home/uid999 -+ -diff --git a/dirsrvtests/tickets/ticket48212_test.py b/dirsrvtests/tickets/ticket48212_test.py -new file mode 100644 -index 0000000..c3c8c8f ---- /dev/null -+++ b/dirsrvtests/tickets/ticket48212_test.py -@@ -0,0 +1,210 @@ -+import os -+import sys -+import time -+import ldap -+import logging -+import pytest -+from lib389 import DirSrv, Entry, tools, tasks -+from lib389.tools import DirSrvTools -+from lib389._constants import * -+from lib389.properties import * -+from lib389.tasks import * -+from ldap.controls import SimplePagedResultsControl -+ -+log = logging.getLogger(__name__) -+ -+installation_prefix = None -+ -+MYSUFFIX = 'dc=example,dc=com' -+MYSUFFIXBE = 'userRoot' -+_MYLDIF = 'example1k_posix.ldif' -+UIDNUMBERDN = "cn=uidnumber,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config" -+ -+class TopologyStandalone(object): -+ def __init__(self, standalone): -+ standalone.open() -+ self.standalone = standalone -+ -+ -+@pytest.fixture(scope="module") -+def topology(request): -+ ''' -+ This fixture is used to standalone topology for the 'module'. -+ ''' -+ global installation_prefix -+ -+ if installation_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation_prefix -+ -+ standalone = DirSrv(verbose=False) -+ -+ # Args for the standalone instance -+ args_instance[SER_HOST] = HOST_STANDALONE -+ args_instance[SER_PORT] = PORT_STANDALONE -+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE -+ args_standalone = args_instance.copy() -+ standalone.allocate(args_standalone) -+ -+ # Get the status of the instance and restart it if it exists -+ instance_standalone = standalone.exists() -+ -+ # Remove the instance -+ if instance_standalone: -+ standalone.delete() -+ -+ # Create the instance -+ standalone.create() -+ -+ # Used to retrieve configuration information (dbdir, confdir...) -+ standalone.open() -+ -+ # clear the tmp directory -+ standalone.clearTmpDir(__file__) -+ -+ # Here we have standalone instance up and running -+ return TopologyStandalone(standalone) -+ -+def runDbVerify(topology): -+ topology.standalone.log.info("\n\n +++++ dbverify +++++\n") -+ dbverifyCMD = topology.standalone.sroot + "/slapd-" + topology.standalone.inst + "/dbverify -V" -+ dbverifyOUT = os.popen(dbverifyCMD, "r") -+ topology.standalone.log.info("Running %s" % dbverifyCMD) -+ running = True -+ error = False -+ while running: -+ l = dbverifyOUT.readline() -+ if l == "": -+ running = False -+ elif "libdb:" in l: -+ running = False -+ error = True -+ topology.standalone.log.info("%s" % l) -+ elif "verify failed" in l: -+ error = True -+ running = False -+ topology.standalone.log.info("%s" % l) -+ -+ if error: -+ topology.standalone.log.fatal("dbverify failed") -+ assert False -+ else: -+ topology.standalone.log.info("dbverify passed") -+ -+def reindexUidNumber(topology): -+ topology.standalone.log.info("\n\n +++++ reindex uidnumber +++++\n") -+ indexCMD = topology.standalone.sroot + "/slapd-" + topology.standalone.inst + "/db2index.pl -D \"" + DN_DM + "\" -w \"" + PASSWORD + "\" -n " + MYSUFFIXBE + " -t uidnumber" -+ -+ indexOUT = os.popen(indexCMD, "r") -+ topology.standalone.log.info("Running %s" % indexCMD) -+ -+ time.sleep(10) -+ -+ tailCMD = "tail -n 3 " + topology.standalone.errlog -+ tailOUT = os.popen(tailCMD, "r") -+ running = True -+ done = False -+ while running: -+ l = tailOUT.readline() -+ if l == "": -+ running = False -+ elif "Finished indexing" in l: -+ running = False -+ done = True -+ topology.standalone.log.info("%s" % l) -+ -+ if done: -+ topology.standalone.log.info("%s done" % indexCMD) -+ else: -+ topology.standalone.log.fatal("%s did not finish" % indexCMD) -+ assert False -+ -+def test_ticket48212_run(topology): -+ """ -+ Import posixAccount entries. -+ Index uidNumber -+ add nsMatchingRule: integerOrderingMatch -+ run dbverify to see if it reports the db corruption or not -+ delete nsMatchingRule: integerOrderingMatch -+ run dbverify to see if it reports the db corruption or not -+ if no corruption is reported, the bug fix was verified. -+ """ -+ log.info('Testing Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the attrinfo thus following reindexing, as well.') -+ -+ # bind as directory manager -+ topology.standalone.log.info("Bind as %s" % DN_DM) -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ -+ -+ data_dir_path = topology.standalone.getDir(__file__, DATA_DIR) -+ ldif_file = data_dir_path + "ticket48212/" + _MYLDIF -+ topology.standalone.log.info("\n\n######################### Import Test data (%s) ######################\n" % ldif_file) -+ args = {TASK_WAIT: True} -+ importTask = Tasks(topology.standalone) -+ importTask.importLDIF(MYSUFFIX, MYSUFFIXBE, ldif_file, args) -+ args = {TASK_WAIT: True} -+ -+ runDbVerify(topology) -+ -+ topology.standalone.log.info("\n\n######################### Add index by uidnumber ######################\n") -+ try: -+ topology.standalone.add_s(Entry((UIDNUMBERDN, {'objectclass': "top nsIndex".split(), -+ 'cn': 'uidnumber', -+ 'nsSystemIndex': 'false', -+ 'nsIndexType': "pres eq".split()}))) -+ except ValueError: -+ topology.standalone.log.fatal("add_s failed: %s", ValueError) -+ -+ topology.standalone.log.info("\n\n######################### reindexing... ######################\n") -+ reindexUidNumber(topology) -+ -+ runDbVerify(topology) -+ -+ topology.standalone.log.info("\n\n######################### Add nsMatchingRule ######################\n") -+ try: -+ topology.standalone.modify_s(UIDNUMBERDN, [(ldap.MOD_ADD, 'nsMatchingRule', 'integerOrderingMatch')]) -+ except ValueError: -+ topology.standalone.log.fatal("modify_s failed: %s", ValueError) -+ -+ topology.standalone.log.info("\n\n######################### reindexing... ######################\n") -+ reindexUidNumber(topology) -+ -+ runDbVerify(topology) -+ -+ topology.standalone.log.info("\n\n######################### Delete nsMatchingRule ######################\n") -+ try: -+ topology.standalone.modify_s(UIDNUMBERDN, [(ldap.MOD_DELETE, 'nsMatchingRule', 'integerOrderingMatch')]) -+ except ValueError: -+ topology.standalone.log.fatal("modify_s failed: %s", ValueError) -+ -+ reindexUidNumber(topology) -+ -+ runDbVerify(topology) -+ -+ topology.standalone.log.info("ticket48212 was successfully verified.") -+ -+ -+def test_ticket48212_final(topology): -+ topology.standalone.delete() -+ log.info('Testcase PASSED') -+ -+ -+def run_isolated(): -+ ''' -+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..) -+ To run isolated without py.test, you need to -+ - edit this file and comment '@pytest.fixture' line before 'topology' function. -+ - set the installation prefix -+ - run this program -+ ''' -+ global installation_prefix -+ installation_prefix = None -+ -+ topo = topology(True) -+ test_ticket48212_run(topo) -+ -+ test_ticket48212_final(topo) -+ -+ -+if __name__ == '__main__': -+ run_isolated() -+ --- -1.9.3 - diff --git a/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch b/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch new file mode 100644 index 0000000..7ba20c3 --- /dev/null +++ b/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch @@ -0,0 +1,462 @@ +From 80e8d8fc8eb44d45af5285308cda37553611f688 Mon Sep 17 00:00:00 2001 +From: William Brown +Date: Sat, 9 Jul 2016 19:02:37 +1000 +Subject: [PATCH 04/15] Ticket 48916 - DNA Threshold set to 0 causes SIGFPE + +Bug Description: If the DNA threshold was set to 0, a divide by zero would +occur when requesting ranges. + +Fix Description: Prevent the config from setting a value of 0 for dna threshold. + +If an existing site has a threshold of 0, we guard the divide operation, and +return an operations error instead. + +https://fedorahosted.org/389/ticket/48916 + +Author: wibrown + +Review by: nhosoi, mreynolds (Thank you!) + +(cherry picked from commit 05ebb6d10cf0ec8e03c59bade7f819ddb1fdcf78) +--- + .gitignore | 1 + + dirsrvtests/tests/tickets/ticket48916_test.py | 253 ++++++++++++++++++++++++++ + ldap/servers/plugins/dna/dna.c | 40 +++- + 3 files changed, 289 insertions(+), 5 deletions(-) + create mode 100644 dirsrvtests/tests/tickets/ticket48916_test.py + +diff --git a/.gitignore b/.gitignore +index f6583c2..f92bcd8 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -5,6 +5,7 @@ autom4te.cache + .cproject + .project + .settings ++.cache + *.a + *.dirstamp + *.la +diff --git a/dirsrvtests/tests/tickets/ticket48916_test.py b/dirsrvtests/tests/tickets/ticket48916_test.py +new file mode 100644 +index 0000000..44c96da +--- /dev/null ++++ b/dirsrvtests/tests/tickets/ticket48916_test.py +@@ -0,0 +1,253 @@ ++import os ++import sys ++import time ++import ldap ++import logging ++import pytest ++from lib389 import DirSrv, Entry, tools, tasks ++from lib389.tools import DirSrvTools ++from lib389._constants import * ++from lib389.properties import * ++from lib389.tasks import * ++from lib389.utils import * ++ ++DEBUGGING = False ++ ++if DEBUGGING: ++ logging.getLogger(__name__).setLevel(logging.DEBUG) ++else: ++ logging.getLogger(__name__).setLevel(logging.INFO) ++ ++ ++log = logging.getLogger(__name__) ++ ++ ++class TopologyReplication(object): ++ """The Replication Topology Class""" ++ def __init__(self, master1, master2): ++ """Init""" ++ master1.open() ++ self.master1 = master1 ++ master2.open() ++ self.master2 = master2 ++ ++ ++@pytest.fixture(scope="module") ++def topology(request): ++ """Create Replication Deployment""" ++ ++ # Creating master 1... ++ if DEBUGGING: ++ master1 = DirSrv(verbose=True) ++ else: ++ master1 = DirSrv(verbose=False) ++ args_instance[SER_HOST] = HOST_MASTER_1 ++ args_instance[SER_PORT] = PORT_MASTER_1 ++ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1 ++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX ++ args_master = args_instance.copy() ++ master1.allocate(args_master) ++ instance_master1 = master1.exists() ++ if instance_master1: ++ master1.delete() ++ master1.create() ++ master1.open() ++ master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1) ++ ++ # Creating master 2... ++ if DEBUGGING: ++ master2 = DirSrv(verbose=True) ++ else: ++ master2 = DirSrv(verbose=False) ++ args_instance[SER_HOST] = HOST_MASTER_2 ++ args_instance[SER_PORT] = PORT_MASTER_2 ++ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2 ++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX ++ args_master = args_instance.copy() ++ master2.allocate(args_master) ++ instance_master2 = master2.exists() ++ if instance_master2: ++ master2.delete() ++ master2.create() ++ master2.open() ++ master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2) ++ ++ # ++ # Create all the agreements ++ # ++ # Creating agreement from master 1 to master 2 ++ properties = {RA_NAME: 'meTo_' + master2.host + ':' + str(master2.port), ++ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN], ++ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW], ++ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD], ++ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]} ++ m1_m2_agmt = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties) ++ if not m1_m2_agmt: ++ log.fatal("Fail to create a master -> master replica agreement") ++ sys.exit(1) ++ log.debug("%s created" % m1_m2_agmt) ++ ++ # Creating agreement from master 2 to master 1 ++ properties = {RA_NAME: 'meTo_' + master1.host + ':' + str(master1.port), ++ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN], ++ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW], ++ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD], ++ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]} ++ m2_m1_agmt = master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties) ++ if not m2_m1_agmt: ++ log.fatal("Fail to create a master -> master replica agreement") ++ sys.exit(1) ++ log.debug("%s created" % m2_m1_agmt) ++ ++ # Allow the replicas to get situated with the new agreements... ++ time.sleep(5) ++ ++ # ++ # Initialize all the agreements ++ # ++ master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2) ++ master1.waitForReplInit(m1_m2_agmt) ++ ++ # Check replication is working... ++ if master1.testReplication(DEFAULT_SUFFIX, master2): ++ log.info('Replication is working.') ++ else: ++ log.fatal('Replication is not working.') ++ assert False ++ ++ def fin(): ++ """If we are debugging just stop the instances, otherwise remove ++ them ++ """ ++ if DEBUGGING: ++ master1.stop() ++ master2.stop() ++ else: ++ master1.delete() ++ master2.delete() ++ ++ request.addfinalizer(fin) ++ ++ # Clear out the tmp dir ++ master1.clearTmpDir(__file__) ++ ++ return TopologyReplication(master1, master2) ++ ++ ++def _create_user(inst, idnum): ++ inst.add_s(Entry( ++ ('uid=user%s,ou=People,%s' % (idnum, DEFAULT_SUFFIX), { ++ 'objectClass' : 'top account posixAccount'.split(' '), ++ 'cn' : 'user', ++ 'uid' : 'user%s' % idnum, ++ 'homeDirectory' : '/home/user%s' % idnum, ++ 'loginShell' : '/bin/nologin', ++ 'gidNumber' : '-1', ++ 'uidNumber' : '-1', ++ }) ++ )) ++ ++def test_ticket48916(topology): ++ """ ++ https://bugzilla.redhat.com/show_bug.cgi?id=1353629 ++ ++ This is an issue with ID exhaustion in DNA causing a crash. ++ ++ To access each DirSrv instance use: topology.master1, topology.master2, ++ ..., topology.hub1, ..., topology.consumer1,... ++ ++ ++ """ ++ ++ if DEBUGGING: ++ # Add debugging steps(if any)... ++ pass ++ ++ # Enable the plugin on both servers ++ ++ dna_m1 = topology.master1.plugins.get('Distributed Numeric Assignment Plugin') ++ dna_m2 = topology.master2.plugins.get('Distributed Numeric Assignment Plugin') ++ ++ # Configure it ++ # Create the container for the ranges to go into. ++ ++ topology.master1.add_s(Entry( ++ ('ou=Ranges,%s' % DEFAULT_SUFFIX, { ++ 'objectClass' : 'top organizationalUnit'.split(' '), ++ 'ou' : 'Ranges', ++ }) ++ )) ++ ++ # Create the dnaAdmin? ++ ++ # For now we just pinch the dn from the dna_m* types, and add the relevant child config ++ # but in the future, this could be a better plugin template type from lib389 ++ ++ config_dn = dna_m1.dn ++ ++ topology.master1.add_s(Entry( ++ ('cn=uids,%s' % config_dn, { ++ 'objectClass' : 'top dnaPluginConfig'.split(' '), ++ 'cn': 'uids', ++ 'dnatype': 'uidNumber gidNumber'.split(' '), ++ 'dnafilter': '(objectclass=posixAccount)', ++ 'dnascope': '%s' % DEFAULT_SUFFIX, ++ 'dnaNextValue': '1', ++ 'dnaMaxValue': '50', ++ 'dnasharedcfgdn': 'ou=Ranges,%s' % DEFAULT_SUFFIX, ++ 'dnaThreshold': '0', ++ 'dnaRangeRequestTimeout': '60', ++ 'dnaMagicRegen': '-1', ++ 'dnaRemoteBindDN': 'uid=dnaAdmin,ou=People,%s' % DEFAULT_SUFFIX, ++ 'dnaRemoteBindCred': 'secret123', ++ 'dnaNextRange': '80-90' ++ }) ++ )) ++ ++ topology.master2.add_s(Entry( ++ ('cn=uids,%s' % config_dn, { ++ 'objectClass' : 'top dnaPluginConfig'.split(' '), ++ 'cn': 'uids', ++ 'dnatype': 'uidNumber gidNumber'.split(' '), ++ 'dnafilter': '(objectclass=posixAccount)', ++ 'dnascope': '%s' % DEFAULT_SUFFIX, ++ 'dnaNextValue': '61', ++ 'dnaMaxValue': '70', ++ 'dnasharedcfgdn': 'ou=Ranges,%s' % DEFAULT_SUFFIX, ++ 'dnaThreshold': '2', ++ 'dnaRangeRequestTimeout': '60', ++ 'dnaMagicRegen': '-1', ++ 'dnaRemoteBindDN': 'uid=dnaAdmin,ou=People,%s' % DEFAULT_SUFFIX, ++ 'dnaRemoteBindCred': 'secret123', ++ }) ++ )) ++ ++ ++ # Enable the plugins ++ dna_m1.enable() ++ dna_m2.enable() ++ ++ # Restart the instances ++ topology.master1.restart(60) ++ topology.master2.restart(60) ++ ++ # Wait for a replication ..... ++ time.sleep(40) ++ ++ # Allocate the 10 members to exhaust ++ ++ for i in range(1,11): ++ _create_user(topology.master2, i) ++ ++ # Allocate the 11th ++ _create_user(topology.master2, 11) ++ ++ log.info('Test PASSED') ++ ++ ++if __name__ == '__main__': ++ # Run isolated ++ # -s for DEBUG mode ++ CURRENT_FILE = os.path.realpath(__file__) ++ pytest.main("-s %s" % CURRENT_FILE) ++ +diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c +index 2908443..cf640d8 100644 +--- a/ldap/servers/plugins/dna/dna.c ++++ b/ldap/servers/plugins/dna/dna.c +@@ -1244,6 +1244,12 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry * e, int apply) + slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, + "----------> %s [%s]\n", DNA_THRESHOLD, value); + ++ if (entry->threshold <= 0) { ++ entry->threshold = 1; ++ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, ++ "----------> %s too low, setting to [%s]\n", DNA_THRESHOLD, value); ++ } ++ + slapi_ch_free_string(&value); + } else { + entry->threshold = 1; +@@ -2171,7 +2177,7 @@ static int dna_dn_is_config(char *dn) + int ret = 0; + + slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, +- "--> dna_is_config\n"); ++ "--> dna_is_config %s\n", dn); + + if (slapi_dn_issuffix(dn, getPluginDN())) { + ret = 1; +@@ -3404,18 +3410,21 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr) + + /* Did we already service all of these configured types? */ + if (dna_list_contains_types(generated_types, config_entry->types)) { ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " no types to act upon.\n"); + goto next; + } + + /* is the entry in scope? */ + if (config_entry->scope && + !slapi_dn_issuffix(dn, config_entry->scope)) { ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " dn not in scope\n"); + goto next; + } + + /* is this entry in an excluded scope? */ + for (i = 0; config_entry->excludescope && config_entry->excludescope[i]; i++) { + if (slapi_dn_issuffix(dn, slapi_sdn_get_dn(config_entry->excludescope[i]))) { ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " dn in excluded scope\n"); + goto next; + } + } +@@ -3424,7 +3433,8 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr) + if (config_entry->slapi_filter) { + ret = slapi_vattr_filter_test(pb, e, config_entry->slapi_filter, 0); + if (LDAP_SUCCESS != ret) { +- goto next; ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " dn does not match filter\n"); ++ goto next; + } + } + +@@ -3454,6 +3464,8 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr) + } + + if (types_to_generate && types_to_generate[0]) { ++ ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " adding %s to %s as -2\n", types_to_generate[0], dn); + /* add - add to entry */ + for (i = 0; types_to_generate && types_to_generate[i]; i++) { + slapi_entry_attr_set_charptr(e, types_to_generate[i], +@@ -3492,6 +3504,7 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr) + slapi_lock_mutex(config_entry->lock); + + ret = dna_first_free_value(config_entry, &setval); ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " retrieved value %" PRIu64 " ret %d\n", setval, ret); + if (LDAP_SUCCESS != ret) { + /* check if we overflowed the configured range */ + if (setval > config_entry->maxval) { +@@ -4022,18 +4035,22 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype) + "--> dna_be_txn_pre_op\n"); + + if (!slapi_plugin_running(pb)) { ++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing, plugin not running\n"); + goto bail; + } + + if (0 == (dn = dna_get_dn(pb))) { ++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing, is dna dn\n"); + goto bail; + } + + if (dna_dn_is_config(dn)) { ++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing is dna config dn\n"); + goto bail; + } + + if (dna_isrepl(pb)) { ++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing replicated operation\n"); + /* if repl, the dna values should be already in the entry. */ + goto bail; + } +@@ -4045,6 +4062,7 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype) + } + + if (e == NULL) { ++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing entry is NULL\n"); + goto bail; + } else if (LDAP_CHANGETYPE_MODIFY == modtype) { + slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); +@@ -4056,32 +4074,39 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype) + + if (!PR_CLIST_IS_EMPTY(dna_global_config)) { + list = PR_LIST_HEAD(dna_global_config); ++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " using global config...\n"); + + while (list != dna_global_config && LDAP_SUCCESS == ret) { + config_entry = (struct configEntry *) list; + + /* Did we already service all of these configured types? */ + if (dna_list_contains_types(generated_types, config_entry->types)) { ++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " All types already serviced\n"); + goto next; + } + + /* is the entry in scope? */ + if (config_entry->scope) { +- if (!slapi_dn_issuffix(dn, config_entry->scope)) ++ if (!slapi_dn_issuffix(dn, config_entry->scope)) { ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " Entry not in scope of dnaScope!\n"); + goto next; ++ } + } + + /* is this entry in an excluded scope? */ + for (i = 0; config_entry->excludescope && config_entry->excludescope[i]; i++) { + if (slapi_dn_issuffix(dn, slapi_sdn_get_dn(config_entry->excludescope[i]))) { ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " Entry in excluded scope, next\n"); + goto next; + } + } +- ++ + /* does the entry match the filter? */ + if (config_entry->slapi_filter) { +- if(LDAP_SUCCESS != slapi_vattr_filter_test(pb,e,config_entry->slapi_filter, 0)) ++ if(LDAP_SUCCESS != slapi_vattr_filter_test(pb,e,config_entry->slapi_filter, 0)) { ++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " Entry does not match filter\n"); + goto next; ++ } + } + + if (LDAP_CHANGETYPE_ADD == modtype) { +@@ -4526,6 +4551,11 @@ dna_release_range(char *range_dn, PRUint64 *lower, PRUint64 *upper) + * it instead of from the active range */ + if (config_entry->next_range_lower != 0) { + /* Release up to half of our values from the next range. */ ++ if (config_entry->threshold == 0) { ++ ret = LDAP_UNWILLING_TO_PERFORM; ++ goto bail; ++ } ++ + release = (((config_entry->next_range_upper - config_entry->next_range_lower + 1) / + 2) / config_entry->threshold) * config_entry->threshold; + +-- +2.4.11 + diff --git a/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch b/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch new file mode 100644 index 0000000..3999d39 --- /dev/null +++ b/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch @@ -0,0 +1,50 @@ +From 1de87b6fa85221c874bc4449d81655302540ec22 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Mon, 11 Jul 2016 19:09:24 -0700 +Subject: [PATCH 05/15] Ticket #48144 - Add /usr/sbin/status-dirsrv script to + get the status of the directory server instance. + +Description: +Analysis by vashirov@redhat.com: + https://bugzilla.redhat.com/show_bug.cgi?id=1209128#c11 + The error comes from bash built-in `return`. bash version prior to + 4.3 didn't support negative numbers as argument for `return`. + See for reference: http://wiki.bash-hackers.org/scripting/bashchanges + +As suggested in the comment, instead of -1, 255 should be returned in +this error case: + > 255 is returned if the instance does not exist. + +https://fedorahosted.org/389/ticket/48144 + +Viktor's proposal is reviewed by nhosoi@redhat.com. + +(cherry picked from commit a8b07cd2671c82421830ae94584b370436ef3434) +--- + ldap/admin/src/scripts/status-dirsrv.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ldap/admin/src/scripts/status-dirsrv.in b/ldap/admin/src/scripts/status-dirsrv.in +index 0f01eaa..9042899 100755 +--- a/ldap/admin/src/scripts/status-dirsrv.in ++++ b/ldap/admin/src/scripts/status-dirsrv.in +@@ -11,14 +11,14 @@ status_instance() { + SERV_ID=$1 + shift + +- initfile=`get_init_file $initconfig_dir $SERV_ID` || { echo Instance $SERV_ID not found. ; return -1 ; } ++ initfile=`get_init_file $initconfig_dir $SERV_ID` || { echo Instance $SERV_ID not found. ; return 255 ; } + + # source env. for this instance + if [ -f $initfile ] ; then + . $initfile + else + echo Instance $SERV_ID not found. +- return -1 ++ return 255 + fi + + prefix="$DS_ROOT" +-- +2.4.11 + diff --git a/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch b/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch deleted file mode 100644 index b40bdc3..0000000 --- a/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch +++ /dev/null @@ -1,65 +0,0 @@ -From e37431f50e8d4bfc7015d9a00b58a9b9e77f1c79 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 2 Jul 2015 16:44:09 -0700 -Subject: [PATCH 5/7] Ticket #48214 - ldapsearch on nsslapd-maxbersize returns - 0 instead of current value - -Description: If nsslapd-maxbersize is not explicitely set in cn=config -or the value is 0, the default value is assigned. Internally, it was. -But ldapsearch did not return the default value. - -https://fedorahosted.org/389/ticket/48214 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!) - -(cherry picked from commit 7d0689aaadfa66a8f8a481b0c1bb70b2465c4986) -(cherry picked from commit b83c2554fad0bb2a08055c5105bcfa4c9d44af8f) ---- - ldap/servers/slapd/libglobs.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c -index 24de4f3..a3c4243 100644 ---- a/ldap/servers/slapd/libglobs.c -+++ b/ldap/servers/slapd/libglobs.c -@@ -821,7 +821,7 @@ static struct config_get_and_set { - {CONFIG_MAXBERSIZE_ATTRIBUTE, config_set_maxbersize, - NULL, 0, - (void**)&global_slapdFrontendConfig.maxbersize, -- CONFIG_INT, NULL, DEFAULT_MAX_BERSIZE}, -+ CONFIG_INT, NULL, STRINGIFYDEFINE(DEFAULT_MAXBERSIZE)}, - {CONFIG_MAXSASLIOSIZE_ATTRIBUTE, config_set_maxsasliosize, - NULL, 0, - (void**)&global_slapdFrontendConfig.maxsasliosize, -@@ -1540,6 +1540,7 @@ FrontendConfig_init () { - init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = LDAP_OFF; - init_global_backend_local = LDAP_OFF; - cfg->maxsimplepaged_per_conn = DEFAULT_MAXSIMPLEPAGED_PER_CONN; -+ cfg->maxbersize = DEFAULT_MAXBERSIZE; - #ifdef ENABLE_NUNC_STANS - init_enable_nunc_stans = cfg->enable_nunc_stans = LDAP_OFF; - #endif -@@ -5713,6 +5714,9 @@ config_set_maxbersize( const char *attrname, char *value, char *errorbuf, int ap - return retVal; - } - -+ if (size == 0) { -+ size = DEFAULT_MAXBERSIZE; -+ } - CFG_LOCK_WRITE(slapdFrontendConfig); - - slapdFrontendConfig->maxbersize = size; -@@ -5728,8 +5732,9 @@ config_get_maxbersize() - slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); - - maxbersize = slapdFrontendConfig->maxbersize; -- if(maxbersize==0) -+ if (maxbersize == 0) { - maxbersize = DEFAULT_MAXBERSIZE; -+ } - - return maxbersize; - } --- -1.9.3 - diff --git a/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch deleted file mode 100644 index a90e65d..0000000 --- a/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch +++ /dev/null @@ -1,197 +0,0 @@ -From b36cdf27f313bba70f03b687ceef5bb5b3edd78b Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 2 Jul 2015 16:07:14 -0700 -Subject: [PATCH 6/7] Ticket #48214 - CI test: added test cases for ticket - 48213 - -Description: ldapsearch on nsslapd-maxbersize returns 0 instead of - current value - -https://fedorahosted.org/389/ticket/48214 -(cherry picked from commit b7b663c0e20c2f9bf8885bd7633570dc8d34f394) -(cherry picked from commit 7c73adc28c8877eb3b0d30a91f7fa8a964fb3fd2) ---- - dirsrvtests/tickets/ticket48214_test.py | 171 ++++++++++++++++++++++++++++++++ - 1 file changed, 171 insertions(+) - create mode 100644 dirsrvtests/tickets/ticket48214_test.py - -diff --git a/dirsrvtests/tickets/ticket48214_test.py b/dirsrvtests/tickets/ticket48214_test.py -new file mode 100644 -index 0000000..afbef22 ---- /dev/null -+++ b/dirsrvtests/tickets/ticket48214_test.py -@@ -0,0 +1,171 @@ -+import os -+import sys -+import time -+import ldap -+import logging -+import pytest -+from lib389 import DirSrv, Entry, tools, tasks -+from lib389.tools import DirSrvTools -+from lib389._constants import * -+from lib389.properties import * -+from lib389.tasks import * -+from ldap.controls import SimplePagedResultsControl -+ -+log = logging.getLogger(__name__) -+ -+installation_prefix = None -+ -+MYSUFFIX = 'dc=example,dc=com' -+MYSUFFIXBE = 'userRoot' -+ -+class TopologyStandalone(object): -+ def __init__(self, standalone): -+ standalone.open() -+ self.standalone = standalone -+ -+ -+@pytest.fixture(scope="module") -+def topology(request): -+ ''' -+ This fixture is used to standalone topology for the 'module'. -+ ''' -+ global installation_prefix -+ -+ if installation_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation_prefix -+ -+ standalone = DirSrv(verbose=False) -+ -+ # Args for the standalone instance -+ args_instance[SER_HOST] = HOST_STANDALONE -+ args_instance[SER_PORT] = PORT_STANDALONE -+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE -+ args_standalone = args_instance.copy() -+ standalone.allocate(args_standalone) -+ -+ # Get the status of the instance and restart it if it exists -+ instance_standalone = standalone.exists() -+ -+ # Remove the instance -+ if instance_standalone: -+ standalone.delete() -+ -+ # Create the instance -+ standalone.create() -+ -+ # Used to retrieve configuration information (dbdir, confdir...) -+ standalone.open() -+ -+ # clear the tmp directory -+ standalone.clearTmpDir(__file__) -+ -+ # Here we have standalone instance up and running -+ return TopologyStandalone(standalone) -+ -+def getMaxBerSizeFromDseLdif(topology): -+ topology.standalone.log.info(" +++++ Get maxbersize from dse.ldif +++++\n") -+ dse_ldif = topology.standalone.confdir + '/dse.ldif' -+ grepMaxBerCMD = "egrep nsslapd-maxbersize " + dse_ldif -+ topology.standalone.log.info(" Run CMD: %s\n" % grepMaxBerCMD) -+ grepMaxBerOUT = os.popen(grepMaxBerCMD, "r") -+ running = True -+ maxbersize = -1 -+ while running: -+ l = grepMaxBerOUT.readline() -+ if l == "": -+ topology.standalone.log.info(" Empty: %s\n" % l) -+ running = False -+ elif "nsslapd-maxbersize:" in l.lower(): -+ running = False -+ fields = l.split() -+ if len(fields) >= 2: -+ maxbersize = fields[1] -+ topology.standalone.log.info(" Right format - %s %s\n" % (fields[0], fields[1])) -+ else: -+ topology.standalone.log.info(" Wrong format - %s\n" % l) -+ else: -+ topology.standalone.log.info(" Else?: %s\n" % l) -+ return maxbersize -+ -+def checkMaxBerSize(topology): -+ topology.standalone.log.info(" +++++ Check Max Ber Size +++++\n") -+ maxbersizestr = getMaxBerSizeFromDseLdif(topology) -+ maxbersize = int(maxbersizestr) -+ isdefault = True -+ defaultvalue = 2097152 -+ if maxbersize < 0: -+ topology.standalone.log.info(" No nsslapd-maxbersize found in dse.ldif\n") -+ elif maxbersize == 0: -+ topology.standalone.log.info(" nsslapd-maxbersize: %d\n" % maxbersize) -+ else: -+ isdefault = False -+ topology.standalone.log.info(" nsslapd-maxbersize: %d\n" % maxbersize) -+ -+ try: -+ entry = topology.standalone.search_s('cn=config', ldap.SCOPE_BASE, -+ "(cn=*)", -+ ['nsslapd-maxbersize']) -+ if entry: -+ searchedsize = entry[0].getValue('nsslapd-maxbersize') -+ topology.standalone.log.info(" ldapsearch returned nsslapd-maxbersize: %s\n" % searchedsize) -+ else: -+ topology.standalone.log.fatal('ERROR: cn=config is not found?') -+ assert False -+ except ldap.LDAPError, e: -+ topology.standalone.log.error('ERROR: Failed to search for user entry: ' + e.message['desc']) -+ assert False -+ -+ if isdefault: -+ topology.standalone.log.info(" Checking %d vs %d\n" % (int(searchedsize), defaultvalue)) -+ assert int(searchedsize) == defaultvalue -+ -+ -+def test_ticket48214_run(topology): -+ """ -+ Check ldapsearch returns the correct maxbersize when it is not explicitly set. -+ """ -+ log.info('Testing Ticket 48214 - ldapsearch on nsslapd-maxbersize returns 0 instead of current value') -+ -+ # bind as directory manager -+ topology.standalone.log.info("Bind as %s" % DN_DM) -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ -+ topology.standalone.log.info("\n\n######################### Out of Box ######################\n") -+ checkMaxBerSize(topology) -+ -+ topology.standalone.log.info("\n\n######################### Add nsslapd-maxbersize: 0 ######################\n") -+ topology.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-maxbersize', '0')]) -+ checkMaxBerSize(topology) -+ -+ topology.standalone.log.info("\n\n######################### Add nsslapd-maxbersize: 10000 ######################\n") -+ topology.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-maxbersize', '10000')]) -+ checkMaxBerSize(topology) -+ -+ topology.standalone.log.info("ticket48214 was successfully verified.") -+ -+ -+def test_ticket48214_final(topology): -+ topology.standalone.delete() -+ log.info('Testcase PASSED') -+ -+ -+def run_isolated(): -+ ''' -+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..) -+ To run isolated without py.test, you need to -+ - edit this file and comment '@pytest.fixture' line before 'topology' function. -+ - set the installation prefix -+ - run this program -+ ''' -+ global installation_prefix -+ installation_prefix = None -+ -+ topo = topology(True) -+ test_ticket48214_run(topo) -+ -+ test_ticket48214_final(topo) -+ -+ -+if __name__ == '__main__': -+ run_isolated() -+ --- -1.9.3 - diff --git a/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch b/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch new file mode 100644 index 0000000..bb6aa23 --- /dev/null +++ b/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch @@ -0,0 +1,44 @@ +From 05b04751367b628819d6f0a5a533d1af4eb423ba Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Mon, 11 Jul 2016 10:30:04 -0400 +Subject: [PATCH 06/15] Ticket 48767 - flow control in replication also blocks + receiving results + +Bug Description: In ticket 47942 a flow control was introduced to reduce + the load of a replication consumer. It adds some pauses + in the asynch sending of updates. Unfortunately while it + pauses it holds the reader lock, so that the result reader + thread is also paused. + +Fix Description: If we need to pause the sending of updates then also release + the Result Data lock so the reader thread is not blocked. + +https://fedorahosted.org/389/ticket/48767 + +Reviewed by: nhosi(Thanks!) + +(cherry picked from commit ba636587e77423c7773df60894344dea0377c36f) +--- + ldap/servers/plugins/replication/repl5_inc_protocol.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c +index d6fb898..27bac5d 100644 +--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c ++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c +@@ -479,9 +479,11 @@ repl5_inc_flow_control_results(Repl_Agmt *agmt, result_data *rd) + if ((rd->last_message_id_received <= rd->last_message_id_sent) && + ((rd->last_message_id_sent - rd->last_message_id_received) >= agmt_get_flowcontrolwindow(agmt))) { + rd->flowcontrol_detection++; ++ PR_Unlock(rd->lock); + DS_Sleep(PR_MillisecondsToInterval(agmt_get_flowcontrolpause(agmt))); ++ } else { ++ PR_Unlock(rd->lock); + } +- PR_Unlock(rd->lock); + } + + static int +-- +2.4.11 + diff --git a/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch deleted file mode 100644 index 22f39e0..0000000 --- a/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 7b17c488de280f29264920b4e53dce862ed5b7e4 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Mon, 6 Jul 2015 14:06:11 -0700 -Subject: [PATCH 7/7] Ticket #48192 - Individual abandoned simple paged results - request has no chance to be cleaned up - -Description: There was a small window that the search on the next page -after the previous page abandoned referred the cleaned up simple paged -object. - -This patch introduces a pagedresults_is_abandoned helper function to -check the simple paged results was abandoned or not with some improvements -based upon the comments by rmeggins@redhat.com (Thank you!!): -1) adding locking when getting a simplepaged object in pagedresults_is_ - abandoned_or_notavailable as well as in pagedresults_{un}lock. -2) sending "Simple Paged Results Search abandoned" if the previous page - with the same cookie in the same connection was abandoned. - -https://fedorahosted.org/389/ticket/48192 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit e4d83c91fc88fcf9e6c823c608c629ac10e362f8) -(cherry picked from commit b513a502250f93cfb43df000c2140b27c4ef0d39) ---- - ldap/servers/slapd/opshared.c | 22 ++++++++++++++++------ - ldap/servers/slapd/pagedresults.c | 24 +++++++++++++++++++++++- - ldap/servers/slapd/proto-slap.h | 1 + - 3 files changed, 40 insertions(+), 7 deletions(-) - -diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c -index 177daa6..dcdbb04 100644 ---- a/ldap/servers/slapd/opshared.c -+++ b/ldap/servers/slapd/opshared.c -@@ -677,12 +677,20 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - */ - pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx); - if (pr_search_result) { -- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result ); -- rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat); -+ if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) { -+ pagedresults_unlock(pb->pb_conn, pr_idx); -+ /* Previous operation was abandoned and the simplepaged object is not in use. */ -+ send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); -+ rc = LDAP_SUCCESS; -+ goto free_and_return; -+ } else { -+ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result ); -+ rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat); - -- /* search result could be reset in the backend/dse */ -- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); -- pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx); -+ /* search result could be reset in the backend/dse */ -+ slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); -+ pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx); -+ } - } else { - pr_stat = PAGEDRESULTS_SEARCH_END; - } -@@ -712,7 +720,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - if (PAGEDRESULTS_SEARCH_END == pr_stat) { - pagedresults_lock(pb->pb_conn, pr_idx); - slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); -- pagedresults_free_one(pb->pb_conn, operation, pr_idx); -+ if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) { -+ pagedresults_free_one(pb->pb_conn, operation, pr_idx); -+ } - pagedresults_unlock(pb->pb_conn, pr_idx); - if (next_be) { - /* no more entries, but at least another backend */ -diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c -index fdbfa41..d0c93cd 100644 ---- a/ldap/servers/slapd/pagedresults.c -+++ b/ldap/servers/slapd/pagedresults.c -@@ -877,6 +877,8 @@ pagedresults_reset_processing(Connection *conn, int index) - * If there are multiple slots, the connection may be a permanent one. - * Do not return timed out here. But let the next request take care the - * timedout slot(s). -+ * -+ * must be called within conn->c_mutex - */ - int - pagedresults_is_timedout_nolock(Connection *conn) -@@ -905,7 +907,10 @@ pagedresults_is_timedout_nolock(Connection *conn) - return 0; - } - --/* reset all timeout */ -+/* -+ * reset all timeout -+ * must be called within conn->c_mutex -+ */ - int - pagedresults_reset_timedout_nolock(Connection *conn) - { -@@ -968,7 +973,9 @@ pagedresults_lock( Connection *conn, int index ) - if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { - return; - } -+ PR_Lock(conn->c_mutex); - prp = conn->c_pagedresults.prl_list + index; -+ PR_Unlock(conn->c_mutex); - if (prp->pr_mutex) { - PR_Lock(prp->pr_mutex); - } -@@ -982,9 +989,24 @@ pagedresults_unlock( Connection *conn, int index ) - if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { - return; - } -+ PR_Lock(conn->c_mutex); - prp = conn->c_pagedresults.prl_list + index; -+ PR_Unlock(conn->c_mutex); - if (prp->pr_mutex) { - PR_Unlock(prp->pr_mutex); - } - return; - } -+ -+int -+pagedresults_is_abandoned_or_notavailable( Connection *conn, int index ) -+{ -+ PagedResults *prp; -+ if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { -+ return 1; /* not abandoned, but do not want to proceed paged results op. */ -+ } -+ PR_Lock(conn->c_mutex); -+ prp = conn->c_pagedresults.prl_list + index; -+ PR_Unlock(conn->c_mutex); -+ return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED; -+} -diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h -index 57a2ce7..e8673e1 100644 ---- a/ldap/servers/slapd/proto-slap.h -+++ b/ldap/servers/slapd/proto-slap.h -@@ -1487,6 +1487,7 @@ int pagedresults_cleanup_all(Connection *conn, int needlock); - void op_set_pagedresults(Operation *op); - void pagedresults_lock(Connection *conn, int index); - void pagedresults_unlock(Connection *conn, int index); -+int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index); - - /* - * sort.c --- -1.9.3 - diff --git a/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch b/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch new file mode 100644 index 0000000..97f9316 --- /dev/null +++ b/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch @@ -0,0 +1,43 @@ +From 74df3c57e0de786f001285429501c518d70abb13 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 13 Jul 2016 16:24:19 -0400 +Subject: [PATCH 07/15] Ticket 48922 - Fix crash when deleting backend while + import is running + +Bug Description: If you delete a backend from the config while an + import is running the server can crash. + +Fix Description: When deleting a backend from the config wait for the + backend instance to not be busy before removing the + indexes. Otherwise the dbenv is not stable and this + can cause the crash. + +https://fedorahosted.org/389/ticket/48922 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit 6c77c37ae5ce847ffa2bd75287dbd157c2f2d6af) +--- + ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c +index 3e59e72..c5ceacf 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c +@@ -151,6 +151,12 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla + rc = SLAPI_DSE_CALLBACK_ERROR; + goto bail; + } ++ ++ while(is_instance_busy(inst)){ ++ /* Wait for import/indexing job to complete */ ++ DS_Sleep(PR_SecondsToInterval(1)); ++ } ++ + *returncode = LDAP_SUCCESS; + + slapi_entry_attr_find(e, "cn", &attr); +-- +2.4.11 + diff --git a/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch b/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch deleted file mode 100644 index f0463b8..0000000 --- a/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 7f10ea89c30944fc60a95d53e544caa005c03e0e Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 6 Jul 2015 15:55:43 -0400 -Subject: [PATCH] Ticket 48119 - setup-ds.pl does not log invalid --file path - errors the same way as other errors. - -Bug Description: Errors occuring from Inf.pm are only written to STDERR - -Fix Description: Write errors from Inf.pm using the debug function - -https://fedorahosted.org/389/ticket/48119 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 6306fc4e8eb2fb5973360f550c83e3c9b220df5c) -(cherry picked from commit 5bd7119d8529e1c0b763c45e3ec7d1fb497da6c8) ---- - ldap/admin/src/scripts/Inf.pm | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm -index 98649ac..ec433e2 100644 ---- a/ldap/admin/src/scripts/Inf.pm -+++ b/ldap/admin/src/scripts/Inf.pm -@@ -12,6 +12,7 @@ - - package Inf; - -+use DSUtil; - use File::Temp qw(tempfile tempdir); - - #require Exporter; -@@ -59,7 +60,7 @@ sub read { - $inffh = \*STDIN; - } else { - if (!open(INF, $filename)) { -- print STDERR "Error: could not open inf file $filename: $!\n"; -+ debug(0, "Error: could not open inf file $filename: $!\n"); - return; - } - $inffh = \*INF; -@@ -124,7 +125,7 @@ sub section { - my $key = shift; - - if (!exists($self->{$key})) { -- print "Error: unknown inf section $key\n"; -+ debug(0, "Error: unknown inf section $key\n"); - return undef; - } - -@@ -187,7 +188,7 @@ sub write { - my $savemask = umask(0077); - if (!$fh) { - if (!open(INF, ">$filename")) { -- print STDERR "Error: could not write inf file $filename: $!\n"; -+ debug(0, "Error: could not write inf file $filename: $!\n"); - umask($savemask); - return; - } -@@ -232,7 +233,7 @@ sub updateFromArgs { - $argsinf->{$sec}->{$parm} = $val; - } - } else { # error -- print STDERR "Error: unknown command line option $arg\n"; -+ debug(0, "Error: unknown command line option $arg\n"); - return; - } - } --- -1.9.3 - diff --git a/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch b/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch new file mode 100644 index 0000000..0ee4947 --- /dev/null +++ b/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch @@ -0,0 +1,63 @@ +From 4c154182cd680f458b016abf60760328d0979b63 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Wed, 13 Jul 2016 15:51:56 -0400 +Subject: [PATCH 08/15] Ticket 48924 - Fixup tombstone task needs to set proper + flag when updating tombstones + +Bug Description: The fixup tombstone task is not updating tombstones due to + TOMBSTONE_INCLUDE not being set when looking up the entry to + modify. + +Fix Description: If fixing up tombstones called find_entry2modify_only_ext with + the TOMBSTONE_INCLUDED flag. + +https://fedorahosted.org/389/ticket/48924 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit 8cfb650170bbb4f6ce328b827dc294437ee38c4b) +--- + ldap/servers/slapd/back-ldbm/ldbm_modify.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c +index 37225cd..9b3062c 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c +@@ -465,9 +465,14 @@ ldbm_back_modify( Slapi_PBlock *pb ) + */ + if ( MANAGE_ENTRY_BEFORE_DBLOCK(li)) { + /* find and lock the entry we are about to modify */ +- if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL ) { ++ if (fixup_tombstone) { ++ e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn ); ++ } else { ++ e = find_entry2modify( pb, be, addr, &txn ); ++ } ++ if (e == NULL) { + ldap_result_code= -1; +- goto error_return; /* error result sent by find_entry2modify() */ ++ goto error_return; /* error result sent by find_entry2modify() */ + } + } + +@@ -545,9 +550,14 @@ ldbm_back_modify( Slapi_PBlock *pb ) + if (0 == retry_count) { /* just once */ + if ( !MANAGE_ENTRY_BEFORE_DBLOCK(li)) { + /* find and lock the entry we are about to modify */ +- if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL ) { ++ if (fixup_tombstone) { ++ e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn ); ++ } else { ++ e = find_entry2modify( pb, be, addr, &txn ); ++ } ++ if (e == NULL) { + ldap_result_code= -1; +- goto error_return; /* error result sent by find_entry2modify() */ ++ goto error_return; /* error result sent by find_entry2modify() */ + } + } + +-- +2.4.11 + diff --git a/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch b/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch deleted file mode 100644 index 18a0ca7..0000000 --- a/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 4b532c2fde59790981142e3245535a0176bb7e4f Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 7 Jul 2015 12:54:38 -0700 -Subject: [PATCH] Ticket #48203 - Fix coverity issues - 07/07/2015 - -Description: -1. Defect type: CLANG_WARNING - 389-ds-base-1.3.4.0/ldap/servers/slapd/conntable.c:161:11: warning: - Access to field 'c_ct' results in a dereference of a null pointer - (loaded from variable 'c') - -Thanks to rmeggins@redhat.com for the advice: -> PR_NewLock() returns NULL then the server is severely out of some -> resource (like RAM, stack space, etc.) and probably should just exit. - -https://fedorahosted.org/389/ticket/48203#comment:8 -(cherry picked from commit bca0908b1e10ada69cdc051d4aaceda73a940597) -(cherry picked from commit a741911c9a5090d78f7a81c475bea3f6593d72ad) ---- - ldap/servers/slapd/conntable.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/conntable.c b/ldap/servers/slapd/conntable.c -index 0364d94..d5b9058 100644 ---- a/ldap/servers/slapd/conntable.c -+++ b/ldap/servers/slapd/conntable.c -@@ -147,7 +147,7 @@ connection_table_get_connection(Connection_Table *ct, int sd) - c->c_mutex = NULL; - c->c_pdumutex = NULL; - LDAPDebug( LDAP_DEBUG_ANY,"PR_NewLock failed\n",0, 0, 0 ); -- c= NULL; -+ exit(1); - } - } - /* Let's make sure there's no cruft left on there from the last time this connection was used. */ --- -1.9.3 - diff --git a/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch new file mode 100644 index 0000000..bec769a --- /dev/null +++ b/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch @@ -0,0 +1,480 @@ +From 3fbe8ab77452998fd646bf26ee8162aab0ae8659 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Wed, 13 Jul 2016 18:59:01 -0700 +Subject: [PATCH 09/15] Ticket #48919 - Compiler warnings while building + 389-ds-base on RHEL7 + +Description: Cleaned up warnings from gcc and clang. + +https://fedorahosted.org/389/ticket/48919 + +Reviewed by wibrown@redhat.com (Thank you, William!!) + +(cherry picked from commit 18c6029f64c48b330a101cbadceb8293d39bf5e2) +--- + ldap/servers/plugins/acl/acllas.c | 1 - + ldap/servers/slapd/agtmmap.c | 10 +++++++++- + ldap/servers/slapd/back-ldbm/idl_new.c | 4 ++-- + .../servers/slapd/back-ldbm/ldbm_instance_config.c | 5 +++++ + ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 15 ++++++++++----- + ldap/servers/slapd/detach.c | 11 +++++++---- + ldap/servers/slapd/localhost.c | 10 +++++++--- + ldap/servers/slapd/protect_db.c | 22 +++++++++++++++------- + ldap/servers/slapd/protect_db.h | 3 +++ + ldap/servers/slapd/saslbind.c | 3 +++ + ldap/servers/slapd/tools/ldclt/ldapfct.c | 5 ++++- + ldap/servers/slapd/tools/ldif.c | 5 ++++- + ldap/servers/slapd/tools/mmldif.c | 20 ++++++++++++-------- + ldap/servers/slapd/util.c | 9 ++++++--- + ldap/servers/snmp/main.c | 15 ++++++++++++--- + lib/base/file.cpp | 1 - + lib/base/fsmutex.cpp | 10 +++++++--- + 17 files changed, 106 insertions(+), 43 deletions(-) + +diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c +index ff9b450..47ac0b8 100644 +--- a/ldap/servers/plugins/acl/acllas.c ++++ b/ldap/servers/plugins/acl/acllas.c +@@ -190,7 +190,6 @@ extern int ldapu_member_certificate_match (void* cert, const char* desc); + /****************************************************************************/ + /* Defines, Constants, ande Declarations */ + /****************************************************************************/ +-static char* const type_objectClass = "objectclass"; + static char* const filter_groups = "(|(objectclass=groupOfNames) (objectclass=groupOfUniqueNames)(objectclass=groupOfCertificates)(objectclass=groupOfURLs))"; + static char* const type_member = "member"; + static char* const type_uniquemember = "uniquemember"; +diff --git a/ldap/servers/slapd/agtmmap.c b/ldap/servers/slapd/agtmmap.c +index 6f72d57..629bc1b 100644 +--- a/ldap/servers/slapd/agtmmap.c ++++ b/ldap/servers/slapd/agtmmap.c +@@ -160,7 +160,15 @@ agt_mopen_stats (char * statsfile, int mode, int *hdl) + { + /* Without this we will get segv when we try to read/write later */ + buf = calloc (1, sz); +- (void)write (fd, buf, sz); ++ if (write(fd, buf, sz) < 0) { ++ err = errno; ++#if (0) ++ fprintf (stderr, "write failed errno=%d from %s(line: %d)\n", err, __FILE__, __LINE__); ++#endif ++ rc = err; ++ free (buf); ++ goto bail; ++ } + free (buf); + } + +diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c +index 63df49f..a8d76d8 100644 +--- a/ldap/servers/slapd/back-ldbm/idl_new.c ++++ b/ldap/servers/slapd/back-ldbm/idl_new.c +@@ -403,8 +403,8 @@ idl_new_range_fetch( + time_t curtime; + void *saved_key = NULL; + int coreop = operator & SLAPI_OP_RANGE; +- ID key; +- ID suffix; ++ ID key = 0xff; /* random- to suppress compiler warning */ ++ ID suffix = 0; /* random- to suppress compiler warning */ + idl_range_id_pair *leftover = NULL; + size_t leftoverlen = 32; + int leftovercnt = 0; +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c +index 9302410..698be66 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c +@@ -1155,6 +1155,11 @@ ldbm_instance_post_delete_instance_entry_callback(Slapi_PBlock *pb, Slapi_Entry* + rc = PR_Delete(dbp); + } + PR_ASSERT(rc == 0); ++ if (rc != 0) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, ++ "ldbm_instance_post_delete_instance_entry_callback:" ++ " failed to delete %s\n", dbp); ++ } + PR_smprintf_free(dbp); + } + PR_CloseDir(dirhandle); +diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +index 0b2eab2..52338c2 100644 +--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c ++++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +@@ -1009,7 +1009,6 @@ export_one_entry(struct ldbminfo *li, + } + slapi_ch_free_string(&pw); + } +- rc = 0; + data.data = slapi_entry2str_with_options(expargs->ep->ep_entry, + &len, expargs->options); + data.size = len + 1; +@@ -1018,10 +1017,14 @@ export_one_entry(struct ldbminfo *li, + char idstr[32]; + + sprintf(idstr, "# entry-id: %lu\n", (u_long)expargs->ep->ep_id); +- write(expargs->fd, idstr, strlen(idstr)); ++ rc = write(expargs->fd, idstr, strlen(idstr)); ++ PR_ASSERT(rc > 0); + } +- write(expargs->fd, data.data, len); +- write(expargs->fd, "\n", 1); ++ rc = write(expargs->fd, data.data, len); ++ PR_ASSERT(rc > 0); ++ rc = write(expargs->fd, "\n", 1); ++ PR_ASSERT(rc > 0); ++ rc = 0; + if ((*expargs->cnt) % 1000 == 0) { + int percent; + +@@ -1350,7 +1353,9 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb ) + */ + + sprintf(vstr, "version: %d\n\n", myversion); +- write(fd, vstr, strlen(vstr)); ++ rc = write(fd, vstr, strlen(vstr)); ++ PR_ASSERT(rc > 0); ++ rc = 0; + } + + eargs.decrypt = decrypt; +diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c +index b5af952..b055a5c 100644 +--- a/ldap/servers/slapd/detach.c ++++ b/ldap/servers/slapd/detach.c +@@ -48,7 +48,7 @@ int + detach( int slapd_exemode, int importexport_encrypt, + int s_port, daemon_ports_t *ports_info ) + { +- int i, sd; ++ int i, sd, rc; + char *workingdir = 0; + char *errorlog = 0; + char *ptr = 0; +@@ -84,13 +84,15 @@ detach( int slapd_exemode, int importexport_encrypt, + if ( NULL == workingdir ) { + errorlog = config_get_errorlog(); + if ( NULL == errorlog ) { +- (void) chdir( "/" ); ++ rc = chdir( "/" ); ++ PR_ASSERT(rc == 0); + } else { + if ((ptr = strrchr(errorlog, '/')) || + (ptr = strrchr(errorlog, '\\'))) { + *ptr = 0; + } +- (void) chdir( errorlog ); ++ rc = chdir( errorlog ); ++ PR_ASSERT(rc == 0); + config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, NULL, 1); + slapi_ch_free_string(&errorlog); + } +@@ -99,7 +101,8 @@ detach( int slapd_exemode, int importexport_encrypt, + if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, NULL, 0) == LDAP_OPERATIONS_ERROR) { + return 1; + } +- (void) chdir( workingdir ); ++ rc = chdir( workingdir ); ++ PR_ASSERT(rc == 0); + slapi_ch_free_string(&workingdir); + } + +diff --git a/ldap/servers/slapd/localhost.c b/ldap/servers/slapd/localhost.c +index 2c40493..7b4e903 100644 +--- a/ldap/servers/slapd/localhost.c ++++ b/ldap/servers/slapd/localhost.c +@@ -118,9 +118,13 @@ find_localhost_DNS() + #ifndef NO_DOMAINNAME + if (domain == NULL) { + /* No domain found. Try getdomainname. */ +- getdomainname (line, sizeof(line)); +- LDAPDebug (LDAP_DEBUG_CONFIG, "getdomainname(%s)\n", line, 0, 0); +- if (line[0] != 0) { ++ line[0] = '\0'; ++ if (getdomainname(line, sizeof(line)) < 0) { /* failure */ ++ slapi_log_error(SLAPI_LOG_FATAL, "localhost_DNS", "getdomainname failed\n"); ++ } else { ++ slapi_log_error(SLAPI_LOG_CONFIG, "localhost_DNS", "getdomainname(%s)\n", line); ++ } ++ if (line[0] != '\0') { + domain = &line[0]; + } + } +diff --git a/ldap/servers/slapd/protect_db.c b/ldap/servers/slapd/protect_db.c +index b22daa1..4579852 100644 +--- a/ldap/servers/slapd/protect_db.c ++++ b/ldap/servers/slapd/protect_db.c +@@ -42,7 +42,7 @@ grab_lockfile() + { + pid_t pid, owning_pid; + char lockfile[MAXPATHLEN]; +- int fd, x; ++ int fd, x, rc; + int removed_lockfile = 0; + struct timeval t; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); +@@ -60,8 +60,12 @@ grab_lockfile() + /* Try to grab it */ + if ((fd = open(lockfile, O_RDWR | O_CREAT | O_EXCL, 0644)) != -1) { + /* We got the lock, write our pid to the file */ +- write(fd, (void *) &pid, sizeof(pid_t)); +- close(fd); ++ rc = write(fd, (void *) &pid, sizeof(pid_t)); ++ close(fd); ++ if (rc < 0) { ++ fprintf(stderr, ERROR_WRITING_LOCKFILE, lockfile); ++ return rc; ++ } + return 0; + } + +@@ -74,13 +78,17 @@ grab_lockfile() + + while(1) { + /* Try to grab the lockfile NUM_TRIES times waiting WAIT_TIME milliseconds after each try */ +- t.tv_sec = 0; +- t.tv_usec = WAIT_TIME * 1000; ++ t.tv_sec = 0; ++ t.tv_usec = WAIT_TIME * 1000; + for(x = 0; x < NUM_TRIES; x++) { + if ((fd = open(lockfile, O_RDWR | O_CREAT | O_EXCL, 0644)) != -1) { + /* Got the lock */ +- write(fd, (void *) &pid, sizeof(pid_t)); +- close(fd); ++ rc = write(fd, (void *) &pid, sizeof(pid_t)); ++ close(fd); ++ if (rc < 0) { ++ fprintf(stderr, ERROR_WRITING_LOCKFILE, lockfile); ++ return rc; ++ } + return 0; + } + select(0, NULL, NULL, NULL, &t); +diff --git a/ldap/servers/slapd/protect_db.h b/ldap/servers/slapd/protect_db.h +index 0f729a2..66adfb3 100644 +--- a/ldap/servers/slapd/protect_db.h ++++ b/ldap/servers/slapd/protect_db.h +@@ -26,6 +26,9 @@ void remove_slapd_process(); + #define ERROR_ACCESSING_LOCKFILE "Error - Problem accessing the lockfile %s\n" + /* name of lockfile */ + ++#define ERROR_WRITING_LOCKFILE "Error - Problem writing the lockfile %s\n" ++ /* name of lockfile */ ++ + #define LOCKFILE_DEAD_OWNER "Error - The lockfile, %s, is held by process %d,\nwhich no longer seems to be running. If this is\nthe case, please remove the lockfile\n" + /* name of lockfile, pid of owning process */ + +diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c +index eb68209..37175f4 100644 +--- a/ldap/servers/slapd/saslbind.c ++++ b/ldap/servers/slapd/saslbind.c +@@ -547,6 +547,9 @@ int ids_sasl_init(void) + LDAPDebug( LDAP_DEBUG_TRACE, "=> ids_sasl_init\n", 0, 0, 0 ); + + PR_ASSERT(inited == 0); ++ if (inited != 0) { ++ LDAPDebug0Args(LDAP_DEBUG_ANY, "ids_sasl_init is called more than once.\n"); ++ } + inited = 1; + + serverfqdn = get_localhost_DNS(); +diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c +index e13983d..f084cb4 100644 +--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c ++++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c +@@ -2552,7 +2552,10 @@ int ldclt_write_genldif_nb; + void + ldclt_flush_genldif (void) + { +- write (mctx.genldifFile, ldclt_write_genldif_buf, ldclt_write_genldif_nb); ++ if (write (mctx.genldifFile, ldclt_write_genldif_buf, ldclt_write_genldif_nb) < 0) { ++ printf("ldclt[%d]: ldclt_flush_genldif: Failed to write (%s) error=%d\n", ++ mctx.pid, ldclt_write_genldif_buf, errno); ++ } + ldclt_write_genldif_pt = ldclt_write_genldif_buf; + ldclt_write_genldif_nb = 0; + } +diff --git a/ldap/servers/slapd/tools/ldif.c b/ldap/servers/slapd/tools/ldif.c +index 1050fbd..5973c6b 100644 +--- a/ldap/servers/slapd/tools/ldif.c ++++ b/ldap/servers/slapd/tools/ldif.c +@@ -132,7 +132,10 @@ int main( int argc, char **argv ) + free( buf ); + return( 1 ); + } +- (void)fgets(buf+curlen, maxlen/2 + 1, stdin); ++ if (NULL == fgets(buf+curlen, maxlen/2 + 1, stdin)) { ++ /* no more input to read. */ ++ break; ++ } + } + /* we have a full line, chop potential newline and turn into ldif */ + if( buf[curlen-1] == '\n' ) +diff --git a/ldap/servers/slapd/tools/mmldif.c b/ldap/servers/slapd/tools/mmldif.c +index 1f846d0..ddfaf6c 100644 +--- a/ldap/servers/slapd/tools/mmldif.c ++++ b/ldap/servers/slapd/tools/mmldif.c +@@ -766,8 +766,7 @@ readrec(edfFILE * edf1, attrib1_t ** attrib) + while (*vptr == ' ') vptr++; /* skip optional spaces */ + b64 = initDec64((unsigned char *)att->value, 0x20000); + if (Dec64(b64, (unsigned char *) vptr)) { +- LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n", +- line, 0, 0); ++ LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n", line, 0, 0); + continue; /* invalid line, but we'll just skip it */ + } + toolong = FALSE; +@@ -775,7 +774,11 @@ readrec(edfFILE * edf1, attrib1_t ** attrib) + lookahead = fgetc(edf1->fp); + if (lookahead != ' ') + break; +- (void)fgets(line, sizeof(line), edf1->fp); ++ line[0] = '\0'; ++ if (NULL == fgets(line, sizeof(line), edf1->fp)) { ++ LDAPDebug0Args(LDAP_DEBUG_TRACE, "readrec: failed to read line\n"); ++ break; ++ } + len = strlen(line); + for (lptr = line+len-1; len; len--, lptr--) { + if ((*lptr != '\n') && (*lptr != '\r')) +@@ -785,16 +788,14 @@ readrec(edfFILE * edf1, attrib1_t ** attrib) + rc = Dec64(b64, (unsigned char *)line); + if (rc == -1) + { +- LDAPDebug(LDAP_DEBUG_TRACE, +- "%s\n invalid input line\n", line, 0, 0); ++ LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n", line, 0, 0); + continue; /* invalid line, but we'll just skip it */ + } + + if (rc) { + if (!toolong) { + toolong = TRUE; +- LDAPDebug(LDAP_DEBUG_TRACE, +- "%s\n line too long\n", line, 0, 0); ++ LDAPDebug(LDAP_DEBUG_TRACE, "%s\n line too long\n", line, 0, 0); + } + continue; + } +@@ -813,7 +814,10 @@ readrec(edfFILE * edf1, attrib1_t ** attrib) + lookahead = fgetc(edf1->fp); + if (lookahead != ' ') + break; +- (void)fgets(line, sizeof(line), edf1->fp); ++ if (NULL == fgets(line, sizeof(line), edf1->fp)) { ++ LDAPDebug0Args(LDAP_DEBUG_TRACE, "readrec: failed to read line\n"); ++ break; ++ } + len = strlen(line); + for (lptr = line+len-1; len; len--, lptr--) { + if ((*lptr != '\n') && (*lptr != '\r')) +diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c +index a5327d1..1ebdf2e 100644 +--- a/ldap/servers/slapd/util.c ++++ b/ldap/servers/slapd/util.c +@@ -1592,7 +1592,9 @@ int util_info_sys_pages(size_t *pagesize, size_t *pages, size_t *procpages, size + return 1; + } + while (! feof(f)) { +- fgets(s, 79, f); ++ if (!fgets(s, 79, f)) { ++ break; /* error or eof */ ++ } + if (feof(f)) { + break; + } +@@ -1614,8 +1616,9 @@ int util_info_sys_pages(size_t *pagesize, size_t *pages, size_t *procpages, size + return 1; + } + while (! feof(fm)) { +- fgets(s, 79, fm); +- /* Is this really needed? */ ++ if (!fgets(s, 79, fm)) { ++ break; /* error or eof */ ++ } + if (feof(fm)) { + break; + } +diff --git a/ldap/servers/snmp/main.c b/ldap/servers/snmp/main.c +index 3f96627..ea5050b 100644 +--- a/ldap/servers/snmp/main.c ++++ b/ldap/servers/snmp/main.c +@@ -44,7 +44,7 @@ main (int argc, char *argv[]) { + netsnmp_log_handler *log_hdl = NULL; + int c, log_level = LOG_WARNING; + struct stat logdir_s; +- pid_t child_pid; ++ pid_t child_pid = 0; + FILE *pid_fp; + + /* Load options */ +@@ -74,7 +74,11 @@ main (int argc, char *argv[]) { + + /* check if we're already running as another process */ + if ((pid_fp = fopen(pidfile, "r")) != NULL) { +- fscanf(pid_fp, "%d", &child_pid); ++ int rc = fscanf(pid_fp, "%d", &child_pid); ++ if ((rc == 0) || (rc == EOF)) { ++ printf("ldap-agent: Failed to get pid from %s\n", pidfile); ++ exit(1); ++ } + fclose(pid_fp); + if (kill(child_pid, SIGUSR1) == 0) { + printf("ldap-agent: Already running as pid %d!\n", child_pid); +@@ -145,6 +149,7 @@ main (int argc, char *argv[]) { + /* run as a daemon */ + if (netsnmp_daemonize(0, 0)) { + int i; ++ int rc; + + /* sleep to allow pidfile to be created by child */ + for (i=0; i < 3; i++) { +@@ -159,7 +164,11 @@ main (int argc, char *argv[]) { + exit(1); + } + +- fscanf(pid_fp, "%d", &child_pid); ++ rc = fscanf(pid_fp, "%d", &child_pid); ++ if ((rc == 0) || (rc == EOF)) { ++ printf("ldap-agent: Failed to get pid from %s\n", pidfile); ++ exit(1); ++ } + fclose(pid_fp); + printf("ldap-agent: Started as pid %d\n", child_pid); + exit(0); +diff --git a/lib/base/file.cpp b/lib/base/file.cpp +index 8c9274a..ad4333e 100644 +--- a/lib/base/file.cpp ++++ b/lib/base/file.cpp +@@ -38,7 +38,6 @@ extern "C" char *nscperror_lookup(int err); + /* PRFileDesc * SYS_ERROR_FD = NULL; */ + + const int errbuf_size = 256; +-const unsigned int LOCKFILERANGE=0x7FFFFFFF; + PRLock *_atomic_write_lock = NULL; + + /* --------------------------------- stat --------------------------------- */ +diff --git a/lib/base/fsmutex.cpp b/lib/base/fsmutex.cpp +index e8f2aff..a0e30fd 100644 +--- a/lib/base/fsmutex.cpp ++++ b/lib/base/fsmutex.cpp +@@ -85,11 +85,15 @@ fsmutex_init(char *name, int number, int flags) + NSAPI_PUBLIC void + fsmutex_setowner(FSMUTEX fsm, uid_t uid, gid_t gid) + { +- if(!geteuid()) +- (void) chown( ((fsmutex_s *)fsm)->id, uid, gid); ++ if(!geteuid()) { ++ int rc = chown( ((fsmutex_s *)fsm)->id, uid, gid); ++ PR_ASSERT(rc == 0); ++ if (rc != 0 ) { ++ return; /* just to suppress compiler warning... */ ++ } ++ } + } + +- + /* -------------------------- fsmutex_terminate --------------------------- */ + + static void +-- +2.4.11 + diff --git a/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch new file mode 100644 index 0000000..4f6a8b6 --- /dev/null +++ b/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch @@ -0,0 +1,1000 @@ +From ef8228ad564f31992386bfc61553df8387d9e306 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Wed, 13 Jul 2016 14:49:18 -0700 +Subject: [PATCH 10/15] Bug 1347760 - CVE-2016-4992 389-ds-base: Information + disclosure via repeated use of LDAP ADD operation, etc. + +Description: If a bind user has no rights, it should not disclose +any information including the existence of the entry. + +Fix description: +1) ALREADY_EXISTS in add -- If to be added entry is found existing + in ldbm_back_add, it checks the ACI and if there is no rights, + it returns INSUFFICIENT_ACCESS instead of ALREADY_EXISTS. +2) NO_SUCH_OBJECT in other update operations -- If the target entry + is found not existing, it checks the ancestor entry's access + rights in find_entry. If it is not allowed to access the subtree, + it returns INSUFFICIENT_ACCESS instead of NO_SUC_OBJECT. Plus, + it supresses the "Matched" ancestor message. +3) NO_SUCH_OBJECT in search -- If a bind entry has no rights to read + a subtree, it returns no search results with SUCCESS. It should + be applied to the no existing subtree if the bind entry has no + rights to the super tree. +4) If bind fails because of the non-existence of the bind user or + the parent nodes, the bind returns LDAP_INVALID_CREDENTIALS to + the client with no other information. + The detailed cause is logged in the access log as follows: + RESULT err=49 .. etime=0 - No such suffix () + RESULT err=49 .. etime=0 - Invalid credentials + RESULT err=49 .. etime=0 - No such entry + +https://bugzilla.redhat.com/show_bug.cgi?id=1347760 + +Reviewed by lkrispen@redhat.com, mreynolds@redhat.com, and tbordaz@redhat.com. +Thank you!!! + +(cherry picked from commit 0b932d4b926d46ac5060f02617330dc444e06da1) +--- + ldap/servers/slapd/back-ldbm/dn2entry.c | 17 ++- + ldap/servers/slapd/back-ldbm/findentry.c | 139 +++++++++++++++++++------ + ldap/servers/slapd/back-ldbm/ldbm_add.c | 21 +++- + ldap/servers/slapd/back-ldbm/ldbm_bind.c | 11 +- + ldap/servers/slapd/back-ldbm/ldbm_compare.c | 2 +- + ldap/servers/slapd/back-ldbm/ldbm_delete.c | 9 +- + ldap/servers/slapd/back-ldbm/ldbm_modify.c | 18 ++-- + ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 15 +-- + ldap/servers/slapd/back-ldbm/ldbm_search.c | 2 +- + ldap/servers/slapd/back-ldbm/misc.c | 2 +- + ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 14 +-- + ldap/servers/slapd/back-ldbm/vlv_srch.c | 2 +- + ldap/servers/slapd/bind.c | 75 ++++++------- + ldap/servers/slapd/defbackend.c | 82 ++++++++++++++- + ldap/servers/slapd/result.c | 16 ++- + 15 files changed, 311 insertions(+), 114 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/dn2entry.c b/ldap/servers/slapd/back-ldbm/dn2entry.c +index 6d1d92f..7656688 100644 +--- a/ldap/servers/slapd/back-ldbm/dn2entry.c ++++ b/ldap/servers/slapd/back-ldbm/dn2entry.c +@@ -151,14 +151,15 @@ struct backentry * + dn2ancestor( + Slapi_Backend *be, + const Slapi_DN *sdn, +- Slapi_DN *ancestordn, ++ Slapi_DN *ancestordn, + back_txn *txn, +- int *err ++ int *err, ++ int allow_suffix + ) + { +- struct backentry *e = NULL; ++ struct backentry *e = NULL; + +- LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 ); ++ LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 ); + + /* first, check to see if the given sdn is empty or a root suffix of the + given backend - if so, it has no parent */ +@@ -190,7 +191,13 @@ dn2ancestor( + */ + + /* stop when we get to "", or a backend suffix point */ +- while (!e && !slapi_sdn_isempty(&ancestorndn) && !slapi_be_issuffix( be, &ancestorndn )) { ++ while (!e && !slapi_sdn_isempty(&ancestorndn)) { ++ if (!allow_suffix) { ++ /* Original behavior. */ ++ if (slapi_be_issuffix(be, &ancestorndn)) { ++ break; ++ } ++ } + /* find the entry - it uses the ndn, so no further conversion is necessary */ + e= dn2entry(be,&ancestorndn,txn,err); + if (!e) { +diff --git a/ldap/servers/slapd/back-ldbm/findentry.c b/ldap/servers/slapd/back-ldbm/findentry.c +index 4a574bf..8b842e3 100644 +--- a/ldap/servers/slapd/back-ldbm/findentry.c ++++ b/ldap/servers/slapd/back-ldbm/findentry.c +@@ -16,8 +16,8 @@ + #include "back-ldbm.h" + + +-static struct backentry *find_entry_internal_dn(Slapi_PBlock *pb, backend *be, const Slapi_DN *sdn, int lock, back_txn *txn, int flags); +-static struct backentry * find_entry_internal(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int lock, back_txn *txn, int flags); ++static struct backentry *find_entry_internal_dn(Slapi_PBlock *pb, backend *be, const Slapi_DN *sdn, int lock, back_txn *txn, int flags, int *rc); ++static struct backentry * find_entry_internal(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int lock, back_txn *txn, int flags, int *rc); + /* The flags take these values */ + #define FE_TOMBSTONE_INCLUDED TOMBSTONE_INCLUDED /* :1 defined in back-ldbm.h */ + #define FE_REALLY_INTERNAL 0x2 +@@ -27,7 +27,7 @@ check_entry_for_referral(Slapi_PBlock *pb, Slapi_Entry *entry, char *matched, co + { + int rc=0, i=0, numValues=0; + Slapi_Attr *attr; +- Slapi_Value *val=NULL; ++ Slapi_Value *val=NULL; + struct berval **refscopy=NULL; + struct berval **url=NULL; + +@@ -80,12 +80,13 @@ out: + + static struct backentry * + find_entry_internal_dn( +- Slapi_PBlock *pb, ++ Slapi_PBlock *pb, + backend *be, + const Slapi_DN *sdn, + int lock, +- back_txn *txn, +- int flags ++ back_txn *txn, ++ int flags, ++ int *rc /* return code */ + ) + { + struct backentry *e; +@@ -93,9 +94,14 @@ find_entry_internal_dn( + int err; + ldbm_instance *inst = (ldbm_instance *) be->be_instance_info; + size_t tries = 0; ++ int isroot = 0; ++ int op_type; ++ char *errbuf = NULL; + + /* get the managedsait ldap message control */ +- slapi_pblock_get( pb, SLAPI_MANAGEDSAIT, &managedsait ); ++ slapi_pblock_get(pb, SLAPI_MANAGEDSAIT, &managedsait); ++ slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot); ++ slapi_pblock_get(pb, SLAPI_OPERATION_TYPE, &op_type); + + while ( (tries < LDBM_CACHE_RETRY_COUNT) && + (e = dn2entry_ext( be, sdn, txn, flags & TOMBSTONE_INCLUDED, &err )) +@@ -113,6 +119,9 @@ find_entry_internal_dn( + if(check_entry_for_referral(pb, e->ep_entry, NULL, "find_entry_internal_dn")) + { + CACHE_RETURN( &inst->inst_cache, &e ); ++ if (rc) { /* if check_entry_for_referral returns non-zero, result is sent. */ ++ *rc = FE_RC_SENT_RESULT; ++ } + return( NULL ); + } + } +@@ -151,27 +160,89 @@ find_entry_internal_dn( + struct backentry *me; + Slapi_DN ancestorsdn; + slapi_sdn_init(&ancestorsdn); +- me= dn2ancestor(pb->pb_backend,sdn,&ancestorsdn,txn,&err); ++ me = dn2ancestor(pb->pb_backend, sdn, &ancestorsdn, txn, &err, 1 /* allow_suffix */); + if ( !managedsait && me != NULL ) { + /* if the entry is a referral send the referral */ + if(check_entry_for_referral(pb, me->ep_entry, (char*)slapi_sdn_get_dn(&ancestorsdn), "find_entry_internal_dn")) + { + CACHE_RETURN( &inst->inst_cache, &me ); + slapi_sdn_done(&ancestorsdn); ++ if (rc) { /* if check_entry_for_referral returns non-zero, result is sent. */ ++ *rc = FE_RC_SENT_RESULT; ++ } + return( NULL ); + } + /* else fall through to no such object */ + } + + /* entry not found */ +- slapi_send_ldap_result( pb, ( 0 == err || DB_NOTFOUND == err ) ? +- LDAP_NO_SUCH_OBJECT : ( LDAP_INVALID_DN_SYNTAX == err ) ? +- LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR, +- (char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL ); ++ if ((0 == err) || (DB_NOTFOUND == err)) { ++ if (me && !isroot) { ++ /* If not root, you may not want to reveal it. */ ++ int acl_type = -1; ++ int return_err = LDAP_NO_SUCH_OBJECT; ++ err = LDAP_SUCCESS; ++ switch (op_type) { ++ case SLAPI_OPERATION_ADD: ++ acl_type = SLAPI_ACL_ADD; ++ return_err = LDAP_INSUFFICIENT_ACCESS; ++ break; ++ case SLAPI_OPERATION_DELETE: ++ acl_type = SLAPI_ACL_DELETE; ++ return_err = LDAP_INSUFFICIENT_ACCESS; ++ break; ++ case SLAPI_OPERATION_MODDN: ++ acl_type = SLAPI_ACL_MODDN; ++ return_err = LDAP_INSUFFICIENT_ACCESS; ++ break; ++ case SLAPI_OPERATION_MODIFY: ++ acl_type = SLAPI_ACL_WRITE; ++ return_err = LDAP_INSUFFICIENT_ACCESS; ++ break; ++ case SLAPI_OPERATION_SEARCH: ++ case SLAPI_OPERATION_COMPARE: ++ return_err = LDAP_SUCCESS; ++ acl_type = SLAPI_ACL_READ; ++ break; ++ case SLAPI_OPERATION_BIND: ++ acl_type = -1; /* skip acl check. acl is not set up for bind. */ ++ return_err = LDAP_INVALID_CREDENTIALS; ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry"); ++ break; ++ } ++ if (acl_type > 0) { ++ err = plugin_call_acl_plugin(pb, me->ep_entry, NULL, NULL, acl_type, ++ ACLPLUGIN_ACCESS_DEFAULT, &errbuf); ++ } ++ if (((acl_type > 0) && err) || (op_type == SLAPI_OPERATION_BIND)) { ++ /* ++ * Operations to be checked && ACL returns disallow. ++ * Not to disclose the info about the entry's existence, ++ * do not return the "matched" DN. ++ * Plus, the bind case returns LDAP_INAPPROPRIATE_AUTH. ++ */ ++ slapi_send_ldap_result(pb, return_err, NULL, NULL, 0, NULL); ++ } else { ++ slapi_send_ldap_result(pb, LDAP_NO_SUCH_OBJECT, ++ (char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL); ++ } ++ } else { ++ slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT, ++ (char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL); ++ } ++ } else { ++ slapi_send_ldap_result( pb, ( LDAP_INVALID_DN_SYNTAX == err ) ? ++ LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR, ++ (char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL ); ++ } ++ if (rc) { ++ *rc = FE_RC_SENT_RESULT; ++ } + slapi_sdn_done(&ancestorsdn); + CACHE_RETURN( &inst->inst_cache, &me ); + } + ++ slapi_ch_free_string(&errbuf); + LDAPDebug( LDAP_DEBUG_TRACE, "<= find_entry_internal_dn not found (%s)\n", + slapi_sdn_get_dn(sdn), 0, 0 ); + return( NULL ); +@@ -183,11 +254,11 @@ find_entry_internal_dn( + */ + static struct backentry * + find_entry_internal_uniqueid( +- Slapi_PBlock *pb, ++ Slapi_PBlock *pb, + backend *be, +- const char *uniqueid, ++ const char *uniqueid, + int lock, +- back_txn *txn ++ back_txn *txn + ) + { + ldbm_instance *inst = (ldbm_instance *) be->be_instance_info; +@@ -243,8 +314,9 @@ find_entry_internal( + Slapi_Backend *be, + const entry_address *addr, + int lock, +- back_txn *txn, +- int flags ++ back_txn *txn, ++ int flags, ++ int *rc + ) + { + /* check if we should search based on uniqueid or dn */ +@@ -261,11 +333,9 @@ find_entry_internal( + LDAPDebug( LDAP_DEBUG_TRACE, "=> find_entry_internal (dn=%s) lock %d\n", + slapi_sdn_get_dn(addr->sdn), lock, 0 ); + if (addr->sdn) { +- entry = find_entry_internal_dn (pb, be, addr->sdn, +- lock, txn, flags); ++ entry = find_entry_internal_dn (pb, be, addr->sdn, lock, txn, flags, rc); + } else { +- LDAPDebug0Args( LDAP_DEBUG_ANY, +- "find_entry_internal: Null target dn\n" ); ++ LDAPDebug0Args( LDAP_DEBUG_ANY, "find_entry_internal: Null target dn\n" ); + } + + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= find_entry_internal\n" ); +@@ -278,10 +348,11 @@ find_entry( + Slapi_PBlock *pb, + Slapi_Backend *be, + const entry_address *addr, +- back_txn *txn ++ back_txn *txn, ++ int *rc + ) + { +- return( find_entry_internal( pb, be, addr, 0/*!lock*/, txn, 0/*flags*/ ) ); ++ return(find_entry_internal(pb, be, addr, 0/*!lock*/, txn, 0/*flags*/, rc)); + } + + struct backentry * +@@ -289,10 +360,11 @@ find_entry2modify( + Slapi_PBlock *pb, + Slapi_Backend *be, + const entry_address *addr, +- back_txn *txn ++ back_txn *txn, ++ int *rc + ) + { +- return( find_entry_internal( pb, be, addr, 1/*lock*/, txn, 0/*flags*/ ) ); ++ return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, 0/*flags*/, rc)); + } + + /* New routines which do not do any referral stuff. +@@ -304,10 +376,11 @@ find_entry_only( + Slapi_PBlock *pb, + Slapi_Backend *be, + const entry_address *addr, +- back_txn *txn ++ back_txn *txn, ++ int *rc + ) + { +- return( find_entry_internal( pb, be, addr, 0/*!lock*/, txn, FE_REALLY_INTERNAL ) ); ++ return(find_entry_internal(pb, be, addr, 0/*!lock*/, txn, FE_REALLY_INTERNAL, rc)); + } + + struct backentry * +@@ -315,10 +388,11 @@ find_entry2modify_only( + Slapi_PBlock *pb, + Slapi_Backend *be, + const entry_address *addr, +- back_txn *txn ++ back_txn *txn, ++ int *rc + ) + { +- return( find_entry_internal( pb, be, addr, 1/*lock*/, txn, FE_REALLY_INTERNAL ) ); ++ return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, 0 /* to check aci, disable INTERNAL */, rc)); + } + + struct backentry * +@@ -327,10 +401,9 @@ find_entry2modify_only_ext( + Slapi_Backend *be, + const entry_address *addr, + int flags, +- back_txn *txn +- ++ back_txn *txn, ++ int *rc + ) + { +- return( find_entry_internal( pb, be, addr, 1/*lock*/, txn, +- FE_REALLY_INTERNAL | flags )); ++ return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, FE_REALLY_INTERNAL | flags, rc)); + } +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c +index 7eb8fe9..f462376 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c +@@ -93,6 +93,7 @@ ldbm_back_add( Slapi_PBlock *pb ) + int myrc = 0; + PRUint64 conn_id; + int op_id; ++ int result_sent = 0; + if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) { + conn_id = 0; /* connection is NULL */ + } +@@ -379,7 +380,7 @@ ldbm_back_add( Slapi_PBlock *pb ) + addr.sdn = &parentsdn; + addr.udn = NULL; + addr.uniqueid = operation->o_params.p.p_add.parentuniqueid; +- parententry = find_entry2modify_only(pb,be,&addr,&txn); ++ parententry = find_entry2modify_only(pb, be, &addr, &txn, &result_sent); + if (parententry && parententry->ep_entry) { + if (!operation->o_params.p.p_add.parentuniqueid){ + /* Set the parentuniqueid now */ +@@ -431,6 +432,14 @@ ldbm_back_add( Slapi_PBlock *pb ) + /* The entry already exists */ + ldap_result_code = LDAP_ALREADY_EXISTS; + } ++ if ((LDAP_ALREADY_EXISTS == ldap_result_code) && !isroot && !is_replicated_operation) { ++ myrc = plugin_call_acl_plugin(pb, e, NULL, NULL, SLAPI_ACL_ADD, ++ ACLPLUGIN_ACCESS_DEFAULT, &errbuf); ++ if (myrc) { ++ ldap_result_code = myrc; ++ ldap_result_message = errbuf; ++ } ++ } + goto error_return; + } + else +@@ -447,7 +456,7 @@ ldbm_back_add( Slapi_PBlock *pb ) + Slapi_DN ancestorsdn; + struct backentry *ancestorentry; + slapi_sdn_init(&ancestorsdn); +- ancestorentry= dn2ancestor(pb->pb_backend,sdn,&ancestorsdn,&txn,&err); ++ ancestorentry = dn2ancestor(pb->pb_backend, sdn, &ancestorsdn, &txn, &err, 0); + slapi_sdn_done(&ancestorsdn); + if ( ancestorentry != NULL ) + { +@@ -495,7 +504,7 @@ ldbm_back_add( Slapi_PBlock *pb ) + addr.udn = NULL; + addr.sdn = NULL; + addr.uniqueid = (char *)slapi_entry_get_uniqueid(e); /* jcm - cast away const */ +- tombstoneentry = find_entry2modify( pb, be, &addr, &txn ); ++ tombstoneentry = find_entry2modify(pb, be, &addr, &txn, &result_sent); + if ( tombstoneentry==NULL ) + { + ldap_result_code= -1; +@@ -712,7 +721,7 @@ ldbm_back_add( Slapi_PBlock *pb ) + LDAPDebug1Arg(LDAP_DEBUG_BACKLDBM, "ldbm_add: Parent \"%s\" does not exist. " + "It might be a conflict entry.\n", slapi_sdn_get_dn(&parentsdn)); + slapi_sdn_init(&ancestorsdn); +- ancestorentry = dn2ancestor(be, &parentsdn, &ancestorsdn, &txn, &err ); ++ ancestorentry = dn2ancestor(be, &parentsdn, &ancestorsdn, &txn, &err, 1); + CACHE_RETURN( &inst->inst_cache, &ancestorentry ); + + ldap_result_code= LDAP_NO_SUCH_OBJECT; +@@ -1349,7 +1358,9 @@ common_return: + * And we don't want the supplier to halt sending the updates. */ + ldap_result_code = LDAP_SUCCESS; + } +- slapi_send_ldap_result( pb, ldap_result_code, ldap_result_matcheddn, ldap_result_message, 0, NULL ); ++ if (!result_sent) { ++ slapi_send_ldap_result(pb, ldap_result_code, ldap_result_matcheddn, ldap_result_message, 0, NULL); ++ } + } + backentry_free(&originalentry); + backentry_free(&tmpentry); +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_bind.c b/ldap/servers/slapd/back-ldbm/ldbm_bind.c +index ea0df33..99a0818 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_bind.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_bind.c +@@ -29,6 +29,7 @@ ldbm_back_bind( Slapi_PBlock *pb ) + entry_address *addr; + back_txn txn = {NULL}; + int rc = SLAPI_BIND_SUCCESS; ++ int result_sent = 0; + + /* get parameters */ + slapi_pblock_get( pb, SLAPI_BACKEND, &be ); +@@ -63,8 +64,12 @@ ldbm_back_bind( Slapi_PBlock *pb ) + * find the target entry. find_entry() takes care of referrals + * and sending errors if the entry does not exist. + */ +- if (( e = find_entry( pb, be, addr, &txn )) == NULL ) { ++ if ((e = find_entry( pb, be, addr, &txn, &result_sent)) == NULL) { + rc = SLAPI_BIND_FAIL; ++ /* In the failure case, the result is supposed to be sent in the backend. */ ++ if (!result_sent) { ++ slapi_send_ldap_result(pb, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, 0, NULL); ++ } + goto bail; + } + +@@ -82,8 +87,8 @@ ldbm_back_bind( Slapi_PBlock *pb ) + bvals= attr_get_present_values(attr); + slapi_value_init_berval(&cv,cred); + if ( slapi_pw_find_sv( bvals, &cv ) != 0 ) { +- slapi_send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, +- NULL, 0, NULL ); ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Invalid credentials"); ++ slapi_send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL ); + CACHE_RETURN( &inst->inst_cache, &e ); + value_done(&cv); + rc = SLAPI_BIND_FAIL; +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_compare.c b/ldap/servers/slapd/back-ldbm/ldbm_compare.c +index e52cd6c..e9973a9 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_compare.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_compare.c +@@ -56,7 +56,7 @@ ldbm_back_compare( Slapi_PBlock *pb ) + /* get the namespace dn */ + namespace_dn = (Slapi_DN*)slapi_be_getsuffix(be, 0); + +- if ( (e = find_entry( pb, be, addr, &txn )) == NULL ) { ++ if ((e = find_entry(pb, be, addr, &txn, NULL)) == NULL) { + ret = -1; /* error result sent by find_entry() */ + goto bail; + } +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c +index 5b24af2..f801e01 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c +@@ -77,6 +77,7 @@ ldbm_back_delete( Slapi_PBlock *pb ) + int op_id; + ID ep_id = 0; + ID tomb_ep_id = 0; ++ int result_sent = 0; + + if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) { + conn_id = 0; /* connection is NULL */ +@@ -266,7 +267,7 @@ ldbm_back_delete( Slapi_PBlock *pb ) + * deleted. That is, the entry 'e' found with "addr" is a tomb- + * stone. If it is the case, we need to back off. + */ +- if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL ) ++ if ((e = find_entry2modify(pb, be, addr, &txn, &result_sent)) == NULL) + { + ldap_result_code= LDAP_NO_SUCH_OBJECT; + retval = -1; +@@ -507,7 +508,7 @@ ldbm_back_delete( Slapi_PBlock *pb ) + parent_addr.uniqueid = NULL; + } + parent_addr.sdn = &parentsdn; +- parent = find_entry2modify_only_ext(pb, be, &parent_addr, TOMBSTONE_INCLUDED, &txn); ++ parent = find_entry2modify_only_ext(pb, be, &parent_addr, TOMBSTONE_INCLUDED, &txn, &result_sent); + } + if (parent) { + int isglue; +@@ -1466,7 +1467,9 @@ diskfull_return: + * And we don't want the supplier to halt sending the updates. */ + ldap_result_code = LDAP_SUCCESS; + } +- slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL ); ++ if (!result_sent) { ++ slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL ); ++ } + } + slapi_log_error(SLAPI_LOG_BACKLDBM, "ldbm_back_delete", + "conn=%lu op=%d modify_term: old_entry=0x%p, new_entry=0x%p, in_cache=%d\n", +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c +index 9b3062c..34d9861 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c +@@ -392,6 +392,7 @@ ldbm_back_modify( Slapi_PBlock *pb ) + int not_an_error = 0; + int fixup_tombstone = 0; + int ec_locked = 0; ++ int result_sent = 0; + + slapi_pblock_get( pb, SLAPI_BACKEND, &be); + slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li ); +@@ -466,12 +467,12 @@ ldbm_back_modify( Slapi_PBlock *pb ) + if ( MANAGE_ENTRY_BEFORE_DBLOCK(li)) { + /* find and lock the entry we are about to modify */ + if (fixup_tombstone) { +- e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn ); ++ e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn, &result_sent ); + } else { +- e = find_entry2modify( pb, be, addr, &txn ); ++ e = find_entry2modify( pb, be, addr, &txn, &result_sent ); + } + if (e == NULL) { +- ldap_result_code= -1; ++ ldap_result_code = -1; + goto error_return; /* error result sent by find_entry2modify() */ + } + } +@@ -551,12 +552,12 @@ ldbm_back_modify( Slapi_PBlock *pb ) + if ( !MANAGE_ENTRY_BEFORE_DBLOCK(li)) { + /* find and lock the entry we are about to modify */ + if (fixup_tombstone) { +- e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn ); ++ e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn, &result_sent ); + } else { +- e = find_entry2modify( pb, be, addr, &txn ); ++ e = find_entry2modify( pb, be, addr, &txn, &result_sent ); + } + if (e == NULL) { +- ldap_result_code= -1; ++ ldap_result_code = -1; + goto error_return; /* error result sent by find_entry2modify() */ + } + } +@@ -966,7 +967,10 @@ common_return: + * And we don't want the supplier to halt sending the updates. */ + ldap_result_code = LDAP_SUCCESS; + } +- slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL ); ++ if (!result_sent) { ++ /* result is already sent in find_entry. */ ++ slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL ); ++ } + } + + /* free our backups */ +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +index c0cd2ab..f934305 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +@@ -95,6 +95,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) + int myrc = 0; + PRUint64 conn_id; + int op_id; ++ int result_sent = 0; + if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) { + conn_id = 0; /* connection is NULL */ + } +@@ -474,7 +475,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) + /* find and lock the entry we are about to modify */ + /* JCMREPL - Argh, what happens about the stinking referrals? */ + slapi_pblock_get (pb, SLAPI_TARGET_ADDRESS, &old_addr); +- e = find_entry2modify( pb, be, old_addr, &txn ); ++ e = find_entry2modify(pb, be, old_addr, &txn, &result_sent); + if ( e == NULL ) + { + ldap_result_code= -1; +@@ -510,7 +511,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) + } else { + oldparent_addr.uniqueid = NULL; + } +- parententry = find_entry2modify_only( pb, be, &oldparent_addr, &txn ); ++ parententry = find_entry2modify_only(pb, be, &oldparent_addr, &txn, &result_sent); + modify_init(&parent_modify_context,parententry); + + /* Fetch and lock the new parent of the entry that is moving */ +@@ -520,7 +521,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) + if (is_resurect_operation) { + newsuperior_addr->uniqueid = slapi_entry_attr_get_charptr(e->ep_entry, SLAPI_ATTR_VALUE_PARENT_UNIQUEID); + } +- newparententry = find_entry2modify_only( pb, be, newsuperior_addr, &txn ); ++ newparententry = find_entry2modify_only(pb, be, newsuperior_addr, &txn, &result_sent); + slapi_ch_free_string(&newsuperior_addr->uniqueid); + modify_init(&newparent_modify_context,newparententry); + } +@@ -581,7 +582,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb ) + Slapi_DN ancestorsdn; + struct backentry *ancestorentry; + slapi_sdn_init(&ancestorsdn); +- ancestorentry= dn2ancestor(be,&dn_newdn,&ancestorsdn,&txn,&err); ++ ancestorentry = dn2ancestor(be, &dn_newdn, &ancestorsdn, &txn, &err, 0); + CACHE_RETURN( &inst->inst_cache, &ancestorentry ); + ldap_result_matcheddn= slapi_ch_strdup((char *) slapi_sdn_get_dn(&ancestorsdn)); + ldap_result_code= LDAP_NO_SUCH_OBJECT; +@@ -1486,8 +1487,10 @@ common_return: + * And we don't want the supplier to halt sending the updates. */ + ldap_result_code = LDAP_SUCCESS; + } +- slapi_send_ldap_result( pb, ldap_result_code, ldap_result_matcheddn, +- ldap_result_message, 0,NULL ); ++ if (!result_sent) { ++ slapi_send_ldap_result(pb, ldap_result_code, ldap_result_matcheddn, ++ ldap_result_message, 0, NULL); ++ } + } + slapi_mods_done(&smods_operation_wsi); + slapi_mods_done(&smods_generated); +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c +index 535529c..cda1714 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_search.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c +@@ -584,7 +584,7 @@ ldbm_back_search( Slapi_PBlock *pb ) + } + else + { +- if ( ( e = find_entry( pb, be, addr, &txn )) == NULL ) ++ if ((e = find_entry(pb, be, addr, &txn, NULL)) == NULL) + { + /* error or referral sent by find_entry */ + return ldbm_back_search_cleanup(pb, li, sort_control, +diff --git a/ldap/servers/slapd/back-ldbm/misc.c b/ldap/servers/slapd/back-ldbm/misc.c +index 77c1e70..516b32d 100644 +--- a/ldap/servers/slapd/back-ldbm/misc.c ++++ b/ldap/servers/slapd/back-ldbm/misc.c +@@ -412,7 +412,7 @@ ldbm_txn_ruv_modify_context( Slapi_PBlock *pb, modify_context *mc ) + + /* Note: if we find the bentry, it will stay locked until someone calls + * modify_term on the mc we'll be associating the bentry with */ +- bentry = find_entry2modify_only( pb, be, &bentry_addr, &txn ); ++ bentry = find_entry2modify_only(pb, be, &bentry_addr, &txn, NULL); + + if (NULL == bentry) { + /* Uh oh, we couldn't find and lock the RUV entry! */ +diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +index 86e2237..8c813dd 100644 +--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h ++++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +@@ -174,7 +174,7 @@ int ldbm_back_ctrl_info(Slapi_Backend *be, int cmd, void *info); + struct backentry *dn2entry(Slapi_Backend *be, const Slapi_DN *sdn, back_txn *txn, int *err); + struct backentry *dn2entry_ext(Slapi_Backend *be, const Slapi_DN *sdn, back_txn *txn, int flags, int *err); + struct backentry *dn2entry_or_ancestor(Slapi_Backend *be, const Slapi_DN *sdn, Slapi_DN *ancestor, back_txn *txn, int *err); +-struct backentry *dn2ancestor(Slapi_Backend *be,const Slapi_DN *sdn,Slapi_DN *ancestordn,back_txn *txn,int *err); ++struct backentry *dn2ancestor(Slapi_Backend *be,const Slapi_DN *sdn,Slapi_DN *ancestordn,back_txn *txn,int *err, int allow_suffix); + int get_copy_of_entry(Slapi_PBlock *pb, const entry_address *addr, back_txn *txn, int plock_parameter, int must_exist); + int get_copy_of_entry_ext(Slapi_PBlock *pb, ID id, const entry_address *addr, back_txn *txn, int plock_parameter, int must_exist); + void done_with_pblock_entry(Slapi_PBlock *pb, int plock_parameter); +@@ -194,11 +194,13 @@ IDList * filter_candidates_ext( Slapi_PBlock *pb, backend *be, const char *base, + /* + * findentry.c + */ +-struct backentry * find_entry2modify( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn ); +-struct backentry * find_entry( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn ); +-struct backentry * find_entry2modify_only( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn); +-struct backentry * find_entry2modify_only_ext( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int flags, back_txn *txn); +-struct backentry * find_entry_only( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn); ++/* Return code */ ++#define FE_RC_SENT_RESULT 1 ++struct backentry *find_entry2modify(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc); ++struct backentry *find_entry(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc); ++struct backentry *find_entry2modify_only(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc); ++struct backentry *find_entry2modify_only_ext(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int flags, back_txn *txn, int *rc); ++struct backentry *find_entry_only(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc); + int check_entry_for_referral(Slapi_PBlock *pb, Slapi_Entry *entry, char *matched, const char *callingfn); + + /* +diff --git a/ldap/servers/slapd/back-ldbm/vlv_srch.c b/ldap/servers/slapd/back-ldbm/vlv_srch.c +index fcd0c2d..df378211 100644 +--- a/ldap/servers/slapd/back-ldbm/vlv_srch.c ++++ b/ldap/servers/slapd/back-ldbm/vlv_srch.c +@@ -162,7 +162,7 @@ vlvSearch_init(struct vlvSearch* p, Slapi_PBlock *pb, const Slapi_Entry *e, ldbm + + addr.sdn = p->vlv_base; + addr.uniqueid = NULL; +- e = find_entry( pb, inst->inst_be, &addr, &txn ); ++ e = find_entry(pb, inst->inst_be, &addr, &txn, NULL); + /* Check to see if the entry is absent. If it is, mark this search + * as not initialized */ + if (NULL == e) { +diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c +index 1ffec4e..b441615 100644 +--- a/ldap/servers/slapd/bind.c ++++ b/ldap/servers/slapd/bind.c +@@ -438,8 +438,8 @@ do_bind( Slapi_PBlock *pb ) + * to an LDAP DN, fail and return an invalidCredentials error. + */ + if ( NULL == pb->pb_conn->c_external_dn ) { +- send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, +- "client certificate mapping failed", 0, NULL ); ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Client certificate mapping failed"); ++ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL); + /* call postop plugins */ + plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN ); + goto free_and_return; +@@ -556,33 +556,32 @@ do_bind( Slapi_PBlock *pb ) + /* Check if simple binds are allowed over an insecure channel. We only check + * this for authenticated binds. */ + } else if (config_get_require_secure_binds() == 1) { +- Connection *conn = NULL; +- int sasl_ssf = 0; +- int local_ssf = 0; +- +- /* Allow simple binds only for SSL/TLS established connections +- * or connections using SASL privacy layers */ +- conn = pb->pb_conn; +- if ( slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) { +- slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind", +- "Could not get SASL SSF from connection\n" ); +- sasl_ssf = 0; +- } ++ Connection *conn = NULL; ++ int sasl_ssf = 0; ++ int local_ssf = 0; ++ ++ /* Allow simple binds only for SSL/TLS established connections ++ * or connections using SASL privacy layers */ ++ conn = pb->pb_conn; ++ if ( slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) { ++ slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind", ++ "Could not get SASL SSF from connection\n" ); ++ sasl_ssf = 0; ++ } + +- if ( slapi_pblock_get(pb, SLAPI_CONN_LOCAL_SSF, &local_ssf) != 0) { +- slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind", +- "Could not get local SSF from connection\n" ); +- local_ssf = 0; +- } ++ if ( slapi_pblock_get(pb, SLAPI_CONN_LOCAL_SSF, &local_ssf) != 0) { ++ slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind", ++ "Could not get local SSF from connection\n" ); ++ local_ssf = 0; ++ } + +- if (((conn->c_flags & CONN_FLAG_SSL) != CONN_FLAG_SSL) && +- (sasl_ssf <= 1) && (local_ssf <= 1)) { +- send_ldap_result(pb, LDAP_CONFIDENTIALITY_REQUIRED, NULL, +- "Operation requires a secure connection", +- 0, NULL); +- slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors); +- goto free_and_return; +- } ++ if (((conn->c_flags & CONN_FLAG_SSL) != CONN_FLAG_SSL) && ++ (sasl_ssf <= 1) && (local_ssf <= 1)) { ++ send_ldap_result(pb, LDAP_CONFIDENTIALITY_REQUIRED, NULL, ++ "Operation requires a secure connection", 0, NULL); ++ slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors); ++ goto free_and_return; ++ } + } + break; + default: +@@ -627,6 +626,7 @@ do_bind( Slapi_PBlock *pb ) + /* + * right dn, wrong passwd - reject with invalid credentials + */ ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Invalid credentials"); + send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL ); + /* increment BindSecurityErrorcount */ + slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors); +@@ -686,7 +686,8 @@ do_bind( Slapi_PBlock *pb ) + slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn); + if (!pb_sdn) { + slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n"); +- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL); ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf); ++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL); + goto free_and_return; + } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) { + /* +@@ -696,8 +697,10 @@ do_bind( Slapi_PBlock *pb ) + sdn = pb_sdn; + dn = slapi_sdn_get_dn(sdn); + if (!dn) { +- slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n"); +- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL); ++ char *udn = slapi_sdn_get_udn(sdn); ++ slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn %s\n", udn?udn:""); ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf); ++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL); + goto free_and_return; + } + if (!sdn_updated) { /* pb_sdn != sdn; need to compare the dn's. */ +@@ -711,7 +714,8 @@ do_bind( Slapi_PBlock *pb ) + slapi_pblock_set( pb, SLAPI_BACKEND, be ); + } else { + slapi_create_errormsg(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn); +- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL); ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf); ++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL); + goto free_and_return; + } + } +@@ -790,7 +794,8 @@ do_bind( Slapi_PBlock *pb ) + goto account_locked; + } + } else { +- send_ldap_result(pb, LDAP_NO_SUCH_OBJECT, NULL, "", 0, NULL); ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry"); ++ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL); + goto free_and_return; + } + } +@@ -850,8 +855,7 @@ account_locked: + * the front end. + */ + if ( rc == SLAPI_BIND_SUCCESS || rc == SLAPI_BIND_ANONYMOUS) { +- send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL, +- 0, NULL ); ++ send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL, 0, NULL ); + } + + slapi_pblock_set( pb, SLAPI_PLUGIN_OPRETURN, &rc ); +@@ -876,8 +880,7 @@ free_and_return:; + slapi_sdn_free(&sdn); + slapi_ch_free_string( &saslmech ); + slapi_ch_free( (void **)&cred.bv_val ); +- if ( bind_target_entry != NULL ) +- slapi_entry_free(bind_target_entry); ++ slapi_entry_free(bind_target_entry); + } + + +diff --git a/ldap/servers/slapd/defbackend.c b/ldap/servers/slapd/defbackend.c +index 7d73501..da4a701 100644 +--- a/ldap/servers/slapd/defbackend.c ++++ b/ldap/servers/slapd/defbackend.c +@@ -171,6 +171,51 @@ defbackend_abandon( Slapi_PBlock *pb ) + } + + ++#define DEFBE_NO_SUCH_SUFFIX "No such suffix" ++/* ++ * Generate a "No such suffix" return text ++ * Example: ++ * cn=X,dc=bogus,dc=com ==> "No such suffix (dc=bogus,dc=com)" ++ * if the last rdn starts with "dc=", print all last dc= rdn's. ++ * cn=X,cn=bogus ==> "No such suffix (cn=bogus)" ++ * otherwise, print the very last rdn. ++ * cn=X,z=bogus ==> "No such suffix (x=bogus)" ++ * it is true even if it is an invalid rdn. ++ * cn=X,bogus ==> "No such suffix (bogus)" ++ * another example of invalid rdn. ++ */ ++static void ++_defbackend_gen_returntext(char *buffer, size_t buflen, char **dns) ++{ ++ int dnidx; ++ int sidx; ++ struct suffix_repeat { ++ char *suffix; ++ int size; ++ } candidates[] = { ++ {"dc=", 3}, /* dc could be repeated. otherwise the last rdn is used. */ ++ {NULL, 0} ++ }; ++ PR_snprintf(buffer, buflen, "%s (", DEFBE_NO_SUCH_SUFFIX); ++ for (dnidx = 0; dns[dnidx]; dnidx++) ; /* finding the last */ ++ dnidx--; /* last rdn */ ++ for (sidx = 0; candidates[sidx].suffix; sidx++) { ++ if (!PL_strncasecmp(dns[dnidx], candidates[sidx].suffix, candidates[sidx].size)) { ++ while (!PL_strncasecmp(dns[--dnidx], candidates[sidx].suffix, candidates[sidx].size)) ; ++ PL_strcat(buffer, dns[++dnidx]); /* the first "dn=", e.g. */ ++ for (++dnidx; dns[dnidx]; dnidx++) { ++ PL_strcat(buffer, ","); ++ PL_strcat(buffer, dns[dnidx]); ++ } ++ PL_strcat(buffer, ")"); ++ return; /* finished the task */ ++ } ++ } ++ PL_strcat(buffer, dns[dnidx]); ++ PL_strcat(buffer, ")"); ++ return; ++} ++ + static int + defbackend_bind( Slapi_PBlock *pb ) + { +@@ -188,11 +233,40 @@ defbackend_bind( Slapi_PBlock *pb ) + slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method ); + slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &cred ); + if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) { +- slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsAnonymousBinds); +- rc = SLAPI_BIND_ANONYMOUS; ++ slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsAnonymousBinds); ++ rc = SLAPI_BIND_ANONYMOUS; + } else { +- send_nobackend_ldap_result( pb ); +- rc = SLAPI_BIND_FAIL; ++ Slapi_DN *sdn = NULL; ++ char *suffix = NULL; ++ char **dns = NULL; ++ ++ if (pb->pb_op) { ++ sdn = operation_get_target_spec(pb->pb_op); ++ if (sdn) { ++ dns = slapi_ldap_explode_dn(slapi_sdn_get_dn(sdn), 0); ++ if (dns) { ++ size_t dnlen = slapi_sdn_get_ndn_len(sdn); ++ size_t len = dnlen + sizeof(DEFBE_NO_SUCH_SUFFIX) + 4; ++ suffix = slapi_ch_malloc(len); ++ if (dnlen) { ++ _defbackend_gen_returntext(suffix, len, dns); ++ } else { ++ PR_snprintf(suffix, len, "%s", DEFBE_NO_SUCH_SUFFIX); ++ } ++ } ++ } ++ } ++ if (suffix) { ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, suffix); ++ } else { ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, DEFBE_NO_SUCH_SUFFIX); ++ } ++ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL); ++ if (dns) { ++ slapi_ldap_value_free(dns); ++ } ++ slapi_ch_free_string(&suffix); ++ rc = SLAPI_BIND_FAIL; + } + + return( rc ); +diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c +index 506da92..c2a0206 100644 +--- a/ldap/servers/slapd/result.c ++++ b/ldap/servers/slapd/result.c +@@ -2067,14 +2067,26 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie + } + else if ( !internal_op ) + { ++ char *pbtxt = NULL; ++ char *ext_str = NULL; ++ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &pbtxt); ++ if (pbtxt) { ++ ext_str = slapi_ch_smprintf(" - %s", pbtxt); ++ } else { ++ ext_str = ""; ++ } + slapi_log_access( LDAP_DEBUG_STATS, + "conn=%" NSPRIu64 " op=%d RESULT err=%d" +- " tag=%" BERTAG_T " nentries=%d etime=%s%s%s\n", ++ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s%s\n", + op->o_connid, + op->o_opid, + err, tag, nentries, + etime, +- notes_str, csn_str ); ++ notes_str, csn_str, ext_str); ++ if (pbtxt) { ++ /* if !pbtxt ==> ext_str == "". Don't free ext_str. */ ++ slapi_ch_free_string(&ext_str); ++ } + } + else + { +-- +2.4.11 + diff --git a/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch b/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch deleted file mode 100644 index c025f60..0000000 --- a/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch +++ /dev/null @@ -1,808 +0,0 @@ -From 46cd28db8402517febf0c5db4f2f869c491c41c0 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Wed, 8 Jul 2015 11:48:27 -0400 -Subject: [PATCH 10/20] Ticket 48208 - CleanAllRUV should completely purge - changelog - -Bug Description: After cleanAllRUV finishes, the changelog still - contains entries from the cleaned rid. Under certain - conditions this can allow the RUV to get polluted - again, and the ruv element will be missing the replica - url. - -Fix Description: At the end of the cleaning task, fire of a thread to - to completely purge the changelog of all entries - containing the cleaned rid. - - Also, improved the cleanAllRUV task when dealing - with a server shutdown - previously if the timing is - right the task can "delay/hang" the shutdown process. - -https://fedorahosted.org/389/ticket/48208 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit ff1c34538b0600259dba4801da2b2f0993fa5404) -(cherry picked from commit 9e4cf12cfbfde0761325b75c3fd5a8b39223760a) ---- - ldap/servers/plugins/replication/cl5_api.c | 447 ++++++++++++++++++--- - ldap/servers/plugins/replication/cl5_api.h | 5 +- - .../plugins/replication/repl5_replica_config.c | 44 +- - 3 files changed, 430 insertions(+), 66 deletions(-) - -diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c -index a10c3ac..ae23353 100644 ---- a/ldap/servers/plugins/replication/cl5_api.c -+++ b/ldap/servers/plugins/replication/cl5_api.c -@@ -319,14 +319,17 @@ static void _cl5TrimCleanup (); - static int _cl5TrimMain (void *param); - static void _cl5DoTrimming (ReplicaId rid); - static void _cl5CompactDBs(); --static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid); -+static void _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid); -+static int _cl5PurgeGetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key); -+static int _cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key); -+static void _cl5TrimFile (Object *obj, long *numToTrim); - static PRBool _cl5CanTrim (time_t time, long *numToTrim); - static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge); - static int _cl5WriteRUV (CL5DBFile *file, PRBool purge); - static int _cl5ConstructRUV (const char *replGen, Object *obj, PRBool purge); - static int _cl5UpdateRUV (Object *obj, CSN *csn, PRBool newReplica, PRBool purge); - static int _cl5GetRUV2Purge2 (Object *fileObj, RUV **ruv); --void trigger_cl_trimming_thread(void *rid); -+void trigger_cl_purging_thread(void *rid); - - /* bakup/recovery, import/export */ - static int _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op, -@@ -3470,9 +3473,17 @@ static void _cl5DoTrimming (ReplicaId rid) - trimmed more often than other. We might have to fix that by, for - example, randomizing starting point */ - obj = objset_first_obj (s_cl5Desc.dbFiles); -- while (obj && _cl5CanTrim ((time_t)0, &numToTrim)) -+ while (obj && (_cl5CanTrim ((time_t)0, &numToTrim) || rid)) - { -- _cl5TrimFile (obj, &numToTrim, rid); -+ if (rid){ -+ /* -+ * We are cleaning an invalid rid, and need to strip it -+ * from the changelog. -+ */ -+ _cl5PurgeRID (obj, rid); -+ } else { -+ _cl5TrimFile (obj, &numToTrim); -+ } - obj = objset_next_obj (s_cl5Desc.dbFiles, obj); - } - -@@ -3549,12 +3560,351 @@ bail: - return; - } - -+/* -+ * If the rid is not set it is the very first iteration of the changelog. -+ * If the rid is set, we are doing another pass, and we have a key as our -+ * starting point. -+ */ -+static int -+_cl5PurgeGetFirstEntry(Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key) -+{ -+ DBC *cursor = NULL; -+ DBT data = {0}; -+ CL5Iterator *it; -+ CL5DBFile *file; -+ int rc; -+ -+ file = (CL5DBFile*)object_get_data (obj); -+ -+ /* create cursor */ -+ rc = file->db->cursor(file->db, txnid, &cursor, 0); -+ if (rc != 0) -+ { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5PurgeGetFirstEntry: failed to create cursor; db error - %d %s\n", rc, db_strerror(rc)); -+ rc = CL5_DB_ERROR; -+ goto done; -+ } -+ -+ key->flags = DB_DBT_MALLOC; -+ data.flags = DB_DBT_MALLOC; -+ while ((rc = cursor->c_get(cursor, key, &data, rid?DB_SET:DB_NEXT)) == 0) -+ { -+ /* skip service entries on the first pass (rid == 0)*/ -+ if (!rid && cl5HelperEntry ((char*)key->data, NULL)) -+ { -+ slapi_ch_free(&key->data); -+ slapi_ch_free(&(data.data)); -+ continue; -+ } -+ -+ /* format entry */ -+ rc = cl5DBData2Entry(data.data, data.size, entry); -+ slapi_ch_free(&(data.data)); -+ if (rc != 0) -+ { -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, -+ "_cl5PurgeGetFirstEntry: failed to format entry: %d\n", rc); -+ goto done; -+ } -+ -+ it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator)); -+ it->cursor = cursor; -+ object_acquire (obj); -+ it->file = obj; -+ *(CL5Iterator**)iterator = it; -+ -+ return CL5_SUCCESS; -+ } -+ -+ slapi_ch_free(&key->data); -+ slapi_ch_free(&(data.data)); -+ -+ /* walked of the end of the file */ -+ if (rc == DB_NOTFOUND) -+ { -+ rc = CL5_NOTFOUND; -+ goto done; -+ } -+ -+ /* db error occured while iterating */ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5PurgeGetFirstEntry: failed to get entry; db error - %d %s\n", -+ rc, db_strerror(rc)); -+ rc = CL5_DB_ERROR; -+ -+done: -+ /* -+ * We didn't success in assigning this cursor to the iterator, -+ * so we need to free the cursor here. -+ */ -+ if (cursor) -+ cursor->c_close(cursor); -+ -+ return rc; -+} -+ -+/* -+ * Get the next entry. If we get a lock error we will restart the process -+ * starting at the current key. -+ */ -+static int -+_cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key) -+{ -+ CL5Iterator *it; -+ DBT data={0}; -+ int rc; -+ -+ it = (CL5Iterator*) iterator; -+ -+ key->flags = DB_DBT_MALLOC; -+ data.flags = DB_DBT_MALLOC; -+ while ((rc = it->cursor->c_get(it->cursor, key, &data, DB_NEXT)) == 0) -+ { -+ if (cl5HelperEntry ((char*)key->data, NULL)) -+ { -+ slapi_ch_free(&key->data); -+ slapi_ch_free(&(data.data)); -+ continue; -+ } -+ -+ /* format entry */ -+ rc = cl5DBData2Entry (data.data, data.size, entry); -+ slapi_ch_free (&(data.data)); -+ if (rc != 0) -+ { -+ if (rc != CL5_DB_LOCK_ERROR){ -+ /* Not a lock error, free the key */ -+ slapi_ch_free(&key->data); -+ } -+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL, -+ repl_plugin_name_cl, -+ "_cl5PurgeGetNextEntry: failed to format entry: %d\n", -+ rc); -+ -+ } -+ -+ return rc; -+ } -+ slapi_ch_free(&(data.data)); -+ -+ /* walked of the end of the file or entry is out of range */ -+ if (rc == 0 || rc == DB_NOTFOUND){ -+ slapi_ch_free(&key->data); -+ return CL5_NOTFOUND; -+ } -+ if (rc != CL5_DB_LOCK_ERROR){ -+ /* Not a lock error, free the key */ -+ slapi_ch_free(&key->data); -+ } -+ -+ /* cursor operation failed */ -+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL, -+ repl_plugin_name_cl, -+ "_cl5PurgeGetNextEntry: failed to get entry; db error - %d %s\n", -+ rc, db_strerror(rc)); -+ -+ return rc; -+} -+ -+#define MAX_RETRIES 10 -+/* -+ * _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid) -+ * -+ * Clean the entire changelog of updates from the "cleaned rid" via CLEANALLRUV -+ * Delete entries in batches so we don't consume too many db locks, and we don't -+ * lockup the changelog during the entire purging process using one transaction. -+ * We save the key from the last iteration so we don't have to start from the -+ * beginning for each new iteration. -+ */ -+static void -+_cl5PurgeRID(Object *obj, ReplicaId cleaned_rid) -+{ -+ slapi_operation_parameters op = {0}; -+ ReplicaId csn_rid; -+ CL5Entry entry; -+ DB_TXN *txnid = NULL; -+ DBT key = {0}; -+ void *iterator = NULL; -+ long totalTrimmed = 0; -+ long trimmed = 0; -+ char *starting_key = NULL; -+ int batch_count = 0; -+ int db_lock_retry_count = 0; -+ int first_pass = 1; -+ int finished = 0; -+ int rc = 0; -+ -+ PR_ASSERT (obj); -+ entry.op = &op; -+ -+ /* -+ * Keep processing the changelog until we are done, shutting down, or we -+ * maxed out on the db lock retries. -+ */ -+ while (!finished && db_lock_retry_count < MAX_RETRIES && !slapi_is_shutting_down()){ -+ trimmed = 0; -+ -+ /* -+ * Sleep a bit to allow others to use the changelog - we can't hog the -+ * changelog for the entire purge. -+ */ -+ DS_Sleep(PR_MillisecondsToInterval(100)); -+ -+ rc = TXN_BEGIN(s_cl5Desc.dbEnv, NULL, &txnid, 0); -+ if (rc != 0){ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5PurgeRID: failed to begin transaction; db error - %d %s. " -+ "Changelog was not purged of rid(%d)\n", -+ rc, db_strerror(rc), cleaned_rid); -+ return; -+ } -+ -+ /* -+ * Check every changelog entry for the cleaned rid -+ */ -+ rc = _cl5PurgeGetFirstEntry(obj, &entry, &iterator, txnid, first_pass?0:cleaned_rid, &key); -+ first_pass = 0; -+ while (rc == CL5_SUCCESS && !slapi_is_shutting_down()) { -+ /* -+ * Store the new starting key - we need this starting key in case -+ * we run out of locks and have to start the transaction over. -+ */ -+ slapi_ch_free_string(&starting_key); -+ starting_key = slapi_ch_strdup((char*)key.data); -+ -+ if(trimmed == 10000 || (batch_count && trimmed == batch_count)){ -+ /* -+ * Break out, and commit these deletes. Do not free the key, -+ * we need it for the next pass. -+ */ -+ cl5_operation_parameters_done (&op); -+ db_lock_retry_count = 0; /* reset the retry count */ -+ break; -+ } -+ if(op.csn){ -+ csn_rid = csn_get_replicaid (op.csn); -+ if (csn_rid == cleaned_rid){ -+ rc = _cl5CurrentDeleteEntry (iterator); -+ if (rc != CL5_SUCCESS){ -+ /* log error */ -+ cl5_operation_parameters_done (&op); -+ if (rc == CL5_DB_LOCK_ERROR){ -+ /* -+ * Ran out of locks, need to restart the transaction. -+ * Reduce the the batch count and reset the key to -+ * the starting point -+ */ -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, -+ "_cl5PurgeRID: Ran out of db locks deleting entry. " -+ "Reduce the batch value and restart.\n"); -+ batch_count = trimmed - 10; -+ if (batch_count < 10){ -+ batch_count = 10; -+ } -+ trimmed = 0; -+ slapi_ch_free(&(key.data)); -+ key.data = starting_key; -+ starting_key = NULL; -+ db_lock_retry_count++; -+ break; -+ } else { -+ /* fatal error */ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5PurgeRID: fatal error (%d)\n", rc); -+ slapi_ch_free(&(key.data)); -+ finished = 1; -+ break; -+ } -+ } -+ trimmed++; -+ } -+ } -+ slapi_ch_free(&(key.data)); -+ cl5_operation_parameters_done (&op); -+ -+ rc = _cl5PurgeGetNextEntry (&entry, iterator, &key); -+ if (rc == CL5_DB_LOCK_ERROR){ -+ /* -+ * Ran out of locks, need to restart the transaction. -+ * Reduce the the batch count and reset the key to the starting -+ * point. -+ */ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5PurgeRID: Ran out of db locks getting the next entry. " -+ "Reduce the batch value and restart.\n"); -+ batch_count = trimmed - 10; -+ if (batch_count < 10){ -+ batch_count = 10; -+ } -+ trimmed = 0; -+ cl5_operation_parameters_done (&op); -+ slapi_ch_free(&(key.data)); -+ key.data = starting_key; -+ starting_key = NULL; -+ db_lock_retry_count++; -+ break; -+ } -+ } -+ -+ if (rc == CL5_NOTFOUND){ -+ /* Scanned the entire changelog, we're done */ -+ finished = 1; -+ } -+ -+ /* Destroy the iterator before we finish with the txn */ -+ cl5DestroyIterator (iterator); -+ -+ /* -+ * Commit or abort the txn -+ */ -+ if (rc == CL5_SUCCESS || rc == CL5_NOTFOUND){ -+ rc = TXN_COMMIT (txnid, 0); -+ if (rc != 0){ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5PurgeRID: failed to commit transaction; db error - %d %s. " -+ "Changelog was not completely purged of rid (%d)\n", -+ rc, db_strerror(rc), cleaned_rid); -+ break; -+ } else if (finished){ -+ /* We're done */ -+ totalTrimmed += trimmed; -+ break; -+ } else { -+ /* Not done yet */ -+ totalTrimmed += trimmed; -+ trimmed = 0; -+ } -+ } else { -+ rc = TXN_ABORT (txnid); -+ if (rc != 0){ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5PurgeRID: failed to abort transaction; db error - %d %s. " -+ "Changelog was not completely purged of rid (%d)\n", -+ rc, db_strerror(rc), cleaned_rid); -+ } -+ if (batch_count == 0){ -+ /* This was not a retry. Fatal error, break out */ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5PurgeRID: Changelog was not purged of rid (%d)\n", -+ cleaned_rid); -+ break; -+ } -+ } -+ } -+ slapi_ch_free_string(&starting_key); -+ -+ slapi_log_error (SLAPI_LOG_REPL, repl_plugin_name_cl, -+ "_cl5PurgeRID: Removed (%ld entries) that originated from rid (%d)\n", -+ totalTrimmed, cleaned_rid); -+} -+ - /* Note that each file contains changes for a single replicated area. - trimming algorithm: - */ - #define CL5_TRIM_MAX_PER_TRANSACTION 10 - --static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid) -+static void _cl5TrimFile (Object *obj, long *numToTrim) - { - DB_TXN *txnid; - RUV *ruv = NULL; -@@ -3577,7 +3927,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid) - } - - entry.op = &op; -- - while ( !finished && !slapi_is_shutting_down() ) - { - it = NULL; -@@ -3598,7 +3947,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid) - } - - finished = _cl5GetFirstEntry (obj, &entry, &it, txnid); -- while ( !finished ) -+ while ( !finished && !slapi_is_shutting_down()) - { - /* - * This change can be trimmed if it exceeds purge -@@ -3612,11 +3961,12 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid) - continue; - } - csn_rid = csn_get_replicaid (op.csn); -+ - if ( (*numToTrim > 0 || _cl5CanTrim (entry.time, numToTrim)) && - ruv_covers_csn_strict (ruv, op.csn) ) - { - rc = _cl5CurrentDeleteEntry (it); -- if ( rc == CL5_SUCCESS && cleaned_rid != csn_rid) -+ if ( rc == CL5_SUCCESS) - { - rc = _cl5UpdateRUV (obj, op.csn, PR_FALSE, PR_TRUE); - } -@@ -3630,7 +3980,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid) - /* The above two functions have logged the error */ - abort = PR_TRUE; - } -- - } - else - { -@@ -3687,7 +4036,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid) - rc = TXN_ABORT (txnid); - if (rc != 0) - { -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "_cl5TrimFile: failed to abort transaction; db error - %d %s\n", - rc, db_strerror(rc)); - } -@@ -3698,7 +4047,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid) - if (rc != 0) - { - finished = 1; -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "_cl5TrimFile: failed to commit transaction; db error - %d %s\n", - rc, db_strerror(rc)); - } -@@ -4722,9 +5071,9 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen, - goto done; - } - #endif -- /* back off */ -+ /* back off */ - interval = PR_MillisecondsToInterval(slapi_rand() % 100); -- DS_Sleep(interval); -+ DS_Sleep(interval); - } - #if USE_DB_TXN - /* begin transaction */ -@@ -4770,19 +5119,19 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen, - } - cnt ++; - } -- -+ - if (rc == 0) /* we successfully added entry */ - { - #if USE_DB_TXN - rc = TXN_COMMIT (txnid, 0); - #endif - } -- else -+ else - { -- char s[CSN_STRSIZE]; -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ char s[CSN_STRSIZE]; -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "_cl5WriteOperationTxn: failed to write entry with csn (%s); " -- "db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s), -+ "db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s), - rc, db_strerror(rc)); - #if USE_DB_TXN - rc = TXN_ABORT (txnid); -@@ -4803,7 +5152,7 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen, - /* update purge vector if we have not seen any changes from this replica before */ - _cl5UpdateRUV (file_obj, op->csn, PR_TRUE, PR_TRUE); - -- slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl, -+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl, - "cl5WriteOperationTxn: successfully written entry with csn (%s)\n", csnStr); - rc = CL5_SUCCESS; - done: -@@ -4817,7 +5166,7 @@ done: - return rc; - } - --static int _cl5WriteOperation(const char *replName, const char *replGen, -+static int _cl5WriteOperation(const char *replName, const char *replGen, - const slapi_operation_parameters *op, PRBool local) - { - return _cl5WriteOperationTxn(replName, replGen, op, local, NULL); -@@ -4868,7 +5217,7 @@ static int _cl5GetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_ - goto done; - } - -- it = (CL5Iterator*)slapi_ch_malloc (sizeof (CL5Iterator)); -+ it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator)); - it->cursor = cursor; - object_acquire (obj); - it->file = obj; -@@ -4943,7 +5292,7 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator) - slapi_ch_free (&(data.data)); - if (rc != 0) - { -- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "_cl5GetNextEntry: failed to format entry: %d\n", rc); - } - -@@ -4972,38 +5321,42 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator) - } - - /* cursor operation failed */ -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -- "_cl5GetNextEntry: failed to get entry; db error - %d %s\n", -- rc, db_strerror(rc)); -+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL, -+ repl_plugin_name_cl, -+ "_cl5GetNextEntry: failed to get entry; db error - %d %s\n", -+ rc, db_strerror(rc)); - -- return CL5_DB_ERROR; -+ return rc; - } - - static int _cl5CurrentDeleteEntry (void *iterator) - { - int rc; - CL5Iterator *it; -- CL5DBFile *file; -+ CL5DBFile *file; - -- PR_ASSERT (iterator); -+ PR_ASSERT (iterator); - - it = (CL5Iterator*)iterator; - - rc = it->cursor->c_del (it->cursor, 0); - - if (rc == 0) { -- /* decrement entry count */ -- file = (CL5DBFile*)object_get_data (it->file); -- PR_AtomicDecrement (&file->entryCount); -- return CL5_SUCCESS; -- } else { -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -- "_cl5CurrentDeleteEntry failed, err=%d %s\n", -- rc, db_strerror(rc)); -- /* We don't free(close) the cursor here, as the caller will free it by a call to cl5DestroyIterator */ -- /* Freeing it here is a potential bug, as the cursor can't be referenced later once freed */ -- return CL5_DB_ERROR; -- } -+ /* decrement entry count */ -+ file = (CL5DBFile*)object_get_data (it->file); -+ PR_AtomicDecrement (&file->entryCount); -+ return CL5_SUCCESS; -+ } else { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ "_cl5CurrentDeleteEntry failed, err=%d %s\n", -+ rc, db_strerror(rc)); -+ /* -+ * We don't free(close) the cursor here, as the caller will free it by -+ * a call to cl5DestroyIterator. Freeing it here is a potential bug, -+ * as the cursor can't be referenced later once freed. -+ */ -+ return rc; -+ } - } - - static PRBool _cl5IsValidIterator (const CL5Iterator *iterator) -@@ -6275,7 +6628,7 @@ static int _cl5ExportFile (PRFileDesc *prFile, Object *obj) - slapi_write_buffer (prFile, "\n", strlen("\n")); - - entry.op = &op; -- rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL); -+ rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL); - while (rc == CL5_SUCCESS) - { - rc = _cl5Operation2LDIF (&op, file->replGen, &buff, &len); -@@ -6696,16 +7049,16 @@ cl5CleanRUV(ReplicaId rid){ - slapi_rwlock_unlock (s_cl5Desc.stLock); - } - --void trigger_cl_trimming(ReplicaId rid){ -+void trigger_cl_purging(ReplicaId rid){ - PRThread *trim_tid = NULL; - -- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_trimming: rid (%d)\n",(int)rid); -- trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_trimming_thread, -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_purging: rid (%d)\n",(int)rid); -+ trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread, - (void *)&rid, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE); - if (NULL == trim_tid){ - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -- "trigger_cl_trimming: failed to create trimming " -+ "trigger_cl_purging: failed to create trimming " - "thread; NSPR error - %d\n", PR_GetError ()); - } else { - /* need a little time for the thread to get started */ -@@ -6714,7 +7067,7 @@ void trigger_cl_trimming(ReplicaId rid){ - } - - void --trigger_cl_trimming_thread(void *arg){ -+trigger_cl_purging_thread(void *arg){ - ReplicaId rid = *(ReplicaId *)arg; - - /* make sure we have a change log, and we aren't closing it */ -@@ -6723,7 +7076,7 @@ trigger_cl_trimming_thread(void *arg){ - } - if (CL5_SUCCESS != _cl5AddThread()) { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -- "trigger_cl_trimming: failed to increment thread count " -+ "trigger_cl_purging: failed to increment thread count " - "NSPR error - %d\n", PR_GetError ()); - } - _cl5DoTrimming(rid); -diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h -index 5809570..4c3b8e8 100644 ---- a/ldap/servers/plugins/replication/cl5_api.h -+++ b/ldap/servers/plugins/replication/cl5_api.h -@@ -117,6 +117,9 @@ enum - CL5_CSN_ERROR, /* CSN API failed */ - CL5_RUV_ERROR, /* RUV API failed */ - CL5_OBJSET_ERROR, /* namedobjset api failed */ -+ CL5_DB_LOCK_ERROR, /* bdb returns error 12 when the db runs out of locks, -+ this var needs to be in slot 12 of the list. -+ Do not re-order enum above! */ - CL5_PURGED_DATA, /* requested data has been purged */ - CL5_MISSING_DATA, /* data should be in the changelog, but is missing */ - CL5_UNKNOWN_ERROR, /* unclassified error */ -@@ -464,6 +467,6 @@ int cl5WriteRUV(); - int cl5DeleteRUV(); - void cl5CleanRUV(ReplicaId rid); - void cl5NotifyCleanup(int rid); --void trigger_cl_trimming(ReplicaId rid); -+void trigger_cl_purging(ReplicaId rid); - - #endif -diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c -index 660b134..faa86b8 100644 ---- a/ldap/servers/plugins/replication/repl5_replica_config.c -+++ b/ldap/servers/plugins/replication/repl5_replica_config.c -@@ -1439,6 +1439,11 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not - */ - cl5CleanRUV(rid); - -+ /* -+ * Now purge the changelog -+ */ -+ trigger_cl_purging(rid); -+ - if (rc != RUV_SUCCESS){ - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc); - return LDAP_OPERATIONS_ERROR; -@@ -1837,7 +1842,7 @@ replica_cleanallruv_thread(void *arg) - /* no agmts, just clean this replica */ - break; - } -- while (agmt_obj){ -+ while (agmt_obj && !slapi_is_shutting_down()){ - agmt = (Repl_Agmt*)object_get_data (agmt_obj); - if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){ - agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj); -@@ -1919,13 +1924,15 @@ replica_cleanallruv_thread(void *arg) - break; - } - /* -- * need to sleep between passes -+ * Need to sleep between passes unless we are shutting down - */ -- cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Replicas have not been cleaned yet, " -- "retrying in %d seconds", interval); -- PR_Lock( notify_lock ); -- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -- PR_Unlock( notify_lock ); -+ if (!slapi_is_shutting_down()){ -+ cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Replicas have not been cleaned yet, " -+ "retrying in %d seconds", interval); -+ PR_Lock( notify_lock ); -+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -+ PR_Unlock( notify_lock ); -+ } - - if(interval < 14400){ /* 4 hour max */ - interval = interval * 2; -@@ -1936,10 +1943,9 @@ replica_cleanallruv_thread(void *arg) - - done: - /* -- * If the replicas are cleaned, release the rid, and trim the changelog -+ * If the replicas are cleaned, release the rid - */ - if(!aborted){ -- trigger_cl_trimming(data->rid); - delete_cleaned_rid_config(data); - /* make sure all the replicas have been "pre_cleaned" before finishing */ - check_replicas_are_done_cleaning(data); -@@ -1949,7 +1955,7 @@ done: - /* - * Shutdown or abort - */ -- if(!is_task_aborted(data->rid)){ -+ if(!is_task_aborted(data->rid) || slapi_is_shutting_down()){ - cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,"Server shutting down. Process will resume at server startup"); - } else { - cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,"Task aborted for rid(%d).",data->rid); -@@ -2184,7 +2190,7 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn) - not_all_caughtup = 0; - break; - } -- while (agmt_obj){ -+ while (agmt_obj && !slapi_is_shutting_down()){ - agmt = (Repl_Agmt*)object_get_data (agmt_obj); - if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){ - agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj); -@@ -2242,7 +2248,7 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task) - not_all_alive = 0; - break; - } -- while (agmt_obj){ -+ while (agmt_obj && !slapi_is_shutting_down()){ - agmt = (Repl_Agmt*)object_get_data (agmt_obj); - if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){ - agmt_obj = agmtlist_get_next_agreement_for_replica (replica, agmt_obj); -@@ -3022,12 +3028,14 @@ replica_abort_task_thread(void *arg) - break; - } - /* -- * need to sleep between passes -+ * Need to sleep between passes. unless we are shutting down - */ -- cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval); -- PR_Lock( notify_lock ); -- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -- PR_Unlock( notify_lock ); -+ if (!slapi_is_shutting_down()){ -+ cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval); -+ PR_Lock( notify_lock ); -+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -+ PR_Unlock( notify_lock ); -+ } - - if(interval < 14400){ /* 4 hour max */ - interval = interval * 2; -@@ -3045,7 +3053,7 @@ done: - * Wait for this server to stop its cleanallruv task(which removes the rid from the cleaned list) - */ - cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID, "Waiting for CleanAllRUV task to abort..."); -- while(is_cleaned_rid(data->rid)){ -+ while(is_cleaned_rid(data->rid) && !slapi_is_shutting_down()){ - DS_Sleep(PR_SecondsToInterval(1)); - count++; - if(count == 60){ /* it should not take this long */ --- -1.9.3 - diff --git a/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch new file mode 100644 index 0000000..30adc8e --- /dev/null +++ b/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch @@ -0,0 +1,28 @@ +From b6fd1033881ce21513ba95b533fd35942e5b66f1 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Thu, 14 Jul 2016 10:33:15 -0700 +Subject: [PATCH 11/15] Bug 1347760 - CVE-2016-4992 389-ds-base: Information + disclosure via repeated use of LDAP ADD operation, etc. + +Description: Fixing a compiler warning. +(cherry picked from commit 590e2fb86ee2e1d6f169169c83917d18872a95d0) +--- + ldap/servers/slapd/bind.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c +index b441615..702d4c2 100644 +--- a/ldap/servers/slapd/bind.c ++++ b/ldap/servers/slapd/bind.c +@@ -697,7 +697,7 @@ do_bind( Slapi_PBlock *pb ) + sdn = pb_sdn; + dn = slapi_sdn_get_dn(sdn); + if (!dn) { +- char *udn = slapi_sdn_get_udn(sdn); ++ const char *udn = slapi_sdn_get_udn(sdn); + slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn %s\n", udn?udn:""); + slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf); + send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL); +-- +2.4.11 + diff --git a/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch b/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch deleted file mode 100644 index 19dc5da..0000000 --- a/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch +++ /dev/null @@ -1,224 +0,0 @@ -From 3c2165deb45571a0ff0547e5c8c2c970095cca04 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 8 Jul 2015 10:19:15 -0700 -Subject: [PATCH 11/20] Ticket #47799 - Any negative LDAP error code number - reported as Illegal error by ldclt. - -Description: ldclt was implemented with mozldap, which did not expect -negative erorr codes, but openldap does. E.g., LDAP_FILTER_ERROR (-7) -This patch prepares a negativeError array for the negative error codes. -Example: - $ ldclt [...] -e esearch -e random -b "" -f "" -v - Filter = "" - ... - ldclt[16030]: T000: Cannot ldap_search(), error=-7 (Bad search filter) -- NULL result - ... - ldclt[16030]: Global error -7 (Bad search filter) occurs 1001 times - ldclt[16030]: Exit status 3 - Max errors reached. - -https://fedorahosted.org/389/ticket/47799 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 71be5faaa478593bb056887410ca8e48e05b2fe4) -(cherry picked from commit 0680a45773ab4b0e92ec26caa3acbb6bab379103) ---- - ldap/servers/slapd/tools/ldclt/ldapfct.c | 4 +++ - ldap/servers/slapd/tools/ldclt/ldclt.c | 35 ++++++++++++++++----- - ldap/servers/slapd/tools/ldclt/ldclt.h | 11 ++++++- - ldap/servers/slapd/tools/ldclt/threadMain.c | 48 +++++++++++++++++++---------- - 4 files changed, 73 insertions(+), 25 deletions(-) - -diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c -index f906c5a..13e66b8 100644 ---- a/ldap/servers/slapd/tools/ldclt/ldapfct.c -+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c -@@ -1382,6 +1382,10 @@ printErrorFromLdap ( - printf ("ldclt[%d]: T%03d: %s, error=%d (%s", - mctx.pid, tttctx->thrdNum, errmsg, - errcode, my_ldap_err2string (errcode)); -+ if (!res) { -+ printf (") -- NULL result\n"); -+ return -1; -+ } - - /* - * See if there is an additional error message... -diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.c b/ldap/servers/slapd/tools/ldclt/ldclt.c -index edb687f..9e573a5 100644 ---- a/ldap/servers/slapd/tools/ldclt/ldclt.c -+++ b/ldap/servers/slapd/tools/ldclt/ldclt.c -@@ -716,19 +716,35 @@ printGlobalStatistics (void) - * Note: Maybe implement a way to stop the running threads ? - */ - found = 0; -- for (i=0 ; i 0) -- { -+ for (i = 0; i < MAX_ERROR_NB; i++) { -+ if (mctx.errors[i] > 0) { - found = 1; - sprintf (buf, "(%s)", my_ldap_err2string (i)); - printf ("ldclt[%d]: Global error %2d %s occurs %5d times\n", - mctx.pid, i, buf, mctx.errors[i]); - } -+ } -+#if defined(USE_OPENLDAP) -+ for (i = 0; i < ABS(NEGATIVE_MAX_ERROR_NB); i++) { -+ if (mctx.negativeErrors[i] > 0) { -+ found = 1; -+ sprintf (buf, "(%s)", my_ldap_err2string (-i)); -+ printf ("ldclt[%d]: Global error %2d %s occurs %5d times\n", -+ mctx.pid, -i, buf, mctx.negativeErrors[i]); -+ } -+ } -+#endif - if (mctx.errorsBad > 0) - { - found = 1; -- printf ("ldclt[%d]: Global illegal errors (codes not in [0, %d]) occurs %5d times\n", -- mctx.pid, MAX_ERROR_NB-1, mctx.errorsBad); -+ printf("ldclt[%d]: Global illegal errors (codes not in [%d, %d]) occurs %5d times\n", -+ mctx.pid, -+#if defined(USE_OPENLDAP) -+ NEGATIVE_MAX_ERROR_NB, -+#else -+ 0, -+#endif -+ MAX_ERROR_NB-1, mctx.errorsBad); - } - if (!found) - printf ("ldclt[%d]: Global no error occurs during this session.\n", mctx.pid); -@@ -1293,9 +1309,14 @@ basicInit (void) - mctx.totNbOpers = 0; - mctx.totNbSamples = 0; - mctx.errorsBad = 0; -- for (i=0 ; i 0) ? (x) : (-x)) -+#endif - /* - * Misc constant definitions - */ -@@ -183,7 +186,10 @@ dd/mm/yy | Author | Comments - #define DEF_PORT_CHECK 16000 /* Port used for check processing */ - #define MAX_ATTRIBS 40 /* Max number of attributes */ /*JLS 28-03-01*/ - #define MAX_DN_LENGTH 1024 /* Max length for a DN */ --#define MAX_ERROR_NB 0x62 /* Max ldap err number + 1 */ -+#define MAX_ERROR_NB 0x7b /* Max ldap err number + 1 */ -+#if defined(USE_OPENLDAP) -+#define NEGATIVE_MAX_ERROR_NB (LDAP_X_CONNECTING - 1) /* Mininum ldap err number */ -+#endif - #define MAX_IGN_ERRORS 20 /* Max errors ignored */ - #define MAX_FILTER 512 /* Max filters length */ - #define MAX_THREADS 1000 /* Max number of threads */ /*JLS 21-11-00*/ -@@ -504,6 +510,9 @@ typedef struct main_context { - char *certfile; /* certificate file */ /* BK 11-10-00 */ - char *cltcertname; /* client cert name */ /* BK 23 11-00 */ - data_list_file *dlf; /* Data list files */ /*JLS 23-03-01*/ -+#if defined(USE_OPENLDAP) -+ int negativeErrors[ABS(NEGATIVE_MAX_ERROR_NB)]; /* Err stats */ -+#endif - int errors[MAX_ERROR_NB]; /* Err stats */ - int errorsBad; /* Bad errors */ - ldclt_mutex_t errors_mutex; /* Protect errors */ /*JLS 28-11-00*/ -diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c -index be41186..5d915fd 100644 ---- a/ldap/servers/slapd/tools/ldclt/threadMain.c -+++ b/ldap/servers/slapd/tools/ldclt/threadMain.c -@@ -430,14 +430,26 @@ addErrorStat ( - /* - * Update the counters - */ -+#if defined(USE_OPENLDAP) -+ if ((err <= NEGATIVE_MAX_ERROR_NB) || (err >= MAX_ERROR_NB)) -+#else - if ((err <= 0) || (err >= MAX_ERROR_NB)) -+#endif - { - fprintf (stderr, "ldclt[%d]: Illegal error number %d\n", mctx.pid, err); - fflush (stderr); - mctx.errorsBad++; - } -+#if defined(USE_OPENLDAP) -+ else if (err < 0) -+ { -+ mctx.negativeErrors[abs(err)]++; -+ } -+#endif - else -+ { - mctx.errors[err]++; -+ } - - /* - * Release the mutex -@@ -460,26 +472,28 @@ addErrorStat ( - * Ok, we should not ignore this error... - * Maybe the limit is reached ? - */ -+#if defined(USE_OPENLDAP) -+ if ((err <= NEGATIVE_MAX_ERROR_NB) || (err >= MAX_ERROR_NB)) -+#else - if ((err <= 0) || (err >= MAX_ERROR_NB)) -- { -- if (mctx.errorsBad > mctx.maxErrors) -- { -- printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid); -- (void) printGlobalStatistics(); /*JLS 25-08-00*/ -- fflush (stdout); -- ldclt_sleep (5); -- ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/ -+#endif -+ { -+ if (mctx.errorsBad > mctx.maxErrors) { -+ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid); -+ (void) printGlobalStatistics(); /*JLS 25-08-00*/ -+ fflush (stdout); -+ ldclt_sleep (5); -+ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/ - } -- } -- else -- if (mctx.errors[err] > mctx.maxErrors) -- { -- printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid); -- (void) printGlobalStatistics(); /*JLS 25-08-00*/ -- fflush (stdout); -- ldclt_sleep (5); -- ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/ -+ } else { -+ if (mctx.errors[err] + mctx.negativeErrors[abs(err)] > mctx.maxErrors) { -+ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid); -+ (void) printGlobalStatistics(); /*JLS 25-08-00*/ -+ fflush (stdout); -+ ldclt_sleep (5); -+ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/ - } -+ } - } - - /* --- -1.9.3 - diff --git a/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch b/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch new file mode 100644 index 0000000..0b18c51 --- /dev/null +++ b/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch @@ -0,0 +1,461 @@ +From 845915e82846c3e84a9c7585ff584da32c1c5f38 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Tue, 12 Jul 2016 14:33:17 -0700 +Subject: [PATCH 12/15] Bug 1347760 - CI test: test case for bug 1347760 + +Description: Information disclosure via repeated use of LDAP ADD operation, etc. +(cherry picked from commit 27b8987108d875e3e9ee0d844548f8d94db350d1) +--- + dirsrvtests/tests/tickets/ticket1347760_test.py | 440 ++++++++++++++++++++++++ + 1 file changed, 440 insertions(+) + create mode 100644 dirsrvtests/tests/tickets/ticket1347760_test.py + +diff --git a/dirsrvtests/tests/tickets/ticket1347760_test.py b/dirsrvtests/tests/tickets/ticket1347760_test.py +new file mode 100644 +index 0000000..d2e9e37 +--- /dev/null ++++ b/dirsrvtests/tests/tickets/ticket1347760_test.py +@@ -0,0 +1,440 @@ ++# --- BEGIN COPYRIGHT BLOCK --- ++# Copyright (C) 2016 Red Hat, Inc. ++# All rights reserved. ++# ++# License: GPL (version 3 or any later version). ++# See LICENSE for details. ++# --- END COPYRIGHT BLOCK --- ++# ++import os ++import sys ++import time ++import ldap ++import logging ++import pytest ++from lib389 import DirSrv, Entry, tools, tasks ++from lib389.tools import DirSrvTools ++from lib389._constants import * ++from lib389.properties import * ++from lib389.tasks import * ++from lib389.utils import * ++ ++logging.getLogger(__name__).setLevel(logging.DEBUG) ++log = logging.getLogger(__name__) ++ ++installation1_prefix = None ++ ++CONFIG_DN = 'cn=config' ++BOU = 'BOU' ++BINDOU = 'ou=%s,%s' % (BOU, DEFAULT_SUFFIX) ++BUID = 'buser123' ++TUID = 'tuser0' ++BINDDN = 'uid=%s,%s' % (BUID, BINDOU) ++BINDPW = BUID ++TESTDN = 'uid=%s,ou=people,%s' % (TUID, DEFAULT_SUFFIX) ++TESTPW = TUID ++BOGUSDN = 'uid=bogus,%s' % DEFAULT_SUFFIX ++BOGUSDN2 = 'uid=bogus,ou=people,%s' % DEFAULT_SUFFIX ++BOGUSSUFFIX = 'uid=bogus,ou=people,dc=bogus' ++GROUPOU = 'ou=groups,%s' % DEFAULT_SUFFIX ++BOGUSOU = 'ou=OU,%s' % DEFAULT_SUFFIX ++ ++logging.getLogger(__name__).setLevel(logging.DEBUG) ++log = logging.getLogger(__name__) ++ ++installation1_prefix = None ++ ++class TopologyStandalone(object): ++ def __init__(self, standalone): ++ standalone.open() ++ self.standalone = standalone ++ ++ ++@pytest.fixture(scope="module") ++def topology(request): ++ global installation1_prefix ++ if installation1_prefix: ++ args_instance[SER_DEPLOYED_DIR] = installation1_prefix ++ ++ # Creating standalone instance ... ++ standalone = DirSrv(verbose=False) ++ args_instance[SER_HOST] = HOST_STANDALONE ++ args_instance[SER_PORT] = PORT_STANDALONE ++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE ++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX ++ args_standalone = args_instance.copy() ++ standalone.allocate(args_standalone) ++ instance_standalone = standalone.exists() ++ if instance_standalone: ++ standalone.delete() ++ standalone.create() ++ standalone.open() ++ ++ # Delete each instance in the end ++# def fin(): ++# standalone.delete() ++# request.addfinalizer(fin) ++ ++ # Clear out the tmp dir ++ standalone.clearTmpDir(__file__) ++ ++ return TopologyStandalone(standalone) ++ ++def pattern_accesslog(file, log_pattern): ++ try: ++ pattern_accesslog.last_pos += 1 ++ except AttributeError: ++ pattern_accesslog.last_pos = 0 ++ ++ found = None ++ file.seek(pattern_accesslog.last_pos) ++ ++ # Use a while true iteration because 'for line in file: hit a ++ # python bug that break file.tell() ++ while True: ++ line = file.readline() ++ found = log_pattern.search(line) ++ if ((line == '') or (found)): ++ break ++ ++ pattern_accesslog.last_pos = file.tell() ++ if found: ++ return line ++ else: ++ return None ++ ++def check_op_result(server, op, dn, superior, exists, rc): ++ targetdn = dn ++ if op == 'search': ++ if exists: ++ opstr = 'Searching existing entry' ++ else: ++ opstr = 'Searching non-existing entry' ++ elif op == 'add': ++ if exists: ++ opstr = 'Adding existing entry' ++ else: ++ opstr = 'Adding non-existing entry' ++ elif op == 'modify': ++ if exists: ++ opstr = 'Modifying existing entry' ++ else: ++ opstr = 'Modifying non-existing entry' ++ elif op == 'modrdn': ++ if superior != None: ++ targetdn = superior ++ if exists: ++ opstr = 'Moving to existing superior' ++ else: ++ opstr = 'Moving to non-existing superior' ++ else: ++ if exists: ++ opstr = 'Renaming existing entry' ++ else: ++ opstr = 'Renaming non-existing entry' ++ elif op == 'delete': ++ if exists: ++ opstr = 'Deleting existing entry' ++ else: ++ opstr = 'Deleting non-existing entry' ++ ++ if ldap.SUCCESS == rc: ++ expstr = 'be ok' ++ else: ++ expstr = 'fail with %s' % rc.__name__ ++ ++ log.info('%s %s, which should %s.' % (opstr, targetdn, expstr)) ++ hit = 0 ++ try: ++ if op == 'search': ++ centry = server.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*') ++ elif op == 'add': ++ server.add_s(Entry((dn, {'objectclass': 'top extensibleObject'.split(), ++ 'cn': 'test entry'}))) ++ elif op == 'modify': ++ server.modify_s(dn, [(ldap.MOD_REPLACE, 'description', 'test')]) ++ elif op == 'modrdn': ++ if superior != None: ++ server.rename_s(dn, 'uid=new', newsuperior=superior, delold=1) ++ else: ++ server.rename_s(dn, 'uid=new', delold=1) ++ elif op == 'delete': ++ server.delete_s(dn) ++ else: ++ log.fatal('Unknown operation %s' % op) ++ assert False ++ except ldap.LDAPError as e: ++ hit = 1 ++ log.info("Exception (expected): %s" % type(e).__name__) ++ log.info('Desc ' + e.message['desc']) ++ assert isinstance(e, rc) ++ if e.message.has_key('matched'): ++ log.info('Matched is returned: ' + e.message['matched']) ++ if rc != ldap.NO_SUCH_OBJECT: ++ assert False ++ ++ if ldap.SUCCESS == rc: ++ if op == 'search': ++ log.info('Search should return none') ++ assert len(centry) == 0 ++ else: ++ if 0 == hit: ++ log.info('Expected to fail with %s, but passed' % rc.__name__) ++ assert False ++ ++ log.info('PASSED\n') ++ ++def test_ticket1347760(topology): ++ """ ++ Prevent revealing the entry info to whom has no access rights. ++ """ ++ log.info('Testing Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc.') ++ ++ log.info('Disabling accesslog logbuffering') ++ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-accesslog-logbuffering', 'off')]) ++ ++ log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD)) ++ topology.standalone.simple_bind_s(DN_DM, PASSWORD) ++ ++ log.info('Adding ou=%s a bind user belongs to.' % BOU) ++ topology.standalone.add_s(Entry((BINDOU, { ++ 'objectclass': 'top organizationalunit'.split(), ++ 'ou': BOU}))) ++ ++ log.info('Adding a bind user.') ++ topology.standalone.add_s(Entry((BINDDN, ++ {'objectclass': "top person organizationalPerson inetOrgPerson".split(), ++ 'cn': 'bind user', ++ 'sn': 'user', ++ 'userPassword': BINDPW}))) ++ ++ log.info('Adding a test user.') ++ topology.standalone.add_s(Entry((TESTDN, ++ {'objectclass': "top person organizationalPerson inetOrgPerson".split(), ++ 'cn': 'test user', ++ 'sn': 'user', ++ 'userPassword': TESTPW}))) ++ ++ log.info('Deleting aci in %s.' % DEFAULT_SUFFIX) ++ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_DELETE, 'aci', None)]) ++ ++ log.info('Bind case 1. the bind user has no rights to read the entry itself, bind should be successful.') ++ log.info('Bind as {%s,%s} who has no access rights.' % (BINDDN, BINDPW)) ++ try: ++ topology.standalone.simple_bind_s(BINDDN, BINDPW) ++ except ldap.LDAPError as e: ++ log.info('Desc ' + e.message['desc']) ++ assert False ++ ++ file_path = os.path.join(topology.standalone.prefix, 'var/log/dirsrv/slapd-%s/access' % topology.standalone.serverid) ++ file_obj = open(file_path, "r") ++ log.info('Access log path: %s' % file_path) ++ ++ log.info('Bind case 2-1. the bind user does not exist, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__) ++ log.info('Bind as {%s,%s} who does not exist.' % (BOGUSDN, 'bogus')) ++ try: ++ topology.standalone.simple_bind_s(BOGUSDN, 'bogus') ++ except ldap.LDAPError as e: ++ log.info("Exception (expected): %s" % type(e).__name__) ++ log.info('Desc ' + e.message['desc']) ++ assert isinstance(e, ldap.INVALID_CREDENTIALS) ++ regex = re.compile('No such entry') ++ cause = pattern_accesslog(file_obj, regex) ++ if cause == None: ++ log.fatal('Cause not found - %s' % cause) ++ assert False ++ else: ++ log.info('Cause found - %s' % cause) ++ ++ log.info('Bind case 2-2. the bind user\'s suffix does not exist, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__) ++ log.info('Bind as {%s,%s} who does not exist.' % (BOGUSSUFFIX, 'bogus')) ++ try: ++ topology.standalone.simple_bind_s(BOGUSSUFFIX, 'bogus') ++ except ldap.LDAPError as e: ++ log.info("Exception (expected): %s" % type(e).__name__) ++ log.info('Desc ' + e.message['desc']) ++ assert isinstance(e, ldap.INVALID_CREDENTIALS) ++ regex = re.compile('No such suffix') ++ cause = pattern_accesslog(file_obj, regex) ++ if cause == None: ++ log.fatal('Cause not found - %s' % cause) ++ assert False ++ else: ++ log.info('Cause found - %s' % cause) ++ ++ log.info('Bind case 2-3. the bind user\'s password is wrong, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__) ++ log.info('Bind as {%s,%s} who does not exist.' % (BINDDN, 'bogus')) ++ try: ++ topology.standalone.simple_bind_s(BINDDN, 'bogus') ++ except ldap.LDAPError as e: ++ log.info("Exception (expected): %s" % type(e).__name__) ++ log.info('Desc ' + e.message['desc']) ++ assert isinstance(e, ldap.INVALID_CREDENTIALS) ++ regex = re.compile('Invalid credentials') ++ cause = pattern_accesslog(file_obj, regex) ++ if cause == None: ++ log.fatal('Cause not found - %s' % cause) ++ assert False ++ else: ++ log.info('Cause found - %s' % cause) ++ ++ log.info('Adding aci for %s to %s.' % (BINDDN, BINDOU)) ++ acival = '(targetattr="*")(version 3.0; acl "%s"; allow(all) userdn = "ldap:///%s";)' % (BUID, BINDDN) ++ log.info('aci: %s' % acival) ++ log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD)) ++ topology.standalone.simple_bind_s(DN_DM, PASSWORD) ++ topology.standalone.modify_s(BINDOU, [(ldap.MOD_ADD, 'aci', acival)]) ++ ++ log.info('Bind case 3. the bind user has the right to read the entry itself, bind should be successful.') ++ log.info('Bind as {%s,%s} which should be ok.\n' % (BINDDN, BINDPW)) ++ topology.standalone.simple_bind_s(BINDDN, BINDPW) ++ ++ log.info('The following operations are against the subtree the bind user %s has no rights.' % BINDDN) ++ # Search ++ exists = True ++ rc = ldap.SUCCESS ++ log.info('Search case 1. the bind user has no rights to read the search entry, it should return no search results with %s' % rc) ++ check_op_result(topology.standalone, 'search', TESTDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.SUCCESS ++ log.info('Search case 2-1. the search entry does not exist, the search should return no search results with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'search', BOGUSDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.SUCCESS ++ log.info('Search case 2-2. the search entry does not exist, the search should return no search results with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'search', BOGUSDN2, None, exists, rc) ++ ++ # Add ++ exists = True ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Add case 1. the bind user has no rights AND the adding entry exists, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'add', TESTDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Add case 2-1. the bind user has no rights AND the adding entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'add', BOGUSDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Add case 2-2. the bind user has no rights AND the adding entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'add', BOGUSDN2, None, exists, rc) ++ ++ # Modify ++ exists = True ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modify case 1. the bind user has no rights AND the modifying entry exists, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modify', TESTDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modify case 2-1. the bind user has no rights AND the modifying entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modify', BOGUSDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modify case 2-2. the bind user has no rights AND the modifying entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modify', BOGUSDN2, None, exists, rc) ++ ++ # Modrdn ++ exists = True ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modrdn case 1. the bind user has no rights AND the renaming entry exists, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modrdn', TESTDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modrdn case 2-1. the bind user has no rights AND the renaming entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modrdn', BOGUSDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modrdn case 2-2. the bind user has no rights AND the renaming entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modrdn', BOGUSDN2, None, exists, rc) ++ ++ exists = True ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modrdn case 3. the bind user has no rights AND the node moving an entry to exists, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modrdn', TESTDN, GROUPOU, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modrdn case 4-1. the bind user has no rights AND the node moving an entry to does not, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Modrdn case 4-2. the bind user has no rights AND the node moving an entry to does not, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc) ++ ++ # Delete ++ exists = True ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Delete case 1. the bind user has no rights AND the deleting entry exists, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'delete', TESTDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Delete case 2-1. the bind user has no rights AND the deleting entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'delete', BOGUSDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.INSUFFICIENT_ACCESS ++ log.info('Delete case 2-2. the bind user has no rights AND the deleting entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'delete', BOGUSDN2, None, exists, rc) ++ ++ log.info('EXTRA: Check no regressions') ++ log.info('Adding aci for %s to %s.' % (BINDDN, DEFAULT_SUFFIX)) ++ acival = '(targetattr="*")(version 3.0; acl "%s-all"; allow(all) userdn = "ldap:///%s";)' % (BUID, BINDDN) ++ log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD)) ++ topology.standalone.simple_bind_s(DN_DM, PASSWORD) ++ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', acival)]) ++ ++ log.info('Bind as {%s,%s}.' % (BINDDN, BINDPW)) ++ try: ++ topology.standalone.simple_bind_s(BINDDN, BINDPW) ++ except ldap.LDAPError as e: ++ log.info('Desc ' + e.message['desc']) ++ assert False ++ ++ exists = False ++ rc = ldap.NO_SUCH_OBJECT ++ log.info('Search case. the search entry does not exist, the search should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'search', BOGUSDN2, None, exists, rc) ++ file_obj.close() ++ ++ exists = True ++ rc = ldap.ALREADY_EXISTS ++ log.info('Add case. the adding entry already exists, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'add', TESTDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.NO_SUCH_OBJECT ++ log.info('Modify case. the modifying entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modify', BOGUSDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.NO_SUCH_OBJECT ++ log.info('Modrdn case 1. the renaming entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modrdn', BOGUSDN, None, exists, rc) ++ ++ exists = False ++ rc = ldap.NO_SUCH_OBJECT ++ log.info('Modrdn case 2. the node moving an entry to does not, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc) ++ ++ exists = False ++ rc = ldap.NO_SUCH_OBJECT ++ log.info('Delete case. the deleting entry does not exist, it should fail with %s' % rc.__name__) ++ check_op_result(topology.standalone, 'delete', BOGUSDN, None, exists, rc) ++ ++ log.info('SUCCESS') ++ ++if __name__ == '__main__': ++ # Run isolated ++ # -s for DEBUG mode ++ ++ CURRENT_FILE = os.path.realpath(__file__) ++ pytest.main("-s %s" % CURRENT_FILE) +-- +2.4.11 + diff --git a/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch b/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch deleted file mode 100644 index f850942..0000000 --- a/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch +++ /dev/null @@ -1,184 +0,0 @@ -From a8e885d2d69381adc483d1a506b9f1e739a507f5 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Wed, 8 Jul 2015 17:21:57 -0400 -Subject: [PATCH 12/20] Ticket 48013 - Inconsistent behaviour of DS when LDAP - Sync is used with an invalid cookie - -Bug Description: Some invalid cookies are treated as errors, while others are not. - -Fix Description: Perform the cookie parsing and validation in the same step. This - gives consistent results. - -https://fedorahosted.org/389/ticket/48013 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit fdf46817fcc3b334bd477316d253bc18f243c0f6) -(cherry picked from commit 41dff5ba7a6368bfb2d8a2057dd5ba5b6a91d175) ---- - dirsrvtests/tickets/ticket48013_test.py | 134 +++++++++++++++++++++++++++++++ - ldap/servers/plugins/sync/sync_refresh.c | 7 +- - 2 files changed, 138 insertions(+), 3 deletions(-) - create mode 100644 dirsrvtests/tickets/ticket48013_test.py - -diff --git a/dirsrvtests/tickets/ticket48013_test.py b/dirsrvtests/tickets/ticket48013_test.py -new file mode 100644 -index 0000000..0ccdeba ---- /dev/null -+++ b/dirsrvtests/tickets/ticket48013_test.py -@@ -0,0 +1,134 @@ -+import os -+import sys -+import time -+import ldap -+import logging -+import pytest -+import pyasn1 -+import pyasn1_modules -+import ldap,ldapurl -+from ldap.ldapobject import SimpleLDAPObject -+from ldap.syncrepl import SyncreplConsumer -+from lib389 import DirSrv, Entry, tools, tasks -+from lib389.tools import DirSrvTools -+from lib389._constants import * -+from lib389.properties import * -+from lib389.tasks import * -+from lib389.utils import * -+ -+logging.getLogger(__name__).setLevel(logging.DEBUG) -+log = logging.getLogger(__name__) -+ -+installation1_prefix = None -+ -+ -+class TopologyStandalone(object): -+ def __init__(self, standalone): -+ standalone.open() -+ self.standalone = standalone -+ -+ -+class SyncObject(SimpleLDAPObject, SyncreplConsumer): -+ def __init__(self, uri): -+ # Init the ldap connection -+ SimpleLDAPObject.__init__(self, uri) -+ -+ def sync_search(self, test_cookie): -+ self.syncrepl_search('dc=example,dc=com', ldap.SCOPE_SUBTREE, -+ filterstr='(objectclass=*)', mode='refreshOnly', -+ cookie=test_cookie) -+ -+ def poll(self): -+ self.syncrepl_poll(all=1) -+ -+ -+@pytest.fixture(scope="module") -+def topology(request): -+ global installation1_prefix -+ if installation1_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix -+ -+ # Creating standalone instance ... -+ standalone = DirSrv(verbose=False) -+ args_instance[SER_HOST] = HOST_STANDALONE -+ args_instance[SER_PORT] = PORT_STANDALONE -+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE -+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX -+ args_standalone = args_instance.copy() -+ standalone.allocate(args_standalone) -+ instance_standalone = standalone.exists() -+ if instance_standalone: -+ standalone.delete() -+ standalone.create() -+ standalone.open() -+ -+ # Clear out the tmp dir -+ standalone.clearTmpDir(__file__) -+ -+ return TopologyStandalone(standalone) -+ -+ -+def test_ticket48013(topology): -+ ''' -+ Content Synchonization: Test that invalid cookies are caught -+ ''' -+ -+ cookies = ('#', '##', 'a#a#a', 'a#a#1') -+ -+ # Enable dynamic plugins -+ try: -+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', 'on')]) -+ except ldap.LDAPError as e: -+ ldap.error('Failed to enable dynamic plugin!' + e.message['desc']) -+ assert False -+ -+ # Enable retro changelog -+ topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG) -+ -+ # Enbale content sync plugin -+ topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC) -+ -+ # Set everything up -+ ldap_url = ldapurl.LDAPUrl('ldap://localhost:31389') -+ ldap_connection = SyncObject(ldap_url.initializeUrl()) -+ -+ # Authenticate -+ try: -+ ldap_connection.simple_bind_s(DN_DM, PASSWORD) -+ except ldap.LDAPError as e: -+ print('Login to LDAP server failed: %s' % e.message['desc']) -+ assert False -+ -+ # Test invalid cookies -+ for invalid_cookie in cookies: -+ log.info('Testing cookie: %s' % invalid_cookie) -+ try: -+ ldap_connection.sync_search(invalid_cookie) -+ ldap_connection.poll() -+ log.fatal('Invalid cookie accepted!') -+ assert False -+ except Exception as e: -+ log.info('Invalid cookie correctly rejected: %s' % e.message['info']) -+ pass -+ -+ # Success -+ log.info('Test complete') -+ -+ -+def test_ticket48013_final(topology): -+ topology.standalone.delete() -+ log.info('Testcase PASSED') -+ -+ -+def run_isolated(): -+ global installation1_prefix -+ installation1_prefix = None -+ -+ topo = topology(True) -+ test_ticket48013(topo) -+ test_ticket48013_final(topo) -+ -+ -+if __name__ == '__main__': -+ run_isolated() -+ -diff --git a/ldap/servers/plugins/sync/sync_refresh.c b/ldap/servers/plugins/sync/sync_refresh.c -index 1ae2604..beb87ab 100644 ---- a/ldap/servers/plugins/sync/sync_refresh.c -+++ b/ldap/servers/plugins/sync/sync_refresh.c -@@ -113,9 +113,10 @@ int sync_srch_refresh_pre_search(Slapi_PBlock *pb) - * -- return e-syncRefreshRequired if the data referenced in the cookie are no - * longer in the history - */ -- if (cookie && -- ( client_cookie = sync_cookie_parse (cookie))) { -- if (sync_cookie_isvalid(client_cookie, session_cookie)) { -+ if (cookie) { -+ if ((client_cookie = sync_cookie_parse (cookie)) && -+ sync_cookie_isvalid(client_cookie, session_cookie)) -+ { - rc = sync_refresh_update_content(pb, client_cookie, session_cookie); - if (rc == 0) - entries_sent = 1; --- -1.9.3 - diff --git a/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch b/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch deleted file mode 100644 index 3fe4c40..0000000 --- a/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch +++ /dev/null @@ -1,146 +0,0 @@ -From cb54fa78fdd5e94f890c3fa1c03481358e3c82ce Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Thu, 9 Jul 2015 09:59:46 -0400 -Subject: [PATCH 13/20] Ticket 48217 - cleanAllRUV hangs shutdown if not all of - the replicas are online - -Bug Description: There are race conditions where we might not notify the - clean task when a shutdown is occuring. This casues the - task refcount to be not decremented, which hangs the - destructor function. - -Fix Description: Check that the server is not shutting down before going - to sleep, and notify the clean/abort tasks to stop in - the destructor functions(instead of in the mmr plugin stop - function). - -https://fedorahosted.org/389/ticket/48217 - -Reviewed by: lkrispen(Thanks!) - -(cherry picked from commit d6269f2e6898a187d43e3368860b13cdbd39ec55) -(cherry picked from commit 0bb881aea92d64e509cf7604e86559779e4f9b77) ---- - .../plugins/replication/repl5_replica_config.c | 49 ++++++++++++++-------- - 1 file changed, 31 insertions(+), 18 deletions(-) - -diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c -index faa86b8..446da3f 100644 ---- a/ldap/servers/plugins/replication/repl5_replica_config.c -+++ b/ldap/servers/plugins/replication/repl5_replica_config.c -@@ -1738,7 +1738,9 @@ replica_cleanallruv_thread(void *arg) - } - if (data->task) { - slapi_task_inc_refcount(data->task); -- slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, "replica_cleanallruv_thread --> refcount incremented.\n"); -+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, -+ "replica_cleanallruv_thread --> refcount incremented (%d).\n", -+ data->task->task_refcount); - } - /* - * Initialize our settings -@@ -1871,10 +1873,11 @@ replica_cleanallruv_thread(void *arg) - */ - cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Not all replicas have received the " - "cleanallruv extended op, retrying in %d seconds",interval); -- PR_Lock( notify_lock ); -- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -- PR_Unlock( notify_lock ); -- -+ if(!slapi_is_shutting_down()){ -+ PR_Lock( notify_lock ); -+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -+ PR_Unlock( notify_lock ); -+ } - if(interval < 14400){ /* 4 hour max */ - interval = interval * 2; - } else { -@@ -1974,6 +1977,7 @@ done: - if(data->repl_obj && free_obj){ - object_release(data->repl_obj); - } -+ - csn_free(&data->maxcsn); - slapi_sdn_free(&data->sdn); - slapi_ch_free_string(&data->repl_root); -@@ -1987,6 +1991,7 @@ replica_cleanall_ruv_destructor(Slapi_Task *task) - { - slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name, - "replica_cleanall_ruv_destructor -->\n" ); -+ stop_ruv_cleaning(); - if (task) { - while (slapi_task_get_refcount(task) > 0) { - /* Yield to wait for the fixup task finishes. */ -@@ -2002,6 +2007,7 @@ replica_cleanall_ruv_abort_destructor(Slapi_Task *task) - { - slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name, - "replica_cleanall_ruv_abort_destructor -->\n" ); -+ stop_ruv_cleaning(); - if (task) { - while (slapi_task_get_refcount(task) > 0) { - /* Yield to wait for the fixup task finishes. */ -@@ -2055,9 +2061,11 @@ check_replicas_are_done_cleaning(cleanruv_data *data ) - break; - } - cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Not all replicas finished cleaning, retrying in %d seconds",interval); -- PR_Lock( notify_lock ); -- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -- PR_Unlock( notify_lock ); -+ if(!slapi_is_shutting_down()){ -+ PR_Lock( notify_lock ); -+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -+ PR_Unlock( notify_lock ); -+ } - if(interval < 14400){ /* 4 hour max */ - interval = interval * 2; - } else { -@@ -2158,9 +2166,11 @@ check_replicas_are_done_aborting(cleanruv_data *data ) - break; - } - cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID, "Not all replicas finished aborting, retrying in %d seconds",interval); -- PR_Lock( notify_lock ); -- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -- PR_Unlock( notify_lock ); -+ if(!slapi_is_shutting_down()){ -+ PR_Lock( notify_lock ); -+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -+ PR_Unlock( notify_lock ); -+ } - if(interval < 14400){ /* 4 hour max */ - interval = interval * 2; - } else { -@@ -2212,10 +2222,11 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn) - } - cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, - "Not all replicas caught up, retrying in %d seconds",interval); -- PR_Lock( notify_lock ); -- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -- PR_Unlock( notify_lock ); -- -+ if(!slapi_is_shutting_down()){ -+ PR_Lock( notify_lock ); -+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -+ PR_Unlock( notify_lock ); -+ } - if(interval < 14400){ /* 4 hour max */ - interval = interval * 2; - } else { -@@ -2271,10 +2282,12 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task) - } - cleanruv_log(task, rid, CLEANALLRUV_ID, "Not all replicas online, retrying in %d seconds...", - interval); -- PR_Lock( notify_lock ); -- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -- PR_Unlock( notify_lock ); - -+ if(!slapi_is_shutting_down()){ -+ PR_Lock( notify_lock ); -+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) ); -+ PR_Unlock( notify_lock ); -+ } - if(interval < 14400){ /* 4 hour max */ - interval = interval * 2; - } else { --- -1.9.3 - diff --git a/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch b/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch new file mode 100644 index 0000000..c5e693a --- /dev/null +++ b/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch @@ -0,0 +1,107 @@ +From 9f8d3fc5bd7cb1e00b6bd48669b8074849f4c5da Mon Sep 17 00:00:00 2001 +From: William Brown +Date: Thu, 14 Jul 2016 13:47:11 +1000 +Subject: [PATCH 13/15] Ticket 48925 - slapd crash with SIGILL: Dsktune should + detect lack of CMPXCHG16B + +Bug Description: On older AMD the CMPXCHG16B is not present. This is critical +to the correct operation of lfds. Without out it we are unable to use nunc-stans + +Fix Description: dsktune should warn if CMPXCHG16B (flag cx16) is not present. +In a future release we will NOT allow installation upon a platform that lacks +this instruction. + +https://fedorahosted.org/389/ticket/48925 + +Author: wibrown + +Review by: nhosoi (Thank you!) + +(cherry picked from commit 5eb19778f7939967e8ca714c4d4cb03ffa11064d) +--- + ldap/systools/idsktune.c | 40 +++++++++++++++++++++++++++++++++++++++- + 1 file changed, 39 insertions(+), 1 deletion(-) + +diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c +index c7e76e7..b6c352a 100644 +--- a/ldap/systools/idsktune.c ++++ b/ldap/systools/idsktune.c +@@ -11,11 +11,12 @@ + # include + #endif + ++#define _GNU_SOURCE + + /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * Don't forget to update build_date when the patch sets are updated. + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ +-static char *build_date = "23-FEBRUARY-2012"; ++static char *build_date = "14-JULY-2016"; + + #if defined(linux) || defined(__linux) || defined(__linux__) + #define IDDS_LINUX_INCLUDE 1 +@@ -32,10 +33,12 @@ static char *build_date = "23-FEBRUARY-2012"; + #include + #include + #endif ++ + #include + #include + #include + #include ++ + #if !defined(__VMS) && !defined(IDDS_LINUX_INCLUDE) + #if defined(__hpux) && defined(f_type) + #undef f_type +@@ -864,6 +867,39 @@ done: + free(cmd); + } + } ++ ++ ++static void ++linux_check_cpu_features(void) ++{ ++ FILE *cpuinfo = fopen("/proc/cpuinfo", "rb"); ++ char *arg = 0; ++ char *token = NULL; ++ size_t size = 0; ++ int found = 0; ++ while(getline(&arg, &size, cpuinfo) != -1) ++ { ++ if (strncmp("flags", arg, 5) == 0) { ++ token = strtok(arg, " "); ++ while (token != NULL) { ++ if (strncmp(token, "cx16", 4) == 0) { ++ found += 1; ++ } ++ token = strtok(NULL, " "); ++ } ++ } ++ } ++ free(arg); ++ fclose(cpuinfo); ++ ++ if (found == 0) { ++ flag_os_bad = 1; ++ printf("ERROR: This system does not support CMPXCHG16B instruction (cpuflag cx16).\n"); ++ printf(" nsslapd-enable-nunc-stans must be set to "off" on this system. \n"); ++ printf(" In a future release of Directory Server this platform will NOT be supported.\n\n"); ++ } ++ ++} + #endif /* IDDS_LINUX_INCLUDE */ + + +@@ -976,6 +1012,8 @@ static void gen_tests (void) + + #if defined(IDDS_LINUX_INCLUDE) + linux_check_release(); ++ ++ linux_check_cpu_features(); + #endif + + +-- +2.4.11 + diff --git a/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch b/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch deleted file mode 100644 index f1e78fb..0000000 --- a/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 4fe9f07d50f383e3765ba97294f8b641f7feefa3 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 9 Jul 2015 17:23:57 -0700 -Subject: [PATCH 14/20] Ticket #48216 - crash in ns-slapd when deleting - winSyncSubtreePair from sync agreement - -Description: In free_subtree_pairs, the condition for stopping the -loop to clean up the AD and DS subtree dn was incomplete. - -This patch checks the AD and DS subtree dn and if any of the pair -is NULL, it stops the clean up. Related to the issue, more checks -for the validation of the winSyncSubtreePair is added so that any -single valued cases are ignored with an error log. -[single valued case examples] - winSyncSubtreePair: ou=People,dc=anytree - winSyncSubtreePair: ou=People,dc=anytree: - winSyncSubtreePair: :ou=People,dc=anytree - -https://fedorahosted.org/389/ticket/48216 - -Reviewed by rmeggins@redht.com (Thank you, Rich!!) - -(cherry picked from commit 6dce81e77a47dc23e0b825952c97112039f45201) -(cherry picked from commit 6d177bf359c022f1e46d575c6fe3ad3d97f1cfeb) ---- - ldap/servers/plugins/replication/windows_private.c | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c -index 36015c2..f5cb44e 100644 ---- a/ldap/servers/plugins/replication/windows_private.c -+++ b/ldap/servers/plugins/replication/windows_private.c -@@ -885,7 +885,7 @@ windows_private_get_subtreepairs(const Repl_Agmt *ra) - return dp->subtree_pairs; - } - --/* parray is NOT passed in */ -+/* parray is NOT passed in; caller frees it. */ - void - windows_private_set_subtreepairs(const Repl_Agmt *ra, char **parray) - { -@@ -930,6 +930,12 @@ create_subtree_pairs(char **pairs) - for (ptr = pairs; ptr && *ptr; ptr++) { - p0 = ldap_utf8strtok_r(*ptr, ":", &saveptr); - p1 = ldap_utf8strtok_r(NULL, ":", &saveptr); -+ if ((NULL == p0) || (NULL == p1)) { -+ LDAPDebug1Arg(LDAP_DEBUG_ANY, -+ "create_subtree_pairs: " -+ "Ignoring invalid subtree pairs \"%s\".\n", *ptr); -+ continue; -+ } - spp->DSsubtree = slapi_sdn_new_dn_byval(p0); - if (NULL == spp->DSsubtree) { - LDAPDebug1Arg(LDAP_DEBUG_ANY, -@@ -960,7 +966,11 @@ free_subtree_pairs(subtreePair **pairs) - if (NULL == pairs) { - return; - } -- for (p = *pairs; p; p++) { -+ /* -+ * If exists, the subtree pair is both non-NULL or NULL. -+ * Both NULL is the condition to stop the loop. -+ */ -+ for (p = *pairs; p && p->ADsubtree && p->DSsubtree; p++) { - slapi_sdn_free(&(p->ADsubtree)); - slapi_sdn_free(&(p->DSsubtree)); - } --- -1.9.3 - diff --git a/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch b/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch new file mode 100644 index 0000000..d9c3309 --- /dev/null +++ b/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch @@ -0,0 +1,31 @@ +From 8464ea4aa20182d3f56c06287cbb8a2ff71e2837 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Thu, 14 Jul 2016 15:36:03 -0700 +Subject: [PATCH 14/15] Ticket 48925 - slapd crash with SIGILL: Dsktune should + detect lack of CMPXCHG16B + +Description: escaping '"' in the ERROR message. + +Reviewed by: one-line rule + +(cherry picked from commit 975e0fae044a08d2755b2394bac09d722bd1bae0) +--- + ldap/systools/idsktune.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c +index b6c352a..ad6a39e 100644 +--- a/ldap/systools/idsktune.c ++++ b/ldap/systools/idsktune.c +@@ -895,7 +895,7 @@ linux_check_cpu_features(void) + if (found == 0) { + flag_os_bad = 1; + printf("ERROR: This system does not support CMPXCHG16B instruction (cpuflag cx16).\n"); +- printf(" nsslapd-enable-nunc-stans must be set to "off" on this system. \n"); ++ printf(" nsslapd-enable-nunc-stans must be set to \"off\" on this system. \n"); + printf(" In a future release of Directory Server this platform will NOT be supported.\n\n"); + } + +-- +2.4.11 + diff --git a/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch b/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch deleted file mode 100644 index a2c2fe1..0000000 --- a/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 8f298b2241bb1dc1342b3f7435806af0c22c9f69 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 13 Jul 2015 12:24:19 -0400 -Subject: [PATCH 15/20] Ticket 48119 - Silent install needs to properly exit - when INF file is missing - -Bug Description: If the INF file is not present, we don't log the error to the - setup log file. We also don't properly check for the suitespot - user, which also does not properly exit if the calling user is root. - -Fix Description: Properly exit if the INF file is missing, or the suitespot user - is not set(and we are running the script as root). - -https://fedorahosted.org/389/ticket/48119 - -Reviewed by: rmeggins(Thanks!) - -(cherry picked from commit 5363898b122b1a7e7ad07fdc0ad074e91cd1510f) -(cherry picked from commit eeddc9f03b6131f5c8ba715a0a05bb1280a4f9ef) ---- - ldap/admin/src/scripts/DSCreate.pm.in | 3 ++- - ldap/admin/src/scripts/Inf.pm | 8 ++++++-- - ldap/admin/src/scripts/Setup.pm.in | 3 +++ - ldap/admin/src/scripts/setup-ds.res.in | 1 + - 4 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in -index f44afbb..e4a4ed0 100644 ---- a/ldap/admin/src/scripts/DSCreate.pm.in -+++ b/ldap/admin/src/scripts/DSCreate.pm.in -@@ -797,8 +797,9 @@ sub setDefaults { - if (!$inf->{General}->{SuiteSpotUserID}) { - if ($> != 0) { # if not root, use the user's uid - $inf->{General}->{SuiteSpotUserID} = getLogin; -+ } else { -+ return('error_missing_userid'); - } -- # otherwise, the uid must be specified - } - - if (!$inf->{General}->{SuiteSpotGroup}) { -diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm -index ec433e2..d4c55f1 100644 ---- a/ldap/admin/src/scripts/Inf.pm -+++ b/ldap/admin/src/scripts/Inf.pm -@@ -31,7 +31,9 @@ sub new { - $self = bless $self, $type; - - if ($self->{filename}) { -- $self->read(); -+ if($self->read() != 0){ -+ undef $self; -+ } - } - - return $self; -@@ -61,7 +63,7 @@ sub read { - } else { - if (!open(INF, $filename)) { - debug(0, "Error: could not open inf file $filename: $!\n"); -- return; -+ return -1; - } - $inffh = \*INF; - } -@@ -118,6 +120,8 @@ sub read { - if ($inffh ne \*STDIN) { - close $inffh; - } -+ -+ return 0; - } - - sub section { -diff --git a/ldap/admin/src/scripts/Setup.pm.in b/ldap/admin/src/scripts/Setup.pm.in -index cd49d95..99025ab 100644 ---- a/ldap/admin/src/scripts/Setup.pm.in -+++ b/ldap/admin/src/scripts/Setup.pm.in -@@ -117,6 +117,9 @@ sub init { - # if user supplied inf file, use that to initialize - if (defined($inffile)) { - $self->{inf} = new Inf($inffile); -+ if(!$self->{inf}){ -+ $self->doExit(1); -+ } - } else { - $self->{inf} = new Inf; - } -diff --git a/ldap/admin/src/scripts/setup-ds.res.in b/ldap/admin/src/scripts/setup-ds.res.in -index 011bf36..7134e25 100644 ---- a/ldap/admin/src/scripts/setup-ds.res.in -+++ b/ldap/admin/src/scripts/setup-ds.res.in -@@ -118,6 +118,7 @@ error_enabling_feature = Could not enable the directory server feature '%s'. Er - error_importing_ldif = Could not import LDIF file '%s'. Error: %s. Output: %s\n - error_starting_server = Could not start the directory server using command '%s'. The last line from the error log was '%s'. Error: %s\n - error_stopping_server = Could not stop the directory server '%s'. Error: %s\n -+error_missing_userid = The SuiteSpotUserID is missing. This must be set to valid user\n - error_missing_port_and_ldapi = Either ServerPort or ldapifilepath must be specified. The server must listen to something.\n - error_missing_port = No ServerPort specified. The server must have a port number to listen to (default 389).\n - error_server_already_exists = Error: the server already exists at '%s'\ --- -1.9.3 - diff --git a/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch new file mode 100644 index 0000000..3998c3a --- /dev/null +++ b/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch @@ -0,0 +1,74 @@ +From bd07b274a2bdbb1accf0d808c1c6a774c95d10db Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Thu, 14 Jul 2016 16:35:38 -0700 +Subject: [PATCH 15/15] Ticket #48919 - Compiler warnings while building + 389-ds-base on RHEL7 + +Description: Fixing additional complier warnings. +1. ldap/servers/slapd/attrsyntax.c + attr_syntax_force_to_delete(struct asyntaxinfo *asip, void *arg) + This function does not care the attr_syntax_enum_flaginfo. +2. ldap/servers/slapd/detach.c + Let detach use the rc which must be 0 (success). +3. ldap/systools/idsktune.c + Removing #define _GNU_SOURCE from idsktune.c. + The macro is defined in config.h generated by configure. + $ egrep _GNU_SOURCE config.h + #define _GNU_SOURCE 1 + +https://fedorahosted.org/389/ticket/48919 + +Reviewed by wibrown@redhat.com (Thanks, William!) + +(cherry picked from commit 7c9853e07a85db3b46cd1eb6eacdacf3f17c39a0) +--- + ldap/servers/slapd/attrsyntax.c | 4 ---- + ldap/servers/slapd/detach.c | 2 +- + ldap/systools/idsktune.c | 2 -- + 3 files changed, 1 insertion(+), 7 deletions(-) + +diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c +index 8b2a77a..aec6d21 100644 +--- a/ldap/servers/slapd/attrsyntax.c ++++ b/ldap/servers/slapd/attrsyntax.c +@@ -1390,11 +1390,7 @@ attr_syntax_delete_if_not_flagged(struct asyntaxinfo *asip, void *arg) + static int + attr_syntax_force_to_delete(struct asyntaxinfo *asip, void *arg) + { +- struct attr_syntax_enum_flaginfo *fi; +- + PR_ASSERT( asip != NULL ); +- fi = (struct attr_syntax_enum_flaginfo *)arg; +- PR_ASSERT( fi != NULL ); + + attr_syntax_delete_no_lock( asip, PR_FALSE, 0 ); + return ATTR_SYNTAX_ENUM_REMOVE; +diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c +index b055a5c..54c6028 100644 +--- a/ldap/servers/slapd/detach.c ++++ b/ldap/servers/slapd/detach.c +@@ -133,7 +133,7 @@ detach( int slapd_exemode, int importexport_encrypt, + } + + (void) SIGNAL( SIGPIPE, SIG_IGN ); +- return 0; ++ return rc; + } + + /* +diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c +index ad6a39e..4c96529 100644 +--- a/ldap/systools/idsktune.c ++++ b/ldap/systools/idsktune.c +@@ -11,8 +11,6 @@ + # include + #endif + +-#define _GNU_SOURCE +- + /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * Don't forget to update build_date when the patch sets are updated. + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ +-- +2.4.11 + diff --git a/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch b/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch deleted file mode 100644 index 3d68e2b..0000000 --- a/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch +++ /dev/null @@ -1,34 +0,0 @@ -From e0ceac7c48a4cc616f1602d4cc3430a306740021 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 13 Jul 2015 13:12:12 -0400 -Subject: [PATCH 16/20] Ticket 47878 - Remove warning suppression in 1.3.4 - -Description: Perl 5.16 does not support the warning suppression of - "smartmatch", but 5.18 does. RHEL 7 is currently only - using 5.16, so it needs to be removed from 1.3.4 for now. - -https://fedorahosted.org/389/ticket/47878 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit d8b7a3c93692eae229c74ef67f6f608f95eb2eef) ---- - ldap/admin/src/scripts/52updateAESplugin.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/admin/src/scripts/52updateAESplugin.pl b/ldap/admin/src/scripts/52updateAESplugin.pl -index ae258b6..4225770 100644 ---- a/ldap/admin/src/scripts/52updateAESplugin.pl -+++ b/ldap/admin/src/scripts/52updateAESplugin.pl -@@ -6,7 +6,7 @@ use File::Basename; - use File::Copy; - use DSUtil qw(debug serverIsRunning); - --no warnings 'experimental::smartmatch'; -+# no warnings 'experimental::smartmatch'; warning supression available in perl 5.18 - - # - # Check if there is a DES plugin and make sure the AES plugin contains the same attributes --- -1.9.3 - diff --git a/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch new file mode 100644 index 0000000..57e4f2e --- /dev/null +++ b/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch @@ -0,0 +1,97 @@ +From 6f55a77b49ecdec56817039308f7c07da820fb62 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Thu, 14 Jul 2016 19:09:21 -0700 +Subject: [PATCH] Ticket #48919 - Compiler warnings while building 389-ds-base + on RHEL7 + +Description: Fixing additional covscan errors. +1. RESOURCE_LEAK + ldap/servers/slapd/agtmmap.c + agt_mopen_stats - leaked_handle: Handle variable "fd" going out of scope leaks the handle. +2. CHECKED_RETURN + ldap/servers/slapd/back-ldbm/cache.c + entrycache_return - check_return: Calling "remove_hash" without checking return value +3. NULL_RETURNS + ldap/systools/idsktune.c + linux_check_cpu_features - dereference: Dereferencing a pointer that might be null "cpuinfo" when calling "fclose". +4. UNINIT + ldap/servers/slapd/detach.c + detach - uninit_use: Using uninitialized value "rc". + +https://fedorahosted.org/389/ticket/48919 +(cherry picked from commit 381caf52a06ad8cefa9daa99586878249a4aa4f2) +--- + ldap/servers/slapd/agtmmap.c | 1 + + ldap/servers/slapd/back-ldbm/cache.c | 6 ++++-- + ldap/servers/slapd/detach.c | 3 ++- + ldap/systools/idsktune.c | 4 ++++ + 4 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/ldap/servers/slapd/agtmmap.c b/ldap/servers/slapd/agtmmap.c +index 629bc1b..b9d66d9 100644 +--- a/ldap/servers/slapd/agtmmap.c ++++ b/ldap/servers/slapd/agtmmap.c +@@ -167,6 +167,7 @@ agt_mopen_stats (char * statsfile, int mode, int *hdl) + #endif + rc = err; + free (buf); ++ close(fd); + goto bail; + } + free (buf); +diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c +index bb4e55e..015cd48 100644 +--- a/ldap/servers/slapd/back-ldbm/cache.c ++++ b/ldap/servers/slapd/back-ldbm/cache.c +@@ -1142,7 +1142,9 @@ entrycache_return(struct cache *cache, struct backentry **bep) + * so we need to remove the entry from the DN cache because + * we don't/can't always call cache_remove(). + */ +- remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn)); ++ if (remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn)) == 0) { ++ LOG("entrycache_return: failed to remove %s from dn table\n", ndn, 0, 0); ++ } + } + backentry_free(bep); + } else { +@@ -1392,7 +1394,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state, + return 0; + } + if(remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn)) == 0){ +- LOG("entrycache_add_int: failed to remove %s from dn table\n", 0, 0, 0); ++ LOG("entrycache_add_int: failed to remove %s from dn table\n", ndn, 0, 0); + } + e->ep_state |= ENTRY_STATE_NOTINCACHE; + cache_unlock(cache); +diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c +index 54c6028..84a9eef 100644 +--- a/ldap/servers/slapd/detach.c ++++ b/ldap/servers/slapd/detach.c +@@ -48,7 +48,8 @@ int + detach( int slapd_exemode, int importexport_encrypt, + int s_port, daemon_ports_t *ports_info ) + { +- int i, sd, rc; ++ int i, sd; ++ int rc = 0; + char *workingdir = 0; + char *errorlog = 0; + char *ptr = 0; +diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c +index 4c96529..08b7f12 100644 +--- a/ldap/systools/idsktune.c ++++ b/ldap/systools/idsktune.c +@@ -875,6 +875,10 @@ linux_check_cpu_features(void) + char *token = NULL; + size_t size = 0; + int found = 0; ++ if (NULL == cpuinfo) { ++ printf("ERROR: Unable to check cpu features since opening \"/proc/cpuinfo\" failed.\n"); ++ return; ++ } + while(getline(&arg, &size, cpuinfo) != -1) + { + if (strncmp("flags", arg, 5) == 0) { +-- +2.4.11 + diff --git a/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch b/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch deleted file mode 100644 index 9a1049b..0000000 --- a/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 8622b69a733a6126414876f11ab627211cb3bd06 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Mon, 13 Jul 2015 17:51:01 -0700 -Subject: [PATCH 17/20] Ticket #48223 - Winsync fails when AD users have - multiple spaces (two)inside the value of the rdn attribute - -Description: When the dirsync search returns a remote entry, winsync -search the entry with DN to retrieve the whole attribute value pairs. -The DN used for the search was normalized which replaced multiple white- -spaces with one in the DN. This patch does not used the normalized DN, -but the same DN given by AD. - -The DN normalization behaviour was introduced to fix a ticket #529 - -dn normalization must handle multiple space characters in attributes. - -Added additional debugging to get the info which entry failed to sync. - -https://fedorahosted.org/389/ticket/48223 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit 2c484cc6e89e473bced0e9b25dd6e68d53024bb3) -(cherry picked from commit 69fd1f188105b2c3ca1bee04b05909e53c980b34) ---- - ldap/servers/plugins/posix-winsync/posix-group-func.c | 2 +- - ldap/servers/plugins/replication/windows_protocol_util.c | 11 +++++++---- - 2 files changed, 8 insertions(+), 5 deletions(-) - -diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c -index 5f841e5..a497f3f 100644 ---- a/ldap/servers/plugins/posix-winsync/posix-group-func.c -+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c -@@ -95,7 +95,7 @@ getEntry(const char *udn, char **attrs) - } - else { - slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME, -- "getEntry: error searching for uid: %d\n", rc); -+ "getEntry: error searching for uid %s: %d\n", udn, rc); - } - - return NULL; -diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c -index 4607251..6bf20b7 100644 ---- a/ldap/servers/plugins/replication/windows_protocol_util.c -+++ b/ldap/servers/plugins/replication/windows_protocol_util.c -@@ -3226,7 +3226,7 @@ windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn, - const char *searchbase = NULL; - Slapi_Entry *found_entry = NULL; - -- searchbase = slapi_sdn_get_dn(remote_dn); -+ searchbase = slapi_sdn_get_udn(remote_dn); - cres = windows_search_entry_ext(prp->conn, (char*)searchbase, filter, &found_entry, NULL, LDAP_SCOPE_BASE); - if (cres) - { -@@ -5886,13 +5886,16 @@ retry: - remote_entry = NULL; - } else - { -- slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to fetch inbound entry.\n",agmt_get_long_name(prp->agmt)); -+ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, -+ "%s: windows_process_dirsync_entry: failed to fetch inbound entry %s.\n", -+ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e))); - } - slapi_entry_free(local_entry); - if (rc) { - /* Something bad happened */ -- slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",agmt_get_long_name(prp->agmt), -- slapi_sdn_get_dn(slapi_entry_get_sdn_const(e))); -+ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, -+ "%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n", -+ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e))); - } - } else - { --- -1.9.3 - diff --git a/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch b/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch new file mode 100644 index 0000000..01bd08c --- /dev/null +++ b/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch @@ -0,0 +1,48 @@ +From f6f6340afaea6f26d188f875b15f966e03cb7f50 Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Mon, 18 Jul 2016 18:30:28 +0200 +Subject: [PATCH 17/29] Ticket 48928 log of page result cookie should log empty + cookie with a different value than 0 + +Bug Description: + With the ticket https://fedorahosted.org/389/ticket/48752, the cookie value + is logged with each page result RESULT. + When the page result is completed (no more entry to return), the returned cookie is 'pr_cookie=0'. + Else the cookie value is logged 'pr_cookie='. Unfortunately the index ranges [0..N]. + + So when the value pr_cookie=0 is logged, it is not possible to know if it is an empty cookie or a valid cookie with the value 0. + +Fix Description: + Log the empty cookie with a value '-1' + +https://fedorahosted.org/389/ticket/48928 + +Reviewed by: Noriko Hosoi, Simon Pichugin (thanks !!!!) + +Platforms tested: F23 + +Flag Day: no + +Doc impact: no + +(cherry picked from commit 73ff835f29514e33433de9f2be74f73efe6943ce) +--- + ldap/servers/slapd/pagedresults.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c +index 07a7b69..6fec344 100644 +--- a/ldap/servers/slapd/pagedresults.c ++++ b/ldap/servers/slapd/pagedresults.c +@@ -247,7 +247,7 @@ pagedresults_set_response_control( Slapi_PBlock *pb, int iscritical, + + /* begin sequence, payload, end sequence */ + if (current_search_count < 0) { +- cookie = 0; ++ cookie = -1; + cookie_str = slapi_ch_strdup(""); + } else { + cookie = index; +-- +2.4.11 + diff --git a/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch b/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch deleted file mode 100644 index a147d49..0000000 --- a/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 5f0aab1fccab4c191b2083aea88e28856caf1a4c Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 14 Jul 2015 10:09:00 -0400 -Subject: [PATCH 18/20] Ticket 47910 - logconv.pl - validate start and end time - args - -Description: Add validatation checks for the startTime/endTime configuration - arguments(-S, -E) - -https://fedorahosted.org/389/ticket/47910 - -Reviewed by: rmeggins(Thanks!) - -(cherry picked from commit 8495afa57ad837e3a51871a4f6da2a9978c8e711) -(cherry picked from commit 3bf1daaadd7e7c7b0f99d1f7a93d78598730269d) ---- - ldap/admin/src/logconv.pl | 65 +++++++++++++++++++++++++++++++++++------------ - 1 file changed, 49 insertions(+), 16 deletions(-) - -diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl -index ce4114e..7ca9084 100755 ---- a/ldap/admin/src/logconv.pl -+++ b/ldap/admin/src/logconv.pl -@@ -24,6 +24,7 @@ use DB_File; - use sigtrap qw(die normal-signals); - use Archive::Tar; - use IO::Uncompress::AnyUncompress qw($AnyUncompressError); -+use Scalar::Util qw(looks_like_number); - - Getopt::Long::Configure ("bundling"); - Getopt::Long::Configure ("permute"); -@@ -341,18 +342,18 @@ $connmsg{"P2"} = "Poll"; - $connmsg{"U1"} = "Cleanly Closed Connections"; - - my %monthname = ( -- "Jan" => 0, -- "Feb" => 1, -- "Mar" => 2, -- "Apr" => 3, -- "May" => 4, -- "Jun" => 5, -- "Jul" => 6, -- "Aug" => 7, -- "Sep" => 8, -- "Oct" => 9, -- "Nov" => 10, -- "Dec" => 11, -+ "jan" => 0, -+ "feb" => 1, -+ "mar" => 2, -+ "apr" => 3, -+ "may" => 4, -+ "jun" => 5, -+ "jul" => 6, -+ "aug" => 7, -+ "sep" => 8, -+ "oct" => 9, -+ "nov" => 10, -+ "dec" => 11, - - ); - -@@ -411,11 +412,27 @@ sub convertTimeToSeconds { - my $logDate; - my @dateComps; - my ($timeMonth, $timeDay, $timeYear, $dateTotal); -+ $dateTotal = 0; - if ($log_line =~ / *([0-9A-Z\/]+)/i ){ - $logDate = $1; - @dateComps = split /\//, $logDate; -- -- $timeMonth = 1 + $monthname{$dateComps[1]}; -+ if ($#dateComps < 2) { -+ print "The date string ($log_line) is invalid, exiting...\n"; -+ exit(1); -+ } -+ if (!looks_like_number($dateComps[0]) || length $dateComps[0] != 2) { -+ print "The date string ($log_line) has invalid day ($dateComps[0]), exiting...\n"; -+ exit(1); -+ } -+ if ($monthname{lc $dateComps[1]} eq "") { -+ print "The date string ($log_line) has invalid month ($dateComps[1]), exiting...\n"; -+ exit(1); -+ } -+ if (!looks_like_number($dateComps[2]) || length $dateComps[2] != 4 ) { -+ print "The date string ($log_line) has invalid year ($dateComps[2]), exiting...\n"; -+ exit(1); -+ } -+ $timeMonth = 1 + $monthname{lc $dateComps[1]}; - $timeMonth = $timeMonth * 3600 * 24 * 30; - $timeDay= $dateComps[0] * 3600 * 24; - $timeYear = $dateComps[2] * 365 * 3600 * 24; -@@ -425,10 +442,26 @@ sub convertTimeToSeconds { - my $logTime; - my @timeComps; - my ($timeHour, $timeMinute, $timeSecond, $timeTotal); -+ $timeTotal = 0; - if ($log_line =~ / *(:[0-9:]+)/i ){ - $logTime = $1; - @timeComps = split /:/, $logTime; -- -+ if ($#timeComps < 3) { -+ print "The time string ($log_line) is invalid, exiting...\n"; -+ exit(1); -+ } -+ if (!looks_like_number($timeComps[1]) || length $timeComps[1] != 2){ -+ print "The time string ($log_line) has invalid hour ($timeComps[1]), exiting...\n"; -+ exit(1); -+ } -+ if (!looks_like_number($timeComps[2]) || length $timeComps[2] != 2){ -+ print "The time string ($log_line) has invalid minute ($timeComps[2]), exiting...\n"; -+ exit(1); -+ } -+ if (!looks_like_number($timeComps[3]) || length $timeComps[3] != 2){ -+ print "The time string ($log_line) has invalid second ($timeComps[3]), exiting...\n"; -+ exit(1); -+ } - $timeHour = $timeComps[1] * 3600; - $timeMinute = $timeComps[2] * 60; - $timeSecond = $timeComps[3]; -@@ -1796,7 +1829,7 @@ sub parseLineNormal - } - my ($date, $hr, $min, $sec) = split (':', $time); - my ($day, $mon, $yr) = split ('/', $date); -- my $newmin = timegm(0, $min, $hr, $day, $monthname{$mon}, $yr) - $tzoff; -+ my $newmin = timegm(0, $min, $hr, $day, $monthname{lc $mon}, $yr) - $tzoff; - $gmtime = $newmin + $sec; - print_stats_block( $s_stats ); - reset_stats_block( $s_stats, $gmtime, $time.' '.$tzone ); --- -1.9.3 - diff --git a/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch b/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch new file mode 100644 index 0000000..2907565 --- /dev/null +++ b/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch @@ -0,0 +1,141 @@ +From c78cee0747aaa7f3ba7ad77d683d382308992952 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Tue, 26 Jul 2016 16:51:41 -0700 +Subject: [PATCH 18/29] Ticket #48939 - nsslapd-workingdir is empty when + ns-slapd is started by systemd + +Description: If the Type of the service is notify in systemd, the server +process does not fork. Setting nsslapd-workingdir was missing in the not- +fork path. This patch adds it. + +https://fedorahosted.org/389/ticket/48939 + +Reviewed by wibrown@redhat.com (Thank you, William!!) + +(cherry picked from commit a06cb4269613224e1454ed8c1ad6f702cc247b2b) +--- + ldap/servers/slapd/detach.c | 81 ++++++++++++++++++++++++++------------------- + 1 file changed, 47 insertions(+), 34 deletions(-) + +diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c +index 84a9eef..cd13a99 100644 +--- a/ldap/servers/slapd/detach.c ++++ b/ldap/servers/slapd/detach.c +@@ -44,16 +44,50 @@ + #include + #endif /* USE_SYSCONF */ + +-int +-detach( int slapd_exemode, int importexport_encrypt, +- int s_port, daemon_ports_t *ports_info ) ++static int ++set_workingdir() + { +- int i, sd; + int rc = 0; +- char *workingdir = 0; ++ char *workingdir = config_get_workingdir(); + char *errorlog = 0; + char *ptr = 0; + extern char *config_get_errorlog(void); ++ extern int config_set_workingdir(const char *attrname, char *value, char *errorbuf, int apply); ++ char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE]; ++ ++ if ( NULL == workingdir ) { ++ errorlog = config_get_errorlog(); ++ if (NULL == errorlog) { ++ rc = chdir("/"); ++ } else { ++ ptr = strrchr(errorlog, '/'); ++ if (ptr) { ++ *ptr = '\0'; ++ } ++ rc = chdir(errorlog); ++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); ++ } ++ slapi_ch_free_string(&errorlog); ++ } ++ } else { ++ /* calling config_set_workingdir to check for validity of directory, don't apply */ ++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, errorbuf, 0) == LDAP_OPERATIONS_ERROR) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); ++ rc = chdir("/"); ++ } else { ++ rc = chdir(workingdir); ++ } ++ slapi_ch_free_string(&workingdir); ++ } ++ return rc; ++} ++ ++int ++detach( int slapd_exemode, int importexport_encrypt, ++ int s_port, daemon_ports_t *ports_info ) ++{ ++ int i, sd; + + if ( should_detach ) { + for ( i = 0; i < 5; i++ ) { +@@ -76,35 +110,12 @@ detach( int slapd_exemode, int importexport_encrypt, + } + + /* call this right after the fork, but before closing stdin */ +- if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, +- s_port, ports_info)) { ++ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, ports_info)) { + return 1; + } + +- workingdir = config_get_workingdir(); +- if ( NULL == workingdir ) { +- errorlog = config_get_errorlog(); +- if ( NULL == errorlog ) { +- rc = chdir( "/" ); +- PR_ASSERT(rc == 0); +- } else { +- if ((ptr = strrchr(errorlog, '/')) || +- (ptr = strrchr(errorlog, '\\'))) { +- *ptr = 0; +- } +- rc = chdir( errorlog ); +- PR_ASSERT(rc == 0); +- config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, NULL, 1); +- slapi_ch_free_string(&errorlog); +- } +- } else { +- /* calling config_set_workingdir to check for validity of directory, don't apply */ +- if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, NULL, 0) == LDAP_OPERATIONS_ERROR) { +- return 1; +- } +- rc = chdir( workingdir ); +- PR_ASSERT(rc == 0); +- slapi_ch_free_string(&workingdir); ++ if (set_workingdir()) { ++ LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n"); + } + + if ( (sd = open( "/dev/null", O_RDWR )) == -1 ) { +@@ -127,14 +138,16 @@ detach( int slapd_exemode, int importexport_encrypt, + + g_set_detached(1); + } else { /* not detaching - call nss/ssl init */ +- if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, +- s_port, ports_info)) { ++ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, ports_info)) { + return 1; + } ++ if (set_workingdir()) { ++ LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n"); ++ } + } + + (void) SIGNAL( SIGPIPE, SIG_IGN ); +- return rc; ++ return 0; + } + + /* +-- +2.4.11 + diff --git a/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch b/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch deleted file mode 100644 index 7771109..0000000 --- a/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch +++ /dev/null @@ -1,89 +0,0 @@ -From 5d2f818d33801b1ae6c7d3c19ab67e52a4944251 Mon Sep 17 00:00:00 2001 -From: Rich Megginson -Date: Mon, 13 Jul 2015 18:27:50 -0600 -Subject: [PATCH 19/20] Ticket #48224 - logconv.pl should handle *.tar.xz, - *.txz, *.xz log files - -https://fedorahosted.org/389/ticket/48224 -Reviewed by: ??? -Branch: 389-ds-base-1.3.4 -Fix Description: There is no xz support by default, the perl module -IO::Uncompress::UnXz is required for that. Also, Tar::Archive can't -handle xz files by default, so they have to be uncompressed first. -This will also need a spec file change: -Requires: perl-IO-Compress -Requires: perl-IO-Compress-Lzma -Platforms tested: Fedora 21 -Flag Day: no -Doc impact: no - -(cherry picked from commit d1b0acd12faa620774c66044f91e509ae175e4a1) -(cherry picked from commit 4f3b802fac46adfa8fd5cf49443b875f136fb19c) ---- - ldap/admin/src/logconv.pl | 20 +++++++++++++++++++- - rpm/389-ds-base.spec.in | 3 +++ - 2 files changed, 22 insertions(+), 1 deletion(-) - -diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl -index 7ca9084..a6bd6c2 100755 ---- a/ldap/admin/src/logconv.pl -+++ b/ldap/admin/src/logconv.pl -@@ -398,14 +398,26 @@ my $totalLineCount = 0; - - sub isTarArchive { - local $_ = shift; -+ if (/\.txz$/ || /\.tar.xz$/) { -+ use IO::Uncompress::UnXz; -+ } - return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/; - } - - sub isCompressed { - local $_ = shift; -+ if (/\.xz$/) { -+ use IO::Uncompress::UnXz; -+ } - return /\.gz$/ || /\.bz2$/ || /\.xz$/; - } - -+# Tar::Archive can't grok xz, so have to uncompress first -+sub tarNeedsUncompress { -+ local $_ = shift; -+ return /\.tar.xz$/ || /\.txz$/; -+} -+ - sub convertTimeToSeconds { - my $log_line = shift; - -@@ -503,7 +515,13 @@ for (my $count=0; $count < $file_count; $count++){ - my $comp = 0; - if (isTarArchive($logname)) { - $tar = Archive::Tar->new(); -- $tariter = Archive::Tar->iter($logname); -+ if (tarNeedsUncompress($logname)) { -+ my $TARFH = new IO::Uncompress::AnyUncompress $logname or -+ do { openFailed($AnyUncompressError, $logname); next }; -+ $tariter = Archive::Tar->iter($TARFH); -+ } else { -+ $tariter = Archive::Tar->iter($logname); -+ } - if (!$tariter) { - print "$logname is not a valid tar archive, or compression is unrecognized: $!\n"; - next; -diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in -index d0bbb7a..3405ccd 100644 ---- a/rpm/389-ds-base.spec.in -+++ b/rpm/389-ds-base.spec.in -@@ -116,6 +116,9 @@ Requires: perl-Socket6 - Requires: perl-Socket - %endif - Requires: perl-NetAddr-IP -+# for logconv compressed file support -+Requires: perl-IO-Compress -+Requires: perl-IO-Compress-Lzma - - Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2 - # 389-ds-git.sh should be used to generate the source tarball from git --- -1.9.3 - diff --git a/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch b/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch new file mode 100644 index 0000000..06e3ccb --- /dev/null +++ b/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch @@ -0,0 +1,107 @@ +From 6b5c8ba040fa482c1817c044716bb994f173d373 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Wed, 27 Jul 2016 11:23:17 -0700 +Subject: [PATCH 19/29] Ticket #48939 - nsslapd-workingdir is empty when + ns-slapd is started by systemd + +Description: Thanks to tbordaz@redhat.com for suggesting to reset the +working dir in the error cases. I've added more error checks and +resetting the nsslapd-workingdir values. + +https://fedorahosted.org/389/ticket/48939 + +Reviewed by mreynolds@redhat.com (Thank you, Mark!!) + +(cherry picked from commit 70d06dab96468e0c6712482186f22de8e2c33e17) +--- + ldap/servers/slapd/detach.c | 45 +++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 41 insertions(+), 4 deletions(-) + +diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c +index cd13a99..2f5667f 100644 +--- a/ldap/servers/slapd/detach.c ++++ b/ldap/servers/slapd/detach.c +@@ -59,14 +59,41 @@ set_workingdir() + errorlog = config_get_errorlog(); + if (NULL == errorlog) { + rc = chdir("/"); ++ if (0 == rc) { ++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); ++ } ++ } else { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/"); ++ } + } else { + ptr = strrchr(errorlog, '/'); + if (ptr) { + *ptr = '\0'; + } + rc = chdir(errorlog); +- if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) { +- LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); ++ if (0 == rc) { ++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); ++ rc = chdir("/"); ++ if (0 == rc) { ++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); ++ } ++ } else { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/"); ++ } ++ } ++ } else { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", errorlog); ++ rc = chdir("/"); ++ if (0 == rc) { ++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); ++ } ++ } else { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/"); ++ } + } + slapi_ch_free_string(&errorlog); + } +@@ -75,8 +102,18 @@ set_workingdir() + if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, errorbuf, 0) == LDAP_OPERATIONS_ERROR) { + LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); + rc = chdir("/"); ++ if (0 == rc) { ++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf); ++ } ++ } else { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/"); ++ } + } else { + rc = chdir(workingdir); ++ if (rc) { ++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", workingdir); ++ } + } + slapi_ch_free_string(&workingdir); + } +@@ -115,7 +152,7 @@ detach( int slapd_exemode, int importexport_encrypt, + } + + if (set_workingdir()) { +- LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n"); ++ LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: set_workingdir failed.\n"); + } + + if ( (sd = open( "/dev/null", O_RDWR )) == -1 ) { +@@ -142,7 +179,7 @@ detach( int slapd_exemode, int importexport_encrypt, + return 1; + } + if (set_workingdir()) { +- LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n"); ++ LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: set_workingdir failed.\n"); + } + } + +-- +2.4.11 + diff --git a/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch b/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch deleted file mode 100644 index df10002..0000000 --- a/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 5dda81412db1609f67035957ab65a6c726228e00 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 14 Jul 2015 11:12:56 -0700 -Subject: [PATCH 20/20] Ticket #48194 - CI test: fixing test cases for ticket - 48194 - -Description: nsSSL3Ciphers preference not enforced server side -. Test Case 6 - wrong expectation for RC4-SHA -. Test Case 7 - removing a extra space in nsSSL3Ciphers - -(cherry picked from commit f69ce333052f7f33350fd4038b8f598f650a743f) -(cherry picked from commit ca9e6f9292289a7b6b7f57602555bf9aeb9ba9de) ---- - dirsrvtests/tickets/ticket48194_test.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/dirsrvtests/tickets/ticket48194_test.py b/dirsrvtests/tickets/ticket48194_test.py -index 18739ca..17e179a 100644 ---- a/dirsrvtests/tickets/ticket48194_test.py -+++ b/dirsrvtests/tickets/ticket48194_test.py -@@ -295,7 +295,7 @@ def test_ticket48194_run_4(topology): - Default ciphers are enabled. - default allowWeakCipher - """ -- _header(topology, 'Test Case 5 - Check no nsSSL3Ciphers (default setting) with default allowWeakCipher') -+ _header(topology, 'Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher') - - topology.standalone.simple_bind_s(DN_DM, PASSWORD) - topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', '-all')]) -@@ -326,7 +326,7 @@ def test_ticket48194_run_5(topology): - os.system('touch %s' % (topology.standalone.errlog)) - topology.standalone.start(timeout=120) - -- connectWithOpenssl(topology, 'RC4-SHA', True) -+ connectWithOpenssl(topology, 'RC4-SHA', False) - connectWithOpenssl(topology, 'AES256-SHA256', True) - - def test_ticket48194_run_6(topology): -@@ -338,7 +338,7 @@ def test_ticket48194_run_6(topology): - _header(topology, 'Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher') - - topology.standalone.simple_bind_s(DN_DM, PASSWORD) -- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-TLS_RSA_WITH_AES_256_CBC_SHA256 ')]) -+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-TLS_RSA_WITH_AES_256_CBC_SHA256')]) - - log.info("\n######################### Restarting the server ######################\n") - topology.standalone.stop(timeout=10) --- -1.9.3 - diff --git a/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch b/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch new file mode 100644 index 0000000..643f3b7 --- /dev/null +++ b/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch @@ -0,0 +1,38 @@ +From 8f761940cb93fc8e64ed9022c3a6f21e90c281aa Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Wed, 27 Jul 2016 12:40:25 -0700 +Subject: [PATCH 20/29] Ticket #48934 - remove-ds.pl deletes an instance even + if wrong prefix was specified + +Description: remove-ds.pl skipped to check "slapd" part of "slapd-instance". +This patch adds the check and if it is not "slapd", it quits with the error +message. For example: +Error: Invalid instance name "bogus-test" + +https://fedorahosted.org/389/ticket/48934 + +Reviewed by mreynolds@redhat.com (Thanks, Mark!!) + +(cherry picked from commit 2b341922a42f305122fbd6eb97e96e0612f8e5d2) +--- + ldap/admin/src/scripts/remove-ds.pl.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in +index b35ae32..252f3f9 100755 +--- a/ldap/admin/src/scripts/remove-ds.pl.in ++++ b/ldap/admin/src/scripts/remove-ds.pl.in +@@ -52,6 +52,10 @@ unless ($inst) { + print STDERR "Full instance name must be specified (e.g. - slapd-example)\n"; + exit 1; + } ++unless ($slapd eq "slapd") { ++ print STDERR "Error: Invalid instance name \"$instname\"\n"; ++ exit 1; ++} + + my @errs = removeDSInstance($inst, $force, $all, $initconfig_dir); + if (@errs) { +-- +2.4.11 + diff --git a/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch b/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch deleted file mode 100644 index d721123..0000000 --- a/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch +++ /dev/null @@ -1,64 +0,0 @@ -From e88ffac24b49acb01fb7d460ff4282abe85d3799 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 14 Jul 2015 16:00:03 -0700 -Subject: [PATCH 21/22] Ticket #48203 - Fix coverity issues - 07/14/2015 - -Description: Overrunning array "mctx.negativeErrors" of 19 4-byte -elements at element index 122 (byte offset 488) using index "abs(err)" -(which evaluates to 122). - -Commit 71be5faaa478593bb056887410ca8e48e05b2fe4 to fix Ticket #47799 -introduced this problem. The error count checking has to be done per -error. - -https://fedorahosted.org/389/ticket/48203 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!) - -(cherry picked from commit cc435b8c382f7da662b5c27339d23fd33a8f4117) -(cherry picked from commit 6ec1001e507908ba60f8c52568d24b5c7c727855) ---- - ldap/servers/slapd/tools/ldclt/threadMain.c | 20 +++++++++++++++++--- - 1 file changed, 17 insertions(+), 3 deletions(-) - -diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c -index 5d915fd..88353c6 100644 ---- a/ldap/servers/slapd/tools/ldclt/threadMain.c -+++ b/ldap/servers/slapd/tools/ldclt/threadMain.c -@@ -477,7 +477,7 @@ addErrorStat ( - #else - if ((err <= 0) || (err >= MAX_ERROR_NB)) - #endif -- { -+ { - if (mctx.errorsBad > mctx.maxErrors) { - printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid); - (void) printGlobalStatistics(); /*JLS 25-08-00*/ -@@ -485,8 +485,22 @@ addErrorStat ( - ldclt_sleep (5); - ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/ - } -- } else { -- if (mctx.errors[err] + mctx.negativeErrors[abs(err)] > mctx.maxErrors) { -+ } -+#if defined(USE_OPENLDAP) -+ else if (err < 0) -+ { -+ if (mctx.negativeErrors[abs(err)] > mctx.maxErrors) { -+ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid); -+ (void) printGlobalStatistics(); /*JLS 25-08-00*/ -+ fflush (stdout); -+ ldclt_sleep (5); -+ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/ -+ } -+ } -+#endif -+ else -+ { -+ if (mctx.errors[err] > mctx.maxErrors) { - printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid); - (void) printGlobalStatistics(); /*JLS 25-08-00*/ - fflush (stdout); --- -1.9.3 - diff --git a/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch b/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch new file mode 100644 index 0000000..868a653 --- /dev/null +++ b/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch @@ -0,0 +1,50 @@ +From 9cffd76c95e679042861881182ab8567915b4ad8 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Wed, 27 Jul 2016 14:37:13 -0700 +Subject: [PATCH 21/29] Ticket #48940 - DS logs have warning:ancestorid not + indexed + +Description: When reindexing, the subtree to be reindexed is empty, +a cryptic warning message is logged in the error log: + warning: ancestorid not indexed on 10; possibly, the entry id ## + has no descendants yet. +This message is benign and not to be logged as DEBUG_ANY/FATAL. + +The message is logged when the log level is set to BACKLDBM = 0x080000 + # vlvindex -Z test -n userRoot -T testIndex -d 524288 +as follows: + Info: Entry id ### has no descendants according to ancestorid. Index + file created by this reindex will be empty. + +https://fedorahosted.org/389/ticket/48940 + +Reviewed by wibrown@redhat.com (Thank you, William!!) + +(cherry picked from commit 17dc978c84e6099e4abe884a535067147b618c37) +--- + ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +index 52338c2..5898361 100644 +--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c ++++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +@@ -903,11 +903,10 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err) + slapi_sdn_done(&sdn); + if (idl == NULL) { + if (DB_NOTFOUND == *err) { +- LDAPDebug(LDAP_DEBUG_ANY, +- "warning: %s not indexed on %lu; " +- "possibly, the entry id %lu has no descendants yet.\n", +- entryrdn_get_noancestorid()?"entryrdn":"ancestorid", +- id, id); ++ LDAPDebug2Args(LDAP_DEBUG_BACKLDBM, ++ "Info: Entry id %lu has no descendants according to %s. " ++ "Index file created by this reindex will be empty.\n", ++ id, entryrdn_get_noancestorid()?"entryrdn":"ancestorid"); + *err = 0; /* not a problem */ + } else { + LDAPDebug(LDAP_DEBUG_ANY, +-- +2.4.11 + diff --git a/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch b/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch deleted file mode 100644 index 657c214..0000000 --- a/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch +++ /dev/null @@ -1,174 +0,0 @@ -From abfd367015c9d0dfa0b97b8473923c97eab0dab5 Mon Sep 17 00:00:00 2001 -From: Rich Megginson -Date: Wed, 15 Jul 2015 14:09:24 -0600 -Subject: [PATCH 22/22] Ticket #48224 - redux - logconv.pl should handle - *.tar.xz, *.txz, *.xz log files - -https://fedorahosted.org/389/ticket/48224 -Reviewed by: nhosoi, mreynolds (Thanks!) -Branch: 389-ds-base-1.3.4 -Fix Description: Some platforms have no IO::Uncompress::UnXz, so have -to pipe out to the 'xz' command for uncompression. -Doing the 'xz' pipe will not work with compressed xz files in tar -archives, so issue an appropriate error. -The tar archive file handling was wrong - have to wrap the data in a -filehandle before passing to uncompress. -Added a lot of error checking - trying to uncompress plain text files, -trying to untar non-tar archives, trying to untar and uncompress a -tar file that is not compressed, other weird stuff like specifying a -.bz2 extension on a file compressed with .xz. -This will also need a spec file change: -Requires: perl-IO-Compress -Requires: perl-DB_File -Requires: perl-Archive-Tar -Requires: xz -Platforms tested: Fedora 21, RHEL 7.2 candidate -Flag Day: no -Doc impact: no - -(cherry picked from commit ae5b62f53557c8ce2d174999c4b561ebc4ccde55) -(cherry picked from commit 8473ae0c49492dd7931dbdd3a8377119f53ce49b) ---- - ldap/admin/src/logconv.pl | 73 ++++++++++++++++++++++++++++++++++++----------- - 1 file changed, 57 insertions(+), 16 deletions(-) - -diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl -index a6bd6c2..d26e91e 100755 ---- a/ldap/admin/src/logconv.pl -+++ b/ldap/admin/src/logconv.pl -@@ -398,17 +398,11 @@ my $totalLineCount = 0; - - sub isTarArchive { - local $_ = shift; -- if (/\.txz$/ || /\.tar.xz$/) { -- use IO::Uncompress::UnXz; -- } - return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/; - } - - sub isCompressed { - local $_ = shift; -- if (/\.xz$/) { -- use IO::Uncompress::UnXz; -- } - return /\.gz$/ || /\.bz2$/ || /\.xz$/; - } - -@@ -418,6 +412,43 @@ sub tarNeedsUncompress { - return /\.tar.xz$/ || /\.txz$/; - } - -+# rhel7 can't grok xz -+sub doUncompress { -+ local $_ = shift; -+ my $data = shift; -+ my $TARFH; -+ # some platforms don't have xz support in IO::Uncompress::AnyUncompress -+ if (/\.tar.xz$/ || /\.txz$/ || /\.xz$/) { -+ if ($data) { -+ openFailed("Cannot read from compressed xz file in tar archive.\nPlease un-tar the tar file first, then pass individual .xz files to this program.\n", $_); -+ } -+ # so use the xz command directly -+ # NOTE: This doesn't work if the argument is a file handle e.g. from -+ # Archive::Tar -+ $! = 0; # clear -+ if (!open($TARFH, "xz -dc $_ |") or $!) { -+ openFailed($!, $_); -+ return; -+ } -+ } else { -+ my $uncompressthing; -+ if ($data) { -+ # make a filehandle object from data -+ open($uncompressthing, "<", \$data) or openFailed($!, $_); -+ } else { -+ # just read from the file -+ $uncompressthing = $_; -+ } -+ $TARFH = new IO::Uncompress::AnyUncompress $uncompressthing or -+ do { openFailed($AnyUncompressError, $_); return; }; -+ if (*$TARFH->{Plain}) { -+ openFailed("Unknown compression", $_); -+ return; -+ } -+ } -+ return $TARFH; -+} -+ - sub convertTimeToSeconds { - my $log_line = shift; - -@@ -497,6 +528,10 @@ for (my $count=0; $count < $file_count; $count++){ - if($logCount > 1 && $count == 0 && $skipFirstFile == 1){ - next; - } -+ if (! -r $logname) { -+ print "File not found: $logname\n"; -+ next; -+ } - $linesProcessed = 0; $lineBlockCount = 0; - my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$atime,$mtime,$ctime,$blksize,$blocks); - ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$cursize, -@@ -513,11 +548,12 @@ for (my $count=0; $count < $file_count; $count++){ - my $tariter = 0; - my $tarfile = 0; - my $comp = 0; -+ $LOGFH = undef; - if (isTarArchive($logname)) { - $tar = Archive::Tar->new(); - if (tarNeedsUncompress($logname)) { -- my $TARFH = new IO::Uncompress::AnyUncompress $logname or -- do { openFailed($AnyUncompressError, $logname); next }; -+ my $TARFH = doUncompress($logname); -+ next if (!$TARFH); - $tariter = Archive::Tar->iter($TARFH); - } else { - $tariter = Archive::Tar->iter($logname); -@@ -540,24 +576,21 @@ for (my $count=0; $count < $file_count; $count++){ - next; - } - if (isCompressed($tarfile->name)) { -- $LOGFH = new IO::Uncompress::AnyUncompress \$tarfile->name or -- do { openFailed($AnyUncompressError, $logname); next }; -+ $LOGFH = doUncompress($tarfile->name, $tarfile->get_content); -+ next if (!$LOGFH); - # no way in general to know how big the uncompressed file is - so - # assume a factor of 10 inflation - only used for progress reporting - $cursize *= 10; - } else { -- open(LOG,"<",\$tarfile->data) or do { openFailed($!, $tarfile->name) ; next }; -- $LOGFH = \*LOG; -+ open($LOGFH,"<",\$tarfile->data) or do { openFailed($!, $tarfile->name) ; next }; - } - } elsif ($comp) { -- $LOGFH = new IO::Uncompress::AnyUncompress $logname or -- do { openFailed($AnyUncompressError, $logname); next }; -+ $LOGFH = doUncompress($logname); - # no way in general to know how big the uncompressed file is - so - # assume a factor of 10 inflation - only used for progress reporting - $cursize *= 10; - } else { -- open(LOG,$logname) or do { openFailed($!, $logname); next }; -- $LOGFH = \*LOG; -+ open($LOGFH,$logname) or do { openFailed($!, $logname); next }; - } - my $firstline = "yes"; - while(<$LOGFH>){ -@@ -588,6 +621,14 @@ for (my $count=0; $count < $file_count; $count++){ - } - last if (!$tariter); - } -+ if ($tar) { -+ if ($tar->error()) { -+ openFailed($tar->error(), $logname); -+ } -+ if ($Archive::Tar::error) { -+ openFailed($Archive::Tar::error, $logname); -+ } -+ } - } - - if ($totalLineCount eq "0"){ --- -1.9.3 - diff --git a/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch b/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch new file mode 100644 index 0000000..79a896d --- /dev/null +++ b/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch @@ -0,0 +1,115 @@ +From f993a9b5a1ac95728baae201543cad5993a28da1 Mon Sep 17 00:00:00 2001 +From: Ludwig Krispenz +Date: Mon, 1 Aug 2016 10:47:31 +0200 +Subject: [PATCH 22/29] Ticket 48882 - server can hang in connection list + processing + +Bug Description: if a thread holding the connection monitor + is stuck in polling and the client doesn't + respond, the main thread can be blocked on + this connection when iterating the connection + table. + +Fix Description: Implement a test and enter function for the connection + monitor, so the main thread will never wait for a + connection monitor already owned by an other thread + +https://fedorahosted.org/389/ticket/48882 + +Reviewed by: Noriko, Thanks + +(cherry picked from commit 7110db91e75f392f1c83643d9aa88895992d9c01) +--- + ldap/servers/slapd/daemon.c | 69 ++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 68 insertions(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c +index 81a54cf..23c30c3 100644 +--- a/ldap/servers/slapd/daemon.c ++++ b/ldap/servers/slapd/daemon.c +@@ -164,6 +164,67 @@ static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDes + static int write_pid_file(); + static int init_shutdown_detect(); + ++/* ++ * NSPR has different implementations for PRMonitor, depending ++ * on the availble threading model ++ * The PR_TestAndEnterMonitor is not available for pthreads ++ * so this is a implementation based on the code in ++ * prmon.c adapted to resemble the implementation in ptsynch.c ++ * ++ * The function needs access to the elements of the PRMonitor struct. ++ * Therfor the pthread variant of PRMonitor is copied here. ++ */ ++typedef struct MY_PRMonitor { ++ const char* name; ++ pthread_mutex_t lock; ++ pthread_t owner; ++ pthread_cond_t entryCV; ++ pthread_cond_t waitCV; ++ PRInt32 refCount; ++ PRUint32 entryCount; ++ PRIntn notifyTimes; ++} MY_PRMonitor; ++ ++static PRBool MY_TestAndEnterMonitor(MY_PRMonitor *mon) ++{ ++ pthread_t self = pthread_self(); ++ PRStatus rv; ++ PRBool rc = PR_FALSE; ++ ++ PR_ASSERT(mon != NULL); ++ rv = pthread_mutex_lock(&mon->lock); ++ if (rv != 0) { ++ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor", ++ "Failed to acquire monitor mutex, error (%d)\n", rv); ++ return rc; ++ } ++ if (mon->entryCount != 0) { ++ if (pthread_equal(mon->owner, self)) ++ goto done; ++ rv = pthread_mutex_unlock(&mon->lock); ++ if (rv != 0) { ++ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor", ++ "Failed to release monitor mutex, error (%d)\n", rv); ++ } ++ return PR_FALSE; ++ } ++ /* and now I have the monitor */ ++ PR_ASSERT(mon->notifyTimes == 0); ++ PR_ASSERT((mon->owner) == 0); ++ mon->owner = self; ++ ++done: ++ mon->entryCount += 1; ++ rv = pthread_mutex_unlock(&mon->lock); ++ if (rv == PR_SUCCESS) { ++ rc = PR_TRUE; ++ } else { ++ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor", ++ "Failed to release monitor mutex, error (%d)\n", rv); ++ rc = PR_FALSE; ++ } ++ return rc; ++} + /* Globals which are used to store the sockets between + * calls to daemon_pre_setuid_init() and the daemon thread + * creation. */ +@@ -1552,7 +1613,13 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps + } + else + { +- PR_EnterMonitor(c->c_mutex); ++ /* we try to acquire the connection mutex, if it is already ++ * acquired by another thread, don't wait ++ */ ++ if (PR_FALSE == MY_TestAndEnterMonitor((MY_PRMonitor *)c->c_mutex)) { ++ c = next; ++ continue; ++ } + if (c->c_flags & CONN_FLAG_CLOSING) + { + /* A worker thread has marked that this connection +-- +2.4.11 + diff --git a/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch b/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch deleted file mode 100644 index cf76685..0000000 --- a/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 23c9a297b240d1538125721fb0f93abb876ce9c1 Mon Sep 17 00:00:00 2001 -From: Rich Megginson -Date: Thu, 16 Jul 2015 09:06:45 -0600 -Subject: [PATCH 23/30] Ticket #48224 - redux - logconv.pl should handle - *.tar.xz, *.txz, *.xz log files - -https://fedorahosted.org/389/ticket/48224 -Reviewed by: -Branch: master -Fix Description: Fix Requires: in spec file -Platforms tested: Fedora 21, RHEL 7.2 candidate -Flag Day: no -Doc impact: no - -(cherry picked from commit 193d79d4a459b709c5a55cea88794105fa60c453) -(cherry picked from commit 9109a570edd3ddb58434b19a9fca2f7c021b18ca) ---- - rpm/389-ds-base.spec.in | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in -index 3405ccd..d0bbb7a 100644 ---- a/rpm/389-ds-base.spec.in -+++ b/rpm/389-ds-base.spec.in -@@ -116,9 +116,6 @@ Requires: perl-Socket6 - Requires: perl-Socket - %endif - Requires: perl-NetAddr-IP --# for logconv compressed file support --Requires: perl-IO-Compress --Requires: perl-IO-Compress-Lzma - - Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2 - # 389-ds-git.sh should be used to generate the source tarball from git --- -1.9.3 - diff --git a/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch new file mode 100644 index 0000000..911a66b --- /dev/null +++ b/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch @@ -0,0 +1,369 @@ +From f0e03b5a51972a125fe78f448d1f68e288782d1e Mon Sep 17 00:00:00 2001 +From: William Brown +Date: Thu, 21 Jul 2016 13:22:30 +1000 +Subject: [PATCH 23/29] Ticket bz1358565 - clear and unsalted password types + are vulnerable to timing attack + +Bug Description: Clear and unsalted password types were vulnerable to a timing +attack. This is due to the use of memcmp and strcmp in their comparison. + +Fix Description: Add a constant time memcmp function, that does not shortcircuit. +Change all password comparison to use the constant time check. For the clear +scheme, alter the way we do the check to prevent length disclosure timing +attacks. + +This resolves CVE-2016-5405 + +https://bugzilla.redhat.com/show_bug.cgi?id=1358565 + +https://access.redhat.com/security/cve/CVE-2016-5405 + +Author: wibrown + +Review by: nhosoi (Thanks!) + +(cherry picked from commit 9dcaa4a0c866d8696e0a2616ccf962af2833f0b8) +--- + dirsrvtests/tests/suites/password/pwd_algo_test.py | 143 +++++++++++++++++++++ + ldap/servers/plugins/pwdstorage/clear_pwd.c | 33 ++++- + ldap/servers/plugins/pwdstorage/crypt_pwd.c | 2 +- + ldap/servers/plugins/pwdstorage/md5_pwd.c | 2 +- + ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c | 1 + + ldap/servers/plugins/pwdstorage/sha_pwd.c | 15 ++- + ldap/servers/plugins/pwdstorage/smd5_pwd.c | 2 +- + ldap/servers/slapd/ch_malloc.c | 22 ++++ + ldap/servers/slapd/slapi-plugin.h | 16 +++ + 9 files changed, 226 insertions(+), 10 deletions(-) + create mode 100644 dirsrvtests/tests/suites/password/pwd_algo_test.py + +diff --git a/dirsrvtests/tests/suites/password/pwd_algo_test.py b/dirsrvtests/tests/suites/password/pwd_algo_test.py +new file mode 100644 +index 0000000..aa8cbf5 +--- /dev/null ++++ b/dirsrvtests/tests/suites/password/pwd_algo_test.py +@@ -0,0 +1,143 @@ ++import os ++import sys ++import time ++import ldap ++import logging ++import pytest ++from lib389 import DirSrv, Entry, tools, tasks ++from lib389.tools import DirSrvTools ++from lib389._constants import * ++from lib389.properties import * ++from lib389.tasks import * ++from lib389.utils import * ++ ++DEBUGGING = True ++USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX ++ ++if DEBUGGING: ++ logging.getLogger(__name__).setLevel(logging.DEBUG) ++else: ++ logging.getLogger(__name__).setLevel(logging.INFO) ++ ++ ++log = logging.getLogger(__name__) ++ ++ ++class TopologyStandalone(object): ++ """The DS Topology Class""" ++ def __init__(self, standalone): ++ """Init""" ++ standalone.open() ++ self.standalone = standalone ++ ++ ++@pytest.fixture(scope="module") ++def topology(request): ++ """Create DS Deployment""" ++ ++ # Creating standalone instance ... ++ if DEBUGGING: ++ standalone = DirSrv(verbose=True) ++ else: ++ standalone = DirSrv(verbose=False) ++ args_instance[SER_HOST] = HOST_STANDALONE ++ args_instance[SER_PORT] = PORT_STANDALONE ++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE ++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX ++ args_standalone = args_instance.copy() ++ standalone.allocate(args_standalone) ++ instance_standalone = standalone.exists() ++ if instance_standalone: ++ standalone.delete() ++ standalone.create() ++ standalone.open() ++ ++ def fin(): ++ """If we are debugging just stop the instances, otherwise remove ++ them ++ """ ++ if DEBUGGING: ++ standalone.stop() ++ else: ++ standalone.delete() ++ ++ request.addfinalizer(fin) ++ ++ # Clear out the tmp dir ++ standalone.clearTmpDir(__file__) ++ ++ return TopologyStandalone(standalone) ++ ++def _test_bind(inst, password): ++ result = True ++ userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE)) ++ try: ++ userconn.simple_bind_s(USER_DN, password) ++ userconn.unbind_s() ++ except ldap.INVALID_CREDENTIALS: ++ result = False ++ return result ++ ++def _test_algo(inst, algo_name): ++ inst.config.set('passwordStorageScheme', algo_name) ++ ++ if DEBUGGING: ++ print('Testing %s', algo_name) ++ ++ # Create the user with a password ++ inst.add_s(Entry(( ++ USER_DN, { ++ 'objectClass': 'top account simplesecurityobject'.split(), ++ 'uid': 'user', ++ 'userpassword': 'Secret123' ++ }))) ++ ++ # Make sure when we read the userPassword field, it is the correct ALGO ++ pw_field = inst.search_s(USER_DN, ldap.SCOPE_BASE, '(objectClass=*)', ['userPassword'] )[0] ++ ++ if DEBUGGING: ++ print(pw_field.getValue('userPassword')) ++ ++ if algo_name != 'CLEAR': ++ assert(algo_name.lower() in pw_field.getValue('userPassword').lower()) ++ # Now make sure a bind works ++ assert(_test_bind(inst, 'Secret123')) ++ # Bind with a wrong shorter password, should fail ++ assert(not _test_bind(inst, 'Wrong')) ++ # Bind with a wrong longer password, should fail ++ assert(not _test_bind(inst, 'This is even more wrong')) ++ # Bind with a wrong exact length password. ++ assert(not _test_bind(inst, 'Alsowrong')) ++ # Bind with a subset password, should fail ++ assert(not _test_bind(inst, 'Secret')) ++ if algo_name != 'CRYPT': ++ # Bind with a subset password that is 1 char shorter, to detect off by 1 in clear ++ assert(not _test_bind(inst, 'Secret12')) ++ # Bind with a superset password, should fail ++ assert(not _test_bind(inst, 'Secret123456')) ++ # Delete the user ++ inst.delete_s(USER_DN) ++ # done! ++ ++def test_pwd_algo_test(topology): ++ """ ++ Assert that all of our password algorithms correctly PASS and FAIL varying ++ password conditions. ++ ++ """ ++ if DEBUGGING: ++ # Add debugging steps(if any)... ++ pass ++ ++ for algo in ('CLEAR', 'CRYPT', 'MD5', 'SHA', 'SHA256', 'SHA384', 'SHA512', 'SMD5', 'SSHA', 'SSHA256', 'SSHA384', 'SSHA512'): ++ _test_algo(topology.standalone, algo) ++ ++ log.info('Test PASSED') ++ ++ ++if __name__ == '__main__': ++ # Run isolated ++ # -s for DEBUG mode ++ CURRENT_FILE = os.path.realpath(__file__) ++ pytest.main("-s %s" % CURRENT_FILE) ++ +diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c +index 84dac2a..2afe16e 100644 +--- a/ldap/servers/plugins/pwdstorage/clear_pwd.c ++++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c +@@ -25,7 +25,38 @@ + int + clear_pw_cmp( const char *userpwd, const char *dbpwd ) + { +- return( strcmp( userpwd, dbpwd )); ++ int result = 0; ++ int len = 0; ++ int len_user = strlen(userpwd); ++ int len_dbp = strlen(dbpwd); ++ if ( len_user != len_dbp ) { ++ result = 1; ++ } ++ /* We have to do this comparison ANYWAY else we have a length timing attack. */ ++ if ( len_user >= len_dbp ) { ++ /* ++ * If they are the same length, result will be 0 here, and if we pass ++ * the check, we don't update result either. IE we pass. ++ * However, even if the first part of userpw matches dbpwd, but len !=, we ++ * have already failed anyawy. This prevents substring matching. ++ */ ++ if (slapi_ct_memcmp(userpwd, dbpwd, len_dbp) != 0) { ++ result = 1; ++ } ++ } else { ++ /* ++ * If we stretched the userPassword, we'll allow a new timing attack, where ++ * if we see a delay on a short pw, we know we are stretching. ++ * when the delay goes away, it means we've found the length. ++ * Instead, because we don't want to use the short pw for comp, we just compare ++ * dbpwd to itself. We have already got result == 1 if we are here, so we are ++ * just trying to take up time! ++ */ ++ if (slapi_ct_memcmp(dbpwd, dbpwd, len_dbp)) { ++ /* Do nothing, we have the if to fix a coverity check. */ ++ } ++ } ++ return result; + } + + char * +diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c +index 29355a2..93b54b2 100644 +--- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c ++++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c +@@ -54,7 +54,7 @@ crypt_pw_cmp( const char *userpwd, const char *dbpwd ) + /* we use salt (first 2 chars) of encoded password in call to crypt() */ + cp = crypt( userpwd, dbpwd ); + if (cp) { +- rc= strcmp( dbpwd, cp); ++ rc= slapi_ct_memcmp( dbpwd, cp, strlen(dbpwd)); + } else { + rc = -1; + } +diff --git a/ldap/servers/plugins/pwdstorage/md5_pwd.c b/ldap/servers/plugins/pwdstorage/md5_pwd.c +index 0bc8f3c..181661a 100644 +--- a/ldap/servers/plugins/pwdstorage/md5_pwd.c ++++ b/ldap/servers/plugins/pwdstorage/md5_pwd.c +@@ -57,7 +57,7 @@ md5_pw_cmp( const char *userpwd, const char *dbpwd ) + bver = NSSBase64_EncodeItem(NULL, (char *)b2a_out, sizeof b2a_out, &binary_item); + /* bver points to b2a_out upon success */ + if (bver) { +- rc = strcmp(bver,dbpwd); ++ rc = slapi_ct_memcmp(bver,dbpwd, strlen(dbpwd)); + } else { + slapi_log_error(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME, + "Could not base64 encode hashed value for password compare"); +diff --git a/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c b/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c +index 2fed61f..ae1f7b8 100644 +--- a/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c ++++ b/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c +@@ -84,6 +84,7 @@ ns_mta_md5_pw_cmp(const char * clear, const char *mangled) + + mta_hash[32] = mta_salt[32] = 0; + ++ /* This is salted, so we don't need to change it for constant time */ + return( strcmp(mta_hash,ns_mta_hash_alg(buffer,mta_salt,clear))); + } + +diff --git a/ldap/servers/plugins/pwdstorage/sha_pwd.c b/ldap/servers/plugins/pwdstorage/sha_pwd.c +index 9594ac9..2e4973b 100644 +--- a/ldap/servers/plugins/pwdstorage/sha_pwd.c ++++ b/ldap/servers/plugins/pwdstorage/sha_pwd.c +@@ -120,13 +120,16 @@ sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen ) + } + + /* the proof is in the comparison... */ +- result = ( hash_len >= shaLen ) ? +- ( memcmp( userhash, dbhash, shaLen ) ) : /* include salt */ +- ( memcmp( userhash, dbhash + OLD_SALT_LENGTH, +- hash_len - OLD_SALT_LENGTH ) ); /* exclude salt */ ++ if ( hash_len >= shaLen ) { ++ result = slapi_ct_memcmp( userhash, dbhash, shaLen ); ++ } else { ++ result = slapi_ct_memcmp( userhash, dbhash + OLD_SALT_LENGTH, hash_len - OLD_SALT_LENGTH ); ++ } + +- loser: +- if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( &dbhash ); ++loser: ++ if ( dbhash && dbhash != quick_dbhash ) { ++ slapi_ch_free_string( &dbhash ); ++ } + return result; + } + +diff --git a/ldap/servers/plugins/pwdstorage/smd5_pwd.c b/ldap/servers/plugins/pwdstorage/smd5_pwd.c +index f4c92f1..79c2846 100644 +--- a/ldap/servers/plugins/pwdstorage/smd5_pwd.c ++++ b/ldap/servers/plugins/pwdstorage/smd5_pwd.c +@@ -80,7 +80,7 @@ smd5_pw_cmp( const char *userpwd, const char *dbpwd ) + PK11_DestroyContext(ctx, 1); + + /* Compare everything up to the salt. */ +- rc = memcmp( userhash, dbhash, MD5_LENGTH ); ++ rc = slapi_ct_memcmp( userhash, dbhash, MD5_LENGTH ); + + loser: + if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( (char **)&dbhash ); +diff --git a/ldap/servers/slapd/ch_malloc.c b/ldap/servers/slapd/ch_malloc.c +index 10870df..a38268c 100644 +--- a/ldap/servers/slapd/ch_malloc.c ++++ b/ldap/servers/slapd/ch_malloc.c +@@ -365,3 +365,25 @@ slapi_ch_smprintf(const char *fmt, ...) + return p; + } + #endif ++ ++/* Constant time memcmp. Does not shortcircuit on failure! */ ++/* This relies on p1 and p2 both being size at least n! */ ++int ++slapi_ct_memcmp( const void *p1, const void *p2, size_t n) ++{ ++ int result = 0; ++ const unsigned char *_p1 = (const unsigned char *)p1; ++ const unsigned char *_p2 = (const unsigned char *)p2; ++ ++ if (_p1 == NULL || _p2 == NULL) { ++ return 2; ++ } ++ ++ for (size_t i = 0; i < n; i++) { ++ if (_p1[i] ^ _p2[i]) { ++ result = 1; ++ } ++ } ++ return result; ++} ++ +diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h +index a7e544a..165fb05 100644 +--- a/ldap/servers/slapd/slapi-plugin.h ++++ b/ldap/servers/slapd/slapi-plugin.h +@@ -5825,6 +5825,22 @@ char * slapi_ch_smprintf(const char *fmt, ...) + #else + ; + #endif ++/** ++ * slapi_ct_memcmp is a constant time memory comparison function. This is for ++ * use with password hashes and other locations which could lead to a timing ++ * attack due to early shortcut returns. This function *does not* shortcircuit ++ * during the comparison, always checking every byte regardless if it has already ++ * found that the memory does not match. ++ * ++ * WARNING! p1 and p2 must both reference content that is at least of size 'n'. ++ * Else this function may over-run (And will certainly fail). ++ * ++ * \param p1 pointer to first value to check. ++ * \param p2 pointer to second value to check. ++ * \param n length in bytes of the content of p1 AND p2. ++ * \return 0 on match. 1 on non-match. 2 on presence of NULL pointer in p1 or p2. ++ */ ++int slapi_ct_memcmp( const void *p1, const void *p2, size_t n); + + /* + * syntax plugin routines +-- +2.4.11 + diff --git a/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch deleted file mode 100644 index 21a99ea..0000000 --- a/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 413414c98313a076111d8e40a7a10fa369433e6e Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 16 Jul 2015 10:34:47 -0700 -Subject: [PATCH 24/30] Ticket #48226 - In MMR, double free coould occur under - some special condition - -Bug description: - In a replicated topology, a authenticated user that have write access - on an entry can send a series of operations that crash the server. - The crash is due to an access to a already freed buffer. -Fix description: - To avoid the double free, duplicate a CSNSet and assign it to the - Slapi_Value. - -https://fedorahosted.org/389/ticket/48226 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit a0f8e0f981a046882db299a7a6d6d1c01bc19571) -(cherry picked from commit bdbc81e62eb8d7b8dfb298c7ba983cf86353fe66) ---- - ldap/servers/slapd/valueset.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c -index 0cf3ded..7eabb82 100644 ---- a/ldap/servers/slapd/valueset.c -+++ b/ldap/servers/slapd/valueset.c -@@ -1415,8 +1415,9 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a, - if(v) - { - value_update_csn(v,t,csn); -- if (csnref_updated) -- valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v); -+ if (csnref_updated) { -+ valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v)); -+ } - valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]); - valuestoupdate[i]= NULL; - del_count++; --- -1.9.3 - diff --git a/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch b/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch new file mode 100644 index 0000000..ddaf136 --- /dev/null +++ b/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch @@ -0,0 +1,48 @@ +From c9561cbb81fe1504a5741df44dd8c1103134c065 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Sat, 30 Jul 2016 16:56:57 -0700 +Subject: [PATCH 24/29] Ticket #48943 - When fine-grained policy is applied, a + sub-tree has a priority over a user while changing password + +Description: If the user entry has a pwdpolicysubentry, the configuration +in the pwpolicy should be the strongest and respected. If the entry does +not have it, it retrieves the pwpolicy from the CoS Cache, which is the +current behaviour. + +https://fedorahosted.org/389/ticket/48943 + +Reviewed by wibrown@redhat.com (Thank you, William!!) + +(cherry picked from commit 802224f2846900c870a780fe7608782792806d85) +--- + ldap/servers/slapd/pw.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c +index 498afd4..6b865ec 100644 +--- a/ldap/servers/slapd/pw.c ++++ b/ldap/servers/slapd/pw.c +@@ -1777,9 +1777,17 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) + attribute in the target entry itself. */ + } else { + if ( (e = get_entry( pb, dn )) != NULL ) { +- rc = slapi_vattr_values_get(e, "pwdpolicysubentry", &values, +- &type_name_disposition, &actual_type_name, +- SLAPI_VIRTUALATTRS_REQUEST_POINTERS, &attr_free_flags); ++ Slapi_Attr* attr = NULL; ++ rc = slapi_entry_attr_find(e, "pwdpolicysubentry", &attr); ++ if (attr && (0 == rc)) { ++ /* If the entry has pwdpolicysubentry, use the PwPolicy. */ ++ values = valueset_dup(&attr->a_present_values); ++ } else { ++ /* Otherwise, retrieve the policy from CoS Cache */ ++ rc = slapi_vattr_values_get(e, "pwdpolicysubentry", &values, ++ &type_name_disposition, &actual_type_name, ++ SLAPI_VIRTUALATTRS_REQUEST_POINTERS, &attr_free_flags); ++ } + if (rc) { + values = NULL; + } +-- +2.4.11 + diff --git a/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch deleted file mode 100644 index 3db39ae..0000000 --- a/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch +++ /dev/null @@ -1,266 +0,0 @@ -From e6b20ffcc995b2ac190b96850073c0569bc6d294 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 16 Jul 2015 10:41:53 -0700 -Subject: [PATCH 25/30] Ticket #48226 - CI test: added test cases for ticket - 48226 - -Description: In MMR, double free coould occur under some special condition - -This test script was written by thierry bordaz . -A small modification to check the memory leak was added. - -(cherry picked from commit f5d24450477f8341261c3e5cb5c54ec1ab83328f) -(cherry picked from commit 8600a5eabc78848ad1bf0a9c2014823d0cd6cedc) ---- - dirsrvtests/tickets/ticket48226_test.py | 239 ++++++++++++++++++++++++++++++++ - 1 file changed, 239 insertions(+) - create mode 100644 dirsrvtests/tickets/ticket48226_test.py - -diff --git a/dirsrvtests/tickets/ticket48226_test.py b/dirsrvtests/tickets/ticket48226_test.py -new file mode 100644 -index 0000000..87814e7 ---- /dev/null -+++ b/dirsrvtests/tickets/ticket48226_test.py -@@ -0,0 +1,239 @@ -+# --- BEGIN COPYRIGHT BLOCK --- -+# Copyright (C) 2015 Red Hat, Inc. -+# All rights reserved. -+# -+# License: GPL (version 3 or any later version). -+# See LICENSE for details. -+# --- END COPYRIGHT BLOCK --- -+# -+import os -+import sys -+import time -+import ldap -+import logging -+import pytest -+from lib389 import DirSrv, Entry, tools, tasks -+from lib389.tools import DirSrvTools -+from lib389._constants import * -+from lib389.properties import * -+from lib389.tasks import * -+from lib389.utils import * -+ -+logging.getLogger(__name__).setLevel(logging.DEBUG) -+log = logging.getLogger(__name__) -+ -+installation1_prefix = None -+ -+ -+class TopologyReplication(object): -+ def __init__(self, master1, master2): -+ master1.open() -+ self.master1 = master1 -+ master2.open() -+ self.master2 = master2 -+ -+ -+@pytest.fixture(scope="module") -+def topology(request): -+ global installation1_prefix -+ os.environ['USE_VALGRIND'] = '1' -+ if installation1_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix -+ -+ # Creating master 1... -+ master1 = DirSrv(verbose=False) -+ if installation1_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix -+ args_instance[SER_HOST] = HOST_MASTER_1 -+ args_instance[SER_PORT] = PORT_MASTER_1 -+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1 -+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX -+ args_master = args_instance.copy() -+ master1.allocate(args_master) -+ instance_master1 = master1.exists() -+ if instance_master1: -+ master1.delete() -+ master1.create() -+ master1.open() -+ master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1) -+ -+ # Creating master 2... -+ master2 = DirSrv(verbose=False) -+ if installation1_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix -+ args_instance[SER_HOST] = HOST_MASTER_2 -+ args_instance[SER_PORT] = PORT_MASTER_2 -+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2 -+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX -+ args_master = args_instance.copy() -+ master2.allocate(args_master) -+ instance_master2 = master2.exists() -+ if instance_master2: -+ master2.delete() -+ master2.create() -+ master2.open() -+ master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2) -+ -+ # -+ # Create all the agreements -+ # -+ # Creating agreement from master 1 to master 2 -+ properties = {RA_NAME: r'meTo_$host:$port', -+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN], -+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW], -+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD], -+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]} -+ m1_m2_agmt = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties) -+ if not m1_m2_agmt: -+ log.fatal("Fail to create a master -> master replica agreement") -+ sys.exit(1) -+ log.debug("%s created" % m1_m2_agmt) -+ -+ # Creating agreement from master 2 to master 1 -+ properties = {RA_NAME: r'meTo_$host:$port', -+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN], -+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW], -+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD], -+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]} -+ m2_m1_agmt = master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties) -+ if not m2_m1_agmt: -+ log.fatal("Fail to create a master -> master replica agreement") -+ sys.exit(1) -+ log.debug("%s created" % m2_m1_agmt) -+ -+ # Allow the replicas to get situated with the new agreements... -+ time.sleep(5) -+ -+ # -+ # Initialize all the agreements -+ # -+ master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2) -+ master1.waitForReplInit(m1_m2_agmt) -+ -+ # Check replication is working... -+ if master1.testReplication(DEFAULT_SUFFIX, master2): -+ log.info('Replication is working.') -+ else: -+ log.fatal('Replication is not working.') -+ assert False -+ -+ # Clear out the tmp dir -+ master1.clearTmpDir(__file__) -+ -+ return TopologyReplication(master1, master2) -+ -+def test_ticket11111_set_purgedelay(topology): -+ args = {REPLICA_PURGE_DELAY: '5', -+ REPLICA_PURGE_INTERVAL: '5'} -+ try: -+ topology.master1.replica.setProperties(DEFAULT_SUFFIX, None, None, args) -+ except: -+ log.fatal('Failed to configure replica') -+ assert False -+ try: -+ topology.master2.replica.setProperties(DEFAULT_SUFFIX, None, None, args) -+ except: -+ log.fatal('Failed to configure replica') -+ assert False -+ topology.master1.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-auditlog-logging-enabled', 'on')]) -+ topology.master2.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-auditlog-logging-enabled', 'on')]) -+ topology.master1.restart(10) -+ topology.master2.restart(10) -+ -+ -+def test_ticket11111_1(topology): -+ name = 'test_entry' -+ dn = "cn=%s,%s" % (name, SUFFIX) -+ -+ topology.master1.add_s(Entry((dn , { -+ 'objectclass': "top person".split(), -+ 'sn': name, -+ 'cn': name}))) -+ -+ # First do an update that is replicated -+ mods = [(ldap.MOD_ADD, 'description', '5')] -+ topology.master1.modify_s(dn, mods) -+ -+ nbtry = 0 -+ while (nbtry <= 10): -+ try: -+ ent = topology.master2.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", ['description']) -+ if ent.hasAttr('description') and ent.getValue('description') == '5': -+ break -+ except ldap.NO_SUCH_OBJECT: -+ pass -+ nbtry = nbtry + 1 -+ time.sleep(1) -+ assert nbtry <= 10 -+ -+ # Stop M2 so that it will not receive the next update -+ topology.master2.stop(10) -+ -+ # ADD a new value that is not replicated -+ mods = [(ldap.MOD_DELETE, 'description', '5')] -+ topology.master1.modify_s(dn, mods) -+ -+ # Stop M1 so that it will keep del '5' that is unknown from master2 -+ topology.master1.stop(10) -+ -+ # Get the sbin directory so we know where to replace 'ns-slapd' -+ sbin_dir = get_sbin_dir(prefix=topology.master2.prefix) -+ -+ # Enable valgrind -+ valgrind_enable(sbin_dir) -+ -+ # start M2 to do the next updates -+ topology.master2.start(10) -+ -+ # ADD 'description' by '5' -+ mods = [(ldap.MOD_DELETE, 'description', '5')] -+ topology.master2.modify_s(dn, mods) -+ -+ # DEL 'description' by '5' -+ mods = [(ldap.MOD_ADD, 'description', '5')] -+ topology.master2.modify_s(dn, mods) -+ -+ # sleep of purgedelay so that the next update will purge the CSN_7 -+ time.sleep(6) -+ -+ # ADD 'description' by '8' that purge the state info -+ mods = [(ldap.MOD_ADD, 'description', '6')] -+ topology.master2.modify_s(dn, mods) -+ -+ if valgrind_check_leak(topology.master2, 'csnset_dup'): -+ log.error('test_csnset_dup: Memory leak is present!') -+ else: -+ log.info('test_csnset_dup: No leak is present!') -+ -+ if valgrind_check_leak(topology.master2, 'Invalid'): -+ log.info('Valgrind reported invalid!') -+ else: -+ log.info('Valgrind is happy!') -+ -+ #log.info("You can attach yourself") -+ #time.sleep(60) -+ -+ # Enable valgrind -+ valgrind_disable(sbin_dir) -+ -+ topology.master1.start(10) -+ -+ -+def test_ticket11111_final(topology): -+ topology.master1.delete() -+ topology.master2.delete() -+ log.info('Testcase PASSED') -+ -+ -+def run_isolated(): -+ global installation1_prefix -+ installation1_prefix = None -+ -+ topo = topology(True) -+ test_ticket11111_set_purgedelay(topo) -+ test_ticket11111_1(topo) -+ -+ -+if __name__ == '__main__': -+ run_isolated() -+ --- -1.9.3 - diff --git a/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch b/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch new file mode 100644 index 0000000..048a4f4 --- /dev/null +++ b/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch @@ -0,0 +1,268 @@ +From c8c5237c0dc6b5b1a0dc0b040bf2ca5058222141 Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Thu, 28 Jul 2016 11:53:47 +0200 +Subject: [PATCH 25/29] Ticket 48943 - Add CI Test for the password test suite + +Description: Test that fine-grained pwdpolicy on the entry has a +priority over fine-grained pwdpolicy on the subtree the entry belongs +to. Use passwordChange attribute to verify that. + +https://fedorahosted.org/389/ticket/48943 + +Reviewed by: mreynolds (Thanks!) + +(cherry picked from commit a20538f482089615ceff1947a3e237a87f31a781) +--- + .../tests/suites/password/pwd_change_policytest.py | 240 +++++++++++++++++++++ + 1 file changed, 240 insertions(+) + create mode 100644 dirsrvtests/tests/suites/password/pwd_change_policytest.py + +diff --git a/dirsrvtests/tests/suites/password/pwd_change_policytest.py b/dirsrvtests/tests/suites/password/pwd_change_policytest.py +new file mode 100644 +index 0000000..1d48c65 +--- /dev/null ++++ b/dirsrvtests/tests/suites/password/pwd_change_policytest.py +@@ -0,0 +1,240 @@ ++import os ++import sys ++import time ++import subprocess ++import ldap ++import logging ++import pytest ++from lib389 import DirSrv, Entry, tools, tasks ++from lib389.tools import DirSrvTools ++from lib389._constants import * ++from lib389.properties import * ++from lib389.tasks import * ++from lib389.utils import * ++ ++DEBUGGING = False ++OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX) ++TEST_USER_NAME = 'simplepaged_test' ++TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE) ++TEST_USER_PWD = 'simplepaged_test' ++PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\ ++ 'ou=people,dc=example,dc=com",'\ ++ 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com' ++PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\ ++ 'ou=people,dc=example,dc=com",'\ ++ 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com' ++ ++if DEBUGGING: ++ logging.getLogger(__name__).setLevel(logging.DEBUG) ++else: ++ logging.getLogger(__name__).setLevel(logging.INFO) ++ ++log = logging.getLogger(__name__) ++ ++ ++class TopologyStandalone(object): ++ """The DS Topology Class""" ++ def __init__(self, standalone): ++ """Init""" ++ standalone.open() ++ self.standalone = standalone ++ ++ ++@pytest.fixture(scope="module") ++def topology(request): ++ """Create DS Deployment""" ++ ++ # Creating standalone instance ... ++ if DEBUGGING: ++ standalone = DirSrv(verbose=True) ++ else: ++ standalone = DirSrv(verbose=False) ++ args_instance[SER_HOST] = HOST_STANDALONE ++ args_instance[SER_PORT] = PORT_STANDALONE ++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE ++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX ++ args_standalone = args_instance.copy() ++ standalone.allocate(args_standalone) ++ instance_standalone = standalone.exists() ++ if instance_standalone: ++ standalone.delete() ++ standalone.create() ++ standalone.open() ++ ++ def fin(): ++ """If we are debugging just stop the instances, otherwise remove ++ them ++ """ ++ if DEBUGGING: ++ standalone.stop() ++ else: ++ standalone.delete() ++ ++ request.addfinalizer(fin) ++ ++ ++ return TopologyStandalone(standalone) ++ ++ ++@pytest.fixture(scope="module") ++def test_user(topology, request): ++ """User for binding operation""" ++ ++ log.info('Adding user {}'.format(TEST_USER_DN)) ++ try: ++ topology.standalone.add_s(Entry((TEST_USER_DN, { ++ 'objectclass': 'top person'.split(), ++ 'objectclass': 'organizationalPerson', ++ 'objectclass': 'inetorgperson', ++ 'cn': TEST_USER_NAME, ++ 'sn': TEST_USER_NAME, ++ 'userpassword': TEST_USER_PWD, ++ 'mail': '%s@redhat.com' % TEST_USER_NAME, ++ 'uid': TEST_USER_NAME ++ }))) ++ except ldap.LDAPError as e: ++ log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN, ++ e.message['desc'])) ++ raise e ++ ++ def fin(): ++ log.info('Deleting user {}'.format(TEST_USER_DN)) ++ topology.standalone.delete_s(TEST_USER_DN) ++ request.addfinalizer(fin) ++ ++ ++@pytest.fixture(scope="module") ++def password_policy(topology, test_user): ++ """Set up password policy for subtree and user""" ++ ++ log.info('Enable fine-grained policy') ++ try: ++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, ++ 'nsslapd-pwpolicy-local', ++ 'on')]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set fine-grained policy: error {}'.format( ++ e.message['desc'])) ++ raise e ++ ++ log.info('Create password policy for subtree {}'.format(OU_PEOPLE)) ++ try: ++ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, ++ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, ++ '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE]) ++ except subprocess.CalledProcessError as e: ++ log.error('Failed to create pw policy policy for {}: error {}'.format( ++ OU_PEOPLE, e.message['desc'])) ++ raise e ++ ++ log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE)) ++ try: ++ topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE, ++ 'pwdpolicysubentry', ++ PW_POLICY_CONT_PEOPLE)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to pwdpolicysubentry pw policy '\ ++ 'policy for {}: error {}'.format(OU_PEOPLE, ++ e.message['desc'])) ++ raise e ++ ++ log.info('Create password policy for subtree {}'.format(TEST_USER_DN)) ++ try: ++ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, ++ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, ++ '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE]) ++ except subprocess.CalledProcessError as e: ++ log.error('Failed to create pw policy policy for {}: error {}'.format( ++ TEST_USER_DN, e.message['desc'])) ++ raise e ++ ++ log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN)) ++ try: ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'pwdpolicysubentry', ++ PW_POLICY_CONT_USER)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to pwdpolicysubentry pw policy '\ ++ 'policy for {}: error {}'.format(TEST_USER_DN, ++ e.message['desc'])) ++ raise e ++ ++ ++@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception', ++ [('off', 'on', None), ('on', 'on', None), ++ ('on', 'off', ldap.UNWILLING_TO_PERFORM), ++ ('off', 'off', ldap.UNWILLING_TO_PERFORM)]) ++def test_change_pwd(topology, test_user, password_policy, ++ subtree_pwchange, user_pwchange, exception): ++ """Verify that 'passwordChange' attr works as expected ++ User should have a priority over a subtree. ++ ++ :Feature: Password policy ++ ++ :Setup: Standalone instance, test user, ++ password policy entries for a user and a subtree ++ ++ :Steps: 1. Set passwordChange on the user and the subtree ++ to various combinations ++ 2. Bind as test user ++ 3. Try to change password ++ ++ :Assert: Subtree/User passwordChange - result ++ off/on, on/on - success ++ on/off, off/off - UNWILLING_TO_PERFORM ++ """ ++ ++ log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange, ++ PW_POLICY_CONT_PEOPLE)) ++ try: ++ topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE, ++ 'passwordChange', ++ subtree_pwchange)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set passwordChange '\ ++ 'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE, ++ e.message['desc'])) ++ raise e ++ ++ ++ log.info('Set passwordChange to "{}" - {}'.format(user_pwchange, ++ PW_POLICY_CONT_USER)) ++ try: ++ topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE, ++ 'passwordChange', ++ user_pwchange)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set passwordChange '\ ++ 'policy for {}: error {}'.format(PW_POLICY_CONT_USER, ++ e.message['desc'])) ++ raise e ++ ++ try: ++ log.info('Bind as user and modify userPassword') ++ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD) ++ if exception: ++ with pytest.raises(exception): ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ 'new_pass')]) ++ else: ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ 'new_pass')]) ++ except ldap.LDAPError as e: ++ log.error('Failed to change userpassword for {}: error {}'.format( ++ TEST_USER_DN, e.message['info'])) ++ raise e ++ finally: ++ log.info('Bind as DM') ++ topology.standalone.simple_bind_s(DN_DM, PASSWORD) ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ TEST_USER_PWD)]) ++ ++ ++if __name__ == '__main__': ++ # Run isolated ++ # -s for DEBUG mode ++ CURRENT_FILE = os.path.realpath(__file__) ++ pytest.main("-s %s" % CURRENT_FILE) +-- +2.4.11 + diff --git a/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch b/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch deleted file mode 100644 index 275a95c..0000000 --- a/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch +++ /dev/null @@ -1,293 +0,0 @@ -From 1acfdbb4428c70f7f6058da4374ecb29f9bb3149 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Fri, 17 Jul 2015 15:08:00 -0400 -Subject: [PATCH 26/30] Ticket 48179 - Starting a replica agreement can lead to - deadlock - -Bug Description: When starting a replica agreement and setting the agmt maxcsn - a deadlock can occur with another op updating nsuniqueid index. - When setting the agmt maxcsn the server searches for the tombstone - ruv which uses the nsuniqueid index, and it does this while holding - the repl agmt lock. If another thread is doing a delete and - writing to the change log, it can also grab a write lock on the - nsuniqueid index, before it attempts to grab the agmt lock. This - can lead to a deadlock if the timing is right. - -Fix Description: When starting the agmt and setting the agmt maxcsn, search/get - the tombstone ruv before we take the repl agmt lock. - -https://fedorahosted.org/389/ticket/48179 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit eb3086dcb0c56a23d6cee00a12f38b2584fe59a2) -(cherry picked from commit 23a3ff6082cba3eb749401eff44942b16dc30538) ---- - ldap/servers/plugins/replication/repl5.h | 1 - - ldap/servers/plugins/replication/repl5_agmt.c | 211 ++++++++++++-------------- - 2 files changed, 101 insertions(+), 111 deletions(-) - -diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h -index 4a5d859..0b0f26b 100644 ---- a/ldap/servers/plugins/replication/repl5.h -+++ b/ldap/servers/plugins/replication/repl5.h -@@ -380,7 +380,6 @@ PRUint64 agmt_get_protocol_timeout(Repl_Agmt *agmt); - void agmt_set_protocol_timeout(Repl_Agmt *agmt, PRUint64 timeout); - void agmt_update_maxcsn(Replica *r, Slapi_DN *sdn, int op, LDAPMod **mods, CSN *csn); - void add_agmt_maxcsns(Slapi_Entry *e, Replica *r); --void agmt_set_maxcsn(Repl_Agmt *ra); - void agmt_remove_maxcsn(Repl_Agmt *ra); - int agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod); - int agmt_set_WaitForAsyncResults(Repl_Agmt *ra, const Slapi_Entry *e); -diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c -index 9d1a8f2..f84eacb 100644 ---- a/ldap/servers/plugins/replication/repl5_agmt.c -+++ b/ldap/servers/plugins/replication/repl5_agmt.c -@@ -668,43 +668,127 @@ int - agmt_start(Repl_Agmt *ra) - { - Repl_Protocol *prot = NULL; -+ Slapi_PBlock *pb = NULL; -+ Slapi_Entry **entries = NULL; -+ Slapi_DN *repl_sdn = NULL; -+ char *attrs[2]; -+ int protocol_state; -+ int found_ruv = 0; -+ int rc = 0; - -- int protocol_state; -- -- /* To Allow Consumer Initialisation when adding an agreement: */ -- if (ra->auto_initialize == STATE_PERFORMING_TOTAL_UPDATE) -- { -- protocol_state = STATE_PERFORMING_TOTAL_UPDATE; -- } -- else -- { -- protocol_state = STATE_PERFORMING_INCREMENTAL_UPDATE; -- } -+ /* To Allow Consumer Initialisation when adding an agreement: */ -+ if (ra->auto_initialize == STATE_PERFORMING_TOTAL_UPDATE){ -+ protocol_state = STATE_PERFORMING_TOTAL_UPDATE; -+ } else { -+ protocol_state = STATE_PERFORMING_INCREMENTAL_UPDATE; -+ } - - /* First, create a new protocol object */ - if ((prot = prot_new(ra, protocol_state)) == NULL) { - return -1; - } - -- /* Now it is safe to own the agreement lock */ -+ /* -+ * Set the agmt maxcsn -+ * -+ * We need to get the replica ruv before we take the -+ * agmt lock to avoid potential deadlocks on the nsuniqueid -+ * index. -+ */ -+ repl_sdn = agmt_get_replarea(ra); -+ -+ pb = slapi_pblock_new(); -+ attrs[0] = (char*)type_agmtMaxCSN; -+ attrs[1] = NULL; -+ slapi_search_internal_set_pb_ext( -+ pb, -+ repl_sdn, -+ LDAP_SCOPE_BASE, -+ "objectclass=*", -+ attrs, -+ 0, -+ NULL, -+ RUV_STORAGE_ENTRY_UNIQUEID, -+ repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), -+ OP_FLAG_REPLICATED); -+ slapi_search_internal_pb (pb); -+ -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); -+ if (rc == LDAP_SUCCESS){ -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); -+ if (NULL == entries || NULL == entries[0]){ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "agmt_start: replica ruv tombstone entry for " -+ "replica %s not found\n", -+ slapi_sdn_get_dn(ra->replarea)); -+ } else { -+ found_ruv = 1; -+ } -+ } -+ -+ /* -+ * Now it is safe to own the agreement lock -+ */ - PR_Lock(ra->lock); - - /* Check that replication is not already started */ - if (ra->protocol != NULL) { - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "replication already started for agreement \"%s\"\n", agmt_get_long_name(ra)); -- PR_Unlock(ra->lock); - prot_free(&prot); -- return 0; -+ goto done; - } - -+ /* Set and start the protocol */ - ra->protocol = prot; -- -- /* Start the protocol thread */ - prot_start(ra->protocol); - -- agmt_set_maxcsn(ra); -+ /* -+ * If we found the repl ruv, set the agmt maxcsn... -+ */ -+ if (found_ruv){ -+ Replica *r; -+ Object *repl_obj; -+ char **maxcsns = NULL; -+ int i; - -+ maxcsns = slapi_entry_attr_get_charray(entries[0], type_agmtMaxCSN); -+ repl_obj = prot_get_replica_object(ra->protocol); -+ if(repl_obj && maxcsns){ -+ r = (Replica *)object_get_data(repl_obj); -+ if(r){ -+ /* -+ * Loop over all the agmt maxcsns and find ours... -+ */ -+ for(i = 0; maxcsns[i]; i++){ -+ char buf[BUFSIZ]; -+ char unavail_buf[BUFSIZ]; -+ -+ PR_snprintf(buf,BUFSIZ,"%s;%s;%s;%d;",slapi_sdn_get_dn(repl_sdn), -+ slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)), -+ ra->hostname, ra->port); -+ PR_snprintf(unavail_buf, BUFSIZ,"%s;%s;%s;%d;unavailable", slapi_sdn_get_dn(repl_sdn), -+ slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)), -+ ra->hostname, ra->port); -+ if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){ -+ /* Set the maxcsn */ -+ slapi_ch_free_string(&ra->maxcsn); -+ ra->maxcsn = slapi_ch_strdup(maxcsns[i]); -+ ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]); -+ ra->tmpConsumerRID = 1; -+ break; -+ } -+ } -+ } -+ } -+ slapi_ch_array_free(maxcsns); -+ } -+ -+done: - PR_Unlock(ra->lock); -+ slapi_free_search_results_internal(pb); -+ slapi_pblock_destroy (pb); -+ slapi_sdn_free(&repl_sdn); -+ - return 0; - } - -@@ -3052,99 +3136,6 @@ agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod) - } - - /* -- * Called when we start a repl agmt -- */ --void --agmt_set_maxcsn(Repl_Agmt *ra) --{ -- Slapi_PBlock *pb = NULL; -- Slapi_Entry **entries = NULL; -- Replica *r = NULL; -- Object *repl_obj; -- const Slapi_DN *tombstone_sdn = NULL; -- char *attrs[2]; -- int rc; -- -- /* read ruv state from the ruv tombstone entry */ -- pb = slapi_pblock_new(); -- if (!pb) { -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmt_set_maxcsn: Out of memory\n"); -- goto done; -- } -- repl_obj = prot_get_replica_object(ra->protocol); -- if(repl_obj){ -- r = (Replica *)object_get_data(repl_obj); -- tombstone_sdn = replica_get_root(r); -- } -- ra->maxcsn = NULL; -- attrs[0] = (char*)type_agmtMaxCSN; -- attrs[1] = NULL; -- slapi_search_internal_set_pb_ext( -- pb, -- (Slapi_DN *)tombstone_sdn, -- LDAP_SCOPE_BASE, -- "objectclass=*", -- attrs, -- 0, /* attrsonly */ -- NULL, /* controls */ -- RUV_STORAGE_ENTRY_UNIQUEID, -- repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), -- OP_FLAG_REPLICATED); /* flags */ -- slapi_search_internal_pb (pb); -- -- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); -- if (rc == LDAP_SUCCESS){ -- Replica *r; -- Object *repl_obj; -- char **maxcsns; -- int i; -- -- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); -- if (NULL == entries || NULL == entries[0]){ -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -- "agmt_set_maxcsn: replica ruv tombstone entry for " -- "replica %s not found\n", -- slapi_sdn_get_dn(ra->replarea)); -- goto done; -- } -- maxcsns = slapi_entry_attr_get_charray(entries[0], type_agmtMaxCSN); -- repl_obj = prot_get_replica_object(ra->protocol); -- if(repl_obj && maxcsns){ -- r = (Replica *)object_get_data(repl_obj); -- if(r){ -- /* -- * Loop over all the agmt maxcsns and find ours -- */ -- for(i = 0; maxcsns[i]; i++){ -- char buf[BUFSIZ]; -- char unavail_buf[BUFSIZ]; -- -- PR_snprintf(buf,BUFSIZ,"%s;%s;%s;%d;",slapi_sdn_get_dn(ra->replarea), -- slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)), -- ra->hostname, ra->port); -- PR_snprintf(unavail_buf, BUFSIZ,"%s;%s;%s;%d;unavailable", slapi_sdn_get_dn(ra->replarea), -- slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)), -- ra->hostname, ra->port); -- if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){ -- slapi_ch_free_string(&ra->maxcsn); -- ra->maxcsn = slapi_ch_strdup(maxcsns[i]); -- ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]); -- ra->tmpConsumerRID = 1; -- break; -- } -- } -- } -- } -- slapi_ch_array_free(maxcsns); -- } --done: -- if (NULL != pb){ -- slapi_free_search_results_internal(pb); -- slapi_pblock_destroy (pb); -- } --} -- --/* - * Parse out the consumer replicaID from the agmt maxcsn - * - * "repl area;agmt_rdn;hostname;port;consumer_rid;maxcsn" --- -1.9.3 - diff --git a/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch b/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch new file mode 100644 index 0000000..c7bda39 --- /dev/null +++ b/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch @@ -0,0 +1,66 @@ +From f6f3f89e723d26cdad16e0d70d21e2361b9ac8bb Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Thu, 28 Jul 2016 22:23:20 -0700 +Subject: [PATCH 26/29] Ticket #48936 - Duplicate collation entries + +Description: In the fix for "Ticket #53 - Need to update supported locales", +some locales were not set country and variant codes correctly, which caused +the duplicate matchintRules. Also, ig-NG was mapped to a wrong locale. + +An example of the broken matchingRules. +Before the fix> + matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +After the fix> + matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch-sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +https://fedorahosted.org/389/ticket/48936 + +Reviewed by rmeggins@redhat.com (Thank you, Rich!!) + +(cherry picked from commit 3e3dff89c29afdf52a32e4d44f01bddedd60bcd3) +--- + ldap/schema/slapd-collations.conf | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/ldap/schema/slapd-collations.conf b/ldap/schema/slapd-collations.conf +index 9f653e4..31fa477 100644 +--- a/ldap/schema/slapd-collations.conf ++++ b/ldap/schema/slapd-collations.conf +@@ -88,7 +88,7 @@ collation as "" "" 1 3 2.16.840.1.113730.3.3.2.71.1 as + collation as IN "" 1 3 2.16.840.1.113730.3.3.2.72.1 as-IN + collation az "" "" 1 3 2.16.840.1.113730.3.3.2.73.1 az + collation az Latn "" 1 3 2.16.840.1.113730.3.3.2.74.1 az-Latn +-collation az Latn_AZ "" 1 3 2.16.840.1.113730.3.3.2.75.1 az-Latn-AZ ++collation az Latn AZ 1 3 2.16.840.1.113730.3.3.2.75.1 az-Latn-AZ + collation bn "" "" 1 3 2.16.840.1.113730.3.3.2.76.1 bn + collation bn BD "" 1 3 2.16.840.1.113730.3.3.2.77.1 bn-BD + collation bn IN "" 1 3 2.16.840.1.113730.3.3.2.78.1 bn-IN +@@ -189,8 +189,8 @@ collation ha Latn NG 1 3 2.16.840.1.113730.3.3.2.172.1 ha-Latn-NG + collation he "" "" 1 3 2.16.840.1.113730.3.3.2.173.1 he he-IL + collation hi "" "" 1 3 2.16.840.1.113730.3.3.2.174.1 hi hi-IN + collation hy "" "" 1 3 2.16.840.1.113730.3.3.2.175.1 hy hy-AM +-collation id "" "" 1 3 2.16.840.1.113730.3.3.2.176.1 id-ID +-collation id ID "" 1 3 2.16.840.1.113730.3.3.2.177.1 ig-NG ++collation id "" "" 1 3 2.16.840.1.113730.3.3.2.176.1 id id-ID ++collation ig "" "" 1 3 2.16.840.1.113730.3.3.2.177.1 ig ig-NG + collation it IT "" 1 3 2.16.840.1.113730.3.3.2.178.1 it-IT + collation ka "" "" 1 3 2.16.840.1.113730.3.3.2.179.1 ka + collation ka GE "" 1 3 2.16.840.1.113730.3.3.2.180.1 ka-GE +@@ -224,9 +224,9 @@ collation ru MD "" 1 3 2.16.840.1.113730.3.3.2.207.1 ru-MD + collation ru RU "" 1 3 2.16.840.1.113730.3.3.2.208.1 ru-RU + collation ru UA "" 1 3 2.16.840.1.113730.3.3.2.209.1 ru-UA + collation si "" "" 1 3 2.16.840.1.113730.3.3.2.210.1 si si-LK +-collation sk "" "" 1 3 2.16.840.1.113730.3.3.2.211.1 sk sk-SK +-collation sl "" "" 1 3 2.16.840.1.113730.3.3.2.212.1 sl sl-SI +-collation sq "" "" 1 3 2.16.840.1.113730.3.3.2.213.1 sq sq-AL ++collation sk SK "" 1 3 2.16.840.1.113730.3.3.2.211.1 sk-SK ++collation sl SI "" 1 3 2.16.840.1.113730.3.3.2.212.1 sl-SI ++collation sq AL "" 1 3 2.16.840.1.113730.3.3.2.213.1 sq-AL + collation sr Cyrl "" 1 3 2.16.840.1.113730.3.3.2.214.1 sr-Cyrl + collation sr Cyrl BA 1 3 2.16.840.1.113730.3.3.2.215.1 sr-Cyrl-BA + collation sr Cyrl ME 1 3 2.16.840.1.113730.3.3.2.216.1 sr-Cyrl-ME +-- +2.4.11 + diff --git a/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch b/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch deleted file mode 100644 index 5ad4f0c..0000000 --- a/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 422028f6589250523c8a8669827bd0cccc347090 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 20 Jul 2015 11:18:12 -0400 -Subject: [PATCH 27/30] Ticket 47910 - logconv.pl - check that the end time is - greater than the start time - -Bug Description: There is no check if the end time is greater than the start time. - This leads to an empty report being generated, when an error - should be returned instead. - -Fix Description: If start and end time are used, validate that the end time is - greater than the start time. - - Also, improved an error message when the tool options are not - correctly used. - -https://fedorahosted.org/389/ticket/47910 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 34ffa6c44734b99c252e7585bb499089ac8e6a67) -(cherry picked from commit 16b95b12d26fb293d68be154c602398798353bb8) ---- - ldap/admin/src/logconv.pl | 22 +++++++++++++++++----- - 1 file changed, 17 insertions(+), 5 deletions(-) - -diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl -index d26e91e..0038a03 100755 ---- a/ldap/admin/src/logconv.pl -+++ b/ldap/admin/src/logconv.pl -@@ -148,14 +148,13 @@ while($arg_count <= $#ARGV){ - } - - if($file_count == 0){ -- if($reportStatsSecFile or $reportStatsMinFile){ -- print "Usage error for option -m or -M, either the output file or access log is missing!\n\n"; -- } else { -- print "There are no access logs specified!\n\n"; -- } -+ print "There are no access logs specified, or the tool options have not been used correctly!\n"; - exit 1; - } - -+# -+# Initialize the statistic blocks -+# - if ($reportStatsSecFile) { - $s_stats = new_stats_block($reportStatsSecFile); - $reportStats = "-m"; -@@ -357,6 +356,19 @@ my %monthname = ( - - ); - -+# -+# Validate start/end times (if specified) -+# -+if ($startTime and $endTime){ -+ # Make sure the end time is not earlier than the start time -+ my $testStart = convertTimeToSeconds($startTime); -+ my $testEnd = convertTimeToSeconds($endTime); -+ if ($testStart > $testEnd){ -+ print "Start time ($startTime) is greater than end time ($endTime)!\n"; -+ exit 1; -+ } -+} -+ - my $linesProcessed; - my $lineBlockCount; - my $cursize = 0; --- -1.9.3 - diff --git a/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch b/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch new file mode 100644 index 0000000..7e2dfcf --- /dev/null +++ b/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch @@ -0,0 +1,111 @@ +From 8afc979b47994c8bebae22868b86761590231e09 Mon Sep 17 00:00:00 2001 +From: William Brown +Date: Fri, 29 Jul 2016 14:36:19 +1000 +Subject: [PATCH 27/29] Ticket 48450 - Add prestart work around for systemd ask + password + +Bug Description: Due to a lack of response to fix the systemd ask password +permissions, we must resolve this ourselves. Without this, we cannot utilise +the ask password feature at all. + +Fix Description: We add an execstartpre script, that parses dse.ldif for +the running server user. If found, we add the acl to ask-password directory +which will allow the server to start. We do this so that if each instance +has a unique user, they can all use ask pass correctly. + +https://fedorahosted.org/389/ticket/48450 + +Author: wibrown + +Review by: nhosoi (Thanks) + +(cherry picked from commit e6b48924adb753f47683f25fab6e2b8e5d3cf84c) +--- + Makefile.am | 3 ++- + wrappers/ds_systemd_ask_password_acl.in | 34 +++++++++++++++++++++++++++++++ + wrappers/systemd.template.asan.service.in | 1 + + wrappers/systemd.template.service.in | 1 + + 4 files changed, 38 insertions(+), 1 deletion(-) + create mode 100644 wrappers/ds_systemd_ask_password_acl.in + +diff --git a/Makefile.am b/Makefile.am +index ed3d462..3e1bf47 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -620,7 +620,8 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \ + ldap/admin/src/scripts/dbmon.sh \ + ldap/admin/src/scripts/ds_selinux_enabled \ + ldap/admin/src/scripts/ds_selinux_port_query \ +- wrappers/ldap-agent ++ wrappers/ds_systemd_ask_password_acl \ ++ wrappers/ldap-agent + + bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \ + wrappers/dbscan \ +diff --git a/wrappers/ds_systemd_ask_password_acl.in b/wrappers/ds_systemd_ask_password_acl.in +new file mode 100644 +index 0000000..59bffc5 +--- /dev/null ++++ b/wrappers/ds_systemd_ask_password_acl.in +@@ -0,0 +1,34 @@ ++#!/bin/sh ++# BEGIN COPYRIGHT BLOCK ++# Copyright (C) 2016 Red Hat, Inc. ++# ++# All rights reserved. ++# ++# License: GPL (version 3 or any later version). ++# See LICENSE for details. ++# END COPYRIGHT BLOCK ++ ++# Systemd has not fixed the issue at https://bugzilla.redhat.com/show_bug.cgi?id=1322167 ++# As a result, we need a way to fix the permissions as we start. ++# We have to reset these each time, as this folder is on a tmpfs. ++# If we don't do this, we can't prompt for the password! ++# If you want this script to go away, fix the bugzilla so we don't need it! ++ ++# Make sure we have the path to the dse.ldif ++if [ -z $1 ] ++then ++ echo "usage: ${0} /etc/dirsrv/slapd-/dse.ldif" ++ exit 1 ++fi ++ ++# Grep the user out ++ ++DS_USER=`grep 'nsslapd-localuser: ' $1 | awk '{print $2}'` ++ ++# Now apply the acl ++ ++if [ -d /var/run/systemd/ask-password ] ++then ++ setfacl -m u:${DS_USER}:rwx /var/run/systemd/ask-password ++fi ++ +diff --git a/wrappers/systemd.template.asan.service.in b/wrappers/systemd.template.asan.service.in +index dd361b4..5de91de 100644 +--- a/wrappers/systemd.template.asan.service.in ++++ b/wrappers/systemd.template.asan.service.in +@@ -25,6 +25,7 @@ PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid + # We can't symbolize here, as llvm symbolize crashes when it goes near systemd. + Environment='ASAN_OPTIONS="detect_leaks=1 symbolize=0 log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.asan detect_deadlocks=1"' + LimitCORE=infinity ++ExecStartPre=@sbindir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif + ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid + # if you need to set other directives e.g. LimitNOFILE=8192 + # set them in this file +diff --git a/wrappers/systemd.template.service.in b/wrappers/systemd.template.service.in +index a045036..6f096b7 100644 +--- a/wrappers/systemd.template.service.in ++++ b/wrappers/systemd.template.service.in +@@ -22,6 +22,7 @@ Type=notify + EnvironmentFile=@initconfigdir@/@package_name@ + EnvironmentFile=@initconfigdir@/@package_name@-%i + PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid ++ExecStartPre=@sbindir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif + ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid + # if you need to set other directives e.g. LimitNOFILE=8192 + # set them in this file +-- +2.4.11 + diff --git a/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch new file mode 100644 index 0000000..bad5476 --- /dev/null +++ b/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch @@ -0,0 +1,115 @@ +From 0f22cc8a2ab2a968b5ff0878b81bb5d39fa5a35e Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Tue, 26 Jul 2016 18:08:38 -0700 +Subject: [PATCH 28/29] Bug 1347760 - CVE-2016-4992 389-ds-base: Information + disclosure via repeated use of LDAP ADD operation, etc. + +Description: +1. When an account is inactivated, the error UNWILLING_TO_PERFORM with + the inactivated message should be returned only when the bind is + successful. +2. When SASL bind fails, instead of returning the cause of the failure + directly to the client, but logging it in the access log. + +https://bugzilla.redhat.com/show_bug.cgi?id=1347760 + +Reviewed by wibrown@redhat.com (Thank you, William!) + +(cherry picked from commit b8767d510d11c7cbfede24daaae3348b9f028f47) +--- + ldap/servers/slapd/bind.c | 49 ++++++++++++++++++++----------------------- + ldap/servers/slapd/saslbind.c | 4 ++-- + 2 files changed, 25 insertions(+), 28 deletions(-) + +diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c +index 702d4c2..c271577 100644 +--- a/ldap/servers/slapd/bind.c ++++ b/ldap/servers/slapd/bind.c +@@ -720,25 +720,6 @@ do_bind( Slapi_PBlock *pb ) + } + } + } +- +- /* +- * Is this account locked ? +- * could be locked through the account inactivation +- * or by the password policy +- * +- * rc=0: account not locked +- * rc=1: account locked, can not bind, result has been sent +- * rc!=0 and rc!=1: error. Result was not sent, lets be_bind +- * deal with it. +- * +- */ +- +- /* get the entry now, so that we can give it to slapi_check_account_lock and reslimit_update_from_dn */ +- if (! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) { +- bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn)); +- rc = slapi_check_account_lock ( pb, bind_target_entry, pw_response_requested, 1, 1); +- } +- + slapi_pblock_set( pb, SLAPI_PLUGIN, be->be_database ); + set_db_default_result_handlers(pb); + if ( (rc != 1) && +@@ -777,6 +758,28 @@ do_bind( Slapi_PBlock *pb ) + + if ( rc == SLAPI_BIND_SUCCESS ) { + int myrc = 0; ++ /* ++ * The bind is successful. ++ * We can give it to slapi_check_account_lock and reslimit_update_from_dn. ++ */ ++ /* ++ * Is this account locked ? ++ * could be locked through the account inactivation ++ * or by the password policy ++ * ++ * rc=0: account not locked ++ * rc=1: account locked, can not bind, result has been sent ++ * rc!=0 and rc!=1: error. Result was not sent, lets be_bind ++ * deal with it. ++ * ++ */ ++ if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) { ++ bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn)); ++ rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1); ++ if (1 == rc) { /* account is locked */ ++ goto account_locked; ++ } ++ } + if (!auto_bind) { + /* + * There could be a race that bind_target_entry was not added +@@ -787,13 +790,7 @@ do_bind( Slapi_PBlock *pb ) + if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA) && + !bind_target_entry) { + bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn)); +- if (bind_target_entry) { +- myrc = slapi_check_account_lock(pb, bind_target_entry, +- pw_response_requested, 1, 1); +- if (1 == myrc) { /* account is locked */ +- goto account_locked; +- } +- } else { ++ if (!bind_target_entry) { + slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry"); + send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL); + goto free_and_return; +diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c +index 37175f4..742987e 100644 +--- a/ldap/servers/slapd/saslbind.c ++++ b/ldap/servers/slapd/saslbind.c +@@ -1051,8 +1051,8 @@ sasl_check_result: + errstr = sasl_errdetail(sasl_conn); + + PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ +- send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, +- (char*)errstr, 0, NULL); ++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, (void *)errstr); ++ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL); + break; + } + +-- +2.4.11 + diff --git a/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch b/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch deleted file mode 100644 index 4ad70ad..0000000 --- a/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 53e51059c4e95fab6c3601952069191343fe92b3 Mon Sep 17 00:00:00 2001 -From: Rich Megginson -Date: Mon, 20 Jul 2015 10:31:46 -0600 -Subject: [PATCH 28/30] Ticket #48224 - redux 2 - logconv.pl should handle - *.tar.xz, *.txz, *.xz log files - -https://fedorahosted.org/389/ticket/48224 -Reviewed by: nhosoi (Thanks!) -Branch: 389-ds-base-1.3.4 -Fix Description: Use $? instead of $! to get pipe errors. -Platforms tested: Fedora 21, RHEL 7.2 candidate -Flag Day: no -Doc impact: no - -(cherry picked from commit 29043c5716a1bc8364689d518cb4e35722eaaf77) -(cherry picked from commit 0e31d818366e846f45c60b2c24bdb8026a82c048) ---- - ldap/admin/src/logconv.pl | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl -index 0038a03..3113f8a 100755 ---- a/ldap/admin/src/logconv.pl -+++ b/ldap/admin/src/logconv.pl -@@ -437,9 +437,9 @@ sub doUncompress { - # so use the xz command directly - # NOTE: This doesn't work if the argument is a file handle e.g. from - # Archive::Tar -- $! = 0; # clear -- if (!open($TARFH, "xz -dc $_ |") or $!) { -- openFailed($!, $_); -+ $? = 0; # clear -+ if (!open($TARFH, "xz -dc $_ |") or $?) { -+ openFailed($?, $_); - return; - } - } else { --- -1.9.3 - diff --git a/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch new file mode 100644 index 0000000..d41f609 --- /dev/null +++ b/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch @@ -0,0 +1,40 @@ +From 114221f292d0f8609d98bdad59feb3d460639673 Mon Sep 17 00:00:00 2001 +From: Ludwig Krispenz +Date: Thu, 4 Aug 2016 11:45:49 -0700 +Subject: [PATCH 29/29] Bug 1347760 - CVE-2016-4992 389-ds-base: Information + disclosure via repeated use of LDAP ADD operation, etc. + +Description: do not overwrite rc used to decide if bind was successful. +When the bind is through ldapi/autobind, an entry does not exist to be +checked with slapi_check_account_lock. In that case, a variable rc is +not supposed to be modified which confuses the following code path. + +Reviewed by nhosoi@redhat.com. + +(cherry picked from commit caa351ae0cc81cbf2309a43c5f74b359cda152d0) +--- + ldap/servers/slapd/bind.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c +index c271577..3054c1f 100644 +--- a/ldap/servers/slapd/bind.c ++++ b/ldap/servers/slapd/bind.c +@@ -775,10 +775,12 @@ do_bind( Slapi_PBlock *pb ) + */ + if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) { + bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn)); +- rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1); +- if (1 == rc) { /* account is locked */ ++ myrc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1); ++ if (1 == myrc) { /* account is locked */ ++ rc = myrc; + goto account_locked; + } ++ myrc = 0; + } + if (!auto_bind) { + /* +-- +2.4.11 + diff --git a/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch b/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch deleted file mode 100644 index a162506..0000000 --- a/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 4c275349c72a01803b772717ee29e7ac6f9a903f Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 20 Jul 2015 14:22:05 -0400 -Subject: [PATCH 29/30] Ticket 48206 - Crash during retro changelog trimming - -Bug Description: If the retro changelog entry is small, its possible that - during the trimming the reto changelog entry is not in the - cache after the trim, but its tries to blindly unlock it - from the cache, which leads to a crash. - -FIx Description: After we call the post op plugins and retrieve the entry - from the cache, double check that it was found. If it - is not found, do not unlock it. - -https://fedorahosted.org/389/ticket/48206 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 2a8a8c8ced5849dada34ab28d79e87dd3636e413) -(cherry picked from commit 6d439887b99da557e8d7bc0c611d9afa909fdce7) ---- - ldap/servers/slapd/back-ldbm/ldbm_delete.c | 27 +++++++++++++++++---------- - 1 file changed, 17 insertions(+), 10 deletions(-) - -diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c -index 59c1f76..f31d545 100644 ---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c -+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c -@@ -1257,17 +1257,24 @@ ldbm_back_delete( Slapi_PBlock *pb ) - CACHE_RETURN(&inst->inst_cache, &e); - } - } -- if (cache_is_in_cache(&inst->inst_cache, e)) { -- ep_id = e->ep_id; /* Otherwise, e might have been freed. */ -- CACHE_REMOVE(&inst->inst_cache, e); -- } -- cache_unlock_entry(&inst->inst_cache, e); -- CACHE_RETURN(&inst->inst_cache, &e); -- /* -- * e is unlocked and no longer in cache. -- * It could be freed at any moment. -+ -+ /* -+ * e could have been replaced by cache_find_id(), recheck if it's NULL -+ * before trying to unlock it, etc. - */ -- e = NULL; -+ if (e) { -+ if (cache_is_in_cache(&inst->inst_cache, e)) { -+ ep_id = e->ep_id; /* Otherwise, e might have been freed. */ -+ CACHE_REMOVE(&inst->inst_cache, e); -+ } -+ cache_unlock_entry(&inst->inst_cache, e); -+ CACHE_RETURN(&inst->inst_cache, &e); -+ /* -+ * e is unlocked and no longer in cache. -+ * It could be freed at any moment. -+ */ -+ e = NULL; -+ } - - if (entryrdn_get_switch() && ep_id) { /* subtree-rename: on */ - /* since the op was successful, delete the tombstone dn from the dn cache */ --- -1.9.3 - diff --git a/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch b/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch deleted file mode 100644 index b6a5197..0000000 --- a/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch +++ /dev/null @@ -1,222 +0,0 @@ -From bc26583d161168ce664d160592a30abbd98b9a1f Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 22 Jul 2015 09:41:46 -0700 -Subject: [PATCH 30/30] Ticket #48010 - winsync range retrieval gets only 5000 - values upon initialization - -Description: Search with DirSync control does not support range subtype. -On WS2012, it returns all the multi-valued attribute values regardless -of MaxValRange, but on WS2008, it cuts at the physical limit 5000. -This patch does not rely on the entry returned by the DirySync search. - -Also, since DirSync search does not support the range subtype, removing -the range related code from the DirSync search. - -Researched and tested by vashirov@redhat.com (Thank you, Viktor!!) -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -https://fedorahosted.org/389/ticket/48010 -(cherry picked from commit c6b211f8ea4970623f8ac1b365d040756d46bf3c) -(cherry picked from commit d9af22eb940353c0692b6d73cc0a2d6998311498) ---- - .../plugins/replication/windows_connection.c | 21 ++----- - ldap/servers/plugins/replication/windows_private.c | 70 ---------------------- - .../plugins/replication/windows_protocol_util.c | 21 +++++-- - ldap/servers/plugins/replication/windowsrepl.h | 5 -- - 4 files changed, 21 insertions(+), 96 deletions(-) - -diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c -index 5db43a5..a06a07e 100644 ---- a/ldap/servers/plugins/replication/windows_connection.c -+++ b/ldap/servers/plugins/replication/windows_connection.c -@@ -821,7 +821,6 @@ send_dirsync_search(Repl_Connection *conn) - const char *old_dn = slapi_sdn_get_ndn( windows_private_get_windows_subtree(conn->agmt) ); - /* LDAP_SERVER_DIRSYNC_OID requires the search base Naming Context */ - char *dn = slapi_ch_strdup(strstr(old_dn, "dc=")); -- char **exattrs = NULL; - - if (conn->supports_dirsync == 0) - { -@@ -847,10 +846,6 @@ send_dirsync_search(Repl_Connection *conn) - - winsync_plugin_call_dirsync_search_params_cb(conn->agmt, old_dn, &dn, &scope, &filter, - &attrs, &server_controls); -- exattrs = windows_private_get_range_attrs(conn->agmt); -- charray_merge(&attrs, exattrs, 0 /* pass in */); -- slapi_ch_free((void **)&exattrs); /* strings are passed in */ -- - LDAPDebug( LDAP_DEBUG_REPL, "Sending dirsync search request\n", 0, 0, 0 ); - - rc = ldap_search_ext( conn->ld, dn, scope, filter, attrs, PR_FALSE, server_controls, -@@ -1010,20 +1005,14 @@ Slapi_Entry * windows_conn_get_search_result(Repl_Connection *conn) - { - if (( dn = ldap_get_dn( conn->ld, res )) != NULL ) - { -- char **exattrs = NULL; - slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"received entry from dirsync: %s\n", dn); - lm = ldap_first_entry( conn->ld, res ); -- e = windows_private_get_curr_entry(conn->agmt); /* if range search, e != NULL */ -- e = windows_LDAPMessage2Entry(e, conn, lm, 0, &exattrs); -+ /* -+ * we don't have to retrieve all the members here. -+ * here, we have to make sure to get the entry once. -+ */ -+ e = windows_LDAPMessage2Entry(e, conn, lm, 0, NULL); - ldap_memfree(dn); -- if (exattrs) { -- /* some attribute returned ";range=low-high" */ -- windows_private_set_curr_entry(conn->agmt, e); -- windows_private_set_range_attrs(conn->agmt, exattrs); -- } else { -- windows_private_set_curr_entry(conn->agmt, NULL); -- windows_private_set_range_attrs(conn->agmt, NULL); -- } - } - } - break; -diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c -index f5cb44e..c118236 100644 ---- a/ldap/servers/plugins/replication/windows_private.c -+++ b/ldap/servers/plugins/replication/windows_private.c -@@ -1570,76 +1570,6 @@ windows_private_set_move_action(const Repl_Agmt *ra, int value) - LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_move_action\n" ); - } - --/* Get entry being retrieved; used for the range retrieval */ --Slapi_Entry * --windows_private_get_curr_entry(const Repl_Agmt *ra) --{ -- Dirsync_Private *dp; -- -- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_curr_entry\n" ); -- -- PR_ASSERT(ra); -- -- dp = (Dirsync_Private *) agmt_get_priv(ra); -- PR_ASSERT (dp); -- -- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_curr_entry\n" ); -- -- return dp->curr_entry; --} -- --/* Set entry being retrieved; used for the range retrieval */ --void --windows_private_set_curr_entry(const Repl_Agmt *ra, Slapi_Entry *e) --{ -- Dirsync_Private *dp; -- -- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_curr_entry\n" ); -- -- PR_ASSERT(ra); -- -- dp = (Dirsync_Private *) agmt_get_priv(ra); -- PR_ASSERT (dp); -- dp->curr_entry = e; -- -- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_curr_entry\n" ); --} -- --/* Get next range retrieval attributes */ --char ** --windows_private_get_range_attrs(const Repl_Agmt *ra) --{ -- Dirsync_Private *dp; -- -- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_range_attrs\n" ); -- -- PR_ASSERT(ra); -- -- dp = (Dirsync_Private *) agmt_get_priv(ra); -- PR_ASSERT (dp); -- -- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_range_attrs\n" ); -- -- return dp->range_attrs; --} -- --/* Set next range retrieval attributes */ --void --windows_private_set_range_attrs(const Repl_Agmt *ra, char **attrs) --{ -- Dirsync_Private *dp; -- -- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_move_action\n" ); -- -- PR_ASSERT(ra); -- -- dp = (Dirsync_Private *) agmt_get_priv(ra); -- PR_ASSERT (dp); -- dp->range_attrs = attrs; -- -- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_move_action\n" ); --} -- - static PRCallOnceType winsync_callOnce = {0,0}; - - struct winsync_plugin { -diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c -index 6bf20b7..4cfa20d 100644 ---- a/ldap/servers/plugins/replication/windows_protocol_util.c -+++ b/ldap/servers/plugins/replication/windows_protocol_util.c -@@ -5847,6 +5847,9 @@ windows_process_dirsync_entry(Private_Repl_Protocol *prp,Slapi_Entry *e, int is_ - /* Is this entry one we should be interested in ? */ - if (is_subject_of_agreement_remote(e,prp->agmt)) - { -+ ConnResult cres = 0; -+ const char *searchbase = slapi_entry_get_dn_const(e); -+ char *filter = "(objectclass=*)"; - retry: - /* First make its local DN */ - rc = map_entry_dn_inbound(e, &local_sdn, prp->agmt); -@@ -5902,7 +5905,19 @@ retry: - /* If it doesn't exist, try to make it */ - if (add_local_entry_allowed(prp,e)) - { -- windows_create_local_entry(prp,e,local_sdn); -+ found_entry = NULL; -+ /* -+ * BZ 1172037: Search with DirSync Control does not return the range subtype. -+ * Re-search the entry to get all the attribute values over hard limit MaxValRange -+ * on 2008R2. Note: 2012R2 does not have the hard limit. -+ * If we stop supporting 2008R2, this windows_search_entry_ext call can be removed. -+ */ -+ cres = windows_search_entry_ext(prp->conn, (char*)searchbase, -+ filter, &found_entry, NULL, LDAP_SCOPE_BASE); -+ if (found_entry) { -+ e = found_entry; -+ } -+ windows_create_local_entry(prp, e, local_sdn); - } else - { - slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: not allowed to add entry %s.\n",agmt_get_long_name(prp->agmt) -@@ -5918,10 +5933,6 @@ retry: - * We search Windows with the dn and retry using the found - * entry. - */ -- ConnResult cres = 0; -- const char *searchbase = slapi_entry_get_dn_const(e); -- char *filter = "(objectclass=*)"; -- - retried = 1; - cres = windows_search_entry_ext(prp->conn, (char*)searchbase, - filter, &found_entry, NULL, LDAP_SCOPE_BASE); -diff --git a/ldap/servers/plugins/replication/windowsrepl.h b/ldap/servers/plugins/replication/windowsrepl.h -index fd80212..66f4804 100644 ---- a/ldap/servers/plugins/replication/windowsrepl.h -+++ b/ldap/servers/plugins/replication/windowsrepl.h -@@ -66,11 +66,6 @@ void windows_private_set_one_way(const Repl_Agmt *ra, PRBool value); - int windows_private_get_move_action(const Repl_Agmt *ra); - void windows_private_set_move_action(const Repl_Agmt *ra, int value); - --Slapi_Entry *windows_private_get_curr_entry(const Repl_Agmt *ra); --void windows_private_set_curr_entry(const Repl_Agmt *ra, Slapi_Entry *e); --char **windows_private_get_range_attrs(const Repl_Agmt *ra); --void windows_private_set_range_attrs(const Repl_Agmt *ra, char **attrs); -- - void windows_private_set_directory_userfilter(const Repl_Agmt *ra, char *filter); - void windows_private_set_windows_userfilter(const Repl_Agmt *ra, char *filter); - const char* windows_private_get_directory_userfilter(const Repl_Agmt *ra); --- -1.9.3 - diff --git a/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch new file mode 100644 index 0000000..39bef22 --- /dev/null +++ b/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch @@ -0,0 +1,37 @@ +From 741e8534323f6b7eb5565f8ec09ab2731e52735b Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Thu, 4 Aug 2016 13:26:44 -0700 +Subject: [PATCH] Ticket bz1358565 - clear and unsalted password types are + vulnerable to timing attack + +Description: Build fails with the commit f0e03b5a51972a125fe78f448d1f68e288782d1e: + error: 'for' loop initial declarations are only allowed in C99 mode + for (size_t i = 0; i < n; i++) { + ^ +Moved "size_t i;" to the top of slapi_ct_memcmp. +--- + ldap/servers/slapd/ch_malloc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/ch_malloc.c b/ldap/servers/slapd/ch_malloc.c +index a38268c..705ea86 100644 +--- a/ldap/servers/slapd/ch_malloc.c ++++ b/ldap/servers/slapd/ch_malloc.c +@@ -374,12 +374,13 @@ slapi_ct_memcmp( const void *p1, const void *p2, size_t n) + int result = 0; + const unsigned char *_p1 = (const unsigned char *)p1; + const unsigned char *_p2 = (const unsigned char *)p2; ++ size_t i; + + if (_p1 == NULL || _p2 == NULL) { + return 2; + } + +- for (size_t i = 0; i < n; i++) { ++ for (i = 0; i < n; i++) { + if (_p1[i] ^ _p2[i]) { + result = 1; + } +-- +2.4.11 + diff --git a/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch b/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch deleted file mode 100644 index 1464ae9..0000000 --- a/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch +++ /dev/null @@ -1,47 +0,0 @@ -From bf8da26adf08db15ae2cbaeadb40f62af6c52037 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 29 Jul 2015 11:26:22 -0700 -Subject: [PATCH 31/39] Ticket #48232 - winsync lastlogon attribute not syncing - between DS and AD. - -Bug Description: -From Microsoft forum: - The DirSync control taps into the replication stream to get the necessary - changes. Since lastLogon is not replicated, it isn't available via the - DirSync control. -Additional notes: - The lastLogon attribute is not replicated. - In contrast the lastLogontimeStamp attribute is replicated. - -Fix Description: - Instead of lastLogon|lastLogoff, sync lastLogonTimestamp|lastLogoffTimestamp - which are the target of DirSync, to ntUserLastLogon|ntUserLastLogoff. - -https://fedorahosted.org/389/ticket/48232 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit 0db29788e6c1b17f944fcafa368b66580e1e90d5) -(cherry picked from commit b81adb0bc8ad97fec50fba30454e94858476bad5) ---- - ldap/servers/plugins/replication/windows_protocol_util.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c -index 4cfa20d..5c12af7 100644 ---- a/ldap/servers/plugins/replication/windows_protocol_util.c -+++ b/ldap/servers/plugins/replication/windows_protocol_util.c -@@ -194,8 +194,8 @@ static windows_attribute_map user_attribute_map[] = - { - { "homeDirectory", "ntUserHomeDir", bidirectional, always, normal}, - { "scriptPath", "ntUserScriptPath", bidirectional, always, normal}, -- { "lastLogon", "ntUserLastLogon", fromwindowsonly, always, normal}, -- { "lastLogoff", "ntUserLastLogoff", fromwindowsonly, always, normal}, -+ { "lastLogonTimestamp", "ntUserLastLogon", fromwindowsonly, always, normal}, -+ { "lastLogoffTimestamp", "ntUserLastLogoff", fromwindowsonly, always, normal}, - { "accountExpires", "ntUserAcctExpires", bidirectional, always, normal}, - { "codePage", "ntUserCodePage", bidirectional, always, normal}, - { "logonHours", "ntUserLogonHours", bidirectional, always, normal}, --- -1.9.3 - diff --git a/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch b/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch new file mode 100644 index 0000000..df4c700 --- /dev/null +++ b/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch @@ -0,0 +1,76 @@ +From 1d4ad57ad50a33b8a1ef2db7d592f2adb09c3083 Mon Sep 17 00:00:00 2001 +From: William Brown +Date: Mon, 8 Aug 2016 13:56:02 +1000 +Subject: [PATCH 31/32] Ticket 48450 - Autotools components for + ds_systemd_ask_password_acl + +Bug Description: William forgot to add the Makefile.in to the commit. This was +found in the rpm build because it does not run autoreconf to regenerate the +Makefile.in, manifiesting as a missing file. + +Fix Description: Commit Makefile.in + +https://fedorahosted.org/389/ticket/48450 + +Author: wibrown + +Review by: nhosoi@redhat.com + +(cherry picked from commit c5e4ca4e1e0f1ab8be60df7453e6f0b126e6581c) +--- + Makefile.in | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 8109469..6788fe1 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -2044,7 +2044,8 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \ + ldap/admin/src/scripts/dbmon.sh \ + ldap/admin/src/scripts/ds_selinux_enabled \ + ldap/admin/src/scripts/ds_selinux_port_query \ +- wrappers/ldap-agent ++ wrappers/ds_systemd_ask_password_acl \ ++ wrappers/ldap-agent + + bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \ + wrappers/dbscan \ +@@ -10359,7 +10360,7 @@ distdir: $(DISTFILES) + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" + dist-gzip: distdir +- tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz ++ tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz + $(am__post_remove_distdir) + dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 +@@ -10384,7 +10385,7 @@ dist-shar: distdir + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 +- shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz ++ shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz + $(am__post_remove_distdir) + + dist-zip: distdir +@@ -10402,7 +10403,7 @@ dist dist-all: + distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ +- GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ ++ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lz*) \ +@@ -10412,7 +10413,7 @@ distcheck: dist + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ +- GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ ++ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac +-- +2.4.11 + diff --git a/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch b/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch deleted file mode 100644 index f9682d7..0000000 --- a/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch +++ /dev/null @@ -1,39 +0,0 @@ -From ddf6d5dfd566d44a10af342d049f22b5dbe26381 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 30 Jul 2015 11:07:40 -0700 -Subject: [PATCH 32/39] Ticket #48231 - logconv autobind handling regression - caused by 47446 - -Description: When there are autobinds with ldapi, the tool fails with -an syntax error: - Use of uninitialized value in transliteration (tr///) at /Local/dirsrv/bin/logconv.pl line 2018, <$LOGFH> line 207. - Use of uninitialized value $tmpp in hash element at /Local/dirsrv/bin/logconv.pl line 2019, <$LOGFH> line 207. - -Thanks for providing the fix and testing it, pj101 and rmeggins@redhat.com. - -Reviewed by nhosoi@redhat.com. - -https://fedorahosted.org/389/ticket/48231 -(cherry picked from commit 44a223f73a537445976a77af1652515ea46f970b) -(cherry picked from commit e7fc14305e7e431034d5e076f31d2ee22742578f) ---- - ldap/admin/src/logconv.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl -index 3113f8a..9cd9aaa 100755 ---- a/ldap/admin/src/logconv.pl -+++ b/ldap/admin/src/logconv.pl -@@ -2025,8 +2025,8 @@ sub parseLineNormal - if($1 eq $rootDN){ - $rootDNBindCount++; - } -+ $tmpp = $1; - if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){ -- $tmpp = $1; - $tmpp =~ tr/A-Z/a-z/; - $hashes->{bindlist}->{$tmpp}++; - } --- -1.9.3 - diff --git a/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch new file mode 100644 index 0000000..8a84fdc --- /dev/null +++ b/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch @@ -0,0 +1,27 @@ +From bf87f952dc7a07786ddb9e895a956505cd951cf3 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Mon, 8 Aug 2016 10:12:33 -0700 +Subject: [PATCH 32/32] Ticket bz1358565 - clear and unsalted password types + are vulnerable to timing attack + +Description: Fixing a compiler warning introduced by commit +f0e03b5a51972a125fe78f448d1f68e288782d1e. +--- + ldap/servers/plugins/pwdstorage/clear_pwd.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c +index 2afe16e..b9b362d 100644 +--- a/ldap/servers/plugins/pwdstorage/clear_pwd.c ++++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c +@@ -26,7 +26,6 @@ int + clear_pw_cmp( const char *userpwd, const char *dbpwd ) + { + int result = 0; +- int len = 0; + int len_user = strlen(userpwd); + int len_dbp = strlen(dbpwd); + if ( len_user != len_dbp ) { +-- +2.4.11 + diff --git a/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch b/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch deleted file mode 100644 index 2803014..0000000 --- a/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch +++ /dev/null @@ -1,182 +0,0 @@ -From 0536984f7b3e9d6e143936b0eda92b510f63d304 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 4 Aug 2015 12:15:31 -0400 -Subject: [PATCH 33/39] Ticket 47810 - memberOf plugin not properly rejecting - updates - -Bug Description: When the memberOf plugin tries to add memberOf attribute to - an entry during a mod-replace on a group, even though the - update to the user entry fails, but plugin still allows - the member to be added to the group. - -Fix Description: During a mod/replace check and return an error if the member - update fails. - -https://fedorahosted.org/389/ticket/47810 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit eb54f03e240402a4bd16f9cde1d66539805f56ea) -(cherry picked from commit b4b6adcec7d810c7893fd9cb888fa906b9ffa836) ---- - dirsrvtests/suites/betxns/betxn_test.py | 64 +++++++++++++++++++++++++++++++- - ldap/servers/plugins/memberof/memberof.c | 13 ++++--- - 2 files changed, 70 insertions(+), 7 deletions(-) - -diff --git a/dirsrvtests/suites/betxns/betxn_test.py b/dirsrvtests/suites/betxns/betxn_test.py -index 93c4c31..5da6e50 100644 ---- a/dirsrvtests/suites/betxns/betxn_test.py -+++ b/dirsrvtests/suites/betxns/betxn_test.py -@@ -3,7 +3,7 @@ - # All rights reserved. - # - # License: GPL (version 3 or any later version). --# See LICENSE for details. -+# See LICENSE for details. - # --- END COPYRIGHT BLOCK --- - # - import os -@@ -174,6 +174,67 @@ def test_betxn_attr_uniqueness(topology): - log.info('test_betxn_attr_uniqueness: PASSED') - - -+def test_betxn_memberof(topology): -+ ENTRY1_DN = 'cn=group1,' + DEFAULT_SUFFIX -+ ENTRY2_DN = 'cn=group2,' + DEFAULT_SUFFIX -+ PLUGIN_DN = 'cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config' -+ -+ # Enable and configure memberOf plugin -+ topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF) -+ try: -+ topology.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'member')]) -+ except ldap.LDAPError, e: -+ log.fatal('test_betxn_memberof: Failed to update config(member): error ' + e.message['desc']) -+ assert False -+ -+ # Add our test entries -+ try: -+ topology.standalone.add_s(Entry((ENTRY1_DN, {'objectclass': "top groupofnames".split(), -+ 'cn': 'group1'}))) -+ except ldap.LDAPError, e: -+ log.error('test_betxn_memberof: Failed to add group1:' + -+ ENTRY1_DN + ', error ' + e.message['desc']) -+ assert False -+ -+ try: -+ topology.standalone.add_s(Entry((ENTRY2_DN, {'objectclass': "top groupofnames".split(), -+ 'cn': 'group1'}))) -+ except ldap.LDAPError, e: -+ log.error('test_betxn_memberof: Failed to add group2:' + -+ ENTRY2_DN + ', error ' + e.message['desc']) -+ assert False -+ -+ # -+ # Test mod replace -+ # -+ -+ # Add group2 to group1 - it should fail with objectclass violation -+ try: -+ topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_REPLACE, 'member', ENTRY2_DN)]) -+ log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1') -+ assert False -+ except ldap.LDAPError, e: -+ log.info('test_betxn_memberof: Group2 was correctly rejected (mod replace): error ' + e.message['desc']) -+ -+ # -+ # Test mod add -+ # -+ -+ # Add group2 to group1 - it should fail with objectclass violation -+ try: -+ topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_ADD, 'member', ENTRY2_DN)]) -+ log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1') -+ assert False -+ except ldap.LDAPError, e: -+ log.info('test_betxn_memberof: Group2 was correctly rejected (mod add): error ' + e.message['desc']) -+ -+ # -+ # Done -+ # -+ -+ log.info('test_betxn_memberof: PASSED') -+ -+ - def test_betxn_final(topology): - topology.standalone.delete() - log.info('betxn test suite PASSED') -@@ -187,6 +248,7 @@ def run_isolated(): - test_betxn_init(topo) - test_betxt_7bit(topo) - test_betxn_attr_uniqueness(topo) -+ test_betxn_memberof(topo) - test_betxn_final(topo) - - -diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c -index 144285b..da52bc8 100644 ---- a/ldap/servers/plugins/memberof/memberof.c -+++ b/ldap/servers/plugins/memberof/memberof.c -@@ -2373,6 +2373,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config, - struct slapi_entry *post_e = NULL; - Slapi_Attr *pre_attr = 0; - Slapi_Attr *post_attr = 0; -+ int rc = 0; - int i = 0; - - slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e ); -@@ -2449,14 +2450,14 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config, - in pre, not in post, delete from entry - not in pre, in post, add to entry - */ -- while(pre_index < pre_total || post_index < post_total) -+ while(rc == 0 && (pre_index < pre_total || post_index < post_total)) - { - if(pre_index == pre_total) - { - /* add the rest of post */ - slapi_sdn_set_normdn_byref(sdn, - slapi_value_get_string(post_array[post_index])); -- memberof_add_one(pb, config, group_sdn, sdn); -+ rc = memberof_add_one(pb, config, group_sdn, sdn); - - post_index++; - } -@@ -2465,7 +2466,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config, - /* delete the rest of pre */ - slapi_sdn_set_normdn_byref(sdn, - slapi_value_get_string(pre_array[pre_index])); -- memberof_del_one(pb, config, group_sdn, sdn); -+ rc = memberof_del_one(pb, config, group_sdn, sdn); - - pre_index++; - } -@@ -2482,7 +2483,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config, - /* delete pre array */ - slapi_sdn_set_normdn_byref(sdn, - slapi_value_get_string(pre_array[pre_index])); -- memberof_del_one(pb, config, group_sdn, sdn); -+ rc = memberof_del_one(pb, config, group_sdn, sdn); - - pre_index++; - } -@@ -2491,7 +2492,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config, - /* add post array */ - slapi_sdn_set_normdn_byref(sdn, - slapi_value_get_string(post_array[post_index])); -- memberof_add_one(pb, config, group_sdn, sdn); -+ rc = memberof_add_one(pb, config, group_sdn, sdn); - - post_index++; - } -@@ -2509,7 +2510,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config, - } - } - -- return 0; -+ return rc; - } - - /* memberof_load_array() --- -1.9.3 - diff --git a/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch b/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch new file mode 100644 index 0000000..6862b7e --- /dev/null +++ b/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch @@ -0,0 +1,38 @@ +From cb23f2f29464f9f800a4cf1f1e3d48e0c66358c7 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Thu, 11 Aug 2016 10:50:02 -0400 +Subject: [PATCH 33/35] Ticket 48950 - Change example in /etc/sysconfig/dirsrv + to use tcmalloc + +Description: Update the example to use tcmalloc instead of jemalloc. + +https://fedorahosted.org/389/ticket/48950 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit 06a4adb4ad42a2d7cee383d6e2ef69a7188251a2) +--- + ldap/admin/src/base-initconfig.in | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/ldap/admin/src/base-initconfig.in b/ldap/admin/src/base-initconfig.in +index e803a36..0481c3e 100644 +--- a/ldap/admin/src/base-initconfig.in ++++ b/ldap/admin/src/base-initconfig.in +@@ -43,8 +43,8 @@ + # if using systemd, omit the "; export VARNAME" at the end + #PID_TIME=600 ; export PID_TIME + +-# jemalloc is a general purpose malloc implementation that emphasizes +-# fragmentation avoidance and scalable concurrency support. jemalloc +-# has been shown to have a significant positive impact on the Directory +-# Server's process size/growth. +-#LD_PRELOAD=@libdir@/@package_name@/libjemalloc.so.1 ; export LD_PRELOAD ++# The tcmalloc memory allocator has been shown to have a positive impact on ++# the Directory Server's virtual & resident memory size/growth. tcmalloc is ++# available on RHEL/Fedora in the gperftools package (this could be different ++# on other platforms). Here is an example of preloading tcmalloc: ++#LD_PRELOAD=@libdir@/libtcmalloc.so.4 ; export LD_PRELOAD +-- +2.4.11 + diff --git a/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch b/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch deleted file mode 100644 index 288ff91..0000000 --- a/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch +++ /dev/null @@ -1,288 +0,0 @@ -From a117d87aac507e4002429e5f7aebe61a867da06d Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Wed, 5 Aug 2015 16:31:49 -0400 -Subject: [PATCH 34/39] Ticket 48215 - verify_db.pl doesn't verify DB specified - by -a option - -Bug Description: verify_db.pl -a only uses the db location for - checking the transaction logs, because it ends up - calling "nsslapd dbverify" which only checks the - db files in the server configuration. - -Fix Description: Allow a new argument to be passed to "nsslapd dbverify" - that specifies the db parent directory. - -https://fedorahosted.org/389/ticket/48215 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 27fadb75ec1f3b252028ce715cd7fa16da1f6525) -(cherry picked from commit 210071c682751897099e8eb138e5db1e47ac2bae) ---- - ldap/admin/src/scripts/dbverify.in | 3 ++- - ldap/admin/src/scripts/verify-db.pl.in | 17 +++++++++-------- - ldap/servers/slapd/back-ldbm/dbverify.c | 13 +++++++++++++ - ldap/servers/slapd/main.c | 18 +++++++++++++----- - ldap/servers/slapd/pblock.c | 12 +++++++++++- - ldap/servers/slapd/slap.h | 2 ++ - ldap/servers/slapd/slapi-plugin.h | 3 +++ - man/man8/dbverify.8 | 3 +++ - 8 files changed, 56 insertions(+), 15 deletions(-) - -diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in -index 6306a07..778a9ba 100755 ---- a/ldap/admin/src/scripts/dbverify.in -+++ b/ldap/admin/src/scripts/dbverify.in -@@ -26,7 +26,7 @@ usage() - } - - display_version="no" --while getopts "Z:n:hVvfd:n:D:" flag -+while getopts "Z:n:hVvfd:n:D:a:" flag - do - case $flag in - h) usage -@@ -39,6 +39,7 @@ do - display_version="yes";; - f) args=$args" -f";; - D) args=$args" -D $OPTARG";; -+ a) args=$args" -a $OPTARG";; - ?) usage - exit 1;; - esac -diff --git a/ldap/admin/src/scripts/verify-db.pl.in b/ldap/admin/src/scripts/verify-db.pl.in -index ae56a16..d481ecb 100644 ---- a/ldap/admin/src/scripts/verify-db.pl.in -+++ b/ldap/admin/src/scripts/verify-db.pl.in -@@ -16,7 +16,7 @@ DSUtil::libpath_add("@db_libdir@"); - DSUtil::libpath_add("@libdir@"); - $ENV{'PATH'} = "@libdir@/@package_name@/slapd-$servid:@db_bindir@:/usr/bin:/"; - $ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}"; -- -+my $custom_dbdir = 0; - my $i = 0; - - sub usage -@@ -118,12 +118,7 @@ sub getLastLogfile - return \$logfile; - } - --$isWin = -d '\\'; --if ($isWin) { -- $NULL = "nul"; --} else { -- $NULL = "/dev/null"; --} -+$NULL = "/dev/null"; - - while ($i <= $#ARGV) { - if ( "$ARGV[$i]" eq "-a" ) { # path to search the db files -@@ -149,6 +144,8 @@ print("*****************************************************************\n"); - - if ( "$startpoint" eq "" ) { - $startpoint = "@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/db"; -+} else { -+ $custom_dbdir = 1; - } - # get dirs having DBVERSION - my $dbdirs = getDbDir($startpoint); -@@ -192,7 +189,11 @@ for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++) - - # Check db files by db_verify - print "Verify db files ... "; --open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |"); -+if ($custom_dbdir){ -+ open(DBVERIFY, "@sbindir@/dbverify -Z $servid -a $startpoint 2>&1 1> $NULL |"); -+} else { -+ open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |"); -+} - sleep 1; - my $bad_index = 0; - my $bad_id2entry = 0; -diff --git a/ldap/servers/slapd/back-ldbm/dbverify.c b/ldap/servers/slapd/back-ldbm/dbverify.c -index 85ee7a0..315ef93 100644 ---- a/ldap/servers/slapd/back-ldbm/dbverify.c -+++ b/ldap/servers/slapd/back-ldbm/dbverify.c -@@ -186,13 +186,16 @@ ldbm_back_dbverify( Slapi_PBlock *pb ) - int rval = 1; - int rval_main = 0; - char **instance_names = NULL; -+ char *dbdir = NULL; - - slapi_log_error(SLAPI_LOG_TRACE, "verify DB", "Verifying db files...\n"); - slapi_pblock_get(pb, SLAPI_BACKEND_INSTANCE_NAME, &instance_names); - slapi_pblock_get(pb, SLAPI_SEQ_TYPE, &verbose); - slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &li); -+ slapi_pblock_get(pb, SLAPI_DBVERIFY_DBDIR, &dbdir); - ldbm_config_load_dse_info(li); - ldbm_config_internal_set(li, CONFIG_DB_TRANSACTION_LOGGING, "off"); -+ - /* no write needed; choose EXPORT MODE */ - if (0 != dblayer_start(li, DBLAYER_EXPORT_MODE)) - { -@@ -211,6 +214,11 @@ ldbm_back_dbverify( Slapi_PBlock *pb ) - inst = ldbm_instance_find_by_name(li, *inp); - if (inst) - { -+ if (dbdir){ -+ /* verifying backup */ -+ slapi_ch_free_string(&inst->inst_parent_dir_name); -+ inst->inst_parent_dir_name = slapi_ch_strdup(dbdir); -+ } - rval_main |= dbverify_ext(inst, verbose); - } - else -@@ -235,6 +243,11 @@ ldbm_back_dbverify( Slapi_PBlock *pb ) - inst->inst_name); - continue; /* skip this instance and go to the next*/ - } -+ if (dbdir){ -+ /* verifying backup */ -+ slapi_ch_free_string(&inst->inst_parent_dir_name); -+ inst->inst_parent_dir_name = slapi_ch_strdup(dbdir); -+ } - rval_main |= dbverify_ext(inst, verbose); - } - } -diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c -index 9016144..922de97 100644 ---- a/ldap/servers/slapd/main.c -+++ b/ldap/servers/slapd/main.c -@@ -435,13 +435,15 @@ static int ldif_printkey = EXPORT_PRINTKEY|EXPORT_APPENDMODE; - static char *archive_name = NULL; - static int db2ldif_dump_replica = 0; - static int db2ldif_dump_uniqueid = 1; --static int ldif2db_generate_uniqueid = SLAPI_UNIQUEID_GENERATE_TIME_BASED; --static int dbverify_verbose = 0; -+static int ldif2db_generate_uniqueid = SLAPI_UNIQUEID_GENERATE_TIME_BASED; - static char *ldif2db_namespaceid = NULL; - int importexport_encrypt = 0; - static int upgradedb_flags = 0; - static int upgradednformat_dryrun = 0; - static int is_quiet = 0; -+/* dbverify options */ -+static int dbverify_verbose = 0; -+static char *dbverify_dbdir = NULL; - - /* taken from idsktune */ - #if defined(__sun) -@@ -1301,13 +1303,14 @@ process_command_line(int argc, char **argv, char *myname, - {"dryrun",ArgNone,'N'}, - {0,0,0}}; - -- char *opts_dbverify = "vVfd:n:D:"; -+ char *opts_dbverify = "vVfd:n:D:a:"; - struct opt_ext long_options_dbverify[] = { - {"version",ArgNone,'v'}, - {"debug",ArgRequired,'d'}, - {"backend",ArgRequired,'n'}, - {"configDir",ArgRequired,'D'}, - {"verbose",ArgNone,'V'}, -+ {"dbdir",ArgRequired,'a'}, - {0,0,0}}; - - char *opts_referral = "vd:p:r:SD:"; -@@ -1674,7 +1677,11 @@ process_command_line(int argc, char **argv, char *myname, - break; - - case 'a': /* archive pathname for db */ -- archive_name = optarg_ext; -+ if ( slapd_exemode == SLAPD_EXEMODE_DBVERIFY ) { -+ dbverify_dbdir = optarg_ext; -+ } else { -+ archive_name = optarg_ext; -+ } - break; - - case 'Z': -@@ -2688,7 +2695,8 @@ slapd_exemode_dbverify() - pb.pb_plugin = backend_plugin; - pb.pb_instance_name = (char *)cmd_line_instance_names; - pb.pb_task_flags = SLAPI_TASK_RUNNING_FROM_COMMANDLINE; -- -+ pb.pb_dbverify_dbdir = dbverify_dbdir; -+ - if ( backend_plugin->plg_dbverify != NULL ) { - return_value = (*backend_plugin->plg_dbverify)( &pb ); - } else { -diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c -index c10f788..bf57a33 100644 ---- a/ldap/servers/slapd/pblock.c -+++ b/ldap/servers/slapd/pblock.c -@@ -5,7 +5,7 @@ - * All rights reserved. - * - * License: GPL (version 3 or any later version). -- * See LICENSE for details. -+ * See LICENSE for details. - * END COPYRIGHT BLOCK **/ - - #ifdef HAVE_CONFIG_H -@@ -1677,6 +1677,11 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - (*(IFP*)value) = pblock->pb_txn_ruv_mods_fn; - break; - -+ /* dbverify */ -+ case SLAPI_DBVERIFY_DBDIR: -+ (*(char **)value) = pblock->pb_dbverify_dbdir; -+ break; -+ - /* Search results set */ - case SLAPI_SEARCH_RESULT_SET: - if(pblock->pb_op!=NULL) -@@ -3520,6 +3525,11 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value ) - pblock->pb_aci_target_check = *((int *) value); - break; - -+ /* dbverify */ -+ case SLAPI_DBVERIFY_DBDIR: -+ pblock->pb_dbverify_dbdir = (char *) value; -+ break; -+ - default: - LDAPDebug( LDAP_DEBUG_ANY, - "Unknown parameter block argument %d\n", arg, 0, 0 ); -diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h -index 6d1ad7b..823568d 100644 ---- a/ldap/servers/slapd/slap.h -+++ b/ldap/servers/slapd/slap.h -@@ -1600,6 +1600,8 @@ typedef struct slapi_pblock { - int pb_seq_type; - char *pb_seq_attrname; - char *pb_seq_val; -+ /* dbverify argument */ -+ char *pb_dbverify_dbdir; - /* ldif2db arguments */ - char *pb_ldif_file; - int pb_removedupvals; -diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h -index a8c7a4a..6b04610 100644 ---- a/ldap/servers/slapd/slapi-plugin.h -+++ b/ldap/servers/slapd/slapi-plugin.h -@@ -7289,6 +7289,9 @@ typedef struct slapi_plugindesc { - /* ACI Target Check */ - #define SLAPI_ACI_TARGET_CHECK 1946 - -+/* dbverify */ -+#define SLAPI_DBVERIFY_DBDIR 1947 -+ - /* convenience macros for checking modify operation types */ - #define SLAPI_IS_MOD_ADD(x) (((x) & ~LDAP_MOD_BVALUES) == LDAP_MOD_ADD) - #define SLAPI_IS_MOD_DELETE(x) (((x) & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE) -diff --git a/man/man8/dbverify.8 b/man/man8/dbverify.8 -index 30d6933..c74747a 100644 ---- a/man/man8/dbverify.8 -+++ b/man/man8/dbverify.8 -@@ -31,6 +31,9 @@ one instance on the system, this option can be skipped. - .B \fB\-n\fR \fIBackend Name\fR - The name of the LDBM database to reindex. Example: userRoot - .TP -+.B \fB\-a\fR \fIDatabase Directory\fR -+Location of database if it is different than what is in the server configuration(e.g. backup directories) -+.TP - .B \fB\-d\fR \fIDebug Level\fR - Sets the debugging level. - .TP --- -1.9.3 - diff --git a/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch b/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch new file mode 100644 index 0000000..8cc9460 --- /dev/null +++ b/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch @@ -0,0 +1,183 @@ +From 1cd2d9b06b8bc006078ed26bb0d3cbe808681a86 Mon Sep 17 00:00:00 2001 +From: Ludwig Krispenz +Date: Fri, 12 Aug 2016 14:06:21 +0200 +Subject: [PATCH 34/35] Ticket 48954 - replication fails because anchorcsn + cannot be found + +Bug Description: the anchorcsn is calculated based on supploier and consumer + ruv. If this csn is not found in the changelog + replication stops. + +Fix Description: Fix consists of two parts + 1. log start-iteration csn record for all replicas + after initialization + 2. If the csn still cannot be found + - log an error + - use the closest csn available by calling + cursor->c_get with DB_SET_RANGE instead of DB_SET + +https://fedorahosted.org/389/ticket/48954 + +Reviewed by: Noriko, Thierry. thanks + +(cherry picked from commit 0721856d5a203689c15ea66ffe6c94ce4d785bd7) +--- + ldap/servers/plugins/replication/cl5_clcache.c | 32 +++++++++++-- + ldap/servers/plugins/replication/repl5_replica.c | 58 ++++++++++++++++-------- + 2 files changed, 67 insertions(+), 23 deletions(-) + +diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c +index 2d3bb28..74f0fec 100644 +--- a/ldap/servers/plugins/replication/cl5_clcache.c ++++ b/ldap/servers/plugins/replication/cl5_clcache.c +@@ -376,6 +376,7 @@ clcache_load_buffer_bulk ( CLC_Buffer *buf, int flag ) + DBC *cursor = NULL; + int rc = 0; + int tries = 0; ++ int use_flag = flag; + + #if 0 /* txn control seems not improving anything so turn it off */ + if ( *(_pool->pl_dbenv) ) { +@@ -400,20 +401,44 @@ clcache_load_buffer_bulk ( CLC_Buffer *buf, int flag ) + retry: + if ( 0 == ( rc = clcache_open_cursor ( txn, buf, &cursor )) ) { + +- if ( flag == DB_NEXT ) { ++ if ( use_flag == DB_NEXT ) { + /* For bulk read, position the cursor before read the next block */ + rc = cursor->c_get ( cursor, + & buf->buf_key, + & buf->buf_data, + DB_SET ); ++ if (rc == DB_NOTFOUND) { ++ /* the start position in the changelog is not found ++ * 1. log an error ++ * 2. try to find another starting position as close ++ * as possible ++ */ ++ slapi_log_error ( SLAPI_LOG_FATAL, "clcache_load_buffer_bulk", ++ "changelog record with csn (%s) not found for DB_NEXT\n", ++ (char *)buf->buf_key.data ); ++ rc = cursor->c_get ( cursor, & buf->buf_key, & buf->buf_data, ++ DB_SET_RANGE ); ++ /* this moves the cursor ahead of the tageted csn, ++ * so we achieved what was intended with DB_SET/DB_NEXT ++ * continute at this csn. ++ */ ++ use_flag = DB_CURRENT; ++ } + } + + /* + * Continue if the error is no-mem since we don't need to + * load in the key record anyway with DB_SET. + */ +- if ( 0 == rc || DB_BUFFER_SMALL == rc ) +- rc = clcache_cursor_get ( cursor, buf, flag ); ++ if ( 0 == rc || DB_BUFFER_SMALL == rc ) { ++ rc = clcache_cursor_get ( cursor, buf, use_flag ); ++ if ( rc == DB_NOTFOUND && use_flag == DB_SET) { ++ slapi_log_error ( SLAPI_LOG_FATAL, "clcache_load_buffer_bulk", ++ "changelog record with csn (%s) not found for DB_SET\n", ++ (char *)buf->buf_key.data ); ++ rc = clcache_cursor_get ( cursor, buf, DB_SET_RANGE ); ++ } ++ } + + } + +@@ -434,6 +459,7 @@ retry: + /* back off */ + interval = PR_MillisecondsToInterval(slapi_rand() % 100); + DS_Sleep(interval); ++ use_flag = flag; + goto retry; + } + if ((rc == DB_LOCK_DEADLOCK) && (tries >= MAX_TRIALS)) { +diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c +index b5d65ef..7360d97 100644 +--- a/ldap/servers/plugins/replication/repl5_replica.c ++++ b/ldap/servers/plugins/replication/repl5_replica.c +@@ -3794,41 +3794,59 @@ replica_remove_legacy_attr (const Slapi_DN *repl_root_sdn, const char *attr) + slapi_mods_done (&smods); + slapi_pblock_destroy (pb); + } ++typedef struct replinfo { ++ char *repl_gen; ++ char *repl_name; ++} replinfo; ++ ++static int ++replica_log_start_iteration(const ruv_enum_data *rid_data, void *data) ++{ ++ int rc = 0; ++ replinfo *r_info = (replinfo *)data; ++ slapi_operation_parameters op_params; ++ ++ if (rid_data->csn == NULL) return 0; ++ ++ memset (&op_params, 0, sizeof (op_params)); ++ op_params.operation_type = SLAPI_OPERATION_DELETE; ++ op_params.target_address.sdn = slapi_sdn_new_ndn_byval(START_ITERATION_ENTRY_DN); ++ op_params.target_address.uniqueid = START_ITERATION_ENTRY_UNIQUEID; ++ op_params.csn = csn_dup(rid_data->csn); ++ rc = cl5WriteOperation(r_info->repl_name, r_info->repl_gen, &op_params, PR_FALSE); ++ if (rc == CL5_SUCCESS) ++ rc = 0; ++ else ++ rc = -1; ++ ++ slapi_sdn_free(&op_params.target_address.sdn); ++ csn_free (&op_params.csn); ++ ++ return rc; ++} + + static int + replica_log_ruv_elements_nolock (const Replica *r) + { + int rc = 0; +- slapi_operation_parameters op_params; + RUV *ruv; + char *repl_gen; +- CSN *csn = NULL; ++ replinfo r_info; + + ruv = (RUV*) object_get_data (r->repl_ruv); + PR_ASSERT (ruv); + +- if ((ruv_get_min_csn(ruv, &csn) == RUV_SUCCESS) && csn) +- { + /* we log it as a delete operation to have the least number of fields + to set. the entry can be identified by a special target uniqueid and + special target dn */ +- memset (&op_params, 0, sizeof (op_params)); +- op_params.operation_type = SLAPI_OPERATION_DELETE; +- op_params.target_address.sdn = slapi_sdn_new_ndn_byval(START_ITERATION_ENTRY_DN); +- op_params.target_address.uniqueid = START_ITERATION_ENTRY_UNIQUEID; +- op_params.csn = csn; +- repl_gen = ruv_get_replica_generation (ruv); +- +- rc = cl5WriteOperation(r->repl_name, repl_gen, &op_params, PR_FALSE); +- if (rc == CL5_SUCCESS) +- rc = 0; +- else +- rc = -1; ++ repl_gen = ruv_get_replica_generation (ruv); + +- slapi_ch_free ((void**)&repl_gen); +- slapi_sdn_free(&op_params.target_address.sdn); +- csn_free (&csn); +- } ++ r_info.repl_name = r->repl_name; ++ r_info.repl_gen = repl_gen; ++ ++ rc = ruv_enumerate_elements(ruv, replica_log_start_iteration, &r_info); ++ ++ slapi_ch_free ((void**)&repl_gen); + + return rc; + } +-- +2.4.11 + diff --git a/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch b/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch deleted file mode 100644 index b0931eb..0000000 --- a/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 4fdac66777dd780bd1e46d91bf38513832934695 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Thu, 6 Aug 2015 10:13:40 -0400 -Subject: [PATCH 35/39] Ticket 48215 - update dbverify usage - -Description: Need to add the "-a" argument usage - -https://fedorahosted.org/389/ticket/48215 -(cherry picked from commit 20284e6539f557efc0679d974d5156cdcd55c407) -(cherry picked from commit 8e08c8b53641d807b63d87ee79564c596c5da4dd) ---- - ldap/admin/src/scripts/dbverify.in | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in -index 778a9ba..461cc16 100755 ---- a/ldap/admin/src/scripts/dbverify.in -+++ b/ldap/admin/src/scripts/dbverify.in -@@ -14,15 +14,16 @@ PATH=$PATH:/bin - - usage() - { -- echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V] [-v] [-d debuglevel] [-h]" -+ echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-a db_directory ] [-V] [-v] [-d debuglevel] [-h]" - echo "Note if \"-n backend\" is not passed, verify all DBs." - echo "Options:" -- echo " -Z - Server instance identifier" -- echo " -n backend - Backend database name. Example: userRoot" -- echo " -V - Verbose output" -- echo " -d debuglevel - Debugging level" -- echo " -v - Display version" -- echo " -h - Display usage" -+ echo " -Z - Server instance identifier" -+ echo " -n backend - Backend database name. Example: userRoot" -+ echo " -a db_directory - Database directory" -+ echo " -V - Verbose output" -+ echo " -d debuglevel - Debugging level" -+ echo " -v - Display version" -+ echo " -h - Display usage" - } - - display_version="no" --- -1.9.3 - diff --git a/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch b/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch new file mode 100644 index 0000000..2a21292 --- /dev/null +++ b/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch @@ -0,0 +1,320 @@ +From 3d1a6717b4b8c11dda68dd3d1a923acb2e6c5eeb Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Wed, 17 Aug 2016 16:46:47 +0200 +Subject: [PATCH 35/35] Ticket 48956 ns-accountstatus.pl showing "activated" + user even if it is inactivated + +Bug Description: + If the account policy DN is long (suffix is long), it is fold on several lines. + So when looking for it, the base DN is invalid and fail to retrieve it and the limit value. + +Fix Description: + Change the DSutil search to be in no fold + +https://fedorahosted.org/389/ticket/48956 + +Reviewed by: Noriko Hosoi (Thanks Noriko) + +Platforms tested: F23 + +Flag Day: no + +Doc impact: no + +(cherry picked from commit 3cce9f9188a38e1a5043c9659ecbc5955ddb0242) +--- + dirsrvtests/tests/tickets/ticket48956_test.py | 167 ++++++++++++++++++++++++++ + ldap/admin/src/scripts/DSUtil.pm.in | 34 +++--- + 2 files changed, 185 insertions(+), 16 deletions(-) + create mode 100644 dirsrvtests/tests/tickets/ticket48956_test.py + +diff --git a/dirsrvtests/tests/tickets/ticket48956_test.py b/dirsrvtests/tests/tickets/ticket48956_test.py +new file mode 100644 +index 0000000..291dd4e +--- /dev/null ++++ b/dirsrvtests/tests/tickets/ticket48956_test.py +@@ -0,0 +1,167 @@ ++import os ++import sys ++import time ++import ldap ++import logging ++import pytest ++import subprocess ++from lib389 import DirSrv, Entry, tools, tasks ++from lib389.tools import DirSrvTools ++from lib389._constants import * ++from lib389.properties import * ++from lib389.tasks import * ++from lib389.utils import * ++ ++ ++DEBUGGING = False ++ ++RDN_LONG_SUFFIX = 'this' ++LONG_SUFFIX = "dc=%s,dc=is,dc=a,dc=very,dc=long,dc=suffix,dc=so,dc=long,dc=suffix,dc=extremely,dc=long,dc=suffix" % RDN_LONG_SUFFIX ++LONG_SUFFIX_BE = 'ticket48956' ++ ++ ++ACCT_POLICY_PLUGIN_DN = 'cn=%s,cn=plugins,cn=config' % PLUGIN_ACCT_POLICY ++ACCT_POLICY_CONFIG_DN = 'cn=config,%s' % ACCT_POLICY_PLUGIN_DN ++ ++ ++INACTIVITY_LIMIT = '9' ++SEARCHFILTER = '(objectclass=*)' ++ ++TEST_USER = 'ticket48956user' ++TEST_USER_PW = '%s' % TEST_USER ++ ++if DEBUGGING: ++ logging.getLogger(__name__).setLevel(logging.DEBUG) ++else: ++ logging.getLogger(__name__).setLevel(logging.INFO) ++log = logging.getLogger(__name__) ++ ++ ++class TopologyStandalone(object): ++ """The DS Topology Class""" ++ def __init__(self, standalone): ++ """Init""" ++ standalone.open() ++ self.standalone = standalone ++ ++ ++@pytest.fixture(scope="module") ++def topology(request): ++ """Create DS Deployment""" ++ ++ # Creating standalone instance ... ++ if DEBUGGING: ++ standalone = DirSrv(verbose=True) ++ else: ++ standalone = DirSrv(verbose=False) ++ args_instance[SER_HOST] = HOST_STANDALONE ++ args_instance[SER_PORT] = PORT_STANDALONE ++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE ++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX ++ args_standalone = args_instance.copy() ++ standalone.allocate(args_standalone) ++ instance_standalone = standalone.exists() ++ if instance_standalone: ++ standalone.delete() ++ standalone.create() ++ standalone.open() ++ ++ def fin(): ++ """If we are debugging just stop the instances, otherwise remove them ++ """ ++ if DEBUGGING: ++ standalone.stop() ++ else: ++ standalone.delete() ++ request.addfinalizer(fin) ++ ++ return TopologyStandalone(standalone) ++ ++def _check_status(topology, user, expected): ++ nsaccountstatus = '%s/sbin/ns-accountstatus.pl' % topology.standalone.prefix ++ proc = subprocess.Popen([nsaccountstatus, '-Z', 'standalone', '-D', DN_DM, '-w', PASSWORD, '-p', str(topology.standalone.port), '-I', user], stdout=subprocess.PIPE, stderr=subprocess.PIPE) ++ ++ found = False ++ while True: ++ l = proc.stdout.readline() ++ log.info("output: %s" % l) ++ if l == "": ++ break ++ if expected in l: ++ found = True ++ break ++ return found ++ ++def _check_inactivity(topology, mysuffix): ++ ACCT_POLICY_DN = 'cn=Account Inactivation Policy,%s' % mysuffix ++ log.info("\n######################### Adding Account Policy entry: %s ######################\n" % ACCT_POLICY_DN) ++ topology.standalone.add_s(Entry((ACCT_POLICY_DN, {'objectclass': "top ldapsubentry extensibleObject accountpolicy".split(), ++ 'accountInactivityLimit': INACTIVITY_LIMIT}))) ++ TEST_USER_DN = 'uid=%s,%s' % (TEST_USER, mysuffix) ++ log.info("\n######################### Adding Test User entry: %s ######################\n" % TEST_USER_DN) ++ topology.standalone.add_s(Entry((TEST_USER_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(), ++ 'cn': TEST_USER, ++ 'sn': TEST_USER, ++ 'givenname': TEST_USER, ++ 'userPassword': TEST_USER_PW, ++ 'acctPolicySubentry': ACCT_POLICY_DN}))) ++ ++ # Setting the lastLoginTime ++ try: ++ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PW) ++ except ldap.CONSTRAINT_VIOLATION as e: ++ log.error('CONSTRAINT VIOLATION ' + e.message['desc']) ++ topology.standalone.simple_bind_s(DN_DM, PASSWORD) ++ ++ ++ assert(_check_status(topology, TEST_USER_DN, '- activated')) ++ ++ time.sleep(int(INACTIVITY_LIMIT) + 5) ++ assert(_check_status(topology, TEST_USER_DN, '- inactivated (inactivity limit exceeded')) ++ ++def test_ticket48956(topology): ++ """Write your testcase here... ++ ++ Also, if you need any testcase initialization, ++ please, write additional fixture for that(include finalizer). ++ ++ """ ++ ++ topology.standalone.modify_s(ACCT_POLICY_PLUGIN_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', ACCT_POLICY_CONFIG_DN)]) ++ ++ topology.standalone.modify_s(ACCT_POLICY_CONFIG_DN, [(ldap.MOD_REPLACE, 'alwaysrecordlogin', 'yes'), ++ (ldap.MOD_REPLACE, 'stateattrname', 'lastLoginTime'), ++ (ldap.MOD_REPLACE, 'altstateattrname', 'createTimestamp'), ++ (ldap.MOD_REPLACE, 'specattrname', 'acctPolicySubentry'), ++ (ldap.MOD_REPLACE, 'limitattrname', 'accountInactivityLimit')]) ++ ++ # Enable the plugins ++ topology.standalone.plugins.enable(name=PLUGIN_ACCT_POLICY) ++ ++ topology.standalone.restart(timeout=10) ++ ++ # Check inactivity on standard suffix (short) ++ _check_inactivity(topology, SUFFIX) ++ ++ # Check inactivity on a long suffix ++ topology.standalone.backend.create(LONG_SUFFIX, {BACKEND_NAME: LONG_SUFFIX_BE}) ++ topology.standalone.mappingtree.create(LONG_SUFFIX, bename=LONG_SUFFIX_BE) ++ topology.standalone.add_s(Entry((LONG_SUFFIX, { ++ 'objectclass': "top domain".split(), ++ 'dc': RDN_LONG_SUFFIX}))) ++ _check_inactivity(topology, LONG_SUFFIX) ++ ++ ++ if DEBUGGING: ++ # Add debugging steps(if any)... ++ pass ++ ++ log.info('Test PASSED') ++ ++ ++if __name__ == '__main__': ++ # Run isolated ++ # -s for DEBUG mode ++ CURRENT_FILE = os.path.realpath(__file__) ++ pytest.main("-s %s" % CURRENT_FILE) ++ +diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in +index f53f0c0..756d6ea 100644 +--- a/ldap/admin/src/scripts/DSUtil.pm.in ++++ b/ldap/admin/src/scripts/DSUtil.pm.in +@@ -1201,8 +1201,10 @@ sub get_info { + my $toollib = `ldapsearch -V 2>&1`; + if ($toollib =~ /OpenLDAP/) { + $info{openldap} = "yes"; ++ $info{nofold} = "-o ldif-wrap=no"; + } else { + $info{openldap} = "no"; ++ $info{nofold} = "-T"; + } + + # +@@ -1537,10 +1539,10 @@ sub ldapsrch { + print "STARTTLS)\n"; + } + if($info{openldap} eq "yes"){ +- $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " . ++ $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " . + "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + } else { +- $search = "ldapsearch -ZZZ -P \"$info{certdir}\" -p $info{port} -h $info{host} -D \"$info{rootdn}\" " . ++ $search = "ldapsearch -ZZZ -P \"$info{certdir}\" -p $info{port} -h $info{host} -D \"$info{rootdn}\" $info{nofold} " . + "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + } + } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ +@@ -1551,10 +1553,10 @@ sub ldapsrch { + print "LDAPS)\n"; + } + if($info{openldap} eq "yes"){ +- $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" " . ++ $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" $info{nofold} " . + "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + } else { +- $search = "ldapsearch -Z -P \"$info{certdir}\" -p $info{secure_port} -h $info{host} -D \"$info{rootdn}\" " . ++ $search = "ldapsearch -Z -P \"$info{certdir}\" -p $info{secure_port} -h $info{host} -D \"$info{rootdn}\" $info{nofold} " . + "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + } + } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){ +@@ -1562,10 +1564,10 @@ sub ldapsrch { + # LDAPI + # + if ($< == 0 && $info{autobind} eq "on"){ +- $search = "ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL " . ++ $search = "ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{nofold} " . + "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} 2>/dev/null"; + } else { +- $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw " . ++ $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " . + "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + } + } else { +@@ -1576,10 +1578,10 @@ sub ldapsrch { + print "LDAP)\n"; + } + if($info{openldap} eq "yes"){ +- $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " . ++ $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " . + "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + } else { +- $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " . ++ $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " . + "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}"; + } + } +@@ -1611,9 +1613,9 @@ sub ldapsrch_ext { + print "STARTTLS)\n"; + } + if($info{openldap} eq "yes"){ +- return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; ++ return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + } else { +- return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; ++ return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + } + } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ + # +@@ -1623,18 +1625,18 @@ sub ldapsrch_ext { + print "LDAPS)\n"; + } + if($info{openldap} eq "yes"){ +- return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; ++ return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + } else { +- return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; ++ return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + } + } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){ + # + # LDAPI + # + if ($< == 0 && $info{autobind} eq "on"){ +- return `ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect} 2>/dev/null`; ++ return `ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect} 2>/dev/null`; + } else { +- return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; ++ return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + } + } else { + # +@@ -1644,9 +1646,9 @@ sub ldapsrch_ext { + print "LDAP)\n"; + } + if($info{openldap} eq "yes"){ +- return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; ++ return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + } else { +- return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; ++ return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`; + } + } + } +-- +2.4.11 + diff --git a/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch b/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch deleted file mode 100644 index 82f9189..0000000 --- a/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 5e348707ba4bece4ad4c75a8b640f1c40cbbaa0e Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Thu, 6 Aug 2015 11:27:40 -0400 -Subject: [PATCH 36/39] Ticket 48215 - update dbverify usage in main.c - -Description: Need to update dbverify usage in main.c - -https://fedorahosted.org/389/ticket/48215 -(cherry picked from commit c1912cdcac8319e2fe0f98f765aa935e6a8ff297) -(cherry picked from commit c842dbe3d0ee2ac28c55e31b9b8e5e5a3c5dc200) ---- - ldap/servers/slapd/main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c -index 922de97..4f9fbfe 100644 ---- a/ldap/servers/slapd/main.c -+++ b/ldap/servers/slapd/main.c -@@ -398,7 +398,7 @@ usage( char *name, char *extraname ) - usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-N] -n backend-instance-name -a fullpath-backend-instance-dir-full\n"; - break; - case SLAPD_EXEMODE_DBVERIFY: -- usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-n backend-instance-name]\n"; -+ usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-n backend-instance-name] [-a db-directory]\n"; - break; - - default: /* SLAPD_EXEMODE_SLAPD */ --- -1.9.3 - diff --git a/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch b/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch new file mode 100644 index 0000000..f48a0e5 --- /dev/null +++ b/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch @@ -0,0 +1,212 @@ +From 4525faed1a8cb985596c0617abc6ce32fb85b7c2 Mon Sep 17 00:00:00 2001 +From: William Brown +Date: Fri, 19 Aug 2016 12:49:17 +1000 +Subject: [PATCH 36/45] Ticket 48958 - Audit fail log doesn't work if audit log + disabled. + +Bug Description: Due to a configuration interpretation issue, when audit was +not enabled, but auditfail was with no log defined, the fail log should write to +the audit log location on failed events, but audit events should not be written. +This did not work. + +Fix Description: This was because when we wrote to the audit file in the +abscence of the auditfail log, the audit enabled state was checked. This adds a +check to determine what the source event was from, and to check the correct log +enabled state during the event processing. + +https://fedorahosted.org/389/ticket/48958 + +Author: wibrown + +Review by: nhosoi (Thank you!) + +(cherry picked from commit 5fed8021a0487c092af6038d4a7dcce1ef3fab75) +--- + ldap/servers/slapd/auditlog.c | 15 +++++---- + ldap/servers/slapd/log.c | 71 ++++++++++++++++++++++++----------------- + ldap/servers/slapd/proto-slap.h | 4 +-- + 3 files changed, 53 insertions(+), 37 deletions(-) + +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index 0f4cc94..ec7111b 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -33,7 +33,7 @@ static int audit_hide_unhashed_pw = 1; + static int auditfail_hide_unhashed_pw = 1; + + /* Forward Declarations */ +-static void write_audit_file(int logtype, int optype, const char *dn, void *change, int flag, time_t curtime, int rc ); ++static void write_audit_file(int logtype, int optype, const char *dn, void *change, int flag, time_t curtime, int rc, int sourcelog ); + + static const char *modrdn_changes[4]; + +@@ -98,7 +98,7 @@ write_audit_log_entry( Slapi_PBlock *pb ) + curtime = current_time(); + /* log the raw, unnormalized DN */ + dn = slapi_sdn_get_udn(sdn); +- write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, LDAP_SUCCESS); ++ write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, LDAP_SUCCESS, SLAPD_AUDIT_LOG); + } + + void +@@ -169,10 +169,10 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) + auditfail_config = config_get_auditfaillog(); + if (auditfail_config == NULL || strlen(auditfail_config) == 0) { + /* If no auditfail log write to audit log */ +- write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc); ++ write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG); + } else { + /* If we have our own auditfail log path */ +- write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc); ++ write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG); + } + slapi_ch_free_string(&auditfail_config); + } +@@ -181,6 +181,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) + /* + * Function: write_audit_file + * Arguments: ++ * logtype - Destination where the message will go. + * optype - type of LDAP operation being logged + * dn - distinguished name of entry being changed + * change - pointer to the actual change operation +@@ -188,6 +189,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) + * flag - only used by modrdn operations - value of deleteoldrdn flag + * curtime - the current time + * rc - The ldap result code. Used in conjunction with auditfail ++ * sourcelog - The source of the message (audit or auditfail) + * Returns: nothing + */ + static void +@@ -198,7 +200,8 @@ write_audit_file( + void *change, + int flag, + time_t curtime, +- int rc ++ int rc, ++ int sourcelog + ) + { + LDAPMod **mods; +@@ -359,7 +362,7 @@ write_audit_file( + switch (logtype) + { + case SLAPD_AUDIT_LOG: +- slapd_log_audit (l->ls_buf, l->ls_len); ++ slapd_log_audit (l->ls_buf, l->ls_len, sourcelog); + break; + case SLAPD_AUDITFAIL_LOG: + slapd_log_auditfail (l->ls_buf, l->ls_len); +diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c +index a16c395..ae8b5f8 100644 +--- a/ldap/servers/slapd/log.c ++++ b/ldap/servers/slapd/log.c +@@ -1962,14 +1962,26 @@ auditfail_log_openf( char *pathname, int locked) + + int + slapd_log_audit ( +- char *buffer, +- int buf_len) ++ char *buffer, ++ int buf_len, ++ int sourcelog) + { + /* We use this to route audit log entries to where they need to go */ + int retval = LDAP_SUCCESS; + int lbackend = loginfo.log_backend; /* We copy this to make these next checks atomic */ ++ ++ int state = 0; ++ if (sourcelog == SLAPD_AUDIT_LOG) { ++ state = loginfo.log_audit_state; ++ } else if (sourcelog == SLAPD_AUDITFAIL_LOG ) { ++ state = loginfo.log_auditfail_state; ++ } else { ++ /* How did we even get here! */ ++ return 1; ++ } ++ + if (lbackend & LOGGING_BACKEND_INTERNAL) { +- retval = slapd_log_audit_internal(buffer, buf_len); ++ retval = slapd_log_audit_internal(buffer, buf_len, state); + } + + if (retval != LDAP_SUCCESS) { +@@ -1989,33 +2001,34 @@ slapd_log_audit ( + + int + slapd_log_audit_internal ( +- char *buffer, +- int buf_len) ++ char *buffer, ++ int buf_len, ++ int state) + { +- if ( (loginfo.log_audit_state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL) ){ +- LOG_AUDIT_LOCK_WRITE( ); +- if (log__needrotation(loginfo.log_audit_fdes, +- SLAPD_AUDIT_LOG) == LOG_ROTATE) { +- if (log__open_auditlogfile(LOGFILE_NEW, 1) != LOG_SUCCESS) { +- LDAPDebug(LDAP_DEBUG_ANY, +- "LOGINFO: Unable to open audit file:%s\n", +- loginfo.log_audit_file,0,0); +- LOG_AUDIT_UNLOCK_WRITE(); +- return 0; +- } +- while (loginfo.log_audit_rotationsyncclock <= loginfo.log_audit_ctime) { +- loginfo.log_audit_rotationsyncclock += PR_ABS(loginfo.log_audit_rotationtime_secs); +- } +- } +- if (loginfo.log_audit_state & LOGGING_NEED_TITLE) { +- log_write_title( loginfo.log_audit_fdes); +- loginfo.log_audit_state &= ~LOGGING_NEED_TITLE; +- } +- LOG_WRITE_NOW_NO_ERR(loginfo.log_audit_fdes, buffer, buf_len, 0); +- LOG_AUDIT_UNLOCK_WRITE(); +- return 0; +- } +- return 0; ++ if ( (state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL) ){ ++ LOG_AUDIT_LOCK_WRITE( ); ++ if (log__needrotation(loginfo.log_audit_fdes, ++ SLAPD_AUDIT_LOG) == LOG_ROTATE) { ++ if (log__open_auditlogfile(LOGFILE_NEW, 1) != LOG_SUCCESS) { ++ LDAPDebug(LDAP_DEBUG_ANY, ++ "LOGINFO: Unable to open audit file:%s\n", ++ loginfo.log_audit_file,0,0); ++ LOG_AUDIT_UNLOCK_WRITE(); ++ return 0; ++ } ++ while (loginfo.log_audit_rotationsyncclock <= loginfo.log_audit_ctime) { ++ loginfo.log_audit_rotationsyncclock += PR_ABS(loginfo.log_audit_rotationtime_secs); ++ } ++ } ++ if (state & LOGGING_NEED_TITLE) { ++ log_write_title( loginfo.log_audit_fdes); ++ state &= ~LOGGING_NEED_TITLE; ++ } ++ LOG_WRITE_NOW_NO_ERR(loginfo.log_audit_fdes, buffer, buf_len, 0); ++ LOG_AUDIT_UNLOCK_WRITE(); ++ return 0; ++ } ++ return 0; + } + /****************************************************************************** + * write in the audit fail log +diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h +index 6bc1065..1f37010 100644 +--- a/ldap/servers/slapd/proto-slap.h ++++ b/ldap/servers/slapd/proto-slap.h +@@ -766,8 +766,8 @@ int slapi_log_access( int level, char *fmt, ... ) + #else + ; + #endif +-int slapd_log_audit(char *buffer, int buf_len); +-int slapd_log_audit_internal(char *buffer, int buf_len); ++int slapd_log_audit(char *buffer, int buf_len, int sourcelog); ++int slapd_log_audit_internal(char *buffer, int buf_len, int state); + int slapd_log_auditfail(char *buffer, int buf_len); + int slapd_log_auditfail_internal(char *buffer, int buf_len); + void log_access_flush(); +-- +2.4.11 + diff --git a/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch b/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch deleted file mode 100644 index 7e4a3ba..0000000 --- a/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch +++ /dev/null @@ -1,309 +0,0 @@ -From a3d41922c0f211aa7602fb843f7cb4980f4bf285 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Mon, 3 Aug 2015 18:49:58 -0700 -Subject: [PATCH 37/39] Ticket #48228 - wrong password check if - passwordInHistory is decreased. - -Bug Description: When N passwords to be remembered (passwordInHistroy) -and N passwords are remembered, decreasing the passwordInHistory value -to M (< N) does not allow to use the oldest password which should have -been discarded from the history and should be allowed. - -Fix Description: Before checking if the password is in the history or -not, adding a check the passwordInHistory value (M) is less than the -count of passwords remembered (N). If M < N, discard the (N-M) oldest -passwords. - -https://fedorahosted.org/389/ticket/48228 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 1a119125856006543aae0520b5800a8b52c3b049) -(cherry picked from commit dd85ee9c9ac24f1b141dd806943de236d2e44c90) ---- - ldap/servers/slapd/pw.c | 193 ++++++++++++++++++++++++++++-------------------- - 1 file changed, 114 insertions(+), 79 deletions(-) - -diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c -index f883010..3abebbf 100644 ---- a/ldap/servers/slapd/pw.c -+++ b/ldap/servers/slapd/pw.c -@@ -613,7 +613,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw) - - /* update passwordHistory */ - if ( old_pw != NULL && pwpolicy->pw_history == 1 ) { -- update_pw_history(pb, sdn, old_pw); -+ (void)update_pw_history(pb, sdn, old_pw); - slapi_ch_free ( (void**)&old_pw ); - } - -@@ -654,8 +654,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw) - */ - if ((internal_op && pwpolicy->pw_must_change && (!pb->pb_conn || strcasecmp(target_dn, pb->pb_conn->c_dn))) || - (!internal_op && pwpolicy->pw_must_change && -- ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy)))) -- { -+ ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy)))) { - pw_exp_date = NO_TIME; - } else if ( pwpolicy->pw_exp == 1 ) { - Slapi_Entry *pse = NULL; -@@ -996,6 +995,7 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, - - /* get the entry and check for the password history if this is called by a modify operation */ - if ( mod_op ) { -+retry: - /* retrieve the entry */ - e = get_entry ( pb, dn ); - if ( e == NULL ) { -@@ -1004,19 +1004,21 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, - - /* check for password history */ - if ( pwpolicy->pw_history == 1 ) { -+ Slapi_Value **va = NULL; - attr = attrlist_find(e->e_attrs, "passwordHistory"); -- if (attr && -- !valueset_isempty(&attr->a_present_values)) -- { -- Slapi_Value **va= attr_get_present_values(attr); -+ if (attr && !valueset_isempty(&attr->a_present_values)) { -+ /* Resetting password history array if necessary. */ -+ if (0 == update_pw_history(pb, sdn, NULL)) { -+ /* There was an update in the password history. Retry... */ -+ slapi_entry_free(e); -+ goto retry; -+ } -+ va = attr_get_present_values(attr); - if ( pw_in_history( va, vals[0] ) == 0 ) { - if ( pwresponse_req == 1 ) { -- slapi_pwpolicy_make_response_control ( pb, -1, -1, -- LDAP_PWPOLICY_PWDINHISTORY ); -+ slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDINHISTORY); - } -- pw_send_ldap_result ( pb, -- LDAP_CONSTRAINT_VIOLATION, NULL, -- "password in history", 0, NULL ); -+ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL); - slapi_entry_free( e ); - return ( 1 ); - } -@@ -1024,26 +1026,17 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, - - /* get current password. check it and remember it */ - attr = attrlist_find(e->e_attrs, "userpassword"); -- if (attr && !valueset_isempty(&attr->a_present_values)) -- { -- Slapi_Value **va= valueset_get_valuearray(&attr->a_present_values); -- if (slapi_is_encoded((char*)slapi_value_get_string(vals[0]))) -- { -- if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 ) -- { -- pw_send_ldap_result ( pb, -- LDAP_CONSTRAINT_VIOLATION ,NULL, -- "password in history", 0, NULL); -+ if (attr && !valueset_isempty(&attr->a_present_values)) { -+ va = valueset_get_valuearray(&attr->a_present_values); -+ if (slapi_is_encoded((char*)slapi_value_get_string(vals[0]))) { -+ if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 ) { -+ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL); - slapi_entry_free( e ); - return ( 1 ); - } -- } else -- { -- if ( slapi_pw_find_sv ( va, vals[0] ) == 0 ) -- { -- pw_send_ldap_result ( pb, -- LDAP_CONSTRAINT_VIOLATION ,NULL, -- "password in history", 0, NULL); -+ } else { -+ if ( slapi_pw_find_sv ( va, vals[0] ) == 0 ) { -+ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL); - slapi_entry_free( e ); - return ( 1 ); - } -@@ -1086,68 +1079,112 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, - - } - -+/* -+ * Basically, h0 and h1 must be longer than GENERALIZED_TIME_LENGTH. -+ */ -+static int -+pw_history_cmp(const void *h0, const void *h1) -+{ -+ size_t h0sz = 0; -+ size_t h1sz = 0; -+ if (!h0) { -+ if (!h1) { -+ return 0; -+ } else { -+ return -1; -+ } -+ } else { -+ if (!h1) { -+ return 1; -+ } else { -+ size_t delta; -+ h0sz = strlen(h0); -+ h1sz = strlen(h1); -+ delta = h0sz - h1sz; -+ if (!delta) { -+ return delta; -+ } -+ if (h0sz < GENERALIZED_TIME_LENGTH) { -+ /* too short for the history str. */ -+ return 0; -+ } -+ } -+ } -+ return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH); -+} -+ -+ - static int - update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw ) - { -- time_t t, old_t, cur_time; -- int i = 0, oldest = 0; -- int res; -- Slapi_Entry *e; -- Slapi_Attr *attr; -+ time_t cur_time; -+ int res = 1; /* no update, by default */ -+ Slapi_Entry *e = NULL; - LDAPMod attribute; -- char *values_replace[25]; /* 2-24 passwords in history */ - LDAPMod *list_of_mods[2]; - Slapi_PBlock mod_pb; -- char *history_str; -- char *str; -+ char *str = NULL; - passwdPolicy *pwpolicy = NULL; - const char *dn = slapi_sdn_get_dn(sdn); -+ char **values_replace = NULL; -+ int vacnt = 0; -+ int vacnt_todelete = 0; - - pwpolicy = new_passwdPolicy(pb, dn); - - /* retrieve the entry */ - e = get_entry ( pb, dn ); - if ( e == NULL ) { -- return ( 1 ); -+ return res; - } - -- history_str = (char *)slapi_ch_malloc(GENERALIZED_TIME_LENGTH + strlen(old_pw) + 1); -- /* get password history, and find the oldest password in history */ -- cur_time = current_time (); -- old_t = cur_time; -- str = format_genTime ( cur_time ); -- attr = attrlist_find(e->e_attrs, "passwordHistory"); -- if (attr && !valueset_isempty(&attr->a_present_values)) -- { -- Slapi_Value **va= valueset_get_valuearray(&attr->a_present_values); -- for ( i = oldest = 0 ; -- (va[i] != NULL) && (slapi_value_get_length(va[i]) > 0) ; -- i++ ) { -- -- values_replace[i] = (char*)slapi_value_get_string(va[i]); -- strncpy( history_str, values_replace[i], GENERALIZED_TIME_LENGTH); -- history_str[GENERALIZED_TIME_LENGTH] = '\0'; -- if (history_str[GENERALIZED_TIME_LENGTH - 1] != 'Z'){ -- /* The time is not a generalized Time. Probably a password history from 4.x */ -- history_str[GENERALIZED_TIME_LENGTH - 1] = '\0'; -- } -- t = parse_genTime ( history_str ); -- if ( difftime ( t, old_t ) < 0 ) { -- oldest = i; -- old_t = t; -- } -+ /* get password history */ -+ values_replace = slapi_entry_attr_get_charray_ext(e, "passwordHistory", &vacnt); -+ if (old_pw) { -+ /* we have a password to replace with the oldest one in the history. */ -+ if (!values_replace || !vacnt) { /* This is the first one to store */ -+ values_replace = (char **)slapi_ch_calloc(2, sizeof(char *)); - } -+ } else { -+ /* we are checking the history size if it stores more than the current inhistory count. */ -+ if (!values_replace || !vacnt) { /* nothing to revise */ -+ res = 1; -+ goto bail; -+ } -+ /* -+ * If revising the passwords in the passwordHistory values -+ * and the password count in the value array is less than the inhistory, -+ * we have nothing to do. -+ */ -+ if (vacnt <= pwpolicy->pw_inhistory) { -+ res = 1; -+ goto bail; -+ } -+ vacnt_todelete = vacnt - pwpolicy->pw_inhistory; - } -- strcpy ( history_str, str ); -- strcat ( history_str, old_pw ); -- if ( i >= pwpolicy->pw_inhistory ) { -- /* replace the oldest password in history */ -- values_replace[oldest] = history_str; -- values_replace[pwpolicy->pw_inhistory] = NULL; -+ -+ cur_time = current_time(); -+ str = format_genTime(cur_time); -+ /* values_replace is sorted. */ -+ if (old_pw) { -+ if ( vacnt >= pwpolicy->pw_inhistory ) { -+ slapi_ch_free_string(&values_replace[0]); -+ values_replace[0] = slapi_ch_smprintf("%s%s", str, old_pw); -+ } else { -+ /* add old_pw at the end of password history */ -+ values_replace = (char **)slapi_ch_realloc((char *)values_replace, sizeof(char *) * (vacnt + 2)); -+ values_replace[vacnt] = slapi_ch_smprintf("%s%s", str, old_pw); -+ values_replace[vacnt+1] = NULL; -+ } -+ qsort((void *)values_replace, vacnt, (size_t)sizeof(char *), pw_history_cmp); - } else { -- /* add old_pw at the end of password history */ -- values_replace[i] = history_str; -- values_replace[++i]=NULL; -+ int i; -+ /* vacnt > pwpolicy->pw_inhistory */ -+ for (i = 0; i < vacnt_todelete; i++) { -+ slapi_ch_free_string(&values_replace[i]); -+ } -+ memmove(values_replace, values_replace + vacnt_todelete, sizeof(char *) * pwpolicy->pw_inhistory); -+ values_replace[pwpolicy->pw_inhistory] = NULL; - } - - /* modify the attribute */ -@@ -1159,21 +1196,19 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw ) - list_of_mods[1] = NULL; - - pblock_init(&mod_pb); -- slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL, -- pw_get_componentID(), 0); -+ slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL, pw_get_componentID(), 0); - slapi_modify_internal_pb(&mod_pb); - slapi_pblock_get(&mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &res); - if (res != LDAP_SUCCESS){ - LDAPDebug2Args(LDAP_DEBUG_ANY, - "WARNING: passwordPolicy modify error %d on entry '%s'\n", res, dn); - } -- - pblock_done(&mod_pb); -- -- slapi_ch_free((void **) &str ); -- slapi_ch_free((void **) &history_str ); -+ slapi_ch_free_string(&str); -+bail: -+ slapi_ch_array_free(values_replace); - slapi_entry_free( e ); -- return 0; -+ return res; - } - - static --- -1.9.3 - diff --git a/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch b/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch new file mode 100644 index 0000000..07ea823 --- /dev/null +++ b/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch @@ -0,0 +1,88 @@ +From b20743a90c1eac752341d19a283e7d3ebf07ac10 Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Fri, 19 Aug 2016 14:32:47 +0200 +Subject: [PATCH 37/45] Ticket 48960 Crash in import_wait_for_space_in_fifo(). + +Bug Description: + At online total import on a consumer, the total import startup + function allocates a fifo queue and monitor the overall import. + This queue contain the entries later received during import. + + When monitoring ends (import complete or error) it frees + the queue. + + Under error condition, there is a possibility that monitoring + ends while entries are still received (bulk_import_queue). + So there is a risk that the received entries will be added into + the queue at the same time the monitoring thread frees the queue + +Fix Description: + The thread storing the entries into the queue runs while + holding the job->wire_lock. + + To prevent the monitoring thread to frees the queue under + bulk_import_queue, make sure to acquire job->wire_lock + before calling import_free_job + +https://fedorahosted.org/389/ticket/48960 + +Reviewed by: Mark Reynolds (thanks Mark !) + +Platforms tested: F23 + +Flag Day: no + +Doc impact: no + +(cherry picked from commit 776d94214295cc95f9a906d4bb6268397a6bf091) +--- + ldap/servers/slapd/back-ldbm/import-threads.c | 5 +++++ + ldap/servers/slapd/back-ldbm/import.c | 15 ++++++++++++++- + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c +index 1759478..c3fca2b 100644 +--- a/ldap/servers/slapd/back-ldbm/import-threads.c ++++ b/ldap/servers/slapd/back-ldbm/import-threads.c +@@ -3201,6 +3201,11 @@ static int bulk_import_queue(ImportJob *job, Slapi_Entry *entry) + return -1; + } + ++ /* The import is aborted, just ignore that entry */ ++ if(job->flags & FLAG_ABORT) { ++ return -1; ++ } ++ + PR_Lock(job->wire_lock); + /* Let's do this inside the lock !*/ + id = job->lead_ID + 1; +diff --git a/ldap/servers/slapd/back-ldbm/import.c b/ldap/servers/slapd/back-ldbm/import.c +index 9b6ae0d..78aefbf 100644 +--- a/ldap/servers/slapd/back-ldbm/import.c ++++ b/ldap/servers/slapd/back-ldbm/import.c +@@ -408,8 +408,21 @@ void import_free_job(ImportJob *job) + + ldbm_back_free_incl_excl(job->include_subtrees, job->exclude_subtrees); + charray_free(job->input_filenames); +- if (job->fifo.size) ++ if (job->fifo.size) { ++ /* bulk_import_queue is running, while holding the job lock. ++ * bulk_import_queue is using the fifo queue. ++ * To avoid freeing fifo queue under bulk_import_queue use ++ * job lock to synchronize ++ */ ++ if (job->wire_lock) ++ PR_Lock(job->wire_lock); ++ + import_fifo_destroy(job); ++ ++ if (job->wire_lock) ++ PR_Unlock(job->wire_lock); ++ } ++ + if (NULL != job->uuid_namespace) + slapi_ch_free((void **)&job->uuid_namespace); + if (job->wire_lock) +-- +2.4.11 + diff --git a/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch b/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch new file mode 100644 index 0000000..fd34e7e --- /dev/null +++ b/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch @@ -0,0 +1,54 @@ +From 0927945fa67133654ec8d8178ffcfe0c20103454 Mon Sep 17 00:00:00 2001 +From: kamlesh +Date: Mon, 22 Aug 2016 14:20:27 +0530 +Subject: [PATCH 38/45] Bugzilla: 1368956 man page of ns-accountstatus.pl shows + redundant entries for -p port option + + Bug Description: + Description of problem: + man page of ns-accountstatus.pl contain redundant entries for -p option + + -p port + Port number of the Directory Server. + + -p port + Port number of the Directory Server. + + -p port + Port number of the Directory Server. + + Fix Description: + Delete the redundant entrys + + Platforms tested: RHEL7.3 + + Flag Day: no + + Doc impact: yes + +Signed-off-by: kamlesh +(cherry picked from commit 370a70c431d5f235d4371e4cb080215ac4500b6c) +--- + man/man8/ns-accountstatus.pl.8 | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/man/man8/ns-accountstatus.pl.8 b/man/man8/ns-accountstatus.pl.8 +index be3a8e9..9ffc4d3 100644 +--- a/man/man8/ns-accountstatus.pl.8 ++++ b/man/man8/ns-accountstatus.pl.8 +@@ -57,12 +57,6 @@ Host name of the Directory Server. + .B \fB\-p\fR \fIport\fR + Port number of the Directory Server. + .TP +-.B \fB\-p\fR \fIport\fR +-Port number of the Directory Server. +-.TP +-.B \fB\-p\fR \fIport\fR +-Port number of the Directory Server. +-.TP + .B \fB\-b\fR \fIbasedn\fR + The suffix DN from which to search from. + .TP +-- +2.4.11 + diff --git a/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch deleted file mode 100644 index 8d833cf..0000000 --- a/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch +++ /dev/null @@ -1,350 +0,0 @@ -From 970672905f7ca994f1d0f92e82f4c80484796181 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 5 Aug 2015 14:40:12 -0700 -Subject: [PATCH 38/39] Ticket #48228 - CI test: added test cases for ticket - 48228 - -Description: wrong password check if passwordInHistory is decreased. -(cherry picked from commit 6b138a2091bf7d78f3bc60a13f226a39296e0f4c) -(cherry picked from commit e62b4815f0682845992dc9a4375e1d7c5597bfba) ---- - dirsrvtests/tickets/ticket48228_test.py | 327 ++++++++++++++++++++++++++++++++ - 1 file changed, 327 insertions(+) - create mode 100644 dirsrvtests/tickets/ticket48228_test.py - -diff --git a/dirsrvtests/tickets/ticket48228_test.py b/dirsrvtests/tickets/ticket48228_test.py -new file mode 100644 -index 0000000..e0595bb ---- /dev/null -+++ b/dirsrvtests/tickets/ticket48228_test.py -@@ -0,0 +1,327 @@ -+# --- BEGIN COPYRIGHT BLOCK --- -+# Copyright (C) 2015 Red Hat, Inc. -+# All rights reserved. -+# -+# License: GPL (version 3 or any later version). -+# See LICENSE for details. -+# --- END COPYRIGHT BLOCK --- -+# -+import os -+import sys -+import time -+import ldap -+import logging -+import pytest -+from lib389 import DirSrv, Entry, tools, tasks -+from lib389.tools import DirSrvTools -+from lib389._constants import * -+from lib389.properties import * -+from lib389.tasks import * -+ -+log = logging.getLogger(__name__) -+ -+installation_prefix = None -+ -+# Assuming DEFAULT_SUFFIX is "dc=example,dc=com", otherwise it does not work... :( -+SUBTREE_CONTAINER = 'cn=nsPwPolicyContainer,' + DEFAULT_SUFFIX -+SUBTREE_PWPDN = 'cn=nsPwPolicyEntry,' + DEFAULT_SUFFIX -+SUBTREE_PWP = 'cn=cn\3DnsPwPolicyEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER -+SUBTREE_COS_TMPLDN = 'cn=nsPwTemplateEntry,' + DEFAULT_SUFFIX -+SUBTREE_COS_TMPL = 'cn=cn\3DnsPwTemplateEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER -+SUBTREE_COS_DEF = 'cn=nsPwPolicy_CoS,' + DEFAULT_SUFFIX -+ -+USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX -+USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX -+ -+class TopologyStandalone(object): -+ def __init__(self, standalone): -+ standalone.open() -+ self.standalone = standalone -+ -+ -+@pytest.fixture(scope="module") -+def topology(request): -+ ''' -+ This fixture is used to standalone topology for the 'module'. -+ ''' -+ global installation_prefix -+ -+ if installation_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation_prefix -+ -+ standalone = DirSrv(verbose=False) -+ -+ # Args for the standalone instance -+ args_instance[SER_HOST] = HOST_STANDALONE -+ args_instance[SER_PORT] = PORT_STANDALONE -+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE -+ args_standalone = args_instance.copy() -+ standalone.allocate(args_standalone) -+ -+ # Get the status of the instance and restart it if it exists -+ instance_standalone = standalone.exists() -+ -+ # Remove the instance -+ if instance_standalone: -+ standalone.delete() -+ -+ # Create the instance -+ standalone.create() -+ -+ # Used to retrieve configuration information (dbdir, confdir...) -+ standalone.open() -+ -+ # clear the tmp directory -+ standalone.clearTmpDir(__file__) -+ -+ # Here we have standalone instance up and running -+ return TopologyStandalone(standalone) -+ -+def set_global_pwpolicy(topology, inhistory): -+ log.info(" +++++ Enable global password policy +++++\n") -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ # Enable password policy -+ try: -+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-pwpolicy-local', 'on')]) -+ except ldap.LDAPError, e: -+ log.error('Failed to set pwpolicy-local: error ' + e.message['desc']) -+ assert False -+ -+ log.info(" Set global password history on\n") -+ try: -+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordHistory', 'on')]) -+ except ldap.LDAPError, e: -+ log.error('Failed to set passwordHistory: error ' + e.message['desc']) -+ assert False -+ -+ log.info(" Set global passwords in history\n") -+ try: -+ count = "%d" % inhistory -+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordInHistory', count)]) -+ except ldap.LDAPError, e: -+ log.error('Failed to set passwordInHistory: error ' + e.message['desc']) -+ assert False -+ -+def set_subtree_pwpolicy(topology): -+ log.info(" +++++ Enable subtree level password policy +++++\n") -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ log.info(" Add the container") -+ try: -+ topology.standalone.add_s(Entry((SUBTREE_CONTAINER, {'objectclass': 'top nsContainer'.split(), -+ 'cn': 'nsPwPolicyContainer'}))) -+ except ldap.LDAPError, e: -+ log.error('Failed to add subtree container: error ' + e.message['desc']) -+ assert False -+ -+ log.info(" Add the password policy subentry {passwordHistory: on, passwordInHistory: 6}") -+ try: -+ topology.standalone.add_s(Entry((SUBTREE_PWP, {'objectclass': 'top ldapsubentry passwordpolicy'.split(), -+ 'cn': SUBTREE_PWPDN, -+ 'passwordMustChange': 'off', -+ 'passwordExp': 'off', -+ 'passwordHistory': 'on', -+ 'passwordInHistory': '6', -+ 'passwordMinAge': '0', -+ 'passwordChange': 'on', -+ 'passwordStorageScheme': 'clear'}))) -+ except ldap.LDAPError, e: -+ log.error('Failed to add passwordpolicy: error ' + e.message['desc']) -+ assert False -+ -+ log.info(" Add the COS template") -+ try: -+ topology.standalone.add_s(Entry((SUBTREE_COS_TMPL, {'objectclass': 'top ldapsubentry costemplate extensibleObject'.split(), -+ 'cn': SUBTREE_PWPDN, -+ 'cosPriority': '1', -+ 'cn': SUBTREE_COS_TMPLDN, -+ 'pwdpolicysubentry': SUBTREE_PWP}))) -+ except ldap.LDAPError, e: -+ log.error('Failed to add COS template: error ' + e.message['desc']) -+ assert False -+ -+ log.info(" Add the COS definition") -+ try: -+ topology.standalone.add_s(Entry((SUBTREE_COS_DEF, {'objectclass': 'top ldapsubentry cosSuperDefinition cosPointerDefinition'.split(), -+ 'cn': SUBTREE_PWPDN, -+ 'costemplatedn': SUBTREE_COS_TMPL, -+ 'cosAttribute': 'pwdpolicysubentry default operational-default'}))) -+ except ldap.LDAPError, e: -+ log.error('Failed to add COS def: error ' + e.message['desc']) -+ assert False -+ -+def check_passwd_inhistory(topology, user, cpw, passwd): -+ inhistory = 0 -+ log.info(" Bind as {%s,%s}" % (user, cpw)) -+ topology.standalone.simple_bind_s(user, cpw) -+ try: -+ topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', passwd)]) -+ except ldap.LDAPError, e: -+ log.info(' The password ' + passwd + ' of user' + USER1_DN + ' in history: error ' + e.message['desc']) -+ inhistory = 1 -+ return inhistory -+ -+def update_passwd(topology, user, passwd, times): -+ cpw = passwd -+ loop = 0 -+ while loop < times: -+ log.info(" Bind as {%s,%s}" % (user, cpw)) -+ topology.standalone.simple_bind_s(user, cpw) -+ cpw = 'password%d' % loop -+ try: -+ topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw)]) -+ except ldap.LDAPError, e: -+ log.fatal('test_ticket48228: Failed to update the password ' + cpw + ' of user ' + user + ': error ' + e.message['desc']) -+ assert False -+ loop += 1 -+ -+ # checking the first password, which is supposed to be in history -+ inhistory = check_passwd_inhistory(topology, user, cpw, passwd) -+ assert inhistory == 1 -+ -+def test_ticket48228_test_global_policy(topology): -+ """ -+ Check global password policy -+ """ -+ -+ log.info(' Set inhistory = 6') -+ set_global_pwpolicy(topology, 6) -+ -+ log.info(' Bind as directory manager') -+ log.info("Bind as %s" % DN_DM) -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ -+ log.info(' Add an entry' + USER1_DN) -+ try: -+ topology.standalone.add_s(Entry((USER1_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(), -+ 'sn': '1', -+ 'cn': 'user 1', -+ 'uid': 'user1', -+ 'givenname': 'user', -+ 'mail': 'user1@example.com', -+ 'userpassword': 'password'}))) -+ except ldap.LDAPError, e: -+ log.fatal('test_ticket48228: Failed to add user' + USER1_DN + ': error ' + e.message['desc']) -+ assert False -+ -+ log.info(' Update the password of ' + USER1_DN + ' 6 times') -+ update_passwd(topology, USER1_DN, 'password', 6) -+ -+ log.info(' Set inhistory = 4') -+ set_global_pwpolicy(topology, 4) -+ -+ log.info(' checking the first password, which is supposed NOT to be in history any more') -+ cpw = 'password%d' % 5 -+ tpw = 'password' -+ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw) -+ assert inhistory == 0 -+ -+ log.info(' checking the second password, which is supposed NOT to be in history any more') -+ cpw = tpw -+ tpw = 'password%d' % 0 -+ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw) -+ assert inhistory == 0 -+ -+ log.info(' checking the second password, which is supposed NOT to be in history any more') -+ cpw = tpw -+ tpw = 'password%d' % 1 -+ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw) -+ assert inhistory == 0 -+ -+ log.info(' checking the third password, which is supposed to be in history') -+ cpw = tpw -+ tpw = 'password%d' % 2 -+ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw) -+ assert inhistory == 1 -+ -+ log.info("Global policy was successfully verified.") -+ -+def test_ticket48228_test_subtree_policy(topology): -+ """ -+ Check subtree level password policy -+ """ -+ -+ log.info(' Set inhistory = 6') -+ set_subtree_pwpolicy(topology) -+ -+ log.info(' Bind as directory manager') -+ log.info("Bind as %s" % DN_DM) -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ -+ log.info(' Add an entry' + USER2_DN) -+ try: -+ topology.standalone.add_s(Entry((USER2_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(), -+ 'sn': '2', -+ 'cn': 'user 2', -+ 'uid': 'user2', -+ 'givenname': 'user', -+ 'mail': 'user2@example.com', -+ 'userpassword': 'password'}))) -+ except ldap.LDAPError, e: -+ log.fatal('test_ticket48228: Failed to add user' + USER2_DN + ': error ' + e.message['desc']) -+ assert False -+ -+ log.info(' Update the password of ' + USER2_DN + ' 6 times') -+ update_passwd(topology, USER2_DN, 'password', 6) -+ -+ log.info(' Set inhistory = 4') -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ try: -+ topology.standalone.modify_s(SUBTREE_PWP, [(ldap.MOD_REPLACE, 'passwordInHistory', '4')]) -+ except ldap.LDAPError, e: -+ log.error('Failed to set pwpolicy-local: error ' + e.message['desc']) -+ assert False -+ -+ log.info(' checking the first password, which is supposed NOT to be in history any more') -+ cpw = 'password%d' % 5 -+ tpw = 'password' -+ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw) -+ assert inhistory == 0 -+ -+ log.info(' checking the second password, which is supposed NOT to be in history any more') -+ cpw = tpw -+ tpw = 'password%d' % 0 -+ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw) -+ assert inhistory == 0 -+ -+ log.info(' checking the second password, which is supposed NOT to be in history any more') -+ cpw = tpw -+ tpw = 'password%d' % 1 -+ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw) -+ assert inhistory == 0 -+ -+ log.info(' checking the third password, which is supposed to be in history') -+ cpw = tpw -+ tpw = 'password%d' % 2 -+ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw) -+ assert inhistory == 1 -+ -+ log.info("Subtree level policy was successfully verified.") -+ -+def test_ticket48228_final(topology): -+ topology.standalone.delete() -+ log.info('Testcase PASSED') -+ -+def run_isolated(): -+ ''' -+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..) -+ To run isolated without py.test, you need to -+ - edit this file and comment '@pytest.fixture' line before 'topology' function. -+ - set the installation prefix -+ - run this program -+ ''' -+ global installation_prefix -+ installation_prefix = None -+ -+ topo = topology(True) -+ log.info('Testing Ticket 48228 - wrong password check if passwordInHistory is decreased') -+ -+ test_ticket48228_test_global_policy(topo) -+ -+ test_ticket48228_test_subtree_policy(topo) -+ -+ test_ticket48228_final(topo) -+ -+ -+if __name__ == '__main__': -+ run_isolated() -+ --- -1.9.3 - diff --git a/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch b/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch deleted file mode 100644 index 2cb87d6..0000000 --- a/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch +++ /dev/null @@ -1,1282 +0,0 @@ -From 9ba3240a177c156e365f22c721432321bb0a679e Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 4 Aug 2015 12:19:31 -0400 -Subject: [PATCH 39/39] Ticket 47931 - memberOf & retrocl deadlocks - -Bug Description: When concurrently updating multiple backends the - memberOf and retrocl plugins can deadlock on each - other. This is caused by the required retrocl lock, - and the db lock on the changenumber index in the - retrocl db. - -Fix Description: Added scoping to the retrocl that allows subtrees/suffixes - to be included or excluded. Also moved the existing - memberOf scoping outside of its global lock. - - Also improved the memberOf config copying to be consistent - and more efficient. Improved the memberOf scoping attributes - to be multivalued. And, properly valdiated new config - settings in the preop valdiation function, instead of the - "apply config" function. - -https://fedorahosted.org/389/ticket/47931 - -Valgrind: passed - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit fd959ac864d6d86d24928bc2c6f097d1a6031ecd) -(cherry picked from commit d8108476d3bedbcc03f6c61bfb3d50e921faaf42) ---- - ldap/servers/plugins/memberof/memberof.c | 217 +++++++++++++-------- - ldap/servers/plugins/memberof/memberof.h | 8 +- - ldap/servers/plugins/memberof/memberof_config.c | 249 +++++++++++++++++------- - ldap/servers/plugins/retrocl/retrocl.c | 183 +++++++++++++++-- - ldap/servers/plugins/retrocl/retrocl.h | 4 + - ldap/servers/plugins/retrocl/retrocl_po.c | 41 +++- - 6 files changed, 516 insertions(+), 186 deletions(-) - -diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c -index da52bc8..9b577b9 100644 ---- a/ldap/servers/plugins/memberof/memberof.c -+++ b/ldap/servers/plugins/memberof/memberof.c -@@ -116,7 +116,7 @@ static int memberof_compare(MemberOfConfig *config, const void *a, const void *b - static int memberof_qsort_compare(const void *a, const void *b); - static void memberof_load_array(Slapi_Value **array, Slapi_Attr *attr); - static int memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *sdn); --static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, -+static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, MemberOfConfig *config, - char **types, plugin_search_entry_callback callback, void *callback_data); - static int memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn, - Slapi_Value *memberdn); -@@ -144,7 +144,7 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname, - static void memberof_fixup_task_thread(void *arg); - static int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str); - static int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data); -- -+static int memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn); - - /*** implementation ***/ - -@@ -489,7 +489,8 @@ memberof_get_plugin_area() - int memberof_postop_del(Slapi_PBlock *pb) - { - int ret = SLAPI_PLUGIN_SUCCESS; -- MemberOfConfig configCopy = {0, 0, 0, 0}; -+ MemberOfConfig *mainConfig = NULL; -+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - Slapi_DN *sdn; - void *caller_id = NULL; - -@@ -509,12 +510,13 @@ int memberof_postop_del(Slapi_PBlock *pb) - struct slapi_entry *e = NULL; - - slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &e ); -- -- /* We need to get the config lock first. Trying to get the -- * config lock after we already hold the op lock can cause -- * a deadlock. */ - memberof_rlock_config(); -- /* copy config so it doesn't change out from under us */ -+ mainConfig = memberof_get_config(); -+ if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){ -+ /* The entry is not in scope, bail...*/ -+ memberof_unlock_config(); -+ goto bail; -+ } - memberof_copy_config(&configCopy, memberof_get_config()); - memberof_unlock_config(); - -@@ -529,7 +531,6 @@ int memberof_postop_del(Slapi_PBlock *pb) - "memberof_postop_del: error deleting dn (%s) from group. Error (%d)\n", - slapi_sdn_get_dn(sdn),ret); - memberof_unlock(); -- memberof_free_config(&configCopy); - goto bail; - } - -@@ -554,10 +555,10 @@ int memberof_postop_del(Slapi_PBlock *pb) - } - } - memberof_unlock(); -+bail: - memberof_free_config(&configCopy); - } - --bail: - if(ret){ - slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret); - ret = SLAPI_PLUGIN_FAILURE; -@@ -591,7 +592,7 @@ memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN * - - groupattrs[0] = config->groupattrs[i]; - -- rc = memberof_call_foreach_dn(pb, sdn, groupattrs, -+ rc = memberof_call_foreach_dn(pb, sdn, config, groupattrs, - memberof_del_dn_type_callback, &data); - } - -@@ -641,6 +642,20 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data) - return rc; - } - -+/* Check if the the entry include scope is a child of the sdn */ -+static Slapi_DN* -+memberof_scope_is_child_of_dn(MemberOfConfig *config, Slapi_DN *sdn) -+{ -+ int i = 0; -+ -+ while(config->entryScopes && config->entryScopes[i]){ -+ if(slapi_sdn_issuffix(config->entryScopes[i], sdn)){ -+ return config->entryScopes[i]; -+ } -+ i++; -+ } -+ return NULL; -+} - /* - * Does a callback search of "type=dn" under the db suffix that "dn" is in, - * unless all_backends is set, then we look at all the backends. If "dn" -@@ -649,7 +664,7 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data) - */ - int - memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, -- char **types, plugin_search_entry_callback callback, void *callback_data) -+ MemberOfConfig *config, char **types, plugin_search_entry_callback callback, void *callback_data) - { - Slapi_PBlock *search_pb = NULL; - Slapi_DN *base_sdn = NULL; -@@ -657,9 +672,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, - char *escaped_filter_val; - char *filter_str = NULL; - char *cookie = NULL; -- int all_backends = memberof_config_get_all_backends(); -- Slapi_DN *entry_scope = memberof_config_get_entry_scope(); -- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree(); -+ int all_backends = config->allBackends; - int types_name_len = 0; - int num_types = 0; - int dn_len = slapi_sdn_get_ndn_len(sdn); -@@ -667,11 +680,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, - int rc = 0; - int i = 0; - -- if (entry_scope && !slapi_sdn_issuffix(sdn, entry_scope)) { -- return (rc); -- } -- -- if (entry_scope_exclude_subtree && slapi_sdn_issuffix(sdn, entry_scope_exclude_subtree)) { -+ if (!memberof_entry_in_scope(config, sdn)) { - return (rc); - } - -@@ -728,6 +737,8 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, - search_pb = slapi_pblock_new(); - be = slapi_get_first_backend(&cookie); - while(be){ -+ Slapi_DN *scope_sdn = NULL; -+ - if(!all_backends){ - be = slapi_be_select(sdn); - if(be == NULL){ -@@ -743,13 +754,14 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, - continue; - } - } -- if (entry_scope) { -- if (slapi_sdn_issuffix(base_sdn, entry_scope)) { -+ -+ if (config->entryScopes || config->entryScopeExcludeSubtrees) { -+ if (memberof_entry_in_scope(config, base_sdn)) { - /* do nothing, entry scope is spanning - * multiple suffixes, start at suffix */ -- } else if (slapi_sdn_issuffix(entry_scope, base_sdn)) { -+ } else if ((scope_sdn = memberof_scope_is_child_of_dn(config, base_sdn))) { - /* scope is below suffix, set search base */ -- base_sdn = entry_scope; -+ base_sdn = scope_sdn; - } else if(!all_backends){ - break; - } else { -@@ -767,7 +779,6 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, - break; - } - -- - if(!all_backends){ - break; - } -@@ -792,10 +803,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) - { - int ret = SLAPI_PLUGIN_SUCCESS; - void *caller_id = NULL; -- Slapi_DN *entry_scope = NULL; -- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree(); - -- entry_scope = memberof_config_get_entry_scope(); - slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, - "--> memberof_postop_modrdn\n" ); - -@@ -810,7 +818,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) - if(memberof_oktodo(pb)) - { - MemberOfConfig *mainConfig = 0; -- MemberOfConfig configCopy = {0, 0, 0, 0}; -+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - struct slapi_entry *pre_e = NULL; - struct slapi_entry *post_e = NULL; - Slapi_DN *pre_sdn = 0; -@@ -818,7 +826,6 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) - - slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e ); - slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &post_e ); -- - if(pre_e && post_e) - { - pre_sdn = slapi_entry_get_sdn(pre_e); -@@ -831,11 +838,19 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) - memberof_copy_config(&configCopy, mainConfig); - memberof_unlock_config(); - -+ /* Need to check both the pre/post entries */ -+ if((pre_sdn && !memberof_entry_in_scope(&configCopy, pre_sdn)) && -+ (post_sdn && !memberof_entry_in_scope(&configCopy, post_sdn))) -+ { -+ /* The entry is not in scope */ -+ goto bail; -+ } -+ - memberof_lock(); - - /* update any downstream members */ - if(pre_sdn && post_sdn && configCopy.group_filter && -- 0 == slapi_filter_test_simple(post_e, configCopy.group_filter)) -+ 0 == slapi_filter_test_simple(post_e, configCopy.group_filter)) - { - int i = 0; - Slapi_Attr *attr = 0; -@@ -847,7 +862,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) - if(0 == slapi_entry_attr_find(post_e, configCopy.groupattrs[i], &attr)) - { - if((ret = memberof_moddn_attr_list(pb, &configCopy, pre_sdn, -- post_sdn, attr) != 0)) -+ post_sdn, attr) != 0)) - { - slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, - "memberof_postop_modrdn - update failed for (%s), error (%d)\n", -@@ -862,49 +877,49 @@ int memberof_postop_modrdn(Slapi_PBlock *pb) - * of other group entries. We need to update any member - * attributes to refer to the new name. */ - if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) { -- if ((entry_scope && !slapi_sdn_issuffix(post_sdn, entry_scope)) || -- (entry_scope_exclude_subtree && slapi_sdn_issuffix(post_sdn, entry_scope_exclude_subtree))) { -+ if (!memberof_entry_in_scope(&configCopy, post_sdn)){ - if((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_sdn))){ - slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, - "memberof_postop_modrdn - delete dn failed for (%s), error (%d)\n", - slapi_sdn_get_dn(pre_sdn), ret); - } - if(ret == LDAP_SUCCESS && pre_e && configCopy.group_filter && -- 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) { -+ 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) -+ { - /* is the entry of interest as a group? */ -- int i = 0; -- Slapi_Attr *attr = 0; -- -- /* Loop through to find each grouping attribute separately. */ -- for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) { -- if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) { -- if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){ -- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -- "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n", -- slapi_sdn_get_dn(pre_sdn),ret); -- } -+ int i = 0; -+ Slapi_Attr *attr = 0; - -+ /* Loop through to find each grouping attribute separately. */ -+ for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) { -+ if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) { -+ if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){ -+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -+ "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n", -+ slapi_sdn_get_dn(pre_sdn),ret); - } -+ - } -- } -+ } -+ } - if(ret == LDAP_SUCCESS) { -- memberof_del_dn_data del_data = {0, configCopy.memberof_attr}; -- if((ret = memberof_del_dn_type_callback(post_e, &del_data))){ -- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -- "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n", -- slapi_entry_get_dn(post_e), ret); -- } -+ memberof_del_dn_data del_data = {0, configCopy.memberof_attr}; -+ if((ret = memberof_del_dn_type_callback(post_e, &del_data))){ -+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -+ "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n", -+ slapi_entry_get_dn(post_e), ret); - } -+ } - } else { - if((ret = memberof_replace_dn_from_groups(pb, &configCopy, pre_sdn, post_sdn))){ - slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -- "memberof_postop_modrdn - replace dne failed for (%s), error (%d)\n", -+ "memberof_postop_modrdn - replace dn failed for (%s), error (%d)\n", - slapi_sdn_get_dn(pre_sdn), ret); - } - } - } -- - memberof_unlock(); -+bail: - memberof_free_config(&configCopy); - } - -@@ -946,7 +961,7 @@ memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, - - groupattrs[0] = config->groupattrs[i]; - -- if((ret = memberof_call_foreach_dn(pb, pre_sdn, groupattrs, -+ if((ret = memberof_call_foreach_dn(pb, pre_sdn, config, groupattrs, - memberof_replace_dn_type_callback, - &data))) - { -@@ -1064,12 +1079,11 @@ int memberof_postop_modify(Slapi_PBlock *pb) - goto done; - } - -- -- if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb))) -+ if(memberof_oktodo(pb)) - { - int config_copied = 0; - MemberOfConfig *mainConfig = 0; -- MemberOfConfig configCopy = {0, 0, 0, 0}; -+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - - /* get the mod set */ - slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); -@@ -1088,19 +1102,22 @@ int memberof_postop_modify(Slapi_PBlock *pb) - * only copy the config the first time it's needed so - * it remains the same for all mods in the operation, - * despite any config changes that may be made. */ -- if (!config_copied) -- { -+ if (!config_copied){ - memberof_rlock_config(); - mainConfig = memberof_get_config(); - - if (memberof_is_grouping_attr(type, mainConfig)) - { - interested = 1; -+ if (!memberof_entry_in_scope(mainConfig, sdn)){ -+ /* Entry is not in scope */ -+ memberof_unlock_config(); -+ goto bail; -+ } - /* copy config so it doesn't change out from under us */ - memberof_copy_config(&configCopy, mainConfig); - config_copied = 1; - } -- - memberof_unlock_config(); - } else { - if (memberof_is_grouping_attr(type, &configCopy)) -@@ -1197,8 +1214,7 @@ int memberof_postop_modify(Slapi_PBlock *pb) - } - - bail: -- if (config_copied) -- { -+ if (config_copied){ - memberof_free_config(&configCopy); - } - -@@ -1244,22 +1260,25 @@ int memberof_postop_add(Slapi_PBlock *pb) - - if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb))) - { -- MemberOfConfig *mainConfig = 0; -- MemberOfConfig configCopy = {0, 0, 0, 0}; - struct slapi_entry *e = NULL; -- -+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; -+ MemberOfConfig *mainConfig; - slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &e ); -- - - /* is the entry of interest? */ - memberof_rlock_config(); - mainConfig = memberof_get_config(); - if(e && mainConfig && mainConfig->group_filter && - 0 == slapi_filter_test_simple(e, mainConfig->group_filter)) -+ - { - interested = 1; -- /* copy config so it doesn't change out from under us */ -- memberof_copy_config(&configCopy, mainConfig); -+ if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){ -+ /* Entry is not in scope */ -+ memberof_unlock_config(); -+ goto bail; -+ } -+ memberof_copy_config(&configCopy, memberof_get_config()); - } - memberof_unlock_config(); - -@@ -1284,11 +1303,11 @@ int memberof_postop_add(Slapi_PBlock *pb) - } - - memberof_unlock(); -- - memberof_free_config(&configCopy); - } - } - -+bail: - if(ret){ - slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret); - ret = SLAPI_PLUGIN_FAILURE; -@@ -1326,26 +1345,61 @@ int memberof_oktodo(Slapi_PBlock *pb) - } - - if(slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0) -- { -+ { - slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, - "memberof_postop_oktodo: could not get parameters\n" ); - ret = -1; - } - -- /* this plugin should only execute if the operation succeeded -- */ -- if(oprc != 0) -+ /* this plugin should only execute if the operation succeeded */ -+ if(oprc != 0) - { - ret = 0; - } -- -+ -+bail: - slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, - "<-- memberof_postop_oktodo\n" ); - --bail: - return ret; - } - -+/* -+ * Return 1 if the entry is in the scope. -+ * For MODRDN the caller should check both the preop -+ * and postop entries. If we are moving out of, or -+ * into scope, we should process it. -+ */ -+static int -+memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn) -+{ -+ if (config->entryScopeExcludeSubtrees){ -+ int i = 0; -+ -+ /* check the excludes */ -+ while(config->entryScopeExcludeSubtrees[i]){ -+ if (slapi_sdn_issuffix(sdn, config->entryScopeExcludeSubtrees[i])){ -+ return 0; -+ } -+ i++; -+ } -+ } -+ if (config->entryScopes){ -+ int i = 0; -+ -+ /* check the excludes */ -+ while(config->entryScopes[i]){ -+ if (slapi_sdn_issuffix(sdn, config->entryScopes[i])){ -+ return 1; -+ } -+ i++; -+ } -+ return 0; -+ } -+ -+ return 1; -+} -+ - static Slapi_DN * - memberof_getsdn(Slapi_PBlock *pb) - { -@@ -2013,7 +2067,7 @@ memberof_get_groups_r(MemberOfConfig *config, Slapi_DN *member_sdn, - { - /* Search for any grouping attributes that point to memberdn. - * For each match, add it to the list, recurse and do same search */ -- return memberof_call_foreach_dn(NULL, member_sdn, config->groupattrs, -+ return memberof_call_foreach_dn(NULL, member_sdn, config, config->groupattrs, - memberof_get_groups_callback, data); - } - -@@ -2030,7 +2084,6 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data) - Slapi_Value *group_dn_val = 0; - Slapi_ValueSet *groupvals = *((memberof_get_groups_data*)callback_data)->groupvals; - Slapi_ValueSet *group_norm_vals = *((memberof_get_groups_data*)callback_data)->group_norm_vals; -- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree(); - MemberOfConfig *config = ((memberof_get_groups_data*)callback_data)->config; - int rc = 0; - -@@ -2086,7 +2139,7 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data) - } - - /* if the group does not belong to an excluded subtree, adds it to the valueset */ -- if (!(entry_scope_exclude_subtree && slapi_sdn_issuffix(group_sdn, entry_scope_exclude_subtree))) { -+ if (memberof_entry_in_scope(config, group_sdn)) { - /* Push group_dn_val into the valueset. This memory is now owned - * by the valueset. */ - group_dn_val = slapi_value_new_string(group_dn); -@@ -2188,8 +2241,8 @@ memberof_test_membership(Slapi_PBlock *pb, MemberOfConfig *config, - { - char *attrs[2] = {config->memberof_attr, 0}; - -- return memberof_call_foreach_dn(pb, group_sdn, attrs, -- memberof_test_membership_callback , config); -+ return memberof_call_foreach_dn(pb, group_sdn, config, attrs, -+ memberof_test_membership_callback, config); - } - - /* -diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h -index 5a70400..9d9d158 100644 ---- a/ldap/servers/plugins/memberof/memberof.h -+++ b/ldap/servers/plugins/memberof/memberof.h -@@ -52,8 +52,10 @@ typedef struct memberofconfig { - char **groupattrs; - char *memberof_attr; - int allBackends; -- Slapi_DN *entryScope; -- Slapi_DN *entryScopeExcludeSubtree; -+ Slapi_DN **entryScopes; -+ int entryScopeCount; -+ Slapi_DN **entryScopeExcludeSubtrees; -+ int entryExcludeScopeCount; - Slapi_Filter *group_filter; - Slapi_Attr **group_slapiattrs; - int skip_nested; -@@ -74,8 +76,6 @@ void memberof_rlock_config(); - void memberof_wlock_config(); - void memberof_unlock_config(); - int memberof_config_get_all_backends(); --Slapi_DN * memberof_config_get_entry_scope(); --Slapi_DN * memberof_config_get_entry_scope_exclude_subtree(); - void memberof_set_config_area(Slapi_DN *sdn); - Slapi_DN * memberof_get_config_area(); - void memberof_set_plugin_area(Slapi_DN *sdn); -diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c -index ac2d045..b4cc941 100644 ---- a/ldap/servers/plugins/memberof/memberof_config.c -+++ b/ldap/servers/plugins/memberof/memberof_config.c -@@ -48,7 +48,7 @@ static int memberof_search (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_En - /* This is the main configuration which is updated from dse.ldif. The - * config will be copied when it is used by the plug-in to prevent it - * being changed out from under a running memberOf operation. */ --static MemberOfConfig theConfig = {NULL, NULL,0, NULL, NULL, NULL, NULL}; -+static MemberOfConfig theConfig = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - static Slapi_RWLock *memberof_config_lock = 0; - static int inited = 0; - -@@ -60,6 +60,19 @@ static int dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Ent - return SLAPI_DSE_CALLBACK_ERROR; - } - -+static void -+memberof_free_scope(Slapi_DN **scopes, int *count) -+{ -+ int i = 0; -+ -+ while(scopes && scopes[i]){ -+ slapi_sdn_free(&scopes[i]); -+ i++; -+ } -+ slapi_ch_free((void**)&scopes); -+ *count = 0; -+} -+ - /* - * memberof_config() - * -@@ -155,17 +168,22 @@ memberof_release_config() - * - * Validate the pending changes in the e entry. - */ --static int -+int - memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, - int *returncode, char *returntext, void *arg) - { - Slapi_Attr *memberof_attr = NULL; - Slapi_Attr *group_attr = NULL; - Slapi_DN *config_sdn = NULL; -+ Slapi_DN **include_dn = NULL; -+ Slapi_DN **exclude_dn = NULL; - char *syntaxoid = NULL; - char *config_dn = NULL; - char *skip_nested = NULL; -+ char **entry_scopes = NULL; -+ char **entry_exclude_scopes = NULL; - int not_dn_syntax = 0; -+ int num_vals = 0; - - *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */ - -@@ -283,8 +301,112 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr - *returncode = LDAP_UNWILLING_TO_PERFORM; - } - } -+ /* -+ * Check the entry scopes -+ */ -+ entry_scopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals); -+ if(entry_scopes){ -+ int i = 0; -+ -+ /* Validate the syntax before we create our DN array */ -+ for (i = 0;i < num_vals; i++){ -+ if(slapi_dn_syntax_check(pb, entry_scopes[i], 1)){ -+ /* invalid dn syntax */ -+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, -+ "%s: Invalid DN (%s) for include suffix.", -+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]); -+ slapi_ch_array_free(entry_scopes); -+ theConfig.entryScopeCount = 0; -+ *returncode = LDAP_UNWILLING_TO_PERFORM; -+ goto done; -+ } -+ } -+ /* Now create our SDN array for conflict checking */ -+ include_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1); -+ for (i = 0;i < num_vals; i++){ -+ include_dn[i] = slapi_sdn_new_dn_passin(entry_scopes[i]); -+ } -+ } -+ /* -+ * Check and process the entry exclude scopes -+ */ -+ entry_exclude_scopes = -+ slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals); -+ if(entry_exclude_scopes){ -+ int i = 0; -+ -+ /* Validate the syntax before we create our DN array */ -+ for (i = 0;i < num_vals; i++){ -+ if(slapi_dn_syntax_check(pb, entry_exclude_scopes[i], 1)){ -+ /* invalid dn syntax */ -+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, -+ "%s: Invalid DN (%s) for exclude suffix.", -+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]); -+ slapi_ch_array_free(entry_exclude_scopes); -+ *returncode = LDAP_UNWILLING_TO_PERFORM; -+ goto done; -+ } -+ } -+ /* Now create our SDN array for conflict checking */ -+ exclude_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1); -+ for (i = 0;i < num_vals; i++){ -+ exclude_dn[i] = slapi_sdn_new_dn_passin(entry_exclude_scopes[i]); -+ } -+ } -+ /* -+ * Need to do conflict checking -+ */ -+ if(include_dn && exclude_dn){ -+ /* -+ * Make sure we haven't mixed the same suffix, and there are no -+ * conflicts between the includes and excludes -+ */ -+ int i = 0; -+ -+ while(include_dn[i]){ -+ int x = 0; -+ while(exclude_dn[x]){ -+ if(slapi_sdn_compare(include_dn[i], exclude_dn[x] ) == 0) -+ { -+ /* we have a conflict */ -+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, -+ "%s: include suffix (%s) is also listed as an exclude suffix list", -+ MEMBEROF_PLUGIN_SUBSYSTEM, slapi_sdn_get_dn(include_dn[i])); -+ *returncode = LDAP_UNWILLING_TO_PERFORM; -+ goto done; -+ } -+ x++; -+ } -+ i++; -+ } -+ -+ /* Check for parent/child conflicts */ -+ i = 0; -+ while(include_dn[i]){ -+ int x = 0; -+ while(exclude_dn[x]){ -+ if(slapi_sdn_issuffix(include_dn[i], exclude_dn[x])) -+ { -+ /* we have a conflict */ -+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, -+ "%s: include suffix (%s) is a child of the exclude suffix(%s)", -+ MEMBEROF_PLUGIN_SUBSYSTEM, -+ slapi_sdn_get_dn(include_dn[i]), -+ slapi_sdn_get_dn(exclude_dn[i])); -+ *returncode = LDAP_UNWILLING_TO_PERFORM; -+ goto done; -+ } -+ x++; -+ } -+ i++; -+ } -+ } - - done: -+ memberof_free_scope(exclude_dn, &num_vals); -+ memberof_free_scope(include_dn, &num_vals); -+ slapi_ch_free((void**)&entry_scopes); -+ slapi_ch_free((void**)&entry_exclude_scopes); - slapi_sdn_free(&config_sdn); - slapi_ch_free_string(&config_dn); - slapi_ch_free_string(&skip_nested); -@@ -299,7 +421,6 @@ done: - } - } - -- - /* - * memberof_apply_config() - * -@@ -318,10 +439,11 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* - int num_groupattrs = 0; - int groupattr_name_len = 0; - char *allBackends = NULL; -- char *entryScope = NULL; -- char *entryScopeExcludeSubtree = NULL; -+ char **entryScopes = NULL; -+ char **entryScopeExcludeSubtrees = NULL; - char *sharedcfg = NULL; - char *skip_nested = NULL; -+ int num_vals = 0; - - *returncode = LDAP_SUCCESS; - -@@ -353,8 +475,6 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* - groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR); - memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR); - allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR); -- entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR); -- entryScopeExcludeSubtree = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE); - skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR); - - /* -@@ -480,49 +600,39 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* - theConfig.allBackends = 0; - } - -- slapi_sdn_free(&theConfig.entryScope); -- if (entryScope) -- { -- if (slapi_dn_syntax_check(NULL, entryScope, 1) == 1) { -- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -- "Error: Ignoring invalid DN used as plugin entry scope: [%s]\n", -- entryScope); -- theConfig.entryScope = NULL; -- slapi_ch_free_string(&entryScope); -- } else { -- theConfig.entryScope = slapi_sdn_new_dn_passin(entryScope); -+ /* -+ * Check and process the entry scopes -+ */ -+ memberof_free_scope(theConfig.entryScopes, &theConfig.entryScopeCount); -+ entryScopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals); -+ if(entryScopes){ -+ int i = 0; -+ -+ /* Validation has already been performed in preop, just build the DN's */ -+ theConfig.entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1); -+ for (i = 0;i < num_vals; i++){ -+ theConfig.entryScopes[i] = slapi_sdn_new_dn_passin(entryScopes[i]); - } -- } else { -- theConfig.entryScope = NULL; -+ theConfig.entryScopeCount = num_vals; /* shortcut for config copy */ - } -- -- slapi_sdn_free(&theConfig.entryScopeExcludeSubtree); -- if (entryScopeExcludeSubtree) -- { -- if (theConfig.entryScope == NULL) { -- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -- "Error: Ignoring ExcludeSubtree (%s) because entryScope is not define\n", -- entryScopeExcludeSubtree); -- theConfig.entryScopeExcludeSubtree = NULL; -- slapi_ch_free_string(&entryScopeExcludeSubtree); -- } else if (slapi_dn_syntax_check(NULL, entryScopeExcludeSubtree, 1) == 1) { -- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -- "Error: Ignoring invalid DN used as plugin entry exclude subtree: [%s]\n", -- entryScopeExcludeSubtree); -- theConfig.entryScopeExcludeSubtree = NULL; -- slapi_ch_free_string(&entryScopeExcludeSubtree); -- } else { -- theConfig.entryScopeExcludeSubtree = slapi_sdn_new_dn_passin(entryScopeExcludeSubtree); -+ /* -+ * Check and process the entry exclude scopes -+ */ -+ memberof_free_scope(theConfig.entryScopeExcludeSubtrees, -+ &theConfig.entryExcludeScopeCount); -+ entryScopeExcludeSubtrees = -+ slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals); -+ if(entryScopeExcludeSubtrees){ -+ int i = 0; -+ -+ /* Validation has already been performed in preop, just build the DN's */ -+ theConfig.entryScopeExcludeSubtrees = -+ (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1); -+ for (i = 0;i < num_vals; i++){ -+ theConfig.entryScopeExcludeSubtrees[i] = -+ slapi_sdn_new_dn_passin(entryScopeExcludeSubtrees[i]); - } -- } else { -- theConfig.entryScopeExcludeSubtree = NULL; -- } -- if (theConfig.entryScopeExcludeSubtree && theConfig.entryScope && !slapi_sdn_issuffix(theConfig.entryScopeExcludeSubtree, theConfig.entryScope)) { -- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, -- "Error: Ignoring ExcludeSubtree (%s) that is out of the scope (%s)\n", -- slapi_sdn_get_dn(theConfig.entryScopeExcludeSubtree), -- slapi_sdn_get_dn(theConfig.entryScope)); -- slapi_sdn_free(&theConfig.entryScopeExcludeSubtree); -+ theConfig.entryExcludeScopeCount = num_vals; /* shortcut for config copy */ - } - - /* release the lock */ -@@ -536,6 +646,8 @@ done: - slapi_ch_free_string(&memberof_attr); - slapi_ch_free_string(&allBackends); - slapi_ch_free_string(&skip_nested); -+ slapi_ch_free((void **)&entryScopes); -+ slapi_ch_free((void **)&entryScopeExcludeSubtrees); - - if (*returncode != LDAP_SUCCESS) - { -@@ -616,6 +728,23 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src) - { - dest->allBackends = src->allBackends; - } -+ -+ if(src->entryScopes){ -+ int num_vals = 0; -+ -+ dest->entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryScopeCount+1); -+ for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){ -+ dest->entryScopes[num_vals] = slapi_sdn_dup(src->entryScopes[num_vals]); -+ } -+ } -+ if(src->entryScopeExcludeSubtrees){ -+ int num_vals = 0; -+ -+ dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1); -+ for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){ -+ dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]); -+ } -+ } - } - } - -@@ -641,6 +770,8 @@ memberof_free_config(MemberOfConfig *config) - slapi_ch_free((void **)&config->group_slapiattrs); - - slapi_ch_free_string(&config->memberof_attr); -+ memberof_free_scope(config->entryScopes, &config->entryScopeCount); -+ memberof_free_scope(config->entryScopeExcludeSubtrees, &config->entryExcludeScopeCount); - } - } - -@@ -706,30 +837,6 @@ memberof_config_get_all_backends() - return all_backends; - } - --Slapi_DN * --memberof_config_get_entry_scope() --{ -- Slapi_DN *entry_scope; -- -- slapi_rwlock_rdlock(memberof_config_lock); -- entry_scope = theConfig.entryScope; -- slapi_rwlock_unlock(memberof_config_lock); -- -- return entry_scope; --} -- --Slapi_DN * --memberof_config_get_entry_scope_exclude_subtree() --{ -- Slapi_DN *entry_exclude_subtree; -- -- slapi_rwlock_rdlock(memberof_config_lock); -- entry_exclude_subtree = theConfig.entryScopeExcludeSubtree; -- slapi_rwlock_unlock(memberof_config_lock); -- -- return entry_exclude_subtree; --} -- - /* - * Check if we are modifying the config, or changing the shared config entry - */ -diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c -index 78a0c6d..4bcbb38 100644 ---- a/ldap/servers/plugins/retrocl/retrocl.c -+++ b/ldap/servers/plugins/retrocl/retrocl.c -@@ -45,6 +45,9 @@ char **retrocl_attributes = NULL; - char **retrocl_aliases = NULL; - int retrocl_log_deleted = 0; - -+static Slapi_DN **retrocl_includes = NULL; -+static Slapi_DN **retrocl_excludes = NULL; -+ - /* ----------------------------- Retrocl Plugin */ - - static Slapi_PluginDesc retrocldesc = {"retrocl", VENDOR, DS_PACKAGE_VERSION, "Retrocl Plugin"}; -@@ -349,6 +352,8 @@ static int retrocl_start (Slapi_PBlock *pb) - int rc = 0; - Slapi_Entry *e = NULL; - char **values = NULL; -+ int num_vals = 0; -+ int i = 0; - - retrocl_rootdse_init(pb); - -@@ -369,6 +374,87 @@ static int retrocl_start (Slapi_PBlock *pb) - return -1; - } - -+ /* Get the exclude suffixes */ -+ values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_EXCLUDE_SUFFIX, &num_vals); -+ if(values){ -+ /* Validate the syntax before we create our DN array */ -+ for (i = 0;i < num_vals; i++){ -+ if(slapi_dn_syntax_check(pb, values[i], 1)){ -+ /* invalid dn syntax */ -+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, -+ "Invalid DN (%s) for exclude suffix.\n", values[i] ); -+ slapi_ch_array_free(values); -+ return -1; -+ } -+ } -+ /* Now create our SDN array */ -+ retrocl_excludes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1); -+ for (i = 0;i < num_vals; i++){ -+ retrocl_excludes[i] = slapi_sdn_new_dn_byval(values[i]); -+ } -+ slapi_ch_array_free(values); -+ } -+ /* Get the include suffixes */ -+ values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_INCLUDE_SUFFIX, &num_vals); -+ if(values){ -+ for (i = 0;i < num_vals; i++){ -+ /* Validate the syntax before we create our DN array */ -+ if(slapi_dn_syntax_check(pb, values[i], 1)){ -+ /* invalid dn syntax */ -+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, -+ "Invalid DN (%s) for include suffix.\n", values[i] ); -+ slapi_ch_array_free(values); -+ return -1; -+ } -+ } -+ /* Now create our SDN array */ -+ retrocl_includes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1); -+ for (i = 0;i < num_vals; i++){ -+ retrocl_includes[i] = slapi_sdn_new_dn_byval(values[i]); -+ } -+ slapi_ch_array_free(values); -+ } -+ if(retrocl_includes && retrocl_excludes){ -+ /* -+ * Make sure we haven't mixed the same suffix, and there are no -+ * conflicts between the includes and excludes -+ */ -+ int i = 0; -+ -+ while(retrocl_includes[i]){ -+ int x = 0; -+ while(retrocl_excludes[x]){ -+ if(slapi_sdn_compare(retrocl_includes[i], retrocl_excludes[x] ) == 0){ -+ /* we have a conflict */ -+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, -+ "include suffix (%s) is also listed in exclude suffix list\n", -+ slapi_sdn_get_dn(retrocl_includes[i])); -+ return -1; -+ } -+ x++; -+ } -+ i++; -+ } -+ -+ /* Check for parent/child conflicts */ -+ i = 0; -+ while(retrocl_includes[i]){ -+ int x = 0; -+ while(retrocl_excludes[x]){ -+ if(slapi_sdn_issuffix(retrocl_includes[i], retrocl_excludes[x])){ -+ /* we have a conflict */ -+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, -+ "include suffix (%s) is a child of the exclude suffix(%s)\n", -+ slapi_sdn_get_dn(retrocl_includes[i]), -+ slapi_sdn_get_dn(retrocl_excludes[i])); -+ return -1; -+ } -+ x++; -+ } -+ i++; -+ } -+ } -+ - values = slapi_entry_attr_get_charray(e, "nsslapd-attribute"); - if (values != NULL) { - int n = 0; -@@ -434,6 +520,49 @@ static int retrocl_start (Slapi_PBlock *pb) - } - - /* -+ * Check if an entry is in the configured scope. -+ * Return 1 if entry is in the scope, or 0 otherwise. -+ * For MODRDN the caller should check both the preop -+ * and postop entries. If we are moving out of, or -+ * into scope, we should record it. -+ */ -+int -+retrocl_entry_in_scope(Slapi_Entry *e) -+{ -+ Slapi_DN *sdn = slapi_entry_get_sdn(e); -+ -+ if (e == NULL){ -+ return 1; -+ } -+ -+ if (retrocl_excludes){ -+ int i = 0; -+ -+ /* check the excludes */ -+ while(retrocl_excludes[i]){ -+ if (slapi_sdn_issuffix(sdn, retrocl_excludes[i])){ -+ return 0; -+ } -+ i++; -+ } -+ } -+ if (retrocl_includes){ -+ int i = 0; -+ -+ /* check the excludes */ -+ while(retrocl_includes[i]){ -+ if (slapi_sdn_issuffix(sdn, retrocl_includes[i])){ -+ return 1; -+ } -+ i++; -+ } -+ return 0; -+ } -+ -+ return 1; -+} -+ -+/* - * Function: retrocl_stop - * - * Returns: 0 -@@ -446,26 +575,40 @@ static int retrocl_start (Slapi_PBlock *pb) - - static int retrocl_stop (Slapi_PBlock *pb) - { -- int rc = 0; -- -- slapi_ch_array_free(retrocl_attributes); -- retrocl_attributes = NULL; -- slapi_ch_array_free(retrocl_aliases); -- retrocl_aliases = NULL; -- -- retrocl_stop_trimming(); -- retrocl_be_changelog = NULL; -- retrocl_forget_changenumbers(); -- PR_DestroyLock(retrocl_internal_lock); -- retrocl_internal_lock = NULL; -- slapi_destroy_rwlock(retrocl_cn_lock); -- retrocl_cn_lock = NULL; -- legacy_initialised = 0; -- -- slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "", -- LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search); -- -- return rc; -+ int rc = 0; -+ int i = 0; -+ -+ slapi_ch_array_free(retrocl_attributes); -+ retrocl_attributes = NULL; -+ slapi_ch_array_free(retrocl_aliases); -+ retrocl_aliases = NULL; -+ -+ while(retrocl_excludes && retrocl_excludes[i]){ -+ slapi_sdn_free(&retrocl_excludes[i]); -+ i++; -+ } -+ slapi_ch_free((void**)&retrocl_excludes); -+ i = 0; -+ -+ while(retrocl_includes && retrocl_includes[i]){ -+ slapi_sdn_free(&retrocl_includes[i]); -+ i++; -+ } -+ slapi_ch_free((void**)&retrocl_includes); -+ -+ retrocl_stop_trimming(); -+ retrocl_be_changelog = NULL; -+ retrocl_forget_changenumbers(); -+ PR_DestroyLock(retrocl_internal_lock); -+ retrocl_internal_lock = NULL; -+ slapi_destroy_rwlock(retrocl_cn_lock); -+ retrocl_cn_lock = NULL; -+ legacy_initialised = 0; -+ -+ slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "", -+ LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search); -+ -+ return rc; - } - - /* -diff --git a/ldap/servers/plugins/retrocl/retrocl.h b/ldap/servers/plugins/retrocl/retrocl.h -index ae0139c..7edd62f 100644 ---- a/ldap/servers/plugins/retrocl/retrocl.h -+++ b/ldap/servers/plugins/retrocl/retrocl.h -@@ -67,6 +67,8 @@ typedef struct _cnumRet { - /* was originally changelogmaximumage */ - #define CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE "nsslapd-changelogmaxage" - #define CONFIG_CHANGELOG_DIRECTORY_ATTRIBUTE "nsslapd-changelogdir" -+#define CONFIG_CHANGELOG_INCLUDE_SUFFIX "nsslapd-include-suffix" -+#define CONFIG_CHANGELOG_EXCLUDE_SUFFIX "nsslapd-exclude-suffix" - - #define RETROCL_CHANGELOG_DN "cn=changelog" - #define RETROCL_MAPPINGTREE_DN "cn=\"cn=changelog\",cn=mapping tree,cn=config" -@@ -140,4 +142,6 @@ extern void retrocl_init_trimming(void); - extern void retrocl_stop_trimming(void); - extern char *retrocl_get_config_str(const char *attrt); - -+int retrocl_entry_in_scope(Slapi_Entry *e); -+ - #endif /* _H_RETROCL */ -diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c -index 7083d0a..f689373 100644 ---- a/ldap/servers/plugins/retrocl/retrocl_po.c -+++ b/ldap/servers/plugins/retrocl/retrocl_po.c -@@ -140,6 +140,7 @@ write_replog_db( - int flag, - time_t curtime, - Slapi_Entry *log_e, -+ Slapi_Entry *post_entry, - const char *newrdn, - LDAPMod **modrdn_mods, - const char *newsuperior -@@ -156,11 +157,26 @@ write_replog_db( - int err = 0; - int ret = LDAP_SUCCESS; - int i; -+ int mark = 0; - - if (!dn) { - slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n"); - return ret; - } -+ mark = (post_entry && retrocl_entry_in_scope(post_entry)); -+ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark); -+ -+ if (post_entry){ -+ if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){ -+ /* modrdn: entry not in scope, just return... */ -+ return ret; -+ } -+ } else { -+ if(!retrocl_entry_in_scope(log_e)){ -+ /* entry not in scope, just return... */ -+ return ret; -+ } -+ } - - PR_Lock(retrocl_internal_lock); - changenum = retrocl_assign_changenumber(); -@@ -319,7 +335,7 @@ write_replog_db( - break; - - case OP_DELETE: -- if (log_e) { -+ if (retrocl_log_deleted) { - /* we have to log the full entry */ - if ( entry2reple( e, log_e, OP_DELETE ) != 0 ) { - err = SLAPI_PLUGIN_FAILURE; -@@ -559,7 +575,8 @@ int retrocl_postob (Slapi_PBlock *pb, int optype) - char *dn; - LDAPMod **log_m = NULL; - int flag = 0; -- Slapi_Entry *te = NULL; -+ Slapi_Entry *entry = NULL; -+ Slapi_Entry *post_entry = NULL; - Slapi_Operation *op = NULL; - LDAPMod **modrdn_mods = NULL; - char *newrdn = NULL; -@@ -624,7 +641,12 @@ int retrocl_postob (Slapi_PBlock *pb, int optype) - LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change for nsTombstone entries\n"); - return SLAPI_PLUGIN_SUCCESS; - } -- -+ /* -+ * Start by grabbing the preop entry, ADD will replace it as needed. Getting the entry -+ * allows up to perform scoping in write_replog_db() for all op types. -+ */ -+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry); -+ - switch ( optype ) { - case OP_MODIFY: - (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &log_m ); -@@ -634,14 +656,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype) - * For adds, we want the unnormalized dn, so we can preserve - * spacing, case, when replicating it. - */ -- (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &te ); -- if ( NULL != te ) { -- dn = slapi_entry_get_dn( te ); -+ (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &entry ); -+ if ( NULL != entry ) { -+ dn = slapi_entry_get_dn( entry ); - } - break; - case OP_DELETE: - if (retrocl_log_deleted) -- (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &te); -+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry); - break; - case OP_MODRDN: - /* newrdn is used just for logging; no need to be normalized */ -@@ -649,13 +671,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype) - (void)slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag ); - (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &modrdn_mods ); - (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior ); -+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &post_entry); - break; - } - - /* check if we should log change to retro changelog, and - * if so, do it here */ -- if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, te, -- newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) ))) -+ if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, entry, -+ post_entry, newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) ))) - { - slapi_log_error(SLAPI_LOG_FATAL, "retrocl-plugin", - "retrocl_postob: operation failure [%d]\n", rc); --- -1.9.3 - diff --git a/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch b/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch new file mode 100644 index 0000000..e45ee51 --- /dev/null +++ b/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch @@ -0,0 +1,330 @@ +From e71e44e4393a803900ac79d26a91f96ad0068e59 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Tue, 23 Aug 2016 12:06:30 -0400 +Subject: [PATCH 39/45] Ticket 48964 - cleanAllRUV changelog purging + incorrectly processes all backends + +Bug Description: When the changelog was being purged of "cleaned" rids it was checking + all the backend changelogs, and not the one from which the + cleanAllRUV task originated from. This could corrupt a different + backend's changelog if both backends used the same RID. + +Fix Description: Purge the changelog associated with the backend that is specified in + the cleanAllRUV task. Also moved the "purging" to its own function, + and fixed a few compiler warnings. + +https://fedorahosted.org/389/ticket/48965 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit fda00435a7536c1ded72bb78a975f3370d09a3be) +--- + ldap/servers/plugins/replication/cl5_api.c | 162 +++++++++++++-------- + ldap/servers/plugins/replication/cl5_api.h | 2 +- + .../plugins/replication/repl5_replica_config.c | 2 +- + 3 files changed, 106 insertions(+), 60 deletions(-) + +diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c +index 3adaf86..6a09aea 100644 +--- a/ldap/servers/plugins/replication/cl5_api.c ++++ b/ldap/servers/plugins/replication/cl5_api.c +@@ -317,7 +317,7 @@ static int _cl5CheckMissingCSN (const CSN *minCsn, const RUV *supplierRUV, CL5DB + static int _cl5TrimInit (); + static void _cl5TrimCleanup (); + static int _cl5TrimMain (void *param); +-static void _cl5DoTrimming (ReplicaId rid); ++static void _cl5DoTrimming (); + static void _cl5CompactDBs(); + static void _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid); + static int _cl5PurgeGetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key); +@@ -3447,43 +3447,37 @@ static int _cl5TrimMain (void *param) + return 0; + } + +-/* We remove an entry if it has been replayed to all consumers and +- and the number of entries in the changelog is larger than maxEntries +- or age of the entry is larger than maxAge. +- Also we can't purge entries which correspond to max csns in the +- supplier's ruv. Here is a example where we can get into trouble: +- The server is setup with time based trimming and no consumer's +- At some point all the entries are trimmed from the changelog. +- At a later point a consumer is added and initialized online +- Then a change is made on the supplier. +- To update the consumer, the supplier would attempt to locate +- the last change sent to the consumer in the changelog and will +- fail because the change was removed. +- ++/* ++ * We remove an entry if it has been replayed to all consumers and the number ++ * of entries in the changelog is larger than maxEntries or age of the entry ++ * is larger than maxAge. Also we can't purge entries which correspond to max ++ * csns in the supplier's ruv. Here is a example where we can get into trouble: ++ * ++ * The server is setup with time based trimming and no consumer's ++ * At some point all the entries are trimmed from the changelog. ++ * At a later point a consumer is added and initialized online. ++ * Then a change is made on the supplier. ++ * To update the consumer, the supplier would attempt to locate the last ++ * change sent to the consumer in the changelog and will fail because the ++ * change was removed. + */ +- +-static void _cl5DoTrimming (ReplicaId rid) ++static void _cl5DoTrimming () + { + Object *obj; + long numToTrim; + + PR_Lock (s_cl5Desc.dbTrim.lock); + +- /* ONREPL We trim file by file which means that some files will be +- trimmed more often than other. We might have to fix that by, for +- example, randomizing starting point */ ++ /* ++ * We are trimming all the changelogs. We trim file by file which ++ * means that some files will be trimmed more often than other. We ++ * might have to fix that by, for example, randomizing the starting ++ * point. ++ */ + obj = objset_first_obj (s_cl5Desc.dbFiles); +- while (obj && (_cl5CanTrim ((time_t)0, &numToTrim) || rid)) ++ while (obj && _cl5CanTrim ((time_t)0, &numToTrim)) + { +- if (rid){ +- /* +- * We are cleaning an invalid rid, and need to strip it +- * from the changelog. +- */ +- _cl5PurgeRID (obj, rid); +- } else { +- _cl5TrimFile (obj, &numToTrim); +- } ++ _cl5TrimFile (obj, &numToTrim); + obj = objset_next_obj (s_cl5Desc.dbFiles, obj); + } + +@@ -3495,6 +3489,43 @@ static void _cl5DoTrimming (ReplicaId rid) + return; + } + ++/* ++ * We are purging a changelog after a cleanAllRUV task. Find the specific ++ * changelog for the backend that is being cleaned, and purge all the records ++ * with the cleaned rid. ++ */ ++static void _cl5DoPurging (Replica *replica) ++{ ++ ReplicaId rid = replica_get_rid(replica); ++ const Slapi_DN *sdn = replica_get_root(replica); ++ const char *replName = replica_get_name(replica); ++ char *replGen = replica_get_generation(replica); ++ char *fileName; ++ Object *obj; ++ ++ PR_Lock (s_cl5Desc.dbTrim.lock); ++ fileName = _cl5MakeFileName (replName, replGen); ++ obj = objset_find(s_cl5Desc.dbFiles, _cl5CompareDBFile, fileName); ++ if (obj) { ++ /* We found our changelog, now purge it */ ++ _cl5PurgeRID (obj, rid); ++ object_release (obj); ++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, ++ "Purged rid (%d) from suffix (%s)\n", ++ rid, slapi_sdn_get_dn(sdn)); ++ } else { ++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, ++ "Purge rid (%d) failed to find changelog file (%s) for suffix (%s)\n", ++ rid, fileName, slapi_sdn_get_dn(sdn)); ++ } ++ PR_Unlock (s_cl5Desc.dbTrim.lock); ++ ++ slapi_ch_free_string(&replGen); ++ slapi_ch_free_string(&fileName); ++ ++ return; ++} ++ + /* clear free page files to reduce changelog */ + static void + _cl5CompactDBs() +@@ -4072,23 +4103,25 @@ static PRBool _cl5CanTrim (time_t time, long *numToTrim) + { + *numToTrim = 0; + +- if (s_cl5Desc.dbTrim.maxAge == 0 && s_cl5Desc.dbTrim.maxEntries == 0) ++ if (s_cl5Desc.dbTrim.maxAge == 0 && s_cl5Desc.dbTrim.maxEntries == 0) { + return PR_FALSE; +- ++ } + if (s_cl5Desc.dbTrim.maxAge == 0) + { + *numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries; + return ( *numToTrim > 0 ); + } + +- if (s_cl5Desc.dbTrim.maxEntries > 0 && +- (*numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries) > 0) +- return PR_TRUE; ++ if (s_cl5Desc.dbTrim.maxEntries > 0 && ++ (*numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries) > 0) { ++ return PR_TRUE; ++ } + +- if (time) ++ if (time) { + return (current_time () - time > s_cl5Desc.dbTrim.maxAge); +- else +- return PR_TRUE; ++ } else { ++ return PR_TRUE; ++ } + } + + static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge) +@@ -4101,7 +4134,6 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge) + char *pos; + char *agmt_name; + +- + PR_ASSERT (replGen && obj); + + file = (CL5DBFile*)object_get_data (obj); +@@ -4109,13 +4141,12 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge) + + agmt_name = get_thread_private_agmtname(); + +- if (purge) /* read purge vector entry */ +- key.data = _cl5GetHelperEntryKey (PURGE_RUV_TIME, csnStr); +- else /* read upper bound vector */ +- key.data = _cl5GetHelperEntryKey (MAX_RUV_TIME, csnStr); +- ++ if (purge) { /* read purge vector entry */ ++ key.data = _cl5GetHelperEntryKey (PURGE_RUV_TIME, csnStr); ++ } else { /* read upper bound vector */ ++ key.data = _cl5GetHelperEntryKey (MAX_RUV_TIME, csnStr); ++ } + key.size = CSN_STRSIZE; +- + data.flags = DB_DBT_MALLOC; + + rc = file->db->get(file->db, NULL/*txn*/, &key, &data, 0); +@@ -4125,13 +4156,13 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge) + rc = _cl5ReadBervals (&vals, &pos, data.size); + slapi_ch_free (&(data.data)); + if (rc != CL5_SUCCESS) +- goto done; ++ goto done; + +- if (purge) ++ if (purge) { + rc = ruv_init_from_bervals(vals, &file->purgeRUV); +- else ++ } else { + rc = ruv_init_from_bervals(vals, &file->maxRUV); +- ++ } + if (rc != RUV_SUCCESS) + { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, +@@ -4139,7 +4170,7 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge) + "RUV error %d\n", agmt_name, purge? "purge" : "upper bound", rc); + + rc = CL5_RUV_ERROR; +- goto done; ++ goto done; + } + + /* delete the entry; it is re-added when file +@@ -4151,7 +4182,7 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge) + + case DB_NOTFOUND: /* RUV is lost - need to construct */ + rc = _cl5ConstructRUV (replGen, obj, purge); +- goto done; ++ goto done; + + default: slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "%s: _cl5ReadRUV: failed to get purge RUV; " +@@ -6946,12 +6977,14 @@ cl5CleanRUV(ReplicaId rid){ + slapi_rwlock_unlock (s_cl5Desc.stLock); + } + +-void trigger_cl_purging(ReplicaId rid){ ++/* ++ * Create a thread to purge a changelog of cleaned RIDs ++ */ ++void trigger_cl_purging(Replica *replica){ + PRThread *trim_tid = NULL; + +- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_purging: rid (%d)\n",(int)rid); + trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread, +- (void *)&rid, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, ++ (void *)replica, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, + PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE); + if (NULL == trim_tid){ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, +@@ -6963,19 +6996,32 @@ void trigger_cl_purging(ReplicaId rid){ + } + } + ++/* ++ * Purge a changelog of entries that originated from a particular replica(rid) ++ */ + void + trigger_cl_purging_thread(void *arg){ +- ReplicaId rid = *(ReplicaId *)arg; ++ Replica *replica = (Replica *)arg; + +- /* make sure we have a change log, and we aren't closing it */ +- if(s_cl5Desc.dbState == CL5_STATE_CLOSED || s_cl5Desc.dbState == CL5_STATE_CLOSING){ ++ /* Make sure we have a change log, and we aren't closing it */ ++ if (replica == NULL || ++ s_cl5Desc.dbState == CL5_STATE_CLOSED || ++ s_cl5Desc.dbState == CL5_STATE_CLOSING) { + return; + } ++ ++ /* Bump the changelog thread count */ + if (CL5_SUCCESS != _cl5AddThread()) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, +- "trigger_cl_purging: failed to increment thread count " ++ "trigger_cl_purging: Abort - failed to increment thread count " + "NSPR error - %d\n", PR_GetError ()); ++ return; + } +- _cl5DoTrimming(rid); ++ ++ /* Purge the changelog */ ++ _cl5DoPurging(replica); + _cl5RemoveThread(); ++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, ++ "trigger_cl_purging: purged changelog for (%s) rid (%d)\n", ++ slapi_sdn_get_dn(replica_get_root(replica)), replica_get_rid(replica)); + } +diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h +index 4c3b8e8..1a1c2f5 100644 +--- a/ldap/servers/plugins/replication/cl5_api.h ++++ b/ldap/servers/plugins/replication/cl5_api.h +@@ -467,6 +467,6 @@ int cl5WriteRUV(); + int cl5DeleteRUV(); + void cl5CleanRUV(ReplicaId rid); + void cl5NotifyCleanup(int rid); +-void trigger_cl_purging(ReplicaId rid); ++void trigger_cl_purging(Replica *replica); + + #endif +diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c +index 59d3374..011e4ca 100644 +--- a/ldap/servers/plugins/replication/repl5_replica_config.c ++++ b/ldap/servers/plugins/replication/repl5_replica_config.c +@@ -1467,7 +1467,7 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not + /* + * Now purge the changelog + */ +- trigger_cl_purging(rid); ++ trigger_cl_purging(replica); + + if (rc != RUV_SUCCESS){ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc); +-- +2.4.11 + diff --git a/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch b/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch deleted file mode 100644 index d1ac778..0000000 --- a/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch +++ /dev/null @@ -1,57 +0,0 @@ -From a389bc3bafccb1f7bd9917a734230680e382af91 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 10 Aug 2015 10:42:40 -0400 -Subject: [PATCH] Ticket 47931 - Fix coverity issues - -Description: Fix coverity issues in memberof_config.c - - 13316 - double free - 13315 - Dereference after null check - 13314 - Dereference after null check - 13313 - copy/paste error - -https://fedorahosted.org/389/ticket/47931 - -Reviewed by: rmeggins(Thanks!) - -(cherry picked from commit 5daea973e4526584ee41d7b9f4b1b4993b4de6f1) -(cherry picked from commit 9a0047ef75f6dbeb1980ac77fab5d62865c77e6a) ---- - ldap/servers/plugins/memberof/memberof_config.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c -index b4cc941..10cbd7a 100644 ---- a/ldap/servers/plugins/memberof/memberof_config.c -+++ b/ldap/servers/plugins/memberof/memberof_config.c -@@ -316,6 +316,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr - "%s: Invalid DN (%s) for include suffix.", - MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]); - slapi_ch_array_free(entry_scopes); -+ entry_scopes = NULL; - theConfig.entryScopeCount = 0; - *returncode = LDAP_UNWILLING_TO_PERFORM; - goto done; -@@ -341,8 +342,9 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr - /* invalid dn syntax */ - PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: Invalid DN (%s) for exclude suffix.", -- MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]); -+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_exclude_scopes[i]); - slapi_ch_array_free(entry_exclude_scopes); -+ entry_exclude_scopes = NULL; - *returncode = LDAP_UNWILLING_TO_PERFORM; - goto done; - } -@@ -741,7 +743,7 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src) - int num_vals = 0; - - dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1); -- for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){ -+ for(num_vals = 0; src->entryScopeExcludeSubtrees[num_vals]; num_vals++){ - dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]); - } - } --- -1.9.3 - diff --git a/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch b/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch new file mode 100644 index 0000000..8205429 --- /dev/null +++ b/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch @@ -0,0 +1,72 @@ +From 192deb3b1bf9e5f359e0468809cdd81df51af4a0 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Mon, 22 Aug 2016 22:24:51 -0700 +Subject: [PATCH 40/45] Ticket #48969 - nsslapd-auditfaillog always has an + explicit path + +Bug Description: +In the current implementation, nsslapd-auditfaillog is not set, +by default. Internally, the value is NULL, which let audit fail +log share the same audit log file with nsslapd-auditlog. + +Once, some path is set to nsslapd-auditfaillog, it is not allowed +to delete or set NULL or empty to it. That is, there is no way to +go back to the default behaviour. + +There is another issue for the default value. Since search for +nsslapd-auditfaillog under cn=config does not return anything, +it is hard to find out where the failed logs are written. + +Fix Description: +To solve the 2 issues, this patch changes the default value to an +explicit path /path/to/logdir/audit. + +https://fedorahosted.org/389/ticket/48969 + +Reviewed by wibrown@redhat.com (Thank you, William!) + +(cherry picked from commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4) +--- + ldap/ldif/template-dse.ldif.in | 1 + + ldap/servers/slapd/auditlog.c | 6 ++++-- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in +index 46b416b..8258b70 100644 +--- a/ldap/ldif/template-dse.ldif.in ++++ b/ldap/ldif/template-dse.ldif.in +@@ -53,6 +53,7 @@ nsslapd-auditlog-maxlogsize: 100 + nsslapd-auditlog-logrotationtime: 1 + nsslapd-auditlog-logrotationtimeunit: day + nsslapd-auditlog-logging-enabled: off ++nsslapd-auditfaillog: %log_dir%/audit + nsslapd-auditfaillog-logging-enabled: off + nsslapd-rootdn: %rootdn% + nsslapd-rootpw: %ds_passwd% +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index ec7111b..85d136c 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -112,6 +112,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) + Operation *op; + int pbrc = 0; + char *auditfail_config = NULL; ++ char *audit_config = NULL; + + /* if the audit log is not enabled, just skip all of + this stuff */ +@@ -167,8 +168,9 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) + /* log the raw, unnormalized DN */ + dn = slapi_sdn_get_udn(sdn); + auditfail_config = config_get_auditfaillog(); +- if (auditfail_config == NULL || strlen(auditfail_config) == 0) { +- /* If no auditfail log write to audit log */ ++ audit_config = config_get_auditlog(); ++ if (auditfail_config == NULL || strlen(auditfail_config) == 0 || PL_strcasecmp(auditfail_config, audit_config) == 0) { ++ /* If no auditfail log or "auditfaillog" == "auditlog", write to audit log */ + write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG); + } else { + /* If we have our own auditfail log path */ +-- +2.4.11 + diff --git a/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch b/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch deleted file mode 100644 index 9a24344..0000000 --- a/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch +++ /dev/null @@ -1,70 +0,0 @@ -From a6532aa364e350224dcace082484a7cc58d678dc Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 10 Aug 2015 12:19:00 -0400 -Subject: [PATCH 41/45] Ticket 47686 - removing chaining database links trigger - valgrind read errors - -Bug Description: Plugins that remove their dse callback from the dse callback - function lead to invalid reads in dse_call_callback(). - -Fix Description: In dse_call_callback(), save the pointers to the next callback, - and its plugin, before we call the callback function. So in - case the callback function removes itself, we are not accessing - the freed callback pointer later on. - -https://fedorahosted.org/389/ticket/47686 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit a799c4670f2e6f6be1fc9a2828dc4a0f738d3021) -(cherry picked from commit 29c669e43e16611a290e1c82dfdcf5b51903319e) ---- - ldap/servers/slapd/dse.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c -index 61e2629..e8e393b 100644 ---- a/ldap/servers/slapd/dse.c -+++ b/ldap/servers/slapd/dse.c -@@ -2607,18 +2607,21 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags, - - if (pdse->dse_callback != NULL) { - struct dse_callback *p = pdse->dse_callback; -+ struct dse_callback *next = NULL; - int result = SLAPI_DSE_CALLBACK_OK; - - while (p != NULL) { -+ next = p->next; - if ((p->operation & operation) && (p->flags & flags)) { - if(slapi_sdn_scope_test(slapi_entry_get_sdn_const(entryBefore), p->base, p->scope)){ - if(NULL == p->slapifilter || slapi_vattr_filter_test(pb, entryBefore, p->slapifilter, 0) == 0){ -+ struct slapdplugin *plugin = p->plugin; - int plugin_started = 1; - -- if(p->plugin){ -+ if(plugin){ - /* this is a plugin callback, update the operation counter */ -- slapi_plugin_op_started(p->plugin); -- if(!p->plugin->plg_started){ -+ slapi_plugin_op_started(plugin); -+ if(!plugin->plg_started){ - /* must be a task function being called */ - result = SLAPI_DSE_CALLBACK_ERROR; - PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE, -@@ -2633,11 +2636,11 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags, - if(result < rc){ - rc = result; - } -- slapi_plugin_op_finished(p->plugin); -+ slapi_plugin_op_finished(plugin); - } - } - } -- p = p->next; -+ p = next; - } - } - return rc; --- -1.9.3 - diff --git a/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch b/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch new file mode 100644 index 0000000..3fed75f --- /dev/null +++ b/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch @@ -0,0 +1,35 @@ +From 755a15ebafb8ae98cef681512d3ab3ef0470e11d Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Tue, 23 Aug 2016 14:18:32 -0700 +Subject: [PATCH 41/45] Ticket #48967 - passwordMinAge attribute doesn't limit + the minimum age of the password + +Description: There was a logic error in check_pw_minage. Password- +MinAge was ignored by the error. This patch fixes the logic error. + +https://fedorahosted.org/389/ticket/48967 + +Reviewed and tested by wibrown@redhat.com and spichugi@redhat.com. +(Thank you, William and Simon!) + +(cherry picked from commit 790e723e4f30b3d245535ce7a9d5d00477878341) +--- + ldap/servers/slapd/pw.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c +index 6b865ec..7469b9e 100644 +--- a/ldap/servers/slapd/pw.c ++++ b/ldap/servers/slapd/pw.c +@@ -729,7 +729,7 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) + pwpolicy = new_passwdPolicy(pb, dn); + slapi_pblock_get ( pb, SLAPI_PWPOLICY, &pwresponse_req ); + +- if (!pb->pb_op->o_isroot && !pwpolicy->pw_minage) { ++ if (!pb->pb_op->o_isroot && pwpolicy->pw_minage) { + + Slapi_Entry *e; + char *passwordAllowChangeTime; +-- +2.4.11 + diff --git a/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch b/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch deleted file mode 100644 index 067ca01..0000000 --- a/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch +++ /dev/null @@ -1,1250 +0,0 @@ -From 9075d78f6878907f676fda1062779c921b23ae59 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Mon, 10 Aug 2015 17:04:25 -0700 -Subject: [PATCH 42/45] Ticket #47511 - bashisms in 389-ds-base admin scripts - -Description by mvocu (Thank you): -The shell scripts in 389-ds-base/ldap/admin/src/scripts use 'source' -to source common scripts; the 'source' keyword is bash-specific (or -c-shell, if memory serves). The interpreter is set to /bin/sh, which -is not guaranteed to be bash (and at least on Debian 7.1 it is dash). -The 'source' keyword can be replaced by '.', which should work. - -The patch was provided by tjaalton@ubuntu.com (Thank you, Timo!). - -https://fedorahosted.org/389/ticket/47511 - -Reviewed and tested by nhosoi@redhat.com. - -(cherry picked from commit 2ce7a7334bcb89e47c0f5c544144aec37010a5b9) -(cherry picked from commit 49245911410cdd04bc53b00d8973c26defa5a37b) ---- - ldap/admin/src/initconfig.in | 4 +- - ldap/admin/src/scripts/DSSharedLib.in | 92 +++++++++++++++---------------- - ldap/admin/src/scripts/bak2db.in | 23 ++++---- - ldap/admin/src/scripts/db2bak.in | 7 +-- - ldap/admin/src/scripts/db2index.in | 4 +- - ldap/admin/src/scripts/db2ldif.in | 22 ++++---- - ldap/admin/src/scripts/dbverify.in | 6 +- - ldap/admin/src/scripts/dn2rdn.in | 4 +- - ldap/admin/src/scripts/ldif2db.in | 4 +- - ldap/admin/src/scripts/ldif2ldap.in | 46 ++++++++-------- - ldap/admin/src/scripts/monitor.in | 44 +++++++-------- - ldap/admin/src/scripts/restart-dirsrv.in | 2 +- - ldap/admin/src/scripts/restoreconfig.in | 4 +- - ldap/admin/src/scripts/saveconfig.in | 6 +- - ldap/admin/src/scripts/start-dirsrv.in | 16 +++--- - ldap/admin/src/scripts/stop-dirsrv.in | 14 ++--- - ldap/admin/src/scripts/suffix2instance.in | 6 +- - ldap/admin/src/scripts/upgradedb.in | 4 +- - ldap/admin/src/scripts/upgradednformat.in | 6 +- - ldap/admin/src/scripts/vlvindex.in | 4 +- - rpm/389-ds-base-git.sh | 2 +- - rpm/add_patches.sh | 4 +- - rpm/rpmverrel.sh | 2 +- - wrappers/initscript.in | 26 +++------ - wrappers/ldap-agent-initscript.in | 28 ++++------ - 25 files changed, 181 insertions(+), 199 deletions(-) - -diff --git a/ldap/admin/src/initconfig.in b/ldap/admin/src/initconfig.in -index 134e82c..7afa315 100644 ---- a/ldap/admin/src/initconfig.in -+++ b/ldap/admin/src/initconfig.in -@@ -2,11 +2,11 @@ - OS=`uname -s` - # use the new mt slab memory allocator on Solaris - # this requires Solaris 9 update 3 or later --if [ "$OS" = "SunOS" -a -f /usr/lib/libumem.so ] ; then -+if [ "$OS" = "SunOS" ] && [ -f /usr/lib/libumem.so ] ; then - LD_PRELOAD=/usr/lib/libumem.so - export LD_PRELOAD - fi --if [ "$OS" = "SunOS" -a -f /usr/lib/64/libumem.so ] ; then -+if [ "$OS" = "SunOS" ] && [ -f /usr/lib/64/libumem.so ] ; then - LD_PRELOAD_64=/usr/lib/64/libumem.so - export LD_PRELOAD_64 - fi -diff --git a/ldap/admin/src/scripts/DSSharedLib.in b/ldap/admin/src/scripts/DSSharedLib.in -index 3683696..8317c58 100644 ---- a/ldap/admin/src/scripts/DSSharedLib.in -+++ b/ldap/admin/src/scripts/DSSharedLib.in -@@ -98,13 +98,13 @@ get_init_file() - do - inst_count=`expr $inst_count + 1` - id=`normalize_server_id $configfile` -- if [ -n "$servid" -a "$id" = "$servid" ] -+ if [ -n "$servid" ] && [ "$id" = "$servid" ] - then - # found it - echo $configfile - exit 0 - fi -- if [ $first == "yes" ] -+ if [ $first = "yes" ] - then - instances=$id - first="no" -@@ -114,7 +114,7 @@ get_init_file() - done - - # server id not provided, check if there is only one instance -- if [ -z "$servid" -a $inst_count -eq 1 ] -+ if [ -z "$servid" ] && [ $inst_count -eq 1 ] - then - # return the file - echo $configfile -@@ -135,48 +135,44 @@ process_dse () - configdir=$1 - pid=$2 - file="$configdir/dse.ldif" -- shopt -s nocasematch -- OLD_IFC=$IFC -+ OLD_IFS=$IFS - IFS="" - while read -r LINE - do -- if [[ $LINE != \ * ]] && [ "$output" != "" ] -+ case $LINE in -+ ' '*) -+ ;; -+ *) -+ if [ -n "$output" ] -+ then -+ echo "$output" >> /tmp/DSSharedLib.$pid -+ output="" -+ fi -+ ;; -+ esac -+ if [ -n "$output" ] - then -- echo "$output" >> /tmp/DSSharedLib.$pid -- output="" -- fi -- if [ "$output" != "" ] && [[ $LINE == \ * ]] -- then -- # continuation line, strip the space and append it -- LINE=`echo "$LINE" | sed -e 's/^ //'` -- output=$output$LINE -- elif [[ $LINE == nsslapd-port* ]] -- then -- output=$LINE; -- elif [[ $LINE == nsslapd-localhost* ]] -- then -- output=$LINE; -- elif [[ $LINE == nsslapd-securePort* ]] -- then -- output=$LINE; -- elif [[ $LINE == nsslapd-security* ]] -- then -- output=$LINE; -- elif [[ $LINE == nsslapd-ldapilisten* ]] -- then -- output=$LINE; -- elif [[ $LINE == nsslapd-ldapifilepath* ]] -- then -- output=$LINE; -- elif [[ $LINE == nsslapd-rootdn* ]] -- then -- output=$LINE; -- elif [[ $LINE == nsslapd-ldapiautobind* ]] -- then -- output=$LINE; -- elif [[ $LINE == nsslapd-certdir* ]] -- then -- output=$LINE; -+ case $LINE in -+ ' '*) -+ # continuation line, strip the space and append it -+ LINE=`echo "$LINE" | sed -e 's/^ //'` -+ output=$output$LINE -+ ;; -+ esac -+ else -+ case $LINE in -+ nsslapd-certdir*|\ -+ nsslapd-ldapiautobind*|\ -+ nsslapd-ldapilisten*|\ -+ nsslapd-ldapifilepath*|\ -+ nsslapd-localhost*|\ -+ nsslapd-port*|\ -+ nsslapd-rootdn*|\ -+ nsslapd-securePort*|\ -+ nsslapd-security*) -+ output=$LINE -+ ;; -+ esac - fi - - done < $file -@@ -194,19 +190,19 @@ check_protocol () - ldapi=$3 - openldap=$4 - -- if [ "$protocol" == "LDAPI" ] && [ "$openldap" != "yes" ]; then -+ if [ "$protocol" = "LDAPI" ] && [ "$openldap" != "yes" ]; then - echo "" - exit -- elif [ "$protocol" == "LDAPI" ] && [ "$ldapi" == "off" ]; then -+ elif [ "$protocol" = "LDAPI" ] && [ "$ldapi" = "off" ]; then - echo "" - exit -- elif [ "$protocol" == "STARTTLS" ]; then -- if [ "$security" == "" ] || [ "$security" == "off" ]; then -+ elif [ "$protocol" = "STARTTLS" ]; then -+ if [ -z "$security" ] || [ "$security" = "off" ]; then - echo "" - exit - fi -- elif [ "$protocol" == "LDAPS" ]; then -- if [ "$security" == "" ] || [ "$security" == "off" ]; then -+ elif [ "$protocol" = "LDAPS" ]; then -+ if [ -z "$security" ] || [ "$security" = "off" ]; then - echo "" - exit - fi -@@ -224,4 +220,4 @@ check_protocol () - fi - - echo "$protocol" --} -\ No newline at end of file -+} -diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in -index f0cede4..a2e54cc 100755 ---- a/ldap/admin/src/scripts/bak2db.in -+++ b/ldap/admin/src/scripts/bak2db.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@nss_libdir@" -@@ -26,15 +26,18 @@ if [ $# -lt 1 ] || [ $# -gt 7 ] - then - usage - exit 1 --elif [[ $1 == -* ]] --then -- usage -- exit 1 --else -- archivedir=$1 -- shift - fi -- -+case $1 in -+ -*) -+ usage -+ exit 1 -+ ;; -+ *) -+ archivedir=$1 -+ shift -+ ;; -+esac -+ - while getopts "hn:Z:qd:vi:a:SD:" flag - do - case $flag in -@@ -55,7 +58,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in -index dacd7b0..1896c19 100755 ---- a/ldap/admin/src/scripts/db2bak.in -+++ b/ldap/admin/src/scripts/db2bak.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@nss_libdir@" -@@ -26,7 +26,6 @@ then - usage - exit 1 - fi -- - if [ "$#" -gt 0 ] - then - if [[ $1 != -* ]] -@@ -56,7 +55,7 @@ done - - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -@@ -67,7 +66,7 @@ fi - servid=`normalize_server_id $initfile` - . $initfile - --if [ -z $bak_dir ] -+if [ -z "$bak_dir" ] - then - bak_dir=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H_%M_%S` - fi -diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in -index a1321ea..2b76cd1 100755 ---- a/ldap/admin/src/scripts/db2index.in -+++ b/ldap/admin/src/scripts/db2index.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@nss_libdir@" -@@ -59,7 +59,7 @@ then - fi - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in -index d7e0ff0..fcf73a0 100755 ---- a/ldap/admin/src/scripts/db2ldif.in -+++ b/ldap/admin/src/scripts/db2ldif.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@nss_libdir@" -@@ -39,7 +39,7 @@ make_ldiffile() - be="" - while [ "$1" != "" ] - do -- if [ "$1" = "-a" ]; then -+ if [ "x$1" = "x-a" ]; then - shift - if [ `expr "$1" : "/.*"` -gt 0 ]; then - if [ `expr "$1" : "/.*"` -gt 0 ]; then -@@ -56,17 +56,17 @@ make_ldiffile() - shift - return 0 - fi -- elif [ "$1" = "-n" ]; then -+ elif [ "x$1" = "x-n" ]; then - shift -- if [ "$be" = "" ]; then -+ if [ -z "$be" ]; then - be="$1" - else - tmpbe="$be" - be="${tmpbe}-$1" - fi -- elif [ "$1" = "-s" ]; then -+ elif [ "x$1" = "x-s" ]; then - shift -- if [ "$1" != "" ]; then -+ if [ -n "$1" ]; then - rdn=`echo $1 | awk -F, '{print $1}'` - rdnval=`echo $rdn | awk -F= '{print $2}'` - if [ "$be" = "" ]; then -@@ -76,15 +76,15 @@ make_ldiffile() - be="${tmpbe}-$rdnval" - fi - fi -- elif [ "$1" = "-M" ]; then -+ elif [ "x$1" = "x-M" ]; then - be="" - fi -- if [ "$1" != "" ]; then -+ if [ -n "$1" ]; then - shift - fi - done - -- if [ "$be" = "" ]; then -+ if [ -z "$be" ]; then - echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-`date +%Y_%m_%d_%H%M%S`.ldif - else - echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-${be}-`date +%Y_%m_%d_%H%M%S`.ldif -@@ -92,7 +92,7 @@ make_ldiffile() - return 0 - } - --if [ "$#" -lt 2 ]; -+if [ $# -lt 2 ]; - then - usage - exit 1 -@@ -137,7 +137,7 @@ then - fi - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in -index 461cc16..bbacc17 100755 ---- a/ldap/admin/src/scripts/dbverify.in -+++ b/ldap/admin/src/scripts/dbverify.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@nss_libdir@" -@@ -47,7 +47,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -@@ -58,7 +58,7 @@ fi - . $initfile - - @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args --if [ $display_version == "yes" ]; then -+if [ $display_version = "yes" ]; then - exit 0 - fi - if [ $? -eq 0 ]; then -diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in -index 32a70c8..616969a 100755 ---- a/ldap/admin/src/scripts/dn2rdn.in -+++ b/ldap/admin/src/scripts/dn2rdn.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@nss_libdir@" -@@ -39,7 +39,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in -index ce15349..a34241a 100755 ---- a/ldap/admin/src/scripts/ldif2db.in -+++ b/ldap/admin/src/scripts/ldif2db.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@nss_libdir@" -@@ -82,7 +82,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/ldap/admin/src/scripts/ldif2ldap.in b/ldap/admin/src/scripts/ldif2ldap.in -index 874b1bb..1e871be 100755 ---- a/ldap/admin/src/scripts/ldif2ldap.in -+++ b/ldap/admin/src/scripts/ldif2ldap.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@ldapsdk_libdir@" - libpath_add "@libdir@" -@@ -40,14 +40,14 @@ do - esac - done - --if [ "$input_file" == "" ] -+if [ -z "$input_file" ] - then - usage - exit 1 - fi - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -@@ -67,13 +67,13 @@ ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' ) - ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' ) - certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' ) - autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' ) --if [ "$rootdn" == "" ]; then -+if [ -z "$rootdn" ]; then - value=$(grep -i 'nsslapd-rootdn' $file) - rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'` - fi - rm $file - --if [ "$ldapiURL" != "" ]; then -+if [ -n "$ldapiURL" ]; then - ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'` - ldapiURL="ldapi://"$ldapiURL - fi -@@ -86,7 +86,7 @@ then - export LDAPTLS_CACERTDIR=$certdir - fi - --if [ -z $security ]; then -+if [ -z "$security" ]; then - security="off" - fi - revised_protocol=$(check_protocol $protocol $security $ldapi $openldap) -@@ -99,12 +99,12 @@ protocol=$revised_protocol - # - # STARTTLS - # --if [ "$security" == "on" ]; then -- if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then -- if [ "$error" == "yes" ]; then -+if [ "$security" = "on" ]; then -+ if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(STARTTLS)" - fi -- if [ "$openldap" == "yes" ]; then -+ if [ "$openldap" = "yes" ]; then - ldapmodify -x -ZZ -p $port -h $host -D $rootdn -w $passwd -a -f $input_file - else - ldapmodify -ZZZ -P $certdir -p $port -h $host -D $rootdn -w $passwd -a -f $input_file -@@ -116,12 +116,12 @@ fi - # - # LDAPS - # --if [ "$security" == "on" ]; then -- if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then -- if [ "$error" == "yes" ]; then -+if [ "$security" = "on" ]; then -+ if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPS)" - fi -- if [ "$openldap" == "yes" ]; then -+ if [ "$openldap" = "yes" ]; then - ldapmodify -x -H "ldaps://$host:$secure_port" -D $rootdn -w $passwd -a -f $input_file - else - ldapmodify -Z -P $certdir -p $secure_port -h $host -D $rootdn -w $passwd -a -f $input_file -@@ -133,21 +133,21 @@ fi - # - # LDAPI - # --if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then -- if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then -- if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then -- if [ "$error" == "yes" ]; then -+if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then -+ if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then -+ if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPI/AUTOBIND)" - fi - ldapmodify -H $ldapiURL -Y EXTERNAL -a -f $input_file 2>/dev/null - else -- if [ "$error" == "yes" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPI)" - fi - ldapmodify -x -H $ldapiURL -D $rootdn -w $passwd -a -f $input_file - fi - rc=$? -- if [ $rc != 0 ] -+ if [ $rc -ne 0 ] - then - echo "Operation failed (error $rc)" - fi -@@ -158,11 +158,11 @@ fi - # - # LDAP - # --if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then -- if [ "$error" == "yes" ]; then -+if [ "$protocol" = "LDAP" ] || [ -z "$protocol" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAP)" - fi -- if [ "$openldap" == "yes" ]; then -+ if [ "$openldap" = "yes" ]; then - ldapmodify -x -p $port -h $host -D $rootdn -w $passwd -a -f $input_file - else - ldapmodify -p $port -h $host -D $rootdn -w $passwd -a -f $input_file -diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in -index 7b2058b..36a2fc9 100755 ---- a/ldap/admin/src/scripts/monitor.in -+++ b/ldap/admin/src/scripts/monitor.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@ldapsdk_libdir@" -@@ -41,7 +41,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -@@ -66,17 +66,17 @@ ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' ) - ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' ) - certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' ) - autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' ) --if [ "$rootdn" == "" ]; then -+if [ -z "$rootdn" ]; then - value=$(grep -i 'nsslapd-rootdn' $file) - rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'` - fi - rm $file - --if [ "$passwd" != "" ]; then -+if [ -n "$passwd" ]; then - dn="-D $rootdn" - passwd="-w$passwd" - fi --if [ "$ldapiURL" != "" ] -+if [ -n "$ldapiURL" ] - then - ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'` - ldapiURL="ldapi://"$ldapiURL -@@ -103,12 +103,12 @@ protocol=$revised_protocol - # - # STARTTLS - # --if [ "$security" == "on" ]; then -- if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then -- if [ "$error" == "yes" ]; then -+if [ "$security" = "on" ]; then -+ if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(STARTTLS)" - fi -- if [ "$openldap" == "yes" ]; then -+ if [ "$openldap" = "yes" ]; then - ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" - else - ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" -@@ -120,12 +120,12 @@ fi - # - # LDAPS - # --if [ "$security" == "on" ]; then -- if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then -- if [ "$error" == "yes" ]; then -+if [ "$security" = "on" ]; then -+ if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPS)" - fi -- if [ "$openldap" == "yes" ]; then -+ if [ "$openldap" = "yes" ]; then - ldapsearch -x -LLL -H "ldaps://$host:$secure_port" -b "$MDN" -s base $dn $passwd "objectClass=*" - else - ldapsearch -Z -P $certdir -p $secure_port -b "$MDN" -s base $dn $passwd "objectClass=*" -@@ -137,15 +137,15 @@ fi - # - # LDAPI - # --if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then -- if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then -- if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then -- if [ "$error" == "yes" ]; then -+if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then -+ if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then -+ if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPI/AUTOBIND)" - fi - ldapsearch -LLL -H "$ldapiURL" -b "$MDN" -s base -Y EXTERNAL "objectClass=*" 2>/dev/null - else -- if [ "$error" == "yes" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAPI)" - fi - ldapsearch -x -LLL -H "$ldapiURL" -b "$MDN" -s base $dn $passwd "objectClass=*" -@@ -157,14 +157,14 @@ fi - # - # LDAP - # --if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then -- if [ "$error" == "yes" ]; then -+if [ "$protocol" = "LDAP" ] || [ "$protocol" = "" ]; then -+ if [ "$error" = "yes" ]; then - echo "Using the next most secure protocol(LDAP)" - fi -- if [ "$openldap" == "yes" ]; then -+ if [ "$openldap" = "yes" ]; then - ldapsearch -x -LLL -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" - else - ldapsearch -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" -- fi -+ fi - exit $? - fi -diff --git a/ldap/admin/src/scripts/restart-dirsrv.in b/ldap/admin/src/scripts/restart-dirsrv.in -index 130e06e..e86a24c 100644 ---- a/ldap/admin/src/scripts/restart-dirsrv.in -+++ b/ldap/admin/src/scripts/restart-dirsrv.in -@@ -7,7 +7,7 @@ - # 2: Server started successfully (was not running) - # 3: Server could not be stopped - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - restart_instance() { - SERV_ID=$1 -diff --git a/ldap/admin/src/scripts/restoreconfig.in b/ldap/admin/src/scripts/restoreconfig.in -index 9bb1acf..56c9e43 100755 ---- a/ldap/admin/src/scripts/restoreconfig.in -+++ b/ldap/admin/src/scripts/restoreconfig.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@nss_libdir@" -@@ -31,7 +31,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/ldap/admin/src/scripts/saveconfig.in b/ldap/admin/src/scripts/saveconfig.in -index 65d80f3..16e3efc 100755 ---- a/ldap/admin/src/scripts/saveconfig.in -+++ b/ldap/admin/src/scripts/saveconfig.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@libdir@" -@@ -31,7 +31,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -@@ -45,7 +45,7 @@ servid=`normalize_server_id $initfile` - echo saving configuration... - conf_ldif=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H%M%S`.ldif - @sbindir@/ns-slapd db2ldif -N -D $CONFIG_DIR -s "o=NetscapeRoot" -a $conf_ldif -n NetscapeRoot 2>&1 --if [ "$?" -ge 1 ] -+if [ $? -ge 1 ] - then - echo Error occurred while saving configuration - exit 1 -diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in -index 481797d..458f0e8 100755 ---- a/ldap/admin/src/scripts/start-dirsrv.in -+++ b/ldap/admin/src/scripts/start-dirsrv.in -@@ -6,7 +6,7 @@ - # 1: Server could not be started - # 2: Server already running - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - # Starts a single instance - start_instance() { -@@ -44,7 +44,7 @@ start_instance() { - STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid - if test -f $STARTPIDFILE ; then - PID=`cat $STARTPIDFILE` -- if kill -0 $PID > /dev/null 2>&1 ; then -+ if kill -s 0 $PID > /dev/null 2>&1 ; then - echo There is an ns-slapd process already running: $PID - return 2; - else -@@ -53,7 +53,7 @@ start_instance() { - fi - if test -f $PIDFILE ; then - PID=`cat $PIDFILE` -- if kill -0 $PID > /dev/null 2>&1 ; then -+ if kill -s 0 $PID > /dev/null 2>&1 ; then - echo There is an ns-slapd running: $PID - return 2; - else -@@ -64,7 +64,7 @@ start_instance() { - # Use systemctl if available and running as root, - # otherwise start the instance the old way. - # -- if [ -d "@systemdsystemunitdir@" ] && [ "$(id -u)" == "0" ];then -+ if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then - @bindir@/systemctl start @package_name@@$SERV_ID.service - if [ $? -ne 0 ]; then - return 1 -@@ -96,7 +96,7 @@ start_instance() { - while test $loop_counter -le $max_count; do - loop_counter=`expr $loop_counter + 1` - if test ! -f $PIDFILE ; then -- if kill -0 $PID > /dev/null 2>&1 ; then -+ if kill -s 0 $PID > /dev/null 2>&1 ; then - sleep 1 - else - echo Server failed to start !!! Please check errors log for problems -@@ -123,12 +123,12 @@ do - done - shift $(($OPTIND-1)) - --if [ "$initconfig_dir" = "" ]; then -+if [ -z "$initconfig_dir" ]; then - initconfig_dir=@initconfigdir@ - fi - - found=0 --if [ "$#" -eq 0 ]; then -+if [ $# -eq 0 ]; then - # We're starting all instances. - ret=0 - initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; } -@@ -137,7 +137,7 @@ if [ "$#" -eq 0 ]; then - echo Starting instance \"$inst\" - start_instance $inst - rv=$? -- if [ "$rv" -ne 0 ]; then -+ if [ $rv -ne 0 ]; then - ret=$rv - fi - done -diff --git a/ldap/admin/src/scripts/stop-dirsrv.in b/ldap/admin/src/scripts/stop-dirsrv.in -index 3f02e78..72e2b85 100755 ---- a/ldap/admin/src/scripts/stop-dirsrv.in -+++ b/ldap/admin/src/scripts/stop-dirsrv.in -@@ -6,7 +6,7 @@ - # 1: Server could not be stopped - # 2: Server was not running - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - stop_instance() { - SERV_ID=$1 -@@ -28,7 +28,7 @@ stop_instance() { - fi - PID=`cat $PIDFILE` - # see if the server is already stopped -- kill -0 $PID > /dev/null 2>&1 || { -+ kill -s 0 $PID > /dev/null 2>&1 || { - echo Server not running - if test -f $PIDFILE ; then - rm -f $PIDFILE -@@ -39,7 +39,7 @@ stop_instance() { - # - # use systemctl if running as root - # -- if [ -d "@systemdsystemunitdir@" ] && [ "$(id -u)" == "0" ];then -+ if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then - # - # Now, check if systemctl is aware of this running instance - # -@@ -65,7 +65,7 @@ stop_instance() { - max_count=600 - while test $loop_counter -le $max_count; do - loop_counter=`expr $loop_counter + 1` -- if kill -0 $PID > /dev/null 2>&1 ; then -+ if kill -s 0 $PID > /dev/null 2>&1 ; then - sleep 1; - else - if test -f $PIDFILE ; then -@@ -88,11 +88,11 @@ do - done - shift $(($OPTIND-1)) - --if [ "$initconfig_dir" = "" ]; then -+if [ -z "$initconfig_dir" ]; then - initconfig_dir=@initconfigdir@ - fi - --if [ "$#" -eq 0 ]; then -+if [ $# -eq 0 ]; then - # We're stopping all instances. - ret=0 - initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; } -@@ -105,7 +105,7 @@ if [ "$#" -eq 0 ]; then - echo Stopping instance \"$inst\" - stop_instance $inst - rv=$? -- if [ "$rv" -ne 0 ]; then -+ if [ $rv -ne 0 ]; then - ret=$rv - fi - done -diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in -index e2f73c3..7774148 100755 ---- a/ldap/admin/src/scripts/suffix2instance.in -+++ b/ldap/admin/src/scripts/suffix2instance.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@libdir@" -@@ -32,14 +32,14 @@ do - esac - done - --if [ "$args" == "" ] -+if [ -z "$args" ] - then - usage - exit 1 - fi - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in -index 211bdce..bf600dd 100755 ---- a/ldap/admin/src/scripts/upgradedb.in -+++ b/ldap/admin/src/scripts/upgradedb.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@libdir@" -@@ -39,7 +39,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" - echo "Available instances: $initfile" -diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in -index e9d8cab..51585ae 100755 ---- a/ldap/admin/src/scripts/upgradednformat.in -+++ b/ldap/admin/src/scripts/upgradednformat.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - # upgradednformat -- upgrade DN format to the new style (RFC 4514) - # Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory -@@ -49,13 +49,13 @@ do - esac - done - --if [ "$be" = "" ] || [ "$dir" = "" ]; then -+if [ -z "$be" ] || [ -z "$dir" ]; then - usage - exit 1 - fi - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in -index 0b46b27..365e32f 100755 ---- a/ldap/admin/src/scripts/vlvindex.in -+++ b/ldap/admin/src/scripts/vlvindex.in -@@ -1,6 +1,6 @@ - #!/bin/sh - --source @datadir@/@package_name@/data/DSSharedLib -+. @datadir@/@package_name@/data/DSSharedLib - - libpath_add "@libdir@/@package_name@/" - libpath_add "@libdir@" -@@ -45,7 +45,7 @@ do - done - - initfile=$(get_init_file "@initconfigdir@" $servid) --if [ $? == 1 ] -+if [ $? -eq 1 ] - then - usage - echo "You must supply a valid server instance identifier. Use -Z to specify instance name" -diff --git a/rpm/389-ds-base-git.sh b/rpm/389-ds-base-git.sh -index e5aaa8a..1a38da1 100644 ---- a/rpm/389-ds-base-git.sh -+++ b/rpm/389-ds-base-git.sh -@@ -1,4 +1,4 @@ --#!/bin/bash -+#!/bin/sh - - DATE=`date +%Y%m%d` - # use a real tag name here -diff --git a/rpm/add_patches.sh b/rpm/add_patches.sh -index 690d0b2..31823d5 100755 ---- a/rpm/add_patches.sh -+++ b/rpm/add_patches.sh -@@ -1,6 +1,6 @@ - #!/bin/sh - --function usage() -+usage() - { - echo "Adds patches to a specfile" - echo "" -@@ -51,5 +51,5 @@ for p in $patches; do - sed -i -e "/${prefix}/a Patch${i}: ${p}" -e "/$prepprefix/a %patch${i} -p1" $specfile - prefix="Patch${i}:" - prepprefix="%patch${i}" -- i=$(($i+1)) -+ i=`expr $i + 1` - done -diff --git a/rpm/rpmverrel.sh b/rpm/rpmverrel.sh -index 86b808e..06e97c7 100755 ---- a/rpm/rpmverrel.sh -+++ b/rpm/rpmverrel.sh -@@ -6,7 +6,7 @@ srcdir=`pwd` - - # Source VERSION.sh to set the version - # and release environment variables. --source ./VERSION.sh -+. ./VERSION.sh - - if [ "$1" = "version" ]; then - echo $RPM_VERSION -diff --git a/wrappers/initscript.in b/wrappers/initscript.in -index ad4ea2b..fa79dbd 100644 ---- a/wrappers/initscript.in -+++ b/wrappers/initscript.in -@@ -32,28 +32,20 @@ then - fi - fi - --# figure out which echo we're using --ECHO_N=`echo -n` -- --# some shells echo cannot use -n - linux echo by default cannot use \c - echo_n() - { -- if [ "$ECHO_N" = '-n' ] ; then -- echo "$*\c" -- else -- echo -n "$*" -- fi -+ printf '%s' "$*" - } - - # failure and success are not defined on some platforms --type failure > /dev/null 2>&1 || { -+which failure > /dev/null 2>&1 || { - failure() - { - echo_n " FAILED" - } - } - --type success > /dev/null 2>&1 || { -+which success > /dev/null 2>&1 || { - success() - { - echo_n " SUCCESS" -@@ -178,7 +170,7 @@ start() { - pid=`cat $pidfile` - instlockfile="@localstatedir@/lock/@package_name@/slapd-$instance/server/$pid" - name=`ps -p $pid | tail -1 | awk '{ print $4 }'` -- if kill -0 $pid && [ $name = "ns-slapd" ]; then -+ if kill -s 0 $pid && [ $name = "ns-slapd" ]; then - echo_n " already running" - success; echo - successes=`expr $successes + 1` -@@ -239,7 +231,7 @@ start() { - while test $loop_counter -le $max_count ; do - loop_counter=`expr $loop_counter + 1` - if test ! -f $pidfile ; then -- if kill -0 $pid > /dev/null 2>&1 ; then -+ if kill -s 0 $pid > /dev/null 2>&1 ; then - sleep 1 - else - break -@@ -249,7 +241,7 @@ start() { - break - fi - done -- if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then -+ if kill -s 0 $pid > /dev/null 2>&1 && test -f $pidfile ; then - success; echo - successes=`expr $successes + 1` - else -@@ -278,7 +270,7 @@ stop() { - if [ -f $pidfile ]; then - pid=`cat $pidfile` - server_stopped=0 -- if kill -0 $pid > /dev/null 2>&1 ; then -+ if kill -s 0 $pid > /dev/null 2>&1 ; then - kill $pid - if [ $? -eq 0 ]; then - server_stopped=1 -@@ -297,7 +289,7 @@ stop() { - max_count=600 - while test $loop_counter -le $max_count; do - loop_counter=`expr $loop_counter + 1` -- if kill -0 $pid > /dev/null 2>&1 ; then -+ if kill -s 0 $pid > /dev/null 2>&1 ; then - sleep 1 - else - if test -f $pidfile ; then -@@ -339,7 +331,7 @@ status() { - for instance in $INSTANCES; do - if [ -f $piddir/slapd-$instance.pid ]; then - pid=`cat $piddir/slapd-$instance.pid` -- if kill -0 $pid > /dev/null 2>&1 ; then -+ if kill -s 0 $pid > /dev/null 2>&1 ; then - echo "$prog $instance (pid $pid) is running..." - else - echo "$prog $instance dead but pid file exists" -diff --git a/wrappers/ldap-agent-initscript.in b/wrappers/ldap-agent-initscript.in -index dd8ee97..b7aa4fe 100644 ---- a/wrappers/ldap-agent-initscript.in -+++ b/wrappers/ldap-agent-initscript.in -@@ -31,28 +31,20 @@ then - fi - fi - --# figure out which echo we're using --ECHO_N=`echo -n` -- --# some shells echo cannot use -n - linux echo by default cannot use \c - echo_n() - { -- if [ "$ECHO_N" = '-n' ] ; then -- echo "$*\c" -- else -- echo -n "$*" -- fi -+ printf '%s' "$*" - } - - # failure and success are not defined on some platforms --type failure > /dev/null 2>&1 || { -+which failure > /dev/null 2>&1 || { - failure() - { - echo_n " FAILED" - } - } - --type success > /dev/null 2>&1 || { -+which success > /dev/null 2>&1 || { - success() - { - echo_n " SUCCESS" -@@ -92,7 +84,7 @@ start() { - if [ -f $pidfile ]; then - pid=`cat $pidfile` - name=`ps -p $pid | tail -1 | awk '{ print $4 }'` -- if kill -0 $pid && [ $name = "$processname" ]; then -+ if kill -s 0 $pid && [ $name = "$processname" ]; then - echo_n " already running" - success; echo - subagent_running=1 -@@ -121,7 +113,7 @@ start() { - while test $loop_counter -le $max_count ; do - loop_counter=`expr $loop_counter + 1` - if test ! -f $pidfile ; then -- if kill -0 $pid > /dev/null 2>&1 ; then -+ if kill -s 0 $pid > /dev/null 2>&1 ; then - sleep 1 - else - break -@@ -131,7 +123,7 @@ start() { - break - fi - done -- if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then -+ if kill -s 0 $pid > /dev/null 2>&1 && test -f $pidfile ; then - success; echo - else - failure; echo -@@ -147,7 +139,7 @@ stop() { - if [ -f $pidfile ]; then - pid=`cat $pidfile` - subagent_stopped=0 -- if kill -0 $pid > /dev/null 2>&1 ; then -+ if kill -s 0 $pid > /dev/null 2>&1 ; then - kill $pid - if [ $? -eq 0 ]; then - subagent_stopped=1 -@@ -164,7 +156,7 @@ stop() { - max_count=10 - while test $loop_counter -le $max_count; do - loop_counter=`expr $loop_counter + 1` -- if kill -0 $pid > /dev/null 2>&1 ; then -+ if kill -s 0 $pid > /dev/null 2>&1 ; then - sleep 1 - else - if test -f $pidfile ; then -@@ -200,7 +192,7 @@ condrestart() { - if [ -f $pidfile ]; then - pid=`cat $pidfile` - name=`ps -p $pid | tail -1 | awk '{ print $4 }'` -- if kill -0 $pid && [ $name = "$processname" ]; then -+ if kill -s 0 $pid && [ $name = "$processname" ]; then - restart - fi - fi -@@ -210,7 +202,7 @@ status() { - ret=0 - if [ -f $pidfile ]; then - pid=`cat $pidfile` -- if kill -0 $pid > /dev/null 2>&1 ; then -+ if kill -s 0 $pid > /dev/null 2>&1 ; then - echo "$prog (pid $pid) is running..." - else - echo "$prog dead but pid file exists" --- -1.9.3 - diff --git a/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch b/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch new file mode 100644 index 0000000..593e292 --- /dev/null +++ b/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch @@ -0,0 +1,933 @@ +From 986930d491d64ce32b91ed70d452074f2963fc55 Mon Sep 17 00:00:00 2001 +From: Simon Pichugin +Date: Wed, 24 Aug 2016 10:08:29 +0200 +Subject: [PATCH 42/45] Ticket 48967 - Add CI test and refactor test suite + +Description: Add a test case to password policy test suite. +Refactor structure of password test suite so it would become more +logical. + +https://fedorahosted.org/389/ticket/48967 + +Reviewed by: nhosoi (Thank you, Noriko!) + +(cherry picked from commit 6abd5f49d8e32732a97794e68f642045f16f23e3) +--- + .../suites/password/pwdPolicy_attribute_test.py | 339 +++++++++++++++++++++ + .../tests/suites/password/pwdPolicy_syntax_test.py | 151 +++++++++ + .../tests/suites/password/pwdPolicy_test.py | 151 --------- + .../tests/suites/password/pwd_change_policytest.py | 240 --------------- + 4 files changed, 490 insertions(+), 391 deletions(-) + create mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py + create mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py + delete mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_test.py + delete mode 100644 dirsrvtests/tests/suites/password/pwd_change_policytest.py + +diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py +new file mode 100644 +index 0000000..d3be7e2 +--- /dev/null ++++ b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py +@@ -0,0 +1,339 @@ ++import os ++import sys ++import time ++import subprocess ++import ldap ++import logging ++import pytest ++from lib389 import DirSrv, Entry, tools, tasks ++from lib389.tools import DirSrvTools ++from lib389._constants import * ++from lib389.properties import * ++from lib389.tasks import * ++from lib389.utils import * ++ ++DEBUGGING = False ++OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX) ++TEST_USER_NAME = 'simplepaged_test' ++TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE) ++TEST_USER_PWD = 'simplepaged_test' ++PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\ ++ 'ou=people,dc=example,dc=com",'\ ++ 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com' ++PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\ ++ 'ou=people,dc=example,dc=com",'\ ++ 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com' ++ ++if DEBUGGING: ++ logging.getLogger(__name__).setLevel(logging.DEBUG) ++else: ++ logging.getLogger(__name__).setLevel(logging.INFO) ++ ++log = logging.getLogger(__name__) ++ ++ ++class TopologyStandalone(object): ++ """The DS Topology Class""" ++ def __init__(self, standalone): ++ """Init""" ++ standalone.open() ++ self.standalone = standalone ++ ++ ++@pytest.fixture(scope="module") ++def topology(request): ++ """Create DS Deployment""" ++ ++ # Creating standalone instance ... ++ if DEBUGGING: ++ standalone = DirSrv(verbose=True) ++ else: ++ standalone = DirSrv(verbose=False) ++ args_instance[SER_HOST] = HOST_STANDALONE ++ args_instance[SER_PORT] = PORT_STANDALONE ++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE ++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX ++ args_standalone = args_instance.copy() ++ standalone.allocate(args_standalone) ++ instance_standalone = standalone.exists() ++ if instance_standalone: ++ standalone.delete() ++ standalone.create() ++ standalone.open() ++ ++ def fin(): ++ """If we are debugging just stop the instances, otherwise remove ++ them ++ """ ++ if DEBUGGING: ++ standalone.stop() ++ else: ++ standalone.delete() ++ ++ request.addfinalizer(fin) ++ ++ ++ return TopologyStandalone(standalone) ++ ++ ++@pytest.fixture(scope="module") ++def test_user(topology, request): ++ """User for binding operation""" ++ ++ log.info('Adding user {}'.format(TEST_USER_DN)) ++ try: ++ topology.standalone.add_s(Entry((TEST_USER_DN, { ++ 'objectclass': 'top person'.split(), ++ 'objectclass': 'organizationalPerson', ++ 'objectclass': 'inetorgperson', ++ 'cn': TEST_USER_NAME, ++ 'sn': TEST_USER_NAME, ++ 'userpassword': TEST_USER_PWD, ++ 'mail': '%s@redhat.com' % TEST_USER_NAME, ++ 'uid': TEST_USER_NAME ++ }))) ++ except ldap.LDAPError as e: ++ log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN, ++ e.message['desc'])) ++ raise e ++ ++ def fin(): ++ log.info('Deleting user {}'.format(TEST_USER_DN)) ++ topology.standalone.delete_s(TEST_USER_DN) ++ request.addfinalizer(fin) ++ ++ ++@pytest.fixture(scope="module") ++def password_policy(topology, test_user): ++ """Set up password policy for subtree and user""" ++ ++ log.info('Enable fine-grained policy') ++ try: ++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, ++ 'nsslapd-pwpolicy-local', ++ 'on')]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set fine-grained policy: error {}'.format( ++ e.message['desc'])) ++ raise e ++ ++ log.info('Create password policy for subtree {}'.format(OU_PEOPLE)) ++ try: ++ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, ++ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, ++ '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE]) ++ except subprocess.CalledProcessError as e: ++ log.error('Failed to create pw policy policy for {}: error {}'.format( ++ OU_PEOPLE, e.message['desc'])) ++ raise e ++ ++ log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE)) ++ try: ++ topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE, ++ 'pwdpolicysubentry', ++ PW_POLICY_CONT_PEOPLE)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to pwdpolicysubentry pw policy '\ ++ 'policy for {}: error {}'.format(OU_PEOPLE, ++ e.message['desc'])) ++ raise e ++ ++ log.info('Create password policy for subtree {}'.format(TEST_USER_DN)) ++ try: ++ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, ++ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, ++ '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE]) ++ except subprocess.CalledProcessError as e: ++ log.error('Failed to create pw policy policy for {}: error {}'.format( ++ TEST_USER_DN, e.message['desc'])) ++ raise e ++ ++ log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN)) ++ try: ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'pwdpolicysubentry', ++ PW_POLICY_CONT_USER)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to pwdpolicysubentry pw policy '\ ++ 'policy for {}: error {}'.format(TEST_USER_DN, ++ e.message['desc'])) ++ raise e ++ ++ ++@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception', ++ [('on', 'off', ldap.UNWILLING_TO_PERFORM), ++ ('off', 'off', ldap.UNWILLING_TO_PERFORM), ++ ('off', 'on', None), ('on', 'on', None)]) ++def test_change_pwd(topology, test_user, password_policy, ++ subtree_pwchange, user_pwchange, exception): ++ """Verify that 'passwordChange' attr works as expected ++ User should have a priority over a subtree. ++ ++ :Feature: Password policy ++ ++ :Setup: Standalone instance, test user, ++ password policy entries for a user and a subtree ++ ++ :Steps: 1. Set passwordChange on the user and the subtree ++ to various combinations ++ 2. Bind as test user ++ 3. Try to change password ++ ++ :Assert: Subtree/User passwordChange - result ++ off/on, on/on - success ++ on/off, off/off - UNWILLING_TO_PERFORM ++ """ ++ ++ log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange, ++ PW_POLICY_CONT_PEOPLE)) ++ try: ++ topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE, ++ 'passwordChange', ++ subtree_pwchange)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set passwordChange '\ ++ 'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE, ++ e.message['desc'])) ++ raise e ++ ++ ++ log.info('Set passwordChange to "{}" - {}'.format(user_pwchange, ++ PW_POLICY_CONT_USER)) ++ try: ++ topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE, ++ 'passwordChange', ++ user_pwchange)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set passwordChange '\ ++ 'policy for {}: error {}'.format(PW_POLICY_CONT_USER, ++ e.message['desc'])) ++ raise e ++ ++ try: ++ log.info('Bind as user and modify userPassword') ++ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD) ++ if exception: ++ with pytest.raises(exception): ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ 'new_pass')]) ++ else: ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ 'new_pass')]) ++ except ldap.LDAPError as e: ++ log.error('Failed to change userpassword for {}: error {}'.format( ++ TEST_USER_DN, e.message['info'])) ++ raise e ++ finally: ++ log.info('Bind as DM') ++ topology.standalone.simple_bind_s(DN_DM, PASSWORD) ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ TEST_USER_PWD)]) ++ ++ ++def test_pwd_min_age(topology, test_user, password_policy): ++ """If we set passwordMinAge to some value, for example to 10, then it ++ should not allow the user to change the password within 10 seconds after ++ his previous change. ++ ++ :Feature: Password policy ++ ++ :Setup: Standalone instance, test user, ++ password policy entries for a user and a subtree ++ ++ :Steps: 1. Set passwordMinAge to 10 on the user pwpolicy entry ++ 2. Set passwordMinAge to 10 on the subtree pwpolicy entry ++ 3. Set passwordMinAge to 10 on the cn=config entry ++ 4. Bind as test user ++ 5. Try to change password two times in a row ++ 6. Wait 12 seconds ++ 7. Try to change password ++ ++ :Assert: User should be not allowed to change the password ++ right after previous change - CONSTRAINT_VIOLATION ++ User should be not allowed to change the password ++ after 12 seconds passed ++ """ ++ ++ num_seconds = '10' ++ ++ log.info('Set passwordminage to "{}" - {}'.format(num_seconds, PW_POLICY_CONT_PEOPLE)) ++ try: ++ topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE, ++ 'passwordminage', ++ num_seconds)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set passwordminage '\ ++ 'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE, ++ e.message['desc'])) ++ raise e ++ ++ log.info('Set passwordminage to "{}" - {}'.format(num_seconds, PW_POLICY_CONT_USER)) ++ try: ++ topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE, ++ 'passwordminage', ++ num_seconds)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set passwordminage '\ ++ 'policy for {}: error {}'.format(PW_POLICY_CONT_USER, ++ e.message['desc'])) ++ raise e ++ ++ log.info('Set passwordminage to "{}" - {}'.format(num_seconds, DN_CONFIG)) ++ try: ++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, ++ 'passwordminage', ++ num_seconds)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to set passwordminage '\ ++ 'policy for {}: error {}'.format(DN_CONFIG, ++ e.message['desc'])) ++ raise e ++ ++ try: ++ log.info('Bind as user and modify userPassword') ++ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD) ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ 'new_pass')]) ++ except ldap.LDAPError as e: ++ log.error('Failed to change userpassword for {}: error {}'.format( ++ TEST_USER_DN, e.message['info'])) ++ raise e ++ ++ ++ log.info('Bind as user and modify userPassword straight away after previous change') ++ topology.standalone.simple_bind_s(TEST_USER_DN, 'new_pass') ++ with pytest.raises(ldap.CONSTRAINT_VIOLATION): ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ 'new_new_pass')]) ++ ++ log.info('Wait {} second'.format(int(num_seconds) + 2)) ++ time.sleep(int(num_seconds) + 2) ++ ++ try: ++ log.info('Bind as user and modify userPassword') ++ topology.standalone.simple_bind_s(TEST_USER_DN, 'new_pass') ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ TEST_USER_PWD)]) ++ except ldap.LDAPError as e: ++ log.error('Failed to change userpassword for {}: error {}'.format( ++ TEST_USER_DN, e.message['info'])) ++ raise e ++ finally: ++ log.info('Bind as DM') ++ topology.standalone.simple_bind_s(DN_DM, PASSWORD) ++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, ++ 'userPassword', ++ TEST_USER_PWD)]) ++ ++ ++if __name__ == '__main__': ++ # Run isolated ++ # -s for DEBUG mode ++ CURRENT_FILE = os.path.realpath(__file__) ++ pytest.main("-s %s" % CURRENT_FILE) +diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py +new file mode 100644 +index 0000000..653d033 +--- /dev/null ++++ b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py +@@ -0,0 +1,151 @@ ++# --- BEGIN COPYRIGHT BLOCK --- ++# Copyright (C) 2015 Red Hat, Inc. ++# All rights reserved. ++# ++# License: GPL (version 3 or any later version). ++# See LICENSE for details. ++# --- END COPYRIGHT BLOCK --- ++# ++import os ++import sys ++import time ++import ldap ++import logging ++import pytest ++from lib389 import DirSrv, Entry, tools, tasks ++from lib389.tools import DirSrvTools ++from lib389._constants import * ++from lib389.properties import * ++from lib389.tasks import * ++ ++logging.getLogger(__name__).setLevel(logging.DEBUG) ++log = logging.getLogger(__name__) ++ ++from lib389.config import RSA, Encryption, Config ++ ++DEBUGGING = False ++ ++USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX ++ ++if DEBUGGING: ++ logging.getLogger(__name__).setLevel(logging.DEBUG) ++else: ++ logging.getLogger(__name__).setLevel(logging.INFO) ++ ++ ++log = logging.getLogger(__name__) ++ ++ ++class TopologyStandalone(object): ++ """The DS Topology Class""" ++ def __init__(self, standalone): ++ """Init""" ++ standalone.open() ++ self.standalone = standalone ++ ++ ++@pytest.fixture(scope="module") ++def topology(request): ++ """Create DS Deployment""" ++ ++ # Creating standalone instance ... ++ if DEBUGGING: ++ standalone = DirSrv(verbose=True) ++ else: ++ standalone = DirSrv(verbose=False) ++ args_instance[SER_HOST] = HOST_STANDALONE ++ args_instance[SER_PORT] = PORT_STANDALONE ++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE ++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX ++ args_standalone = args_instance.copy() ++ standalone.allocate(args_standalone) ++ instance_standalone = standalone.exists() ++ if instance_standalone: ++ standalone.delete() ++ standalone.create() ++ standalone.open() ++ ++ # Deploy certs ++ # This is a trick. The nss db that ships with DS is broken ++ for f in ('key3.db', 'cert8.db', 'key4.db', 'cert9.db', 'secmod.db', 'pkcs11.txt'): ++ try: ++ os.remove("%s/%s" % (topology.standalone.confdir, f )) ++ except: ++ pass ++ ++ assert(standalone.nss_ssl.reinit() is True) ++ assert(standalone.nss_ssl.create_rsa_ca() is True) ++ assert(standalone.nss_ssl.create_rsa_key_and_cert() is True) ++ ++ # Say that we accept the cert ++ # Connect again! ++ ++ # Enable the SSL options ++ standalone.rsa.create() ++ standalone.rsa.set('nsSSLPersonalitySSL', 'Server-Cert') ++ standalone.rsa.set('nsSSLToken', 'internal (software)') ++ standalone.rsa.set('nsSSLActivation', 'on') ++ ++ standalone.config.set('nsslapd-secureport', PORT_STANDALONE2) ++ standalone.config.set('nsslapd-security', 'on') ++ ++ standalone.restart() ++ ++ ++ def fin(): ++ """If we are debugging just stop the instances, otherwise remove ++ them ++ """ ++ if DEBUGGING: ++ standalone.stop() ++ else: ++ standalone.delete() ++ ++ request.addfinalizer(fin) ++ ++ # Clear out the tmp dir ++ standalone.clearTmpDir(__file__) ++ ++ return TopologyStandalone(standalone) ++ ++def _create_user(inst): ++ inst.add_s(Entry(( ++ USER_DN, { ++ 'objectClass': 'top account simplesecurityobject'.split(), ++ 'uid': 'user', ++ 'userpassword': 'password' ++ }))) ++ ++ ++def test_pwdPolicy_constraint(topology): ++ ''' ++ Password policy test: Ensure that on a password change, the policy is ++ enforced correctly. ++ ''' ++ ++ # Create a user ++ _create_user(topology.standalone) ++ # Set the password policy globally ++ topology.standalone.config.set('passwordMinLength', '10') ++ topology.standalone.config.set('passwordMinDigits', '2') ++ topology.standalone.config.set('passwordCheckSyntax', 'on') ++ topology.standalone.config.set('nsslapd-pwpolicy-local', 'off') ++ # Now open a new ldap connection with TLS ++ userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE)) ++ userconn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap. OPT_X_TLS_NEVER ) ++ userconn.start_tls_s() ++ userconn.simple_bind_s(USER_DN, 'password') ++ # This should have an exception! ++ try: ++ userconn.passwd_s(USER_DN, 'password', 'password1') ++ assert(False) ++ except ldap.CONSTRAINT_VIOLATION: ++ assert(True) ++ # Change the password to something invalid! ++ ++ ++if __name__ == '__main__': ++ # Run isolated ++ # -s for DEBUG mode ++ CURRENT_FILE = os.path.realpath(__file__) ++ pytest.main("-s %s" % CURRENT_FILE) +diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_test.py +deleted file mode 100644 +index 653d033..0000000 +--- a/dirsrvtests/tests/suites/password/pwdPolicy_test.py ++++ /dev/null +@@ -1,151 +0,0 @@ +-# --- BEGIN COPYRIGHT BLOCK --- +-# Copyright (C) 2015 Red Hat, Inc. +-# All rights reserved. +-# +-# License: GPL (version 3 or any later version). +-# See LICENSE for details. +-# --- END COPYRIGHT BLOCK --- +-# +-import os +-import sys +-import time +-import ldap +-import logging +-import pytest +-from lib389 import DirSrv, Entry, tools, tasks +-from lib389.tools import DirSrvTools +-from lib389._constants import * +-from lib389.properties import * +-from lib389.tasks import * +- +-logging.getLogger(__name__).setLevel(logging.DEBUG) +-log = logging.getLogger(__name__) +- +-from lib389.config import RSA, Encryption, Config +- +-DEBUGGING = False +- +-USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX +- +-if DEBUGGING: +- logging.getLogger(__name__).setLevel(logging.DEBUG) +-else: +- logging.getLogger(__name__).setLevel(logging.INFO) +- +- +-log = logging.getLogger(__name__) +- +- +-class TopologyStandalone(object): +- """The DS Topology Class""" +- def __init__(self, standalone): +- """Init""" +- standalone.open() +- self.standalone = standalone +- +- +-@pytest.fixture(scope="module") +-def topology(request): +- """Create DS Deployment""" +- +- # Creating standalone instance ... +- if DEBUGGING: +- standalone = DirSrv(verbose=True) +- else: +- standalone = DirSrv(verbose=False) +- args_instance[SER_HOST] = HOST_STANDALONE +- args_instance[SER_PORT] = PORT_STANDALONE +- args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE +- args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX +- args_standalone = args_instance.copy() +- standalone.allocate(args_standalone) +- instance_standalone = standalone.exists() +- if instance_standalone: +- standalone.delete() +- standalone.create() +- standalone.open() +- +- # Deploy certs +- # This is a trick. The nss db that ships with DS is broken +- for f in ('key3.db', 'cert8.db', 'key4.db', 'cert9.db', 'secmod.db', 'pkcs11.txt'): +- try: +- os.remove("%s/%s" % (topology.standalone.confdir, f )) +- except: +- pass +- +- assert(standalone.nss_ssl.reinit() is True) +- assert(standalone.nss_ssl.create_rsa_ca() is True) +- assert(standalone.nss_ssl.create_rsa_key_and_cert() is True) +- +- # Say that we accept the cert +- # Connect again! +- +- # Enable the SSL options +- standalone.rsa.create() +- standalone.rsa.set('nsSSLPersonalitySSL', 'Server-Cert') +- standalone.rsa.set('nsSSLToken', 'internal (software)') +- standalone.rsa.set('nsSSLActivation', 'on') +- +- standalone.config.set('nsslapd-secureport', PORT_STANDALONE2) +- standalone.config.set('nsslapd-security', 'on') +- +- standalone.restart() +- +- +- def fin(): +- """If we are debugging just stop the instances, otherwise remove +- them +- """ +- if DEBUGGING: +- standalone.stop() +- else: +- standalone.delete() +- +- request.addfinalizer(fin) +- +- # Clear out the tmp dir +- standalone.clearTmpDir(__file__) +- +- return TopologyStandalone(standalone) +- +-def _create_user(inst): +- inst.add_s(Entry(( +- USER_DN, { +- 'objectClass': 'top account simplesecurityobject'.split(), +- 'uid': 'user', +- 'userpassword': 'password' +- }))) +- +- +-def test_pwdPolicy_constraint(topology): +- ''' +- Password policy test: Ensure that on a password change, the policy is +- enforced correctly. +- ''' +- +- # Create a user +- _create_user(topology.standalone) +- # Set the password policy globally +- topology.standalone.config.set('passwordMinLength', '10') +- topology.standalone.config.set('passwordMinDigits', '2') +- topology.standalone.config.set('passwordCheckSyntax', 'on') +- topology.standalone.config.set('nsslapd-pwpolicy-local', 'off') +- # Now open a new ldap connection with TLS +- userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE)) +- userconn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap. OPT_X_TLS_NEVER ) +- userconn.start_tls_s() +- userconn.simple_bind_s(USER_DN, 'password') +- # This should have an exception! +- try: +- userconn.passwd_s(USER_DN, 'password', 'password1') +- assert(False) +- except ldap.CONSTRAINT_VIOLATION: +- assert(True) +- # Change the password to something invalid! +- +- +-if __name__ == '__main__': +- # Run isolated +- # -s for DEBUG mode +- CURRENT_FILE = os.path.realpath(__file__) +- pytest.main("-s %s" % CURRENT_FILE) +diff --git a/dirsrvtests/tests/suites/password/pwd_change_policytest.py b/dirsrvtests/tests/suites/password/pwd_change_policytest.py +deleted file mode 100644 +index 1d48c65..0000000 +--- a/dirsrvtests/tests/suites/password/pwd_change_policytest.py ++++ /dev/null +@@ -1,240 +0,0 @@ +-import os +-import sys +-import time +-import subprocess +-import ldap +-import logging +-import pytest +-from lib389 import DirSrv, Entry, tools, tasks +-from lib389.tools import DirSrvTools +-from lib389._constants import * +-from lib389.properties import * +-from lib389.tasks import * +-from lib389.utils import * +- +-DEBUGGING = False +-OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX) +-TEST_USER_NAME = 'simplepaged_test' +-TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE) +-TEST_USER_PWD = 'simplepaged_test' +-PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\ +- 'ou=people,dc=example,dc=com",'\ +- 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com' +-PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\ +- 'ou=people,dc=example,dc=com",'\ +- 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com' +- +-if DEBUGGING: +- logging.getLogger(__name__).setLevel(logging.DEBUG) +-else: +- logging.getLogger(__name__).setLevel(logging.INFO) +- +-log = logging.getLogger(__name__) +- +- +-class TopologyStandalone(object): +- """The DS Topology Class""" +- def __init__(self, standalone): +- """Init""" +- standalone.open() +- self.standalone = standalone +- +- +-@pytest.fixture(scope="module") +-def topology(request): +- """Create DS Deployment""" +- +- # Creating standalone instance ... +- if DEBUGGING: +- standalone = DirSrv(verbose=True) +- else: +- standalone = DirSrv(verbose=False) +- args_instance[SER_HOST] = HOST_STANDALONE +- args_instance[SER_PORT] = PORT_STANDALONE +- args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE +- args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX +- args_standalone = args_instance.copy() +- standalone.allocate(args_standalone) +- instance_standalone = standalone.exists() +- if instance_standalone: +- standalone.delete() +- standalone.create() +- standalone.open() +- +- def fin(): +- """If we are debugging just stop the instances, otherwise remove +- them +- """ +- if DEBUGGING: +- standalone.stop() +- else: +- standalone.delete() +- +- request.addfinalizer(fin) +- +- +- return TopologyStandalone(standalone) +- +- +-@pytest.fixture(scope="module") +-def test_user(topology, request): +- """User for binding operation""" +- +- log.info('Adding user {}'.format(TEST_USER_DN)) +- try: +- topology.standalone.add_s(Entry((TEST_USER_DN, { +- 'objectclass': 'top person'.split(), +- 'objectclass': 'organizationalPerson', +- 'objectclass': 'inetorgperson', +- 'cn': TEST_USER_NAME, +- 'sn': TEST_USER_NAME, +- 'userpassword': TEST_USER_PWD, +- 'mail': '%s@redhat.com' % TEST_USER_NAME, +- 'uid': TEST_USER_NAME +- }))) +- except ldap.LDAPError as e: +- log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN, +- e.message['desc'])) +- raise e +- +- def fin(): +- log.info('Deleting user {}'.format(TEST_USER_DN)) +- topology.standalone.delete_s(TEST_USER_DN) +- request.addfinalizer(fin) +- +- +-@pytest.fixture(scope="module") +-def password_policy(topology, test_user): +- """Set up password policy for subtree and user""" +- +- log.info('Enable fine-grained policy') +- try: +- topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, +- 'nsslapd-pwpolicy-local', +- 'on')]) +- except ldap.LDAPError as e: +- log.error('Failed to set fine-grained policy: error {}'.format( +- e.message['desc'])) +- raise e +- +- log.info('Create password policy for subtree {}'.format(OU_PEOPLE)) +- try: +- subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, +- '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, +- '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE]) +- except subprocess.CalledProcessError as e: +- log.error('Failed to create pw policy policy for {}: error {}'.format( +- OU_PEOPLE, e.message['desc'])) +- raise e +- +- log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE)) +- try: +- topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE, +- 'pwdpolicysubentry', +- PW_POLICY_CONT_PEOPLE)]) +- except ldap.LDAPError as e: +- log.error('Failed to pwdpolicysubentry pw policy '\ +- 'policy for {}: error {}'.format(OU_PEOPLE, +- e.message['desc'])) +- raise e +- +- log.info('Create password policy for subtree {}'.format(TEST_USER_DN)) +- try: +- subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD, +- '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE, +- '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE]) +- except subprocess.CalledProcessError as e: +- log.error('Failed to create pw policy policy for {}: error {}'.format( +- TEST_USER_DN, e.message['desc'])) +- raise e +- +- log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN)) +- try: +- topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, +- 'pwdpolicysubentry', +- PW_POLICY_CONT_USER)]) +- except ldap.LDAPError as e: +- log.error('Failed to pwdpolicysubentry pw policy '\ +- 'policy for {}: error {}'.format(TEST_USER_DN, +- e.message['desc'])) +- raise e +- +- +-@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception', +- [('off', 'on', None), ('on', 'on', None), +- ('on', 'off', ldap.UNWILLING_TO_PERFORM), +- ('off', 'off', ldap.UNWILLING_TO_PERFORM)]) +-def test_change_pwd(topology, test_user, password_policy, +- subtree_pwchange, user_pwchange, exception): +- """Verify that 'passwordChange' attr works as expected +- User should have a priority over a subtree. +- +- :Feature: Password policy +- +- :Setup: Standalone instance, test user, +- password policy entries for a user and a subtree +- +- :Steps: 1. Set passwordChange on the user and the subtree +- to various combinations +- 2. Bind as test user +- 3. Try to change password +- +- :Assert: Subtree/User passwordChange - result +- off/on, on/on - success +- on/off, off/off - UNWILLING_TO_PERFORM +- """ +- +- log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange, +- PW_POLICY_CONT_PEOPLE)) +- try: +- topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE, +- 'passwordChange', +- subtree_pwchange)]) +- except ldap.LDAPError as e: +- log.error('Failed to set passwordChange '\ +- 'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE, +- e.message['desc'])) +- raise e +- +- +- log.info('Set passwordChange to "{}" - {}'.format(user_pwchange, +- PW_POLICY_CONT_USER)) +- try: +- topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE, +- 'passwordChange', +- user_pwchange)]) +- except ldap.LDAPError as e: +- log.error('Failed to set passwordChange '\ +- 'policy for {}: error {}'.format(PW_POLICY_CONT_USER, +- e.message['desc'])) +- raise e +- +- try: +- log.info('Bind as user and modify userPassword') +- topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD) +- if exception: +- with pytest.raises(exception): +- topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, +- 'userPassword', +- 'new_pass')]) +- else: +- topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, +- 'userPassword', +- 'new_pass')]) +- except ldap.LDAPError as e: +- log.error('Failed to change userpassword for {}: error {}'.format( +- TEST_USER_DN, e.message['info'])) +- raise e +- finally: +- log.info('Bind as DM') +- topology.standalone.simple_bind_s(DN_DM, PASSWORD) +- topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE, +- 'userPassword', +- TEST_USER_PWD)]) +- +- +-if __name__ == '__main__': +- # Run isolated +- # -s for DEBUG mode +- CURRENT_FILE = os.path.realpath(__file__) +- pytest.main("-s %s" % CURRENT_FILE) +-- +2.4.11 + diff --git a/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch b/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch deleted file mode 100644 index 94219a4..0000000 --- a/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0cb8a7e2f797b4d48a20e650cf8510b8495a35e6 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 11 Aug 2015 10:23:21 -0700 -Subject: [PATCH 43/45] Ticket #48245 - Man pages and help for remove-ds.pl - doesn't display "-a" option - -Description: Adding the description for "-a" to the man page and the help usage. - -https://fedorahosted.org/389/ticket/48245 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit a2dbb56ec5ad468972a41a500e1cdbb4ced01cb0) -(cherry picked from commit 06dafdfed1528ea6724f61492f4c93977a3ce809) ---- - ldap/admin/src/scripts/remove-ds.pl.in | 5 +++-- - man/man8/remove-ds.pl.8 | 5 ++++- - 2 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in -index e7eb591..b35ae32 100755 ---- a/ldap/admin/src/scripts/remove-ds.pl.in -+++ b/ldap/admin/src/scripts/remove-ds.pl.in -@@ -21,8 +21,9 @@ Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd - my $res = new Resource("@propertydir@/setup-ds.res"); - - sub usage { -- print(STDERR "Usage: $0 [-f] [-d -d ... -d] -i instance\n\n"); -- print(STDERR " Opts: -f - force removal\n"); -+ print(STDERR "Usage: $0 [-a] [-f] [-d -d ... -d] -i instance\n\n"); -+ print(STDERR " Opts: -a - remove all\n"); -+ print(STDERR " -f - force removal\n"); - print(STDERR " -i instance - instance name to remove (e.g. - slapd-example)\n"); - print(STDERR " -d - turn on debugging output\n"); - } -diff --git a/man/man8/remove-ds.pl.8 b/man/man8/remove-ds.pl.8 -index 8c7c118..0568ff8 100644 ---- a/man/man8/remove-ds.pl.8 -+++ b/man/man8/remove-ds.pl.8 -@@ -19,7 +19,7 @@ - remove\-ds.pl \- Remove an instance of Directory Server - .SH SYNOPSIS - .B remove-ds.pl --[\-f] [\-d \-d ... \-d] \-i \fIinstance\fR -+[\-a] [\-f] [\-d \-d ... \-d] \-i \fIinstance\fR - .SH DESCRIPTION - Removes a Directory Server instance from the system. The instance - will be shutdown and the files will be removed. The certificate -@@ -33,6 +33,9 @@ will contain the retained certificate database files. - .SH OPTIONS - A summary of options is included below: - .TP -+.B \fB\-a\fR -+Removes all files and directories belonging to the instance -+.TP - .B \fB\-f\fR - Force removal - .TP --- -1.9.3 - diff --git a/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch b/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch new file mode 100644 index 0000000..be4eeee --- /dev/null +++ b/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch @@ -0,0 +1,105 @@ +From 8bfade183d98992172425642edbfcf5952a74319 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Thu, 25 Aug 2016 13:39:25 -0400 +Subject: [PATCH 43/45] Ticket 48950 - Add systemd warning to the LD_PRELOAD + example in /etc/sysconfig/dirsrv + +Description: systemd warning about omitting the PORT was missing from the + LD_PRELOAD example. + + Also fixed up file format/layout.. + +https://fedorahosted.org/389/ticket/48950 + +Reviewed by: nhosoi, amsharma, lkrispen (Thanks!!!) + +(cherry picked from commit 1e44c1f321d03dcb30615bcacfc5c099612b1c66) +--- + ldap/admin/src/base-initconfig.in | 67 +++++++++++++++++++-------------------- + 1 file changed, 33 insertions(+), 34 deletions(-) + +diff --git a/ldap/admin/src/base-initconfig.in b/ldap/admin/src/base-initconfig.in +index 0481c3e..8507296 100644 +--- a/ldap/admin/src/base-initconfig.in ++++ b/ldap/admin/src/base-initconfig.in +@@ -7,44 +7,43 @@ + + @preamble@ + +-# In order to make more file descriptors available +-# to the directory server, first make sure the system +-# hard limits are raised, then use ulimit - uncomment +-# out the following line and change the value to the +-# desired value +-# ulimit -n 8192 +-# note - if using systemd, ulimit won't work - you must edit +-# the systemd unit file for directory server to add the +-# LimitNOFILE option - see man systemd.exec for more info +- +-# A per instance keytab does not make much sense for servers. +-# Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN, there +-# is nothing that can make a client understand how to get a per-instance ticket. +-# Therefore by default a keytab should be considered a per server option. +- +-# Also this file is sourced for all instances, so again all +-# instances would ultimately get the same keytab. +- ++# In order to make more file descriptors available to the directory server, ++# first make sure the system hard limits are raised, then use ulimit - ++# uncomment out the following line and change the value to the desired value ++#ulimit -n 8192 ++# note - if using systemd, ulimit won't work - you must edit the systemd unit ++# file for directory server to add the LimitNOFILE option - see "man ++# systemd.exec" for more info ++ ++# A per instance keytab does not make much sense for servers. Kerberos clients ++# use the machine FQDN to obtain a ticket like ldap/FQDN, there is nothing that ++# can make a client understand how to get a per-instance ticket. Therefore by ++# default a keytab should be considered a per server option. ++# ++# Also this file is sourced for all instances, so again all instances would ++# ultimately get the same keytab. ++# + # Finally a keytab is normally named either krb5.keytab or .keytab +- +-# In order to use SASL/GSSAPI (Kerberos) the directory +-# server needs to know where to find its keytab +-# file - uncomment the following line and set +-# the path and filename appropriately +-# if using systemd, omit the "; export VARNAME" at the end +-# KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME +- +-# how many seconds to wait for the startpid file to show +-# up before we assume there is a problem and fail to start +-# if using systemd, omit the "; export VARNAME" at the end ++# ++# In order to use SASL/GSSAPI (Kerberos) the directory server needs to know ++# where to find its keytab file - uncomment the following line and set the ++# path and filename appropriately. ++# If using systemd, omit the "; export VARNAME" at the end. ++#KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME ++ ++# How many seconds to wait for the startpid file to show up before we assume ++# there is a problem and fail to start. ++# If using systemd, omit the "; export STARTPID_TIME" at the end. + #STARTPID_TIME=10 ; export STARTPID_TIME +-# how many seconds to wait for the pid file to show +-# up before we assume there is a problem and fail to start +-# if using systemd, omit the "; export VARNAME" at the end ++ ++# How many seconds to wait for the pid file to show up before we assume there ++# is a problem and fail to start. ++# If using systemd, omit the "; export PID_TIME" at the end. + #PID_TIME=600 ; export PID_TIME + + # The tcmalloc memory allocator has been shown to have a positive impact on + # the Directory Server's virtual & resident memory size/growth. tcmalloc is +-# available on RHEL/Fedora in the gperftools package (this could be different +-# on other platforms). Here is an example of preloading tcmalloc: ++# available on RHEL/Fedora in the gperftools-libs package (this could be ++# different on other platforms). ++# If using systemd, omit the "; export LD_PRELOAD" at the end. + #LD_PRELOAD=@libdir@/libtcmalloc.so.4 ; export LD_PRELOAD +-- +2.4.11 + diff --git a/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch b/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch deleted file mode 100644 index 75a2224..0000000 --- a/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 3598e701b5362633daa40380088d6ba9c8e2d103 Mon Sep 17 00:00:00 2001 -From: Thierry Bordaz -Date: Fri, 14 Aug 2015 12:32:31 +0200 -Subject: [PATCH 44/45] Ticket 48249: sync_repl uuid may be invalid - -Bug Description: - uuid is computed from nsuniqueid of the entry. - If the computed uuid contains NULL char, slapi_ch_smprintf("%s") - will stop on the it, leaving the rest of the buffer with the value - that was on the heap at that time - -Fix Description: - use malloc/memcpy instead of slapi_ch_smprintf - -https://fedorahosted.org/389/ticket/48249 - -Reviewed by: Noriko Hosoi (thank you !!) - -Platforms tested: F22 - -Flag Day: no - -Doc impact: no - -(cherry picked from commit a80fe155cb302e0ef10e14cb238c88698b5995a2) ---- - ldap/servers/plugins/sync/sync_util.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c -index 00dc182..1dcff91 100644 ---- a/ldap/servers/plugins/sync/sync_util.c -+++ b/ldap/servers/plugins/sync/sync_util.c -@@ -107,7 +107,8 @@ sync_nsuniqueid2uuid(const char *nsuniqueid) - - u[16] = '\0'; - -- uuid = slapi_ch_smprintf("%s",(char *)u); -+ uuid = slapi_ch_malloc(sizeof(u)); -+ memcpy(uuid, u, sizeof(u)); - - return(uuid); - } --- -1.9.3 - diff --git a/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch b/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch new file mode 100644 index 0000000..6605130 --- /dev/null +++ b/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch @@ -0,0 +1,582 @@ +From e48616639e254b698edaa778d41597094243ced5 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Fri, 26 Aug 2016 15:04:02 -0400 +Subject: [PATCH 44/45] Ticket 48957 - set proper update status to replication + agreement in case of failure + +Bug Description: If a replication agreement fails to send updates it always returns + a generic error message even though there are many ways it could be + failing. + +Fix Description: Set a proper error message when we fail to update a replica. Also made + all the messages consistent in format, and added new response strings + for known errors. + + Also fixed some minor compiler warnings. + +https://fedorahosted.org/389/ticket/48957 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit cdf4fb4ea6f26b4198d2d6b146ca51dcd51a31ef) +--- + ldap/servers/plugins/replication/repl5.h | 15 +++-- + ldap/servers/plugins/replication/repl5_agmt.c | 26 ++++---- + .../plugins/replication/repl5_inc_protocol.c | 70 ++++++++++++++-------- + .../plugins/replication/repl5_protocol_util.c | 65 ++++++++++++++++++-- + .../plugins/replication/repl5_replica_config.c | 4 +- + ldap/servers/plugins/replication/repl5_total.c | 5 +- + 6 files changed, 132 insertions(+), 53 deletions(-) + +diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h +index 6f6c81a..13a38fd 100644 +--- a/ldap/servers/plugins/replication/repl5.h ++++ b/ldap/servers/plugins/replication/repl5.h +@@ -91,11 +91,16 @@ + #define NSDS50_REPL_BELOW_PURGEPOINT 0x07 /* Supplier provided a CSN below the consumer's purge point */ + #define NSDS50_REPL_INTERNAL_ERROR 0x08 /* Something bad happened on consumer */ + #define NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED 0x09 /* Replica released successfully */ +-#define NSDS50_REPL_LEGACY_CONSUMER 0x0A /* replica is a legacy consumer */ +-#define NSDS50_REPL_REPLICAID_ERROR 0x0B /* replicaID doesn't seem to be unique */ +-#define NSDS50_REPL_DISABLED 0x0C /* replica suffix is disabled */ +-#define NSDS50_REPL_UPTODATE 0x0D /* replica is uptodate */ +-#define NSDS50_REPL_BACKOFF 0x0E /* replica wants master to go into backoff mode */ ++#define NSDS50_REPL_LEGACY_CONSUMER 0x0A /* replica is a legacy consumer */ ++#define NSDS50_REPL_REPLICAID_ERROR 0x0B /* replicaID doesn't seem to be unique */ ++#define NSDS50_REPL_DISABLED 0x0C /* replica suffix is disabled */ ++#define NSDS50_REPL_UPTODATE 0x0D /* replica is uptodate */ ++#define NSDS50_REPL_BACKOFF 0x0E /* replica wants master to go into backoff mode */ ++#define NSDS50_REPL_CL_ERROR 0x0F /* Problem reading changelog */ ++#define NSDS50_REPL_CONN_ERROR 0x10 /* Problem with replication connection*/ ++#define NSDS50_REPL_CONN_TIMEOUT 0x11 /* Connection timeout */ ++#define NSDS50_REPL_TRANSIENT_ERROR 0x12 /* Transient error */ ++#define NSDS50_REPL_RUV_ERROR 0x13 /* Problem with the RUV */ + #define NSDS50_REPL_REPLICA_NO_RESPONSE 0xff /* No response received */ + + /* Protocol status */ +diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c +index 76d26a1..52cc8b6 100644 +--- a/ldap/servers/plugins/replication/repl5_agmt.c ++++ b/ldap/servers/plugins/replication/repl5_agmt.c +@@ -2460,9 +2460,9 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char * + replmsg = NULL; + } + } +- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d %s%sLDAP error: %s%s%s", ++ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (%d) %s%s - LDAP error: %s%s%s%s", + ldaprc, message?message:"",message?"":" - ", +- slapi_err2string(ldaprc), replmsg ? " - " : "", replmsg ? replmsg : ""); ++ slapi_err2string(ldaprc), replmsg ? " (" : "", replmsg ? replmsg : "", replmsg ? ")" : ""); + } + /* ldaprc == LDAP_SUCCESS */ + else if (replrc != 0) +@@ -2470,16 +2470,15 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char * + if (replrc == NSDS50_REPL_REPLICA_BUSY) + { + PR_snprintf(ra->last_update_status, STATUS_LEN, +- "%d Can't acquire busy replica", replrc ); ++ "Error (%d) Can't acquire busy replica", replrc ); + } + else if (replrc == NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED) + { +- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d %s", +- ldaprc, "Replication session successful"); ++ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (0) Replication session successful"); + } + else if (replrc == NSDS50_REPL_DISABLED) + { +- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d Incremental update aborted: " ++ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (%d) Incremental update aborted: " + "Replication agreement for %s\n can not be updated while the replica is disabled.\n" + "(If the suffix is disabled you must enable it then restart the server for replication to take place).", + replrc, ra->long_name ? ra->long_name : "a replica"); +@@ -2493,20 +2492,18 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char * + else + { + PR_snprintf(ra->last_update_status, STATUS_LEN, +- "%d Replication error acquiring replica: %s%s%s", +- replrc, protocol_response2string(replrc), +- message?" - ":"",message?message:""); ++ "Error (%d) Replication error acquiring replica: %s%s(%s)", ++ replrc, message?message:"", message?" ":"", protocol_response2string(replrc)); + } + } + else if (message != NULL) /* replrc == NSDS50_REPL_REPLICA_READY == 0 */ + { +- PR_snprintf(ra->last_update_status, STATUS_LEN, +- "%d Replica acquired successfully: %s", +- ldaprc, message); ++ PR_snprintf(ra->last_update_status, STATUS_LEN, ++ "Error (0) Replica acquired successfully: %s", message); + } + else + { /* agmt_set_last_update_status(0,0,NULL) to reset agmt */ +- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d", ldaprc); ++ ra->last_update_status[0] = '\0'; + } + } + } +@@ -2737,7 +2734,8 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, + slapi_entry_add_string(e, "nsds5replicaChangesSentSinceStartup", changecount_string); + if (ra->last_update_status[0] == '\0') + { +- slapi_entry_add_string(e, "nsds5replicaLastUpdateStatus", "0 No replication sessions started since server startup"); ++ slapi_entry_add_string(e, "nsds5replicaLastUpdateStatus", ++ "Error (0) No replication sessions started since server startup"); + } + else + { +diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c +index 27bac5d..d1de6c5 100644 +--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c ++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c +@@ -671,7 +671,6 @@ repl5_inc_run(Private_Repl_Protocol *prp) + int wait_change_timer_set = 0; + int current_state = STATE_START; + int next_state = STATE_START; +- int optype, ldaprc; + int done; + int e1; + +@@ -838,14 +837,6 @@ repl5_inc_run(Private_Repl_Protocol *prp) + } else if (rc == ACQUIRE_FATAL_ERROR){ + next_state = STATE_STOP_FATAL_ERROR; + } +- +- if (rc != ACQUIRE_SUCCESS){ +- int optype, ldaprc; +- conn_get_error(prp->conn, &optype, &ldaprc); +- agmt_set_last_update_status(prp->agmt, ldaprc, +- prp->last_acquire_response_code, "Unable to acquire replica"); +- } +- + object_release(prp->replica_object); + break; + +@@ -934,10 +925,6 @@ repl5_inc_run(Private_Repl_Protocol *prp) + } else if (rc == ACQUIRE_FATAL_ERROR){ + next_state = STATE_STOP_FATAL_ERROR; + } +- if (rc != ACQUIRE_SUCCESS){ +- conn_get_error(prp->conn, &optype, &ldaprc); +- agmt_set_last_update_status(prp->agmt, ldaprc, prp->last_acquire_response_code, "Unable to acquire replica"); +- } + /* + * We either need to step the backoff timer, or + * destroy it if we don't need it anymore +@@ -1037,7 +1024,8 @@ repl5_inc_run(Private_Repl_Protocol *prp) + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Replica has no update vector. It has never been initialized.\n", + agmt_get_long_name(prp->agmt)); +- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica is not initialized"); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR, ++ "Replica is not initialized"); + next_state = STATE_BACKOFF_START; + break; + case EXAMINE_RUV_GENERATION_MISMATCH: +@@ -1045,8 +1033,9 @@ repl5_inc_run(Private_Repl_Protocol *prp) + "%s: The remote replica has a different database generation ID than " + "the local database. You may have to reinitialize the remote replica, " + "or the local replica.\n", agmt_get_long_name(prp->agmt)); +- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica has different database " +- "generation ID, remote replica may need to be initialized"); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR, ++ "Replica has different database generation ID, remote " ++ "replica may need to be initialized"); + next_state = STATE_BACKOFF_START; + break; + case EXAMINE_RUV_REPLICA_TOO_OLD: +@@ -1054,7 +1043,8 @@ repl5_inc_run(Private_Repl_Protocol *prp) + "%s: Replica update vector is too out of date to bring " + "into sync using the incremental protocol. The replica " + "must be reinitialized.\n", agmt_get_long_name(prp->agmt)); +- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica needs to be reinitialized"); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR, ++ "Replica needs to be reinitialized"); + next_state = STATE_BACKOFF_START; + break; + case EXAMINE_RUV_OK: +@@ -1069,11 +1059,15 @@ repl5_inc_run(Private_Repl_Protocol *prp) + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Incremental protocol: fatal error - too much time skew between replicas!\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_EXCESSIVE_CLOCK_SKEW, ++ "fatal error - too much time skew between replicas"); + next_state = STATE_STOP_FATAL_ERROR; + } else if (rc != 0) /* internal error */ { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Incremental protocol: fatal internal error updating the CSN generator!\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_INTERNAL_ERROR, ++ "fatal internal error updating the CSN generator"); + next_state = STATE_STOP_FATAL_ERROR; + } else { + /* +@@ -1097,7 +1091,8 @@ repl5_inc_run(Private_Repl_Protocol *prp) + next_state = STATE_BACKOFF_START; + } else if (rc == UPDATE_TRANSIENT_ERROR){ + dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TRANSIENT_ERROR -> STATE_BACKOFF_START"); +- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update transient error. Backing off, will retry update later."); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_TRANSIENT_ERROR, ++ "Incremental update transient error. Backing off, will retry update later."); + next_state = STATE_BACKOFF_START; + } else if (rc == UPDATE_FATAL_ERROR){ + dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_FATAL_ERROR -> STATE_STOP_FATAL_ERROR"); +@@ -1114,11 +1109,13 @@ repl5_inc_run(Private_Repl_Protocol *prp) + conn_disconnect (prp->conn); + } else if (rc == UPDATE_CONNECTION_LOST){ + dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_CONNECTION_LOST -> STATE_BACKOFF_START"); +- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update connection error. Backing off, will retry update later."); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CONN_ERROR, ++ "Incremental update connection error. Backing off, will retry update later."); + next_state = STATE_BACKOFF_START; + } else if (rc == UPDATE_TIMEOUT){ + dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TIMEOUT -> STATE_BACKOFF_START"); +- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update timeout error. Backing off, will retry update later."); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CONN_TIMEOUT, ++ "Incremental update timeout error. Backing off, will retry update later."); + next_state = STATE_BACKOFF_START; + } + /* Set the updates times based off the result of send_updates() */ +@@ -1173,8 +1170,6 @@ repl5_inc_run(Private_Repl_Protocol *prp) + /* + * We encountered some sort of a fatal error. Suspend. + */ +- /* XXXggood update state in replica */ +- agmt_set_last_update_status(prp->agmt, -1, 0, "Incremental update has failed and requires administrator action"); + dev_debug("repl5_inc_run(STATE_STOP_FATAL_ERROR)"); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Incremental update failed and requires administrator action\n", +@@ -1630,30 +1625,40 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Invalid parameter passed to cl5CreateReplayIterator\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Invalid parameter passed to cl5CreateReplayIterator"); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_BAD_FORMAT: /* db data has unexpected format */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Unexpected format encountered in changelog database\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Unexpected format encountered in changelog database"); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_BAD_STATE: /* changelog is in an incorrect state for attempted operation */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Changelog database was in an incorrect state\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Changelog database was in an incorrect state"); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_BAD_DBVERSION: /* changelog has invalid dbversion */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Incorrect dbversion found in changelog database\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Incorrect dbversion found in changelog database"); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_DB_ERROR: /* database error */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: A changelog database error was encountered\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Changelog database error was encountered"); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_NOTFOUND: /* we have no changes to send */ +@@ -1666,6 +1671,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Memory allocation error occurred\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "changelog memory allocation error occurred"); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_SYSTEM_ERROR: /* NSPR error occurred: use PR_GetError for further info */ +@@ -1694,15 +1701,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + break; + case CL5_PURGED_DATA: /* requested data has been purged */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, +- "%s: Data required to update replica has been purged. " ++ "%s: Data required to update replica has been purged from the changelog. " + "The replica must be reinitialized.\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Data required to update replica has been purged from the changelog. " ++ "The replica must be reinitialized."); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_MISSING_DATA: /* data should be in the changelog, but is missing */ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Missing data encountered\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Changelog data is missing"); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_UNKNOWN_ERROR: /* unclassified error */ +@@ -1738,8 +1750,9 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + rc = repl5_inc_create_async_result_thread(rd); + if (rc) { + slapi_log_error (SLAPI_LOG_FATAL, repl_plugin_name, "%s: repl5_inc_run: " +- "repl5_tot_create_async_result_thread failed; error - %d\n", ++ "repl5_inc_create_async_result_thread failed; error - %d\n", + agmt_get_long_name(prp->agmt), rc); ++ agmt_set_last_update_status(prp->agmt, 0, rc, "Failed to create result thread"); + return_value = UPDATE_FATAL_ERROR; + } + } +@@ -1898,6 +1911,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Invalid parameter passed to cl5GetNextOperationToReplay\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Invalid parameter passed to cl5GetNextOperationToReplay"); + return_value = UPDATE_FATAL_ERROR; + finished = 1; + break; +@@ -1912,6 +1927,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "%s: A database error occurred (cl5GetNextOperationToReplay)\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Database error occurred while getting the next operation to replay"); + return_value = UPDATE_FATAL_ERROR; + finished = 1; + break; +@@ -1922,8 +1939,10 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + break; + case CL5_MEMORY_ERROR: + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, +- "%s: A memory allocation error occurred (cl5GetNextOperationToRepla)\n", ++ "%s: A memory allocation error occurred (cl5GetNextOperationToReplay)\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR, ++ "Memory allocation error occurred (cl5GetNextOperationToReplay)"); + return_value = UPDATE_FATAL_ERROR; + break; + case CL5_IGNORE_OP: +@@ -1985,6 +2004,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu + if (!replarea_sdn) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "send_updates: Unknown replication area due to agreement not found."); ++ agmt_set_last_update_status(prp->agmt, 0, -1, "Agreement is corrupted: missing suffix"); + return_value = UPDATE_FATAL_ERROR; + } else { + replica_subentry_update(replarea_sdn, rid); +diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c +index ce27a8a..ce6281a 100644 +--- a/ldap/servers/plugins/replication/repl5_protocol_util.c ++++ b/ldap/servers/plugins/replication/repl5_protocol_util.c +@@ -140,10 +140,18 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + crc = conn_connect(conn); + if (CONN_OPERATION_FAILED == crc) + { ++ int operation, error; ++ conn_get_error(conn, &operation, &error); ++ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR, ++ "Problem connecting to replica"); + return_value = ACQUIRE_TRANSIENT_ERROR; + } + else if (CONN_SSL_NOT_ENABLED == crc) + { ++ int operation, error; ++ conn_get_error(conn, &operation, &error); ++ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR, ++ "Problem connecting to replica (SSL not enabled)"); + return_value = ACQUIRE_FATAL_ERROR; + } + else +@@ -295,6 +303,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "an internal error occurred on the remote replica. " + "Replication is aborting.\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, extop_result, ++ "Failed to acquire replica: " ++ "Internal error occurred on the remote replica"); + return_value = ACQUIRE_FATAL_ERROR; + break; + case NSDS50_REPL_PERMISSION_DENIED: +@@ -307,6 +318,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "supply replication updates to the replica. " + "Will retry later.\n", + agmt_get_long_name(prp->agmt), repl_binddn); ++ agmt_set_last_update_status(prp->agmt, 0, extop_result, ++ "Unable to acquire replica: permission denied. " ++ "The bind dn does not have permission to " ++ "supply replication updates to the replica. " ++ "Will retry later."); + slapi_ch_free((void **)&repl_binddn); + return_value = ACQUIRE_TRANSIENT_ERROR; + break; +@@ -321,6 +337,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "Replication is aborting.\n", + agmt_get_long_name(prp->agmt), + slapi_sdn_get_dn(repl_root)); ++ agmt_set_last_update_status(prp->agmt, 0, extop_result, ++ "Unable to acquire replica: there is no " ++ "replicated area on the consumer server. " ++ "Replication is aborting."); + slapi_sdn_free(&repl_root); + return_value = ACQUIRE_FATAL_ERROR; + break; +@@ -342,6 +362,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "startReplicationRequest extended operation sent by the " + "supplier. Replication is aborting.\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, extop_result, ++ "Unable to acquire replica: " ++ "the consumer was unable to decode the " ++ "startReplicationRequest extended operation sent " ++ "by the supplier. Replication is aborting."); + return_value = ACQUIRE_FATAL_ERROR; + break; + case NSDS50_REPL_REPLICA_BUSY: +@@ -365,6 +390,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "by another supplier. Will try later\n", + agmt_get_long_name(prp->agmt)); + } ++ agmt_set_last_update_status(prp->agmt, 0, extop_result, ++ "Unable to acquire replica: " ++ "the replica is currently being updated by another " ++ "supplier."); + return_value = ACQUIRE_REPLICA_BUSY; + break; + case NSDS50_REPL_LEGACY_CONSUMER: +@@ -373,6 +402,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "%s: Unable to acquire replica: the replica " + "is supplied by a legacy supplier. " + "Replication is aborting.\n", agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, extop_result, ++ "Unable to acquire replica: the replica is supplied " ++ "by a legacy supplier. Replication is aborting."); + return_value = ACQUIRE_FATAL_ERROR; + break; + case NSDS50_REPL_REPLICAID_ERROR: +@@ -382,6 +414,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "has the same Replica ID as this one. " + "Replication is aborting.\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, 0, ++ "Unable to aquire replica: the replica has the same " ++ "Replica ID as this one. Replication is aborting."); + return_value = ACQUIRE_FATAL_ERROR; + break; + case NSDS50_REPL_BACKOFF: +@@ -392,6 +427,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "the replica instructed us to go into " + "backoff mode. Will retry later.\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, extop_result, ++ "Unable to acquire replica: the replica instructed " ++ "us to go into backoff mode. Will retry later."); + return_value = ACQUIRE_TRANSIENT_ERROR; + break; + case NSDS50_REPL_REPLICA_READY: +@@ -450,6 +488,8 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + return_value = ACQUIRE_SUCCESS; + break; + default: ++ agmt_set_last_update_status(prp->agmt, 0, extop_result, ++ "Unable to acquire replica"); + return_value = ACQUIRE_FATAL_ERROR; + } + } +@@ -461,6 +501,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "startReplication extended operation. " + "Replication is aborting.\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_DECODING_ERROR, ++ "Unable to parse the response to the " ++ "startReplication extended operation. " ++ "Replication is aborting."); + prp->last_acquire_response_code = NSDS50_REPL_INTERNAL_ERROR; + return_value = ACQUIRE_FATAL_ERROR; + } +@@ -477,6 +521,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "extended operation to consumer (%s). Will retry later.\n", + agmt_get_long_name(prp->agmt), + error ? ldap_err2string(error) : "unknown error"); ++ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR, ++ "Unable to receive the response for a startReplication " ++ "extended operation to consumer. Will retry later."); + } + } + else +@@ -486,6 +533,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv) + "%s: Unable to obtain current CSN. " + "Replication is aborting.\n", + agmt_get_long_name(prp->agmt)); ++ agmt_set_last_update_status(prp->agmt, 0, 0, ++ "Unable to obtain current CSN. " ++ "Replication is aborting."); + return_value = ACQUIRE_FATAL_ERROR; + } + } +@@ -535,8 +585,8 @@ release_replica(Private_Repl_Protocol *prp) + PR_ASSERT(NULL != prp); + PR_ASSERT(NULL != prp->conn); + +- if (!prp->replica_acquired) +- return; ++ if (!prp->replica_acquired) ++ return; + + replarea_sdn = agmt_get_replarea(prp->agmt); + payload = NSDS50EndReplicationRequest_new((char *)slapi_sdn_get_dn(replarea_sdn)); /* XXXggood had to cast away const */ +@@ -650,9 +700,14 @@ protocol_response2string (int response) + case NSDS50_REPL_BELOW_PURGEPOINT: return "csn below purge point"; + case NSDS50_REPL_INTERNAL_ERROR: return "internal error"; + case NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED: return "replica released"; +- case NSDS50_REPL_LEGACY_CONSUMER: return "replica is a legacy consumer"; +- case NSDS50_REPL_REPLICAID_ERROR: return "duplicate replica ID detected"; +- case NSDS50_REPL_UPTODATE: return "no change to send"; ++ case NSDS50_REPL_LEGACY_CONSUMER: return "replica is a legacy consumer"; ++ case NSDS50_REPL_REPLICAID_ERROR: return "duplicate replica ID detected"; ++ case NSDS50_REPL_UPTODATE: return "no change to send"; ++ case NSDS50_REPL_CL_ERROR: return "changelog error"; ++ case NSDS50_REPL_CONN_ERROR: return "connection error"; ++ case NSDS50_REPL_CONN_TIMEOUT: return "connection timeout"; ++ case NSDS50_REPL_TRANSIENT_ERROR: return "transient error"; ++ case NSDS50_REPL_RUV_ERROR: return "RUV error"; + default: return "unknown error"; + } + } +diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c +index 011e4ca..59e5298 100644 +--- a/ldap/servers/plugins/replication/repl5_replica_config.c ++++ b/ldap/servers/plugins/replication/repl5_replica_config.c +@@ -639,8 +639,8 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* + } + + done: +- if (mtnode_ext->replica) +- object_release (mtnode_ext->replica); ++ if (mtnode_ext->replica) ++ object_release (mtnode_ext->replica); + + /* slapi_ch_free accepts NULL pointer */ + slapi_ch_free_string(&replica_root); +diff --git a/ldap/servers/plugins/replication/repl5_total.c b/ldap/servers/plugins/replication/repl5_total.c +index 0512dfa..dcb7af5 100644 +--- a/ldap/servers/plugins/replication/repl5_total.c ++++ b/ldap/servers/plugins/replication/repl5_total.c +@@ -533,8 +533,9 @@ my_ber_scanf_value(BerElement *ber, Slapi_Value **value, PRBool *deleted) + goto loser; + } + +- if (attrval) +- ber_bvfree(attrval); ++ if (attrval) ++ ber_bvfree(attrval); ++ + return 0; + + loser: +-- +2.4.11 + diff --git a/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch b/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch deleted file mode 100644 index 077923f..0000000 --- a/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 0cf9e38234476a0f3680ea388351f9bf90735818 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Fri, 14 Aug 2015 11:19:24 -0700 -Subject: [PATCH 45/45] Ticket #48250 - Slapd crashes reported from latest - build - -Bug Description: There was a conflict between an import task and -deleting the instance. While the import task was still running, -the backend instance was removed, which should have been rejected. - -Fix Description: Backend tasks keeps instance refcnt positive and -disable the backend in the mapping tree. This patch adds the -check for the mapping tree in the backend deletion callback. If -the instance refcnt is positive or the mapping tree is disabled, -the deletion is backed off. - -For the backend deletion, the referral info is not needed. To -reduce unnecessary allocation and free, adding the code which -checks if the given referral variable is NULL or not to mtn_get_be. -If it is NULL, no allocation for the referral entry occurs. - -https://fedorahosted.org/389/ticket/48250 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit 01fea1f89a680358245677f72a67e9ccf196f66d) -(cherry picked from commit 7a4b0a705ec7376e704f6ae591beabf6c8f890af) ---- - ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 11 +++-- - ldap/servers/slapd/mapping_tree.c | 52 ++++++++++++++---------- - 2 files changed, 39 insertions(+), 24 deletions(-) - -diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c -index 895d846..42c8ffe 100644 ---- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c -+++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c -@@ -128,7 +128,7 @@ ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_ - - /* - * Config DSE callback for index deletes. -- */ -+ */ - int - ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg) - { -@@ -138,15 +138,19 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla - const struct berval *attrValue; - int rc = SLAPI_DSE_CALLBACK_OK; - struct attrinfo *ainfo = NULL; -+ Slapi_Backend *be = NULL; - - returntext[0] = '\0'; - *returncode = LDAP_SUCCESS; - -- if (slapi_counter_get_value(inst->inst_ref_count) > 0) { -+ if ((slapi_counter_get_value(inst->inst_ref_count) > 0) || -+ /* check if the backend is ON or not. -+ * If offline or being deleted, non SUCCESS is returned. */ -+ (slapi_mapping_tree_select(pb, &be, NULL, returntext) != LDAP_SUCCESS)) { - *returncode = LDAP_UNAVAILABLE; - rc = SLAPI_DSE_CALLBACK_ERROR; -+ goto bail; - } -- - *returncode = LDAP_SUCCESS; - - slapi_entry_attr_find(e, "cn", &attr); -@@ -165,6 +169,7 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla - rc = SLAPI_DSE_CALLBACK_ERROR; - } - } -+bail: - return rc; - } - -diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c -index ca8d6af..165eba1 100644 ---- a/ldap/servers/slapd/mapping_tree.c -+++ b/ldap/servers/slapd/mapping_tree.c -@@ -2171,7 +2171,9 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry - } - - be[0] = NULL; -- referral[0] = NULL; -+ if (referral) { -+ referral[0] = NULL; -+ } - - mtn_lock(); - -@@ -2658,7 +2660,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb, - ((SLAPI_OPERATION_SEARCH == op_type)||(SLAPI_OPERATION_BIND == op_type) || - (SLAPI_OPERATION_UNBIND == op_type) || (SLAPI_OPERATION_COMPARE == op_type))) || - override_referral) { -- *referral = NULL; -+ if (referral) { -+ *referral = NULL; -+ } - if ((target_node == mapping_tree_root) ){ - /* If we got here, then we couldn't find a matching node - * for the target. We'll use the default backend. Once -@@ -2679,22 +2683,25 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb, - /* there is only one backend no choice possible */ - *index = 0; - } else { -- *index = mtn_get_be_distributed(pb, target_node, -- target_sdn, &flag_stop); -- if (*index == SLAPI_BE_NO_BACKEND) -- result = LDAP_UNWILLING_TO_PERFORM; -- } -- } -- if (*index == SLAPI_BE_REMOTE_BACKEND) { -- *be = NULL; -- *referral = (target_node->mtn_referral_entry ? -- slapi_entry_dup(target_node->mtn_referral_entry) : -- NULL); -+ *index = mtn_get_be_distributed(pb, target_node, target_sdn, &flag_stop); -+ if (*index == SLAPI_BE_NO_BACKEND) { -+ result = LDAP_UNWILLING_TO_PERFORM; -+ } -+ } -+ } -+ if (*index == SLAPI_BE_REMOTE_BACKEND) { -+ *be = NULL; -+ if (referral) { -+ *referral = (target_node->mtn_referral_entry ? -+ slapi_entry_dup(target_node->mtn_referral_entry) : NULL); -+ } - (*index)++; - }else if ((*index == SLAPI_BE_NO_BACKEND) || (*index >= target_node->mtn_be_count)) { -- /* we have already returned all backends -> return NULL */ -+ /* we have already returned all backends -> return NULL */ - *be = NULL; -- *referral = NULL; -+ if (referral) { -+ *referral = NULL; -+ } - } else { - /* return next backend, increment index */ - *be = target_node->mtn_be[*index]; -@@ -2749,7 +2756,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb, - * send back NULL to jump to next node - */ - *be = NULL; -- *referral = NULL; -+ if (referral) { -+ *referral = NULL; -+ } - result = LDAP_SUCCESS; - } else { - /* first time we hit this referral -> return it -@@ -2758,11 +2767,12 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb, - * returned this referral - */ - *be = NULL; -- *referral = (target_node->mtn_referral_entry ? -- slapi_entry_dup(target_node->mtn_referral_entry) : -- NULL); -+ if (referral) { -+ *referral = (target_node->mtn_referral_entry ? -+ slapi_entry_dup(target_node->mtn_referral_entry) : NULL); -+ } - (*index)++; -- if (NULL == *referral) { -+ if (NULL == target_node->mtn_referral_entry) { - if (errorbuf) { - PR_snprintf(errorbuf, BUFSIZ, - "Mapping tree node for %s is set to return a referral," -@@ -2782,7 +2792,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb, - "mapping tree selected backend : %s\n", - slapi_be_get_name(*be)); - slapi_be_Rlock(*be); -- } else if (*referral) { -+ } else if (referral && *referral) { - slapi_log_error(SLAPI_LOG_ARGS, NULL, - "mapping tree selected referral at node : %s\n", - slapi_sdn_get_dn(target_node->mtn_subtree)); --- -1.9.3 - diff --git a/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch b/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch new file mode 100644 index 0000000..094033c --- /dev/null +++ b/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch @@ -0,0 +1,227 @@ +From 1c4faa3c235c42abde1d7fe93cb43429772b65a6 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Fri, 26 Aug 2016 18:51:42 -0400 +Subject: [PATCH 45/45] Ticket 48972 - remove old pwp code that adds/removes + ACIs + +Bug Description: Old legacy code is still present in the DS that used + to enforce the password policy "user may change password" + using ACIs. This old code would re-add the ACI for + selfwrite on userpassword at server startup. + +Fix Description: The current password policy does not depend on these access + access control rules to enforce if a user can change their + password or not. + +https://fedorahosted.org/389/ticket/48972 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit 32881be120f14b952de67a0d533ad94ba0956093) +--- + ldap/servers/slapd/add.c | 15 -------- + ldap/servers/slapd/libglobs.c | 14 ------- + ldap/servers/slapd/proto-slap.h | 3 -- + ldap/servers/slapd/pw.c | 81 ----------------------------------------- + ldap/servers/slapd/pw_mgmt.c | 9 +---- + 5 files changed, 1 insertion(+), 121 deletions(-) + +diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c +index 629017e..708d3e7 100644 +--- a/ldap/servers/slapd/add.c ++++ b/ldap/servers/slapd/add.c +@@ -643,21 +643,6 @@ static void op_shared_add (Slapi_PBlock *pb) + } + + slapi_pblock_set(pb, SLAPI_BACKEND, be); +- /* we set local password policy ACI for non-replicated operations only */ +- if (!repl_op && +- !operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP) && +- !operation_is_flag_set(operation, OP_FLAG_LEGACY_REPLICATION_DN) && +- !slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA) && +- !slapi_be_private(be) && +- slapi_be_issuffix (be, slapi_entry_get_sdn_const(e))) +- { +- /* this is a suffix. update the pw aci */ +- slapdFrontendConfig_t *slapdFrontendConfig; +- slapdFrontendConfig = getFrontendConfig(); +- pw_add_allowchange_aci(e, !slapdFrontendConfig->pw_policy.pw_change && +- !slapdFrontendConfig->pw_policy.pw_must_change); +- } +- + + if (!repl_op) + { +diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c +index a630c6c..faf521b 100644 +--- a/ldap/servers/slapd/libglobs.c ++++ b/ldap/servers/slapd/libglobs.c +@@ -2601,13 +2601,6 @@ config_set_pw_change( const char *attrname, char *value, char *errorbuf, int app + errorbuf, + apply); + +- if (retVal == LDAP_SUCCESS) { +- /* LP: Update ACI to reflect the value ! */ +- if (apply) +- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change && +- !slapdFrontendConfig->pw_policy.pw_must_change); +- } +- + return retVal; + } + +@@ -2638,13 +2631,6 @@ config_set_pw_must_change( const char *attrname, char *value, char *errorbuf, in + errorbuf, + apply); + +- if (retVal == LDAP_SUCCESS) { +- /* LP: Update ACI to reflect the value ! */ +- if (apply) +- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change && +- !slapdFrontendConfig->pw_policy.pw_must_change); +- } +- + return retVal; + } + +diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h +index 1f37010..712642f 100644 +--- a/ldap/servers/slapd/proto-slap.h ++++ b/ldap/servers/slapd/proto-slap.h +@@ -951,9 +951,6 @@ void get_old_pw( Slapi_PBlock *pb, const Slapi_DN *sdn, char **old_pw); + int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only /*no wire/no pw policy*/); + int check_pw_minage( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) ; + void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e ); +-void mod_allowchange_aci(char *val); +-void pw_mod_allowchange_aci(int pw_prohibit_change); +-void pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change); + + int add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e); + +diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c +index 7469b9e..3f2cdb0 100644 +--- a/ldap/servers/slapd/pw.c ++++ b/ldap/servers/slapd/pw.c +@@ -1337,69 +1337,6 @@ slapi_add_pwd_control ( Slapi_PBlock *pb, char *arg, long time) { + } + + void +-pw_mod_allowchange_aci(int pw_prohibit_change) +-{ +- const Slapi_DN *base; +- char *values_mod[2]; +- LDAPMod mod; +- LDAPMod *mods[2]; +- Slapi_Backend *be; +- char *cookie = NULL; +- +- mods[0] = &mod; +- mods[1] = NULL; +- mod.mod_type = "aci"; +- mod.mod_values = values_mod; +- +- if (pw_prohibit_change) { +- mod.mod_op = LDAP_MOD_ADD; +- } +- else +- { +- /* Allow change password by default */ +- /* remove the aci if it is there. it is ok to fail */ +- mod.mod_op = LDAP_MOD_DELETE; +- } +- +- be = slapi_get_first_backend (&cookie); +- /* Foreach backend... */ +- while (be) +- { +- /* Don't add aci on a chaining backend holding remote entries */ +- if((!be->be_private) && (!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA))) +- { +- /* There's only One suffix per DB now. No need to loop */ +- base = slapi_be_getsuffix(be, 0); +- if (base != NULL) +- { +- Slapi_PBlock pb; +- int rc; +- +- pblock_init (&pb); +- values_mod[0] = DENY_PW_CHANGE_ACI; +- values_mod[1] = NULL; +- slapi_modify_internal_set_pb_ext(&pb, base, mods, NULL, NULL, +- pw_get_componentID(), 0); +- slapi_modify_internal_pb(&pb); +- slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &rc); +- if (rc == LDAP_SUCCESS){ +- /* +- ** Since we modified the acl +- ** successfully, let's update the +- ** in-memory acl list +- */ +- slapi_pblock_set(&pb, SLAPI_TARGET_SDN, (void *)base); +- plugin_call_acl_mods_update (&pb, LDAP_REQ_MODIFY ); +- } +- pblock_done(&pb); +- } +- } +- be = slapi_get_next_backend (cookie); +- } +- slapi_ch_free((void **) &cookie); +-} +- +-void + add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e ) + { + struct berval bv; +@@ -1583,24 +1520,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char + return ( 0 ); + } + +- +-void +-pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change) { +- char *aci_pw = NULL; +- const char *aciattr = "aci"; +- +- aci_pw = slapi_ch_strdup(DENY_PW_CHANGE_ACI); +- +- if (pw_prohibit_change) { +- /* Add ACI */ +- slapi_entry_add_string(e, aciattr, aci_pw); +- } else { +- /* Remove ACI */ +- slapi_entry_delete_string(e, aciattr, aci_pw); +- } +- slapi_ch_free((void **) &aci_pw); +-} +- + int + pw_is_pwp_admin(Slapi_PBlock *pb, passwdPolicy *pwp){ + Slapi_DN *bind_sdn = NULL; +diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c +index 5470556..7252c08 100644 +--- a/ldap/servers/slapd/pw_mgmt.c ++++ b/ldap/servers/slapd/pw_mgmt.c +@@ -256,13 +256,8 @@ skip: + void + pw_init ( void ) + { +- slapdFrontendConfig_t *slapdFrontendConfig; +- + pw_set_componentID(generate_componentid(NULL, COMPONENT_PWPOLICY)); +- +- slapdFrontendConfig = getFrontendConfig(); +- pw_mod_allowchange_aci (!slapdFrontendConfig->pw_policy.pw_change && +- !slapdFrontendConfig->pw_policy.pw_must_change); ++ + #if defined(USE_OLD_UNHASHED) + slapi_add_internal_attr_syntax( PSEUDO_ATTR_UNHASHEDUSERPASSWORD, + PSEUDO_ATTR_UNHASHEDUSERPASSWORD_OID, +@@ -273,5 +268,3 @@ pw_init ( void ) + SLAPI_ATTR_FLAG_NOEXPOSE); + #endif + } +- +- +-- +2.4.11 + diff --git a/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch b/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch deleted file mode 100644 index 245fe21..0000000 --- a/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch +++ /dev/null @@ -1,158 +0,0 @@ -From 34024061a980fa5472fab680b873c0666413e5ec Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 17 Aug 2015 14:51:17 -0400 -Subject: [PATCH 46/47] Ticket 48233 - Server crashes in ACL_LasFindFlush - during shutdown if ACIs contain IP addresss restrictions - -Bug Description: The server will crash at shutdown if there are ACI's that use IP rules. - -Fix Description: When we stop the acl plugin we need to free aci avl list first, before - we free the libaccess ACL global lists. Otherwise, we dereference a freed - struct. - -https://fedorahosted.org/389/ticket/48233 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 22d315b910b086d3e7edca3b6b52511d5da63802) -(cherry picked from commit 57c5d35b4a5ea3e85ae2a7471cbe487531ee3835) ---- - dirsrvtests/tickets/ticket48233_test.py | 105 ++++++++++++++++++++++++++++++++ - ldap/servers/plugins/acl/aclplugin.c | 2 +- - 2 files changed, 106 insertions(+), 1 deletion(-) - create mode 100644 dirsrvtests/tickets/ticket48233_test.py - -diff --git a/dirsrvtests/tickets/ticket48233_test.py b/dirsrvtests/tickets/ticket48233_test.py -new file mode 100644 -index 0000000..387279d ---- /dev/null -+++ b/dirsrvtests/tickets/ticket48233_test.py -@@ -0,0 +1,105 @@ -+import os -+import sys -+import time -+import ldap -+import logging -+import pytest -+from lib389 import DirSrv, Entry, tools, tasks -+from lib389.tools import DirSrvTools -+from lib389._constants import * -+from lib389.properties import * -+from lib389.tasks import * -+from lib389.utils import * -+ -+logging.getLogger(__name__).setLevel(logging.DEBUG) -+log = logging.getLogger(__name__) -+ -+installation1_prefix = None -+ -+ -+class TopologyStandalone(object): -+ def __init__(self, standalone): -+ standalone.open() -+ self.standalone = standalone -+ -+ -+@pytest.fixture(scope="module") -+def topology(request): -+ global installation1_prefix -+ if installation1_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix -+ -+ # Creating standalone instance ... -+ standalone = DirSrv(verbose=False) -+ args_instance[SER_HOST] = HOST_STANDALONE -+ args_instance[SER_PORT] = PORT_STANDALONE -+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE -+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX -+ args_standalone = args_instance.copy() -+ standalone.allocate(args_standalone) -+ instance_standalone = standalone.exists() -+ if instance_standalone: -+ standalone.delete() -+ standalone.create() -+ standalone.open() -+ -+ # Delete each instance in the end -+ def fin(): -+ standalone.delete() -+ request.addfinalizer(fin) -+ -+ # Clear out the tmp dir -+ standalone.clearTmpDir(__file__) -+ -+ return TopologyStandalone(standalone) -+ -+ -+def test_ticket48233(topology): -+ """Test that ACI's that use IP restrictions do not crash the server at -+ shutdown -+ """ -+ -+ # Add aci to restrict access my ip -+ aci_text = ('(targetattr != "userPassword")(version 3.0;acl ' + -+ '"Enable anonymous access - IP"; allow (read,compare,search)' + -+ '(userdn = "ldap:///anyone") and (ip="127.0.0.1");)') -+ -+ try: -+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', aci_text)]) -+ except ldap.LDAPError as e: -+ log.error('Failed to add aci: (%s) error %s' % (aci_text, e.message['desc'])) -+ assert False -+ time.sleep(1) -+ -+ # Anonymous search to engage the aci -+ try: -+ topology.standalone.simple_bind_s("", "") -+ except ldap.LDAPError as e: -+ log.error('Failed to anonymously bind -error %s' % (e.message['desc'])) -+ assert False -+ -+ try: -+ entries = topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'objectclass=*') -+ if not entries: -+ log.fatal('Failed return an entries from search') -+ assert False -+ except ldap.LDAPError, e: -+ log.fatal('Search failed: ' + e.message['desc']) -+ assert False -+ -+ # Restart the server -+ topology.standalone.restart(timeout=10) -+ -+ # Check for crash -+ if topology.standalone.detectDisorderlyShutdown(): -+ log.fatal('Server crashed!') -+ assert False -+ -+ log.info('Test complete') -+ -+ -+if __name__ == '__main__': -+ # Run isolated -+ # -s for DEBUG mode -+ CURRENT_FILE = os.path.realpath(__file__) -+ pytest.main("-s %s" % CURRENT_FILE) -\ No newline at end of file -diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c -index 45a6315..d90996e 100644 ---- a/ldap/servers/plugins/acl/aclplugin.c -+++ b/ldap/servers/plugins/acl/aclplugin.c -@@ -269,13 +269,13 @@ aclplugin_stop ( Slapi_PBlock *pb ) - { - int rc = 0; /* OK */ - -+ free_acl_avl_list(); - ACL_Destroy(); - acl_destroy_aclpb_pool(); - acl_remove_ext(); - ACL_AttrGetterHashDestroy(); - ACL_MethodHashDestroy(); - ACL_DestroyPools(); -- free_acl_avl_list(); - aclanom__del_profile(1); - aclgroup_free(); - //aclext_free_lockarray(); --- -1.9.3 - diff --git a/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch b/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch new file mode 100644 index 0000000..d710373 --- /dev/null +++ b/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch @@ -0,0 +1,192 @@ +From d8399105d3b9ca281522624fdd471360b8ea59f6 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Tue, 30 Aug 2016 10:32:45 -0400 +Subject: [PATCH 46/47] Ticket 48970 - Serverside sorting crashes the server + +Bug Description: When using a matching rule and server side sorting + the server does a double-free on the matching rule + keys which crashes the server. + +Fix Description: Set the pblock pointer to NULL after the keys are + freed. This prevents the double free. + + Also fixed some complier warnings/indentation. + +Valgrind: passed + +https://fedorahosted.org/389/ticket/48970 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit 43997fa8782ca93e20595ae10e303d85e5b765f4) +--- + ldap/servers/plugins/collation/collate.c | 14 ++++---- + ldap/servers/plugins/collation/orfilter.c | 55 ++++++++++++++++++------------- + ldap/servers/slapd/back-ldbm/sort.c | 12 +++---- + 3 files changed, 43 insertions(+), 38 deletions(-) + +diff --git a/ldap/servers/plugins/collation/collate.c b/ldap/servers/plugins/collation/collate.c +index 0480280..483a132 100644 +--- a/ldap/servers/plugins/collation/collate.c ++++ b/ldap/servers/plugins/collation/collate.c +@@ -347,23 +347,23 @@ collation_index (indexer_t* ix, struct berval** bvec, struct berval** prefixes) + return keys; + } + ++/* The destructor function for a collation-based indexer. */ + static void + collation_indexer_destroy (indexer_t* ix) +- /* The destructor function for a collation-based indexer. */ + { + collation_indexer_t* etc = (collation_indexer_t*) ix->ix_etc; + if (etc->converter) { +- ucnv_close(etc->converter); +- etc->converter = NULL; ++ ucnv_close(etc->converter); ++ etc->converter = NULL; + } + + if (etc->collator) { +- ucol_close(etc->collator); +- etc->collator = NULL; ++ ucol_close(etc->collator); ++ etc->collator = NULL; + } + if (etc->ix_keys != NULL) { +- ber_bvecfree (etc->ix_keys); +- etc->ix_keys = NULL; ++ ber_bvecfree (etc->ix_keys); ++ etc->ix_keys = NULL; + } + slapi_ch_free((void**)&ix->ix_etc); + ix->ix_etc = NULL; /* just for hygiene */ +diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c +index 8dc4246..084fdf6 100644 +--- a/ldap/servers/plugins/collation/orfilter.c ++++ b/ldap/servers/plugins/collation/orfilter.c +@@ -34,7 +34,7 @@ static void + indexer_free (indexer_t* ix) + { + if (ix->ix_destroy != NULL) { +- ix->ix_destroy (ix); ++ ix->ix_destroy (ix); + } + slapi_ch_free((void**)&ix); + } +@@ -221,23 +221,28 @@ op_filter_match (or_filter_t* or, struct berval** vals) + auto indexer_t* ix = or->or_indexer; + auto struct berval** v = ix->ix_index (ix, vals, NULL); + if (v != NULL) for (; *v; ++v) { +- auto struct berval** k = or->or_match_keys; +- if (k != NULL) for (; *k; ++k) { +- switch (or->or_op) { +- case SLAPI_OP_LESS: +- if (slapi_berval_cmp (*v, *k) < 0) return 0; break; +- case SLAPI_OP_LESS_OR_EQUAL: +- if (slapi_berval_cmp (*v, *k) <= 0) return 0; break; +- case SLAPI_OP_EQUAL: +- if (SLAPI_BERVAL_EQ (*v, *k)) return 0; break; +- case SLAPI_OP_GREATER_OR_EQUAL: +- if (slapi_berval_cmp (*v, *k) >= 0) return 0; break; +- case SLAPI_OP_GREATER: +- if (slapi_berval_cmp (*v, *k) > 0) return 0; break; +- default: +- break; +- } +- } ++ auto struct berval** k = or->or_match_keys; ++ if (k != NULL) for (; *k; ++k) { ++ switch (or->or_op) { ++ case SLAPI_OP_LESS: ++ if (slapi_berval_cmp (*v, *k) < 0) return 0; ++ break; ++ case SLAPI_OP_LESS_OR_EQUAL: ++ if (slapi_berval_cmp (*v, *k) <= 0) return 0; ++ break; ++ case SLAPI_OP_EQUAL: ++ if (SLAPI_BERVAL_EQ (*v, *k)) return 0; ++ break; ++ case SLAPI_OP_GREATER_OR_EQUAL: ++ if (slapi_berval_cmp (*v, *k) >= 0) return 0; ++ break; ++ case SLAPI_OP_GREATER: ++ if (slapi_berval_cmp (*v, *k) > 0) return 0; ++ break; ++ default: ++ break; ++ } ++ } + } + return -1; + } +@@ -570,7 +575,9 @@ op_indexer_destroy (Slapi_PBlock* pb) + auto indexer_t* ix = op_indexer_get (pb); + LDAPDebug (LDAP_DEBUG_FILTER, "op_indexer_destroy(%p)\n", (void*)ix, 0, 0); + if (ix != NULL) { +- indexer_free (ix); ++ indexer_free (ix); ++ /* The keys were freed, but we need to reset the pblock pointer */ ++ slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL); + } + return 0; + } +@@ -623,10 +630,10 @@ typedef struct ss_indexer_t { + static void + ss_indexer_free (ss_indexer_t* ss) + { +- slapi_ch_free((void**)&ss->ss_oid); ++ slapi_ch_free_string(&ss->ss_oid); + if (ss->ss_indexer != NULL) { +- indexer_free (ss->ss_indexer); +- ss->ss_indexer = NULL; ++ indexer_free (ss->ss_indexer); ++ ss->ss_indexer = NULL; + } + slapi_ch_free((void**)&ss); + } +@@ -647,7 +654,9 @@ ss_indexer_destroy (Slapi_PBlock* pb) + auto ss_indexer_t* ss = ss_indexer_get (pb); + LDAPDebug (LDAP_DEBUG_FILTER, "ss_indexer_destroy(%p)\n", (void*)ss, 0, 0); + if (ss) { +- ss_indexer_free (ss); ++ ss_indexer_free(ss); ++ /* The keys were freed, but we need to reset the pblock pointer */ ++ slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL); + } + } + +diff --git a/ldap/servers/slapd/back-ldbm/sort.c b/ldap/servers/slapd/back-ldbm/sort.c +index 69fe659..46f2dbd 100644 +--- a/ldap/servers/slapd/back-ldbm/sort.c ++++ b/ldap/servers/slapd/back-ldbm/sort.c +@@ -32,15 +32,11 @@ static int print_out_sort_spec(char* buffer,sort_spec *s,int *size); + + static void sort_spec_thing_free(sort_spec_thing *s) + { +- if (NULL != s->type) { +- slapi_ch_free((void **)&s->type); +- } +- if (NULL != s->matchrule) { +- slapi_ch_free( (void**)&s->matchrule); +- } ++ slapi_ch_free_string(&s->type); ++ slapi_ch_free_string(&s->matchrule); + if (NULL != s->mr_pb) { + destroy_matchrule_indexer(s->mr_pb); +- slapi_pblock_destroy (s->mr_pb); ++ slapi_pblock_destroy (s->mr_pb); + } + attr_done(&s->sattr); + slapi_ch_free( (void**)&s); +@@ -116,7 +112,7 @@ void sort_log_access(Slapi_PBlock *pb,sort_spec_thing *s,IDList *candidates) + /* Now output it */ + ldbm_log_access_message(pb,buffer); + if (buffer != stack_buffer) { +- slapi_ch_free( (void**)&buffer); ++ slapi_ch_free_string(&buffer); + } + } + +-- +2.4.11 + diff --git a/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch b/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch deleted file mode 100644 index 616cc6b..0000000 --- a/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch +++ /dev/null @@ -1,147 +0,0 @@ -From d88650af2dc614519bdb138b162d3c6e3b5ae9c5 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 18 Aug 2015 13:43:55 -0700 -Subject: [PATCH 47/47] Ticket #48243 - replica upgrade failed in starting - dirsrv service due to upgrade scripts did not run - -Description: In the upgrade process, there is a combination of requirements: - . the server is running. - . the server instance service is disabled. - . upgrade scripts are expected to run against the instance. - . the server is restarted once the upgrade is done. - . the server instance service remains disabled. -To fulfill the requirements, - . spec file is modified to enumerate slapd dir (except .remove) in the - /etc/dirsrv for getting the server instance. - . Start/Update perl scripts are modified not to create a symlink in - /etc/systemd/system/dirsrv.target.wants for the upgrade case, which - means the service remains disabled. - -https://fedorahosted.org/389/ticket/48243 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 29c09a5bcc7d54be1aa6880b4f2a423edd3dc463) -(cherry picked from commit 2c5e0d5692bcabe16a7e3b8e0d24eb3a88913155) ---- - ldap/admin/src/scripts/DSCreate.pm.in | 7 ++++--- - ldap/admin/src/scripts/DSMigration.pm.in | 2 +- - ldap/admin/src/scripts/DSUpdate.pm.in | 2 +- - rpm/389-ds-base.spec.in | 20 +++++++++++++------- - 4 files changed, 19 insertions(+), 12 deletions(-) - -diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in -index e4a4ed0..cdde339 100644 ---- a/ldap/admin/src/scripts/DSCreate.pm.in -+++ b/ldap/admin/src/scripts/DSCreate.pm.in -@@ -1098,6 +1098,7 @@ sub updateTmpfilesDotD { - } - - sub updateSystemD { -+ my $noservicelink = shift; - my $inf = shift; - my $unitdir = "@systemdsystemunitdir@"; - my $confbasedir = "@systemdsystemconfdir@"; -@@ -1129,7 +1130,7 @@ sub updateSystemD { - next; - } else { - my $servicelink = "$confdir/$pkgname\@$inst.service"; -- if (! -l $servicelink) { -+ if (! -l $servicelink && ! $noservicelink) { - if (!symlink($servicefile, $servicelink)) { - debug(1, "error updating link $servicelink to $servicefile - $!\n"); - push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ]; -@@ -1216,7 +1217,7 @@ sub createDSInstance { - return @errs; - } - -- if (@errs = updateSystemD($inf)) { -+ if (@errs = updateSystemD(0, $inf)) { - return @errs; - } - -@@ -1452,7 +1453,7 @@ sub removeDSInstance { - } - - # update systemd files -- push @errs, updateSystemD(); -+ push @errs, updateSystemD(0); - - # if we got here, report success - if (@errs) { -diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in -index e59e667..630ab43 100644 ---- a/ldap/admin/src/scripts/DSMigration.pm.in -+++ b/ldap/admin/src/scripts/DSMigration.pm.in -@@ -1132,7 +1132,7 @@ sub migrateDS { - } - - # do the systemd stuff -- @errs = DSCreate::updateSystemD($inf); -+ @errs = DSCreate::updateSystemD(0, $inf); - if (@errs) { - $mig->msg(@errs); - goto cleanup; -diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in -index 1809ad9..be1e67c 100644 ---- a/ldap/admin/src/scripts/DSUpdate.pm.in -+++ b/ldap/admin/src/scripts/DSUpdate.pm.in -@@ -408,7 +408,7 @@ sub updateDSInstance { - - push @errs, updateTmpfilesDotD($inf); - -- push @errs, updateSystemD($inf); -+ push @errs, updateSystemD(1, $inf); - - return @errs; - } -diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in -index d0bbb7a..b7556e1 100644 ---- a/rpm/389-ds-base.spec.in -+++ b/rpm/389-ds-base.spec.in -@@ -248,6 +248,7 @@ rm -rf $RPM_BUILD_ROOT - - %post - output=/dev/null -+output2=/dev/null - %systemd_post %{pkgname}-snmp.service - # reload to pick up any changes to systemd files - /bin/systemctl daemon-reload >$output 2>&1 || : -@@ -260,12 +261,17 @@ instances="" # instances that require a restart after upgrade - ninst=0 # number of instances found in total - if [ -n "$DEBUGPOSTTRANS" ] ; then - output=$DEBUGPOSTTRANS -+ output2=${DEBUGPOSTTRANS}.upgrade - fi --echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || : --for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do -- if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches -- inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'` -- echo found instance $inst - getting status >> $output 2>&1 || : -+echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || : -+instbase="%{_sysconfdir}/%{pkgname}" -+for dir in $instbase/slapd-* ; do -+ echo dir = $dir >> $output 2>&1 || : -+ if [ ! -d "$dir" ] ; then continue ; fi -+ case "$dir" in *.removed) continue ;; esac -+ basename=`basename $dir` -+ inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" -+ echo found instance $inst - getting status >> $output 2>&1 || : - if /bin/systemctl -q is-active $inst ; then - echo instance $inst is running >> $output 2>&1 || : - instances="$instances $inst" -@@ -290,9 +296,9 @@ echo remove pid files . . . >> $output 2>&1 || : - echo upgrading instances . . . >> $output 2>&1 || : - DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` - if [ -n "$DEBUGPOSTSETUPOPT" ] ; then -- %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : -+ %{_sbindir}/setup-ds.pl -l $output2 -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : - else -- %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || : -+ %{_sbindir}/setup-ds.pl -l $output2 -u -s General.UpdateMode=offline >> $output 2>&1 || : - fi - - # restart instances that require it --- -1.9.3 - diff --git a/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch b/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch new file mode 100644 index 0000000..1ad2767 --- /dev/null +++ b/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch @@ -0,0 +1,85 @@ +From eaf8b3b97e22bf06152d42b90940212e7acc8e00 Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Tue, 30 Aug 2016 14:25:15 -0400 +Subject: [PATCH 47/47] Ticket 48975- Disabling CLEAR password storage scheme + will crash server when setting a password + +Bug Description: If the CLEAR password storage scheme plugin is disabled, and a + userpassword is set, the server crashes. This is because we + expect this plugin to be enabled when working with the unhashed + password. + +Fix Description: Always check if the password scheme, returned by pw_val2scheme(), + is NULL before dereferencing it. If it is NULL treat it as a + clear text password. + +Valgrind: Passed + +https://fedorahosted.org/389/ticket/48975 + +Reviewed by: nhosoi(Thanks!) + +(cherry picked from commit 52230585a1191bf1e747780b592f291d652e26dd) +--- + ldap/servers/slapd/modify.c | 8 ++++---- + ldap/servers/slapd/pw.c | 4 ++-- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c +index 4a5faa0..72f2db4 100644 +--- a/ldap/servers/slapd/modify.c ++++ b/ldap/servers/slapd/modify.c +@@ -827,7 +827,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) + for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) { + password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val); + pwsp = pw_val2scheme( password, &valpwd, 1 ); +- if(strcmp(pwsp->pws_name, "CLEAR") == 0){ ++ if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){ + /* + * CLEAR password + * +@@ -851,7 +851,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) + const char *userpwd = slapi_value_get_string(present_values[ii]); + + pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 ); +- if(strcmp(pass_scheme->pws_name,"CLEAR")){ ++ if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){ + /* its encoded, so compare it */ + if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){ + /* +@@ -912,7 +912,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) + * provided by the client. + */ + unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 ); +- if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){ ++ if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){ + if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){ + /* match, add the delete mod for this particular unhashed userpassword */ + if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) { +@@ -1156,7 +1156,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value *** + *cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *)); + for(i=0,p=0;ibv_val, NULL, 1 ); +- if(strcmp(pwsp->pws_name, "CLEAR") == 0){ ++ if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){ + (*cvals)[p++] = slapi_value_new_berval(bvals[i]); + } + free_pw_scheme( pwsp ); +diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c +index 3f2cdb0..6f02f90 100644 +--- a/ldap/servers/slapd/pw.c ++++ b/ldap/servers/slapd/pw.c +@@ -234,8 +234,8 @@ void free_pw_scheme(struct pw_scheme *pwsp) + { + if ( pwsp != NULL ) + { +- slapi_ch_free( (void**)&pwsp->pws_name ); +- slapi_ch_free( (void**)&pwsp ); ++ slapi_ch_free_string(&pwsp->pws_name); ++ slapi_ch_free((void**)&pwsp); + } + } + +-- +2.4.11 + diff --git a/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch b/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch deleted file mode 100644 index 8a3830b..0000000 --- a/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0e44c819b72dfad40a7f9eea6067f6060fa9c35b Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Wed, 19 Aug 2015 10:03:50 -0400 -Subject: [PATCH] Ticket 47831 - remove debug logging from retro cl - -Description: Instrumented debug logging was accidentally left in the source. - This logging is being removed. - -https://fedorahosted.org/389/ticket/47931 - -Reviewed by: mreynolds - -(cherry picked from commit db7153f89bf3dda935e6ef4f175697bda32fe720) -(cherry picked from commit 1781280f133c4877f83949400294641a558f5406) ---- - ldap/servers/plugins/retrocl/retrocl_po.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c -index f689373..d9f4e6d 100644 ---- a/ldap/servers/plugins/retrocl/retrocl_po.c -+++ b/ldap/servers/plugins/retrocl/retrocl_po.c -@@ -157,14 +157,11 @@ write_replog_db( - int err = 0; - int ret = LDAP_SUCCESS; - int i; -- int mark = 0; - - if (!dn) { - slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n"); - return ret; - } -- mark = (post_entry && retrocl_entry_in_scope(post_entry)); -- slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark); - - if (post_entry){ - if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){ --- -1.9.3 - diff --git a/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch b/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch new file mode 100644 index 0000000..a9753ed --- /dev/null +++ b/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch @@ -0,0 +1,39 @@ +From 1eebfaff67aa6af7821fcc861fcdf3ef7fc9d25a Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Thu, 1 Sep 2016 12:54:08 -0400 +Subject: [PATCH 48/49] Ticket 48957 - Update repl-monitor to handle new status + messages + +Bug Description: The replication agreement status messages have changed, + and the repl-monitor script was not updated to reflect + these changes. This lead to the html report incorrectly + color coding a successfull status. + +Fix Description: Update the script to ignore "Error (0)" + +https://fedorahosted.org/389/ticket/48957 + +Reviewed by: mreynolds (one line commit rule) + +(cherry picked from commit 32ee33b2222a9bbc0657ceb912ca3fa74ee27dcc) +(cherry picked from commit cf5683ae112528597af70a4e06cfb51e8e0c3c74) +--- + ldap/admin/src/scripts/repl-monitor.pl.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ldap/admin/src/scripts/repl-monitor.pl.in b/ldap/admin/src/scripts/repl-monitor.pl.in +index aa7ab1e..a3efa8e 100755 +--- a/ldap/admin/src/scripts/repl-monitor.pl.in ++++ b/ldap/admin/src/scripts/repl-monitor.pl.in +@@ -877,7 +877,7 @@ sub print_consumers + } + my $redfontstart = ""; + my $redfontend = ""; +- if ($status =~ /error/i) { ++ if ($status !~ /Error \(0\)/i) { + $redfontstart = ""; + $redfontend = ""; + } +-- +2.4.11 + diff --git a/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch b/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch deleted file mode 100644 index e717cd5..0000000 --- a/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 6a07ebb40ee121c176f789d01937d7ceedc77776 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 20 Aug 2015 17:01:28 -0700 -Subject: [PATCH 49/52] Ticket #48254 - CLI db2index fails with usage errors - -Bug Description: -1) CLI db2index had an issue in option handling, which accidentally -added '=' at the end of the previous option. -2) if a value of an option includes a white space, e.g., -T "by MCC -ou=People dc=example dc=com", the value was not passed to the program -as a string. - -Fix Description: -1) Removed unnecessary '='. -2) Quote $OPTARG which could include a white space, and call ns-slapd - command line vai eval. - -https://fedorahosted.org/389/ticket/48254 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit 3507c46c9f1156df11b6cf05eba695d81088b416) -(cherry picked from commit a6d7e3bd29eb63def170f73dc21e967df230f20a) ---- - ldap/admin/src/scripts/db2index.in | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in -index 2b76cd1..6a0785e 100755 ---- a/ldap/admin/src/scripts/db2index.in -+++ b/ldap/admin/src/scripts/db2index.in -@@ -39,13 +39,13 @@ do - benameopt="set";; - s) args=$args" -s $OPTARG" - includeSuffix="set";; -- t) args=$args" -t $OPTARG";; -- T) args=$args=" -T $OPTARG";; -- d) args=$args=" -d $OPTARG";; -- a) args=$args=" -a $OPTARG";; -- x) args=$args=" -x $OPTARG";; -- v) args=$args=" -v";; -- S) args=$args=" -S";; -+ t) args=$args" -t "\"$OPTARG\";; -+ T) args=$args" -T "\"$OPTARG\";; -+ d) args=$args" -d $OPTARG";; -+ a) args=$args" -a $OPTARG";; -+ x) args=$args" -x $OPTARG";; -+ v) args=$args" -v";; -+ S) args=$args" -S";; - D) args=$args" -D $OPTARG";; - ?) usage - exit 1;; -@@ -79,5 +79,5 @@ then - usage - exit 1 - else -- @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args -+ eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args - fi --- -1.9.3 - diff --git a/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch b/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch new file mode 100644 index 0000000..b86c3f8 --- /dev/null +++ b/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch @@ -0,0 +1,35 @@ +From 009e862b170b9a9037852952640558c03ecda481 Mon Sep 17 00:00:00 2001 +From: Noriko Hosoi +Date: Thu, 1 Sep 2016 11:34:53 -0700 +Subject: [PATCH 49/49] Ticket #48969 - nsslapd-auditfaillog always has an + explicit path + +Description: commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4 +introduced a RESOURCE_LEAK. + auditlog.c:180: leaked_storage: Variable "audit_config" going + out of scope leaks the storage it points to. + +Reviewed by nhosoi (one line commit rule) + +(cherry picked from commit 95d820901e7264490bae02b8ca943d09a344d7ac) +(cherry picked from commit b0fc82233a5ea929c5fad835f9e825a8f0b97968) +(cherry picked from commit fc1310e352e124d66d58d0a3e86d45c5573cbfb2) +--- + ldap/servers/slapd/auditlog.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index 85d136c..74d1b46 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -177,6 +177,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) + write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG); + } + slapi_ch_free_string(&auditfail_config); ++ slapi_ch_free_string(&audit_config); + } + + +-- +2.4.11 + diff --git a/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch b/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch new file mode 100644 index 0000000..ba1d19b --- /dev/null +++ b/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch @@ -0,0 +1,52 @@ +From 34ef42f8f839a7c7f40366ae2516aa2692582672 Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Thu, 8 Sep 2016 11:38:15 +0200 +Subject: [PATCH] Bug 1321124 - use a consumer maxcsn only as anchor if + supplier is more advanced + +(cherry picked from commit f4301f6be6bbff3c7bb0180a38f6dfd7e31b8558) +--- + ldap/servers/plugins/replication/cl5_clcache.c | 20 +++++++++----------- + 1 file changed, 9 insertions(+), 11 deletions(-) + +diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c +index 74f0fec..ca8b841 100644 +--- a/ldap/servers/plugins/replication/cl5_clcache.c ++++ b/ldap/servers/plugins/replication/cl5_clcache.c +@@ -717,24 +717,22 @@ clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag ) + curr, conmaxcsn); + } + +- if (csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 || +- csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) > 0 ) { +- if (csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) { ++ if (csn_compare(cscb->local_maxcsn, cscb->consumer_maxcsn) > 0) { ++ /* We have something to send for this RID */ ++ ++ if (csn_compare(cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 || ++ csn_compare(cscb->prev_local_maxcsn, buf->buf_current_csn) > 0) { ++ /* No new changes or it remains, in the buffer, updates to send */ + rid_anchor = buf->buf_current_csn; +- } +- } else { +- /* prev local max csn < csnBuffer AND different from local maxcsn */ +- if (cscb->prev_local_maxcsn == NULL) { ++ } else { ++ /* prev local max csn < csnBuffer AND different from local maxcsn */ + if (cscb->consumer_maxcsn == NULL) { + /* the consumer hasn't seen changes for this RID */ + rid_anchor = cscb->local_mincsn; + rid_flag = DB_SET; +- } else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) { ++ } else { + rid_anchor = cscb->consumer_maxcsn; + } +- } else { +- /* csnPrevMaxSup > 0 */ +- rid_anchor = cscb->consumer_maxcsn; + } + } + +-- +2.4.11 + diff --git a/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch b/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch deleted file mode 100644 index 4582e71..0000000 --- a/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch +++ /dev/null @@ -1,375 +0,0 @@ -From 94bde9f69f10e0811e261b5d53e5bebfcd891820 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 25 Aug 2015 11:48:31 -0700 -Subject: [PATCH 50/52] Ticket #48254 - Shell CLI fails with usage errors if an - argument containing white spaces is given - -Description: In addition to the patch: - Ticket #48254 - CLI db2index fails with usage errors - commit 3507c46c9f1156df11b6cf05eba695d81088b416 -applying the similar changes to all the shell CLI which could be given -arguments that include white spaces. - -https://fedorahosted.org/389/ticket/48254 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 5fe28921810a53dcd31525ba1f675582b6aba0f7) -(cherry picked from commit 19b0d4af54e319e3479b16bf1366568271e3daa6) ---- - ldap/admin/src/scripts/bak2db.in | 10 +++++----- - ldap/admin/src/scripts/db2bak.in | 8 ++++---- - ldap/admin/src/scripts/db2index.in | 10 +++++----- - ldap/admin/src/scripts/db2ldif.in | 14 +++++++------- - ldap/admin/src/scripts/dbverify.in | 10 +++++----- - ldap/admin/src/scripts/dn2rdn.in | 8 ++++---- - ldap/admin/src/scripts/ldif2db.in | 22 +++++++++++----------- - ldap/admin/src/scripts/monitor.in | 8 ++++---- - ldap/admin/src/scripts/suffix2instance.in | 4 ++-- - ldap/admin/src/scripts/upgradedb.in | 8 ++++---- - ldap/admin/src/scripts/upgradednformat.in | 10 +++++----- - ldap/admin/src/scripts/vlvindex.in | 16 ++++++++-------- - 12 files changed, 64 insertions(+), 64 deletions(-) - -diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in -index a2e54cc..ab7c6b3 100755 ---- a/ldap/admin/src/scripts/bak2db.in -+++ b/ldap/admin/src/scripts/bak2db.in -@@ -44,12 +44,12 @@ do - h) usage - exit 0;; - Z) servid=$OPTARG;; -- n) args=$args" -n $OPTARG";; -+ n) args=$args" -n \"$OPTARG\"";; - q) args=$args" -q";; -- d) args=$args" -d $OPTARG";; -+ d) args=$args" -d \"$OPTARG\"";; - v) args=$args" -v";; -- D) args=$args" -D $OPTARG";; -- i) args=$args" -i $OPTARG";; -+ D) args=$args" -D \"$OPTARG\"";; -+ i) args=$args" -i \"$OPTARG\"";; - a) archivedir=$OPTARG;; - S) args=$args" -S";; - ?) usage -@@ -76,4 +76,4 @@ else - archivedir=`pwd`/$archivedir - fi - --@sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args -+eval @sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args -diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in -index 1896c19..adbe30b 100755 ---- a/ldap/admin/src/scripts/db2bak.in -+++ b/ldap/admin/src/scripts/db2bak.in -@@ -43,10 +43,10 @@ do - q) args=$args" -q";; - v) args=$args" -v";; - S) args=$args" -S";; -- D) args=$args" -D $OPTARG";; -- i) args=$args" -i $OPTARG";; -+ D) args=$args" -D \"$OPTARG\"";; -+ i) args=$args" -i \"$OPTARG\"";; - a) $bakdir=$OPTARG;; -- d) args=$args" -d $OPTARG";; -+ d) args=$args" -d \"$OPTARG\"";; - Z) servid=$OPTARG;; - ?) usage - exit 1;; -@@ -72,4 +72,4 @@ then - fi - - echo "Back up directory: $bak_dir" --@sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args -+eval @sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args -diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in -index 6a0785e..c8e9075 100755 ---- a/ldap/admin/src/scripts/db2index.in -+++ b/ldap/admin/src/scripts/db2index.in -@@ -35,15 +35,15 @@ do - h) usage - exit 0;; - Z) servid=$OPTARG;; -- n) args=$args" -n $OPTARG" -+ n) args=$args" -n \"$OPTARG\"" - benameopt="set";; -- s) args=$args" -s $OPTARG" -+ s) args=$args" -s \"$OPTARG\"" - includeSuffix="set";; - t) args=$args" -t "\"$OPTARG\";; - T) args=$args" -T "\"$OPTARG\";; -- d) args=$args" -d $OPTARG";; -- a) args=$args" -a $OPTARG";; -- x) args=$args" -x $OPTARG";; -+ d) args=$args" -d \"$OPTARG\"";; -+ a) args=$args" -a \"$OPTARG\"";; -+ x) args=$args" -x \"$OPTARG\"";; - v) args=$args" -v";; - S) args=$args" -S";; - D) args=$args" -D $OPTARG";; -diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in -index fcf73a0..e9f7f7e 100755 ---- a/ldap/admin/src/scripts/db2ldif.in -+++ b/ldap/admin/src/scripts/db2ldif.in -@@ -106,12 +106,12 @@ do - Z) servid=$OPTARG;; - n) benameopt="-n $OPTARG" - required_param="yes";; -- s) includeSuffix="-s $OPTARG" -+ s) includeSuffix="-s \"$OPTARG\"" - required_param="yes";; -- x) excludeSuffix="-x $OPTARG";; -- a) outputFile="-a $OPTARG";; -- d) args=$args" -d $OPTARG";; -- D) args=$args" -D $OPTARG";; -+ x) excludeSuffix="-x \"$OPTARG\"";; -+ a) outputFile="-a \"$OPTARG\"";; -+ d) args=$args" -d \"$OPTARG\"";; -+ D) args=$args" -D \"$OPTARG\"";; - N) args=$args" -N";; - E) args=$args" -E";; - S) args=$args" -S";; -@@ -154,7 +154,7 @@ rn=$? - echo "Exported ldif file: $ldif_file" - if [ $rn -eq 1 ] - then -- @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args -+ eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args - else -- @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file -+ eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file - fi -diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in -index bbacc17..b98e9b2 100755 ---- a/ldap/admin/src/scripts/dbverify.in -+++ b/ldap/admin/src/scripts/dbverify.in -@@ -33,14 +33,14 @@ do - h) usage - exit 0;; - Z) servid=$OPTARG;; -- n) args=$args" -n $OPTARG";; -- d) args=$args" -d $OPTARG";; -+ n) args=$args" -n \"$OPTARG\"";; -+ d) args=$args" -d \"$OPTARG\"";; - V) args=$args" -V";; - v) args=$args" -v" - display_version="yes";; - f) args=$args" -f";; -- D) args=$args" -D $OPTARG";; -- a) args=$args" -a $OPTARG";; -+ D) args=$args" -D \"$OPTARG\"";; -+ a) args=$args" -a \"$OPTARG\"";; - ?) usage - exit 1;; - esac -@@ -57,7 +57,7 @@ fi - - . $initfile - --@sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args -+eval @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args - if [ $display_version = "yes" ]; then - exit 0 - fi -diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in -index 616969a..762e63a 100755 ---- a/ldap/admin/src/scripts/dn2rdn.in -+++ b/ldap/admin/src/scripts/dn2rdn.in -@@ -27,12 +27,12 @@ do - h) usage - exit 0;; - Z) servid=$OPTARG;; -- d) arg=$arg" -d $OPTARG";; -- a) arg=$arg" -a $OPTARG" -+ d) arg=$arg" -d \"$OPTARG\"";; -+ a) arg=$arg" -a \"$OPTARG\"" - archive="provided";; - v) arg=$arg" -v";; - f) arg=$arg" -f";; -- D) arg=$arg" -D $OPTARG";; -+ D) arg=$arg" -D \"$OPTARG\"";; - ?) usage - exit 1;; - esac -@@ -55,4 +55,4 @@ if [ "$archive" != "provided" ]; then - args=$args"-a $bak_dir" - fi - --@sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args -+eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args -diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in -index a34241a..3aed469 100755 ---- a/ldap/admin/src/scripts/ldif2db.in -+++ b/ldap/admin/src/scripts/ldif2db.in -@@ -59,16 +59,16 @@ do - h) usage - exit 0;; - Z) servid=$OPTARG;; -- n) args=$args" -n $OPTARG";; -- i) args=$args" -i $OPTARG";; -- s) args=$args" -s $OPTARG";; -- x) args=$args" -x $OPTARG";; -- c) args=$args" -c $OPTARG";; -- d) args=$args" -d $OPTARG";; -- g) args=$args" -g $OPTARG";; -- G) args=$args" -G $OPTARG";; -- t) args=$args" -t $OPTARG";; -- D) args=$args" -D $OPTARG";; -+ n) args=$args" -n \"$OPTARG\"";; -+ i) args=$args" -i \"$OPTARG\"";; -+ s) args=$args" -s \"$OPTARG\"";; -+ x) args=$args" -x \"$OPTARG\"";; -+ c) args=$args" -c \"$OPTARG\"";; -+ d) args=$args" -d \"$OPTARG\"";; -+ g) args=$args" -g \"$OPTARG\"";; -+ G) args=$args" -G \"$OPTARG\"";; -+ t) args=$args" -t \"$OPTARG\"";; -+ D) args=$args" -D \"$OPTARG\"";; - E) args=$args" -E";; - v) args=$args" -v";; - N) args=$args" -N";; -@@ -104,6 +104,6 @@ if [ $quiet -eq 0 ]; then - echo importing data ... - fi - --@sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1 -+eval @sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1 - - exit $? -diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in -index 36a2fc9..e9265a1 100755 ---- a/ldap/admin/src/scripts/monitor.in -+++ b/ldap/admin/src/scripts/monitor.in -@@ -73,8 +73,8 @@ fi - rm $file - - if [ -n "$passwd" ]; then -- dn="-D $rootdn" -- passwd="-w$passwd" -+ dn="-D \"$rootdn\"" -+ passwd="-w \"$passwd\"" - fi - if [ -n "$ldapiURL" ] - then -@@ -109,9 +109,9 @@ if [ "$security" = "on" ]; then - echo "Using the next most secure protocol(STARTTLS)" - fi - if [ "$openldap" = "yes" ]; then -- ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" -+ eval ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" - else -- ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" -+ eval ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*" - fi - exit $? - fi -diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in -index 7774148..d7c6661 100755 ---- a/ldap/admin/src/scripts/suffix2instance.in -+++ b/ldap/admin/src/scripts/suffix2instance.in -@@ -24,7 +24,7 @@ while getopts "Z:s:h" flag - do - case $flag in - Z) servid=$OPTARG;; -- s) args=$args" -s $OPTARG";; -+ s) args=$args" -s \"$OPTARG\"";; - h) usage - exit 0;; - ?) usage -@@ -55,4 +55,4 @@ then - exit 1 - fi - --@sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1 -+eval @sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1 -diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in -index bf600dd..2b7c79d 100755 ---- a/ldap/admin/src/scripts/upgradedb.in -+++ b/ldap/admin/src/scripts/upgradedb.in -@@ -29,10 +29,10 @@ do - v) args=$args" -v";; - f) args=$args" -f";; - r) args=$args" -r";; -- d) args=$args" -d $OPTARG";; -- a) args=$args" -a $OPTARG" -+ d) args=$args" -d \"$OPTARG\"";; -+ a) args=$args" -a \"$OPTARG\"" - archive_provided="yes";; -- D) args=$args" -D $OPTARG";; -+ D) args=$args" -D \"$OPTARG\"";; - h) usage - exit 0;; - esac -@@ -56,4 +56,4 @@ then - fi - - echo upgrade index files ... --@sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args -+eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args -diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in -index 51585ae..9de60ea 100755 ---- a/ldap/admin/src/scripts/upgradednformat.in -+++ b/ldap/admin/src/scripts/upgradednformat.in -@@ -36,14 +36,14 @@ do - Z) servid=$OPTARG;; - v) args=$args" -v";; - N) args=$args" -N";; -- d) args=$args" -d $OPTARG";; -- a) args=$args" -a $OPTARG" -+ d) args=$args" -d \"$OPTARG\"";; -+ a) args=$args" -a \"$OPTARG\"" - dir="set";; -- n) args=$args" -n $OPTARG" -+ n) args=$args" -n \"$OPTARG\"" - be="set";; - h) usage - exit 0;; -- D) args=$args" -D $OPTARG";; -+ D) args=$args" -D \"$OPTARG\"";; - ?) usage - exit 1;; - esac -@@ -65,7 +65,7 @@ fi - - . $initfile - --@sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args -+eval @sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args - rc=$? - - exit $rc -diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in -index 365e32f..a1696bc 100755 ---- a/ldap/admin/src/scripts/vlvindex.in -+++ b/ldap/admin/src/scripts/vlvindex.in -@@ -29,14 +29,14 @@ do - case $flag in - Z) servid=$OPTARG;; - v) args=$args" -v";; -- s) args=$args" -s $OPTARG";; -- d) args=$args" -d $OPTARG";; -- a) args=$args" -a $OPTARG";; -- T) args=$args" -T $OPTARG";; -+ s) args=$args" -s \"$OPTARG\"";; -+ d) args=$args" -d \"$OPTARG\"";; -+ a) args=$args" -a \"$OPTARG\"";; -+ T) args=$args" -T \"$OPTARG\"";; - S) args=$args" -S";; -- n) args=$args" -n $OPTARG";; -- x) args=$args" -x $OPTARG";; -- D) args=$args" -D $OPTARG";; -+ n) args=$args" -n \"$OPTARG\"";; -+ x) args=$args" -x \"$OPTARG\"";; -+ D) args=$args" -D \"$OPTARG\"";; - h) usage - exit 0;; - ?) usage -@@ -61,4 +61,4 @@ then - exit 1 - fi - --@sbindir@/ns-slapd db2index -D $CONFIG_DIR $args -+eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args --- -1.9.3 - diff --git a/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch b/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch deleted file mode 100644 index f24f18a..0000000 --- a/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch +++ /dev/null @@ -1,45 +0,0 @@ -From ba9f2607b8bf565e2f6d1f8751c16c0b485a7210 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Mon, 24 Aug 2015 16:13:12 -0700 -Subject: [PATCH 51/52] Ticket #47757 - Unable to dereference unqiemember - attribute because it is dn [#UID] not dn syntax - -Description: In addtion to DN syntax, adding Name and Optional UID -syntax to the deref attr's OID check. - -https://fedorahosted.org/389/ticket/47757 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 2dbbb9df4691590f788049a822c47eb501182c85) -(cherry picked from commit 626f2d7060390a3234ebb50b92937d1ec5a89481) ---- - ldap/servers/plugins/deref/deref.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c -index 35c2564..f476a4d 100644 ---- a/ldap/servers/plugins/deref/deref.c -+++ b/ldap/servers/plugins/deref/deref.c -@@ -20,6 +20,9 @@ - #ifndef DN_SYNTAX_OID - #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12" - #endif -+#ifndef NAME_AND_OPTIONAL_UID_SYNTAX_OID -+#define NAME_AND_OPTIONAL_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34" -+#endif - - /* - * Plug-in globals -@@ -290,7 +293,7 @@ deref_check_for_dn_syntax(const char *derefattr) - - slapi_attr_init(attr, derefattr); - slapi_attr_get_syntax_oid_copy(attr, &oid); -- ret = oid && !strcmp(oid, DN_SYNTAX_OID); -+ ret = oid && (!strcmp(oid, DN_SYNTAX_OID) || !strcmp(oid, NAME_AND_OPTIONAL_UID_SYNTAX_OID)); - slapi_ch_free_string(&oid); - slapi_attr_free(&attr); - } --- -1.9.3 - diff --git a/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch b/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch deleted file mode 100644 index 4b31ffd..0000000 --- a/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 679e7b024e36ac9dfce85766f5d82cc272911e53 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 25 Aug 2015 16:31:10 -0700 -Subject: [PATCH 52/52] Ticket #48228 - wrong password check if - passwordInHistory is decreased. - -Description: Regression was added by this commit: - commit 1a119125856006543aae0520b5800a8b52c3b049 - Ticket #48228 - wrong password check if passwordInHistory is decreased. -Compare function pw_history_cmp used in qsort did not check the correct -address for the timestamp string, which made qsort return the password -history in the wrong order. - -https://fedorahosted.org/389/ticket/48228 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!) - -(cherry picked from commit 391acfcf9a67b9b27ebbd98d1dfe30ef54a027c4) -(cherry picked from commit 096b386663c949136095def77a7fb12eee64e542) ---- - ldap/servers/slapd/pw.c | 21 ++++++++------------- - 1 file changed, 8 insertions(+), 13 deletions(-) - -diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c -index 3abebbf..4e222d7 100644 ---- a/ldap/servers/slapd/pw.c -+++ b/ldap/servers/slapd/pw.c -@@ -1085,8 +1085,6 @@ retry: - static int - pw_history_cmp(const void *h0, const void *h1) - { -- size_t h0sz = 0; -- size_t h1sz = 0; - if (!h0) { - if (!h1) { - return 0; -@@ -1097,23 +1095,20 @@ pw_history_cmp(const void *h0, const void *h1) - if (!h1) { - return 1; - } else { -- size_t delta; -- h0sz = strlen(h0); -- h1sz = strlen(h1); -- delta = h0sz - h1sz; -- if (!delta) { -- return delta; -- } -- if (h0sz < GENERALIZED_TIME_LENGTH) { -+ char *h0str = *(char **)h0; -+ char *h1str = *(char **)h1; -+ size_t h0sz = strlen(h0str); -+ size_t h1sz = strlen(h1str); -+ if ((h0sz < GENERALIZED_TIME_LENGTH) || -+ (h1sz < GENERALIZED_TIME_LENGTH)) { - /* too short for the history str. */ -- return 0; -+ return h0sz - h1sz; - } -+ return PL_strncmp(h0str, h1str, GENERALIZED_TIME_LENGTH); - } - } -- return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH); - } - -- - static int - update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw ) - { --- -1.9.3 - diff --git a/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch b/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch deleted file mode 100644 index a428a37..0000000 --- a/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch +++ /dev/null @@ -1,54 +0,0 @@ -From c03a9f7c121355aefadc92ed67bcb6f400196017 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 2 Sep 2015 14:28:27 -0700 -Subject: [PATCH 53/54] Ticket #48265 - Complex filter in a search request - doen't work as expected. (regression) - -Description: commit c2658c14802783d0a8919783aa7123be9e749c18 to fix -Ticket 47521 - Complex filter in a search request doen't work as expected. -regressed this case: - "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(|(uid=*test*)(cn=*test*))(o=X))" -in which a simple filter follows a complex filter which choice is -different from the outer choice. I.e., '|' for (uid=...)(cn=...) -is different from the first '&'. - -The fix for 47521 solves this case: - "(&(&(uid=A)(cn=B))(&(givenname=C))(mail=D)(&(description=E)))" -in this case, (mail=D) used to be dropped from the filter in the -function index_subsys_flatten_filter. - -The 47521 fix saved the simple filter "(mail=D)" in the 2nd example, -but it forced to skip the complex filter with the different choice -and converted the 1st example to: - "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(o=X))" -This patch saves such a complex filter, as well. - -https://fedorahosted.org/389/ticket/48265 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 8c3d3e4648fbb5229e329e2154d46f1ae808ba02) -(cherry picked from commit 3d9dbf2d441e551495a1f3169dc2020324c484b4) ---- - ldap/servers/slapd/index_subsystem.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/ldap/servers/slapd/index_subsystem.c b/ldap/servers/slapd/index_subsystem.c -index fdaef6a..93bf9d5 100644 ---- a/ldap/servers/slapd/index_subsystem.c -+++ b/ldap/servers/slapd/index_subsystem.c -@@ -412,6 +412,11 @@ static void index_subsys_flatten_filter(Slapi_Filter *flist) - } - else - { -+ /* don't loose a nested filter having a different choice */ -+ if (flast) { -+ flast->f_next = f; -+ flast = f; -+ } - fprev = f; - f = f->f_next; - } --- -1.9.3 - diff --git a/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch b/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch deleted file mode 100644 index 56c535a..0000000 --- a/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 8d4369e6060f7c079b02fa87a0cd0d2ae0488ecd Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 2 Sep 2015 18:04:27 -0700 -Subject: [PATCH 54/54] Ticket #47981 - COS cache doesn't properly mark vattr - cache as invalid when there are multiple suffixes - -Description: commit 42e2df3858a4e14706d57b5c907d1d3768f4d970 for fixing -icket 47981 accidentally added "break" to the while loop when a -condition is satisfied: - if(!cos_cache_add_dn_defs(suffixVals[valIndex]->bv_val ,pDefs)) -which skips the rest of the definitions. This patch removes the -"break". - -https://fedorahosted.org/389/ticket/47981 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 6557b820dca7980067afc2a33184197b2d154a51) -(cherry picked from commit c1721f1d6e2344eefaec817ed47119c15c43fcfc) ---- - ldap/servers/plugins/cos/cos_cache.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c -index ddb85ab..e0b841d 100644 ---- a/ldap/servers/plugins/cos/cos_cache.c -+++ b/ldap/servers/plugins/cos/cos_cache.c -@@ -647,7 +647,6 @@ static int cos_cache_build_definition_list(cosDefinitions **pDefs, int *vattr_ca - { - *vattr_cacheable = -1; - cos_def_available = 1; -- break; - } - } - valIndex++; --- -1.9.3 - diff --git a/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch b/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch deleted file mode 100644 index f77fb37..0000000 --- a/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 4040a7b0968db2aa5b905c7268abf57eca2ec8c2 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 14 Sep 2015 12:01:08 -0400 -Subject: [PATCH 55/61] Ticket 48276 - initialize free_flags in - reslimit_update_from_entry() - -Description: In reslimit_update_from_entry() the free_flags was not initialized, - which could lead to it being seen as set, and cause an entry's - vattrs to be incorrectly/unexpectedly freed. - -https://fedorahosted.org/389/ticket/48276 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 2311c71cec33c29863bdb1dabe1ed363679316d3) -(cherry picked from commit 5f32582d043a5498791dda5af7091bf1a4a320f0) ---- - ldap/servers/slapd/resourcelimit.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/ldap/servers/slapd/resourcelimit.c b/ldap/servers/slapd/resourcelimit.c -index 8c0a09c..7630f88 100644 ---- a/ldap/servers/slapd/resourcelimit.c -+++ b/ldap/servers/slapd/resourcelimit.c -@@ -342,11 +342,14 @@ reslimit_update_from_dn( Slapi_Connection *conn, Slapi_DN *dn ) - int - reslimit_update_from_entry( Slapi_Connection *conn, Slapi_Entry *e ) - { -- char *fnname = "reslimit_update_from_entry()"; -- char *actual_type_name, *get_ext_logname; -- int i, rc, type_name_disposition, free_flags; -- SLAPIResLimitConnData *rlcdp; -- Slapi_ValueSet *vs; -+ SLAPIResLimitConnData *rlcdp = NULL; -+ Slapi_ValueSet *vs = NULL; -+ char *fnname = "reslimit_update_from_entry()"; -+ char *actual_type_name = NULL; -+ char *get_ext_logname = NULL; -+ int type_name_disposition = 0; -+ int free_flags = 0; -+ int rc, i; - - LDAPDebug( SLAPI_RESLIMIT_TRACELEVEL, "=> %s conn=0x%x, entry=0x%x\n", - fnname, conn, e ); --- -1.9.3 - diff --git a/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch deleted file mode 100644 index adc14d9..0000000 --- a/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 14e08bde4a48a8e8b56edc817b5d1e3d56b96c72 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 15 Sep 2015 18:25:02 -0700 -Subject: [PATCH 56/61] Ticket #48226 - In MMR, double free coould occur under - some special condition - -Description: commit a0f8e0f981a046882db299a7a6d6d1c01bc19571 introduced -a memory leak in the case of resolve_attribute_state_present_to_deleted. -In the case, csnset is not consumed. Thus, it has to be freed by csnset_ -free. - -https://fedorahosted.org/389/ticket/48226 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit b26ec6762fe2b5d37ade59243086cfd2308e8f0a) -(cherry picked from commit 4a3efc3330a034fa485f33e453054758561d4cea) ---- - ldap/servers/slapd/entrywsi.c | 22 +++++++++++----------- - ldap/servers/slapd/valueset.c | 1 + - 2 files changed, 12 insertions(+), 11 deletions(-) - -diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c -index e719dce..a8f8455 100644 ---- a/ldap/servers/slapd/entrywsi.c -+++ b/ldap/servers/slapd/entrywsi.c -@@ -1280,23 +1280,23 @@ resolve_attribute_state_present_to_deleted(Slapi_Entry *e, Slapi_Attr *a, Slapi_ - const CSN *adcsn= attr_get_deletion_csn(a); - int i; - if ( valuestoupdate != NULL && valuestoupdate[0] != NULL ) { -- for (i=0;valuestoupdate[i]!=NULL;++i) { -- /* This call ensures that the value does not contain a deletion_csn -- * which is before the presence_csn or distinguished_csn of the value. -- */ -- purge_attribute_state_multi_valued(a, valuestoupdate[i]); -- vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED); -- vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED); -- deletedcsn= csn_max(vdcsn, adcsn); -+ for (i=0;valuestoupdate[i]!=NULL;++i) { -+ /* This call ensures that the value does not contain a deletion_csn -+ * which is before the presence_csn or distinguished_csn of the value. -+ */ -+ purge_attribute_state_multi_valued(a, valuestoupdate[i]); -+ vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED); -+ vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED); -+ deletedcsn= csn_max(vdcsn, adcsn); - if(csn_compare(vucsn,deletedcsn)<0) - { -- if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn)) -+ if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn)) - { - entry_present_value_to_deleted_value(a,valuestoupdate[i]); - } - } -- valuestoupdate[i]->v_csnset = NULL; -- } -+ csnset_free(&valuestoupdate[i]->v_csnset); -+ } - } - } - -diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c -index 7eabb82..50c0e52 100644 ---- a/ldap/servers/slapd/valueset.c -+++ b/ldap/servers/slapd/valueset.c -@@ -1416,6 +1416,7 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a, - { - value_update_csn(v,t,csn); - if (csnref_updated) { -+ csnset_free(&valuestoupdate[i]->v_csnset); - valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v)); - } - valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]); --- -1.9.3 - diff --git a/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch b/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch deleted file mode 100644 index 35347f1..0000000 --- a/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch +++ /dev/null @@ -1,335 +0,0 @@ -From 05e127c89281cece8bc1fa79bac6b95cc23dcca9 Mon Sep 17 00:00:00 2001 -From: Thierry Bordaz -Date: Fri, 11 Sep 2015 18:56:53 +0200 -Subject: [PATCH 57/61] Ticket 48266: Fractional replication evaluates several - times the same CSN - -Bug Description: - In fractional replication if there are only skipped updates and many of them, the supplier - acquire the replica for a long time. At the end of the session, RUV is not updated - so the next session will restart evaluating the same skipped updates - -Fix Description: - The fix introduces subentries under the suffix: 'cn=repl keep alive ,$SUFFIX' - During an incremental replication session, if the session only contains skipped updates - and the number of them overpass a threshold (100), it triggers an update on that subentry. - - This update will eventually be replicated, moving forward the RUV - -https://fedorahosted.org/389/ticket/48266 - -Reviewed by: Noriko Hosoi, Rich Megginson, Simon Pichugin - -Platforms tested: - -Flag Day: no - -Doc impact: no - -(cherry picked from commit 6343e4cba17802e19daa5c971120fa352ff80ad4) ---- - ldap/servers/plugins/replication/repl5.h | 2 + - .../plugins/replication/repl5_inc_protocol.c | 39 ++++++ - ldap/servers/plugins/replication/repl5_replica.c | 156 +++++++++++++++++++++ - .../plugins/replication/repl5_tot_protocol.c | 13 +- - 4 files changed, 209 insertions(+), 1 deletion(-) - -diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h -index 0b0f26b..17282bb 100644 ---- a/ldap/servers/plugins/replication/repl5.h -+++ b/ldap/servers/plugins/replication/repl5.h -@@ -523,6 +523,8 @@ Replica *windows_replica_new(const Slapi_DN *root); - during addition of the replica over LDAP */ - Replica *replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_operation); - void replica_destroy(void **arg); -+int replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid); -+int replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid); - PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid, - const char *locking_purl, - char **current_purl); -diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c -index 216de3c..e0599e5 100644 ---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c -+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c -@@ -1672,6 +1672,11 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - int finished = 0; - ConnResult replay_crc; - char csn_str[CSN_STRSIZE]; -+ PRBool subentry_update_sent = PR_FALSE; -+ PRBool subentry_update_needed = PR_FALSE; -+ int skipped_updates = 0; -+ int fractional_repl; -+#define FRACTIONAL_SKIPPED_THRESHOLD 100 - - /* Start the results reading thread */ - rd = repl5_inc_rd_new(prp); -@@ -1688,6 +1693,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - - memset ( (void*)&op, 0, sizeof (op) ); - entry.op = &op; -+ fractional_repl = agmt_is_fractional(prp->agmt); - do { - cl5_operation_parameters_done ( entry.op ); - memset ( (void*)entry.op, 0, sizeof (op) ); -@@ -1783,6 +1789,15 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - csn_as_string(entry.op->csn, PR_FALSE, csn_str); - replica_id = csn_get_replicaid(entry.op->csn); - uniqueid = entry.op->target_address.uniqueid; -+ -+ if (fractional_repl && message_id) -+ { -+ /* This update was sent no need to update the subentry -+ * and restart counting the skipped updates -+ */ -+ subentry_update_needed = PR_FALSE; -+ skipped_updates = 0; -+ } - - if (prp->repl50consumer && message_id) - { -@@ -1813,6 +1828,16 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - agmt_get_long_name(prp->agmt), - entry.op->target_address.uniqueid, csn_str); - agmt_inc_last_update_changecount (prp->agmt, csn_get_replicaid(entry.op->csn), 1 /*skipped*/); -+ if (fractional_repl) -+ { -+ skipped_updates++; -+ if (skipped_updates > FRACTIONAL_SKIPPED_THRESHOLD) { -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ "%s: skipped updates is too high (%d) if no other update is sent we will update the subentry\n", -+ agmt_get_long_name(prp->agmt), skipped_updates); -+ subentry_update_needed = PR_TRUE; -+ } -+ } - } - } - break; -@@ -1878,6 +1903,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - PR_Unlock(rd->lock); - } while (!finished); - -+ if (fractional_repl && subentry_update_needed) -+ { -+ Replica *replica; -+ ReplicaId rid = -1; /* Used to create the replica keep alive subentry */ -+ replica = (Replica*) object_get_data(prp->replica_object); -+ if (replica) -+ { -+ rid = replica_get_rid(replica); -+ } -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ "%s: skipped updates was definitely too high (%d) update the subentry now\n", -+ agmt_get_long_name(prp->agmt), skipped_updates); -+ replica_subentry_update(agmt_get_replarea(prp->agmt), rid); -+ } - /* Terminate the results reading thread */ - if (!prp->repl50consumer) - { -diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c -index 92b4e96..6ac28c1 100644 ---- a/ldap/servers/plugins/replication/repl5_replica.c -+++ b/ldap/servers/plugins/replication/repl5_replica.c -@@ -414,6 +414,161 @@ replica_destroy(void **arg) - slapi_ch_free((void **)arg); - } - -+#define KEEP_ALIVE_ATTR "keepalivetimestamp" -+#define KEEP_ALIVE_ENTRY "repl keep alive" -+#define KEEP_ALIVE_DN_FORMAT "cn=%s %d,%s" -+ -+ -+static int -+replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid) -+{ -+ char *entry_string = NULL; -+ Slapi_Entry *e = NULL; -+ Slapi_PBlock *pb = NULL; -+ int return_value; -+ int rc = 0; -+ -+ entry_string = slapi_ch_smprintf("dn: cn=%s %d,%s\nobjectclass: top\nobjectclass: ldapsubentry\nobjectclass: extensibleObject\ncn: %s %d", -+ KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), KEEP_ALIVE_ENTRY, rid); -+ if (entry_string == NULL) { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "replica_subentry_create add failed in slapi_ch_smprintf\n"); -+ rc = -1; -+ goto done; -+ } -+ -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "add %s\n", entry_string); -+ e = slapi_str2entry(entry_string, 0); -+ -+ /* create the entry */ -+ pb = slapi_pblock_new(); -+ -+ -+ slapi_add_entry_internal_set_pb(pb, e, NULL, /* controls */ -+ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* flags */); -+ slapi_add_internal_pb(pb); -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value); -+ if (return_value != LDAP_SUCCESS && return_value != LDAP_ALREADY_EXISTS) -+ { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to " -+ "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e), -+ ldap_err2string(return_value)); -+ rc = -1; -+ slapi_entry_free(e); /* The entry was not consumed */ -+ goto done; -+ } -+ -+done: -+ -+ slapi_pblock_destroy(pb); -+ slapi_ch_free_string(&entry_string); -+ return rc; -+ -+} -+ -+int -+replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid) -+{ -+ Slapi_PBlock *pb; -+ char *filter = NULL; -+ Slapi_Entry **entries = NULL; -+ int res; -+ int rc = 0; -+ -+ pb = slapi_pblock_new(); -+ filter = slapi_ch_smprintf("(&(objectclass=ldapsubentry)(cn=%s %d))", KEEP_ALIVE_ENTRY, rid); -+ slapi_search_internal_set_pb(pb, slapi_sdn_get_dn(repl_root), LDAP_SCOPE_ONELEVEL, -+ filter, NULL, 0, NULL, NULL, -+ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0); -+ slapi_search_internal_pb(pb); -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res); -+ if (res == LDAP_SUCCESS) -+ { -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); -+ if (entries && (entries[0] == NULL)) -+ { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "Need to create replication keep alive entry \n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root)); -+ rc = replica_subentry_create(repl_root, rid); -+ } else { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "replication keep alive entry already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root)); -+ rc = 0; -+ } -+ } else { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "Error accessing replication keep alive entry res=%d\n", -+ KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), res); -+ /* The status of the entry is not clear, do not attempt to create it */ -+ rc = 1; -+ } -+ slapi_free_search_results_internal(pb); -+ -+ slapi_pblock_destroy(pb); -+ slapi_ch_free_string(&filter); -+ return rc; -+} -+ -+int -+replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid) -+{ -+ int ldrc; -+ int rc = LDAP_SUCCESS; /* Optimistic default */ -+ LDAPMod * mods[2]; -+ LDAPMod mod; -+ struct berval * vals[2]; -+ char buf[20]; -+ time_t curtime; -+ struct tm ltm; -+ struct berval val; -+ Slapi_PBlock *modpb = NULL; -+ char *dn; -+ -+ replica_subentry_check(repl_root, rid); -+ curtime = current_time(); -+ gmtime_r(&curtime, <m); -+ strftime(buf, sizeof (buf), "%Y%m%d%H%M%SZ", <m); -+ -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "subentry_update called at %s\n", buf); -+ -+ -+ val.bv_val = buf; -+ val.bv_len = strlen(val.bv_val); -+ -+ vals [0] = &val; -+ vals [1] = NULL; -+ -+ mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES; -+ mod.mod_type = KEEP_ALIVE_ATTR; -+ mod.mod_bvalues = vals; -+ -+ mods[0] = &mod; -+ mods[1] = NULL; -+ -+ modpb = slapi_pblock_new(); -+ dn = slapi_ch_smprintf(KEEP_ALIVE_DN_FORMAT, KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root)); -+ -+ slapi_modify_internal_set_pb(modpb, dn, mods, NULL, NULL, -+ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0); -+ slapi_modify_internal_pb(modpb); -+ -+ slapi_pblock_get(modpb, SLAPI_PLUGIN_INTOP_RESULT, &ldrc); -+ -+ if (ldrc != LDAP_SUCCESS) -+ { -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ "Failure (%d) to update replication keep alive entry \"%s: %s\"\n", ldrc, KEEP_ALIVE_ATTR, buf); -+ rc = ldrc; -+ } else { -+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, -+ "Successful update of replication keep alive entry \"%s: %s\"\n", KEEP_ALIVE_ATTR, buf); -+ } -+ -+ slapi_pblock_destroy(modpb); -+ slapi_ch_free_string(&dn); -+ return rc; -+ -+} - /* - * Attempt to obtain exclusive access to replica (advisory only) - * -@@ -3816,6 +3971,7 @@ replica_enable_replication (Replica *r) - /* What to do ? */ - } - -+ replica_subentry_check(r->repl_root, replica_get_rid(r)); - /* Replica came back online, Check if the total update was terminated. - If flag is still set, it was not terminated, therefore the data is - very likely to be incorrect, and we should not restart Replication threads... -diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c -index d9401cf..e004af4 100644 ---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c -+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c -@@ -318,6 +318,9 @@ repl5_tot_run(Private_Repl_Protocol *prp) - int portnum = 0; - Slapi_DN *area_sdn = NULL; - CSN *remote_schema_csn = NULL; -+ int init_retry = 0; -+ Replica *replica; -+ ReplicaId rid = 0; /* Used to create the replica keep alive subentry */ - - PR_ASSERT(NULL != prp); - -@@ -395,7 +398,15 @@ repl5_tot_run(Private_Repl_Protocol *prp) - ctrls = (LDAPControl **)slapi_ch_calloc (3, sizeof (LDAPControl *)); - ctrls[0] = create_managedsait_control (); - ctrls[1] = create_backend_control(area_sdn); -- -+ -+ /* Time to make sure it exists a keep alive subentry for that replica */ -+ replica = (Replica*) object_get_data(prp->replica_object); -+ if (replica) -+ { -+ rid = replica_get_rid(replica); -+ } -+ replica_subentry_check(area_sdn, rid); -+ - slapi_search_internal_set_pb (pb, slapi_sdn_get_dn (area_sdn), - LDAP_SCOPE_SUBTREE, "(|(objectclass=ldapsubentry)(objectclass=nstombstone)(nsuniqueid=*))", NULL, 0, ctrls, NULL, - repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0); --- -1.9.3 - diff --git a/SOURCES/0058-Ticket-48266-coverity-issue.patch b/SOURCES/0058-Ticket-48266-coverity-issue.patch deleted file mode 100644 index 7cbc726..0000000 --- a/SOURCES/0058-Ticket-48266-coverity-issue.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 25fa7a078549404141f1fd36b277a857a615df83 Mon Sep 17 00:00:00 2001 -From: Thierry Bordaz -Date: Fri, 18 Sep 2015 18:38:19 +0200 -Subject: [PATCH 58/61] Ticket 48266: coverity issue - -(cherry picked from commit 8cd4f45a9621dfaea7249179919b783857c9f22c) ---- - ldap/servers/plugins/replication/repl5_inc_protocol.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c -index e0599e5..7680340 100644 ---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c -+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c -@@ -1672,7 +1672,6 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - int finished = 0; - ConnResult replay_crc; - char csn_str[CSN_STRSIZE]; -- PRBool subentry_update_sent = PR_FALSE; - PRBool subentry_update_needed = PR_FALSE; - int skipped_updates = 0; - int fractional_repl; --- -1.9.3 - diff --git a/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch b/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch deleted file mode 100644 index b6f97be..0000000 --- a/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch +++ /dev/null @@ -1,67 +0,0 @@ -From ac98944372376a0d41a33dfe84a99bfaa151699f Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Fri, 18 Sep 2015 11:56:29 -0400 -Subject: [PATCH 59/61] Ticket 48217 - cleanallruv - fix regression with server - shutdown - -Bug Description: Recent checks for server shutdown were added to cleanallruv task, - but we did not properly check for "shutdown" at the end of the task. - This caused the server to think the task successfully finished, - when in fact it did not. - -Fix Description: Properly check for shutdown at the end of the task, and handler it - appropriately. - -https://fedorahosted.org/389/ticket/48217 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit c41d36de0ca438bf23e4e810bfec0fd59cbc790b) -(cherry picked from commit d9f03f5fddfc8ba7009c9dcc584686e43d6339e8) ---- - ldap/servers/plugins/replication/repl5_replica_config.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c -index 446da3f..8d3c481 100644 ---- a/ldap/servers/plugins/replication/repl5_replica_config.c -+++ b/ldap/servers/plugins/replication/repl5_replica_config.c -@@ -1948,7 +1948,7 @@ done: - /* - * If the replicas are cleaned, release the rid - */ -- if(!aborted){ -+ if(!aborted && !slapi_is_shutting_down()){ - delete_cleaned_rid_config(data); - /* make sure all the replicas have been "pre_cleaned" before finishing */ - check_replicas_are_done_cleaning(data); -@@ -3005,7 +3005,7 @@ replica_abort_task_thread(void *arg) - } - - /* -- * Now send the cleanruv extended op to all the agreements -+ * Now send the abort cleanruv extended op to all the agreements - */ - while(agmt_not_notified && !slapi_is_shutting_down()){ - agmt_obj = agmtlist_get_first_agreement_for_replica (data->replica); -@@ -3013,7 +3013,7 @@ replica_abort_task_thread(void *arg) - agmt_not_notified = 0; - break; - } -- while (agmt_obj){ -+ while (agmt_obj && !slapi_is_shutting_down()){ - agmt = (Repl_Agmt*)object_get_data (agmt_obj); - if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){ - agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj); -@@ -3058,7 +3058,7 @@ replica_abort_task_thread(void *arg) - } /* while */ - - done: -- if(agmt_not_notified){ -+ if(agmt_not_notified || slapi_is_shutting_down()){ - /* failure */ - cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Abort task failed, will resume the task at the next server startup."); - } else { --- -1.9.3 - diff --git a/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch b/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch deleted file mode 100644 index f9138cf..0000000 --- a/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch +++ /dev/null @@ -1,78 +0,0 @@ -From caab3e19a97d58450bbf06034974d4631aa904b6 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Fri, 18 Sep 2015 11:13:43 -0700 -Subject: [PATCH 60/61] Ticket #48188 - segfault in ns-slapd due to accessing - Slapi_DN freed in pre bind plug-in - -This patch is based upon the patch provided by Simo Sorce for -Ticket #48272 - Allow PRE_BIND plugins to mangle DNs - -Description: -Allow a pre_bind plugin to map a DN to another - -This is useful for plugins that deal with virtual trees or non-standard -clients binding with values that are not proper DNs and similar situations. - -Signed-off-by: Simo Sorce - -2 changes are made to the original patch: -1. removed "slapi_sdn_free(&sdn)" with this comment: - * It is a plug-in's responsibility to free the original Slapi_DN. - Note: slapi-nis already freed the original sdn. -2. reset dn from the new sdn. - dn = slapi_sdn_get_dn(sdn); - -https://fedorahosted.org/389/ticket/48188 - -Reviewed by rmeggins@redhat.com and lkrispen@redhat.com. - -(cherry picked from commit 40e0d0f80d6fd1271431e105580293747c43c327) -(cherry picked from commit 6871f4f6d14198563f7f3cb0646a00faa28d35ea) ---- - ldap/servers/slapd/bind.c | 21 ++++++++++++++++++--- - 1 file changed, 18 insertions(+), 3 deletions(-) - -diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c -index 1bd604f..4ec276a 100644 ---- a/ldap/servers/slapd/bind.c -+++ b/ldap/servers/slapd/bind.c -@@ -669,7 +669,7 @@ do_bind( Slapi_PBlock *pb ) - - slapi_pblock_set( pb, SLAPI_BACKEND, be ); - -- /* not root dn - pass to the backend */ -+ /* not root dn - pass to the backend */ - if ( be->be_bind != NULL ) { - - /* -@@ -677,10 +677,25 @@ do_bind( Slapi_PBlock *pb ) - * the backend bind function. then call the post-bind - * plugins. - */ -- if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) -- == 0 ) { -+ if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 ) { - rc = 0; - -+ /* Check if a pre_bind plugin mapped the DN to another backend */ -+ Slapi_DN *pb_sdn; -+ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn); -+ if (pb_sdn != sdn) { -+ /* -+ * Slapi_DN set in pblock was changed by a pre bind plug-in. -+ * It is a plug-in's responsibility to free the original Slapi_DN. -+ */ -+ sdn = pb_sdn; -+ dn = slapi_sdn_get_dn(sdn); -+ -+ slapi_be_Unlock(be); -+ be = slapi_be_select(sdn); -+ slapi_be_Rlock(be); -+ } -+ - /* - * Is this account locked ? - * could be locked through the account inactivation --- -1.9.3 - diff --git a/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch b/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch deleted file mode 100644 index 0ce22e8..0000000 --- a/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch +++ /dev/null @@ -1,172 +0,0 @@ -From 91e8872841e18eb96f2680fba180d636bb0a2a67 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Fri, 18 Sep 2015 15:19:51 -0700 -Subject: [PATCH 61/61] Ticket #48188 - segfault in ns-slapd due to accessing - Slapi_DN freed in pre bind plug-in - -Description: Additional fixes based upon the comments by rmeggins@redhat.com -(Thank you, Rich!!). -https://fedorahosted.org/389/ticket/48188?replyto=24#comment:24 -1. Implemented the case 2) - If the plugin changes the SLAPI_BIND_TARGET_SDN *value*, - we need to select a different backend. It is possible - (but not very useful) for the plugin to change the pointer, - but use the same value. -2. Added an api slapi_be_select_exact which returns NULL if - there is no matching backend. - -https://fedorahosted.org/389/ticket/48188 - -Reviewed by rmeggins@redhat.com (Thank you!) - -(cherry picked from commit 8212a8913b748cd1f5e986a754c37ef41db8272a) -(cherry picked from commit a215c006e0900caaa555def9e047e295844d8652) ---- - ldap/servers/slapd/bind.c | 47 +++++++++++++++++++++++++++++---------- - ldap/servers/slapd/mapping_tree.c | 19 ++++++++++++++++ - ldap/servers/slapd/slapi-plugin.h | 1 + - 3 files changed, 55 insertions(+), 12 deletions(-) - -diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c -index 4ec276a..474b508 100644 ---- a/ldap/servers/slapd/bind.c -+++ b/ldap/servers/slapd/bind.c -@@ -107,6 +107,7 @@ do_bind( Slapi_PBlock *pb ) - int auto_bind = 0; - int minssf = 0; - int minssf_exclude_rootdse = 0; -+ Slapi_DN *original_sdn = NULL; - - LDAPDebug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 ); - -@@ -660,10 +661,9 @@ do_bind( Slapi_PBlock *pb ) - goto free_and_return; - } - -- if (referral) -- { -- send_referrals_from_entry(pb,referral); -- slapi_entry_free(referral); -+ if (referral) { -+ send_referrals_from_entry(pb,referral); -+ slapi_entry_free(referral); - goto free_and_return; - } - -@@ -671,29 +671,50 @@ do_bind( Slapi_PBlock *pb ) - - /* not root dn - pass to the backend */ - if ( be->be_bind != NULL ) { -- -+ original_sdn = slapi_sdn_dup(sdn); - /* - * call the pre-bind plugins. if they succeed, call - * the backend bind function. then call the post-bind - * plugins. - */ - if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 ) { -+ int sdn_updated = 0; - rc = 0; - - /* Check if a pre_bind plugin mapped the DN to another backend */ - Slapi_DN *pb_sdn; - slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn); -- if (pb_sdn != sdn) { -+ if (!pb_sdn) { -+ PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n"); -+ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL); -+ goto free_and_return; -+ } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) { - /* - * Slapi_DN set in pblock was changed by a pre bind plug-in. - * It is a plug-in's responsibility to free the original Slapi_DN. - */ - sdn = pb_sdn; - dn = slapi_sdn_get_dn(sdn); -- -- slapi_be_Unlock(be); -- be = slapi_be_select(sdn); -- slapi_be_Rlock(be); -+ if (!dn) { -+ PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n"); -+ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL); -+ goto free_and_return; -+ } -+ if (!sdn_updated) { /* pb_sdn != sdn; need to compare the dn's. */ -+ sdn_updated = slapi_sdn_compare(original_sdn, sdn); -+ } -+ if (sdn_updated) { /* call slapi_be_select only when the DN is updated. */ -+ slapi_be_Unlock(be); -+ be = slapi_be_select_exact(sdn); -+ if (be) { -+ slapi_be_Rlock(be); -+ slapi_pblock_set( pb, SLAPI_BACKEND, be ); -+ } else { -+ PR_snprintf(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn); -+ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL); -+ goto free_and_return; -+ } -+ } - } - - /* -@@ -845,10 +866,12 @@ account_locked: - } - - free_and_return:; -- if (be) -+ slapi_sdn_free(&original_sdn); -+ if (be) { - slapi_be_Unlock(be); -+ } - if (bind_sdn_in_pb) { -- slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn); -+ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn); - } - slapi_sdn_free(&sdn); - slapi_ch_free_string( &saslmech ); -diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c -index 165eba1..20c2cc3 100644 ---- a/ldap/servers/slapd/mapping_tree.c -+++ b/ldap/servers/slapd/mapping_tree.c -@@ -3095,6 +3095,25 @@ slapi_be_select( const Slapi_DN *sdn ) /* JCM - The name of this should change?? - return be; - } - -+Slapi_Backend * -+slapi_be_select_exact(const Slapi_DN *sdn) -+{ -+ Slapi_Backend *be = NULL; -+ mapping_tree_node *node = NULL; -+ -+ if (!sdn) { -+ LDAPDebug0Args(LDAP_DEBUG_ANY, "slapi_be_select_exact: Empty Slapi_DN is given.\n"); -+ return NULL; -+ } -+ node = slapi_get_mapping_tree_node_by_dn(sdn); -+ -+ if (node && node->mtn_be) { -+ be = node->mtn_be[0]; -+ } -+ -+ return be; -+} -+ - /* Check if the dn targets an internal reserved backends */ - int - slapi_on_internal_backends(const Slapi_DN *sdn) -diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h -index 6b04610..564da44 100644 ---- a/ldap/servers/slapd/slapi-plugin.h -+++ b/ldap/servers/slapd/slapi-plugin.h -@@ -6338,6 +6338,7 @@ Slapi_Backend *slapi_be_new( const char *type, const char *name, - int isprivate, int logchanges ); - void slapi_be_free(Slapi_Backend **be); - Slapi_Backend *slapi_be_select( const Slapi_DN *sdn ); -+Slapi_Backend *slapi_be_select_exact(const Slapi_DN *sdn); - Slapi_Backend *slapi_be_select_by_instance_name( const char *name ); - int slapi_be_exist(const Slapi_DN *sdn); - void slapi_be_delete_onexit(Slapi_Backend *be); --- -1.9.3 - diff --git a/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch b/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch deleted file mode 100644 index 6f83044..0000000 --- a/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 02c520c6fa44f9f2499c79e48531b59d62875a39 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Sat, 19 Sep 2015 09:58:39 -0700 -Subject: [PATCH] Ticket 48266 - coverity -- unused variable 'init_retry' - -Description: Backport error for Ticket 48266 - Fractional replication - evaluates several times the same CSN - (commit 05e127c89281cece8bc1fa79bac6b95cc23dcca9) ---- - ldap/servers/plugins/replication/repl5_tot_protocol.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c -index e004af4..7da893a 100644 ---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c -+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c -@@ -318,7 +318,6 @@ repl5_tot_run(Private_Repl_Protocol *prp) - int portnum = 0; - Slapi_DN *area_sdn = NULL; - CSN *remote_schema_csn = NULL; -- int init_retry = 0; - Replica *replica; - ReplicaId rid = 0; /* Used to create the replica keep alive subentry */ - --- -1.9.3 - diff --git a/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch b/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch deleted file mode 100644 index 2d85f36..0000000 --- a/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 060b9298fd03cbdac725be398e7754f67aa2b5c1 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 22 Sep 2015 09:49:12 -0400 -Subject: [PATCH 63/65] Ticket 48266 - Online init crashes consumer - -Bug Description: When trying to create the 'replica keep alive' entry - on a consumer during an online init, the entry gets freed - in op_shared_add(), and then freed again in - replica_subentry_create() which leads to a crash. - -Fix Description: Do not free the "keep alive" entry if a referral is - returned when trying to create the keep-alive entry. - -https://fedorahosted.org/389/ticket/48266 - -Reviewed by: tbordaz(Thanks!) - -(cherry picked from commit 5538bac519c5363bb456e98d615c9366dedd57d8) -(cherry picked from commit 1c127b40c1c7298839562326babbf2cba65cce1b) ---- - ldap/servers/plugins/replication/repl5_replica.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c -index 6ac28c1..708008c 100644 ---- a/ldap/servers/plugins/replication/repl5_replica.c -+++ b/ldap/servers/plugins/replication/repl5_replica.c -@@ -448,7 +448,9 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid) - repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* flags */); - slapi_add_internal_pb(pb); - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value); -- if (return_value != LDAP_SUCCESS && return_value != LDAP_ALREADY_EXISTS) -+ if (return_value != LDAP_SUCCESS && -+ return_value != LDAP_ALREADY_EXISTS && -+ return_value != LDAP_REFERRAL /* CONSUMER */) - { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to " - "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e), --- -1.9.3 - diff --git a/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch b/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch deleted file mode 100644 index ebe138e..0000000 --- a/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d1598673937a83127249e6c26de6af3a18a5f51c Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 22 Sep 2015 13:41:06 -0400 -Subject: [PATCH 64/65] Ticket 48284 - free entry when internal add fails - -Bug Description: The entry passed to an internal add operaton is expected - to be consumed, but it is not freed during an internal - add when setting slapi_add_internal_pb() returns an error. - -Fix Description: Free the entry in slapi_add_internal_pb() when the operation - is not allowed. - -https://fedorahosted.org/389/ticket/48284 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 622be8bfbc942fe100b8880df72db26e99e1c954) -(cherry picked from commit 99dbfb7601daea80f80d1ea9d29766d76555e01a) ---- - ldap/servers/slapd/add.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c -index 5eb2042..31012a2 100644 ---- a/ldap/servers/slapd/add.c -+++ b/ldap/servers/slapd/add.c -@@ -316,6 +316,12 @@ int slapi_add_internal_pb (Slapi_PBlock *pb) - - if (!allow_operation (pb)) - { -+ /* free the entry as it's expected to be consumed */ -+ Slapi_Entry *e; -+ slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e); -+ slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL); -+ slapi_entry_free(e); -+ - slapi_send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, - "This plugin is not configured to access operation target data", 0, NULL ); - return 0; -@@ -727,8 +733,8 @@ static void op_shared_add (Slapi_PBlock *pb) - slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &pse); - do_ps_service(pse, NULL, LDAP_CHANGETYPE_ADD, 0); - /* -- * If be_add succeeded, then e is consumed except the resurect case. -- * If it is resurect, the corresponding tombstone entry is resurected -+ * If be_add succeeded, then e is consumed except the resurrect case. -+ * If it is resurrect, the corresponding tombstone entry is resurrected - * and put into the cache. - * Otherwise, we set e to NULL to prevent freeing it ourselves. - */ --- -1.9.3 - diff --git a/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch b/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch deleted file mode 100644 index 23541a8..0000000 --- a/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3a3d1f22ea262270bc859aeb4c80928d5a085817 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 22 Sep 2015 13:58:38 -0400 -Subject: [PATCH 65/65] Ticket 48266 - do not free repl keep alive entry on - error - -Description: There is no need to free the "repl keep alive" entry - if any stage of the "add" fails. Otherwise we could - potentially run into a double free. - -https://fedorahosted.org/389/ticket/48266 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit e5d9b0c741af1c3ea5e8212148a3ba95ee18925b) -(cherry picked from commit f95e73f620987de9107246b30b28fd463024b61f) ---- - ldap/servers/plugins/replication/repl5_replica.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c -index 708008c..8b53f3c 100644 ---- a/ldap/servers/plugins/replication/repl5_replica.c -+++ b/ldap/servers/plugins/replication/repl5_replica.c -@@ -456,7 +456,6 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid) - "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e), - ldap_err2string(return_value)); - rc = -1; -- slapi_entry_free(e); /* The entry was not consumed */ - goto done; - } - --- -1.9.3 - diff --git a/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch b/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch deleted file mode 100644 index d2e826c..0000000 --- a/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 695f06f02f6285bad4c494fda98f8f17ace2d1aa Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 30 Sep 2015 13:32:05 -0700 -Subject: [PATCH 66/68] Ticket #48299 - pagedresults - when timed out, search - results could have been already freed. - -Description: When a search results object is freed, there is a window -until the information is set to the pagedresults handle. If the paged- -results handle is released due to a timeout in the window, double free -occurs. - -This patch sets NULL just before the search results object is freed -in the backend as well as in dse. - -Plus, fixed a minor memory leak in pagedresults_parse_control_value. - -https://fedorahosted.org/389/ticket/48299 - -Reviewed and a bug found by tbordaz@redhat.com (Thank you, Thierry!!) - -(cherry picked from commit f90c3a6e1933b9cc19a51b17a038f26652c4b2bc) -(cherry picked from commit 56151ed75bbd63af80932fe73a512df835b17593) ---- - ldap/servers/slapd/back-ldbm/ldbm_search.c | 1 + - ldap/servers/slapd/dse.c | 1 + - ldap/servers/slapd/pagedresults.c | 33 +++++++++++++++++++++++++++++- - ldap/servers/slapd/proto-slap.h | 1 + - 4 files changed, 35 insertions(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c -index 73c54d3..8ed6b4d 100644 ---- a/ldap/servers/slapd/back-ldbm/ldbm_search.c -+++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c -@@ -1890,6 +1890,7 @@ delete_search_result_set( Slapi_PBlock *pb, back_search_result_set **sr ) - /* If the op is pagedresults, let the module clean up sr. */ - return; - } -+ pagedresults_set_search_result_pb(pb, NULL, 0); - slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); - } - if ( NULL != (*sr)->sr_candidates ) -diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c -index e8e393b..68ce751 100644 ---- a/ldap/servers/slapd/dse.c -+++ b/ldap/servers/slapd/dse.c -@@ -2830,6 +2830,7 @@ dse_next_search_entry (Slapi_PBlock *pb) - /* we reached the end of the list */ - if (e == NULL) - { -+ pagedresults_set_search_result_pb(pb, NULL, 0); - dse_search_set_delete (ss); - slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); - } -diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c -index d0c93cd..6dd6432 100644 ---- a/ldap/servers/slapd/pagedresults.c -+++ b/ldap/servers/slapd/pagedresults.c -@@ -172,7 +172,6 @@ pagedresults_parse_control_value( Slapi_PBlock *pb, - } - /* reset sizelimit */ - op->o_pagedresults_sizelimit = -1; -- slapi_ch_free((void **)&cookie.bv_val); - - if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)) { - if (conn->c_pagedresults.prl_list[*index].pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) { -@@ -189,6 +188,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb, - LDAPDebug1Arg(LDAP_DEBUG_ANY, "pagedresults_parse_control_value: invalid cookie: %d\n", *index); - } - bail: -+ slapi_ch_free((void **)&cookie.bv_val); - /* cleaning up the rest of the timedout or abandoned if any */ - prp = conn->c_pagedresults.prl_list; - for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) { -@@ -1010,3 +1010,34 @@ pagedresults_is_abandoned_or_notavailable( Connection *conn, int index ) - PR_Unlock(conn->c_mutex); - return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED; - } -+ -+int -+pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked) -+{ -+ int rc = -1; -+ Connection *conn = NULL; -+ Operation *op = NULL; -+ int index = -1; -+ if (!pb) { -+ return 0; -+ } -+ slapi_pblock_get(pb, SLAPI_OPERATION, &op); -+ if (!op_is_pagedresults(op)) { -+ return 0; /* noop */ -+ } -+ slapi_pblock_get(pb, SLAPI_CONNECTION, &conn); -+ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &index); -+ LDAPDebug2Args(LDAP_DEBUG_TRACE, -+ "--> pagedresults_set_search_result_pb: idx=%d, sr=%p\n", index, sr); -+ if (conn && (index > -1)) { -+ if (!locked) PR_Lock(conn->c_mutex); -+ if (index < conn->c_pagedresults.prl_maxlen) { -+ conn->c_pagedresults.prl_list[index].pr_search_result_set = sr; -+ rc = 0; -+ } -+ if (!locked) PR_Unlock(conn->c_mutex); -+ } -+ LDAPDebug1Arg(LDAP_DEBUG_TRACE, -+ "<-- pagedresults_set_search_result_pb: %d\n", rc); -+ return rc; -+} -diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h -index e8673e1..b10c1eb 100644 ---- a/ldap/servers/slapd/proto-slap.h -+++ b/ldap/servers/slapd/proto-slap.h -@@ -1488,6 +1488,7 @@ void op_set_pagedresults(Operation *op); - void pagedresults_lock(Connection *conn, int index); - void pagedresults_unlock(Connection *conn, int index); - int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index); -+int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked); - - /* - * sort.c --- -1.9.3 - diff --git a/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch deleted file mode 100644 index 913e0c4..0000000 --- a/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 6b1aeee584c74c47abf8f7190d4783c061607279 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 1 Oct 2015 15:11:24 -0700 -Subject: [PATCH 67/68] Ticket #48192 - Individual abandoned simple paged - results request has no chance to be cleaned up - -Description: If CONN_FLAG_PAGEDRESULTS_ABANDONED is set to pr_flags, -the search results in the pagedresults handle is supposed to have been -cleaned up. But when there is a contention, there is a case that it -is reset with the already released search results. This patch adds an -additional check for abandoned flag in pagedresults_set_search_result. -If the pagedresults handle shows it is abandoned, the search results -is not set to the handle unless it is for cleaning up with NULL. - -https://fedorahosted.org/389/ticket/48192 - -Reviewed by rmeggins@redhat.com (Thanks, Rich!!) - -(cherry picked from commit 6e453918e82af6c597390aebf92a8eb3283c3591) -(cherry picked from commit 96b9b6794e0a6bfa0d74c84f6c80131c4f820fa7) ---- - ldap/servers/slapd/pagedresults.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c -index 6dd6432..87447c4 100644 ---- a/ldap/servers/slapd/pagedresults.c -+++ b/ldap/servers/slapd/pagedresults.c -@@ -337,7 +337,7 @@ pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid ) - for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { - if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) { - PagedResults *prp = conn->c_pagedresults.prl_list + i; -- if (prp && prp->pr_current_be && -+ if (prp->pr_current_be && - prp->pr_current_be->be_search_results_release && - prp->pr_search_result_set) { - prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); -@@ -429,7 +429,11 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, - if (conn && (index > -1)) { - if (!locked) PR_Lock(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { -- conn->c_pagedresults.prl_list[index].pr_search_result_set = sr; -+ PagedResults *prp = conn->c_pagedresults.prl_list + index; -+ if (!(prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) || !sr) { -+ /* If abandoned, don't set the search result unless it is NULL */ -+ prp->pr_search_result_set = sr; -+ } - rc = 0; - } - if (!locked) PR_Unlock(conn->c_mutex); --- -1.9.3 - diff --git a/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch b/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch deleted file mode 100644 index 0e44b72..0000000 --- a/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch +++ /dev/null @@ -1,343 +0,0 @@ -From 5b2efd34c07c65e24f4129430064f7299803dbf8 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Fri, 2 Oct 2015 11:38:01 -0700 -Subject: [PATCH 68/68] Ticket #48298 - ns-slapd crash during - ipa-replica-manage del - -Bug Description: The cause of the problem is rather not a race condition but -accessing an already freed agreement in a plug-in: -> The crashed thread is deleting an agreement object, which calls mep_pre_op. -> It eventually calls op_shared_search with the deleted agreement object with -> base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))" -> Since it is a DSE entry it goes to dse_search, in which it calls agmt_get_ -> replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN... - -Fix Description: This patch adds the check to agmt_get_replarea, in which if -the agreement is not in the agreement list, it returnes NULL repl area. When -the NULL repl area is returned the callers back off with an error. - -https://fedorahosted.org/389/ticket/48298 - -Reviewed by rmeggins@redhat.com (Thanks, Rich!) - -(cherry picked from commit 3cbdfa613ed8668337213fe9c3c15cf54ce798aa) -(cherry picked from commit f09eb8c0f8ee315b2a20d6460c975a546207411e) ---- - ldap/servers/plugins/replication/repl5.h | 1 + - ldap/servers/plugins/replication/repl5_agmt.c | 17 +++++++++-- - ldap/servers/plugins/replication/repl5_agmtlist.c | 34 ++++++++++++++++++---- - .../plugins/replication/repl5_inc_protocol.c | 10 ++++++- - .../plugins/replication/repl5_replica_config.c | 6 +++- - .../plugins/replication/repl5_tot_protocol.c | 12 ++++++-- - .../plugins/replication/repl_session_plugin.c | 22 +++++++++++--- - .../plugins/replication/windows_protocol_util.c | 12 ++++++++ - 8 files changed, 98 insertions(+), 16 deletions(-) - -diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h -index 17282bb..df92ca0 100644 ---- a/ldap/servers/plugins/replication/repl5.h -+++ b/ldap/servers/plugins/replication/repl5.h -@@ -390,6 +390,7 @@ void agmtlist_shutdown(); - void agmtlist_notify_all(Slapi_PBlock *pb); - Object* agmtlist_get_first_agreement_for_replica (Replica *r); - Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev); -+int agmtlist_agmt_exists(const Repl_Agmt *ra); - - /* In repl5_backoff.c */ - typedef struct backoff_timer Backoff_Timer; -diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c -index f84eacb..76d26a1 100644 ---- a/ldap/servers/plugins/replication/repl5_agmt.c -+++ b/ldap/servers/plugins/replication/repl5_agmt.c -@@ -696,6 +696,12 @@ agmt_start(Repl_Agmt *ra) - * index. - */ - repl_sdn = agmt_get_replarea(ra); -+ if (!repl_sdn) { -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ "agmt_start: failed to get repl area. Please check agreement.\n"); -+ prot_free(&prot); -+ return -1; -+ } - - pb = slapi_pblock_new(); - attrs[0] = (char*)type_agmtMaxCSN; -@@ -770,7 +776,7 @@ agmt_start(Repl_Agmt *ra) - slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)), - ra->hostname, ra->port); - if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){ -- /* Set the maxcsn */ -+ /* Set the maxcsn */ - slapi_ch_free_string(&ra->maxcsn); - ra->maxcsn = slapi_ch_strdup(maxcsns[i]); - ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]); -@@ -976,8 +982,11 @@ agmt_get_bindmethod(const Repl_Agmt *ra) - Slapi_DN * - agmt_get_replarea(const Repl_Agmt *ra) - { -- Slapi_DN *return_value; -+ Slapi_DN *return_value = NULL; - PR_ASSERT(NULL != ra); -+ if (!agmtlist_agmt_exists(ra)) { -+ return return_value; -+ } - PR_Lock(ra->lock); - return_value = slapi_sdn_new(); - slapi_sdn_copy(ra->replarea, return_value); -@@ -2690,6 +2699,9 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, - Object *repl_obj = NULL; - - replarea_sdn = agmt_get_replarea(ra); -+ if (!replarea_sdn) { -+ goto bail; -+ } - repl_obj = replica_get_replica_from_dn(replarea_sdn); - slapi_sdn_free(&replarea_sdn); - if (repl_obj) { -@@ -2748,6 +2760,7 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, - slapi_entry_add_string(e, "nsds5replicaLastInitStatus", ra->last_init_status); - } - } -+bail: - return SLAPI_DSE_CALLBACK_OK; - } - -diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c -index 34650b4..f50862f 100644 ---- a/ldap/servers/plugins/replication/repl5_agmtlist.c -+++ b/ldap/servers/plugins/replication/repl5_agmtlist.c -@@ -109,6 +109,24 @@ agmtlist_release_agmt(Repl_Agmt *ra) - } - } - -+int -+agmtlist_agmt_exists(const Repl_Agmt *ra) -+{ -+ Object *ro; -+ int exists = 0; -+ -+ PR_ASSERT(NULL != agmt_set); -+ if (!ra) { -+ return exists; -+ } -+ ro = objset_find(agmt_set, agmt_ptr_cmp, (const void *)ra); -+ if (ro) { -+ exists = 1; -+ object_release(ro); -+ } -+ return exists; -+} -+ - - /* - * Note: when we add the new object, we have a reference to it. We hold -@@ -135,6 +153,9 @@ add_new_agreement(Slapi_Entry *e) - - /* get the replica for this agreement */ - replarea_sdn = agmt_get_replarea(ra); -+ if (!replarea_sdn) { -+ return 1; -+ } - repl_obj = replica_get_replica_from_dn(replarea_sdn); - slapi_sdn_free(&replarea_sdn); - if (repl_obj) { -@@ -841,13 +862,16 @@ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev) - else - obj = objset_first_obj(agmt_set); - -- while (obj) -- { -+ for ( ; obj; obj = objset_next_obj(agmt_set, obj)) { - agmt = (Repl_Agmt*)object_get_data (obj); -- PR_ASSERT (agmt); -+ if (!agmt) { -+ continue; -+ } - - agmt_root = agmt_get_replarea(agmt); -- PR_ASSERT (agmt_root); -+ if (!agmt_root) { -+ continue; -+ } - - if (slapi_sdn_compare (replica_root, agmt_root) == 0) - { -@@ -856,7 +880,7 @@ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev) - } - - slapi_sdn_free (&agmt_root); -- obj = objset_next_obj(agmt_set, obj); -+ - } - - return NULL; -diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c -index 7680340..244bbb2 100644 ---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c -+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c -@@ -1906,6 +1906,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - { - Replica *replica; - ReplicaId rid = -1; /* Used to create the replica keep alive subentry */ -+ Slapi_DN *replarea_sdn = NULL; - replica = (Replica*) object_get_data(prp->replica_object); - if (replica) - { -@@ -1914,7 +1915,14 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "%s: skipped updates was definitely too high (%d) update the subentry now\n", - agmt_get_long_name(prp->agmt), skipped_updates); -- replica_subentry_update(agmt_get_replarea(prp->agmt), rid); -+ replarea_sdn = agmt_get_replarea(prp->agmt); -+ if (!replarea_sdn) { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "send_updates: Unknown replication area due to agreement not found."); -+ return_value = UPDATE_FATAL_ERROR; -+ } else { -+ replica_subentry_update(replarea_sdn, rid); -+ } - } - /* Terminate the results reading thread */ - if (!prp->repl50consumer) -diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c -index 8d3c481..e85ae3e 100644 ---- a/ldap/servers/plugins/replication/repl5_replica_config.c -+++ b/ldap/servers/plugins/replication/repl5_replica_config.c -@@ -2368,13 +2368,17 @@ replica_send_cleanruv_task(Repl_Agmt *agmt, cleanruv_data *clean_data) - conn_delete_internal_ext(conn); - return; - } -- val.bv_len = PR_snprintf(data, sizeof(data), "CLEANRUV%d", clean_data->rid); - sdn = agmt_get_replarea(agmt); -+ if (!sdn) { -+ conn_delete_internal_ext(conn); -+ return; -+ } - mod.mod_op = LDAP_MOD_ADD|LDAP_MOD_BVALUES; - mod.mod_type = "nsds5task"; - mod.mod_bvalues = vals; - vals [0] = &val; - vals [1] = NULL; -+ val.bv_len = PR_snprintf(data, sizeof(data), "CLEANRUV%d", clean_data->rid); - val.bv_val = data; - mods[0] = &mod; - mods[1] = NULL; -diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c -index 7da893a..16b51b5 100644 ---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c -+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c -@@ -329,6 +329,13 @@ repl5_tot_run(Private_Repl_Protocol *prp) - goto done; - } - -+ area_sdn = agmt_get_replarea(prp->agmt); -+ if (!area_sdn) { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to " -+ "get repl area. Please check agreement.\n"); -+ goto done; -+ } -+ - conn_set_timeout(prp->conn, agmt_get_timeout(prp->agmt)); - - /* acquire remote replica */ -@@ -387,11 +394,10 @@ repl5_tot_run(Private_Repl_Protocol *prp) - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Beginning total update of replica " - "\"%s\".\n", agmt_get_long_name(prp->agmt)); - -- pb = slapi_pblock_new (); -+ /* RMREPL - need to send schema here */ - -- /* RMREPL - need to send schema here */ -+ pb = slapi_pblock_new (); - -- area_sdn = agmt_get_replarea(prp->agmt); - /* we need to provide managedsait control so that referral entries can - be replicated */ - ctrls = (LDAPControl **)slapi_ch_calloc (3, sizeof (LDAPControl *)); -diff --git a/ldap/servers/plugins/replication/repl_session_plugin.c b/ldap/servers/plugins/replication/repl_session_plugin.c -index 1c04089..2fa993d 100644 ---- a/ldap/servers/plugins/replication/repl_session_plugin.c -+++ b/ldap/servers/plugins/replication/repl_session_plugin.c -@@ -48,6 +48,10 @@ repl_session_plugin_call_agmt_init_cb(Repl_Agmt *ra) - } - if (initfunc) { - replarea = agmt_get_replarea(ra); -+ if (!replarea) { -+ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_agmt_init_cb -- Aborted -- No replication area\n"); -+ return; -+ } - cookie = (*initfunc)(replarea); - slapi_sdn_free(&replarea); - } -@@ -73,8 +77,11 @@ repl_session_plugin_call_pre_acquire_cb(const Repl_Agmt *ra, int is_total, - - if (thefunc) { - replarea = agmt_get_replarea(ra); -- rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, -- data_guid, data); -+ if (!replarea) { -+ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_pre_acquire_cb -- Aborted -- No replication area\n"); -+ return 1; -+ } -+ rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, data_guid, data); - slapi_sdn_free(&replarea); - } - -@@ -95,8 +102,11 @@ repl_session_plugin_call_post_acquire_cb(const Repl_Agmt *ra, int is_total, - - if (thefunc) { - replarea = agmt_get_replarea(ra); -- rc = (*thefunc)(agmt_get_priv(ra), replarea, -- is_total, data_guid, data); -+ if (!replarea) { -+ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_post_acquire_cb -- Aborted -- No replication area\n"); -+ return 1; -+ } -+ rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, data_guid, data); - slapi_sdn_free(&replarea); - } - -@@ -151,6 +161,10 @@ repl_session_plugin_call_destroy_agmt_cb(const Repl_Agmt *ra) - - if (thefunc) { - replarea = agmt_get_replarea(ra); -+ if (!replarea) { -+ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_destroy_agmt_cb -- Aborted -- No replication area\n"); -+ return; -+ } - (*thefunc)(agmt_get_priv(ra), replarea); - slapi_sdn_free(&replarea); - } -diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c -index 5c12af7..084b520 100644 ---- a/ldap/servers/plugins/replication/windows_protocol_util.c -+++ b/ldap/servers/plugins/replication/windows_protocol_util.c -@@ -5319,6 +5319,13 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry, - * in the groups caused by moving member entries. - * We need to update the local groups manually... */ - local_subtree = agmt_get_replarea(prp->agmt); -+ if (!local_subtree) { -+ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, -+ "failed to get local subtree from agreement\n"); -+ local_entry = orig_local_entry; -+ orig_local_entry = NULL; -+ goto bail; -+ } - local_subtree_sdn = local_subtree; - orig_local_sdn = slapi_entry_get_sdn_const(orig_local_entry); - escaped_filter_val = slapi_escape_filter_value((char *)slapi_sdn_get_ndn(orig_local_sdn), -@@ -5651,6 +5658,11 @@ windows_search_local_entry_by_uniqueid(Private_Repl_Protocol *prp, - *ret_entry = NULL; - if (is_global) { /* Search from the suffix (rename case) */ - local_subtree = agmt_get_replarea(prp->agmt); -+ if (!local_subtree) { -+ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, -+ "failed to get local subtree from agreement\n"); -+ return LDAP_PARAM_ERROR; -+ } - local_subtree_sdn = local_subtree; - } else { - local_subtree_sdn = windows_private_get_directory_treetop(prp->agmt); --- -1.9.3 - diff --git a/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch b/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch deleted file mode 100644 index e98104e..0000000 --- a/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 68cdd9df5c923cca591dfe7d22207d7d31ef4928 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Fri, 23 Oct 2015 15:17:44 -0400 -Subject: [PATCH 69/75] Ticket 48311 - nunc-stans: Attempt to release - connection that is not acquired - -Bug Description: ns_connection_post_io_or_closing() was not aquiring the - connection in the optimized build, which led to the connection - ref count getting out sequence. - -Fix Description Do not call connection_acquire_nolock() inside a PR_ASSERT call. - - Also changed other PR_ASSERTs to only be called if DEBUG is set - -https://fedorahosted.org/389/ticket/48311 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 97946bd212c5094a490d6a3429e0d5763ccd39ce) -(cherry picked from commit a8d30b356f312b24132f4ced324a67601b7cfb9b) ---- - ldap/servers/slapd/daemon.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c -index ba73da3..82099bc 100644 ---- a/ldap/servers/slapd/daemon.c -+++ b/ldap/servers/slapd/daemon.c -@@ -1836,7 +1836,11 @@ ns_handle_closure(struct ns_job_t *job) - int do_yield = 0; - - /* this function must be called from the event loop thread */ -+#ifdef DEBUG - PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job))); -+#else -+ NS_JOB_IS_THREAD(ns_job_get_type(job)); -+#endif - PR_Lock(c->c_mutex); - connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */ - PR_ASSERT(c->c_ns_close_jobs == 1); /* should be exactly 1 active close job - this one */ -@@ -1889,7 +1893,11 @@ ns_connection_post_io_or_closing(Connection *conn) - /* process event normally - wait for I/O until idletimeout */ - tv.tv_sec = conn->c_idletimeout; - tv.tv_usec = 0; -- PR_ASSERT(0 == connection_acquire_nolock(conn)); /* event framework now has a reference */ -+#ifdef DEBUG -+ PR_ASSERT(0 == connection_acquire_nolock(conn)); -+#else -+ connection_acquire_nolock(conn); /* event framework now has a reference */ -+#endif - ns_add_io_timeout_job(conn->c_tp, conn->c_prfd, &tv, - NS_JOB_READ|NS_JOB_PRESERVE_FD, - ns_handle_pr_read_ready, conn, NULL); -@@ -1911,7 +1919,11 @@ ns_handle_pr_read_ready(struct ns_job_t *job) - Connection *c = (Connection *)ns_job_get_data(job); - - /* this function must be called from the event loop thread */ -+#ifdef DEBUG - PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job))); -+#else -+ NS_JOB_IS_THREAD(ns_job_get_type(job)); -+#endif - - PR_Lock(c->c_mutex); - LDAPDebug2Args(LDAP_DEBUG_CONNS, "activity on conn %" NSPRIu64 " for fd=%d\n", --- -2.4.3 - diff --git a/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch b/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch deleted file mode 100644 index c574566..0000000 --- a/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch +++ /dev/null @@ -1,79 +0,0 @@ -From d7609aa1166fb79dd5e1f838f5ab27e0924441a1 Mon Sep 17 00:00:00 2001 -From: William Brown -Date: Fri, 6 Nov 2015 14:56:44 +1000 -Subject: [PATCH 70/75] Ticket 48311 -nunc-stans: Attempt to release - connection that is not acquired https://fedorahosted.org/389/ticket/48311 - -Bug Description: DS with nunc stans enabled produces lots of messages like -[13/Oct/2015:11:29:24 -0400] connection - conn=98 fd=161 Attempt to release -connection that is not acquired - -FixDescription: From the original patch: - * Do not call connection_acquire_nolock() inside a PR_ASSERT call. - * Also changed other PR_ASSERTs to only be called if DEBUG is set - -This additionally guarantees the return codes of these functions since we have -removed the PR_ASSERT that previously wrapped these function calls. If these -assertions fail, we log to the error log in all cases. - -Author: wibrown - -Review by: mreynolds, nhosoi (Thanks!) - -(cherry picked from commit 49aaf98732d1e16dde3edb81272de8203aded21c) -(cherry picked from commit b03987689c3a2477630e2a3452e64cc7759ba5f3) ---- - ldap/servers/slapd/daemon.c | 23 ++++++++++++++++++++--- - 1 file changed, 20 insertions(+), 3 deletions(-) - -diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c -index 82099bc..bd3bfb2 100644 ---- a/ldap/servers/slapd/daemon.c -+++ b/ldap/servers/slapd/daemon.c -@@ -1839,7 +1839,12 @@ ns_handle_closure(struct ns_job_t *job) - #ifdef DEBUG - PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job))); - #else -- NS_JOB_IS_THREAD(ns_job_get_type(job)); -+ /* This doesn't actually confirm it's in the event loop thread, but it's a start */ -+ if (NS_JOB_IS_THREAD(ns_job_get_type(job)) != 0) { -+ LDAPDebug2Args(LDAP_DEBUG_ANY, "ns_handle_closure: Attempt to close outside of event loop thread %" NSPRIu64 " for fd=%d\n", -+ c->c_connid, c->c_sd); -+ return; -+ } - #endif - PR_Lock(c->c_mutex); - connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */ -@@ -1896,7 +1901,14 @@ ns_connection_post_io_or_closing(Connection *conn) - #ifdef DEBUG - PR_ASSERT(0 == connection_acquire_nolock(conn)); - #else -- connection_acquire_nolock(conn); /* event framework now has a reference */ -+ if (connection_acquire_nolock(conn) != 0) { /* event framework now has a reference */ -+ /* -+ * This has already been logged as an error in ./ldap/servers/slapd/connection.c -+ * The error occurs when we get a connection in a closing state. -+ * For now we return, but there is probably a better way to handle the error case. -+ */ -+ return; -+ } - #endif - ns_add_io_timeout_job(conn->c_tp, conn->c_prfd, &tv, - NS_JOB_READ|NS_JOB_PRESERVE_FD, -@@ -1922,7 +1934,12 @@ ns_handle_pr_read_ready(struct ns_job_t *job) - #ifdef DEBUG - PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job))); - #else -- NS_JOB_IS_THREAD(ns_job_get_type(job)); -+ /* This doesn't actually confirm it's in the event loop thread, but it's a start */ -+ if (NS_JOB_IS_THREAD(ns_job_get_type(job)) != 0) { -+ LDAPDebug2Args(LDAP_DEBUG_ANY, "ns_handle_pr_read_ready: Attempt to handle read ready outside of event loop thread %" NSPRIu64 " for fd=%d\n", -+ c->c_connid, c->c_sd); -+ return; -+ } - #endif - - PR_Lock(c->c_mutex); --- -2.4.3 - diff --git a/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch b/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch deleted file mode 100644 index 90743ca..0000000 --- a/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 34239335f2658905a2f96865bea0503bb6ad5ec1 Mon Sep 17 00:00:00 2001 -From: Thierry Bordaz -Date: Tue, 3 Nov 2015 15:59:54 +0100 -Subject: [PATCH 71/75] Ticket 47976: deadlock in mep delete post op - -Bug Description: - When deleting the original entry, some DB pages are acquired in write. - The deadlock occurs because when reading the parent entry of the MEP entry - MEP plugin requires read access to one of the page acquired by the deletion of the original entry. - The read access can be granted if it is using the parent txn. - This bug requires that the parent entry of the MEP entry is not found in the entry cache, so - it requires database access - -Fix Description: - Fix ldbm_delete, so that it reads id2entry db with parent txn - -https://fedorahosted.org/389/ticket/47976 - -Reviewed by: Ludwig Krispenz, Rich Megginson (Thanks you !!) - -Platforms tested: F17 - -Flag Day: no - -Doc impact: no - -(cherry picked from commit 55434d308b4e459ba3a169eff94568312dba767c) ---- - ldap/servers/slapd/back-ldbm/ldbm_delete.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c -index f31d545..100a71d 100644 ---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c -+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c -@@ -477,7 +477,7 @@ ldbm_back_delete( Slapi_PBlock *pb ) - * the parent. If we fail to lock the entry, just try again. - */ - while(1){ -- parent = id2entry(be, pid ,NULL, &retval); -+ parent = id2entry(be, pid ,&txn, &retval); - if (parent && (cache_retry = cache_lock_entry(&inst->inst_cache, parent))) { - /* Failed to obtain parent entry's entry lock */ - if(cache_retry == RETRY_CACHE_LOCK && --- -2.4.3 - diff --git a/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch b/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch deleted file mode 100644 index aed49ee..0000000 --- a/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 24129b41820b87d613e721f8530e1955f1cce0ff Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 5 Nov 2015 10:44:08 -0800 -Subject: [PATCH 72/75] Ticket #48338 - SimplePagedResults -- abandon could - happen between the abandon check and sending results - -Description: An abandon request for a SimplePagedResults request could -happened between the abandon check and the code for sending the search -results. The abandon frees the search results although sending result -code still refers it. - -Fix description: The code (from getting search results through sending -the search results) in op_shared_search is protected by c_mutex locking. - -https://fedorahosted.org/389/ticket/48338 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit 390b8bd9076e8976facc0858e60985d6b4fac05c) -(cherry picked from commit 8f49d33d30fade7b579062414250a0ddb1a66c62) ---- - ldap/servers/slapd/opshared.c | 13 ++++++++----- - ldap/servers/slapd/pagedresults.c | 28 ++++++++++++++++++---------- - ldap/servers/slapd/proto-slap.h | 5 ++--- - 3 files changed, 28 insertions(+), 18 deletions(-) - -diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c -index dcdbb04..586ca1f 100644 ---- a/ldap/servers/slapd/opshared.c -+++ b/ldap/servers/slapd/opshared.c -@@ -500,7 +500,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - be = be_list[index]; - } - } -- pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx); -+ pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 0/*not locked*/, pr_idx); - estimate = pagedresults_get_search_result_set_size_estimate(pb->pb_conn, operation, pr_idx); - if (pagedresults_get_unindexed(pb->pb_conn, operation, pr_idx)) { - opnote |= SLAPI_OP_NOTE_UNINDEXED; -@@ -675,13 +675,15 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - * In async paged result case, the search result might be released - * by other theads. We need to double check it in the locked region. - */ -- pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx); -+ PR_Lock(pb->pb_conn->c_mutex); -+ pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 1/*locked*/, pr_idx); - if (pr_search_result) { -- if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) { -+ if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 1/*locked*/, pr_idx)) { - pagedresults_unlock(pb->pb_conn, pr_idx); - /* Previous operation was abandoned and the simplepaged object is not in use. */ - send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); - rc = LDAP_SUCCESS; -+ PR_Unlock(pb->pb_conn->c_mutex); - goto free_and_return; - } else { - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result ); -@@ -689,7 +691,8 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - - /* search result could be reset in the backend/dse */ - slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); -- pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx); -+ pagedresults_set_search_result(pb->pb_conn, operation, sr, 1/*locked*/, pr_idx); -+ PR_Unlock(pb->pb_conn->c_mutex); - } - } else { - pr_stat = PAGEDRESULTS_SEARCH_END; -@@ -720,7 +723,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - if (PAGEDRESULTS_SEARCH_END == pr_stat) { - pagedresults_lock(pb->pb_conn, pr_idx); - slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); -- if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) { -+ if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 0/*not locked*/, pr_idx)) { - pagedresults_free_one(pb->pb_conn, operation, pr_idx); - } - pagedresults_unlock(pb->pb_conn, pr_idx); -diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c -index 87447c4..4458cfb 100644 ---- a/ldap/servers/slapd/pagedresults.c -+++ b/ldap/servers/slapd/pagedresults.c -@@ -395,20 +395,25 @@ pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int - } - - void * --pagedresults_get_search_result(Connection *conn, Operation *op, int index) -+pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index) - { - void *sr = NULL; - if (!op_is_pagedresults(op)) { - return sr; /* noop */ - } -- LDAPDebug1Arg(LDAP_DEBUG_TRACE, -- "--> pagedresults_get_search_result: idx=%d\n", index); -+ LDAPDebug2Args(LDAP_DEBUG_TRACE, -+ "--> pagedresults_get_search_result(%s): idx=%d\n", -+ locked?"locked":"not locked", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ if (!locked) { -+ PR_Lock(conn->c_mutex); -+ } - if (index < conn->c_pagedresults.prl_maxlen) { - sr = conn->c_pagedresults.prl_list[index].pr_search_result_set; - } -- PR_Unlock(conn->c_mutex); -+ if (!locked) { -+ PR_Unlock(conn->c_mutex); -+ } - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_get_search_result: %p\n", sr); -@@ -416,8 +421,7 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int index) - } - - int --pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, -- int locked, int index) -+pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index) - { - int rc = -1; - if (!op_is_pagedresults(op)) { -@@ -1003,15 +1007,19 @@ pagedresults_unlock( Connection *conn, int index ) - } - - int --pagedresults_is_abandoned_or_notavailable( Connection *conn, int index ) -+pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index) - { - PagedResults *prp; - if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { - return 1; /* not abandoned, but do not want to proceed paged results op. */ - } -- PR_Lock(conn->c_mutex); -+ if (!locked) { -+ PR_Lock(conn->c_mutex); -+ } - prp = conn->c_pagedresults.prl_list + index; -- PR_Unlock(conn->c_mutex); -+ if (!locked) { -+ PR_Unlock(conn->c_mutex); -+ } - return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED; - } - -diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h -index b10c1eb..e1cb53e 100644 ---- a/ldap/servers/slapd/proto-slap.h -+++ b/ldap/servers/slapd/proto-slap.h -@@ -1445,8 +1445,7 @@ void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical, - int curr_search_count, int index); - Slapi_Backend *pagedresults_get_current_be(Connection *conn, int index); - int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock); --void *pagedresults_get_search_result(Connection *conn, Operation *op, -- int index); -+void *pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index); - int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, - int locked, int index); - int pagedresults_get_search_result_count(Connection *conn, Operation *op, -@@ -1487,7 +1486,7 @@ int pagedresults_cleanup_all(Connection *conn, int needlock); - void op_set_pagedresults(Operation *op); - void pagedresults_lock(Connection *conn, int index); - void pagedresults_unlock(Connection *conn, int index); --int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index); -+int pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index); - int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked); - - /* --- -2.4.3 - diff --git a/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch b/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch deleted file mode 100644 index 37db567..0000000 --- a/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 1a10e14ce3f05f961e80c4c8cf170d92945c25a1 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Fri, 6 Nov 2015 14:41:36 -0500 -Subject: [PATCH 73/75] Ticket 48325 - Replica promotion leaves RUV out of - order - -Bug Description: When promoting a consumer to a master the new RUV - element is appended to the RUV. However, when trying - to replicate from the newly promoted replica the - remote replica checks the first element in the RUV - and sees that its the same replica ID, and aborts the - replication session. Essentailly this completely - breaks replication between the two servers, and can - actually corrupt other RUVs on other replicas. - -Fix Description: When promoting a replica to a master, reorder the RUV - so that it is the first in the list. - -https://fedorahosted.org/389/ticket/48325 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit b896840d270a540698f35a4aac4f7a91742952b0) -(cherry picked from commit 6180b91c3f65e9c5e375816a72baa95678458a0a) ---- - ldap/servers/plugins/replication/repl5_replica_config.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c -index e85ae3e..4d7135c 100644 ---- a/ldap/servers/plugins/replication/repl5_replica_config.c -+++ b/ldap/servers/plugins/replication/repl5_replica_config.c -@@ -1003,6 +1003,7 @@ replica_config_change_type_and_id (Replica *r, const char *new_type, - csngen_rewrite_rid(gen, rid); - if(purl && type == REPLICA_TYPE_UPDATABLE){ - ruv_add_replica(ruv, rid, purl); -+ ruv_move_local_supplier_to_first(ruv, rid); - replica_reset_csn_pl(r); - } - ruv_delete_replica(ruv, oldrid); --- -2.4.3 - diff --git a/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch b/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch deleted file mode 100644 index 0d2fceb..0000000 --- a/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0fa9e46da9f56221b579a7729deebaed73364c27 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 10 Nov 2015 15:35:41 -0800 -Subject: [PATCH 74/75] Ticket #48344 - acl - regression - trailing ', (comma)' - in macro matched value is not removed. - -Description: acl_match_macro_in_target in acl plug-in returns matched value -with a trailing comma, e.g., "o=kaki.com,". It's used to create a group DN, -e.g., "cn=Domain Administrators,ou=Groups,o=kaki.como=ace industry,c=us". - -Due to the duplicated commas, the bind unexpectedly fails with 50 (insufficient -access). - -In getting the matched value from target DN, it checks if a character at the -end position is a comma or not. If it is, '\0' is set there. The position -was one byte ahead. It was introduced by #48141 - aci with wildcard and macro -not correctly evaluated. - -https://fedorahosted.org/389/ticket/48344 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 8e421fb9af2752144cc93e62090fd873524c5633) -(cherry picked from commit 1a6390d6ffa743f38be206f7ed7bb0ac3bcfe26b) ---- - ldap/servers/plugins/acl/aclutil.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c -index 2f37107..308cf8b 100644 ---- a/ldap/servers/plugins/acl/aclutil.c -+++ b/ldap/servers/plugins/acl/aclutil.c -@@ -935,7 +935,7 @@ acl_match_macro_in_target( const char *ndn, char * match_this, - - matched_val_len = ndn_len-macro_suffix_len- - ndn_prefix_end; -- if (ndn[ndn_len - macro_suffix_len] == ',') -+ if (ndn[ndn_len - macro_suffix_len - 1] == ',') - matched_val_len -= 1; - - matched_val = (char *)slapi_ch_malloc(matched_val_len + 1); --- -2.4.3 - diff --git a/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch b/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch deleted file mode 100644 index 7c54385..0000000 --- a/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 70cdfa2ef8bcb0e8bae1c18f69c42d99dff2b5be Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 5 Nov 2015 13:08:56 -0800 -Subject: [PATCH 75/75] Ticket #48339 - Share nsslapd-threadnumber in the case - nunc-stans is enabled, as well. - -Description: When nunc-stans is enabled, instead of getting the -thread number from the environment variable MAX_THREADS, use the -value of config parameter nsslapd-threadnumber. - -https://fedorahosted.org/389/ticket/48339 - -Reviewed by rmeggins@redhat.com (Thank you, Rich!!) - -(cherry picked from commit ab8ed9a5ebb0d15b55d7525ed1d5dbeebd8c7563) -(cherry picked from commit a4c0a9eeba031b9304d63ca05d8b9fab9ebca1b2) ---- - ldap/servers/slapd/daemon.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c -index bd3bfb2..5d70647 100644 ---- a/ldap/servers/slapd/daemon.c -+++ b/ldap/servers/slapd/daemon.c -@@ -1199,10 +1199,7 @@ void slapd_daemon( daemon_ports_t *ports ) - #ifdef ENABLE_NUNC_STANS - if (enable_nunc_stans && !g_get_shutdown()) { - int ii; -- PRInt32 maxthreads = 3; -- if (getenv("MAX_THREADS")) { -- maxthreads = atoi(getenv("MAX_THREADS")); -- } -+ PRInt32 maxthreads = (PRInt32)config_get_threadnumber(); - /* Set the nunc-stans thread pool config */ - ns_thrpool_config_init(&tp_config); - --- -2.4.3 - diff --git a/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch b/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch deleted file mode 100644 index 3fa78c6..0000000 --- a/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 62d2b0026e895448b9dff76f2565012340afdfcd Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 18 Nov 2015 11:44:35 -0800 -Subject: [PATCH] Ticket #48338 - SimplePagedResults -- abandon could happen - between the abandon check and sending results - -Description: commit 390b8bd9076e8976facc0858e60985d6b4fac05c introduced -a self deadlock (see also bz1282607: 389-ds-base-1.2.11.15-67.el6_7 hang) - -First phase of the following approach: - Fix design by Ludwig Krispenz and Rich Megginson (Thanks!) - Investigate the connection params used in the pblock access one by one and. - - for fields not used, either remove the access or just leave it as is - - With a big ASSERT to flag cases if the field is ever used, and a plan to - deprecate and remove the field. - - for fields with atomic access, like c_isreplication_session remove the mutex - - for filelds requiring copying, define them directly in the pblock and when - the pblock is created, populate them from the connection, the pblock access - would no longer need the c_mutex. -Removing PR_Lock(c_mutex) from slapi_pblock_get(SLAPI_CONN_CLIENTNETADDR) since -acquiring the lock is not necessary for the atomic reads. This change solves -the self deadlock. - -https://fedorahosted.org/389/ticket/48338#comment:11 - -Reviewed by nkinder@redhat.com and mreynolds@redhat.com (Thank you, Nathan and Mark!) - -(cherry picked from commit 79ca67d1fc5d50d8a9ae6b686b9564f3960f8592) -(cherry picked from commit 36245abd78f7abfed8219a5ac4a4cf50c1c0237c) ---- - ldap/servers/slapd/pblock.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c -index bf57a33..f2017be 100644 ---- a/ldap/servers/slapd/pblock.c -+++ b/ldap/servers/slapd/pblock.c -@@ -223,14 +223,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - memset( value, 0, sizeof( PRNetAddr )); - break; - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ /* For fields with atomic access, remove the PR_Lock(c_mutex) */ - if ( pblock->pb_conn->cin_addr == NULL ) { - memset( value, 0, sizeof( PRNetAddr )); - } else { -- (*(PRNetAddr *)value) = -- *(pblock->pb_conn->cin_addr); -+ (*(PRNetAddr *)value) = *(pblock->pb_conn->cin_addr); - } -- PR_Unlock( pblock->pb_conn->c_mutex ); - break; - case SLAPI_CONN_SERVERNETADDR: - if (pblock->pb_conn == NULL) --- -2.4.3 - diff --git a/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch b/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch deleted file mode 100644 index d4c29f9..0000000 --- a/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch +++ /dev/null @@ -1,929 +0,0 @@ -From 4a52c95b2f7815c15efd84daf57ced08e7855cc2 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 7 Dec 2015 16:45:06 -0500 -Subject: [PATCH 77/78] Ticket 48370 - The 'eq' index does not get updated - properly when deleting and re-adding attributes in - the same modify operation - -Bug Description: If you delete several values of the same attribute, and - add at least one of them back in the same operation, the - equality index does not get updated. - -Fix Description: Modify the logic of the index code to update the index if - at least one of the values in the entry changes. - - Also did pep8 cleanup of create_test.py - -https://fedorahosted.org/389/ticket/48370 - -Reviewed by: wibrown(Thanks!) - -(cherry picked from commit 63b80b5c31ebda51445c662903a28e2a79ebe60a) -(cherry picked from commit 4a53592ec89d288f182c509dc7fcc104d8cbc4a8) ---- - dirsrvtests/create_test.py | 393 +++++++++++++++++++------------- - dirsrvtests/tickets/ticket48370_test.py | 236 +++++++++++++++++++ - ldap/servers/slapd/back-ldbm/index.c | 29 +-- - 3 files changed, 480 insertions(+), 178 deletions(-) - create mode 100644 dirsrvtests/tickets/ticket48370_test.py - -diff --git a/dirsrvtests/create_test.py b/dirsrvtests/create_test.py -index 941e922..5293991 100755 ---- a/dirsrvtests/create_test.py -+++ b/dirsrvtests/create_test.py -@@ -22,14 +22,16 @@ import optparse - - - def displayUsage(): -- print ('\nUsage:\ncreate_ticket.py -t|--ticket -s|--suite ' + -- '[ i|--instances [ -m|--masters ' + -- '-h|--hubs -c|--consumers ] ' + -- '-o|--outputfile ]\n') -- print ('If only "-t" is provided then a single standalone instance is created. ' + -- 'Or you can create a test suite script using "-s|--suite" instead of using "-t|--ticket".' + -- 'The "-i" option can add mulitple standalone instances(maximum 10). ' + -- 'However, you can not mix "-i" with the replication options(-m, -h , -c). ' + -+ print ('\nUsage:\ncreate_ticket.py -t|--ticket ' + -+ '-s|--suite ' + -+ '[ i|--instances ' + -+ '[ -m|--masters -h|--hubs ' + -+ '-c|--consumers ] -o|--outputfile ]\n') -+ print ('If only "-t" is provided then a single standalone instance is ' + -+ 'created. Or you can create a test suite script using ' + -+ '"-s|--suite" instead of using "-t|--ticket". The "-i" option ' + -+ 'can add mulitple standalone instances(maximum 10). However, you' + -+ ' can not mix "-i" with the replication options(-m, -h , -c). ' + - 'There is a maximum of 10 masters, 10 hubs, and 10 consumers.') - exit(1) - -@@ -59,34 +61,47 @@ if len(sys.argv) > 0: - displayUsage() - - if args.ticket and args.suite: -- print 'You must choose either "-t|--ticket" or "-s|--suite", but not both.' -+ print('You must choose either "-t|--ticket" or "-s|--suite", ' + -+ 'but not both.') - displayUsage() - - if int(args.masters) == 0: - if int(args.hubs) > 0 or int(args.consumers) > 0: -- print 'You must use "-m|--masters" if you want to have hubs and/or consumers' -+ print('You must use "-m|--masters" if you want to have hubs ' + -+ 'and/or consumers') - displayUsage() - -- if not args.masters.isdigit() or int(args.masters) > 10 or int(args.masters) < 0: -- print 'Invalid value for "--masters", it must be a number and it can not be greater than 10' -+ if not args.masters.isdigit() or \ -+ int(args.masters) > 10 or \ -+ int(args.masters) < 0: -+ print('Invalid value for "--masters", it must be a number and it can' + -+ ' not be greater than 10') - displayUsage() - - if not args.hubs.isdigit() or int(args.hubs) > 10 or int(args.hubs) < 0: -- print 'Invalid value for "--hubs", it must be a number and it can not be greater than 10' -+ print('Invalid value for "--hubs", it must be a number and it can ' + -+ 'not be greater than 10') - displayUsage() - -- if not args.consumers.isdigit() or int(args.consumers) > 10 or int(args.consumers) < 0: -- print 'Invalid value for "--consumers", it must be a number and it can not be greater than 10' -+ if not args.consumers.isdigit() or \ -+ int(args.consumers) > 10 or \ -+ int(args.consumers) < 0: -+ print('Invalid value for "--consumers", it must be a number and it ' + -+ 'can not be greater than 10') - displayUsage() - - if args.inst: -- if not args.inst.isdigit() or int(args.inst) > 10 or int(args.inst) < 1: -- print ('Invalid value for "--instances", it must be a number greater than 0 ' + -- 'and not greater than 10') -+ if not args.inst.isdigit() or \ -+ int(args.inst) > 10 or \ -+ int(args.inst) < 1: -+ print('Invalid value for "--instances", it must be a number ' + -+ 'greater than 0 and not greater than 10') - displayUsage() - if int(args.inst) > 0: -- if int(args.masters) > 0 or int(args.hubs) > 0 or int(args.consumers) > 0: -- print 'You can not mix "--instances" with replication.' -+ if int(args.masters) > 0 or \ -+ int(args.hubs) > 0 or \ -+ int(args.consumers) > 0: -+ print('You can not mix "--instances" with replication.') - displayUsage() - - # Extract usable values -@@ -120,9 +135,11 @@ if len(sys.argv) > 0: - # - # Write the imports - # -- TEST.write('import os\nimport sys\nimport time\nimport ldap\nimport logging\nimport pytest\n') -- TEST.write('from lib389 import DirSrv, Entry, tools, tasks\nfrom lib389.tools import DirSrvTools\n' + -- 'from lib389._constants import *\nfrom lib389.properties import *\n' + -+ TEST.write('import os\nimport sys\nimport time\nimport ldap\n' + -+ 'import logging\nimport pytest\n') -+ TEST.write('from lib389 import DirSrv, Entry, tools, tasks\nfrom ' + -+ 'lib389.tools import DirSrvTools\nfrom lib389._constants ' + -+ 'import *\nfrom lib389.properties import *\n' + - 'from lib389.tasks import *\nfrom lib389.utils import *\n\n') - - # -@@ -154,13 +171,16 @@ if len(sys.argv) > 0: - - for idx in range(masters): - TEST.write(' master' + str(idx + 1) + '.open()\n') -- TEST.write(' self.master' + str(idx + 1) + ' = master' + str(idx + 1) + '\n') -+ TEST.write(' self.master' + str(idx + 1) + ' = master' + -+ str(idx + 1) + '\n') - for idx in range(hubs): - TEST.write(' hub' + str(idx + 1) + '.open()\n') -- TEST.write(' self.hub' + str(idx + 1) + ' = hub' + str(idx + 1) + '\n') -+ TEST.write(' self.hub' + str(idx + 1) + ' = hub' + -+ str(idx + 1) + '\n') - for idx in range(consumers): - TEST.write(' consumer' + str(idx + 1) + '.open()\n') -- TEST.write(' self.consumer' + str(idx + 1) + ' = consumer' + str(idx + 1) + '\n') -+ TEST.write(' self.consumer' + str(idx + 1) + ' = consumer' + -+ str(idx + 1) + '\n') - TEST.write('\n\n') - else: - # -@@ -184,7 +204,8 @@ if len(sys.argv) > 0: - else: - idx = str(idx) - TEST.write(' standalone' + idx + '.open()\n') -- TEST.write(' self.standalone' + idx + ' = standalone' + idx + '\n') -+ TEST.write(' self.standalone' + idx + ' = standalone' + -+ idx + '\n') - TEST.write('\n\n') - - # -@@ -194,7 +215,8 @@ if len(sys.argv) > 0: - TEST.write('def topology(request):\n') - TEST.write(' global installation1_prefix\n') - TEST.write(' if installation1_prefix:\n') -- TEST.write(' args_instance[SER_DEPLOYED_DIR] = installation1_prefix\n\n') -+ TEST.write(' args_instance[SER_DEPLOYED_DIR] = ' + -+ 'installation1_prefix\n\n') - - if repl_deployment: - # -@@ -204,20 +226,25 @@ if len(sys.argv) > 0: - idx = str(idx + 1) - TEST.write(' # Creating master ' + idx + '...\n') - TEST.write(' master' + idx + ' = DirSrv(verbose=False)\n') -- TEST.write(' args_instance[SER_HOST] = HOST_MASTER_' + idx + '\n') -- TEST.write(' args_instance[SER_PORT] = PORT_MASTER_' + idx + '\n') -- TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_' + idx + '\n') -- TEST.write(' args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n') -+ TEST.write(' args_instance[SER_HOST] = HOST_MASTER_' + idx + -+ '\n') -+ TEST.write(' args_instance[SER_PORT] = PORT_MASTER_' + idx + -+ '\n') -+ TEST.write(' args_instance[SER_SERVERID_PROP] = ' + -+ 'SERVERID_MASTER_' + idx + '\n') -+ TEST.write(' args_instance[SER_CREATION_SUFFIX] = ' + -+ 'DEFAULT_SUFFIX\n') - TEST.write(' args_master = args_instance.copy()\n') - TEST.write(' master' + idx + '.allocate(args_master)\n') -- TEST.write(' instance_master' + idx + ' = master' + idx + '.exists()\n') -+ TEST.write(' instance_master' + idx + ' = master' + idx + -+ '.exists()\n') - TEST.write(' if instance_master' + idx + ':\n') - TEST.write(' master' + idx + '.delete()\n') - TEST.write(' master' + idx + '.create()\n') - TEST.write(' master' + idx + '.open()\n') -- TEST.write(' master' + idx + '.replica.enableReplication(suffix=SUFFIX, ' + -- 'role=REPLICAROLE_MASTER, ' + -- 'replicaId=REPLICAID_MASTER_' + idx + ')\n\n') -+ TEST.write(' master' + idx + '.replica.enableReplication' + -+ '(suffix=SUFFIX, role=REPLICAROLE_MASTER, ' + -+ 'replicaId=REPLICAID_MASTER_' + idx + ')\n\n') - - for idx in range(hubs): - idx = str(idx + 1) -@@ -225,37 +252,45 @@ if len(sys.argv) > 0: - TEST.write(' hub' + idx + ' = DirSrv(verbose=False)\n') - TEST.write(' args_instance[SER_HOST] = HOST_HUB_' + idx + '\n') - TEST.write(' args_instance[SER_PORT] = PORT_HUB_' + idx + '\n') -- TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_HUB_' + idx + '\n') -- TEST.write(' args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n') -+ TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_HUB_' + -+ idx + '\n') -+ TEST.write(' args_instance[SER_CREATION_SUFFIX] = ' + -+ 'DEFAULT_SUFFIX\n') - TEST.write(' args_hub = args_instance.copy()\n') - TEST.write(' hub' + idx + '.allocate(args_hub)\n') -- TEST.write(' instance_hub' + idx + ' = hub' + idx + '.exists()\n') -+ TEST.write(' instance_hub' + idx + ' = hub' + idx + -+ '.exists()\n') - TEST.write(' if instance_hub' + idx + ':\n') - TEST.write(' hub' + idx + '.delete()\n') - TEST.write(' hub' + idx + '.create()\n') - TEST.write(' hub' + idx + '.open()\n') -- TEST.write(' hub' + idx + '.replica.enableReplication(suffix=SUFFIX, ' + -- 'role=REPLICAROLE_HUB, ' + -- 'replicaId=REPLICAID_HUB_' + idx + ')\n\n') -+ TEST.write(' hub' + idx + '.replica.enableReplication' + -+ '(suffix=SUFFIX, role=REPLICAROLE_HUB, ' + -+ 'replicaId=REPLICAID_HUB_' + idx + ')\n\n') - - for idx in range(consumers): - idx = str(idx + 1) - TEST.write(' # Creating consumer ' + idx + '...\n') - TEST.write(' consumer' + idx + ' = DirSrv(verbose=False)\n') -- TEST.write(' args_instance[SER_HOST] = HOST_CONSUMER_' + idx + '\n') -- TEST.write(' args_instance[SER_PORT] = PORT_CONSUMER_' + idx + '\n') -- TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_CONSUMER_' + idx + '\n') -- TEST.write(' args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n') -+ TEST.write(' args_instance[SER_HOST] = HOST_CONSUMER_' + idx + -+ '\n') -+ TEST.write(' args_instance[SER_PORT] = PORT_CONSUMER_' + idx + -+ '\n') -+ TEST.write(' args_instance[SER_SERVERID_PROP] = ' + -+ 'SERVERID_CONSUMER_' + idx + '\n') -+ TEST.write(' args_instance[SER_CREATION_SUFFIX] = ' + -+ 'DEFAULT_SUFFIX\n') - TEST.write(' args_consumer = args_instance.copy()\n') - TEST.write(' consumer' + idx + '.allocate(args_consumer)\n') -- TEST.write(' instance_consumer' + idx + ' = consumer' + idx + '.exists()\n') -+ TEST.write(' instance_consumer' + idx + ' = consumer' + idx + -+ '.exists()\n') - TEST.write(' if instance_consumer' + idx + ':\n') - TEST.write(' consumer' + idx + '.delete()\n') - TEST.write(' consumer' + idx + '.create()\n') - TEST.write(' consumer' + idx + '.open()\n') -- TEST.write(' consumer' + idx + '.replica.enableReplication(suffix=SUFFIX, ' + -- 'role=REPLICAROLE_CONSUMER, ' + -- 'replicaId=CONSUMER_REPLICAID)\n\n') -+ TEST.write(' consumer' + idx + '.replica.enableReplication' + -+ '(suffix=SUFFIX, role=REPLICAROLE_CONSUMER, ' + -+ 'replicaId=CONSUMER_REPLICAID)\n\n') - - # - # Create the master agreements -@@ -274,39 +309,61 @@ if len(sys.argv) > 0: - if master_idx == idx: - # skip ourselves - continue -- TEST.write(' # Creating agreement from master ' + str(master_idx) + ' to master ' + str(idx) + '\n') -- TEST.write(" properties = {RA_NAME: r'meTo_$host:$port',\n") -- TEST.write(" RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],\n") -- TEST.write(" RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],\n") -- TEST.write(" RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],\n") -- TEST.write(" RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n") -- TEST.write(' m' + str(master_idx) + '_m' + str(idx) + '_agmt = master' + str(master_idx) + -+ TEST.write(' # Creating agreement from master ' + -+ str(master_idx) + ' to master ' + str(idx) + '\n') -+ TEST.write(" properties = {RA_NAME: " + -+ "r'meTo_$host:$port',\n") -+ TEST.write(" RA_BINDDN: " + -+ "defaultProperties[REPLICATION_BIND_DN],\n") -+ TEST.write(" RA_BINDPW: " + -+ "defaultProperties[REPLICATION_BIND_PW],\n") -+ TEST.write(" RA_METHOD: " + -+ "defaultProperties[REPLICATION_BIND_METHOD],\n") -+ TEST.write(" RA_TRANSPORT_PROT: " + -+ "defaultProperties[REPLICATION_TRANSPORT]}\n") -+ TEST.write(' m' + str(master_idx) + '_m' + str(idx) + -+ '_agmt = master' + str(master_idx) + - '.agreement.create(suffix=SUFFIX, host=master' + -- str(idx) + '.host, port=master' + str(idx) + '.port, properties=properties)\n') -- TEST.write(' if not m' + str(master_idx) + '_m' + str(idx) + '_agmt:\n') -- TEST.write(' log.fatal("Fail to create a master -> master replica agreement")\n') -+ str(idx) + '.host, port=master' + str(idx) + -+ '.port, properties=properties)\n') -+ TEST.write(' if not m' + str(master_idx) + '_m' + str(idx) + -+ '_agmt:\n') -+ TEST.write(' log.fatal("Fail to create a master -> ' + -+ 'master replica agreement")\n') - TEST.write(' sys.exit(1)\n') -- TEST.write(' log.debug("%s created" % m' + str(master_idx) + '_m' + str(idx) + '_agmt)\n\n') -+ TEST.write(' log.debug("%s created" % m' + str(master_idx) + -+ '_m' + str(idx) + '_agmt)\n\n') - agmt_count += 1 - - for idx in range(hubs): - idx += 1 - # -- # Create agreements from each master to each hub (master -> hub) -+ # Create agmts from each master to each hub (master -> hub) - # -- TEST.write(' # Creating agreement from master ' + str(master_idx) + ' to hub ' + str(idx) + '\n') -- TEST.write(" properties = {RA_NAME: r'meTo_$host:$port',\n") -- TEST.write(" RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],\n") -- TEST.write(" RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],\n") -- TEST.write(" RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],\n") -- TEST.write(" RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n") -- TEST.write(' m' + str(master_idx) + '_h' + str(idx) + '_agmt = master' + str(master_idx) + -- '.agreement.create(suffix=SUFFIX, host=hub' + -- str(idx) + '.host, port=hub' + str(idx) + '.port, properties=properties)\n') -- TEST.write(' if not m' + str(master_idx) + '_h' + str(idx) + '_agmt:\n') -- TEST.write(' log.fatal("Fail to create a master -> hub replica agreement")\n') -+ TEST.write(' # Creating agreement from master ' + -+ str(master_idx) + ' to hub ' + str(idx) + '\n') -+ TEST.write(" properties = {RA_NAME: " + -+ "r'meTo_$host:$port',\n") -+ TEST.write(" RA_BINDDN: " + -+ "defaultProperties[REPLICATION_BIND_DN],\n") -+ TEST.write(" RA_BINDPW: " + -+ "defaultProperties[REPLICATION_BIND_PW],\n") -+ TEST.write(" RA_METHOD: " + -+ "defaultProperties[REPLICATION_BIND_METHOD],\n") -+ TEST.write(" RA_TRANSPORT_PROT: " + -+ "defaultProperties[REPLICATION_TRANSPORT]}\n") -+ TEST.write(' m' + str(master_idx) + '_h' + str(idx) + -+ '_agmt = master' + str(master_idx) + -+ '.agreement.create(suffix=SUFFIX, host=hub' + -+ str(idx) + '.host, port=hub' + str(idx) + -+ '.port, properties=properties)\n') -+ TEST.write(' if not m' + str(master_idx) + '_h' + str(idx) + -+ '_agmt:\n') -+ TEST.write(' log.fatal("Fail to create a master -> ' + -+ 'hub replica agreement")\n') - TEST.write(' sys.exit(1)\n') -- TEST.write(' log.debug("%s created" % m' + str(master_idx) + '_h' + str(idx) + '_agmt)\n\n') -+ TEST.write(' log.debug("%s created" % m' + str(master_idx) + -+ '_h' + str(idx) + '_agmt)\n\n') - agmt_count += 1 - - # -@@ -322,24 +379,35 @@ if len(sys.argv) > 0: - # - # Create agreements from each hub to each consumer - # -- TEST.write(' # Creating agreement from hub ' + str(hub_idx) + ' to consumer ' + str(idx) + '\n') -- TEST.write(" properties = {RA_NAME: r'meTo_$host:$port',\n") -- TEST.write(" RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],\n") -- TEST.write(" RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],\n") -- TEST.write(" RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],\n") -- TEST.write(" RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n") -- TEST.write(' h' + str(hub_idx) + '_c' + str(idx) + '_agmt = hub' + -- str(hub_idx) + '.agreement.create(suffix=SUFFIX, host=consumer' + -- str(idx) + '.host, port=consumer' + str(idx) + '.port, properties=properties)\n') -- TEST.write(' if not h' + str(hub_idx) + '_c' + str(idx) + '_agmt:\n') -- TEST.write(' log.fatal("Fail to create a hub -> consumer replica agreement")\n') -+ TEST.write(' # Creating agreement from hub ' + str(hub_idx) -+ + ' to consumer ' + str(idx) + '\n') -+ TEST.write(" properties = {RA_NAME: " + -+ "r'meTo_$host:$port',\n") -+ TEST.write(" RA_BINDDN: " + -+ "defaultProperties[REPLICATION_BIND_DN],\n") -+ TEST.write(" RA_BINDPW: " + -+ "defaultProperties[REPLICATION_BIND_PW],\n") -+ TEST.write(" RA_METHOD: " + -+ "defaultProperties[REPLICATION_BIND_METHOD],\n") -+ TEST.write(" RA_TRANSPORT_PROT: " + -+ "defaultProperties[REPLICATION_TRANSPORT]}\n") -+ TEST.write(' h' + str(hub_idx) + '_c' + str(idx) + -+ '_agmt = hub' + str(hub_idx) + -+ '.agreement.create(suffix=SUFFIX, host=consumer' + -+ str(idx) + '.host, port=consumer' + str(idx) + -+ '.port, properties=properties)\n') -+ TEST.write(' if not h' + str(hub_idx) + '_c' + str(idx) + -+ '_agmt:\n') -+ TEST.write(' log.fatal("Fail to create a hub -> ' + -+ 'consumer replica agreement")\n') - TEST.write(' sys.exit(1)\n') -- TEST.write(' log.debug("%s created" % h' + str(hub_idx) + '_c' + str(idx) + '_agmt)\n\n') -+ TEST.write(' log.debug("%s created" % h' + str(hub_idx) + -+ '_c' + str(idx) + '_agmt)\n\n') - agmt_count += 1 - - if hubs == 0: - # -- # No Hubs, see if there are any consumers to create agreements to... -+ # No Hubs, see if there are any consumers to create agreements to - # - for idx in range(masters): - master_idx = idx + 1 -@@ -351,27 +419,40 @@ if len(sys.argv) > 0: - # - # Create agreements from each master to each consumer - # -- TEST.write(' # Creating agreement from master ' + str(master_idx) + -- ' to consumer ' + str(idx) + '\n') -- TEST.write(" properties = {RA_NAME: r'meTo_$host:$port',\n") -- TEST.write(" RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],\n") -- TEST.write(" RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],\n") -- TEST.write(" RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],\n") -- TEST.write(" RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n") -- TEST.write(' m' + str(master_idx) + '_c' + str(idx) + '_agmt = master' + str(master_idx) + -- '.agreement.create(suffix=SUFFIX, host=consumer' + -- str(idx) + '.host, port=consumer' + str(idx) + -- '.port, properties=properties)\n') -- TEST.write(' if not m' + str(master_idx) + '_c' + str(idx) + '_agmt:\n') -- TEST.write(' log.fatal("Fail to create a hub -> consumer replica agreement")\n') -+ TEST.write(' # Creating agreement from master ' + -+ str(master_idx) + ' to consumer ' + str(idx) + -+ '\n') -+ TEST.write(" properties = {RA_NAME: " + -+ "r'meTo_$host:$port',\n") -+ TEST.write(" RA_BINDDN: " + -+ "defaultProperties[REPLICATION_BIND_DN],\n") -+ TEST.write(" RA_BINDPW: " + -+ "defaultProperties[REPLICATION_BIND_PW],\n") -+ TEST.write(" RA_METHOD: " + -+ "defaultProperties[REPLICATION_BIND_METHOD],\n") -+ TEST.write(" RA_TRANSPORT_PROT: " + -+ "defaultProperties[REPLICATION_TRANSPORT]}\n") -+ TEST.write(' m' + str(master_idx) + '_c' + str(idx) + -+ '_agmt = master' + str(master_idx) + -+ '.agreement.create(suffix=SUFFIX, ' + -+ 'host=consumer' + str(idx) + -+ '.host, port=consumer' + str(idx) + -+ '.port, properties=properties)\n') -+ TEST.write(' if not m' + str(master_idx) + '_c' + -+ str(idx) + '_agmt:\n') -+ TEST.write(' log.fatal("Fail to create a hub -> ' + -+ 'consumer replica agreement")\n') - TEST.write(' sys.exit(1)\n') -- TEST.write(' log.debug("%s created" % m' + str(master_idx) + '_c' + str(idx) + '_agmt)\n\n') -+ TEST.write(' log.debug("%s created" % m' + -+ str(master_idx) + '_c' + str(idx) + -+ '_agmt)\n\n') - agmt_count += 1 - - # - # Add sleep that allows all the agreemnts to get situated - # -- TEST.write(' # Allow the replicas to get situated with the new agreements...\n') -+ TEST.write(' # Allow the replicas to get situated with the new ' + -+ 'agreements...\n') - TEST.write(' time.sleep(5)\n\n') - - # -@@ -388,7 +469,8 @@ if len(sys.argv) > 0: - continue - TEST.write(' master1.agreement.init(SUFFIX, HOST_MASTER_' + - str(idx) + ', PORT_MASTER_' + str(idx) + ')\n') -- TEST.write(' master1.waitForReplInit(m1_m' + str(idx) + '_agmt)\n') -+ TEST.write(' master1.waitForReplInit(m1_m' + str(idx) + -+ '_agmt)\n') - - # Hubs - consumers_inited = False -@@ -396,23 +478,27 @@ if len(sys.argv) > 0: - idx += 1 - TEST.write(' master1.agreement.init(SUFFIX, HOST_HUB_' + - str(idx) + ', PORT_HUB_' + str(idx) + ')\n') -- TEST.write(' master1.waitForReplInit(m1_h' + str(idx) + '_agmt)\n') -+ TEST.write(' master1.waitForReplInit(m1_h' + str(idx) + -+ '_agmt)\n') - for idx in range(consumers): - if consumers_inited: - continue - idx += 1 - TEST.write(' hub1.agreement.init(SUFFIX, HOST_CONSUMER_' + - str(idx) + ', PORT_CONSUMER_' + str(idx) + ')\n') -- TEST.write(' hub1.waitForReplInit(h1_c' + str(idx) + '_agmt)\n') -+ TEST.write(' hub1.waitForReplInit(h1_c' + str(idx) + -+ '_agmt)\n') - consumers_inited = True - - # Consumers (master -> consumer) - if hubs == 0: - for idx in range(consumers): - idx += 1 -- TEST.write(' master1.agreement.init(SUFFIX, HOST_CONSUMER_' + -- str(idx) + ', PORT_CONSUMER_' + str(idx) + ')\n') -- TEST.write(' master1.waitForReplInit(m1_c' + str(idx) + '_agmt)\n') -+ TEST.write(' master1.agreement.init(SUFFIX, ' + -+ 'HOST_CONSUMER_' + str(idx) + ', PORT_CONSUMER_' + -+ str(idx) + ')\n') -+ TEST.write(' master1.waitForReplInit(m1_c' + str(idx) + -+ '_agmt)\n') - - TEST.write('\n') - -@@ -420,7 +506,7 @@ if len(sys.argv) > 0: - # Write replicaton check - # - if agmt_count > 0: -- # Find the lowest replica type in the deployment(consumer -> master) -+ # Find the lowest replica type (consumer -> master) - if consumers > 0: - replica = 'consumer1' - elif hubs > 0: -@@ -428,7 +514,8 @@ if len(sys.argv) > 0: - else: - replica = 'master2' - TEST.write(' # Check replication is working...\n') -- TEST.write(' if master1.testReplication(DEFAULT_SUFFIX, ' + replica + '):\n') -+ TEST.write(' if master1.testReplication(DEFAULT_SUFFIX, ' + -+ replica + '):\n') - TEST.write(" log.info('Replication is working.')\n") - TEST.write(' else:\n') - TEST.write(" log.fatal('Replication is not working.')\n") -@@ -465,15 +552,22 @@ if len(sys.argv) > 0: - idx = str(idx) - TEST.write(' # Creating standalone instance ' + idx + '...\n') - TEST.write(' standalone' + idx + ' = DirSrv(verbose=False)\n') -- TEST.write(' args_instance[SER_HOST] = HOST_STANDALONE' + idx + '\n') -- TEST.write(' args_instance[SER_PORT] = PORT_STANDALONE' + idx + '\n') -- TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE' + idx + '\n') -- TEST.write(' args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n') -- TEST.write(' args_standalone' + idx + ' = args_instance.copy()\n') -- TEST.write(' standalone' + idx + '.allocate(args_standalone' + idx + ')\n') -+ TEST.write(' args_instance[SER_HOST] = HOST_STANDALONE' + -+ idx + '\n') -+ TEST.write(' args_instance[SER_PORT] = PORT_STANDALONE' + -+ idx + '\n') -+ TEST.write(' args_instance[SER_SERVERID_PROP] = ' + -+ 'SERVERID_STANDALONE' + idx + '\n') -+ TEST.write(' args_instance[SER_CREATION_SUFFIX] = ' + -+ 'DEFAULT_SUFFIX\n') -+ TEST.write(' args_standalone' + idx + ' = args_instance.copy' + -+ '()\n') -+ TEST.write(' standalone' + idx + '.allocate(args_standalone' + -+ idx + ')\n') - - # Get the status of the instance and restart it if it exists -- TEST.write(' instance_standalone' + idx + ' = standalone' + idx + '.exists()\n') -+ TEST.write(' instance_standalone' + idx + ' = standalone' + -+ idx + '.exists()\n') - - # Remove the instance - TEST.write(' if instance_standalone' + idx + ':\n') -@@ -503,12 +597,20 @@ if len(sys.argv) > 0: - TEST.write('def test_ticket' + ticket + '(topology):\n') - TEST.write(" '''\n") - if repl_deployment: -- TEST.write(' Write your replication testcase here.\n\n') -- TEST.write(' To access each DirSrv instance use: topology.master1, topology.master2,\n' + -- ' ..., topology.hub1, ..., topology.consumer1, ...\n') -+ TEST.write(' """Write your replication testcase here.\n\n') -+ TEST.write(' To access each DirSrv instance use: ' + -+ 'topology.master1, topology.master2,\n' + -+ ' ..., topology.hub1, ..., topology.consumer1' + -+ ',...\n\n') -+ TEST.write(' Also, if you need any testcase initialization,\n') -+ TEST.write(' please, write additional fixture for that' + -+ '(include ' + 'finalizer).\n') - else: -- TEST.write(' Write your testcase here...\n') -- TEST.write(" '''\n\n") -+ TEST.write(' """Write your testcase here...\n\n') -+ TEST.write(' Also, if you need any testcase initialization,\n') -+ TEST.write(' please, write additional fixture for that' + -+ '(include finalizer).\n') -+ TEST.write(' """\n\n') - TEST.write(" log.info('Test complete')\n") - TEST.write("\n\n") - else: -@@ -520,43 +622,11 @@ if len(sys.argv) > 0: - - # Write the first initial empty test function - TEST.write('def test_' + suite + '_#####(topology):\n') -- TEST.write(" '''\n") -- TEST.write(' Write a single test here...\n') -- TEST.write(" '''\n\n return\n\n\n") -- -- # -- # Write the final function here - delete each instance -- # -- if ticket: -- TEST.write('def test_ticket' + ticket + '_final(topology):\n') -- else: -- # suite -- TEST.write('def test_' + suite + '_final(topology):\n') -- if repl_deployment: -- for idx in range(masters): -- idx += 1 -- TEST.write(' topology.master' + str(idx) + '.delete()\n') -- for idx in range(hubs): -- idx += 1 -- TEST.write(' topology.hub' + str(idx) + '.delete()\n') -- for idx in range(consumers): -- idx += 1 -- TEST.write(' topology.consumer' + str(idx) + '.delete()\n') -- else: -- for idx in range(instances): -- idx += 1 -- if idx == 1: -- idx = '' -- else: -- idx = str(idx) -- TEST.write(' topology.standalone' + idx + '.delete()\n') -- -- if ticket: -- TEST.write(" log.info('Testcase PASSED')\n") -- else: -- # suite -- TEST.write(" log.info('" + suite + " test suite PASSED')\n") -- TEST.write('\n\n') -+ TEST.write(' """Write a single test here...\n\n') -+ TEST.write(' Also, if you need any test suite initialization,\n') -+ TEST.write(' please, write additional fixture for that(include ' + -+ 'finalizer).\n') -+ TEST.write(' """\n\n return\n\n\n') - - # - # Write the main function -@@ -576,7 +646,10 @@ if len(sys.argv) > 0: - TEST.write('\n\n') - - TEST.write("if __name__ == '__main__':\n") -- TEST.write(' run_isolated()\n\n') -+ TEST.write(' # Run isolated\n') -+ TEST.write(' # -s for DEBUG mode\n') -+ TEST.write(' CURRENT_FILE = os.path.realpath(__file__)\n') -+ TEST.write(' pytest.main("-s %s" % CURRENT_FILE)\n') - - # - # Done, close things up -diff --git a/dirsrvtests/tickets/ticket48370_test.py b/dirsrvtests/tickets/ticket48370_test.py -new file mode 100644 -index 0000000..f5b1f47 ---- /dev/null -+++ b/dirsrvtests/tickets/ticket48370_test.py -@@ -0,0 +1,236 @@ -+import os -+import ldap -+import logging -+import pytest -+from lib389 import DirSrv, Entry -+from lib389._constants import * -+from lib389.properties import * -+from lib389.tasks import * -+from lib389.utils import * -+ -+logging.getLogger(__name__).setLevel(logging.DEBUG) -+log = logging.getLogger(__name__) -+ -+installation1_prefix = None -+ -+ -+class TopologyStandalone(object): -+ def __init__(self, standalone): -+ standalone.open() -+ self.standalone = standalone -+ -+ -+@pytest.fixture(scope="module") -+def topology(request): -+ global installation1_prefix -+ if installation1_prefix: -+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix -+ -+ # Creating standalone instance ... -+ standalone = DirSrv(verbose=False) -+ args_instance[SER_HOST] = HOST_STANDALONE -+ args_instance[SER_PORT] = PORT_STANDALONE -+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE -+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX -+ args_standalone = args_instance.copy() -+ standalone.allocate(args_standalone) -+ instance_standalone = standalone.exists() -+ if instance_standalone: -+ standalone.delete() -+ standalone.create() -+ standalone.open() -+ -+ # Delete each instance in the end -+ def fin(): -+ standalone.delete() -+ request.addfinalizer(fin) -+ -+ # Clear out the tmp dir -+ standalone.clearTmpDir(__file__) -+ -+ return TopologyStandalone(standalone) -+ -+ -+def test_ticket48370(topology): -+ """ -+ Deleting attirbute values and readding a value does not properly update -+ the pres index. The values are not actually deleted from the index -+ """ -+ -+ DN = 'uid=user0099,' + DEFAULT_SUFFIX -+ -+ # -+ # Add an entry -+ # -+ topology.standalone.add_s(Entry((DN, { -+ 'objectclass': ['top', 'person', -+ 'organizationalPerson', -+ 'inetorgperson', -+ 'posixAccount'], -+ 'givenname': 'test', -+ 'sn': 'user', -+ 'loginshell': '/bin/bash', -+ 'uidNumber': '10099', -+ 'gidNumber': '10099', -+ 'gecos': 'Test User', -+ 'mail': ['user0099@dev.null', -+ 'alias@dev.null', -+ 'user0099@redhat.com'], -+ 'cn': 'Test User', -+ 'homeDirectory': '/home/user0099', -+ 'uid': 'admin2', -+ 'userpassword': 'password'}))) -+ -+ # -+ # Perform modify (delete & add mail attributes) -+ # -+ try: -+ topology.standalone.modify_s(DN, [(ldap.MOD_DELETE, -+ 'mail', -+ 'user0099@dev.null'), -+ (ldap.MOD_DELETE, -+ 'mail', -+ 'alias@dev.null'), -+ (ldap.MOD_ADD, -+ 'mail', 'user0099@dev.null')]) -+ except ldap.LDAPError as e: -+ log.fatal('Failedto modify user: ' + str(e)) -+ assert False -+ -+ # -+ # Search using deleted attribute value- no entries should be returned -+ # -+ try: -+ entry = topology.standalone.search_s(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ 'mail=alias@dev.null') -+ if entry: -+ log.fatal('Entry incorrectly returned') -+ assert False -+ except ldap.LDAPError as e: -+ log.fatal('Failed to search for user: ' + str(e)) -+ assert False -+ -+ # -+ # Search using existing attribute value - the entry should be returned -+ # -+ try: -+ entry = topology.standalone.search_s(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ 'mail=user0099@dev.null') -+ if entry is None: -+ log.fatal('Entry not found, but it should have been') -+ assert False -+ except ldap.LDAPError as e: -+ log.fatal('Failed to search for user: ' + str(e)) -+ assert False -+ -+ # -+ # Delete the last values -+ # -+ try: -+ topology.standalone.modify_s(DN, [(ldap.MOD_DELETE, -+ 'mail', -+ 'user0099@dev.null'), -+ (ldap.MOD_DELETE, -+ 'mail', -+ 'user0099@redhat.com') -+ ]) -+ except ldap.LDAPError as e: -+ log.fatal('Failed to modify user: ' + str(e)) -+ assert False -+ -+ # -+ # Search using deleted attribute value - no entries should be returned -+ # -+ try: -+ entry = topology.standalone.search_s(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ 'mail=user0099@redhat.com') -+ if entry: -+ log.fatal('Entry incorrectly returned') -+ assert False -+ except ldap.LDAPError as e: -+ log.fatal('Failed to search for user: ' + str(e)) -+ assert False -+ -+ # -+ # Make sure presence index is correctly updated - no entries should be -+ # returned -+ # -+ try: -+ entry = topology.standalone.search_s(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ 'mail=*') -+ if entry: -+ log.fatal('Entry incorrectly returned') -+ assert False -+ except ldap.LDAPError as e: -+ log.fatal('Failed to search for user: ' + str(e)) -+ assert False -+ -+ # -+ # Now add the attributes back, and lets run a different set of tests with -+ # a different number of attributes -+ # -+ try: -+ topology.standalone.modify_s(DN, [(ldap.MOD_ADD, -+ 'mail', -+ ['user0099@dev.null', -+ 'alias@dev.null'])]) -+ except ldap.LDAPError as e: -+ log.fatal('Failedto modify user: ' + str(e)) -+ assert False -+ -+ # -+ # Remove and readd some attibutes -+ # -+ try: -+ topology.standalone.modify_s(DN, [(ldap.MOD_DELETE, -+ 'mail', -+ 'alias@dev.null'), -+ (ldap.MOD_DELETE, -+ 'mail', -+ 'user0099@dev.null'), -+ (ldap.MOD_ADD, -+ 'mail', 'user0099@dev.null')]) -+ except ldap.LDAPError as e: -+ log.fatal('Failedto modify user: ' + str(e)) -+ assert False -+ -+ # -+ # Search using deleted attribute value - no entries should be returned -+ # -+ try: -+ entry = topology.standalone.search_s(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ 'mail=alias@dev.null') -+ if entry: -+ log.fatal('Entry incorrectly returned') -+ assert False -+ except ldap.LDAPError as e: -+ log.fatal('Failed to search for user: ' + str(e)) -+ assert False -+ -+ # -+ # Search using existing attribute value - the entry should be returned -+ # -+ try: -+ entry = topology.standalone.search_s(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ 'mail=user0099@dev.null') -+ if entry is None: -+ log.fatal('Entry not found, but it should have been') -+ assert False -+ except ldap.LDAPError as e: -+ log.fatal('Failed to search for user: ' + str(e)) -+ assert False -+ -+ log.info('Test PASSED') -+ -+ -+if __name__ == '__main__': -+ # Run isolated -+ # -s for DEBUG mode -+ CURRENT_FILE = os.path.realpath(__file__) -+ pytest.main("-s %s" % CURRENT_FILE) -diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c -index 2adf2f8..00e78a7 100644 ---- a/ldap/servers/slapd/back-ldbm/index.c -+++ b/ldap/servers/slapd/back-ldbm/index.c -@@ -727,31 +727,24 @@ index_add_mods( - flags = BE_INDEX_DEL|BE_INDEX_PRESENCE|BE_INDEX_EQUALITY; - } else { - flags = BE_INDEX_DEL; -- -- /* If the same value doesn't exist in a subtype, set -- * BE_INDEX_EQUALITY flag so the equality index is -- * removed. -- */ - curr_attr = NULL; - slapi_entry_attr_find(olde->ep_entry, -- mods[i]->mod_type, &curr_attr); -+ mods[i]->mod_type, -+ &curr_attr); - if (curr_attr) { -- int found = 0; - for (j = 0; mods_valueArray[j] != NULL; j++ ) { -- if ( slapi_valueset_find(curr_attr, all_vals, mods_valueArray[j])) { -- /* The same value found in evals. -- * We don't touch the equality index. */ -- found = 1; -+ if ( !slapi_valueset_find(curr_attr, all_vals, mods_valueArray[j]) ) { -+ /* -+ * If the mod del value is not found in all_vals -+ * we need to update the equality index as the -+ * final value(s) have changed -+ */ -+ if (!(flags & BE_INDEX_EQUALITY)) { -+ flags |= BE_INDEX_EQUALITY; -+ } - break; - } - } -- /* -- * to-be-deleted curr_attr does not exist in the -- * new value set evals. So, we can remove it. -- */ -- if (!found && !(flags & BE_INDEX_EQUALITY)) { -- flags |= BE_INDEX_EQUALITY; -- } - } - } - --- -2.4.3 - diff --git a/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch b/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch deleted file mode 100644 index 11ceecf..0000000 --- a/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch +++ /dev/null @@ -1,58 +0,0 @@ -From ba82865fe34c4b6f1a3df283b4848f29ee99ae05 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 9 Dec 2015 12:05:24 -0800 -Subject: [PATCH 78/78] Ticket #48375 - SimplePagedResults -- in the search - error case, simple paged results slot was not released. - -Description: If a simple paged results search fails in the backend, -the simple paged results slot was not released. This patch adds it. - -https://fedorahosted.org/389/ticket/48375 - -Reviewed by tbordaz@redhat.com (Thank you, Thierry!!) - -(cherry picked from commit 5a54717bfa40e3ef987bd85c5806125e49b2b278) -(cherry picked from commit b91aad03b660aea85cb745554f27101c690f8402) ---- - ldap/servers/slapd/opshared.c | 21 ++++++++++++++++----- - 1 file changed, 16 insertions(+), 5 deletions(-) - -diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c -index 586ca1f..5cafc3c 100644 ---- a/ldap/servers/slapd/opshared.c -+++ b/ldap/servers/slapd/opshared.c -@@ -814,15 +814,26 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - * wait the end of the loop to send back this error - */ - flag_no_such_object = 1; -- break; -+ } else { -+ /* err something other than LDAP_NO_SUCH_OBJECT, so the backend will -+ * have sent the result - -+ * Set a flag here so we don't return another result. */ -+ sent_result = 1; - } -- /* err something other than LDAP_NO_SUCH_OBJECT, so the backend will -- * have sent the result - -- * Set a flag here so we don't return another result. */ -- sent_result = 1; - /* fall through */ - - case -1: /* an error occurred */ -+ /* PAGED RESULTS */ -+ if (op_is_pagedresults(operation)) { -+ /* cleanup the slot */ -+ PR_Lock(pb->pb_conn->c_mutex); -+ pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx); -+ rc = pagedresults_set_current_be(pb->pb_conn, NULL, pr_idx, 1); -+ PR_Unlock(pb->pb_conn->c_mutex); -+ } -+ if (1 == flag_no_such_object) { -+ break; -+ } - slapi_pblock_get(pb, SLAPI_RESULT_CODE, &err); - if (err == LDAP_NO_SUCH_OBJECT) - { --- -2.4.3 - diff --git a/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch b/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch deleted file mode 100644 index 9346196..0000000 --- a/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 818f6a27ff92bf7adb5f378f985e9c8f36193812 Mon Sep 17 00:00:00 2001 -From: Ludwig Krispenz -Date: Tue, 22 Sep 2015 17:51:35 +0200 -Subject: [PATCH] Ticket 48283 - many attrlist_replace errors in connection - with cleanallruv - -Bug Description: attrlist_replace error messages are logged because the - list of values contains duplicate attributes - -Fix Description: the duplicate values can appear because when a replica - is removed from the ruv the array is compacted, but - memcpy is used instead of memmove - -https://fedorahosted.org/389/ticket/48283 - -Reviewed by: Rich, Thanks - -(cherry picked from commit 2674f5594a2eb088be34728c12c1169df36b1588) ---- - ldap/servers/slapd/dl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/dl.c b/ldap/servers/slapd/dl.c -index 8233519..c6858f3 100644 ---- a/ldap/servers/slapd/dl.c -+++ b/ldap/servers/slapd/dl.c -@@ -219,7 +219,7 @@ void *dl_delete (DataList *dl, const void *element, CMPFN cmpfn, FREEFN freefn) - - if (i != dl->element_count - 1) - { -- memcpy (&dl->elements[i], &dl->elements[i+1], (dl->element_count - i - 1) * sizeof (void*)); -+ memmove (&dl->elements[i], &dl->elements[i+1], (dl->element_count - i - 1) * sizeof (void*)); - } - - dl->element_count --; --- -2.4.3 - diff --git a/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch b/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch deleted file mode 100644 index 661eb52..0000000 --- a/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 45ea72050bfafa3dab744cec4338dd8ddca41a0c Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Thu, 7 Jan 2016 18:04:19 -0800 -Subject: [PATCH 80/81] Revert "Ticket #48338 - SimplePagedResults -- abandon - could happen between the abandon check and sending results" - -This reverts commit 79ca67d1fc5d50d8a9ae6b686b9564f3960f8592. - -The commit caused the bug 1296694 - ns-slapd crash in ipa context - -c_mutex lock memory corruption and self locks - -(cherry picked from commit 181847863bda74c2e3d77b6a7d9278350d50d4cc) -(cherry picked from commit c8b1817896af7db6e4fab42734b827e002a7a25b) ---- - ldap/servers/slapd/pblock.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c -index f2017be..bf57a33 100644 ---- a/ldap/servers/slapd/pblock.c -+++ b/ldap/servers/slapd/pblock.c -@@ -223,12 +223,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - memset( value, 0, sizeof( PRNetAddr )); - break; - } -- /* For fields with atomic access, remove the PR_Lock(c_mutex) */ -+ PR_Lock( pblock->pb_conn->c_mutex ); - if ( pblock->pb_conn->cin_addr == NULL ) { - memset( value, 0, sizeof( PRNetAddr )); - } else { -- (*(PRNetAddr *)value) = *(pblock->pb_conn->cin_addr); -+ (*(PRNetAddr *)value) = -+ *(pblock->pb_conn->cin_addr); - } -+ PR_Unlock( pblock->pb_conn->c_mutex ); - break; - case SLAPI_CONN_SERVERNETADDR: - if (pblock->pb_conn == NULL) --- -2.4.3 - diff --git a/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch b/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch deleted file mode 100644 index cb99e65..0000000 --- a/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch +++ /dev/null @@ -1,1510 +0,0 @@ -From ae9df61b523152e01051afa8c115c97fe59310b5 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Mon, 11 Jan 2016 15:53:28 -0800 -Subject: [PATCH 81/81] Ticket #48406 - Avoid self deadlock by - PR_Lock(conn->c_mutex) - -Description: Fixing ticket 48338 introduced a self deadlock. -To avoid the self deadlock, tried to remove PR_Lock(conn->c_mutex) -which looked harmless, but it introduced a crash by memory corruption. - -This patch replaces PR_Lock/Unlock with PR_EnterMonitor/ExitMonitor, -respectively. - -https://fedorahosted.org/389/ticket/48406 - -Reviewed by rmeggins@redhat.com, lkrispen@redhat.com, and wibrown@redhat.com. -Thank you, Rich, Ludwig and William! - -(cherry picked from commit f25f804a8bce83b3790e7045dfc03230d7ece1af) -(cherry picked from commit 84da7d05ddc5a963b0d025df08f38a6ccd7d90d2) ---- - ldap/servers/slapd/abandon.c | 4 +- - ldap/servers/slapd/bind.c | 4 +- - ldap/servers/slapd/connection.c | 64 +++++++++++----------- - ldap/servers/slapd/conntable.c | 19 +++---- - ldap/servers/slapd/daemon.c | 22 ++++---- - ldap/servers/slapd/extendop.c | 10 ++-- - ldap/servers/slapd/operation.c | 18 +++---- - ldap/servers/slapd/opshared.c | 18 +++---- - ldap/servers/slapd/pagedresults.c | 100 +++++++++++++++++------------------ - ldap/servers/slapd/pblock.c | 72 ++++++++++++------------- - ldap/servers/slapd/psearch.c | 10 ++-- - ldap/servers/slapd/saslbind.c | 26 ++++----- - ldap/servers/slapd/slap.h | 2 +- - ldap/servers/slapd/start_tls_extop.c | 10 ++-- - ldap/servers/slapd/unbind.c | 4 +- - 15 files changed, 192 insertions(+), 191 deletions(-) - -diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c -index 761b895..9a39f6a 100644 ---- a/ldap/servers/slapd/abandon.c -+++ b/ldap/servers/slapd/abandon.c -@@ -77,7 +77,7 @@ do_abandon( Slapi_PBlock *pb ) - * flag and abort the operation at a convenient time. - */ - -- PR_Lock( pb->pb_conn->c_mutex ); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - for ( o = pb->pb_conn->c_ops; o != NULL; o = o->o_next ) { - if ( o->o_msgid == id && o != pb->pb_op) - break; -@@ -138,7 +138,7 @@ do_abandon( Slapi_PBlock *pb ) - o->o_results.r.r_search.nentries, current_time() - o->o_time ); - } - -- PR_Unlock( pb->pb_conn->c_mutex ); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - /* - * Wake up the persistent searches, so they - * can notice if they've been abandoned. -diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c -index 474b508..f81edfb 100644 ---- a/ldap/servers/slapd/bind.c -+++ b/ldap/servers/slapd/bind.c -@@ -258,7 +258,7 @@ do_bind( Slapi_PBlock *pb ) - slapi_pblock_get (pb, SLAPI_PWPOLICY, &pw_response_requested); - } - -- PR_Lock( pb->pb_conn->c_mutex ); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - - bind_credentials_clear( pb->pb_conn, PR_FALSE, /* do not lock conn */ - PR_FALSE /* do not clear external creds. */ ); -@@ -291,7 +291,7 @@ do_bind( Slapi_PBlock *pb ) - * bound user can work properly - */ - pb->pb_conn->c_needpw = 0; -- PR_Unlock( pb->pb_conn->c_mutex ); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - - log_bind_access(pb, dn?dn:"empty", method, version, saslmech, NULL); - -diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c -index fc3b741..a3d123e 100644 ---- a/ldap/servers/slapd/connection.c -+++ b/ldap/servers/slapd/connection.c -@@ -147,7 +147,7 @@ connection_done(Connection *conn) - } - if (NULL != conn->c_mutex) - { -- PR_DestroyLock(conn->c_mutex); -+ PR_DestroyMonitor(conn->c_mutex); - } - if (NULL != conn->c_pdumutex) - { -@@ -738,10 +738,10 @@ int connection_is_free (Connection *conn) - { - int rc; - -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - rc = conn->c_sd == SLAPD_INVALID_SOCKET && conn->c_refcnt == 0 && - !(conn->c_flags & CONN_FLAG_CLOSING); -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - - return rc; - } -@@ -1128,7 +1128,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i - PRInt32 syserr = 0; - size_t buffer_data_avail; - -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - /* - * if the socket is still valid, get the ber element - * waiting for us on this connection. timeout is handled -@@ -1317,15 +1317,15 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i - } - op->o_tag = *tag; - done: -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - return ret; - } - - void connection_make_readable(Connection *conn) - { -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - conn->c_gettingber = 0; -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - signal_listner(); - } - -@@ -1347,7 +1347,7 @@ void connection_check_activity_level(Connection *conn) - { - int current_count = 0; - int delta_count = 0; -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - /* get the current op count */ - current_count = conn->c_opscompleted; - /* compare to the previous op count */ -@@ -1358,7 +1358,7 @@ void connection_check_activity_level(Connection *conn) - conn->c_private->previous_op_count = current_count; - /* update the last checked time */ - conn->c_private->previous_count_check_time = current_time(); -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " activity level = %d\n",conn->c_connid,delta_count,0); - } - -@@ -1402,7 +1402,7 @@ void connection_enter_leave_turbo(Connection *conn, int current_turbo_flag, int - int connection_count = 0; - int our_rank = 0; - int threshold_rank = 0; -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - /* We can already be in turbo mode, or not */ - current_mode = current_turbo_flag; - if (pagedresults_in_use_nolock(conn)) { -@@ -1458,7 +1458,7 @@ void connection_enter_leave_turbo(Connection *conn, int current_turbo_flag, int - } - } - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - if (current_mode != new_mode) { - if (current_mode) { - LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode\n",conn->c_connid,0,0); -@@ -1564,13 +1564,13 @@ connection_threadmain() - */ - PR_Sleep(PR_INTERVAL_NO_WAIT); - -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - /* Make our own pb in turbo mode */ - connection_make_new_pb(pb,conn); - if (connection_call_io_layer_callbacks(conn)) { - LDAPDebug0Args( LDAP_DEBUG_ANY, "Error: could not add/remove IO layers from connection\n" ); - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - if (! config_check_referral_mode()) { - slapi_counter_increment(ops_initiated); - slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsInOps); -@@ -1685,7 +1685,7 @@ connection_threadmain() - */ - } else if (!enable_nunc_stans) { /* more data in conn - just put back on work_q - bypass poll */ - bypasspollcnt++; -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - /* don't do this if it would put us over the max threads per conn */ - if (conn->c_threadnumber < maxthreads) { - /* for turbo, c_idlesince is set above - for !turbo and -@@ -1700,7 +1700,7 @@ connection_threadmain() - /* keep count of how many times maxthreads has blocked an operation */ - conn->c_maxthreadsblocked++; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - } - -@@ -1736,14 +1736,14 @@ connection_threadmain() - - done: - if (doshutdown) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - connection_remove_operation_ext(pb, conn, op); - connection_make_readable_nolock(conn); - conn->c_threadnumber--; - slapi_counter_decrement(conns_in_maxthreads); - slapi_counter_decrement(g_get_global_snmp_vars()->ops_tbl.dsConnectionsInMaxThreads); - connection_release_nolock(conn); -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - signal_listner(); - return; - } -@@ -1760,9 +1760,9 @@ done: - slapi_counter_increment(ops_completed); - /* If this op isn't a persistent search, remove it */ - if ( pb->pb_op->o_flags & OP_FLAG_PS ) { -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - connection_release_nolock (conn); /* psearch acquires ref to conn - release this one now */ -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - /* ps_add makes a shallow copy of the pb - so we - * can't free it or init it here - just memset it to 0 - * ps_send_results will call connection_remove_operation_ext to free it -@@ -1770,7 +1770,7 @@ done: - memset(pb, 0, sizeof(*pb)); - } else { - /* delete from connection operation queue & decr refcnt */ -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - connection_remove_operation_ext( pb, conn, op ); - - /* If we're in turbo mode, we keep our reference to the connection alive */ -@@ -1811,7 +1811,7 @@ done: - signal_listner(); - } - } -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - } - } /* while (1) */ - } -@@ -2071,16 +2071,16 @@ op_copy_identity(Connection *conn, Operation *op) - size_t dnlen; - size_t typelen; - -- PR_Lock( conn->c_mutex ); -- dnlen= conn->c_dn ? strlen (conn->c_dn) : 0; -- typelen= conn->c_authtype ? strlen (conn->c_authtype) : 0; -+ PR_EnterMonitor(conn->c_mutex); -+ dnlen= conn->c_dn ? strlen (conn->c_dn) : 0; -+ typelen= conn->c_authtype ? strlen (conn->c_authtype) : 0; - -- slapi_sdn_done(&op->o_sdn); -- slapi_ch_free_string(&(op->o_authtype)); -+ slapi_sdn_done(&op->o_sdn); -+ slapi_ch_free_string(&(op->o_authtype)); - if (dnlen <= 0 && typelen <= 0) { - op->o_authtype = NULL; - } else { -- slapi_sdn_set_dn_byval(&op->o_sdn,conn->c_dn); -+ slapi_sdn_set_dn_byval(&op->o_sdn,conn->c_dn); - op->o_authtype = slapi_ch_strdup(conn->c_authtype); - /* set the thread data bind dn index */ - slapi_td_set_dn(slapi_ch_strdup(conn->c_dn)); -@@ -2103,14 +2103,14 @@ op_copy_identity(Connection *conn, Operation *op) - op->o_ssf = conn->c_local_ssf; - } - -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - } - - /* Sets the SSL SSF in the connection struct. */ - static void - connection_set_ssl_ssf(Connection *conn) - { -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - - if (conn->c_flags & CONN_FLAG_SSL) { - SSL_SecurityStatus(conn->c_prfd, NULL, NULL, NULL, &(conn->c_ssl_ssf), NULL, NULL); -@@ -2118,7 +2118,7 @@ connection_set_ssl_ssf(Connection *conn) - conn->c_ssl_ssf = 0; - } - -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - } - - static int -@@ -2165,9 +2165,9 @@ log_ber_too_big_error(const Connection *conn, ber_len_t ber_len, - void - disconnect_server( Connection *conn, PRUint64 opconnid, int opid, PRErrorCode reason, PRInt32 error ) - { -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - disconnect_server_nomutex( conn, opconnid, opid, reason, error ); -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - } - - static ps_wakeup_all_fn_ptr ps_wakeup_all_fn = NULL; -diff --git a/ldap/servers/slapd/conntable.c b/ldap/servers/slapd/conntable.c -index d5b9058..37da9a5 100644 ---- a/ldap/servers/slapd/conntable.c -+++ b/ldap/servers/slapd/conntable.c -@@ -85,11 +85,11 @@ connection_table_abandon_all_operations(Connection_Table *ct) - int i; - for ( i = 0; i < ct->size; i++ ) - { -- if ( ct->c[i].c_mutex != NULL ) -+ if ( ct->c[i].c_mutex ) - { -- PR_Lock( ct->c[i].c_mutex ); -+ PR_EnterMonitor(ct->c[i].c_mutex); - connection_abandon_operations( &ct->c[i] ); -- PR_Unlock( ct->c[i].c_mutex ); -+ PR_ExitMonitor(ct->c[i].c_mutex); - } - } - } -@@ -139,7 +139,7 @@ connection_table_get_connection(Connection_Table *ct, int sd) - if ( c->c_mutex == NULL ) - { - PR_Lock( ct->table_mutex ); -- c->c_mutex = PR_NewLock(); -+ c->c_mutex = PR_NewMonitor(); - c->c_pdumutex = PR_NewLock(); - PR_Unlock( ct->table_mutex ); - if ( c->c_mutex == NULL || c->c_pdumutex == NULL ) -@@ -360,7 +360,7 @@ connection_table_as_entry(Connection_Table *ct, Slapi_Entry *e) - /* Can't take c_mutex if holding table_mutex; temporarily unlock */ - PR_Unlock( ct->table_mutex ); - -- PR_Lock( ct->c[i].c_mutex ); -+ PR_EnterMonitor(ct->c[i].c_mutex); - if ( ct->c[i].c_sd != SLAPD_INVALID_SOCKET ) - { - char buf2[20]; -@@ -420,7 +420,7 @@ connection_table_as_entry(Connection_Table *ct, Slapi_Entry *e) - attrlist_merge( &e->e_attrs, "connection", vals ); - slapi_ch_free_string(&newbuf); - } -- PR_Unlock( ct->c[i].c_mutex ); -+ PR_ExitMonitor(ct->c[i].c_mutex); - } - - PR_snprintf( buf, sizeof(buf), "%d", nconns ); -@@ -458,14 +458,15 @@ void - connection_table_dump_activity_to_errors_log(Connection_Table *ct) - { - int i; -+ - for ( i = 0; i < ct->size; i++ ) - { - Connection *c= &(ct->c[i]); -- if ( c->c_mutex != NULL ) -+ if ( c->c_mutex ) - { - /* Find the connection we are referring to */ - int j= c->c_fdi; -- PR_Lock( c->c_mutex ); -+ PR_EnterMonitor(c->c_mutex); - if ( (c->c_sd != SLAPD_INVALID_SOCKET) && - (j >= 0) && (c->c_prfd == ct->fd[j].fd) ) - { -@@ -475,7 +476,7 @@ connection_table_dump_activity_to_errors_log(Connection_Table *ct) - LDAPDebug( LDAP_DEBUG_CONNS,"activity on %d%s\n", i, r ? "r" : "",0 ); - } - } -- PR_Unlock( c->c_mutex ); -+ PR_ExitMonitor(c->c_mutex); - } - } - } -diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c -index 5d70647..355f0fc 100644 ---- a/ldap/servers/slapd/daemon.c -+++ b/ldap/servers/slapd/daemon.c -@@ -1612,7 +1612,7 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps - } - else - { -- PR_Lock( c->c_mutex ); -+ PR_EnterMonitor(c->c_mutex); - if (c->c_flags & CONN_FLAG_CLOSING) - { - /* A worker thread has marked that this connection -@@ -1661,7 +1661,7 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps - c->c_fdi = SLAPD_INVALID_SOCKET_INDEX; - } - } -- PR_Unlock( c->c_mutex ); -+ PR_ExitMonitor(c->c_mutex); - } - c = next; - } -@@ -1680,7 +1680,7 @@ handle_timeout( void ) - time_t curtime = current_time(); - - if (0 == prevtime) { -- prevtime = time (&housekeeping_fire_time); -+ prevtime = time (&housekeeping_fire_time); - } - - if ( difftime(curtime, prevtime) >= -@@ -1740,7 +1740,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll) - { - if ( c->c_mutex != NULL ) - { -- PR_Lock( c->c_mutex ); -+ PR_EnterMonitor(c->c_mutex); - if ( connection_is_active_nolock (c) && c->c_gettingber == 0 ) - { - PRInt16 out_flags; -@@ -1797,7 +1797,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll) - SLAPD_DISCONNECT_IDLE_TIMEOUT, EAGAIN ); - } - } -- PR_Unlock( c->c_mutex ); -+ PR_ExitMonitor(c->c_mutex); - } - } - } -@@ -1843,12 +1843,12 @@ ns_handle_closure(struct ns_job_t *job) - return; - } - #endif -- PR_Lock(c->c_mutex); -+ PR_EnterMonitor(c->c_mutex); - connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */ - PR_ASSERT(c->c_ns_close_jobs == 1); /* should be exactly 1 active close job - this one */ - c->c_ns_close_jobs--; /* this job is processing closure */ - do_yield = ns_handle_closure_nomutex(c); -- PR_Unlock(c->c_mutex); -+ PR_ExitMonitor(c->c_mutex); - ns_job_done(job); - if (do_yield) { - /* closure not done - another reference still outstanding */ -@@ -1939,7 +1939,7 @@ ns_handle_pr_read_ready(struct ns_job_t *job) - } - #endif - -- PR_Lock(c->c_mutex); -+ PR_EnterMonitor(c->c_mutex); - LDAPDebug2Args(LDAP_DEBUG_CONNS, "activity on conn %" NSPRIu64 " for fd=%d\n", - c->c_connid, c->c_sd); - /* if we were called due to some i/o event, see what the state of the socket is */ -@@ -1986,7 +1986,7 @@ ns_handle_pr_read_ready(struct ns_job_t *job) - LDAPDebug2Args(LDAP_DEBUG_CONNS, "queued conn %" NSPRIu64 " for fd=%d\n", - c->c_connid, c->c_sd); - } -- PR_Unlock(c->c_mutex); -+ PR_ExitMonitor(c->c_mutex); - ns_job_done(job); - return; - } -@@ -2493,7 +2493,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i - PR_Close(pr_acceptfd); - return -1; - } -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - - /* - * Set the default idletimeout and the handle. We'll update c_idletimeout -@@ -2592,7 +2592,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i - connection_table_move_connection_on_to_active_list(the_connection_table,conn); - } - -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - - g_increment_current_conn_count(); - -diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c -index 94036c6..8d0b8fb 100644 ---- a/ldap/servers/slapd/extendop.c -+++ b/ldap/servers/slapd/extendop.c -@@ -61,7 +61,7 @@ static void extop_handle_import_start(Slapi_PBlock *pb, char *extoid, - send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL); - return; - } -- suffix = slapi_sdn_get_dn(sdn); -+ suffix = slapi_sdn_get_dn(sdn); - /* be = slapi_be_select(sdn); */ - be = slapi_mapping_tree_find_backend_for_sdn(sdn); - if (be == NULL || be == defbackend_get_backend()) { -@@ -135,10 +135,10 @@ static void extop_handle_import_start(Slapi_PBlock *pb, char *extoid, - /* okay, the import is starting now -- save the backend in the - * connection block & mark this connection as belonging to a bulk import - */ -- PR_Lock(pb->pb_conn->c_mutex); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - pb->pb_conn->c_flags |= CONN_FLAG_IMPORT; - pb->pb_conn->c_bi_backend = be; -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - - slapi_pblock_set(pb, SLAPI_EXT_OP_RET_OID, EXTOP_BULK_IMPORT_START_OID); - bv.bv_val = NULL; -@@ -160,11 +160,11 @@ static void extop_handle_import_done(Slapi_PBlock *pb, char *extoid, - struct berval bv; - int ret; - -- PR_Lock(pb->pb_conn->c_mutex); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - pb->pb_conn->c_flags &= ~CONN_FLAG_IMPORT; - be = pb->pb_conn->c_bi_backend; - pb->pb_conn->c_bi_backend = NULL; -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - - if ((be == NULL) || (be->be_wire_import == NULL)) { - /* can this even happen? */ -diff --git a/ldap/servers/slapd/operation.c b/ldap/servers/slapd/operation.c -index 869298b..6c95552 100644 ---- a/ldap/servers/slapd/operation.c -+++ b/ldap/servers/slapd/operation.c -@@ -570,7 +570,7 @@ int slapi_connection_acquire(Slapi_Connection *conn) - { - int rc; - -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - /* rc = connection_acquire_nolock(conn); */ - /* connection in the closing state can't be acquired */ - if (conn->c_flags & CONN_FLAG_CLOSING) -@@ -586,7 +586,7 @@ int slapi_connection_acquire(Slapi_Connection *conn) - conn->c_refcnt++; - rc = 0; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - return(rc); - } - -@@ -596,7 +596,7 @@ slapi_connection_remove_operation( Slapi_PBlock *pb, Slapi_Connection *conn, Sla - int rc = 0; - Slapi_Operation **olist= &conn->c_ops; - Slapi_Operation **tmp; -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - /* connection_remove_operation_ext(pb, conn,op); */ - for ( tmp = olist; *tmp != NULL && *tmp != op; tmp = &(*tmp)->o_next ) - ; /* NULL */ -@@ -614,15 +614,15 @@ slapi_connection_remove_operation( Slapi_PBlock *pb, Slapi_Connection *conn, Sla - if (release) { - /* connection_release_nolock(conn); */ - if (conn->c_refcnt <= 0) { -- slapi_log_error(SLAPI_LOG_FATAL, "connection", -- "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not acquired\n", -- conn->c_connid, conn->c_sd); -- rc = -1; -+ slapi_log_error(SLAPI_LOG_FATAL, "connection", -+ "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not acquired\n", -+ conn->c_connid, conn->c_sd); -+ rc = -1; - } else { -- conn->c_refcnt--; -+ conn->c_refcnt--; - rc = 0; - } - } -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - return (rc); - } -diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c -index 5cafc3c..e76ca0f 100644 ---- a/ldap/servers/slapd/opshared.c -+++ b/ldap/servers/slapd/opshared.c -@@ -675,7 +675,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - * In async paged result case, the search result might be released - * by other theads. We need to double check it in the locked region. - */ -- PR_Lock(pb->pb_conn->c_mutex); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 1/*locked*/, pr_idx); - if (pr_search_result) { - if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 1/*locked*/, pr_idx)) { -@@ -683,7 +683,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - /* Previous operation was abandoned and the simplepaged object is not in use. */ - send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); - rc = LDAP_SUCCESS; -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - goto free_and_return; - } else { - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result ); -@@ -692,7 +692,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - /* search result could be reset in the backend/dse */ - slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); - pagedresults_set_search_result(pb->pb_conn, operation, sr, 1/*locked*/, pr_idx); -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - } - } else { - pr_stat = PAGEDRESULTS_SEARCH_END; -@@ -826,10 +826,10 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - /* PAGED RESULTS */ - if (op_is_pagedresults(operation)) { - /* cleanup the slot */ -- PR_Lock(pb->pb_conn->c_mutex); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx); - rc = pagedresults_set_current_be(pb->pb_conn, NULL, pr_idx, 1); -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - } - if (1 == flag_no_such_object) { - break; -@@ -871,11 +871,11 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); - if (PAGEDRESULTS_SEARCH_END == pr_stat) { - /* no more entries, but at least another backend */ -- PR_Lock(pb->pb_conn->c_mutex); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx); - be->be_search_results_release(&sr); - rc = pagedresults_set_current_be(pb->pb_conn, next_be, pr_idx, 1); -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - if (NULL == next_be) { - /* no more entries && no more backends */ - curr_search_count = -1; -@@ -900,9 +900,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result) - next_be = NULL; /* to break the loop */ - if (operation->o_status & SLAPI_OP_STATUS_ABANDONED) { - /* It turned out this search was abandoned. */ -- PR_Lock(pb->pb_conn->c_mutex); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - pagedresults_free_one_msgid_nolock( pb->pb_conn, operation->o_msgid); -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - /* paged-results-request was abandoned; making an empty cookie. */ - pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx); - send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL); -diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c -index 4458cfb..d394dab 100644 ---- a/ldap/servers/slapd/pagedresults.c -+++ b/ldap/servers/slapd/pagedresults.c -@@ -98,7 +98,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb, - return LDAP_UNWILLING_TO_PERFORM; - } - -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - /* the ber encoding is no longer needed */ - ber_free(ber, 1); - if ( cookie.bv_len <= 0 ) { -@@ -204,7 +204,7 @@ bail: - } - } - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_parse_control_value: idx %d\n", *index); -@@ -301,7 +301,7 @@ pagedresults_free_one( Connection *conn, Operation *op, int index ) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_free_one: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (conn->c_pagedresults.prl_count <= 0) { - LDAPDebug2Args(LDAP_DEBUG_TRACE, "pagedresults_free_one: " - "conn=%d paged requests list count is %d\n", -@@ -312,7 +312,7 @@ pagedresults_free_one( Connection *conn, Operation *op, int index ) - conn->c_pagedresults.prl_count--; - rc = 0; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - - LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc); -@@ -364,11 +364,11 @@ pagedresults_get_current_be(Connection *conn, int index) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_get_current_be: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - be = conn->c_pagedresults.prl_list[index].pr_current_be; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_get_current_be: %p\n", be); -@@ -382,12 +382,12 @@ pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_set_current_be: idx=%d\n", index); - if (conn && (index > -1)) { -- if (!nolock) PR_Lock(conn->c_mutex); -+ if (!nolock) PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - conn->c_pagedresults.prl_list[index].pr_current_be = be; - } - rc = 0; -- if (!nolock) PR_Unlock(conn->c_mutex); -+ if (!nolock) PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_set_current_be: %d\n", rc); -@@ -406,13 +406,13 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int - locked?"locked":"not locked", index); - if (conn && (index > -1)) { - if (!locked) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - } - if (index < conn->c_pagedresults.prl_maxlen) { - sr = conn->c_pagedresults.prl_list[index].pr_search_result_set; - } - if (!locked) { -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, -@@ -431,7 +431,7 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo - "--> pagedresults_set_search_result: idx=%d, sr=%p\n", - index, sr); - if (conn && (index > -1)) { -- if (!locked) PR_Lock(conn->c_mutex); -+ if (!locked) PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - PagedResults *prp = conn->c_pagedresults.prl_list + index; - if (!(prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) || !sr) { -@@ -440,7 +440,7 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo - } - rc = 0; - } -- if (!locked) PR_Unlock(conn->c_mutex); -+ if (!locked) PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_set_search_result: %d\n", rc); -@@ -457,11 +457,11 @@ pagedresults_get_search_result_count(Connection *conn, Operation *op, int index) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_get_search_result_count: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - count = conn->c_pagedresults.prl_list[index].pr_search_result_count; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_get_search_result_count: %d\n", count); -@@ -479,11 +479,11 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op, - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_set_search_result_count: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - conn->c_pagedresults.prl_list[index].pr_search_result_count = count; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - rc = 0; - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, -@@ -504,11 +504,11 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn, - "--> pagedresults_get_search_result_set_size_estimate: " - "idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - count = conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_get_search_result_set_size_estimate: %d\n", -@@ -529,11 +529,11 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn, - "--> pagedresults_set_search_result_set_size_estimate: " - "idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate = count; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - rc = 0; - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, -@@ -552,11 +552,11 @@ pagedresults_get_with_sort(Connection *conn, Operation *op, int index) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_get_with_sort: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - flags = conn->c_pagedresults.prl_list[index].pr_flags&CONN_FLAG_PAGEDRESULTS_WITH_SORT; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_get_with_sort: %p\n", flags); -@@ -574,14 +574,14 @@ pagedresults_set_with_sort(Connection *conn, Operation *op, - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_set_with_sort: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - if (flags & OP_FLAG_SERVER_SIDE_SORTING) { - conn->c_pagedresults.prl_list[index].pr_flags |= - CONN_FLAG_PAGEDRESULTS_WITH_SORT; - } - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - rc = 0; - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_set_with_sort: %d\n", rc); -@@ -598,11 +598,11 @@ pagedresults_get_unindexed(Connection *conn, Operation *op, int index) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_get_unindexed: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - flags = conn->c_pagedresults.prl_list[index].pr_flags&CONN_FLAG_PAGEDRESULTS_UNINDEXED; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_get_unindexed: %p\n", flags); -@@ -619,12 +619,12 @@ pagedresults_set_unindexed(Connection *conn, Operation *op, int index) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_set_unindexed: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - conn->c_pagedresults.prl_list[index].pr_flags |= - CONN_FLAG_PAGEDRESULTS_UNINDEXED; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - rc = 0; - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, -@@ -642,11 +642,11 @@ pagedresults_get_sort_result_code(Connection *conn, Operation *op, int index) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_get_sort_result_code: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - code = conn->c_pagedresults.prl_list[index].pr_sort_result_code; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_get_sort_result_code: %d\n", code); -@@ -664,11 +664,11 @@ pagedresults_set_sort_result_code(Connection *conn, Operation *op, - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_set_sort_result_code: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - conn->c_pagedresults.prl_list[index].pr_sort_result_code = code; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - rc = 0; - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, -@@ -687,11 +687,11 @@ pagedresults_set_timelimit(Connection *conn, Operation *op, - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_set_timelimit: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - conn->c_pagedresults.prl_list[index].pr_timelimit = timelimit; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - rc = 0; - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_set_timelimit: %d\n", rc); -@@ -749,7 +749,7 @@ pagedresults_cleanup(Connection *conn, int needlock) - } - - if (needlock) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - } - for (i = 0; conn->c_pagedresults.prl_list && - i < conn->c_pagedresults.prl_maxlen; i++) { -@@ -767,7 +767,7 @@ pagedresults_cleanup(Connection *conn, int needlock) - } - conn->c_pagedresults.prl_count = 0; - if (needlock) { -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_cleanup: %d\n", rc); - return rc; -@@ -794,7 +794,7 @@ pagedresults_cleanup_all(Connection *conn, int needlock) - } - - if (needlock) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - } - for (i = 0; conn->c_pagedresults.prl_list && - i < conn->c_pagedresults.prl_maxlen; i++) { -@@ -813,7 +813,7 @@ pagedresults_cleanup_all(Connection *conn, int needlock) - conn->c_pagedresults.prl_maxlen = 0; - conn->c_pagedresults.prl_count = 0; - if (needlock) { -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_cleanup_all: %d\n", rc); - return rc; -@@ -832,7 +832,7 @@ pagedresults_check_or_set_processing(Connection *conn, int index) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_check_or_set_processing\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - ret = (conn->c_pagedresults.prl_list[index].pr_flags & - CONN_FLAG_PAGEDRESULTS_PROCESSING); -@@ -840,7 +840,7 @@ pagedresults_check_or_set_processing(Connection *conn, int index) - conn->c_pagedresults.prl_list[index].pr_flags |= - CONN_FLAG_PAGEDRESULTS_PROCESSING; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_check_or_set_processing: %d\n", ret); -@@ -859,7 +859,7 @@ pagedresults_reset_processing(Connection *conn, int index) - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_reset_processing: idx=%d\n", index); - if (conn && (index > -1)) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - ret = (conn->c_pagedresults.prl_list[index].pr_flags & - CONN_FLAG_PAGEDRESULTS_PROCESSING); -@@ -867,7 +867,7 @@ pagedresults_reset_processing(Connection *conn, int index) - conn->c_pagedresults.prl_list[index].pr_flags &= - ~CONN_FLAG_PAGEDRESULTS_PROCESSING; - } -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_reset_processing: %d\n", ret); -@@ -981,9 +981,9 @@ pagedresults_lock( Connection *conn, int index ) - if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { - return; - } -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - prp = conn->c_pagedresults.prl_list + index; -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - if (prp->pr_mutex) { - PR_Lock(prp->pr_mutex); - } -@@ -997,9 +997,9 @@ pagedresults_unlock( Connection *conn, int index ) - if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) { - return; - } -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - prp = conn->c_pagedresults.prl_list + index; -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - if (prp->pr_mutex) { - PR_Unlock(prp->pr_mutex); - } -@@ -1014,11 +1014,11 @@ pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int inde - return 1; /* not abandoned, but do not want to proceed paged results op. */ - } - if (!locked) { -- PR_Lock(conn->c_mutex); -+ PR_EnterMonitor(conn->c_mutex); - } - prp = conn->c_pagedresults.prl_list + index; - if (!locked) { -- PR_Unlock(conn->c_mutex); -+ PR_ExitMonitor(conn->c_mutex); - } - return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED; - } -@@ -1042,12 +1042,12 @@ pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked) - LDAPDebug2Args(LDAP_DEBUG_TRACE, - "--> pagedresults_set_search_result_pb: idx=%d, sr=%p\n", index, sr); - if (conn && (index > -1)) { -- if (!locked) PR_Lock(conn->c_mutex); -+ if (!locked) PR_EnterMonitor(conn->c_mutex); - if (index < conn->c_pagedresults.prl_maxlen) { - conn->c_pagedresults.prl_list[index].pr_search_result_set = sr; - rc = 0; - } -- if (!locked) PR_Unlock(conn->c_mutex); -+ if (!locked) PR_ExitMonitor(conn->c_mutex); - } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "<-- pagedresults_set_search_result_pb: %d\n", rc); -diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c -index bf57a33..d373d99 100644 ---- a/ldap/servers/slapd/pblock.c -+++ b/ldap/servers/slapd/pblock.c -@@ -117,7 +117,7 @@ if ( PBLOCK ->pb_plugin->plg_type != TYPE) return( -1 ) - int - slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - { -- char *authtype; -+ char *authtype; - Slapi_Backend *be; - - PR_ASSERT( NULL != pblock ); -@@ -174,10 +174,10 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_DN \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - (*(char **)value) = (NULL == pblock->pb_conn->c_dn ? NULL : - slapi_ch_strdup( pblock->pb_conn->c_dn )); -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_AUTHTYPE:/* deprecated */ - if (pblock->pb_conn == NULL) { -@@ -185,9 +185,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_AUTHTYPE \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -- authtype = pblock->pb_conn->c_authtype; -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); -+ authtype = pblock->pb_conn->c_authtype; -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - if (authtype == NULL) { - (*(char **)value) = NULL; - } else if (strcasecmp(authtype, SLAPD_AUTH_NONE) == 0) { -@@ -212,10 +212,10 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_AUTHMETHOD \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - (*(char **)value) = pblock->pb_conn->c_authtype ? - slapi_ch_strdup(pblock->pb_conn->c_authtype) : NULL; -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_CLIENTNETADDR: - if (pblock->pb_conn == NULL) -@@ -223,14 +223,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - memset( value, 0, sizeof( PRNetAddr )); - break; - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - if ( pblock->pb_conn->cin_addr == NULL ) { - memset( value, 0, sizeof( PRNetAddr )); - } else { - (*(PRNetAddr *)value) = - *(pblock->pb_conn->cin_addr); - } -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_SERVERNETADDR: - if (pblock->pb_conn == NULL) -@@ -238,14 +238,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - memset( value, 0, sizeof( PRNetAddr )); - break; - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - if ( pblock->pb_conn->cin_destaddr == NULL ) { - memset( value, 0, sizeof( PRNetAddr )); - } else { - (*(PRNetAddr *)value) = - *(pblock->pb_conn->cin_destaddr); - } -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_CLIENTIP: - if (pblock->pb_conn == NULL) -@@ -253,7 +253,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - memset( value, 0, sizeof( struct in_addr )); - break; - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - if ( pblock->pb_conn->cin_addr == NULL ) { - memset( value, 0, sizeof( struct in_addr )); - } else { -@@ -268,7 +268,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - memset( value, 0, sizeof( struct in_addr )); - } - } -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_SERVERIP: - if (pblock->pb_conn == NULL) -@@ -276,7 +276,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - memset( value, 0, sizeof( struct in_addr )); - break; - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - if ( pblock->pb_conn->cin_destaddr == NULL ) { - memset( value, 0, sizeof( PRNetAddr )); - } else { -@@ -292,7 +292,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - } - - } -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_IS_REPLICATION_SESSION: - if (pblock->pb_conn == NULL) { -@@ -300,9 +300,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_IS_REPLICATION_SESSION \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - (*(int *)value) = pblock->pb_conn->c_isreplication_session; -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_IS_SSL_SESSION: - if (pblock->pb_conn == NULL) { -@@ -310,9 +310,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_IS_SSL_SESSION \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - (*(int *)value) = pblock->pb_conn->c_flags & CONN_FLAG_SSL; -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_SASL_SSF: - if (pblock->pb_conn == NULL) { -@@ -320,9 +320,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_SASL_SSF \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - (*(int *)value) = pblock->pb_conn->c_sasl_ssf; -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_SSL_SSF: - if (pblock->pb_conn == NULL) { -@@ -330,9 +330,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_SSL_SSF \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - (*(int *)value) = pblock->pb_conn->c_ssl_ssf; -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_LOCAL_SSF: - if (pblock->pb_conn == NULL) { -@@ -340,9 +340,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_LOCAL_SSF \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - (*(int *)value) = pblock->pb_conn->c_local_ssf; -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_CERT: - if (pblock->pb_conn == NULL) { -@@ -1953,7 +1953,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) - int - slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value ) - { -- char *authtype; -+ char *authtype; - - PR_ASSERT( NULL != pblock ); - -@@ -2020,10 +2020,10 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_AUTHMETHOD \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -- slapi_ch_free((void**)&pblock->pb_conn->c_authtype); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); -+ slapi_ch_free((void**)&pblock->pb_conn->c_authtype); - pblock->pb_conn->c_authtype = slapi_ch_strdup((char *) value); -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - case SLAPI_CONN_IS_REPLICATION_SESSION: - if (pblock->pb_conn == NULL) { -@@ -2031,9 +2031,9 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value ) - "Connection is NULL and hence cannot access SLAPI_CONN_IS_REPLICATION_SESSION \n", 0, 0, 0 ); - return (-1); - } -- PR_Lock( pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(pblock->pb_conn->c_mutex); - pblock->pb_conn->c_isreplication_session = *((int *) value); -- PR_Unlock( pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(pblock->pb_conn->c_mutex); - break; - - /* stuff related to config file processing */ -@@ -3571,7 +3571,7 @@ bind_credentials_clear( Connection *conn, PRBool lock_conn, - PRBool clear_externalcreds ) - { - if ( lock_conn ) { -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - } - - if ( conn->c_dn != NULL ) { /* a non-anonymous bind has occurred */ -@@ -3597,7 +3597,7 @@ bind_credentials_clear( Connection *conn, PRBool lock_conn, - } - - if ( lock_conn ) { -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - } - - } -@@ -3653,10 +3653,10 @@ void - bind_credentials_set( Connection *conn, char *authtype, char *normdn, - char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry ) - { -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - bind_credentials_set_nolock(conn, authtype, normdn, - extauthtype, externaldn, clientcert, bind_target_entry); -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - } - - void -diff --git a/ldap/servers/slapd/psearch.c b/ldap/servers/slapd/psearch.c -index c9d23cf..00f13be 100644 ---- a/ldap/servers/slapd/psearch.c -+++ b/ldap/servers/slapd/psearch.c -@@ -277,9 +277,9 @@ ps_send_results( void *arg ) - - /* need to acquire a reference to this connection so that it will not - be released or cleaned up out from under us */ -- PR_Lock( ps->ps_pblock->pb_conn->c_mutex ); -+ PR_EnterMonitor(ps->ps_pblock->pb_conn->c_mutex); - conn_acq_flag = connection_acquire_nolock(ps->ps_pblock->pb_conn); -- PR_Unlock( ps->ps_pblock->pb_conn->c_mutex ); -+ PR_ExitMonitor(ps->ps_pblock->pb_conn->c_mutex); - - if (conn_acq_flag) { - slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search", -@@ -397,7 +397,7 @@ ps_send_results( void *arg ) - - conn = ps->ps_pblock->pb_conn; /* save to release later - connection_remove_operation_ext will NULL the pb_conn */ - /* Clean up the connection structure */ -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - - slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search", - "conn=%" NSPRIu64 " op=%d Releasing the connection and operation\n", -@@ -407,9 +407,9 @@ ps_send_results( void *arg ) - - /* Decrement the connection refcnt */ - if (conn_acq_flag == 0) { /* we acquired it, so release it */ -- connection_release_nolock (conn); -+ connection_release_nolock (conn); - } -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - conn = NULL; - - PR_DestroyLock ( ps->ps_lock ); -diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c -index 1e3e94d..7259d78 100644 ---- a/ldap/servers/slapd/saslbind.c -+++ b/ldap/servers/slapd/saslbind.c -@@ -659,7 +659,7 @@ char **ids_sasl_listmech(Slapi_PBlock *pb) - if (sasl_conn == NULL) return ret; - - /* sasl library mechanisms are connection dependent */ -- PR_Lock(pb->pb_conn->c_mutex); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - if (sasl_listmech(sasl_conn, - NULL, /* username */ - "", ",", "", -@@ -672,7 +672,7 @@ char **ids_sasl_listmech(Slapi_PBlock *pb) - charray_free(others); - slapi_ch_free((void**)&dupstr); - } -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - - LDAPDebug( LDAP_DEBUG_TRACE, "<= ids_sasl_listmech\n", 0, 0, 0 ); - -@@ -755,13 +755,13 @@ void ids_sasl_check_bind(Slapi_PBlock *pb) - PR_ASSERT(pb); - PR_ASSERT(pb->pb_conn); - -- PR_Lock(pb->pb_conn->c_mutex); /* BIG LOCK */ -+ PR_EnterMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - continuing = pb->pb_conn->c_flags & CONN_FLAG_SASL_CONTINUE; - pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_CONTINUE; /* reset flag */ - - sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn; - if (sasl_conn == NULL) { -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL, - "sasl library unavailable", 0, NULL ); - return; -@@ -842,7 +842,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb) - if (sasl_conn == NULL) { - send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL, - "sasl library unavailable", 0, NULL ); -- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */ -+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - return; - } - } -@@ -858,7 +858,7 @@ sasl_check_result: - /* retrieve the authenticated username */ - if (sasl_getprop(sasl_conn, SASL_USERNAME, - (const void**)&username) != SASL_OK) { -- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */ -+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, - "could not obtain sasl username", 0, NULL); - break; -@@ -879,7 +879,7 @@ sasl_check_result: - } - } - if (dn == NULL) { -- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */ -+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, - "could not get auth dn from sasl", 0, NULL); - break; -@@ -920,7 +920,7 @@ sasl_check_result: - slapi_ch_strdup(normdn), - NULL, NULL, NULL, bind_target_entry); - -- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */ -+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - - if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){ - break; -@@ -995,9 +995,9 @@ sasl_check_result: - /* see if we negotiated a security layer */ - if (*ssfp > 0) { - /* Enable SASL I/O on the connection */ -- PR_Lock(pb->pb_conn->c_mutex); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - connection_set_io_layer_cb(pb->pb_conn, sasl_io_enable, NULL, NULL); -- PR_Unlock(pb->pb_conn->c_mutex); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - } - - /* send successful result */ -@@ -1010,7 +1010,7 @@ sasl_check_result: - - case SASL_CONTINUE: /* another step needed */ - pb->pb_conn->c_flags |= CONN_FLAG_SASL_CONTINUE; -- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */ -+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - - if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){ - break; -@@ -1032,7 +1032,7 @@ sasl_check_result: - - case SASL_NOMECH: - -- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */ -+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - send_ldap_result(pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL, - "sasl mechanism not supported", 0, NULL); - break; -@@ -1040,7 +1040,7 @@ sasl_check_result: - default: /* other error */ - errstr = sasl_errdetail(sasl_conn); - -- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */ -+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */ - send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, - (char*)errstr, 0, NULL); - break; -diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h -index 823568d..2641f76 100644 ---- a/ldap/servers/slapd/slap.h -+++ b/ldap/servers/slapd/slap.h -@@ -1411,7 +1411,7 @@ typedef struct conn { - PRInt32 c_opscompleted; /* # ops completed */ - PRInt32 c_threadnumber; /* # threads used in this conn */ - int c_refcnt; /* # ops refering to this conn */ -- PRLock *c_mutex; /* protect each conn structure */ -+ PRMonitor *c_mutex; /* protect each conn structure; need to be re-entrant */ - PRLock *c_pdumutex; /* only write one pdu at a time */ - time_t c_idlesince; /* last time of activity on conn */ - int c_idletimeout; /* local copy of idletimeout */ -diff --git a/ldap/servers/slapd/start_tls_extop.c b/ldap/servers/slapd/start_tls_extop.c -index 69b8607..af8d8f7 100644 ---- a/ldap/servers/slapd/start_tls_extop.c -+++ b/ldap/servers/slapd/start_tls_extop.c -@@ -172,7 +172,7 @@ start_tls( Slapi_PBlock *pb ) - /* At least we know that the request was indeed an Start TLS one. */ - - conn = pb->pb_conn; -- PR_Lock( conn->c_mutex ); -+ PR_EnterMonitor(conn->c_mutex); - /* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */ - if ( conn->c_prfd == (PRFileDesc *) NULL ) { - slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", -@@ -246,10 +246,10 @@ start_tls( Slapi_PBlock *pb ) - * we send a success response back to the client. */ - ldapmsg = "Start TLS request accepted.Server willing to negotiate SSL."; - unlock_and_return: -- PR_Unlock( conn->c_mutex ); -+ PR_ExitMonitor(conn->c_mutex); - slapi_send_ldap_result( pb, ldaprc, NULL, ldapmsg, 0, NULL ); - -- return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT ); -+ return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT ); - - }/* start_tls */ - -@@ -312,7 +312,7 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator ) - */ - } - -- PR_Lock( c->c_mutex ); -+ PR_EnterMonitor(c->c_mutex); - - /* "Unimport" the socket from SSL, i.e. get rid of the upper layer of the - * file descriptor stack, which represents SSL. -@@ -342,7 +342,7 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator ) - - bind_credentials_clear( c, PR_FALSE, PR_TRUE ); - -- PR_Unlock( c->c_mutex ); -+ PR_ExitMonitor(c->c_mutex); - - return ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT ); - } -diff --git a/ldap/servers/slapd/unbind.c b/ldap/servers/slapd/unbind.c -index 9b6a70f..c0dec9d 100644 ---- a/ldap/servers/slapd/unbind.c -+++ b/ldap/servers/slapd/unbind.c -@@ -73,9 +73,9 @@ do_unbind( Slapi_PBlock *pb ) - } - - /* target spec is used to decide which plugins are applicable for the operation */ -- PR_Lock( pb->pb_conn->c_mutex ); -+ PR_EnterMonitor(pb->pb_conn->c_mutex); - operation_set_target_spec_str (operation, pb->pb_conn->c_dn); -- PR_Unlock( pb->pb_conn->c_mutex ); -+ PR_ExitMonitor(pb->pb_conn->c_mutex); - - /* ONREPL - plugins should be called and passed bind dn and, possibly, other data */ - --- -2.4.3 - diff --git a/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch b/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch deleted file mode 100644 index 212d4ce..0000000 --- a/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch +++ /dev/null @@ -1,173 +0,0 @@ -From da9f4a9942f7a41ce8d07c7a73f67a0799424266 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Fri, 15 Jan 2016 11:35:16 -0500 -Subject: [PATCH] Ticket 48412 - worker threads do not detect abnormally closed - connections - -Bug Description: If a connection is abnormally closed there can still be - data in the connection buffer(bytes vs offset). This prevents - the connection from being removed from the connection table. - The worker thread then goes into a loop trying to read this data - on an already closed connection. If there are enough abnormally - closed conenction eventually all the worker threads are stuck, - and new connections are not accepted. - -Fix Description: When looking if there is more data in the buffer check if the - connection was closed, and return 0 (no more data). - - Also did a little code cleanup. - -https://fedorahosted.org/389/ticket/48412 - -Reviewed by: rmeggins(Thanks!) - -(cherry picked from commit 30c4852a3d9ca527b78c0f89df5909bc9a268392) -(cherry picked from commit cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2) ---- - ldap/servers/slapd/connection.c | 46 ++++++++++++++++++++++++++++------------- - 1 file changed, 32 insertions(+), 14 deletions(-) - -diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c -index a3d123e..3e435a7 100644 ---- a/ldap/servers/slapd/connection.c -+++ b/ldap/servers/slapd/connection.c -@@ -1102,9 +1102,16 @@ connection_read_ldap_data(Connection *conn, PRInt32 *err) - } - - static size_t --conn_buffered_data_avail_nolock(Connection *conn) -+conn_buffered_data_avail_nolock(Connection *conn, int *conn_closed) - { -- return conn->c_private->c_buffer_bytes - conn->c_private->c_buffer_offset; -+ if ( (conn->c_sd == SLAPD_INVALID_SOCKET) || (conn->c_flags & CONN_FLAG_CLOSING) ) { -+ /* connection is closed - ignore the buffer */ -+ *conn_closed = 1; -+ return 0; -+ } else { -+ *conn_closed = 0; -+ return conn->c_private->c_buffer_bytes - conn->c_private->c_buffer_offset; -+ } - } - - /* Upon returning from this function, we have either: -@@ -1127,6 +1134,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i - PRErrorCode err = 0; - PRInt32 syserr = 0; - size_t buffer_data_avail; -+ int conn_closed = 0; - - PR_EnterMonitor(conn->c_mutex); - /* -@@ -1142,7 +1150,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i - - *tag = LBER_DEFAULT; - /* First check to see if we have buffered data from "before" */ -- if ((buffer_data_avail = conn_buffered_data_avail_nolock(conn))) { -+ if ((buffer_data_avail = conn_buffered_data_avail_nolock(conn, &conn_closed))) { - /* If so, use that data first */ - if ( 0 != get_next_from_buffer( buffer - + conn->c_private->c_buffer_offset, -@@ -1157,7 +1165,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i - while (*tag == LBER_DEFAULT) { - int ioblocktimeout_waits = config_get_ioblocktimeout() / CONN_TURBO_TIMEOUT_INTERVAL; - /* We should never get here with data remaining in the buffer */ -- PR_ASSERT( !new_operation || 0 == conn_buffered_data_avail_nolock(conn) ); -+ PR_ASSERT( !new_operation || !conn_buffered_data_avail_nolock(conn, &conn_closed)); - /* We make a non-blocking read call */ - if (CONNECTION_BUFFER_OFF != conn->c_private->use_buffer) { - ret = connection_read_ldap_data(conn,&err); -@@ -1269,8 +1277,12 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i - } - } - /* If there is remaining buffered data, set the flag to tell the caller */ -- if (conn_buffered_data_avail_nolock(conn)) { -+ if (conn_buffered_data_avail_nolock(conn, &conn_closed)) { - *remaining_data = 1; -+ } else if (conn_closed){ -+ /* connection closed */ -+ ret = CONN_DONE; -+ goto done; - } - - if ( *tag != LDAP_TAG_MESSAGE ) { -@@ -1521,7 +1533,7 @@ connection_threadmain() - continue; - case CONN_SHUTDOWN: - LDAPDebug( LDAP_DEBUG_TRACE, -- "op_thread received shutdown signal\n", 0, 0, 0 ); -+ "op_thread received shutdown signal\n", 0, 0, 0 ); - g_decr_active_threadcnt(); - return; - case CONN_FOUND_WORK_TO_DO: -@@ -1542,8 +1554,9 @@ connection_threadmain() - Slapi_DN *anon_sdn = slapi_sdn_new_normdn_byref( anon_dn ); - reslimit_update_from_dn( pb->pb_conn, anon_sdn ); - slapi_sdn_free( &anon_sdn ); -- if (slapi_reslimit_get_integer_limit(pb->pb_conn, pb->pb_conn->c_idletimeout_handle, -- &idletimeout) -+ if (slapi_reslimit_get_integer_limit(pb->pb_conn, -+ pb->pb_conn->c_idletimeout_handle, -+ &idletimeout) - == SLAPI_RESLIMIT_STATUS_SUCCESS) - { - pb->pb_conn->c_idletimeout = idletimeout; -@@ -1581,7 +1594,7 @@ connection_threadmain() - op = pb->pb_op; - maxthreads = config_get_maxthreadsperconn(); - more_data = 0; -- ret = connection_read_operation(conn,op,&tag,&more_data); -+ ret = connection_read_operation(conn, op, &tag, &more_data); - if ((ret == CONN_DONE) || (ret == CONN_TIMEDOUT)) { - slapi_log_error(SLAPI_LOG_CONNS, "connection_threadmain", - "conn %" NSPRIu64 " read not ready due to %d - thread_turbo_flag %d more_data %d " -@@ -1614,7 +1627,8 @@ connection_threadmain() - /* turn off turbo mode immediately if any pb waiting in global queue */ - if (thread_turbo_flag && !WORK_Q_EMPTY) { - thread_turbo_flag = 0; -- LDAPDebug2Args(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode - pb_q is not empty %d\n",conn->c_connid,work_q_size); -+ LDAPDebug2Args(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode - pb_q is not empty %d\n", -+ conn->c_connid,work_q_size); - } - #endif - -@@ -1639,7 +1653,8 @@ connection_threadmain() - * should call connection_make_readable after the op is removed - * connection_make_readable(conn); - */ -- LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode due to %d\n",conn->c_connid,ret,0); -+ LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode due to %d\n", -+ conn->c_connid,ret,0); - goto done; - case CONN_SHUTDOWN: - LDAPDebug( LDAP_DEBUG_TRACE, -@@ -1695,7 +1710,8 @@ connection_threadmain() - */ - conn->c_idlesince = curtime; - connection_activity(conn, maxthreads); -- LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " queued because more_data\n",conn->c_connid,0,0); -+ LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " queued because more_data\n", -+ conn->c_connid,0,0); - } else { - /* keep count of how many times maxthreads has blocked an operation */ - conn->c_maxthreadsblocked++; -@@ -1770,13 +1786,15 @@ done: - memset(pb, 0, sizeof(*pb)); - } else { - /* delete from connection operation queue & decr refcnt */ -+ int conn_closed = 0; - PR_EnterMonitor(conn->c_mutex); - connection_remove_operation_ext( pb, conn, op ); - - /* If we're in turbo mode, we keep our reference to the connection alive */ - /* can't use the more_data var because connection could have changed in another thread */ -- more_data = conn_buffered_data_avail_nolock(conn) ? 1 : 0; -- LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " check more_data %d thread_turbo_flag %d\n",conn->c_connid,more_data,thread_turbo_flag); -+ more_data = conn_buffered_data_avail_nolock(conn, &conn_closed) ? 1 : 0; -+ LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " check more_data %d thread_turbo_flag %d\n", -+ conn->c_connid,more_data,thread_turbo_flag); - if (!more_data) { - if (!thread_turbo_flag) { - /* --- -2.4.3 - diff --git a/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch b/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch deleted file mode 100644 index eb0047e..0000000 --- a/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 666fdac51b94450391e8fec8d16db34db09502ae Mon Sep 17 00:00:00 2001 -From: Ludwig Krispenz -Date: Wed, 13 Jan 2016 13:15:53 +0100 -Subject: [PATCH] Ticket: 48341 - deadlock on connection mutex - -If thread is blocked in connection_read_operation() it holds the connection mutex -and the main thread iterating through the connection table is also blocked. - -But if the main thread would get the mutex it would just detect that the connection has still the -C_gettingber flag set and immediately release the lock. - -The check if c_gettingber == 0 can be done without holding the mutex and so the deadlock -can be avoided - -Reviewed by Rich, Thanks - -(cherry picked from commit a1635fc45f681ed9066f6beed9be7e1672490f9f) ---- - ldap/servers/slapd/daemon.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c -index 355f0fc..d25c44d 100644 ---- a/ldap/servers/slapd/daemon.c -+++ b/ldap/servers/slapd/daemon.c -@@ -1740,6 +1740,9 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll) - { - if ( c->c_mutex != NULL ) - { -+ /* this check can be done without acquiring the mutex */ -+ if (c->c_gettingber) continue; -+ - PR_EnterMonitor(c->c_mutex); - if ( connection_is_active_nolock (c) && c->c_gettingber == 0 ) - { --- -2.4.3 - diff --git a/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch b/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch deleted file mode 100644 index 5cfe33f..0000000 --- a/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch +++ /dev/null @@ -1,72 +0,0 @@ -From c92cbe6a93a7933abc59b2fe4bf96a32aff2c6d8 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 9 Feb 2016 16:12:07 -0800 -Subject: [PATCH 84/86] Ticket #48536 - Crash in slapi_get_object_extension - -Description: The crashed was caused by the combination of psearch and -updating one of these group values: groupOfNames, groupOfUniqueNames, -groupOfCertificates, groupOfURL. - -In the psearch, it creates aclpb in the acl plug-in and sets the original -pblock address in the aclpb. Then, psearch creates a copy of the pblock and -sets it in the psearch structure. Now, the pblock address in aclpb and the -pblock address in the psearch structure do not match. The original pblock -itself is freed and the pblock area which address is stored in aclpb is not -guaranteed what is in it. - -If nothing occurs, the freed pblock in aclpb is not accessed. But once one -of the group values is updated, the acl plug-in signature is updated and it -triggers to get aclpb from the pblock. - -The acl_get_aclpb call accesses the freed pblock (e.g., NULL op) and it -crashes the server. - -This patch checks the current pblock address and the pblock address in aclpb. -If they don't match, the address in aclpb is reassigned to the current pblock -address. - -https://fedorahosted.org/389/ticket/48536 - -Reviewed by mreynolds@redhat.com (Thank you, Mark!!) - -(cherry picked from commit 091a5f5daf3fa378f029e293c5358ae9be9f548e) -(cherry picked from commit 8a83a93977f13db36e42798a5eed041c1b3868a9) ---- - ldap/servers/plugins/acl/acl.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c -index 678a999..d56bed6 100644 ---- a/ldap/servers/plugins/acl/acl.c -+++ b/ldap/servers/plugins/acl/acl.c -@@ -317,6 +317,13 @@ acl_access_allowed( - goto cleanup_and_ret; - } - -+ if (pb != aclpb->aclpb_pblock) { -+ slapi_log_error(SLAPI_LOG_FATAL, plugin_name, -+ "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n", -+ aclpb->aclpb_pblock, pb); -+ aclpb->aclpb_pblock = pb; -+ } -+ - if ( !aclpb->aclpb_curr_entry_sdn ) { - slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, "NULL aclpb_curr_entry_sdn \n" ); - ret_val = LDAP_OPERATIONS_ERROR; -@@ -932,6 +939,13 @@ acl_read_access_allowed_on_entry ( - tnf_string,end,"aclpb error"); - return LDAP_OPERATIONS_ERROR; - } -+ -+ if (pb != aclpb->aclpb_pblock) { -+ slapi_log_error(SLAPI_LOG_ACL, plugin_name, -+ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n", -+ aclpb->aclpb_pblock, pb); -+ aclpb->aclpb_pblock = pb; -+ } - - /* - * Am I a anonymous dude ? then we can use our anonympous profile --- -2.4.3 - diff --git a/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch b/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch deleted file mode 100644 index 899493b..0000000 --- a/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch +++ /dev/null @@ -1,42 +0,0 @@ -From ac782ed2990d5d8149c6796aa9aaf03044ad1446 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 10 Feb 2016 13:45:50 -0800 -Subject: [PATCH 85/86] Ticket #48536 - Crash in slapi_get_object_extension - -Description: commit 091a5f5daf3fa378f029e293c5358ae9be9f548e introduced -a compier warning: format '%x' expects argument of type 'unsigned int', -but argument 4 has type 'Slapi_PBlock * {aka struct slapi_pblock *} - -Replacing '%x' with '%p'. - -(cherry picked from commit b31749f2a0bed838712719b2e6533bed0a4144e0) -(cherry picked from commit 7fb593fe56dbbce06f707bd9807bf14748273ea2) ---- - ldap/servers/plugins/acl/acl.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c -index d56bed6..7b7fea1 100644 ---- a/ldap/servers/plugins/acl/acl.c -+++ b/ldap/servers/plugins/acl/acl.c -@@ -319,7 +319,7 @@ acl_access_allowed( - - if (pb != aclpb->aclpb_pblock) { - slapi_log_error(SLAPI_LOG_FATAL, plugin_name, -- "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n", -+ "acl_access_allowed: Resetting aclpb_pblock %p to pblock addr %p\n", - aclpb->aclpb_pblock, pb); - aclpb->aclpb_pblock = pb; - } -@@ -942,7 +942,7 @@ acl_read_access_allowed_on_entry ( - - if (pb != aclpb->aclpb_pblock) { - slapi_log_error(SLAPI_LOG_ACL, plugin_name, -- "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n", -+ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock %p to pblock addr %p\n", - aclpb->aclpb_pblock, pb); - aclpb->aclpb_pblock = pb; - } --- -2.4.3 - diff --git a/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch b/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch deleted file mode 100644 index a38c3c5..0000000 --- a/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 9e58aecdd4265759a1c9aac2817da858849f08a1 Mon Sep 17 00:00:00 2001 -From: Thierry Bordaz -Date: Wed, 10 Feb 2016 15:17:02 +0100 -Subject: [PATCH 86/86] Ticket 48445: keep alive entries can break replication - -Bug Description: - On the consumer side, at the end of a total update the replica is enabled and the changelog recreated. - When the replica is enabled the keep alive entry (for that replica) is created . - There is a race condition (that look quite systematic in our tests) if the creation of the entry is added to the changelog - before the changelog is recreated. - In that case the ADD is erased from the CL and will never be replicated. - - The keep alive entry is created (if it does not already exist) : - - during a total update (as supplier) - - when the keep alive is updated - - when the replica is enabled - -Fix Description: - It is not strictly necessary to create the keep alive when the replica is enabled. - So we can skip the creation during that step. - -https://fedorahosted.org/389/ticket/48445 - -Reviewed by: Mark Reynolds (thank you Mark) - -Platforms tested: F23 - -Flag Day: no - -Doc impact: no - -(cherry picked from commit 71a891f0dcfd1aafeb3913279d42e33ed2355312) -(cherry picked from commit 02af085c2a9c23536c8d276ee35794ec6efc81f5) ---- - ldap/servers/plugins/replication/repl5_replica.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c -index 8b53f3c..31c5f0f 100644 ---- a/ldap/servers/plugins/replication/repl5_replica.c -+++ b/ldap/servers/plugins/replication/repl5_replica.c -@@ -3972,7 +3972,6 @@ replica_enable_replication (Replica *r) - /* What to do ? */ - } - -- replica_subentry_check(r->repl_root, replica_get_rid(r)); - /* Replica came back online, Check if the total update was terminated. - If flag is still set, it was not terminated, therefore the data is - very likely to be incorrect, and we should not restart Replication threads... --- -2.4.3 - diff --git a/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch b/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch deleted file mode 100644 index be909d2..0000000 --- a/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 202bac76ade2dcff8318f545fbccdecaec3bdde8 Mon Sep 17 00:00:00 2001 -From: Thierry Bordaz -Date: Tue, 1 Mar 2016 11:14:54 +0100 -Subject: [PATCH] Ticket 48420: change severity of some messages related to - "keep alive" entries - -Bug Description: - "keep alive" entries are used to prevent fractional replication - to evaluate several times the same skipped updates. (see https://fedorahosted.org/389/ticket/48266) - - This entry is created on the fly when two many evaluated - updates have been skipped. This is a quite common situation - and the creation of such entry is not a FATAL error - -Fix Description: - Change the log level to replication level - -https://fedorahosted.org/389/ticket/48420 - -Reviewed by: Ludwig Krispenz (thanks Ludwig) - -Platforms tested: F17 - -Flag Day: no - -Doc impact: no - -(cherry picked from commit 6788445974404398bc02da8fa105b06514e8a450) -(cherry picked from commit 17bb0688b9249693da0bda239fb7c3b35aa8e1c9) ---- - ldap/servers/plugins/replication/repl5_replica.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c -index 31c5f0f..c7cf25f 100644 ---- a/ldap/servers/plugins/replication/repl5_replica.c -+++ b/ldap/servers/plugins/replication/repl5_replica.c -@@ -492,7 +492,7 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid) - "Need to create replication keep alive entry \n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root)); - rc = replica_subentry_create(repl_root, rid); - } else { -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "replication keep alive entry already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root)); - rc = 0; - } --- -2.4.3 - diff --git a/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch b/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch deleted file mode 100644 index 933cadf..0000000 --- a/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 3bc24e232913684830edb2e029d1695f3470308e Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 8 Mar 2016 14:52:37 -0800 -Subject: [PATCH] Ticket #48757 - License tag does not match actual license of - code - -Fix Description: License tag in the spec file was updated to match the -actual license of code. - -(cherry picked from commit 415d8553eddfe9b19fd9b8d8be9b934bf75a5765) -(cherry picked from commit c9bd68813c658e1caeaba9ee2c2aef62f0cc6dd6) ---- - rpm/389-ds-base.spec.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in -index b7556e1..8bbd979 100644 ---- a/rpm/389-ds-base.spec.in -+++ b/rpm/389-ds-base.spec.in -@@ -33,7 +33,7 @@ Name: 389-ds-base - Version: __VERSION__ - #Release: %{?relprefix}1%{?prerel}%{?dist} - Release: __RELEASE__%{?dist} --License: GPLv2 with exceptions -+License: GPLv3+ - URL: http://port389.org/ - Group: System Environment/Daemons - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) --- -2.4.3 - diff --git a/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch b/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch deleted file mode 100644 index 8e36a84..0000000 --- a/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch +++ /dev/null @@ -1,160 +0,0 @@ -From e40a6ef764f13b6efcf573a6181b6747bb029b90 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Thu, 24 Mar 2016 09:46:11 -0400 -Subject: [PATCH] Ticket 47888 - DES to AES password conversion fails if a - backend is empty - -Bug Description: The process of converting DES passwords to AES can incorrectly - disable the DES plugin if an error is encountered. In this case - it was because a backend was defined but was missing the top entry - which lead to an error 32 when searching for DES passwords. This - causes the existing DES passwords to fail to decode. - -Fix Description: There are two issues here. One, we should ignore errors when - searching all the backends for passwords. Two, we should only - disable the DES plugin if all the DES passwords were successfully - converted. - -https://fedorahosted.org/389/ticket/48777 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 6b7f980e80af3803bc395e50bd4228ded9bceb00) -(cherry picked from commit c6eaf691c6ff3330dc1a3dcbf4dcc31af52c2919) ---- - ldap/servers/slapd/daemon.c | 53 ++++++++++++++++++++++----------------------- - 1 file changed, 26 insertions(+), 27 deletions(-) - -diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c -index d25c44d..d702129 100644 ---- a/ldap/servers/slapd/daemon.c -+++ b/ldap/servers/slapd/daemon.c -@@ -694,7 +694,8 @@ convert_pbe_des_to_aes() - char **attrs = NULL; - char **backends = NULL; - char *val = NULL; -- int converted_des = 0; -+ int converted_des_passwd = 0; -+ int disable_des = 1; - int result = -1; - int have_aes = 0; - int have_des = 0; -@@ -739,7 +740,7 @@ convert_pbe_des_to_aes() - char *cookie = NULL; - - LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes: " -- "Converting DES passwords to AES...\n",0,0,0); -+ "Checking for DES passwords to convert to AES...\n",0,0,0); - - be = slapi_get_first_backend(&cookie); - while (be){ -@@ -777,10 +778,13 @@ convert_pbe_des_to_aes() - slapi_search_internal_pb(pb); - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result); - if (LDAP_SUCCESS != result) { -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "failed to search for password on (%s) error (%d)\n", -- backends[be_idx], result, 0); -- goto done; -+ slapi_log_error(SLAPI_LOG_TRACE, "convert_pbe_des_to_aes: ", -+ "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n", -+ attrs[i], result, backends[be_idx]); -+ slapi_free_search_results_internal(pb); -+ slapi_pblock_destroy(pb); -+ pb = NULL; -+ continue; - } - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); - for (ii = 0; entries && entries[ii]; ii++){ -@@ -799,9 +803,9 @@ convert_pbe_des_to_aes() - /* decode the DES password */ - if(pw_rever_decode(val, &passwd, attrs[i]) == -1){ - LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "failed to decode existing DES password for (%s)\n", -+ "Failed to decode existing DES password for (%s)\n", - slapi_entry_get_dn(entries[ii]), 0, 0); -- converted_des = 0; -+ disable_des = 0; - goto done; - } - -@@ -813,7 +817,7 @@ convert_pbe_des_to_aes() - slapi_entry_get_dn(entries[ii]), 0, 0); - slapi_ch_free_string(&passwd); - slapi_value_free(&sval); -- converted_des = 0; -+ disable_des = 0; - goto done; - } - -@@ -834,22 +838,18 @@ convert_pbe_des_to_aes() - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result); - if (LDAP_SUCCESS != result) { - LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "failed to convert password for (%s) error (%d)\n", -+ "Failed to convert password for (%s) error (%d)\n", - slapi_entry_get_dn(entries[ii]), result, 0); -- converted_des = -1; -+ disable_des = 0; - } else { - LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "successfully converted password for (%s)\n", -+ "Successfully converted password for (%s)\n", - slapi_entry_get_dn(entries[ii]), result, 0); -- converted_des = 1; -- -+ converted_des_passwd = 1; - } - slapi_ch_free_string(&passwd); - slapi_value_free(&sval); - slapi_pblock_destroy(mod_pb); -- if(result){ -- goto done; -- } - } - slapi_ch_free_string(&val); - } -@@ -860,6 +860,10 @@ convert_pbe_des_to_aes() - } - slapi_ch_free_string(&filter); - } -+ if (!converted_des_passwd){ -+ slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes", -+ "No DES passwords found to convert.\n"); -+ } - } - - done: -@@ -870,9 +874,9 @@ done: - - if (have_aes && have_des){ - /* -- * If a conversion attempt did not fail, disable DES plugin -+ * If a conversion attempt did not fail then we can disable the DES plugin - */ -- if(converted_des != -1){ -+ if(converted_des_passwd && disable_des){ - /* - * Disable the DES plugin - this also prevents potentially expensive - * searches at every server startup. -@@ -905,14 +909,9 @@ done: - des_dn, 0, 0); - } - slapi_pblock_destroy(pb); -- } -- if(converted_des == 1){ -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "Finished - all DES passwords have been converted to AES.\n", -- 0, 0, 0); -- } else if (converted_des == 0){ -- LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes: " -- "Finished - no DES passwords to convert.\n",0,0,0); -+ LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -+ "All DES passwords have been converted to AES.\n", -+ 0, 0, 0); - } - } - } --- -2.4.3 - diff --git a/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch b/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch deleted file mode 100644 index 3ed408d..0000000 --- a/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch +++ /dev/null @@ -1,103 +0,0 @@ -From ce824731f4839f7812109b8c04ce704a56eeca4b Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Wed, 10 Feb 2016 11:36:32 -0800 -Subject: [PATCH 90/93] Ticket #48492 - heap corruption at schema replication. - -Description: 389-ds-base-1.3.2 and newer uses openldap schema parser, -which is more strict with the definition. For instance, the older -389-ds-base could have a schema such as SINTAX OID in single quotes, -which is not acceptable on the newer version. There was a bug to -handle the error case that caused a crash. - -This patch adds -1) the null reference check to attr_syntax_free (attrsyntax.c), -2) a null init to the output arg in parse_at_str and parse_oc_str - (schema.c) and -3) an error logging to schema_berval_to_atlist & schema_berval_to_oclist - (schema.c) for troubleshooting. - -https://fedorahosted.org/389/ticket/48492 - -Reviewed by wibrown@redhat.com and mreynolds@redhat.com (Thank you, William and Mark!) - -(cherry picked from commit b5bfa2a0386e168ce2196a077169382ae53a94b4) -(cherry picked from commit 9bd53c297683e691fef174bf1aed6842f475fb9f) ---- - ldap/servers/slapd/attrsyntax.c | 3 +++ - ldap/servers/slapd/schema.c | 16 +++++++++++++++- - 2 files changed, 18 insertions(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c -index 4cdcf86..8b2a77a 100644 ---- a/ldap/servers/slapd/attrsyntax.c -+++ b/ldap/servers/slapd/attrsyntax.c -@@ -189,6 +189,9 @@ attr_syntax_check_oids() - void - attr_syntax_free( struct asyntaxinfo *a ) - { -+ if (!a) { -+ return; -+ } - cool_charray_free( a->asi_aliases ); - slapi_ch_free_string(&a->asi_name ); - slapi_ch_free_string(&a->asi_desc ); -diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c -index 65cbad5..dd56599 100644 ---- a/ldap/servers/slapd/schema.c -+++ b/ldap/servers/slapd/schema.c -@@ -263,6 +263,9 @@ static PRCallOnceType schema_dse_mandatory_init_callonce = { 0, 0, 0 }; - static int parse_at_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, size_t errorbufsize, - PRUint32 schema_flags, int is_user_defined, int schema_ds4x_compat, int is_remote) - { -+ if (asipp) { -+ *asipp = NULL; -+ } - #ifdef USE_OPENLDAP - return parse_attr_str(input, asipp, errorbuf, errorbufsize, schema_flags, is_user_defined,schema_ds4x_compat,is_remote); - #else -@@ -274,6 +277,9 @@ static int parse_oc_str(const char *input, struct objclass **oc, char *errorbuf, - size_t errorbufsize, PRUint32 schema_flags, int is_user_defined, - int schema_ds4x_compat, struct objclass* private_schema ) - { -+ if (oc) { -+ *oc = NULL; -+ } - #ifdef USE_OPENLDAP - return parse_objclass_str (input, oc, errorbuf, errorbufsize, schema_flags, is_user_defined, schema_ds4x_compat, private_schema ); - #else -@@ -7146,11 +7152,15 @@ schema_berval_to_oclist(struct berval **oc_berval) - oc_list = NULL; - oc_tail = NULL; - if (oc_berval != NULL) { -+ errorbuf[0] = '\0'; - for (i = 0; oc_berval[i] != NULL; i++) { - /* parse the objectclass value */ - if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc, - errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, - schema_ds4x_compat, oc_list))) { -+ slapi_log_error(SLAPI_LOG_FATAL, "schema", -+ "parse_oc_str returned error: %s\n", -+ errorbuf[0]?errorbuf:"unknown"); - oc_free(&oc); - rc = 1; - break; -@@ -7184,11 +7194,15 @@ schema_berval_to_atlist(struct berval **at_berval) - schema_ds4x_compat = config_get_ds4_compatible_schema(); - - if (at_berval != NULL) { -+ errorbuf[0] = '\0'; - for (i = 0; at_berval[i] != NULL; i++) { - /* parse the objectclass value */ - rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf), - DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0); -- if(rc){ -+ if (rc) { -+ slapi_log_error(SLAPI_LOG_FATAL, "schema", -+ "parse_oc_str returned error: %s\n", -+ errorbuf[0]?errorbuf:"unknown"); - attr_syntax_free(at); - break; - } --- -2.4.11 - diff --git a/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch b/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch deleted file mode 100644 index d70e6b0..0000000 --- a/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch +++ /dev/null @@ -1,218 +0,0 @@ -From bc3328ebbe1b8279f77ad1020bce9fb638d4c94c Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Fri, 8 Apr 2016 14:17:12 -0700 -Subject: [PATCH 91/93] Ticket #48492 - heap corruption at schema replication. - -Bug Description: If nsslapd-enquote-sup-oc is on, the server is supposed to -handle the quoted SYNTAX values although the spec is deprecated. Currently, -if nsslapd-enquote-sup-oc is on, it wraps SYNTAX values with quotes, but the -information is not passed to the openldap schema parser where the parsing the -schema fails. - -Fix Description: This patch passes the info (flag LDAP_SCHEMA_ALLOW_QUOTED) -to the openldap API ldap_str2attributetype if nsslapd-enquote-sup-oc is on. - -Additionally, to support the old style quoted SYNTAX values in the schema -files, loading the schema has to get the enquote information prior to the -configuration parameters evaluated. To pass the information, this patch -accepts the environment variable LDAP_SCHEMA_ALLOW_QUOTED. If it is defined -with any value, old style schema files are processed. - -To set the environment variable, add - LDAP_SCHEMA_ALLOW_QUOTED="on" -to /etc/sysconfig/dirsrv-INSTANCE. - -https://fedorahosted.org/389/ticket/48492 - -Reviewed by firstyear@redhat.com (Thank you, William!!) - -(cherry picked from commit 955dc66d42511c2cc8d6ff18cf030508f6da2770) -(cherry picked from commit 7927e4420fb185ae328d56cfd4741583ae1f667b) ---- - ldap/servers/slapd/schema.c | 66 ++++++++++++++++++++++++++++++++++----------- - 1 file changed, 51 insertions(+), 15 deletions(-) - -diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c -index dd56599..806c38d 100644 ---- a/ldap/servers/slapd/schema.c -+++ b/ldap/servers/slapd/schema.c -@@ -1638,6 +1638,16 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg) - } - - if ( !aew->schema_ds4x_compat ) { -+#if defined (USE_OPENLDAP) -+ /* -+ * These values in quotes are not supported by the openldap parser. -+ * Even if nsslapd-enquote-sup-oc is on, quotes should not be added. -+ */ -+ outp += put_tagged_oid( outp, "SUP ", asip->asi_superior, NULL, 0 ); -+ outp += put_tagged_oid( outp, "EQUALITY ", asip->asi_mr_equality, NULL, 0 ); -+ outp += put_tagged_oid( outp, "ORDERING ", asip->asi_mr_ordering, NULL, 0 ); -+ outp += put_tagged_oid( outp, "SUBSTR ", asip->asi_mr_substring, NULL, 0 ); -+#else - outp += put_tagged_oid( outp, "SUP ", - asip->asi_superior, NULL, aew->enquote_sup_oc ); - outp += put_tagged_oid( outp, "EQUALITY ", -@@ -1646,6 +1656,7 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg) - asip->asi_mr_ordering, NULL, aew->enquote_sup_oc ); - outp += put_tagged_oid( outp, "SUBSTR ", - asip->asi_mr_substring, NULL, aew->enquote_sup_oc ); -+#endif - } - - outp += put_tagged_oid( outp, "SYNTAX ", syntaxoid, syntaxlengthbuf, -@@ -4105,7 +4116,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, - char **attr_names = NULL; - unsigned long flags = SLAPI_ATTR_FLAG_OVERRIDE; - /* If we ever accept openldap schema directly, then make parser_flags configurable */ -- const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID; -+ unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID; - int invalid_syntax_error; - int syntaxlength = SLAPI_SYNTAXLENGTH_NONE; - int num_names = 0; -@@ -4113,6 +4124,17 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, - int rc = 0; - int a, aa; - -+ if (config_get_enquote_sup_oc()) { -+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED; -+ } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) { -+ char ebuf[SLAPI_DSE_RETURNTEXT_SIZE]; -+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED; -+ if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) { -+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n", -+ CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf); -+ } -+ } -+ - /* - * OpenLDAP AttributeType struct - * -@@ -4159,7 +4181,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, - /* trim any leading spaces */ - input++; - } -- if((atype = ldap_str2attributetype(input, &rc, &errp, parser_flags )) == NULL){ -+ if((atype = ldap_str2attributetype(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){ - schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at, input, - "Failed to parse attribute, error(%d - %s) at (%s)", rc, ldap_scherr2str(rc), errp ); - return invalid_syntax_error; -@@ -4478,12 +4500,23 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf, - char **OrigRequiredAttrsArray, **OrigAllowedAttrsArray; - char *first_oc_name = NULL; - /* If we ever accept openldap schema directly, then make parser_flags configurable */ -- const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID; -+ unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID; - PRUint8 flags = 0; - int invalid_syntax_error; - int i, j; - int rc = 0; - -+ if (config_get_enquote_sup_oc()) { -+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED; -+ } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) { -+ char ebuf[SLAPI_DSE_RETURNTEXT_SIZE]; -+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED; -+ if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) { -+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n", -+ CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf); -+ } -+ } -+ - /* - * openLDAP Objectclass struct - * -@@ -4521,10 +4554,10 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf, - * Parse the input and create the openLdap objectclass structure - */ - while(isspace(*input)){ -- /* trim any leading spaces */ -+ /* trim any leading spaces */ - input++; - } -- if((objClass = ldap_str2objectclass(input, &rc, &errp, parser_flags )) == NULL){ -+ if((objClass = ldap_str2objectclass(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){ - schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc, input, - "Failed to parse objectclass, error(%d) at (%s)", rc, errp ); - return invalid_syntax_error; -@@ -5592,7 +5625,7 @@ get_tagged_oid( const char *tag, const char **inputp, - PR_ASSERT( NULL != *inputp ); - PR_ASSERT( NULL != tag ); - PR_ASSERT( '\0' != tag[ 0 ] ); -- if('(' !=tag[0]) -+ if('(' !=tag[0]) - PR_ASSERT((' ' == tag[ strlen( tag ) - 1 ]) || ('(' == tag[ strlen( tag ) - 1 ])); - - if ( NULL == strstr_fn ) { -@@ -5611,8 +5644,8 @@ get_tagged_oid( const char *tag, const char **inputp, - /* skip past the leading single quote, if present */ - if ( *startp == '\'' ) { - ++startp; -- /* skip past any extra white space */ -- startp = skipWS( startp ); -+ /* skip past any extra white space */ -+ startp = skipWS( startp ); - } - - /* locate the end of the OID */ -@@ -7155,6 +7188,7 @@ schema_berval_to_oclist(struct berval **oc_berval) - errorbuf[0] = '\0'; - for (i = 0; oc_berval[i] != NULL; i++) { - /* parse the objectclass value */ -+ oc = NULL; - if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc, - errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, - schema_ds4x_compat, oc_list))) { -@@ -7197,12 +7231,13 @@ schema_berval_to_atlist(struct berval **at_berval) - errorbuf[0] = '\0'; - for (i = 0; at_berval[i] != NULL; i++) { - /* parse the objectclass value */ -+ at = NULL; - rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf), - DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0); - if (rc) { - slapi_log_error(SLAPI_LOG_FATAL, "schema", -- "parse_oc_str returned error: %s\n", -- errorbuf[0]?errorbuf:"unknown"); -+ "schema_berval_to_atlist: parse_at_str(%s) failed - %s\n", -+ at_berval[i]->bv_val, errorbuf[0]?errorbuf:"unknown"); - attr_syntax_free(at); - break; - } -@@ -7217,6 +7252,7 @@ schema_berval_to_atlist(struct berval **at_berval) - } - if (rc) { - schema_atlist_free(head); -+ head = NULL; - } - - return head; -@@ -7319,12 +7355,12 @@ schema_attributetypes_superset_check(struct berval **remote_schema, char *type) - static void - modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods) - { -- Slapi_PBlock *newpb; -+ Slapi_PBlock *newpb; - int op_result; -- CSN *schema_csn; -+ CSN *schema_csn; - -- /* allocate internal mod components: pblock*/ -- newpb = slapi_pblock_new(); -+ /* allocate internal mod components: pblock*/ -+ newpb = slapi_pblock_new(); - - slapi_modify_internal_set_pb_ext ( - newpb, -@@ -7333,7 +7369,7 @@ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods) - NULL, /* Controls */ - NULL, - (void *)plugin_get_default_component_id(), -- 0); -+ 0); - - /* do modify */ - slapi_modify_internal_pb (newpb); --- -2.4.11 - diff --git a/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch b/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch deleted file mode 100644 index 37f3621..0000000 --- a/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 39a14eaab84e7eac940d1d707cabc9610ef570c6 Mon Sep 17 00:00:00 2001 -From: Noriko Hosoi -Date: Tue, 26 Apr 2016 13:53:02 -0700 -Subject: [PATCH 92/93] Ticket #48808 - Paged results search returns the blank - list of entries - -Bug Description: When a simple paged results slot in a connection is -discarded due to an error, e.g., SIZELIMIT_EXCEEDED, the slot was not -properly cleaned up. Then, if the slot was reused, the leftover flag -confused the code and ended up returning the 0 search result. - -Fix Description: This patch adds the clean up code when a slot is re- -used. - -https://fedorahosted.org/389/ticket/48808 - -Reviewed by wibrown@redhat.com (Thank you, William!!) - -(cherry picked from commit 09180b25570696d24c86e3a046fb497c15549c64) -(cherry picked from commit a8486ab3b364a9ae088d6404d025058b04ac358d) ---- - ldap/servers/slapd/pagedresults.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c -index d394dab..52d2158 100644 ---- a/ldap/servers/slapd/pagedresults.c -+++ b/ldap/servers/slapd/pagedresults.c -@@ -124,6 +124,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb, - prp = conn->c_pagedresults.prl_list; - for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) { - if (!prp->pr_current_be) { /* unused slot; take it */ -+ _pr_cleanup_one_slot(prp); - prp->pr_current_be = be; - *index = i; - break; --- -2.4.11 - diff --git a/SOURCES/0093-Ticket-48808-Add-test-case.patch b/SOURCES/0093-Ticket-48808-Add-test-case.patch deleted file mode 100644 index 8c92d51..0000000 --- a/SOURCES/0093-Ticket-48808-Add-test-case.patch +++ /dev/null @@ -1,370 +0,0 @@ -From fc0ca25b9f143083528cc5f87dc89fe69baf38fd Mon Sep 17 00:00:00 2001 -From: Simon Pichugin -Date: Thu, 28 Apr 2016 11:49:24 +0200 -Subject: [PATCH 93/93] Ticket 48808 - Add test case - -Description: Add test case for paged results search returns the blank -list of entries issue. - -Bug description: After series of actions, paged result search that -should returns list of entries returns blank list of entries. It is -hardly reproducible manually, but it is easy to reproduce with python -automation. - -https://fedorahosted.org/389/ticket/48808 - -Reviewed by: nhosoi and wbrown (Thanks!) - -(cherry picked from commit 91f3e592713ea58602412ed773a497583f2ebd6c) -(cherry picked from commit 99b5048b09e64cea6f8bf5e7d524679960ce0a44) ---- - dirsrvtests/tests/tickets/ticket48808_test.py | 337 ++++++++++++++++++++++++++ - 1 file changed, 337 insertions(+) - create mode 100644 dirsrvtests/tests/tickets/ticket48808_test.py - -diff --git a/dirsrvtests/tests/tickets/ticket48808_test.py b/dirsrvtests/tests/tickets/ticket48808_test.py -new file mode 100644 -index 0000000..3dbceac ---- /dev/null -+++ b/dirsrvtests/tests/tickets/ticket48808_test.py -@@ -0,0 +1,337 @@ -+import time -+import ldap -+import logging -+import pytest -+from random import sample -+from ldap.controls import SimplePagedResultsControl -+from lib389 import DirSrv, Entry, tools, tasks -+from lib389.tools import DirSrvTools -+from lib389._constants import * -+from lib389.properties import * -+from lib389.tasks import * -+from lib389.utils import * -+ -+logging.getLogger(__name__).setLevel(logging.DEBUG) -+log = logging.getLogger(__name__) -+ -+TEST_USER_NAME = 'simplepaged_test' -+TEST_USER_DN = 'uid=%s,%s' % (TEST_USER_NAME, DEFAULT_SUFFIX) -+TEST_USER_PWD = 'simplepaged_test' -+ -+ -+class TopologyStandalone(object): -+ def __init__(self, standalone): -+ standalone.open() -+ self.standalone = standalone -+ -+ -+@pytest.fixture(scope="module") -+def topology(request): -+ # Creating standalone instance ... -+ standalone = DirSrv(verbose=False) -+ args_instance[SER_HOST] = HOST_STANDALONE -+ args_instance[SER_PORT] = PORT_STANDALONE -+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE -+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX -+ args_standalone = args_instance.copy() -+ standalone.allocate(args_standalone) -+ instance_standalone = standalone.exists() -+ if instance_standalone: -+ standalone.delete() -+ standalone.create() -+ standalone.open() -+ -+ # Delete each instance in the end -+ def fin(): -+ standalone.delete() -+ request.addfinalizer(fin) -+ -+ # Clear out the tmp dir -+ standalone.clearTmpDir(__file__) -+ -+ return TopologyStandalone(standalone) -+ -+ -+@pytest.fixture(scope="module") -+def test_user(topology): -+ """User for binding operation""" -+ -+ try: -+ topology.standalone.add_s(Entry((TEST_USER_DN, { -+ 'objectclass': 'top person'.split(), -+ 'objectclass': 'organizationalPerson', -+ 'objectclass': 'inetorgperson', -+ 'cn': TEST_USER_NAME, -+ 'sn': TEST_USER_NAME, -+ 'userpassword': TEST_USER_PWD, -+ 'mail': '%s@redhat.com' % TEST_USER_NAME, -+ 'uid': TEST_USER_NAME -+ }))) -+ except ldap.LDAPError as e: -+ log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN, -+ e.message['desc'])) -+ raise e -+ -+ -+def add_users(topology, users_num): -+ """Add users to the default suffix -+ and return a list of added user DNs. -+ """ -+ -+ users_list = [] -+ log.info('Adding %d users' % users_num) -+ for num in sample(range(1000), users_num): -+ num_ran = int(round(num)) -+ USER_NAME = 'test%05d' % num_ran -+ USER_DN = 'uid=%s,%s' % (USER_NAME, DEFAULT_SUFFIX) -+ users_list.append(USER_DN) -+ try: -+ topology.standalone.add_s(Entry((USER_DN, { -+ 'objectclass': 'top person'.split(), -+ 'objectclass': 'organizationalPerson', -+ 'objectclass': 'inetorgperson', -+ 'cn': USER_NAME, -+ 'sn': USER_NAME, -+ 'userpassword': 'pass%s' % num_ran, -+ 'mail': '%s@redhat.com' % USER_NAME, -+ 'uid': USER_NAME -+ }))) -+ except ldap.LDAPError as e: -+ log.error('Failed to add user (%s): error (%s)' % (USER_DN, -+ e.message['desc'])) -+ raise e -+ return users_list -+ -+ -+def del_users(topology, users_list): -+ """Delete users with DNs from given list""" -+ -+ log.info('Deleting %d users' % len(users_list)) -+ for user_dn in users_list: -+ try: -+ topology.standalone.delete_s(user_dn) -+ except ldap.LDAPError as e: -+ log.error('Failed to delete user (%s): error (%s)' % (user_dn, -+ e.message['desc'])) -+ raise e -+ -+ -+def change_conf_attr(topology, suffix, attr_name, attr_value): -+ """Change configurational attribute in the given suffix. -+ Funtion returns previous attribute value. -+ """ -+ -+ try: -+ entries = topology.standalone.search_s(suffix, ldap.SCOPE_BASE, -+ 'objectclass=top', -+ [attr_name]) -+ attr_value_bck = entries[0].data.get(attr_name) -+ log.info('Set %s to %s. Previous value - %s. Modified suffix - %s.' % ( -+ attr_name, attr_value, attr_value_bck, suffix)) -+ if attr_value is None: -+ topology.standalone.modify_s(suffix, [(ldap.MOD_DELETE, -+ attr_name, -+ attr_value)]) -+ else: -+ topology.standalone.modify_s(suffix, [(ldap.MOD_REPLACE, -+ attr_name, -+ attr_value)]) -+ except ldap.LDAPError as e: -+ log.error('Failed to change attr value (%s): error (%s)' % (attr_name, -+ e.message['desc'])) -+ raise e -+ -+ return attr_value_bck -+ -+ -+def paged_search(topology, controls, search_flt, searchreq_attrlist): -+ """Search at the DEFAULT_SUFFIX with ldap.SCOPE_SUBTREE -+ using Simple Paged Control(should the first item in the -+ list controls. -+ Return the list with results summarized from all pages -+ """ -+ -+ pages = 0 -+ pctrls = [] -+ all_results = [] -+ req_ctrl = controls[0] -+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ search_flt, -+ searchreq_attrlist, -+ serverctrls=controls) -+ while True: -+ log.info('Getting page %d' % (pages,)) -+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid) -+ all_results.extend(rdata) -+ pages += 1 -+ pctrls = [ -+ c -+ for c in rctrls -+ if c.controlType == SimplePagedResultsControl.controlType -+ ] -+ -+ if pctrls: -+ if pctrls[0].cookie: -+ # Copy cookie from response control to request control -+ req_ctrl.cookie = pctrls[0].cookie -+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ search_flt, -+ searchreq_attrlist, -+ serverctrls=controls) -+ else: -+ break # no more pages available -+ else: -+ break -+ -+ assert not pctrls[0].cookie -+ return all_results -+ -+ -+def test_ticket48808(topology, test_user): -+ log.info('Run multiple paging controls on a single connection') -+ users_num = 100 -+ page_size = 30 -+ users_list = add_users(topology, users_num) -+ search_flt = r'(uid=test*)' -+ searchreq_attrlist = ['dn', 'sn'] -+ -+ log.info('Set user bind') -+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD) -+ -+ log.info('Create simple paged results control instance') -+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='') -+ controls = [req_ctrl] -+ -+ for ii in xrange(3): -+ log.info('Iteration %d' % ii) -+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ search_flt, -+ searchreq_attrlist, -+ serverctrls=controls) -+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid) -+ pctrls = [ -+ c -+ for c in rctrls -+ if c.controlType == SimplePagedResultsControl.controlType -+ ] -+ -+ req_ctrl.cookie = pctrls[0].cookie -+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ search_flt, -+ searchreq_attrlist, -+ serverctrls=controls) -+ log.info('Set Directory Manager bind back') -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ del_users(topology, users_list) -+ -+ log.info('Abandon the search') -+ users_num = 10 -+ page_size = 0 -+ users_list = add_users(topology, users_num) -+ search_flt = r'(uid=test*)' -+ searchreq_attrlist = ['dn', 'sn'] -+ -+ log.info('Set user bind') -+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD) -+ -+ log.info('Create simple paged results control instance') -+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='') -+ controls = [req_ctrl] -+ -+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX, -+ ldap.SCOPE_SUBTREE, -+ search_flt, -+ searchreq_attrlist, -+ serverctrls=controls) -+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid) -+ pctrls = [ -+ c -+ for c in rctrls -+ if c.controlType == SimplePagedResultsControl.controlType -+ ] -+ assert not pctrls[0].cookie -+ -+ log.info('Set Directory Manager bind back') -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ del_users(topology, users_list) -+ -+ log.info("Search should fail with 'nsPagedSizeLimit = 5'" -+ "and 'nsslapd-pagedsizelimit = 15' with 10 users") -+ conf_attr = '15' -+ user_attr = '5' -+ expected_rs = ldap.SIZELIMIT_EXCEEDED -+ users_num = 10 -+ page_size = 10 -+ users_list = add_users(topology, users_num) -+ search_flt = r'(uid=test*)' -+ searchreq_attrlist = ['dn', 'sn'] -+ conf_attr_bck = change_conf_attr(topology, DN_CONFIG, -+ 'nsslapd-pagedsizelimit', conf_attr) -+ user_attr_bck = change_conf_attr(topology, TEST_USER_DN, -+ 'nsPagedSizeLimit', user_attr) -+ -+ log.info('Set user bind') -+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD) -+ -+ log.info('Create simple paged results control instance') -+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='') -+ controls = [req_ctrl] -+ -+ log.info('Expect to fail with SIZELIMIT_EXCEEDED') -+ with pytest.raises(expected_rs): -+ all_results = paged_search(topology, controls, -+ search_flt, searchreq_attrlist) -+ -+ log.info('Set Directory Manager bind back') -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ del_users(topology, users_list) -+ change_conf_attr(topology, DN_CONFIG, -+ 'nsslapd-pagedsizelimit', conf_attr_bck) -+ change_conf_attr(topology, TEST_USER_DN, -+ 'nsPagedSizeLimit', user_attr_bck) -+ -+ log.info("Search should pass with 'nsPagedSizeLimit = 15'" -+ "and 'nsslapd-pagedsizelimit = 5' with 10 users") -+ conf_attr = '5' -+ user_attr = '15' -+ users_num = 10 -+ page_size = 10 -+ users_list = add_users(topology, users_num) -+ search_flt = r'(uid=test*)' -+ searchreq_attrlist = ['dn', 'sn'] -+ conf_attr_bck = change_conf_attr(topology, DN_CONFIG, -+ 'nsslapd-pagedsizelimit', conf_attr) -+ user_attr_bck = change_conf_attr(topology, TEST_USER_DN, -+ 'nsPagedSizeLimit', user_attr) -+ -+ log.info('Set user bind') -+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD) -+ -+ log.info('Create simple paged results control instance') -+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='') -+ controls = [req_ctrl] -+ -+ log.info('Search should PASS') -+ all_results = paged_search(topology, controls, -+ search_flt, searchreq_attrlist) -+ log.info('%d results' % len(all_results)) -+ assert len(all_results) == len(users_list) -+ -+ log.info('Set Directory Manager bind back') -+ topology.standalone.simple_bind_s(DN_DM, PASSWORD) -+ del_users(topology, users_list) -+ change_conf_attr(topology, DN_CONFIG, -+ 'nsslapd-pagedsizelimit', conf_attr_bck) -+ change_conf_attr(topology, TEST_USER_DN, -+ 'nsPagedSizeLimit', user_attr_bck) -+ -+ -+if __name__ == '__main__': -+ # Run isolated -+ # -s for DEBUG mode -+ CURRENT_FILE = os.path.realpath(__file__) -+ pytest.main("-s %s" % CURRENT_FILE) --- -2.4.11 - diff --git a/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch b/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch deleted file mode 100644 index 8f1ea00..0000000 --- a/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch +++ /dev/null @@ -1,936 +0,0 @@ -From 72562d03b0f758902e0ee858fd43d5bcfbef379b Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 7 Jun 2016 10:02:42 -0400 -Subject: [PATCH] Ticket 48862 - At startup DES to AES password conversion - causes timeout in start script - -Bug Description: At server start all the backends are searches for entries that contain - DES password attributes as defined in the plugin. These are typically - unindexed searches, and if there is a very large backend this can cause - the server startup to timeout. - -Fix Description: At startup only check "cn=config" for entries with DES password attributes. - A new "conversion" task has been created that can be run after startup - to search all backends(if a suffix is not specified), or specific backends. - - dn: cn=convertPasswords, cn=des2aes,cn=tasks,cn=config - objectclass: top - objectclass: extensibleObject - suffix: dc=example,dc=com - suffix: dc=other,dc=suffix - - Another bug was discovered in pw_rever_encode() in pw.c where a "for" loop - counter was accidentially reused by a second "for" loop. This could lead - to an infinite loop/hang. - - Updated the CI test to perform the conversion task. - -https://fedorahosted.org/389/ticket/48862 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 11f55f3dd2a2c44ddf7b5be54273401add13b1bc) -(cherry picked from commit c0ad918939c40779e463b71c41ab106e7ee890e2) ---- - dirsrvtests/tickets/ticket47462_test.py | 133 ++++++++---- - ldap/servers/slapd/daemon.c | 195 +++++------------- - ldap/servers/slapd/pw.c | 4 +- - ldap/servers/slapd/task.c | 346 +++++++++++++++++++++++++++++++- - 4 files changed, 493 insertions(+), 185 deletions(-) - -diff --git a/dirsrvtests/tickets/ticket47462_test.py b/dirsrvtests/tickets/ticket47462_test.py -index 17854fa..2d2c507 100644 ---- a/dirsrvtests/tickets/ticket47462_test.py -+++ b/dirsrvtests/tickets/ticket47462_test.py -@@ -32,6 +32,7 @@ AGMT_DN = '' - USER_DN = 'cn=test_user,' + DEFAULT_SUFFIX - USER1_DN = 'cn=test_user1,' + DEFAULT_SUFFIX - TEST_REPL_DN = 'cn=test repl,' + DEFAULT_SUFFIX -+DES2AES_TASK_DN = 'cn=convert,cn=des2aes,cn=tasks,cn=config' - - - class TopologyMaster1Master2(object): -@@ -134,6 +135,11 @@ def topology(request): - # clear the tmp directory - master1.clearTmpDir(__file__) - -+ def fin(): -+ master1.delete() -+ master2.delete() -+ request.addfinalizer(fin) -+ - return TopologyMaster1Master2(master1, master2) - - -@@ -144,11 +150,9 @@ def test_ticket47462(topology): - """ - - # -- # First set config as if it's an older version. Set DES to use libdes-plugin, -- # MMR to depend on DES, delete the existing AES plugin, and set a DES password -- # for the replication agreement. -- # -- -+ # First set config as if it's an older version. Set DES to use -+ # libdes-plugin, MMR to depend on DES, delete the existing AES plugin, -+ # and set a DES password for the replication agreement. - # - # Add an extra attribute to the DES plugin args - # -@@ -168,7 +172,9 @@ def test_ticket47462(topology): - - try: - topology.master1.modify_s(MMR_PLUGIN, -- [(ldap.MOD_DELETE, 'nsslapd-plugin-depends-on-named', 'AES')]) -+ [(ldap.MOD_DELETE, -+ 'nsslapd-plugin-depends-on-named', -+ 'AES')]) - - except ldap.NO_SUCH_ATTRIBUTE: - pass -@@ -194,7 +200,8 @@ def test_ticket47462(topology): - # Get the agmt dn, and set the password - # - try: -- entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, 'objectclass=nsDS5ReplicationAgreement') -+ entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, -+ 'objectclass=nsDS5ReplicationAgreement') - if entry: - agmt_dn = entry[0].dn - log.info('Found agmt dn (%s)' % agmt_dn) -@@ -207,7 +214,8 @@ def test_ticket47462(topology): - - try: - properties = {RA_BINDPW: "password"} -- topology.master1.agreement.setProperties(None, agmt_dn, None, properties) -+ topology.master1.agreement.setProperties(None, agmt_dn, None, -+ properties) - log.info('Successfully modified replication agreement') - except ValueError: - log.error('Failed to update replica agreement: ' + AGMT_DN) -@@ -220,12 +228,14 @@ def test_ticket47462(topology): - topology.master1.add_s(Entry((USER1_DN, - {'objectclass': "top person".split(), - 'sn': 'sn', -+ 'description': 'DES value to convert', - 'cn': 'test_user'}))) - loop = 0 - ent = None - while loop <= 10: - try: -- ent = topology.master2.getEntry(USER1_DN, ldap.SCOPE_BASE, "(objectclass=*)") -+ ent = topology.master2.getEntry(USER1_DN, ldap.SCOPE_BASE, -+ "(objectclass=*)") - break - except ldap.NO_SUCH_OBJECT: - time.sleep(1) -@@ -250,7 +260,8 @@ def test_ticket47462(topology): - # Check that the restart converted existing DES credentials - # - try: -- entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, 'nsDS5ReplicaCredentials=*') -+ entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, -+ 'nsDS5ReplicaCredentials=*') - if entry: - val = entry[0].getValue('nsDS5ReplicaCredentials') - if val.startswith('{AES-'): -@@ -259,22 +270,25 @@ def test_ticket47462(topology): - log.fatal('Failed to convert credentials from DES to AES!') - assert False - else: -- log.fatal('Failed to find any entries with nsDS5ReplicaCredentials ') -+ log.fatal('Failed to find entries with nsDS5ReplicaCredentials') - assert False - except ldap.LDAPError, e: - log.fatal('Failed to search for replica credentials: ' + e.message['desc']) - assert False - - # -- # Check that the AES plugin exists, and has all the attributes listed in DES plugin. -- # The attributes might not be in the expected order so check all the attributes. -+ # Check that the AES plugin exists, and has all the attributes listed in -+ # DES plugin. The attributes might not be in the expected order so check -+ # all the attributes. - # - try: -- entry = topology.master1.search_s(AES_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*') -+ entry = topology.master1.search_s(AES_PLUGIN, ldap.SCOPE_BASE, -+ 'objectclass=*') - if not entry[0].hasValue('nsslapd-pluginarg0', 'description') and \ - not entry[0].hasValue('nsslapd-pluginarg1', 'description') and \ - not entry[0].hasValue('nsslapd-pluginarg2', 'description'): -- log.fatal('The AES plugin did not have the DES attribute copied over correctly') -+ log.fatal('The AES plugin did not have the DES attribute copied ' + -+ 'over correctly') - assert False - else: - log.info('The AES plugin was correctly setup') -@@ -286,7 +300,8 @@ def test_ticket47462(topology): - # Check that the MMR plugin was updated - # - try: -- entry = topology.master1.search_s(MMR_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*') -+ entry = topology.master1.search_s(MMR_PLUGIN, ldap.SCOPE_BASE, -+ 'objectclass=*') - if not entry[0].hasValue('nsslapd-plugin-depends-on-named', 'AES'): - log.fatal('The MMR Plugin was not correctly updated') - assert False -@@ -300,7 +315,8 @@ def test_ticket47462(topology): - # Check that the DES plugin was correctly updated - # - try: -- entry = topology.master1.search_s(DES_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*') -+ entry = topology.master1.search_s(DES_PLUGIN, ldap.SCOPE_BASE, -+ 'objectclass=*') - if not entry[0].hasValue('nsslapd-pluginPath', 'libpbe-plugin'): - log.fatal('The DES Plugin was not correctly updated') - assert False -@@ -322,7 +338,8 @@ def test_ticket47462(topology): - ent = None - while loop <= 10: - try: -- ent = topology.master2.getEntry(USER_DN, ldap.SCOPE_BASE, "(objectclass=*)") -+ ent = topology.master2.getEntry(USER_DN, ldap.SCOPE_BASE, -+ "(objectclass=*)") - break - except ldap.NO_SUCH_OBJECT: - time.sleep(1) -@@ -336,30 +353,66 @@ def test_ticket47462(topology): - log.fatal('Failed to add test user: ' + e.message['desc']) - assert False - -+ # Check the entry -+ log.info('Entry before running task...') -+ try: -+ entry = topology.master1.search_s(USER1_DN, -+ ldap.SCOPE_BASE, -+ 'objectclass=*') -+ if entry: -+ print(str(entry)) -+ else: -+ log.fatal('Failed to find entries') -+ assert False -+ except ldap.LDAPError as e: -+ log.fatal('Failed to search for entries: ' + -+ e.message['desc']) -+ assert False - --def test_ticket47462_final(topology): -- topology.master1.delete() -- topology.master2.delete() -- log.info('Testcase PASSED') -- -- --def run_isolated(): -- ''' -- run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..) -- To run isolated without py.test, you need to -- - edit this file and comment '@pytest.fixture' line before 'topology' function. -- - set the installation prefix -- - run this program -- ''' -- global installation1_prefix -- global installation2_prefix -- installation1_prefix = None -- installation2_prefix = None -+ # -+ # Test the DES2AES Task on USER1_DN -+ # -+ try: -+ topology.master1.add_s(Entry((DES2AES_TASK_DN, -+ {'objectclass': ['top', -+ 'extensibleObject'], -+ 'suffix': DEFAULT_SUFFIX, -+ 'cn': 'convert'}))) -+ except ldap.LDAPError as e: -+ log.fatal('Failed to add task entry: ' + e.message['desc']) -+ assert False - -- topo = topology(True) -- test_ticket47462(topo) -- test_ticket47462_final(topo) -+ # Wait for task -+ task_entry = Entry(DES2AES_TASK_DN) -+ (done, exitCode) = topology.master1.tasks.checkTask(task_entry, True) -+ if exitCode: -+ log.fatal("Error: des2aes task exited with %d" % (exitCode)) -+ assert False - -+ # Check the entry -+ try: -+ entry = topology.master1.search_s(USER1_DN, -+ ldap.SCOPE_BASE, -+ 'objectclass=*') -+ if entry: -+ val = entry[0].getValue('description') -+ print(str(entry[0])) -+ if val.startswith('{AES-'): -+ log.info('Task: DES credentials have been converted to AES') -+ else: -+ log.fatal('Task: Failed to convert credentials from DES to ' + -+ 'AES! (%s)' % (val)) -+ assert False -+ else: -+ log.fatal('Failed to find entries') -+ assert False -+ except ldap.LDAPError as e: -+ log.fatal('Failed to search for entries: ' + -+ e.message['desc']) -+ assert False - - if __name__ == '__main__': -- run_isolated() -+ # Run isolated -+ # -s for DEBUG mode -+ CURRENT_FILE = os.path.realpath(__file__) -+ pytest.main("-s %s" % CURRENT_FILE) -diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c -index d702129..29562ae 100644 ---- a/ldap/servers/slapd/daemon.c -+++ b/ldap/servers/slapd/daemon.c -@@ -692,14 +692,12 @@ convert_pbe_des_to_aes() - Slapi_Entry **entries = NULL; - struct slapdplugin *plugin = NULL; - char **attrs = NULL; -- char **backends = NULL; - char *val = NULL; - int converted_des_passwd = 0; -- int disable_des = 1; - int result = -1; - int have_aes = 0; - int have_des = 0; -- int i = 0, ii = 0, be_idx = 0; -+ int i = 0, ii = 0; - - /* - * Check that AES plugin is enabled, and grab all the unique -@@ -733,94 +731,56 @@ convert_pbe_des_to_aes() - - if(have_aes && have_des){ - /* -- * Build a list of all the backend dn's -+ * Find any entries in cn=config that contain DES passwords and convert -+ * them to AES - */ -- Slapi_Backend *be = NULL; -- struct suffixlist *list; -- char *cookie = NULL; -- -- LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes: " -- "Checking for DES passwords to convert to AES...\n",0,0,0); -- -- be = slapi_get_first_backend(&cookie); -- while (be){ -- int suffix_idx = 0; -- int count = slapi_counter_get_value(be->be_suffixcounter); -- -- list = be->be_suffixlist; -- for (suffix_idx = 0; list && suffix_idx < count; suffix_idx++) { -- char *suffix = (char *)slapi_sdn_get_ndn(list->be_suffix); -- if(charray_inlist(backends, suffix) || strlen(suffix) == 0){ -- list = list->next; -- continue; -- } -- charray_add(&backends, slapi_ch_strdup(suffix)); -- list = list->next; -- } -- be = slapi_get_next_backend (cookie); -- } -- slapi_ch_free ((void **)&cookie); -+ slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes", -+ "Converting DES passwords to AES...\n"); - -- /* -- * Search for the password attributes -- */ - for (i = 0; attrs && attrs[i]; i++){ - char *filter = PR_smprintf("%s=*", attrs[i]); -- /* -- * Loop over all the backends looking for the password attribute -- */ -- for(be_idx = 0; backends && backends[be_idx]; be_idx++){ -- pb = slapi_pblock_new(); -- slapi_search_internal_set_pb(pb, backends[be_idx], -- LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL, -- (void *)plugin_get_default_component_id(), -- SLAPI_OP_FLAG_IGNORE_UNINDEXED); -- slapi_search_internal_pb(pb); -- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result); -- if (LDAP_SUCCESS != result) { -- slapi_log_error(SLAPI_LOG_TRACE, "convert_pbe_des_to_aes: ", -- "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n", -- attrs[i], result, backends[be_idx]); -- slapi_free_search_results_internal(pb); -- slapi_pblock_destroy(pb); -- pb = NULL; -- continue; -- } -- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); -- for (ii = 0; entries && entries[ii]; ii++){ -- if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){ -- if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){ -- /* -- * We have a DES encoded password, convert it AES -- */ -- Slapi_PBlock *mod_pb = NULL; -- Slapi_Value *sval = NULL; -- LDAPMod mod_replace; -- LDAPMod *mods[2]; -- char *replace_val[2]; -- char *passwd = NULL; -- -- /* decode the DES password */ -- if(pw_rever_decode(val, &passwd, attrs[i]) == -1){ -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "Failed to decode existing DES password for (%s)\n", -- slapi_entry_get_dn(entries[ii]), 0, 0); -- disable_des = 0; -- goto done; -- } - -- /* encode the password */ -+ pb = slapi_pblock_new(); -+ slapi_search_internal_set_pb(pb, "cn=config", -+ LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL, -+ (void *)plugin_get_default_component_id(), -+ SLAPI_OP_FLAG_IGNORE_UNINDEXED); -+ slapi_search_internal_pb(pb); -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); -+ for (ii = 0; entries && entries[ii]; ii++){ -+ if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){ -+ if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){ -+ /* -+ * We have a DES encoded password, convert it to AES -+ */ -+ Slapi_PBlock *mod_pb = NULL; -+ Slapi_Value *sval = NULL; -+ LDAPMod mod_replace; -+ LDAPMod *mods[2]; -+ char *replace_val[2]; -+ char *passwd = NULL; -+ int rc = 0; -+ -+ /* decode the DES password */ -+ if(pw_rever_decode(val, &passwd, attrs[i]) == -1){ -+ slapi_log_error(SLAPI_LOG_FATAL ,"convert_pbe_des_to_aes", -+ "Failed to decode existing DES password for (%s)\n", -+ slapi_entry_get_dn(entries[ii])); -+ rc = -1; -+ } -+ -+ /* encode the password */ -+ if (rc == 0){ - sval = slapi_value_new_string(passwd); - if(pw_rever_encode(&sval, attrs[i]) == -1){ -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -+ slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes", - "failed to encode AES password for (%s)\n", -- slapi_entry_get_dn(entries[ii]), 0, 0); -- slapi_ch_free_string(&passwd); -- slapi_value_free(&sval); -- disable_des = 0; -- goto done; -+ slapi_entry_get_dn(entries[ii])); -+ rc = -1; - } -+ } - -+ if (rc == 0){ - /* replace the attribute in the entry */ - replace_val[0] = (char *)slapi_value_get_string(sval); - replace_val[1] = NULL; -@@ -837,83 +797,34 @@ convert_pbe_des_to_aes() - - slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result); - if (LDAP_SUCCESS != result) { -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -+ slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes" - "Failed to convert password for (%s) error (%d)\n", -- slapi_entry_get_dn(entries[ii]), result, 0); -- disable_des = 0; -+ slapi_entry_get_dn(entries[ii]), result); - } else { -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -+ slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes", - "Successfully converted password for (%s)\n", -- slapi_entry_get_dn(entries[ii]), result, 0); -+ slapi_entry_get_dn(entries[ii])); - converted_des_passwd = 1; - } -- slapi_ch_free_string(&passwd); -- slapi_value_free(&sval); -- slapi_pblock_destroy(mod_pb); - } -- slapi_ch_free_string(&val); -+ slapi_ch_free_string(&passwd); -+ slapi_value_free(&sval); -+ slapi_pblock_destroy(mod_pb); - } -+ slapi_ch_free_string(&val); - } -- slapi_free_search_results_internal(pb); -- slapi_pblock_destroy(pb); -- pb = NULL; - } -+ slapi_free_search_results_internal(pb); -+ slapi_pblock_destroy(pb); -+ pb = NULL; - slapi_ch_free_string(&filter); - } - if (!converted_des_passwd){ -- slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes", -+ slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes", - "No DES passwords found to convert.\n"); - } - } -- --done: - charray_free(attrs); -- charray_free(backends); -- slapi_free_search_results_internal(pb); -- slapi_pblock_destroy(pb); -- -- if (have_aes && have_des){ -- /* -- * If a conversion attempt did not fail then we can disable the DES plugin -- */ -- if(converted_des_passwd && disable_des){ -- /* -- * Disable the DES plugin - this also prevents potentially expensive -- * searches at every server startup. -- */ -- LDAPMod mod_replace; -- LDAPMod *mods[2]; -- char *replace_val[2]; -- char *des_dn = "cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config"; -- -- replace_val[0] = "off"; -- replace_val[1] = NULL; -- mod_replace.mod_op = LDAP_MOD_REPLACE; -- mod_replace.mod_type = "nsslapd-pluginEnabled"; -- mod_replace.mod_values = replace_val; -- mods[0] = &mod_replace; -- mods[1] = 0; -- -- pb = slapi_pblock_new(); -- slapi_modify_internal_set_pb(pb, des_dn, mods, 0, 0, -- (void *)plugin_get_default_component_id(), 0); -- slapi_modify_internal_pb(pb); -- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result); -- if (LDAP_SUCCESS != result) { -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "Failed to disable DES plugin (%s), error (%d)\n", -- des_dn, result, 0); -- } else { -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "Successfully disabled DES plugin (%s)\n", -- des_dn, 0, 0); -- } -- slapi_pblock_destroy(pb); -- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: " -- "All DES passwords have been converted to AES.\n", -- 0, 0, 0); -- } -- } - } - - #ifdef ENABLE_NUNC_STANS -diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c -index 4e222d7..883ef80 100644 ---- a/ldap/servers/slapd/pw.c -+++ b/ldap/servers/slapd/pw.c -@@ -516,10 +516,10 @@ pw_rever_encode(Slapi_Value **vals, char * attr_name) - for ( p = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME); p != NULL; p = p->plg_next ) - { - char *L_attr = NULL; -- int i = 0; -+ int i = 0, ii = 0; - - /* Get the appropriate encoding function */ -- for ( L_attr = p->plg_argv[i]; iplg_argc; L_attr = p->plg_argv[++i] ) -+ for ( L_attr = p->plg_argv[ii]; iiplg_argc; L_attr = p->plg_argv[++ii] ) - { - if (slapi_attr_types_equivalent(L_attr, attr_name)) - { -diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c -index db3c222..405f0bf 100644 ---- a/ldap/servers/slapd/task.c -+++ b/ldap/servers/slapd/task.c -@@ -53,6 +53,8 @@ static int shutting_down = 0; - #define TASK_TOMBSTONE_FIXUP_BACKEND "backend" - #define TASK_TOMBSTONE_FIXUP_SUFFIX "suffix" - #define TASK_TOMBSTONE_FIXUP_STRIPCSN "stripcsn" -+#define TASK_DES2AES "des2aes task" -+ - - #define LOG_BUFFER 256 - /* if the cumul. log gets larger than this, it's truncated: */ -@@ -83,8 +85,10 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname, - const char *default_val); - static Slapi_Entry *get_internal_entry(Slapi_PBlock *pb, char *dn); - static void modify_internal_entry(char *dn, LDAPMod **mods); -- - static void fixup_tombstone_task_destructor(Slapi_Task *task); -+static void task_des2aes_thread(void *arg); -+static void des2aes_task_destructor(Slapi_Task *task); -+ - - /*********************************** - * Public Functions -@@ -2425,6 +2429,345 @@ fixup_tombstone_task_destructor(Slapi_Task *task) - "fixup_tombstone_task_destructor <--\n" ); - } - -+/* -+ * des2aes Task -+ * -+ * Convert any DES passwords to AES -+ * -+ * dn: cn=convertPasswords, cn=des2aes,cn=tasks,cn=config -+ * objectclass: top -+ * objectclass: extensibleObject -+ * suffix: dc=example,dc=com (If empty all backends are checked) -+ * suffix: dc=other,dc=suffix -+ */ -+struct task_des2aes_data -+{ -+ char **suffixes; -+ Slapi_Task *task; -+}; -+ -+static int -+task_des2aes(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, -+ int *returncode, char *returntext, void *arg) -+{ -+ struct task_des2aes_data *task_data = NULL; -+ PRThread *thread = NULL; -+ Slapi_Task *task = NULL; -+ char **suffix = NULL; -+ char **bases = NULL; -+ int rc = SLAPI_DSE_CALLBACK_OK; -+ -+ /* Get the suffixes */ -+ if((suffix = slapi_entry_attr_get_charray(e, "suffix"))){ -+ int i; -+ for (i = 0; suffix && suffix[i]; i++){ -+ /* Make sure "suffix" is NUL terminated string */ -+ char *dn = slapi_create_dn_string("%s", suffix[i]); -+ -+ if(dn){ -+ if(slapi_dn_syntax_check(pb, dn, 1)){ -+ /* invalid suffix name */ -+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, -+ "Invalid DN syntax (%s) specified for \"suffix\"\n", -+ suffix[i]); -+ *returncode = LDAP_INVALID_DN_SYNTAX; -+ slapi_ch_free_string(&dn); -+ rc = SLAPI_DSE_CALLBACK_ERROR; -+ goto error; -+ } else { -+ slapi_ch_array_add(&bases, dn); -+ } -+ } else{ -+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, -+ "Invalid DN (%s) specified for \"suffix\"\n", suffix[i]); -+ *returncode = LDAP_INVALID_DN_SYNTAX; -+ rc = SLAPI_DSE_CALLBACK_ERROR; -+ goto error; -+ } -+ } -+ } -+ -+ /* Build the task data and fire off a thread to perform the conversion */ -+ task = slapi_new_task(slapi_entry_get_ndn(e)); -+ -+ /* register our destructor for cleaning up our private data */ -+ slapi_task_set_destructor_fn(task, des2aes_task_destructor); -+ task_data = (struct task_des2aes_data *)slapi_ch_calloc(1, sizeof(struct task_des2aes_data)); -+ task_data->suffixes = bases; -+ task_data->task = task; -+ -+ /* Start the conversion thread */ -+ thread = PR_CreateThread(PR_USER_THREAD, task_des2aes_thread, -+ (void *)task_data, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, -+ PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE); -+ if (thread == NULL) { -+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, -+ "unable to create des2aes thread!\n"); -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "unable to create des2aes thread!\n"); -+ *returncode = LDAP_OPERATIONS_ERROR; -+ slapi_task_finish(task, *returncode); -+ rc = SLAPI_DSE_CALLBACK_ERROR; -+ } -+ -+error: -+ if (rc == SLAPI_DSE_CALLBACK_ERROR){ -+ slapi_ch_array_free(bases); -+ slapi_ch_array_free(suffix); -+ slapi_ch_free((void **)&task_data); -+ } -+ return rc; -+} -+ -+static void -+task_des2aes_thread(void *arg) -+{ -+ struct task_des2aes_data *task_data = arg; -+ Slapi_PBlock *pb = NULL; -+ Slapi_Entry **entries = NULL; -+ Slapi_Task *task = task_data->task; -+ struct slapdplugin *plugin = NULL; -+ char **attrs = NULL; -+ char **backends = NULL; -+ char *val = NULL; -+ int converted_des_passwd = 0; -+ int result = -1; -+ int have_aes = 0; -+ int have_des = 0; -+ int i = 0, ii = 0, be_idx = 0; -+ int rc = 0; -+ -+ /* -+ * Check that AES plugin is enabled, and grab all the unique -+ * password attributes. -+ */ -+ for ( plugin = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME); -+ plugin != NULL; -+ plugin = plugin->plg_next ) -+ { -+ char *plugin_arg = NULL; -+ -+ if(plugin->plg_started && strcasecmp(plugin->plg_name, "AES") == 0){ -+ /* We have the AES plugin, and its enabled */ -+ have_aes = 1; -+ } -+ if(plugin->plg_started && strcasecmp(plugin->plg_name, "DES") == 0){ -+ /* We have the DES plugin, and its enabled */ -+ have_des = 1; -+ } -+ /* Gather all the unique password attributes from all the PBE plugins */ -+ for ( i = 0, plugin_arg = plugin->plg_argv[i]; -+ i < plugin->plg_argc; -+ plugin_arg = plugin->plg_argv[++i] ) -+ { -+ if(charray_inlist(attrs, plugin_arg)){ -+ continue; -+ } -+ charray_add(&attrs, slapi_ch_strdup(plugin_arg)); -+ } -+ } -+ -+ if(have_aes && have_des){ -+ if(task_data->suffixes == NULL){ -+ /* -+ * Build a list of all the backend dn's -+ */ -+ Slapi_Backend *be = NULL; -+ struct suffixlist *list; -+ char *cookie = NULL; -+ -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "Checking for DES passwords to convert to AES...\n"); -+ slapi_task_log_notice(task, -+ "Checking for DES passwords to convert to AES...\n"); -+ -+ be = slapi_get_first_backend(&cookie); -+ while (be){ -+ int suffix_idx = 0; -+ int count = slapi_counter_get_value(be->be_suffixcounter); -+ -+ list = be->be_suffixlist; -+ for (suffix_idx = 0; list && suffix_idx < count; suffix_idx++) { -+ char *suffix = (char *)slapi_sdn_get_ndn(list->be_suffix); -+ if(charray_inlist(backends, suffix) || strlen(suffix) == 0){ -+ list = list->next; -+ continue; -+ } -+ charray_add(&backends, slapi_ch_strdup(suffix)); -+ list = list->next; -+ } -+ be = slapi_get_next_backend (cookie); -+ } -+ slapi_ch_free ((void **)&cookie); -+ } else { -+ backends = task_data->suffixes; -+ } -+ -+ /* -+ * Search for the password attributes -+ */ -+ for (i = 0; attrs && attrs[i]; i++){ -+ char *filter = PR_smprintf("%s=*", attrs[i]); -+ /* -+ * Loop over all the backends looking for the password attribute -+ */ -+ for(be_idx = 0; backends && backends[be_idx]; be_idx++){ -+ pb = slapi_pblock_new(); -+ slapi_search_internal_set_pb(pb, backends[be_idx], -+ LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL, -+ (void *)plugin_get_default_component_id(), -+ SLAPI_OP_FLAG_IGNORE_UNINDEXED); -+ slapi_search_internal_pb(pb); -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result); -+ if (LDAP_SUCCESS != result) { -+ slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes: ", -+ "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n", -+ attrs[i], result, backends[be_idx]); -+ slapi_task_log_notice(task, -+ "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n", -+ attrs[i], result, backends[be_idx]); -+ slapi_free_search_results_internal(pb); -+ slapi_pblock_destroy(pb); -+ pb = NULL; -+ continue; -+ } -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); -+ for (ii = 0; entries && entries[ii]; ii++){ -+ if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){ -+ if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){ -+ /* -+ * We have a DES encoded password, convert it AES -+ */ -+ Slapi_PBlock *mod_pb = NULL; -+ Slapi_Value *sval = NULL; -+ LDAPMod mod_replace; -+ LDAPMod *mods[2]; -+ char *replace_val[2]; -+ char *passwd = NULL; -+ -+ /* Decode the DES password */ -+ if(pw_rever_decode(val, &passwd, attrs[i]) == -1){ -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "Failed to decode existing DES password for (%s)\n", -+ slapi_entry_get_dn(entries[ii])); -+ slapi_task_log_notice(task, -+ "Failed to decode existing DES password for (%s)\n", -+ slapi_entry_get_dn(entries[ii])); -+ rc = 1; -+ goto done; -+ } -+ -+ /* Encode the password */ -+ sval = slapi_value_new_string(passwd); -+ if(pw_rever_encode(&sval, attrs[i]) == -1){ -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "failed to encode AES password for (%s)\n", -+ slapi_entry_get_dn(entries[ii])); -+ slapi_task_log_notice(task, -+ "failed to encode AES password for (%s)\n", -+ slapi_entry_get_dn(entries[ii])); -+ slapi_ch_free_string(&passwd); -+ slapi_value_free(&sval); -+ rc = 1; -+ goto done; -+ } -+ -+ /* Replace the attribute in the entry */ -+ replace_val[0] = (char *)slapi_value_get_string(sval); -+ replace_val[1] = NULL; -+ mod_replace.mod_op = LDAP_MOD_REPLACE; -+ mod_replace.mod_type = attrs[i]; -+ mod_replace.mod_values = replace_val; -+ mods[0] = &mod_replace; -+ mods[1] = 0; -+ -+ mod_pb = slapi_pblock_new(); -+ slapi_modify_internal_set_pb(mod_pb, slapi_entry_get_dn(entries[ii]), -+ mods, 0, 0, (void *)plugin_get_default_component_id(), 0); -+ slapi_modify_internal_pb(mod_pb); -+ -+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result); -+ if (LDAP_SUCCESS != result) { -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "Failed to convert password for (%s) error (%d)\n", -+ slapi_entry_get_dn(entries[ii]), result); -+ slapi_task_log_notice(task, -+ "Failed to convert password for (%s) error (%d)\n", -+ slapi_entry_get_dn(entries[ii]), result); -+ rc = 1; -+ } else { -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "Successfully converted password for (%s)\n", -+ slapi_entry_get_dn(entries[ii])); -+ slapi_task_log_notice(task, -+ "Successfully converted password for (%s)\n", -+ slapi_entry_get_dn(entries[ii])); -+ converted_des_passwd = 1; -+ } -+ slapi_ch_free_string(&passwd); -+ slapi_value_free(&sval); -+ slapi_pblock_destroy(mod_pb); -+ } -+ slapi_ch_free_string(&val); -+ } -+ } -+ slapi_free_search_results_internal(pb); -+ slapi_pblock_destroy(pb); -+ pb = NULL; -+ } -+ slapi_ch_free_string(&filter); -+ } -+ if (!converted_des_passwd){ -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "No DES passwords found to convert.\n"); -+ slapi_task_log_notice(task, "No DES passwords found to convert.\n"); -+ } -+ } else { -+ /* No AES/DES */ -+ if (!have_des){ -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "DES plugin not enabled\n"); -+ slapi_task_log_notice(task, "DES plugin not enabled\n"); -+ } -+ if (!have_aes){ -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "AES plugin not enabled\n"); -+ slapi_task_log_notice(task, "AES plugin not enabled\n"); -+ } -+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES, -+ "Unable to convert passwords\n"); -+ slapi_task_log_notice(task, "Unable to convert passwords\n"); -+ rc = 1; -+ } -+ -+done: -+ charray_free(attrs); -+ charray_free(backends); -+ slapi_free_search_results_internal(pb); -+ slapi_pblock_destroy(pb); -+ slapi_task_finish(task, rc); -+} -+ -+static void -+des2aes_task_destructor(Slapi_Task *task) -+{ -+ slapi_log_error(SLAPI_LOG_TRACE, TASK_DES2AES, -+ "des2aes_task_destructor -->\n" ); -+ if (task) { -+ struct task_des2aes_data *task_data = (struct task_des2aes_data *)slapi_task_get_data(task); -+ while (slapi_task_get_refcount(task) > 0) { -+ /* Yield to wait for the task to finish. */ -+ DS_Sleep (PR_MillisecondsToInterval(100)); -+ } -+ if (task_data) { -+ slapi_ch_array_free(task_data->suffixes); -+ slapi_ch_free((void **)&task_data); -+ } -+ } -+ slapi_log_error(SLAPI_LOG_TRACE, TASK_DES2AES, -+ "des2aes_task_destructor <--\n" ); -+} -+ - /* cleanup old tasks that may still be in the DSE from a previous session - * (this can happen if the server crashes [no matter how unlikely we like - * to think that is].) -@@ -2506,6 +2849,7 @@ void task_init(void) - slapi_task_register_handler("upgradedb", task_upgradedb_add); - slapi_task_register_handler("sysconfig reload", task_sysconfig_reload_add); - slapi_task_register_handler("fixup tombstones", task_fixup_tombstones_add); -+ slapi_task_register_handler("des2aes", task_des2aes); - } - - /* called when the server is shutting down -- abort all existing tasks */ --- -2.4.11 - diff --git a/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch b/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch deleted file mode 100644 index c6fda99..0000000 --- a/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch +++ /dev/null @@ -1,744 +0,0 @@ -From a39e2b7cba91b9f13fe54123b7e8b510bf5bcee8 Mon Sep 17 00:00:00 2001 -From: Ludwig Krispenz -Date: Wed, 8 Jun 2016 11:28:07 +0200 -Subject: [PATCH 95/99] Ticket 48766 - Replication changelog can incorrectly - skip over updates - -Bug Description: - The changelog iterator uses a buffer to load and send changes, when the buffer is empty - there were scenarios when the straing point for reloading the buffer was incorrectly set - and changes were skipped - -Fix Description: reworked clcach buffer code following design at - http://www.port389.org/docs/389ds/design/changelog-processing-in-repl-state-sending-updates.html - -https://fedorahosted.org/389/ticket/48766 - -Reviewed by: Mark and Thierry, thanks - -(cherry picked from commit b08df71aa9eb18572f58e55e8d6b9ef7fe181773) -(cherry picked from commit ec15a75ccdba713e4d74dcd760e3244ba43b6191) ---- - ldap/servers/plugins/replication/cl5_api.c | 171 +++------------ - ldap/servers/plugins/replication/cl5_clcache.c | 292 +++++++++++++++---------- - ldap/servers/plugins/replication/cl5_clcache.h | 2 +- - 3 files changed, 214 insertions(+), 251 deletions(-) - -diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c -index ae23353..3adaf86 100644 ---- a/ldap/servers/plugins/replication/cl5_api.c -+++ b/ldap/servers/plugins/replication/cl5_api.c -@@ -5489,18 +5489,13 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum - { - CLC_Buffer *clcache = NULL; - CL5DBFile *file; -- int i; -- CSN **csns = NULL; - CSN *startCSN = NULL; -- CSN *minCSN = NULL; - char csnStr [CSN_STRSIZE]; - int rc = CL5_SUCCESS; - Object *supplierRuvObj = NULL; - RUV *supplierRuv = NULL; -- PRBool newReplica; - PRBool haveChanges = PR_FALSE; - char *agmt_name; -- ReplicaId rid; - - PR_ASSERT (consumerRuv && replica && fileObj && iterator); - csnStr[0] = '\0'; -@@ -5528,111 +5523,32 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum - ruv_dump (supplierRuv, agmt_name, NULL); - } - -- /* -- * get the sorted list of SupplierMinCSN (if no ConsumerMaxCSN) -- * and ConsumerMaxCSN for those RIDs where consumer is not -- * up-to-date. -- */ -- csns = cl5BuildCSNList (consumerRuv, supplierRuv); -- if (csns == NULL) -- { -- rc = CL5_NOTFOUND; -- goto done; -- } - -- /* iterate over elements of consumer's (and/or supplier's) ruv */ -- for (i = 0; csns[i]; i++) -- { -- CSN *consumerMaxCSN = NULL; -- -- rid = csn_get_replicaid(csns[i]); -- -- /* -- * Skip CSN that is originated from the consumer. -- * If RID==65535, the CSN is originated from a -- * legacy consumer. In this case the supplier -- * and the consumer may have the same RID. -- */ -- if ((rid == consumerRID && rid != MAX_REPLICA_ID) || (is_cleaned_rid(rid)) ) -- continue; -+ /* initialize the changelog buffer and do the initial load */ - -- startCSN = csns[i]; -+ rc = clcache_get_buffer ( &clcache, file->db, consumerRID, consumerRuv, supplierRuv ); -+ if ( rc != 0 ) goto done; - -- rc = clcache_get_buffer ( &clcache, file->db, consumerRID, consumerRuv, supplierRuv ); -- if ( rc != 0 ) goto done; -- -- /* This is the first loading of this iteration. For replicas -- * already known to the consumer, we exclude the last entry -- * sent to the consumer by using DB_NEXT. However, for -- * replicas new to the consumer, we include the first change -- * ever generated by that replica. -- */ -- newReplica = ruv_get_largest_csn_for_replica (consumerRuv, rid, &consumerMaxCSN); -- csn_free(&consumerMaxCSN); -- rc = clcache_load_buffer (clcache, startCSN, (newReplica ? DB_SET : DB_NEXT)); -- -- /* there is a special case which can occur just after migration - in this case, -- the consumer RUV will contain the last state of the supplier before migration, -- but the supplier will have an empty changelog, or the supplier changelog will -- not contain any entries within the consumer min and max CSN - also, since -- the purge RUV contains no CSNs, the changelog has never been purged -- ASSUMPTIONS - it is assumed that the supplier had no pending changes to send -- to any consumers; that is, we can assume that no changes were lost due to -- either changelog purging or database reload - bug# 603061 - richm@netscape.com -- */ -- if ((rc == DB_NOTFOUND) && !ruv_has_csns(file->purgeRUV)) -- { -- char mincsnStr[CSN_STRSIZE]; -- -- /* use the supplier min csn for the buffer start csn - we know -- this csn is in our changelog */ -- if ((RUV_SUCCESS == ruv_get_min_csn_ext(supplierRuv, &minCSN, 1 /* ignore cleaned rids */)) && -- minCSN) -- { /* must now free startCSN */ -- if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { -- csn_as_string(startCSN, PR_FALSE, csnStr); -- csn_as_string(minCSN, PR_FALSE, mincsnStr); -- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, -- "%s: CSN %s not found and no purging, probably a reinit\n", -- agmt_name, csnStr); -- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, -- "%s: Will try to use supplier min CSN %s to load changelog\n", -- agmt_name, mincsnStr); -- } -- startCSN = minCSN; -- rc = clcache_load_buffer (clcache, startCSN, DB_SET); -- } -- else -- { -- if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { -- csn_as_string(startCSN, PR_FALSE, csnStr); -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -- "%s: CSN %s not found and no purging, probably a reinit\n", -- agmt_name, csnStr); -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -- "%s: Could not get the min csn from the supplier RUV\n", -- agmt_name); -- } -- rc = CL5_RUV_ERROR; -- goto done; -- } -- } -+ rc = clcache_load_buffer (clcache, &startCSN); - - if (rc == 0) { -- haveChanges = PR_TRUE; -- rc = CL5_SUCCESS; -- if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { -- csn_as_string(startCSN, PR_FALSE, csnStr); -- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, -- "%s: CSN %s found, position set for replay\n", agmt_name, csnStr); -- } -- if (startCSN != csns[i]) { -- csn_free(&startCSN); -- } -- break; -+ haveChanges = PR_TRUE; -+ rc = CL5_SUCCESS; -+ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { -+ csn_as_string(startCSN, PR_FALSE, csnStr); -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, -+ "%s: CSN %s found, position set for replay\n", agmt_name, csnStr); -+ } - } -- else if (rc == DB_NOTFOUND) /* entry not found */ -- { -+ else if (rc == DB_NOTFOUND) { -+ /* buffer not loaded. -+ * either because no changes have to be sent ==> startCSN is NULL -+ * or the calculated startCSN cannot be found in the changelog -+ */ -+ if (startCSN == NULL) { -+ rc = CL5_NOTFOUND; -+ goto done; -+ } - /* check whether this csn should be present */ - rc = _cl5CheckMissingCSN (startCSN, supplierRuv, file); - if (rc == CL5_MISSING_DATA) /* we should have had the change but we don't */ -@@ -5650,17 +5566,6 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum - "%s: CSN %s not found, we aren't as up to date, or we purged\n", - agmt_name, csnStr); - } -- if (startCSN != csns[i]) { -- csn_free(&startCSN); -- } -- if (rc == CL5_MISSING_DATA) /* we should have had the change but we don't */ -- { -- break; -- } -- else /* we are not as up to date or we purged */ -- { -- continue; -- } - } - else - { -@@ -5669,34 +5574,29 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "%s: Failed to retrieve change with CSN %s; db error - %d %s\n", - agmt_name, csnStr, rc, db_strerror(rc)); -- if (startCSN != csns[i]) { -- csn_free(&startCSN); -- } - - rc = CL5_DB_ERROR; -- break; -- } -+ } - -- } /* end for */ - - /* setup the iterator */ - if (haveChanges) - { -- *iterator = (CL5ReplayIterator*) slapi_ch_calloc (1, sizeof (CL5ReplayIterator)); -+ *iterator = (CL5ReplayIterator*) slapi_ch_calloc (1, sizeof (CL5ReplayIterator)); - -- if (*iterator == NULL) -- { -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, -+ if (*iterator == NULL) -+ { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, - "%s: _cl5PositionCursorForReplay: failed to allocate iterator\n", agmt_name); -- rc = CL5_MEMORY_ERROR; -- goto done; -- } -+ rc = CL5_MEMORY_ERROR; -+ goto done; -+ } - - /* ONREPL - should we make a copy of both RUVs here ?*/ -- (*iterator)->fileObj = fileObj; -- (*iterator)->clcache = clcache; clcache = NULL; -- (*iterator)->consumerRID = consumerRID; -- (*iterator)->consumerRuv = consumerRuv; -+ (*iterator)->fileObj = fileObj; -+ (*iterator)->clcache = clcache; clcache = NULL; -+ (*iterator)->consumerRID = consumerRID; -+ (*iterator)->consumerRuv = consumerRuv; - (*iterator)->supplierRuvObj = supplierRuvObj; - } - else if (rc == CL5_SUCCESS) -@@ -5706,11 +5606,8 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum - } - - done: -- if ( clcache ) -- clcache_return_buffer ( &clcache ); -- -- if (csns) -- cl5DestroyCSNList (&csns); -+ if ( clcache ) -+ clcache_return_buffer ( &clcache ); - - if (rc != CL5_SUCCESS) - { -diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c -index b53d7c0..2d3bb28 100644 ---- a/ldap/servers/plugins/replication/cl5_clcache.c -+++ b/ldap/servers/plugins/replication/cl5_clcache.c -@@ -39,6 +39,7 @@ - #define DEFAULT_CLC_BUFFER_COUNT_MAX 0 - #define DEFAULT_CLC_BUFFER_PAGE_COUNT 32 - #define DEFAULT_CLC_BUFFER_PAGE_SIZE 1024 -+#define WORK_CLC_BUFFER_PAGE_SIZE 8*DEFAULT_CLC_BUFFER_PAGE_SIZE - - enum { - CLC_STATE_READY = 0, /* ready to iterate */ -@@ -56,8 +57,9 @@ struct csn_seq_ctrl_block { - ReplicaId rid; /* RID this block serves */ - CSN *consumer_maxcsn; /* Don't send CSN <= this */ - CSN *local_maxcsn; /* Don't send CSN > this */ -- CSN *prev_local_maxcsn; /* */ -- int state; /* CLC_STATE_* */ -+ CSN *prev_local_maxcsn; /* Copy of last state at buffer loading */ -+ CSN *local_mincsn; /* Used to determin anchor csn*/ -+ int state; /* CLC_STATE_* */ - }; - - /* -@@ -70,6 +72,8 @@ struct clc_buffer { - ReplicaId buf_consumer_rid; /* help checking threshold csn */ - const RUV *buf_consumer_ruv; /* used to skip change */ - const RUV *buf_local_ruv; /* used to refresh local_maxcsn */ -+ int buf_ignoreConsumerRID; /* how to handle updates from consumer */ -+ int buf_load_cnt; /* number of loads for session */ - - /* - * fields for retriving data from DB -@@ -90,7 +94,6 @@ struct clc_buffer { - int buf_max_cscbs; - - /* fields for debugging stat */ -- int buf_load_cnt; /* number of loads for session */ - int buf_record_cnt; /* number of changes for session */ - int buf_record_skipped; /* number of changes skipped */ - int buf_skipped_new_rid; /* number of changes skipped due to new_rid */ -@@ -133,7 +136,8 @@ struct clc_pool { - static struct clc_pool *_pool = NULL; /* process's buffer pool */ - - /* static prototypes */ --static int clcache_adjust_anchorcsn ( CLC_Buffer *buf ); -+static int clcache_initial_anchorcsn ( CLC_Buffer *buf, int *flag ); -+static int clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag ); - static void clcache_refresh_consumer_maxcsns ( CLC_Buffer *buf ); - static int clcache_refresh_local_maxcsns ( CLC_Buffer *buf ); - static int clcache_skip_change ( CLC_Buffer *buf ); -@@ -251,8 +255,23 @@ clcache_get_buffer ( CLC_Buffer **buf, DB *db, ReplicaId consumer_rid, const RUV - } - - if ( NULL != *buf ) { -+ CSN *c_csn = NULL; -+ CSN *l_csn = NULL; - (*buf)->buf_consumer_ruv = consumer_ruv; - (*buf)->buf_local_ruv = local_ruv; -+ (*buf)->buf_load_flag = DB_MULTIPLE_KEY; -+ ruv_get_largest_csn_for_replica (consumer_ruv, consumer_rid, &c_csn); -+ ruv_get_largest_csn_for_replica (local_ruv, consumer_rid, &l_csn); -+ if (l_csn && csn_compare(l_csn, c_csn) > 0) { -+ /* the supplier has updates for the consumer RID and -+ * these updates are newer than on the consumer -+ */ -+ (*buf)->buf_ignoreConsumerRID = 0; -+ } else { -+ (*buf)->buf_ignoreConsumerRID = 1; -+ } -+ csn_free(&c_csn); -+ csn_free(&l_csn); - } - else { - slapi_log_error ( SLAPI_LOG_FATAL, get_thread_private_agmtname(), -@@ -305,36 +324,25 @@ clcache_return_buffer ( CLC_Buffer **buf ) - * historic reason. - */ - int --clcache_load_buffer ( CLC_Buffer *buf, CSN *anchorcsn, int flag ) -+clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN ) - { - int rc = 0; -+ int flag = DB_NEXT; - -+ if (anchorCSN) *anchorCSN = NULL; - clcache_refresh_local_maxcsns ( buf ); - -- /* Set the loading key */ -- if ( anchorcsn ) { -+ if (buf->buf_load_cnt == 0 ) { - clcache_refresh_consumer_maxcsns ( buf ); -- buf->buf_load_flag = DB_MULTIPLE_KEY; -- csn_as_string ( anchorcsn, 0, (char*)buf->buf_key.data ); -- slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name, -- "session start: anchorcsn=%s\n", (char*)buf->buf_key.data ); -- } -- else if ( csn_get_time(buf->buf_current_csn) == 0 ) { -- /* time == 0 means this csn has never been set */ -- rc = DB_NOTFOUND; -- } -- else if ( clcache_adjust_anchorcsn ( buf ) != 0 ) { -- rc = DB_NOTFOUND; -- } -- else { -- csn_as_string ( buf->buf_current_csn, 0, (char*)buf->buf_key.data ); -- slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name, -- "load next: anchorcsn=%s\n", (char*)buf->buf_key.data ); -+ rc = clcache_initial_anchorcsn ( buf, &flag ); -+ } else { -+ rc = clcache_adjust_anchorcsn ( buf, &flag ); - } - - if ( rc == 0 ) { - - buf->buf_state = CLC_STATE_READY; -+ if (anchorCSN) *anchorCSN = buf->buf_current_csn; - rc = clcache_load_buffer_bulk ( buf, flag ); - - /* Reset some flag variables */ -@@ -344,21 +352,15 @@ clcache_load_buffer ( CLC_Buffer *buf, CSN *anchorcsn, int flag ) - buf->buf_cscbs[i]->state = CLC_STATE_READY; - } - } -- else if ( anchorcsn ) { -- /* Report error only when the missing is persistent */ -- if ( buf->buf_missing_csn && csn_compare (buf->buf_missing_csn, anchorcsn) == 0 ) { -- if (!buf->buf_prev_missing_csn || csn_compare (buf->buf_prev_missing_csn, anchorcsn)) { -- slapi_log_error ( SLAPI_LOG_FATAL, buf->buf_agmt_name, -- "Can't locate CSN %s in the changelog (DB rc=%d). If replication stops, the consumer may need to be reinitialized.\n", -- (char*)buf->buf_key.data, rc ); -- csn_dup_or_init_by_csn (&buf->buf_prev_missing_csn, anchorcsn); -- } -- } -- else { -- csn_dup_or_init_by_csn (&buf->buf_missing_csn, anchorcsn); -- } -+ else { -+ slapi_log_error ( SLAPI_LOG_FATAL, buf->buf_agmt_name, -+ "Can't locate CSN %s in the changelog (DB rc=%d). If replication stops, the consumer may need to be reinitialized.\n", -+ (char*)buf->buf_key.data, rc ); - } -+ } else if (rc == CLC_STATE_DONE) { -+ rc = DB_NOTFOUND; - } -+ - if ( rc != 0 ) { - slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name, - "clcache_load_buffer: rc=%d\n", rc ); -@@ -483,7 +485,7 @@ clcache_get_next_change ( CLC_Buffer *buf, void **key, size_t *keylen, void **da - * We're done with the current buffer. Now load the next chunk. - */ - if ( NULL == *key && CLC_STATE_READY == buf->buf_state ) { -- rc = clcache_load_buffer ( buf, NULL, DB_NEXT ); -+ rc = clcache_load_buffer ( buf, NULL ); - if ( 0 == rc && buf->buf_record_ptr ) { - DB_MULTIPLE_KEY_NEXT ( buf->buf_record_ptr, &buf->buf_data, - *key, *keylen, *data, *datalen ); -@@ -521,7 +523,6 @@ clcache_refresh_consumer_maxcsns ( CLC_Buffer *buf ) - int i; - - for ( i = 0; i < buf->buf_num_cscbs; i++ ) { -- csn_free(&buf->buf_cscbs[i]->consumer_maxcsn); - ruv_get_largest_csn_for_replica ( - buf->buf_consumer_ruv, - buf->buf_cscbs[i]->rid, -@@ -538,14 +539,11 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data ) - int i; - - rid = csn_get_replicaid ( rid_data->csn ); -- -- /* -- * No need to create cscb for consumer's RID. -- * If RID==65535, the CSN is originated from a -- * legacy consumer. In this case the supplier -- * and the consumer may have the same RID. -+ /* we do not handle updates originated at the consumer if not required -+ * and we ignore RID which have been cleaned - */ -- if ( rid == buf->buf_consumer_rid && rid != MAX_REPLICA_ID ) -+ if ( (rid == buf->buf_consumer_rid && buf->buf_ignoreConsumerRID) || -+ is_cleaned_rid(rid) ) - return rc; - - for ( i = 0; i < buf->buf_num_cscbs; i++ ) { -@@ -564,9 +562,20 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data ) - } - buf->buf_cscbs[i]->rid = rid; - buf->buf_num_cscbs++; -+ /* this is the first time we have a local change for the RID -+ * we need to check what the consumer knows about it. -+ */ -+ ruv_get_largest_csn_for_replica ( -+ buf->buf_consumer_ruv, -+ buf->buf_cscbs[i]->rid, -+ &buf->buf_cscbs[i]->consumer_maxcsn ); - } - -+ if (buf->buf_cscbs[i]->local_maxcsn) -+ csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->prev_local_maxcsn, buf->buf_cscbs[i]->local_maxcsn ); -+ - csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->local_maxcsn, rid_data->csn ); -+ csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->local_mincsn, rid_data->min_csn ); - - if ( buf->buf_cscbs[i]->consumer_maxcsn && - csn_compare (buf->buf_cscbs[i]->consumer_maxcsn, rid_data->csn) >= 0 ) { -@@ -580,88 +589,147 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data ) - static int - clcache_refresh_local_maxcsns ( CLC_Buffer *buf ) - { -- int i; - -- for ( i = 0; i < buf->buf_num_cscbs; i++ ) { -- csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->prev_local_maxcsn, -- buf->buf_cscbs[i]->local_maxcsn ); -- } - return ruv_enumerate_elements ( buf->buf_local_ruv, clcache_refresh_local_maxcsn, buf ); - } - - /* - * Algorithm: - * -- * 1. Snapshot local RUVs; -- * 2. Load buffer; -- * 3. Send to the consumer only those CSNs that are covered -- * by the RUVs snapshot taken in the first step; -- * All CSNs that are covered by the RUVs snapshot taken in the -- * first step are guaranteed in consecutive order for the respected -- * RIDs because of the the CSN pending list control; -- * A CSN that is not covered by the RUVs snapshot may be out of order -- * since it is possible that a smaller CSN might not have committed -- * yet by the time the buffer was loaded. -- * 4. Determine anchorcsn for each RID: -- * -- * Case| Local vs. Buffer | New Local | Next -- * | MaxCSN MaxCSN | MaxCSN | Anchor-CSN -- * ----+-------------------+-----------+---------------- -- * 1 | Cl >= Cb | * | Cb -- * 2 | Cl < Cb | Cl | Cb -- * 3 | Cl < Cb | Cl2 | Cl -- * -- * 5. Determine anchorcsn for next load: -+ * 1. Determine anchorcsn for each RID: -+ * 2. Determine anchorcsn for next load: - * Anchor-CSN = min { all Next-Anchor-CSN, Buffer-MaxCSN } - */ - static int --clcache_adjust_anchorcsn ( CLC_Buffer *buf ) -+clcache_initial_anchorcsn ( CLC_Buffer *buf, int *flag ) - { - PRBool hasChange = PR_FALSE; - struct csn_seq_ctrl_block *cscb; - int i; -+ CSN *anchorcsn = NULL; - - if ( buf->buf_state == CLC_STATE_READY ) { - for ( i = 0; i < buf->buf_num_cscbs; i++ ) { -+ CSN *rid_anchor = NULL; -+ int rid_flag = DB_NEXT; - cscb = buf->buf_cscbs[i]; - -- if ( cscb->state == CLC_STATE_UP_TO_DATE ) -- continue; -+ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { -+ char prevmax[CSN_STRSIZE]; -+ char local[CSN_STRSIZE]; -+ char curr[CSN_STRSIZE]; -+ char conmaxcsn[CSN_STRSIZE]; -+ csn_as_string(cscb->prev_local_maxcsn, 0, prevmax); -+ csn_as_string(cscb->local_maxcsn, 0, local); -+ csn_as_string(buf->buf_current_csn, 0, curr); -+ csn_as_string(cscb->consumer_maxcsn, 0, conmaxcsn); -+ slapi_log_error(SLAPI_LOG_REPL, "clcache_initial_anchorcsn" , -+ "%s - (cscb %d - state %d) - csnPrevMax (%s) " -+ "csnMax (%s) csnBuf (%s) csnConsumerMax (%s)\n", -+ buf->buf_agmt_name, i, cscb->state, prevmax, local, -+ curr, conmaxcsn); -+ } - -- /* -- * Case 3 unsafe ruv change: next buffer load should start -- * from where the maxcsn in the old ruv was. Since each -- * cscb has remembered the maxcsn sent to the consumer, -- * CSNs that may be loaded again could easily be skipped. -- */ -- if ( cscb->prev_local_maxcsn && -- csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) < 0 && -- csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) != 0 ) { -+ if (cscb->consumer_maxcsn == NULL) { -+ /* the consumer hasn't seen changes for this RID */ -+ rid_anchor = cscb->local_mincsn; -+ rid_flag = DB_SET; -+ } else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) { -+ rid_anchor = cscb->consumer_maxcsn; -+ } -+ -+ if (rid_anchor && (anchorcsn == NULL || -+ ( csn_compare(rid_anchor, anchorcsn) < 0))) { -+ anchorcsn = rid_anchor; -+ *flag = rid_flag; - hasChange = PR_TRUE; -- cscb->state = CLC_STATE_READY; -- csn_init_by_csn ( buf->buf_current_csn, cscb->prev_local_maxcsn ); -- csn_as_string ( cscb->prev_local_maxcsn, 0, (char*)buf->buf_key.data ); -- slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name, -- "adjust anchor csn upon %s\n", -- ( cscb->state == CLC_STATE_CSN_GT_RUV ? "out of sequence csn" : "unsafe ruv change") ); -- continue; - } - -- /* -- * check if there are still changes to send for this RID -- * Assume we had compared the local maxcsn and the consumer -- * max csn before this function was called and hence the -- * cscb->state had been set accordingly. -- */ -- if ( hasChange == PR_FALSE && -- csn_compare (cscb->local_maxcsn, buf->buf_current_csn) > 0 ) { -+ -+ } -+ } -+ -+ if ( !hasChange ) { -+ buf->buf_state = CLC_STATE_DONE; -+ } else { -+ csn_init_by_csn(buf->buf_current_csn, anchorcsn); -+ csn_as_string(buf->buf_current_csn, 0, (char *)buf->buf_key.data); -+ slapi_log_error(SLAPI_LOG_REPL, "clcache_initial_anchorcsn", -+ "anchor is now: %s\n", (char *)buf->buf_key.data); -+ } -+ -+ return buf->buf_state; -+} -+ -+static int -+clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag ) -+{ -+ PRBool hasChange = PR_FALSE; -+ struct csn_seq_ctrl_block *cscb; -+ int i; -+ CSN *anchorcsn = NULL; -+ -+ if ( buf->buf_state == CLC_STATE_READY ) { -+ for ( i = 0; i < buf->buf_num_cscbs; i++ ) { -+ CSN *rid_anchor = NULL; -+ int rid_flag = DB_NEXT; -+ cscb = buf->buf_cscbs[i]; -+ -+ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { -+ char prevmax[CSN_STRSIZE]; -+ char local[CSN_STRSIZE]; -+ char curr[CSN_STRSIZE]; -+ char conmaxcsn[CSN_STRSIZE]; -+ csn_as_string(cscb->prev_local_maxcsn, 0, prevmax); -+ csn_as_string(cscb->local_maxcsn, 0, local); -+ csn_as_string(buf->buf_current_csn, 0, curr); -+ csn_as_string(cscb->consumer_maxcsn, 0, conmaxcsn); -+ slapi_log_error(SLAPI_LOG_REPL, "clcache_adjust_anchorcsn" , -+ "%s - (cscb %d - state %d) - csnPrevMax (%s) " -+ "csnMax (%s) csnBuf (%s) csnConsumerMax (%s)\n", -+ buf->buf_agmt_name, i, cscb->state, prevmax, local, -+ curr, conmaxcsn); -+ } -+ -+ if (csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 || -+ csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) > 0 ) { -+ if (csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) { -+ rid_anchor = buf->buf_current_csn; -+ } -+ } else { -+ /* prev local max csn < csnBuffer AND different from local maxcsn */ -+ if (cscb->prev_local_maxcsn == NULL) { -+ if (cscb->consumer_maxcsn == NULL) { -+ /* the consumer hasn't seen changes for this RID */ -+ rid_anchor = cscb->local_mincsn; -+ rid_flag = DB_SET; -+ } else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) { -+ rid_anchor = cscb->consumer_maxcsn; -+ } -+ } else { -+ /* csnPrevMaxSup > 0 */ -+ rid_anchor = cscb->consumer_maxcsn; -+ } -+ } -+ -+ if (rid_anchor && (anchorcsn == NULL || -+ ( csn_compare(rid_anchor, anchorcsn) < 0))) { -+ anchorcsn = rid_anchor; -+ *flag = rid_flag; - hasChange = PR_TRUE; - } -+ -+ - } - } - - if ( !hasChange ) { - buf->buf_state = CLC_STATE_DONE; -+ } else { -+ csn_init_by_csn(buf->buf_current_csn, anchorcsn); -+ csn_as_string(buf->buf_current_csn, 0, (char *)buf->buf_key.data); -+ slapi_log_error(SLAPI_LOG_REPL, "clcache_adjust_anchorcsn", -+ "anchor is now: %s\n", (char *)buf->buf_key.data); - } - - return buf->buf_state; -@@ -675,7 +743,6 @@ clcache_skip_change ( CLC_Buffer *buf ) - int skip = 1; - int i; - char buf_cur_csn_str[CSN_STRSIZE]; -- char oth_csn_str[CSN_STRSIZE]; - - do { - -@@ -688,25 +755,14 @@ clcache_skip_change ( CLC_Buffer *buf ) - * legacy consumer. In this case the supplier - * and the consumer may have the same RID. - */ -- if (rid == buf->buf_consumer_rid && rid != MAX_REPLICA_ID){ -- CSN *cons_maxcsn = NULL; -- -- ruv_get_max_csn(buf->buf_consumer_ruv, &cons_maxcsn); -- if ( csn_compare ( buf->buf_current_csn, cons_maxcsn) > 0 ) { -- /* -- * The consumer must have been "restored" and needs this newer update. -- */ -- skip = 0; -- } else if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { -+ if (rid == buf->buf_consumer_rid && buf->buf_ignoreConsumerRID){ -+ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { - csn_as_string(buf->buf_current_csn, 0, buf_cur_csn_str); -- csn_as_string(cons_maxcsn, 0, oth_csn_str); - slapi_log_error(SLAPI_LOG_REPL, buf->buf_agmt_name, -- "Skipping update because the changelog buffer current csn [%s] is " -- "less than or equal to the consumer max csn [%s]\n", -- buf_cur_csn_str, oth_csn_str); -+ "Skipping update because the consumer with Rid: [%d] is " -+ "ignored\n", rid); - buf->buf_skipped_csn_gt_cons_maxcsn++; - } -- csn_free(&cons_maxcsn); - break; - } - -@@ -821,6 +877,7 @@ clcache_free_cscb ( struct csn_seq_ctrl_block ** cscb ) - csn_free ( & (*cscb)->consumer_maxcsn ); - csn_free ( & (*cscb)->local_maxcsn ); - csn_free ( & (*cscb)->prev_local_maxcsn ); -+ csn_free ( & (*cscb)->local_mincsn ); - slapi_ch_free ( (void **) cscb ); - } - -@@ -1003,6 +1060,15 @@ clcache_cursor_get ( DBC *cursor, CLC_Buffer *buf, int flag ) - { - int rc; - -+ if (buf->buf_data.ulen > WORK_CLC_BUFFER_PAGE_SIZE) { -+ /* -+ * The buffer size had to be increased, -+ * reset it to a smaller working size, -+ * if not sufficient it will be increased again -+ */ -+ buf->buf_data.ulen = WORK_CLC_BUFFER_PAGE_SIZE; -+ } -+ - rc = cursor->c_get ( cursor, - & buf->buf_key, - & buf->buf_data, -diff --git a/ldap/servers/plugins/replication/cl5_clcache.h b/ldap/servers/plugins/replication/cl5_clcache.h -index 4c459ab..75b2817 100644 ---- a/ldap/servers/plugins/replication/cl5_clcache.h -+++ b/ldap/servers/plugins/replication/cl5_clcache.h -@@ -23,7 +23,7 @@ typedef struct clc_buffer CLC_Buffer; - int clcache_init ( DB_ENV **dbenv ); - void clcache_set_config (); - int clcache_get_buffer ( CLC_Buffer **buf, DB *db, ReplicaId consumer_rid, const RUV *consumer_ruv, const RUV *local_ruv ); --int clcache_load_buffer ( CLC_Buffer *buf, CSN *startCSN, int flag ); -+int clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN ); - void clcache_return_buffer ( CLC_Buffer **buf ); - int clcache_get_next_change ( CLC_Buffer *buf, void **key, size_t *keylen, void **data, size_t *datalen, CSN **csn ); - void clcache_destroy (); --- -2.4.11 - diff --git a/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch b/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch deleted file mode 100644 index 2367de5..0000000 --- a/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch +++ /dev/null @@ -1,446 +0,0 @@ -From 09cff2c4c01bbcaf45df553869d0b6cb8acfad2b Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Sun, 17 Jan 2016 18:25:43 -0500 -Subject: [PATCH 96/99] Ticket 47788 - Supplier can skip a failing update, - although it should retry - -Bug Description: If a replicated update fails on the consumer, - the update is never tried. This is due to the - replication async result thread missing the failure - before another update is replicated and it succeeds. - - This second update that succeeds updates the consumer - RUV. This makes it appear that the consumer is caught - up, and the supplier never resends that original - failed update. - -Fix Description: When a replicated update fails, and its an error we can - not ignore, the connection is closed. Which stops the - replication session, and prevents any further updates - coming in and updating the consumer RUV. This allows - the supplier to correctly retry the operation that - failed on the next replication session. - -https://fedorahosted.org/389/ticket/47788 - -Reviewed by: nhosoi, wibrown, and rmeggins (Thanks!!!) - -(cherry picked from commit ab6501a963c94b2b6b5fa8d1924519ef1c26b0bd) -(cherry picked from commit 407c545f07c06520f8378649fc0ac8fe20748dc7) ---- - ldap/servers/plugins/replication/repl5.h | 1 + - .../servers/plugins/replication/repl5_connection.c | 19 +-- - .../plugins/replication/repl5_inc_protocol.c | 182 ++++++++++++--------- - ldap/servers/plugins/replication/repl5_plugins.c | 60 ++++++- - ldap/servers/plugins/replication/urp.c | 2 +- - 5 files changed, 168 insertions(+), 96 deletions(-) - -diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h -index df92ca0..307da82 100644 ---- a/ldap/servers/plugins/replication/repl5.h -+++ b/ldap/servers/plugins/replication/repl5.h -@@ -608,6 +608,7 @@ void replica_incr_agmt_count(Replica *r); - void replica_decr_agmt_count(Replica *r); - PRUint64 replica_get_precise_purging(Replica *r); - void replica_set_precise_purging(Replica *r, PRUint64 on_off); -+PRBool ignore_error_and_keep_going(int error); - - /* The functions below handles the state flag */ - /* Current internal state flags */ -diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c -index 1515ca1..d193938 100644 ---- a/ldap/servers/plugins/replication/repl5_connection.c -+++ b/ldap/servers/plugins/replication/repl5_connection.c -@@ -480,17 +480,17 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda - conn->last_ldap_error = rc; - close_connection_internal(conn); /* we already have the lock */ - return_value = CONN_NOT_CONNECTED; -+ goto done; - } - else if (IS_DISCONNECT_ERROR(err)) - { - conn->last_ldap_error = err; - close_connection_internal(conn); /* we already have the lock */ - return_value = CONN_NOT_CONNECTED; -+ goto done; - } - /* Got a result */ -- if ((rc == LDAP_SUCCESS) && (err == LDAP_BUSY)) -- return_value = CONN_BUSY; -- else if (retoidp) -+ if (retoidp /* total update */) - { - if (!((rc == LDAP_SUCCESS) && (err == LDAP_BUSY))) - { -@@ -519,16 +519,11 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda - } - return_value = LDAP_SUCCESS == conn->last_ldap_error ? CONN_OPERATION_SUCCESS : CONN_OPERATION_FAILED; - } -- /* -- * XXXggood do I need to free matched, referrals, -- * anything else? Or can I pass NULL for the args -- * I'm not interested in? -- */ -- /* Good question! Meanwhile, as RTM aproaches, let's free them... */ -- slapi_ch_free((void **) &errmsg); -- slapi_ch_free((void **) &matched); -- charray_free(referrals); - conn->status = STATUS_CONNECTED; -+done: -+ slapi_ch_free_string(&errmsg); -+ slapi_ch_free_string(&matched); -+ charray_free(referrals); - } - if (res) ldap_msgfree(res); - PR_Unlock(conn->lock); /* release the conn lock */ -diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c -index 244bbb2..927f835 100644 ---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c -+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c -@@ -146,7 +146,6 @@ static void protocol_sleep(Private_Repl_Protocol *prp, PRIntervalTime duration); - static int send_updates(Private_Repl_Protocol *prp, RUV *ruv, PRUint32 *num_changes_sent); - static void repl5_inc_backoff_expired(time_t timer_fire_time, void *arg); - static int examine_update_vector(Private_Repl_Protocol *prp, RUV *ruv); --static PRBool ignore_error_and_keep_going(int error); - static const char* state2name (int state); - static const char* event2name (int event); - static const char* op2string (int op); -@@ -450,11 +449,13 @@ repl5_inc_flow_control_results(Repl_Agmt *agmt, result_data *rd) - PR_Unlock(rd->lock); - } - --static void -+static int - repl5_inc_waitfor_async_results(result_data *rd) - { - int done = 0; - int loops = 0; -+ int rc = UPDATE_NO_MORE_UPDATES; -+ - /* Keep pulling results off the LDAP connection until we catch up to the last message id stored in the rd */ - while (!done && !slapi_is_shutting_down()) - { -@@ -470,6 +471,10 @@ repl5_inc_waitfor_async_results(result_data *rd) - } else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) { - done = 1; /* no connection == no more results */ - } -+ /* -+ * Return the last operation result -+ */ -+ rc = rd->result; - PR_Unlock(rd->lock); - if (!done) { - /* If not then sleep a bit */ -@@ -487,6 +492,7 @@ repl5_inc_waitfor_async_results(result_data *rd) - done = 1; - } - } -+ return rc; - } - - /* -@@ -1467,78 +1473,84 @@ static int - repl5_inc_update_from_op_result(Private_Repl_Protocol *prp, ConnResult replay_crc, int connection_error, char *csn_str, char *uniqueid, ReplicaId replica_id, int* finished, PRUint32 *num_changes_sent) - { - int return_value = 0; -- -- /* Indentation is wrong here so we can get a sensible cvs diff */ -- if (CONN_OPERATION_SUCCESS != replay_crc) -- { -- /* Figure out what to do next */ -- if (CONN_OPERATION_FAILED == replay_crc) -- { -- /* Map ldap error code to return value */ -- if (!ignore_error_and_keep_going(connection_error)) -- { -- return_value = UPDATE_TRANSIENT_ERROR; -- *finished = 1; -- } -- else -- { -- agmt_inc_last_update_changecount (prp->agmt, replica_id, 1 /*skipped*/); -- } -- slapi_log_error(*finished ? SLAPI_LOG_FATAL : slapi_log_urp, repl_plugin_name, -- "%s: Consumer failed to replay change (uniqueid %s, CSN %s): %s (%d). %s.\n", -- agmt_get_long_name(prp->agmt), -- uniqueid, csn_str, -- ldap_err2string(connection_error), connection_error, -- *finished ? "Will retry later" : "Skipping"); -- } -- else if (CONN_NOT_CONNECTED == replay_crc) -- { -- /* We lost the connection - enter backoff state */ - -- return_value = UPDATE_CONNECTION_LOST; -- *finished = 1; -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -- "%s: Consumer failed to replay change (uniqueid %s, CSN %s): " -- "%s(%d). Will retry later.\n", -- agmt_get_long_name(prp->agmt), -- uniqueid, csn_str, -- connection_error ? ldap_err2string(connection_error) : "Connection lost", -- connection_error); -- } -- else if (CONN_TIMEOUT == replay_crc) -- { -- return_value = UPDATE_TIMEOUT; -- *finished = 1; -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -- "%s: Consumer timed out to replay change (uniqueid %s, CSN %s): " -- "%s.\n", -- agmt_get_long_name(prp->agmt), -- uniqueid, csn_str, -- connection_error ? ldap_err2string(connection_error) : "Timeout"); -- } -- else if (CONN_LOCAL_ERROR == replay_crc) -- { -- /* -- * Something bad happened on the local server - enter -- * backoff state. -- */ -- return_value = UPDATE_TRANSIENT_ERROR; -- *finished = 1; -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -- "%s: Failed to replay change (uniqueid %s, CSN %s): " -- "Local error. Will retry later.\n", -- agmt_get_long_name(prp->agmt), -- uniqueid, csn_str); -- } -- -- } -- else -- { -- /* Positive response received */ -- (*num_changes_sent)++; -- agmt_inc_last_update_changecount (prp->agmt, replica_id, 0 /*replayed*/); -- } -- return return_value; -+ if (CONN_OPERATION_SUCCESS != replay_crc) -+ { -+ /* Figure out what to do next */ -+ if (CONN_OPERATION_FAILED == replay_crc) -+ { -+ /* Map ldap error code to return value */ -+ if (!ignore_error_and_keep_going(connection_error)) -+ { -+ return_value = UPDATE_TRANSIENT_ERROR; -+ *finished = 1; -+ } -+ else -+ { -+ agmt_inc_last_update_changecount (prp->agmt, replica_id, 1 /*skipped*/); -+ } -+ slapi_log_error(*finished ? SLAPI_LOG_FATAL : slapi_log_urp, repl_plugin_name, -+ "%s: Consumer failed to replay change (uniqueid %s, CSN %s): %s (%d). %s.\n", -+ agmt_get_long_name(prp->agmt), -+ uniqueid, csn_str, -+ ldap_err2string(connection_error), connection_error, -+ *finished ? "Will retry later" : "Skipping"); -+ } -+ else if (CONN_NOT_CONNECTED == replay_crc) -+ { -+ /* We lost the connection - enter backoff state */ -+ -+ return_value = UPDATE_CONNECTION_LOST; -+ *finished = 1; -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "%s: Consumer failed to replay change (uniqueid %s, CSN %s): " -+ "%s(%d). Will retry later.\n", -+ agmt_get_long_name(prp->agmt), -+ uniqueid, csn_str, -+ connection_error ? ldap_err2string(connection_error) : "Connection lost", -+ connection_error); -+ } -+ else if (CONN_TIMEOUT == replay_crc) -+ { -+ return_value = UPDATE_TIMEOUT; -+ *finished = 1; -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "%s: Consumer timed out to replay change (uniqueid %s, CSN %s): " -+ "%s.\n", -+ agmt_get_long_name(prp->agmt), -+ uniqueid, csn_str, -+ connection_error ? ldap_err2string(connection_error) : "Timeout"); -+ } -+ else if (CONN_LOCAL_ERROR == replay_crc) -+ { -+ /* -+ * Something bad happened on the local server - enter -+ * backoff state. -+ */ -+ return_value = UPDATE_TRANSIENT_ERROR; -+ *finished = 1; -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "%s: Failed to replay change (uniqueid %s, CSN %s): " -+ "Local error. Will retry later.\n", -+ agmt_get_long_name(prp->agmt), -+ uniqueid, csn_str); -+ } -+ if (*finished){ -+ /* -+ * A serious error has occurred, the consumer might have closed -+ * the connection already, but we need to close the conn on the -+ * supplier side to properly set the conn structure as closed. -+ */ -+ conn_disconnect(prp->conn); -+ } -+ } -+ else -+ { -+ /* Positive response received */ -+ (*num_changes_sent)++; -+ agmt_inc_last_update_changecount (prp->agmt, replica_id, 0 /*replayed*/); -+ } -+ return return_value; - } - - /* -@@ -1556,7 +1568,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - { - CL5Entry entry; - slapi_operation_parameters op; -- int return_value; -+ int return_value = 0; - int rc; - CL5ReplayIterator *changelog_iterator; - int message_id = 0; -@@ -1929,9 +1941,23 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - { - /* We need to ensure that we wait until all the responses have been received from our operations */ - if (return_value != UPDATE_CONNECTION_LOST) { -- rd->WaitForAsyncResults = agmt_get_WaitForAsyncResults(prp->agmt); -- /* if connection was lost/closed, there will be nothing to read */ -- repl5_inc_waitfor_async_results(rd); -+ /* -+ * If we already have an error, there is no need to check the -+ * async result thread anymore. -+ */ -+ if (return_value == UPDATE_NO_MORE_UPDATES) -+ { -+ /* -+ * We need to double check that an error hasn't popped up from -+ * the async result thread since our last check. -+ */ -+ int final_result; -+ -+ rd->WaitForAsyncResults = agmt_get_WaitForAsyncResults(prp->agmt); -+ if((final_result = repl5_inc_waitfor_async_results(rd))){ -+ return_value = final_result; -+ } -+ } - } - - rc = repl5_inc_destroy_async_result_thread(rd); -@@ -2220,7 +2246,7 @@ examine_update_vector(Private_Repl_Protocol *prp, RUV *remote_ruv) - * We stop if there's some indication that the server just completely - * failed to process the operation, e.g. LDAP_OPERATIONS_ERROR. - */ --static PRBool -+PRBool - ignore_error_and_keep_going(int error) - { - int return_value = PR_FALSE; -diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c -index 8992055..c2fa214 100644 ---- a/ldap/servers/plugins/replication/repl5_plugins.c -+++ b/ldap/servers/plugins/replication/repl5_plugins.c -@@ -1231,12 +1231,13 @@ write_changelog_and_ruv (Slapi_PBlock *pb) - static int - process_postop (Slapi_PBlock *pb) - { -- int rc = LDAP_SUCCESS; -- Slapi_Operation *op; -+ Slapi_Operation *op; - Slapi_Backend *be; -- int is_replicated_operation = 0; -+ int is_replicated_operation = 0; - CSN *opcsn = NULL; - char sessionid[REPL_SESSION_ID_SIZE]; -+ int retval = LDAP_SUCCESS; -+ int rc = 0; - - /* we just let fixup operations through */ - slapi_pblock_get( pb, SLAPI_OPERATION, &op ); -@@ -1260,8 +1261,8 @@ process_postop (Slapi_PBlock *pb) - - get_repl_session_id (pb, sessionid, &opcsn); - -- slapi_pblock_get(pb, SLAPI_RESULT_CODE, &rc); -- if (rc == LDAP_SUCCESS) -+ slapi_pblock_get(pb, SLAPI_RESULT_CODE, &retval); -+ if (retval == LDAP_SUCCESS) - { - agmtlist_notify_all(pb); - rc = SLAPI_PLUGIN_SUCCESS; -@@ -1306,6 +1307,55 @@ process_postop (Slapi_PBlock *pb) - slapi_ch_free((void **) &op_params->p.p_modrdn.modrdn_newsuperior_address.uniqueid); - } - } -+ if (!ignore_error_and_keep_going(retval)){ -+ /* -+ * We have an error we can't ignore. Release the replica and close -+ * the connection to stop the replication session. -+ */ -+ consumer_connection_extension *connext = NULL; -+ Slapi_Connection *conn = NULL; -+ char csn_str[CSN_STRSIZE] = {'\0'}; -+ PRUint64 connid = 0; -+ int opid = 0; -+ -+ slapi_pblock_get(pb, SLAPI_CONNECTION, &conn); -+ slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid); -+ slapi_pblock_get(pb, SLAPI_CONN_ID, &connid); -+ if (conn) -+ { -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "process_postop: Failed to apply update (%s) error (%d). " -+ "Aborting replication session(conn=%" NSPRIu64 " op=%d)\n", -+ csn_as_string(opcsn, PR_FALSE, csn_str), retval, -+ connid, opid); -+ /* -+ * Release this replica so new sessions can begin -+ */ -+ connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid); -+ if (connext && connext->replica_acquired) -+ { -+ int zero = 0; -+ Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired); -+ -+ replica_relinquish_exclusive_access(r, connid, opid); -+ object_release ((Object*)connext->replica_acquired); -+ connext->replica_acquired = NULL; -+ connext->isreplicationsession = 0; -+ slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero ); -+ } -+ if (connext){ -+ consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE); -+ } -+ -+ /* -+ * Close the connection to end the current session with the -+ * supplier. This prevents new updates from coming in and -+ * updating the consumer RUV - which would cause this failed -+ * update to be never be replayed. -+ */ -+ slapi_disconnect_server(conn); -+ } -+ } - if (NULL == opcsn) - opcsn = operation_get_csn(op); - if (opcsn) -diff --git a/ldap/servers/plugins/replication/urp.c b/ldap/servers/plugins/replication/urp.c -index 5fe6f55..8d0d735 100644 ---- a/ldap/servers/plugins/replication/urp.c -+++ b/ldap/servers/plugins/replication/urp.c -@@ -122,7 +122,7 @@ urp_add_operation( Slapi_PBlock *pb ) - slapi_log_error(slapi_log_urp, sessionid, - "urp_add (%s): an entry with this uniqueid already exists.\n", - slapi_entry_get_dn_const(existing_uniqueid_entry)); -- op_result= LDAP_UNWILLING_TO_PERFORM; -+ op_result= LDAP_ALREADY_EXISTS; - slapi_pblock_set(pb, SLAPI_RESULT_CODE, &op_result); - rc = SLAPI_PLUGIN_NOOP; /* Ignore this Operation */ - PROFILE_POINT; /* Add Conflict; UniqueID Exists; Ignore */ --- -2.4.11 - diff --git a/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch b/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch deleted file mode 100644 index 1a0eb59..0000000 --- a/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch +++ /dev/null @@ -1,129 +0,0 @@ -From a9135e8b535bc58a986d4b19b05e6ce2718c07aa Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Thu, 11 Feb 2016 16:18:00 -0500 -Subject: [PATCH 97/99] Ticket 47788 - Only check postop result if its a - replication operation - -Bug Description: With IPA tests, without using replication, an error is - being triggered that is stoipping nomral updates from - going through. - -Fix Description: Move the error checking up into the code block above - which only executes for replicated operations. - -https://fedorahosted.org/389/ticket/47788 - -Reviewed by: nhosoi & tbordaz(Thanks!!) - -(cherry picked from commit d7b598da2eff95070936bf7c3e01bcd11c44ed60) -(cherry picked from commit bd254a2eea380ade90700b22567e1d9063890f02) ---- - ldap/servers/plugins/replication/repl5_plugins.c | 87 ++++++++++++------------ - 1 file changed, 44 insertions(+), 43 deletions(-) - -diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c -index c2fa214..bb43b9b 100644 ---- a/ldap/servers/plugins/replication/repl5_plugins.c -+++ b/ldap/servers/plugins/replication/repl5_plugins.c -@@ -1306,54 +1306,55 @@ process_postop (Slapi_PBlock *pb) - slapi_pblock_get( pb, SLAPI_OPERATION_PARAMETERS, &op_params ); - slapi_ch_free((void **) &op_params->p.p_modrdn.modrdn_newsuperior_address.uniqueid); - } -- } -- if (!ignore_error_and_keep_going(retval)){ -- /* -- * We have an error we can't ignore. Release the replica and close -- * the connection to stop the replication session. -- */ -- consumer_connection_extension *connext = NULL; -- Slapi_Connection *conn = NULL; -- char csn_str[CSN_STRSIZE] = {'\0'}; -- PRUint64 connid = 0; -- int opid = 0; - -- slapi_pblock_get(pb, SLAPI_CONNECTION, &conn); -- slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid); -- slapi_pblock_get(pb, SLAPI_CONN_ID, &connid); -- if (conn) -- { -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -- "process_postop: Failed to apply update (%s) error (%d). " -- "Aborting replication session(conn=%" NSPRIu64 " op=%d)\n", -- csn_as_string(opcsn, PR_FALSE, csn_str), retval, -- connid, opid); -+ if (!ignore_error_and_keep_going(retval)){ - /* -- * Release this replica so new sessions can begin -+ * We have an error we can't ignore. Release the replica and close -+ * the connection to stop the replication session. - */ -- connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid); -- if (connext && connext->replica_acquired) -+ consumer_connection_extension *connext = NULL; -+ Slapi_Connection *conn = NULL; -+ char csn_str[CSN_STRSIZE] = {'\0'}; -+ PRUint64 connid = 0; -+ int opid = 0; -+ -+ slapi_pblock_get(pb, SLAPI_CONNECTION, &conn); -+ slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid); -+ slapi_pblock_get(pb, SLAPI_CONN_ID, &connid); -+ if (conn) - { -- int zero = 0; -- Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired); -- -- replica_relinquish_exclusive_access(r, connid, opid); -- object_release ((Object*)connext->replica_acquired); -- connext->replica_acquired = NULL; -- connext->isreplicationsession = 0; -- slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero ); -- } -- if (connext){ -- consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE); -- } -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "process_postop: Failed to apply update (%s) error (%d). " -+ "Aborting replication session(conn=%" NSPRIu64 " op=%d)\n", -+ csn_as_string(opcsn, PR_FALSE, csn_str), retval, -+ connid, opid); -+ /* -+ * Release this replica so new sessions can begin -+ */ -+ connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid); -+ if (connext && connext->replica_acquired) -+ { -+ int zero = 0; -+ Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired); -+ -+ replica_relinquish_exclusive_access(r, connid, opid); -+ object_release ((Object*)connext->replica_acquired); -+ connext->replica_acquired = NULL; -+ connext->isreplicationsession = 0; -+ slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero ); -+ } -+ if (connext){ -+ consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE); -+ } - -- /* -- * Close the connection to end the current session with the -- * supplier. This prevents new updates from coming in and -- * updating the consumer RUV - which would cause this failed -- * update to be never be replayed. -- */ -- slapi_disconnect_server(conn); -+ /* -+ * Close the connection to end the current session with the -+ * supplier. This prevents new updates from coming in and -+ * updating the consumer RUV - which would cause this failed -+ * update to be never be replayed. -+ */ -+ slapi_disconnect_server(conn); -+ } - } - } - if (NULL == opcsn) --- -2.4.11 - diff --git a/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch b/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch deleted file mode 100644 index 488b619..0000000 --- a/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch +++ /dev/null @@ -1,690 +0,0 @@ -From 94377fba9dbcfc2fe47a32cc7cb85766813ad482 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Wed, 8 Jun 2016 13:06:46 -0400 -Subject: [PATCH 98/99] Ticket 48636 - Improve replication convergence - -Bug Description: In a busy MMR environment where multiple masters are being - updated at the same time the replica sessions stay open for - a very long time. This causes other masters to wait to send - their updates. This causes lop-sided convergence. Where - entries added to the MMR environment, but on different masters, - take a very different amount of time until they are each seen - on all the replicas. - -Fix Description: A new configuratoin setting was added (nsds5ReplicaReleaseTimeout) - to the replica configuration entry. So when replica A tries - to acquire a replica B, replica B send a control back to the - master(master C) that is updating replica B to abort the session. - Master C will continue sending updates for the amount of time - specified in the the "release timeout", then it will "yield" its - current session so other replicas can acquire that replica. - -https://fedorahosted.org/389/ticket/48636 - -Reviewed by: lkrispen & nhosoi(Thanks!!) - -(cherry picked from commit a1545cdae48e4b4e1fc87a168e4d8f959626f112) -(cherry picked from commit a085b0cd6b39fc85821777b7bcd2a8a2482a48bf) ---- - ldap/schema/01core389.ldif | 3 +- - ldap/servers/plugins/replication/repl5.h | 14 ++- - .../plugins/replication/repl5_inc_protocol.c | 102 ++++++++++++---- - ldap/servers/plugins/replication/repl5_plugins.c | 3 +- - ldap/servers/plugins/replication/repl5_replica.c | 135 +++++++++++++++++---- - .../plugins/replication/repl5_replica_config.c | 22 ++++ - ldap/servers/plugins/replication/repl_globals.c | 1 + - 7 files changed, 229 insertions(+), 51 deletions(-) - -diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif -index aebdb5a..14143ed 100644 ---- a/ldap/schema/01core389.ldif -+++ b/ldap/schema/01core389.ldif -@@ -278,6 +278,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPause' - attributeTypes: ( 2.16.840.1.113730.3.1.2313 NAME 'nsslapd-changelogtrim-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) - attributeTypes: ( 2.16.840.1.113730.3.1.2314 NAME 'nsslapd-changelogcompactdb-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) - attributeTypes: ( 2.16.840.1.113730.3.1.2315 NAME 'nsDS5ReplicaWaitForAsyncResults' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -+attributeTypes: ( 2.16.840.1.113730.3.1.2333 NAME 'nsds5ReplicaReleaseTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) - # - # objectclasses - # -@@ -287,7 +288,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defined - objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) - objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) - objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) --objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax ) X-ORIGIN 'Netscape Directory Server' ) -+objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ nsds5ReplicaReleaseTimeout ) X-ORIGIN 'Netscape Directory Server' ) - objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nstombstonecsn $ nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' ) - objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape Directory Server' ) - objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' ) -diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h -index 307da82..6f6c81a 100644 ---- a/ldap/servers/plugins/replication/repl5.h -+++ b/ldap/servers/plugins/replication/repl5.h -@@ -69,6 +69,10 @@ - #define REPL_ABORT_CLEANRUV_OID "2.16.840.1.113730.3.6.6" - #define REPL_CLEANRUV_GET_MAXCSN_OID "2.16.840.1.113730.3.6.7" - #define REPL_CLEANRUV_CHECK_STATUS_OID "2.16.840.1.113730.3.6.8" -+#define REPL_ABORT_SESSION_OID "2.16.840.1.113730.3.6.9" -+#define SESSION_ACQUIRED 0 -+#define ABORT_SESSION 1 -+#define SESSION_ABORTED 2 - - #define CLEANRUV_ACCEPTED "accepted" - #define CLEANRUV_REJECTED "rejected" -@@ -141,6 +145,7 @@ extern const char *type_nsds5ReplicaStripAttrs; - extern const char *type_nsds5ReplicaFlowControlWindow; - extern const char *type_nsds5ReplicaFlowControlPause; - extern const char *type_replicaProtocolTimeout; -+extern const char *type_replicaReleaseTimeout; - extern const char *type_replicaBackoffMin; - extern const char *type_replicaBackoffMax; - extern const char *type_replicaPrecisePurge; -@@ -526,9 +531,9 @@ Replica *replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_ - void replica_destroy(void **arg); - int replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid); - int replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid); --PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid, -- const char *locking_purl, -- char **current_purl); -+PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, -+ int opid, const char *locking_purl, -+ char **current_purl); - void replica_relinquish_exclusive_access(Replica *r, PRUint64 connid, int opid); - PRBool replica_get_tombstone_reap_active(const Replica *r); - const Slapi_DN *replica_get_root(const Replica *r); -@@ -598,6 +603,8 @@ void replica_update_state (time_t when, void *arg); - void replica_reset_csn_pl(Replica *r); - PRUint64 replica_get_protocol_timeout(Replica *r); - void replica_set_protocol_timeout(Replica *r, PRUint64 timeout); -+PRUint64 replica_get_release_timeout(Replica *r); -+void replica_set_release_timeout(Replica *r, PRUint64 timeout); - void replica_set_groupdn_checkinterval(Replica *r, int timeout); - PRUint64 replica_get_backoff_min(Replica *r); - PRUint64 replica_get_backoff_max(Replica *r); -@@ -609,6 +616,7 @@ void replica_decr_agmt_count(Replica *r); - PRUint64 replica_get_precise_purging(Replica *r); - void replica_set_precise_purging(Replica *r, PRUint64 on_off); - PRBool ignore_error_and_keep_going(int error); -+void replica_check_release_timeout(Replica *r, Slapi_PBlock *pb); - - /* The functions below handles the state flag */ - /* Current internal state flags */ -diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c -index 927f835..d6fb898 100644 ---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c -+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c -@@ -36,6 +36,11 @@ Perhaps these events should be properties of the main protocol. - #include "repl5_prot_private.h" - #include "cl5_api.h" - -+#include "repl5.h" -+#include "repl5_prot_private.h" -+#include "cl5_api.h" -+#include "slapi-plugin.h" -+ - extern int slapi_log_urp; - - /*** from proto-slap.h ***/ -@@ -82,6 +87,7 @@ typedef struct result_data - int flowcontrol_detection; - int result; /* The UPDATE_TRANSIENT_ERROR etc */ - int WaitForAsyncResults; -+ time_t abort_time; - } result_data; - - /* Various states the incremental protocol can pass through */ -@@ -121,6 +127,7 @@ typedef struct result_data - #define EXAMINE_RUV_PARAM_ERROR 405 - - #define MAX_CHANGES_PER_SESSION 10000 -+ - /* - * Maximum time to wait between replication sessions. If we - * don't see any updates for a period equal to this interval, -@@ -240,19 +247,21 @@ repl5_inc_result_threadmain(void *param) - Repl_Connection *conn = rd->prp->conn; - int finished = 0; - int message_id = 0; -+ int yield_session = 0; - - slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain starting\n"); - while (!finished) - { -+ LDAPControl **returned_controls = NULL; - repl5_inc_operation *op = NULL; -- int connection_error = 0; -+ ReplicaId replica_id = 0; - char *csn_str = NULL; - char *uniqueid = NULL; -- ReplicaId replica_id = 0; -- int operation_code = 0; - char *ldap_error_string = NULL; - time_t time_now = 0; - time_t start_time = time( NULL ); -+ int connection_error = 0; -+ int operation_code = 0; - int backoff_time = 1; - - /* Read the next result */ -@@ -264,7 +273,7 @@ repl5_inc_result_threadmain(void *param) - - while (!finished) - { -- conres = conn_read_result_ex(conn, NULL, NULL, NULL, LDAP_RES_ANY, &message_id, 0); -+ conres = conn_read_result_ex(conn, NULL, NULL, &returned_controls, LDAP_RES_ANY, &message_id, 0); - slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: read result for message_id %d\n", message_id); - /* Timeout here means that we didn't block, not a real timeout */ - if (CONN_TIMEOUT == conres) -@@ -292,9 +301,19 @@ repl5_inc_result_threadmain(void *param) - finished = 1; - } - PR_Unlock(rd->lock); -- } else -- { -- /* Something other than a timeout, so we exit the loop */ -+ } else { -+ /* -+ * Something other than a timeout, so we exit the loop. -+ * First check if we were told to abort the session -+ */; -+ Replica *r = (Replica*)object_get_data(rd->prp->replica_object); -+ if (replica_get_release_timeout(r) && -+ slapi_control_present(returned_controls, -+ REPL_ABORT_SESSION_OID, -+ NULL, NULL)) -+ { -+ yield_session = 1; -+ } - break; - } - } -@@ -318,21 +337,29 @@ repl5_inc_result_threadmain(void *param) - } - - conn_get_error_ex(conn, &operation_code, &connection_error, &ldap_error_string); -- slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: result %d, %d, %d, %d, %s\n", operation_code,connection_error,conres,message_id,ldap_error_string); -- return_value = repl5_inc_update_from_op_result(rd->prp, conres, connection_error, csn_str, uniqueid, replica_id, &should_finish, &(rd->num_changes_sent)); -+ slapi_log_error(SLAPI_LOG_REPL, NULL, -+ "repl5_inc_result_threadmain: result %d, %d, %d, %d, %s\n", -+ operation_code,connection_error,conres,message_id,ldap_error_string); -+ return_value = repl5_inc_update_from_op_result(rd->prp, conres, connection_error, -+ csn_str, uniqueid, replica_id, &should_finish, -+ &(rd->num_changes_sent)); - if (return_value || should_finish) - { -- slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: got op result %d should finish %d\n", return_value, should_finish); -+ slapi_log_error(SLAPI_LOG_REPL, NULL, -+ "repl5_inc_result_threadmain: got op result %d should finish %d\n", -+ return_value, should_finish); - /* If so then we need to take steps to abort the update process */ - PR_Lock(rd->lock); - rd->result = return_value; -- rd->abort = 1; -+ rd->abort = ABORT_SESSION; - PR_Unlock(rd->lock); -- /* We also need to log the error, including details stored from when the operation was sent */ -- /* we cannot finish yet - we still need to waitfor the pending results, then -- the main repl code will shut down this thread */ -- /* we can finish if we have disconnected - in that case, there will be nothing -- to read */ -+ /* -+ * We also need to log the error, including details stored from -+ * when the operation was sent. We cannot finish yet - we still -+ * need to wait for the pending results, then the main repl code -+ * will shut down this thread. We can finish if we have -+ * disconnected - in that case, there will be nothing to read -+ */ - if (return_value == UPDATE_CONNECTION_LOST) { - finished = 1; - } -@@ -341,8 +368,16 @@ repl5_inc_result_threadmain(void *param) - rd->result = return_value; - } - } -+ - /* Should we stop ? */ - PR_Lock(rd->lock); -+ if (!finished && yield_session && rd->abort != SESSION_ABORTED && rd->abort_time == 0) { -+ rd->abort_time = time( NULL ); -+ rd->abort = SESSION_ABORTED; /* only set the abort time once */ -+ slapi_log_error(SLAPI_LOG_REPL, "repl5_inc_result_threadmain", -+ "Abort control detected, setting abort time...(%s)\n", -+ agmt_get_long_name(rd->prp->agmt)); -+ } - if (rd->stop_result_thread) - { - finished = 1; -@@ -468,7 +503,8 @@ repl5_inc_waitfor_async_results(result_data *rd) - if (rd->last_message_id_received >= rd->last_message_id_sent) { - /* If so then we're done */ - done = 1; -- } else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) { -+ } else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) -+ { - done = 1; /* no connection == no more results */ - } - /* -@@ -846,10 +882,10 @@ repl5_inc_run(Private_Repl_Protocol *prp) - if (!busywaittime){ - busywaittime = repl5_get_backoff_min(prp); - } -- prp_priv->backoff = backoff_new(BACKOFF_FIXED, busywaittime, busywaittime); -+ prp_priv->backoff = backoff_new(BACKOFF_FIXED, busywaittime , busywaittime); - } else { - prp_priv->backoff = backoff_new(BACKOFF_EXPONENTIAL, repl5_get_backoff_min(prp), -- repl5_get_backoff_max(prp)); -+ repl5_get_backoff_max(prp)); - } - next_state = STATE_BACKOFF; - backoff_reset(prp_priv->backoff, repl5_inc_backoff_expired, (void *)prp); -@@ -1055,6 +1091,7 @@ repl5_inc_run(Private_Repl_Protocol *prp) - } else if (rc == UPDATE_YIELD){ - dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_YIELD -> STATE_BACKOFF_START"); - agmt_set_last_update_status(prp->agmt, 0, 0, "Incremental update succeeded and yielded"); -+ use_busy_backoff_timer = PR_TRUE; - next_state = STATE_BACKOFF_START; - } else if (rc == UPDATE_TRANSIENT_ERROR){ - dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TRANSIENT_ERROR -> STATE_BACKOFF_START"); -@@ -1099,6 +1136,7 @@ repl5_inc_run(Private_Repl_Protocol *prp) - ruv_destroy(&ruv); ruv = NULL; - } - agmt_update_done(prp->agmt, 0); -+ - /* If timed out, close the connection after released the replica */ - release_replica(prp); - if (rc == UPDATE_TIMEOUT) { -@@ -1681,12 +1719,14 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - } - else - { -- int finished = 0; - ConnResult replay_crc; -- char csn_str[CSN_STRSIZE]; -+ Replica *replica = (Replica*) object_get_data(prp->replica_object); - PRBool subentry_update_needed = PR_FALSE; -+ PRUint64 release_timeout = replica_get_release_timeout(replica); -+ char csn_str[CSN_STRSIZE]; - int skipped_updates = 0; - int fractional_repl; -+ int finished = 0; - #define FRACTIONAL_SKIPPED_THRESHOLD 100 - - /* Start the results reading thread */ -@@ -1906,7 +1946,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - } - PR_Lock(rd->lock); - /* See if the result thread has hit a problem */ -- if (!finished && rd->abort) -+ -+ if(!finished && rd->abort_time){ -+ time_t current_time = time ( NULL ); -+ if ((current_time - rd->abort_time) >= release_timeout){ -+ rd->result = UPDATE_YIELD; -+ return_value = UPDATE_YIELD; -+ finished = 1; -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ "Aborting send_updates...(%s)\n", -+ agmt_get_long_name(rd->prp->agmt)); -+ } -+ } -+ -+ if (!finished && rd->abort == ABORT_SESSION) - { - return_value = rd->result; - finished = 1; -@@ -1916,10 +1969,9 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - - if (fractional_repl && subentry_update_needed) - { -- Replica *replica; - ReplicaId rid = -1; /* Used to create the replica keep alive subentry */ - Slapi_DN *replarea_sdn = NULL; -- replica = (Replica*) object_get_data(prp->replica_object); -+ - if (replica) - { - rid = replica_get_rid(replica); -@@ -1945,7 +1997,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu - * If we already have an error, there is no need to check the - * async result thread anymore. - */ -- if (return_value == UPDATE_NO_MORE_UPDATES) -+ if (return_value == UPDATE_NO_MORE_UPDATES || return_value == UPDATE_YIELD) - { - /* - * We need to double check that an error hasn't popped up from -diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c -index bb43b9b..9f38d05 100644 ---- a/ldap/servers/plugins/replication/repl5_plugins.c -+++ b/ldap/servers/plugins/replication/repl5_plugins.c -@@ -1077,6 +1077,8 @@ write_changelog_and_ruv (Slapi_PBlock *pb) - r = (Replica*)object_get_data (repl_obj); - PR_ASSERT (r); - -+ replica_check_release_timeout(r, pb); -+ - if (replica_is_flag_set (r, REPLICA_LOG_CHANGES) && - (cl5GetState () == CL5_STATE_OPEN)) - { -@@ -1365,7 +1367,6 @@ process_postop (Slapi_PBlock *pb) - return rc; - } - -- - /* - * Cancel an operation CSN. This removes it from any CSN pending lists. - * This function is called when a previously-generated CSN will not -diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c -index c7cf25f..6d2452a 100644 ---- a/ldap/servers/plugins/replication/repl5_replica.c -+++ b/ldap/servers/plugins/replication/repl5_replica.c -@@ -23,8 +23,8 @@ - - #define RUV_SAVE_INTERVAL (30 * 1000) /* 30 seconds */ - --#define REPLICA_RDN "cn=replica" --#define CHANGELOG_RDN "cn=legacy changelog" -+#define REPLICA_RDN "cn=replica" -+#define CHANGELOG_RDN "cn=legacy changelog" - - /* - * A replica is a locally-held copy of a portion of the DIT. -@@ -68,6 +68,8 @@ struct replica { - Slapi_Counter *backoff_max; /* backoff retry maximum */ - Slapi_Counter *precise_purging; /* Enable precise tombstone purging */ - PRUint64 agmt_count; /* Number of agmts */ -+ Slapi_Counter *release_timeout; /* The amount of time to wait before releasing active replica */ -+ PRUint64 abort_session; /* Abort the current replica session */ - }; - - -@@ -201,6 +203,7 @@ replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_operation - - /* init the slapi_counter/atomic settings */ - r->protocol_timeout = slapi_counter_new(); -+ r->release_timeout = slapi_counter_new(); - r->backoff_min = slapi_counter_new(); - r->backoff_max = slapi_counter_new(); - -@@ -408,6 +411,7 @@ replica_destroy(void **arg) - } - - slapi_counter_destroy(&r->protocol_timeout); -+ slapi_counter_destroy(&r->release_timeout); - slapi_counter_destroy(&r->backoff_min); - slapi_counter_destroy(&r->backoff_max); - -@@ -585,8 +589,7 @@ replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid) - */ - PRBool - replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid, -- const char *locking_purl, -- char **current_purl) -+ const char *locking_purl, char **current_purl) - { - PRBool rval = PR_TRUE; - -@@ -609,6 +612,15 @@ replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opi - { - *current_purl = slapi_ch_strdup(r->locking_purl); - } -+ if (!(r->repl_state_flags & REPLICA_TOTAL_IN_PROGRESS) && -+ replica_get_release_timeout(r)) -+ { -+ /* -+ * We are not doing a total update, so abort the current session -+ * so other replicas can acquire this server. -+ */ -+ r->abort_session = ABORT_SESSION; -+ } - } - else - { -@@ -617,14 +629,17 @@ replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opi - connid, opid, - slapi_sdn_get_dn(r->repl_root)); - r->repl_state_flags |= REPLICA_IN_USE; -+ r->abort_session = SESSION_ACQUIRED; - if (isInc && *isInc) - { - r->repl_state_flags |= REPLICA_INCREMENTAL_IN_PROGRESS; - } - else - { -- /* if connid or opid != 0, it's a total update */ -- /* Both set to 0 means we're disabling replication */ -+ /* -+ * If connid or opid != 0, it's a total update. -+ * Both set to 0 means we're disabling replication -+ */ - if (connid || opid) - { - r->repl_state_flags |= REPLICA_TOTAL_IN_PROGRESS; -@@ -652,13 +667,13 @@ replica_relinquish_exclusive_access(Replica *r, PRUint64 connid, int opid) - /* check to see if the replica is in use and log a warning if not */ - if (!(r->repl_state_flags & REPLICA_IN_USE)) - { -- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" NSPRIu64 " op=%d repl=\"%s\": " - "Replica not in use\n", - connid, opid, - slapi_sdn_get_dn(r->repl_root)); - } else { -- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "conn=%" NSPRIu64 " op=%d repl=\"%s\": " - "Released replica held by locking_purl=%s\n", - connid, opid, -@@ -970,6 +985,24 @@ replica_get_protocol_timeout(Replica *r) - } - } - -+PRUint64 -+replica_get_release_timeout(Replica *r) -+{ -+ if(r){ -+ return slapi_counter_get_value(r->release_timeout); -+ } else { -+ return 0; -+ } -+} -+ -+void -+replica_set_release_timeout(Replica *r, PRUint64 limit) -+{ -+ if(r){ -+ slapi_counter_set_value(r->release_timeout, limit); -+ } -+} -+ - void - replica_set_protocol_timeout(Replica *r, PRUint64 timeout) - { -@@ -977,6 +1010,7 @@ replica_set_protocol_timeout(Replica *r, PRUint64 timeout) - slapi_counter_set_value(r->protocol_timeout, timeout); - } - } -+ - void - replica_set_groupdn_checkinterval(Replica *r, int interval) - { -@@ -1064,11 +1098,7 @@ replica_get_legacy_purl (const Replica *r) - char *purl; - - replica_lock(r->repl_lock); -- -- PR_ASSERT (r->legacy_consumer); -- - purl = slapi_ch_strdup(r->legacy_purl); -- - replica_unlock(r->repl_lock); - - return purl; -@@ -1924,6 +1954,7 @@ _replica_init_from_config (Replica *r, Slapi_Entry *e, char *errortext) - int backoff_min; - int backoff_max; - int ptimeout = 0; -+ int release_timeout = 0; - int rc; - - PR_ASSERT (r && e); -@@ -2008,6 +2039,14 @@ _replica_init_from_config (Replica *r, Slapi_Entry *e, char *errortext) - slapi_counter_set_value(r->protocol_timeout, ptimeout); - } - -+ /* Get the release timeout */ -+ release_timeout = slapi_entry_attr_get_int(e, type_replicaReleaseTimeout); -+ if(release_timeout <= 0){ -+ slapi_counter_set_value(r->release_timeout, 0); -+ } else { -+ slapi_counter_set_value(r->release_timeout, release_timeout); -+ } -+ - /* check for precise tombstone purging */ - precise_purging = slapi_entry_attr_get_charptr(e, type_replicaPrecisePurge); - if(precise_purging){ -@@ -4029,21 +4068,21 @@ replica_disable_replication (Replica *r, Object *r_obj) - ruv_get_first_id_and_purl(repl_ruv, &junkrid, &p_locking_purl); - locking_purl = slapi_ch_strdup(p_locking_purl); - p_locking_purl = NULL; -- repl_ruv = NULL; -- while (!replica_get_exclusive_access(r, &isInc, 0, 0, "replica_disable_replication", -+ repl_ruv = NULL; -+ while (!replica_get_exclusive_access(r, &isInc, 0, 0, "replica_disable_replication", - ¤t_purl)) { -- if (!isInc) /* already locked, but not by inc update - break */ -- break; -- isInc = PR_FALSE; -- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ if (!isInc) /* already locked, but not by inc update - break */ -+ break; -+ isInc = PR_FALSE; -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, - "replica_disable_replication: " - "replica %s is already locked by (%s) for incoming " - "incremental update; sleeping 100ms\n", -- slapi_sdn_get_ndn (replica_get_root (r)), -+ slapi_sdn_get_ndn (replica_get_root (r)), - current_purl ? current_purl : "unknown"); - slapi_ch_free_string(¤t_purl); -- DS_Sleep(PR_MillisecondsToInterval(100)); -- } -+ DS_Sleep(PR_MillisecondsToInterval(100)); -+ } - - slapi_ch_free_string(¤t_purl); - slapi_ch_free_string(&locking_purl); -@@ -4281,3 +4320,57 @@ replica_decr_agmt_count(Replica *r) - } - } - } -+ -+/* -+ * Add the "Abort Replication Session" control to the pblock -+ */ -+static void -+replica_add_session_abort_control(Slapi_PBlock *pb) -+{ -+ LDAPControl ctrl = {0}; -+ BerElement *ber; -+ struct berval *bvp; -+ int rc; -+ -+ /* Build the BER payload */ -+ if ( (ber = der_alloc()) == NULL ) { -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ "add_session_abort_control: Failed to create ber\n"); -+ return; -+ } -+ rc = ber_printf( ber, "{}"); -+ if (rc != -1) { -+ rc = ber_flatten( ber, &bvp ); -+ } -+ ber_free( ber, 1 ); -+ if ( rc == -1 ) { -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ "add_session_abort_control: Failed to flatten ber\n"); -+ return; -+ } -+ -+ ctrl.ldctl_oid = slapi_ch_strdup( REPL_ABORT_SESSION_OID ); -+ ctrl.ldctl_value = *bvp; -+ bvp->bv_val = NULL; -+ ber_bvfree( bvp ); -+ slapi_pblock_set(pb, SLAPI_ADD_RESCONTROL, &ctrl); -+ -+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, -+ "add_session_abort_control: abort control successfully added to result\n"); -+} -+ -+/* -+ * Check if we have exceeded the failed replica acquire limit, -+ * if so, end the replication session. -+ */ -+void -+replica_check_release_timeout(Replica *r, Slapi_PBlock *pb) -+{ -+ replica_lock(r->repl_lock); -+ if(r->abort_session == ABORT_SESSION){ -+ /* Need to abort this session (just send the control once) */ -+ replica_add_session_abort_control(pb); -+ r->abort_session = SESSION_ABORTED; -+ } -+ replica_unlock(r->repl_lock); -+} -diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c -index 4d7135c..71b3c92 100644 ---- a/ldap/servers/plugins/replication/repl5_replica_config.c -+++ b/ldap/servers/plugins/replication/repl5_replica_config.c -@@ -406,6 +406,11 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* - if (apply_mods) - replica_set_precise_purging(r, 0); - } -+ else if (strcasecmp (config_attr, type_replicaReleaseTimeout) == 0 ) -+ { -+ if (apply_mods) -+ replica_set_release_timeout(r, 0); -+ } - else - { - *returncode = LDAP_UNWILLING_TO_PERFORM; -@@ -592,6 +597,23 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* - } - } - } -+ else if (strcasecmp (config_attr, type_replicaReleaseTimeout) == 0 ) -+ { -+ if (apply_mods) -+ { -+ PRUint64 val = atoll(config_attr_value); -+ -+ if(val < 0){ -+ *returncode = LDAP_UNWILLING_TO_PERFORM; -+ PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE, -+ "attribute %s value (%s) is invalid, must be a number zero or greater.\n", -+ config_attr, config_attr_value); -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_config_modify: %s\n", errortext); -+ break; -+ } -+ replica_set_release_timeout(r, val); -+ } -+ } - else - { - *returncode = LDAP_UNWILLING_TO_PERFORM; -diff --git a/ldap/servers/plugins/replication/repl_globals.c b/ldap/servers/plugins/replication/repl_globals.c -index 331f839..8b891fb 100644 ---- a/ldap/servers/plugins/replication/repl_globals.c -+++ b/ldap/servers/plugins/replication/repl_globals.c -@@ -87,6 +87,7 @@ const char *type_ruvElementUpdatetime = "nsruvReplicaLastModified"; - const char *type_replicaCleanRUV = "nsds5ReplicaCleanRUV"; - const char *type_replicaAbortCleanRUV = "nsds5ReplicaAbortCleanRUV"; - const char *type_replicaProtocolTimeout = "nsds5ReplicaProtocolTimeout"; -+const char *type_replicaReleaseTimeout = "nsds5ReplicaReleaseTimeout"; - const char *type_replicaBackoffMin = "nsds5ReplicaBackoffMin"; - const char *type_replicaBackoffMax = "nsds5ReplicaBackoffMax"; - const char *type_replicaPrecisePurge = "nsds5ReplicaPreciseTombstonePurging"; --- -2.4.11 - diff --git a/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch b/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch deleted file mode 100644 index cc60631..0000000 --- a/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch +++ /dev/null @@ -1,52 +0,0 @@ -From f9a4b8153a1b46da5052ffda60723596048b20fb Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 14 Jun 2016 17:19:48 -0400 -Subject: [PATCH 99/99] Ticket 48636 - Fix config validation check - -Bug Description: We were previous checking if an unsigfned int was less than zero - -Fix Description: Improve config validation by using long instead of PRUint64 - -https://fedorahosted.org/389/ticket/48636 - -Reviewed by: nhosoi(Thanks!) - -(cherry picked from commit 43d5ac680f7781f95205db94e5ff2958d39b78a4) -(cherry picked from commit b8239e0da865f33cae930088dd2a746a49f2d32a) ---- - ldap/servers/plugins/replication/repl5_replica_config.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c -index 71b3c92..866a712 100644 ---- a/ldap/servers/plugins/replication/repl5_replica_config.c -+++ b/ldap/servers/plugins/replication/repl5_replica_config.c -@@ -601,17 +601,20 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* - { - if (apply_mods) - { -- PRUint64 val = atoll(config_attr_value); -+ long val = atol(config_attr_value); - -- if(val < 0){ -+ if (val < 0){ - *returncode = LDAP_UNWILLING_TO_PERFORM; -- PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE, -+ PR_snprintf(errortext, SLAPI_DSE_RETURNTEXT_SIZE, - "attribute %s value (%s) is invalid, must be a number zero or greater.\n", - config_attr, config_attr_value); -- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_config_modify: %s\n", errortext); -+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, -+ "replica_config_modify: %s\n", errortext); - break; -+ } else { -+ /* Set the timeout */ -+ replica_set_release_timeout(r, val); - } -- replica_set_release_timeout(r, val); - } - } - else --- -2.4.11 - diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec index 5adf500..e700853 100644 --- a/SPECS/389-ds-base.spec +++ b/SPECS/389-ds-base.spec @@ -13,13 +13,13 @@ %global use_Socket6 0 # nunc-stans only builds on x86_64 for now %ifarch x86_64 -# To build without nunc-stans, set 0 to use_nunc_stans. +# To build without nunc-stans, set use_nunc_stans to 0. %global use_nunc_stans 1 %else %global use_nunc_stans 0 %endif -%global nunc_stans_ver 0.1.5 +%global nunc_stans_ver 0.1.8 # fedora 15 and later uses tmpfiles.d # otherwise, comment this out @@ -33,10 +33,10 @@ Summary: 389 Directory Server (base) Name: 389-ds-base -Version: 1.3.4.0 -Release: %{?relprefix}33%{?prerel}%{?dist} +Version: 1.3.5.10 +Release: %{?relprefix}11%{?prerel}%{?dist} License: GPLv3+ -URL: http://port389.org/ +URL: https://port389.org/ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Obsoletes: %{name}-selinux @@ -46,7 +46,7 @@ Provides: ldif2ldbm BuildRequires: nspr-devel BuildRequires: nss-devel -BuildRequires: svrcore-devel +BuildRequires: svrcore-devel >= 4.1.2 %if %{use_openldap} BuildRequires: openldap-devel %else @@ -74,9 +74,12 @@ BuildRequires: tcp_wrappers # the following is for the pam passthru auth plug-in BuildRequires: pam-devel BuildRequires: systemd-units +BuildRequires: systemd-devel # this is needed for using semanage from our setup scripts Requires: policycoreutils-python +Requires: /usr/sbin/semanage +Requires: libsemanage-python # the following are needed for some of our scripts %if %{use_openldap} @@ -114,114 +117,72 @@ Requires(postun): systemd-units # for setup-ds.pl to support ipv6 %if %{use_Socket6} Requires: perl-Socket6 -%else Requires: perl-Socket +%else +Requires: perl-Socket %endif Requires: perl-NetAddr-IP +Requires: systemd-libs +Requires: svrcore >= 4.1.2 -Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2 +# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp +Obsoletes: %{name} <= 1.3.5.4 + +Source0: https://port389.org/binaries/%{name}-%{version}%{?prerel}.tar.bz2 # 389-ds-git.sh should be used to generate the source tarball from git Source1: %{name}-git.sh Source2: %{name}-devel.README Source3: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2 -Patch0: 0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch -Patch1: 0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch -Patch2: 0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch -Patch3: 0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch -Patch4: 0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch -Patch5: 0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch -Patch6: 0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch -Patch7: 0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch -Patch8: 0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch -Patch9: 0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch -Patch10: 0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch -Patch11: 0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch -Patch12: 0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch -Patch13: 0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch -Patch14: 0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch -Patch15: 0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch -Patch16: 0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch -Patch17: 0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch -Patch18: 0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch -Patch19: 0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch -Patch20: 0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch -Patch21: 0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch -Patch22: 0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch -Patch23: 0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch -Patch24: 0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch -Patch25: 0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch -Patch26: 0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch -Patch27: 0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch -Patch28: 0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch -Patch29: 0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch -Patch30: 0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch -Patch31: 0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch -Patch32: 0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch -Patch33: 0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch -Patch34: 0035-Ticket-48215-update-dbverify-usage.patch -Patch35: 0036-Ticket-48215-update-dbverify-usage-in-main.c.patch -Patch36: 0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch -Patch37: 0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch -Patch38: 0039-Ticket-47931-memberOf-retrocl-deadlocks.patch -Patch39: 0040-Ticket-47931-Fix-coverity-issues.patch -Patch40: 0041-Ticket-47686-removing-chaining-database-links-trigge.patch -Patch41: 0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch -Patch42: 0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch -Patch43: 0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch -Patch44: 0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch -Patch45: 0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch -Patch46: 0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch -Patch47: 0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch -Patch48: 0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch -Patch49: 0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch -Patch50: 0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch -Patch51: 0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch -Patch52: 0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch -Patch53: 0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch -Patch54: 0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch -Patch55: 0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch -Patch56: 0057-Ticket-48266-Fractional-replication-evaluates-severa.patch -Patch57: 0058-Ticket-48266-coverity-issue.patch -Patch58: 0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch -Patch59: 0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch -Patch60: 0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch -Patch61: 0062-Ticket-48266-coverity-unused-variable-init_retry.patch -Patch62: 0063-Ticket-48266-Online-init-crashes-consumer.patch -Patch63: 0064-Ticket-48284-free-entry-when-internal-add-fails.patch -Patch64: 0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch -Patch65: 0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch -Patch66: 0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch -Patch67: 0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch -Patch68: 0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch -Patch69: 0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch -Patch70: 0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch -Patch71: 0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch -Patch72: 0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch -Patch73: 0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch -Patch74: 0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch -Patch75: 0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch -Patch76: 0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch -Patch77: 0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch -Patch78: 0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch -Patch79: 0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch -Patch80: 0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch -Patch81: 0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch -Patch82: 0083-Ticket-48341-deadlock-on-connection-mutex.patch -Patch83: 0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch -Patch84: 0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch -Patch85: 0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch -Patch86: 0087-Ticket-48420-change-severity-of-some-messages-relate.patch -Patch87: 0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch -Patch88: 0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch -Patch89: 0090-Ticket-48492-heap-corruption-at-schema-replication.patch -Patch90: 0091-Ticket-48492-heap-corruption-at-schema-replication.patch -Patch91: 0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch -Patch92: 0093-Ticket-48808-Add-test-case.patch -Patch93: 0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch -Patch94: 0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch -Patch95: 0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch -Patch96: 0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch -Patch97: 0098-Ticket-48636-Improve-replication-convergence.patch -Patch98: 0099-Ticket-48636-Fix-config-validation-check.patch +Patch0: 0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch +Patch1: 0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch +Patch2: 0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch +Patch3: 0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch +Patch4: 0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch +Patch5: 0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch +Patch6: 0006-Ticket-48767-flow-control-in-replication-also-blocks.patch +Patch7: 0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch +Patch8: 0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch +Patch9: 0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch +Patch10: 0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch +Patch11: 0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch +Patch12: 0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch +Patch13: 0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch +Patch14: 0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch +Patch15: 0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch +Patch16: 0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch +Patch17: 0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch +Patch18: 0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch +Patch19: 0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch +Patch20: 0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch +Patch21: 0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch +Patch22: 0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch +Patch23: 0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch +Patch24: 0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch +Patch25: 0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch +Patch26: 0026-Ticket-48936-Duplicate-collation-entries.patch +Patch27: 0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch +Patch28: 0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch +Patch29: 0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch +Patch30: 0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch +Patch31: 0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch +Patch32: 0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch +Patch33: 0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch +Patch34: 0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch +Patch35: 0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch +Patch36: 0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch +Patch37: 0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch +Patch38: 0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch +Patch39: 0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch +Patch40: 0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch +Patch41: 0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch +Patch42: 0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch +Patch43: 0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch +Patch44: 0044-Ticket-48957-set-proper-update-status-to-replication.patch +Patch45: 0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch +Patch46: 0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch +Patch47: 0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch +Patch48: 0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch +Patch49: 0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch +Patch50: 0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes @@ -232,7 +193,7 @@ Summary: Core libraries for 389 Directory Server Group: System Environment/Daemons BuildRequires: nspr-devel BuildRequires: nss-devel -BuildRequires: svrcore-devel +BuildRequires: svrcore-devel >= 4.1.2 %if %{use_openldap} BuildRequires: openldap-devel %else @@ -251,6 +212,7 @@ BuildRequires: libtalloc-devel BuildRequires: libevent-devel BuildRequires: libtevent-devel %endif +BuildRequires: systemd-devel %description libs Core libraries for the 389 Directory Server base package. These libraries @@ -264,7 +226,7 @@ Requires: %{name}-libs = %{version}-%{release} Requires: pkgconfig Requires: nspr-devel Requires: nss-devel -Requires: svrcore-devel +Requires: svrcore-devel >= 4.1.2 %if %{use_openldap} Requires: openldap-devel %else @@ -275,10 +237,31 @@ Requires: libtalloc Requires: libevent Requires: libtevent %endif +Requires: systemd-libs %description devel Development Libraries and headers for the 389 Directory Server base package. +%package snmp +Summary: SNMP Agent for 389 Directory Server +Group: System Environment/Daemons +Requires: %{name} = %{version}-%{release} + +# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp +Obsoletes: %{name} <= 1.3.5.4 + +%description snmp +SNMP Agent for the 389 Directory Server base package. + +%package tests +Summary: The lib389 Continuous Integration Tests +Group: Development/Libraries +Requires: python-lib389 +BuildArch: noarch + +%description tests +The lib389 CI tests that can be run against the Directory Server. + %prep %setup -q -n %{name}-%{version}%{?prerel} %if %{use_nunc_stans} @@ -336,61 +319,13 @@ cp %{SOURCE2} README.devel %patch48 -p1 %patch49 -p1 %patch50 -p1 -%patch51 -p1 -%patch52 -p1 -%patch53 -p1 -%patch54 -p1 -%patch55 -p1 -%patch56 -p1 -%patch57 -p1 -%patch58 -p1 -%patch59 -p1 -%patch60 -p1 -%patch61 -p1 -%patch62 -p1 -%patch63 -p1 -%patch64 -p1 -%patch65 -p1 -%patch66 -p1 -%patch67 -p1 -%patch68 -p1 -%patch69 -p1 -%patch70 -p1 -%patch71 -p1 -%patch72 -p1 -%patch73 -p1 -%patch74 -p1 -%patch75 -p1 -%patch76 -p1 -%patch77 -p1 -%patch78 -p1 -%patch79 -p1 -%patch80 -p1 -%patch81 -p1 -%patch82 -p1 -%patch83 -p1 -%patch84 -p1 -%patch85 -p1 -%patch86 -p1 -%patch87 -p1 -%patch88 -p1 -%patch89 -p1 -%patch90 -p1 -%patch91 -p1 -%patch92 -p1 -%patch93 -p1 -%patch94 -p1 -%patch95 -p1 -%patch96 -p1 -%patch97 -p1 -%patch98 -p1 %build %if %{use_nunc_stans} pushd ../nunc-stans-%{nunc_stans_ver} %configure --with-fhs --libdir=%{_libdir}/%{pkgname} make %{?_smp_mflags} -mkdir lib +mkdir -p lib cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so mkdir -p include/nunc-stans cp nunc-stans.h include/nunc-stans/nunc-stans.h @@ -404,12 +339,14 @@ OPENLDAP_FLAG="--with-openldap" # hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" %if %{use_nunc_stans} -NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}" +NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}" %endif %configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ - --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS + --with-perldir=/usr/bin \ + --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \ + --with-systemd # Generate symbolic info for debuggers export XCFLAGS=$RPM_OPT_FLAGS @@ -422,14 +359,14 @@ make %{?_smp_mflags} %install -rm -rf $RPM_BUILD_ROOT - %if %{use_nunc_stans} pushd ../nunc-stans-%{nunc_stans_ver} make DESTDIR="$RPM_BUILD_ROOT" install rm -rf $RPM_BUILD_ROOT%{_includedir} $RPM_BUILD_ROOT%{_datadir} \ $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/pkgconfig popd +%else +rm -rf $RPM_BUILD_ROOT %endif make DESTDIR="$RPM_BUILD_ROOT" install @@ -441,28 +378,31 @@ mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants -#remove libtool and static libs -rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a -rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la -rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a -rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la +#remove libtool archives and static libs +find %{buildroot} -type f -name "*.la" -delete +find %{buildroot} -type f -name "*.a" -delete -# make sure perl scripts have a proper shebang +# make sure perl scripts have a proper shebang sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl +# Why are we not making this a proper python package? +pushd ../%{name}-%{version}%{?prerel} +cp -r dirsrvtests $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname} +find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type f -name '*.pyc' -delete +find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type f -name '*.pyo' -delete +find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type d -name '__pycache__' -delete +popd + %clean rm -rf $RPM_BUILD_ROOT %post output=/dev/null output2=/dev/null -%systemd_post %{pkgname}-snmp.service # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : # reload to pick up any shared lib changes /sbin/ldconfig -# restart the snmp subagent if needed -/bin/systemctl try-restart %{pkgname}-snmp.service > $output 2>&1 || : # find all instances instances="" # instances that require a restart after upgrade ninst=0 # number of instances found in total @@ -470,14 +410,31 @@ if [ -n "$DEBUGPOSTTRANS" ] ; then output=$DEBUGPOSTTRANS output2=${DEBUGPOSTTRANS}.upgrade fi -echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || : -instbase="%{_sysconfdir}/%{pkgname}" -for dir in $instbase/slapd-* ; do - echo dir = $dir >> $output 2>&1 || : - if [ ! -d "$dir" ] ; then continue ; fi - case "$dir" in *.removed) continue ;; esac - basename=`basename $dir` - inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" + +has_dirsrv=`/usr/bin/egrep -i "^dirsrv\>" /etc/passwd` || : +if [ "$has_dirsrv" = "" ]; then + dirsrv_uid=389 + while [ "`getent passwd | awk -F: '{print $3}' | grep $dirsrv_uid`" != "" ]; do + dirsrv_uid=`expr $dirsrv_uid + 1` + done + echo "User dirsrv does not exist, create it with uid %dirsrv_uid." >> $output 2>&1 || : + /usr/sbin/useradd -c "389-ds-base" -u $dirsrv_uid \ + -s /sbin/nologin -r -d /usr/share/dirsrv dirsrv 2> /dev/null || : +fi +has_dirsrv=`/usr/bin/egrep -i "^dirsrv\>" /etc/group` || : +if [ "$has_dirsrv" = "" ]; then + dirsrv_gid=389 + while [ "`getent group | grep $dirsrv_gid`" != "" ]; do + dirsrv_gid=`expr $dirsrv_gid + 1` + done + echo "Group dirsrv does not exist, create it with uid %dirsrv_gid." >> $output 2>&1 || : + /usr/sbin/groupadd -g $dirsrv_gid -r dirsrv 2> /dev/null || : +fi + +echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || : +for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do + if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches + inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'` echo found instance $inst - getting status >> $output 2>&1 || : if /bin/systemctl -q is-active $inst ; then echo instance $inst is running >> $output 2>&1 || : @@ -517,8 +474,6 @@ exit 0 %preun if [ $1 -eq 0 ]; then # Final removal - # Package removal, not upgrade - %systemd_preun %{pkgname}-snmp.service %{groupname} # remove instance specific service files/links rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : fi @@ -529,6 +484,15 @@ if [ $1 = 0 ]; then # Final removal rm -rf /var/run/%{pkgname} fi +%post snmp +%systemd_post %{pkgname}-snmp.service + +%preun snmp +%systemd_preun %{pkgname}-snmp.service %{groupname} + +%postun snmp +%systemd_postun_with_restart %{pkgname}-snmp.service + %files %defattr(-,root,root,-) %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl @@ -539,7 +503,6 @@ fi %dir %{_sysconfdir}/systemd/system/%{groupname}.wants %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf -%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname} %config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd @@ -556,12 +519,15 @@ fi %ghost %dir %{_localstatedir}/lock/%{pkgname} %{_mandir}/man1/* %{_mandir}/man8/* +%exclude %{_sbindir}/ldap-agent* +%exclude %{_mandir}/man1/ldap-agent.1.gz %files devel %defattr(-,root,root,-) %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %{_includedir}/%{pkgname} %{_libdir}/%{pkgname}/libslapd.so +%{_libdir}/%{pkgname}/libns-dshttpd.so %if %{use_nunc_stans} %{_libdir}/%{pkgname}/libnunc-stans.so %endif @@ -572,77 +538,232 @@ fi %doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel %dir %{_libdir}/%{pkgname} %{_libdir}/%{pkgname}/libslapd.so.* -%{_libdir}/%{pkgname}/libns-dshttpd.so* +%{_libdir}/%{pkgname}/libns-dshttpd.so.* %if %{use_nunc_stans} %{_libdir}/%{pkgname}/libnunc-stans.so.* %endif +%files snmp +%defattr(-,root,root,-) +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf +%{_sbindir}/ldap-agent* +%{_mandir}/man1/ldap-agent.1.gz + +%files tests +%defattr(-,root,root,-) +%doc LICENSE LICENSE.GPLv3+ +%{_sysconfdir}/%{pkgname}/dirsrvtests + %changelog -* Thu Jun 30 2016 Noriko Hosoi - 1.3.4.0-33 -- release 1.3.4.0-33 -- Resolves: bug 1351323 - Improve MMR replication convergence (DS 48636) -- Resolves: bug 1351447 - Supplier can skip a failing update, although it should retry. (DS 47788) -- Resolves: bug 1350707 - Replication changelog can incorrectly skip over updates (DS 48766) - -* Thu Jun 9 2016 Noriko Hosoi - 1.3.4.0-32 -- release 1.3.4.0-32 -- Resolves: bug 1344293 - At startup DES to AES password conversion causes timeout in start script (DS 48862) - -* Thu May 12 2016 Noriko Hosoi - 1.3.4.0-31 -- release 1.3.4.0-31 -- Resolves: bug 1335423 - heap corruption at schema replication. (DS 48492) -- Resolves: bug 1335107 - Paged results search returns the blank list of entries (DS 48808) - -* Wed Mar 30 2016 Noriko Hosoi - 1.3.4.0-30 -- release 1.3.4.0-30 -- Resolves: bug 1321891 - DES to AES password conversion fails if a backend is empty (DS 48777) - -* Thu Mar 10 2016 Noriko Hosoi - 1.3.4.0-29 -- release 1.3.4.0-29 -- Resolves: bug 1316552 - License tag does not match actual license of code (DS 48757) - -* Tue Mar 8 2016 Noriko Hosoi - 1.3.4.0-28 -- release 1.3.4.0-28 -- Resolves: bug 1315181 - change severity of some messages related to "keep alive" entries (DS 48420) - -* Fri Feb 19 2016 Noriko Hosoi - 1.3.4.0-27 -- release 1.3.4.0-27 -- Resolves: bug 1309963 - keep alive entries can break replication (DS 48445) -- Resolves: bug 1309964 - Crash in slapi_get_object_extension (DS 48536) - -* Mon Jan 25 2016 Noriko Hosoi - 1.3.4.0-26 -- release 1.3.4.0-26 -- Resolves: bug 1299346 - deadlock on connection mutex (DS 48341) - -* Thu Jan 21 2016 Noriko Hosoi - 1.3.4.0-25 -- release 1.3.4.0-25 -- Resolves: bug 1299757 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS - -* Wed Jan 13 2016 Noriko Hosoi - 1.3.4.0-24 -- release 1.3.4.0-24 -- Resolves: bug 1298105 - 389-ds hanging after a few minutes of operation (DS 48406) - -* Tue Jan 5 2016 Noriko Hosoi - 1.3.4.0-23 -- release 1.3.4.0-23 -- Resolves: bug 1295684 - many attrlist_replace errors in connection with cleanallruv (DS 48283) - -* Fri Dec 11 2015 Noriko Hosoi - 1.3.4.0-22 -- release 1.3.4.0-22 -- Resolves: bug 1290725 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375) -- Resolves: bug 1290726 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same modify operation (DS 48370) - -* Wed Nov 18 2015 Noriko Hosoi - 1.3.4.0-21 -- release 1.3.4.0-21 -- Resolves: bug 1278730 - SimplePagedResults -- abandon could happen between the abandon check and sending results -- Fixing a regression introduced in 1.3.4.0-20 (DS 48338) - -* Thu Nov 12 2015 Noriko Hosoi - 1.3.4.0-20 -- release 1.3.4.0-20 -- Resolves: bug 1278729 - Share nsslapd-threadnumber in the case nunc-stans is enabled (DS 48339) -- Resolves: bug 1278730 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338) -- Resolves: bug 1279572 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325) -- Resolves: bug 1279573 - nunc-stans: Attempt to release connection that is not acquired (DS 48311) -- Resolves: bug 1280210 - deadlock in mep delete post op (DS 47976) -- Resolves: bug 1281522 - acl - regression - trailing ', (comma)' in macro matched value is not removed (DS 48344) +* Tue Sep 13 2016 Noriko Hosoi - 1.3.5.10-11 +- Release 1.3.5.10-11 +- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates + +* Thu Sep 1 2016 Noriko Hosoi - 1.3.5.10-10 +- Release 1.3.5.10-10 +- Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957) +- Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969) + +* Tue Aug 30 2016 Noriko Hosoi - 1.3.5.10-9 +- Release 1.3.5.10-9 +- Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950) +- Resolves: bug 1366828 - audit on failure doesn't work if attribute nsslapd-auditlog-logging-enabled is NOT enabled (DS 48958) +- Resolves: bug 1368520 - Crash in import_wait_for_space_in_fifo() (DS 48960) +- Resolves: bug 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option +- Resolves: bug 1369537 - passwordMinAge attribute doesn't limit the minimum age of the password (DS 48967) +- Resolves: bug 1369570 - cleanallruv changelog cleaning incorrectly impacts all backends (DS 48964) +- Resolves: bug 1369425 - ACI behaves erratically (DS 48972) +- Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957) +- Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969) +- Resolves: bug 1371283 - Server Side Sorting crashes the server. (DS 48970) +- Resolves: bug 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password (DS 48975) + +* Thu Aug 18 2016 Noriko Hosoi - 1.3.5.10-8 +- Release 1.3.5.10-8 +- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48954) +- Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950) +- Resolves: bug 1366561 - ns-accountstatus.pl giving error even "No such object (32)" (DS 48956) + +* Mon Aug 8 2016 Noriko Hosoi - 1.3.5.10-7 +- Release 1.3.5.10-7 +- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) +- Resolves: bug 1360976 - fixing a compiler warning + +* Thu Aug 4 2016 Noriko Hosoi - 1.3.5.10-6 +- Release 1.3.5.10-6 +- Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48928) +- Resolves: bug 1360447 - nsslapd-workingdir is empty when ns-slapd is started by systemd (DS 48939) +- Resolves: bug 1360327 - remove-ds.pl deletes an instance even if wrong prefix was specified (DS 48934) +- Resolves: bug 1349815 - DS logs have warning:ancestorid not indexed for all CS subsystems (DS 48940) +- Resolves: bug 1329061 - 389-ds-base-1.3.4.0-29.el7_2 "hang" (DS 48882) +- Resolves: bug 1360976 - EMBARGOED CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack +- Resolves: bug 1361134 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password (DS 48943) +- Resolves: bug 1361321 - Duplicate collation entries (DS 48936) +- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) +- Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat + +* Thu Jul 14 2016 Noriko Hosoi - 1.3.5.10-5 +- Release 1.3.5.10-5 +- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919) + +* Thu Jul 14 2016 Noriko Hosoi - 1.3.5.10-4 +- Release 1.3.5.10-4 +- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) +- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919) +- Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat +- Resolves: bug 1354660 - flow control in replication also blocks receiving results (DS 48767) +- Resolves: bug 1356261 - Fixup tombstone task needs to set proper flag when updating (DS 48924) +- Resolves: bug 1355760 - ns-slapd crashes during the deletion of backend (DS 48922) +- Resolves: bug 1353629 - DS shuts down automatically if dnaThreshold is set to 0 in a MMR setup (DS 48916) +- Resolves: bug 1355879 - nunc-stans: ns-slapd crashes during startup with SIGILL on AMD Opteron 280 (DS 48925) + +* Mon Jul 11 2016 Noriko Hosoi - 1.3.5.10-3 +- Release 1.3.5.10-3 +- Resolves: bug 1354374 - Fixing the tarball version in the sources file. + +* Mon Jul 11 2016 Noriko Hosoi - 1.3.5.10-2 +- Release 1.3.5.10-2 +- Resolves: bug 1353714 - If a cipher is disabled do not attempt to look it up (DS 48743) +- Resolves: bug 1353592 - Setup-ds.pl --update fails - regression (DS 48755) +- Resolves: bug 1353544 - db2bak.pl task enters infinitive loop when bak fs is almost full (DS 48914) +- Resolves: bug 1354374 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't install 389-ds-base-snmp (DS 48918) + +* Wed Jun 29 2016 Noriko Hosoi - 1.3.5.10-1 +- Release 1.3.5.10-1 +- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48905) + +* Wed Jun 29 2016 Noriko Hosoi - 1.3.5.9-1 +- Release 1.3.5.9-1 +- Resolves: bug 1349571 - Improve MMR replication convergence (DS 48636) +- Resolves: bug 1304682 - "stale" automember rule (associated to a removed group) causes discrepancies in the database (DS 48637) +- Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755) +- Resolves: bug 1316731 - syncrepl search returning error 329; plugin sending a bad error code (DS 48904) +- Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule (DS 48891) +- Resolves: bug 1349577 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. (DS 48899) +- Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT (DS 48898) +- Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538) +- Resolves: bug 1350632 - ns-slapd shutdown crashes if pwdstorageschema name is from stack. (DS 48902) + +* Tue Jun 21 2016 Noriko Hosoi - 1.3.5.8-1 +- Release 1.3.5.8-1 +- Resolves: bug 1290101 - proxyauth support does not work when bound as directory manager (DS 48366) + +* Tue Jun 21 2016 Noriko Hosoi - 1.3.5.7-1 +- Release 1.3.5.7-1 +- Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109) +- Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449) +- Resolves: bug 1290101 - proxyauth support does not work when bound as directory manager (DS 48366) +- Resolves: bug 1338872 - Wrong result code display in audit-failure log (DS 48892) +- Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538) +- Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule (DS 48891) +- Resolves: bug 1347407 - By default aci can be read by anonymous (DS 48354) +- Resolves: bug 1347412 - cn=SNMP,cn=config entry can be read by anonymous (DS 48893) + +* Tue Jun 14 2016 Noriko Hosoi - 1.3.5.6-1 +- Release 1.3.5.6-1 +- Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982) +- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48766, DS 48636) +- Resolves: bug 1233926 - "matching rules" in ACI's "bind rules not fully evaluated (DS 48234) +- Resolves: bug 1346165 - 389-ds-base-1.3.5.5-1.el7.x86_64 requires policycoreutils-py + +* Mon Jun 13 2016 Noriko Hosoi - 1.3.5.5-1 +- Release 1.3.5.5-1 +- Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 48833) +- Resolves: bug 1344414 - [RFE] adding pre/post extop ability (DS 48880) +- Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449) +- Resolves: bug 1257568 - /usr/lib64/dirsrv/libnunc-stans.so is owned by both -libs and -devel (DS 48404) +- Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755) +- Resolves: bug 1342609 - At startup DES to AES password conversion causes timeout in start script (DS 48862) +- Resolves: bug 1316328 - search returns no entry when OR filter component contains non readable attribute (DS 48275) +- Resolves: bug 1280456 - setup-ds should detect if port is already defined (DS 48336) +- Resolves: bug 1312557 - dirsrv service fails to start when nsslapd-listenhost is configured (DS 48747) +- Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48752) +- Resolves: bug 1340307 - Running db2index with no options breaks replication (DS 48854) +- Resolves: bug 1337195 - Regression introduced in matching rules by DS 48746 (DS 48844) +- Resolves: bug 1335492 - Modifier's name is not recorded in the audit log with modrdn and moddn operations (DS 48834) +- Resolves: bug 1316741 - ldctl should support -H with ldap uris (DS 48754) + +* Wed May 18 2016 Noriko Hosoi - 1.3.5.4-1 +- release 1.3.5.4-1 +- Resolves: bug 1334455 - db2ldif is not taking into account multiple suffixes or backends (DS 48828) +- Resolves: bug 1241563 - The "repl-monitor" web page does not display "year" in date. (DS 48220) +- Resolves: bug 1335618 - Server ram sanity checks work in isolation (DS 48617) +- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48837) + +* Sat May 7 2016 Noriko Hosoi - 1.3.5.3-1 +- release 1.3.5.3-1 +- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) +- Resolves: bug 1332533 - ns-accountstatus.pl gives error message on execution along with results. (DS 48815) +- Resolves: bug 1332709 - password history is not updated when an admin resets the password (DS 48813) +- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48822) +- Resolves: bug 1333515 - Enable DS to offer weaker DH params in NSS (DS 48798) + +* Tue May 3 2016 Noriko Hosoi - 1.3.5.2-1 +- release 1.3.5.2-1 +- Resolves: bug 1270020 - Rebase 389-ds-base to 1.3.5 in RHEL-7.3 +- Resolves: bug 1288229 - many attrlist_replace errors in connection with cleanallruv (DS 48283) +- Resolves: bug 1315893 - License tag does not match actual license of code (DS 48757) +- Resolves: bug 1320715 - DES to AES password conversion fails if a backend is empty (DS 48777) +- Resolves: bug 190862 - [RFE] Default password syntax settings don't work with fine-grained policies (DS 142) +- Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 548) +- Resolves: bug 1143066 - The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid (DS 48285) +- Resolves: bug 1153758 - [RFE] Support SASL/GSSAPI when ns-slapd is behind a load-balancer (DS 48332) +- Resolves: bug 1160902 - search, matching rules and filter error "unsupported type 0xA9" (DS 48016) +- Resolves: bug 1186512 - High memory fragmentation observed in ns-slapd; OOM-Killer invoked (DS 48377, 48129) +- Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109) +- Resolves: bug 1209094 - [RFE] Allow logging of rejected changes (DS 48145, 48280) +- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) +- Resolves: bug 1210842 - [RFE] Add PIDFile option to systemd service file (DS 47951) +- Resolves: bug 1223510 - [RFE] it could be nice to have nsslapd-maxbersize default to bigger than 2Mb (DS 48326) +- Resolves: bug 1229799 - ldclt-bin killed by SIGSEGV (DS 48289) +- Resolves: bug 1249908 - No validation check for the value for nsslapd-db-locks. (DS 48244) +- Resolves: bug 1254887 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers (DS 48290) +- Resolves: bug 1255557 - db2index creates index entry from deleted records (DS 48252) +- Resolves: bug 1258610 - total update request must not be lost (DS 48255) +- Resolves: bug 1258611 - dna plugin needs to handle binddn groups for authorization (DS 48258) +- Resolves: bug 1259624 - [RFE] Provide a utility to detect accounts locked due to inactivity (DS 48269) +- Resolves: bug 1259950 - Add config setting to MemberOf Plugin to add required objectclass got memberOf attribute (DS 48267) +- Resolves: bug 1266510 - Linked Attributes plug-in - wrong behaviour when adding valid and broken links (DS 48295) +- Resolves: bug 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation (DS 48294) +- Resolves: bug 1267750 - pagedresults - when timed out, search results could have been already freed. (DS 48299) +- Resolves: bug 1269378 - ds-logpipe.py with wrong arguments - python exception in the output (DS 48302) +- Resolves: bug 1271330 - nunc-stans: Attempt to release connection that is not acquired (DS 48311) +- Resolves: bug 1272677 - nunc stans: ns-slapd killed by SIGTERM +- Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT +- Resolves: bug 1273142 - crash in Managed Entry plugin (DS 48312) +- Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982) +- Resolves: bug 1273550 - Deadlock between two MODs on the same entry between entry cache and backend lock (DS 47978) +- Resolves: bug 1273555 - deadlock in mep delete post op (DS 47976) +- Resolves: bug 1273584 - lower password history minimum to 1 (DS 48394) +- Resolves: bug 1275763 - [RFE] add setup-ds.pl option to disable instance specific scripts (DS 47840) +- Resolves: bug 1276072 - [RFE] Allow RHDS to be setup using a DNS CNAME alias for General.FullMachineName (DS 48328) +- Resolves: bug 1278567 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338) +- Resolves: bug 1278584 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well. (DS 48339) +- Resolves: bug 1278755 - deadlock on connection mutex (DS 48341) +- Resolves: bug 1278987 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325) +- Resolves: bug 1280123 - acl - regression - trailing ', (comma)' in macro matched value is not removed. (DS 48344) +- Resolves: bug 1290111 - [RFE] Support for rfc3673 '+' to return operational attributes (DS 48363) +- Resolves: bug 1290141 - With exhausted range, part of DNA shared configuration is deleted after server restart (DS 48362) +- Resolves: bug 1290242 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375) +- Resolves: bug 1290600 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation (DS 48370) +- Resolves: bug 1295947 - 389-ds hanging after a few minutes of operation (DS 48406, revert 48338) +- Resolves: bug 1296310 - ldclt - segmentation fault error while binding (DS 48400) +- Resolves: bug 1299758 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS [rhel-7.3] +- Resolves: bug 1301097 - logconv.pl displays negative operation speeds (DS 48446) +- Resolves: bug 1302823 - Crash in slapi_get_object_extension (DS 48536) +- Resolves: bug 1303641 - heap corruption at schema replication. (DS 48492) +- Resolves: bug 1307151 - keep alive entries can break replication (DS 48445) +- Resolves: bug 1310848 - Supplier can skip a failing update, although it should retry. (DS 47788) +- Resolves: bug 1314557 - change severity of some messages related to "keep alive" enties (DS 48420) +- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) +- Resolves: bug 1316742 - no plugin calls in tombstone purging (DS 48759) +- Resolves: bug 1319329 - [RFE] add nsslapd-auditlog-logging-enabled: off to template-dse.ldif (DS 48145) +- Resolves: bug 1320295 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. (DS 48775) +- Resolves: bug 1326520 - db2index uses a buffer size derived from dbcachesize (DS 48383) +- Resolves: bug 1328936 - objectclass values could be dropped on the consumer (DS 48799) +- Resolves: bug 1287475 - [RFE] response control for password age should be sent by default by RHDS (DS 48369) +- Resolves: bug 1331343 - Paged results search returns the blank list of entries (DS 48808) * Mon Oct 5 2015 Noriko Hosoi - 1.3.4.0-19 - release 1.3.4.0-19