diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata
index c23be8f..e422dd9 100644
--- a/.389-ds-base.metadata
+++ b/.389-ds-base.metadata
@@ -1,2 +1,2 @@
-edf4fc7da08f84699a07586e21d55856e5be7d4f SOURCES/389-ds-base-1.3.4.0.tar.bz2
-7e52309f61c38b241fcdaf0284559d683f3ba700 SOURCES/nunc-stans-0.1.5.tar.bz2
+b598dfe4a27f2518a6625f3852f8462553a6a483 SOURCES/389-ds-base-1.3.5.10.tar.bz2
+835c9788650d1b9ef0896c267b06b9e529612835 SOURCES/nunc-stans-0.1.8.tar.bz2
diff --git a/.gitignore b/.gitignore
index 61b66d3..cf11ad0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/389-ds-base-1.3.4.0.tar.bz2
-SOURCES/nunc-stans-0.1.5.tar.bz2
+SOURCES/389-ds-base-1.3.5.10.tar.bz2
+SOURCES/nunc-stans-0.1.8.tar.bz2
diff --git a/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch b/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch
new file mode 100644
index 0000000..42ca5ca
--- /dev/null
+++ b/SOURCES/0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch
@@ -0,0 +1,36 @@
+From e39b61ea17ae2cecbadee304678f6506d228c504 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 7 Jul 2016 14:53:48 -0400
+Subject: [PATCH 0/3] Ticket 48743 - If a cipher is disabled do not attempt to
+ look it up
+
+Description: Even if a SSL cipher is disabled the server still attempts
+ to locate the cipher in the security library. If the disabled
+ cipher is unknown it logs a warning at server startup, but
+ if it's disabled there is no reason to check if it exists.
+
+https://fedorahosted.org/389/ticket/48743
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 6b61e05e04661312871c0b1c6121901d786d54c3)
+---
+ ldap/servers/slapd/ssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
+index 12a0360..b176460 100644
+--- a/ldap/servers/slapd/ssl.c
++++ b/ldap/servers/slapd/ssl.c
+@@ -749,7 +749,7 @@ _conf_setciphers(char *ciphers, int flags)
+ if (lookup) { /* lookup with old cipher name and get NSS cipherSuiteName */
+ for (i = 0; _lookup_cipher[i].alias; i++) {
+ if (!PL_strcasecmp(ciphers, _lookup_cipher[i].alias)) {
+- if (!_lookup_cipher[i].name[0]) {
++ if (enabled && !_lookup_cipher[i].name[0]) {
+ slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d. Ignoring %s",
+ ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers);
+ continue;
+--
+2.4.11
+
diff --git a/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch b/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
deleted file mode 100644
index ee98694..0000000
--- a/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 97da9cb32b41d87d9dc5930a2ad931df559ae7f5 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 23 Jun 2015 14:48:13 -0700
-Subject: [PATCH 1/2] Ticket #48203 - Fix coverity issues - 06/22/2015
-
-Description:
-13294 Uninitialized scalar variable -- retrocl_init_trimming (introduced by #47669)
-13293 Resource leak -- retrocl_init_trimming (introduced by #47669)
-
-2. Defect type: CHECKED_RETURN
-50. ldap/servers/slapd/tools/ldclt/ldapfct.c:1945:
-9. ldap/servers/slapd/tools/ldclt/ldapfct.c:952:
- check_return: Calling "addErrorStat" without checking return value
- (as is done elsewhere 26 out of 28 times).
-
-1. Defect type: COMPILER_WARNING
-2. ldap/servers/slapd/daemon.c:1412:21:
- warning: 'tp' may be used uninitialized in this function [-Wmaybe-uninitialized]
-
-https://fedorahosted.org/389/ticket/48203
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 32d45c74231545ad91934147962bfb676dcdd391)
----
- ldap/servers/plugins/retrocl/retrocl_trim.c | 3 ++-
- ldap/servers/slapd/daemon.c | 2 +-
- ldap/servers/slapd/tools/ldclt/ldapfct.c | 4 ++--
- 3 files changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/plugins/retrocl/retrocl_trim.c b/ldap/servers/plugins/retrocl/retrocl_trim.c
-index 65f3015..b09f669 100644
---- a/ldap/servers/plugins/retrocl/retrocl_trim.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_trim.c
-@@ -412,7 +412,7 @@ void retrocl_housekeeping ( time_t cur_time, void *noarg )
- void retrocl_init_trimming (void)
- {
- const char *cl_maxage;
-- time_t ageval;
-+ time_t ageval = 0; /* Don't trim, by default */
- const char *cl_trim_interval;
-
- cl_maxage = retrocl_get_config_str(CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE);
-@@ -425,6 +425,7 @@ void retrocl_init_trimming (void)
- "retrocl_init_trimming: ignoring invalid %s value %s; "
- "not trimming retro changelog.\n",
- CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE, cl_maxage);
-+ slapi_ch_free_string((char **)&cl_maxage);
- return;
- }
- }
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index 436f3d5..ba73da3 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1026,7 +1026,7 @@ void slapd_daemon( daemon_ports_t *ports )
- int threads;
- int in_referral_mode = config_check_referral_mode();
- #ifdef ENABLE_NUNC_STANS
-- ns_thrpool_t *tp;
-+ ns_thrpool_t *tp = NULL;
- struct ns_thrpool_config tp_config;
- #endif
- int connection_table_size = get_configured_connection_table_size();
-diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
-index bc8c89d..f906c5a 100644
---- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
-+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
-@@ -949,7 +949,7 @@ connectToServer (
- fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n",
- mctx.pid, tttctx->thrdNum, ret,strerror (ret));
- fflush (stderr);
-- addErrorStat(ret);
-+ (void)addErrorStat(ret);
- return (-1);
- }
- tttctx->ldapCtx = NULL;
-@@ -1942,7 +1942,7 @@ createMissingNodes (
- printf ("ldclt[%d]: T%03d: Cannot add (%s), error=%d (%s)\n",
- mctx.pid, tttctx->thrdNum, nodeDN, ret, my_ldap_err2string (ret));
- fflush (stdout);
-- addErrorStat(ret);
-+ (void)addErrorStat(ret);
- return (-1);
- }
-
---
-1.9.3
-
diff --git a/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch b/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch
new file mode 100644
index 0000000..bb5a3b0
--- /dev/null
+++ b/SOURCES/0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch
@@ -0,0 +1,33 @@
+From e23985aa9123b5dda2c7fe6d5205356d3fc4f5b7 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 7 Jul 2016 16:38:13 -0700
+Subject: [PATCH 1/3] Ticket #48755 - moving an entry could make the online
+ init fail
+
+Description: The upgrade script template 91reindex.pl.in had a syntax error.
+See also Bug 1353592 - Setup-ds.pl --update fails
+
+https://fedorahosted.org/389/ticket/48755
+
+Note: one character fix.
+(cherry picked from commit aa64641d1974bb52fc4d02808362e76dd86d9cd0)
+---
+ ldap/admin/src/scripts/91reindex.pl.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/admin/src/scripts/91reindex.pl.in b/ldap/admin/src/scripts/91reindex.pl.in
+index c861f64..99b08e3 100644
+--- a/ldap/admin/src/scripts/91reindex.pl.in
++++ b/ldap/admin/src/scripts/91reindex.pl.in
+@@ -12,7 +12,7 @@ sub runinst {
+ # rdn-format value. See $rdn_format set below.
+ # If equal to or greater than this value, no need to reindex.
+ # If it needs to be unconditionally reindexed, set 0.
+- my @rdnconditions = (4)
++ my @rdnconditions = (4);
+
+ my $config = $conn->search("cn=config", "base", "(objectclass=*)");
+ if (!$config) {
+--
+2.4.11
+
diff --git a/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch b/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
deleted file mode 100644
index f6890db..0000000
--- a/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0ad9acb61f83244af02081ffd79c350af831f21c Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Thu, 18 Jun 2015 15:22:54 +0200
-Subject: [PATCH 2/2] Ticket 48195 - Slow replication when deleting large
- quantities of multi-valued attributes
-
-https://fedorahosted.org/389/ticket/48195
-
-In update resoultion for entry deletion, there is still use of valuearray_find() to find an existingvalue to update its csn.
-with the fix for ticket #346 there exists slapi_valueset_find() which uses the possibility to do a binary search on the
-values.
-Fix: do not use valuearray_find
-
-Review: Rich, Thanks
-(cherry picked from commit 09ab8c799fc3d87db7a5b3aa07eccf9b41ea43d5)
-(cherry picked from commit a980b795ac03200fd01a2d05ce568691681d50ef)
----
- ldap/servers/slapd/valueset.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index 73208f5..0cf3ded 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1411,12 +1411,12 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- int del_index = -1, del_count = 0;
- for (i=0;valuestoupdate[i]!=NULL;++i)
- {
-- int index= valuearray_find(a, vs->va, valuestoupdate[i]);
-- if(index!=-1)
-+ Slapi_Value *v = slapi_valueset_find(a, vs, valuestoupdate[i]);
-+ if(v)
- {
-- value_update_csn(vs->va[index],t,csn);
-+ value_update_csn(v,t,csn);
- if (csnref_updated)
-- valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(vs->va[index]);
-+ valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v);
- valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
- valuestoupdate[i]= NULL;
- del_count++;
---
-1.9.3
-
diff --git a/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch b/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch
new file mode 100644
index 0000000..163431f
--- /dev/null
+++ b/SOURCES/0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch
@@ -0,0 +1,209 @@
+From 320ad877fc74b2396fd5dad59cfa990c3ace09f9 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Sat, 9 Jul 2016 18:36:17 -0700
+Subject: [PATCH 2/3] Ticket #48914 - db2bak.pl task enters infinitive loop
+ when bak fs is almost full
+
+Description: A backend helper function dblayer_copyfile returns an error
+when any of the copy operation fails. But one of the caller functions
+dblayer_backup ignored the error.
+
+This patch checks the error returned from dblayer_copyfile and abort the
+back-up.
+
+Also, more error info is added to the log messages.
+
+https://fedorahosted.org/389/ticket/48914
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit ff997cd6fa5f2a0678721ba0b6a56fdce327feb0)
+---
+ ldap/servers/slapd/back-ldbm/dblayer.c | 95 ++++++++++++++++++++++------------
+ 1 file changed, 61 insertions(+), 34 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
+index 93d42be..783d104 100644
+--- a/ldap/servers/slapd/back-ldbm/dblayer.c
++++ b/ldap/servers/slapd/back-ldbm/dblayer.c
+@@ -5643,18 +5643,16 @@ dblayer_copyfile(char *source, char *destination, int overwrite, int mode)
+ source_fd = OPEN_FUNCTION(source,O_RDONLY,0);
+ if (-1 == source_fd)
+ {
+- LDAPDebug1Arg(LDAP_DEBUG_ANY,
+- "dblayer_copyfile: failed to open source file: %s\n",
+- source);
++ LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to open source file %s by \"%s\"\n",
++ source, strerror(errno));
+ goto error;
+ }
+ /* Open destination file */
+ dest_fd = OPEN_FUNCTION(destination,O_CREAT | O_WRONLY, mode);
+ if (-1 == dest_fd)
+ {
+- LDAPDebug1Arg(LDAP_DEBUG_ANY,
+- "dblayer_copyfile: failed to open dest file: %s\n",
+- destination);
++ LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to open dest file %s by \"%s\"\n",
++ destination, strerror(errno));
+ goto error;
+ }
+ LDAPDebug2Args(LDAP_DEBUG_BACKLDBM,
+@@ -5662,24 +5660,38 @@ dblayer_copyfile(char *source, char *destination, int overwrite, int mode)
+ /* Loop round reading data and writing it */
+ while (1)
+ {
++ int i;
++ char *ptr = NULL;
+ return_value = read(source_fd,buffer,64*1024);
+- if (return_value <= 0)
+- {
++ if (return_value <= 0) {
+ /* means error or EOF */
+- if (return_value < 0)
+- {
+- LDAPDebug1Arg(LDAP_DEBUG_ANY,
+- "dblayer_copyfile: failed to read: %d\n", errno);
++ if (return_value < 0) {
++ LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to read by \"%s\": rval = %d\n",
++ strerror(errno), return_value);
+ }
+ break;
+ }
+ bytes_to_write = return_value;
+- return_value = write(dest_fd,buffer,bytes_to_write);
+- if (return_value != bytes_to_write)
+- {
+- /* means error */
+- LDAPDebug1Arg(LDAP_DEBUG_ANY,
+- "dblayer_copyfile: failed to write: %d\n", errno);
++ ptr = buffer;
++#define CPRETRY 4
++ for (i = 0; i < CPRETRY; i++) { /* retry twice */
++ return_value = write(dest_fd, ptr, bytes_to_write);
++ if (return_value == bytes_to_write) {
++ break;
++ } else {
++ /* means error */
++ LDAPDebug(LDAP_DEBUG_ANY, "dblayer_copyfile: failed to write by \"%s\"; real: %d bytes, exp: %d bytes\n",
++ strerror(errno), return_value, bytes_to_write);
++ if (return_value > 0) {
++ bytes_to_write -= return_value;
++ ptr += return_value;
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "dblayer_copyfile: retrying to write %d bytes\n", bytes_to_write);
++ } else {
++ break;
++ }
++ }
++ }
++ if ((CPRETRY == i) || (return_value < 0)) {
+ return_value = -1;
+ break;
+ }
+@@ -5906,10 +5918,15 @@ dblayer_copy_directory(struct ldbminfo *li,
+ return_value = dblayer_copyfile(filename1, filename2,
+ 0, priv->dblayer_file_mode);
+ }
++ if (return_value < 0) {
++ LDAPDebug2Args(LDAP_DEBUG_ANY, "dblayer_copy_directory: Failed to copy file %s to %s\n",
++ filename1, filename2);
++ slapi_ch_free((void**)&filename1);
++ slapi_ch_free((void**)&filename2);
++ break;
++ }
+ slapi_ch_free((void**)&filename1);
+ slapi_ch_free((void**)&filename2);
+- if (0 > return_value)
+- break;
+
+ (*cnt)++;
+ }
+@@ -6165,9 +6182,14 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task)
+ changelog_destdir, DBVERSION_FILENAME);
+ return_value = dblayer_copyfile(pathname1, pathname2,
+ 0, priv->dblayer_file_mode);
+- slapi_ch_free_string(&pathname1);
+ slapi_ch_free_string(&pathname2);
+ slapi_ch_free_string(&changelog_destdir);
++ if (0 > return_value) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "Backup: Failed to copy file %s\n", pathname1);
++ slapi_ch_free_string(&pathname1);
++ goto bail;
++ }
++ slapi_ch_free_string(&pathname1);
+ }
+ if (priv->dblayer_enable_transactions) {
+ /* now, get the list of logfiles that still exist */
+@@ -6240,15 +6262,15 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task)
+ return_value = dblayer_copyfile(pathname1, pathname2,
+ 0, priv->dblayer_file_mode);
+ if (0 > return_value) {
+- LDAPDebug2Args(LDAP_DEBUG_ANY, "Backup: error in "
+- "copying file '%s' (err=%d) -- Starting over...\n",
+- pathname1, return_value);
++ LDAPDebug2Args(LDAP_DEBUG_ANY, "Backup: error in copying file '%s' (err=%d)\n",
++ pathname1, return_value);
+ if (task) {
+- slapi_task_log_notice(task,
+- "Error copying file '%s' (err=%d) -- Starting "
+- "over...", pathname1, return_value);
++ slapi_task_log_notice(task, "Error copying file '%s' (err=%d)",
++ pathname1, return_value);
+ }
+- ok = 0;
++ slapi_ch_free((void **)&pathname1);
++ slapi_ch_free((void **)&pathname2);
++ goto bail;
+ }
+ if ( g_get_shutdown() || c_get_shutdown() ) {
+ LDAPDebug0Args(LDAP_DEBUG_ANY, "Backup aborted\n");
+@@ -6276,9 +6298,8 @@ dblayer_backup(struct ldbminfo *li, char *dest_dir, Slapi_Task *task)
+ slapi_task_log_notice(task, "Backing up file %d (%s)", cnt, pathname2);
+ slapi_task_log_status(task, "Backing up file %d (%s)", cnt, pathname2);
+ }
+- return_value =
+- dblayer_copyfile(pathname1, pathname2, 0, priv->dblayer_file_mode);
+- if (return_value) {
++ return_value = dblayer_copyfile(pathname1, pathname2, 0, priv->dblayer_file_mode);
++ if (0 > return_value) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "Backup: error in copying version file "
+ "(%s -> %s): err=%d\n",
+@@ -6458,11 +6479,12 @@ static int dblayer_copy_dirand_contents(char* src_dir, char* dst_dir, int mode,
+ slapi_task_log_status(task, "Moving file %s",
+ filename2);
+ }
+- return_value = dblayer_copyfile(filename1, filename2, 0,
+- mode);
++ return_value = dblayer_copyfile(filename1, filename2, 0, mode);
+ }
+- if (0 > return_value)
++ if (0 > return_value) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "dblayer_copy_dirand_contents: failed to copy file %s\n", filename1);
+ break;
++ }
+ }
+ PR_CloseDir(dirhandle);
+ }
+@@ -6838,6 +6860,10 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char *
+ changelogdir, DBVERSION_FILENAME);
+ return_value = dblayer_copyfile(filename1, filename2,
+ 0, priv->dblayer_file_mode);
++ if (0 > return_value) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "Restore: failed to copy file %s\n", filename1);
++ goto error_out;
++ }
+ }
+ continue;
+ }
+@@ -6897,6 +6923,7 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char *
+ return_value = dblayer_copyfile(filename1, filename2, 0,
+ priv->dblayer_file_mode);
+ if (0 > return_value) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "Restore: failed to copy file %s\n", filename1);
+ goto error_out;
+ }
+ cnt++;
+--
+2.4.11
+
diff --git a/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch b/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
deleted file mode 100644
index 93e3d89..0000000
--- a/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 2ad324a00c8e429171d5c096a56c32aed3206466 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 1 Jul 2015 18:16:20 -0700
-Subject: [PATCH 3/7] Ticket #48212 - Dynamic nsMatchingRule changes had no
- effect on the attrinfo thus following reindexing, as well.
-
-Description: When nsMatchingRule was dynamically updated in an index entry,
-the value was set to the configuration but was not applied to the attribute
-info. On-line reindexing following the nsMatchingRule change actually ignored
-the setting. On the other hand, the standalone utility dbverify independently
-picked up the nsMatchingRule from the configuration and generated the attribute
-info, which expected the index reindexed based upon the new nsMatchingRule. But
-it was actually not and dbverify reported the index corruption.
-
-This patch applies the changes to the attribute info when nsMatchingRule is
-modified.
-
-https://fedorahosted.org/389/ticket/48212
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!)
-
-(cherry picked from commit d9679725e69df1d191864ca00bad6b79b13e7362)
-(cherry picked from commit d15beff66fd28902bd8ca80af12ad76a7ecbe57d)
----
- ldap/servers/slapd/back-ldbm/ldbm_attr.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-index 62ed6e1..092b6b5 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-@@ -127,7 +127,16 @@ ainfo_dup(
- attrinfo_delete_idlistinfo(&a->ai_idlistinfo);
- a->ai_idlistinfo = b->ai_idlistinfo;
- b->ai_idlistinfo = NULL;
--
-+
-+ /* copy cmp functions and substr lengths */
-+ a->ai_key_cmp_fn = b->ai_key_cmp_fn;
-+ a->ai_dup_cmp_fn = b->ai_dup_cmp_fn;
-+ if (b->ai_substr_lens) {
-+ size_t substrlen = sizeof(int) * INDEX_SUBSTRLEN;
-+ a->ai_substr_lens = (int *)slapi_ch_calloc(1, substrlen);
-+ memcpy(a->ai_substr_lens, b->ai_substr_lens, substrlen);
-+ }
-+
- return( 1 );
- }
-
---
-1.9.3
-
diff --git a/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch b/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch
new file mode 100644
index 0000000..47a9740
--- /dev/null
+++ b/SOURCES/0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch
@@ -0,0 +1,64 @@
+From 6e3de01c0a6f07f82d514d0d7f546a4eb408a445 Mon Sep 17 00:00:00 2001
+From: Viktor Ashirov <vashirov@redhat.com>
+Date: Mon, 11 Jul 2016 10:10:42 +0200
+Subject: [PATCH 3/3] Ticket #48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't
+ install 389-ds-base-snmp
+
+Bug description:
+During upgrade from 389-ds-base version <1.3.5.5 additional
+package 389-ds-base-snmp is not installed.
+
+Fix description:
+Move "Obsoletes:" section from %description to %package.
+
+https://fedorahosted.org/389/ticket/48918
+
+Reviewed by: nhosoi@redhat.com.
+
+(cherry picked from commit f593ae7790e3372c6812bfe59e58e6d709ec171f)
+---
+ rpm/389-ds-base.spec.in | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
+index d08d379..0924cb5 100644
+--- a/rpm/389-ds-base.spec.in
++++ b/rpm/389-ds-base.spec.in
+@@ -47,6 +47,8 @@ Group: System Environment/Daemons
+ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+ Obsoletes: %{name}-selinux
+ Conflicts: selinux-policy-base < 3.9.8
++# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
++Obsoletes: %{name} <= 1.3.5.4
+ Requires: %{name}-libs = %{version}-%{release}
+ Provides: ldif2ldbm
+
+@@ -152,9 +154,6 @@ isn't what you want. Please contact support immediately.
+ Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
+ %endif
+
+-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
+-Obsoletes: %{name} <= 1.3.5.4
+-
+ %package libs
+ Summary: Core libraries for 389 Directory Server (%{variant})
+ Group: System Environment/Daemons
+@@ -213,13 +212,12 @@ Development Libraries and headers for the 389 Directory Server base package.
+ Summary: SNMP Agent for 389 Directory Server
+ Group: System Environment/Daemons
+ Requires: %{name} = %{version}-%{release}
++# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
++Obsoletes: %{name} <= 1.3.5.4
+
+ %description snmp
+ SNMP Agent for the 389 Directory Server base package.
+
+-# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
+-Obsoletes: %{name} <= 1.3.5.4
+-
+ %package tests
+ Summary: The lib389 Continuous Integration Tests
+ Group: Development/Libraries
+--
+2.4.11
+
diff --git a/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
deleted file mode 100644
index e3e8236..0000000
--- a/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
+++ /dev/null
@@ -1,17261 +0,0 @@
-From b9de59847038d4baecacfb911c21798f78e3c52a Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 1 Jul 2015 18:23:22 -0700
-Subject: [PATCH 4/7] Ticket #48212 - CI test: added test cases for ticket
- 48212
-
-Description: Dynamic nsMatchingRule changes had no effect on the attrinfo
- thus following reindexing, as well.
-
-https://fedorahosted.org/389/ticket/48212
-(cherry picked from commit a533145d1dc3c11bb0aa7745f656049b287e501e)
-(cherry picked from commit 0e079ab39f7ee3d5fe77b505fb40c647d149f1b0)
----
- dirsrvtests/data/ticket48212/example1k_posix.ldif | 17017 ++++++++++++++++++++
- dirsrvtests/tickets/ticket48212_test.py | 210 +
- 2 files changed, 17227 insertions(+)
- create mode 100644 dirsrvtests/data/ticket48212/example1k_posix.ldif
- create mode 100644 dirsrvtests/tickets/ticket48212_test.py
-
-diff --git a/dirsrvtests/data/ticket48212/example1k_posix.ldif b/dirsrvtests/data/ticket48212/example1k_posix.ldif
-new file mode 100644
-index 0000000..50000f2
---- /dev/null
-+++ b/dirsrvtests/data/ticket48212/example1k_posix.ldif
-@@ -0,0 +1,17017 @@
-+dn: dc=example,dc=com
-+objectClass: top
-+objectClass: domain
-+dc: example
-+aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "acl1"; allow(write) userdn = "ldap:///self";)
-+aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "acl2"; allow(read, search, compare) userdn = "ldap:///anyone";)
-+
-+dn: ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: organizationalunit
-+ou: People
-+
-+dn: ou=Groups,dc=example,dc=com
-+objectClass: top
-+objectClass: organizationalunit
-+ou: Groups
-+
-+dn: cn=user0,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user0
-+sn: user0
-+uid: uid0
-+givenname: givenname0
-+description: description0
-+userPassword: password0
-+mail: uid0
-+uidnumber: 0
-+gidnumber: 0
-+homeDirectory: /home/uid0
-+
-+dn: cn=user1,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user1
-+sn: user1
-+uid: uid1
-+givenname: givenname1
-+description: description1
-+userPassword: password1
-+mail: uid1
-+uidnumber: 1
-+gidnumber: 1
-+homeDirectory: /home/uid1
-+
-+dn: cn=user2,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user2
-+sn: user2
-+uid: uid2
-+givenname: givenname2
-+description: description2
-+userPassword: password2
-+mail: uid2
-+uidnumber: 2
-+gidnumber: 2
-+homeDirectory: /home/uid2
-+
-+dn: cn=user3,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user3
-+sn: user3
-+uid: uid3
-+givenname: givenname3
-+description: description3
-+userPassword: password3
-+mail: uid3
-+uidnumber: 3
-+gidnumber: 3
-+homeDirectory: /home/uid3
-+
-+dn: cn=user4,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user4
-+sn: user4
-+uid: uid4
-+givenname: givenname4
-+description: description4
-+userPassword: password4
-+mail: uid4
-+uidnumber: 4
-+gidnumber: 4
-+homeDirectory: /home/uid4
-+
-+dn: cn=user5,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user5
-+sn: user5
-+uid: uid5
-+givenname: givenname5
-+description: description5
-+userPassword: password5
-+mail: uid5
-+uidnumber: 5
-+gidnumber: 5
-+homeDirectory: /home/uid5
-+
-+dn: cn=user6,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user6
-+sn: user6
-+uid: uid6
-+givenname: givenname6
-+description: description6
-+userPassword: password6
-+mail: uid6
-+uidnumber: 6
-+gidnumber: 6
-+homeDirectory: /home/uid6
-+
-+dn: cn=user7,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user7
-+sn: user7
-+uid: uid7
-+givenname: givenname7
-+description: description7
-+userPassword: password7
-+mail: uid7
-+uidnumber: 7
-+gidnumber: 7
-+homeDirectory: /home/uid7
-+
-+dn: cn=user8,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user8
-+sn: user8
-+uid: uid8
-+givenname: givenname8
-+description: description8
-+userPassword: password8
-+mail: uid8
-+uidnumber: 8
-+gidnumber: 8
-+homeDirectory: /home/uid8
-+
-+dn: cn=user9,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user9
-+sn: user9
-+uid: uid9
-+givenname: givenname9
-+description: description9
-+userPassword: password9
-+mail: uid9
-+uidnumber: 9
-+gidnumber: 9
-+homeDirectory: /home/uid9
-+
-+dn: cn=user10,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user10
-+sn: user10
-+uid: uid10
-+givenname: givenname10
-+description: description10
-+userPassword: password10
-+mail: uid10
-+uidnumber: 10
-+gidnumber: 10
-+homeDirectory: /home/uid10
-+
-+dn: cn=user11,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user11
-+sn: user11
-+uid: uid11
-+givenname: givenname11
-+description: description11
-+userPassword: password11
-+mail: uid11
-+uidnumber: 11
-+gidnumber: 11
-+homeDirectory: /home/uid11
-+
-+dn: cn=user12,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user12
-+sn: user12
-+uid: uid12
-+givenname: givenname12
-+description: description12
-+userPassword: password12
-+mail: uid12
-+uidnumber: 12
-+gidnumber: 12
-+homeDirectory: /home/uid12
-+
-+dn: cn=user13,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user13
-+sn: user13
-+uid: uid13
-+givenname: givenname13
-+description: description13
-+userPassword: password13
-+mail: uid13
-+uidnumber: 13
-+gidnumber: 13
-+homeDirectory: /home/uid13
-+
-+dn: cn=user14,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user14
-+sn: user14
-+uid: uid14
-+givenname: givenname14
-+description: description14
-+userPassword: password14
-+mail: uid14
-+uidnumber: 14
-+gidnumber: 14
-+homeDirectory: /home/uid14
-+
-+dn: cn=user15,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user15
-+sn: user15
-+uid: uid15
-+givenname: givenname15
-+description: description15
-+userPassword: password15
-+mail: uid15
-+uidnumber: 15
-+gidnumber: 15
-+homeDirectory: /home/uid15
-+
-+dn: cn=user16,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user16
-+sn: user16
-+uid: uid16
-+givenname: givenname16
-+description: description16
-+userPassword: password16
-+mail: uid16
-+uidnumber: 16
-+gidnumber: 16
-+homeDirectory: /home/uid16
-+
-+dn: cn=user17,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user17
-+sn: user17
-+uid: uid17
-+givenname: givenname17
-+description: description17
-+userPassword: password17
-+mail: uid17
-+uidnumber: 17
-+gidnumber: 17
-+homeDirectory: /home/uid17
-+
-+dn: cn=user18,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user18
-+sn: user18
-+uid: uid18
-+givenname: givenname18
-+description: description18
-+userPassword: password18
-+mail: uid18
-+uidnumber: 18
-+gidnumber: 18
-+homeDirectory: /home/uid18
-+
-+dn: cn=user19,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user19
-+sn: user19
-+uid: uid19
-+givenname: givenname19
-+description: description19
-+userPassword: password19
-+mail: uid19
-+uidnumber: 19
-+gidnumber: 19
-+homeDirectory: /home/uid19
-+
-+dn: cn=user20,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user20
-+sn: user20
-+uid: uid20
-+givenname: givenname20
-+description: description20
-+userPassword: password20
-+mail: uid20
-+uidnumber: 20
-+gidnumber: 20
-+homeDirectory: /home/uid20
-+
-+dn: cn=user21,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user21
-+sn: user21
-+uid: uid21
-+givenname: givenname21
-+description: description21
-+userPassword: password21
-+mail: uid21
-+uidnumber: 21
-+gidnumber: 21
-+homeDirectory: /home/uid21
-+
-+dn: cn=user22,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user22
-+sn: user22
-+uid: uid22
-+givenname: givenname22
-+description: description22
-+userPassword: password22
-+mail: uid22
-+uidnumber: 22
-+gidnumber: 22
-+homeDirectory: /home/uid22
-+
-+dn: cn=user23,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user23
-+sn: user23
-+uid: uid23
-+givenname: givenname23
-+description: description23
-+userPassword: password23
-+mail: uid23
-+uidnumber: 23
-+gidnumber: 23
-+homeDirectory: /home/uid23
-+
-+dn: cn=user24,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user24
-+sn: user24
-+uid: uid24
-+givenname: givenname24
-+description: description24
-+userPassword: password24
-+mail: uid24
-+uidnumber: 24
-+gidnumber: 24
-+homeDirectory: /home/uid24
-+
-+dn: cn=user25,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user25
-+sn: user25
-+uid: uid25
-+givenname: givenname25
-+description: description25
-+userPassword: password25
-+mail: uid25
-+uidnumber: 25
-+gidnumber: 25
-+homeDirectory: /home/uid25
-+
-+dn: cn=user26,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user26
-+sn: user26
-+uid: uid26
-+givenname: givenname26
-+description: description26
-+userPassword: password26
-+mail: uid26
-+uidnumber: 26
-+gidnumber: 26
-+homeDirectory: /home/uid26
-+
-+dn: cn=user27,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user27
-+sn: user27
-+uid: uid27
-+givenname: givenname27
-+description: description27
-+userPassword: password27
-+mail: uid27
-+uidnumber: 27
-+gidnumber: 27
-+homeDirectory: /home/uid27
-+
-+dn: cn=user28,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user28
-+sn: user28
-+uid: uid28
-+givenname: givenname28
-+description: description28
-+userPassword: password28
-+mail: uid28
-+uidnumber: 28
-+gidnumber: 28
-+homeDirectory: /home/uid28
-+
-+dn: cn=user29,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user29
-+sn: user29
-+uid: uid29
-+givenname: givenname29
-+description: description29
-+userPassword: password29
-+mail: uid29
-+uidnumber: 29
-+gidnumber: 29
-+homeDirectory: /home/uid29
-+
-+dn: cn=user30,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user30
-+sn: user30
-+uid: uid30
-+givenname: givenname30
-+description: description30
-+userPassword: password30
-+mail: uid30
-+uidnumber: 30
-+gidnumber: 30
-+homeDirectory: /home/uid30
-+
-+dn: cn=user31,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user31
-+sn: user31
-+uid: uid31
-+givenname: givenname31
-+description: description31
-+userPassword: password31
-+mail: uid31
-+uidnumber: 31
-+gidnumber: 31
-+homeDirectory: /home/uid31
-+
-+dn: cn=user32,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user32
-+sn: user32
-+uid: uid32
-+givenname: givenname32
-+description: description32
-+userPassword: password32
-+mail: uid32
-+uidnumber: 32
-+gidnumber: 32
-+homeDirectory: /home/uid32
-+
-+dn: cn=user33,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user33
-+sn: user33
-+uid: uid33
-+givenname: givenname33
-+description: description33
-+userPassword: password33
-+mail: uid33
-+uidnumber: 33
-+gidnumber: 33
-+homeDirectory: /home/uid33
-+
-+dn: cn=user34,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user34
-+sn: user34
-+uid: uid34
-+givenname: givenname34
-+description: description34
-+userPassword: password34
-+mail: uid34
-+uidnumber: 34
-+gidnumber: 34
-+homeDirectory: /home/uid34
-+
-+dn: cn=user35,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user35
-+sn: user35
-+uid: uid35
-+givenname: givenname35
-+description: description35
-+userPassword: password35
-+mail: uid35
-+uidnumber: 35
-+gidnumber: 35
-+homeDirectory: /home/uid35
-+
-+dn: cn=user36,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user36
-+sn: user36
-+uid: uid36
-+givenname: givenname36
-+description: description36
-+userPassword: password36
-+mail: uid36
-+uidnumber: 36
-+gidnumber: 36
-+homeDirectory: /home/uid36
-+
-+dn: cn=user37,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user37
-+sn: user37
-+uid: uid37
-+givenname: givenname37
-+description: description37
-+userPassword: password37
-+mail: uid37
-+uidnumber: 37
-+gidnumber: 37
-+homeDirectory: /home/uid37
-+
-+dn: cn=user38,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user38
-+sn: user38
-+uid: uid38
-+givenname: givenname38
-+description: description38
-+userPassword: password38
-+mail: uid38
-+uidnumber: 38
-+gidnumber: 38
-+homeDirectory: /home/uid38
-+
-+dn: cn=user39,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user39
-+sn: user39
-+uid: uid39
-+givenname: givenname39
-+description: description39
-+userPassword: password39
-+mail: uid39
-+uidnumber: 39
-+gidnumber: 39
-+homeDirectory: /home/uid39
-+
-+dn: cn=user40,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user40
-+sn: user40
-+uid: uid40
-+givenname: givenname40
-+description: description40
-+userPassword: password40
-+mail: uid40
-+uidnumber: 40
-+gidnumber: 40
-+homeDirectory: /home/uid40
-+
-+dn: cn=user41,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user41
-+sn: user41
-+uid: uid41
-+givenname: givenname41
-+description: description41
-+userPassword: password41
-+mail: uid41
-+uidnumber: 41
-+gidnumber: 41
-+homeDirectory: /home/uid41
-+
-+dn: cn=user42,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user42
-+sn: user42
-+uid: uid42
-+givenname: givenname42
-+description: description42
-+userPassword: password42
-+mail: uid42
-+uidnumber: 42
-+gidnumber: 42
-+homeDirectory: /home/uid42
-+
-+dn: cn=user43,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user43
-+sn: user43
-+uid: uid43
-+givenname: givenname43
-+description: description43
-+userPassword: password43
-+mail: uid43
-+uidnumber: 43
-+gidnumber: 43
-+homeDirectory: /home/uid43
-+
-+dn: cn=user44,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user44
-+sn: user44
-+uid: uid44
-+givenname: givenname44
-+description: description44
-+userPassword: password44
-+mail: uid44
-+uidnumber: 44
-+gidnumber: 44
-+homeDirectory: /home/uid44
-+
-+dn: cn=user45,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user45
-+sn: user45
-+uid: uid45
-+givenname: givenname45
-+description: description45
-+userPassword: password45
-+mail: uid45
-+uidnumber: 45
-+gidnumber: 45
-+homeDirectory: /home/uid45
-+
-+dn: cn=user46,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user46
-+sn: user46
-+uid: uid46
-+givenname: givenname46
-+description: description46
-+userPassword: password46
-+mail: uid46
-+uidnumber: 46
-+gidnumber: 46
-+homeDirectory: /home/uid46
-+
-+dn: cn=user47,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user47
-+sn: user47
-+uid: uid47
-+givenname: givenname47
-+description: description47
-+userPassword: password47
-+mail: uid47
-+uidnumber: 47
-+gidnumber: 47
-+homeDirectory: /home/uid47
-+
-+dn: cn=user48,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user48
-+sn: user48
-+uid: uid48
-+givenname: givenname48
-+description: description48
-+userPassword: password48
-+mail: uid48
-+uidnumber: 48
-+gidnumber: 48
-+homeDirectory: /home/uid48
-+
-+dn: cn=user49,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user49
-+sn: user49
-+uid: uid49
-+givenname: givenname49
-+description: description49
-+userPassword: password49
-+mail: uid49
-+uidnumber: 49
-+gidnumber: 49
-+homeDirectory: /home/uid49
-+
-+dn: cn=user50,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user50
-+sn: user50
-+uid: uid50
-+givenname: givenname50
-+description: description50
-+userPassword: password50
-+mail: uid50
-+uidnumber: 50
-+gidnumber: 50
-+homeDirectory: /home/uid50
-+
-+dn: cn=user51,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user51
-+sn: user51
-+uid: uid51
-+givenname: givenname51
-+description: description51
-+userPassword: password51
-+mail: uid51
-+uidnumber: 51
-+gidnumber: 51
-+homeDirectory: /home/uid51
-+
-+dn: cn=user52,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user52
-+sn: user52
-+uid: uid52
-+givenname: givenname52
-+description: description52
-+userPassword: password52
-+mail: uid52
-+uidnumber: 52
-+gidnumber: 52
-+homeDirectory: /home/uid52
-+
-+dn: cn=user53,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user53
-+sn: user53
-+uid: uid53
-+givenname: givenname53
-+description: description53
-+userPassword: password53
-+mail: uid53
-+uidnumber: 53
-+gidnumber: 53
-+homeDirectory: /home/uid53
-+
-+dn: cn=user54,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user54
-+sn: user54
-+uid: uid54
-+givenname: givenname54
-+description: description54
-+userPassword: password54
-+mail: uid54
-+uidnumber: 54
-+gidnumber: 54
-+homeDirectory: /home/uid54
-+
-+dn: cn=user55,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user55
-+sn: user55
-+uid: uid55
-+givenname: givenname55
-+description: description55
-+userPassword: password55
-+mail: uid55
-+uidnumber: 55
-+gidnumber: 55
-+homeDirectory: /home/uid55
-+
-+dn: cn=user56,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user56
-+sn: user56
-+uid: uid56
-+givenname: givenname56
-+description: description56
-+userPassword: password56
-+mail: uid56
-+uidnumber: 56
-+gidnumber: 56
-+homeDirectory: /home/uid56
-+
-+dn: cn=user57,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user57
-+sn: user57
-+uid: uid57
-+givenname: givenname57
-+description: description57
-+userPassword: password57
-+mail: uid57
-+uidnumber: 57
-+gidnumber: 57
-+homeDirectory: /home/uid57
-+
-+dn: cn=user58,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user58
-+sn: user58
-+uid: uid58
-+givenname: givenname58
-+description: description58
-+userPassword: password58
-+mail: uid58
-+uidnumber: 58
-+gidnumber: 58
-+homeDirectory: /home/uid58
-+
-+dn: cn=user59,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user59
-+sn: user59
-+uid: uid59
-+givenname: givenname59
-+description: description59
-+userPassword: password59
-+mail: uid59
-+uidnumber: 59
-+gidnumber: 59
-+homeDirectory: /home/uid59
-+
-+dn: cn=user60,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user60
-+sn: user60
-+uid: uid60
-+givenname: givenname60
-+description: description60
-+userPassword: password60
-+mail: uid60
-+uidnumber: 60
-+gidnumber: 60
-+homeDirectory: /home/uid60
-+
-+dn: cn=user61,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user61
-+sn: user61
-+uid: uid61
-+givenname: givenname61
-+description: description61
-+userPassword: password61
-+mail: uid61
-+uidnumber: 61
-+gidnumber: 61
-+homeDirectory: /home/uid61
-+
-+dn: cn=user62,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user62
-+sn: user62
-+uid: uid62
-+givenname: givenname62
-+description: description62
-+userPassword: password62
-+mail: uid62
-+uidnumber: 62
-+gidnumber: 62
-+homeDirectory: /home/uid62
-+
-+dn: cn=user63,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user63
-+sn: user63
-+uid: uid63
-+givenname: givenname63
-+description: description63
-+userPassword: password63
-+mail: uid63
-+uidnumber: 63
-+gidnumber: 63
-+homeDirectory: /home/uid63
-+
-+dn: cn=user64,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user64
-+sn: user64
-+uid: uid64
-+givenname: givenname64
-+description: description64
-+userPassword: password64
-+mail: uid64
-+uidnumber: 64
-+gidnumber: 64
-+homeDirectory: /home/uid64
-+
-+dn: cn=user65,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user65
-+sn: user65
-+uid: uid65
-+givenname: givenname65
-+description: description65
-+userPassword: password65
-+mail: uid65
-+uidnumber: 65
-+gidnumber: 65
-+homeDirectory: /home/uid65
-+
-+dn: cn=user66,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user66
-+sn: user66
-+uid: uid66
-+givenname: givenname66
-+description: description66
-+userPassword: password66
-+mail: uid66
-+uidnumber: 66
-+gidnumber: 66
-+homeDirectory: /home/uid66
-+
-+dn: cn=user67,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user67
-+sn: user67
-+uid: uid67
-+givenname: givenname67
-+description: description67
-+userPassword: password67
-+mail: uid67
-+uidnumber: 67
-+gidnumber: 67
-+homeDirectory: /home/uid67
-+
-+dn: cn=user68,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user68
-+sn: user68
-+uid: uid68
-+givenname: givenname68
-+description: description68
-+userPassword: password68
-+mail: uid68
-+uidnumber: 68
-+gidnumber: 68
-+homeDirectory: /home/uid68
-+
-+dn: cn=user69,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user69
-+sn: user69
-+uid: uid69
-+givenname: givenname69
-+description: description69
-+userPassword: password69
-+mail: uid69
-+uidnumber: 69
-+gidnumber: 69
-+homeDirectory: /home/uid69
-+
-+dn: cn=user70,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user70
-+sn: user70
-+uid: uid70
-+givenname: givenname70
-+description: description70
-+userPassword: password70
-+mail: uid70
-+uidnumber: 70
-+gidnumber: 70
-+homeDirectory: /home/uid70
-+
-+dn: cn=user71,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user71
-+sn: user71
-+uid: uid71
-+givenname: givenname71
-+description: description71
-+userPassword: password71
-+mail: uid71
-+uidnumber: 71
-+gidnumber: 71
-+homeDirectory: /home/uid71
-+
-+dn: cn=user72,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user72
-+sn: user72
-+uid: uid72
-+givenname: givenname72
-+description: description72
-+userPassword: password72
-+mail: uid72
-+uidnumber: 72
-+gidnumber: 72
-+homeDirectory: /home/uid72
-+
-+dn: cn=user73,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user73
-+sn: user73
-+uid: uid73
-+givenname: givenname73
-+description: description73
-+userPassword: password73
-+mail: uid73
-+uidnumber: 73
-+gidnumber: 73
-+homeDirectory: /home/uid73
-+
-+dn: cn=user74,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user74
-+sn: user74
-+uid: uid74
-+givenname: givenname74
-+description: description74
-+userPassword: password74
-+mail: uid74
-+uidnumber: 74
-+gidnumber: 74
-+homeDirectory: /home/uid74
-+
-+dn: cn=user75,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user75
-+sn: user75
-+uid: uid75
-+givenname: givenname75
-+description: description75
-+userPassword: password75
-+mail: uid75
-+uidnumber: 75
-+gidnumber: 75
-+homeDirectory: /home/uid75
-+
-+dn: cn=user76,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user76
-+sn: user76
-+uid: uid76
-+givenname: givenname76
-+description: description76
-+userPassword: password76
-+mail: uid76
-+uidnumber: 76
-+gidnumber: 76
-+homeDirectory: /home/uid76
-+
-+dn: cn=user77,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user77
-+sn: user77
-+uid: uid77
-+givenname: givenname77
-+description: description77
-+userPassword: password77
-+mail: uid77
-+uidnumber: 77
-+gidnumber: 77
-+homeDirectory: /home/uid77
-+
-+dn: cn=user78,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user78
-+sn: user78
-+uid: uid78
-+givenname: givenname78
-+description: description78
-+userPassword: password78
-+mail: uid78
-+uidnumber: 78
-+gidnumber: 78
-+homeDirectory: /home/uid78
-+
-+dn: cn=user79,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user79
-+sn: user79
-+uid: uid79
-+givenname: givenname79
-+description: description79
-+userPassword: password79
-+mail: uid79
-+uidnumber: 79
-+gidnumber: 79
-+homeDirectory: /home/uid79
-+
-+dn: cn=user80,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user80
-+sn: user80
-+uid: uid80
-+givenname: givenname80
-+description: description80
-+userPassword: password80
-+mail: uid80
-+uidnumber: 80
-+gidnumber: 80
-+homeDirectory: /home/uid80
-+
-+dn: cn=user81,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user81
-+sn: user81
-+uid: uid81
-+givenname: givenname81
-+description: description81
-+userPassword: password81
-+mail: uid81
-+uidnumber: 81
-+gidnumber: 81
-+homeDirectory: /home/uid81
-+
-+dn: cn=user82,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user82
-+sn: user82
-+uid: uid82
-+givenname: givenname82
-+description: description82
-+userPassword: password82
-+mail: uid82
-+uidnumber: 82
-+gidnumber: 82
-+homeDirectory: /home/uid82
-+
-+dn: cn=user83,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user83
-+sn: user83
-+uid: uid83
-+givenname: givenname83
-+description: description83
-+userPassword: password83
-+mail: uid83
-+uidnumber: 83
-+gidnumber: 83
-+homeDirectory: /home/uid83
-+
-+dn: cn=user84,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user84
-+sn: user84
-+uid: uid84
-+givenname: givenname84
-+description: description84
-+userPassword: password84
-+mail: uid84
-+uidnumber: 84
-+gidnumber: 84
-+homeDirectory: /home/uid84
-+
-+dn: cn=user85,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user85
-+sn: user85
-+uid: uid85
-+givenname: givenname85
-+description: description85
-+userPassword: password85
-+mail: uid85
-+uidnumber: 85
-+gidnumber: 85
-+homeDirectory: /home/uid85
-+
-+dn: cn=user86,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user86
-+sn: user86
-+uid: uid86
-+givenname: givenname86
-+description: description86
-+userPassword: password86
-+mail: uid86
-+uidnumber: 86
-+gidnumber: 86
-+homeDirectory: /home/uid86
-+
-+dn: cn=user87,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user87
-+sn: user87
-+uid: uid87
-+givenname: givenname87
-+description: description87
-+userPassword: password87
-+mail: uid87
-+uidnumber: 87
-+gidnumber: 87
-+homeDirectory: /home/uid87
-+
-+dn: cn=user88,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user88
-+sn: user88
-+uid: uid88
-+givenname: givenname88
-+description: description88
-+userPassword: password88
-+mail: uid88
-+uidnumber: 88
-+gidnumber: 88
-+homeDirectory: /home/uid88
-+
-+dn: cn=user89,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user89
-+sn: user89
-+uid: uid89
-+givenname: givenname89
-+description: description89
-+userPassword: password89
-+mail: uid89
-+uidnumber: 89
-+gidnumber: 89
-+homeDirectory: /home/uid89
-+
-+dn: cn=user90,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user90
-+sn: user90
-+uid: uid90
-+givenname: givenname90
-+description: description90
-+userPassword: password90
-+mail: uid90
-+uidnumber: 90
-+gidnumber: 90
-+homeDirectory: /home/uid90
-+
-+dn: cn=user91,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user91
-+sn: user91
-+uid: uid91
-+givenname: givenname91
-+description: description91
-+userPassword: password91
-+mail: uid91
-+uidnumber: 91
-+gidnumber: 91
-+homeDirectory: /home/uid91
-+
-+dn: cn=user92,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user92
-+sn: user92
-+uid: uid92
-+givenname: givenname92
-+description: description92
-+userPassword: password92
-+mail: uid92
-+uidnumber: 92
-+gidnumber: 92
-+homeDirectory: /home/uid92
-+
-+dn: cn=user93,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user93
-+sn: user93
-+uid: uid93
-+givenname: givenname93
-+description: description93
-+userPassword: password93
-+mail: uid93
-+uidnumber: 93
-+gidnumber: 93
-+homeDirectory: /home/uid93
-+
-+dn: cn=user94,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user94
-+sn: user94
-+uid: uid94
-+givenname: givenname94
-+description: description94
-+userPassword: password94
-+mail: uid94
-+uidnumber: 94
-+gidnumber: 94
-+homeDirectory: /home/uid94
-+
-+dn: cn=user95,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user95
-+sn: user95
-+uid: uid95
-+givenname: givenname95
-+description: description95
-+userPassword: password95
-+mail: uid95
-+uidnumber: 95
-+gidnumber: 95
-+homeDirectory: /home/uid95
-+
-+dn: cn=user96,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user96
-+sn: user96
-+uid: uid96
-+givenname: givenname96
-+description: description96
-+userPassword: password96
-+mail: uid96
-+uidnumber: 96
-+gidnumber: 96
-+homeDirectory: /home/uid96
-+
-+dn: cn=user97,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user97
-+sn: user97
-+uid: uid97
-+givenname: givenname97
-+description: description97
-+userPassword: password97
-+mail: uid97
-+uidnumber: 97
-+gidnumber: 97
-+homeDirectory: /home/uid97
-+
-+dn: cn=user98,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user98
-+sn: user98
-+uid: uid98
-+givenname: givenname98
-+description: description98
-+userPassword: password98
-+mail: uid98
-+uidnumber: 98
-+gidnumber: 98
-+homeDirectory: /home/uid98
-+
-+dn: cn=user99,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user99
-+sn: user99
-+uid: uid99
-+givenname: givenname99
-+description: description99
-+userPassword: password99
-+mail: uid99
-+uidnumber: 99
-+gidnumber: 99
-+homeDirectory: /home/uid99
-+
-+dn: cn=user100,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user100
-+sn: user100
-+uid: uid100
-+givenname: givenname100
-+description: description100
-+userPassword: password100
-+mail: uid100
-+uidnumber: 100
-+gidnumber: 100
-+homeDirectory: /home/uid100
-+
-+dn: cn=user101,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user101
-+sn: user101
-+uid: uid101
-+givenname: givenname101
-+description: description101
-+userPassword: password101
-+mail: uid101
-+uidnumber: 101
-+gidnumber: 101
-+homeDirectory: /home/uid101
-+
-+dn: cn=user102,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user102
-+sn: user102
-+uid: uid102
-+givenname: givenname102
-+description: description102
-+userPassword: password102
-+mail: uid102
-+uidnumber: 102
-+gidnumber: 102
-+homeDirectory: /home/uid102
-+
-+dn: cn=user103,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user103
-+sn: user103
-+uid: uid103
-+givenname: givenname103
-+description: description103
-+userPassword: password103
-+mail: uid103
-+uidnumber: 103
-+gidnumber: 103
-+homeDirectory: /home/uid103
-+
-+dn: cn=user104,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user104
-+sn: user104
-+uid: uid104
-+givenname: givenname104
-+description: description104
-+userPassword: password104
-+mail: uid104
-+uidnumber: 104
-+gidnumber: 104
-+homeDirectory: /home/uid104
-+
-+dn: cn=user105,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user105
-+sn: user105
-+uid: uid105
-+givenname: givenname105
-+description: description105
-+userPassword: password105
-+mail: uid105
-+uidnumber: 105
-+gidnumber: 105
-+homeDirectory: /home/uid105
-+
-+dn: cn=user106,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user106
-+sn: user106
-+uid: uid106
-+givenname: givenname106
-+description: description106
-+userPassword: password106
-+mail: uid106
-+uidnumber: 106
-+gidnumber: 106
-+homeDirectory: /home/uid106
-+
-+dn: cn=user107,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user107
-+sn: user107
-+uid: uid107
-+givenname: givenname107
-+description: description107
-+userPassword: password107
-+mail: uid107
-+uidnumber: 107
-+gidnumber: 107
-+homeDirectory: /home/uid107
-+
-+dn: cn=user108,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user108
-+sn: user108
-+uid: uid108
-+givenname: givenname108
-+description: description108
-+userPassword: password108
-+mail: uid108
-+uidnumber: 108
-+gidnumber: 108
-+homeDirectory: /home/uid108
-+
-+dn: cn=user109,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user109
-+sn: user109
-+uid: uid109
-+givenname: givenname109
-+description: description109
-+userPassword: password109
-+mail: uid109
-+uidnumber: 109
-+gidnumber: 109
-+homeDirectory: /home/uid109
-+
-+dn: cn=user110,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user110
-+sn: user110
-+uid: uid110
-+givenname: givenname110
-+description: description110
-+userPassword: password110
-+mail: uid110
-+uidnumber: 110
-+gidnumber: 110
-+homeDirectory: /home/uid110
-+
-+dn: cn=user111,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user111
-+sn: user111
-+uid: uid111
-+givenname: givenname111
-+description: description111
-+userPassword: password111
-+mail: uid111
-+uidnumber: 111
-+gidnumber: 111
-+homeDirectory: /home/uid111
-+
-+dn: cn=user112,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user112
-+sn: user112
-+uid: uid112
-+givenname: givenname112
-+description: description112
-+userPassword: password112
-+mail: uid112
-+uidnumber: 112
-+gidnumber: 112
-+homeDirectory: /home/uid112
-+
-+dn: cn=user113,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user113
-+sn: user113
-+uid: uid113
-+givenname: givenname113
-+description: description113
-+userPassword: password113
-+mail: uid113
-+uidnumber: 113
-+gidnumber: 113
-+homeDirectory: /home/uid113
-+
-+dn: cn=user114,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user114
-+sn: user114
-+uid: uid114
-+givenname: givenname114
-+description: description114
-+userPassword: password114
-+mail: uid114
-+uidnumber: 114
-+gidnumber: 114
-+homeDirectory: /home/uid114
-+
-+dn: cn=user115,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user115
-+sn: user115
-+uid: uid115
-+givenname: givenname115
-+description: description115
-+userPassword: password115
-+mail: uid115
-+uidnumber: 115
-+gidnumber: 115
-+homeDirectory: /home/uid115
-+
-+dn: cn=user116,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user116
-+sn: user116
-+uid: uid116
-+givenname: givenname116
-+description: description116
-+userPassword: password116
-+mail: uid116
-+uidnumber: 116
-+gidnumber: 116
-+homeDirectory: /home/uid116
-+
-+dn: cn=user117,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user117
-+sn: user117
-+uid: uid117
-+givenname: givenname117
-+description: description117
-+userPassword: password117
-+mail: uid117
-+uidnumber: 117
-+gidnumber: 117
-+homeDirectory: /home/uid117
-+
-+dn: cn=user118,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user118
-+sn: user118
-+uid: uid118
-+givenname: givenname118
-+description: description118
-+userPassword: password118
-+mail: uid118
-+uidnumber: 118
-+gidnumber: 118
-+homeDirectory: /home/uid118
-+
-+dn: cn=user119,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user119
-+sn: user119
-+uid: uid119
-+givenname: givenname119
-+description: description119
-+userPassword: password119
-+mail: uid119
-+uidnumber: 119
-+gidnumber: 119
-+homeDirectory: /home/uid119
-+
-+dn: cn=user120,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user120
-+sn: user120
-+uid: uid120
-+givenname: givenname120
-+description: description120
-+userPassword: password120
-+mail: uid120
-+uidnumber: 120
-+gidnumber: 120
-+homeDirectory: /home/uid120
-+
-+dn: cn=user121,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user121
-+sn: user121
-+uid: uid121
-+givenname: givenname121
-+description: description121
-+userPassword: password121
-+mail: uid121
-+uidnumber: 121
-+gidnumber: 121
-+homeDirectory: /home/uid121
-+
-+dn: cn=user122,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user122
-+sn: user122
-+uid: uid122
-+givenname: givenname122
-+description: description122
-+userPassword: password122
-+mail: uid122
-+uidnumber: 122
-+gidnumber: 122
-+homeDirectory: /home/uid122
-+
-+dn: cn=user123,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user123
-+sn: user123
-+uid: uid123
-+givenname: givenname123
-+description: description123
-+userPassword: password123
-+mail: uid123
-+uidnumber: 123
-+gidnumber: 123
-+homeDirectory: /home/uid123
-+
-+dn: cn=user124,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user124
-+sn: user124
-+uid: uid124
-+givenname: givenname124
-+description: description124
-+userPassword: password124
-+mail: uid124
-+uidnumber: 124
-+gidnumber: 124
-+homeDirectory: /home/uid124
-+
-+dn: cn=user125,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user125
-+sn: user125
-+uid: uid125
-+givenname: givenname125
-+description: description125
-+userPassword: password125
-+mail: uid125
-+uidnumber: 125
-+gidnumber: 125
-+homeDirectory: /home/uid125
-+
-+dn: cn=user126,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user126
-+sn: user126
-+uid: uid126
-+givenname: givenname126
-+description: description126
-+userPassword: password126
-+mail: uid126
-+uidnumber: 126
-+gidnumber: 126
-+homeDirectory: /home/uid126
-+
-+dn: cn=user127,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user127
-+sn: user127
-+uid: uid127
-+givenname: givenname127
-+description: description127
-+userPassword: password127
-+mail: uid127
-+uidnumber: 127
-+gidnumber: 127
-+homeDirectory: /home/uid127
-+
-+dn: cn=user128,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user128
-+sn: user128
-+uid: uid128
-+givenname: givenname128
-+description: description128
-+userPassword: password128
-+mail: uid128
-+uidnumber: 128
-+gidnumber: 128
-+homeDirectory: /home/uid128
-+
-+dn: cn=user129,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user129
-+sn: user129
-+uid: uid129
-+givenname: givenname129
-+description: description129
-+userPassword: password129
-+mail: uid129
-+uidnumber: 129
-+gidnumber: 129
-+homeDirectory: /home/uid129
-+
-+dn: cn=user130,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user130
-+sn: user130
-+uid: uid130
-+givenname: givenname130
-+description: description130
-+userPassword: password130
-+mail: uid130
-+uidnumber: 130
-+gidnumber: 130
-+homeDirectory: /home/uid130
-+
-+dn: cn=user131,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user131
-+sn: user131
-+uid: uid131
-+givenname: givenname131
-+description: description131
-+userPassword: password131
-+mail: uid131
-+uidnumber: 131
-+gidnumber: 131
-+homeDirectory: /home/uid131
-+
-+dn: cn=user132,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user132
-+sn: user132
-+uid: uid132
-+givenname: givenname132
-+description: description132
-+userPassword: password132
-+mail: uid132
-+uidnumber: 132
-+gidnumber: 132
-+homeDirectory: /home/uid132
-+
-+dn: cn=user133,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user133
-+sn: user133
-+uid: uid133
-+givenname: givenname133
-+description: description133
-+userPassword: password133
-+mail: uid133
-+uidnumber: 133
-+gidnumber: 133
-+homeDirectory: /home/uid133
-+
-+dn: cn=user134,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user134
-+sn: user134
-+uid: uid134
-+givenname: givenname134
-+description: description134
-+userPassword: password134
-+mail: uid134
-+uidnumber: 134
-+gidnumber: 134
-+homeDirectory: /home/uid134
-+
-+dn: cn=user135,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user135
-+sn: user135
-+uid: uid135
-+givenname: givenname135
-+description: description135
-+userPassword: password135
-+mail: uid135
-+uidnumber: 135
-+gidnumber: 135
-+homeDirectory: /home/uid135
-+
-+dn: cn=user136,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user136
-+sn: user136
-+uid: uid136
-+givenname: givenname136
-+description: description136
-+userPassword: password136
-+mail: uid136
-+uidnumber: 136
-+gidnumber: 136
-+homeDirectory: /home/uid136
-+
-+dn: cn=user137,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user137
-+sn: user137
-+uid: uid137
-+givenname: givenname137
-+description: description137
-+userPassword: password137
-+mail: uid137
-+uidnumber: 137
-+gidnumber: 137
-+homeDirectory: /home/uid137
-+
-+dn: cn=user138,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user138
-+sn: user138
-+uid: uid138
-+givenname: givenname138
-+description: description138
-+userPassword: password138
-+mail: uid138
-+uidnumber: 138
-+gidnumber: 138
-+homeDirectory: /home/uid138
-+
-+dn: cn=user139,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user139
-+sn: user139
-+uid: uid139
-+givenname: givenname139
-+description: description139
-+userPassword: password139
-+mail: uid139
-+uidnumber: 139
-+gidnumber: 139
-+homeDirectory: /home/uid139
-+
-+dn: cn=user140,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user140
-+sn: user140
-+uid: uid140
-+givenname: givenname140
-+description: description140
-+userPassword: password140
-+mail: uid140
-+uidnumber: 140
-+gidnumber: 140
-+homeDirectory: /home/uid140
-+
-+dn: cn=user141,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user141
-+sn: user141
-+uid: uid141
-+givenname: givenname141
-+description: description141
-+userPassword: password141
-+mail: uid141
-+uidnumber: 141
-+gidnumber: 141
-+homeDirectory: /home/uid141
-+
-+dn: cn=user142,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user142
-+sn: user142
-+uid: uid142
-+givenname: givenname142
-+description: description142
-+userPassword: password142
-+mail: uid142
-+uidnumber: 142
-+gidnumber: 142
-+homeDirectory: /home/uid142
-+
-+dn: cn=user143,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user143
-+sn: user143
-+uid: uid143
-+givenname: givenname143
-+description: description143
-+userPassword: password143
-+mail: uid143
-+uidnumber: 143
-+gidnumber: 143
-+homeDirectory: /home/uid143
-+
-+dn: cn=user144,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user144
-+sn: user144
-+uid: uid144
-+givenname: givenname144
-+description: description144
-+userPassword: password144
-+mail: uid144
-+uidnumber: 144
-+gidnumber: 144
-+homeDirectory: /home/uid144
-+
-+dn: cn=user145,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user145
-+sn: user145
-+uid: uid145
-+givenname: givenname145
-+description: description145
-+userPassword: password145
-+mail: uid145
-+uidnumber: 145
-+gidnumber: 145
-+homeDirectory: /home/uid145
-+
-+dn: cn=user146,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user146
-+sn: user146
-+uid: uid146
-+givenname: givenname146
-+description: description146
-+userPassword: password146
-+mail: uid146
-+uidnumber: 146
-+gidnumber: 146
-+homeDirectory: /home/uid146
-+
-+dn: cn=user147,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user147
-+sn: user147
-+uid: uid147
-+givenname: givenname147
-+description: description147
-+userPassword: password147
-+mail: uid147
-+uidnumber: 147
-+gidnumber: 147
-+homeDirectory: /home/uid147
-+
-+dn: cn=user148,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user148
-+sn: user148
-+uid: uid148
-+givenname: givenname148
-+description: description148
-+userPassword: password148
-+mail: uid148
-+uidnumber: 148
-+gidnumber: 148
-+homeDirectory: /home/uid148
-+
-+dn: cn=user149,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user149
-+sn: user149
-+uid: uid149
-+givenname: givenname149
-+description: description149
-+userPassword: password149
-+mail: uid149
-+uidnumber: 149
-+gidnumber: 149
-+homeDirectory: /home/uid149
-+
-+dn: cn=user150,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user150
-+sn: user150
-+uid: uid150
-+givenname: givenname150
-+description: description150
-+userPassword: password150
-+mail: uid150
-+uidnumber: 150
-+gidnumber: 150
-+homeDirectory: /home/uid150
-+
-+dn: cn=user151,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user151
-+sn: user151
-+uid: uid151
-+givenname: givenname151
-+description: description151
-+userPassword: password151
-+mail: uid151
-+uidnumber: 151
-+gidnumber: 151
-+homeDirectory: /home/uid151
-+
-+dn: cn=user152,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user152
-+sn: user152
-+uid: uid152
-+givenname: givenname152
-+description: description152
-+userPassword: password152
-+mail: uid152
-+uidnumber: 152
-+gidnumber: 152
-+homeDirectory: /home/uid152
-+
-+dn: cn=user153,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user153
-+sn: user153
-+uid: uid153
-+givenname: givenname153
-+description: description153
-+userPassword: password153
-+mail: uid153
-+uidnumber: 153
-+gidnumber: 153
-+homeDirectory: /home/uid153
-+
-+dn: cn=user154,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user154
-+sn: user154
-+uid: uid154
-+givenname: givenname154
-+description: description154
-+userPassword: password154
-+mail: uid154
-+uidnumber: 154
-+gidnumber: 154
-+homeDirectory: /home/uid154
-+
-+dn: cn=user155,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user155
-+sn: user155
-+uid: uid155
-+givenname: givenname155
-+description: description155
-+userPassword: password155
-+mail: uid155
-+uidnumber: 155
-+gidnumber: 155
-+homeDirectory: /home/uid155
-+
-+dn: cn=user156,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user156
-+sn: user156
-+uid: uid156
-+givenname: givenname156
-+description: description156
-+userPassword: password156
-+mail: uid156
-+uidnumber: 156
-+gidnumber: 156
-+homeDirectory: /home/uid156
-+
-+dn: cn=user157,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user157
-+sn: user157
-+uid: uid157
-+givenname: givenname157
-+description: description157
-+userPassword: password157
-+mail: uid157
-+uidnumber: 157
-+gidnumber: 157
-+homeDirectory: /home/uid157
-+
-+dn: cn=user158,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user158
-+sn: user158
-+uid: uid158
-+givenname: givenname158
-+description: description158
-+userPassword: password158
-+mail: uid158
-+uidnumber: 158
-+gidnumber: 158
-+homeDirectory: /home/uid158
-+
-+dn: cn=user159,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user159
-+sn: user159
-+uid: uid159
-+givenname: givenname159
-+description: description159
-+userPassword: password159
-+mail: uid159
-+uidnumber: 159
-+gidnumber: 159
-+homeDirectory: /home/uid159
-+
-+dn: cn=user160,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user160
-+sn: user160
-+uid: uid160
-+givenname: givenname160
-+description: description160
-+userPassword: password160
-+mail: uid160
-+uidnumber: 160
-+gidnumber: 160
-+homeDirectory: /home/uid160
-+
-+dn: cn=user161,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user161
-+sn: user161
-+uid: uid161
-+givenname: givenname161
-+description: description161
-+userPassword: password161
-+mail: uid161
-+uidnumber: 161
-+gidnumber: 161
-+homeDirectory: /home/uid161
-+
-+dn: cn=user162,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user162
-+sn: user162
-+uid: uid162
-+givenname: givenname162
-+description: description162
-+userPassword: password162
-+mail: uid162
-+uidnumber: 162
-+gidnumber: 162
-+homeDirectory: /home/uid162
-+
-+dn: cn=user163,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user163
-+sn: user163
-+uid: uid163
-+givenname: givenname163
-+description: description163
-+userPassword: password163
-+mail: uid163
-+uidnumber: 163
-+gidnumber: 163
-+homeDirectory: /home/uid163
-+
-+dn: cn=user164,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user164
-+sn: user164
-+uid: uid164
-+givenname: givenname164
-+description: description164
-+userPassword: password164
-+mail: uid164
-+uidnumber: 164
-+gidnumber: 164
-+homeDirectory: /home/uid164
-+
-+dn: cn=user165,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user165
-+sn: user165
-+uid: uid165
-+givenname: givenname165
-+description: description165
-+userPassword: password165
-+mail: uid165
-+uidnumber: 165
-+gidnumber: 165
-+homeDirectory: /home/uid165
-+
-+dn: cn=user166,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user166
-+sn: user166
-+uid: uid166
-+givenname: givenname166
-+description: description166
-+userPassword: password166
-+mail: uid166
-+uidnumber: 166
-+gidnumber: 166
-+homeDirectory: /home/uid166
-+
-+dn: cn=user167,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user167
-+sn: user167
-+uid: uid167
-+givenname: givenname167
-+description: description167
-+userPassword: password167
-+mail: uid167
-+uidnumber: 167
-+gidnumber: 167
-+homeDirectory: /home/uid167
-+
-+dn: cn=user168,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user168
-+sn: user168
-+uid: uid168
-+givenname: givenname168
-+description: description168
-+userPassword: password168
-+mail: uid168
-+uidnumber: 168
-+gidnumber: 168
-+homeDirectory: /home/uid168
-+
-+dn: cn=user169,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user169
-+sn: user169
-+uid: uid169
-+givenname: givenname169
-+description: description169
-+userPassword: password169
-+mail: uid169
-+uidnumber: 169
-+gidnumber: 169
-+homeDirectory: /home/uid169
-+
-+dn: cn=user170,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user170
-+sn: user170
-+uid: uid170
-+givenname: givenname170
-+description: description170
-+userPassword: password170
-+mail: uid170
-+uidnumber: 170
-+gidnumber: 170
-+homeDirectory: /home/uid170
-+
-+dn: cn=user171,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user171
-+sn: user171
-+uid: uid171
-+givenname: givenname171
-+description: description171
-+userPassword: password171
-+mail: uid171
-+uidnumber: 171
-+gidnumber: 171
-+homeDirectory: /home/uid171
-+
-+dn: cn=user172,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user172
-+sn: user172
-+uid: uid172
-+givenname: givenname172
-+description: description172
-+userPassword: password172
-+mail: uid172
-+uidnumber: 172
-+gidnumber: 172
-+homeDirectory: /home/uid172
-+
-+dn: cn=user173,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user173
-+sn: user173
-+uid: uid173
-+givenname: givenname173
-+description: description173
-+userPassword: password173
-+mail: uid173
-+uidnumber: 173
-+gidnumber: 173
-+homeDirectory: /home/uid173
-+
-+dn: cn=user174,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user174
-+sn: user174
-+uid: uid174
-+givenname: givenname174
-+description: description174
-+userPassword: password174
-+mail: uid174
-+uidnumber: 174
-+gidnumber: 174
-+homeDirectory: /home/uid174
-+
-+dn: cn=user175,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user175
-+sn: user175
-+uid: uid175
-+givenname: givenname175
-+description: description175
-+userPassword: password175
-+mail: uid175
-+uidnumber: 175
-+gidnumber: 175
-+homeDirectory: /home/uid175
-+
-+dn: cn=user176,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user176
-+sn: user176
-+uid: uid176
-+givenname: givenname176
-+description: description176
-+userPassword: password176
-+mail: uid176
-+uidnumber: 176
-+gidnumber: 176
-+homeDirectory: /home/uid176
-+
-+dn: cn=user177,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user177
-+sn: user177
-+uid: uid177
-+givenname: givenname177
-+description: description177
-+userPassword: password177
-+mail: uid177
-+uidnumber: 177
-+gidnumber: 177
-+homeDirectory: /home/uid177
-+
-+dn: cn=user178,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user178
-+sn: user178
-+uid: uid178
-+givenname: givenname178
-+description: description178
-+userPassword: password178
-+mail: uid178
-+uidnumber: 178
-+gidnumber: 178
-+homeDirectory: /home/uid178
-+
-+dn: cn=user179,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user179
-+sn: user179
-+uid: uid179
-+givenname: givenname179
-+description: description179
-+userPassword: password179
-+mail: uid179
-+uidnumber: 179
-+gidnumber: 179
-+homeDirectory: /home/uid179
-+
-+dn: cn=user180,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user180
-+sn: user180
-+uid: uid180
-+givenname: givenname180
-+description: description180
-+userPassword: password180
-+mail: uid180
-+uidnumber: 180
-+gidnumber: 180
-+homeDirectory: /home/uid180
-+
-+dn: cn=user181,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user181
-+sn: user181
-+uid: uid181
-+givenname: givenname181
-+description: description181
-+userPassword: password181
-+mail: uid181
-+uidnumber: 181
-+gidnumber: 181
-+homeDirectory: /home/uid181
-+
-+dn: cn=user182,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user182
-+sn: user182
-+uid: uid182
-+givenname: givenname182
-+description: description182
-+userPassword: password182
-+mail: uid182
-+uidnumber: 182
-+gidnumber: 182
-+homeDirectory: /home/uid182
-+
-+dn: cn=user183,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user183
-+sn: user183
-+uid: uid183
-+givenname: givenname183
-+description: description183
-+userPassword: password183
-+mail: uid183
-+uidnumber: 183
-+gidnumber: 183
-+homeDirectory: /home/uid183
-+
-+dn: cn=user184,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user184
-+sn: user184
-+uid: uid184
-+givenname: givenname184
-+description: description184
-+userPassword: password184
-+mail: uid184
-+uidnumber: 184
-+gidnumber: 184
-+homeDirectory: /home/uid184
-+
-+dn: cn=user185,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user185
-+sn: user185
-+uid: uid185
-+givenname: givenname185
-+description: description185
-+userPassword: password185
-+mail: uid185
-+uidnumber: 185
-+gidnumber: 185
-+homeDirectory: /home/uid185
-+
-+dn: cn=user186,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user186
-+sn: user186
-+uid: uid186
-+givenname: givenname186
-+description: description186
-+userPassword: password186
-+mail: uid186
-+uidnumber: 186
-+gidnumber: 186
-+homeDirectory: /home/uid186
-+
-+dn: cn=user187,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user187
-+sn: user187
-+uid: uid187
-+givenname: givenname187
-+description: description187
-+userPassword: password187
-+mail: uid187
-+uidnumber: 187
-+gidnumber: 187
-+homeDirectory: /home/uid187
-+
-+dn: cn=user188,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user188
-+sn: user188
-+uid: uid188
-+givenname: givenname188
-+description: description188
-+userPassword: password188
-+mail: uid188
-+uidnumber: 188
-+gidnumber: 188
-+homeDirectory: /home/uid188
-+
-+dn: cn=user189,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user189
-+sn: user189
-+uid: uid189
-+givenname: givenname189
-+description: description189
-+userPassword: password189
-+mail: uid189
-+uidnumber: 189
-+gidnumber: 189
-+homeDirectory: /home/uid189
-+
-+dn: cn=user190,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user190
-+sn: user190
-+uid: uid190
-+givenname: givenname190
-+description: description190
-+userPassword: password190
-+mail: uid190
-+uidnumber: 190
-+gidnumber: 190
-+homeDirectory: /home/uid190
-+
-+dn: cn=user191,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user191
-+sn: user191
-+uid: uid191
-+givenname: givenname191
-+description: description191
-+userPassword: password191
-+mail: uid191
-+uidnumber: 191
-+gidnumber: 191
-+homeDirectory: /home/uid191
-+
-+dn: cn=user192,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user192
-+sn: user192
-+uid: uid192
-+givenname: givenname192
-+description: description192
-+userPassword: password192
-+mail: uid192
-+uidnumber: 192
-+gidnumber: 192
-+homeDirectory: /home/uid192
-+
-+dn: cn=user193,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user193
-+sn: user193
-+uid: uid193
-+givenname: givenname193
-+description: description193
-+userPassword: password193
-+mail: uid193
-+uidnumber: 193
-+gidnumber: 193
-+homeDirectory: /home/uid193
-+
-+dn: cn=user194,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user194
-+sn: user194
-+uid: uid194
-+givenname: givenname194
-+description: description194
-+userPassword: password194
-+mail: uid194
-+uidnumber: 194
-+gidnumber: 194
-+homeDirectory: /home/uid194
-+
-+dn: cn=user195,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user195
-+sn: user195
-+uid: uid195
-+givenname: givenname195
-+description: description195
-+userPassword: password195
-+mail: uid195
-+uidnumber: 195
-+gidnumber: 195
-+homeDirectory: /home/uid195
-+
-+dn: cn=user196,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user196
-+sn: user196
-+uid: uid196
-+givenname: givenname196
-+description: description196
-+userPassword: password196
-+mail: uid196
-+uidnumber: 196
-+gidnumber: 196
-+homeDirectory: /home/uid196
-+
-+dn: cn=user197,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user197
-+sn: user197
-+uid: uid197
-+givenname: givenname197
-+description: description197
-+userPassword: password197
-+mail: uid197
-+uidnumber: 197
-+gidnumber: 197
-+homeDirectory: /home/uid197
-+
-+dn: cn=user198,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user198
-+sn: user198
-+uid: uid198
-+givenname: givenname198
-+description: description198
-+userPassword: password198
-+mail: uid198
-+uidnumber: 198
-+gidnumber: 198
-+homeDirectory: /home/uid198
-+
-+dn: cn=user199,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user199
-+sn: user199
-+uid: uid199
-+givenname: givenname199
-+description: description199
-+userPassword: password199
-+mail: uid199
-+uidnumber: 199
-+gidnumber: 199
-+homeDirectory: /home/uid199
-+
-+dn: cn=user200,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user200
-+sn: user200
-+uid: uid200
-+givenname: givenname200
-+description: description200
-+userPassword: password200
-+mail: uid200
-+uidnumber: 200
-+gidnumber: 200
-+homeDirectory: /home/uid200
-+
-+dn: cn=user201,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user201
-+sn: user201
-+uid: uid201
-+givenname: givenname201
-+description: description201
-+userPassword: password201
-+mail: uid201
-+uidnumber: 201
-+gidnumber: 201
-+homeDirectory: /home/uid201
-+
-+dn: cn=user202,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user202
-+sn: user202
-+uid: uid202
-+givenname: givenname202
-+description: description202
-+userPassword: password202
-+mail: uid202
-+uidnumber: 202
-+gidnumber: 202
-+homeDirectory: /home/uid202
-+
-+dn: cn=user203,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user203
-+sn: user203
-+uid: uid203
-+givenname: givenname203
-+description: description203
-+userPassword: password203
-+mail: uid203
-+uidnumber: 203
-+gidnumber: 203
-+homeDirectory: /home/uid203
-+
-+dn: cn=user204,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user204
-+sn: user204
-+uid: uid204
-+givenname: givenname204
-+description: description204
-+userPassword: password204
-+mail: uid204
-+uidnumber: 204
-+gidnumber: 204
-+homeDirectory: /home/uid204
-+
-+dn: cn=user205,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user205
-+sn: user205
-+uid: uid205
-+givenname: givenname205
-+description: description205
-+userPassword: password205
-+mail: uid205
-+uidnumber: 205
-+gidnumber: 205
-+homeDirectory: /home/uid205
-+
-+dn: cn=user206,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user206
-+sn: user206
-+uid: uid206
-+givenname: givenname206
-+description: description206
-+userPassword: password206
-+mail: uid206
-+uidnumber: 206
-+gidnumber: 206
-+homeDirectory: /home/uid206
-+
-+dn: cn=user207,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user207
-+sn: user207
-+uid: uid207
-+givenname: givenname207
-+description: description207
-+userPassword: password207
-+mail: uid207
-+uidnumber: 207
-+gidnumber: 207
-+homeDirectory: /home/uid207
-+
-+dn: cn=user208,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user208
-+sn: user208
-+uid: uid208
-+givenname: givenname208
-+description: description208
-+userPassword: password208
-+mail: uid208
-+uidnumber: 208
-+gidnumber: 208
-+homeDirectory: /home/uid208
-+
-+dn: cn=user209,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user209
-+sn: user209
-+uid: uid209
-+givenname: givenname209
-+description: description209
-+userPassword: password209
-+mail: uid209
-+uidnumber: 209
-+gidnumber: 209
-+homeDirectory: /home/uid209
-+
-+dn: cn=user210,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user210
-+sn: user210
-+uid: uid210
-+givenname: givenname210
-+description: description210
-+userPassword: password210
-+mail: uid210
-+uidnumber: 210
-+gidnumber: 210
-+homeDirectory: /home/uid210
-+
-+dn: cn=user211,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user211
-+sn: user211
-+uid: uid211
-+givenname: givenname211
-+description: description211
-+userPassword: password211
-+mail: uid211
-+uidnumber: 211
-+gidnumber: 211
-+homeDirectory: /home/uid211
-+
-+dn: cn=user212,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user212
-+sn: user212
-+uid: uid212
-+givenname: givenname212
-+description: description212
-+userPassword: password212
-+mail: uid212
-+uidnumber: 212
-+gidnumber: 212
-+homeDirectory: /home/uid212
-+
-+dn: cn=user213,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user213
-+sn: user213
-+uid: uid213
-+givenname: givenname213
-+description: description213
-+userPassword: password213
-+mail: uid213
-+uidnumber: 213
-+gidnumber: 213
-+homeDirectory: /home/uid213
-+
-+dn: cn=user214,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user214
-+sn: user214
-+uid: uid214
-+givenname: givenname214
-+description: description214
-+userPassword: password214
-+mail: uid214
-+uidnumber: 214
-+gidnumber: 214
-+homeDirectory: /home/uid214
-+
-+dn: cn=user215,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user215
-+sn: user215
-+uid: uid215
-+givenname: givenname215
-+description: description215
-+userPassword: password215
-+mail: uid215
-+uidnumber: 215
-+gidnumber: 215
-+homeDirectory: /home/uid215
-+
-+dn: cn=user216,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user216
-+sn: user216
-+uid: uid216
-+givenname: givenname216
-+description: description216
-+userPassword: password216
-+mail: uid216
-+uidnumber: 216
-+gidnumber: 216
-+homeDirectory: /home/uid216
-+
-+dn: cn=user217,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user217
-+sn: user217
-+uid: uid217
-+givenname: givenname217
-+description: description217
-+userPassword: password217
-+mail: uid217
-+uidnumber: 217
-+gidnumber: 217
-+homeDirectory: /home/uid217
-+
-+dn: cn=user218,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user218
-+sn: user218
-+uid: uid218
-+givenname: givenname218
-+description: description218
-+userPassword: password218
-+mail: uid218
-+uidnumber: 218
-+gidnumber: 218
-+homeDirectory: /home/uid218
-+
-+dn: cn=user219,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user219
-+sn: user219
-+uid: uid219
-+givenname: givenname219
-+description: description219
-+userPassword: password219
-+mail: uid219
-+uidnumber: 219
-+gidnumber: 219
-+homeDirectory: /home/uid219
-+
-+dn: cn=user220,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user220
-+sn: user220
-+uid: uid220
-+givenname: givenname220
-+description: description220
-+userPassword: password220
-+mail: uid220
-+uidnumber: 220
-+gidnumber: 220
-+homeDirectory: /home/uid220
-+
-+dn: cn=user221,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user221
-+sn: user221
-+uid: uid221
-+givenname: givenname221
-+description: description221
-+userPassword: password221
-+mail: uid221
-+uidnumber: 221
-+gidnumber: 221
-+homeDirectory: /home/uid221
-+
-+dn: cn=user222,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user222
-+sn: user222
-+uid: uid222
-+givenname: givenname222
-+description: description222
-+userPassword: password222
-+mail: uid222
-+uidnumber: 222
-+gidnumber: 222
-+homeDirectory: /home/uid222
-+
-+dn: cn=user223,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user223
-+sn: user223
-+uid: uid223
-+givenname: givenname223
-+description: description223
-+userPassword: password223
-+mail: uid223
-+uidnumber: 223
-+gidnumber: 223
-+homeDirectory: /home/uid223
-+
-+dn: cn=user224,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user224
-+sn: user224
-+uid: uid224
-+givenname: givenname224
-+description: description224
-+userPassword: password224
-+mail: uid224
-+uidnumber: 224
-+gidnumber: 224
-+homeDirectory: /home/uid224
-+
-+dn: cn=user225,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user225
-+sn: user225
-+uid: uid225
-+givenname: givenname225
-+description: description225
-+userPassword: password225
-+mail: uid225
-+uidnumber: 225
-+gidnumber: 225
-+homeDirectory: /home/uid225
-+
-+dn: cn=user226,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user226
-+sn: user226
-+uid: uid226
-+givenname: givenname226
-+description: description226
-+userPassword: password226
-+mail: uid226
-+uidnumber: 226
-+gidnumber: 226
-+homeDirectory: /home/uid226
-+
-+dn: cn=user227,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user227
-+sn: user227
-+uid: uid227
-+givenname: givenname227
-+description: description227
-+userPassword: password227
-+mail: uid227
-+uidnumber: 227
-+gidnumber: 227
-+homeDirectory: /home/uid227
-+
-+dn: cn=user228,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user228
-+sn: user228
-+uid: uid228
-+givenname: givenname228
-+description: description228
-+userPassword: password228
-+mail: uid228
-+uidnumber: 228
-+gidnumber: 228
-+homeDirectory: /home/uid228
-+
-+dn: cn=user229,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user229
-+sn: user229
-+uid: uid229
-+givenname: givenname229
-+description: description229
-+userPassword: password229
-+mail: uid229
-+uidnumber: 229
-+gidnumber: 229
-+homeDirectory: /home/uid229
-+
-+dn: cn=user230,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user230
-+sn: user230
-+uid: uid230
-+givenname: givenname230
-+description: description230
-+userPassword: password230
-+mail: uid230
-+uidnumber: 230
-+gidnumber: 230
-+homeDirectory: /home/uid230
-+
-+dn: cn=user231,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user231
-+sn: user231
-+uid: uid231
-+givenname: givenname231
-+description: description231
-+userPassword: password231
-+mail: uid231
-+uidnumber: 231
-+gidnumber: 231
-+homeDirectory: /home/uid231
-+
-+dn: cn=user232,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user232
-+sn: user232
-+uid: uid232
-+givenname: givenname232
-+description: description232
-+userPassword: password232
-+mail: uid232
-+uidnumber: 232
-+gidnumber: 232
-+homeDirectory: /home/uid232
-+
-+dn: cn=user233,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user233
-+sn: user233
-+uid: uid233
-+givenname: givenname233
-+description: description233
-+userPassword: password233
-+mail: uid233
-+uidnumber: 233
-+gidnumber: 233
-+homeDirectory: /home/uid233
-+
-+dn: cn=user234,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user234
-+sn: user234
-+uid: uid234
-+givenname: givenname234
-+description: description234
-+userPassword: password234
-+mail: uid234
-+uidnumber: 234
-+gidnumber: 234
-+homeDirectory: /home/uid234
-+
-+dn: cn=user235,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user235
-+sn: user235
-+uid: uid235
-+givenname: givenname235
-+description: description235
-+userPassword: password235
-+mail: uid235
-+uidnumber: 235
-+gidnumber: 235
-+homeDirectory: /home/uid235
-+
-+dn: cn=user236,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user236
-+sn: user236
-+uid: uid236
-+givenname: givenname236
-+description: description236
-+userPassword: password236
-+mail: uid236
-+uidnumber: 236
-+gidnumber: 236
-+homeDirectory: /home/uid236
-+
-+dn: cn=user237,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user237
-+sn: user237
-+uid: uid237
-+givenname: givenname237
-+description: description237
-+userPassword: password237
-+mail: uid237
-+uidnumber: 237
-+gidnumber: 237
-+homeDirectory: /home/uid237
-+
-+dn: cn=user238,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user238
-+sn: user238
-+uid: uid238
-+givenname: givenname238
-+description: description238
-+userPassword: password238
-+mail: uid238
-+uidnumber: 238
-+gidnumber: 238
-+homeDirectory: /home/uid238
-+
-+dn: cn=user239,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user239
-+sn: user239
-+uid: uid239
-+givenname: givenname239
-+description: description239
-+userPassword: password239
-+mail: uid239
-+uidnumber: 239
-+gidnumber: 239
-+homeDirectory: /home/uid239
-+
-+dn: cn=user240,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user240
-+sn: user240
-+uid: uid240
-+givenname: givenname240
-+description: description240
-+userPassword: password240
-+mail: uid240
-+uidnumber: 240
-+gidnumber: 240
-+homeDirectory: /home/uid240
-+
-+dn: cn=user241,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user241
-+sn: user241
-+uid: uid241
-+givenname: givenname241
-+description: description241
-+userPassword: password241
-+mail: uid241
-+uidnumber: 241
-+gidnumber: 241
-+homeDirectory: /home/uid241
-+
-+dn: cn=user242,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user242
-+sn: user242
-+uid: uid242
-+givenname: givenname242
-+description: description242
-+userPassword: password242
-+mail: uid242
-+uidnumber: 242
-+gidnumber: 242
-+homeDirectory: /home/uid242
-+
-+dn: cn=user243,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user243
-+sn: user243
-+uid: uid243
-+givenname: givenname243
-+description: description243
-+userPassword: password243
-+mail: uid243
-+uidnumber: 243
-+gidnumber: 243
-+homeDirectory: /home/uid243
-+
-+dn: cn=user244,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user244
-+sn: user244
-+uid: uid244
-+givenname: givenname244
-+description: description244
-+userPassword: password244
-+mail: uid244
-+uidnumber: 244
-+gidnumber: 244
-+homeDirectory: /home/uid244
-+
-+dn: cn=user245,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user245
-+sn: user245
-+uid: uid245
-+givenname: givenname245
-+description: description245
-+userPassword: password245
-+mail: uid245
-+uidnumber: 245
-+gidnumber: 245
-+homeDirectory: /home/uid245
-+
-+dn: cn=user246,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user246
-+sn: user246
-+uid: uid246
-+givenname: givenname246
-+description: description246
-+userPassword: password246
-+mail: uid246
-+uidnumber: 246
-+gidnumber: 246
-+homeDirectory: /home/uid246
-+
-+dn: cn=user247,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user247
-+sn: user247
-+uid: uid247
-+givenname: givenname247
-+description: description247
-+userPassword: password247
-+mail: uid247
-+uidnumber: 247
-+gidnumber: 247
-+homeDirectory: /home/uid247
-+
-+dn: cn=user248,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user248
-+sn: user248
-+uid: uid248
-+givenname: givenname248
-+description: description248
-+userPassword: password248
-+mail: uid248
-+uidnumber: 248
-+gidnumber: 248
-+homeDirectory: /home/uid248
-+
-+dn: cn=user249,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user249
-+sn: user249
-+uid: uid249
-+givenname: givenname249
-+description: description249
-+userPassword: password249
-+mail: uid249
-+uidnumber: 249
-+gidnumber: 249
-+homeDirectory: /home/uid249
-+
-+dn: cn=user250,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user250
-+sn: user250
-+uid: uid250
-+givenname: givenname250
-+description: description250
-+userPassword: password250
-+mail: uid250
-+uidnumber: 250
-+gidnumber: 250
-+homeDirectory: /home/uid250
-+
-+dn: cn=user251,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user251
-+sn: user251
-+uid: uid251
-+givenname: givenname251
-+description: description251
-+userPassword: password251
-+mail: uid251
-+uidnumber: 251
-+gidnumber: 251
-+homeDirectory: /home/uid251
-+
-+dn: cn=user252,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user252
-+sn: user252
-+uid: uid252
-+givenname: givenname252
-+description: description252
-+userPassword: password252
-+mail: uid252
-+uidnumber: 252
-+gidnumber: 252
-+homeDirectory: /home/uid252
-+
-+dn: cn=user253,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user253
-+sn: user253
-+uid: uid253
-+givenname: givenname253
-+description: description253
-+userPassword: password253
-+mail: uid253
-+uidnumber: 253
-+gidnumber: 253
-+homeDirectory: /home/uid253
-+
-+dn: cn=user254,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user254
-+sn: user254
-+uid: uid254
-+givenname: givenname254
-+description: description254
-+userPassword: password254
-+mail: uid254
-+uidnumber: 254
-+gidnumber: 254
-+homeDirectory: /home/uid254
-+
-+dn: cn=user255,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user255
-+sn: user255
-+uid: uid255
-+givenname: givenname255
-+description: description255
-+userPassword: password255
-+mail: uid255
-+uidnumber: 255
-+gidnumber: 255
-+homeDirectory: /home/uid255
-+
-+dn: cn=user256,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user256
-+sn: user256
-+uid: uid256
-+givenname: givenname256
-+description: description256
-+userPassword: password256
-+mail: uid256
-+uidnumber: 256
-+gidnumber: 256
-+homeDirectory: /home/uid256
-+
-+dn: cn=user257,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user257
-+sn: user257
-+uid: uid257
-+givenname: givenname257
-+description: description257
-+userPassword: password257
-+mail: uid257
-+uidnumber: 257
-+gidnumber: 257
-+homeDirectory: /home/uid257
-+
-+dn: cn=user258,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user258
-+sn: user258
-+uid: uid258
-+givenname: givenname258
-+description: description258
-+userPassword: password258
-+mail: uid258
-+uidnumber: 258
-+gidnumber: 258
-+homeDirectory: /home/uid258
-+
-+dn: cn=user259,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user259
-+sn: user259
-+uid: uid259
-+givenname: givenname259
-+description: description259
-+userPassword: password259
-+mail: uid259
-+uidnumber: 259
-+gidnumber: 259
-+homeDirectory: /home/uid259
-+
-+dn: cn=user260,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user260
-+sn: user260
-+uid: uid260
-+givenname: givenname260
-+description: description260
-+userPassword: password260
-+mail: uid260
-+uidnumber: 260
-+gidnumber: 260
-+homeDirectory: /home/uid260
-+
-+dn: cn=user261,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user261
-+sn: user261
-+uid: uid261
-+givenname: givenname261
-+description: description261
-+userPassword: password261
-+mail: uid261
-+uidnumber: 261
-+gidnumber: 261
-+homeDirectory: /home/uid261
-+
-+dn: cn=user262,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user262
-+sn: user262
-+uid: uid262
-+givenname: givenname262
-+description: description262
-+userPassword: password262
-+mail: uid262
-+uidnumber: 262
-+gidnumber: 262
-+homeDirectory: /home/uid262
-+
-+dn: cn=user263,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user263
-+sn: user263
-+uid: uid263
-+givenname: givenname263
-+description: description263
-+userPassword: password263
-+mail: uid263
-+uidnumber: 263
-+gidnumber: 263
-+homeDirectory: /home/uid263
-+
-+dn: cn=user264,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user264
-+sn: user264
-+uid: uid264
-+givenname: givenname264
-+description: description264
-+userPassword: password264
-+mail: uid264
-+uidnumber: 264
-+gidnumber: 264
-+homeDirectory: /home/uid264
-+
-+dn: cn=user265,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user265
-+sn: user265
-+uid: uid265
-+givenname: givenname265
-+description: description265
-+userPassword: password265
-+mail: uid265
-+uidnumber: 265
-+gidnumber: 265
-+homeDirectory: /home/uid265
-+
-+dn: cn=user266,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user266
-+sn: user266
-+uid: uid266
-+givenname: givenname266
-+description: description266
-+userPassword: password266
-+mail: uid266
-+uidnumber: 266
-+gidnumber: 266
-+homeDirectory: /home/uid266
-+
-+dn: cn=user267,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user267
-+sn: user267
-+uid: uid267
-+givenname: givenname267
-+description: description267
-+userPassword: password267
-+mail: uid267
-+uidnumber: 267
-+gidnumber: 267
-+homeDirectory: /home/uid267
-+
-+dn: cn=user268,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user268
-+sn: user268
-+uid: uid268
-+givenname: givenname268
-+description: description268
-+userPassword: password268
-+mail: uid268
-+uidnumber: 268
-+gidnumber: 268
-+homeDirectory: /home/uid268
-+
-+dn: cn=user269,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user269
-+sn: user269
-+uid: uid269
-+givenname: givenname269
-+description: description269
-+userPassword: password269
-+mail: uid269
-+uidnumber: 269
-+gidnumber: 269
-+homeDirectory: /home/uid269
-+
-+dn: cn=user270,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user270
-+sn: user270
-+uid: uid270
-+givenname: givenname270
-+description: description270
-+userPassword: password270
-+mail: uid270
-+uidnumber: 270
-+gidnumber: 270
-+homeDirectory: /home/uid270
-+
-+dn: cn=user271,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user271
-+sn: user271
-+uid: uid271
-+givenname: givenname271
-+description: description271
-+userPassword: password271
-+mail: uid271
-+uidnumber: 271
-+gidnumber: 271
-+homeDirectory: /home/uid271
-+
-+dn: cn=user272,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user272
-+sn: user272
-+uid: uid272
-+givenname: givenname272
-+description: description272
-+userPassword: password272
-+mail: uid272
-+uidnumber: 272
-+gidnumber: 272
-+homeDirectory: /home/uid272
-+
-+dn: cn=user273,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user273
-+sn: user273
-+uid: uid273
-+givenname: givenname273
-+description: description273
-+userPassword: password273
-+mail: uid273
-+uidnumber: 273
-+gidnumber: 273
-+homeDirectory: /home/uid273
-+
-+dn: cn=user274,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user274
-+sn: user274
-+uid: uid274
-+givenname: givenname274
-+description: description274
-+userPassword: password274
-+mail: uid274
-+uidnumber: 274
-+gidnumber: 274
-+homeDirectory: /home/uid274
-+
-+dn: cn=user275,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user275
-+sn: user275
-+uid: uid275
-+givenname: givenname275
-+description: description275
-+userPassword: password275
-+mail: uid275
-+uidnumber: 275
-+gidnumber: 275
-+homeDirectory: /home/uid275
-+
-+dn: cn=user276,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user276
-+sn: user276
-+uid: uid276
-+givenname: givenname276
-+description: description276
-+userPassword: password276
-+mail: uid276
-+uidnumber: 276
-+gidnumber: 276
-+homeDirectory: /home/uid276
-+
-+dn: cn=user277,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user277
-+sn: user277
-+uid: uid277
-+givenname: givenname277
-+description: description277
-+userPassword: password277
-+mail: uid277
-+uidnumber: 277
-+gidnumber: 277
-+homeDirectory: /home/uid277
-+
-+dn: cn=user278,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user278
-+sn: user278
-+uid: uid278
-+givenname: givenname278
-+description: description278
-+userPassword: password278
-+mail: uid278
-+uidnumber: 278
-+gidnumber: 278
-+homeDirectory: /home/uid278
-+
-+dn: cn=user279,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user279
-+sn: user279
-+uid: uid279
-+givenname: givenname279
-+description: description279
-+userPassword: password279
-+mail: uid279
-+uidnumber: 279
-+gidnumber: 279
-+homeDirectory: /home/uid279
-+
-+dn: cn=user280,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user280
-+sn: user280
-+uid: uid280
-+givenname: givenname280
-+description: description280
-+userPassword: password280
-+mail: uid280
-+uidnumber: 280
-+gidnumber: 280
-+homeDirectory: /home/uid280
-+
-+dn: cn=user281,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user281
-+sn: user281
-+uid: uid281
-+givenname: givenname281
-+description: description281
-+userPassword: password281
-+mail: uid281
-+uidnumber: 281
-+gidnumber: 281
-+homeDirectory: /home/uid281
-+
-+dn: cn=user282,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user282
-+sn: user282
-+uid: uid282
-+givenname: givenname282
-+description: description282
-+userPassword: password282
-+mail: uid282
-+uidnumber: 282
-+gidnumber: 282
-+homeDirectory: /home/uid282
-+
-+dn: cn=user283,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user283
-+sn: user283
-+uid: uid283
-+givenname: givenname283
-+description: description283
-+userPassword: password283
-+mail: uid283
-+uidnumber: 283
-+gidnumber: 283
-+homeDirectory: /home/uid283
-+
-+dn: cn=user284,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user284
-+sn: user284
-+uid: uid284
-+givenname: givenname284
-+description: description284
-+userPassword: password284
-+mail: uid284
-+uidnumber: 284
-+gidnumber: 284
-+homeDirectory: /home/uid284
-+
-+dn: cn=user285,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user285
-+sn: user285
-+uid: uid285
-+givenname: givenname285
-+description: description285
-+userPassword: password285
-+mail: uid285
-+uidnumber: 285
-+gidnumber: 285
-+homeDirectory: /home/uid285
-+
-+dn: cn=user286,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user286
-+sn: user286
-+uid: uid286
-+givenname: givenname286
-+description: description286
-+userPassword: password286
-+mail: uid286
-+uidnumber: 286
-+gidnumber: 286
-+homeDirectory: /home/uid286
-+
-+dn: cn=user287,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user287
-+sn: user287
-+uid: uid287
-+givenname: givenname287
-+description: description287
-+userPassword: password287
-+mail: uid287
-+uidnumber: 287
-+gidnumber: 287
-+homeDirectory: /home/uid287
-+
-+dn: cn=user288,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user288
-+sn: user288
-+uid: uid288
-+givenname: givenname288
-+description: description288
-+userPassword: password288
-+mail: uid288
-+uidnumber: 288
-+gidnumber: 288
-+homeDirectory: /home/uid288
-+
-+dn: cn=user289,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user289
-+sn: user289
-+uid: uid289
-+givenname: givenname289
-+description: description289
-+userPassword: password289
-+mail: uid289
-+uidnumber: 289
-+gidnumber: 289
-+homeDirectory: /home/uid289
-+
-+dn: cn=user290,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user290
-+sn: user290
-+uid: uid290
-+givenname: givenname290
-+description: description290
-+userPassword: password290
-+mail: uid290
-+uidnumber: 290
-+gidnumber: 290
-+homeDirectory: /home/uid290
-+
-+dn: cn=user291,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user291
-+sn: user291
-+uid: uid291
-+givenname: givenname291
-+description: description291
-+userPassword: password291
-+mail: uid291
-+uidnumber: 291
-+gidnumber: 291
-+homeDirectory: /home/uid291
-+
-+dn: cn=user292,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user292
-+sn: user292
-+uid: uid292
-+givenname: givenname292
-+description: description292
-+userPassword: password292
-+mail: uid292
-+uidnumber: 292
-+gidnumber: 292
-+homeDirectory: /home/uid292
-+
-+dn: cn=user293,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user293
-+sn: user293
-+uid: uid293
-+givenname: givenname293
-+description: description293
-+userPassword: password293
-+mail: uid293
-+uidnumber: 293
-+gidnumber: 293
-+homeDirectory: /home/uid293
-+
-+dn: cn=user294,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user294
-+sn: user294
-+uid: uid294
-+givenname: givenname294
-+description: description294
-+userPassword: password294
-+mail: uid294
-+uidnumber: 294
-+gidnumber: 294
-+homeDirectory: /home/uid294
-+
-+dn: cn=user295,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user295
-+sn: user295
-+uid: uid295
-+givenname: givenname295
-+description: description295
-+userPassword: password295
-+mail: uid295
-+uidnumber: 295
-+gidnumber: 295
-+homeDirectory: /home/uid295
-+
-+dn: cn=user296,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user296
-+sn: user296
-+uid: uid296
-+givenname: givenname296
-+description: description296
-+userPassword: password296
-+mail: uid296
-+uidnumber: 296
-+gidnumber: 296
-+homeDirectory: /home/uid296
-+
-+dn: cn=user297,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user297
-+sn: user297
-+uid: uid297
-+givenname: givenname297
-+description: description297
-+userPassword: password297
-+mail: uid297
-+uidnumber: 297
-+gidnumber: 297
-+homeDirectory: /home/uid297
-+
-+dn: cn=user298,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user298
-+sn: user298
-+uid: uid298
-+givenname: givenname298
-+description: description298
-+userPassword: password298
-+mail: uid298
-+uidnumber: 298
-+gidnumber: 298
-+homeDirectory: /home/uid298
-+
-+dn: cn=user299,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user299
-+sn: user299
-+uid: uid299
-+givenname: givenname299
-+description: description299
-+userPassword: password299
-+mail: uid299
-+uidnumber: 299
-+gidnumber: 299
-+homeDirectory: /home/uid299
-+
-+dn: cn=user300,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user300
-+sn: user300
-+uid: uid300
-+givenname: givenname300
-+description: description300
-+userPassword: password300
-+mail: uid300
-+uidnumber: 300
-+gidnumber: 300
-+homeDirectory: /home/uid300
-+
-+dn: cn=user301,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user301
-+sn: user301
-+uid: uid301
-+givenname: givenname301
-+description: description301
-+userPassword: password301
-+mail: uid301
-+uidnumber: 301
-+gidnumber: 301
-+homeDirectory: /home/uid301
-+
-+dn: cn=user302,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user302
-+sn: user302
-+uid: uid302
-+givenname: givenname302
-+description: description302
-+userPassword: password302
-+mail: uid302
-+uidnumber: 302
-+gidnumber: 302
-+homeDirectory: /home/uid302
-+
-+dn: cn=user303,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user303
-+sn: user303
-+uid: uid303
-+givenname: givenname303
-+description: description303
-+userPassword: password303
-+mail: uid303
-+uidnumber: 303
-+gidnumber: 303
-+homeDirectory: /home/uid303
-+
-+dn: cn=user304,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user304
-+sn: user304
-+uid: uid304
-+givenname: givenname304
-+description: description304
-+userPassword: password304
-+mail: uid304
-+uidnumber: 304
-+gidnumber: 304
-+homeDirectory: /home/uid304
-+
-+dn: cn=user305,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user305
-+sn: user305
-+uid: uid305
-+givenname: givenname305
-+description: description305
-+userPassword: password305
-+mail: uid305
-+uidnumber: 305
-+gidnumber: 305
-+homeDirectory: /home/uid305
-+
-+dn: cn=user306,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user306
-+sn: user306
-+uid: uid306
-+givenname: givenname306
-+description: description306
-+userPassword: password306
-+mail: uid306
-+uidnumber: 306
-+gidnumber: 306
-+homeDirectory: /home/uid306
-+
-+dn: cn=user307,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user307
-+sn: user307
-+uid: uid307
-+givenname: givenname307
-+description: description307
-+userPassword: password307
-+mail: uid307
-+uidnumber: 307
-+gidnumber: 307
-+homeDirectory: /home/uid307
-+
-+dn: cn=user308,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user308
-+sn: user308
-+uid: uid308
-+givenname: givenname308
-+description: description308
-+userPassword: password308
-+mail: uid308
-+uidnumber: 308
-+gidnumber: 308
-+homeDirectory: /home/uid308
-+
-+dn: cn=user309,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user309
-+sn: user309
-+uid: uid309
-+givenname: givenname309
-+description: description309
-+userPassword: password309
-+mail: uid309
-+uidnumber: 309
-+gidnumber: 309
-+homeDirectory: /home/uid309
-+
-+dn: cn=user310,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user310
-+sn: user310
-+uid: uid310
-+givenname: givenname310
-+description: description310
-+userPassword: password310
-+mail: uid310
-+uidnumber: 310
-+gidnumber: 310
-+homeDirectory: /home/uid310
-+
-+dn: cn=user311,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user311
-+sn: user311
-+uid: uid311
-+givenname: givenname311
-+description: description311
-+userPassword: password311
-+mail: uid311
-+uidnumber: 311
-+gidnumber: 311
-+homeDirectory: /home/uid311
-+
-+dn: cn=user312,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user312
-+sn: user312
-+uid: uid312
-+givenname: givenname312
-+description: description312
-+userPassword: password312
-+mail: uid312
-+uidnumber: 312
-+gidnumber: 312
-+homeDirectory: /home/uid312
-+
-+dn: cn=user313,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user313
-+sn: user313
-+uid: uid313
-+givenname: givenname313
-+description: description313
-+userPassword: password313
-+mail: uid313
-+uidnumber: 313
-+gidnumber: 313
-+homeDirectory: /home/uid313
-+
-+dn: cn=user314,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user314
-+sn: user314
-+uid: uid314
-+givenname: givenname314
-+description: description314
-+userPassword: password314
-+mail: uid314
-+uidnumber: 314
-+gidnumber: 314
-+homeDirectory: /home/uid314
-+
-+dn: cn=user315,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user315
-+sn: user315
-+uid: uid315
-+givenname: givenname315
-+description: description315
-+userPassword: password315
-+mail: uid315
-+uidnumber: 315
-+gidnumber: 315
-+homeDirectory: /home/uid315
-+
-+dn: cn=user316,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user316
-+sn: user316
-+uid: uid316
-+givenname: givenname316
-+description: description316
-+userPassword: password316
-+mail: uid316
-+uidnumber: 316
-+gidnumber: 316
-+homeDirectory: /home/uid316
-+
-+dn: cn=user317,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user317
-+sn: user317
-+uid: uid317
-+givenname: givenname317
-+description: description317
-+userPassword: password317
-+mail: uid317
-+uidnumber: 317
-+gidnumber: 317
-+homeDirectory: /home/uid317
-+
-+dn: cn=user318,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user318
-+sn: user318
-+uid: uid318
-+givenname: givenname318
-+description: description318
-+userPassword: password318
-+mail: uid318
-+uidnumber: 318
-+gidnumber: 318
-+homeDirectory: /home/uid318
-+
-+dn: cn=user319,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user319
-+sn: user319
-+uid: uid319
-+givenname: givenname319
-+description: description319
-+userPassword: password319
-+mail: uid319
-+uidnumber: 319
-+gidnumber: 319
-+homeDirectory: /home/uid319
-+
-+dn: cn=user320,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user320
-+sn: user320
-+uid: uid320
-+givenname: givenname320
-+description: description320
-+userPassword: password320
-+mail: uid320
-+uidnumber: 320
-+gidnumber: 320
-+homeDirectory: /home/uid320
-+
-+dn: cn=user321,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user321
-+sn: user321
-+uid: uid321
-+givenname: givenname321
-+description: description321
-+userPassword: password321
-+mail: uid321
-+uidnumber: 321
-+gidnumber: 321
-+homeDirectory: /home/uid321
-+
-+dn: cn=user322,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user322
-+sn: user322
-+uid: uid322
-+givenname: givenname322
-+description: description322
-+userPassword: password322
-+mail: uid322
-+uidnumber: 322
-+gidnumber: 322
-+homeDirectory: /home/uid322
-+
-+dn: cn=user323,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user323
-+sn: user323
-+uid: uid323
-+givenname: givenname323
-+description: description323
-+userPassword: password323
-+mail: uid323
-+uidnumber: 323
-+gidnumber: 323
-+homeDirectory: /home/uid323
-+
-+dn: cn=user324,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user324
-+sn: user324
-+uid: uid324
-+givenname: givenname324
-+description: description324
-+userPassword: password324
-+mail: uid324
-+uidnumber: 324
-+gidnumber: 324
-+homeDirectory: /home/uid324
-+
-+dn: cn=user325,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user325
-+sn: user325
-+uid: uid325
-+givenname: givenname325
-+description: description325
-+userPassword: password325
-+mail: uid325
-+uidnumber: 325
-+gidnumber: 325
-+homeDirectory: /home/uid325
-+
-+dn: cn=user326,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user326
-+sn: user326
-+uid: uid326
-+givenname: givenname326
-+description: description326
-+userPassword: password326
-+mail: uid326
-+uidnumber: 326
-+gidnumber: 326
-+homeDirectory: /home/uid326
-+
-+dn: cn=user327,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user327
-+sn: user327
-+uid: uid327
-+givenname: givenname327
-+description: description327
-+userPassword: password327
-+mail: uid327
-+uidnumber: 327
-+gidnumber: 327
-+homeDirectory: /home/uid327
-+
-+dn: cn=user328,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user328
-+sn: user328
-+uid: uid328
-+givenname: givenname328
-+description: description328
-+userPassword: password328
-+mail: uid328
-+uidnumber: 328
-+gidnumber: 328
-+homeDirectory: /home/uid328
-+
-+dn: cn=user329,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user329
-+sn: user329
-+uid: uid329
-+givenname: givenname329
-+description: description329
-+userPassword: password329
-+mail: uid329
-+uidnumber: 329
-+gidnumber: 329
-+homeDirectory: /home/uid329
-+
-+dn: cn=user330,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user330
-+sn: user330
-+uid: uid330
-+givenname: givenname330
-+description: description330
-+userPassword: password330
-+mail: uid330
-+uidnumber: 330
-+gidnumber: 330
-+homeDirectory: /home/uid330
-+
-+dn: cn=user331,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user331
-+sn: user331
-+uid: uid331
-+givenname: givenname331
-+description: description331
-+userPassword: password331
-+mail: uid331
-+uidnumber: 331
-+gidnumber: 331
-+homeDirectory: /home/uid331
-+
-+dn: cn=user332,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user332
-+sn: user332
-+uid: uid332
-+givenname: givenname332
-+description: description332
-+userPassword: password332
-+mail: uid332
-+uidnumber: 332
-+gidnumber: 332
-+homeDirectory: /home/uid332
-+
-+dn: cn=user333,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user333
-+sn: user333
-+uid: uid333
-+givenname: givenname333
-+description: description333
-+userPassword: password333
-+mail: uid333
-+uidnumber: 333
-+gidnumber: 333
-+homeDirectory: /home/uid333
-+
-+dn: cn=user334,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user334
-+sn: user334
-+uid: uid334
-+givenname: givenname334
-+description: description334
-+userPassword: password334
-+mail: uid334
-+uidnumber: 334
-+gidnumber: 334
-+homeDirectory: /home/uid334
-+
-+dn: cn=user335,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user335
-+sn: user335
-+uid: uid335
-+givenname: givenname335
-+description: description335
-+userPassword: password335
-+mail: uid335
-+uidnumber: 335
-+gidnumber: 335
-+homeDirectory: /home/uid335
-+
-+dn: cn=user336,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user336
-+sn: user336
-+uid: uid336
-+givenname: givenname336
-+description: description336
-+userPassword: password336
-+mail: uid336
-+uidnumber: 336
-+gidnumber: 336
-+homeDirectory: /home/uid336
-+
-+dn: cn=user337,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user337
-+sn: user337
-+uid: uid337
-+givenname: givenname337
-+description: description337
-+userPassword: password337
-+mail: uid337
-+uidnumber: 337
-+gidnumber: 337
-+homeDirectory: /home/uid337
-+
-+dn: cn=user338,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user338
-+sn: user338
-+uid: uid338
-+givenname: givenname338
-+description: description338
-+userPassword: password338
-+mail: uid338
-+uidnumber: 338
-+gidnumber: 338
-+homeDirectory: /home/uid338
-+
-+dn: cn=user339,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user339
-+sn: user339
-+uid: uid339
-+givenname: givenname339
-+description: description339
-+userPassword: password339
-+mail: uid339
-+uidnumber: 339
-+gidnumber: 339
-+homeDirectory: /home/uid339
-+
-+dn: cn=user340,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user340
-+sn: user340
-+uid: uid340
-+givenname: givenname340
-+description: description340
-+userPassword: password340
-+mail: uid340
-+uidnumber: 340
-+gidnumber: 340
-+homeDirectory: /home/uid340
-+
-+dn: cn=user341,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user341
-+sn: user341
-+uid: uid341
-+givenname: givenname341
-+description: description341
-+userPassword: password341
-+mail: uid341
-+uidnumber: 341
-+gidnumber: 341
-+homeDirectory: /home/uid341
-+
-+dn: cn=user342,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user342
-+sn: user342
-+uid: uid342
-+givenname: givenname342
-+description: description342
-+userPassword: password342
-+mail: uid342
-+uidnumber: 342
-+gidnumber: 342
-+homeDirectory: /home/uid342
-+
-+dn: cn=user343,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user343
-+sn: user343
-+uid: uid343
-+givenname: givenname343
-+description: description343
-+userPassword: password343
-+mail: uid343
-+uidnumber: 343
-+gidnumber: 343
-+homeDirectory: /home/uid343
-+
-+dn: cn=user344,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user344
-+sn: user344
-+uid: uid344
-+givenname: givenname344
-+description: description344
-+userPassword: password344
-+mail: uid344
-+uidnumber: 344
-+gidnumber: 344
-+homeDirectory: /home/uid344
-+
-+dn: cn=user345,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user345
-+sn: user345
-+uid: uid345
-+givenname: givenname345
-+description: description345
-+userPassword: password345
-+mail: uid345
-+uidnumber: 345
-+gidnumber: 345
-+homeDirectory: /home/uid345
-+
-+dn: cn=user346,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user346
-+sn: user346
-+uid: uid346
-+givenname: givenname346
-+description: description346
-+userPassword: password346
-+mail: uid346
-+uidnumber: 346
-+gidnumber: 346
-+homeDirectory: /home/uid346
-+
-+dn: cn=user347,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user347
-+sn: user347
-+uid: uid347
-+givenname: givenname347
-+description: description347
-+userPassword: password347
-+mail: uid347
-+uidnumber: 347
-+gidnumber: 347
-+homeDirectory: /home/uid347
-+
-+dn: cn=user348,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user348
-+sn: user348
-+uid: uid348
-+givenname: givenname348
-+description: description348
-+userPassword: password348
-+mail: uid348
-+uidnumber: 348
-+gidnumber: 348
-+homeDirectory: /home/uid348
-+
-+dn: cn=user349,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user349
-+sn: user349
-+uid: uid349
-+givenname: givenname349
-+description: description349
-+userPassword: password349
-+mail: uid349
-+uidnumber: 349
-+gidnumber: 349
-+homeDirectory: /home/uid349
-+
-+dn: cn=user350,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user350
-+sn: user350
-+uid: uid350
-+givenname: givenname350
-+description: description350
-+userPassword: password350
-+mail: uid350
-+uidnumber: 350
-+gidnumber: 350
-+homeDirectory: /home/uid350
-+
-+dn: cn=user351,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user351
-+sn: user351
-+uid: uid351
-+givenname: givenname351
-+description: description351
-+userPassword: password351
-+mail: uid351
-+uidnumber: 351
-+gidnumber: 351
-+homeDirectory: /home/uid351
-+
-+dn: cn=user352,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user352
-+sn: user352
-+uid: uid352
-+givenname: givenname352
-+description: description352
-+userPassword: password352
-+mail: uid352
-+uidnumber: 352
-+gidnumber: 352
-+homeDirectory: /home/uid352
-+
-+dn: cn=user353,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user353
-+sn: user353
-+uid: uid353
-+givenname: givenname353
-+description: description353
-+userPassword: password353
-+mail: uid353
-+uidnumber: 353
-+gidnumber: 353
-+homeDirectory: /home/uid353
-+
-+dn: cn=user354,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user354
-+sn: user354
-+uid: uid354
-+givenname: givenname354
-+description: description354
-+userPassword: password354
-+mail: uid354
-+uidnumber: 354
-+gidnumber: 354
-+homeDirectory: /home/uid354
-+
-+dn: cn=user355,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user355
-+sn: user355
-+uid: uid355
-+givenname: givenname355
-+description: description355
-+userPassword: password355
-+mail: uid355
-+uidnumber: 355
-+gidnumber: 355
-+homeDirectory: /home/uid355
-+
-+dn: cn=user356,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user356
-+sn: user356
-+uid: uid356
-+givenname: givenname356
-+description: description356
-+userPassword: password356
-+mail: uid356
-+uidnumber: 356
-+gidnumber: 356
-+homeDirectory: /home/uid356
-+
-+dn: cn=user357,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user357
-+sn: user357
-+uid: uid357
-+givenname: givenname357
-+description: description357
-+userPassword: password357
-+mail: uid357
-+uidnumber: 357
-+gidnumber: 357
-+homeDirectory: /home/uid357
-+
-+dn: cn=user358,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user358
-+sn: user358
-+uid: uid358
-+givenname: givenname358
-+description: description358
-+userPassword: password358
-+mail: uid358
-+uidnumber: 358
-+gidnumber: 358
-+homeDirectory: /home/uid358
-+
-+dn: cn=user359,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user359
-+sn: user359
-+uid: uid359
-+givenname: givenname359
-+description: description359
-+userPassword: password359
-+mail: uid359
-+uidnumber: 359
-+gidnumber: 359
-+homeDirectory: /home/uid359
-+
-+dn: cn=user360,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user360
-+sn: user360
-+uid: uid360
-+givenname: givenname360
-+description: description360
-+userPassword: password360
-+mail: uid360
-+uidnumber: 360
-+gidnumber: 360
-+homeDirectory: /home/uid360
-+
-+dn: cn=user361,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user361
-+sn: user361
-+uid: uid361
-+givenname: givenname361
-+description: description361
-+userPassword: password361
-+mail: uid361
-+uidnumber: 361
-+gidnumber: 361
-+homeDirectory: /home/uid361
-+
-+dn: cn=user362,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user362
-+sn: user362
-+uid: uid362
-+givenname: givenname362
-+description: description362
-+userPassword: password362
-+mail: uid362
-+uidnumber: 362
-+gidnumber: 362
-+homeDirectory: /home/uid362
-+
-+dn: cn=user363,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user363
-+sn: user363
-+uid: uid363
-+givenname: givenname363
-+description: description363
-+userPassword: password363
-+mail: uid363
-+uidnumber: 363
-+gidnumber: 363
-+homeDirectory: /home/uid363
-+
-+dn: cn=user364,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user364
-+sn: user364
-+uid: uid364
-+givenname: givenname364
-+description: description364
-+userPassword: password364
-+mail: uid364
-+uidnumber: 364
-+gidnumber: 364
-+homeDirectory: /home/uid364
-+
-+dn: cn=user365,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user365
-+sn: user365
-+uid: uid365
-+givenname: givenname365
-+description: description365
-+userPassword: password365
-+mail: uid365
-+uidnumber: 365
-+gidnumber: 365
-+homeDirectory: /home/uid365
-+
-+dn: cn=user366,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user366
-+sn: user366
-+uid: uid366
-+givenname: givenname366
-+description: description366
-+userPassword: password366
-+mail: uid366
-+uidnumber: 366
-+gidnumber: 366
-+homeDirectory: /home/uid366
-+
-+dn: cn=user367,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user367
-+sn: user367
-+uid: uid367
-+givenname: givenname367
-+description: description367
-+userPassword: password367
-+mail: uid367
-+uidnumber: 367
-+gidnumber: 367
-+homeDirectory: /home/uid367
-+
-+dn: cn=user368,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user368
-+sn: user368
-+uid: uid368
-+givenname: givenname368
-+description: description368
-+userPassword: password368
-+mail: uid368
-+uidnumber: 368
-+gidnumber: 368
-+homeDirectory: /home/uid368
-+
-+dn: cn=user369,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user369
-+sn: user369
-+uid: uid369
-+givenname: givenname369
-+description: description369
-+userPassword: password369
-+mail: uid369
-+uidnumber: 369
-+gidnumber: 369
-+homeDirectory: /home/uid369
-+
-+dn: cn=user370,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user370
-+sn: user370
-+uid: uid370
-+givenname: givenname370
-+description: description370
-+userPassword: password370
-+mail: uid370
-+uidnumber: 370
-+gidnumber: 370
-+homeDirectory: /home/uid370
-+
-+dn: cn=user371,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user371
-+sn: user371
-+uid: uid371
-+givenname: givenname371
-+description: description371
-+userPassword: password371
-+mail: uid371
-+uidnumber: 371
-+gidnumber: 371
-+homeDirectory: /home/uid371
-+
-+dn: cn=user372,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user372
-+sn: user372
-+uid: uid372
-+givenname: givenname372
-+description: description372
-+userPassword: password372
-+mail: uid372
-+uidnumber: 372
-+gidnumber: 372
-+homeDirectory: /home/uid372
-+
-+dn: cn=user373,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user373
-+sn: user373
-+uid: uid373
-+givenname: givenname373
-+description: description373
-+userPassword: password373
-+mail: uid373
-+uidnumber: 373
-+gidnumber: 373
-+homeDirectory: /home/uid373
-+
-+dn: cn=user374,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user374
-+sn: user374
-+uid: uid374
-+givenname: givenname374
-+description: description374
-+userPassword: password374
-+mail: uid374
-+uidnumber: 374
-+gidnumber: 374
-+homeDirectory: /home/uid374
-+
-+dn: cn=user375,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user375
-+sn: user375
-+uid: uid375
-+givenname: givenname375
-+description: description375
-+userPassword: password375
-+mail: uid375
-+uidnumber: 375
-+gidnumber: 375
-+homeDirectory: /home/uid375
-+
-+dn: cn=user376,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user376
-+sn: user376
-+uid: uid376
-+givenname: givenname376
-+description: description376
-+userPassword: password376
-+mail: uid376
-+uidnumber: 376
-+gidnumber: 376
-+homeDirectory: /home/uid376
-+
-+dn: cn=user377,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user377
-+sn: user377
-+uid: uid377
-+givenname: givenname377
-+description: description377
-+userPassword: password377
-+mail: uid377
-+uidnumber: 377
-+gidnumber: 377
-+homeDirectory: /home/uid377
-+
-+dn: cn=user378,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user378
-+sn: user378
-+uid: uid378
-+givenname: givenname378
-+description: description378
-+userPassword: password378
-+mail: uid378
-+uidnumber: 378
-+gidnumber: 378
-+homeDirectory: /home/uid378
-+
-+dn: cn=user379,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user379
-+sn: user379
-+uid: uid379
-+givenname: givenname379
-+description: description379
-+userPassword: password379
-+mail: uid379
-+uidnumber: 379
-+gidnumber: 379
-+homeDirectory: /home/uid379
-+
-+dn: cn=user380,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user380
-+sn: user380
-+uid: uid380
-+givenname: givenname380
-+description: description380
-+userPassword: password380
-+mail: uid380
-+uidnumber: 380
-+gidnumber: 380
-+homeDirectory: /home/uid380
-+
-+dn: cn=user381,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user381
-+sn: user381
-+uid: uid381
-+givenname: givenname381
-+description: description381
-+userPassword: password381
-+mail: uid381
-+uidnumber: 381
-+gidnumber: 381
-+homeDirectory: /home/uid381
-+
-+dn: cn=user382,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user382
-+sn: user382
-+uid: uid382
-+givenname: givenname382
-+description: description382
-+userPassword: password382
-+mail: uid382
-+uidnumber: 382
-+gidnumber: 382
-+homeDirectory: /home/uid382
-+
-+dn: cn=user383,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user383
-+sn: user383
-+uid: uid383
-+givenname: givenname383
-+description: description383
-+userPassword: password383
-+mail: uid383
-+uidnumber: 383
-+gidnumber: 383
-+homeDirectory: /home/uid383
-+
-+dn: cn=user384,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user384
-+sn: user384
-+uid: uid384
-+givenname: givenname384
-+description: description384
-+userPassword: password384
-+mail: uid384
-+uidnumber: 384
-+gidnumber: 384
-+homeDirectory: /home/uid384
-+
-+dn: cn=user385,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user385
-+sn: user385
-+uid: uid385
-+givenname: givenname385
-+description: description385
-+userPassword: password385
-+mail: uid385
-+uidnumber: 385
-+gidnumber: 385
-+homeDirectory: /home/uid385
-+
-+dn: cn=user386,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user386
-+sn: user386
-+uid: uid386
-+givenname: givenname386
-+description: description386
-+userPassword: password386
-+mail: uid386
-+uidnumber: 386
-+gidnumber: 386
-+homeDirectory: /home/uid386
-+
-+dn: cn=user387,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user387
-+sn: user387
-+uid: uid387
-+givenname: givenname387
-+description: description387
-+userPassword: password387
-+mail: uid387
-+uidnumber: 387
-+gidnumber: 387
-+homeDirectory: /home/uid387
-+
-+dn: cn=user388,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user388
-+sn: user388
-+uid: uid388
-+givenname: givenname388
-+description: description388
-+userPassword: password388
-+mail: uid388
-+uidnumber: 388
-+gidnumber: 388
-+homeDirectory: /home/uid388
-+
-+dn: cn=user389,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user389
-+sn: user389
-+uid: uid389
-+givenname: givenname389
-+description: description389
-+userPassword: password389
-+mail: uid389
-+uidnumber: 389
-+gidnumber: 389
-+homeDirectory: /home/uid389
-+
-+dn: cn=user390,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user390
-+sn: user390
-+uid: uid390
-+givenname: givenname390
-+description: description390
-+userPassword: password390
-+mail: uid390
-+uidnumber: 390
-+gidnumber: 390
-+homeDirectory: /home/uid390
-+
-+dn: cn=user391,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user391
-+sn: user391
-+uid: uid391
-+givenname: givenname391
-+description: description391
-+userPassword: password391
-+mail: uid391
-+uidnumber: 391
-+gidnumber: 391
-+homeDirectory: /home/uid391
-+
-+dn: cn=user392,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user392
-+sn: user392
-+uid: uid392
-+givenname: givenname392
-+description: description392
-+userPassword: password392
-+mail: uid392
-+uidnumber: 392
-+gidnumber: 392
-+homeDirectory: /home/uid392
-+
-+dn: cn=user393,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user393
-+sn: user393
-+uid: uid393
-+givenname: givenname393
-+description: description393
-+userPassword: password393
-+mail: uid393
-+uidnumber: 393
-+gidnumber: 393
-+homeDirectory: /home/uid393
-+
-+dn: cn=user394,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user394
-+sn: user394
-+uid: uid394
-+givenname: givenname394
-+description: description394
-+userPassword: password394
-+mail: uid394
-+uidnumber: 394
-+gidnumber: 394
-+homeDirectory: /home/uid394
-+
-+dn: cn=user395,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user395
-+sn: user395
-+uid: uid395
-+givenname: givenname395
-+description: description395
-+userPassword: password395
-+mail: uid395
-+uidnumber: 395
-+gidnumber: 395
-+homeDirectory: /home/uid395
-+
-+dn: cn=user396,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user396
-+sn: user396
-+uid: uid396
-+givenname: givenname396
-+description: description396
-+userPassword: password396
-+mail: uid396
-+uidnumber: 396
-+gidnumber: 396
-+homeDirectory: /home/uid396
-+
-+dn: cn=user397,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user397
-+sn: user397
-+uid: uid397
-+givenname: givenname397
-+description: description397
-+userPassword: password397
-+mail: uid397
-+uidnumber: 397
-+gidnumber: 397
-+homeDirectory: /home/uid397
-+
-+dn: cn=user398,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user398
-+sn: user398
-+uid: uid398
-+givenname: givenname398
-+description: description398
-+userPassword: password398
-+mail: uid398
-+uidnumber: 398
-+gidnumber: 398
-+homeDirectory: /home/uid398
-+
-+dn: cn=user399,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user399
-+sn: user399
-+uid: uid399
-+givenname: givenname399
-+description: description399
-+userPassword: password399
-+mail: uid399
-+uidnumber: 399
-+gidnumber: 399
-+homeDirectory: /home/uid399
-+
-+dn: cn=user400,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user400
-+sn: user400
-+uid: uid400
-+givenname: givenname400
-+description: description400
-+userPassword: password400
-+mail: uid400
-+uidnumber: 400
-+gidnumber: 400
-+homeDirectory: /home/uid400
-+
-+dn: cn=user401,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user401
-+sn: user401
-+uid: uid401
-+givenname: givenname401
-+description: description401
-+userPassword: password401
-+mail: uid401
-+uidnumber: 401
-+gidnumber: 401
-+homeDirectory: /home/uid401
-+
-+dn: cn=user402,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user402
-+sn: user402
-+uid: uid402
-+givenname: givenname402
-+description: description402
-+userPassword: password402
-+mail: uid402
-+uidnumber: 402
-+gidnumber: 402
-+homeDirectory: /home/uid402
-+
-+dn: cn=user403,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user403
-+sn: user403
-+uid: uid403
-+givenname: givenname403
-+description: description403
-+userPassword: password403
-+mail: uid403
-+uidnumber: 403
-+gidnumber: 403
-+homeDirectory: /home/uid403
-+
-+dn: cn=user404,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user404
-+sn: user404
-+uid: uid404
-+givenname: givenname404
-+description: description404
-+userPassword: password404
-+mail: uid404
-+uidnumber: 404
-+gidnumber: 404
-+homeDirectory: /home/uid404
-+
-+dn: cn=user405,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user405
-+sn: user405
-+uid: uid405
-+givenname: givenname405
-+description: description405
-+userPassword: password405
-+mail: uid405
-+uidnumber: 405
-+gidnumber: 405
-+homeDirectory: /home/uid405
-+
-+dn: cn=user406,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user406
-+sn: user406
-+uid: uid406
-+givenname: givenname406
-+description: description406
-+userPassword: password406
-+mail: uid406
-+uidnumber: 406
-+gidnumber: 406
-+homeDirectory: /home/uid406
-+
-+dn: cn=user407,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user407
-+sn: user407
-+uid: uid407
-+givenname: givenname407
-+description: description407
-+userPassword: password407
-+mail: uid407
-+uidnumber: 407
-+gidnumber: 407
-+homeDirectory: /home/uid407
-+
-+dn: cn=user408,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user408
-+sn: user408
-+uid: uid408
-+givenname: givenname408
-+description: description408
-+userPassword: password408
-+mail: uid408
-+uidnumber: 408
-+gidnumber: 408
-+homeDirectory: /home/uid408
-+
-+dn: cn=user409,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user409
-+sn: user409
-+uid: uid409
-+givenname: givenname409
-+description: description409
-+userPassword: password409
-+mail: uid409
-+uidnumber: 409
-+gidnumber: 409
-+homeDirectory: /home/uid409
-+
-+dn: cn=user410,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user410
-+sn: user410
-+uid: uid410
-+givenname: givenname410
-+description: description410
-+userPassword: password410
-+mail: uid410
-+uidnumber: 410
-+gidnumber: 410
-+homeDirectory: /home/uid410
-+
-+dn: cn=user411,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user411
-+sn: user411
-+uid: uid411
-+givenname: givenname411
-+description: description411
-+userPassword: password411
-+mail: uid411
-+uidnumber: 411
-+gidnumber: 411
-+homeDirectory: /home/uid411
-+
-+dn: cn=user412,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user412
-+sn: user412
-+uid: uid412
-+givenname: givenname412
-+description: description412
-+userPassword: password412
-+mail: uid412
-+uidnumber: 412
-+gidnumber: 412
-+homeDirectory: /home/uid412
-+
-+dn: cn=user413,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user413
-+sn: user413
-+uid: uid413
-+givenname: givenname413
-+description: description413
-+userPassword: password413
-+mail: uid413
-+uidnumber: 413
-+gidnumber: 413
-+homeDirectory: /home/uid413
-+
-+dn: cn=user414,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user414
-+sn: user414
-+uid: uid414
-+givenname: givenname414
-+description: description414
-+userPassword: password414
-+mail: uid414
-+uidnumber: 414
-+gidnumber: 414
-+homeDirectory: /home/uid414
-+
-+dn: cn=user415,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user415
-+sn: user415
-+uid: uid415
-+givenname: givenname415
-+description: description415
-+userPassword: password415
-+mail: uid415
-+uidnumber: 415
-+gidnumber: 415
-+homeDirectory: /home/uid415
-+
-+dn: cn=user416,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user416
-+sn: user416
-+uid: uid416
-+givenname: givenname416
-+description: description416
-+userPassword: password416
-+mail: uid416
-+uidnumber: 416
-+gidnumber: 416
-+homeDirectory: /home/uid416
-+
-+dn: cn=user417,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user417
-+sn: user417
-+uid: uid417
-+givenname: givenname417
-+description: description417
-+userPassword: password417
-+mail: uid417
-+uidnumber: 417
-+gidnumber: 417
-+homeDirectory: /home/uid417
-+
-+dn: cn=user418,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user418
-+sn: user418
-+uid: uid418
-+givenname: givenname418
-+description: description418
-+userPassword: password418
-+mail: uid418
-+uidnumber: 418
-+gidnumber: 418
-+homeDirectory: /home/uid418
-+
-+dn: cn=user419,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user419
-+sn: user419
-+uid: uid419
-+givenname: givenname419
-+description: description419
-+userPassword: password419
-+mail: uid419
-+uidnumber: 419
-+gidnumber: 419
-+homeDirectory: /home/uid419
-+
-+dn: cn=user420,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user420
-+sn: user420
-+uid: uid420
-+givenname: givenname420
-+description: description420
-+userPassword: password420
-+mail: uid420
-+uidnumber: 420
-+gidnumber: 420
-+homeDirectory: /home/uid420
-+
-+dn: cn=user421,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user421
-+sn: user421
-+uid: uid421
-+givenname: givenname421
-+description: description421
-+userPassword: password421
-+mail: uid421
-+uidnumber: 421
-+gidnumber: 421
-+homeDirectory: /home/uid421
-+
-+dn: cn=user422,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user422
-+sn: user422
-+uid: uid422
-+givenname: givenname422
-+description: description422
-+userPassword: password422
-+mail: uid422
-+uidnumber: 422
-+gidnumber: 422
-+homeDirectory: /home/uid422
-+
-+dn: cn=user423,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user423
-+sn: user423
-+uid: uid423
-+givenname: givenname423
-+description: description423
-+userPassword: password423
-+mail: uid423
-+uidnumber: 423
-+gidnumber: 423
-+homeDirectory: /home/uid423
-+
-+dn: cn=user424,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user424
-+sn: user424
-+uid: uid424
-+givenname: givenname424
-+description: description424
-+userPassword: password424
-+mail: uid424
-+uidnumber: 424
-+gidnumber: 424
-+homeDirectory: /home/uid424
-+
-+dn: cn=user425,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user425
-+sn: user425
-+uid: uid425
-+givenname: givenname425
-+description: description425
-+userPassword: password425
-+mail: uid425
-+uidnumber: 425
-+gidnumber: 425
-+homeDirectory: /home/uid425
-+
-+dn: cn=user426,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user426
-+sn: user426
-+uid: uid426
-+givenname: givenname426
-+description: description426
-+userPassword: password426
-+mail: uid426
-+uidnumber: 426
-+gidnumber: 426
-+homeDirectory: /home/uid426
-+
-+dn: cn=user427,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user427
-+sn: user427
-+uid: uid427
-+givenname: givenname427
-+description: description427
-+userPassword: password427
-+mail: uid427
-+uidnumber: 427
-+gidnumber: 427
-+homeDirectory: /home/uid427
-+
-+dn: cn=user428,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user428
-+sn: user428
-+uid: uid428
-+givenname: givenname428
-+description: description428
-+userPassword: password428
-+mail: uid428
-+uidnumber: 428
-+gidnumber: 428
-+homeDirectory: /home/uid428
-+
-+dn: cn=user429,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user429
-+sn: user429
-+uid: uid429
-+givenname: givenname429
-+description: description429
-+userPassword: password429
-+mail: uid429
-+uidnumber: 429
-+gidnumber: 429
-+homeDirectory: /home/uid429
-+
-+dn: cn=user430,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user430
-+sn: user430
-+uid: uid430
-+givenname: givenname430
-+description: description430
-+userPassword: password430
-+mail: uid430
-+uidnumber: 430
-+gidnumber: 430
-+homeDirectory: /home/uid430
-+
-+dn: cn=user431,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user431
-+sn: user431
-+uid: uid431
-+givenname: givenname431
-+description: description431
-+userPassword: password431
-+mail: uid431
-+uidnumber: 431
-+gidnumber: 431
-+homeDirectory: /home/uid431
-+
-+dn: cn=user432,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user432
-+sn: user432
-+uid: uid432
-+givenname: givenname432
-+description: description432
-+userPassword: password432
-+mail: uid432
-+uidnumber: 432
-+gidnumber: 432
-+homeDirectory: /home/uid432
-+
-+dn: cn=user433,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user433
-+sn: user433
-+uid: uid433
-+givenname: givenname433
-+description: description433
-+userPassword: password433
-+mail: uid433
-+uidnumber: 433
-+gidnumber: 433
-+homeDirectory: /home/uid433
-+
-+dn: cn=user434,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user434
-+sn: user434
-+uid: uid434
-+givenname: givenname434
-+description: description434
-+userPassword: password434
-+mail: uid434
-+uidnumber: 434
-+gidnumber: 434
-+homeDirectory: /home/uid434
-+
-+dn: cn=user435,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user435
-+sn: user435
-+uid: uid435
-+givenname: givenname435
-+description: description435
-+userPassword: password435
-+mail: uid435
-+uidnumber: 435
-+gidnumber: 435
-+homeDirectory: /home/uid435
-+
-+dn: cn=user436,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user436
-+sn: user436
-+uid: uid436
-+givenname: givenname436
-+description: description436
-+userPassword: password436
-+mail: uid436
-+uidnumber: 436
-+gidnumber: 436
-+homeDirectory: /home/uid436
-+
-+dn: cn=user437,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user437
-+sn: user437
-+uid: uid437
-+givenname: givenname437
-+description: description437
-+userPassword: password437
-+mail: uid437
-+uidnumber: 437
-+gidnumber: 437
-+homeDirectory: /home/uid437
-+
-+dn: cn=user438,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user438
-+sn: user438
-+uid: uid438
-+givenname: givenname438
-+description: description438
-+userPassword: password438
-+mail: uid438
-+uidnumber: 438
-+gidnumber: 438
-+homeDirectory: /home/uid438
-+
-+dn: cn=user439,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user439
-+sn: user439
-+uid: uid439
-+givenname: givenname439
-+description: description439
-+userPassword: password439
-+mail: uid439
-+uidnumber: 439
-+gidnumber: 439
-+homeDirectory: /home/uid439
-+
-+dn: cn=user440,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user440
-+sn: user440
-+uid: uid440
-+givenname: givenname440
-+description: description440
-+userPassword: password440
-+mail: uid440
-+uidnumber: 440
-+gidnumber: 440
-+homeDirectory: /home/uid440
-+
-+dn: cn=user441,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user441
-+sn: user441
-+uid: uid441
-+givenname: givenname441
-+description: description441
-+userPassword: password441
-+mail: uid441
-+uidnumber: 441
-+gidnumber: 441
-+homeDirectory: /home/uid441
-+
-+dn: cn=user442,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user442
-+sn: user442
-+uid: uid442
-+givenname: givenname442
-+description: description442
-+userPassword: password442
-+mail: uid442
-+uidnumber: 442
-+gidnumber: 442
-+homeDirectory: /home/uid442
-+
-+dn: cn=user443,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user443
-+sn: user443
-+uid: uid443
-+givenname: givenname443
-+description: description443
-+userPassword: password443
-+mail: uid443
-+uidnumber: 443
-+gidnumber: 443
-+homeDirectory: /home/uid443
-+
-+dn: cn=user444,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user444
-+sn: user444
-+uid: uid444
-+givenname: givenname444
-+description: description444
-+userPassword: password444
-+mail: uid444
-+uidnumber: 444
-+gidnumber: 444
-+homeDirectory: /home/uid444
-+
-+dn: cn=user445,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user445
-+sn: user445
-+uid: uid445
-+givenname: givenname445
-+description: description445
-+userPassword: password445
-+mail: uid445
-+uidnumber: 445
-+gidnumber: 445
-+homeDirectory: /home/uid445
-+
-+dn: cn=user446,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user446
-+sn: user446
-+uid: uid446
-+givenname: givenname446
-+description: description446
-+userPassword: password446
-+mail: uid446
-+uidnumber: 446
-+gidnumber: 446
-+homeDirectory: /home/uid446
-+
-+dn: cn=user447,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user447
-+sn: user447
-+uid: uid447
-+givenname: givenname447
-+description: description447
-+userPassword: password447
-+mail: uid447
-+uidnumber: 447
-+gidnumber: 447
-+homeDirectory: /home/uid447
-+
-+dn: cn=user448,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user448
-+sn: user448
-+uid: uid448
-+givenname: givenname448
-+description: description448
-+userPassword: password448
-+mail: uid448
-+uidnumber: 448
-+gidnumber: 448
-+homeDirectory: /home/uid448
-+
-+dn: cn=user449,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user449
-+sn: user449
-+uid: uid449
-+givenname: givenname449
-+description: description449
-+userPassword: password449
-+mail: uid449
-+uidnumber: 449
-+gidnumber: 449
-+homeDirectory: /home/uid449
-+
-+dn: cn=user450,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user450
-+sn: user450
-+uid: uid450
-+givenname: givenname450
-+description: description450
-+userPassword: password450
-+mail: uid450
-+uidnumber: 450
-+gidnumber: 450
-+homeDirectory: /home/uid450
-+
-+dn: cn=user451,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user451
-+sn: user451
-+uid: uid451
-+givenname: givenname451
-+description: description451
-+userPassword: password451
-+mail: uid451
-+uidnumber: 451
-+gidnumber: 451
-+homeDirectory: /home/uid451
-+
-+dn: cn=user452,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user452
-+sn: user452
-+uid: uid452
-+givenname: givenname452
-+description: description452
-+userPassword: password452
-+mail: uid452
-+uidnumber: 452
-+gidnumber: 452
-+homeDirectory: /home/uid452
-+
-+dn: cn=user453,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user453
-+sn: user453
-+uid: uid453
-+givenname: givenname453
-+description: description453
-+userPassword: password453
-+mail: uid453
-+uidnumber: 453
-+gidnumber: 453
-+homeDirectory: /home/uid453
-+
-+dn: cn=user454,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user454
-+sn: user454
-+uid: uid454
-+givenname: givenname454
-+description: description454
-+userPassword: password454
-+mail: uid454
-+uidnumber: 454
-+gidnumber: 454
-+homeDirectory: /home/uid454
-+
-+dn: cn=user455,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user455
-+sn: user455
-+uid: uid455
-+givenname: givenname455
-+description: description455
-+userPassword: password455
-+mail: uid455
-+uidnumber: 455
-+gidnumber: 455
-+homeDirectory: /home/uid455
-+
-+dn: cn=user456,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user456
-+sn: user456
-+uid: uid456
-+givenname: givenname456
-+description: description456
-+userPassword: password456
-+mail: uid456
-+uidnumber: 456
-+gidnumber: 456
-+homeDirectory: /home/uid456
-+
-+dn: cn=user457,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user457
-+sn: user457
-+uid: uid457
-+givenname: givenname457
-+description: description457
-+userPassword: password457
-+mail: uid457
-+uidnumber: 457
-+gidnumber: 457
-+homeDirectory: /home/uid457
-+
-+dn: cn=user458,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user458
-+sn: user458
-+uid: uid458
-+givenname: givenname458
-+description: description458
-+userPassword: password458
-+mail: uid458
-+uidnumber: 458
-+gidnumber: 458
-+homeDirectory: /home/uid458
-+
-+dn: cn=user459,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user459
-+sn: user459
-+uid: uid459
-+givenname: givenname459
-+description: description459
-+userPassword: password459
-+mail: uid459
-+uidnumber: 459
-+gidnumber: 459
-+homeDirectory: /home/uid459
-+
-+dn: cn=user460,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user460
-+sn: user460
-+uid: uid460
-+givenname: givenname460
-+description: description460
-+userPassword: password460
-+mail: uid460
-+uidnumber: 460
-+gidnumber: 460
-+homeDirectory: /home/uid460
-+
-+dn: cn=user461,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user461
-+sn: user461
-+uid: uid461
-+givenname: givenname461
-+description: description461
-+userPassword: password461
-+mail: uid461
-+uidnumber: 461
-+gidnumber: 461
-+homeDirectory: /home/uid461
-+
-+dn: cn=user462,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user462
-+sn: user462
-+uid: uid462
-+givenname: givenname462
-+description: description462
-+userPassword: password462
-+mail: uid462
-+uidnumber: 462
-+gidnumber: 462
-+homeDirectory: /home/uid462
-+
-+dn: cn=user463,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user463
-+sn: user463
-+uid: uid463
-+givenname: givenname463
-+description: description463
-+userPassword: password463
-+mail: uid463
-+uidnumber: 463
-+gidnumber: 463
-+homeDirectory: /home/uid463
-+
-+dn: cn=user464,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user464
-+sn: user464
-+uid: uid464
-+givenname: givenname464
-+description: description464
-+userPassword: password464
-+mail: uid464
-+uidnumber: 464
-+gidnumber: 464
-+homeDirectory: /home/uid464
-+
-+dn: cn=user465,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user465
-+sn: user465
-+uid: uid465
-+givenname: givenname465
-+description: description465
-+userPassword: password465
-+mail: uid465
-+uidnumber: 465
-+gidnumber: 465
-+homeDirectory: /home/uid465
-+
-+dn: cn=user466,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user466
-+sn: user466
-+uid: uid466
-+givenname: givenname466
-+description: description466
-+userPassword: password466
-+mail: uid466
-+uidnumber: 466
-+gidnumber: 466
-+homeDirectory: /home/uid466
-+
-+dn: cn=user467,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user467
-+sn: user467
-+uid: uid467
-+givenname: givenname467
-+description: description467
-+userPassword: password467
-+mail: uid467
-+uidnumber: 467
-+gidnumber: 467
-+homeDirectory: /home/uid467
-+
-+dn: cn=user468,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user468
-+sn: user468
-+uid: uid468
-+givenname: givenname468
-+description: description468
-+userPassword: password468
-+mail: uid468
-+uidnumber: 468
-+gidnumber: 468
-+homeDirectory: /home/uid468
-+
-+dn: cn=user469,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user469
-+sn: user469
-+uid: uid469
-+givenname: givenname469
-+description: description469
-+userPassword: password469
-+mail: uid469
-+uidnumber: 469
-+gidnumber: 469
-+homeDirectory: /home/uid469
-+
-+dn: cn=user470,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user470
-+sn: user470
-+uid: uid470
-+givenname: givenname470
-+description: description470
-+userPassword: password470
-+mail: uid470
-+uidnumber: 470
-+gidnumber: 470
-+homeDirectory: /home/uid470
-+
-+dn: cn=user471,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user471
-+sn: user471
-+uid: uid471
-+givenname: givenname471
-+description: description471
-+userPassword: password471
-+mail: uid471
-+uidnumber: 471
-+gidnumber: 471
-+homeDirectory: /home/uid471
-+
-+dn: cn=user472,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user472
-+sn: user472
-+uid: uid472
-+givenname: givenname472
-+description: description472
-+userPassword: password472
-+mail: uid472
-+uidnumber: 472
-+gidnumber: 472
-+homeDirectory: /home/uid472
-+
-+dn: cn=user473,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user473
-+sn: user473
-+uid: uid473
-+givenname: givenname473
-+description: description473
-+userPassword: password473
-+mail: uid473
-+uidnumber: 473
-+gidnumber: 473
-+homeDirectory: /home/uid473
-+
-+dn: cn=user474,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user474
-+sn: user474
-+uid: uid474
-+givenname: givenname474
-+description: description474
-+userPassword: password474
-+mail: uid474
-+uidnumber: 474
-+gidnumber: 474
-+homeDirectory: /home/uid474
-+
-+dn: cn=user475,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user475
-+sn: user475
-+uid: uid475
-+givenname: givenname475
-+description: description475
-+userPassword: password475
-+mail: uid475
-+uidnumber: 475
-+gidnumber: 475
-+homeDirectory: /home/uid475
-+
-+dn: cn=user476,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user476
-+sn: user476
-+uid: uid476
-+givenname: givenname476
-+description: description476
-+userPassword: password476
-+mail: uid476
-+uidnumber: 476
-+gidnumber: 476
-+homeDirectory: /home/uid476
-+
-+dn: cn=user477,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user477
-+sn: user477
-+uid: uid477
-+givenname: givenname477
-+description: description477
-+userPassword: password477
-+mail: uid477
-+uidnumber: 477
-+gidnumber: 477
-+homeDirectory: /home/uid477
-+
-+dn: cn=user478,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user478
-+sn: user478
-+uid: uid478
-+givenname: givenname478
-+description: description478
-+userPassword: password478
-+mail: uid478
-+uidnumber: 478
-+gidnumber: 478
-+homeDirectory: /home/uid478
-+
-+dn: cn=user479,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user479
-+sn: user479
-+uid: uid479
-+givenname: givenname479
-+description: description479
-+userPassword: password479
-+mail: uid479
-+uidnumber: 479
-+gidnumber: 479
-+homeDirectory: /home/uid479
-+
-+dn: cn=user480,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user480
-+sn: user480
-+uid: uid480
-+givenname: givenname480
-+description: description480
-+userPassword: password480
-+mail: uid480
-+uidnumber: 480
-+gidnumber: 480
-+homeDirectory: /home/uid480
-+
-+dn: cn=user481,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user481
-+sn: user481
-+uid: uid481
-+givenname: givenname481
-+description: description481
-+userPassword: password481
-+mail: uid481
-+uidnumber: 481
-+gidnumber: 481
-+homeDirectory: /home/uid481
-+
-+dn: cn=user482,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user482
-+sn: user482
-+uid: uid482
-+givenname: givenname482
-+description: description482
-+userPassword: password482
-+mail: uid482
-+uidnumber: 482
-+gidnumber: 482
-+homeDirectory: /home/uid482
-+
-+dn: cn=user483,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user483
-+sn: user483
-+uid: uid483
-+givenname: givenname483
-+description: description483
-+userPassword: password483
-+mail: uid483
-+uidnumber: 483
-+gidnumber: 483
-+homeDirectory: /home/uid483
-+
-+dn: cn=user484,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user484
-+sn: user484
-+uid: uid484
-+givenname: givenname484
-+description: description484
-+userPassword: password484
-+mail: uid484
-+uidnumber: 484
-+gidnumber: 484
-+homeDirectory: /home/uid484
-+
-+dn: cn=user485,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user485
-+sn: user485
-+uid: uid485
-+givenname: givenname485
-+description: description485
-+userPassword: password485
-+mail: uid485
-+uidnumber: 485
-+gidnumber: 485
-+homeDirectory: /home/uid485
-+
-+dn: cn=user486,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user486
-+sn: user486
-+uid: uid486
-+givenname: givenname486
-+description: description486
-+userPassword: password486
-+mail: uid486
-+uidnumber: 486
-+gidnumber: 486
-+homeDirectory: /home/uid486
-+
-+dn: cn=user487,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user487
-+sn: user487
-+uid: uid487
-+givenname: givenname487
-+description: description487
-+userPassword: password487
-+mail: uid487
-+uidnumber: 487
-+gidnumber: 487
-+homeDirectory: /home/uid487
-+
-+dn: cn=user488,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user488
-+sn: user488
-+uid: uid488
-+givenname: givenname488
-+description: description488
-+userPassword: password488
-+mail: uid488
-+uidnumber: 488
-+gidnumber: 488
-+homeDirectory: /home/uid488
-+
-+dn: cn=user489,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user489
-+sn: user489
-+uid: uid489
-+givenname: givenname489
-+description: description489
-+userPassword: password489
-+mail: uid489
-+uidnumber: 489
-+gidnumber: 489
-+homeDirectory: /home/uid489
-+
-+dn: cn=user490,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user490
-+sn: user490
-+uid: uid490
-+givenname: givenname490
-+description: description490
-+userPassword: password490
-+mail: uid490
-+uidnumber: 490
-+gidnumber: 490
-+homeDirectory: /home/uid490
-+
-+dn: cn=user491,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user491
-+sn: user491
-+uid: uid491
-+givenname: givenname491
-+description: description491
-+userPassword: password491
-+mail: uid491
-+uidnumber: 491
-+gidnumber: 491
-+homeDirectory: /home/uid491
-+
-+dn: cn=user492,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user492
-+sn: user492
-+uid: uid492
-+givenname: givenname492
-+description: description492
-+userPassword: password492
-+mail: uid492
-+uidnumber: 492
-+gidnumber: 492
-+homeDirectory: /home/uid492
-+
-+dn: cn=user493,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user493
-+sn: user493
-+uid: uid493
-+givenname: givenname493
-+description: description493
-+userPassword: password493
-+mail: uid493
-+uidnumber: 493
-+gidnumber: 493
-+homeDirectory: /home/uid493
-+
-+dn: cn=user494,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user494
-+sn: user494
-+uid: uid494
-+givenname: givenname494
-+description: description494
-+userPassword: password494
-+mail: uid494
-+uidnumber: 494
-+gidnumber: 494
-+homeDirectory: /home/uid494
-+
-+dn: cn=user495,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user495
-+sn: user495
-+uid: uid495
-+givenname: givenname495
-+description: description495
-+userPassword: password495
-+mail: uid495
-+uidnumber: 495
-+gidnumber: 495
-+homeDirectory: /home/uid495
-+
-+dn: cn=user496,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user496
-+sn: user496
-+uid: uid496
-+givenname: givenname496
-+description: description496
-+userPassword: password496
-+mail: uid496
-+uidnumber: 496
-+gidnumber: 496
-+homeDirectory: /home/uid496
-+
-+dn: cn=user497,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user497
-+sn: user497
-+uid: uid497
-+givenname: givenname497
-+description: description497
-+userPassword: password497
-+mail: uid497
-+uidnumber: 497
-+gidnumber: 497
-+homeDirectory: /home/uid497
-+
-+dn: cn=user498,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user498
-+sn: user498
-+uid: uid498
-+givenname: givenname498
-+description: description498
-+userPassword: password498
-+mail: uid498
-+uidnumber: 498
-+gidnumber: 498
-+homeDirectory: /home/uid498
-+
-+dn: cn=user499,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user499
-+sn: user499
-+uid: uid499
-+givenname: givenname499
-+description: description499
-+userPassword: password499
-+mail: uid499
-+uidnumber: 499
-+gidnumber: 499
-+homeDirectory: /home/uid499
-+
-+dn: cn=user500,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user500
-+sn: user500
-+uid: uid500
-+givenname: givenname500
-+description: description500
-+userPassword: password500
-+mail: uid500
-+uidnumber: 500
-+gidnumber: 500
-+homeDirectory: /home/uid500
-+
-+dn: cn=user501,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user501
-+sn: user501
-+uid: uid501
-+givenname: givenname501
-+description: description501
-+userPassword: password501
-+mail: uid501
-+uidnumber: 501
-+gidnumber: 501
-+homeDirectory: /home/uid501
-+
-+dn: cn=user502,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user502
-+sn: user502
-+uid: uid502
-+givenname: givenname502
-+description: description502
-+userPassword: password502
-+mail: uid502
-+uidnumber: 502
-+gidnumber: 502
-+homeDirectory: /home/uid502
-+
-+dn: cn=user503,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user503
-+sn: user503
-+uid: uid503
-+givenname: givenname503
-+description: description503
-+userPassword: password503
-+mail: uid503
-+uidnumber: 503
-+gidnumber: 503
-+homeDirectory: /home/uid503
-+
-+dn: cn=user504,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user504
-+sn: user504
-+uid: uid504
-+givenname: givenname504
-+description: description504
-+userPassword: password504
-+mail: uid504
-+uidnumber: 504
-+gidnumber: 504
-+homeDirectory: /home/uid504
-+
-+dn: cn=user505,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user505
-+sn: user505
-+uid: uid505
-+givenname: givenname505
-+description: description505
-+userPassword: password505
-+mail: uid505
-+uidnumber: 505
-+gidnumber: 505
-+homeDirectory: /home/uid505
-+
-+dn: cn=user506,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user506
-+sn: user506
-+uid: uid506
-+givenname: givenname506
-+description: description506
-+userPassword: password506
-+mail: uid506
-+uidnumber: 506
-+gidnumber: 506
-+homeDirectory: /home/uid506
-+
-+dn: cn=user507,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user507
-+sn: user507
-+uid: uid507
-+givenname: givenname507
-+description: description507
-+userPassword: password507
-+mail: uid507
-+uidnumber: 507
-+gidnumber: 507
-+homeDirectory: /home/uid507
-+
-+dn: cn=user508,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user508
-+sn: user508
-+uid: uid508
-+givenname: givenname508
-+description: description508
-+userPassword: password508
-+mail: uid508
-+uidnumber: 508
-+gidnumber: 508
-+homeDirectory: /home/uid508
-+
-+dn: cn=user509,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user509
-+sn: user509
-+uid: uid509
-+givenname: givenname509
-+description: description509
-+userPassword: password509
-+mail: uid509
-+uidnumber: 509
-+gidnumber: 509
-+homeDirectory: /home/uid509
-+
-+dn: cn=user510,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user510
-+sn: user510
-+uid: uid510
-+givenname: givenname510
-+description: description510
-+userPassword: password510
-+mail: uid510
-+uidnumber: 510
-+gidnumber: 510
-+homeDirectory: /home/uid510
-+
-+dn: cn=user511,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user511
-+sn: user511
-+uid: uid511
-+givenname: givenname511
-+description: description511
-+userPassword: password511
-+mail: uid511
-+uidnumber: 511
-+gidnumber: 511
-+homeDirectory: /home/uid511
-+
-+dn: cn=user512,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user512
-+sn: user512
-+uid: uid512
-+givenname: givenname512
-+description: description512
-+userPassword: password512
-+mail: uid512
-+uidnumber: 512
-+gidnumber: 512
-+homeDirectory: /home/uid512
-+
-+dn: cn=user513,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user513
-+sn: user513
-+uid: uid513
-+givenname: givenname513
-+description: description513
-+userPassword: password513
-+mail: uid513
-+uidnumber: 513
-+gidnumber: 513
-+homeDirectory: /home/uid513
-+
-+dn: cn=user514,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user514
-+sn: user514
-+uid: uid514
-+givenname: givenname514
-+description: description514
-+userPassword: password514
-+mail: uid514
-+uidnumber: 514
-+gidnumber: 514
-+homeDirectory: /home/uid514
-+
-+dn: cn=user515,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user515
-+sn: user515
-+uid: uid515
-+givenname: givenname515
-+description: description515
-+userPassword: password515
-+mail: uid515
-+uidnumber: 515
-+gidnumber: 515
-+homeDirectory: /home/uid515
-+
-+dn: cn=user516,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user516
-+sn: user516
-+uid: uid516
-+givenname: givenname516
-+description: description516
-+userPassword: password516
-+mail: uid516
-+uidnumber: 516
-+gidnumber: 516
-+homeDirectory: /home/uid516
-+
-+dn: cn=user517,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user517
-+sn: user517
-+uid: uid517
-+givenname: givenname517
-+description: description517
-+userPassword: password517
-+mail: uid517
-+uidnumber: 517
-+gidnumber: 517
-+homeDirectory: /home/uid517
-+
-+dn: cn=user518,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user518
-+sn: user518
-+uid: uid518
-+givenname: givenname518
-+description: description518
-+userPassword: password518
-+mail: uid518
-+uidnumber: 518
-+gidnumber: 518
-+homeDirectory: /home/uid518
-+
-+dn: cn=user519,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user519
-+sn: user519
-+uid: uid519
-+givenname: givenname519
-+description: description519
-+userPassword: password519
-+mail: uid519
-+uidnumber: 519
-+gidnumber: 519
-+homeDirectory: /home/uid519
-+
-+dn: cn=user520,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user520
-+sn: user520
-+uid: uid520
-+givenname: givenname520
-+description: description520
-+userPassword: password520
-+mail: uid520
-+uidnumber: 520
-+gidnumber: 520
-+homeDirectory: /home/uid520
-+
-+dn: cn=user521,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user521
-+sn: user521
-+uid: uid521
-+givenname: givenname521
-+description: description521
-+userPassword: password521
-+mail: uid521
-+uidnumber: 521
-+gidnumber: 521
-+homeDirectory: /home/uid521
-+
-+dn: cn=user522,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user522
-+sn: user522
-+uid: uid522
-+givenname: givenname522
-+description: description522
-+userPassword: password522
-+mail: uid522
-+uidnumber: 522
-+gidnumber: 522
-+homeDirectory: /home/uid522
-+
-+dn: cn=user523,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user523
-+sn: user523
-+uid: uid523
-+givenname: givenname523
-+description: description523
-+userPassword: password523
-+mail: uid523
-+uidnumber: 523
-+gidnumber: 523
-+homeDirectory: /home/uid523
-+
-+dn: cn=user524,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user524
-+sn: user524
-+uid: uid524
-+givenname: givenname524
-+description: description524
-+userPassword: password524
-+mail: uid524
-+uidnumber: 524
-+gidnumber: 524
-+homeDirectory: /home/uid524
-+
-+dn: cn=user525,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user525
-+sn: user525
-+uid: uid525
-+givenname: givenname525
-+description: description525
-+userPassword: password525
-+mail: uid525
-+uidnumber: 525
-+gidnumber: 525
-+homeDirectory: /home/uid525
-+
-+dn: cn=user526,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user526
-+sn: user526
-+uid: uid526
-+givenname: givenname526
-+description: description526
-+userPassword: password526
-+mail: uid526
-+uidnumber: 526
-+gidnumber: 526
-+homeDirectory: /home/uid526
-+
-+dn: cn=user527,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user527
-+sn: user527
-+uid: uid527
-+givenname: givenname527
-+description: description527
-+userPassword: password527
-+mail: uid527
-+uidnumber: 527
-+gidnumber: 527
-+homeDirectory: /home/uid527
-+
-+dn: cn=user528,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user528
-+sn: user528
-+uid: uid528
-+givenname: givenname528
-+description: description528
-+userPassword: password528
-+mail: uid528
-+uidnumber: 528
-+gidnumber: 528
-+homeDirectory: /home/uid528
-+
-+dn: cn=user529,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user529
-+sn: user529
-+uid: uid529
-+givenname: givenname529
-+description: description529
-+userPassword: password529
-+mail: uid529
-+uidnumber: 529
-+gidnumber: 529
-+homeDirectory: /home/uid529
-+
-+dn: cn=user530,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user530
-+sn: user530
-+uid: uid530
-+givenname: givenname530
-+description: description530
-+userPassword: password530
-+mail: uid530
-+uidnumber: 530
-+gidnumber: 530
-+homeDirectory: /home/uid530
-+
-+dn: cn=user531,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user531
-+sn: user531
-+uid: uid531
-+givenname: givenname531
-+description: description531
-+userPassword: password531
-+mail: uid531
-+uidnumber: 531
-+gidnumber: 531
-+homeDirectory: /home/uid531
-+
-+dn: cn=user532,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user532
-+sn: user532
-+uid: uid532
-+givenname: givenname532
-+description: description532
-+userPassword: password532
-+mail: uid532
-+uidnumber: 532
-+gidnumber: 532
-+homeDirectory: /home/uid532
-+
-+dn: cn=user533,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user533
-+sn: user533
-+uid: uid533
-+givenname: givenname533
-+description: description533
-+userPassword: password533
-+mail: uid533
-+uidnumber: 533
-+gidnumber: 533
-+homeDirectory: /home/uid533
-+
-+dn: cn=user534,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user534
-+sn: user534
-+uid: uid534
-+givenname: givenname534
-+description: description534
-+userPassword: password534
-+mail: uid534
-+uidnumber: 534
-+gidnumber: 534
-+homeDirectory: /home/uid534
-+
-+dn: cn=user535,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user535
-+sn: user535
-+uid: uid535
-+givenname: givenname535
-+description: description535
-+userPassword: password535
-+mail: uid535
-+uidnumber: 535
-+gidnumber: 535
-+homeDirectory: /home/uid535
-+
-+dn: cn=user536,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user536
-+sn: user536
-+uid: uid536
-+givenname: givenname536
-+description: description536
-+userPassword: password536
-+mail: uid536
-+uidnumber: 536
-+gidnumber: 536
-+homeDirectory: /home/uid536
-+
-+dn: cn=user537,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user537
-+sn: user537
-+uid: uid537
-+givenname: givenname537
-+description: description537
-+userPassword: password537
-+mail: uid537
-+uidnumber: 537
-+gidnumber: 537
-+homeDirectory: /home/uid537
-+
-+dn: cn=user538,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user538
-+sn: user538
-+uid: uid538
-+givenname: givenname538
-+description: description538
-+userPassword: password538
-+mail: uid538
-+uidnumber: 538
-+gidnumber: 538
-+homeDirectory: /home/uid538
-+
-+dn: cn=user539,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user539
-+sn: user539
-+uid: uid539
-+givenname: givenname539
-+description: description539
-+userPassword: password539
-+mail: uid539
-+uidnumber: 539
-+gidnumber: 539
-+homeDirectory: /home/uid539
-+
-+dn: cn=user540,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user540
-+sn: user540
-+uid: uid540
-+givenname: givenname540
-+description: description540
-+userPassword: password540
-+mail: uid540
-+uidnumber: 540
-+gidnumber: 540
-+homeDirectory: /home/uid540
-+
-+dn: cn=user541,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user541
-+sn: user541
-+uid: uid541
-+givenname: givenname541
-+description: description541
-+userPassword: password541
-+mail: uid541
-+uidnumber: 541
-+gidnumber: 541
-+homeDirectory: /home/uid541
-+
-+dn: cn=user542,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user542
-+sn: user542
-+uid: uid542
-+givenname: givenname542
-+description: description542
-+userPassword: password542
-+mail: uid542
-+uidnumber: 542
-+gidnumber: 542
-+homeDirectory: /home/uid542
-+
-+dn: cn=user543,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user543
-+sn: user543
-+uid: uid543
-+givenname: givenname543
-+description: description543
-+userPassword: password543
-+mail: uid543
-+uidnumber: 543
-+gidnumber: 543
-+homeDirectory: /home/uid543
-+
-+dn: cn=user544,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user544
-+sn: user544
-+uid: uid544
-+givenname: givenname544
-+description: description544
-+userPassword: password544
-+mail: uid544
-+uidnumber: 544
-+gidnumber: 544
-+homeDirectory: /home/uid544
-+
-+dn: cn=user545,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user545
-+sn: user545
-+uid: uid545
-+givenname: givenname545
-+description: description545
-+userPassword: password545
-+mail: uid545
-+uidnumber: 545
-+gidnumber: 545
-+homeDirectory: /home/uid545
-+
-+dn: cn=user546,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user546
-+sn: user546
-+uid: uid546
-+givenname: givenname546
-+description: description546
-+userPassword: password546
-+mail: uid546
-+uidnumber: 546
-+gidnumber: 546
-+homeDirectory: /home/uid546
-+
-+dn: cn=user547,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user547
-+sn: user547
-+uid: uid547
-+givenname: givenname547
-+description: description547
-+userPassword: password547
-+mail: uid547
-+uidnumber: 547
-+gidnumber: 547
-+homeDirectory: /home/uid547
-+
-+dn: cn=user548,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user548
-+sn: user548
-+uid: uid548
-+givenname: givenname548
-+description: description548
-+userPassword: password548
-+mail: uid548
-+uidnumber: 548
-+gidnumber: 548
-+homeDirectory: /home/uid548
-+
-+dn: cn=user549,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user549
-+sn: user549
-+uid: uid549
-+givenname: givenname549
-+description: description549
-+userPassword: password549
-+mail: uid549
-+uidnumber: 549
-+gidnumber: 549
-+homeDirectory: /home/uid549
-+
-+dn: cn=user550,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user550
-+sn: user550
-+uid: uid550
-+givenname: givenname550
-+description: description550
-+userPassword: password550
-+mail: uid550
-+uidnumber: 550
-+gidnumber: 550
-+homeDirectory: /home/uid550
-+
-+dn: cn=user551,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user551
-+sn: user551
-+uid: uid551
-+givenname: givenname551
-+description: description551
-+userPassword: password551
-+mail: uid551
-+uidnumber: 551
-+gidnumber: 551
-+homeDirectory: /home/uid551
-+
-+dn: cn=user552,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user552
-+sn: user552
-+uid: uid552
-+givenname: givenname552
-+description: description552
-+userPassword: password552
-+mail: uid552
-+uidnumber: 552
-+gidnumber: 552
-+homeDirectory: /home/uid552
-+
-+dn: cn=user553,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user553
-+sn: user553
-+uid: uid553
-+givenname: givenname553
-+description: description553
-+userPassword: password553
-+mail: uid553
-+uidnumber: 553
-+gidnumber: 553
-+homeDirectory: /home/uid553
-+
-+dn: cn=user554,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user554
-+sn: user554
-+uid: uid554
-+givenname: givenname554
-+description: description554
-+userPassword: password554
-+mail: uid554
-+uidnumber: 554
-+gidnumber: 554
-+homeDirectory: /home/uid554
-+
-+dn: cn=user555,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user555
-+sn: user555
-+uid: uid555
-+givenname: givenname555
-+description: description555
-+userPassword: password555
-+mail: uid555
-+uidnumber: 555
-+gidnumber: 555
-+homeDirectory: /home/uid555
-+
-+dn: cn=user556,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user556
-+sn: user556
-+uid: uid556
-+givenname: givenname556
-+description: description556
-+userPassword: password556
-+mail: uid556
-+uidnumber: 556
-+gidnumber: 556
-+homeDirectory: /home/uid556
-+
-+dn: cn=user557,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user557
-+sn: user557
-+uid: uid557
-+givenname: givenname557
-+description: description557
-+userPassword: password557
-+mail: uid557
-+uidnumber: 557
-+gidnumber: 557
-+homeDirectory: /home/uid557
-+
-+dn: cn=user558,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user558
-+sn: user558
-+uid: uid558
-+givenname: givenname558
-+description: description558
-+userPassword: password558
-+mail: uid558
-+uidnumber: 558
-+gidnumber: 558
-+homeDirectory: /home/uid558
-+
-+dn: cn=user559,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user559
-+sn: user559
-+uid: uid559
-+givenname: givenname559
-+description: description559
-+userPassword: password559
-+mail: uid559
-+uidnumber: 559
-+gidnumber: 559
-+homeDirectory: /home/uid559
-+
-+dn: cn=user560,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user560
-+sn: user560
-+uid: uid560
-+givenname: givenname560
-+description: description560
-+userPassword: password560
-+mail: uid560
-+uidnumber: 560
-+gidnumber: 560
-+homeDirectory: /home/uid560
-+
-+dn: cn=user561,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user561
-+sn: user561
-+uid: uid561
-+givenname: givenname561
-+description: description561
-+userPassword: password561
-+mail: uid561
-+uidnumber: 561
-+gidnumber: 561
-+homeDirectory: /home/uid561
-+
-+dn: cn=user562,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user562
-+sn: user562
-+uid: uid562
-+givenname: givenname562
-+description: description562
-+userPassword: password562
-+mail: uid562
-+uidnumber: 562
-+gidnumber: 562
-+homeDirectory: /home/uid562
-+
-+dn: cn=user563,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user563
-+sn: user563
-+uid: uid563
-+givenname: givenname563
-+description: description563
-+userPassword: password563
-+mail: uid563
-+uidnumber: 563
-+gidnumber: 563
-+homeDirectory: /home/uid563
-+
-+dn: cn=user564,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user564
-+sn: user564
-+uid: uid564
-+givenname: givenname564
-+description: description564
-+userPassword: password564
-+mail: uid564
-+uidnumber: 564
-+gidnumber: 564
-+homeDirectory: /home/uid564
-+
-+dn: cn=user565,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user565
-+sn: user565
-+uid: uid565
-+givenname: givenname565
-+description: description565
-+userPassword: password565
-+mail: uid565
-+uidnumber: 565
-+gidnumber: 565
-+homeDirectory: /home/uid565
-+
-+dn: cn=user566,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user566
-+sn: user566
-+uid: uid566
-+givenname: givenname566
-+description: description566
-+userPassword: password566
-+mail: uid566
-+uidnumber: 566
-+gidnumber: 566
-+homeDirectory: /home/uid566
-+
-+dn: cn=user567,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user567
-+sn: user567
-+uid: uid567
-+givenname: givenname567
-+description: description567
-+userPassword: password567
-+mail: uid567
-+uidnumber: 567
-+gidnumber: 567
-+homeDirectory: /home/uid567
-+
-+dn: cn=user568,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user568
-+sn: user568
-+uid: uid568
-+givenname: givenname568
-+description: description568
-+userPassword: password568
-+mail: uid568
-+uidnumber: 568
-+gidnumber: 568
-+homeDirectory: /home/uid568
-+
-+dn: cn=user569,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user569
-+sn: user569
-+uid: uid569
-+givenname: givenname569
-+description: description569
-+userPassword: password569
-+mail: uid569
-+uidnumber: 569
-+gidnumber: 569
-+homeDirectory: /home/uid569
-+
-+dn: cn=user570,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user570
-+sn: user570
-+uid: uid570
-+givenname: givenname570
-+description: description570
-+userPassword: password570
-+mail: uid570
-+uidnumber: 570
-+gidnumber: 570
-+homeDirectory: /home/uid570
-+
-+dn: cn=user571,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user571
-+sn: user571
-+uid: uid571
-+givenname: givenname571
-+description: description571
-+userPassword: password571
-+mail: uid571
-+uidnumber: 571
-+gidnumber: 571
-+homeDirectory: /home/uid571
-+
-+dn: cn=user572,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user572
-+sn: user572
-+uid: uid572
-+givenname: givenname572
-+description: description572
-+userPassword: password572
-+mail: uid572
-+uidnumber: 572
-+gidnumber: 572
-+homeDirectory: /home/uid572
-+
-+dn: cn=user573,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user573
-+sn: user573
-+uid: uid573
-+givenname: givenname573
-+description: description573
-+userPassword: password573
-+mail: uid573
-+uidnumber: 573
-+gidnumber: 573
-+homeDirectory: /home/uid573
-+
-+dn: cn=user574,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user574
-+sn: user574
-+uid: uid574
-+givenname: givenname574
-+description: description574
-+userPassword: password574
-+mail: uid574
-+uidnumber: 574
-+gidnumber: 574
-+homeDirectory: /home/uid574
-+
-+dn: cn=user575,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user575
-+sn: user575
-+uid: uid575
-+givenname: givenname575
-+description: description575
-+userPassword: password575
-+mail: uid575
-+uidnumber: 575
-+gidnumber: 575
-+homeDirectory: /home/uid575
-+
-+dn: cn=user576,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user576
-+sn: user576
-+uid: uid576
-+givenname: givenname576
-+description: description576
-+userPassword: password576
-+mail: uid576
-+uidnumber: 576
-+gidnumber: 576
-+homeDirectory: /home/uid576
-+
-+dn: cn=user577,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user577
-+sn: user577
-+uid: uid577
-+givenname: givenname577
-+description: description577
-+userPassword: password577
-+mail: uid577
-+uidnumber: 577
-+gidnumber: 577
-+homeDirectory: /home/uid577
-+
-+dn: cn=user578,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user578
-+sn: user578
-+uid: uid578
-+givenname: givenname578
-+description: description578
-+userPassword: password578
-+mail: uid578
-+uidnumber: 578
-+gidnumber: 578
-+homeDirectory: /home/uid578
-+
-+dn: cn=user579,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user579
-+sn: user579
-+uid: uid579
-+givenname: givenname579
-+description: description579
-+userPassword: password579
-+mail: uid579
-+uidnumber: 579
-+gidnumber: 579
-+homeDirectory: /home/uid579
-+
-+dn: cn=user580,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user580
-+sn: user580
-+uid: uid580
-+givenname: givenname580
-+description: description580
-+userPassword: password580
-+mail: uid580
-+uidnumber: 580
-+gidnumber: 580
-+homeDirectory: /home/uid580
-+
-+dn: cn=user581,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user581
-+sn: user581
-+uid: uid581
-+givenname: givenname581
-+description: description581
-+userPassword: password581
-+mail: uid581
-+uidnumber: 581
-+gidnumber: 581
-+homeDirectory: /home/uid581
-+
-+dn: cn=user582,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user582
-+sn: user582
-+uid: uid582
-+givenname: givenname582
-+description: description582
-+userPassword: password582
-+mail: uid582
-+uidnumber: 582
-+gidnumber: 582
-+homeDirectory: /home/uid582
-+
-+dn: cn=user583,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user583
-+sn: user583
-+uid: uid583
-+givenname: givenname583
-+description: description583
-+userPassword: password583
-+mail: uid583
-+uidnumber: 583
-+gidnumber: 583
-+homeDirectory: /home/uid583
-+
-+dn: cn=user584,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user584
-+sn: user584
-+uid: uid584
-+givenname: givenname584
-+description: description584
-+userPassword: password584
-+mail: uid584
-+uidnumber: 584
-+gidnumber: 584
-+homeDirectory: /home/uid584
-+
-+dn: cn=user585,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user585
-+sn: user585
-+uid: uid585
-+givenname: givenname585
-+description: description585
-+userPassword: password585
-+mail: uid585
-+uidnumber: 585
-+gidnumber: 585
-+homeDirectory: /home/uid585
-+
-+dn: cn=user586,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user586
-+sn: user586
-+uid: uid586
-+givenname: givenname586
-+description: description586
-+userPassword: password586
-+mail: uid586
-+uidnumber: 586
-+gidnumber: 586
-+homeDirectory: /home/uid586
-+
-+dn: cn=user587,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user587
-+sn: user587
-+uid: uid587
-+givenname: givenname587
-+description: description587
-+userPassword: password587
-+mail: uid587
-+uidnumber: 587
-+gidnumber: 587
-+homeDirectory: /home/uid587
-+
-+dn: cn=user588,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user588
-+sn: user588
-+uid: uid588
-+givenname: givenname588
-+description: description588
-+userPassword: password588
-+mail: uid588
-+uidnumber: 588
-+gidnumber: 588
-+homeDirectory: /home/uid588
-+
-+dn: cn=user589,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user589
-+sn: user589
-+uid: uid589
-+givenname: givenname589
-+description: description589
-+userPassword: password589
-+mail: uid589
-+uidnumber: 589
-+gidnumber: 589
-+homeDirectory: /home/uid589
-+
-+dn: cn=user590,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user590
-+sn: user590
-+uid: uid590
-+givenname: givenname590
-+description: description590
-+userPassword: password590
-+mail: uid590
-+uidnumber: 590
-+gidnumber: 590
-+homeDirectory: /home/uid590
-+
-+dn: cn=user591,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user591
-+sn: user591
-+uid: uid591
-+givenname: givenname591
-+description: description591
-+userPassword: password591
-+mail: uid591
-+uidnumber: 591
-+gidnumber: 591
-+homeDirectory: /home/uid591
-+
-+dn: cn=user592,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user592
-+sn: user592
-+uid: uid592
-+givenname: givenname592
-+description: description592
-+userPassword: password592
-+mail: uid592
-+uidnumber: 592
-+gidnumber: 592
-+homeDirectory: /home/uid592
-+
-+dn: cn=user593,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user593
-+sn: user593
-+uid: uid593
-+givenname: givenname593
-+description: description593
-+userPassword: password593
-+mail: uid593
-+uidnumber: 593
-+gidnumber: 593
-+homeDirectory: /home/uid593
-+
-+dn: cn=user594,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user594
-+sn: user594
-+uid: uid594
-+givenname: givenname594
-+description: description594
-+userPassword: password594
-+mail: uid594
-+uidnumber: 594
-+gidnumber: 594
-+homeDirectory: /home/uid594
-+
-+dn: cn=user595,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user595
-+sn: user595
-+uid: uid595
-+givenname: givenname595
-+description: description595
-+userPassword: password595
-+mail: uid595
-+uidnumber: 595
-+gidnumber: 595
-+homeDirectory: /home/uid595
-+
-+dn: cn=user596,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user596
-+sn: user596
-+uid: uid596
-+givenname: givenname596
-+description: description596
-+userPassword: password596
-+mail: uid596
-+uidnumber: 596
-+gidnumber: 596
-+homeDirectory: /home/uid596
-+
-+dn: cn=user597,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user597
-+sn: user597
-+uid: uid597
-+givenname: givenname597
-+description: description597
-+userPassword: password597
-+mail: uid597
-+uidnumber: 597
-+gidnumber: 597
-+homeDirectory: /home/uid597
-+
-+dn: cn=user598,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user598
-+sn: user598
-+uid: uid598
-+givenname: givenname598
-+description: description598
-+userPassword: password598
-+mail: uid598
-+uidnumber: 598
-+gidnumber: 598
-+homeDirectory: /home/uid598
-+
-+dn: cn=user599,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user599
-+sn: user599
-+uid: uid599
-+givenname: givenname599
-+description: description599
-+userPassword: password599
-+mail: uid599
-+uidnumber: 599
-+gidnumber: 599
-+homeDirectory: /home/uid599
-+
-+dn: cn=user600,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user600
-+sn: user600
-+uid: uid600
-+givenname: givenname600
-+description: description600
-+userPassword: password600
-+mail: uid600
-+uidnumber: 600
-+gidnumber: 600
-+homeDirectory: /home/uid600
-+
-+dn: cn=user601,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user601
-+sn: user601
-+uid: uid601
-+givenname: givenname601
-+description: description601
-+userPassword: password601
-+mail: uid601
-+uidnumber: 601
-+gidnumber: 601
-+homeDirectory: /home/uid601
-+
-+dn: cn=user602,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user602
-+sn: user602
-+uid: uid602
-+givenname: givenname602
-+description: description602
-+userPassword: password602
-+mail: uid602
-+uidnumber: 602
-+gidnumber: 602
-+homeDirectory: /home/uid602
-+
-+dn: cn=user603,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user603
-+sn: user603
-+uid: uid603
-+givenname: givenname603
-+description: description603
-+userPassword: password603
-+mail: uid603
-+uidnumber: 603
-+gidnumber: 603
-+homeDirectory: /home/uid603
-+
-+dn: cn=user604,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user604
-+sn: user604
-+uid: uid604
-+givenname: givenname604
-+description: description604
-+userPassword: password604
-+mail: uid604
-+uidnumber: 604
-+gidnumber: 604
-+homeDirectory: /home/uid604
-+
-+dn: cn=user605,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user605
-+sn: user605
-+uid: uid605
-+givenname: givenname605
-+description: description605
-+userPassword: password605
-+mail: uid605
-+uidnumber: 605
-+gidnumber: 605
-+homeDirectory: /home/uid605
-+
-+dn: cn=user606,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user606
-+sn: user606
-+uid: uid606
-+givenname: givenname606
-+description: description606
-+userPassword: password606
-+mail: uid606
-+uidnumber: 606
-+gidnumber: 606
-+homeDirectory: /home/uid606
-+
-+dn: cn=user607,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user607
-+sn: user607
-+uid: uid607
-+givenname: givenname607
-+description: description607
-+userPassword: password607
-+mail: uid607
-+uidnumber: 607
-+gidnumber: 607
-+homeDirectory: /home/uid607
-+
-+dn: cn=user608,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user608
-+sn: user608
-+uid: uid608
-+givenname: givenname608
-+description: description608
-+userPassword: password608
-+mail: uid608
-+uidnumber: 608
-+gidnumber: 608
-+homeDirectory: /home/uid608
-+
-+dn: cn=user609,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user609
-+sn: user609
-+uid: uid609
-+givenname: givenname609
-+description: description609
-+userPassword: password609
-+mail: uid609
-+uidnumber: 609
-+gidnumber: 609
-+homeDirectory: /home/uid609
-+
-+dn: cn=user610,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user610
-+sn: user610
-+uid: uid610
-+givenname: givenname610
-+description: description610
-+userPassword: password610
-+mail: uid610
-+uidnumber: 610
-+gidnumber: 610
-+homeDirectory: /home/uid610
-+
-+dn: cn=user611,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user611
-+sn: user611
-+uid: uid611
-+givenname: givenname611
-+description: description611
-+userPassword: password611
-+mail: uid611
-+uidnumber: 611
-+gidnumber: 611
-+homeDirectory: /home/uid611
-+
-+dn: cn=user612,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user612
-+sn: user612
-+uid: uid612
-+givenname: givenname612
-+description: description612
-+userPassword: password612
-+mail: uid612
-+uidnumber: 612
-+gidnumber: 612
-+homeDirectory: /home/uid612
-+
-+dn: cn=user613,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user613
-+sn: user613
-+uid: uid613
-+givenname: givenname613
-+description: description613
-+userPassword: password613
-+mail: uid613
-+uidnumber: 613
-+gidnumber: 613
-+homeDirectory: /home/uid613
-+
-+dn: cn=user614,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user614
-+sn: user614
-+uid: uid614
-+givenname: givenname614
-+description: description614
-+userPassword: password614
-+mail: uid614
-+uidnumber: 614
-+gidnumber: 614
-+homeDirectory: /home/uid614
-+
-+dn: cn=user615,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user615
-+sn: user615
-+uid: uid615
-+givenname: givenname615
-+description: description615
-+userPassword: password615
-+mail: uid615
-+uidnumber: 615
-+gidnumber: 615
-+homeDirectory: /home/uid615
-+
-+dn: cn=user616,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user616
-+sn: user616
-+uid: uid616
-+givenname: givenname616
-+description: description616
-+userPassword: password616
-+mail: uid616
-+uidnumber: 616
-+gidnumber: 616
-+homeDirectory: /home/uid616
-+
-+dn: cn=user617,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user617
-+sn: user617
-+uid: uid617
-+givenname: givenname617
-+description: description617
-+userPassword: password617
-+mail: uid617
-+uidnumber: 617
-+gidnumber: 617
-+homeDirectory: /home/uid617
-+
-+dn: cn=user618,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user618
-+sn: user618
-+uid: uid618
-+givenname: givenname618
-+description: description618
-+userPassword: password618
-+mail: uid618
-+uidnumber: 618
-+gidnumber: 618
-+homeDirectory: /home/uid618
-+
-+dn: cn=user619,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user619
-+sn: user619
-+uid: uid619
-+givenname: givenname619
-+description: description619
-+userPassword: password619
-+mail: uid619
-+uidnumber: 619
-+gidnumber: 619
-+homeDirectory: /home/uid619
-+
-+dn: cn=user620,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user620
-+sn: user620
-+uid: uid620
-+givenname: givenname620
-+description: description620
-+userPassword: password620
-+mail: uid620
-+uidnumber: 620
-+gidnumber: 620
-+homeDirectory: /home/uid620
-+
-+dn: cn=user621,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user621
-+sn: user621
-+uid: uid621
-+givenname: givenname621
-+description: description621
-+userPassword: password621
-+mail: uid621
-+uidnumber: 621
-+gidnumber: 621
-+homeDirectory: /home/uid621
-+
-+dn: cn=user622,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user622
-+sn: user622
-+uid: uid622
-+givenname: givenname622
-+description: description622
-+userPassword: password622
-+mail: uid622
-+uidnumber: 622
-+gidnumber: 622
-+homeDirectory: /home/uid622
-+
-+dn: cn=user623,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user623
-+sn: user623
-+uid: uid623
-+givenname: givenname623
-+description: description623
-+userPassword: password623
-+mail: uid623
-+uidnumber: 623
-+gidnumber: 623
-+homeDirectory: /home/uid623
-+
-+dn: cn=user624,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user624
-+sn: user624
-+uid: uid624
-+givenname: givenname624
-+description: description624
-+userPassword: password624
-+mail: uid624
-+uidnumber: 624
-+gidnumber: 624
-+homeDirectory: /home/uid624
-+
-+dn: cn=user625,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user625
-+sn: user625
-+uid: uid625
-+givenname: givenname625
-+description: description625
-+userPassword: password625
-+mail: uid625
-+uidnumber: 625
-+gidnumber: 625
-+homeDirectory: /home/uid625
-+
-+dn: cn=user626,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user626
-+sn: user626
-+uid: uid626
-+givenname: givenname626
-+description: description626
-+userPassword: password626
-+mail: uid626
-+uidnumber: 626
-+gidnumber: 626
-+homeDirectory: /home/uid626
-+
-+dn: cn=user627,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user627
-+sn: user627
-+uid: uid627
-+givenname: givenname627
-+description: description627
-+userPassword: password627
-+mail: uid627
-+uidnumber: 627
-+gidnumber: 627
-+homeDirectory: /home/uid627
-+
-+dn: cn=user628,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user628
-+sn: user628
-+uid: uid628
-+givenname: givenname628
-+description: description628
-+userPassword: password628
-+mail: uid628
-+uidnumber: 628
-+gidnumber: 628
-+homeDirectory: /home/uid628
-+
-+dn: cn=user629,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user629
-+sn: user629
-+uid: uid629
-+givenname: givenname629
-+description: description629
-+userPassword: password629
-+mail: uid629
-+uidnumber: 629
-+gidnumber: 629
-+homeDirectory: /home/uid629
-+
-+dn: cn=user630,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user630
-+sn: user630
-+uid: uid630
-+givenname: givenname630
-+description: description630
-+userPassword: password630
-+mail: uid630
-+uidnumber: 630
-+gidnumber: 630
-+homeDirectory: /home/uid630
-+
-+dn: cn=user631,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user631
-+sn: user631
-+uid: uid631
-+givenname: givenname631
-+description: description631
-+userPassword: password631
-+mail: uid631
-+uidnumber: 631
-+gidnumber: 631
-+homeDirectory: /home/uid631
-+
-+dn: cn=user632,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user632
-+sn: user632
-+uid: uid632
-+givenname: givenname632
-+description: description632
-+userPassword: password632
-+mail: uid632
-+uidnumber: 632
-+gidnumber: 632
-+homeDirectory: /home/uid632
-+
-+dn: cn=user633,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user633
-+sn: user633
-+uid: uid633
-+givenname: givenname633
-+description: description633
-+userPassword: password633
-+mail: uid633
-+uidnumber: 633
-+gidnumber: 633
-+homeDirectory: /home/uid633
-+
-+dn: cn=user634,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user634
-+sn: user634
-+uid: uid634
-+givenname: givenname634
-+description: description634
-+userPassword: password634
-+mail: uid634
-+uidnumber: 634
-+gidnumber: 634
-+homeDirectory: /home/uid634
-+
-+dn: cn=user635,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user635
-+sn: user635
-+uid: uid635
-+givenname: givenname635
-+description: description635
-+userPassword: password635
-+mail: uid635
-+uidnumber: 635
-+gidnumber: 635
-+homeDirectory: /home/uid635
-+
-+dn: cn=user636,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user636
-+sn: user636
-+uid: uid636
-+givenname: givenname636
-+description: description636
-+userPassword: password636
-+mail: uid636
-+uidnumber: 636
-+gidnumber: 636
-+homeDirectory: /home/uid636
-+
-+dn: cn=user637,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user637
-+sn: user637
-+uid: uid637
-+givenname: givenname637
-+description: description637
-+userPassword: password637
-+mail: uid637
-+uidnumber: 637
-+gidnumber: 637
-+homeDirectory: /home/uid637
-+
-+dn: cn=user638,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user638
-+sn: user638
-+uid: uid638
-+givenname: givenname638
-+description: description638
-+userPassword: password638
-+mail: uid638
-+uidnumber: 638
-+gidnumber: 638
-+homeDirectory: /home/uid638
-+
-+dn: cn=user639,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user639
-+sn: user639
-+uid: uid639
-+givenname: givenname639
-+description: description639
-+userPassword: password639
-+mail: uid639
-+uidnumber: 639
-+gidnumber: 639
-+homeDirectory: /home/uid639
-+
-+dn: cn=user640,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user640
-+sn: user640
-+uid: uid640
-+givenname: givenname640
-+description: description640
-+userPassword: password640
-+mail: uid640
-+uidnumber: 640
-+gidnumber: 640
-+homeDirectory: /home/uid640
-+
-+dn: cn=user641,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user641
-+sn: user641
-+uid: uid641
-+givenname: givenname641
-+description: description641
-+userPassword: password641
-+mail: uid641
-+uidnumber: 641
-+gidnumber: 641
-+homeDirectory: /home/uid641
-+
-+dn: cn=user642,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user642
-+sn: user642
-+uid: uid642
-+givenname: givenname642
-+description: description642
-+userPassword: password642
-+mail: uid642
-+uidnumber: 642
-+gidnumber: 642
-+homeDirectory: /home/uid642
-+
-+dn: cn=user643,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user643
-+sn: user643
-+uid: uid643
-+givenname: givenname643
-+description: description643
-+userPassword: password643
-+mail: uid643
-+uidnumber: 643
-+gidnumber: 643
-+homeDirectory: /home/uid643
-+
-+dn: cn=user644,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user644
-+sn: user644
-+uid: uid644
-+givenname: givenname644
-+description: description644
-+userPassword: password644
-+mail: uid644
-+uidnumber: 644
-+gidnumber: 644
-+homeDirectory: /home/uid644
-+
-+dn: cn=user645,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user645
-+sn: user645
-+uid: uid645
-+givenname: givenname645
-+description: description645
-+userPassword: password645
-+mail: uid645
-+uidnumber: 645
-+gidnumber: 645
-+homeDirectory: /home/uid645
-+
-+dn: cn=user646,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user646
-+sn: user646
-+uid: uid646
-+givenname: givenname646
-+description: description646
-+userPassword: password646
-+mail: uid646
-+uidnumber: 646
-+gidnumber: 646
-+homeDirectory: /home/uid646
-+
-+dn: cn=user647,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user647
-+sn: user647
-+uid: uid647
-+givenname: givenname647
-+description: description647
-+userPassword: password647
-+mail: uid647
-+uidnumber: 647
-+gidnumber: 647
-+homeDirectory: /home/uid647
-+
-+dn: cn=user648,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user648
-+sn: user648
-+uid: uid648
-+givenname: givenname648
-+description: description648
-+userPassword: password648
-+mail: uid648
-+uidnumber: 648
-+gidnumber: 648
-+homeDirectory: /home/uid648
-+
-+dn: cn=user649,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user649
-+sn: user649
-+uid: uid649
-+givenname: givenname649
-+description: description649
-+userPassword: password649
-+mail: uid649
-+uidnumber: 649
-+gidnumber: 649
-+homeDirectory: /home/uid649
-+
-+dn: cn=user650,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user650
-+sn: user650
-+uid: uid650
-+givenname: givenname650
-+description: description650
-+userPassword: password650
-+mail: uid650
-+uidnumber: 650
-+gidnumber: 650
-+homeDirectory: /home/uid650
-+
-+dn: cn=user651,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user651
-+sn: user651
-+uid: uid651
-+givenname: givenname651
-+description: description651
-+userPassword: password651
-+mail: uid651
-+uidnumber: 651
-+gidnumber: 651
-+homeDirectory: /home/uid651
-+
-+dn: cn=user652,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user652
-+sn: user652
-+uid: uid652
-+givenname: givenname652
-+description: description652
-+userPassword: password652
-+mail: uid652
-+uidnumber: 652
-+gidnumber: 652
-+homeDirectory: /home/uid652
-+
-+dn: cn=user653,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user653
-+sn: user653
-+uid: uid653
-+givenname: givenname653
-+description: description653
-+userPassword: password653
-+mail: uid653
-+uidnumber: 653
-+gidnumber: 653
-+homeDirectory: /home/uid653
-+
-+dn: cn=user654,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user654
-+sn: user654
-+uid: uid654
-+givenname: givenname654
-+description: description654
-+userPassword: password654
-+mail: uid654
-+uidnumber: 654
-+gidnumber: 654
-+homeDirectory: /home/uid654
-+
-+dn: cn=user655,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user655
-+sn: user655
-+uid: uid655
-+givenname: givenname655
-+description: description655
-+userPassword: password655
-+mail: uid655
-+uidnumber: 655
-+gidnumber: 655
-+homeDirectory: /home/uid655
-+
-+dn: cn=user656,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user656
-+sn: user656
-+uid: uid656
-+givenname: givenname656
-+description: description656
-+userPassword: password656
-+mail: uid656
-+uidnumber: 656
-+gidnumber: 656
-+homeDirectory: /home/uid656
-+
-+dn: cn=user657,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user657
-+sn: user657
-+uid: uid657
-+givenname: givenname657
-+description: description657
-+userPassword: password657
-+mail: uid657
-+uidnumber: 657
-+gidnumber: 657
-+homeDirectory: /home/uid657
-+
-+dn: cn=user658,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user658
-+sn: user658
-+uid: uid658
-+givenname: givenname658
-+description: description658
-+userPassword: password658
-+mail: uid658
-+uidnumber: 658
-+gidnumber: 658
-+homeDirectory: /home/uid658
-+
-+dn: cn=user659,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user659
-+sn: user659
-+uid: uid659
-+givenname: givenname659
-+description: description659
-+userPassword: password659
-+mail: uid659
-+uidnumber: 659
-+gidnumber: 659
-+homeDirectory: /home/uid659
-+
-+dn: cn=user660,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user660
-+sn: user660
-+uid: uid660
-+givenname: givenname660
-+description: description660
-+userPassword: password660
-+mail: uid660
-+uidnumber: 660
-+gidnumber: 660
-+homeDirectory: /home/uid660
-+
-+dn: cn=user661,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user661
-+sn: user661
-+uid: uid661
-+givenname: givenname661
-+description: description661
-+userPassword: password661
-+mail: uid661
-+uidnumber: 661
-+gidnumber: 661
-+homeDirectory: /home/uid661
-+
-+dn: cn=user662,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user662
-+sn: user662
-+uid: uid662
-+givenname: givenname662
-+description: description662
-+userPassword: password662
-+mail: uid662
-+uidnumber: 662
-+gidnumber: 662
-+homeDirectory: /home/uid662
-+
-+dn: cn=user663,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user663
-+sn: user663
-+uid: uid663
-+givenname: givenname663
-+description: description663
-+userPassword: password663
-+mail: uid663
-+uidnumber: 663
-+gidnumber: 663
-+homeDirectory: /home/uid663
-+
-+dn: cn=user664,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user664
-+sn: user664
-+uid: uid664
-+givenname: givenname664
-+description: description664
-+userPassword: password664
-+mail: uid664
-+uidnumber: 664
-+gidnumber: 664
-+homeDirectory: /home/uid664
-+
-+dn: cn=user665,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user665
-+sn: user665
-+uid: uid665
-+givenname: givenname665
-+description: description665
-+userPassword: password665
-+mail: uid665
-+uidnumber: 665
-+gidnumber: 665
-+homeDirectory: /home/uid665
-+
-+dn: cn=user666,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user666
-+sn: user666
-+uid: uid666
-+givenname: givenname666
-+description: description666
-+userPassword: password666
-+mail: uid666
-+uidnumber: 666
-+gidnumber: 666
-+homeDirectory: /home/uid666
-+
-+dn: cn=user667,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user667
-+sn: user667
-+uid: uid667
-+givenname: givenname667
-+description: description667
-+userPassword: password667
-+mail: uid667
-+uidnumber: 667
-+gidnumber: 667
-+homeDirectory: /home/uid667
-+
-+dn: cn=user668,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user668
-+sn: user668
-+uid: uid668
-+givenname: givenname668
-+description: description668
-+userPassword: password668
-+mail: uid668
-+uidnumber: 668
-+gidnumber: 668
-+homeDirectory: /home/uid668
-+
-+dn: cn=user669,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user669
-+sn: user669
-+uid: uid669
-+givenname: givenname669
-+description: description669
-+userPassword: password669
-+mail: uid669
-+uidnumber: 669
-+gidnumber: 669
-+homeDirectory: /home/uid669
-+
-+dn: cn=user670,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user670
-+sn: user670
-+uid: uid670
-+givenname: givenname670
-+description: description670
-+userPassword: password670
-+mail: uid670
-+uidnumber: 670
-+gidnumber: 670
-+homeDirectory: /home/uid670
-+
-+dn: cn=user671,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user671
-+sn: user671
-+uid: uid671
-+givenname: givenname671
-+description: description671
-+userPassword: password671
-+mail: uid671
-+uidnumber: 671
-+gidnumber: 671
-+homeDirectory: /home/uid671
-+
-+dn: cn=user672,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user672
-+sn: user672
-+uid: uid672
-+givenname: givenname672
-+description: description672
-+userPassword: password672
-+mail: uid672
-+uidnumber: 672
-+gidnumber: 672
-+homeDirectory: /home/uid672
-+
-+dn: cn=user673,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user673
-+sn: user673
-+uid: uid673
-+givenname: givenname673
-+description: description673
-+userPassword: password673
-+mail: uid673
-+uidnumber: 673
-+gidnumber: 673
-+homeDirectory: /home/uid673
-+
-+dn: cn=user674,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user674
-+sn: user674
-+uid: uid674
-+givenname: givenname674
-+description: description674
-+userPassword: password674
-+mail: uid674
-+uidnumber: 674
-+gidnumber: 674
-+homeDirectory: /home/uid674
-+
-+dn: cn=user675,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user675
-+sn: user675
-+uid: uid675
-+givenname: givenname675
-+description: description675
-+userPassword: password675
-+mail: uid675
-+uidnumber: 675
-+gidnumber: 675
-+homeDirectory: /home/uid675
-+
-+dn: cn=user676,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user676
-+sn: user676
-+uid: uid676
-+givenname: givenname676
-+description: description676
-+userPassword: password676
-+mail: uid676
-+uidnumber: 676
-+gidnumber: 676
-+homeDirectory: /home/uid676
-+
-+dn: cn=user677,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user677
-+sn: user677
-+uid: uid677
-+givenname: givenname677
-+description: description677
-+userPassword: password677
-+mail: uid677
-+uidnumber: 677
-+gidnumber: 677
-+homeDirectory: /home/uid677
-+
-+dn: cn=user678,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user678
-+sn: user678
-+uid: uid678
-+givenname: givenname678
-+description: description678
-+userPassword: password678
-+mail: uid678
-+uidnumber: 678
-+gidnumber: 678
-+homeDirectory: /home/uid678
-+
-+dn: cn=user679,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user679
-+sn: user679
-+uid: uid679
-+givenname: givenname679
-+description: description679
-+userPassword: password679
-+mail: uid679
-+uidnumber: 679
-+gidnumber: 679
-+homeDirectory: /home/uid679
-+
-+dn: cn=user680,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user680
-+sn: user680
-+uid: uid680
-+givenname: givenname680
-+description: description680
-+userPassword: password680
-+mail: uid680
-+uidnumber: 680
-+gidnumber: 680
-+homeDirectory: /home/uid680
-+
-+dn: cn=user681,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user681
-+sn: user681
-+uid: uid681
-+givenname: givenname681
-+description: description681
-+userPassword: password681
-+mail: uid681
-+uidnumber: 681
-+gidnumber: 681
-+homeDirectory: /home/uid681
-+
-+dn: cn=user682,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user682
-+sn: user682
-+uid: uid682
-+givenname: givenname682
-+description: description682
-+userPassword: password682
-+mail: uid682
-+uidnumber: 682
-+gidnumber: 682
-+homeDirectory: /home/uid682
-+
-+dn: cn=user683,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user683
-+sn: user683
-+uid: uid683
-+givenname: givenname683
-+description: description683
-+userPassword: password683
-+mail: uid683
-+uidnumber: 683
-+gidnumber: 683
-+homeDirectory: /home/uid683
-+
-+dn: cn=user684,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user684
-+sn: user684
-+uid: uid684
-+givenname: givenname684
-+description: description684
-+userPassword: password684
-+mail: uid684
-+uidnumber: 684
-+gidnumber: 684
-+homeDirectory: /home/uid684
-+
-+dn: cn=user685,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user685
-+sn: user685
-+uid: uid685
-+givenname: givenname685
-+description: description685
-+userPassword: password685
-+mail: uid685
-+uidnumber: 685
-+gidnumber: 685
-+homeDirectory: /home/uid685
-+
-+dn: cn=user686,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user686
-+sn: user686
-+uid: uid686
-+givenname: givenname686
-+description: description686
-+userPassword: password686
-+mail: uid686
-+uidnumber: 686
-+gidnumber: 686
-+homeDirectory: /home/uid686
-+
-+dn: cn=user687,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user687
-+sn: user687
-+uid: uid687
-+givenname: givenname687
-+description: description687
-+userPassword: password687
-+mail: uid687
-+uidnumber: 687
-+gidnumber: 687
-+homeDirectory: /home/uid687
-+
-+dn: cn=user688,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user688
-+sn: user688
-+uid: uid688
-+givenname: givenname688
-+description: description688
-+userPassword: password688
-+mail: uid688
-+uidnumber: 688
-+gidnumber: 688
-+homeDirectory: /home/uid688
-+
-+dn: cn=user689,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user689
-+sn: user689
-+uid: uid689
-+givenname: givenname689
-+description: description689
-+userPassword: password689
-+mail: uid689
-+uidnumber: 689
-+gidnumber: 689
-+homeDirectory: /home/uid689
-+
-+dn: cn=user690,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user690
-+sn: user690
-+uid: uid690
-+givenname: givenname690
-+description: description690
-+userPassword: password690
-+mail: uid690
-+uidnumber: 690
-+gidnumber: 690
-+homeDirectory: /home/uid690
-+
-+dn: cn=user691,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user691
-+sn: user691
-+uid: uid691
-+givenname: givenname691
-+description: description691
-+userPassword: password691
-+mail: uid691
-+uidnumber: 691
-+gidnumber: 691
-+homeDirectory: /home/uid691
-+
-+dn: cn=user692,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user692
-+sn: user692
-+uid: uid692
-+givenname: givenname692
-+description: description692
-+userPassword: password692
-+mail: uid692
-+uidnumber: 692
-+gidnumber: 692
-+homeDirectory: /home/uid692
-+
-+dn: cn=user693,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user693
-+sn: user693
-+uid: uid693
-+givenname: givenname693
-+description: description693
-+userPassword: password693
-+mail: uid693
-+uidnumber: 693
-+gidnumber: 693
-+homeDirectory: /home/uid693
-+
-+dn: cn=user694,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user694
-+sn: user694
-+uid: uid694
-+givenname: givenname694
-+description: description694
-+userPassword: password694
-+mail: uid694
-+uidnumber: 694
-+gidnumber: 694
-+homeDirectory: /home/uid694
-+
-+dn: cn=user695,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user695
-+sn: user695
-+uid: uid695
-+givenname: givenname695
-+description: description695
-+userPassword: password695
-+mail: uid695
-+uidnumber: 695
-+gidnumber: 695
-+homeDirectory: /home/uid695
-+
-+dn: cn=user696,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user696
-+sn: user696
-+uid: uid696
-+givenname: givenname696
-+description: description696
-+userPassword: password696
-+mail: uid696
-+uidnumber: 696
-+gidnumber: 696
-+homeDirectory: /home/uid696
-+
-+dn: cn=user697,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user697
-+sn: user697
-+uid: uid697
-+givenname: givenname697
-+description: description697
-+userPassword: password697
-+mail: uid697
-+uidnumber: 697
-+gidnumber: 697
-+homeDirectory: /home/uid697
-+
-+dn: cn=user698,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user698
-+sn: user698
-+uid: uid698
-+givenname: givenname698
-+description: description698
-+userPassword: password698
-+mail: uid698
-+uidnumber: 698
-+gidnumber: 698
-+homeDirectory: /home/uid698
-+
-+dn: cn=user699,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user699
-+sn: user699
-+uid: uid699
-+givenname: givenname699
-+description: description699
-+userPassword: password699
-+mail: uid699
-+uidnumber: 699
-+gidnumber: 699
-+homeDirectory: /home/uid699
-+
-+dn: cn=user700,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user700
-+sn: user700
-+uid: uid700
-+givenname: givenname700
-+description: description700
-+userPassword: password700
-+mail: uid700
-+uidnumber: 700
-+gidnumber: 700
-+homeDirectory: /home/uid700
-+
-+dn: cn=user701,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user701
-+sn: user701
-+uid: uid701
-+givenname: givenname701
-+description: description701
-+userPassword: password701
-+mail: uid701
-+uidnumber: 701
-+gidnumber: 701
-+homeDirectory: /home/uid701
-+
-+dn: cn=user702,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user702
-+sn: user702
-+uid: uid702
-+givenname: givenname702
-+description: description702
-+userPassword: password702
-+mail: uid702
-+uidnumber: 702
-+gidnumber: 702
-+homeDirectory: /home/uid702
-+
-+dn: cn=user703,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user703
-+sn: user703
-+uid: uid703
-+givenname: givenname703
-+description: description703
-+userPassword: password703
-+mail: uid703
-+uidnumber: 703
-+gidnumber: 703
-+homeDirectory: /home/uid703
-+
-+dn: cn=user704,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user704
-+sn: user704
-+uid: uid704
-+givenname: givenname704
-+description: description704
-+userPassword: password704
-+mail: uid704
-+uidnumber: 704
-+gidnumber: 704
-+homeDirectory: /home/uid704
-+
-+dn: cn=user705,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user705
-+sn: user705
-+uid: uid705
-+givenname: givenname705
-+description: description705
-+userPassword: password705
-+mail: uid705
-+uidnumber: 705
-+gidnumber: 705
-+homeDirectory: /home/uid705
-+
-+dn: cn=user706,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user706
-+sn: user706
-+uid: uid706
-+givenname: givenname706
-+description: description706
-+userPassword: password706
-+mail: uid706
-+uidnumber: 706
-+gidnumber: 706
-+homeDirectory: /home/uid706
-+
-+dn: cn=user707,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user707
-+sn: user707
-+uid: uid707
-+givenname: givenname707
-+description: description707
-+userPassword: password707
-+mail: uid707
-+uidnumber: 707
-+gidnumber: 707
-+homeDirectory: /home/uid707
-+
-+dn: cn=user708,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user708
-+sn: user708
-+uid: uid708
-+givenname: givenname708
-+description: description708
-+userPassword: password708
-+mail: uid708
-+uidnumber: 708
-+gidnumber: 708
-+homeDirectory: /home/uid708
-+
-+dn: cn=user709,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user709
-+sn: user709
-+uid: uid709
-+givenname: givenname709
-+description: description709
-+userPassword: password709
-+mail: uid709
-+uidnumber: 709
-+gidnumber: 709
-+homeDirectory: /home/uid709
-+
-+dn: cn=user710,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user710
-+sn: user710
-+uid: uid710
-+givenname: givenname710
-+description: description710
-+userPassword: password710
-+mail: uid710
-+uidnumber: 710
-+gidnumber: 710
-+homeDirectory: /home/uid710
-+
-+dn: cn=user711,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user711
-+sn: user711
-+uid: uid711
-+givenname: givenname711
-+description: description711
-+userPassword: password711
-+mail: uid711
-+uidnumber: 711
-+gidnumber: 711
-+homeDirectory: /home/uid711
-+
-+dn: cn=user712,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user712
-+sn: user712
-+uid: uid712
-+givenname: givenname712
-+description: description712
-+userPassword: password712
-+mail: uid712
-+uidnumber: 712
-+gidnumber: 712
-+homeDirectory: /home/uid712
-+
-+dn: cn=user713,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user713
-+sn: user713
-+uid: uid713
-+givenname: givenname713
-+description: description713
-+userPassword: password713
-+mail: uid713
-+uidnumber: 713
-+gidnumber: 713
-+homeDirectory: /home/uid713
-+
-+dn: cn=user714,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user714
-+sn: user714
-+uid: uid714
-+givenname: givenname714
-+description: description714
-+userPassword: password714
-+mail: uid714
-+uidnumber: 714
-+gidnumber: 714
-+homeDirectory: /home/uid714
-+
-+dn: cn=user715,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user715
-+sn: user715
-+uid: uid715
-+givenname: givenname715
-+description: description715
-+userPassword: password715
-+mail: uid715
-+uidnumber: 715
-+gidnumber: 715
-+homeDirectory: /home/uid715
-+
-+dn: cn=user716,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user716
-+sn: user716
-+uid: uid716
-+givenname: givenname716
-+description: description716
-+userPassword: password716
-+mail: uid716
-+uidnumber: 716
-+gidnumber: 716
-+homeDirectory: /home/uid716
-+
-+dn: cn=user717,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user717
-+sn: user717
-+uid: uid717
-+givenname: givenname717
-+description: description717
-+userPassword: password717
-+mail: uid717
-+uidnumber: 717
-+gidnumber: 717
-+homeDirectory: /home/uid717
-+
-+dn: cn=user718,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user718
-+sn: user718
-+uid: uid718
-+givenname: givenname718
-+description: description718
-+userPassword: password718
-+mail: uid718
-+uidnumber: 718
-+gidnumber: 718
-+homeDirectory: /home/uid718
-+
-+dn: cn=user719,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user719
-+sn: user719
-+uid: uid719
-+givenname: givenname719
-+description: description719
-+userPassword: password719
-+mail: uid719
-+uidnumber: 719
-+gidnumber: 719
-+homeDirectory: /home/uid719
-+
-+dn: cn=user720,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user720
-+sn: user720
-+uid: uid720
-+givenname: givenname720
-+description: description720
-+userPassword: password720
-+mail: uid720
-+uidnumber: 720
-+gidnumber: 720
-+homeDirectory: /home/uid720
-+
-+dn: cn=user721,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user721
-+sn: user721
-+uid: uid721
-+givenname: givenname721
-+description: description721
-+userPassword: password721
-+mail: uid721
-+uidnumber: 721
-+gidnumber: 721
-+homeDirectory: /home/uid721
-+
-+dn: cn=user722,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user722
-+sn: user722
-+uid: uid722
-+givenname: givenname722
-+description: description722
-+userPassword: password722
-+mail: uid722
-+uidnumber: 722
-+gidnumber: 722
-+homeDirectory: /home/uid722
-+
-+dn: cn=user723,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user723
-+sn: user723
-+uid: uid723
-+givenname: givenname723
-+description: description723
-+userPassword: password723
-+mail: uid723
-+uidnumber: 723
-+gidnumber: 723
-+homeDirectory: /home/uid723
-+
-+dn: cn=user724,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user724
-+sn: user724
-+uid: uid724
-+givenname: givenname724
-+description: description724
-+userPassword: password724
-+mail: uid724
-+uidnumber: 724
-+gidnumber: 724
-+homeDirectory: /home/uid724
-+
-+dn: cn=user725,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user725
-+sn: user725
-+uid: uid725
-+givenname: givenname725
-+description: description725
-+userPassword: password725
-+mail: uid725
-+uidnumber: 725
-+gidnumber: 725
-+homeDirectory: /home/uid725
-+
-+dn: cn=user726,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user726
-+sn: user726
-+uid: uid726
-+givenname: givenname726
-+description: description726
-+userPassword: password726
-+mail: uid726
-+uidnumber: 726
-+gidnumber: 726
-+homeDirectory: /home/uid726
-+
-+dn: cn=user727,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user727
-+sn: user727
-+uid: uid727
-+givenname: givenname727
-+description: description727
-+userPassword: password727
-+mail: uid727
-+uidnumber: 727
-+gidnumber: 727
-+homeDirectory: /home/uid727
-+
-+dn: cn=user728,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user728
-+sn: user728
-+uid: uid728
-+givenname: givenname728
-+description: description728
-+userPassword: password728
-+mail: uid728
-+uidnumber: 728
-+gidnumber: 728
-+homeDirectory: /home/uid728
-+
-+dn: cn=user729,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user729
-+sn: user729
-+uid: uid729
-+givenname: givenname729
-+description: description729
-+userPassword: password729
-+mail: uid729
-+uidnumber: 729
-+gidnumber: 729
-+homeDirectory: /home/uid729
-+
-+dn: cn=user730,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user730
-+sn: user730
-+uid: uid730
-+givenname: givenname730
-+description: description730
-+userPassword: password730
-+mail: uid730
-+uidnumber: 730
-+gidnumber: 730
-+homeDirectory: /home/uid730
-+
-+dn: cn=user731,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user731
-+sn: user731
-+uid: uid731
-+givenname: givenname731
-+description: description731
-+userPassword: password731
-+mail: uid731
-+uidnumber: 731
-+gidnumber: 731
-+homeDirectory: /home/uid731
-+
-+dn: cn=user732,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user732
-+sn: user732
-+uid: uid732
-+givenname: givenname732
-+description: description732
-+userPassword: password732
-+mail: uid732
-+uidnumber: 732
-+gidnumber: 732
-+homeDirectory: /home/uid732
-+
-+dn: cn=user733,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user733
-+sn: user733
-+uid: uid733
-+givenname: givenname733
-+description: description733
-+userPassword: password733
-+mail: uid733
-+uidnumber: 733
-+gidnumber: 733
-+homeDirectory: /home/uid733
-+
-+dn: cn=user734,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user734
-+sn: user734
-+uid: uid734
-+givenname: givenname734
-+description: description734
-+userPassword: password734
-+mail: uid734
-+uidnumber: 734
-+gidnumber: 734
-+homeDirectory: /home/uid734
-+
-+dn: cn=user735,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user735
-+sn: user735
-+uid: uid735
-+givenname: givenname735
-+description: description735
-+userPassword: password735
-+mail: uid735
-+uidnumber: 735
-+gidnumber: 735
-+homeDirectory: /home/uid735
-+
-+dn: cn=user736,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user736
-+sn: user736
-+uid: uid736
-+givenname: givenname736
-+description: description736
-+userPassword: password736
-+mail: uid736
-+uidnumber: 736
-+gidnumber: 736
-+homeDirectory: /home/uid736
-+
-+dn: cn=user737,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user737
-+sn: user737
-+uid: uid737
-+givenname: givenname737
-+description: description737
-+userPassword: password737
-+mail: uid737
-+uidnumber: 737
-+gidnumber: 737
-+homeDirectory: /home/uid737
-+
-+dn: cn=user738,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user738
-+sn: user738
-+uid: uid738
-+givenname: givenname738
-+description: description738
-+userPassword: password738
-+mail: uid738
-+uidnumber: 738
-+gidnumber: 738
-+homeDirectory: /home/uid738
-+
-+dn: cn=user739,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user739
-+sn: user739
-+uid: uid739
-+givenname: givenname739
-+description: description739
-+userPassword: password739
-+mail: uid739
-+uidnumber: 739
-+gidnumber: 739
-+homeDirectory: /home/uid739
-+
-+dn: cn=user740,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user740
-+sn: user740
-+uid: uid740
-+givenname: givenname740
-+description: description740
-+userPassword: password740
-+mail: uid740
-+uidnumber: 740
-+gidnumber: 740
-+homeDirectory: /home/uid740
-+
-+dn: cn=user741,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user741
-+sn: user741
-+uid: uid741
-+givenname: givenname741
-+description: description741
-+userPassword: password741
-+mail: uid741
-+uidnumber: 741
-+gidnumber: 741
-+homeDirectory: /home/uid741
-+
-+dn: cn=user742,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user742
-+sn: user742
-+uid: uid742
-+givenname: givenname742
-+description: description742
-+userPassword: password742
-+mail: uid742
-+uidnumber: 742
-+gidnumber: 742
-+homeDirectory: /home/uid742
-+
-+dn: cn=user743,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user743
-+sn: user743
-+uid: uid743
-+givenname: givenname743
-+description: description743
-+userPassword: password743
-+mail: uid743
-+uidnumber: 743
-+gidnumber: 743
-+homeDirectory: /home/uid743
-+
-+dn: cn=user744,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user744
-+sn: user744
-+uid: uid744
-+givenname: givenname744
-+description: description744
-+userPassword: password744
-+mail: uid744
-+uidnumber: 744
-+gidnumber: 744
-+homeDirectory: /home/uid744
-+
-+dn: cn=user745,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user745
-+sn: user745
-+uid: uid745
-+givenname: givenname745
-+description: description745
-+userPassword: password745
-+mail: uid745
-+uidnumber: 745
-+gidnumber: 745
-+homeDirectory: /home/uid745
-+
-+dn: cn=user746,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user746
-+sn: user746
-+uid: uid746
-+givenname: givenname746
-+description: description746
-+userPassword: password746
-+mail: uid746
-+uidnumber: 746
-+gidnumber: 746
-+homeDirectory: /home/uid746
-+
-+dn: cn=user747,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user747
-+sn: user747
-+uid: uid747
-+givenname: givenname747
-+description: description747
-+userPassword: password747
-+mail: uid747
-+uidnumber: 747
-+gidnumber: 747
-+homeDirectory: /home/uid747
-+
-+dn: cn=user748,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user748
-+sn: user748
-+uid: uid748
-+givenname: givenname748
-+description: description748
-+userPassword: password748
-+mail: uid748
-+uidnumber: 748
-+gidnumber: 748
-+homeDirectory: /home/uid748
-+
-+dn: cn=user749,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user749
-+sn: user749
-+uid: uid749
-+givenname: givenname749
-+description: description749
-+userPassword: password749
-+mail: uid749
-+uidnumber: 749
-+gidnumber: 749
-+homeDirectory: /home/uid749
-+
-+dn: cn=user750,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user750
-+sn: user750
-+uid: uid750
-+givenname: givenname750
-+description: description750
-+userPassword: password750
-+mail: uid750
-+uidnumber: 750
-+gidnumber: 750
-+homeDirectory: /home/uid750
-+
-+dn: cn=user751,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user751
-+sn: user751
-+uid: uid751
-+givenname: givenname751
-+description: description751
-+userPassword: password751
-+mail: uid751
-+uidnumber: 751
-+gidnumber: 751
-+homeDirectory: /home/uid751
-+
-+dn: cn=user752,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user752
-+sn: user752
-+uid: uid752
-+givenname: givenname752
-+description: description752
-+userPassword: password752
-+mail: uid752
-+uidnumber: 752
-+gidnumber: 752
-+homeDirectory: /home/uid752
-+
-+dn: cn=user753,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user753
-+sn: user753
-+uid: uid753
-+givenname: givenname753
-+description: description753
-+userPassword: password753
-+mail: uid753
-+uidnumber: 753
-+gidnumber: 753
-+homeDirectory: /home/uid753
-+
-+dn: cn=user754,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user754
-+sn: user754
-+uid: uid754
-+givenname: givenname754
-+description: description754
-+userPassword: password754
-+mail: uid754
-+uidnumber: 754
-+gidnumber: 754
-+homeDirectory: /home/uid754
-+
-+dn: cn=user755,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user755
-+sn: user755
-+uid: uid755
-+givenname: givenname755
-+description: description755
-+userPassword: password755
-+mail: uid755
-+uidnumber: 755
-+gidnumber: 755
-+homeDirectory: /home/uid755
-+
-+dn: cn=user756,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user756
-+sn: user756
-+uid: uid756
-+givenname: givenname756
-+description: description756
-+userPassword: password756
-+mail: uid756
-+uidnumber: 756
-+gidnumber: 756
-+homeDirectory: /home/uid756
-+
-+dn: cn=user757,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user757
-+sn: user757
-+uid: uid757
-+givenname: givenname757
-+description: description757
-+userPassword: password757
-+mail: uid757
-+uidnumber: 757
-+gidnumber: 757
-+homeDirectory: /home/uid757
-+
-+dn: cn=user758,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user758
-+sn: user758
-+uid: uid758
-+givenname: givenname758
-+description: description758
-+userPassword: password758
-+mail: uid758
-+uidnumber: 758
-+gidnumber: 758
-+homeDirectory: /home/uid758
-+
-+dn: cn=user759,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user759
-+sn: user759
-+uid: uid759
-+givenname: givenname759
-+description: description759
-+userPassword: password759
-+mail: uid759
-+uidnumber: 759
-+gidnumber: 759
-+homeDirectory: /home/uid759
-+
-+dn: cn=user760,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user760
-+sn: user760
-+uid: uid760
-+givenname: givenname760
-+description: description760
-+userPassword: password760
-+mail: uid760
-+uidnumber: 760
-+gidnumber: 760
-+homeDirectory: /home/uid760
-+
-+dn: cn=user761,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user761
-+sn: user761
-+uid: uid761
-+givenname: givenname761
-+description: description761
-+userPassword: password761
-+mail: uid761
-+uidnumber: 761
-+gidnumber: 761
-+homeDirectory: /home/uid761
-+
-+dn: cn=user762,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user762
-+sn: user762
-+uid: uid762
-+givenname: givenname762
-+description: description762
-+userPassword: password762
-+mail: uid762
-+uidnumber: 762
-+gidnumber: 762
-+homeDirectory: /home/uid762
-+
-+dn: cn=user763,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user763
-+sn: user763
-+uid: uid763
-+givenname: givenname763
-+description: description763
-+userPassword: password763
-+mail: uid763
-+uidnumber: 763
-+gidnumber: 763
-+homeDirectory: /home/uid763
-+
-+dn: cn=user764,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user764
-+sn: user764
-+uid: uid764
-+givenname: givenname764
-+description: description764
-+userPassword: password764
-+mail: uid764
-+uidnumber: 764
-+gidnumber: 764
-+homeDirectory: /home/uid764
-+
-+dn: cn=user765,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user765
-+sn: user765
-+uid: uid765
-+givenname: givenname765
-+description: description765
-+userPassword: password765
-+mail: uid765
-+uidnumber: 765
-+gidnumber: 765
-+homeDirectory: /home/uid765
-+
-+dn: cn=user766,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user766
-+sn: user766
-+uid: uid766
-+givenname: givenname766
-+description: description766
-+userPassword: password766
-+mail: uid766
-+uidnumber: 766
-+gidnumber: 766
-+homeDirectory: /home/uid766
-+
-+dn: cn=user767,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user767
-+sn: user767
-+uid: uid767
-+givenname: givenname767
-+description: description767
-+userPassword: password767
-+mail: uid767
-+uidnumber: 767
-+gidnumber: 767
-+homeDirectory: /home/uid767
-+
-+dn: cn=user768,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user768
-+sn: user768
-+uid: uid768
-+givenname: givenname768
-+description: description768
-+userPassword: password768
-+mail: uid768
-+uidnumber: 768
-+gidnumber: 768
-+homeDirectory: /home/uid768
-+
-+dn: cn=user769,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user769
-+sn: user769
-+uid: uid769
-+givenname: givenname769
-+description: description769
-+userPassword: password769
-+mail: uid769
-+uidnumber: 769
-+gidnumber: 769
-+homeDirectory: /home/uid769
-+
-+dn: cn=user770,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user770
-+sn: user770
-+uid: uid770
-+givenname: givenname770
-+description: description770
-+userPassword: password770
-+mail: uid770
-+uidnumber: 770
-+gidnumber: 770
-+homeDirectory: /home/uid770
-+
-+dn: cn=user771,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user771
-+sn: user771
-+uid: uid771
-+givenname: givenname771
-+description: description771
-+userPassword: password771
-+mail: uid771
-+uidnumber: 771
-+gidnumber: 771
-+homeDirectory: /home/uid771
-+
-+dn: cn=user772,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user772
-+sn: user772
-+uid: uid772
-+givenname: givenname772
-+description: description772
-+userPassword: password772
-+mail: uid772
-+uidnumber: 772
-+gidnumber: 772
-+homeDirectory: /home/uid772
-+
-+dn: cn=user773,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user773
-+sn: user773
-+uid: uid773
-+givenname: givenname773
-+description: description773
-+userPassword: password773
-+mail: uid773
-+uidnumber: 773
-+gidnumber: 773
-+homeDirectory: /home/uid773
-+
-+dn: cn=user774,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user774
-+sn: user774
-+uid: uid774
-+givenname: givenname774
-+description: description774
-+userPassword: password774
-+mail: uid774
-+uidnumber: 774
-+gidnumber: 774
-+homeDirectory: /home/uid774
-+
-+dn: cn=user775,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user775
-+sn: user775
-+uid: uid775
-+givenname: givenname775
-+description: description775
-+userPassword: password775
-+mail: uid775
-+uidnumber: 775
-+gidnumber: 775
-+homeDirectory: /home/uid775
-+
-+dn: cn=user776,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user776
-+sn: user776
-+uid: uid776
-+givenname: givenname776
-+description: description776
-+userPassword: password776
-+mail: uid776
-+uidnumber: 776
-+gidnumber: 776
-+homeDirectory: /home/uid776
-+
-+dn: cn=user777,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user777
-+sn: user777
-+uid: uid777
-+givenname: givenname777
-+description: description777
-+userPassword: password777
-+mail: uid777
-+uidnumber: 777
-+gidnumber: 777
-+homeDirectory: /home/uid777
-+
-+dn: cn=user778,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user778
-+sn: user778
-+uid: uid778
-+givenname: givenname778
-+description: description778
-+userPassword: password778
-+mail: uid778
-+uidnumber: 778
-+gidnumber: 778
-+homeDirectory: /home/uid778
-+
-+dn: cn=user779,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user779
-+sn: user779
-+uid: uid779
-+givenname: givenname779
-+description: description779
-+userPassword: password779
-+mail: uid779
-+uidnumber: 779
-+gidnumber: 779
-+homeDirectory: /home/uid779
-+
-+dn: cn=user780,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user780
-+sn: user780
-+uid: uid780
-+givenname: givenname780
-+description: description780
-+userPassword: password780
-+mail: uid780
-+uidnumber: 780
-+gidnumber: 780
-+homeDirectory: /home/uid780
-+
-+dn: cn=user781,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user781
-+sn: user781
-+uid: uid781
-+givenname: givenname781
-+description: description781
-+userPassword: password781
-+mail: uid781
-+uidnumber: 781
-+gidnumber: 781
-+homeDirectory: /home/uid781
-+
-+dn: cn=user782,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user782
-+sn: user782
-+uid: uid782
-+givenname: givenname782
-+description: description782
-+userPassword: password782
-+mail: uid782
-+uidnumber: 782
-+gidnumber: 782
-+homeDirectory: /home/uid782
-+
-+dn: cn=user783,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user783
-+sn: user783
-+uid: uid783
-+givenname: givenname783
-+description: description783
-+userPassword: password783
-+mail: uid783
-+uidnumber: 783
-+gidnumber: 783
-+homeDirectory: /home/uid783
-+
-+dn: cn=user784,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user784
-+sn: user784
-+uid: uid784
-+givenname: givenname784
-+description: description784
-+userPassword: password784
-+mail: uid784
-+uidnumber: 784
-+gidnumber: 784
-+homeDirectory: /home/uid784
-+
-+dn: cn=user785,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user785
-+sn: user785
-+uid: uid785
-+givenname: givenname785
-+description: description785
-+userPassword: password785
-+mail: uid785
-+uidnumber: 785
-+gidnumber: 785
-+homeDirectory: /home/uid785
-+
-+dn: cn=user786,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user786
-+sn: user786
-+uid: uid786
-+givenname: givenname786
-+description: description786
-+userPassword: password786
-+mail: uid786
-+uidnumber: 786
-+gidnumber: 786
-+homeDirectory: /home/uid786
-+
-+dn: cn=user787,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user787
-+sn: user787
-+uid: uid787
-+givenname: givenname787
-+description: description787
-+userPassword: password787
-+mail: uid787
-+uidnumber: 787
-+gidnumber: 787
-+homeDirectory: /home/uid787
-+
-+dn: cn=user788,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user788
-+sn: user788
-+uid: uid788
-+givenname: givenname788
-+description: description788
-+userPassword: password788
-+mail: uid788
-+uidnumber: 788
-+gidnumber: 788
-+homeDirectory: /home/uid788
-+
-+dn: cn=user789,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user789
-+sn: user789
-+uid: uid789
-+givenname: givenname789
-+description: description789
-+userPassword: password789
-+mail: uid789
-+uidnumber: 789
-+gidnumber: 789
-+homeDirectory: /home/uid789
-+
-+dn: cn=user790,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user790
-+sn: user790
-+uid: uid790
-+givenname: givenname790
-+description: description790
-+userPassword: password790
-+mail: uid790
-+uidnumber: 790
-+gidnumber: 790
-+homeDirectory: /home/uid790
-+
-+dn: cn=user791,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user791
-+sn: user791
-+uid: uid791
-+givenname: givenname791
-+description: description791
-+userPassword: password791
-+mail: uid791
-+uidnumber: 791
-+gidnumber: 791
-+homeDirectory: /home/uid791
-+
-+dn: cn=user792,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user792
-+sn: user792
-+uid: uid792
-+givenname: givenname792
-+description: description792
-+userPassword: password792
-+mail: uid792
-+uidnumber: 792
-+gidnumber: 792
-+homeDirectory: /home/uid792
-+
-+dn: cn=user793,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user793
-+sn: user793
-+uid: uid793
-+givenname: givenname793
-+description: description793
-+userPassword: password793
-+mail: uid793
-+uidnumber: 793
-+gidnumber: 793
-+homeDirectory: /home/uid793
-+
-+dn: cn=user794,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user794
-+sn: user794
-+uid: uid794
-+givenname: givenname794
-+description: description794
-+userPassword: password794
-+mail: uid794
-+uidnumber: 794
-+gidnumber: 794
-+homeDirectory: /home/uid794
-+
-+dn: cn=user795,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user795
-+sn: user795
-+uid: uid795
-+givenname: givenname795
-+description: description795
-+userPassword: password795
-+mail: uid795
-+uidnumber: 795
-+gidnumber: 795
-+homeDirectory: /home/uid795
-+
-+dn: cn=user796,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user796
-+sn: user796
-+uid: uid796
-+givenname: givenname796
-+description: description796
-+userPassword: password796
-+mail: uid796
-+uidnumber: 796
-+gidnumber: 796
-+homeDirectory: /home/uid796
-+
-+dn: cn=user797,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user797
-+sn: user797
-+uid: uid797
-+givenname: givenname797
-+description: description797
-+userPassword: password797
-+mail: uid797
-+uidnumber: 797
-+gidnumber: 797
-+homeDirectory: /home/uid797
-+
-+dn: cn=user798,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user798
-+sn: user798
-+uid: uid798
-+givenname: givenname798
-+description: description798
-+userPassword: password798
-+mail: uid798
-+uidnumber: 798
-+gidnumber: 798
-+homeDirectory: /home/uid798
-+
-+dn: cn=user799,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user799
-+sn: user799
-+uid: uid799
-+givenname: givenname799
-+description: description799
-+userPassword: password799
-+mail: uid799
-+uidnumber: 799
-+gidnumber: 799
-+homeDirectory: /home/uid799
-+
-+dn: cn=user800,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user800
-+sn: user800
-+uid: uid800
-+givenname: givenname800
-+description: description800
-+userPassword: password800
-+mail: uid800
-+uidnumber: 800
-+gidnumber: 800
-+homeDirectory: /home/uid800
-+
-+dn: cn=user801,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user801
-+sn: user801
-+uid: uid801
-+givenname: givenname801
-+description: description801
-+userPassword: password801
-+mail: uid801
-+uidnumber: 801
-+gidnumber: 801
-+homeDirectory: /home/uid801
-+
-+dn: cn=user802,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user802
-+sn: user802
-+uid: uid802
-+givenname: givenname802
-+description: description802
-+userPassword: password802
-+mail: uid802
-+uidnumber: 802
-+gidnumber: 802
-+homeDirectory: /home/uid802
-+
-+dn: cn=user803,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user803
-+sn: user803
-+uid: uid803
-+givenname: givenname803
-+description: description803
-+userPassword: password803
-+mail: uid803
-+uidnumber: 803
-+gidnumber: 803
-+homeDirectory: /home/uid803
-+
-+dn: cn=user804,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user804
-+sn: user804
-+uid: uid804
-+givenname: givenname804
-+description: description804
-+userPassword: password804
-+mail: uid804
-+uidnumber: 804
-+gidnumber: 804
-+homeDirectory: /home/uid804
-+
-+dn: cn=user805,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user805
-+sn: user805
-+uid: uid805
-+givenname: givenname805
-+description: description805
-+userPassword: password805
-+mail: uid805
-+uidnumber: 805
-+gidnumber: 805
-+homeDirectory: /home/uid805
-+
-+dn: cn=user806,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user806
-+sn: user806
-+uid: uid806
-+givenname: givenname806
-+description: description806
-+userPassword: password806
-+mail: uid806
-+uidnumber: 806
-+gidnumber: 806
-+homeDirectory: /home/uid806
-+
-+dn: cn=user807,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user807
-+sn: user807
-+uid: uid807
-+givenname: givenname807
-+description: description807
-+userPassword: password807
-+mail: uid807
-+uidnumber: 807
-+gidnumber: 807
-+homeDirectory: /home/uid807
-+
-+dn: cn=user808,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user808
-+sn: user808
-+uid: uid808
-+givenname: givenname808
-+description: description808
-+userPassword: password808
-+mail: uid808
-+uidnumber: 808
-+gidnumber: 808
-+homeDirectory: /home/uid808
-+
-+dn: cn=user809,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user809
-+sn: user809
-+uid: uid809
-+givenname: givenname809
-+description: description809
-+userPassword: password809
-+mail: uid809
-+uidnumber: 809
-+gidnumber: 809
-+homeDirectory: /home/uid809
-+
-+dn: cn=user810,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user810
-+sn: user810
-+uid: uid810
-+givenname: givenname810
-+description: description810
-+userPassword: password810
-+mail: uid810
-+uidnumber: 810
-+gidnumber: 810
-+homeDirectory: /home/uid810
-+
-+dn: cn=user811,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user811
-+sn: user811
-+uid: uid811
-+givenname: givenname811
-+description: description811
-+userPassword: password811
-+mail: uid811
-+uidnumber: 811
-+gidnumber: 811
-+homeDirectory: /home/uid811
-+
-+dn: cn=user812,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user812
-+sn: user812
-+uid: uid812
-+givenname: givenname812
-+description: description812
-+userPassword: password812
-+mail: uid812
-+uidnumber: 812
-+gidnumber: 812
-+homeDirectory: /home/uid812
-+
-+dn: cn=user813,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user813
-+sn: user813
-+uid: uid813
-+givenname: givenname813
-+description: description813
-+userPassword: password813
-+mail: uid813
-+uidnumber: 813
-+gidnumber: 813
-+homeDirectory: /home/uid813
-+
-+dn: cn=user814,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user814
-+sn: user814
-+uid: uid814
-+givenname: givenname814
-+description: description814
-+userPassword: password814
-+mail: uid814
-+uidnumber: 814
-+gidnumber: 814
-+homeDirectory: /home/uid814
-+
-+dn: cn=user815,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user815
-+sn: user815
-+uid: uid815
-+givenname: givenname815
-+description: description815
-+userPassword: password815
-+mail: uid815
-+uidnumber: 815
-+gidnumber: 815
-+homeDirectory: /home/uid815
-+
-+dn: cn=user816,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user816
-+sn: user816
-+uid: uid816
-+givenname: givenname816
-+description: description816
-+userPassword: password816
-+mail: uid816
-+uidnumber: 816
-+gidnumber: 816
-+homeDirectory: /home/uid816
-+
-+dn: cn=user817,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user817
-+sn: user817
-+uid: uid817
-+givenname: givenname817
-+description: description817
-+userPassword: password817
-+mail: uid817
-+uidnumber: 817
-+gidnumber: 817
-+homeDirectory: /home/uid817
-+
-+dn: cn=user818,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user818
-+sn: user818
-+uid: uid818
-+givenname: givenname818
-+description: description818
-+userPassword: password818
-+mail: uid818
-+uidnumber: 818
-+gidnumber: 818
-+homeDirectory: /home/uid818
-+
-+dn: cn=user819,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user819
-+sn: user819
-+uid: uid819
-+givenname: givenname819
-+description: description819
-+userPassword: password819
-+mail: uid819
-+uidnumber: 819
-+gidnumber: 819
-+homeDirectory: /home/uid819
-+
-+dn: cn=user820,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user820
-+sn: user820
-+uid: uid820
-+givenname: givenname820
-+description: description820
-+userPassword: password820
-+mail: uid820
-+uidnumber: 820
-+gidnumber: 820
-+homeDirectory: /home/uid820
-+
-+dn: cn=user821,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user821
-+sn: user821
-+uid: uid821
-+givenname: givenname821
-+description: description821
-+userPassword: password821
-+mail: uid821
-+uidnumber: 821
-+gidnumber: 821
-+homeDirectory: /home/uid821
-+
-+dn: cn=user822,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user822
-+sn: user822
-+uid: uid822
-+givenname: givenname822
-+description: description822
-+userPassword: password822
-+mail: uid822
-+uidnumber: 822
-+gidnumber: 822
-+homeDirectory: /home/uid822
-+
-+dn: cn=user823,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user823
-+sn: user823
-+uid: uid823
-+givenname: givenname823
-+description: description823
-+userPassword: password823
-+mail: uid823
-+uidnumber: 823
-+gidnumber: 823
-+homeDirectory: /home/uid823
-+
-+dn: cn=user824,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user824
-+sn: user824
-+uid: uid824
-+givenname: givenname824
-+description: description824
-+userPassword: password824
-+mail: uid824
-+uidnumber: 824
-+gidnumber: 824
-+homeDirectory: /home/uid824
-+
-+dn: cn=user825,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user825
-+sn: user825
-+uid: uid825
-+givenname: givenname825
-+description: description825
-+userPassword: password825
-+mail: uid825
-+uidnumber: 825
-+gidnumber: 825
-+homeDirectory: /home/uid825
-+
-+dn: cn=user826,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user826
-+sn: user826
-+uid: uid826
-+givenname: givenname826
-+description: description826
-+userPassword: password826
-+mail: uid826
-+uidnumber: 826
-+gidnumber: 826
-+homeDirectory: /home/uid826
-+
-+dn: cn=user827,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user827
-+sn: user827
-+uid: uid827
-+givenname: givenname827
-+description: description827
-+userPassword: password827
-+mail: uid827
-+uidnumber: 827
-+gidnumber: 827
-+homeDirectory: /home/uid827
-+
-+dn: cn=user828,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user828
-+sn: user828
-+uid: uid828
-+givenname: givenname828
-+description: description828
-+userPassword: password828
-+mail: uid828
-+uidnumber: 828
-+gidnumber: 828
-+homeDirectory: /home/uid828
-+
-+dn: cn=user829,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user829
-+sn: user829
-+uid: uid829
-+givenname: givenname829
-+description: description829
-+userPassword: password829
-+mail: uid829
-+uidnumber: 829
-+gidnumber: 829
-+homeDirectory: /home/uid829
-+
-+dn: cn=user830,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user830
-+sn: user830
-+uid: uid830
-+givenname: givenname830
-+description: description830
-+userPassword: password830
-+mail: uid830
-+uidnumber: 830
-+gidnumber: 830
-+homeDirectory: /home/uid830
-+
-+dn: cn=user831,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user831
-+sn: user831
-+uid: uid831
-+givenname: givenname831
-+description: description831
-+userPassword: password831
-+mail: uid831
-+uidnumber: 831
-+gidnumber: 831
-+homeDirectory: /home/uid831
-+
-+dn: cn=user832,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user832
-+sn: user832
-+uid: uid832
-+givenname: givenname832
-+description: description832
-+userPassword: password832
-+mail: uid832
-+uidnumber: 832
-+gidnumber: 832
-+homeDirectory: /home/uid832
-+
-+dn: cn=user833,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user833
-+sn: user833
-+uid: uid833
-+givenname: givenname833
-+description: description833
-+userPassword: password833
-+mail: uid833
-+uidnumber: 833
-+gidnumber: 833
-+homeDirectory: /home/uid833
-+
-+dn: cn=user834,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user834
-+sn: user834
-+uid: uid834
-+givenname: givenname834
-+description: description834
-+userPassword: password834
-+mail: uid834
-+uidnumber: 834
-+gidnumber: 834
-+homeDirectory: /home/uid834
-+
-+dn: cn=user835,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user835
-+sn: user835
-+uid: uid835
-+givenname: givenname835
-+description: description835
-+userPassword: password835
-+mail: uid835
-+uidnumber: 835
-+gidnumber: 835
-+homeDirectory: /home/uid835
-+
-+dn: cn=user836,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user836
-+sn: user836
-+uid: uid836
-+givenname: givenname836
-+description: description836
-+userPassword: password836
-+mail: uid836
-+uidnumber: 836
-+gidnumber: 836
-+homeDirectory: /home/uid836
-+
-+dn: cn=user837,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user837
-+sn: user837
-+uid: uid837
-+givenname: givenname837
-+description: description837
-+userPassword: password837
-+mail: uid837
-+uidnumber: 837
-+gidnumber: 837
-+homeDirectory: /home/uid837
-+
-+dn: cn=user838,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user838
-+sn: user838
-+uid: uid838
-+givenname: givenname838
-+description: description838
-+userPassword: password838
-+mail: uid838
-+uidnumber: 838
-+gidnumber: 838
-+homeDirectory: /home/uid838
-+
-+dn: cn=user839,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user839
-+sn: user839
-+uid: uid839
-+givenname: givenname839
-+description: description839
-+userPassword: password839
-+mail: uid839
-+uidnumber: 839
-+gidnumber: 839
-+homeDirectory: /home/uid839
-+
-+dn: cn=user840,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user840
-+sn: user840
-+uid: uid840
-+givenname: givenname840
-+description: description840
-+userPassword: password840
-+mail: uid840
-+uidnumber: 840
-+gidnumber: 840
-+homeDirectory: /home/uid840
-+
-+dn: cn=user841,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user841
-+sn: user841
-+uid: uid841
-+givenname: givenname841
-+description: description841
-+userPassword: password841
-+mail: uid841
-+uidnumber: 841
-+gidnumber: 841
-+homeDirectory: /home/uid841
-+
-+dn: cn=user842,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user842
-+sn: user842
-+uid: uid842
-+givenname: givenname842
-+description: description842
-+userPassword: password842
-+mail: uid842
-+uidnumber: 842
-+gidnumber: 842
-+homeDirectory: /home/uid842
-+
-+dn: cn=user843,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user843
-+sn: user843
-+uid: uid843
-+givenname: givenname843
-+description: description843
-+userPassword: password843
-+mail: uid843
-+uidnumber: 843
-+gidnumber: 843
-+homeDirectory: /home/uid843
-+
-+dn: cn=user844,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user844
-+sn: user844
-+uid: uid844
-+givenname: givenname844
-+description: description844
-+userPassword: password844
-+mail: uid844
-+uidnumber: 844
-+gidnumber: 844
-+homeDirectory: /home/uid844
-+
-+dn: cn=user845,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user845
-+sn: user845
-+uid: uid845
-+givenname: givenname845
-+description: description845
-+userPassword: password845
-+mail: uid845
-+uidnumber: 845
-+gidnumber: 845
-+homeDirectory: /home/uid845
-+
-+dn: cn=user846,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user846
-+sn: user846
-+uid: uid846
-+givenname: givenname846
-+description: description846
-+userPassword: password846
-+mail: uid846
-+uidnumber: 846
-+gidnumber: 846
-+homeDirectory: /home/uid846
-+
-+dn: cn=user847,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user847
-+sn: user847
-+uid: uid847
-+givenname: givenname847
-+description: description847
-+userPassword: password847
-+mail: uid847
-+uidnumber: 847
-+gidnumber: 847
-+homeDirectory: /home/uid847
-+
-+dn: cn=user848,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user848
-+sn: user848
-+uid: uid848
-+givenname: givenname848
-+description: description848
-+userPassword: password848
-+mail: uid848
-+uidnumber: 848
-+gidnumber: 848
-+homeDirectory: /home/uid848
-+
-+dn: cn=user849,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user849
-+sn: user849
-+uid: uid849
-+givenname: givenname849
-+description: description849
-+userPassword: password849
-+mail: uid849
-+uidnumber: 849
-+gidnumber: 849
-+homeDirectory: /home/uid849
-+
-+dn: cn=user850,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user850
-+sn: user850
-+uid: uid850
-+givenname: givenname850
-+description: description850
-+userPassword: password850
-+mail: uid850
-+uidnumber: 850
-+gidnumber: 850
-+homeDirectory: /home/uid850
-+
-+dn: cn=user851,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user851
-+sn: user851
-+uid: uid851
-+givenname: givenname851
-+description: description851
-+userPassword: password851
-+mail: uid851
-+uidnumber: 851
-+gidnumber: 851
-+homeDirectory: /home/uid851
-+
-+dn: cn=user852,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user852
-+sn: user852
-+uid: uid852
-+givenname: givenname852
-+description: description852
-+userPassword: password852
-+mail: uid852
-+uidnumber: 852
-+gidnumber: 852
-+homeDirectory: /home/uid852
-+
-+dn: cn=user853,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user853
-+sn: user853
-+uid: uid853
-+givenname: givenname853
-+description: description853
-+userPassword: password853
-+mail: uid853
-+uidnumber: 853
-+gidnumber: 853
-+homeDirectory: /home/uid853
-+
-+dn: cn=user854,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user854
-+sn: user854
-+uid: uid854
-+givenname: givenname854
-+description: description854
-+userPassword: password854
-+mail: uid854
-+uidnumber: 854
-+gidnumber: 854
-+homeDirectory: /home/uid854
-+
-+dn: cn=user855,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user855
-+sn: user855
-+uid: uid855
-+givenname: givenname855
-+description: description855
-+userPassword: password855
-+mail: uid855
-+uidnumber: 855
-+gidnumber: 855
-+homeDirectory: /home/uid855
-+
-+dn: cn=user856,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user856
-+sn: user856
-+uid: uid856
-+givenname: givenname856
-+description: description856
-+userPassword: password856
-+mail: uid856
-+uidnumber: 856
-+gidnumber: 856
-+homeDirectory: /home/uid856
-+
-+dn: cn=user857,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user857
-+sn: user857
-+uid: uid857
-+givenname: givenname857
-+description: description857
-+userPassword: password857
-+mail: uid857
-+uidnumber: 857
-+gidnumber: 857
-+homeDirectory: /home/uid857
-+
-+dn: cn=user858,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user858
-+sn: user858
-+uid: uid858
-+givenname: givenname858
-+description: description858
-+userPassword: password858
-+mail: uid858
-+uidnumber: 858
-+gidnumber: 858
-+homeDirectory: /home/uid858
-+
-+dn: cn=user859,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user859
-+sn: user859
-+uid: uid859
-+givenname: givenname859
-+description: description859
-+userPassword: password859
-+mail: uid859
-+uidnumber: 859
-+gidnumber: 859
-+homeDirectory: /home/uid859
-+
-+dn: cn=user860,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user860
-+sn: user860
-+uid: uid860
-+givenname: givenname860
-+description: description860
-+userPassword: password860
-+mail: uid860
-+uidnumber: 860
-+gidnumber: 860
-+homeDirectory: /home/uid860
-+
-+dn: cn=user861,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user861
-+sn: user861
-+uid: uid861
-+givenname: givenname861
-+description: description861
-+userPassword: password861
-+mail: uid861
-+uidnumber: 861
-+gidnumber: 861
-+homeDirectory: /home/uid861
-+
-+dn: cn=user862,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user862
-+sn: user862
-+uid: uid862
-+givenname: givenname862
-+description: description862
-+userPassword: password862
-+mail: uid862
-+uidnumber: 862
-+gidnumber: 862
-+homeDirectory: /home/uid862
-+
-+dn: cn=user863,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user863
-+sn: user863
-+uid: uid863
-+givenname: givenname863
-+description: description863
-+userPassword: password863
-+mail: uid863
-+uidnumber: 863
-+gidnumber: 863
-+homeDirectory: /home/uid863
-+
-+dn: cn=user864,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user864
-+sn: user864
-+uid: uid864
-+givenname: givenname864
-+description: description864
-+userPassword: password864
-+mail: uid864
-+uidnumber: 864
-+gidnumber: 864
-+homeDirectory: /home/uid864
-+
-+dn: cn=user865,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user865
-+sn: user865
-+uid: uid865
-+givenname: givenname865
-+description: description865
-+userPassword: password865
-+mail: uid865
-+uidnumber: 865
-+gidnumber: 865
-+homeDirectory: /home/uid865
-+
-+dn: cn=user866,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user866
-+sn: user866
-+uid: uid866
-+givenname: givenname866
-+description: description866
-+userPassword: password866
-+mail: uid866
-+uidnumber: 866
-+gidnumber: 866
-+homeDirectory: /home/uid866
-+
-+dn: cn=user867,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user867
-+sn: user867
-+uid: uid867
-+givenname: givenname867
-+description: description867
-+userPassword: password867
-+mail: uid867
-+uidnumber: 867
-+gidnumber: 867
-+homeDirectory: /home/uid867
-+
-+dn: cn=user868,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user868
-+sn: user868
-+uid: uid868
-+givenname: givenname868
-+description: description868
-+userPassword: password868
-+mail: uid868
-+uidnumber: 868
-+gidnumber: 868
-+homeDirectory: /home/uid868
-+
-+dn: cn=user869,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user869
-+sn: user869
-+uid: uid869
-+givenname: givenname869
-+description: description869
-+userPassword: password869
-+mail: uid869
-+uidnumber: 869
-+gidnumber: 869
-+homeDirectory: /home/uid869
-+
-+dn: cn=user870,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user870
-+sn: user870
-+uid: uid870
-+givenname: givenname870
-+description: description870
-+userPassword: password870
-+mail: uid870
-+uidnumber: 870
-+gidnumber: 870
-+homeDirectory: /home/uid870
-+
-+dn: cn=user871,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user871
-+sn: user871
-+uid: uid871
-+givenname: givenname871
-+description: description871
-+userPassword: password871
-+mail: uid871
-+uidnumber: 871
-+gidnumber: 871
-+homeDirectory: /home/uid871
-+
-+dn: cn=user872,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user872
-+sn: user872
-+uid: uid872
-+givenname: givenname872
-+description: description872
-+userPassword: password872
-+mail: uid872
-+uidnumber: 872
-+gidnumber: 872
-+homeDirectory: /home/uid872
-+
-+dn: cn=user873,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user873
-+sn: user873
-+uid: uid873
-+givenname: givenname873
-+description: description873
-+userPassword: password873
-+mail: uid873
-+uidnumber: 873
-+gidnumber: 873
-+homeDirectory: /home/uid873
-+
-+dn: cn=user874,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user874
-+sn: user874
-+uid: uid874
-+givenname: givenname874
-+description: description874
-+userPassword: password874
-+mail: uid874
-+uidnumber: 874
-+gidnumber: 874
-+homeDirectory: /home/uid874
-+
-+dn: cn=user875,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user875
-+sn: user875
-+uid: uid875
-+givenname: givenname875
-+description: description875
-+userPassword: password875
-+mail: uid875
-+uidnumber: 875
-+gidnumber: 875
-+homeDirectory: /home/uid875
-+
-+dn: cn=user876,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user876
-+sn: user876
-+uid: uid876
-+givenname: givenname876
-+description: description876
-+userPassword: password876
-+mail: uid876
-+uidnumber: 876
-+gidnumber: 876
-+homeDirectory: /home/uid876
-+
-+dn: cn=user877,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user877
-+sn: user877
-+uid: uid877
-+givenname: givenname877
-+description: description877
-+userPassword: password877
-+mail: uid877
-+uidnumber: 877
-+gidnumber: 877
-+homeDirectory: /home/uid877
-+
-+dn: cn=user878,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user878
-+sn: user878
-+uid: uid878
-+givenname: givenname878
-+description: description878
-+userPassword: password878
-+mail: uid878
-+uidnumber: 878
-+gidnumber: 878
-+homeDirectory: /home/uid878
-+
-+dn: cn=user879,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user879
-+sn: user879
-+uid: uid879
-+givenname: givenname879
-+description: description879
-+userPassword: password879
-+mail: uid879
-+uidnumber: 879
-+gidnumber: 879
-+homeDirectory: /home/uid879
-+
-+dn: cn=user880,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user880
-+sn: user880
-+uid: uid880
-+givenname: givenname880
-+description: description880
-+userPassword: password880
-+mail: uid880
-+uidnumber: 880
-+gidnumber: 880
-+homeDirectory: /home/uid880
-+
-+dn: cn=user881,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user881
-+sn: user881
-+uid: uid881
-+givenname: givenname881
-+description: description881
-+userPassword: password881
-+mail: uid881
-+uidnumber: 881
-+gidnumber: 881
-+homeDirectory: /home/uid881
-+
-+dn: cn=user882,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user882
-+sn: user882
-+uid: uid882
-+givenname: givenname882
-+description: description882
-+userPassword: password882
-+mail: uid882
-+uidnumber: 882
-+gidnumber: 882
-+homeDirectory: /home/uid882
-+
-+dn: cn=user883,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user883
-+sn: user883
-+uid: uid883
-+givenname: givenname883
-+description: description883
-+userPassword: password883
-+mail: uid883
-+uidnumber: 883
-+gidnumber: 883
-+homeDirectory: /home/uid883
-+
-+dn: cn=user884,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user884
-+sn: user884
-+uid: uid884
-+givenname: givenname884
-+description: description884
-+userPassword: password884
-+mail: uid884
-+uidnumber: 884
-+gidnumber: 884
-+homeDirectory: /home/uid884
-+
-+dn: cn=user885,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user885
-+sn: user885
-+uid: uid885
-+givenname: givenname885
-+description: description885
-+userPassword: password885
-+mail: uid885
-+uidnumber: 885
-+gidnumber: 885
-+homeDirectory: /home/uid885
-+
-+dn: cn=user886,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user886
-+sn: user886
-+uid: uid886
-+givenname: givenname886
-+description: description886
-+userPassword: password886
-+mail: uid886
-+uidnumber: 886
-+gidnumber: 886
-+homeDirectory: /home/uid886
-+
-+dn: cn=user887,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user887
-+sn: user887
-+uid: uid887
-+givenname: givenname887
-+description: description887
-+userPassword: password887
-+mail: uid887
-+uidnumber: 887
-+gidnumber: 887
-+homeDirectory: /home/uid887
-+
-+dn: cn=user888,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user888
-+sn: user888
-+uid: uid888
-+givenname: givenname888
-+description: description888
-+userPassword: password888
-+mail: uid888
-+uidnumber: 888
-+gidnumber: 888
-+homeDirectory: /home/uid888
-+
-+dn: cn=user889,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user889
-+sn: user889
-+uid: uid889
-+givenname: givenname889
-+description: description889
-+userPassword: password889
-+mail: uid889
-+uidnumber: 889
-+gidnumber: 889
-+homeDirectory: /home/uid889
-+
-+dn: cn=user890,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user890
-+sn: user890
-+uid: uid890
-+givenname: givenname890
-+description: description890
-+userPassword: password890
-+mail: uid890
-+uidnumber: 890
-+gidnumber: 890
-+homeDirectory: /home/uid890
-+
-+dn: cn=user891,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user891
-+sn: user891
-+uid: uid891
-+givenname: givenname891
-+description: description891
-+userPassword: password891
-+mail: uid891
-+uidnumber: 891
-+gidnumber: 891
-+homeDirectory: /home/uid891
-+
-+dn: cn=user892,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user892
-+sn: user892
-+uid: uid892
-+givenname: givenname892
-+description: description892
-+userPassword: password892
-+mail: uid892
-+uidnumber: 892
-+gidnumber: 892
-+homeDirectory: /home/uid892
-+
-+dn: cn=user893,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user893
-+sn: user893
-+uid: uid893
-+givenname: givenname893
-+description: description893
-+userPassword: password893
-+mail: uid893
-+uidnumber: 893
-+gidnumber: 893
-+homeDirectory: /home/uid893
-+
-+dn: cn=user894,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user894
-+sn: user894
-+uid: uid894
-+givenname: givenname894
-+description: description894
-+userPassword: password894
-+mail: uid894
-+uidnumber: 894
-+gidnumber: 894
-+homeDirectory: /home/uid894
-+
-+dn: cn=user895,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user895
-+sn: user895
-+uid: uid895
-+givenname: givenname895
-+description: description895
-+userPassword: password895
-+mail: uid895
-+uidnumber: 895
-+gidnumber: 895
-+homeDirectory: /home/uid895
-+
-+dn: cn=user896,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user896
-+sn: user896
-+uid: uid896
-+givenname: givenname896
-+description: description896
-+userPassword: password896
-+mail: uid896
-+uidnumber: 896
-+gidnumber: 896
-+homeDirectory: /home/uid896
-+
-+dn: cn=user897,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user897
-+sn: user897
-+uid: uid897
-+givenname: givenname897
-+description: description897
-+userPassword: password897
-+mail: uid897
-+uidnumber: 897
-+gidnumber: 897
-+homeDirectory: /home/uid897
-+
-+dn: cn=user898,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user898
-+sn: user898
-+uid: uid898
-+givenname: givenname898
-+description: description898
-+userPassword: password898
-+mail: uid898
-+uidnumber: 898
-+gidnumber: 898
-+homeDirectory: /home/uid898
-+
-+dn: cn=user899,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user899
-+sn: user899
-+uid: uid899
-+givenname: givenname899
-+description: description899
-+userPassword: password899
-+mail: uid899
-+uidnumber: 899
-+gidnumber: 899
-+homeDirectory: /home/uid899
-+
-+dn: cn=user900,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user900
-+sn: user900
-+uid: uid900
-+givenname: givenname900
-+description: description900
-+userPassword: password900
-+mail: uid900
-+uidnumber: 900
-+gidnumber: 900
-+homeDirectory: /home/uid900
-+
-+dn: cn=user901,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user901
-+sn: user901
-+uid: uid901
-+givenname: givenname901
-+description: description901
-+userPassword: password901
-+mail: uid901
-+uidnumber: 901
-+gidnumber: 901
-+homeDirectory: /home/uid901
-+
-+dn: cn=user902,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user902
-+sn: user902
-+uid: uid902
-+givenname: givenname902
-+description: description902
-+userPassword: password902
-+mail: uid902
-+uidnumber: 902
-+gidnumber: 902
-+homeDirectory: /home/uid902
-+
-+dn: cn=user903,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user903
-+sn: user903
-+uid: uid903
-+givenname: givenname903
-+description: description903
-+userPassword: password903
-+mail: uid903
-+uidnumber: 903
-+gidnumber: 903
-+homeDirectory: /home/uid903
-+
-+dn: cn=user904,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user904
-+sn: user904
-+uid: uid904
-+givenname: givenname904
-+description: description904
-+userPassword: password904
-+mail: uid904
-+uidnumber: 904
-+gidnumber: 904
-+homeDirectory: /home/uid904
-+
-+dn: cn=user905,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user905
-+sn: user905
-+uid: uid905
-+givenname: givenname905
-+description: description905
-+userPassword: password905
-+mail: uid905
-+uidnumber: 905
-+gidnumber: 905
-+homeDirectory: /home/uid905
-+
-+dn: cn=user906,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user906
-+sn: user906
-+uid: uid906
-+givenname: givenname906
-+description: description906
-+userPassword: password906
-+mail: uid906
-+uidnumber: 906
-+gidnumber: 906
-+homeDirectory: /home/uid906
-+
-+dn: cn=user907,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user907
-+sn: user907
-+uid: uid907
-+givenname: givenname907
-+description: description907
-+userPassword: password907
-+mail: uid907
-+uidnumber: 907
-+gidnumber: 907
-+homeDirectory: /home/uid907
-+
-+dn: cn=user908,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user908
-+sn: user908
-+uid: uid908
-+givenname: givenname908
-+description: description908
-+userPassword: password908
-+mail: uid908
-+uidnumber: 908
-+gidnumber: 908
-+homeDirectory: /home/uid908
-+
-+dn: cn=user909,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user909
-+sn: user909
-+uid: uid909
-+givenname: givenname909
-+description: description909
-+userPassword: password909
-+mail: uid909
-+uidnumber: 909
-+gidnumber: 909
-+homeDirectory: /home/uid909
-+
-+dn: cn=user910,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user910
-+sn: user910
-+uid: uid910
-+givenname: givenname910
-+description: description910
-+userPassword: password910
-+mail: uid910
-+uidnumber: 910
-+gidnumber: 910
-+homeDirectory: /home/uid910
-+
-+dn: cn=user911,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user911
-+sn: user911
-+uid: uid911
-+givenname: givenname911
-+description: description911
-+userPassword: password911
-+mail: uid911
-+uidnumber: 911
-+gidnumber: 911
-+homeDirectory: /home/uid911
-+
-+dn: cn=user912,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user912
-+sn: user912
-+uid: uid912
-+givenname: givenname912
-+description: description912
-+userPassword: password912
-+mail: uid912
-+uidnumber: 912
-+gidnumber: 912
-+homeDirectory: /home/uid912
-+
-+dn: cn=user913,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user913
-+sn: user913
-+uid: uid913
-+givenname: givenname913
-+description: description913
-+userPassword: password913
-+mail: uid913
-+uidnumber: 913
-+gidnumber: 913
-+homeDirectory: /home/uid913
-+
-+dn: cn=user914,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user914
-+sn: user914
-+uid: uid914
-+givenname: givenname914
-+description: description914
-+userPassword: password914
-+mail: uid914
-+uidnumber: 914
-+gidnumber: 914
-+homeDirectory: /home/uid914
-+
-+dn: cn=user915,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user915
-+sn: user915
-+uid: uid915
-+givenname: givenname915
-+description: description915
-+userPassword: password915
-+mail: uid915
-+uidnumber: 915
-+gidnumber: 915
-+homeDirectory: /home/uid915
-+
-+dn: cn=user916,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user916
-+sn: user916
-+uid: uid916
-+givenname: givenname916
-+description: description916
-+userPassword: password916
-+mail: uid916
-+uidnumber: 916
-+gidnumber: 916
-+homeDirectory: /home/uid916
-+
-+dn: cn=user917,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user917
-+sn: user917
-+uid: uid917
-+givenname: givenname917
-+description: description917
-+userPassword: password917
-+mail: uid917
-+uidnumber: 917
-+gidnumber: 917
-+homeDirectory: /home/uid917
-+
-+dn: cn=user918,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user918
-+sn: user918
-+uid: uid918
-+givenname: givenname918
-+description: description918
-+userPassword: password918
-+mail: uid918
-+uidnumber: 918
-+gidnumber: 918
-+homeDirectory: /home/uid918
-+
-+dn: cn=user919,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user919
-+sn: user919
-+uid: uid919
-+givenname: givenname919
-+description: description919
-+userPassword: password919
-+mail: uid919
-+uidnumber: 919
-+gidnumber: 919
-+homeDirectory: /home/uid919
-+
-+dn: cn=user920,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user920
-+sn: user920
-+uid: uid920
-+givenname: givenname920
-+description: description920
-+userPassword: password920
-+mail: uid920
-+uidnumber: 920
-+gidnumber: 920
-+homeDirectory: /home/uid920
-+
-+dn: cn=user921,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user921
-+sn: user921
-+uid: uid921
-+givenname: givenname921
-+description: description921
-+userPassword: password921
-+mail: uid921
-+uidnumber: 921
-+gidnumber: 921
-+homeDirectory: /home/uid921
-+
-+dn: cn=user922,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user922
-+sn: user922
-+uid: uid922
-+givenname: givenname922
-+description: description922
-+userPassword: password922
-+mail: uid922
-+uidnumber: 922
-+gidnumber: 922
-+homeDirectory: /home/uid922
-+
-+dn: cn=user923,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user923
-+sn: user923
-+uid: uid923
-+givenname: givenname923
-+description: description923
-+userPassword: password923
-+mail: uid923
-+uidnumber: 923
-+gidnumber: 923
-+homeDirectory: /home/uid923
-+
-+dn: cn=user924,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user924
-+sn: user924
-+uid: uid924
-+givenname: givenname924
-+description: description924
-+userPassword: password924
-+mail: uid924
-+uidnumber: 924
-+gidnumber: 924
-+homeDirectory: /home/uid924
-+
-+dn: cn=user925,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user925
-+sn: user925
-+uid: uid925
-+givenname: givenname925
-+description: description925
-+userPassword: password925
-+mail: uid925
-+uidnumber: 925
-+gidnumber: 925
-+homeDirectory: /home/uid925
-+
-+dn: cn=user926,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user926
-+sn: user926
-+uid: uid926
-+givenname: givenname926
-+description: description926
-+userPassword: password926
-+mail: uid926
-+uidnumber: 926
-+gidnumber: 926
-+homeDirectory: /home/uid926
-+
-+dn: cn=user927,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user927
-+sn: user927
-+uid: uid927
-+givenname: givenname927
-+description: description927
-+userPassword: password927
-+mail: uid927
-+uidnumber: 927
-+gidnumber: 927
-+homeDirectory: /home/uid927
-+
-+dn: cn=user928,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user928
-+sn: user928
-+uid: uid928
-+givenname: givenname928
-+description: description928
-+userPassword: password928
-+mail: uid928
-+uidnumber: 928
-+gidnumber: 928
-+homeDirectory: /home/uid928
-+
-+dn: cn=user929,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user929
-+sn: user929
-+uid: uid929
-+givenname: givenname929
-+description: description929
-+userPassword: password929
-+mail: uid929
-+uidnumber: 929
-+gidnumber: 929
-+homeDirectory: /home/uid929
-+
-+dn: cn=user930,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user930
-+sn: user930
-+uid: uid930
-+givenname: givenname930
-+description: description930
-+userPassword: password930
-+mail: uid930
-+uidnumber: 930
-+gidnumber: 930
-+homeDirectory: /home/uid930
-+
-+dn: cn=user931,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user931
-+sn: user931
-+uid: uid931
-+givenname: givenname931
-+description: description931
-+userPassword: password931
-+mail: uid931
-+uidnumber: 931
-+gidnumber: 931
-+homeDirectory: /home/uid931
-+
-+dn: cn=user932,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user932
-+sn: user932
-+uid: uid932
-+givenname: givenname932
-+description: description932
-+userPassword: password932
-+mail: uid932
-+uidnumber: 932
-+gidnumber: 932
-+homeDirectory: /home/uid932
-+
-+dn: cn=user933,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user933
-+sn: user933
-+uid: uid933
-+givenname: givenname933
-+description: description933
-+userPassword: password933
-+mail: uid933
-+uidnumber: 933
-+gidnumber: 933
-+homeDirectory: /home/uid933
-+
-+dn: cn=user934,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user934
-+sn: user934
-+uid: uid934
-+givenname: givenname934
-+description: description934
-+userPassword: password934
-+mail: uid934
-+uidnumber: 934
-+gidnumber: 934
-+homeDirectory: /home/uid934
-+
-+dn: cn=user935,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user935
-+sn: user935
-+uid: uid935
-+givenname: givenname935
-+description: description935
-+userPassword: password935
-+mail: uid935
-+uidnumber: 935
-+gidnumber: 935
-+homeDirectory: /home/uid935
-+
-+dn: cn=user936,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user936
-+sn: user936
-+uid: uid936
-+givenname: givenname936
-+description: description936
-+userPassword: password936
-+mail: uid936
-+uidnumber: 936
-+gidnumber: 936
-+homeDirectory: /home/uid936
-+
-+dn: cn=user937,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user937
-+sn: user937
-+uid: uid937
-+givenname: givenname937
-+description: description937
-+userPassword: password937
-+mail: uid937
-+uidnumber: 937
-+gidnumber: 937
-+homeDirectory: /home/uid937
-+
-+dn: cn=user938,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user938
-+sn: user938
-+uid: uid938
-+givenname: givenname938
-+description: description938
-+userPassword: password938
-+mail: uid938
-+uidnumber: 938
-+gidnumber: 938
-+homeDirectory: /home/uid938
-+
-+dn: cn=user939,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user939
-+sn: user939
-+uid: uid939
-+givenname: givenname939
-+description: description939
-+userPassword: password939
-+mail: uid939
-+uidnumber: 939
-+gidnumber: 939
-+homeDirectory: /home/uid939
-+
-+dn: cn=user940,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user940
-+sn: user940
-+uid: uid940
-+givenname: givenname940
-+description: description940
-+userPassword: password940
-+mail: uid940
-+uidnumber: 940
-+gidnumber: 940
-+homeDirectory: /home/uid940
-+
-+dn: cn=user941,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user941
-+sn: user941
-+uid: uid941
-+givenname: givenname941
-+description: description941
-+userPassword: password941
-+mail: uid941
-+uidnumber: 941
-+gidnumber: 941
-+homeDirectory: /home/uid941
-+
-+dn: cn=user942,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user942
-+sn: user942
-+uid: uid942
-+givenname: givenname942
-+description: description942
-+userPassword: password942
-+mail: uid942
-+uidnumber: 942
-+gidnumber: 942
-+homeDirectory: /home/uid942
-+
-+dn: cn=user943,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user943
-+sn: user943
-+uid: uid943
-+givenname: givenname943
-+description: description943
-+userPassword: password943
-+mail: uid943
-+uidnumber: 943
-+gidnumber: 943
-+homeDirectory: /home/uid943
-+
-+dn: cn=user944,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user944
-+sn: user944
-+uid: uid944
-+givenname: givenname944
-+description: description944
-+userPassword: password944
-+mail: uid944
-+uidnumber: 944
-+gidnumber: 944
-+homeDirectory: /home/uid944
-+
-+dn: cn=user945,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user945
-+sn: user945
-+uid: uid945
-+givenname: givenname945
-+description: description945
-+userPassword: password945
-+mail: uid945
-+uidnumber: 945
-+gidnumber: 945
-+homeDirectory: /home/uid945
-+
-+dn: cn=user946,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user946
-+sn: user946
-+uid: uid946
-+givenname: givenname946
-+description: description946
-+userPassword: password946
-+mail: uid946
-+uidnumber: 946
-+gidnumber: 946
-+homeDirectory: /home/uid946
-+
-+dn: cn=user947,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user947
-+sn: user947
-+uid: uid947
-+givenname: givenname947
-+description: description947
-+userPassword: password947
-+mail: uid947
-+uidnumber: 947
-+gidnumber: 947
-+homeDirectory: /home/uid947
-+
-+dn: cn=user948,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user948
-+sn: user948
-+uid: uid948
-+givenname: givenname948
-+description: description948
-+userPassword: password948
-+mail: uid948
-+uidnumber: 948
-+gidnumber: 948
-+homeDirectory: /home/uid948
-+
-+dn: cn=user949,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user949
-+sn: user949
-+uid: uid949
-+givenname: givenname949
-+description: description949
-+userPassword: password949
-+mail: uid949
-+uidnumber: 949
-+gidnumber: 949
-+homeDirectory: /home/uid949
-+
-+dn: cn=user950,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user950
-+sn: user950
-+uid: uid950
-+givenname: givenname950
-+description: description950
-+userPassword: password950
-+mail: uid950
-+uidnumber: 950
-+gidnumber: 950
-+homeDirectory: /home/uid950
-+
-+dn: cn=user951,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user951
-+sn: user951
-+uid: uid951
-+givenname: givenname951
-+description: description951
-+userPassword: password951
-+mail: uid951
-+uidnumber: 951
-+gidnumber: 951
-+homeDirectory: /home/uid951
-+
-+dn: cn=user952,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user952
-+sn: user952
-+uid: uid952
-+givenname: givenname952
-+description: description952
-+userPassword: password952
-+mail: uid952
-+uidnumber: 952
-+gidnumber: 952
-+homeDirectory: /home/uid952
-+
-+dn: cn=user953,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user953
-+sn: user953
-+uid: uid953
-+givenname: givenname953
-+description: description953
-+userPassword: password953
-+mail: uid953
-+uidnumber: 953
-+gidnumber: 953
-+homeDirectory: /home/uid953
-+
-+dn: cn=user954,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user954
-+sn: user954
-+uid: uid954
-+givenname: givenname954
-+description: description954
-+userPassword: password954
-+mail: uid954
-+uidnumber: 954
-+gidnumber: 954
-+homeDirectory: /home/uid954
-+
-+dn: cn=user955,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user955
-+sn: user955
-+uid: uid955
-+givenname: givenname955
-+description: description955
-+userPassword: password955
-+mail: uid955
-+uidnumber: 955
-+gidnumber: 955
-+homeDirectory: /home/uid955
-+
-+dn: cn=user956,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user956
-+sn: user956
-+uid: uid956
-+givenname: givenname956
-+description: description956
-+userPassword: password956
-+mail: uid956
-+uidnumber: 956
-+gidnumber: 956
-+homeDirectory: /home/uid956
-+
-+dn: cn=user957,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user957
-+sn: user957
-+uid: uid957
-+givenname: givenname957
-+description: description957
-+userPassword: password957
-+mail: uid957
-+uidnumber: 957
-+gidnumber: 957
-+homeDirectory: /home/uid957
-+
-+dn: cn=user958,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user958
-+sn: user958
-+uid: uid958
-+givenname: givenname958
-+description: description958
-+userPassword: password958
-+mail: uid958
-+uidnumber: 958
-+gidnumber: 958
-+homeDirectory: /home/uid958
-+
-+dn: cn=user959,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user959
-+sn: user959
-+uid: uid959
-+givenname: givenname959
-+description: description959
-+userPassword: password959
-+mail: uid959
-+uidnumber: 959
-+gidnumber: 959
-+homeDirectory: /home/uid959
-+
-+dn: cn=user960,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user960
-+sn: user960
-+uid: uid960
-+givenname: givenname960
-+description: description960
-+userPassword: password960
-+mail: uid960
-+uidnumber: 960
-+gidnumber: 960
-+homeDirectory: /home/uid960
-+
-+dn: cn=user961,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user961
-+sn: user961
-+uid: uid961
-+givenname: givenname961
-+description: description961
-+userPassword: password961
-+mail: uid961
-+uidnumber: 961
-+gidnumber: 961
-+homeDirectory: /home/uid961
-+
-+dn: cn=user962,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user962
-+sn: user962
-+uid: uid962
-+givenname: givenname962
-+description: description962
-+userPassword: password962
-+mail: uid962
-+uidnumber: 962
-+gidnumber: 962
-+homeDirectory: /home/uid962
-+
-+dn: cn=user963,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user963
-+sn: user963
-+uid: uid963
-+givenname: givenname963
-+description: description963
-+userPassword: password963
-+mail: uid963
-+uidnumber: 963
-+gidnumber: 963
-+homeDirectory: /home/uid963
-+
-+dn: cn=user964,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user964
-+sn: user964
-+uid: uid964
-+givenname: givenname964
-+description: description964
-+userPassword: password964
-+mail: uid964
-+uidnumber: 964
-+gidnumber: 964
-+homeDirectory: /home/uid964
-+
-+dn: cn=user965,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user965
-+sn: user965
-+uid: uid965
-+givenname: givenname965
-+description: description965
-+userPassword: password965
-+mail: uid965
-+uidnumber: 965
-+gidnumber: 965
-+homeDirectory: /home/uid965
-+
-+dn: cn=user966,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user966
-+sn: user966
-+uid: uid966
-+givenname: givenname966
-+description: description966
-+userPassword: password966
-+mail: uid966
-+uidnumber: 966
-+gidnumber: 966
-+homeDirectory: /home/uid966
-+
-+dn: cn=user967,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user967
-+sn: user967
-+uid: uid967
-+givenname: givenname967
-+description: description967
-+userPassword: password967
-+mail: uid967
-+uidnumber: 967
-+gidnumber: 967
-+homeDirectory: /home/uid967
-+
-+dn: cn=user968,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user968
-+sn: user968
-+uid: uid968
-+givenname: givenname968
-+description: description968
-+userPassword: password968
-+mail: uid968
-+uidnumber: 968
-+gidnumber: 968
-+homeDirectory: /home/uid968
-+
-+dn: cn=user969,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user969
-+sn: user969
-+uid: uid969
-+givenname: givenname969
-+description: description969
-+userPassword: password969
-+mail: uid969
-+uidnumber: 969
-+gidnumber: 969
-+homeDirectory: /home/uid969
-+
-+dn: cn=user970,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user970
-+sn: user970
-+uid: uid970
-+givenname: givenname970
-+description: description970
-+userPassword: password970
-+mail: uid970
-+uidnumber: 970
-+gidnumber: 970
-+homeDirectory: /home/uid970
-+
-+dn: cn=user971,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user971
-+sn: user971
-+uid: uid971
-+givenname: givenname971
-+description: description971
-+userPassword: password971
-+mail: uid971
-+uidnumber: 971
-+gidnumber: 971
-+homeDirectory: /home/uid971
-+
-+dn: cn=user972,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user972
-+sn: user972
-+uid: uid972
-+givenname: givenname972
-+description: description972
-+userPassword: password972
-+mail: uid972
-+uidnumber: 972
-+gidnumber: 972
-+homeDirectory: /home/uid972
-+
-+dn: cn=user973,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user973
-+sn: user973
-+uid: uid973
-+givenname: givenname973
-+description: description973
-+userPassword: password973
-+mail: uid973
-+uidnumber: 973
-+gidnumber: 973
-+homeDirectory: /home/uid973
-+
-+dn: cn=user974,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user974
-+sn: user974
-+uid: uid974
-+givenname: givenname974
-+description: description974
-+userPassword: password974
-+mail: uid974
-+uidnumber: 974
-+gidnumber: 974
-+homeDirectory: /home/uid974
-+
-+dn: cn=user975,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user975
-+sn: user975
-+uid: uid975
-+givenname: givenname975
-+description: description975
-+userPassword: password975
-+mail: uid975
-+uidnumber: 975
-+gidnumber: 975
-+homeDirectory: /home/uid975
-+
-+dn: cn=user976,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user976
-+sn: user976
-+uid: uid976
-+givenname: givenname976
-+description: description976
-+userPassword: password976
-+mail: uid976
-+uidnumber: 976
-+gidnumber: 976
-+homeDirectory: /home/uid976
-+
-+dn: cn=user977,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user977
-+sn: user977
-+uid: uid977
-+givenname: givenname977
-+description: description977
-+userPassword: password977
-+mail: uid977
-+uidnumber: 977
-+gidnumber: 977
-+homeDirectory: /home/uid977
-+
-+dn: cn=user978,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user978
-+sn: user978
-+uid: uid978
-+givenname: givenname978
-+description: description978
-+userPassword: password978
-+mail: uid978
-+uidnumber: 978
-+gidnumber: 978
-+homeDirectory: /home/uid978
-+
-+dn: cn=user979,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user979
-+sn: user979
-+uid: uid979
-+givenname: givenname979
-+description: description979
-+userPassword: password979
-+mail: uid979
-+uidnumber: 979
-+gidnumber: 979
-+homeDirectory: /home/uid979
-+
-+dn: cn=user980,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user980
-+sn: user980
-+uid: uid980
-+givenname: givenname980
-+description: description980
-+userPassword: password980
-+mail: uid980
-+uidnumber: 980
-+gidnumber: 980
-+homeDirectory: /home/uid980
-+
-+dn: cn=user981,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user981
-+sn: user981
-+uid: uid981
-+givenname: givenname981
-+description: description981
-+userPassword: password981
-+mail: uid981
-+uidnumber: 981
-+gidnumber: 981
-+homeDirectory: /home/uid981
-+
-+dn: cn=user982,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user982
-+sn: user982
-+uid: uid982
-+givenname: givenname982
-+description: description982
-+userPassword: password982
-+mail: uid982
-+uidnumber: 982
-+gidnumber: 982
-+homeDirectory: /home/uid982
-+
-+dn: cn=user983,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user983
-+sn: user983
-+uid: uid983
-+givenname: givenname983
-+description: description983
-+userPassword: password983
-+mail: uid983
-+uidnumber: 983
-+gidnumber: 983
-+homeDirectory: /home/uid983
-+
-+dn: cn=user984,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user984
-+sn: user984
-+uid: uid984
-+givenname: givenname984
-+description: description984
-+userPassword: password984
-+mail: uid984
-+uidnumber: 984
-+gidnumber: 984
-+homeDirectory: /home/uid984
-+
-+dn: cn=user985,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user985
-+sn: user985
-+uid: uid985
-+givenname: givenname985
-+description: description985
-+userPassword: password985
-+mail: uid985
-+uidnumber: 985
-+gidnumber: 985
-+homeDirectory: /home/uid985
-+
-+dn: cn=user986,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user986
-+sn: user986
-+uid: uid986
-+givenname: givenname986
-+description: description986
-+userPassword: password986
-+mail: uid986
-+uidnumber: 986
-+gidnumber: 986
-+homeDirectory: /home/uid986
-+
-+dn: cn=user987,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user987
-+sn: user987
-+uid: uid987
-+givenname: givenname987
-+description: description987
-+userPassword: password987
-+mail: uid987
-+uidnumber: 987
-+gidnumber: 987
-+homeDirectory: /home/uid987
-+
-+dn: cn=user988,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user988
-+sn: user988
-+uid: uid988
-+givenname: givenname988
-+description: description988
-+userPassword: password988
-+mail: uid988
-+uidnumber: 988
-+gidnumber: 988
-+homeDirectory: /home/uid988
-+
-+dn: cn=user989,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user989
-+sn: user989
-+uid: uid989
-+givenname: givenname989
-+description: description989
-+userPassword: password989
-+mail: uid989
-+uidnumber: 989
-+gidnumber: 989
-+homeDirectory: /home/uid989
-+
-+dn: cn=user990,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user990
-+sn: user990
-+uid: uid990
-+givenname: givenname990
-+description: description990
-+userPassword: password990
-+mail: uid990
-+uidnumber: 990
-+gidnumber: 990
-+homeDirectory: /home/uid990
-+
-+dn: cn=user991,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user991
-+sn: user991
-+uid: uid991
-+givenname: givenname991
-+description: description991
-+userPassword: password991
-+mail: uid991
-+uidnumber: 991
-+gidnumber: 991
-+homeDirectory: /home/uid991
-+
-+dn: cn=user992,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user992
-+sn: user992
-+uid: uid992
-+givenname: givenname992
-+description: description992
-+userPassword: password992
-+mail: uid992
-+uidnumber: 992
-+gidnumber: 992
-+homeDirectory: /home/uid992
-+
-+dn: cn=user993,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user993
-+sn: user993
-+uid: uid993
-+givenname: givenname993
-+description: description993
-+userPassword: password993
-+mail: uid993
-+uidnumber: 993
-+gidnumber: 993
-+homeDirectory: /home/uid993
-+
-+dn: cn=user994,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user994
-+sn: user994
-+uid: uid994
-+givenname: givenname994
-+description: description994
-+userPassword: password994
-+mail: uid994
-+uidnumber: 994
-+gidnumber: 994
-+homeDirectory: /home/uid994
-+
-+dn: cn=user995,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user995
-+sn: user995
-+uid: uid995
-+givenname: givenname995
-+description: description995
-+userPassword: password995
-+mail: uid995
-+uidnumber: 995
-+gidnumber: 995
-+homeDirectory: /home/uid995
-+
-+dn: cn=user996,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user996
-+sn: user996
-+uid: uid996
-+givenname: givenname996
-+description: description996
-+userPassword: password996
-+mail: uid996
-+uidnumber: 996
-+gidnumber: 996
-+homeDirectory: /home/uid996
-+
-+dn: cn=user997,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user997
-+sn: user997
-+uid: uid997
-+givenname: givenname997
-+description: description997
-+userPassword: password997
-+mail: uid997
-+uidnumber: 997
-+gidnumber: 997
-+homeDirectory: /home/uid997
-+
-+dn: cn=user998,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user998
-+sn: user998
-+uid: uid998
-+givenname: givenname998
-+description: description998
-+userPassword: password998
-+mail: uid998
-+uidnumber: 998
-+gidnumber: 998
-+homeDirectory: /home/uid998
-+
-+dn: cn=user999,ou=People,dc=example,dc=com
-+objectClass: top
-+objectClass: person
-+objectClass: organizationalPerson
-+objectClass: inetOrgPerson
-+objectClass: posixAccount
-+cn: user999
-+sn: user999
-+uid: uid999
-+givenname: givenname999
-+description: description999
-+userPassword: password999
-+mail: uid999
-+uidnumber: 999
-+gidnumber: 999
-+homeDirectory: /home/uid999
-+
-diff --git a/dirsrvtests/tickets/ticket48212_test.py b/dirsrvtests/tickets/ticket48212_test.py
-new file mode 100644
-index 0000000..c3c8c8f
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48212_test.py
-@@ -0,0 +1,210 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from ldap.controls import SimplePagedResultsControl
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+MYSUFFIX = 'dc=example,dc=com'
-+MYSUFFIXBE = 'userRoot'
-+_MYLDIF = 'example1k_posix.ldif'
-+UIDNUMBERDN = "cn=uidnumber,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to standalone topology for the 'module'.
-+ '''
-+ global installation_prefix
-+
-+ if installation_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ standalone = DirSrv(verbose=False)
-+
-+ # Args for the standalone instance
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_standalone = standalone.exists()
-+
-+ # Remove the instance
-+ if instance_standalone:
-+ standalone.delete()
-+
-+ # Create the instance
-+ standalone.create()
-+
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # clear the tmp directory
-+ standalone.clearTmpDir(__file__)
-+
-+ # Here we have standalone instance up and running
-+ return TopologyStandalone(standalone)
-+
-+def runDbVerify(topology):
-+ topology.standalone.log.info("\n\n +++++ dbverify +++++\n")
-+ dbverifyCMD = topology.standalone.sroot + "/slapd-" + topology.standalone.inst + "/dbverify -V"
-+ dbverifyOUT = os.popen(dbverifyCMD, "r")
-+ topology.standalone.log.info("Running %s" % dbverifyCMD)
-+ running = True
-+ error = False
-+ while running:
-+ l = dbverifyOUT.readline()
-+ if l == "":
-+ running = False
-+ elif "libdb:" in l:
-+ running = False
-+ error = True
-+ topology.standalone.log.info("%s" % l)
-+ elif "verify failed" in l:
-+ error = True
-+ running = False
-+ topology.standalone.log.info("%s" % l)
-+
-+ if error:
-+ topology.standalone.log.fatal("dbverify failed")
-+ assert False
-+ else:
-+ topology.standalone.log.info("dbverify passed")
-+
-+def reindexUidNumber(topology):
-+ topology.standalone.log.info("\n\n +++++ reindex uidnumber +++++\n")
-+ indexCMD = topology.standalone.sroot + "/slapd-" + topology.standalone.inst + "/db2index.pl -D \"" + DN_DM + "\" -w \"" + PASSWORD + "\" -n " + MYSUFFIXBE + " -t uidnumber"
-+
-+ indexOUT = os.popen(indexCMD, "r")
-+ topology.standalone.log.info("Running %s" % indexCMD)
-+
-+ time.sleep(10)
-+
-+ tailCMD = "tail -n 3 " + topology.standalone.errlog
-+ tailOUT = os.popen(tailCMD, "r")
-+ running = True
-+ done = False
-+ while running:
-+ l = tailOUT.readline()
-+ if l == "":
-+ running = False
-+ elif "Finished indexing" in l:
-+ running = False
-+ done = True
-+ topology.standalone.log.info("%s" % l)
-+
-+ if done:
-+ topology.standalone.log.info("%s done" % indexCMD)
-+ else:
-+ topology.standalone.log.fatal("%s did not finish" % indexCMD)
-+ assert False
-+
-+def test_ticket48212_run(topology):
-+ """
-+ Import posixAccount entries.
-+ Index uidNumber
-+ add nsMatchingRule: integerOrderingMatch
-+ run dbverify to see if it reports the db corruption or not
-+ delete nsMatchingRule: integerOrderingMatch
-+ run dbverify to see if it reports the db corruption or not
-+ if no corruption is reported, the bug fix was verified.
-+ """
-+ log.info('Testing Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the attrinfo thus following reindexing, as well.')
-+
-+ # bind as directory manager
-+ topology.standalone.log.info("Bind as %s" % DN_DM)
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+
-+
-+ data_dir_path = topology.standalone.getDir(__file__, DATA_DIR)
-+ ldif_file = data_dir_path + "ticket48212/" + _MYLDIF
-+ topology.standalone.log.info("\n\n######################### Import Test data (%s) ######################\n" % ldif_file)
-+ args = {TASK_WAIT: True}
-+ importTask = Tasks(topology.standalone)
-+ importTask.importLDIF(MYSUFFIX, MYSUFFIXBE, ldif_file, args)
-+ args = {TASK_WAIT: True}
-+
-+ runDbVerify(topology)
-+
-+ topology.standalone.log.info("\n\n######################### Add index by uidnumber ######################\n")
-+ try:
-+ topology.standalone.add_s(Entry((UIDNUMBERDN, {'objectclass': "top nsIndex".split(),
-+ 'cn': 'uidnumber',
-+ 'nsSystemIndex': 'false',
-+ 'nsIndexType': "pres eq".split()})))
-+ except ValueError:
-+ topology.standalone.log.fatal("add_s failed: %s", ValueError)
-+
-+ topology.standalone.log.info("\n\n######################### reindexing... ######################\n")
-+ reindexUidNumber(topology)
-+
-+ runDbVerify(topology)
-+
-+ topology.standalone.log.info("\n\n######################### Add nsMatchingRule ######################\n")
-+ try:
-+ topology.standalone.modify_s(UIDNUMBERDN, [(ldap.MOD_ADD, 'nsMatchingRule', 'integerOrderingMatch')])
-+ except ValueError:
-+ topology.standalone.log.fatal("modify_s failed: %s", ValueError)
-+
-+ topology.standalone.log.info("\n\n######################### reindexing... ######################\n")
-+ reindexUidNumber(topology)
-+
-+ runDbVerify(topology)
-+
-+ topology.standalone.log.info("\n\n######################### Delete nsMatchingRule ######################\n")
-+ try:
-+ topology.standalone.modify_s(UIDNUMBERDN, [(ldap.MOD_DELETE, 'nsMatchingRule', 'integerOrderingMatch')])
-+ except ValueError:
-+ topology.standalone.log.fatal("modify_s failed: %s", ValueError)
-+
-+ reindexUidNumber(topology)
-+
-+ runDbVerify(topology)
-+
-+ topology.standalone.log.info("ticket48212 was successfully verified.")
-+
-+
-+def test_ticket48212_final(topology):
-+ topology.standalone.delete()
-+ log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ topo = topology(True)
-+ test_ticket48212_run(topo)
-+
-+ test_ticket48212_final(topo)
-+
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
---
-1.9.3
-
diff --git a/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch b/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch
new file mode 100644
index 0000000..7ba20c3
--- /dev/null
+++ b/SOURCES/0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch
@@ -0,0 +1,462 @@
+From 80e8d8fc8eb44d45af5285308cda37553611f688 Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Sat, 9 Jul 2016 19:02:37 +1000
+Subject: [PATCH 04/15] Ticket 48916 - DNA Threshold set to 0 causes SIGFPE
+
+Bug Description: If the DNA threshold was set to 0, a divide by zero would
+occur when requesting ranges.
+
+Fix Description: Prevent the config from setting a value of 0 for dna threshold.
+
+If an existing site has a threshold of 0, we guard the divide operation, and
+return an operations error instead.
+
+https://fedorahosted.org/389/ticket/48916
+
+Author: wibrown
+
+Review by: nhosoi, mreynolds (Thank you!)
+
+(cherry picked from commit 05ebb6d10cf0ec8e03c59bade7f819ddb1fdcf78)
+---
+ .gitignore | 1 +
+ dirsrvtests/tests/tickets/ticket48916_test.py | 253 ++++++++++++++++++++++++++
+ ldap/servers/plugins/dna/dna.c | 40 +++-
+ 3 files changed, 289 insertions(+), 5 deletions(-)
+ create mode 100644 dirsrvtests/tests/tickets/ticket48916_test.py
+
+diff --git a/.gitignore b/.gitignore
+index f6583c2..f92bcd8 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -5,6 +5,7 @@ autom4te.cache
+ .cproject
+ .project
+ .settings
++.cache
+ *.a
+ *.dirstamp
+ *.la
+diff --git a/dirsrvtests/tests/tickets/ticket48916_test.py b/dirsrvtests/tests/tickets/ticket48916_test.py
+new file mode 100644
+index 0000000..44c96da
+--- /dev/null
++++ b/dirsrvtests/tests/tickets/ticket48916_test.py
+@@ -0,0 +1,253 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++DEBUGGING = False
++
++if DEBUGGING:
++ logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++ logging.getLogger(__name__).setLevel(logging.INFO)
++
++
++log = logging.getLogger(__name__)
++
++
++class TopologyReplication(object):
++ """The Replication Topology Class"""
++ def __init__(self, master1, master2):
++ """Init"""
++ master1.open()
++ self.master1 = master1
++ master2.open()
++ self.master2 = master2
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ """Create Replication Deployment"""
++
++ # Creating master 1...
++ if DEBUGGING:
++ master1 = DirSrv(verbose=True)
++ else:
++ master1 = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_MASTER_1
++ args_instance[SER_PORT] = PORT_MASTER_1
++ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_master = args_instance.copy()
++ master1.allocate(args_master)
++ instance_master1 = master1.exists()
++ if instance_master1:
++ master1.delete()
++ master1.create()
++ master1.open()
++ master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1)
++
++ # Creating master 2...
++ if DEBUGGING:
++ master2 = DirSrv(verbose=True)
++ else:
++ master2 = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_MASTER_2
++ args_instance[SER_PORT] = PORT_MASTER_2
++ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_master = args_instance.copy()
++ master2.allocate(args_master)
++ instance_master2 = master2.exists()
++ if instance_master2:
++ master2.delete()
++ master2.create()
++ master2.open()
++ master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2)
++
++ #
++ # Create all the agreements
++ #
++ # Creating agreement from master 1 to master 2
++ properties = {RA_NAME: 'meTo_' + master2.host + ':' + str(master2.port),
++ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
++ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
++ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
++ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
++ m1_m2_agmt = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties)
++ if not m1_m2_agmt:
++ log.fatal("Fail to create a master -> master replica agreement")
++ sys.exit(1)
++ log.debug("%s created" % m1_m2_agmt)
++
++ # Creating agreement from master 2 to master 1
++ properties = {RA_NAME: 'meTo_' + master1.host + ':' + str(master1.port),
++ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
++ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
++ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
++ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
++ m2_m1_agmt = master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties)
++ if not m2_m1_agmt:
++ log.fatal("Fail to create a master -> master replica agreement")
++ sys.exit(1)
++ log.debug("%s created" % m2_m1_agmt)
++
++ # Allow the replicas to get situated with the new agreements...
++ time.sleep(5)
++
++ #
++ # Initialize all the agreements
++ #
++ master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2)
++ master1.waitForReplInit(m1_m2_agmt)
++
++ # Check replication is working...
++ if master1.testReplication(DEFAULT_SUFFIX, master2):
++ log.info('Replication is working.')
++ else:
++ log.fatal('Replication is not working.')
++ assert False
++
++ def fin():
++ """If we are debugging just stop the instances, otherwise remove
++ them
++ """
++ if DEBUGGING:
++ master1.stop()
++ master2.stop()
++ else:
++ master1.delete()
++ master2.delete()
++
++ request.addfinalizer(fin)
++
++ # Clear out the tmp dir
++ master1.clearTmpDir(__file__)
++
++ return TopologyReplication(master1, master2)
++
++
++def _create_user(inst, idnum):
++ inst.add_s(Entry(
++ ('uid=user%s,ou=People,%s' % (idnum, DEFAULT_SUFFIX), {
++ 'objectClass' : 'top account posixAccount'.split(' '),
++ 'cn' : 'user',
++ 'uid' : 'user%s' % idnum,
++ 'homeDirectory' : '/home/user%s' % idnum,
++ 'loginShell' : '/bin/nologin',
++ 'gidNumber' : '-1',
++ 'uidNumber' : '-1',
++ })
++ ))
++
++def test_ticket48916(topology):
++ """
++ https://bugzilla.redhat.com/show_bug.cgi?id=1353629
++
++ This is an issue with ID exhaustion in DNA causing a crash.
++
++ To access each DirSrv instance use: topology.master1, topology.master2,
++ ..., topology.hub1, ..., topology.consumer1,...
++
++
++ """
++
++ if DEBUGGING:
++ # Add debugging steps(if any)...
++ pass
++
++ # Enable the plugin on both servers
++
++ dna_m1 = topology.master1.plugins.get('Distributed Numeric Assignment Plugin')
++ dna_m2 = topology.master2.plugins.get('Distributed Numeric Assignment Plugin')
++
++ # Configure it
++ # Create the container for the ranges to go into.
++
++ topology.master1.add_s(Entry(
++ ('ou=Ranges,%s' % DEFAULT_SUFFIX, {
++ 'objectClass' : 'top organizationalUnit'.split(' '),
++ 'ou' : 'Ranges',
++ })
++ ))
++
++ # Create the dnaAdmin?
++
++ # For now we just pinch the dn from the dna_m* types, and add the relevant child config
++ # but in the future, this could be a better plugin template type from lib389
++
++ config_dn = dna_m1.dn
++
++ topology.master1.add_s(Entry(
++ ('cn=uids,%s' % config_dn, {
++ 'objectClass' : 'top dnaPluginConfig'.split(' '),
++ 'cn': 'uids',
++ 'dnatype': 'uidNumber gidNumber'.split(' '),
++ 'dnafilter': '(objectclass=posixAccount)',
++ 'dnascope': '%s' % DEFAULT_SUFFIX,
++ 'dnaNextValue': '1',
++ 'dnaMaxValue': '50',
++ 'dnasharedcfgdn': 'ou=Ranges,%s' % DEFAULT_SUFFIX,
++ 'dnaThreshold': '0',
++ 'dnaRangeRequestTimeout': '60',
++ 'dnaMagicRegen': '-1',
++ 'dnaRemoteBindDN': 'uid=dnaAdmin,ou=People,%s' % DEFAULT_SUFFIX,
++ 'dnaRemoteBindCred': 'secret123',
++ 'dnaNextRange': '80-90'
++ })
++ ))
++
++ topology.master2.add_s(Entry(
++ ('cn=uids,%s' % config_dn, {
++ 'objectClass' : 'top dnaPluginConfig'.split(' '),
++ 'cn': 'uids',
++ 'dnatype': 'uidNumber gidNumber'.split(' '),
++ 'dnafilter': '(objectclass=posixAccount)',
++ 'dnascope': '%s' % DEFAULT_SUFFIX,
++ 'dnaNextValue': '61',
++ 'dnaMaxValue': '70',
++ 'dnasharedcfgdn': 'ou=Ranges,%s' % DEFAULT_SUFFIX,
++ 'dnaThreshold': '2',
++ 'dnaRangeRequestTimeout': '60',
++ 'dnaMagicRegen': '-1',
++ 'dnaRemoteBindDN': 'uid=dnaAdmin,ou=People,%s' % DEFAULT_SUFFIX,
++ 'dnaRemoteBindCred': 'secret123',
++ })
++ ))
++
++
++ # Enable the plugins
++ dna_m1.enable()
++ dna_m2.enable()
++
++ # Restart the instances
++ topology.master1.restart(60)
++ topology.master2.restart(60)
++
++ # Wait for a replication .....
++ time.sleep(40)
++
++ # Allocate the 10 members to exhaust
++
++ for i in range(1,11):
++ _create_user(topology.master2, i)
++
++ # Allocate the 11th
++ _create_user(topology.master2, 11)
++
++ log.info('Test PASSED')
++
++
++if __name__ == '__main__':
++ # Run isolated
++ # -s for DEBUG mode
++ CURRENT_FILE = os.path.realpath(__file__)
++ pytest.main("-s %s" % CURRENT_FILE)
++
+diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
+index 2908443..cf640d8 100644
+--- a/ldap/servers/plugins/dna/dna.c
++++ b/ldap/servers/plugins/dna/dna.c
+@@ -1244,6 +1244,12 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry * e, int apply)
+ slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM,
+ "----------> %s [%s]\n", DNA_THRESHOLD, value);
+
++ if (entry->threshold <= 0) {
++ entry->threshold = 1;
++ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
++ "----------> %s too low, setting to [%s]\n", DNA_THRESHOLD, value);
++ }
++
+ slapi_ch_free_string(&value);
+ } else {
+ entry->threshold = 1;
+@@ -2171,7 +2177,7 @@ static int dna_dn_is_config(char *dn)
+ int ret = 0;
+
+ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+- "--> dna_is_config\n");
++ "--> dna_is_config %s\n", dn);
+
+ if (slapi_dn_issuffix(dn, getPluginDN())) {
+ ret = 1;
+@@ -3404,18 +3410,21 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
+
+ /* Did we already service all of these configured types? */
+ if (dna_list_contains_types(generated_types, config_entry->types)) {
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " no types to act upon.\n");
+ goto next;
+ }
+
+ /* is the entry in scope? */
+ if (config_entry->scope &&
+ !slapi_dn_issuffix(dn, config_entry->scope)) {
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " dn not in scope\n");
+ goto next;
+ }
+
+ /* is this entry in an excluded scope? */
+ for (i = 0; config_entry->excludescope && config_entry->excludescope[i]; i++) {
+ if (slapi_dn_issuffix(dn, slapi_sdn_get_dn(config_entry->excludescope[i]))) {
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " dn in excluded scope\n");
+ goto next;
+ }
+ }
+@@ -3424,7 +3433,8 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
+ if (config_entry->slapi_filter) {
+ ret = slapi_vattr_filter_test(pb, e, config_entry->slapi_filter, 0);
+ if (LDAP_SUCCESS != ret) {
+- goto next;
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " dn does not match filter\n");
++ goto next;
+ }
+ }
+
+@@ -3454,6 +3464,8 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
+ }
+
+ if (types_to_generate && types_to_generate[0]) {
++
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " adding %s to %s as -2\n", types_to_generate[0], dn);
+ /* add - add to entry */
+ for (i = 0; types_to_generate && types_to_generate[i]; i++) {
+ slapi_entry_attr_set_charptr(e, types_to_generate[i],
+@@ -3492,6 +3504,7 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
+ slapi_lock_mutex(config_entry->lock);
+
+ ret = dna_first_free_value(config_entry, &setval);
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " retrieved value %" PRIu64 " ret %d\n", setval, ret);
+ if (LDAP_SUCCESS != ret) {
+ /* check if we overflowed the configured range */
+ if (setval > config_entry->maxval) {
+@@ -4022,18 +4035,22 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
+ "--> dna_be_txn_pre_op\n");
+
+ if (!slapi_plugin_running(pb)) {
++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing, plugin not running\n");
+ goto bail;
+ }
+
+ if (0 == (dn = dna_get_dn(pb))) {
++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing, is dna dn\n");
+ goto bail;
+ }
+
+ if (dna_dn_is_config(dn)) {
++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing is dna config dn\n");
+ goto bail;
+ }
+
+ if (dna_isrepl(pb)) {
++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing replicated operation\n");
+ /* if repl, the dna values should be already in the entry. */
+ goto bail;
+ }
+@@ -4045,6 +4062,7 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
+ }
+
+ if (e == NULL) {
++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " --x bailing entry is NULL\n");
+ goto bail;
+ } else if (LDAP_CHANGETYPE_MODIFY == modtype) {
+ slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
+@@ -4056,32 +4074,39 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
+
+ if (!PR_CLIST_IS_EMPTY(dna_global_config)) {
+ list = PR_LIST_HEAD(dna_global_config);
++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " using global config...\n");
+
+ while (list != dna_global_config && LDAP_SUCCESS == ret) {
+ config_entry = (struct configEntry *) list;
+
+ /* Did we already service all of these configured types? */
+ if (dna_list_contains_types(generated_types, config_entry->types)) {
++ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, " All types already serviced\n");
+ goto next;
+ }
+
+ /* is the entry in scope? */
+ if (config_entry->scope) {
+- if (!slapi_dn_issuffix(dn, config_entry->scope))
++ if (!slapi_dn_issuffix(dn, config_entry->scope)) {
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " Entry not in scope of dnaScope!\n");
+ goto next;
++ }
+ }
+
+ /* is this entry in an excluded scope? */
+ for (i = 0; config_entry->excludescope && config_entry->excludescope[i]; i++) {
+ if (slapi_dn_issuffix(dn, slapi_sdn_get_dn(config_entry->excludescope[i]))) {
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " Entry in excluded scope, next\n");
+ goto next;
+ }
+ }
+-
++
+ /* does the entry match the filter? */
+ if (config_entry->slapi_filter) {
+- if(LDAP_SUCCESS != slapi_vattr_filter_test(pb,e,config_entry->slapi_filter, 0))
++ if(LDAP_SUCCESS != slapi_vattr_filter_test(pb,e,config_entry->slapi_filter, 0)) {
++ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM, " Entry does not match filter\n");
+ goto next;
++ }
+ }
+
+ if (LDAP_CHANGETYPE_ADD == modtype) {
+@@ -4526,6 +4551,11 @@ dna_release_range(char *range_dn, PRUint64 *lower, PRUint64 *upper)
+ * it instead of from the active range */
+ if (config_entry->next_range_lower != 0) {
+ /* Release up to half of our values from the next range. */
++ if (config_entry->threshold == 0) {
++ ret = LDAP_UNWILLING_TO_PERFORM;
++ goto bail;
++ }
++
+ release = (((config_entry->next_range_upper - config_entry->next_range_lower + 1) /
+ 2) / config_entry->threshold) * config_entry->threshold;
+
+--
+2.4.11
+
diff --git a/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch b/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch
new file mode 100644
index 0000000..3999d39
--- /dev/null
+++ b/SOURCES/0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch
@@ -0,0 +1,50 @@
+From 1de87b6fa85221c874bc4449d81655302540ec22 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 11 Jul 2016 19:09:24 -0700
+Subject: [PATCH 05/15] Ticket #48144 - Add /usr/sbin/status-dirsrv script to
+ get the status of the directory server instance.
+
+Description:
+Analysis by vashirov@redhat.com:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1209128#c11
+ The error comes from bash built-in `return`. bash version prior to
+ 4.3 didn't support negative numbers as argument for `return`.
+ See for reference: http://wiki.bash-hackers.org/scripting/bashchanges
+
+As suggested in the comment, instead of -1, 255 should be returned in
+this error case:
+ > 255 is returned if the instance does not exist.
+
+https://fedorahosted.org/389/ticket/48144
+
+Viktor's proposal is reviewed by nhosoi@redhat.com.
+
+(cherry picked from commit a8b07cd2671c82421830ae94584b370436ef3434)
+---
+ ldap/admin/src/scripts/status-dirsrv.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/status-dirsrv.in b/ldap/admin/src/scripts/status-dirsrv.in
+index 0f01eaa..9042899 100755
+--- a/ldap/admin/src/scripts/status-dirsrv.in
++++ b/ldap/admin/src/scripts/status-dirsrv.in
+@@ -11,14 +11,14 @@ status_instance() {
+ SERV_ID=$1
+ shift
+
+- initfile=`get_init_file $initconfig_dir $SERV_ID` || { echo Instance $SERV_ID not found. ; return -1 ; }
++ initfile=`get_init_file $initconfig_dir $SERV_ID` || { echo Instance $SERV_ID not found. ; return 255 ; }
+
+ # source env. for this instance
+ if [ -f $initfile ] ; then
+ . $initfile
+ else
+ echo Instance $SERV_ID not found.
+- return -1
++ return 255
+ fi
+
+ prefix="$DS_ROOT"
+--
+2.4.11
+
diff --git a/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch b/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
deleted file mode 100644
index b40bdc3..0000000
--- a/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From e37431f50e8d4bfc7015d9a00b58a9b9e77f1c79 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 2 Jul 2015 16:44:09 -0700
-Subject: [PATCH 5/7] Ticket #48214 - ldapsearch on nsslapd-maxbersize returns
- 0 instead of current value
-
-Description: If nsslapd-maxbersize is not explicitely set in cn=config
-or the value is 0, the default value is assigned. Internally, it was.
-But ldapsearch did not return the default value.
-
-https://fedorahosted.org/389/ticket/48214
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!)
-
-(cherry picked from commit 7d0689aaadfa66a8f8a481b0c1bb70b2465c4986)
-(cherry picked from commit b83c2554fad0bb2a08055c5105bcfa4c9d44af8f)
----
- ldap/servers/slapd/libglobs.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
-index 24de4f3..a3c4243 100644
---- a/ldap/servers/slapd/libglobs.c
-+++ b/ldap/servers/slapd/libglobs.c
-@@ -821,7 +821,7 @@ static struct config_get_and_set {
- {CONFIG_MAXBERSIZE_ATTRIBUTE, config_set_maxbersize,
- NULL, 0,
- (void**)&global_slapdFrontendConfig.maxbersize,
-- CONFIG_INT, NULL, DEFAULT_MAX_BERSIZE},
-+ CONFIG_INT, NULL, STRINGIFYDEFINE(DEFAULT_MAXBERSIZE)},
- {CONFIG_MAXSASLIOSIZE_ATTRIBUTE, config_set_maxsasliosize,
- NULL, 0,
- (void**)&global_slapdFrontendConfig.maxsasliosize,
-@@ -1540,6 +1540,7 @@ FrontendConfig_init () {
- init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = LDAP_OFF;
- init_global_backend_local = LDAP_OFF;
- cfg->maxsimplepaged_per_conn = DEFAULT_MAXSIMPLEPAGED_PER_CONN;
-+ cfg->maxbersize = DEFAULT_MAXBERSIZE;
- #ifdef ENABLE_NUNC_STANS
- init_enable_nunc_stans = cfg->enable_nunc_stans = LDAP_OFF;
- #endif
-@@ -5713,6 +5714,9 @@ config_set_maxbersize( const char *attrname, char *value, char *errorbuf, int ap
- return retVal;
- }
-
-+ if (size == 0) {
-+ size = DEFAULT_MAXBERSIZE;
-+ }
- CFG_LOCK_WRITE(slapdFrontendConfig);
-
- slapdFrontendConfig->maxbersize = size;
-@@ -5728,8 +5732,9 @@ config_get_maxbersize()
- slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
-
- maxbersize = slapdFrontendConfig->maxbersize;
-- if(maxbersize==0)
-+ if (maxbersize == 0) {
- maxbersize = DEFAULT_MAXBERSIZE;
-+ }
-
- return maxbersize;
- }
---
-1.9.3
-
diff --git a/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
deleted file mode 100644
index a90e65d..0000000
--- a/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From b36cdf27f313bba70f03b687ceef5bb5b3edd78b Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 2 Jul 2015 16:07:14 -0700
-Subject: [PATCH 6/7] Ticket #48214 - CI test: added test cases for ticket
- 48213
-
-Description: ldapsearch on nsslapd-maxbersize returns 0 instead of
- current value
-
-https://fedorahosted.org/389/ticket/48214
-(cherry picked from commit b7b663c0e20c2f9bf8885bd7633570dc8d34f394)
-(cherry picked from commit 7c73adc28c8877eb3b0d30a91f7fa8a964fb3fd2)
----
- dirsrvtests/tickets/ticket48214_test.py | 171 ++++++++++++++++++++++++++++++++
- 1 file changed, 171 insertions(+)
- create mode 100644 dirsrvtests/tickets/ticket48214_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48214_test.py b/dirsrvtests/tickets/ticket48214_test.py
-new file mode 100644
-index 0000000..afbef22
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48214_test.py
-@@ -0,0 +1,171 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from ldap.controls import SimplePagedResultsControl
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+MYSUFFIX = 'dc=example,dc=com'
-+MYSUFFIXBE = 'userRoot'
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to standalone topology for the 'module'.
-+ '''
-+ global installation_prefix
-+
-+ if installation_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ standalone = DirSrv(verbose=False)
-+
-+ # Args for the standalone instance
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_standalone = standalone.exists()
-+
-+ # Remove the instance
-+ if instance_standalone:
-+ standalone.delete()
-+
-+ # Create the instance
-+ standalone.create()
-+
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # clear the tmp directory
-+ standalone.clearTmpDir(__file__)
-+
-+ # Here we have standalone instance up and running
-+ return TopologyStandalone(standalone)
-+
-+def getMaxBerSizeFromDseLdif(topology):
-+ topology.standalone.log.info(" +++++ Get maxbersize from dse.ldif +++++\n")
-+ dse_ldif = topology.standalone.confdir + '/dse.ldif'
-+ grepMaxBerCMD = "egrep nsslapd-maxbersize " + dse_ldif
-+ topology.standalone.log.info(" Run CMD: %s\n" % grepMaxBerCMD)
-+ grepMaxBerOUT = os.popen(grepMaxBerCMD, "r")
-+ running = True
-+ maxbersize = -1
-+ while running:
-+ l = grepMaxBerOUT.readline()
-+ if l == "":
-+ topology.standalone.log.info(" Empty: %s\n" % l)
-+ running = False
-+ elif "nsslapd-maxbersize:" in l.lower():
-+ running = False
-+ fields = l.split()
-+ if len(fields) >= 2:
-+ maxbersize = fields[1]
-+ topology.standalone.log.info(" Right format - %s %s\n" % (fields[0], fields[1]))
-+ else:
-+ topology.standalone.log.info(" Wrong format - %s\n" % l)
-+ else:
-+ topology.standalone.log.info(" Else?: %s\n" % l)
-+ return maxbersize
-+
-+def checkMaxBerSize(topology):
-+ topology.standalone.log.info(" +++++ Check Max Ber Size +++++\n")
-+ maxbersizestr = getMaxBerSizeFromDseLdif(topology)
-+ maxbersize = int(maxbersizestr)
-+ isdefault = True
-+ defaultvalue = 2097152
-+ if maxbersize < 0:
-+ topology.standalone.log.info(" No nsslapd-maxbersize found in dse.ldif\n")
-+ elif maxbersize == 0:
-+ topology.standalone.log.info(" nsslapd-maxbersize: %d\n" % maxbersize)
-+ else:
-+ isdefault = False
-+ topology.standalone.log.info(" nsslapd-maxbersize: %d\n" % maxbersize)
-+
-+ try:
-+ entry = topology.standalone.search_s('cn=config', ldap.SCOPE_BASE,
-+ "(cn=*)",
-+ ['nsslapd-maxbersize'])
-+ if entry:
-+ searchedsize = entry[0].getValue('nsslapd-maxbersize')
-+ topology.standalone.log.info(" ldapsearch returned nsslapd-maxbersize: %s\n" % searchedsize)
-+ else:
-+ topology.standalone.log.fatal('ERROR: cn=config is not found?')
-+ assert False
-+ except ldap.LDAPError, e:
-+ topology.standalone.log.error('ERROR: Failed to search for user entry: ' + e.message['desc'])
-+ assert False
-+
-+ if isdefault:
-+ topology.standalone.log.info(" Checking %d vs %d\n" % (int(searchedsize), defaultvalue))
-+ assert int(searchedsize) == defaultvalue
-+
-+
-+def test_ticket48214_run(topology):
-+ """
-+ Check ldapsearch returns the correct maxbersize when it is not explicitly set.
-+ """
-+ log.info('Testing Ticket 48214 - ldapsearch on nsslapd-maxbersize returns 0 instead of current value')
-+
-+ # bind as directory manager
-+ topology.standalone.log.info("Bind as %s" % DN_DM)
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+
-+ topology.standalone.log.info("\n\n######################### Out of Box ######################\n")
-+ checkMaxBerSize(topology)
-+
-+ topology.standalone.log.info("\n\n######################### Add nsslapd-maxbersize: 0 ######################\n")
-+ topology.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-maxbersize', '0')])
-+ checkMaxBerSize(topology)
-+
-+ topology.standalone.log.info("\n\n######################### Add nsslapd-maxbersize: 10000 ######################\n")
-+ topology.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-maxbersize', '10000')])
-+ checkMaxBerSize(topology)
-+
-+ topology.standalone.log.info("ticket48214 was successfully verified.")
-+
-+
-+def test_ticket48214_final(topology):
-+ topology.standalone.delete()
-+ log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ topo = topology(True)
-+ test_ticket48214_run(topo)
-+
-+ test_ticket48214_final(topo)
-+
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
---
-1.9.3
-
diff --git a/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch b/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch
new file mode 100644
index 0000000..bb6aa23
--- /dev/null
+++ b/SOURCES/0006-Ticket-48767-flow-control-in-replication-also-blocks.patch
@@ -0,0 +1,44 @@
+From 05b04751367b628819d6f0a5a533d1af4eb423ba Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 11 Jul 2016 10:30:04 -0400
+Subject: [PATCH 06/15] Ticket 48767 - flow control in replication also blocks
+ receiving results
+
+Bug Description: In ticket 47942 a flow control was introduced to reduce
+ the load of a replication consumer. It adds some pauses
+ in the asynch sending of updates. Unfortunately while it
+ pauses it holds the reader lock, so that the result reader
+ thread is also paused.
+
+Fix Description: If we need to pause the sending of updates then also release
+ the Result Data lock so the reader thread is not blocked.
+
+https://fedorahosted.org/389/ticket/48767
+
+Reviewed by: nhosi(Thanks!)
+
+(cherry picked from commit ba636587e77423c7773df60894344dea0377c36f)
+---
+ ldap/servers/plugins/replication/repl5_inc_protocol.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+index d6fb898..27bac5d 100644
+--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+@@ -479,9 +479,11 @@ repl5_inc_flow_control_results(Repl_Agmt *agmt, result_data *rd)
+ if ((rd->last_message_id_received <= rd->last_message_id_sent) &&
+ ((rd->last_message_id_sent - rd->last_message_id_received) >= agmt_get_flowcontrolwindow(agmt))) {
+ rd->flowcontrol_detection++;
++ PR_Unlock(rd->lock);
+ DS_Sleep(PR_MillisecondsToInterval(agmt_get_flowcontrolpause(agmt)));
++ } else {
++ PR_Unlock(rd->lock);
+ }
+- PR_Unlock(rd->lock);
+ }
+
+ static int
+--
+2.4.11
+
diff --git a/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
deleted file mode 100644
index 22f39e0..0000000
--- a/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-From 7b17c488de280f29264920b4e53dce862ed5b7e4 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 6 Jul 2015 14:06:11 -0700
-Subject: [PATCH 7/7] Ticket #48192 - Individual abandoned simple paged results
- request has no chance to be cleaned up
-
-Description: There was a small window that the search on the next page
-after the previous page abandoned referred the cleaned up simple paged
-object.
-
-This patch introduces a pagedresults_is_abandoned helper function to
-check the simple paged results was abandoned or not with some improvements
-based upon the comments by rmeggins@redhat.com (Thank you!!):
-1) adding locking when getting a simplepaged object in pagedresults_is_
- abandoned_or_notavailable as well as in pagedresults_{un}lock.
-2) sending "Simple Paged Results Search abandoned" if the previous page
- with the same cookie in the same connection was abandoned.
-
-https://fedorahosted.org/389/ticket/48192
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit e4d83c91fc88fcf9e6c823c608c629ac10e362f8)
-(cherry picked from commit b513a502250f93cfb43df000c2140b27c4ef0d39)
----
- ldap/servers/slapd/opshared.c | 22 ++++++++++++++++------
- ldap/servers/slapd/pagedresults.c | 24 +++++++++++++++++++++++-
- ldap/servers/slapd/proto-slap.h | 1 +
- 3 files changed, 40 insertions(+), 7 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 177daa6..dcdbb04 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -677,12 +677,20 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- */
- pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
- if (pr_search_result) {
-- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-- rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
-+ if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+ pagedresults_unlock(pb->pb_conn, pr_idx);
-+ /* Previous operation was abandoned and the simplepaged object is not in use. */
-+ send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
-+ rc = LDAP_SUCCESS;
-+ goto free_and_return;
-+ } else {
-+ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-+ rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
-
-- /* search result could be reset in the backend/dse */
-- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
-- pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
-+ /* search result could be reset in the backend/dse */
-+ slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
-+ pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
-+ }
- } else {
- pr_stat = PAGEDRESULTS_SEARCH_END;
- }
-@@ -712,7 +720,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- if (PAGEDRESULTS_SEARCH_END == pr_stat) {
- pagedresults_lock(pb->pb_conn, pr_idx);
- slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
-- pagedresults_free_one(pb->pb_conn, operation, pr_idx);
-+ if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+ pagedresults_free_one(pb->pb_conn, operation, pr_idx);
-+ }
- pagedresults_unlock(pb->pb_conn, pr_idx);
- if (next_be) {
- /* no more entries, but at least another backend */
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index fdbfa41..d0c93cd 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -877,6 +877,8 @@ pagedresults_reset_processing(Connection *conn, int index)
- * If there are multiple slots, the connection may be a permanent one.
- * Do not return timed out here. But let the next request take care the
- * timedout slot(s).
-+ *
-+ * must be called within conn->c_mutex
- */
- int
- pagedresults_is_timedout_nolock(Connection *conn)
-@@ -905,7 +907,10 @@ pagedresults_is_timedout_nolock(Connection *conn)
- return 0;
- }
-
--/* reset all timeout */
-+/*
-+ * reset all timeout
-+ * must be called within conn->c_mutex
-+ */
- int
- pagedresults_reset_timedout_nolock(Connection *conn)
- {
-@@ -968,7 +973,9 @@ pagedresults_lock( Connection *conn, int index )
- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
- return;
- }
-+ PR_Lock(conn->c_mutex);
- prp = conn->c_pagedresults.prl_list + index;
-+ PR_Unlock(conn->c_mutex);
- if (prp->pr_mutex) {
- PR_Lock(prp->pr_mutex);
- }
-@@ -982,9 +989,24 @@ pagedresults_unlock( Connection *conn, int index )
- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
- return;
- }
-+ PR_Lock(conn->c_mutex);
- prp = conn->c_pagedresults.prl_list + index;
-+ PR_Unlock(conn->c_mutex);
- if (prp->pr_mutex) {
- PR_Unlock(prp->pr_mutex);
- }
- return;
- }
-+
-+int
-+pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
-+{
-+ PagedResults *prp;
-+ if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
-+ return 1; /* not abandoned, but do not want to proceed paged results op. */
-+ }
-+ PR_Lock(conn->c_mutex);
-+ prp = conn->c_pagedresults.prl_list + index;
-+ PR_Unlock(conn->c_mutex);
-+ return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
-+}
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index 57a2ce7..e8673e1 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1487,6 +1487,7 @@ int pagedresults_cleanup_all(Connection *conn, int needlock);
- void op_set_pagedresults(Operation *op);
- void pagedresults_lock(Connection *conn, int index);
- void pagedresults_unlock(Connection *conn, int index);
-+int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
-
- /*
- * sort.c
---
-1.9.3
-
diff --git a/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch b/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch
new file mode 100644
index 0000000..97f9316
--- /dev/null
+++ b/SOURCES/0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch
@@ -0,0 +1,43 @@
+From 74df3c57e0de786f001285429501c518d70abb13 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Wed, 13 Jul 2016 16:24:19 -0400
+Subject: [PATCH 07/15] Ticket 48922 - Fix crash when deleting backend while
+ import is running
+
+Bug Description: If you delete a backend from the config while an
+ import is running the server can crash.
+
+Fix Description: When deleting a backend from the config wait for the
+ backend instance to not be busy before removing the
+ indexes. Otherwise the dbenv is not stable and this
+ can cause the crash.
+
+https://fedorahosted.org/389/ticket/48922
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 6c77c37ae5ce847ffa2bd75287dbd157c2f2d6af)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+index 3e59e72..c5ceacf 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+@@ -151,6 +151,12 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
+ rc = SLAPI_DSE_CALLBACK_ERROR;
+ goto bail;
+ }
++
++ while(is_instance_busy(inst)){
++ /* Wait for import/indexing job to complete */
++ DS_Sleep(PR_SecondsToInterval(1));
++ }
++
+ *returncode = LDAP_SUCCESS;
+
+ slapi_entry_attr_find(e, "cn", &attr);
+--
+2.4.11
+
diff --git a/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch b/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
deleted file mode 100644
index f0463b8..0000000
--- a/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 7f10ea89c30944fc60a95d53e544caa005c03e0e Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 6 Jul 2015 15:55:43 -0400
-Subject: [PATCH] Ticket 48119 - setup-ds.pl does not log invalid --file path
- errors the same way as other errors.
-
-Bug Description: Errors occuring from Inf.pm are only written to STDERR
-
-Fix Description: Write errors from Inf.pm using the debug function
-
-https://fedorahosted.org/389/ticket/48119
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 6306fc4e8eb2fb5973360f550c83e3c9b220df5c)
-(cherry picked from commit 5bd7119d8529e1c0b763c45e3ec7d1fb497da6c8)
----
- ldap/admin/src/scripts/Inf.pm | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm
-index 98649ac..ec433e2 100644
---- a/ldap/admin/src/scripts/Inf.pm
-+++ b/ldap/admin/src/scripts/Inf.pm
-@@ -12,6 +12,7 @@
-
- package Inf;
-
-+use DSUtil;
- use File::Temp qw(tempfile tempdir);
-
- #require Exporter;
-@@ -59,7 +60,7 @@ sub read {
- $inffh = \*STDIN;
- } else {
- if (!open(INF, $filename)) {
-- print STDERR "Error: could not open inf file $filename: $!\n";
-+ debug(0, "Error: could not open inf file $filename: $!\n");
- return;
- }
- $inffh = \*INF;
-@@ -124,7 +125,7 @@ sub section {
- my $key = shift;
-
- if (!exists($self->{$key})) {
-- print "Error: unknown inf section $key\n";
-+ debug(0, "Error: unknown inf section $key\n");
- return undef;
- }
-
-@@ -187,7 +188,7 @@ sub write {
- my $savemask = umask(0077);
- if (!$fh) {
- if (!open(INF, ">$filename")) {
-- print STDERR "Error: could not write inf file $filename: $!\n";
-+ debug(0, "Error: could not write inf file $filename: $!\n");
- umask($savemask);
- return;
- }
-@@ -232,7 +233,7 @@ sub updateFromArgs {
- $argsinf->{$sec}->{$parm} = $val;
- }
- } else { # error
-- print STDERR "Error: unknown command line option $arg\n";
-+ debug(0, "Error: unknown command line option $arg\n");
- return;
- }
- }
---
-1.9.3
-
diff --git a/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch b/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
new file mode 100644
index 0000000..0ee4947
--- /dev/null
+++ b/SOURCES/0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
@@ -0,0 +1,63 @@
+From 4c154182cd680f458b016abf60760328d0979b63 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Wed, 13 Jul 2016 15:51:56 -0400
+Subject: [PATCH 08/15] Ticket 48924 - Fixup tombstone task needs to set proper
+ flag when updating tombstones
+
+Bug Description: The fixup tombstone task is not updating tombstones due to
+ TOMBSTONE_INCLUDE not being set when looking up the entry to
+ modify.
+
+Fix Description: If fixing up tombstones called find_entry2modify_only_ext with
+ the TOMBSTONE_INCLUDED flag.
+
+https://fedorahosted.org/389/ticket/48924
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 8cfb650170bbb4f6ce328b827dc294437ee38c4b)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_modify.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+index 37225cd..9b3062c 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+@@ -465,9 +465,14 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ */
+ if ( MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
+ /* find and lock the entry we are about to modify */
+- if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL ) {
++ if (fixup_tombstone) {
++ e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn );
++ } else {
++ e = find_entry2modify( pb, be, addr, &txn );
++ }
++ if (e == NULL) {
+ ldap_result_code= -1;
+- goto error_return; /* error result sent by find_entry2modify() */
++ goto error_return; /* error result sent by find_entry2modify() */
+ }
+ }
+
+@@ -545,9 +550,14 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ if (0 == retry_count) { /* just once */
+ if ( !MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
+ /* find and lock the entry we are about to modify */
+- if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL ) {
++ if (fixup_tombstone) {
++ e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn );
++ } else {
++ e = find_entry2modify( pb, be, addr, &txn );
++ }
++ if (e == NULL) {
+ ldap_result_code= -1;
+- goto error_return; /* error result sent by find_entry2modify() */
++ goto error_return; /* error result sent by find_entry2modify() */
+ }
+ }
+
+--
+2.4.11
+
diff --git a/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch b/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
deleted file mode 100644
index 18a0ca7..0000000
--- a/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 4b532c2fde59790981142e3245535a0176bb7e4f Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 7 Jul 2015 12:54:38 -0700
-Subject: [PATCH] Ticket #48203 - Fix coverity issues - 07/07/2015
-
-Description:
-1. Defect type: CLANG_WARNING
- 389-ds-base-1.3.4.0/ldap/servers/slapd/conntable.c:161:11: warning:
- Access to field 'c_ct' results in a dereference of a null pointer
- (loaded from variable 'c')
-
-Thanks to rmeggins@redhat.com for the advice:
-> PR_NewLock() returns NULL then the server is severely out of some
-> resource (like RAM, stack space, etc.) and probably should just exit.
-
-https://fedorahosted.org/389/ticket/48203#comment:8
-(cherry picked from commit bca0908b1e10ada69cdc051d4aaceda73a940597)
-(cherry picked from commit a741911c9a5090d78f7a81c475bea3f6593d72ad)
----
- ldap/servers/slapd/conntable.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/conntable.c b/ldap/servers/slapd/conntable.c
-index 0364d94..d5b9058 100644
---- a/ldap/servers/slapd/conntable.c
-+++ b/ldap/servers/slapd/conntable.c
-@@ -147,7 +147,7 @@ connection_table_get_connection(Connection_Table *ct, int sd)
- c->c_mutex = NULL;
- c->c_pdumutex = NULL;
- LDAPDebug( LDAP_DEBUG_ANY,"PR_NewLock failed\n",0, 0, 0 );
-- c= NULL;
-+ exit(1);
- }
- }
- /* Let's make sure there's no cruft left on there from the last time this connection was used. */
---
-1.9.3
-
diff --git a/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
new file mode 100644
index 0000000..bec769a
--- /dev/null
+++ b/SOURCES/0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
@@ -0,0 +1,480 @@
+From 3fbe8ab77452998fd646bf26ee8162aab0ae8659 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 13 Jul 2016 18:59:01 -0700
+Subject: [PATCH 09/15] Ticket #48919 - Compiler warnings while building
+ 389-ds-base on RHEL7
+
+Description: Cleaned up warnings from gcc and clang.
+
+https://fedorahosted.org/389/ticket/48919
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit 18c6029f64c48b330a101cbadceb8293d39bf5e2)
+---
+ ldap/servers/plugins/acl/acllas.c | 1 -
+ ldap/servers/slapd/agtmmap.c | 10 +++++++++-
+ ldap/servers/slapd/back-ldbm/idl_new.c | 4 ++--
+ .../servers/slapd/back-ldbm/ldbm_instance_config.c | 5 +++++
+ ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 15 ++++++++++-----
+ ldap/servers/slapd/detach.c | 11 +++++++----
+ ldap/servers/slapd/localhost.c | 10 +++++++---
+ ldap/servers/slapd/protect_db.c | 22 +++++++++++++++-------
+ ldap/servers/slapd/protect_db.h | 3 +++
+ ldap/servers/slapd/saslbind.c | 3 +++
+ ldap/servers/slapd/tools/ldclt/ldapfct.c | 5 ++++-
+ ldap/servers/slapd/tools/ldif.c | 5 ++++-
+ ldap/servers/slapd/tools/mmldif.c | 20 ++++++++++++--------
+ ldap/servers/slapd/util.c | 9 ++++++---
+ ldap/servers/snmp/main.c | 15 ++++++++++++---
+ lib/base/file.cpp | 1 -
+ lib/base/fsmutex.cpp | 10 +++++++---
+ 17 files changed, 106 insertions(+), 43 deletions(-)
+
+diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
+index ff9b450..47ac0b8 100644
+--- a/ldap/servers/plugins/acl/acllas.c
++++ b/ldap/servers/plugins/acl/acllas.c
+@@ -190,7 +190,6 @@ extern int ldapu_member_certificate_match (void* cert, const char* desc);
+ /****************************************************************************/
+ /* Defines, Constants, ande Declarations */
+ /****************************************************************************/
+-static char* const type_objectClass = "objectclass";
+ static char* const filter_groups = "(|(objectclass=groupOfNames) (objectclass=groupOfUniqueNames)(objectclass=groupOfCertificates)(objectclass=groupOfURLs))";
+ static char* const type_member = "member";
+ static char* const type_uniquemember = "uniquemember";
+diff --git a/ldap/servers/slapd/agtmmap.c b/ldap/servers/slapd/agtmmap.c
+index 6f72d57..629bc1b 100644
+--- a/ldap/servers/slapd/agtmmap.c
++++ b/ldap/servers/slapd/agtmmap.c
+@@ -160,7 +160,15 @@ agt_mopen_stats (char * statsfile, int mode, int *hdl)
+ {
+ /* Without this we will get segv when we try to read/write later */
+ buf = calloc (1, sz);
+- (void)write (fd, buf, sz);
++ if (write(fd, buf, sz) < 0) {
++ err = errno;
++#if (0)
++ fprintf (stderr, "write failed errno=%d from %s(line: %d)\n", err, __FILE__, __LINE__);
++#endif
++ rc = err;
++ free (buf);
++ goto bail;
++ }
+ free (buf);
+ }
+
+diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c
+index 63df49f..a8d76d8 100644
+--- a/ldap/servers/slapd/back-ldbm/idl_new.c
++++ b/ldap/servers/slapd/back-ldbm/idl_new.c
+@@ -403,8 +403,8 @@ idl_new_range_fetch(
+ time_t curtime;
+ void *saved_key = NULL;
+ int coreop = operator & SLAPI_OP_RANGE;
+- ID key;
+- ID suffix;
++ ID key = 0xff; /* random- to suppress compiler warning */
++ ID suffix = 0; /* random- to suppress compiler warning */
+ idl_range_id_pair *leftover = NULL;
+ size_t leftoverlen = 32;
+ int leftovercnt = 0;
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
+index 9302410..698be66 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
+@@ -1155,6 +1155,11 @@ ldbm_instance_post_delete_instance_entry_callback(Slapi_PBlock *pb, Slapi_Entry*
+ rc = PR_Delete(dbp);
+ }
+ PR_ASSERT(rc == 0);
++ if (rc != 0) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY,
++ "ldbm_instance_post_delete_instance_entry_callback:"
++ " failed to delete %s\n", dbp);
++ }
+ PR_smprintf_free(dbp);
+ }
+ PR_CloseDir(dirhandle);
+diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+index 0b2eab2..52338c2 100644
+--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
++++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+@@ -1009,7 +1009,6 @@ export_one_entry(struct ldbminfo *li,
+ }
+ slapi_ch_free_string(&pw);
+ }
+- rc = 0;
+ data.data = slapi_entry2str_with_options(expargs->ep->ep_entry,
+ &len, expargs->options);
+ data.size = len + 1;
+@@ -1018,10 +1017,14 @@ export_one_entry(struct ldbminfo *li,
+ char idstr[32];
+
+ sprintf(idstr, "# entry-id: %lu\n", (u_long)expargs->ep->ep_id);
+- write(expargs->fd, idstr, strlen(idstr));
++ rc = write(expargs->fd, idstr, strlen(idstr));
++ PR_ASSERT(rc > 0);
+ }
+- write(expargs->fd, data.data, len);
+- write(expargs->fd, "\n", 1);
++ rc = write(expargs->fd, data.data, len);
++ PR_ASSERT(rc > 0);
++ rc = write(expargs->fd, "\n", 1);
++ PR_ASSERT(rc > 0);
++ rc = 0;
+ if ((*expargs->cnt) % 1000 == 0) {
+ int percent;
+
+@@ -1350,7 +1353,9 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb )
+ */
+
+ sprintf(vstr, "version: %d\n\n", myversion);
+- write(fd, vstr, strlen(vstr));
++ rc = write(fd, vstr, strlen(vstr));
++ PR_ASSERT(rc > 0);
++ rc = 0;
+ }
+
+ eargs.decrypt = decrypt;
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index b5af952..b055a5c 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -48,7 +48,7 @@ int
+ detach( int slapd_exemode, int importexport_encrypt,
+ int s_port, daemon_ports_t *ports_info )
+ {
+- int i, sd;
++ int i, sd, rc;
+ char *workingdir = 0;
+ char *errorlog = 0;
+ char *ptr = 0;
+@@ -84,13 +84,15 @@ detach( int slapd_exemode, int importexport_encrypt,
+ if ( NULL == workingdir ) {
+ errorlog = config_get_errorlog();
+ if ( NULL == errorlog ) {
+- (void) chdir( "/" );
++ rc = chdir( "/" );
++ PR_ASSERT(rc == 0);
+ } else {
+ if ((ptr = strrchr(errorlog, '/')) ||
+ (ptr = strrchr(errorlog, '\\'))) {
+ *ptr = 0;
+ }
+- (void) chdir( errorlog );
++ rc = chdir( errorlog );
++ PR_ASSERT(rc == 0);
+ config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, NULL, 1);
+ slapi_ch_free_string(&errorlog);
+ }
+@@ -99,7 +101,8 @@ detach( int slapd_exemode, int importexport_encrypt,
+ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, NULL, 0) == LDAP_OPERATIONS_ERROR) {
+ return 1;
+ }
+- (void) chdir( workingdir );
++ rc = chdir( workingdir );
++ PR_ASSERT(rc == 0);
+ slapi_ch_free_string(&workingdir);
+ }
+
+diff --git a/ldap/servers/slapd/localhost.c b/ldap/servers/slapd/localhost.c
+index 2c40493..7b4e903 100644
+--- a/ldap/servers/slapd/localhost.c
++++ b/ldap/servers/slapd/localhost.c
+@@ -118,9 +118,13 @@ find_localhost_DNS()
+ #ifndef NO_DOMAINNAME
+ if (domain == NULL) {
+ /* No domain found. Try getdomainname. */
+- getdomainname (line, sizeof(line));
+- LDAPDebug (LDAP_DEBUG_CONFIG, "getdomainname(%s)\n", line, 0, 0);
+- if (line[0] != 0) {
++ line[0] = '\0';
++ if (getdomainname(line, sizeof(line)) < 0) { /* failure */
++ slapi_log_error(SLAPI_LOG_FATAL, "localhost_DNS", "getdomainname failed\n");
++ } else {
++ slapi_log_error(SLAPI_LOG_CONFIG, "localhost_DNS", "getdomainname(%s)\n", line);
++ }
++ if (line[0] != '\0') {
+ domain = &line[0];
+ }
+ }
+diff --git a/ldap/servers/slapd/protect_db.c b/ldap/servers/slapd/protect_db.c
+index b22daa1..4579852 100644
+--- a/ldap/servers/slapd/protect_db.c
++++ b/ldap/servers/slapd/protect_db.c
+@@ -42,7 +42,7 @@ grab_lockfile()
+ {
+ pid_t pid, owning_pid;
+ char lockfile[MAXPATHLEN];
+- int fd, x;
++ int fd, x, rc;
+ int removed_lockfile = 0;
+ struct timeval t;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+@@ -60,8 +60,12 @@ grab_lockfile()
+ /* Try to grab it */
+ if ((fd = open(lockfile, O_RDWR | O_CREAT | O_EXCL, 0644)) != -1) {
+ /* We got the lock, write our pid to the file */
+- write(fd, (void *) &pid, sizeof(pid_t));
+- close(fd);
++ rc = write(fd, (void *) &pid, sizeof(pid_t));
++ close(fd);
++ if (rc < 0) {
++ fprintf(stderr, ERROR_WRITING_LOCKFILE, lockfile);
++ return rc;
++ }
+ return 0;
+ }
+
+@@ -74,13 +78,17 @@ grab_lockfile()
+
+ while(1) {
+ /* Try to grab the lockfile NUM_TRIES times waiting WAIT_TIME milliseconds after each try */
+- t.tv_sec = 0;
+- t.tv_usec = WAIT_TIME * 1000;
++ t.tv_sec = 0;
++ t.tv_usec = WAIT_TIME * 1000;
+ for(x = 0; x < NUM_TRIES; x++) {
+ if ((fd = open(lockfile, O_RDWR | O_CREAT | O_EXCL, 0644)) != -1) {
+ /* Got the lock */
+- write(fd, (void *) &pid, sizeof(pid_t));
+- close(fd);
++ rc = write(fd, (void *) &pid, sizeof(pid_t));
++ close(fd);
++ if (rc < 0) {
++ fprintf(stderr, ERROR_WRITING_LOCKFILE, lockfile);
++ return rc;
++ }
+ return 0;
+ }
+ select(0, NULL, NULL, NULL, &t);
+diff --git a/ldap/servers/slapd/protect_db.h b/ldap/servers/slapd/protect_db.h
+index 0f729a2..66adfb3 100644
+--- a/ldap/servers/slapd/protect_db.h
++++ b/ldap/servers/slapd/protect_db.h
+@@ -26,6 +26,9 @@ void remove_slapd_process();
+ #define ERROR_ACCESSING_LOCKFILE "Error - Problem accessing the lockfile %s\n"
+ /* name of lockfile */
+
++#define ERROR_WRITING_LOCKFILE "Error - Problem writing the lockfile %s\n"
++ /* name of lockfile */
++
+ #define LOCKFILE_DEAD_OWNER "Error - The lockfile, %s, is held by process %d,\nwhich no longer seems to be running. If this is\nthe case, please remove the lockfile\n"
+ /* name of lockfile, pid of owning process */
+
+diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
+index eb68209..37175f4 100644
+--- a/ldap/servers/slapd/saslbind.c
++++ b/ldap/servers/slapd/saslbind.c
+@@ -547,6 +547,9 @@ int ids_sasl_init(void)
+ LDAPDebug( LDAP_DEBUG_TRACE, "=> ids_sasl_init\n", 0, 0, 0 );
+
+ PR_ASSERT(inited == 0);
++ if (inited != 0) {
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "ids_sasl_init is called more than once.\n");
++ }
+ inited = 1;
+
+ serverfqdn = get_localhost_DNS();
+diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
+index e13983d..f084cb4 100644
+--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
++++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
+@@ -2552,7 +2552,10 @@ int ldclt_write_genldif_nb;
+ void
+ ldclt_flush_genldif (void)
+ {
+- write (mctx.genldifFile, ldclt_write_genldif_buf, ldclt_write_genldif_nb);
++ if (write (mctx.genldifFile, ldclt_write_genldif_buf, ldclt_write_genldif_nb) < 0) {
++ printf("ldclt[%d]: ldclt_flush_genldif: Failed to write (%s) error=%d\n",
++ mctx.pid, ldclt_write_genldif_buf, errno);
++ }
+ ldclt_write_genldif_pt = ldclt_write_genldif_buf;
+ ldclt_write_genldif_nb = 0;
+ }
+diff --git a/ldap/servers/slapd/tools/ldif.c b/ldap/servers/slapd/tools/ldif.c
+index 1050fbd..5973c6b 100644
+--- a/ldap/servers/slapd/tools/ldif.c
++++ b/ldap/servers/slapd/tools/ldif.c
+@@ -132,7 +132,10 @@ int main( int argc, char **argv )
+ free( buf );
+ return( 1 );
+ }
+- (void)fgets(buf+curlen, maxlen/2 + 1, stdin);
++ if (NULL == fgets(buf+curlen, maxlen/2 + 1, stdin)) {
++ /* no more input to read. */
++ break;
++ }
+ }
+ /* we have a full line, chop potential newline and turn into ldif */
+ if( buf[curlen-1] == '\n' )
+diff --git a/ldap/servers/slapd/tools/mmldif.c b/ldap/servers/slapd/tools/mmldif.c
+index 1f846d0..ddfaf6c 100644
+--- a/ldap/servers/slapd/tools/mmldif.c
++++ b/ldap/servers/slapd/tools/mmldif.c
+@@ -766,8 +766,7 @@ readrec(edfFILE * edf1, attrib1_t ** attrib)
+ while (*vptr == ' ') vptr++; /* skip optional spaces */
+ b64 = initDec64((unsigned char *)att->value, 0x20000);
+ if (Dec64(b64, (unsigned char *) vptr)) {
+- LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n",
+- line, 0, 0);
++ LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n", line, 0, 0);
+ continue; /* invalid line, but we'll just skip it */
+ }
+ toolong = FALSE;
+@@ -775,7 +774,11 @@ readrec(edfFILE * edf1, attrib1_t ** attrib)
+ lookahead = fgetc(edf1->fp);
+ if (lookahead != ' ')
+ break;
+- (void)fgets(line, sizeof(line), edf1->fp);
++ line[0] = '\0';
++ if (NULL == fgets(line, sizeof(line), edf1->fp)) {
++ LDAPDebug0Args(LDAP_DEBUG_TRACE, "readrec: failed to read line\n");
++ break;
++ }
+ len = strlen(line);
+ for (lptr = line+len-1; len; len--, lptr--) {
+ if ((*lptr != '\n') && (*lptr != '\r'))
+@@ -785,16 +788,14 @@ readrec(edfFILE * edf1, attrib1_t ** attrib)
+ rc = Dec64(b64, (unsigned char *)line);
+ if (rc == -1)
+ {
+- LDAPDebug(LDAP_DEBUG_TRACE,
+- "%s\n invalid input line\n", line, 0, 0);
++ LDAPDebug(LDAP_DEBUG_TRACE, "%s\n invalid input line\n", line, 0, 0);
+ continue; /* invalid line, but we'll just skip it */
+ }
+
+ if (rc) {
+ if (!toolong) {
+ toolong = TRUE;
+- LDAPDebug(LDAP_DEBUG_TRACE,
+- "%s\n line too long\n", line, 0, 0);
++ LDAPDebug(LDAP_DEBUG_TRACE, "%s\n line too long\n", line, 0, 0);
+ }
+ continue;
+ }
+@@ -813,7 +814,10 @@ readrec(edfFILE * edf1, attrib1_t ** attrib)
+ lookahead = fgetc(edf1->fp);
+ if (lookahead != ' ')
+ break;
+- (void)fgets(line, sizeof(line), edf1->fp);
++ if (NULL == fgets(line, sizeof(line), edf1->fp)) {
++ LDAPDebug0Args(LDAP_DEBUG_TRACE, "readrec: failed to read line\n");
++ break;
++ }
+ len = strlen(line);
+ for (lptr = line+len-1; len; len--, lptr--) {
+ if ((*lptr != '\n') && (*lptr != '\r'))
+diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c
+index a5327d1..1ebdf2e 100644
+--- a/ldap/servers/slapd/util.c
++++ b/ldap/servers/slapd/util.c
+@@ -1592,7 +1592,9 @@ int util_info_sys_pages(size_t *pagesize, size_t *pages, size_t *procpages, size
+ return 1;
+ }
+ while (! feof(f)) {
+- fgets(s, 79, f);
++ if (!fgets(s, 79, f)) {
++ break; /* error or eof */
++ }
+ if (feof(f)) {
+ break;
+ }
+@@ -1614,8 +1616,9 @@ int util_info_sys_pages(size_t *pagesize, size_t *pages, size_t *procpages, size
+ return 1;
+ }
+ while (! feof(fm)) {
+- fgets(s, 79, fm);
+- /* Is this really needed? */
++ if (!fgets(s, 79, fm)) {
++ break; /* error or eof */
++ }
+ if (feof(fm)) {
+ break;
+ }
+diff --git a/ldap/servers/snmp/main.c b/ldap/servers/snmp/main.c
+index 3f96627..ea5050b 100644
+--- a/ldap/servers/snmp/main.c
++++ b/ldap/servers/snmp/main.c
+@@ -44,7 +44,7 @@ main (int argc, char *argv[]) {
+ netsnmp_log_handler *log_hdl = NULL;
+ int c, log_level = LOG_WARNING;
+ struct stat logdir_s;
+- pid_t child_pid;
++ pid_t child_pid = 0;
+ FILE *pid_fp;
+
+ /* Load options */
+@@ -74,7 +74,11 @@ main (int argc, char *argv[]) {
+
+ /* check if we're already running as another process */
+ if ((pid_fp = fopen(pidfile, "r")) != NULL) {
+- fscanf(pid_fp, "%d", &child_pid);
++ int rc = fscanf(pid_fp, "%d", &child_pid);
++ if ((rc == 0) || (rc == EOF)) {
++ printf("ldap-agent: Failed to get pid from %s\n", pidfile);
++ exit(1);
++ }
+ fclose(pid_fp);
+ if (kill(child_pid, SIGUSR1) == 0) {
+ printf("ldap-agent: Already running as pid %d!\n", child_pid);
+@@ -145,6 +149,7 @@ main (int argc, char *argv[]) {
+ /* run as a daemon */
+ if (netsnmp_daemonize(0, 0)) {
+ int i;
++ int rc;
+
+ /* sleep to allow pidfile to be created by child */
+ for (i=0; i < 3; i++) {
+@@ -159,7 +164,11 @@ main (int argc, char *argv[]) {
+ exit(1);
+ }
+
+- fscanf(pid_fp, "%d", &child_pid);
++ rc = fscanf(pid_fp, "%d", &child_pid);
++ if ((rc == 0) || (rc == EOF)) {
++ printf("ldap-agent: Failed to get pid from %s\n", pidfile);
++ exit(1);
++ }
+ fclose(pid_fp);
+ printf("ldap-agent: Started as pid %d\n", child_pid);
+ exit(0);
+diff --git a/lib/base/file.cpp b/lib/base/file.cpp
+index 8c9274a..ad4333e 100644
+--- a/lib/base/file.cpp
++++ b/lib/base/file.cpp
+@@ -38,7 +38,6 @@ extern "C" char *nscperror_lookup(int err);
+ /* PRFileDesc * SYS_ERROR_FD = NULL; */
+
+ const int errbuf_size = 256;
+-const unsigned int LOCKFILERANGE=0x7FFFFFFF;
+ PRLock *_atomic_write_lock = NULL;
+
+ /* --------------------------------- stat --------------------------------- */
+diff --git a/lib/base/fsmutex.cpp b/lib/base/fsmutex.cpp
+index e8f2aff..a0e30fd 100644
+--- a/lib/base/fsmutex.cpp
++++ b/lib/base/fsmutex.cpp
+@@ -85,11 +85,15 @@ fsmutex_init(char *name, int number, int flags)
+ NSAPI_PUBLIC void
+ fsmutex_setowner(FSMUTEX fsm, uid_t uid, gid_t gid)
+ {
+- if(!geteuid())
+- (void) chown( ((fsmutex_s *)fsm)->id, uid, gid);
++ if(!geteuid()) {
++ int rc = chown( ((fsmutex_s *)fsm)->id, uid, gid);
++ PR_ASSERT(rc == 0);
++ if (rc != 0 ) {
++ return; /* just to suppress compiler warning... */
++ }
++ }
+ }
+
+-
+ /* -------------------------- fsmutex_terminate --------------------------- */
+
+ static void
+--
+2.4.11
+
diff --git a/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
new file mode 100644
index 0000000..4f6a8b6
--- /dev/null
+++ b/SOURCES/0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
@@ -0,0 +1,1000 @@
+From ef8228ad564f31992386bfc61553df8387d9e306 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 13 Jul 2016 14:49:18 -0700
+Subject: [PATCH 10/15] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
+ disclosure via repeated use of LDAP ADD operation, etc.
+
+Description: If a bind user has no rights, it should not disclose
+any information including the existence of the entry.
+
+Fix description:
+1) ALREADY_EXISTS in add -- If to be added entry is found existing
+ in ldbm_back_add, it checks the ACI and if there is no rights,
+ it returns INSUFFICIENT_ACCESS instead of ALREADY_EXISTS.
+2) NO_SUCH_OBJECT in other update operations -- If the target entry
+ is found not existing, it checks the ancestor entry's access
+ rights in find_entry. If it is not allowed to access the subtree,
+ it returns INSUFFICIENT_ACCESS instead of NO_SUC_OBJECT. Plus,
+ it supresses the "Matched" ancestor message.
+3) NO_SUCH_OBJECT in search -- If a bind entry has no rights to read
+ a subtree, it returns no search results with SUCCESS. It should
+ be applied to the no existing subtree if the bind entry has no
+ rights to the super tree.
+4) If bind fails because of the non-existence of the bind user or
+ the parent nodes, the bind returns LDAP_INVALID_CREDENTIALS to
+ the client with no other information.
+ The detailed cause is logged in the access log as follows:
+ RESULT err=49 .. etime=0 - No such suffix (<given suffix>)
+ RESULT err=49 .. etime=0 - Invalid credentials
+ RESULT err=49 .. etime=0 - No such entry
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1347760
+
+Reviewed by lkrispen@redhat.com, mreynolds@redhat.com, and tbordaz@redhat.com.
+Thank you!!!
+
+(cherry picked from commit 0b932d4b926d46ac5060f02617330dc444e06da1)
+---
+ ldap/servers/slapd/back-ldbm/dn2entry.c | 17 ++-
+ ldap/servers/slapd/back-ldbm/findentry.c | 139 +++++++++++++++++++------
+ ldap/servers/slapd/back-ldbm/ldbm_add.c | 21 +++-
+ ldap/servers/slapd/back-ldbm/ldbm_bind.c | 11 +-
+ ldap/servers/slapd/back-ldbm/ldbm_compare.c | 2 +-
+ ldap/servers/slapd/back-ldbm/ldbm_delete.c | 9 +-
+ ldap/servers/slapd/back-ldbm/ldbm_modify.c | 18 ++--
+ ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 15 +--
+ ldap/servers/slapd/back-ldbm/ldbm_search.c | 2 +-
+ ldap/servers/slapd/back-ldbm/misc.c | 2 +-
+ ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 14 +--
+ ldap/servers/slapd/back-ldbm/vlv_srch.c | 2 +-
+ ldap/servers/slapd/bind.c | 75 ++++++-------
+ ldap/servers/slapd/defbackend.c | 82 ++++++++++++++-
+ ldap/servers/slapd/result.c | 16 ++-
+ 15 files changed, 311 insertions(+), 114 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/dn2entry.c b/ldap/servers/slapd/back-ldbm/dn2entry.c
+index 6d1d92f..7656688 100644
+--- a/ldap/servers/slapd/back-ldbm/dn2entry.c
++++ b/ldap/servers/slapd/back-ldbm/dn2entry.c
+@@ -151,14 +151,15 @@ struct backentry *
+ dn2ancestor(
+ Slapi_Backend *be,
+ const Slapi_DN *sdn,
+- Slapi_DN *ancestordn,
++ Slapi_DN *ancestordn,
+ back_txn *txn,
+- int *err
++ int *err,
++ int allow_suffix
+ )
+ {
+- struct backentry *e = NULL;
++ struct backentry *e = NULL;
+
+- LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 );
++ LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 );
+
+ /* first, check to see if the given sdn is empty or a root suffix of the
+ given backend - if so, it has no parent */
+@@ -190,7 +191,13 @@ dn2ancestor(
+ */
+
+ /* stop when we get to "", or a backend suffix point */
+- while (!e && !slapi_sdn_isempty(&ancestorndn) && !slapi_be_issuffix( be, &ancestorndn )) {
++ while (!e && !slapi_sdn_isempty(&ancestorndn)) {
++ if (!allow_suffix) {
++ /* Original behavior. */
++ if (slapi_be_issuffix(be, &ancestorndn)) {
++ break;
++ }
++ }
+ /* find the entry - it uses the ndn, so no further conversion is necessary */
+ e= dn2entry(be,&ancestorndn,txn,err);
+ if (!e) {
+diff --git a/ldap/servers/slapd/back-ldbm/findentry.c b/ldap/servers/slapd/back-ldbm/findentry.c
+index 4a574bf..8b842e3 100644
+--- a/ldap/servers/slapd/back-ldbm/findentry.c
++++ b/ldap/servers/slapd/back-ldbm/findentry.c
+@@ -16,8 +16,8 @@
+ #include "back-ldbm.h"
+
+
+-static struct backentry *find_entry_internal_dn(Slapi_PBlock *pb, backend *be, const Slapi_DN *sdn, int lock, back_txn *txn, int flags);
+-static struct backentry * find_entry_internal(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int lock, back_txn *txn, int flags);
++static struct backentry *find_entry_internal_dn(Slapi_PBlock *pb, backend *be, const Slapi_DN *sdn, int lock, back_txn *txn, int flags, int *rc);
++static struct backentry * find_entry_internal(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int lock, back_txn *txn, int flags, int *rc);
+ /* The flags take these values */
+ #define FE_TOMBSTONE_INCLUDED TOMBSTONE_INCLUDED /* :1 defined in back-ldbm.h */
+ #define FE_REALLY_INTERNAL 0x2
+@@ -27,7 +27,7 @@ check_entry_for_referral(Slapi_PBlock *pb, Slapi_Entry *entry, char *matched, co
+ {
+ int rc=0, i=0, numValues=0;
+ Slapi_Attr *attr;
+- Slapi_Value *val=NULL;
++ Slapi_Value *val=NULL;
+ struct berval **refscopy=NULL;
+ struct berval **url=NULL;
+
+@@ -80,12 +80,13 @@ out:
+
+ static struct backentry *
+ find_entry_internal_dn(
+- Slapi_PBlock *pb,
++ Slapi_PBlock *pb,
+ backend *be,
+ const Slapi_DN *sdn,
+ int lock,
+- back_txn *txn,
+- int flags
++ back_txn *txn,
++ int flags,
++ int *rc /* return code */
+ )
+ {
+ struct backentry *e;
+@@ -93,9 +94,14 @@ find_entry_internal_dn(
+ int err;
+ ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
+ size_t tries = 0;
++ int isroot = 0;
++ int op_type;
++ char *errbuf = NULL;
+
+ /* get the managedsait ldap message control */
+- slapi_pblock_get( pb, SLAPI_MANAGEDSAIT, &managedsait );
++ slapi_pblock_get(pb, SLAPI_MANAGEDSAIT, &managedsait);
++ slapi_pblock_get(pb, SLAPI_REQUESTOR_ISROOT, &isroot);
++ slapi_pblock_get(pb, SLAPI_OPERATION_TYPE, &op_type);
+
+ while ( (tries < LDBM_CACHE_RETRY_COUNT) &&
+ (e = dn2entry_ext( be, sdn, txn, flags & TOMBSTONE_INCLUDED, &err ))
+@@ -113,6 +119,9 @@ find_entry_internal_dn(
+ if(check_entry_for_referral(pb, e->ep_entry, NULL, "find_entry_internal_dn"))
+ {
+ CACHE_RETURN( &inst->inst_cache, &e );
++ if (rc) { /* if check_entry_for_referral returns non-zero, result is sent. */
++ *rc = FE_RC_SENT_RESULT;
++ }
+ return( NULL );
+ }
+ }
+@@ -151,27 +160,89 @@ find_entry_internal_dn(
+ struct backentry *me;
+ Slapi_DN ancestorsdn;
+ slapi_sdn_init(&ancestorsdn);
+- me= dn2ancestor(pb->pb_backend,sdn,&ancestorsdn,txn,&err);
++ me = dn2ancestor(pb->pb_backend, sdn, &ancestorsdn, txn, &err, 1 /* allow_suffix */);
+ if ( !managedsait && me != NULL ) {
+ /* if the entry is a referral send the referral */
+ if(check_entry_for_referral(pb, me->ep_entry, (char*)slapi_sdn_get_dn(&ancestorsdn), "find_entry_internal_dn"))
+ {
+ CACHE_RETURN( &inst->inst_cache, &me );
+ slapi_sdn_done(&ancestorsdn);
++ if (rc) { /* if check_entry_for_referral returns non-zero, result is sent. */
++ *rc = FE_RC_SENT_RESULT;
++ }
+ return( NULL );
+ }
+ /* else fall through to no such object */
+ }
+
+ /* entry not found */
+- slapi_send_ldap_result( pb, ( 0 == err || DB_NOTFOUND == err ) ?
+- LDAP_NO_SUCH_OBJECT : ( LDAP_INVALID_DN_SYNTAX == err ) ?
+- LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR,
+- (char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL );
++ if ((0 == err) || (DB_NOTFOUND == err)) {
++ if (me && !isroot) {
++ /* If not root, you may not want to reveal it. */
++ int acl_type = -1;
++ int return_err = LDAP_NO_SUCH_OBJECT;
++ err = LDAP_SUCCESS;
++ switch (op_type) {
++ case SLAPI_OPERATION_ADD:
++ acl_type = SLAPI_ACL_ADD;
++ return_err = LDAP_INSUFFICIENT_ACCESS;
++ break;
++ case SLAPI_OPERATION_DELETE:
++ acl_type = SLAPI_ACL_DELETE;
++ return_err = LDAP_INSUFFICIENT_ACCESS;
++ break;
++ case SLAPI_OPERATION_MODDN:
++ acl_type = SLAPI_ACL_MODDN;
++ return_err = LDAP_INSUFFICIENT_ACCESS;
++ break;
++ case SLAPI_OPERATION_MODIFY:
++ acl_type = SLAPI_ACL_WRITE;
++ return_err = LDAP_INSUFFICIENT_ACCESS;
++ break;
++ case SLAPI_OPERATION_SEARCH:
++ case SLAPI_OPERATION_COMPARE:
++ return_err = LDAP_SUCCESS;
++ acl_type = SLAPI_ACL_READ;
++ break;
++ case SLAPI_OPERATION_BIND:
++ acl_type = -1; /* skip acl check. acl is not set up for bind. */
++ return_err = LDAP_INVALID_CREDENTIALS;
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry");
++ break;
++ }
++ if (acl_type > 0) {
++ err = plugin_call_acl_plugin(pb, me->ep_entry, NULL, NULL, acl_type,
++ ACLPLUGIN_ACCESS_DEFAULT, &errbuf);
++ }
++ if (((acl_type > 0) && err) || (op_type == SLAPI_OPERATION_BIND)) {
++ /*
++ * Operations to be checked && ACL returns disallow.
++ * Not to disclose the info about the entry's existence,
++ * do not return the "matched" DN.
++ * Plus, the bind case returns LDAP_INAPPROPRIATE_AUTH.
++ */
++ slapi_send_ldap_result(pb, return_err, NULL, NULL, 0, NULL);
++ } else {
++ slapi_send_ldap_result(pb, LDAP_NO_SUCH_OBJECT,
++ (char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL);
++ }
++ } else {
++ slapi_send_ldap_result( pb, LDAP_NO_SUCH_OBJECT,
++ (char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL);
++ }
++ } else {
++ slapi_send_ldap_result( pb, ( LDAP_INVALID_DN_SYNTAX == err ) ?
++ LDAP_INVALID_DN_SYNTAX : LDAP_OPERATIONS_ERROR,
++ (char*)slapi_sdn_get_dn(&ancestorsdn), NULL, 0, NULL );
++ }
++ if (rc) {
++ *rc = FE_RC_SENT_RESULT;
++ }
+ slapi_sdn_done(&ancestorsdn);
+ CACHE_RETURN( &inst->inst_cache, &me );
+ }
+
++ slapi_ch_free_string(&errbuf);
+ LDAPDebug( LDAP_DEBUG_TRACE, "<= find_entry_internal_dn not found (%s)\n",
+ slapi_sdn_get_dn(sdn), 0, 0 );
+ return( NULL );
+@@ -183,11 +254,11 @@ find_entry_internal_dn(
+ */
+ static struct backentry *
+ find_entry_internal_uniqueid(
+- Slapi_PBlock *pb,
++ Slapi_PBlock *pb,
+ backend *be,
+- const char *uniqueid,
++ const char *uniqueid,
+ int lock,
+- back_txn *txn
++ back_txn *txn
+ )
+ {
+ ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
+@@ -243,8 +314,9 @@ find_entry_internal(
+ Slapi_Backend *be,
+ const entry_address *addr,
+ int lock,
+- back_txn *txn,
+- int flags
++ back_txn *txn,
++ int flags,
++ int *rc
+ )
+ {
+ /* check if we should search based on uniqueid or dn */
+@@ -261,11 +333,9 @@ find_entry_internal(
+ LDAPDebug( LDAP_DEBUG_TRACE, "=> find_entry_internal (dn=%s) lock %d\n",
+ slapi_sdn_get_dn(addr->sdn), lock, 0 );
+ if (addr->sdn) {
+- entry = find_entry_internal_dn (pb, be, addr->sdn,
+- lock, txn, flags);
++ entry = find_entry_internal_dn (pb, be, addr->sdn, lock, txn, flags, rc);
+ } else {
+- LDAPDebug0Args( LDAP_DEBUG_ANY,
+- "find_entry_internal: Null target dn\n" );
++ LDAPDebug0Args( LDAP_DEBUG_ANY, "find_entry_internal: Null target dn\n" );
+ }
+
+ LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= find_entry_internal\n" );
+@@ -278,10 +348,11 @@ find_entry(
+ Slapi_PBlock *pb,
+ Slapi_Backend *be,
+ const entry_address *addr,
+- back_txn *txn
++ back_txn *txn,
++ int *rc
+ )
+ {
+- return( find_entry_internal( pb, be, addr, 0/*!lock*/, txn, 0/*flags*/ ) );
++ return(find_entry_internal(pb, be, addr, 0/*!lock*/, txn, 0/*flags*/, rc));
+ }
+
+ struct backentry *
+@@ -289,10 +360,11 @@ find_entry2modify(
+ Slapi_PBlock *pb,
+ Slapi_Backend *be,
+ const entry_address *addr,
+- back_txn *txn
++ back_txn *txn,
++ int *rc
+ )
+ {
+- return( find_entry_internal( pb, be, addr, 1/*lock*/, txn, 0/*flags*/ ) );
++ return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, 0/*flags*/, rc));
+ }
+
+ /* New routines which do not do any referral stuff.
+@@ -304,10 +376,11 @@ find_entry_only(
+ Slapi_PBlock *pb,
+ Slapi_Backend *be,
+ const entry_address *addr,
+- back_txn *txn
++ back_txn *txn,
++ int *rc
+ )
+ {
+- return( find_entry_internal( pb, be, addr, 0/*!lock*/, txn, FE_REALLY_INTERNAL ) );
++ return(find_entry_internal(pb, be, addr, 0/*!lock*/, txn, FE_REALLY_INTERNAL, rc));
+ }
+
+ struct backentry *
+@@ -315,10 +388,11 @@ find_entry2modify_only(
+ Slapi_PBlock *pb,
+ Slapi_Backend *be,
+ const entry_address *addr,
+- back_txn *txn
++ back_txn *txn,
++ int *rc
+ )
+ {
+- return( find_entry_internal( pb, be, addr, 1/*lock*/, txn, FE_REALLY_INTERNAL ) );
++ return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, 0 /* to check aci, disable INTERNAL */, rc));
+ }
+
+ struct backentry *
+@@ -327,10 +401,9 @@ find_entry2modify_only_ext(
+ Slapi_Backend *be,
+ const entry_address *addr,
+ int flags,
+- back_txn *txn
+-
++ back_txn *txn,
++ int *rc
+ )
+ {
+- return( find_entry_internal( pb, be, addr, 1/*lock*/, txn,
+- FE_REALLY_INTERNAL | flags ));
++ return(find_entry_internal(pb, be, addr, 1/*lock*/, txn, FE_REALLY_INTERNAL | flags, rc));
+ }
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
+index 7eb8fe9..f462376 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
+@@ -93,6 +93,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ int myrc = 0;
+ PRUint64 conn_id;
+ int op_id;
++ int result_sent = 0;
+ if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) {
+ conn_id = 0; /* connection is NULL */
+ }
+@@ -379,7 +380,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ addr.sdn = &parentsdn;
+ addr.udn = NULL;
+ addr.uniqueid = operation->o_params.p.p_add.parentuniqueid;
+- parententry = find_entry2modify_only(pb,be,&addr,&txn);
++ parententry = find_entry2modify_only(pb, be, &addr, &txn, &result_sent);
+ if (parententry && parententry->ep_entry) {
+ if (!operation->o_params.p.p_add.parentuniqueid){
+ /* Set the parentuniqueid now */
+@@ -431,6 +432,14 @@ ldbm_back_add( Slapi_PBlock *pb )
+ /* The entry already exists */
+ ldap_result_code = LDAP_ALREADY_EXISTS;
+ }
++ if ((LDAP_ALREADY_EXISTS == ldap_result_code) && !isroot && !is_replicated_operation) {
++ myrc = plugin_call_acl_plugin(pb, e, NULL, NULL, SLAPI_ACL_ADD,
++ ACLPLUGIN_ACCESS_DEFAULT, &errbuf);
++ if (myrc) {
++ ldap_result_code = myrc;
++ ldap_result_message = errbuf;
++ }
++ }
+ goto error_return;
+ }
+ else
+@@ -447,7 +456,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ Slapi_DN ancestorsdn;
+ struct backentry *ancestorentry;
+ slapi_sdn_init(&ancestorsdn);
+- ancestorentry= dn2ancestor(pb->pb_backend,sdn,&ancestorsdn,&txn,&err);
++ ancestorentry = dn2ancestor(pb->pb_backend, sdn, &ancestorsdn, &txn, &err, 0);
+ slapi_sdn_done(&ancestorsdn);
+ if ( ancestorentry != NULL )
+ {
+@@ -495,7 +504,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ addr.udn = NULL;
+ addr.sdn = NULL;
+ addr.uniqueid = (char *)slapi_entry_get_uniqueid(e); /* jcm - cast away const */
+- tombstoneentry = find_entry2modify( pb, be, &addr, &txn );
++ tombstoneentry = find_entry2modify(pb, be, &addr, &txn, &result_sent);
+ if ( tombstoneentry==NULL )
+ {
+ ldap_result_code= -1;
+@@ -712,7 +721,7 @@ ldbm_back_add( Slapi_PBlock *pb )
+ LDAPDebug1Arg(LDAP_DEBUG_BACKLDBM, "ldbm_add: Parent \"%s\" does not exist. "
+ "It might be a conflict entry.\n", slapi_sdn_get_dn(&parentsdn));
+ slapi_sdn_init(&ancestorsdn);
+- ancestorentry = dn2ancestor(be, &parentsdn, &ancestorsdn, &txn, &err );
++ ancestorentry = dn2ancestor(be, &parentsdn, &ancestorsdn, &txn, &err, 1);
+ CACHE_RETURN( &inst->inst_cache, &ancestorentry );
+
+ ldap_result_code= LDAP_NO_SUCH_OBJECT;
+@@ -1349,7 +1358,9 @@ common_return:
+ * And we don't want the supplier to halt sending the updates. */
+ ldap_result_code = LDAP_SUCCESS;
+ }
+- slapi_send_ldap_result( pb, ldap_result_code, ldap_result_matcheddn, ldap_result_message, 0, NULL );
++ if (!result_sent) {
++ slapi_send_ldap_result(pb, ldap_result_code, ldap_result_matcheddn, ldap_result_message, 0, NULL);
++ }
+ }
+ backentry_free(&originalentry);
+ backentry_free(&tmpentry);
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_bind.c b/ldap/servers/slapd/back-ldbm/ldbm_bind.c
+index ea0df33..99a0818 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_bind.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_bind.c
+@@ -29,6 +29,7 @@ ldbm_back_bind( Slapi_PBlock *pb )
+ entry_address *addr;
+ back_txn txn = {NULL};
+ int rc = SLAPI_BIND_SUCCESS;
++ int result_sent = 0;
+
+ /* get parameters */
+ slapi_pblock_get( pb, SLAPI_BACKEND, &be );
+@@ -63,8 +64,12 @@ ldbm_back_bind( Slapi_PBlock *pb )
+ * find the target entry. find_entry() takes care of referrals
+ * and sending errors if the entry does not exist.
+ */
+- if (( e = find_entry( pb, be, addr, &txn )) == NULL ) {
++ if ((e = find_entry( pb, be, addr, &txn, &result_sent)) == NULL) {
+ rc = SLAPI_BIND_FAIL;
++ /* In the failure case, the result is supposed to be sent in the backend. */
++ if (!result_sent) {
++ slapi_send_ldap_result(pb, LDAP_INAPPROPRIATE_AUTH, NULL, NULL, 0, NULL);
++ }
+ goto bail;
+ }
+
+@@ -82,8 +87,8 @@ ldbm_back_bind( Slapi_PBlock *pb )
+ bvals= attr_get_present_values(attr);
+ slapi_value_init_berval(&cv,cred);
+ if ( slapi_pw_find_sv( bvals, &cv ) != 0 ) {
+- slapi_send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL,
+- NULL, 0, NULL );
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Invalid credentials");
++ slapi_send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL );
+ CACHE_RETURN( &inst->inst_cache, &e );
+ value_done(&cv);
+ rc = SLAPI_BIND_FAIL;
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_compare.c b/ldap/servers/slapd/back-ldbm/ldbm_compare.c
+index e52cd6c..e9973a9 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_compare.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_compare.c
+@@ -56,7 +56,7 @@ ldbm_back_compare( Slapi_PBlock *pb )
+ /* get the namespace dn */
+ namespace_dn = (Slapi_DN*)slapi_be_getsuffix(be, 0);
+
+- if ( (e = find_entry( pb, be, addr, &txn )) == NULL ) {
++ if ((e = find_entry(pb, be, addr, &txn, NULL)) == NULL) {
+ ret = -1; /* error result sent by find_entry() */
+ goto bail;
+ }
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+index 5b24af2..f801e01 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+@@ -77,6 +77,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
+ int op_id;
+ ID ep_id = 0;
+ ID tomb_ep_id = 0;
++ int result_sent = 0;
+
+ if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) {
+ conn_id = 0; /* connection is NULL */
+@@ -266,7 +267,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
+ * deleted. That is, the entry 'e' found with "addr" is a tomb-
+ * stone. If it is the case, we need to back off.
+ */
+- if ( (e = find_entry2modify( pb, be, addr, &txn )) == NULL )
++ if ((e = find_entry2modify(pb, be, addr, &txn, &result_sent)) == NULL)
+ {
+ ldap_result_code= LDAP_NO_SUCH_OBJECT;
+ retval = -1;
+@@ -507,7 +508,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
+ parent_addr.uniqueid = NULL;
+ }
+ parent_addr.sdn = &parentsdn;
+- parent = find_entry2modify_only_ext(pb, be, &parent_addr, TOMBSTONE_INCLUDED, &txn);
++ parent = find_entry2modify_only_ext(pb, be, &parent_addr, TOMBSTONE_INCLUDED, &txn, &result_sent);
+ }
+ if (parent) {
+ int isglue;
+@@ -1466,7 +1467,9 @@ diskfull_return:
+ * And we don't want the supplier to halt sending the updates. */
+ ldap_result_code = LDAP_SUCCESS;
+ }
+- slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
++ if (!result_sent) {
++ slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
++ }
+ }
+ slapi_log_error(SLAPI_LOG_BACKLDBM, "ldbm_back_delete",
+ "conn=%lu op=%d modify_term: old_entry=0x%p, new_entry=0x%p, in_cache=%d\n",
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+index 9b3062c..34d9861 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+@@ -392,6 +392,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ int not_an_error = 0;
+ int fixup_tombstone = 0;
+ int ec_locked = 0;
++ int result_sent = 0;
+
+ slapi_pblock_get( pb, SLAPI_BACKEND, &be);
+ slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
+@@ -466,12 +467,12 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ if ( MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
+ /* find and lock the entry we are about to modify */
+ if (fixup_tombstone) {
+- e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn );
++ e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn, &result_sent );
+ } else {
+- e = find_entry2modify( pb, be, addr, &txn );
++ e = find_entry2modify( pb, be, addr, &txn, &result_sent );
+ }
+ if (e == NULL) {
+- ldap_result_code= -1;
++ ldap_result_code = -1;
+ goto error_return; /* error result sent by find_entry2modify() */
+ }
+ }
+@@ -551,12 +552,12 @@ ldbm_back_modify( Slapi_PBlock *pb )
+ if ( !MANAGE_ENTRY_BEFORE_DBLOCK(li)) {
+ /* find and lock the entry we are about to modify */
+ if (fixup_tombstone) {
+- e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn );
++ e = find_entry2modify_only_ext( pb, be, addr, TOMBSTONE_INCLUDED, &txn, &result_sent );
+ } else {
+- e = find_entry2modify( pb, be, addr, &txn );
++ e = find_entry2modify( pb, be, addr, &txn, &result_sent );
+ }
+ if (e == NULL) {
+- ldap_result_code= -1;
++ ldap_result_code = -1;
+ goto error_return; /* error result sent by find_entry2modify() */
+ }
+ }
+@@ -966,7 +967,10 @@ common_return:
+ * And we don't want the supplier to halt sending the updates. */
+ ldap_result_code = LDAP_SUCCESS;
+ }
+- slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
++ if (!result_sent) {
++ /* result is already sent in find_entry. */
++ slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL );
++ }
+ }
+
+ /* free our backups */
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+index c0cd2ab..f934305 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+@@ -95,6 +95,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+ int myrc = 0;
+ PRUint64 conn_id;
+ int op_id;
++ int result_sent = 0;
+ if (slapi_pblock_get(pb, SLAPI_CONN_ID, &conn_id) < 0) {
+ conn_id = 0; /* connection is NULL */
+ }
+@@ -474,7 +475,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+ /* find and lock the entry we are about to modify */
+ /* JCMREPL - Argh, what happens about the stinking referrals? */
+ slapi_pblock_get (pb, SLAPI_TARGET_ADDRESS, &old_addr);
+- e = find_entry2modify( pb, be, old_addr, &txn );
++ e = find_entry2modify(pb, be, old_addr, &txn, &result_sent);
+ if ( e == NULL )
+ {
+ ldap_result_code= -1;
+@@ -510,7 +511,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+ } else {
+ oldparent_addr.uniqueid = NULL;
+ }
+- parententry = find_entry2modify_only( pb, be, &oldparent_addr, &txn );
++ parententry = find_entry2modify_only(pb, be, &oldparent_addr, &txn, &result_sent);
+ modify_init(&parent_modify_context,parententry);
+
+ /* Fetch and lock the new parent of the entry that is moving */
+@@ -520,7 +521,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+ if (is_resurect_operation) {
+ newsuperior_addr->uniqueid = slapi_entry_attr_get_charptr(e->ep_entry, SLAPI_ATTR_VALUE_PARENT_UNIQUEID);
+ }
+- newparententry = find_entry2modify_only( pb, be, newsuperior_addr, &txn );
++ newparententry = find_entry2modify_only(pb, be, newsuperior_addr, &txn, &result_sent);
+ slapi_ch_free_string(&newsuperior_addr->uniqueid);
+ modify_init(&newparent_modify_context,newparententry);
+ }
+@@ -581,7 +582,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
+ Slapi_DN ancestorsdn;
+ struct backentry *ancestorentry;
+ slapi_sdn_init(&ancestorsdn);
+- ancestorentry= dn2ancestor(be,&dn_newdn,&ancestorsdn,&txn,&err);
++ ancestorentry = dn2ancestor(be, &dn_newdn, &ancestorsdn, &txn, &err, 0);
+ CACHE_RETURN( &inst->inst_cache, &ancestorentry );
+ ldap_result_matcheddn= slapi_ch_strdup((char *) slapi_sdn_get_dn(&ancestorsdn));
+ ldap_result_code= LDAP_NO_SUCH_OBJECT;
+@@ -1486,8 +1487,10 @@ common_return:
+ * And we don't want the supplier to halt sending the updates. */
+ ldap_result_code = LDAP_SUCCESS;
+ }
+- slapi_send_ldap_result( pb, ldap_result_code, ldap_result_matcheddn,
+- ldap_result_message, 0,NULL );
++ if (!result_sent) {
++ slapi_send_ldap_result(pb, ldap_result_code, ldap_result_matcheddn,
++ ldap_result_message, 0, NULL);
++ }
+ }
+ slapi_mods_done(&smods_operation_wsi);
+ slapi_mods_done(&smods_generated);
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c
+index 535529c..cda1714 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_search.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c
+@@ -584,7 +584,7 @@ ldbm_back_search( Slapi_PBlock *pb )
+ }
+ else
+ {
+- if ( ( e = find_entry( pb, be, addr, &txn )) == NULL )
++ if ((e = find_entry(pb, be, addr, &txn, NULL)) == NULL)
+ {
+ /* error or referral sent by find_entry */
+ return ldbm_back_search_cleanup(pb, li, sort_control,
+diff --git a/ldap/servers/slapd/back-ldbm/misc.c b/ldap/servers/slapd/back-ldbm/misc.c
+index 77c1e70..516b32d 100644
+--- a/ldap/servers/slapd/back-ldbm/misc.c
++++ b/ldap/servers/slapd/back-ldbm/misc.c
+@@ -412,7 +412,7 @@ ldbm_txn_ruv_modify_context( Slapi_PBlock *pb, modify_context *mc )
+
+ /* Note: if we find the bentry, it will stay locked until someone calls
+ * modify_term on the mc we'll be associating the bentry with */
+- bentry = find_entry2modify_only( pb, be, &bentry_addr, &txn );
++ bentry = find_entry2modify_only(pb, be, &bentry_addr, &txn, NULL);
+
+ if (NULL == bentry) {
+ /* Uh oh, we couldn't find and lock the RUV entry! */
+diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
+index 86e2237..8c813dd 100644
+--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
++++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
+@@ -174,7 +174,7 @@ int ldbm_back_ctrl_info(Slapi_Backend *be, int cmd, void *info);
+ struct backentry *dn2entry(Slapi_Backend *be, const Slapi_DN *sdn, back_txn *txn, int *err);
+ struct backentry *dn2entry_ext(Slapi_Backend *be, const Slapi_DN *sdn, back_txn *txn, int flags, int *err);
+ struct backentry *dn2entry_or_ancestor(Slapi_Backend *be, const Slapi_DN *sdn, Slapi_DN *ancestor, back_txn *txn, int *err);
+-struct backentry *dn2ancestor(Slapi_Backend *be,const Slapi_DN *sdn,Slapi_DN *ancestordn,back_txn *txn,int *err);
++struct backentry *dn2ancestor(Slapi_Backend *be,const Slapi_DN *sdn,Slapi_DN *ancestordn,back_txn *txn,int *err, int allow_suffix);
+ int get_copy_of_entry(Slapi_PBlock *pb, const entry_address *addr, back_txn *txn, int plock_parameter, int must_exist);
+ int get_copy_of_entry_ext(Slapi_PBlock *pb, ID id, const entry_address *addr, back_txn *txn, int plock_parameter, int must_exist);
+ void done_with_pblock_entry(Slapi_PBlock *pb, int plock_parameter);
+@@ -194,11 +194,13 @@ IDList * filter_candidates_ext( Slapi_PBlock *pb, backend *be, const char *base,
+ /*
+ * findentry.c
+ */
+-struct backentry * find_entry2modify( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn );
+-struct backentry * find_entry( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn );
+-struct backentry * find_entry2modify_only( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn);
+-struct backentry * find_entry2modify_only_ext( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int flags, back_txn *txn);
+-struct backentry * find_entry_only( Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn);
++/* Return code */
++#define FE_RC_SENT_RESULT 1
++struct backentry *find_entry2modify(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc);
++struct backentry *find_entry(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc);
++struct backentry *find_entry2modify_only(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc);
++struct backentry *find_entry2modify_only_ext(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, int flags, back_txn *txn, int *rc);
++struct backentry *find_entry_only(Slapi_PBlock *pb, Slapi_Backend *be, const entry_address *addr, back_txn *txn, int *rc);
+ int check_entry_for_referral(Slapi_PBlock *pb, Slapi_Entry *entry, char *matched, const char *callingfn);
+
+ /*
+diff --git a/ldap/servers/slapd/back-ldbm/vlv_srch.c b/ldap/servers/slapd/back-ldbm/vlv_srch.c
+index fcd0c2d..df378211 100644
+--- a/ldap/servers/slapd/back-ldbm/vlv_srch.c
++++ b/ldap/servers/slapd/back-ldbm/vlv_srch.c
+@@ -162,7 +162,7 @@ vlvSearch_init(struct vlvSearch* p, Slapi_PBlock *pb, const Slapi_Entry *e, ldbm
+
+ addr.sdn = p->vlv_base;
+ addr.uniqueid = NULL;
+- e = find_entry( pb, inst->inst_be, &addr, &txn );
++ e = find_entry(pb, inst->inst_be, &addr, &txn, NULL);
+ /* Check to see if the entry is absent. If it is, mark this search
+ * as not initialized */
+ if (NULL == e) {
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index 1ffec4e..b441615 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -438,8 +438,8 @@ do_bind( Slapi_PBlock *pb )
+ * to an LDAP DN, fail and return an invalidCredentials error.
+ */
+ if ( NULL == pb->pb_conn->c_external_dn ) {
+- send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL,
+- "client certificate mapping failed", 0, NULL );
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Client certificate mapping failed");
++ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
+ /* call postop plugins */
+ plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN );
+ goto free_and_return;
+@@ -556,33 +556,32 @@ do_bind( Slapi_PBlock *pb )
+ /* Check if simple binds are allowed over an insecure channel. We only check
+ * this for authenticated binds. */
+ } else if (config_get_require_secure_binds() == 1) {
+- Connection *conn = NULL;
+- int sasl_ssf = 0;
+- int local_ssf = 0;
+-
+- /* Allow simple binds only for SSL/TLS established connections
+- * or connections using SASL privacy layers */
+- conn = pb->pb_conn;
+- if ( slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) {
+- slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind",
+- "Could not get SASL SSF from connection\n" );
+- sasl_ssf = 0;
+- }
++ Connection *conn = NULL;
++ int sasl_ssf = 0;
++ int local_ssf = 0;
++
++ /* Allow simple binds only for SSL/TLS established connections
++ * or connections using SASL privacy layers */
++ conn = pb->pb_conn;
++ if ( slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) {
++ slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind",
++ "Could not get SASL SSF from connection\n" );
++ sasl_ssf = 0;
++ }
+
+- if ( slapi_pblock_get(pb, SLAPI_CONN_LOCAL_SSF, &local_ssf) != 0) {
+- slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind",
+- "Could not get local SSF from connection\n" );
+- local_ssf = 0;
+- }
++ if ( slapi_pblock_get(pb, SLAPI_CONN_LOCAL_SSF, &local_ssf) != 0) {
++ slapi_log_error( SLAPI_LOG_PLUGIN, "do_bind",
++ "Could not get local SSF from connection\n" );
++ local_ssf = 0;
++ }
+
+- if (((conn->c_flags & CONN_FLAG_SSL) != CONN_FLAG_SSL) &&
+- (sasl_ssf <= 1) && (local_ssf <= 1)) {
+- send_ldap_result(pb, LDAP_CONFIDENTIALITY_REQUIRED, NULL,
+- "Operation requires a secure connection",
+- 0, NULL);
+- slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors);
+- goto free_and_return;
+- }
++ if (((conn->c_flags & CONN_FLAG_SSL) != CONN_FLAG_SSL) &&
++ (sasl_ssf <= 1) && (local_ssf <= 1)) {
++ send_ldap_result(pb, LDAP_CONFIDENTIALITY_REQUIRED, NULL,
++ "Operation requires a secure connection", 0, NULL);
++ slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors);
++ goto free_and_return;
++ }
+ }
+ break;
+ default:
+@@ -627,6 +626,7 @@ do_bind( Slapi_PBlock *pb )
+ /*
+ * right dn, wrong passwd - reject with invalid credentials
+ */
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "Invalid credentials");
+ send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL );
+ /* increment BindSecurityErrorcount */
+ slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsBindSecurityErrors);
+@@ -686,7 +686,8 @@ do_bind( Slapi_PBlock *pb )
+ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
+ if (!pb_sdn) {
+ slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n");
+- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf);
++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL);
+ goto free_and_return;
+ } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) {
+ /*
+@@ -696,8 +697,10 @@ do_bind( Slapi_PBlock *pb )
+ sdn = pb_sdn;
+ dn = slapi_sdn_get_dn(sdn);
+ if (!dn) {
+- slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n");
+- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++ char *udn = slapi_sdn_get_udn(sdn);
++ slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn %s\n", udn?udn:"");
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf);
++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL);
+ goto free_and_return;
+ }
+ if (!sdn_updated) { /* pb_sdn != sdn; need to compare the dn's. */
+@@ -711,7 +714,8 @@ do_bind( Slapi_PBlock *pb )
+ slapi_pblock_set( pb, SLAPI_BACKEND, be );
+ } else {
+ slapi_create_errormsg(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn);
+- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf);
++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL);
+ goto free_and_return;
+ }
+ }
+@@ -790,7 +794,8 @@ do_bind( Slapi_PBlock *pb )
+ goto account_locked;
+ }
+ } else {
+- send_ldap_result(pb, LDAP_NO_SUCH_OBJECT, NULL, "", 0, NULL);
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry");
++ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
+ goto free_and_return;
+ }
+ }
+@@ -850,8 +855,7 @@ account_locked:
+ * the front end.
+ */
+ if ( rc == SLAPI_BIND_SUCCESS || rc == SLAPI_BIND_ANONYMOUS) {
+- send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL,
+- 0, NULL );
++ send_ldap_result( pb, LDAP_SUCCESS, NULL, NULL, 0, NULL );
+ }
+
+ slapi_pblock_set( pb, SLAPI_PLUGIN_OPRETURN, &rc );
+@@ -876,8 +880,7 @@ free_and_return:;
+ slapi_sdn_free(&sdn);
+ slapi_ch_free_string( &saslmech );
+ slapi_ch_free( (void **)&cred.bv_val );
+- if ( bind_target_entry != NULL )
+- slapi_entry_free(bind_target_entry);
++ slapi_entry_free(bind_target_entry);
+ }
+
+
+diff --git a/ldap/servers/slapd/defbackend.c b/ldap/servers/slapd/defbackend.c
+index 7d73501..da4a701 100644
+--- a/ldap/servers/slapd/defbackend.c
++++ b/ldap/servers/slapd/defbackend.c
+@@ -171,6 +171,51 @@ defbackend_abandon( Slapi_PBlock *pb )
+ }
+
+
++#define DEFBE_NO_SUCH_SUFFIX "No such suffix"
++/*
++ * Generate a "No such suffix" return text
++ * Example:
++ * cn=X,dc=bogus,dc=com ==> "No such suffix (dc=bogus,dc=com)"
++ * if the last rdn starts with "dc=", print all last dc= rdn's.
++ * cn=X,cn=bogus ==> "No such suffix (cn=bogus)"
++ * otherwise, print the very last rdn.
++ * cn=X,z=bogus ==> "No such suffix (x=bogus)"
++ * it is true even if it is an invalid rdn.
++ * cn=X,bogus ==> "No such suffix (bogus)"
++ * another example of invalid rdn.
++ */
++static void
++_defbackend_gen_returntext(char *buffer, size_t buflen, char **dns)
++{
++ int dnidx;
++ int sidx;
++ struct suffix_repeat {
++ char *suffix;
++ int size;
++ } candidates[] = {
++ {"dc=", 3}, /* dc could be repeated. otherwise the last rdn is used. */
++ {NULL, 0}
++ };
++ PR_snprintf(buffer, buflen, "%s (", DEFBE_NO_SUCH_SUFFIX);
++ for (dnidx = 0; dns[dnidx]; dnidx++) ; /* finding the last */
++ dnidx--; /* last rdn */
++ for (sidx = 0; candidates[sidx].suffix; sidx++) {
++ if (!PL_strncasecmp(dns[dnidx], candidates[sidx].suffix, candidates[sidx].size)) {
++ while (!PL_strncasecmp(dns[--dnidx], candidates[sidx].suffix, candidates[sidx].size)) ;
++ PL_strcat(buffer, dns[++dnidx]); /* the first "dn=", e.g. */
++ for (++dnidx; dns[dnidx]; dnidx++) {
++ PL_strcat(buffer, ",");
++ PL_strcat(buffer, dns[dnidx]);
++ }
++ PL_strcat(buffer, ")");
++ return; /* finished the task */
++ }
++ }
++ PL_strcat(buffer, dns[dnidx]);
++ PL_strcat(buffer, ")");
++ return;
++}
++
+ static int
+ defbackend_bind( Slapi_PBlock *pb )
+ {
+@@ -188,11 +233,40 @@ defbackend_bind( Slapi_PBlock *pb )
+ slapi_pblock_get( pb, SLAPI_BIND_METHOD, &method );
+ slapi_pblock_get( pb, SLAPI_BIND_CREDENTIALS, &cred );
+ if ( method == LDAP_AUTH_SIMPLE && cred->bv_len == 0 ) {
+- slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsAnonymousBinds);
+- rc = SLAPI_BIND_ANONYMOUS;
++ slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsAnonymousBinds);
++ rc = SLAPI_BIND_ANONYMOUS;
+ } else {
+- send_nobackend_ldap_result( pb );
+- rc = SLAPI_BIND_FAIL;
++ Slapi_DN *sdn = NULL;
++ char *suffix = NULL;
++ char **dns = NULL;
++
++ if (pb->pb_op) {
++ sdn = operation_get_target_spec(pb->pb_op);
++ if (sdn) {
++ dns = slapi_ldap_explode_dn(slapi_sdn_get_dn(sdn), 0);
++ if (dns) {
++ size_t dnlen = slapi_sdn_get_ndn_len(sdn);
++ size_t len = dnlen + sizeof(DEFBE_NO_SUCH_SUFFIX) + 4;
++ suffix = slapi_ch_malloc(len);
++ if (dnlen) {
++ _defbackend_gen_returntext(suffix, len, dns);
++ } else {
++ PR_snprintf(suffix, len, "%s", DEFBE_NO_SUCH_SUFFIX);
++ }
++ }
++ }
++ }
++ if (suffix) {
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, suffix);
++ } else {
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, DEFBE_NO_SUCH_SUFFIX);
++ }
++ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
++ if (dns) {
++ slapi_ldap_value_free(dns);
++ }
++ slapi_ch_free_string(&suffix);
++ rc = SLAPI_BIND_FAIL;
+ }
+
+ return( rc );
+diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
+index 506da92..c2a0206 100644
+--- a/ldap/servers/slapd/result.c
++++ b/ldap/servers/slapd/result.c
+@@ -2067,14 +2067,26 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
+ }
+ else if ( !internal_op )
+ {
++ char *pbtxt = NULL;
++ char *ext_str = NULL;
++ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &pbtxt);
++ if (pbtxt) {
++ ext_str = slapi_ch_smprintf(" - %s", pbtxt);
++ } else {
++ ext_str = "";
++ }
+ slapi_log_access( LDAP_DEBUG_STATS,
+ "conn=%" NSPRIu64 " op=%d RESULT err=%d"
+- " tag=%" BERTAG_T " nentries=%d etime=%s%s%s\n",
++ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s%s\n",
+ op->o_connid,
+ op->o_opid,
+ err, tag, nentries,
+ etime,
+- notes_str, csn_str );
++ notes_str, csn_str, ext_str);
++ if (pbtxt) {
++ /* if !pbtxt ==> ext_str == "". Don't free ext_str. */
++ slapi_ch_free_string(&ext_str);
++ }
+ }
+ else
+ {
+--
+2.4.11
+
diff --git a/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch b/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
deleted file mode 100644
index c025f60..0000000
--- a/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
+++ /dev/null
@@ -1,808 +0,0 @@
-From 46cd28db8402517febf0c5db4f2f869c491c41c0 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 8 Jul 2015 11:48:27 -0400
-Subject: [PATCH 10/20] Ticket 48208 - CleanAllRUV should completely purge
- changelog
-
-Bug Description: After cleanAllRUV finishes, the changelog still
- contains entries from the cleaned rid. Under certain
- conditions this can allow the RUV to get polluted
- again, and the ruv element will be missing the replica
- url.
-
-Fix Description: At the end of the cleaning task, fire of a thread to
- to completely purge the changelog of all entries
- containing the cleaned rid.
-
- Also, improved the cleanAllRUV task when dealing
- with a server shutdown - previously if the timing is
- right the task can "delay/hang" the shutdown process.
-
-https://fedorahosted.org/389/ticket/48208
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit ff1c34538b0600259dba4801da2b2f0993fa5404)
-(cherry picked from commit 9e4cf12cfbfde0761325b75c3fd5a8b39223760a)
----
- ldap/servers/plugins/replication/cl5_api.c | 447 ++++++++++++++++++---
- ldap/servers/plugins/replication/cl5_api.h | 5 +-
- .../plugins/replication/repl5_replica_config.c | 44 +-
- 3 files changed, 430 insertions(+), 66 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
-index a10c3ac..ae23353 100644
---- a/ldap/servers/plugins/replication/cl5_api.c
-+++ b/ldap/servers/plugins/replication/cl5_api.c
-@@ -319,14 +319,17 @@ static void _cl5TrimCleanup ();
- static int _cl5TrimMain (void *param);
- static void _cl5DoTrimming (ReplicaId rid);
- static void _cl5CompactDBs();
--static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid);
-+static void _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid);
-+static int _cl5PurgeGetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key);
-+static int _cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key);
-+static void _cl5TrimFile (Object *obj, long *numToTrim);
- static PRBool _cl5CanTrim (time_t time, long *numToTrim);
- static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge);
- static int _cl5WriteRUV (CL5DBFile *file, PRBool purge);
- static int _cl5ConstructRUV (const char *replGen, Object *obj, PRBool purge);
- static int _cl5UpdateRUV (Object *obj, CSN *csn, PRBool newReplica, PRBool purge);
- static int _cl5GetRUV2Purge2 (Object *fileObj, RUV **ruv);
--void trigger_cl_trimming_thread(void *rid);
-+void trigger_cl_purging_thread(void *rid);
-
- /* bakup/recovery, import/export */
- static int _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op,
-@@ -3470,9 +3473,17 @@ static void _cl5DoTrimming (ReplicaId rid)
- trimmed more often than other. We might have to fix that by, for
- example, randomizing starting point */
- obj = objset_first_obj (s_cl5Desc.dbFiles);
-- while (obj && _cl5CanTrim ((time_t)0, &numToTrim))
-+ while (obj && (_cl5CanTrim ((time_t)0, &numToTrim) || rid))
- {
-- _cl5TrimFile (obj, &numToTrim, rid);
-+ if (rid){
-+ /*
-+ * We are cleaning an invalid rid, and need to strip it
-+ * from the changelog.
-+ */
-+ _cl5PurgeRID (obj, rid);
-+ } else {
-+ _cl5TrimFile (obj, &numToTrim);
-+ }
- obj = objset_next_obj (s_cl5Desc.dbFiles, obj);
- }
-
-@@ -3549,12 +3560,351 @@ bail:
- return;
- }
-
-+/*
-+ * If the rid is not set it is the very first iteration of the changelog.
-+ * If the rid is set, we are doing another pass, and we have a key as our
-+ * starting point.
-+ */
-+static int
-+_cl5PurgeGetFirstEntry(Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key)
-+{
-+ DBC *cursor = NULL;
-+ DBT data = {0};
-+ CL5Iterator *it;
-+ CL5DBFile *file;
-+ int rc;
-+
-+ file = (CL5DBFile*)object_get_data (obj);
-+
-+ /* create cursor */
-+ rc = file->db->cursor(file->db, txnid, &cursor, 0);
-+ if (rc != 0)
-+ {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeGetFirstEntry: failed to create cursor; db error - %d %s\n", rc, db_strerror(rc));
-+ rc = CL5_DB_ERROR;
-+ goto done;
-+ }
-+
-+ key->flags = DB_DBT_MALLOC;
-+ data.flags = DB_DBT_MALLOC;
-+ while ((rc = cursor->c_get(cursor, key, &data, rid?DB_SET:DB_NEXT)) == 0)
-+ {
-+ /* skip service entries on the first pass (rid == 0)*/
-+ if (!rid && cl5HelperEntry ((char*)key->data, NULL))
-+ {
-+ slapi_ch_free(&key->data);
-+ slapi_ch_free(&(data.data));
-+ continue;
-+ }
-+
-+ /* format entry */
-+ rc = cl5DBData2Entry(data.data, data.size, entry);
-+ slapi_ch_free(&(data.data));
-+ if (rc != 0)
-+ {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ "_cl5PurgeGetFirstEntry: failed to format entry: %d\n", rc);
-+ goto done;
-+ }
-+
-+ it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator));
-+ it->cursor = cursor;
-+ object_acquire (obj);
-+ it->file = obj;
-+ *(CL5Iterator**)iterator = it;
-+
-+ return CL5_SUCCESS;
-+ }
-+
-+ slapi_ch_free(&key->data);
-+ slapi_ch_free(&(data.data));
-+
-+ /* walked of the end of the file */
-+ if (rc == DB_NOTFOUND)
-+ {
-+ rc = CL5_NOTFOUND;
-+ goto done;
-+ }
-+
-+ /* db error occured while iterating */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeGetFirstEntry: failed to get entry; db error - %d %s\n",
-+ rc, db_strerror(rc));
-+ rc = CL5_DB_ERROR;
-+
-+done:
-+ /*
-+ * We didn't success in assigning this cursor to the iterator,
-+ * so we need to free the cursor here.
-+ */
-+ if (cursor)
-+ cursor->c_close(cursor);
-+
-+ return rc;
-+}
-+
-+/*
-+ * Get the next entry. If we get a lock error we will restart the process
-+ * starting at the current key.
-+ */
-+static int
-+_cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key)
-+{
-+ CL5Iterator *it;
-+ DBT data={0};
-+ int rc;
-+
-+ it = (CL5Iterator*) iterator;
-+
-+ key->flags = DB_DBT_MALLOC;
-+ data.flags = DB_DBT_MALLOC;
-+ while ((rc = it->cursor->c_get(it->cursor, key, &data, DB_NEXT)) == 0)
-+ {
-+ if (cl5HelperEntry ((char*)key->data, NULL))
-+ {
-+ slapi_ch_free(&key->data);
-+ slapi_ch_free(&(data.data));
-+ continue;
-+ }
-+
-+ /* format entry */
-+ rc = cl5DBData2Entry (data.data, data.size, entry);
-+ slapi_ch_free (&(data.data));
-+ if (rc != 0)
-+ {
-+ if (rc != CL5_DB_LOCK_ERROR){
-+ /* Not a lock error, free the key */
-+ slapi_ch_free(&key->data);
-+ }
-+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+ repl_plugin_name_cl,
-+ "_cl5PurgeGetNextEntry: failed to format entry: %d\n",
-+ rc);
-+
-+ }
-+
-+ return rc;
-+ }
-+ slapi_ch_free(&(data.data));
-+
-+ /* walked of the end of the file or entry is out of range */
-+ if (rc == 0 || rc == DB_NOTFOUND){
-+ slapi_ch_free(&key->data);
-+ return CL5_NOTFOUND;
-+ }
-+ if (rc != CL5_DB_LOCK_ERROR){
-+ /* Not a lock error, free the key */
-+ slapi_ch_free(&key->data);
-+ }
-+
-+ /* cursor operation failed */
-+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+ repl_plugin_name_cl,
-+ "_cl5PurgeGetNextEntry: failed to get entry; db error - %d %s\n",
-+ rc, db_strerror(rc));
-+
-+ return rc;
-+}
-+
-+#define MAX_RETRIES 10
-+/*
-+ * _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid)
-+ *
-+ * Clean the entire changelog of updates from the "cleaned rid" via CLEANALLRUV
-+ * Delete entries in batches so we don't consume too many db locks, and we don't
-+ * lockup the changelog during the entire purging process using one transaction.
-+ * We save the key from the last iteration so we don't have to start from the
-+ * beginning for each new iteration.
-+ */
-+static void
-+_cl5PurgeRID(Object *obj, ReplicaId cleaned_rid)
-+{
-+ slapi_operation_parameters op = {0};
-+ ReplicaId csn_rid;
-+ CL5Entry entry;
-+ DB_TXN *txnid = NULL;
-+ DBT key = {0};
-+ void *iterator = NULL;
-+ long totalTrimmed = 0;
-+ long trimmed = 0;
-+ char *starting_key = NULL;
-+ int batch_count = 0;
-+ int db_lock_retry_count = 0;
-+ int first_pass = 1;
-+ int finished = 0;
-+ int rc = 0;
-+
-+ PR_ASSERT (obj);
-+ entry.op = &op;
-+
-+ /*
-+ * Keep processing the changelog until we are done, shutting down, or we
-+ * maxed out on the db lock retries.
-+ */
-+ while (!finished && db_lock_retry_count < MAX_RETRIES && !slapi_is_shutting_down()){
-+ trimmed = 0;
-+
-+ /*
-+ * Sleep a bit to allow others to use the changelog - we can't hog the
-+ * changelog for the entire purge.
-+ */
-+ DS_Sleep(PR_MillisecondsToInterval(100));
-+
-+ rc = TXN_BEGIN(s_cl5Desc.dbEnv, NULL, &txnid, 0);
-+ if (rc != 0){
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: failed to begin transaction; db error - %d %s. "
-+ "Changelog was not purged of rid(%d)\n",
-+ rc, db_strerror(rc), cleaned_rid);
-+ return;
-+ }
-+
-+ /*
-+ * Check every changelog entry for the cleaned rid
-+ */
-+ rc = _cl5PurgeGetFirstEntry(obj, &entry, &iterator, txnid, first_pass?0:cleaned_rid, &key);
-+ first_pass = 0;
-+ while (rc == CL5_SUCCESS && !slapi_is_shutting_down()) {
-+ /*
-+ * Store the new starting key - we need this starting key in case
-+ * we run out of locks and have to start the transaction over.
-+ */
-+ slapi_ch_free_string(&starting_key);
-+ starting_key = slapi_ch_strdup((char*)key.data);
-+
-+ if(trimmed == 10000 || (batch_count && trimmed == batch_count)){
-+ /*
-+ * Break out, and commit these deletes. Do not free the key,
-+ * we need it for the next pass.
-+ */
-+ cl5_operation_parameters_done (&op);
-+ db_lock_retry_count = 0; /* reset the retry count */
-+ break;
-+ }
-+ if(op.csn){
-+ csn_rid = csn_get_replicaid (op.csn);
-+ if (csn_rid == cleaned_rid){
-+ rc = _cl5CurrentDeleteEntry (iterator);
-+ if (rc != CL5_SUCCESS){
-+ /* log error */
-+ cl5_operation_parameters_done (&op);
-+ if (rc == CL5_DB_LOCK_ERROR){
-+ /*
-+ * Ran out of locks, need to restart the transaction.
-+ * Reduce the the batch count and reset the key to
-+ * the starting point
-+ */
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: Ran out of db locks deleting entry. "
-+ "Reduce the batch value and restart.\n");
-+ batch_count = trimmed - 10;
-+ if (batch_count < 10){
-+ batch_count = 10;
-+ }
-+ trimmed = 0;
-+ slapi_ch_free(&(key.data));
-+ key.data = starting_key;
-+ starting_key = NULL;
-+ db_lock_retry_count++;
-+ break;
-+ } else {
-+ /* fatal error */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: fatal error (%d)\n", rc);
-+ slapi_ch_free(&(key.data));
-+ finished = 1;
-+ break;
-+ }
-+ }
-+ trimmed++;
-+ }
-+ }
-+ slapi_ch_free(&(key.data));
-+ cl5_operation_parameters_done (&op);
-+
-+ rc = _cl5PurgeGetNextEntry (&entry, iterator, &key);
-+ if (rc == CL5_DB_LOCK_ERROR){
-+ /*
-+ * Ran out of locks, need to restart the transaction.
-+ * Reduce the the batch count and reset the key to the starting
-+ * point.
-+ */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: Ran out of db locks getting the next entry. "
-+ "Reduce the batch value and restart.\n");
-+ batch_count = trimmed - 10;
-+ if (batch_count < 10){
-+ batch_count = 10;
-+ }
-+ trimmed = 0;
-+ cl5_operation_parameters_done (&op);
-+ slapi_ch_free(&(key.data));
-+ key.data = starting_key;
-+ starting_key = NULL;
-+ db_lock_retry_count++;
-+ break;
-+ }
-+ }
-+
-+ if (rc == CL5_NOTFOUND){
-+ /* Scanned the entire changelog, we're done */
-+ finished = 1;
-+ }
-+
-+ /* Destroy the iterator before we finish with the txn */
-+ cl5DestroyIterator (iterator);
-+
-+ /*
-+ * Commit or abort the txn
-+ */
-+ if (rc == CL5_SUCCESS || rc == CL5_NOTFOUND){
-+ rc = TXN_COMMIT (txnid, 0);
-+ if (rc != 0){
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: failed to commit transaction; db error - %d %s. "
-+ "Changelog was not completely purged of rid (%d)\n",
-+ rc, db_strerror(rc), cleaned_rid);
-+ break;
-+ } else if (finished){
-+ /* We're done */
-+ totalTrimmed += trimmed;
-+ break;
-+ } else {
-+ /* Not done yet */
-+ totalTrimmed += trimmed;
-+ trimmed = 0;
-+ }
-+ } else {
-+ rc = TXN_ABORT (txnid);
-+ if (rc != 0){
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: failed to abort transaction; db error - %d %s. "
-+ "Changelog was not completely purged of rid (%d)\n",
-+ rc, db_strerror(rc), cleaned_rid);
-+ }
-+ if (batch_count == 0){
-+ /* This was not a retry. Fatal error, break out */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: Changelog was not purged of rid (%d)\n",
-+ cleaned_rid);
-+ break;
-+ }
-+ }
-+ }
-+ slapi_ch_free_string(&starting_key);
-+
-+ slapi_log_error (SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: Removed (%ld entries) that originated from rid (%d)\n",
-+ totalTrimmed, cleaned_rid);
-+}
-+
- /* Note that each file contains changes for a single replicated area.
- trimming algorithm:
- */
- #define CL5_TRIM_MAX_PER_TRANSACTION 10
-
--static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
-+static void _cl5TrimFile (Object *obj, long *numToTrim)
- {
- DB_TXN *txnid;
- RUV *ruv = NULL;
-@@ -3577,7 +3927,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- }
-
- entry.op = &op;
--
- while ( !finished && !slapi_is_shutting_down() )
- {
- it = NULL;
-@@ -3598,7 +3947,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- }
-
- finished = _cl5GetFirstEntry (obj, &entry, &it, txnid);
-- while ( !finished )
-+ while ( !finished && !slapi_is_shutting_down())
- {
- /*
- * This change can be trimmed if it exceeds purge
-@@ -3612,11 +3961,12 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- continue;
- }
- csn_rid = csn_get_replicaid (op.csn);
-+
- if ( (*numToTrim > 0 || _cl5CanTrim (entry.time, numToTrim)) &&
- ruv_covers_csn_strict (ruv, op.csn) )
- {
- rc = _cl5CurrentDeleteEntry (it);
-- if ( rc == CL5_SUCCESS && cleaned_rid != csn_rid)
-+ if ( rc == CL5_SUCCESS)
- {
- rc = _cl5UpdateRUV (obj, op.csn, PR_FALSE, PR_TRUE);
- }
-@@ -3630,7 +3980,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- /* The above two functions have logged the error */
- abort = PR_TRUE;
- }
--
- }
- else
- {
-@@ -3687,7 +4036,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- rc = TXN_ABORT (txnid);
- if (rc != 0)
- {
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "_cl5TrimFile: failed to abort transaction; db error - %d %s\n",
- rc, db_strerror(rc));
- }
-@@ -3698,7 +4047,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- if (rc != 0)
- {
- finished = 1;
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "_cl5TrimFile: failed to commit transaction; db error - %d %s\n",
- rc, db_strerror(rc));
- }
-@@ -4722,9 +5071,9 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
- goto done;
- }
- #endif
-- /* back off */
-+ /* back off */
- interval = PR_MillisecondsToInterval(slapi_rand() % 100);
-- DS_Sleep(interval);
-+ DS_Sleep(interval);
- }
- #if USE_DB_TXN
- /* begin transaction */
-@@ -4770,19 +5119,19 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
- }
- cnt ++;
- }
--
-+
- if (rc == 0) /* we successfully added entry */
- {
- #if USE_DB_TXN
- rc = TXN_COMMIT (txnid, 0);
- #endif
- }
-- else
-+ else
- {
-- char s[CSN_STRSIZE];
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ char s[CSN_STRSIZE];
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "_cl5WriteOperationTxn: failed to write entry with csn (%s); "
-- "db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s),
-+ "db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s),
- rc, db_strerror(rc));
- #if USE_DB_TXN
- rc = TXN_ABORT (txnid);
-@@ -4803,7 +5152,7 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
- /* update purge vector if we have not seen any changes from this replica before */
- _cl5UpdateRUV (file_obj, op->csn, PR_TRUE, PR_TRUE);
-
-- slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl,
-+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl,
- "cl5WriteOperationTxn: successfully written entry with csn (%s)\n", csnStr);
- rc = CL5_SUCCESS;
- done:
-@@ -4817,7 +5166,7 @@ done:
- return rc;
- }
-
--static int _cl5WriteOperation(const char *replName, const char *replGen,
-+static int _cl5WriteOperation(const char *replName, const char *replGen,
- const slapi_operation_parameters *op, PRBool local)
- {
- return _cl5WriteOperationTxn(replName, replGen, op, local, NULL);
-@@ -4868,7 +5217,7 @@ static int _cl5GetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_
- goto done;
- }
-
-- it = (CL5Iterator*)slapi_ch_malloc (sizeof (CL5Iterator));
-+ it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator));
- it->cursor = cursor;
- object_acquire (obj);
- it->file = obj;
-@@ -4943,7 +5292,7 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator)
- slapi_ch_free (&(data.data));
- if (rc != 0)
- {
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "_cl5GetNextEntry: failed to format entry: %d\n", rc);
- }
-
-@@ -4972,38 +5321,42 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator)
- }
-
- /* cursor operation failed */
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "_cl5GetNextEntry: failed to get entry; db error - %d %s\n",
-- rc, db_strerror(rc));
-+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+ repl_plugin_name_cl,
-+ "_cl5GetNextEntry: failed to get entry; db error - %d %s\n",
-+ rc, db_strerror(rc));
-
-- return CL5_DB_ERROR;
-+ return rc;
- }
-
- static int _cl5CurrentDeleteEntry (void *iterator)
- {
- int rc;
- CL5Iterator *it;
-- CL5DBFile *file;
-+ CL5DBFile *file;
-
-- PR_ASSERT (iterator);
-+ PR_ASSERT (iterator);
-
- it = (CL5Iterator*)iterator;
-
- rc = it->cursor->c_del (it->cursor, 0);
-
- if (rc == 0) {
-- /* decrement entry count */
-- file = (CL5DBFile*)object_get_data (it->file);
-- PR_AtomicDecrement (&file->entryCount);
-- return CL5_SUCCESS;
-- } else {
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "_cl5CurrentDeleteEntry failed, err=%d %s\n",
-- rc, db_strerror(rc));
-- /* We don't free(close) the cursor here, as the caller will free it by a call to cl5DestroyIterator */
-- /* Freeing it here is a potential bug, as the cursor can't be referenced later once freed */
-- return CL5_DB_ERROR;
-- }
-+ /* decrement entry count */
-+ file = (CL5DBFile*)object_get_data (it->file);
-+ PR_AtomicDecrement (&file->entryCount);
-+ return CL5_SUCCESS;
-+ } else {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5CurrentDeleteEntry failed, err=%d %s\n",
-+ rc, db_strerror(rc));
-+ /*
-+ * We don't free(close) the cursor here, as the caller will free it by
-+ * a call to cl5DestroyIterator. Freeing it here is a potential bug,
-+ * as the cursor can't be referenced later once freed.
-+ */
-+ return rc;
-+ }
- }
-
- static PRBool _cl5IsValidIterator (const CL5Iterator *iterator)
-@@ -6275,7 +6628,7 @@ static int _cl5ExportFile (PRFileDesc *prFile, Object *obj)
- slapi_write_buffer (prFile, "\n", strlen("\n"));
-
- entry.op = &op;
-- rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL);
-+ rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL);
- while (rc == CL5_SUCCESS)
- {
- rc = _cl5Operation2LDIF (&op, file->replGen, &buff, &len);
-@@ -6696,16 +7049,16 @@ cl5CleanRUV(ReplicaId rid){
- slapi_rwlock_unlock (s_cl5Desc.stLock);
- }
-
--void trigger_cl_trimming(ReplicaId rid){
-+void trigger_cl_purging(ReplicaId rid){
- PRThread *trim_tid = NULL;
-
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_trimming: rid (%d)\n",(int)rid);
-- trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_trimming_thread,
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_purging: rid (%d)\n",(int)rid);
-+ trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread,
- (void *)&rid, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE);
- if (NULL == trim_tid){
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "trigger_cl_trimming: failed to create trimming "
-+ "trigger_cl_purging: failed to create trimming "
- "thread; NSPR error - %d\n", PR_GetError ());
- } else {
- /* need a little time for the thread to get started */
-@@ -6714,7 +7067,7 @@ void trigger_cl_trimming(ReplicaId rid){
- }
-
- void
--trigger_cl_trimming_thread(void *arg){
-+trigger_cl_purging_thread(void *arg){
- ReplicaId rid = *(ReplicaId *)arg;
-
- /* make sure we have a change log, and we aren't closing it */
-@@ -6723,7 +7076,7 @@ trigger_cl_trimming_thread(void *arg){
- }
- if (CL5_SUCCESS != _cl5AddThread()) {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "trigger_cl_trimming: failed to increment thread count "
-+ "trigger_cl_purging: failed to increment thread count "
- "NSPR error - %d\n", PR_GetError ());
- }
- _cl5DoTrimming(rid);
-diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h
-index 5809570..4c3b8e8 100644
---- a/ldap/servers/plugins/replication/cl5_api.h
-+++ b/ldap/servers/plugins/replication/cl5_api.h
-@@ -117,6 +117,9 @@ enum
- CL5_CSN_ERROR, /* CSN API failed */
- CL5_RUV_ERROR, /* RUV API failed */
- CL5_OBJSET_ERROR, /* namedobjset api failed */
-+ CL5_DB_LOCK_ERROR, /* bdb returns error 12 when the db runs out of locks,
-+ this var needs to be in slot 12 of the list.
-+ Do not re-order enum above! */
- CL5_PURGED_DATA, /* requested data has been purged */
- CL5_MISSING_DATA, /* data should be in the changelog, but is missing */
- CL5_UNKNOWN_ERROR, /* unclassified error */
-@@ -464,6 +467,6 @@ int cl5WriteRUV();
- int cl5DeleteRUV();
- void cl5CleanRUV(ReplicaId rid);
- void cl5NotifyCleanup(int rid);
--void trigger_cl_trimming(ReplicaId rid);
-+void trigger_cl_purging(ReplicaId rid);
-
- #endif
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 660b134..faa86b8 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1439,6 +1439,11 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not
- */
- cl5CleanRUV(rid);
-
-+ /*
-+ * Now purge the changelog
-+ */
-+ trigger_cl_purging(rid);
-+
- if (rc != RUV_SUCCESS){
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc);
- return LDAP_OPERATIONS_ERROR;
-@@ -1837,7 +1842,7 @@ replica_cleanallruv_thread(void *arg)
- /* no agmts, just clean this replica */
- break;
- }
-- while (agmt_obj){
-+ while (agmt_obj && !slapi_is_shutting_down()){
- agmt = (Repl_Agmt*)object_get_data (agmt_obj);
- if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
- agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
-@@ -1919,13 +1924,15 @@ replica_cleanallruv_thread(void *arg)
- break;
- }
- /*
-- * need to sleep between passes
-+ * Need to sleep between passes unless we are shutting down
- */
-- cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Replicas have not been cleaned yet, "
-- "retrying in %d seconds", interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
-+ if (!slapi_is_shutting_down()){
-+ cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Replicas have not been cleaned yet, "
-+ "retrying in %d seconds", interval);
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
-
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
-@@ -1936,10 +1943,9 @@ replica_cleanallruv_thread(void *arg)
-
- done:
- /*
-- * If the replicas are cleaned, release the rid, and trim the changelog
-+ * If the replicas are cleaned, release the rid
- */
- if(!aborted){
-- trigger_cl_trimming(data->rid);
- delete_cleaned_rid_config(data);
- /* make sure all the replicas have been "pre_cleaned" before finishing */
- check_replicas_are_done_cleaning(data);
-@@ -1949,7 +1955,7 @@ done:
- /*
- * Shutdown or abort
- */
-- if(!is_task_aborted(data->rid)){
-+ if(!is_task_aborted(data->rid) || slapi_is_shutting_down()){
- cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,"Server shutting down. Process will resume at server startup");
- } else {
- cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,"Task aborted for rid(%d).",data->rid);
-@@ -2184,7 +2190,7 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn)
- not_all_caughtup = 0;
- break;
- }
-- while (agmt_obj){
-+ while (agmt_obj && !slapi_is_shutting_down()){
- agmt = (Repl_Agmt*)object_get_data (agmt_obj);
- if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
- agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
-@@ -2242,7 +2248,7 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task)
- not_all_alive = 0;
- break;
- }
-- while (agmt_obj){
-+ while (agmt_obj && !slapi_is_shutting_down()){
- agmt = (Repl_Agmt*)object_get_data (agmt_obj);
- if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
- agmt_obj = agmtlist_get_next_agreement_for_replica (replica, agmt_obj);
-@@ -3022,12 +3028,14 @@ replica_abort_task_thread(void *arg)
- break;
- }
- /*
-- * need to sleep between passes
-+ * Need to sleep between passes. unless we are shutting down
- */
-- cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
-+ if (!slapi_is_shutting_down()){
-+ cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval);
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
-
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
-@@ -3045,7 +3053,7 @@ done:
- * Wait for this server to stop its cleanallruv task(which removes the rid from the cleaned list)
- */
- cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID, "Waiting for CleanAllRUV task to abort...");
-- while(is_cleaned_rid(data->rid)){
-+ while(is_cleaned_rid(data->rid) && !slapi_is_shutting_down()){
- DS_Sleep(PR_SecondsToInterval(1));
- count++;
- if(count == 60){ /* it should not take this long */
---
-1.9.3
-
diff --git a/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
new file mode 100644
index 0000000..30adc8e
--- /dev/null
+++ b/SOURCES/0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
@@ -0,0 +1,28 @@
+From b6fd1033881ce21513ba95b533fd35942e5b66f1 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 14 Jul 2016 10:33:15 -0700
+Subject: [PATCH 11/15] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
+ disclosure via repeated use of LDAP ADD operation, etc.
+
+Description: Fixing a compiler warning.
+(cherry picked from commit 590e2fb86ee2e1d6f169169c83917d18872a95d0)
+---
+ ldap/servers/slapd/bind.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index b441615..702d4c2 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -697,7 +697,7 @@ do_bind( Slapi_PBlock *pb )
+ sdn = pb_sdn;
+ dn = slapi_sdn_get_dn(sdn);
+ if (!dn) {
+- char *udn = slapi_sdn_get_udn(sdn);
++ const char *udn = slapi_sdn_get_udn(sdn);
+ slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn %s\n", udn?udn:"");
+ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, errorbuf);
+ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL);
+--
+2.4.11
+
diff --git a/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch b/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
deleted file mode 100644
index 19dc5da..0000000
--- a/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
+++ /dev/null
@@ -1,224 +0,0 @@
-From 3c2165deb45571a0ff0547e5c8c2c970095cca04 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 8 Jul 2015 10:19:15 -0700
-Subject: [PATCH 11/20] Ticket #47799 - Any negative LDAP error code number
- reported as Illegal error by ldclt.
-
-Description: ldclt was implemented with mozldap, which did not expect
-negative erorr codes, but openldap does. E.g., LDAP_FILTER_ERROR (-7)
-This patch prepares a negativeError array for the negative error codes.
-Example:
- $ ldclt [...] -e esearch -e random -b "<basedn>" -f "<bad filter>" -v
- Filter = "<bad filter>"
- ...
- ldclt[16030]: T000: Cannot ldap_search(), error=-7 (Bad search filter) -- NULL result
- ...
- ldclt[16030]: Global error -7 (Bad search filter) occurs 1001 times
- ldclt[16030]: Exit status 3 - Max errors reached.
-
-https://fedorahosted.org/389/ticket/47799
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 71be5faaa478593bb056887410ca8e48e05b2fe4)
-(cherry picked from commit 0680a45773ab4b0e92ec26caa3acbb6bab379103)
----
- ldap/servers/slapd/tools/ldclt/ldapfct.c | 4 +++
- ldap/servers/slapd/tools/ldclt/ldclt.c | 35 ++++++++++++++++-----
- ldap/servers/slapd/tools/ldclt/ldclt.h | 11 ++++++-
- ldap/servers/slapd/tools/ldclt/threadMain.c | 48 +++++++++++++++++++----------
- 4 files changed, 73 insertions(+), 25 deletions(-)
-
-diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
-index f906c5a..13e66b8 100644
---- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
-+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
-@@ -1382,6 +1382,10 @@ printErrorFromLdap (
- printf ("ldclt[%d]: T%03d: %s, error=%d (%s",
- mctx.pid, tttctx->thrdNum, errmsg,
- errcode, my_ldap_err2string (errcode));
-+ if (!res) {
-+ printf (") -- NULL result\n");
-+ return -1;
-+ }
-
- /*
- * See if there is an additional error message...
-diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.c b/ldap/servers/slapd/tools/ldclt/ldclt.c
-index edb687f..9e573a5 100644
---- a/ldap/servers/slapd/tools/ldclt/ldclt.c
-+++ b/ldap/servers/slapd/tools/ldclt/ldclt.c
-@@ -716,19 +716,35 @@ printGlobalStatistics (void)
- * Note: Maybe implement a way to stop the running threads ?
- */
- found = 0;
-- for (i=0 ; i<MAX_ERROR_NB ; i++)
-- if (mctx.errors[i] > 0)
-- {
-+ for (i = 0; i < MAX_ERROR_NB; i++) {
-+ if (mctx.errors[i] > 0) {
- found = 1;
- sprintf (buf, "(%s)", my_ldap_err2string (i));
- printf ("ldclt[%d]: Global error %2d %s occurs %5d times\n",
- mctx.pid, i, buf, mctx.errors[i]);
- }
-+ }
-+#if defined(USE_OPENLDAP)
-+ for (i = 0; i < ABS(NEGATIVE_MAX_ERROR_NB); i++) {
-+ if (mctx.negativeErrors[i] > 0) {
-+ found = 1;
-+ sprintf (buf, "(%s)", my_ldap_err2string (-i));
-+ printf ("ldclt[%d]: Global error %2d %s occurs %5d times\n",
-+ mctx.pid, -i, buf, mctx.negativeErrors[i]);
-+ }
-+ }
-+#endif
- if (mctx.errorsBad > 0)
- {
- found = 1;
-- printf ("ldclt[%d]: Global illegal errors (codes not in [0, %d]) occurs %5d times\n",
-- mctx.pid, MAX_ERROR_NB-1, mctx.errorsBad);
-+ printf("ldclt[%d]: Global illegal errors (codes not in [%d, %d]) occurs %5d times\n",
-+ mctx.pid,
-+#if defined(USE_OPENLDAP)
-+ NEGATIVE_MAX_ERROR_NB,
-+#else
-+ 0,
-+#endif
-+ MAX_ERROR_NB-1, mctx.errorsBad);
- }
- if (!found)
- printf ("ldclt[%d]: Global no error occurs during this session.\n", mctx.pid);
-@@ -1293,9 +1309,14 @@ basicInit (void)
- mctx.totNbOpers = 0;
- mctx.totNbSamples = 0;
- mctx.errorsBad = 0;
-- for (i=0 ; i<MAX_ERROR_NB ; i++)
-+ for (i = 0; i < MAX_ERROR_NB; i++) {
- mctx.errors[i] = 0;
--
-+ }
-+#if defined(USE_OPENLDAP)
-+ for (i = 0; i < ABS(NEGATIVE_MAX_ERROR_NB); i++) {
-+ mctx.negativeErrors[i] = 0;
-+ }
-+#endif
- /*
- * Initiate the mutex that protect the errors statistics
- */
-diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.h b/ldap/servers/slapd/tools/ldclt/ldclt.h
-index a48ab79..4f8f485 100644
---- a/ldap/servers/slapd/tools/ldclt/ldclt.h
-+++ b/ldap/servers/slapd/tools/ldclt/ldclt.h
-@@ -169,6 +169,9 @@ dd/mm/yy | Author | Comments
- #ifndef LDCLT_H
- #define LDCLT_H
-
-+#if defined(USE_OPENLDAP)
-+#define ABS(x) ((x > 0) ? (x) : (-x))
-+#endif
- /*
- * Misc constant definitions
- */
-@@ -183,7 +186,10 @@ dd/mm/yy | Author | Comments
- #define DEF_PORT_CHECK 16000 /* Port used for check processing */
- #define MAX_ATTRIBS 40 /* Max number of attributes */ /*JLS 28-03-01*/
- #define MAX_DN_LENGTH 1024 /* Max length for a DN */
--#define MAX_ERROR_NB 0x62 /* Max ldap err number + 1 */
-+#define MAX_ERROR_NB 0x7b /* Max ldap err number + 1 */
-+#if defined(USE_OPENLDAP)
-+#define NEGATIVE_MAX_ERROR_NB (LDAP_X_CONNECTING - 1) /* Mininum ldap err number */
-+#endif
- #define MAX_IGN_ERRORS 20 /* Max errors ignored */
- #define MAX_FILTER 512 /* Max filters length */
- #define MAX_THREADS 1000 /* Max number of threads */ /*JLS 21-11-00*/
-@@ -504,6 +510,9 @@ typedef struct main_context {
- char *certfile; /* certificate file */ /* BK 11-10-00 */
- char *cltcertname; /* client cert name */ /* BK 23 11-00 */
- data_list_file *dlf; /* Data list files */ /*JLS 23-03-01*/
-+#if defined(USE_OPENLDAP)
-+ int negativeErrors[ABS(NEGATIVE_MAX_ERROR_NB)]; /* Err stats */
-+#endif
- int errors[MAX_ERROR_NB]; /* Err stats */
- int errorsBad; /* Bad errors */
- ldclt_mutex_t errors_mutex; /* Protect errors */ /*JLS 28-11-00*/
-diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c
-index be41186..5d915fd 100644
---- a/ldap/servers/slapd/tools/ldclt/threadMain.c
-+++ b/ldap/servers/slapd/tools/ldclt/threadMain.c
-@@ -430,14 +430,26 @@ addErrorStat (
- /*
- * Update the counters
- */
-+#if defined(USE_OPENLDAP)
-+ if ((err <= NEGATIVE_MAX_ERROR_NB) || (err >= MAX_ERROR_NB))
-+#else
- if ((err <= 0) || (err >= MAX_ERROR_NB))
-+#endif
- {
- fprintf (stderr, "ldclt[%d]: Illegal error number %d\n", mctx.pid, err);
- fflush (stderr);
- mctx.errorsBad++;
- }
-+#if defined(USE_OPENLDAP)
-+ else if (err < 0)
-+ {
-+ mctx.negativeErrors[abs(err)]++;
-+ }
-+#endif
- else
-+ {
- mctx.errors[err]++;
-+ }
-
- /*
- * Release the mutex
-@@ -460,26 +472,28 @@ addErrorStat (
- * Ok, we should not ignore this error...
- * Maybe the limit is reached ?
- */
-+#if defined(USE_OPENLDAP)
-+ if ((err <= NEGATIVE_MAX_ERROR_NB) || (err >= MAX_ERROR_NB))
-+#else
- if ((err <= 0) || (err >= MAX_ERROR_NB))
-- {
-- if (mctx.errorsBad > mctx.maxErrors)
-- {
-- printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-- (void) printGlobalStatistics(); /*JLS 25-08-00*/
-- fflush (stdout);
-- ldclt_sleep (5);
-- ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
-+#endif
-+ {
-+ if (mctx.errorsBad > mctx.maxErrors) {
-+ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-+ (void) printGlobalStatistics(); /*JLS 25-08-00*/
-+ fflush (stdout);
-+ ldclt_sleep (5);
-+ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
- }
-- }
-- else
-- if (mctx.errors[err] > mctx.maxErrors)
-- {
-- printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-- (void) printGlobalStatistics(); /*JLS 25-08-00*/
-- fflush (stdout);
-- ldclt_sleep (5);
-- ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
-+ } else {
-+ if (mctx.errors[err] + mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
-+ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-+ (void) printGlobalStatistics(); /*JLS 25-08-00*/
-+ fflush (stdout);
-+ ldclt_sleep (5);
-+ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
- }
-+ }
- }
-
- /*
---
-1.9.3
-
diff --git a/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch b/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch
new file mode 100644
index 0000000..0b18c51
--- /dev/null
+++ b/SOURCES/0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch
@@ -0,0 +1,461 @@
+From 845915e82846c3e84a9c7585ff584da32c1c5f38 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 12 Jul 2016 14:33:17 -0700
+Subject: [PATCH 12/15] Bug 1347760 - CI test: test case for bug 1347760
+
+Description: Information disclosure via repeated use of LDAP ADD operation, etc.
+(cherry picked from commit 27b8987108d875e3e9ee0d844548f8d94db350d1)
+---
+ dirsrvtests/tests/tickets/ticket1347760_test.py | 440 ++++++++++++++++++++++++
+ 1 file changed, 440 insertions(+)
+ create mode 100644 dirsrvtests/tests/tickets/ticket1347760_test.py
+
+diff --git a/dirsrvtests/tests/tickets/ticket1347760_test.py b/dirsrvtests/tests/tickets/ticket1347760_test.py
+new file mode 100644
+index 0000000..d2e9e37
+--- /dev/null
++++ b/dirsrvtests/tests/tickets/ticket1347760_test.py
+@@ -0,0 +1,440 @@
++# --- BEGIN COPYRIGHT BLOCK ---
++# Copyright (C) 2016 Red Hat, Inc.
++# All rights reserved.
++#
++# License: GPL (version 3 or any later version).
++# See LICENSE for details.
++# --- END COPYRIGHT BLOCK ---
++#
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++installation1_prefix = None
++
++CONFIG_DN = 'cn=config'
++BOU = 'BOU'
++BINDOU = 'ou=%s,%s' % (BOU, DEFAULT_SUFFIX)
++BUID = 'buser123'
++TUID = 'tuser0'
++BINDDN = 'uid=%s,%s' % (BUID, BINDOU)
++BINDPW = BUID
++TESTDN = 'uid=%s,ou=people,%s' % (TUID, DEFAULT_SUFFIX)
++TESTPW = TUID
++BOGUSDN = 'uid=bogus,%s' % DEFAULT_SUFFIX
++BOGUSDN2 = 'uid=bogus,ou=people,%s' % DEFAULT_SUFFIX
++BOGUSSUFFIX = 'uid=bogus,ou=people,dc=bogus'
++GROUPOU = 'ou=groups,%s' % DEFAULT_SUFFIX
++BOGUSOU = 'ou=OU,%s' % DEFAULT_SUFFIX
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++installation1_prefix = None
++
++class TopologyStandalone(object):
++ def __init__(self, standalone):
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ global installation1_prefix
++ if installation1_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
++
++ # Creating standalone instance ...
++ standalone = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++ instance_standalone = standalone.exists()
++ if instance_standalone:
++ standalone.delete()
++ standalone.create()
++ standalone.open()
++
++ # Delete each instance in the end
++# def fin():
++# standalone.delete()
++# request.addfinalizer(fin)
++
++ # Clear out the tmp dir
++ standalone.clearTmpDir(__file__)
++
++ return TopologyStandalone(standalone)
++
++def pattern_accesslog(file, log_pattern):
++ try:
++ pattern_accesslog.last_pos += 1
++ except AttributeError:
++ pattern_accesslog.last_pos = 0
++
++ found = None
++ file.seek(pattern_accesslog.last_pos)
++
++ # Use a while true iteration because 'for line in file: hit a
++ # python bug that break file.tell()
++ while True:
++ line = file.readline()
++ found = log_pattern.search(line)
++ if ((line == '') or (found)):
++ break
++
++ pattern_accesslog.last_pos = file.tell()
++ if found:
++ return line
++ else:
++ return None
++
++def check_op_result(server, op, dn, superior, exists, rc):
++ targetdn = dn
++ if op == 'search':
++ if exists:
++ opstr = 'Searching existing entry'
++ else:
++ opstr = 'Searching non-existing entry'
++ elif op == 'add':
++ if exists:
++ opstr = 'Adding existing entry'
++ else:
++ opstr = 'Adding non-existing entry'
++ elif op == 'modify':
++ if exists:
++ opstr = 'Modifying existing entry'
++ else:
++ opstr = 'Modifying non-existing entry'
++ elif op == 'modrdn':
++ if superior != None:
++ targetdn = superior
++ if exists:
++ opstr = 'Moving to existing superior'
++ else:
++ opstr = 'Moving to non-existing superior'
++ else:
++ if exists:
++ opstr = 'Renaming existing entry'
++ else:
++ opstr = 'Renaming non-existing entry'
++ elif op == 'delete':
++ if exists:
++ opstr = 'Deleting existing entry'
++ else:
++ opstr = 'Deleting non-existing entry'
++
++ if ldap.SUCCESS == rc:
++ expstr = 'be ok'
++ else:
++ expstr = 'fail with %s' % rc.__name__
++
++ log.info('%s %s, which should %s.' % (opstr, targetdn, expstr))
++ hit = 0
++ try:
++ if op == 'search':
++ centry = server.search_s(dn, ldap.SCOPE_BASE, 'objectclass=*')
++ elif op == 'add':
++ server.add_s(Entry((dn, {'objectclass': 'top extensibleObject'.split(),
++ 'cn': 'test entry'})))
++ elif op == 'modify':
++ server.modify_s(dn, [(ldap.MOD_REPLACE, 'description', 'test')])
++ elif op == 'modrdn':
++ if superior != None:
++ server.rename_s(dn, 'uid=new', newsuperior=superior, delold=1)
++ else:
++ server.rename_s(dn, 'uid=new', delold=1)
++ elif op == 'delete':
++ server.delete_s(dn)
++ else:
++ log.fatal('Unknown operation %s' % op)
++ assert False
++ except ldap.LDAPError as e:
++ hit = 1
++ log.info("Exception (expected): %s" % type(e).__name__)
++ log.info('Desc ' + e.message['desc'])
++ assert isinstance(e, rc)
++ if e.message.has_key('matched'):
++ log.info('Matched is returned: ' + e.message['matched'])
++ if rc != ldap.NO_SUCH_OBJECT:
++ assert False
++
++ if ldap.SUCCESS == rc:
++ if op == 'search':
++ log.info('Search should return none')
++ assert len(centry) == 0
++ else:
++ if 0 == hit:
++ log.info('Expected to fail with %s, but passed' % rc.__name__)
++ assert False
++
++ log.info('PASSED\n')
++
++def test_ticket1347760(topology):
++ """
++ Prevent revealing the entry info to whom has no access rights.
++ """
++ log.info('Testing Bug 1347760 - Information disclosure via repeated use of LDAP ADD operation, etc.')
++
++ log.info('Disabling accesslog logbuffering')
++ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-accesslog-logbuffering', 'off')])
++
++ log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD))
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++ log.info('Adding ou=%s a bind user belongs to.' % BOU)
++ topology.standalone.add_s(Entry((BINDOU, {
++ 'objectclass': 'top organizationalunit'.split(),
++ 'ou': BOU})))
++
++ log.info('Adding a bind user.')
++ topology.standalone.add_s(Entry((BINDDN,
++ {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
++ 'cn': 'bind user',
++ 'sn': 'user',
++ 'userPassword': BINDPW})))
++
++ log.info('Adding a test user.')
++ topology.standalone.add_s(Entry((TESTDN,
++ {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
++ 'cn': 'test user',
++ 'sn': 'user',
++ 'userPassword': TESTPW})))
++
++ log.info('Deleting aci in %s.' % DEFAULT_SUFFIX)
++ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_DELETE, 'aci', None)])
++
++ log.info('Bind case 1. the bind user has no rights to read the entry itself, bind should be successful.')
++ log.info('Bind as {%s,%s} who has no access rights.' % (BINDDN, BINDPW))
++ try:
++ topology.standalone.simple_bind_s(BINDDN, BINDPW)
++ except ldap.LDAPError as e:
++ log.info('Desc ' + e.message['desc'])
++ assert False
++
++ file_path = os.path.join(topology.standalone.prefix, 'var/log/dirsrv/slapd-%s/access' % topology.standalone.serverid)
++ file_obj = open(file_path, "r")
++ log.info('Access log path: %s' % file_path)
++
++ log.info('Bind case 2-1. the bind user does not exist, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__)
++ log.info('Bind as {%s,%s} who does not exist.' % (BOGUSDN, 'bogus'))
++ try:
++ topology.standalone.simple_bind_s(BOGUSDN, 'bogus')
++ except ldap.LDAPError as e:
++ log.info("Exception (expected): %s" % type(e).__name__)
++ log.info('Desc ' + e.message['desc'])
++ assert isinstance(e, ldap.INVALID_CREDENTIALS)
++ regex = re.compile('No such entry')
++ cause = pattern_accesslog(file_obj, regex)
++ if cause == None:
++ log.fatal('Cause not found - %s' % cause)
++ assert False
++ else:
++ log.info('Cause found - %s' % cause)
++
++ log.info('Bind case 2-2. the bind user\'s suffix does not exist, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__)
++ log.info('Bind as {%s,%s} who does not exist.' % (BOGUSSUFFIX, 'bogus'))
++ try:
++ topology.standalone.simple_bind_s(BOGUSSUFFIX, 'bogus')
++ except ldap.LDAPError as e:
++ log.info("Exception (expected): %s" % type(e).__name__)
++ log.info('Desc ' + e.message['desc'])
++ assert isinstance(e, ldap.INVALID_CREDENTIALS)
++ regex = re.compile('No such suffix')
++ cause = pattern_accesslog(file_obj, regex)
++ if cause == None:
++ log.fatal('Cause not found - %s' % cause)
++ assert False
++ else:
++ log.info('Cause found - %s' % cause)
++
++ log.info('Bind case 2-3. the bind user\'s password is wrong, bind should fail with error %s' % ldap.INVALID_CREDENTIALS.__name__)
++ log.info('Bind as {%s,%s} who does not exist.' % (BINDDN, 'bogus'))
++ try:
++ topology.standalone.simple_bind_s(BINDDN, 'bogus')
++ except ldap.LDAPError as e:
++ log.info("Exception (expected): %s" % type(e).__name__)
++ log.info('Desc ' + e.message['desc'])
++ assert isinstance(e, ldap.INVALID_CREDENTIALS)
++ regex = re.compile('Invalid credentials')
++ cause = pattern_accesslog(file_obj, regex)
++ if cause == None:
++ log.fatal('Cause not found - %s' % cause)
++ assert False
++ else:
++ log.info('Cause found - %s' % cause)
++
++ log.info('Adding aci for %s to %s.' % (BINDDN, BINDOU))
++ acival = '(targetattr="*")(version 3.0; acl "%s"; allow(all) userdn = "ldap:///%s";)' % (BUID, BINDDN)
++ log.info('aci: %s' % acival)
++ log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD))
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++ topology.standalone.modify_s(BINDOU, [(ldap.MOD_ADD, 'aci', acival)])
++
++ log.info('Bind case 3. the bind user has the right to read the entry itself, bind should be successful.')
++ log.info('Bind as {%s,%s} which should be ok.\n' % (BINDDN, BINDPW))
++ topology.standalone.simple_bind_s(BINDDN, BINDPW)
++
++ log.info('The following operations are against the subtree the bind user %s has no rights.' % BINDDN)
++ # Search
++ exists = True
++ rc = ldap.SUCCESS
++ log.info('Search case 1. the bind user has no rights to read the search entry, it should return no search results with %s' % rc)
++ check_op_result(topology.standalone, 'search', TESTDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.SUCCESS
++ log.info('Search case 2-1. the search entry does not exist, the search should return no search results with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'search', BOGUSDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.SUCCESS
++ log.info('Search case 2-2. the search entry does not exist, the search should return no search results with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'search', BOGUSDN2, None, exists, rc)
++
++ # Add
++ exists = True
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Add case 1. the bind user has no rights AND the adding entry exists, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'add', TESTDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Add case 2-1. the bind user has no rights AND the adding entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'add', BOGUSDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Add case 2-2. the bind user has no rights AND the adding entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'add', BOGUSDN2, None, exists, rc)
++
++ # Modify
++ exists = True
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modify case 1. the bind user has no rights AND the modifying entry exists, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modify', TESTDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modify case 2-1. the bind user has no rights AND the modifying entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modify', BOGUSDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modify case 2-2. the bind user has no rights AND the modifying entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modify', BOGUSDN2, None, exists, rc)
++
++ # Modrdn
++ exists = True
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modrdn case 1. the bind user has no rights AND the renaming entry exists, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modrdn', TESTDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modrdn case 2-1. the bind user has no rights AND the renaming entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modrdn', BOGUSDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modrdn case 2-2. the bind user has no rights AND the renaming entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modrdn', BOGUSDN2, None, exists, rc)
++
++ exists = True
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modrdn case 3. the bind user has no rights AND the node moving an entry to exists, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modrdn', TESTDN, GROUPOU, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modrdn case 4-1. the bind user has no rights AND the node moving an entry to does not, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Modrdn case 4-2. the bind user has no rights AND the node moving an entry to does not, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc)
++
++ # Delete
++ exists = True
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Delete case 1. the bind user has no rights AND the deleting entry exists, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'delete', TESTDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Delete case 2-1. the bind user has no rights AND the deleting entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'delete', BOGUSDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.INSUFFICIENT_ACCESS
++ log.info('Delete case 2-2. the bind user has no rights AND the deleting entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'delete', BOGUSDN2, None, exists, rc)
++
++ log.info('EXTRA: Check no regressions')
++ log.info('Adding aci for %s to %s.' % (BINDDN, DEFAULT_SUFFIX))
++ acival = '(targetattr="*")(version 3.0; acl "%s-all"; allow(all) userdn = "ldap:///%s";)' % (BUID, BINDDN)
++ log.info('Bind as {%s,%s}' % (DN_DM, PASSWORD))
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', acival)])
++
++ log.info('Bind as {%s,%s}.' % (BINDDN, BINDPW))
++ try:
++ topology.standalone.simple_bind_s(BINDDN, BINDPW)
++ except ldap.LDAPError as e:
++ log.info('Desc ' + e.message['desc'])
++ assert False
++
++ exists = False
++ rc = ldap.NO_SUCH_OBJECT
++ log.info('Search case. the search entry does not exist, the search should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'search', BOGUSDN2, None, exists, rc)
++ file_obj.close()
++
++ exists = True
++ rc = ldap.ALREADY_EXISTS
++ log.info('Add case. the adding entry already exists, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'add', TESTDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.NO_SUCH_OBJECT
++ log.info('Modify case. the modifying entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modify', BOGUSDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.NO_SUCH_OBJECT
++ log.info('Modrdn case 1. the renaming entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modrdn', BOGUSDN, None, exists, rc)
++
++ exists = False
++ rc = ldap.NO_SUCH_OBJECT
++ log.info('Modrdn case 2. the node moving an entry to does not, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'modrdn', TESTDN, BOGUSOU, exists, rc)
++
++ exists = False
++ rc = ldap.NO_SUCH_OBJECT
++ log.info('Delete case. the deleting entry does not exist, it should fail with %s' % rc.__name__)
++ check_op_result(topology.standalone, 'delete', BOGUSDN, None, exists, rc)
++
++ log.info('SUCCESS')
++
++if __name__ == '__main__':
++ # Run isolated
++ # -s for DEBUG mode
++
++ CURRENT_FILE = os.path.realpath(__file__)
++ pytest.main("-s %s" % CURRENT_FILE)
+--
+2.4.11
+
diff --git a/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch b/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
deleted file mode 100644
index f850942..0000000
--- a/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
+++ /dev/null
@@ -1,184 +0,0 @@
-From a8e885d2d69381adc483d1a506b9f1e739a507f5 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 8 Jul 2015 17:21:57 -0400
-Subject: [PATCH 12/20] Ticket 48013 - Inconsistent behaviour of DS when LDAP
- Sync is used with an invalid cookie
-
-Bug Description: Some invalid cookies are treated as errors, while others are not.
-
-Fix Description: Perform the cookie parsing and validation in the same step. This
- gives consistent results.
-
-https://fedorahosted.org/389/ticket/48013
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit fdf46817fcc3b334bd477316d253bc18f243c0f6)
-(cherry picked from commit 41dff5ba7a6368bfb2d8a2057dd5ba5b6a91d175)
----
- dirsrvtests/tickets/ticket48013_test.py | 134 +++++++++++++++++++++++++++++++
- ldap/servers/plugins/sync/sync_refresh.c | 7 +-
- 2 files changed, 138 insertions(+), 3 deletions(-)
- create mode 100644 dirsrvtests/tickets/ticket48013_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48013_test.py b/dirsrvtests/tickets/ticket48013_test.py
-new file mode 100644
-index 0000000..0ccdeba
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48013_test.py
-@@ -0,0 +1,134 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+import pyasn1
-+import pyasn1_modules
-+import ldap,ldapurl
-+from ldap.ldapobject import SimpleLDAPObject
-+from ldap.syncrepl import SyncreplConsumer
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+class SyncObject(SimpleLDAPObject, SyncreplConsumer):
-+ def __init__(self, uri):
-+ # Init the ldap connection
-+ SimpleLDAPObject.__init__(self, uri)
-+
-+ def sync_search(self, test_cookie):
-+ self.syncrepl_search('dc=example,dc=com', ldap.SCOPE_SUBTREE,
-+ filterstr='(objectclass=*)', mode='refreshOnly',
-+ cookie=test_cookie)
-+
-+ def poll(self):
-+ self.syncrepl_poll(all=1)
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ global installation1_prefix
-+ if installation1_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+ # Creating standalone instance ...
-+ standalone = DirSrv(verbose=False)
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ standalone.delete()
-+ standalone.create()
-+ standalone.open()
-+
-+ # Clear out the tmp dir
-+ standalone.clearTmpDir(__file__)
-+
-+ return TopologyStandalone(standalone)
-+
-+
-+def test_ticket48013(topology):
-+ '''
-+ Content Synchonization: Test that invalid cookies are caught
-+ '''
-+
-+ cookies = ('#', '##', 'a#a#a', 'a#a#1')
-+
-+ # Enable dynamic plugins
-+ try:
-+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', 'on')])
-+ except ldap.LDAPError as e:
-+ ldap.error('Failed to enable dynamic plugin!' + e.message['desc'])
-+ assert False
-+
-+ # Enable retro changelog
-+ topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
-+
-+ # Enbale content sync plugin
-+ topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)
-+
-+ # Set everything up
-+ ldap_url = ldapurl.LDAPUrl('ldap://localhost:31389')
-+ ldap_connection = SyncObject(ldap_url.initializeUrl())
-+
-+ # Authenticate
-+ try:
-+ ldap_connection.simple_bind_s(DN_DM, PASSWORD)
-+ except ldap.LDAPError as e:
-+ print('Login to LDAP server failed: %s' % e.message['desc'])
-+ assert False
-+
-+ # Test invalid cookies
-+ for invalid_cookie in cookies:
-+ log.info('Testing cookie: %s' % invalid_cookie)
-+ try:
-+ ldap_connection.sync_search(invalid_cookie)
-+ ldap_connection.poll()
-+ log.fatal('Invalid cookie accepted!')
-+ assert False
-+ except Exception as e:
-+ log.info('Invalid cookie correctly rejected: %s' % e.message['info'])
-+ pass
-+
-+ # Success
-+ log.info('Test complete')
-+
-+
-+def test_ticket48013_final(topology):
-+ topology.standalone.delete()
-+ log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+ global installation1_prefix
-+ installation1_prefix = None
-+
-+ topo = topology(True)
-+ test_ticket48013(topo)
-+ test_ticket48013_final(topo)
-+
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
-diff --git a/ldap/servers/plugins/sync/sync_refresh.c b/ldap/servers/plugins/sync/sync_refresh.c
-index 1ae2604..beb87ab 100644
---- a/ldap/servers/plugins/sync/sync_refresh.c
-+++ b/ldap/servers/plugins/sync/sync_refresh.c
-@@ -113,9 +113,10 @@ int sync_srch_refresh_pre_search(Slapi_PBlock *pb)
- * -- return e-syncRefreshRequired if the data referenced in the cookie are no
- * longer in the history
- */
-- if (cookie &&
-- ( client_cookie = sync_cookie_parse (cookie))) {
-- if (sync_cookie_isvalid(client_cookie, session_cookie)) {
-+ if (cookie) {
-+ if ((client_cookie = sync_cookie_parse (cookie)) &&
-+ sync_cookie_isvalid(client_cookie, session_cookie))
-+ {
- rc = sync_refresh_update_content(pb, client_cookie, session_cookie);
- if (rc == 0)
- entries_sent = 1;
---
-1.9.3
-
diff --git a/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch b/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
deleted file mode 100644
index 3fe4c40..0000000
--- a/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-From cb54fa78fdd5e94f890c3fa1c03481358e3c82ce Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 9 Jul 2015 09:59:46 -0400
-Subject: [PATCH 13/20] Ticket 48217 - cleanAllRUV hangs shutdown if not all of
- the replicas are online
-
-Bug Description: There are race conditions where we might not notify the
- clean task when a shutdown is occuring. This casues the
- task refcount to be not decremented, which hangs the
- destructor function.
-
-Fix Description: Check that the server is not shutting down before going
- to sleep, and notify the clean/abort tasks to stop in
- the destructor functions(instead of in the mmr plugin stop
- function).
-
-https://fedorahosted.org/389/ticket/48217
-
-Reviewed by: lkrispen(Thanks!)
-
-(cherry picked from commit d6269f2e6898a187d43e3368860b13cdbd39ec55)
-(cherry picked from commit 0bb881aea92d64e509cf7604e86559779e4f9b77)
----
- .../plugins/replication/repl5_replica_config.c | 49 ++++++++++++++--------
- 1 file changed, 31 insertions(+), 18 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index faa86b8..446da3f 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1738,7 +1738,9 @@ replica_cleanallruv_thread(void *arg)
- }
- if (data->task) {
- slapi_task_inc_refcount(data->task);
-- slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, "replica_cleanallruv_thread --> refcount incremented.\n");
-+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name,
-+ "replica_cleanallruv_thread --> refcount incremented (%d).\n",
-+ data->task->task_refcount);
- }
- /*
- * Initialize our settings
-@@ -1871,10 +1873,11 @@ replica_cleanallruv_thread(void *arg)
- */
- cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Not all replicas have received the "
- "cleanallruv extended op, retrying in %d seconds",interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
--
-+ if(!slapi_is_shutting_down()){
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
- } else {
-@@ -1974,6 +1977,7 @@ done:
- if(data->repl_obj && free_obj){
- object_release(data->repl_obj);
- }
-+
- csn_free(&data->maxcsn);
- slapi_sdn_free(&data->sdn);
- slapi_ch_free_string(&data->repl_root);
-@@ -1987,6 +1991,7 @@ replica_cleanall_ruv_destructor(Slapi_Task *task)
- {
- slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
- "replica_cleanall_ruv_destructor -->\n" );
-+ stop_ruv_cleaning();
- if (task) {
- while (slapi_task_get_refcount(task) > 0) {
- /* Yield to wait for the fixup task finishes. */
-@@ -2002,6 +2007,7 @@ replica_cleanall_ruv_abort_destructor(Slapi_Task *task)
- {
- slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
- "replica_cleanall_ruv_abort_destructor -->\n" );
-+ stop_ruv_cleaning();
- if (task) {
- while (slapi_task_get_refcount(task) > 0) {
- /* Yield to wait for the fixup task finishes. */
-@@ -2055,9 +2061,11 @@ check_replicas_are_done_cleaning(cleanruv_data *data )
- break;
- }
- cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Not all replicas finished cleaning, retrying in %d seconds",interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
-+ if(!slapi_is_shutting_down()){
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
- } else {
-@@ -2158,9 +2166,11 @@ check_replicas_are_done_aborting(cleanruv_data *data )
- break;
- }
- cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID, "Not all replicas finished aborting, retrying in %d seconds",interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
-+ if(!slapi_is_shutting_down()){
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
- } else {
-@@ -2212,10 +2222,11 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn)
- }
- cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,
- "Not all replicas caught up, retrying in %d seconds",interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
--
-+ if(!slapi_is_shutting_down()){
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
- } else {
-@@ -2271,10 +2282,12 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task)
- }
- cleanruv_log(task, rid, CLEANALLRUV_ID, "Not all replicas online, retrying in %d seconds...",
- interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
-
-+ if(!slapi_is_shutting_down()){
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
- } else {
---
-1.9.3
-
diff --git a/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch b/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
new file mode 100644
index 0000000..c5e693a
--- /dev/null
+++ b/SOURCES/0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
@@ -0,0 +1,107 @@
+From 9f8d3fc5bd7cb1e00b6bd48669b8074849f4c5da Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Thu, 14 Jul 2016 13:47:11 +1000
+Subject: [PATCH 13/15] Ticket 48925 - slapd crash with SIGILL: Dsktune should
+ detect lack of CMPXCHG16B
+
+Bug Description: On older AMD the CMPXCHG16B is not present. This is critical
+to the correct operation of lfds. Without out it we are unable to use nunc-stans
+
+Fix Description: dsktune should warn if CMPXCHG16B (flag cx16) is not present.
+In a future release we will NOT allow installation upon a platform that lacks
+this instruction.
+
+https://fedorahosted.org/389/ticket/48925
+
+Author: wibrown
+
+Review by: nhosoi (Thank you!)
+
+(cherry picked from commit 5eb19778f7939967e8ca714c4d4cb03ffa11064d)
+---
+ ldap/systools/idsktune.c | 40 +++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 39 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
+index c7e76e7..b6c352a 100644
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -11,11 +11,12 @@
+ # include <config.h>
+ #endif
+
++#define _GNU_SOURCE
+
+ /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * Don't forget to update build_date when the patch sets are updated.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+-static char *build_date = "23-FEBRUARY-2012";
++static char *build_date = "14-JULY-2016";
+
+ #if defined(linux) || defined(__linux) || defined(__linux__)
+ #define IDDS_LINUX_INCLUDE 1
+@@ -32,10 +33,12 @@ static char *build_date = "23-FEBRUARY-2012";
+ #include <sys/resource.h>
+ #include <unistd.h>
+ #endif
++
+ #include <stdlib.h>
+ #include <string.h>
+ #include <errno.h>
+ #include <ctype.h>
++
+ #if !defined(__VMS) && !defined(IDDS_LINUX_INCLUDE)
+ #if defined(__hpux) && defined(f_type)
+ #undef f_type
+@@ -864,6 +867,39 @@ done:
+ free(cmd);
+ }
+ }
++
++
++static void
++linux_check_cpu_features(void)
++{
++ FILE *cpuinfo = fopen("/proc/cpuinfo", "rb");
++ char *arg = 0;
++ char *token = NULL;
++ size_t size = 0;
++ int found = 0;
++ while(getline(&arg, &size, cpuinfo) != -1)
++ {
++ if (strncmp("flags", arg, 5) == 0) {
++ token = strtok(arg, " ");
++ while (token != NULL) {
++ if (strncmp(token, "cx16", 4) == 0) {
++ found += 1;
++ }
++ token = strtok(NULL, " ");
++ }
++ }
++ }
++ free(arg);
++ fclose(cpuinfo);
++
++ if (found == 0) {
++ flag_os_bad = 1;
++ printf("ERROR: This system does not support CMPXCHG16B instruction (cpuflag cx16).\n");
++ printf(" nsslapd-enable-nunc-stans must be set to "off" on this system. \n");
++ printf(" In a future release of Directory Server this platform will NOT be supported.\n\n");
++ }
++
++}
+ #endif /* IDDS_LINUX_INCLUDE */
+
+
+@@ -976,6 +1012,8 @@ static void gen_tests (void)
+
+ #if defined(IDDS_LINUX_INCLUDE)
+ linux_check_release();
++
++ linux_check_cpu_features();
+ #endif
+
+
+--
+2.4.11
+
diff --git a/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch b/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
deleted file mode 100644
index f1e78fb..0000000
--- a/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 4fe9f07d50f383e3765ba97294f8b641f7feefa3 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 9 Jul 2015 17:23:57 -0700
-Subject: [PATCH 14/20] Ticket #48216 - crash in ns-slapd when deleting
- winSyncSubtreePair from sync agreement
-
-Description: In free_subtree_pairs, the condition for stopping the
-loop to clean up the AD and DS subtree dn was incomplete.
-
-This patch checks the AD and DS subtree dn and if any of the pair
-is NULL, it stops the clean up. Related to the issue, more checks
-for the validation of the winSyncSubtreePair is added so that any
-single valued cases are ignored with an error log.
-[single valued case examples]
- winSyncSubtreePair: ou=People,dc=anytree
- winSyncSubtreePair: ou=People,dc=anytree:
- winSyncSubtreePair: :ou=People,dc=anytree
-
-https://fedorahosted.org/389/ticket/48216
-
-Reviewed by rmeggins@redht.com (Thank you, Rich!!)
-
-(cherry picked from commit 6dce81e77a47dc23e0b825952c97112039f45201)
-(cherry picked from commit 6d177bf359c022f1e46d575c6fe3ad3d97f1cfeb)
----
- ldap/servers/plugins/replication/windows_private.c | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c
-index 36015c2..f5cb44e 100644
---- a/ldap/servers/plugins/replication/windows_private.c
-+++ b/ldap/servers/plugins/replication/windows_private.c
-@@ -885,7 +885,7 @@ windows_private_get_subtreepairs(const Repl_Agmt *ra)
- return dp->subtree_pairs;
- }
-
--/* parray is NOT passed in */
-+/* parray is NOT passed in; caller frees it. */
- void
- windows_private_set_subtreepairs(const Repl_Agmt *ra, char **parray)
- {
-@@ -930,6 +930,12 @@ create_subtree_pairs(char **pairs)
- for (ptr = pairs; ptr && *ptr; ptr++) {
- p0 = ldap_utf8strtok_r(*ptr, ":", &saveptr);
- p1 = ldap_utf8strtok_r(NULL, ":", &saveptr);
-+ if ((NULL == p0) || (NULL == p1)) {
-+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
-+ "create_subtree_pairs: "
-+ "Ignoring invalid subtree pairs \"%s\".\n", *ptr);
-+ continue;
-+ }
- spp->DSsubtree = slapi_sdn_new_dn_byval(p0);
- if (NULL == spp->DSsubtree) {
- LDAPDebug1Arg(LDAP_DEBUG_ANY,
-@@ -960,7 +966,11 @@ free_subtree_pairs(subtreePair **pairs)
- if (NULL == pairs) {
- return;
- }
-- for (p = *pairs; p; p++) {
-+ /*
-+ * If exists, the subtree pair is both non-NULL or NULL.
-+ * Both NULL is the condition to stop the loop.
-+ */
-+ for (p = *pairs; p && p->ADsubtree && p->DSsubtree; p++) {
- slapi_sdn_free(&(p->ADsubtree));
- slapi_sdn_free(&(p->DSsubtree));
- }
---
-1.9.3
-
diff --git a/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch b/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
new file mode 100644
index 0000000..d9c3309
--- /dev/null
+++ b/SOURCES/0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
@@ -0,0 +1,31 @@
+From 8464ea4aa20182d3f56c06287cbb8a2ff71e2837 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 14 Jul 2016 15:36:03 -0700
+Subject: [PATCH 14/15] Ticket 48925 - slapd crash with SIGILL: Dsktune should
+ detect lack of CMPXCHG16B
+
+Description: escaping '"' in the ERROR message.
+
+Reviewed by: one-line rule
+
+(cherry picked from commit 975e0fae044a08d2755b2394bac09d722bd1bae0)
+---
+ ldap/systools/idsktune.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
+index b6c352a..ad6a39e 100644
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -895,7 +895,7 @@ linux_check_cpu_features(void)
+ if (found == 0) {
+ flag_os_bad = 1;
+ printf("ERROR: This system does not support CMPXCHG16B instruction (cpuflag cx16).\n");
+- printf(" nsslapd-enable-nunc-stans must be set to "off" on this system. \n");
++ printf(" nsslapd-enable-nunc-stans must be set to \"off\" on this system. \n");
+ printf(" In a future release of Directory Server this platform will NOT be supported.\n\n");
+ }
+
+--
+2.4.11
+
diff --git a/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch b/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
deleted file mode 100644
index a2c2fe1..0000000
--- a/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 8f298b2241bb1dc1342b3f7435806af0c22c9f69 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 13 Jul 2015 12:24:19 -0400
-Subject: [PATCH 15/20] Ticket 48119 - Silent install needs to properly exit
- when INF file is missing
-
-Bug Description: If the INF file is not present, we don't log the error to the
- setup log file. We also don't properly check for the suitespot
- user, which also does not properly exit if the calling user is root.
-
-Fix Description: Properly exit if the INF file is missing, or the suitespot user
- is not set(and we are running the script as root).
-
-https://fedorahosted.org/389/ticket/48119
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 5363898b122b1a7e7ad07fdc0ad074e91cd1510f)
-(cherry picked from commit eeddc9f03b6131f5c8ba715a0a05bb1280a4f9ef)
----
- ldap/admin/src/scripts/DSCreate.pm.in | 3 ++-
- ldap/admin/src/scripts/Inf.pm | 8 ++++++--
- ldap/admin/src/scripts/Setup.pm.in | 3 +++
- ldap/admin/src/scripts/setup-ds.res.in | 1 +
- 4 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
-index f44afbb..e4a4ed0 100644
---- a/ldap/admin/src/scripts/DSCreate.pm.in
-+++ b/ldap/admin/src/scripts/DSCreate.pm.in
-@@ -797,8 +797,9 @@ sub setDefaults {
- if (!$inf->{General}->{SuiteSpotUserID}) {
- if ($> != 0) { # if not root, use the user's uid
- $inf->{General}->{SuiteSpotUserID} = getLogin;
-+ } else {
-+ return('error_missing_userid');
- }
-- # otherwise, the uid must be specified
- }
-
- if (!$inf->{General}->{SuiteSpotGroup}) {
-diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm
-index ec433e2..d4c55f1 100644
---- a/ldap/admin/src/scripts/Inf.pm
-+++ b/ldap/admin/src/scripts/Inf.pm
-@@ -31,7 +31,9 @@ sub new {
- $self = bless $self, $type;
-
- if ($self->{filename}) {
-- $self->read();
-+ if($self->read() != 0){
-+ undef $self;
-+ }
- }
-
- return $self;
-@@ -61,7 +63,7 @@ sub read {
- } else {
- if (!open(INF, $filename)) {
- debug(0, "Error: could not open inf file $filename: $!\n");
-- return;
-+ return -1;
- }
- $inffh = \*INF;
- }
-@@ -118,6 +120,8 @@ sub read {
- if ($inffh ne \*STDIN) {
- close $inffh;
- }
-+
-+ return 0;
- }
-
- sub section {
-diff --git a/ldap/admin/src/scripts/Setup.pm.in b/ldap/admin/src/scripts/Setup.pm.in
-index cd49d95..99025ab 100644
---- a/ldap/admin/src/scripts/Setup.pm.in
-+++ b/ldap/admin/src/scripts/Setup.pm.in
-@@ -117,6 +117,9 @@ sub init {
- # if user supplied inf file, use that to initialize
- if (defined($inffile)) {
- $self->{inf} = new Inf($inffile);
-+ if(!$self->{inf}){
-+ $self->doExit(1);
-+ }
- } else {
- $self->{inf} = new Inf;
- }
-diff --git a/ldap/admin/src/scripts/setup-ds.res.in b/ldap/admin/src/scripts/setup-ds.res.in
-index 011bf36..7134e25 100644
---- a/ldap/admin/src/scripts/setup-ds.res.in
-+++ b/ldap/admin/src/scripts/setup-ds.res.in
-@@ -118,6 +118,7 @@ error_enabling_feature = Could not enable the directory server feature '%s'. Er
- error_importing_ldif = Could not import LDIF file '%s'. Error: %s. Output: %s\n
- error_starting_server = Could not start the directory server using command '%s'. The last line from the error log was '%s'. Error: %s\n
- error_stopping_server = Could not stop the directory server '%s'. Error: %s\n
-+error_missing_userid = The SuiteSpotUserID is missing. This must be set to valid user\n
- error_missing_port_and_ldapi = Either ServerPort or ldapifilepath must be specified. The server must listen to something.\n
- error_missing_port = No ServerPort specified. The server must have a port number to listen to (default 389).\n
- error_server_already_exists = Error: the server already exists at '%s'\
---
-1.9.3
-
diff --git a/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
new file mode 100644
index 0000000..3998c3a
--- /dev/null
+++ b/SOURCES/0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
@@ -0,0 +1,74 @@
+From bd07b274a2bdbb1accf0d808c1c6a774c95d10db Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 14 Jul 2016 16:35:38 -0700
+Subject: [PATCH 15/15] Ticket #48919 - Compiler warnings while building
+ 389-ds-base on RHEL7
+
+Description: Fixing additional complier warnings.
+1. ldap/servers/slapd/attrsyntax.c
+ attr_syntax_force_to_delete(struct asyntaxinfo *asip, void *arg)
+ This function does not care the attr_syntax_enum_flaginfo.
+2. ldap/servers/slapd/detach.c
+ Let detach use the rc which must be 0 (success).
+3. ldap/systools/idsktune.c
+ Removing #define _GNU_SOURCE from idsktune.c.
+ The macro is defined in config.h generated by configure.
+ $ egrep _GNU_SOURCE config.h
+ #define _GNU_SOURCE 1
+
+https://fedorahosted.org/389/ticket/48919
+
+Reviewed by wibrown@redhat.com (Thanks, William!)
+
+(cherry picked from commit 7c9853e07a85db3b46cd1eb6eacdacf3f17c39a0)
+---
+ ldap/servers/slapd/attrsyntax.c | 4 ----
+ ldap/servers/slapd/detach.c | 2 +-
+ ldap/systools/idsktune.c | 2 --
+ 3 files changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
+index 8b2a77a..aec6d21 100644
+--- a/ldap/servers/slapd/attrsyntax.c
++++ b/ldap/servers/slapd/attrsyntax.c
+@@ -1390,11 +1390,7 @@ attr_syntax_delete_if_not_flagged(struct asyntaxinfo *asip, void *arg)
+ static int
+ attr_syntax_force_to_delete(struct asyntaxinfo *asip, void *arg)
+ {
+- struct attr_syntax_enum_flaginfo *fi;
+-
+ PR_ASSERT( asip != NULL );
+- fi = (struct attr_syntax_enum_flaginfo *)arg;
+- PR_ASSERT( fi != NULL );
+
+ attr_syntax_delete_no_lock( asip, PR_FALSE, 0 );
+ return ATTR_SYNTAX_ENUM_REMOVE;
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index b055a5c..54c6028 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -133,7 +133,7 @@ detach( int slapd_exemode, int importexport_encrypt,
+ }
+
+ (void) SIGNAL( SIGPIPE, SIG_IGN );
+- return 0;
++ return rc;
+ }
+
+ /*
+diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
+index ad6a39e..4c96529 100644
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -11,8 +11,6 @@
+ # include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+-
+ /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * Don't forget to update build_date when the patch sets are updated.
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */
+--
+2.4.11
+
diff --git a/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch b/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
deleted file mode 100644
index 3d68e2b..0000000
--- a/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From e0ceac7c48a4cc616f1602d4cc3430a306740021 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 13 Jul 2015 13:12:12 -0400
-Subject: [PATCH 16/20] Ticket 47878 - Remove warning suppression in 1.3.4
-
-Description: Perl 5.16 does not support the warning suppression of
- "smartmatch", but 5.18 does. RHEL 7 is currently only
- using 5.16, so it needs to be removed from 1.3.4 for now.
-
-https://fedorahosted.org/389/ticket/47878
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit d8b7a3c93692eae229c74ef67f6f608f95eb2eef)
----
- ldap/admin/src/scripts/52updateAESplugin.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/admin/src/scripts/52updateAESplugin.pl b/ldap/admin/src/scripts/52updateAESplugin.pl
-index ae258b6..4225770 100644
---- a/ldap/admin/src/scripts/52updateAESplugin.pl
-+++ b/ldap/admin/src/scripts/52updateAESplugin.pl
-@@ -6,7 +6,7 @@ use File::Basename;
- use File::Copy;
- use DSUtil qw(debug serverIsRunning);
-
--no warnings 'experimental::smartmatch';
-+# no warnings 'experimental::smartmatch'; warning supression available in perl 5.18
-
- #
- # Check if there is a DES plugin and make sure the AES plugin contains the same attributes
---
-1.9.3
-
diff --git a/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch b/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
new file mode 100644
index 0000000..57e4f2e
--- /dev/null
+++ b/SOURCES/0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
@@ -0,0 +1,97 @@
+From 6f55a77b49ecdec56817039308f7c07da820fb62 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 14 Jul 2016 19:09:21 -0700
+Subject: [PATCH] Ticket #48919 - Compiler warnings while building 389-ds-base
+ on RHEL7
+
+Description: Fixing additional covscan errors.
+1. RESOURCE_LEAK
+ ldap/servers/slapd/agtmmap.c
+ agt_mopen_stats - leaked_handle: Handle variable "fd" going out of scope leaks the handle.
+2. CHECKED_RETURN
+ ldap/servers/slapd/back-ldbm/cache.c
+ entrycache_return - check_return: Calling "remove_hash" without checking return value
+3. NULL_RETURNS
+ ldap/systools/idsktune.c
+ linux_check_cpu_features - dereference: Dereferencing a pointer that might be null "cpuinfo" when calling "fclose".
+4. UNINIT
+ ldap/servers/slapd/detach.c
+ detach - uninit_use: Using uninitialized value "rc".
+
+https://fedorahosted.org/389/ticket/48919
+(cherry picked from commit 381caf52a06ad8cefa9daa99586878249a4aa4f2)
+---
+ ldap/servers/slapd/agtmmap.c | 1 +
+ ldap/servers/slapd/back-ldbm/cache.c | 6 ++++--
+ ldap/servers/slapd/detach.c | 3 ++-
+ ldap/systools/idsktune.c | 4 ++++
+ 4 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/servers/slapd/agtmmap.c b/ldap/servers/slapd/agtmmap.c
+index 629bc1b..b9d66d9 100644
+--- a/ldap/servers/slapd/agtmmap.c
++++ b/ldap/servers/slapd/agtmmap.c
+@@ -167,6 +167,7 @@ agt_mopen_stats (char * statsfile, int mode, int *hdl)
+ #endif
+ rc = err;
+ free (buf);
++ close(fd);
+ goto bail;
+ }
+ free (buf);
+diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c
+index bb4e55e..015cd48 100644
+--- a/ldap/servers/slapd/back-ldbm/cache.c
++++ b/ldap/servers/slapd/back-ldbm/cache.c
+@@ -1142,7 +1142,9 @@ entrycache_return(struct cache *cache, struct backentry **bep)
+ * so we need to remove the entry from the DN cache because
+ * we don't/can't always call cache_remove().
+ */
+- remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn));
++ if (remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn)) == 0) {
++ LOG("entrycache_return: failed to remove %s from dn table\n", ndn, 0, 0);
++ }
+ }
+ backentry_free(bep);
+ } else {
+@@ -1392,7 +1394,7 @@ entrycache_add_int(struct cache *cache, struct backentry *e, int state,
+ return 0;
+ }
+ if(remove_hash(cache->c_dntable, (void *)ndn, strlen(ndn)) == 0){
+- LOG("entrycache_add_int: failed to remove %s from dn table\n", 0, 0, 0);
++ LOG("entrycache_add_int: failed to remove %s from dn table\n", ndn, 0, 0);
+ }
+ e->ep_state |= ENTRY_STATE_NOTINCACHE;
+ cache_unlock(cache);
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index 54c6028..84a9eef 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -48,7 +48,8 @@ int
+ detach( int slapd_exemode, int importexport_encrypt,
+ int s_port, daemon_ports_t *ports_info )
+ {
+- int i, sd, rc;
++ int i, sd;
++ int rc = 0;
+ char *workingdir = 0;
+ char *errorlog = 0;
+ char *ptr = 0;
+diff --git a/ldap/systools/idsktune.c b/ldap/systools/idsktune.c
+index 4c96529..08b7f12 100644
+--- a/ldap/systools/idsktune.c
++++ b/ldap/systools/idsktune.c
+@@ -875,6 +875,10 @@ linux_check_cpu_features(void)
+ char *token = NULL;
+ size_t size = 0;
+ int found = 0;
++ if (NULL == cpuinfo) {
++ printf("ERROR: Unable to check cpu features since opening \"/proc/cpuinfo\" failed.\n");
++ return;
++ }
+ while(getline(&arg, &size, cpuinfo) != -1)
+ {
+ if (strncmp("flags", arg, 5) == 0) {
+--
+2.4.11
+
diff --git a/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch b/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
deleted file mode 100644
index 9a1049b..0000000
--- a/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 8622b69a733a6126414876f11ab627211cb3bd06 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 13 Jul 2015 17:51:01 -0700
-Subject: [PATCH 17/20] Ticket #48223 - Winsync fails when AD users have
- multiple spaces (two)inside the value of the rdn attribute
-
-Description: When the dirsync search returns a remote entry, winsync
-search the entry with DN to retrieve the whole attribute value pairs.
-The DN used for the search was normalized which replaced multiple white-
-spaces with one in the DN. This patch does not used the normalized DN,
-but the same DN given by AD.
-
-The DN normalization behaviour was introduced to fix a ticket #529 -
-dn normalization must handle multiple space characters in attributes.
-
-Added additional debugging to get the info which entry failed to sync.
-
-https://fedorahosted.org/389/ticket/48223
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 2c484cc6e89e473bced0e9b25dd6e68d53024bb3)
-(cherry picked from commit 69fd1f188105b2c3ca1bee04b05909e53c980b34)
----
- ldap/servers/plugins/posix-winsync/posix-group-func.c | 2 +-
- ldap/servers/plugins/replication/windows_protocol_util.c | 11 +++++++----
- 2 files changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
-index 5f841e5..a497f3f 100644
---- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
-+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
-@@ -95,7 +95,7 @@ getEntry(const char *udn, char **attrs)
- }
- else {
- slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
-- "getEntry: error searching for uid: %d\n", rc);
-+ "getEntry: error searching for uid %s: %d\n", udn, rc);
- }
-
- return NULL;
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index 4607251..6bf20b7 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -3226,7 +3226,7 @@ windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,
- const char *searchbase = NULL;
- Slapi_Entry *found_entry = NULL;
-
-- searchbase = slapi_sdn_get_dn(remote_dn);
-+ searchbase = slapi_sdn_get_udn(remote_dn);
- cres = windows_search_entry_ext(prp->conn, (char*)searchbase, filter, &found_entry, NULL, LDAP_SCOPE_BASE);
- if (cres)
- {
-@@ -5886,13 +5886,16 @@ retry:
- remote_entry = NULL;
- } else
- {
-- slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to fetch inbound entry.\n",agmt_get_long_name(prp->agmt));
-+ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
-+ "%s: windows_process_dirsync_entry: failed to fetch inbound entry %s.\n",
-+ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
- }
- slapi_entry_free(local_entry);
- if (rc) {
- /* Something bad happened */
-- slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",agmt_get_long_name(prp->agmt),
-- slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
-+ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
-+ "%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",
-+ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
- }
- } else
- {
---
-1.9.3
-
diff --git a/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch b/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch
new file mode 100644
index 0000000..01bd08c
--- /dev/null
+++ b/SOURCES/0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch
@@ -0,0 +1,48 @@
+From f6f6340afaea6f26d188f875b15f966e03cb7f50 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Mon, 18 Jul 2016 18:30:28 +0200
+Subject: [PATCH 17/29] Ticket 48928 log of page result cookie should log empty
+ cookie with a different value than 0
+
+Bug Description:
+ With the ticket https://fedorahosted.org/389/ticket/48752, the cookie value
+ is logged with each page result RESULT.
+ When the page result is completed (no more entry to return), the returned cookie is 'pr_cookie=0'.
+ Else the cookie value is logged 'pr_cookie=<internal index>'. Unfortunately the index ranges [0..N].
+
+ So when the value pr_cookie=0 is logged, it is not possible to know if it is an empty cookie or a valid cookie with the value 0.
+
+Fix Description:
+ Log the empty cookie with a value '-1'
+
+https://fedorahosted.org/389/ticket/48928
+
+Reviewed by: Noriko Hosoi, Simon Pichugin (thanks !!!!)
+
+Platforms tested: F23
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit 73ff835f29514e33433de9f2be74f73efe6943ce)
+---
+ ldap/servers/slapd/pagedresults.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
+index 07a7b69..6fec344 100644
+--- a/ldap/servers/slapd/pagedresults.c
++++ b/ldap/servers/slapd/pagedresults.c
+@@ -247,7 +247,7 @@ pagedresults_set_response_control( Slapi_PBlock *pb, int iscritical,
+
+ /* begin sequence, payload, end sequence */
+ if (current_search_count < 0) {
+- cookie = 0;
++ cookie = -1;
+ cookie_str = slapi_ch_strdup("");
+ } else {
+ cookie = index;
+--
+2.4.11
+
diff --git a/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch b/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
deleted file mode 100644
index a147d49..0000000
--- a/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 5f0aab1fccab4c191b2083aea88e28856caf1a4c Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 14 Jul 2015 10:09:00 -0400
-Subject: [PATCH 18/20] Ticket 47910 - logconv.pl - validate start and end time
- args
-
-Description: Add validatation checks for the startTime/endTime configuration
- arguments(-S, -E)
-
-https://fedorahosted.org/389/ticket/47910
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 8495afa57ad837e3a51871a4f6da2a9978c8e711)
-(cherry picked from commit 3bf1daaadd7e7c7b0f99d1f7a93d78598730269d)
----
- ldap/admin/src/logconv.pl | 65 +++++++++++++++++++++++++++++++++++------------
- 1 file changed, 49 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index ce4114e..7ca9084 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -24,6 +24,7 @@ use DB_File;
- use sigtrap qw(die normal-signals);
- use Archive::Tar;
- use IO::Uncompress::AnyUncompress qw($AnyUncompressError);
-+use Scalar::Util qw(looks_like_number);
-
- Getopt::Long::Configure ("bundling");
- Getopt::Long::Configure ("permute");
-@@ -341,18 +342,18 @@ $connmsg{"P2"} = "Poll";
- $connmsg{"U1"} = "Cleanly Closed Connections";
-
- my %monthname = (
-- "Jan" => 0,
-- "Feb" => 1,
-- "Mar" => 2,
-- "Apr" => 3,
-- "May" => 4,
-- "Jun" => 5,
-- "Jul" => 6,
-- "Aug" => 7,
-- "Sep" => 8,
-- "Oct" => 9,
-- "Nov" => 10,
-- "Dec" => 11,
-+ "jan" => 0,
-+ "feb" => 1,
-+ "mar" => 2,
-+ "apr" => 3,
-+ "may" => 4,
-+ "jun" => 5,
-+ "jul" => 6,
-+ "aug" => 7,
-+ "sep" => 8,
-+ "oct" => 9,
-+ "nov" => 10,
-+ "dec" => 11,
-
- );
-
-@@ -411,11 +412,27 @@ sub convertTimeToSeconds {
- my $logDate;
- my @dateComps;
- my ($timeMonth, $timeDay, $timeYear, $dateTotal);
-+ $dateTotal = 0;
- if ($log_line =~ / *([0-9A-Z\/]+)/i ){
- $logDate = $1;
- @dateComps = split /\//, $logDate;
--
-- $timeMonth = 1 + $monthname{$dateComps[1]};
-+ if ($#dateComps < 2) {
-+ print "The date string ($log_line) is invalid, exiting...\n";
-+ exit(1);
-+ }
-+ if (!looks_like_number($dateComps[0]) || length $dateComps[0] != 2) {
-+ print "The date string ($log_line) has invalid day ($dateComps[0]), exiting...\n";
-+ exit(1);
-+ }
-+ if ($monthname{lc $dateComps[1]} eq "") {
-+ print "The date string ($log_line) has invalid month ($dateComps[1]), exiting...\n";
-+ exit(1);
-+ }
-+ if (!looks_like_number($dateComps[2]) || length $dateComps[2] != 4 ) {
-+ print "The date string ($log_line) has invalid year ($dateComps[2]), exiting...\n";
-+ exit(1);
-+ }
-+ $timeMonth = 1 + $monthname{lc $dateComps[1]};
- $timeMonth = $timeMonth * 3600 * 24 * 30;
- $timeDay= $dateComps[0] * 3600 * 24;
- $timeYear = $dateComps[2] * 365 * 3600 * 24;
-@@ -425,10 +442,26 @@ sub convertTimeToSeconds {
- my $logTime;
- my @timeComps;
- my ($timeHour, $timeMinute, $timeSecond, $timeTotal);
-+ $timeTotal = 0;
- if ($log_line =~ / *(:[0-9:]+)/i ){
- $logTime = $1;
- @timeComps = split /:/, $logTime;
--
-+ if ($#timeComps < 3) {
-+ print "The time string ($log_line) is invalid, exiting...\n";
-+ exit(1);
-+ }
-+ if (!looks_like_number($timeComps[1]) || length $timeComps[1] != 2){
-+ print "The time string ($log_line) has invalid hour ($timeComps[1]), exiting...\n";
-+ exit(1);
-+ }
-+ if (!looks_like_number($timeComps[2]) || length $timeComps[2] != 2){
-+ print "The time string ($log_line) has invalid minute ($timeComps[2]), exiting...\n";
-+ exit(1);
-+ }
-+ if (!looks_like_number($timeComps[3]) || length $timeComps[3] != 2){
-+ print "The time string ($log_line) has invalid second ($timeComps[3]), exiting...\n";
-+ exit(1);
-+ }
- $timeHour = $timeComps[1] * 3600;
- $timeMinute = $timeComps[2] * 60;
- $timeSecond = $timeComps[3];
-@@ -1796,7 +1829,7 @@ sub parseLineNormal
- }
- my ($date, $hr, $min, $sec) = split (':', $time);
- my ($day, $mon, $yr) = split ('/', $date);
-- my $newmin = timegm(0, $min, $hr, $day, $monthname{$mon}, $yr) - $tzoff;
-+ my $newmin = timegm(0, $min, $hr, $day, $monthname{lc $mon}, $yr) - $tzoff;
- $gmtime = $newmin + $sec;
- print_stats_block( $s_stats );
- reset_stats_block( $s_stats, $gmtime, $time.' '.$tzone );
---
-1.9.3
-
diff --git a/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch b/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
new file mode 100644
index 0000000..2907565
--- /dev/null
+++ b/SOURCES/0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
@@ -0,0 +1,141 @@
+From c78cee0747aaa7f3ba7ad77d683d382308992952 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 26 Jul 2016 16:51:41 -0700
+Subject: [PATCH 18/29] Ticket #48939 - nsslapd-workingdir is empty when
+ ns-slapd is started by systemd
+
+Description: If the Type of the service is notify in systemd, the server
+process does not fork. Setting nsslapd-workingdir was missing in the not-
+fork path. This patch adds it.
+
+https://fedorahosted.org/389/ticket/48939
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit a06cb4269613224e1454ed8c1ad6f702cc247b2b)
+---
+ ldap/servers/slapd/detach.c | 81 ++++++++++++++++++++++++++-------------------
+ 1 file changed, 47 insertions(+), 34 deletions(-)
+
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index 84a9eef..cd13a99 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -44,16 +44,50 @@
+ #include <unistd.h>
+ #endif /* USE_SYSCONF */
+
+-int
+-detach( int slapd_exemode, int importexport_encrypt,
+- int s_port, daemon_ports_t *ports_info )
++static int
++set_workingdir()
+ {
+- int i, sd;
+ int rc = 0;
+- char *workingdir = 0;
++ char *workingdir = config_get_workingdir();
+ char *errorlog = 0;
+ char *ptr = 0;
+ extern char *config_get_errorlog(void);
++ extern int config_set_workingdir(const char *attrname, char *value, char *errorbuf, int apply);
++ char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
++
++ if ( NULL == workingdir ) {
++ errorlog = config_get_errorlog();
++ if (NULL == errorlog) {
++ rc = chdir("/");
++ } else {
++ ptr = strrchr(errorlog, '/');
++ if (ptr) {
++ *ptr = '\0';
++ }
++ rc = chdir(errorlog);
++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++ }
++ slapi_ch_free_string(&errorlog);
++ }
++ } else {
++ /* calling config_set_workingdir to check for validity of directory, don't apply */
++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, errorbuf, 0) == LDAP_OPERATIONS_ERROR) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++ rc = chdir("/");
++ } else {
++ rc = chdir(workingdir);
++ }
++ slapi_ch_free_string(&workingdir);
++ }
++ return rc;
++}
++
++int
++detach( int slapd_exemode, int importexport_encrypt,
++ int s_port, daemon_ports_t *ports_info )
++{
++ int i, sd;
+
+ if ( should_detach ) {
+ for ( i = 0; i < 5; i++ ) {
+@@ -76,35 +110,12 @@ detach( int slapd_exemode, int importexport_encrypt,
+ }
+
+ /* call this right after the fork, but before closing stdin */
+- if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt,
+- s_port, ports_info)) {
++ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, ports_info)) {
+ return 1;
+ }
+
+- workingdir = config_get_workingdir();
+- if ( NULL == workingdir ) {
+- errorlog = config_get_errorlog();
+- if ( NULL == errorlog ) {
+- rc = chdir( "/" );
+- PR_ASSERT(rc == 0);
+- } else {
+- if ((ptr = strrchr(errorlog, '/')) ||
+- (ptr = strrchr(errorlog, '\\'))) {
+- *ptr = 0;
+- }
+- rc = chdir( errorlog );
+- PR_ASSERT(rc == 0);
+- config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, NULL, 1);
+- slapi_ch_free_string(&errorlog);
+- }
+- } else {
+- /* calling config_set_workingdir to check for validity of directory, don't apply */
+- if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, NULL, 0) == LDAP_OPERATIONS_ERROR) {
+- return 1;
+- }
+- rc = chdir( workingdir );
+- PR_ASSERT(rc == 0);
+- slapi_ch_free_string(&workingdir);
++ if (set_workingdir()) {
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n");
+ }
+
+ if ( (sd = open( "/dev/null", O_RDWR )) == -1 ) {
+@@ -127,14 +138,16 @@ detach( int slapd_exemode, int importexport_encrypt,
+
+ g_set_detached(1);
+ } else { /* not detaching - call nss/ssl init */
+- if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt,
+- s_port, ports_info)) {
++ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, ports_info)) {
+ return 1;
+ }
++ if (set_workingdir()) {
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n");
++ }
+ }
+
+ (void) SIGNAL( SIGPIPE, SIG_IGN );
+- return rc;
++ return 0;
+ }
+
+ /*
+--
+2.4.11
+
diff --git a/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch b/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
deleted file mode 100644
index 7771109..0000000
--- a/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 5d2f818d33801b1ae6c7d3c19ab67e52a4944251 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Mon, 13 Jul 2015 18:27:50 -0600
-Subject: [PATCH 19/20] Ticket #48224 - logconv.pl should handle *.tar.xz,
- *.txz, *.xz log files
-
-https://fedorahosted.org/389/ticket/48224
-Reviewed by: ???
-Branch: 389-ds-base-1.3.4
-Fix Description: There is no xz support by default, the perl module
-IO::Uncompress::UnXz is required for that. Also, Tar::Archive can't
-handle xz files by default, so they have to be uncompressed first.
-This will also need a spec file change:
-Requires: perl-IO-Compress
-Requires: perl-IO-Compress-Lzma
-Platforms tested: Fedora 21
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit d1b0acd12faa620774c66044f91e509ae175e4a1)
-(cherry picked from commit 4f3b802fac46adfa8fd5cf49443b875f136fb19c)
----
- ldap/admin/src/logconv.pl | 20 +++++++++++++++++++-
- rpm/389-ds-base.spec.in | 3 +++
- 2 files changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index 7ca9084..a6bd6c2 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -398,14 +398,26 @@ my $totalLineCount = 0;
-
- sub isTarArchive {
- local $_ = shift;
-+ if (/\.txz$/ || /\.tar.xz$/) {
-+ use IO::Uncompress::UnXz;
-+ }
- return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/;
- }
-
- sub isCompressed {
- local $_ = shift;
-+ if (/\.xz$/) {
-+ use IO::Uncompress::UnXz;
-+ }
- return /\.gz$/ || /\.bz2$/ || /\.xz$/;
- }
-
-+# Tar::Archive can't grok xz, so have to uncompress first
-+sub tarNeedsUncompress {
-+ local $_ = shift;
-+ return /\.tar.xz$/ || /\.txz$/;
-+}
-+
- sub convertTimeToSeconds {
- my $log_line = shift;
-
-@@ -503,7 +515,13 @@ for (my $count=0; $count < $file_count; $count++){
- my $comp = 0;
- if (isTarArchive($logname)) {
- $tar = Archive::Tar->new();
-- $tariter = Archive::Tar->iter($logname);
-+ if (tarNeedsUncompress($logname)) {
-+ my $TARFH = new IO::Uncompress::AnyUncompress $logname or
-+ do { openFailed($AnyUncompressError, $logname); next };
-+ $tariter = Archive::Tar->iter($TARFH);
-+ } else {
-+ $tariter = Archive::Tar->iter($logname);
-+ }
- if (!$tariter) {
- print "$logname is not a valid tar archive, or compression is unrecognized: $!\n";
- next;
-diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
-index d0bbb7a..3405ccd 100644
---- a/rpm/389-ds-base.spec.in
-+++ b/rpm/389-ds-base.spec.in
-@@ -116,6 +116,9 @@ Requires: perl-Socket6
- Requires: perl-Socket
- %endif
- Requires: perl-NetAddr-IP
-+# for logconv compressed file support
-+Requires: perl-IO-Compress
-+Requires: perl-IO-Compress-Lzma
-
- Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
- # 389-ds-git.sh should be used to generate the source tarball from git
---
-1.9.3
-
diff --git a/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch b/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
new file mode 100644
index 0000000..06e3ccb
--- /dev/null
+++ b/SOURCES/0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
@@ -0,0 +1,107 @@
+From 6b5c8ba040fa482c1817c044716bb994f173d373 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 27 Jul 2016 11:23:17 -0700
+Subject: [PATCH 19/29] Ticket #48939 - nsslapd-workingdir is empty when
+ ns-slapd is started by systemd
+
+Description: Thanks to tbordaz@redhat.com for suggesting to reset the
+working dir in the error cases. I've added more error checks and
+resetting the nsslapd-workingdir values.
+
+https://fedorahosted.org/389/ticket/48939
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 70d06dab96468e0c6712482186f22de8e2c33e17)
+---
+ ldap/servers/slapd/detach.c | 45 +++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 41 insertions(+), 4 deletions(-)
+
+diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c
+index cd13a99..2f5667f 100644
+--- a/ldap/servers/slapd/detach.c
++++ b/ldap/servers/slapd/detach.c
+@@ -59,14 +59,41 @@ set_workingdir()
+ errorlog = config_get_errorlog();
+ if (NULL == errorlog) {
+ rc = chdir("/");
++ if (0 == rc) {
++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++ }
++ } else {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/");
++ }
+ } else {
+ ptr = strrchr(errorlog, '/');
+ if (ptr) {
+ *ptr = '\0';
+ }
+ rc = chdir(errorlog);
+- if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
+- LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++ if (0 == rc) {
++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++ rc = chdir("/");
++ if (0 == rc) {
++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++ }
++ } else {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/");
++ }
++ }
++ } else {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", errorlog);
++ rc = chdir("/");
++ if (0 == rc) {
++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++ }
++ } else {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/");
++ }
+ }
+ slapi_ch_free_string(&errorlog);
+ }
+@@ -75,8 +102,18 @@ set_workingdir()
+ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, errorbuf, 0) == LDAP_OPERATIONS_ERROR) {
+ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
+ rc = chdir("/");
++ if (0 == rc) {
++ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, "/", errorbuf, 1) == LDAP_OPERATIONS_ERROR) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: set workingdir failed with \"%s\"\n", errorbuf);
++ }
++ } else {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", "/");
++ }
+ } else {
+ rc = chdir(workingdir);
++ if (rc) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY, "detach: failed to chdir to %s\n", workingdir);
++ }
+ }
+ slapi_ch_free_string(&workingdir);
+ }
+@@ -115,7 +152,7 @@ detach( int slapd_exemode, int importexport_encrypt,
+ }
+
+ if (set_workingdir()) {
+- LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n");
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: set_workingdir failed.\n");
+ }
+
+ if ( (sd = open( "/dev/null", O_RDWR )) == -1 ) {
+@@ -142,7 +179,7 @@ detach( int slapd_exemode, int importexport_encrypt,
+ return 1;
+ }
+ if (set_workingdir()) {
+- LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: chdir to workingdir failed.\n");
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "detach: set_workingdir failed.\n");
+ }
+ }
+
+--
+2.4.11
+
diff --git a/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch b/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
deleted file mode 100644
index df10002..0000000
--- a/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 5dda81412db1609f67035957ab65a6c726228e00 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 14 Jul 2015 11:12:56 -0700
-Subject: [PATCH 20/20] Ticket #48194 - CI test: fixing test cases for ticket
- 48194
-
-Description: nsSSL3Ciphers preference not enforced server side
-. Test Case 6 - wrong expectation for RC4-SHA
-. Test Case 7 - removing a extra space in nsSSL3Ciphers
-
-(cherry picked from commit f69ce333052f7f33350fd4038b8f598f650a743f)
-(cherry picked from commit ca9e6f9292289a7b6b7f57602555bf9aeb9ba9de)
----
- dirsrvtests/tickets/ticket48194_test.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/dirsrvtests/tickets/ticket48194_test.py b/dirsrvtests/tickets/ticket48194_test.py
-index 18739ca..17e179a 100644
---- a/dirsrvtests/tickets/ticket48194_test.py
-+++ b/dirsrvtests/tickets/ticket48194_test.py
-@@ -295,7 +295,7 @@ def test_ticket48194_run_4(topology):
- Default ciphers are enabled.
- default allowWeakCipher
- """
-- _header(topology, 'Test Case 5 - Check no nsSSL3Ciphers (default setting) with default allowWeakCipher')
-+ _header(topology, 'Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', '-all')])
-@@ -326,7 +326,7 @@ def test_ticket48194_run_5(topology):
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- connectWithOpenssl(topology, 'RC4-SHA', True)
-+ connectWithOpenssl(topology, 'RC4-SHA', False)
- connectWithOpenssl(topology, 'AES256-SHA256', True)
-
- def test_ticket48194_run_6(topology):
-@@ -338,7 +338,7 @@ def test_ticket48194_run_6(topology):
- _header(topology, 'Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-TLS_RSA_WITH_AES_256_CBC_SHA256 ')])
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-TLS_RSA_WITH_AES_256_CBC_SHA256')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
---
-1.9.3
-
diff --git a/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch b/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch
new file mode 100644
index 0000000..643f3b7
--- /dev/null
+++ b/SOURCES/0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch
@@ -0,0 +1,38 @@
+From 8f761940cb93fc8e64ed9022c3a6f21e90c281aa Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 27 Jul 2016 12:40:25 -0700
+Subject: [PATCH 20/29] Ticket #48934 - remove-ds.pl deletes an instance even
+ if wrong prefix was specified
+
+Description: remove-ds.pl skipped to check "slapd" part of "slapd-instance".
+This patch adds the check and if it is not "slapd", it quits with the error
+message. For example:
+Error: Invalid instance name "bogus-test"
+
+https://fedorahosted.org/389/ticket/48934
+
+Reviewed by mreynolds@redhat.com (Thanks, Mark!!)
+
+(cherry picked from commit 2b341922a42f305122fbd6eb97e96e0612f8e5d2)
+---
+ ldap/admin/src/scripts/remove-ds.pl.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in
+index b35ae32..252f3f9 100755
+--- a/ldap/admin/src/scripts/remove-ds.pl.in
++++ b/ldap/admin/src/scripts/remove-ds.pl.in
+@@ -52,6 +52,10 @@ unless ($inst) {
+ print STDERR "Full instance name must be specified (e.g. - slapd-example)\n";
+ exit 1;
+ }
++unless ($slapd eq "slapd") {
++ print STDERR "Error: Invalid instance name \"$instname\"\n";
++ exit 1;
++}
+
+ my @errs = removeDSInstance($inst, $force, $all, $initconfig_dir);
+ if (@errs) {
+--
+2.4.11
+
diff --git a/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch b/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
deleted file mode 100644
index d721123..0000000
--- a/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From e88ffac24b49acb01fb7d460ff4282abe85d3799 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 14 Jul 2015 16:00:03 -0700
-Subject: [PATCH 21/22] Ticket #48203 - Fix coverity issues - 07/14/2015
-
-Description: Overrunning array "mctx.negativeErrors" of 19 4-byte
-elements at element index 122 (byte offset 488) using index "abs(err)"
-(which evaluates to 122).
-
-Commit 71be5faaa478593bb056887410ca8e48e05b2fe4 to fix Ticket #47799
-introduced this problem. The error count checking has to be done per
-error.
-
-https://fedorahosted.org/389/ticket/48203
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!)
-
-(cherry picked from commit cc435b8c382f7da662b5c27339d23fd33a8f4117)
-(cherry picked from commit 6ec1001e507908ba60f8c52568d24b5c7c727855)
----
- ldap/servers/slapd/tools/ldclt/threadMain.c | 20 +++++++++++++++++---
- 1 file changed, 17 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c
-index 5d915fd..88353c6 100644
---- a/ldap/servers/slapd/tools/ldclt/threadMain.c
-+++ b/ldap/servers/slapd/tools/ldclt/threadMain.c
-@@ -477,7 +477,7 @@ addErrorStat (
- #else
- if ((err <= 0) || (err >= MAX_ERROR_NB))
- #endif
-- {
-+ {
- if (mctx.errorsBad > mctx.maxErrors) {
- printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
- (void) printGlobalStatistics(); /*JLS 25-08-00*/
-@@ -485,8 +485,22 @@ addErrorStat (
- ldclt_sleep (5);
- ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
- }
-- } else {
-- if (mctx.errors[err] + mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
-+ }
-+#if defined(USE_OPENLDAP)
-+ else if (err < 0)
-+ {
-+ if (mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
-+ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
-+ (void) printGlobalStatistics(); /*JLS 25-08-00*/
-+ fflush (stdout);
-+ ldclt_sleep (5);
-+ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
-+ }
-+ }
-+#endif
-+ else
-+ {
-+ if (mctx.errors[err] > mctx.maxErrors) {
- printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
- (void) printGlobalStatistics(); /*JLS 25-08-00*/
- fflush (stdout);
---
-1.9.3
-
diff --git a/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch b/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch
new file mode 100644
index 0000000..868a653
--- /dev/null
+++ b/SOURCES/0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch
@@ -0,0 +1,50 @@
+From 9cffd76c95e679042861881182ab8567915b4ad8 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 27 Jul 2016 14:37:13 -0700
+Subject: [PATCH 21/29] Ticket #48940 - DS logs have warning:ancestorid not
+ indexed
+
+Description: When reindexing, the subtree to be reindexed is empty,
+a cryptic warning message is logged in the error log:
+ warning: ancestorid not indexed on 10; possibly, the entry id ##
+ has no descendants yet.
+This message is benign and not to be logged as DEBUG_ANY/FATAL.
+
+The message is logged when the log level is set to BACKLDBM = 0x080000
+ # vlvindex -Z test -n userRoot -T testIndex -d 524288
+as follows:
+ Info: Entry id ### has no descendants according to ancestorid. Index
+ file created by this reindex will be empty.
+
+https://fedorahosted.org/389/ticket/48940
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit 17dc978c84e6099e4abe884a535067147b618c37)
+---
+ ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+index 52338c2..5898361 100644
+--- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
++++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
+@@ -903,11 +903,10 @@ static IDList *ldbm_fetch_subtrees(backend *be, char **include, int *err)
+ slapi_sdn_done(&sdn);
+ if (idl == NULL) {
+ if (DB_NOTFOUND == *err) {
+- LDAPDebug(LDAP_DEBUG_ANY,
+- "warning: %s not indexed on %lu; "
+- "possibly, the entry id %lu has no descendants yet.\n",
+- entryrdn_get_noancestorid()?"entryrdn":"ancestorid",
+- id, id);
++ LDAPDebug2Args(LDAP_DEBUG_BACKLDBM,
++ "Info: Entry id %lu has no descendants according to %s. "
++ "Index file created by this reindex will be empty.\n",
++ id, entryrdn_get_noancestorid()?"entryrdn":"ancestorid");
+ *err = 0; /* not a problem */
+ } else {
+ LDAPDebug(LDAP_DEBUG_ANY,
+--
+2.4.11
+
diff --git a/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch b/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
deleted file mode 100644
index 657c214..0000000
--- a/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From abfd367015c9d0dfa0b97b8473923c97eab0dab5 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Wed, 15 Jul 2015 14:09:24 -0600
-Subject: [PATCH 22/22] Ticket #48224 - redux - logconv.pl should handle
- *.tar.xz, *.txz, *.xz log files
-
-https://fedorahosted.org/389/ticket/48224
-Reviewed by: nhosoi, mreynolds (Thanks!)
-Branch: 389-ds-base-1.3.4
-Fix Description: Some platforms have no IO::Uncompress::UnXz, so have
-to pipe out to the 'xz' command for uncompression.
-Doing the 'xz' pipe will not work with compressed xz files in tar
-archives, so issue an appropriate error.
-The tar archive file handling was wrong - have to wrap the data in a
-filehandle before passing to uncompress.
-Added a lot of error checking - trying to uncompress plain text files,
-trying to untar non-tar archives, trying to untar and uncompress a
-tar file that is not compressed, other weird stuff like specifying a
-.bz2 extension on a file compressed with .xz.
-This will also need a spec file change:
-Requires: perl-IO-Compress
-Requires: perl-DB_File
-Requires: perl-Archive-Tar
-Requires: xz
-Platforms tested: Fedora 21, RHEL 7.2 candidate
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit ae5b62f53557c8ce2d174999c4b561ebc4ccde55)
-(cherry picked from commit 8473ae0c49492dd7931dbdd3a8377119f53ce49b)
----
- ldap/admin/src/logconv.pl | 73 ++++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 57 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index a6bd6c2..d26e91e 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -398,17 +398,11 @@ my $totalLineCount = 0;
-
- sub isTarArchive {
- local $_ = shift;
-- if (/\.txz$/ || /\.tar.xz$/) {
-- use IO::Uncompress::UnXz;
-- }
- return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/;
- }
-
- sub isCompressed {
- local $_ = shift;
-- if (/\.xz$/) {
-- use IO::Uncompress::UnXz;
-- }
- return /\.gz$/ || /\.bz2$/ || /\.xz$/;
- }
-
-@@ -418,6 +412,43 @@ sub tarNeedsUncompress {
- return /\.tar.xz$/ || /\.txz$/;
- }
-
-+# rhel7 can't grok xz
-+sub doUncompress {
-+ local $_ = shift;
-+ my $data = shift;
-+ my $TARFH;
-+ # some platforms don't have xz support in IO::Uncompress::AnyUncompress
-+ if (/\.tar.xz$/ || /\.txz$/ || /\.xz$/) {
-+ if ($data) {
-+ openFailed("Cannot read from compressed xz file in tar archive.\nPlease un-tar the tar file first, then pass individual .xz files to this program.\n", $_);
-+ }
-+ # so use the xz command directly
-+ # NOTE: This doesn't work if the argument is a file handle e.g. from
-+ # Archive::Tar
-+ $! = 0; # clear
-+ if (!open($TARFH, "xz -dc $_ |") or $!) {
-+ openFailed($!, $_);
-+ return;
-+ }
-+ } else {
-+ my $uncompressthing;
-+ if ($data) {
-+ # make a filehandle object from data
-+ open($uncompressthing, "<", \$data) or openFailed($!, $_);
-+ } else {
-+ # just read from the file
-+ $uncompressthing = $_;
-+ }
-+ $TARFH = new IO::Uncompress::AnyUncompress $uncompressthing or
-+ do { openFailed($AnyUncompressError, $_); return; };
-+ if (*$TARFH->{Plain}) {
-+ openFailed("Unknown compression", $_);
-+ return;
-+ }
-+ }
-+ return $TARFH;
-+}
-+
- sub convertTimeToSeconds {
- my $log_line = shift;
-
-@@ -497,6 +528,10 @@ for (my $count=0; $count < $file_count; $count++){
- if($logCount > 1 && $count == 0 && $skipFirstFile == 1){
- next;
- }
-+ if (! -r $logname) {
-+ print "File not found: $logname\n";
-+ next;
-+ }
- $linesProcessed = 0; $lineBlockCount = 0;
- my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$atime,$mtime,$ctime,$blksize,$blocks);
- ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$cursize,
-@@ -513,11 +548,12 @@ for (my $count=0; $count < $file_count; $count++){
- my $tariter = 0;
- my $tarfile = 0;
- my $comp = 0;
-+ $LOGFH = undef;
- if (isTarArchive($logname)) {
- $tar = Archive::Tar->new();
- if (tarNeedsUncompress($logname)) {
-- my $TARFH = new IO::Uncompress::AnyUncompress $logname or
-- do { openFailed($AnyUncompressError, $logname); next };
-+ my $TARFH = doUncompress($logname);
-+ next if (!$TARFH);
- $tariter = Archive::Tar->iter($TARFH);
- } else {
- $tariter = Archive::Tar->iter($logname);
-@@ -540,24 +576,21 @@ for (my $count=0; $count < $file_count; $count++){
- next;
- }
- if (isCompressed($tarfile->name)) {
-- $LOGFH = new IO::Uncompress::AnyUncompress \$tarfile->name or
-- do { openFailed($AnyUncompressError, $logname); next };
-+ $LOGFH = doUncompress($tarfile->name, $tarfile->get_content);
-+ next if (!$LOGFH);
- # no way in general to know how big the uncompressed file is - so
- # assume a factor of 10 inflation - only used for progress reporting
- $cursize *= 10;
- } else {
-- open(LOG,"<",\$tarfile->data) or do { openFailed($!, $tarfile->name) ; next };
-- $LOGFH = \*LOG;
-+ open($LOGFH,"<",\$tarfile->data) or do { openFailed($!, $tarfile->name) ; next };
- }
- } elsif ($comp) {
-- $LOGFH = new IO::Uncompress::AnyUncompress $logname or
-- do { openFailed($AnyUncompressError, $logname); next };
-+ $LOGFH = doUncompress($logname);
- # no way in general to know how big the uncompressed file is - so
- # assume a factor of 10 inflation - only used for progress reporting
- $cursize *= 10;
- } else {
-- open(LOG,$logname) or do { openFailed($!, $logname); next };
-- $LOGFH = \*LOG;
-+ open($LOGFH,$logname) or do { openFailed($!, $logname); next };
- }
- my $firstline = "yes";
- while(<$LOGFH>){
-@@ -588,6 +621,14 @@ for (my $count=0; $count < $file_count; $count++){
- }
- last if (!$tariter);
- }
-+ if ($tar) {
-+ if ($tar->error()) {
-+ openFailed($tar->error(), $logname);
-+ }
-+ if ($Archive::Tar::error) {
-+ openFailed($Archive::Tar::error, $logname);
-+ }
-+ }
- }
-
- if ($totalLineCount eq "0"){
---
-1.9.3
-
diff --git a/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch b/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch
new file mode 100644
index 0000000..79a896d
--- /dev/null
+++ b/SOURCES/0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch
@@ -0,0 +1,115 @@
+From f993a9b5a1ac95728baae201543cad5993a28da1 Mon Sep 17 00:00:00 2001
+From: Ludwig Krispenz <lkrispen@redhat.com>
+Date: Mon, 1 Aug 2016 10:47:31 +0200
+Subject: [PATCH 22/29] Ticket 48882 - server can hang in connection list
+ processing
+
+Bug Description: if a thread holding the connection monitor
+ is stuck in polling and the client doesn't
+ respond, the main thread can be blocked on
+ this connection when iterating the connection
+ table.
+
+Fix Description: Implement a test and enter function for the connection
+ monitor, so the main thread will never wait for a
+ connection monitor already owned by an other thread
+
+https://fedorahosted.org/389/ticket/48882
+
+Reviewed by: Noriko, Thanks
+
+(cherry picked from commit 7110db91e75f392f1c83643d9aa88895992d9c01)
+---
+ ldap/servers/slapd/daemon.c | 69 ++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 68 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
+index 81a54cf..23c30c3 100644
+--- a/ldap/servers/slapd/daemon.c
++++ b/ldap/servers/slapd/daemon.c
+@@ -164,6 +164,67 @@ static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDes
+ static int write_pid_file();
+ static int init_shutdown_detect();
+
++/*
++ * NSPR has different implementations for PRMonitor, depending
++ * on the availble threading model
++ * The PR_TestAndEnterMonitor is not available for pthreads
++ * so this is a implementation based on the code in
++ * prmon.c adapted to resemble the implementation in ptsynch.c
++ *
++ * The function needs access to the elements of the PRMonitor struct.
++ * Therfor the pthread variant of PRMonitor is copied here.
++ */
++typedef struct MY_PRMonitor {
++ const char* name;
++ pthread_mutex_t lock;
++ pthread_t owner;
++ pthread_cond_t entryCV;
++ pthread_cond_t waitCV;
++ PRInt32 refCount;
++ PRUint32 entryCount;
++ PRIntn notifyTimes;
++} MY_PRMonitor;
++
++static PRBool MY_TestAndEnterMonitor(MY_PRMonitor *mon)
++{
++ pthread_t self = pthread_self();
++ PRStatus rv;
++ PRBool rc = PR_FALSE;
++
++ PR_ASSERT(mon != NULL);
++ rv = pthread_mutex_lock(&mon->lock);
++ if (rv != 0) {
++ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
++ "Failed to acquire monitor mutex, error (%d)\n", rv);
++ return rc;
++ }
++ if (mon->entryCount != 0) {
++ if (pthread_equal(mon->owner, self))
++ goto done;
++ rv = pthread_mutex_unlock(&mon->lock);
++ if (rv != 0) {
++ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
++ "Failed to release monitor mutex, error (%d)\n", rv);
++ }
++ return PR_FALSE;
++ }
++ /* and now I have the monitor */
++ PR_ASSERT(mon->notifyTimes == 0);
++ PR_ASSERT((mon->owner) == 0);
++ mon->owner = self;
++
++done:
++ mon->entryCount += 1;
++ rv = pthread_mutex_unlock(&mon->lock);
++ if (rv == PR_SUCCESS) {
++ rc = PR_TRUE;
++ } else {
++ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
++ "Failed to release monitor mutex, error (%d)\n", rv);
++ rc = PR_FALSE;
++ }
++ return rc;
++}
+ /* Globals which are used to store the sockets between
+ * calls to daemon_pre_setuid_init() and the daemon thread
+ * creation. */
+@@ -1552,7 +1613,13 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps
+ }
+ else
+ {
+- PR_EnterMonitor(c->c_mutex);
++ /* we try to acquire the connection mutex, if it is already
++ * acquired by another thread, don't wait
++ */
++ if (PR_FALSE == MY_TestAndEnterMonitor((MY_PRMonitor *)c->c_mutex)) {
++ c = next;
++ continue;
++ }
+ if (c->c_flags & CONN_FLAG_CLOSING)
+ {
+ /* A worker thread has marked that this connection
+--
+2.4.11
+
diff --git a/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch b/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
deleted file mode 100644
index cf76685..0000000
--- a/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 23c9a297b240d1538125721fb0f93abb876ce9c1 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Thu, 16 Jul 2015 09:06:45 -0600
-Subject: [PATCH 23/30] Ticket #48224 - redux - logconv.pl should handle
- *.tar.xz, *.txz, *.xz log files
-
-https://fedorahosted.org/389/ticket/48224
-Reviewed by:
-Branch: master
-Fix Description: Fix Requires: in spec file
-Platforms tested: Fedora 21, RHEL 7.2 candidate
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit 193d79d4a459b709c5a55cea88794105fa60c453)
-(cherry picked from commit 9109a570edd3ddb58434b19a9fca2f7c021b18ca)
----
- rpm/389-ds-base.spec.in | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
-index 3405ccd..d0bbb7a 100644
---- a/rpm/389-ds-base.spec.in
-+++ b/rpm/389-ds-base.spec.in
-@@ -116,9 +116,6 @@ Requires: perl-Socket6
- Requires: perl-Socket
- %endif
- Requires: perl-NetAddr-IP
--# for logconv compressed file support
--Requires: perl-IO-Compress
--Requires: perl-IO-Compress-Lzma
-
- Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
- # 389-ds-git.sh should be used to generate the source tarball from git
---
-1.9.3
-
diff --git a/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
new file mode 100644
index 0000000..911a66b
--- /dev/null
+++ b/SOURCES/0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
@@ -0,0 +1,369 @@
+From f0e03b5a51972a125fe78f448d1f68e288782d1e Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Thu, 21 Jul 2016 13:22:30 +1000
+Subject: [PATCH 23/29] Ticket bz1358565 - clear and unsalted password types
+ are vulnerable to timing attack
+
+Bug Description: Clear and unsalted password types were vulnerable to a timing
+attack. This is due to the use of memcmp and strcmp in their comparison.
+
+Fix Description: Add a constant time memcmp function, that does not shortcircuit.
+Change all password comparison to use the constant time check. For the clear
+scheme, alter the way we do the check to prevent length disclosure timing
+attacks.
+
+This resolves CVE-2016-5405
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1358565
+
+https://access.redhat.com/security/cve/CVE-2016-5405
+
+Author: wibrown
+
+Review by: nhosoi (Thanks!)
+
+(cherry picked from commit 9dcaa4a0c866d8696e0a2616ccf962af2833f0b8)
+---
+ dirsrvtests/tests/suites/password/pwd_algo_test.py | 143 +++++++++++++++++++++
+ ldap/servers/plugins/pwdstorage/clear_pwd.c | 33 ++++-
+ ldap/servers/plugins/pwdstorage/crypt_pwd.c | 2 +-
+ ldap/servers/plugins/pwdstorage/md5_pwd.c | 2 +-
+ ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c | 1 +
+ ldap/servers/plugins/pwdstorage/sha_pwd.c | 15 ++-
+ ldap/servers/plugins/pwdstorage/smd5_pwd.c | 2 +-
+ ldap/servers/slapd/ch_malloc.c | 22 ++++
+ ldap/servers/slapd/slapi-plugin.h | 16 +++
+ 9 files changed, 226 insertions(+), 10 deletions(-)
+ create mode 100644 dirsrvtests/tests/suites/password/pwd_algo_test.py
+
+diff --git a/dirsrvtests/tests/suites/password/pwd_algo_test.py b/dirsrvtests/tests/suites/password/pwd_algo_test.py
+new file mode 100644
+index 0000000..aa8cbf5
+--- /dev/null
++++ b/dirsrvtests/tests/suites/password/pwd_algo_test.py
+@@ -0,0 +1,143 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++DEBUGGING = True
++USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX
++
++if DEBUGGING:
++ logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++ logging.getLogger(__name__).setLevel(logging.INFO)
++
++
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++ """The DS Topology Class"""
++ def __init__(self, standalone):
++ """Init"""
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ """Create DS Deployment"""
++
++ # Creating standalone instance ...
++ if DEBUGGING:
++ standalone = DirSrv(verbose=True)
++ else:
++ standalone = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++ instance_standalone = standalone.exists()
++ if instance_standalone:
++ standalone.delete()
++ standalone.create()
++ standalone.open()
++
++ def fin():
++ """If we are debugging just stop the instances, otherwise remove
++ them
++ """
++ if DEBUGGING:
++ standalone.stop()
++ else:
++ standalone.delete()
++
++ request.addfinalizer(fin)
++
++ # Clear out the tmp dir
++ standalone.clearTmpDir(__file__)
++
++ return TopologyStandalone(standalone)
++
++def _test_bind(inst, password):
++ result = True
++ userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE))
++ try:
++ userconn.simple_bind_s(USER_DN, password)
++ userconn.unbind_s()
++ except ldap.INVALID_CREDENTIALS:
++ result = False
++ return result
++
++def _test_algo(inst, algo_name):
++ inst.config.set('passwordStorageScheme', algo_name)
++
++ if DEBUGGING:
++ print('Testing %s', algo_name)
++
++ # Create the user with a password
++ inst.add_s(Entry((
++ USER_DN, {
++ 'objectClass': 'top account simplesecurityobject'.split(),
++ 'uid': 'user',
++ 'userpassword': 'Secret123'
++ })))
++
++ # Make sure when we read the userPassword field, it is the correct ALGO
++ pw_field = inst.search_s(USER_DN, ldap.SCOPE_BASE, '(objectClass=*)', ['userPassword'] )[0]
++
++ if DEBUGGING:
++ print(pw_field.getValue('userPassword'))
++
++ if algo_name != 'CLEAR':
++ assert(algo_name.lower() in pw_field.getValue('userPassword').lower())
++ # Now make sure a bind works
++ assert(_test_bind(inst, 'Secret123'))
++ # Bind with a wrong shorter password, should fail
++ assert(not _test_bind(inst, 'Wrong'))
++ # Bind with a wrong longer password, should fail
++ assert(not _test_bind(inst, 'This is even more wrong'))
++ # Bind with a wrong exact length password.
++ assert(not _test_bind(inst, 'Alsowrong'))
++ # Bind with a subset password, should fail
++ assert(not _test_bind(inst, 'Secret'))
++ if algo_name != 'CRYPT':
++ # Bind with a subset password that is 1 char shorter, to detect off by 1 in clear
++ assert(not _test_bind(inst, 'Secret12'))
++ # Bind with a superset password, should fail
++ assert(not _test_bind(inst, 'Secret123456'))
++ # Delete the user
++ inst.delete_s(USER_DN)
++ # done!
++
++def test_pwd_algo_test(topology):
++ """
++ Assert that all of our password algorithms correctly PASS and FAIL varying
++ password conditions.
++
++ """
++ if DEBUGGING:
++ # Add debugging steps(if any)...
++ pass
++
++ for algo in ('CLEAR', 'CRYPT', 'MD5', 'SHA', 'SHA256', 'SHA384', 'SHA512', 'SMD5', 'SSHA', 'SSHA256', 'SSHA384', 'SSHA512'):
++ _test_algo(topology.standalone, algo)
++
++ log.info('Test PASSED')
++
++
++if __name__ == '__main__':
++ # Run isolated
++ # -s for DEBUG mode
++ CURRENT_FILE = os.path.realpath(__file__)
++ pytest.main("-s %s" % CURRENT_FILE)
++
+diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c
+index 84dac2a..2afe16e 100644
+--- a/ldap/servers/plugins/pwdstorage/clear_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c
+@@ -25,7 +25,38 @@
+ int
+ clear_pw_cmp( const char *userpwd, const char *dbpwd )
+ {
+- return( strcmp( userpwd, dbpwd ));
++ int result = 0;
++ int len = 0;
++ int len_user = strlen(userpwd);
++ int len_dbp = strlen(dbpwd);
++ if ( len_user != len_dbp ) {
++ result = 1;
++ }
++ /* We have to do this comparison ANYWAY else we have a length timing attack. */
++ if ( len_user >= len_dbp ) {
++ /*
++ * If they are the same length, result will be 0 here, and if we pass
++ * the check, we don't update result either. IE we pass.
++ * However, even if the first part of userpw matches dbpwd, but len !=, we
++ * have already failed anyawy. This prevents substring matching.
++ */
++ if (slapi_ct_memcmp(userpwd, dbpwd, len_dbp) != 0) {
++ result = 1;
++ }
++ } else {
++ /*
++ * If we stretched the userPassword, we'll allow a new timing attack, where
++ * if we see a delay on a short pw, we know we are stretching.
++ * when the delay goes away, it means we've found the length.
++ * Instead, because we don't want to use the short pw for comp, we just compare
++ * dbpwd to itself. We have already got result == 1 if we are here, so we are
++ * just trying to take up time!
++ */
++ if (slapi_ct_memcmp(dbpwd, dbpwd, len_dbp)) {
++ /* Do nothing, we have the if to fix a coverity check. */
++ }
++ }
++ return result;
+ }
+
+ char *
+diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
+index 29355a2..93b54b2 100644
+--- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
+@@ -54,7 +54,7 @@ crypt_pw_cmp( const char *userpwd, const char *dbpwd )
+ /* we use salt (first 2 chars) of encoded password in call to crypt() */
+ cp = crypt( userpwd, dbpwd );
+ if (cp) {
+- rc= strcmp( dbpwd, cp);
++ rc= slapi_ct_memcmp( dbpwd, cp, strlen(dbpwd));
+ } else {
+ rc = -1;
+ }
+diff --git a/ldap/servers/plugins/pwdstorage/md5_pwd.c b/ldap/servers/plugins/pwdstorage/md5_pwd.c
+index 0bc8f3c..181661a 100644
+--- a/ldap/servers/plugins/pwdstorage/md5_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/md5_pwd.c
+@@ -57,7 +57,7 @@ md5_pw_cmp( const char *userpwd, const char *dbpwd )
+ bver = NSSBase64_EncodeItem(NULL, (char *)b2a_out, sizeof b2a_out, &binary_item);
+ /* bver points to b2a_out upon success */
+ if (bver) {
+- rc = strcmp(bver,dbpwd);
++ rc = slapi_ct_memcmp(bver,dbpwd, strlen(dbpwd));
+ } else {
+ slapi_log_error(SLAPI_LOG_PLUGIN, MD5_SUBSYSTEM_NAME,
+ "Could not base64 encode hashed value for password compare");
+diff --git a/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c b/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c
+index 2fed61f..ae1f7b8 100644
+--- a/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/ns-mta-md5_pwd.c
+@@ -84,6 +84,7 @@ ns_mta_md5_pw_cmp(const char * clear, const char *mangled)
+
+ mta_hash[32] = mta_salt[32] = 0;
+
++ /* This is salted, so we don't need to change it for constant time */
+ return( strcmp(mta_hash,ns_mta_hash_alg(buffer,mta_salt,clear)));
+ }
+
+diff --git a/ldap/servers/plugins/pwdstorage/sha_pwd.c b/ldap/servers/plugins/pwdstorage/sha_pwd.c
+index 9594ac9..2e4973b 100644
+--- a/ldap/servers/plugins/pwdstorage/sha_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/sha_pwd.c
+@@ -120,13 +120,16 @@ sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen )
+ }
+
+ /* the proof is in the comparison... */
+- result = ( hash_len >= shaLen ) ?
+- ( memcmp( userhash, dbhash, shaLen ) ) : /* include salt */
+- ( memcmp( userhash, dbhash + OLD_SALT_LENGTH,
+- hash_len - OLD_SALT_LENGTH ) ); /* exclude salt */
++ if ( hash_len >= shaLen ) {
++ result = slapi_ct_memcmp( userhash, dbhash, shaLen );
++ } else {
++ result = slapi_ct_memcmp( userhash, dbhash + OLD_SALT_LENGTH, hash_len - OLD_SALT_LENGTH );
++ }
+
+- loser:
+- if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( &dbhash );
++loser:
++ if ( dbhash && dbhash != quick_dbhash ) {
++ slapi_ch_free_string( &dbhash );
++ }
+ return result;
+ }
+
+diff --git a/ldap/servers/plugins/pwdstorage/smd5_pwd.c b/ldap/servers/plugins/pwdstorage/smd5_pwd.c
+index f4c92f1..79c2846 100644
+--- a/ldap/servers/plugins/pwdstorage/smd5_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/smd5_pwd.c
+@@ -80,7 +80,7 @@ smd5_pw_cmp( const char *userpwd, const char *dbpwd )
+ PK11_DestroyContext(ctx, 1);
+
+ /* Compare everything up to the salt. */
+- rc = memcmp( userhash, dbhash, MD5_LENGTH );
++ rc = slapi_ct_memcmp( userhash, dbhash, MD5_LENGTH );
+
+ loser:
+ if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( (char **)&dbhash );
+diff --git a/ldap/servers/slapd/ch_malloc.c b/ldap/servers/slapd/ch_malloc.c
+index 10870df..a38268c 100644
+--- a/ldap/servers/slapd/ch_malloc.c
++++ b/ldap/servers/slapd/ch_malloc.c
+@@ -365,3 +365,25 @@ slapi_ch_smprintf(const char *fmt, ...)
+ return p;
+ }
+ #endif
++
++/* Constant time memcmp. Does not shortcircuit on failure! */
++/* This relies on p1 and p2 both being size at least n! */
++int
++slapi_ct_memcmp( const void *p1, const void *p2, size_t n)
++{
++ int result = 0;
++ const unsigned char *_p1 = (const unsigned char *)p1;
++ const unsigned char *_p2 = (const unsigned char *)p2;
++
++ if (_p1 == NULL || _p2 == NULL) {
++ return 2;
++ }
++
++ for (size_t i = 0; i < n; i++) {
++ if (_p1[i] ^ _p2[i]) {
++ result = 1;
++ }
++ }
++ return result;
++}
++
+diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
+index a7e544a..165fb05 100644
+--- a/ldap/servers/slapd/slapi-plugin.h
++++ b/ldap/servers/slapd/slapi-plugin.h
+@@ -5825,6 +5825,22 @@ char * slapi_ch_smprintf(const char *fmt, ...)
+ #else
+ ;
+ #endif
++/**
++ * slapi_ct_memcmp is a constant time memory comparison function. This is for
++ * use with password hashes and other locations which could lead to a timing
++ * attack due to early shortcut returns. This function *does not* shortcircuit
++ * during the comparison, always checking every byte regardless if it has already
++ * found that the memory does not match.
++ *
++ * WARNING! p1 and p2 must both reference content that is at least of size 'n'.
++ * Else this function may over-run (And will certainly fail).
++ *
++ * \param p1 pointer to first value to check.
++ * \param p2 pointer to second value to check.
++ * \param n length in bytes of the content of p1 AND p2.
++ * \return 0 on match. 1 on non-match. 2 on presence of NULL pointer in p1 or p2.
++ */
++int slapi_ct_memcmp( const void *p1, const void *p2, size_t n);
+
+ /*
+ * syntax plugin routines
+--
+2.4.11
+
diff --git a/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
deleted file mode 100644
index 21a99ea..0000000
--- a/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 413414c98313a076111d8e40a7a10fa369433e6e Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 16 Jul 2015 10:34:47 -0700
-Subject: [PATCH 24/30] Ticket #48226 - In MMR, double free coould occur under
- some special condition
-
-Bug description:
- In a replicated topology, a authenticated user that have write access
- on an entry can send a series of operations that crash the server.
- The crash is due to an access to a already freed buffer.
-Fix description:
- To avoid the double free, duplicate a CSNSet and assign it to the
- Slapi_Value.
-
-https://fedorahosted.org/389/ticket/48226
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit a0f8e0f981a046882db299a7a6d6d1c01bc19571)
-(cherry picked from commit bdbc81e62eb8d7b8dfb298c7ba983cf86353fe66)
----
- ldap/servers/slapd/valueset.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index 0cf3ded..7eabb82 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1415,8 +1415,9 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- if(v)
- {
- value_update_csn(v,t,csn);
-- if (csnref_updated)
-- valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v);
-+ if (csnref_updated) {
-+ valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
-+ }
- valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
- valuestoupdate[i]= NULL;
- del_count++;
---
-1.9.3
-
diff --git a/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch b/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch
new file mode 100644
index 0000000..ddaf136
--- /dev/null
+++ b/SOURCES/0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch
@@ -0,0 +1,48 @@
+From c9561cbb81fe1504a5741df44dd8c1103134c065 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Sat, 30 Jul 2016 16:56:57 -0700
+Subject: [PATCH 24/29] Ticket #48943 - When fine-grained policy is applied, a
+ sub-tree has a priority over a user while changing password
+
+Description: If the user entry has a pwdpolicysubentry, the configuration
+in the pwpolicy should be the strongest and respected. If the entry does
+not have it, it retrieves the pwpolicy from the CoS Cache, which is the
+current behaviour.
+
+https://fedorahosted.org/389/ticket/48943
+
+Reviewed by wibrown@redhat.com (Thank you, William!!)
+
+(cherry picked from commit 802224f2846900c870a780fe7608782792806d85)
+---
+ ldap/servers/slapd/pw.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 498afd4..6b865ec 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -1777,9 +1777,17 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn)
+ attribute in the target entry itself. */
+ } else {
+ if ( (e = get_entry( pb, dn )) != NULL ) {
+- rc = slapi_vattr_values_get(e, "pwdpolicysubentry", &values,
+- &type_name_disposition, &actual_type_name,
+- SLAPI_VIRTUALATTRS_REQUEST_POINTERS, &attr_free_flags);
++ Slapi_Attr* attr = NULL;
++ rc = slapi_entry_attr_find(e, "pwdpolicysubentry", &attr);
++ if (attr && (0 == rc)) {
++ /* If the entry has pwdpolicysubentry, use the PwPolicy. */
++ values = valueset_dup(&attr->a_present_values);
++ } else {
++ /* Otherwise, retrieve the policy from CoS Cache */
++ rc = slapi_vattr_values_get(e, "pwdpolicysubentry", &values,
++ &type_name_disposition, &actual_type_name,
++ SLAPI_VIRTUALATTRS_REQUEST_POINTERS, &attr_free_flags);
++ }
+ if (rc) {
+ values = NULL;
+ }
+--
+2.4.11
+
diff --git a/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
deleted file mode 100644
index 3db39ae..0000000
--- a/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From e6b20ffcc995b2ac190b96850073c0569bc6d294 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 16 Jul 2015 10:41:53 -0700
-Subject: [PATCH 25/30] Ticket #48226 - CI test: added test cases for ticket
- 48226
-
-Description: In MMR, double free coould occur under some special condition
-
-This test script was written by thierry bordaz <tbordaz@redhat.com>.
-A small modification to check the memory leak was added.
-
-(cherry picked from commit f5d24450477f8341261c3e5cb5c54ec1ab83328f)
-(cherry picked from commit 8600a5eabc78848ad1bf0a9c2014823d0cd6cedc)
----
- dirsrvtests/tickets/ticket48226_test.py | 239 ++++++++++++++++++++++++++++++++
- 1 file changed, 239 insertions(+)
- create mode 100644 dirsrvtests/tickets/ticket48226_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48226_test.py b/dirsrvtests/tickets/ticket48226_test.py
-new file mode 100644
-index 0000000..87814e7
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48226_test.py
-@@ -0,0 +1,239 @@
-+# --- BEGIN COPYRIGHT BLOCK ---
-+# Copyright (C) 2015 Red Hat, Inc.
-+# All rights reserved.
-+#
-+# License: GPL (version 3 or any later version).
-+# See LICENSE for details.
-+# --- END COPYRIGHT BLOCK ---
-+#
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+
-+class TopologyReplication(object):
-+ def __init__(self, master1, master2):
-+ master1.open()
-+ self.master1 = master1
-+ master2.open()
-+ self.master2 = master2
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ global installation1_prefix
-+ os.environ['USE_VALGRIND'] = '1'
-+ if installation1_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+ # Creating master 1...
-+ master1 = DirSrv(verbose=False)
-+ if installation1_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+ args_instance[SER_HOST] = HOST_MASTER_1
-+ args_instance[SER_PORT] = PORT_MASTER_1
-+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1
-+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+ args_master = args_instance.copy()
-+ master1.allocate(args_master)
-+ instance_master1 = master1.exists()
-+ if instance_master1:
-+ master1.delete()
-+ master1.create()
-+ master1.open()
-+ master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1)
-+
-+ # Creating master 2...
-+ master2 = DirSrv(verbose=False)
-+ if installation1_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+ args_instance[SER_HOST] = HOST_MASTER_2
-+ args_instance[SER_PORT] = PORT_MASTER_2
-+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2
-+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+ args_master = args_instance.copy()
-+ master2.allocate(args_master)
-+ instance_master2 = master2.exists()
-+ if instance_master2:
-+ master2.delete()
-+ master2.create()
-+ master2.open()
-+ master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2)
-+
-+ #
-+ # Create all the agreements
-+ #
-+ # Creating agreement from master 1 to master 2
-+ properties = {RA_NAME: r'meTo_$host:$port',
-+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
-+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
-+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
-+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
-+ m1_m2_agmt = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties)
-+ if not m1_m2_agmt:
-+ log.fatal("Fail to create a master -> master replica agreement")
-+ sys.exit(1)
-+ log.debug("%s created" % m1_m2_agmt)
-+
-+ # Creating agreement from master 2 to master 1
-+ properties = {RA_NAME: r'meTo_$host:$port',
-+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
-+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
-+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
-+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
-+ m2_m1_agmt = master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties)
-+ if not m2_m1_agmt:
-+ log.fatal("Fail to create a master -> master replica agreement")
-+ sys.exit(1)
-+ log.debug("%s created" % m2_m1_agmt)
-+
-+ # Allow the replicas to get situated with the new agreements...
-+ time.sleep(5)
-+
-+ #
-+ # Initialize all the agreements
-+ #
-+ master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2)
-+ master1.waitForReplInit(m1_m2_agmt)
-+
-+ # Check replication is working...
-+ if master1.testReplication(DEFAULT_SUFFIX, master2):
-+ log.info('Replication is working.')
-+ else:
-+ log.fatal('Replication is not working.')
-+ assert False
-+
-+ # Clear out the tmp dir
-+ master1.clearTmpDir(__file__)
-+
-+ return TopologyReplication(master1, master2)
-+
-+def test_ticket11111_set_purgedelay(topology):
-+ args = {REPLICA_PURGE_DELAY: '5',
-+ REPLICA_PURGE_INTERVAL: '5'}
-+ try:
-+ topology.master1.replica.setProperties(DEFAULT_SUFFIX, None, None, args)
-+ except:
-+ log.fatal('Failed to configure replica')
-+ assert False
-+ try:
-+ topology.master2.replica.setProperties(DEFAULT_SUFFIX, None, None, args)
-+ except:
-+ log.fatal('Failed to configure replica')
-+ assert False
-+ topology.master1.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-auditlog-logging-enabled', 'on')])
-+ topology.master2.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-auditlog-logging-enabled', 'on')])
-+ topology.master1.restart(10)
-+ topology.master2.restart(10)
-+
-+
-+def test_ticket11111_1(topology):
-+ name = 'test_entry'
-+ dn = "cn=%s,%s" % (name, SUFFIX)
-+
-+ topology.master1.add_s(Entry((dn , {
-+ 'objectclass': "top person".split(),
-+ 'sn': name,
-+ 'cn': name})))
-+
-+ # First do an update that is replicated
-+ mods = [(ldap.MOD_ADD, 'description', '5')]
-+ topology.master1.modify_s(dn, mods)
-+
-+ nbtry = 0
-+ while (nbtry <= 10):
-+ try:
-+ ent = topology.master2.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", ['description'])
-+ if ent.hasAttr('description') and ent.getValue('description') == '5':
-+ break
-+ except ldap.NO_SUCH_OBJECT:
-+ pass
-+ nbtry = nbtry + 1
-+ time.sleep(1)
-+ assert nbtry <= 10
-+
-+ # Stop M2 so that it will not receive the next update
-+ topology.master2.stop(10)
-+
-+ # ADD a new value that is not replicated
-+ mods = [(ldap.MOD_DELETE, 'description', '5')]
-+ topology.master1.modify_s(dn, mods)
-+
-+ # Stop M1 so that it will keep del '5' that is unknown from master2
-+ topology.master1.stop(10)
-+
-+ # Get the sbin directory so we know where to replace 'ns-slapd'
-+ sbin_dir = get_sbin_dir(prefix=topology.master2.prefix)
-+
-+ # Enable valgrind
-+ valgrind_enable(sbin_dir)
-+
-+ # start M2 to do the next updates
-+ topology.master2.start(10)
-+
-+ # ADD 'description' by '5'
-+ mods = [(ldap.MOD_DELETE, 'description', '5')]
-+ topology.master2.modify_s(dn, mods)
-+
-+ # DEL 'description' by '5'
-+ mods = [(ldap.MOD_ADD, 'description', '5')]
-+ topology.master2.modify_s(dn, mods)
-+
-+ # sleep of purgedelay so that the next update will purge the CSN_7
-+ time.sleep(6)
-+
-+ # ADD 'description' by '8' that purge the state info
-+ mods = [(ldap.MOD_ADD, 'description', '6')]
-+ topology.master2.modify_s(dn, mods)
-+
-+ if valgrind_check_leak(topology.master2, 'csnset_dup'):
-+ log.error('test_csnset_dup: Memory leak is present!')
-+ else:
-+ log.info('test_csnset_dup: No leak is present!')
-+
-+ if valgrind_check_leak(topology.master2, 'Invalid'):
-+ log.info('Valgrind reported invalid!')
-+ else:
-+ log.info('Valgrind is happy!')
-+
-+ #log.info("You can attach yourself")
-+ #time.sleep(60)
-+
-+ # Enable valgrind
-+ valgrind_disable(sbin_dir)
-+
-+ topology.master1.start(10)
-+
-+
-+def test_ticket11111_final(topology):
-+ topology.master1.delete()
-+ topology.master2.delete()
-+ log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+ global installation1_prefix
-+ installation1_prefix = None
-+
-+ topo = topology(True)
-+ test_ticket11111_set_purgedelay(topo)
-+ test_ticket11111_1(topo)
-+
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
---
-1.9.3
-
diff --git a/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch b/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch
new file mode 100644
index 0000000..048a4f4
--- /dev/null
+++ b/SOURCES/0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch
@@ -0,0 +1,268 @@
+From c8c5237c0dc6b5b1a0dc0b040bf2ca5058222141 Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <spichugi@redhat.com>
+Date: Thu, 28 Jul 2016 11:53:47 +0200
+Subject: [PATCH 25/29] Ticket 48943 - Add CI Test for the password test suite
+
+Description: Test that fine-grained pwdpolicy on the entry has a
+priority over fine-grained pwdpolicy on the subtree the entry belongs
+to. Use passwordChange attribute to verify that.
+
+https://fedorahosted.org/389/ticket/48943
+
+Reviewed by: mreynolds (Thanks!)
+
+(cherry picked from commit a20538f482089615ceff1947a3e237a87f31a781)
+---
+ .../tests/suites/password/pwd_change_policytest.py | 240 +++++++++++++++++++++
+ 1 file changed, 240 insertions(+)
+ create mode 100644 dirsrvtests/tests/suites/password/pwd_change_policytest.py
+
+diff --git a/dirsrvtests/tests/suites/password/pwd_change_policytest.py b/dirsrvtests/tests/suites/password/pwd_change_policytest.py
+new file mode 100644
+index 0000000..1d48c65
+--- /dev/null
++++ b/dirsrvtests/tests/suites/password/pwd_change_policytest.py
+@@ -0,0 +1,240 @@
++import os
++import sys
++import time
++import subprocess
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++DEBUGGING = False
++OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX)
++TEST_USER_NAME = 'simplepaged_test'
++TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE)
++TEST_USER_PWD = 'simplepaged_test'
++PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\
++ 'ou=people,dc=example,dc=com",'\
++ 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
++PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\
++ 'ou=people,dc=example,dc=com",'\
++ 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
++
++if DEBUGGING:
++ logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++ logging.getLogger(__name__).setLevel(logging.INFO)
++
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++ """The DS Topology Class"""
++ def __init__(self, standalone):
++ """Init"""
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ """Create DS Deployment"""
++
++ # Creating standalone instance ...
++ if DEBUGGING:
++ standalone = DirSrv(verbose=True)
++ else:
++ standalone = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++ instance_standalone = standalone.exists()
++ if instance_standalone:
++ standalone.delete()
++ standalone.create()
++ standalone.open()
++
++ def fin():
++ """If we are debugging just stop the instances, otherwise remove
++ them
++ """
++ if DEBUGGING:
++ standalone.stop()
++ else:
++ standalone.delete()
++
++ request.addfinalizer(fin)
++
++
++ return TopologyStandalone(standalone)
++
++
++@pytest.fixture(scope="module")
++def test_user(topology, request):
++ """User for binding operation"""
++
++ log.info('Adding user {}'.format(TEST_USER_DN))
++ try:
++ topology.standalone.add_s(Entry((TEST_USER_DN, {
++ 'objectclass': 'top person'.split(),
++ 'objectclass': 'organizationalPerson',
++ 'objectclass': 'inetorgperson',
++ 'cn': TEST_USER_NAME,
++ 'sn': TEST_USER_NAME,
++ 'userpassword': TEST_USER_PWD,
++ 'mail': '%s@redhat.com' % TEST_USER_NAME,
++ 'uid': TEST_USER_NAME
++ })))
++ except ldap.LDAPError as e:
++ log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
++ e.message['desc']))
++ raise e
++
++ def fin():
++ log.info('Deleting user {}'.format(TEST_USER_DN))
++ topology.standalone.delete_s(TEST_USER_DN)
++ request.addfinalizer(fin)
++
++
++@pytest.fixture(scope="module")
++def password_policy(topology, test_user):
++ """Set up password policy for subtree and user"""
++
++ log.info('Enable fine-grained policy')
++ try:
++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
++ 'nsslapd-pwpolicy-local',
++ 'on')])
++ except ldap.LDAPError as e:
++ log.error('Failed to set fine-grained policy: error {}'.format(
++ e.message['desc']))
++ raise e
++
++ log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
++ try:
++ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
++ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
++ '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
++ except subprocess.CalledProcessError as e:
++ log.error('Failed to create pw policy policy for {}: error {}'.format(
++ OU_PEOPLE, e.message['desc']))
++ raise e
++
++ log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE))
++ try:
++ topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE,
++ 'pwdpolicysubentry',
++ PW_POLICY_CONT_PEOPLE)])
++ except ldap.LDAPError as e:
++ log.error('Failed to pwdpolicysubentry pw policy '\
++ 'policy for {}: error {}'.format(OU_PEOPLE,
++ e.message['desc']))
++ raise e
++
++ log.info('Create password policy for subtree {}'.format(TEST_USER_DN))
++ try:
++ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
++ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
++ '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE])
++ except subprocess.CalledProcessError as e:
++ log.error('Failed to create pw policy policy for {}: error {}'.format(
++ TEST_USER_DN, e.message['desc']))
++ raise e
++
++ log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN))
++ try:
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'pwdpolicysubentry',
++ PW_POLICY_CONT_USER)])
++ except ldap.LDAPError as e:
++ log.error('Failed to pwdpolicysubentry pw policy '\
++ 'policy for {}: error {}'.format(TEST_USER_DN,
++ e.message['desc']))
++ raise e
++
++
++@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception',
++ [('off', 'on', None), ('on', 'on', None),
++ ('on', 'off', ldap.UNWILLING_TO_PERFORM),
++ ('off', 'off', ldap.UNWILLING_TO_PERFORM)])
++def test_change_pwd(topology, test_user, password_policy,
++ subtree_pwchange, user_pwchange, exception):
++ """Verify that 'passwordChange' attr works as expected
++ User should have a priority over a subtree.
++
++ :Feature: Password policy
++
++ :Setup: Standalone instance, test user,
++ password policy entries for a user and a subtree
++
++ :Steps: 1. Set passwordChange on the user and the subtree
++ to various combinations
++ 2. Bind as test user
++ 3. Try to change password
++
++ :Assert: Subtree/User passwordChange - result
++ off/on, on/on - success
++ on/off, off/off - UNWILLING_TO_PERFORM
++ """
++
++ log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange,
++ PW_POLICY_CONT_PEOPLE))
++ try:
++ topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE,
++ 'passwordChange',
++ subtree_pwchange)])
++ except ldap.LDAPError as e:
++ log.error('Failed to set passwordChange '\
++ 'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE,
++ e.message['desc']))
++ raise e
++
++
++ log.info('Set passwordChange to "{}" - {}'.format(user_pwchange,
++ PW_POLICY_CONT_USER))
++ try:
++ topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE,
++ 'passwordChange',
++ user_pwchange)])
++ except ldap.LDAPError as e:
++ log.error('Failed to set passwordChange '\
++ 'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
++ e.message['desc']))
++ raise e
++
++ try:
++ log.info('Bind as user and modify userPassword')
++ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++ if exception:
++ with pytest.raises(exception):
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ 'new_pass')])
++ else:
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ 'new_pass')])
++ except ldap.LDAPError as e:
++ log.error('Failed to change userpassword for {}: error {}'.format(
++ TEST_USER_DN, e.message['info']))
++ raise e
++ finally:
++ log.info('Bind as DM')
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ TEST_USER_PWD)])
++
++
++if __name__ == '__main__':
++ # Run isolated
++ # -s for DEBUG mode
++ CURRENT_FILE = os.path.realpath(__file__)
++ pytest.main("-s %s" % CURRENT_FILE)
+--
+2.4.11
+
diff --git a/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch b/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
deleted file mode 100644
index 275a95c..0000000
--- a/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
+++ /dev/null
@@ -1,293 +0,0 @@
-From 1acfdbb4428c70f7f6058da4374ecb29f9bb3149 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 17 Jul 2015 15:08:00 -0400
-Subject: [PATCH 26/30] Ticket 48179 - Starting a replica agreement can lead to
- deadlock
-
-Bug Description: When starting a replica agreement and setting the agmt maxcsn
- a deadlock can occur with another op updating nsuniqueid index.
- When setting the agmt maxcsn the server searches for the tombstone
- ruv which uses the nsuniqueid index, and it does this while holding
- the repl agmt lock. If another thread is doing a delete and
- writing to the change log, it can also grab a write lock on the
- nsuniqueid index, before it attempts to grab the agmt lock. This
- can lead to a deadlock if the timing is right.
-
-Fix Description: When starting the agmt and setting the agmt maxcsn, search/get
- the tombstone ruv before we take the repl agmt lock.
-
-https://fedorahosted.org/389/ticket/48179
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit eb3086dcb0c56a23d6cee00a12f38b2584fe59a2)
-(cherry picked from commit 23a3ff6082cba3eb749401eff44942b16dc30538)
----
- ldap/servers/plugins/replication/repl5.h | 1 -
- ldap/servers/plugins/replication/repl5_agmt.c | 211 ++++++++++++--------------
- 2 files changed, 101 insertions(+), 111 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 4a5d859..0b0f26b 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -380,7 +380,6 @@ PRUint64 agmt_get_protocol_timeout(Repl_Agmt *agmt);
- void agmt_set_protocol_timeout(Repl_Agmt *agmt, PRUint64 timeout);
- void agmt_update_maxcsn(Replica *r, Slapi_DN *sdn, int op, LDAPMod **mods, CSN *csn);
- void add_agmt_maxcsns(Slapi_Entry *e, Replica *r);
--void agmt_set_maxcsn(Repl_Agmt *ra);
- void agmt_remove_maxcsn(Repl_Agmt *ra);
- int agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod);
- int agmt_set_WaitForAsyncResults(Repl_Agmt *ra, const Slapi_Entry *e);
-diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
-index 9d1a8f2..f84eacb 100644
---- a/ldap/servers/plugins/replication/repl5_agmt.c
-+++ b/ldap/servers/plugins/replication/repl5_agmt.c
-@@ -668,43 +668,127 @@ int
- agmt_start(Repl_Agmt *ra)
- {
- Repl_Protocol *prot = NULL;
-+ Slapi_PBlock *pb = NULL;
-+ Slapi_Entry **entries = NULL;
-+ Slapi_DN *repl_sdn = NULL;
-+ char *attrs[2];
-+ int protocol_state;
-+ int found_ruv = 0;
-+ int rc = 0;
-
-- int protocol_state;
--
-- /* To Allow Consumer Initialisation when adding an agreement: */
-- if (ra->auto_initialize == STATE_PERFORMING_TOTAL_UPDATE)
-- {
-- protocol_state = STATE_PERFORMING_TOTAL_UPDATE;
-- }
-- else
-- {
-- protocol_state = STATE_PERFORMING_INCREMENTAL_UPDATE;
-- }
-+ /* To Allow Consumer Initialisation when adding an agreement: */
-+ if (ra->auto_initialize == STATE_PERFORMING_TOTAL_UPDATE){
-+ protocol_state = STATE_PERFORMING_TOTAL_UPDATE;
-+ } else {
-+ protocol_state = STATE_PERFORMING_INCREMENTAL_UPDATE;
-+ }
-
- /* First, create a new protocol object */
- if ((prot = prot_new(ra, protocol_state)) == NULL) {
- return -1;
- }
-
-- /* Now it is safe to own the agreement lock */
-+ /*
-+ * Set the agmt maxcsn
-+ *
-+ * We need to get the replica ruv before we take the
-+ * agmt lock to avoid potential deadlocks on the nsuniqueid
-+ * index.
-+ */
-+ repl_sdn = agmt_get_replarea(ra);
-+
-+ pb = slapi_pblock_new();
-+ attrs[0] = (char*)type_agmtMaxCSN;
-+ attrs[1] = NULL;
-+ slapi_search_internal_set_pb_ext(
-+ pb,
-+ repl_sdn,
-+ LDAP_SCOPE_BASE,
-+ "objectclass=*",
-+ attrs,
-+ 0,
-+ NULL,
-+ RUV_STORAGE_ENTRY_UNIQUEID,
-+ repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION),
-+ OP_FLAG_REPLICATED);
-+ slapi_search_internal_pb (pb);
-+
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
-+ if (rc == LDAP_SUCCESS){
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+ if (NULL == entries || NULL == entries[0]){
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "agmt_start: replica ruv tombstone entry for "
-+ "replica %s not found\n",
-+ slapi_sdn_get_dn(ra->replarea));
-+ } else {
-+ found_ruv = 1;
-+ }
-+ }
-+
-+ /*
-+ * Now it is safe to own the agreement lock
-+ */
- PR_Lock(ra->lock);
-
- /* Check that replication is not already started */
- if (ra->protocol != NULL) {
- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "replication already started for agreement \"%s\"\n", agmt_get_long_name(ra));
-- PR_Unlock(ra->lock);
- prot_free(&prot);
-- return 0;
-+ goto done;
- }
-
-+ /* Set and start the protocol */
- ra->protocol = prot;
--
-- /* Start the protocol thread */
- prot_start(ra->protocol);
-
-- agmt_set_maxcsn(ra);
-+ /*
-+ * If we found the repl ruv, set the agmt maxcsn...
-+ */
-+ if (found_ruv){
-+ Replica *r;
-+ Object *repl_obj;
-+ char **maxcsns = NULL;
-+ int i;
-
-+ maxcsns = slapi_entry_attr_get_charray(entries[0], type_agmtMaxCSN);
-+ repl_obj = prot_get_replica_object(ra->protocol);
-+ if(repl_obj && maxcsns){
-+ r = (Replica *)object_get_data(repl_obj);
-+ if(r){
-+ /*
-+ * Loop over all the agmt maxcsns and find ours...
-+ */
-+ for(i = 0; maxcsns[i]; i++){
-+ char buf[BUFSIZ];
-+ char unavail_buf[BUFSIZ];
-+
-+ PR_snprintf(buf,BUFSIZ,"%s;%s;%s;%d;",slapi_sdn_get_dn(repl_sdn),
-+ slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
-+ ra->hostname, ra->port);
-+ PR_snprintf(unavail_buf, BUFSIZ,"%s;%s;%s;%d;unavailable", slapi_sdn_get_dn(repl_sdn),
-+ slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
-+ ra->hostname, ra->port);
-+ if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
-+ /* Set the maxcsn */
-+ slapi_ch_free_string(&ra->maxcsn);
-+ ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
-+ ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
-+ ra->tmpConsumerRID = 1;
-+ break;
-+ }
-+ }
-+ }
-+ }
-+ slapi_ch_array_free(maxcsns);
-+ }
-+
-+done:
- PR_Unlock(ra->lock);
-+ slapi_free_search_results_internal(pb);
-+ slapi_pblock_destroy (pb);
-+ slapi_sdn_free(&repl_sdn);
-+
- return 0;
- }
-
-@@ -3052,99 +3136,6 @@ agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod)
- }
-
- /*
-- * Called when we start a repl agmt
-- */
--void
--agmt_set_maxcsn(Repl_Agmt *ra)
--{
-- Slapi_PBlock *pb = NULL;
-- Slapi_Entry **entries = NULL;
-- Replica *r = NULL;
-- Object *repl_obj;
-- const Slapi_DN *tombstone_sdn = NULL;
-- char *attrs[2];
-- int rc;
--
-- /* read ruv state from the ruv tombstone entry */
-- pb = slapi_pblock_new();
-- if (!pb) {
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmt_set_maxcsn: Out of memory\n");
-- goto done;
-- }
-- repl_obj = prot_get_replica_object(ra->protocol);
-- if(repl_obj){
-- r = (Replica *)object_get_data(repl_obj);
-- tombstone_sdn = replica_get_root(r);
-- }
-- ra->maxcsn = NULL;
-- attrs[0] = (char*)type_agmtMaxCSN;
-- attrs[1] = NULL;
-- slapi_search_internal_set_pb_ext(
-- pb,
-- (Slapi_DN *)tombstone_sdn,
-- LDAP_SCOPE_BASE,
-- "objectclass=*",
-- attrs,
-- 0, /* attrsonly */
-- NULL, /* controls */
-- RUV_STORAGE_ENTRY_UNIQUEID,
-- repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION),
-- OP_FLAG_REPLICATED); /* flags */
-- slapi_search_internal_pb (pb);
--
-- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
-- if (rc == LDAP_SUCCESS){
-- Replica *r;
-- Object *repl_obj;
-- char **maxcsns;
-- int i;
--
-- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-- if (NULL == entries || NULL == entries[0]){
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-- "agmt_set_maxcsn: replica ruv tombstone entry for "
-- "replica %s not found\n",
-- slapi_sdn_get_dn(ra->replarea));
-- goto done;
-- }
-- maxcsns = slapi_entry_attr_get_charray(entries[0], type_agmtMaxCSN);
-- repl_obj = prot_get_replica_object(ra->protocol);
-- if(repl_obj && maxcsns){
-- r = (Replica *)object_get_data(repl_obj);
-- if(r){
-- /*
-- * Loop over all the agmt maxcsns and find ours
-- */
-- for(i = 0; maxcsns[i]; i++){
-- char buf[BUFSIZ];
-- char unavail_buf[BUFSIZ];
--
-- PR_snprintf(buf,BUFSIZ,"%s;%s;%s;%d;",slapi_sdn_get_dn(ra->replarea),
-- slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
-- ra->hostname, ra->port);
-- PR_snprintf(unavail_buf, BUFSIZ,"%s;%s;%s;%d;unavailable", slapi_sdn_get_dn(ra->replarea),
-- slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
-- ra->hostname, ra->port);
-- if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
-- slapi_ch_free_string(&ra->maxcsn);
-- ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
-- ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
-- ra->tmpConsumerRID = 1;
-- break;
-- }
-- }
-- }
-- }
-- slapi_ch_array_free(maxcsns);
-- }
--done:
-- if (NULL != pb){
-- slapi_free_search_results_internal(pb);
-- slapi_pblock_destroy (pb);
-- }
--}
--
--/*
- * Parse out the consumer replicaID from the agmt maxcsn
- *
- * "repl area;agmt_rdn;hostname;port;consumer_rid;maxcsn"
---
-1.9.3
-
diff --git a/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch b/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch
new file mode 100644
index 0000000..c7bda39
--- /dev/null
+++ b/SOURCES/0026-Ticket-48936-Duplicate-collation-entries.patch
@@ -0,0 +1,66 @@
+From f6f3f89e723d26cdad16e0d70d21e2361b9ac8bb Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 28 Jul 2016 22:23:20 -0700
+Subject: [PATCH 26/29] Ticket #48936 - Duplicate collation entries
+
+Description: In the fix for "Ticket #53 - Need to update supported locales",
+some locales were not set country and variant codes correctly, which caused
+the duplicate matchintRules. Also, ig-NG was mapped to a wrong locale.
+
+An example of the broken matchingRules.
+Before the fix>
+ matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+ matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+After the fix>
+ matchingRules: ( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+ matchingRules: ( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch-sk-SK' DESC 'sk-SK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+https://fedorahosted.org/389/ticket/48936
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit 3e3dff89c29afdf52a32e4d44f01bddedd60bcd3)
+---
+ ldap/schema/slapd-collations.conf | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/ldap/schema/slapd-collations.conf b/ldap/schema/slapd-collations.conf
+index 9f653e4..31fa477 100644
+--- a/ldap/schema/slapd-collations.conf
++++ b/ldap/schema/slapd-collations.conf
+@@ -88,7 +88,7 @@ collation as "" "" 1 3 2.16.840.1.113730.3.3.2.71.1 as
+ collation as IN "" 1 3 2.16.840.1.113730.3.3.2.72.1 as-IN
+ collation az "" "" 1 3 2.16.840.1.113730.3.3.2.73.1 az
+ collation az Latn "" 1 3 2.16.840.1.113730.3.3.2.74.1 az-Latn
+-collation az Latn_AZ "" 1 3 2.16.840.1.113730.3.3.2.75.1 az-Latn-AZ
++collation az Latn AZ 1 3 2.16.840.1.113730.3.3.2.75.1 az-Latn-AZ
+ collation bn "" "" 1 3 2.16.840.1.113730.3.3.2.76.1 bn
+ collation bn BD "" 1 3 2.16.840.1.113730.3.3.2.77.1 bn-BD
+ collation bn IN "" 1 3 2.16.840.1.113730.3.3.2.78.1 bn-IN
+@@ -189,8 +189,8 @@ collation ha Latn NG 1 3 2.16.840.1.113730.3.3.2.172.1 ha-Latn-NG
+ collation he "" "" 1 3 2.16.840.1.113730.3.3.2.173.1 he he-IL
+ collation hi "" "" 1 3 2.16.840.1.113730.3.3.2.174.1 hi hi-IN
+ collation hy "" "" 1 3 2.16.840.1.113730.3.3.2.175.1 hy hy-AM
+-collation id "" "" 1 3 2.16.840.1.113730.3.3.2.176.1 id-ID
+-collation id ID "" 1 3 2.16.840.1.113730.3.3.2.177.1 ig-NG
++collation id "" "" 1 3 2.16.840.1.113730.3.3.2.176.1 id id-ID
++collation ig "" "" 1 3 2.16.840.1.113730.3.3.2.177.1 ig ig-NG
+ collation it IT "" 1 3 2.16.840.1.113730.3.3.2.178.1 it-IT
+ collation ka "" "" 1 3 2.16.840.1.113730.3.3.2.179.1 ka
+ collation ka GE "" 1 3 2.16.840.1.113730.3.3.2.180.1 ka-GE
+@@ -224,9 +224,9 @@ collation ru MD "" 1 3 2.16.840.1.113730.3.3.2.207.1 ru-MD
+ collation ru RU "" 1 3 2.16.840.1.113730.3.3.2.208.1 ru-RU
+ collation ru UA "" 1 3 2.16.840.1.113730.3.3.2.209.1 ru-UA
+ collation si "" "" 1 3 2.16.840.1.113730.3.3.2.210.1 si si-LK
+-collation sk "" "" 1 3 2.16.840.1.113730.3.3.2.211.1 sk sk-SK
+-collation sl "" "" 1 3 2.16.840.1.113730.3.3.2.212.1 sl sl-SI
+-collation sq "" "" 1 3 2.16.840.1.113730.3.3.2.213.1 sq sq-AL
++collation sk SK "" 1 3 2.16.840.1.113730.3.3.2.211.1 sk-SK
++collation sl SI "" 1 3 2.16.840.1.113730.3.3.2.212.1 sl-SI
++collation sq AL "" 1 3 2.16.840.1.113730.3.3.2.213.1 sq-AL
+ collation sr Cyrl "" 1 3 2.16.840.1.113730.3.3.2.214.1 sr-Cyrl
+ collation sr Cyrl BA 1 3 2.16.840.1.113730.3.3.2.215.1 sr-Cyrl-BA
+ collation sr Cyrl ME 1 3 2.16.840.1.113730.3.3.2.216.1 sr-Cyrl-ME
+--
+2.4.11
+
diff --git a/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch b/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
deleted file mode 100644
index 5ad4f0c..0000000
--- a/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 422028f6589250523c8a8669827bd0cccc347090 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 20 Jul 2015 11:18:12 -0400
-Subject: [PATCH 27/30] Ticket 47910 - logconv.pl - check that the end time is
- greater than the start time
-
-Bug Description: There is no check if the end time is greater than the start time.
- This leads to an empty report being generated, when an error
- should be returned instead.
-
-Fix Description: If start and end time are used, validate that the end time is
- greater than the start time.
-
- Also, improved an error message when the tool options are not
- correctly used.
-
-https://fedorahosted.org/389/ticket/47910
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 34ffa6c44734b99c252e7585bb499089ac8e6a67)
-(cherry picked from commit 16b95b12d26fb293d68be154c602398798353bb8)
----
- ldap/admin/src/logconv.pl | 22 +++++++++++++++++-----
- 1 file changed, 17 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index d26e91e..0038a03 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -148,14 +148,13 @@ while($arg_count <= $#ARGV){
- }
-
- if($file_count == 0){
-- if($reportStatsSecFile or $reportStatsMinFile){
-- print "Usage error for option -m or -M, either the output file or access log is missing!\n\n";
-- } else {
-- print "There are no access logs specified!\n\n";
-- }
-+ print "There are no access logs specified, or the tool options have not been used correctly!\n";
- exit 1;
- }
-
-+#
-+# Initialize the statistic blocks
-+#
- if ($reportStatsSecFile) {
- $s_stats = new_stats_block($reportStatsSecFile);
- $reportStats = "-m";
-@@ -357,6 +356,19 @@ my %monthname = (
-
- );
-
-+#
-+# Validate start/end times (if specified)
-+#
-+if ($startTime and $endTime){
-+ # Make sure the end time is not earlier than the start time
-+ my $testStart = convertTimeToSeconds($startTime);
-+ my $testEnd = convertTimeToSeconds($endTime);
-+ if ($testStart > $testEnd){
-+ print "Start time ($startTime) is greater than end time ($endTime)!\n";
-+ exit 1;
-+ }
-+}
-+
- my $linesProcessed;
- my $lineBlockCount;
- my $cursize = 0;
---
-1.9.3
-
diff --git a/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch b/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch
new file mode 100644
index 0000000..7e2dfcf
--- /dev/null
+++ b/SOURCES/0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch
@@ -0,0 +1,111 @@
+From 8afc979b47994c8bebae22868b86761590231e09 Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Fri, 29 Jul 2016 14:36:19 +1000
+Subject: [PATCH 27/29] Ticket 48450 - Add prestart work around for systemd ask
+ password
+
+Bug Description: Due to a lack of response to fix the systemd ask password
+permissions, we must resolve this ourselves. Without this, we cannot utilise
+the ask password feature at all.
+
+Fix Description: We add an execstartpre script, that parses dse.ldif for
+the running server user. If found, we add the acl to ask-password directory
+which will allow the server to start. We do this so that if each instance
+has a unique user, they can all use ask pass correctly.
+
+https://fedorahosted.org/389/ticket/48450
+
+Author: wibrown
+
+Review by: nhosoi (Thanks)
+
+(cherry picked from commit e6b48924adb753f47683f25fab6e2b8e5d3cf84c)
+---
+ Makefile.am | 3 ++-
+ wrappers/ds_systemd_ask_password_acl.in | 34 +++++++++++++++++++++++++++++++
+ wrappers/systemd.template.asan.service.in | 1 +
+ wrappers/systemd.template.service.in | 1 +
+ 4 files changed, 38 insertions(+), 1 deletion(-)
+ create mode 100644 wrappers/ds_systemd_ask_password_acl.in
+
+diff --git a/Makefile.am b/Makefile.am
+index ed3d462..3e1bf47 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -620,7 +620,8 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
+ ldap/admin/src/scripts/dbmon.sh \
+ ldap/admin/src/scripts/ds_selinux_enabled \
+ ldap/admin/src/scripts/ds_selinux_port_query \
+- wrappers/ldap-agent
++ wrappers/ds_systemd_ask_password_acl \
++ wrappers/ldap-agent
+
+ bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \
+ wrappers/dbscan \
+diff --git a/wrappers/ds_systemd_ask_password_acl.in b/wrappers/ds_systemd_ask_password_acl.in
+new file mode 100644
+index 0000000..59bffc5
+--- /dev/null
++++ b/wrappers/ds_systemd_ask_password_acl.in
+@@ -0,0 +1,34 @@
++#!/bin/sh
++# BEGIN COPYRIGHT BLOCK
++# Copyright (C) 2016 Red Hat, Inc.
++#
++# All rights reserved.
++#
++# License: GPL (version 3 or any later version).
++# See LICENSE for details.
++# END COPYRIGHT BLOCK
++
++# Systemd has not fixed the issue at https://bugzilla.redhat.com/show_bug.cgi?id=1322167
++# As a result, we need a way to fix the permissions as we start.
++# We have to reset these each time, as this folder is on a tmpfs.
++# If we don't do this, we can't prompt for the password!
++# If you want this script to go away, fix the bugzilla so we don't need it!
++
++# Make sure we have the path to the dse.ldif
++if [ -z $1 ]
++then
++ echo "usage: ${0} /etc/dirsrv/slapd-<instance>/dse.ldif"
++ exit 1
++fi
++
++# Grep the user out
++
++DS_USER=`grep 'nsslapd-localuser: ' $1 | awk '{print $2}'`
++
++# Now apply the acl
++
++if [ -d /var/run/systemd/ask-password ]
++then
++ setfacl -m u:${DS_USER}:rwx /var/run/systemd/ask-password
++fi
++
+diff --git a/wrappers/systemd.template.asan.service.in b/wrappers/systemd.template.asan.service.in
+index dd361b4..5de91de 100644
+--- a/wrappers/systemd.template.asan.service.in
++++ b/wrappers/systemd.template.asan.service.in
+@@ -25,6 +25,7 @@ PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid
+ # We can't symbolize here, as llvm symbolize crashes when it goes near systemd.
+ Environment='ASAN_OPTIONS="detect_leaks=1 symbolize=0 log_path=@localstatedir@/run/@package_name@/ns-slapd-%i.asan detect_deadlocks=1"'
+ LimitCORE=infinity
++ExecStartPre=@sbindir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif
+ ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid
+ # if you need to set other directives e.g. LimitNOFILE=8192
+ # set them in this file
+diff --git a/wrappers/systemd.template.service.in b/wrappers/systemd.template.service.in
+index a045036..6f096b7 100644
+--- a/wrappers/systemd.template.service.in
++++ b/wrappers/systemd.template.service.in
+@@ -22,6 +22,7 @@ Type=notify
+ EnvironmentFile=@initconfigdir@/@package_name@
+ EnvironmentFile=@initconfigdir@/@package_name@-%i
+ PIDFile=@localstatedir@/run/@package_name@/slapd-%i.pid
++ExecStartPre=@sbindir@/ds_systemd_ask_password_acl @instconfigdir@/slapd-%i/dse.ldif
+ ExecStart=@sbindir@/ns-slapd -D @instconfigdir@/slapd-%i -i @localstatedir@/run/@package_name@/slapd-%i.pid
+ # if you need to set other directives e.g. LimitNOFILE=8192
+ # set them in this file
+--
+2.4.11
+
diff --git a/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
new file mode 100644
index 0000000..bad5476
--- /dev/null
+++ b/SOURCES/0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
@@ -0,0 +1,115 @@
+From 0f22cc8a2ab2a968b5ff0878b81bb5d39fa5a35e Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 26 Jul 2016 18:08:38 -0700
+Subject: [PATCH 28/29] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
+ disclosure via repeated use of LDAP ADD operation, etc.
+
+Description:
+1. When an account is inactivated, the error UNWILLING_TO_PERFORM with
+ the inactivated message should be returned only when the bind is
+ successful.
+2. When SASL bind fails, instead of returning the cause of the failure
+ directly to the client, but logging it in the access log.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1347760
+
+Reviewed by wibrown@redhat.com (Thank you, William!)
+
+(cherry picked from commit b8767d510d11c7cbfede24daaae3348b9f028f47)
+---
+ ldap/servers/slapd/bind.c | 49 ++++++++++++++++++++-----------------------
+ ldap/servers/slapd/saslbind.c | 4 ++--
+ 2 files changed, 25 insertions(+), 28 deletions(-)
+
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index 702d4c2..c271577 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -720,25 +720,6 @@ do_bind( Slapi_PBlock *pb )
+ }
+ }
+ }
+-
+- /*
+- * Is this account locked ?
+- * could be locked through the account inactivation
+- * or by the password policy
+- *
+- * rc=0: account not locked
+- * rc=1: account locked, can not bind, result has been sent
+- * rc!=0 and rc!=1: error. Result was not sent, lets be_bind
+- * deal with it.
+- *
+- */
+-
+- /* get the entry now, so that we can give it to slapi_check_account_lock and reslimit_update_from_dn */
+- if (! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
+- bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
+- rc = slapi_check_account_lock ( pb, bind_target_entry, pw_response_requested, 1, 1);
+- }
+-
+ slapi_pblock_set( pb, SLAPI_PLUGIN, be->be_database );
+ set_db_default_result_handlers(pb);
+ if ( (rc != 1) &&
+@@ -777,6 +758,28 @@ do_bind( Slapi_PBlock *pb )
+
+ if ( rc == SLAPI_BIND_SUCCESS ) {
+ int myrc = 0;
++ /*
++ * The bind is successful.
++ * We can give it to slapi_check_account_lock and reslimit_update_from_dn.
++ */
++ /*
++ * Is this account locked ?
++ * could be locked through the account inactivation
++ * or by the password policy
++ *
++ * rc=0: account not locked
++ * rc=1: account locked, can not bind, result has been sent
++ * rc!=0 and rc!=1: error. Result was not sent, lets be_bind
++ * deal with it.
++ *
++ */
++ if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
++ bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
++ rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
++ if (1 == rc) { /* account is locked */
++ goto account_locked;
++ }
++ }
+ if (!auto_bind) {
+ /*
+ * There could be a race that bind_target_entry was not added
+@@ -787,13 +790,7 @@ do_bind( Slapi_PBlock *pb )
+ if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA) &&
+ !bind_target_entry) {
+ bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
+- if (bind_target_entry) {
+- myrc = slapi_check_account_lock(pb, bind_target_entry,
+- pw_response_requested, 1, 1);
+- if (1 == myrc) { /* account is locked */
+- goto account_locked;
+- }
+- } else {
++ if (!bind_target_entry) {
+ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, "No such entry");
+ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, "", 0, NULL);
+ goto free_and_return;
+diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
+index 37175f4..742987e 100644
+--- a/ldap/servers/slapd/saslbind.c
++++ b/ldap/servers/slapd/saslbind.c
+@@ -1051,8 +1051,8 @@ sasl_check_result:
+ errstr = sasl_errdetail(sasl_conn);
+
+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
+- send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
+- (char*)errstr, 0, NULL);
++ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, (void *)errstr);
++ send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL);
+ break;
+ }
+
+--
+2.4.11
+
diff --git a/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch b/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
deleted file mode 100644
index 4ad70ad..0000000
--- a/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 53e51059c4e95fab6c3601952069191343fe92b3 Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Mon, 20 Jul 2015 10:31:46 -0600
-Subject: [PATCH 28/30] Ticket #48224 - redux 2 - logconv.pl should handle
- *.tar.xz, *.txz, *.xz log files
-
-https://fedorahosted.org/389/ticket/48224
-Reviewed by: nhosoi (Thanks!)
-Branch: 389-ds-base-1.3.4
-Fix Description: Use $? instead of $! to get pipe errors.
-Platforms tested: Fedora 21, RHEL 7.2 candidate
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit 29043c5716a1bc8364689d518cb4e35722eaaf77)
-(cherry picked from commit 0e31d818366e846f45c60b2c24bdb8026a82c048)
----
- ldap/admin/src/logconv.pl | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index 0038a03..3113f8a 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -437,9 +437,9 @@ sub doUncompress {
- # so use the xz command directly
- # NOTE: This doesn't work if the argument is a file handle e.g. from
- # Archive::Tar
-- $! = 0; # clear
-- if (!open($TARFH, "xz -dc $_ |") or $!) {
-- openFailed($!, $_);
-+ $? = 0; # clear
-+ if (!open($TARFH, "xz -dc $_ |") or $?) {
-+ openFailed($?, $_);
- return;
- }
- } else {
---
-1.9.3
-
diff --git a/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch b/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
new file mode 100644
index 0000000..d41f609
--- /dev/null
+++ b/SOURCES/0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
@@ -0,0 +1,40 @@
+From 114221f292d0f8609d98bdad59feb3d460639673 Mon Sep 17 00:00:00 2001
+From: Ludwig Krispenz <lkrispen@redhat.com>
+Date: Thu, 4 Aug 2016 11:45:49 -0700
+Subject: [PATCH 29/29] Bug 1347760 - CVE-2016-4992 389-ds-base: Information
+ disclosure via repeated use of LDAP ADD operation, etc.
+
+Description: do not overwrite rc used to decide if bind was successful.
+When the bind is through ldapi/autobind, an entry does not exist to be
+checked with slapi_check_account_lock. In that case, a variable rc is
+not supposed to be modified which confuses the following code path.
+
+Reviewed by nhosoi@redhat.com.
+
+(cherry picked from commit caa351ae0cc81cbf2309a43c5f74b359cda152d0)
+---
+ ldap/servers/slapd/bind.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index c271577..3054c1f 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -775,10 +775,12 @@ do_bind( Slapi_PBlock *pb )
+ */
+ if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
+ bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
+- rc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
+- if (1 == rc) { /* account is locked */
++ myrc = slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1, 1);
++ if (1 == myrc) { /* account is locked */
++ rc = myrc;
+ goto account_locked;
+ }
++ myrc = 0;
+ }
+ if (!auto_bind) {
+ /*
+--
+2.4.11
+
diff --git a/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch b/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
deleted file mode 100644
index a162506..0000000
--- a/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 4c275349c72a01803b772717ee29e7ac6f9a903f Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 20 Jul 2015 14:22:05 -0400
-Subject: [PATCH 29/30] Ticket 48206 - Crash during retro changelog trimming
-
-Bug Description: If the retro changelog entry is small, its possible that
- during the trimming the reto changelog entry is not in the
- cache after the trim, but its tries to blindly unlock it
- from the cache, which leads to a crash.
-
-FIx Description: After we call the post op plugins and retrieve the entry
- from the cache, double check that it was found. If it
- is not found, do not unlock it.
-
-https://fedorahosted.org/389/ticket/48206
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 2a8a8c8ced5849dada34ab28d79e87dd3636e413)
-(cherry picked from commit 6d439887b99da557e8d7bc0c611d9afa909fdce7)
----
- ldap/servers/slapd/back-ldbm/ldbm_delete.c | 27 +++++++++++++++++----------
- 1 file changed, 17 insertions(+), 10 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-index 59c1f76..f31d545 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-@@ -1257,17 +1257,24 @@ ldbm_back_delete( Slapi_PBlock *pb )
- CACHE_RETURN(&inst->inst_cache, &e);
- }
- }
-- if (cache_is_in_cache(&inst->inst_cache, e)) {
-- ep_id = e->ep_id; /* Otherwise, e might have been freed. */
-- CACHE_REMOVE(&inst->inst_cache, e);
-- }
-- cache_unlock_entry(&inst->inst_cache, e);
-- CACHE_RETURN(&inst->inst_cache, &e);
-- /*
-- * e is unlocked and no longer in cache.
-- * It could be freed at any moment.
-+
-+ /*
-+ * e could have been replaced by cache_find_id(), recheck if it's NULL
-+ * before trying to unlock it, etc.
- */
-- e = NULL;
-+ if (e) {
-+ if (cache_is_in_cache(&inst->inst_cache, e)) {
-+ ep_id = e->ep_id; /* Otherwise, e might have been freed. */
-+ CACHE_REMOVE(&inst->inst_cache, e);
-+ }
-+ cache_unlock_entry(&inst->inst_cache, e);
-+ CACHE_RETURN(&inst->inst_cache, &e);
-+ /*
-+ * e is unlocked and no longer in cache.
-+ * It could be freed at any moment.
-+ */
-+ e = NULL;
-+ }
-
- if (entryrdn_get_switch() && ep_id) { /* subtree-rename: on */
- /* since the op was successful, delete the tombstone dn from the dn cache */
---
-1.9.3
-
diff --git a/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch b/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
deleted file mode 100644
index b6a5197..0000000
--- a/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-From bc26583d161168ce664d160592a30abbd98b9a1f Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 22 Jul 2015 09:41:46 -0700
-Subject: [PATCH 30/30] Ticket #48010 - winsync range retrieval gets only 5000
- values upon initialization
-
-Description: Search with DirSync control does not support range subtype.
-On WS2012, it returns all the multi-valued attribute values regardless
-of MaxValRange, but on WS2008, it cuts at the physical limit 5000.
-This patch does not rely on the entry returned by the DirySync search.
-
-Also, since DirSync search does not support the range subtype, removing
-the range related code from the DirSync search.
-
-Researched and tested by vashirov@redhat.com (Thank you, Viktor!!)
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-https://fedorahosted.org/389/ticket/48010
-(cherry picked from commit c6b211f8ea4970623f8ac1b365d040756d46bf3c)
-(cherry picked from commit d9af22eb940353c0692b6d73cc0a2d6998311498)
----
- .../plugins/replication/windows_connection.c | 21 ++-----
- ldap/servers/plugins/replication/windows_private.c | 70 ----------------------
- .../plugins/replication/windows_protocol_util.c | 21 +++++--
- ldap/servers/plugins/replication/windowsrepl.h | 5 --
- 4 files changed, 21 insertions(+), 96 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c
-index 5db43a5..a06a07e 100644
---- a/ldap/servers/plugins/replication/windows_connection.c
-+++ b/ldap/servers/plugins/replication/windows_connection.c
-@@ -821,7 +821,6 @@ send_dirsync_search(Repl_Connection *conn)
- const char *old_dn = slapi_sdn_get_ndn( windows_private_get_windows_subtree(conn->agmt) );
- /* LDAP_SERVER_DIRSYNC_OID requires the search base Naming Context */
- char *dn = slapi_ch_strdup(strstr(old_dn, "dc="));
-- char **exattrs = NULL;
-
- if (conn->supports_dirsync == 0)
- {
-@@ -847,10 +846,6 @@ send_dirsync_search(Repl_Connection *conn)
-
- winsync_plugin_call_dirsync_search_params_cb(conn->agmt, old_dn, &dn, &scope, &filter,
- &attrs, &server_controls);
-- exattrs = windows_private_get_range_attrs(conn->agmt);
-- charray_merge(&attrs, exattrs, 0 /* pass in */);
-- slapi_ch_free((void **)&exattrs); /* strings are passed in */
--
- LDAPDebug( LDAP_DEBUG_REPL, "Sending dirsync search request\n", 0, 0, 0 );
-
- rc = ldap_search_ext( conn->ld, dn, scope, filter, attrs, PR_FALSE, server_controls,
-@@ -1010,20 +1005,14 @@ Slapi_Entry * windows_conn_get_search_result(Repl_Connection *conn)
- {
- if (( dn = ldap_get_dn( conn->ld, res )) != NULL )
- {
-- char **exattrs = NULL;
- slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"received entry from dirsync: %s\n", dn);
- lm = ldap_first_entry( conn->ld, res );
-- e = windows_private_get_curr_entry(conn->agmt); /* if range search, e != NULL */
-- e = windows_LDAPMessage2Entry(e, conn, lm, 0, &exattrs);
-+ /*
-+ * we don't have to retrieve all the members here.
-+ * here, we have to make sure to get the entry once.
-+ */
-+ e = windows_LDAPMessage2Entry(e, conn, lm, 0, NULL);
- ldap_memfree(dn);
-- if (exattrs) {
-- /* some attribute returned "<attr>;range=low-high" */
-- windows_private_set_curr_entry(conn->agmt, e);
-- windows_private_set_range_attrs(conn->agmt, exattrs);
-- } else {
-- windows_private_set_curr_entry(conn->agmt, NULL);
-- windows_private_set_range_attrs(conn->agmt, NULL);
-- }
- }
- }
- break;
-diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c
-index f5cb44e..c118236 100644
---- a/ldap/servers/plugins/replication/windows_private.c
-+++ b/ldap/servers/plugins/replication/windows_private.c
-@@ -1570,76 +1570,6 @@ windows_private_set_move_action(const Repl_Agmt *ra, int value)
- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_move_action\n" );
- }
-
--/* Get entry being retrieved; used for the range retrieval */
--Slapi_Entry *
--windows_private_get_curr_entry(const Repl_Agmt *ra)
--{
-- Dirsync_Private *dp;
--
-- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_curr_entry\n" );
--
-- PR_ASSERT(ra);
--
-- dp = (Dirsync_Private *) agmt_get_priv(ra);
-- PR_ASSERT (dp);
--
-- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_curr_entry\n" );
--
-- return dp->curr_entry;
--}
--
--/* Set entry being retrieved; used for the range retrieval */
--void
--windows_private_set_curr_entry(const Repl_Agmt *ra, Slapi_Entry *e)
--{
-- Dirsync_Private *dp;
--
-- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_curr_entry\n" );
--
-- PR_ASSERT(ra);
--
-- dp = (Dirsync_Private *) agmt_get_priv(ra);
-- PR_ASSERT (dp);
-- dp->curr_entry = e;
--
-- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_curr_entry\n" );
--}
--
--/* Get next range retrieval attributes */
--char **
--windows_private_get_range_attrs(const Repl_Agmt *ra)
--{
-- Dirsync_Private *dp;
--
-- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_range_attrs\n" );
--
-- PR_ASSERT(ra);
--
-- dp = (Dirsync_Private *) agmt_get_priv(ra);
-- PR_ASSERT (dp);
--
-- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_range_attrs\n" );
--
-- return dp->range_attrs;
--}
--
--/* Set next range retrieval attributes */
--void
--windows_private_set_range_attrs(const Repl_Agmt *ra, char **attrs)
--{
-- Dirsync_Private *dp;
--
-- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_move_action\n" );
--
-- PR_ASSERT(ra);
--
-- dp = (Dirsync_Private *) agmt_get_priv(ra);
-- PR_ASSERT (dp);
-- dp->range_attrs = attrs;
--
-- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_move_action\n" );
--}
--
- static PRCallOnceType winsync_callOnce = {0,0};
-
- struct winsync_plugin {
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index 6bf20b7..4cfa20d 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -5847,6 +5847,9 @@ windows_process_dirsync_entry(Private_Repl_Protocol *prp,Slapi_Entry *e, int is_
- /* Is this entry one we should be interested in ? */
- if (is_subject_of_agreement_remote(e,prp->agmt))
- {
-+ ConnResult cres = 0;
-+ const char *searchbase = slapi_entry_get_dn_const(e);
-+ char *filter = "(objectclass=*)";
- retry:
- /* First make its local DN */
- rc = map_entry_dn_inbound(e, &local_sdn, prp->agmt);
-@@ -5902,7 +5905,19 @@ retry:
- /* If it doesn't exist, try to make it */
- if (add_local_entry_allowed(prp,e))
- {
-- windows_create_local_entry(prp,e,local_sdn);
-+ found_entry = NULL;
-+ /*
-+ * BZ 1172037: Search with DirSync Control does not return the range subtype.
-+ * Re-search the entry to get all the attribute values over hard limit MaxValRange
-+ * on 2008R2. Note: 2012R2 does not have the hard limit.
-+ * If we stop supporting 2008R2, this windows_search_entry_ext call can be removed.
-+ */
-+ cres = windows_search_entry_ext(prp->conn, (char*)searchbase,
-+ filter, &found_entry, NULL, LDAP_SCOPE_BASE);
-+ if (found_entry) {
-+ e = found_entry;
-+ }
-+ windows_create_local_entry(prp, e, local_sdn);
- } else
- {
- slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: not allowed to add entry %s.\n",agmt_get_long_name(prp->agmt)
-@@ -5918,10 +5933,6 @@ retry:
- * We search Windows with the dn and retry using the found
- * entry.
- */
-- ConnResult cres = 0;
-- const char *searchbase = slapi_entry_get_dn_const(e);
-- char *filter = "(objectclass=*)";
--
- retried = 1;
- cres = windows_search_entry_ext(prp->conn, (char*)searchbase,
- filter, &found_entry, NULL, LDAP_SCOPE_BASE);
-diff --git a/ldap/servers/plugins/replication/windowsrepl.h b/ldap/servers/plugins/replication/windowsrepl.h
-index fd80212..66f4804 100644
---- a/ldap/servers/plugins/replication/windowsrepl.h
-+++ b/ldap/servers/plugins/replication/windowsrepl.h
-@@ -66,11 +66,6 @@ void windows_private_set_one_way(const Repl_Agmt *ra, PRBool value);
- int windows_private_get_move_action(const Repl_Agmt *ra);
- void windows_private_set_move_action(const Repl_Agmt *ra, int value);
-
--Slapi_Entry *windows_private_get_curr_entry(const Repl_Agmt *ra);
--void windows_private_set_curr_entry(const Repl_Agmt *ra, Slapi_Entry *e);
--char **windows_private_get_range_attrs(const Repl_Agmt *ra);
--void windows_private_set_range_attrs(const Repl_Agmt *ra, char **attrs);
--
- void windows_private_set_directory_userfilter(const Repl_Agmt *ra, char *filter);
- void windows_private_set_windows_userfilter(const Repl_Agmt *ra, char *filter);
- const char* windows_private_get_directory_userfilter(const Repl_Agmt *ra);
---
-1.9.3
-
diff --git a/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
new file mode 100644
index 0000000..39bef22
--- /dev/null
+++ b/SOURCES/0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
@@ -0,0 +1,37 @@
+From 741e8534323f6b7eb5565f8ec09ab2731e52735b Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 4 Aug 2016 13:26:44 -0700
+Subject: [PATCH] Ticket bz1358565 - clear and unsalted password types are
+ vulnerable to timing attack
+
+Description: Build fails with the commit f0e03b5a51972a125fe78f448d1f68e288782d1e:
+ error: 'for' loop initial declarations are only allowed in C99 mode
+ for (size_t i = 0; i < n; i++) {
+ ^
+Moved "size_t i;" to the top of slapi_ct_memcmp.
+---
+ ldap/servers/slapd/ch_malloc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/ch_malloc.c b/ldap/servers/slapd/ch_malloc.c
+index a38268c..705ea86 100644
+--- a/ldap/servers/slapd/ch_malloc.c
++++ b/ldap/servers/slapd/ch_malloc.c
+@@ -374,12 +374,13 @@ slapi_ct_memcmp( const void *p1, const void *p2, size_t n)
+ int result = 0;
+ const unsigned char *_p1 = (const unsigned char *)p1;
+ const unsigned char *_p2 = (const unsigned char *)p2;
++ size_t i;
+
+ if (_p1 == NULL || _p2 == NULL) {
+ return 2;
+ }
+
+- for (size_t i = 0; i < n; i++) {
++ for (i = 0; i < n; i++) {
+ if (_p1[i] ^ _p2[i]) {
+ result = 1;
+ }
+--
+2.4.11
+
diff --git a/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch b/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
deleted file mode 100644
index 1464ae9..0000000
--- a/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From bf8da26adf08db15ae2cbaeadb40f62af6c52037 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 29 Jul 2015 11:26:22 -0700
-Subject: [PATCH 31/39] Ticket #48232 - winsync lastlogon attribute not syncing
- between DS and AD.
-
-Bug Description:
-From Microsoft forum:
- The DirSync control taps into the replication stream to get the necessary
- changes. Since lastLogon is not replicated, it isn't available via the
- DirSync control.
-Additional notes:
- The lastLogon attribute is not replicated.
- In contrast the lastLogontimeStamp attribute is replicated.
-
-Fix Description:
- Instead of lastLogon|lastLogoff, sync lastLogonTimestamp|lastLogoffTimestamp
- which are the target of DirSync, to ntUserLastLogon|ntUserLastLogoff.
-
-https://fedorahosted.org/389/ticket/48232
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 0db29788e6c1b17f944fcafa368b66580e1e90d5)
-(cherry picked from commit b81adb0bc8ad97fec50fba30454e94858476bad5)
----
- ldap/servers/plugins/replication/windows_protocol_util.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index 4cfa20d..5c12af7 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -194,8 +194,8 @@ static windows_attribute_map user_attribute_map[] =
- {
- { "homeDirectory", "ntUserHomeDir", bidirectional, always, normal},
- { "scriptPath", "ntUserScriptPath", bidirectional, always, normal},
-- { "lastLogon", "ntUserLastLogon", fromwindowsonly, always, normal},
-- { "lastLogoff", "ntUserLastLogoff", fromwindowsonly, always, normal},
-+ { "lastLogonTimestamp", "ntUserLastLogon", fromwindowsonly, always, normal},
-+ { "lastLogoffTimestamp", "ntUserLastLogoff", fromwindowsonly, always, normal},
- { "accountExpires", "ntUserAcctExpires", bidirectional, always, normal},
- { "codePage", "ntUserCodePage", bidirectional, always, normal},
- { "logonHours", "ntUserLogonHours", bidirectional, always, normal},
---
-1.9.3
-
diff --git a/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch b/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch
new file mode 100644
index 0000000..df4c700
--- /dev/null
+++ b/SOURCES/0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch
@@ -0,0 +1,76 @@
+From 1d4ad57ad50a33b8a1ef2db7d592f2adb09c3083 Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Mon, 8 Aug 2016 13:56:02 +1000
+Subject: [PATCH 31/32] Ticket 48450 - Autotools components for
+ ds_systemd_ask_password_acl
+
+Bug Description: William forgot to add the Makefile.in to the commit. This was
+found in the rpm build because it does not run autoreconf to regenerate the
+Makefile.in, manifiesting as a missing file.
+
+Fix Description: Commit Makefile.in
+
+https://fedorahosted.org/389/ticket/48450
+
+Author: wibrown
+
+Review by: nhosoi@redhat.com
+
+(cherry picked from commit c5e4ca4e1e0f1ab8be60df7453e6f0b126e6581c)
+---
+ Makefile.in | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 8109469..6788fe1 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -2044,7 +2044,8 @@ sbin_SCRIPTS = ldap/admin/src/scripts/setup-ds.pl \
+ ldap/admin/src/scripts/dbmon.sh \
+ ldap/admin/src/scripts/ds_selinux_enabled \
+ ldap/admin/src/scripts/ds_selinux_port_query \
+- wrappers/ldap-agent
++ wrappers/ds_systemd_ask_password_acl \
++ wrappers/ldap-agent
+
+ bin_SCRIPTS = ldap/servers/slapd/tools/rsearch/scripts/dbgen.pl \
+ wrappers/dbscan \
+@@ -10359,7 +10360,7 @@ distdir: $(DISTFILES)
+ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+ || chmod -R a+r "$(distdir)"
+ dist-gzip: distdir
+- tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
++ tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
+ $(am__post_remove_distdir)
+ dist-bzip2: distdir
+ tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
+@@ -10384,7 +10385,7 @@ dist-shar: distdir
+ @echo WARNING: "Support for shar distribution archives is" \
+ "deprecated." >&2
+ @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
+- shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
++ shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
+ $(am__post_remove_distdir)
+
+ dist-zip: distdir
+@@ -10402,7 +10403,7 @@ dist dist-all:
+ distcheck: dist
+ case '$(DIST_ARCHIVES)' in \
+ *.tar.gz*) \
+- GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
++ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
+ *.tar.bz2*) \
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.lz*) \
+@@ -10412,7 +10413,7 @@ distcheck: dist
+ *.tar.Z*) \
+ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ *.shar.gz*) \
+- GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
++ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
+ *.zip*) \
+ unzip $(distdir).zip ;;\
+ esac
+--
+2.4.11
+
diff --git a/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch b/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
deleted file mode 100644
index f9682d7..0000000
--- a/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From ddf6d5dfd566d44a10af342d049f22b5dbe26381 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 30 Jul 2015 11:07:40 -0700
-Subject: [PATCH 32/39] Ticket #48231 - logconv autobind handling regression
- caused by 47446
-
-Description: When there are autobinds with ldapi, the tool fails with
-an syntax error:
- Use of uninitialized value in transliteration (tr///) at /Local/dirsrv/bin/logconv.pl line 2018, <$LOGFH> line 207.
- Use of uninitialized value $tmpp in hash element at /Local/dirsrv/bin/logconv.pl line 2019, <$LOGFH> line 207.
-
-Thanks for providing the fix and testing it, pj101 and rmeggins@redhat.com.
-
-Reviewed by nhosoi@redhat.com.
-
-https://fedorahosted.org/389/ticket/48231
-(cherry picked from commit 44a223f73a537445976a77af1652515ea46f970b)
-(cherry picked from commit e7fc14305e7e431034d5e076f31d2ee22742578f)
----
- ldap/admin/src/logconv.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index 3113f8a..9cd9aaa 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -2025,8 +2025,8 @@ sub parseLineNormal
- if($1 eq $rootDN){
- $rootDNBindCount++;
- }
-+ $tmpp = $1;
- if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
-- $tmpp = $1;
- $tmpp =~ tr/A-Z/a-z/;
- $hashes->{bindlist}->{$tmpp}++;
- }
---
-1.9.3
-
diff --git a/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch b/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
new file mode 100644
index 0000000..8a84fdc
--- /dev/null
+++ b/SOURCES/0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
@@ -0,0 +1,27 @@
+From bf87f952dc7a07786ddb9e895a956505cd951cf3 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 8 Aug 2016 10:12:33 -0700
+Subject: [PATCH 32/32] Ticket bz1358565 - clear and unsalted password types
+ are vulnerable to timing attack
+
+Description: Fixing a compiler warning introduced by commit
+f0e03b5a51972a125fe78f448d1f68e288782d1e.
+---
+ ldap/servers/plugins/pwdstorage/clear_pwd.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/pwdstorage/clear_pwd.c b/ldap/servers/plugins/pwdstorage/clear_pwd.c
+index 2afe16e..b9b362d 100644
+--- a/ldap/servers/plugins/pwdstorage/clear_pwd.c
++++ b/ldap/servers/plugins/pwdstorage/clear_pwd.c
+@@ -26,7 +26,6 @@ int
+ clear_pw_cmp( const char *userpwd, const char *dbpwd )
+ {
+ int result = 0;
+- int len = 0;
+ int len_user = strlen(userpwd);
+ int len_dbp = strlen(dbpwd);
+ if ( len_user != len_dbp ) {
+--
+2.4.11
+
diff --git a/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch b/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
deleted file mode 100644
index 2803014..0000000
--- a/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From 0536984f7b3e9d6e143936b0eda92b510f63d304 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 4 Aug 2015 12:15:31 -0400
-Subject: [PATCH 33/39] Ticket 47810 - memberOf plugin not properly rejecting
- updates
-
-Bug Description: When the memberOf plugin tries to add memberOf attribute to
- an entry during a mod-replace on a group, even though the
- update to the user entry fails, but plugin still allows
- the member to be added to the group.
-
-Fix Description: During a mod/replace check and return an error if the member
- update fails.
-
-https://fedorahosted.org/389/ticket/47810
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit eb54f03e240402a4bd16f9cde1d66539805f56ea)
-(cherry picked from commit b4b6adcec7d810c7893fd9cb888fa906b9ffa836)
----
- dirsrvtests/suites/betxns/betxn_test.py | 64 +++++++++++++++++++++++++++++++-
- ldap/servers/plugins/memberof/memberof.c | 13 ++++---
- 2 files changed, 70 insertions(+), 7 deletions(-)
-
-diff --git a/dirsrvtests/suites/betxns/betxn_test.py b/dirsrvtests/suites/betxns/betxn_test.py
-index 93c4c31..5da6e50 100644
---- a/dirsrvtests/suites/betxns/betxn_test.py
-+++ b/dirsrvtests/suites/betxns/betxn_test.py
-@@ -3,7 +3,7 @@
- # All rights reserved.
- #
- # License: GPL (version 3 or any later version).
--# See LICENSE for details.
-+# See LICENSE for details.
- # --- END COPYRIGHT BLOCK ---
- #
- import os
-@@ -174,6 +174,67 @@ def test_betxn_attr_uniqueness(topology):
- log.info('test_betxn_attr_uniqueness: PASSED')
-
-
-+def test_betxn_memberof(topology):
-+ ENTRY1_DN = 'cn=group1,' + DEFAULT_SUFFIX
-+ ENTRY2_DN = 'cn=group2,' + DEFAULT_SUFFIX
-+ PLUGIN_DN = 'cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config'
-+
-+ # Enable and configure memberOf plugin
-+ topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
-+ try:
-+ topology.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'member')])
-+ except ldap.LDAPError, e:
-+ log.fatal('test_betxn_memberof: Failed to update config(member): error ' + e.message['desc'])
-+ assert False
-+
-+ # Add our test entries
-+ try:
-+ topology.standalone.add_s(Entry((ENTRY1_DN, {'objectclass': "top groupofnames".split(),
-+ 'cn': 'group1'})))
-+ except ldap.LDAPError, e:
-+ log.error('test_betxn_memberof: Failed to add group1:' +
-+ ENTRY1_DN + ', error ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ topology.standalone.add_s(Entry((ENTRY2_DN, {'objectclass': "top groupofnames".split(),
-+ 'cn': 'group1'})))
-+ except ldap.LDAPError, e:
-+ log.error('test_betxn_memberof: Failed to add group2:' +
-+ ENTRY2_DN + ', error ' + e.message['desc'])
-+ assert False
-+
-+ #
-+ # Test mod replace
-+ #
-+
-+ # Add group2 to group1 - it should fail with objectclass violation
-+ try:
-+ topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_REPLACE, 'member', ENTRY2_DN)])
-+ log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.info('test_betxn_memberof: Group2 was correctly rejected (mod replace): error ' + e.message['desc'])
-+
-+ #
-+ # Test mod add
-+ #
-+
-+ # Add group2 to group1 - it should fail with objectclass violation
-+ try:
-+ topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_ADD, 'member', ENTRY2_DN)])
-+ log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.info('test_betxn_memberof: Group2 was correctly rejected (mod add): error ' + e.message['desc'])
-+
-+ #
-+ # Done
-+ #
-+
-+ log.info('test_betxn_memberof: PASSED')
-+
-+
- def test_betxn_final(topology):
- topology.standalone.delete()
- log.info('betxn test suite PASSED')
-@@ -187,6 +248,7 @@ def run_isolated():
- test_betxn_init(topo)
- test_betxt_7bit(topo)
- test_betxn_attr_uniqueness(topo)
-+ test_betxn_memberof(topo)
- test_betxn_final(topo)
-
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index 144285b..da52bc8 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -2373,6 +2373,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- struct slapi_entry *post_e = NULL;
- Slapi_Attr *pre_attr = 0;
- Slapi_Attr *post_attr = 0;
-+ int rc = 0;
- int i = 0;
-
- slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e );
-@@ -2449,14 +2450,14 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- in pre, not in post, delete from entry
- not in pre, in post, add to entry
- */
-- while(pre_index < pre_total || post_index < post_total)
-+ while(rc == 0 && (pre_index < pre_total || post_index < post_total))
- {
- if(pre_index == pre_total)
- {
- /* add the rest of post */
- slapi_sdn_set_normdn_byref(sdn,
- slapi_value_get_string(post_array[post_index]));
-- memberof_add_one(pb, config, group_sdn, sdn);
-+ rc = memberof_add_one(pb, config, group_sdn, sdn);
-
- post_index++;
- }
-@@ -2465,7 +2466,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- /* delete the rest of pre */
- slapi_sdn_set_normdn_byref(sdn,
- slapi_value_get_string(pre_array[pre_index]));
-- memberof_del_one(pb, config, group_sdn, sdn);
-+ rc = memberof_del_one(pb, config, group_sdn, sdn);
-
- pre_index++;
- }
-@@ -2482,7 +2483,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- /* delete pre array */
- slapi_sdn_set_normdn_byref(sdn,
- slapi_value_get_string(pre_array[pre_index]));
-- memberof_del_one(pb, config, group_sdn, sdn);
-+ rc = memberof_del_one(pb, config, group_sdn, sdn);
-
- pre_index++;
- }
-@@ -2491,7 +2492,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- /* add post array */
- slapi_sdn_set_normdn_byref(sdn,
- slapi_value_get_string(post_array[post_index]));
-- memberof_add_one(pb, config, group_sdn, sdn);
-+ rc = memberof_add_one(pb, config, group_sdn, sdn);
-
- post_index++;
- }
-@@ -2509,7 +2510,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
- }
- }
-
-- return 0;
-+ return rc;
- }
-
- /* memberof_load_array()
---
-1.9.3
-
diff --git a/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch b/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch
new file mode 100644
index 0000000..6862b7e
--- /dev/null
+++ b/SOURCES/0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch
@@ -0,0 +1,38 @@
+From cb23f2f29464f9f800a4cf1f1e3d48e0c66358c7 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 11 Aug 2016 10:50:02 -0400
+Subject: [PATCH 33/35] Ticket 48950 - Change example in /etc/sysconfig/dirsrv
+ to use tcmalloc
+
+Description: Update the example to use tcmalloc instead of jemalloc.
+
+https://fedorahosted.org/389/ticket/48950
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 06a4adb4ad42a2d7cee383d6e2ef69a7188251a2)
+---
+ ldap/admin/src/base-initconfig.in | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/ldap/admin/src/base-initconfig.in b/ldap/admin/src/base-initconfig.in
+index e803a36..0481c3e 100644
+--- a/ldap/admin/src/base-initconfig.in
++++ b/ldap/admin/src/base-initconfig.in
+@@ -43,8 +43,8 @@
+ # if using systemd, omit the "; export VARNAME" at the end
+ #PID_TIME=600 ; export PID_TIME
+
+-# jemalloc is a general purpose malloc implementation that emphasizes
+-# fragmentation avoidance and scalable concurrency support. jemalloc
+-# has been shown to have a significant positive impact on the Directory
+-# Server's process size/growth.
+-#LD_PRELOAD=@libdir@/@package_name@/libjemalloc.so.1 ; export LD_PRELOAD
++# The tcmalloc memory allocator has been shown to have a positive impact on
++# the Directory Server's virtual & resident memory size/growth. tcmalloc is
++# available on RHEL/Fedora in the gperftools package (this could be different
++# on other platforms). Here is an example of preloading tcmalloc:
++#LD_PRELOAD=@libdir@/libtcmalloc.so.4 ; export LD_PRELOAD
+--
+2.4.11
+
diff --git a/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch b/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
deleted file mode 100644
index 288ff91..0000000
--- a/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
+++ /dev/null
@@ -1,288 +0,0 @@
-From a117d87aac507e4002429e5f7aebe61a867da06d Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 5 Aug 2015 16:31:49 -0400
-Subject: [PATCH 34/39] Ticket 48215 - verify_db.pl doesn't verify DB specified
- by -a option
-
-Bug Description: verify_db.pl -a only uses the db location for
- checking the transaction logs, because it ends up
- calling "nsslapd dbverify" which only checks the
- db files in the server configuration.
-
-Fix Description: Allow a new argument to be passed to "nsslapd dbverify"
- that specifies the db parent directory.
-
-https://fedorahosted.org/389/ticket/48215
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 27fadb75ec1f3b252028ce715cd7fa16da1f6525)
-(cherry picked from commit 210071c682751897099e8eb138e5db1e47ac2bae)
----
- ldap/admin/src/scripts/dbverify.in | 3 ++-
- ldap/admin/src/scripts/verify-db.pl.in | 17 +++++++++--------
- ldap/servers/slapd/back-ldbm/dbverify.c | 13 +++++++++++++
- ldap/servers/slapd/main.c | 18 +++++++++++++-----
- ldap/servers/slapd/pblock.c | 12 +++++++++++-
- ldap/servers/slapd/slap.h | 2 ++
- ldap/servers/slapd/slapi-plugin.h | 3 +++
- man/man8/dbverify.8 | 3 +++
- 8 files changed, 56 insertions(+), 15 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
-index 6306a07..778a9ba 100755
---- a/ldap/admin/src/scripts/dbverify.in
-+++ b/ldap/admin/src/scripts/dbverify.in
-@@ -26,7 +26,7 @@ usage()
- }
-
- display_version="no"
--while getopts "Z:n:hVvfd:n:D:" flag
-+while getopts "Z:n:hVvfd:n:D:a:" flag
- do
- case $flag in
- h) usage
-@@ -39,6 +39,7 @@ do
- display_version="yes";;
- f) args=$args" -f";;
- D) args=$args" -D $OPTARG";;
-+ a) args=$args" -a $OPTARG";;
- ?) usage
- exit 1;;
- esac
-diff --git a/ldap/admin/src/scripts/verify-db.pl.in b/ldap/admin/src/scripts/verify-db.pl.in
-index ae56a16..d481ecb 100644
---- a/ldap/admin/src/scripts/verify-db.pl.in
-+++ b/ldap/admin/src/scripts/verify-db.pl.in
-@@ -16,7 +16,7 @@ DSUtil::libpath_add("@db_libdir@");
- DSUtil::libpath_add("@libdir@");
- $ENV{'PATH'} = "@libdir@/@package_name@/slapd-$servid:@db_bindir@:/usr/bin:/";
- $ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
--
-+my $custom_dbdir = 0;
- my $i = 0;
-
- sub usage
-@@ -118,12 +118,7 @@ sub getLastLogfile
- return \$logfile;
- }
-
--$isWin = -d '\\';
--if ($isWin) {
-- $NULL = "nul";
--} else {
-- $NULL = "/dev/null";
--}
-+$NULL = "/dev/null";
-
- while ($i <= $#ARGV) {
- if ( "$ARGV[$i]" eq "-a" ) { # path to search the db files
-@@ -149,6 +144,8 @@ print("*****************************************************************\n");
-
- if ( "$startpoint" eq "" ) {
- $startpoint = "@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/db";
-+} else {
-+ $custom_dbdir = 1;
- }
- # get dirs having DBVERSION
- my $dbdirs = getDbDir($startpoint);
-@@ -192,7 +189,11 @@ for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++)
-
- # Check db files by db_verify
- print "Verify db files ... ";
--open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |");
-+if ($custom_dbdir){
-+ open(DBVERIFY, "@sbindir@/dbverify -Z $servid -a $startpoint 2>&1 1> $NULL |");
-+} else {
-+ open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |");
-+}
- sleep 1;
- my $bad_index = 0;
- my $bad_id2entry = 0;
-diff --git a/ldap/servers/slapd/back-ldbm/dbverify.c b/ldap/servers/slapd/back-ldbm/dbverify.c
-index 85ee7a0..315ef93 100644
---- a/ldap/servers/slapd/back-ldbm/dbverify.c
-+++ b/ldap/servers/slapd/back-ldbm/dbverify.c
-@@ -186,13 +186,16 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
- int rval = 1;
- int rval_main = 0;
- char **instance_names = NULL;
-+ char *dbdir = NULL;
-
- slapi_log_error(SLAPI_LOG_TRACE, "verify DB", "Verifying db files...\n");
- slapi_pblock_get(pb, SLAPI_BACKEND_INSTANCE_NAME, &instance_names);
- slapi_pblock_get(pb, SLAPI_SEQ_TYPE, &verbose);
- slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &li);
-+ slapi_pblock_get(pb, SLAPI_DBVERIFY_DBDIR, &dbdir);
- ldbm_config_load_dse_info(li);
- ldbm_config_internal_set(li, CONFIG_DB_TRANSACTION_LOGGING, "off");
-+
- /* no write needed; choose EXPORT MODE */
- if (0 != dblayer_start(li, DBLAYER_EXPORT_MODE))
- {
-@@ -211,6 +214,11 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
- inst = ldbm_instance_find_by_name(li, *inp);
- if (inst)
- {
-+ if (dbdir){
-+ /* verifying backup */
-+ slapi_ch_free_string(&inst->inst_parent_dir_name);
-+ inst->inst_parent_dir_name = slapi_ch_strdup(dbdir);
-+ }
- rval_main |= dbverify_ext(inst, verbose);
- }
- else
-@@ -235,6 +243,11 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
- inst->inst_name);
- continue; /* skip this instance and go to the next*/
- }
-+ if (dbdir){
-+ /* verifying backup */
-+ slapi_ch_free_string(&inst->inst_parent_dir_name);
-+ inst->inst_parent_dir_name = slapi_ch_strdup(dbdir);
-+ }
- rval_main |= dbverify_ext(inst, verbose);
- }
- }
-diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
-index 9016144..922de97 100644
---- a/ldap/servers/slapd/main.c
-+++ b/ldap/servers/slapd/main.c
-@@ -435,13 +435,15 @@ static int ldif_printkey = EXPORT_PRINTKEY|EXPORT_APPENDMODE;
- static char *archive_name = NULL;
- static int db2ldif_dump_replica = 0;
- static int db2ldif_dump_uniqueid = 1;
--static int ldif2db_generate_uniqueid = SLAPI_UNIQUEID_GENERATE_TIME_BASED;
--static int dbverify_verbose = 0;
-+static int ldif2db_generate_uniqueid = SLAPI_UNIQUEID_GENERATE_TIME_BASED;
- static char *ldif2db_namespaceid = NULL;
- int importexport_encrypt = 0;
- static int upgradedb_flags = 0;
- static int upgradednformat_dryrun = 0;
- static int is_quiet = 0;
-+/* dbverify options */
-+static int dbverify_verbose = 0;
-+static char *dbverify_dbdir = NULL;
-
- /* taken from idsktune */
- #if defined(__sun)
-@@ -1301,13 +1303,14 @@ process_command_line(int argc, char **argv, char *myname,
- {"dryrun",ArgNone,'N'},
- {0,0,0}};
-
-- char *opts_dbverify = "vVfd:n:D:";
-+ char *opts_dbverify = "vVfd:n:D:a:";
- struct opt_ext long_options_dbverify[] = {
- {"version",ArgNone,'v'},
- {"debug",ArgRequired,'d'},
- {"backend",ArgRequired,'n'},
- {"configDir",ArgRequired,'D'},
- {"verbose",ArgNone,'V'},
-+ {"dbdir",ArgRequired,'a'},
- {0,0,0}};
-
- char *opts_referral = "vd:p:r:SD:";
-@@ -1674,7 +1677,11 @@ process_command_line(int argc, char **argv, char *myname,
- break;
-
- case 'a': /* archive pathname for db */
-- archive_name = optarg_ext;
-+ if ( slapd_exemode == SLAPD_EXEMODE_DBVERIFY ) {
-+ dbverify_dbdir = optarg_ext;
-+ } else {
-+ archive_name = optarg_ext;
-+ }
- break;
-
- case 'Z':
-@@ -2688,7 +2695,8 @@ slapd_exemode_dbverify()
- pb.pb_plugin = backend_plugin;
- pb.pb_instance_name = (char *)cmd_line_instance_names;
- pb.pb_task_flags = SLAPI_TASK_RUNNING_FROM_COMMANDLINE;
--
-+ pb.pb_dbverify_dbdir = dbverify_dbdir;
-+
- if ( backend_plugin->plg_dbverify != NULL ) {
- return_value = (*backend_plugin->plg_dbverify)( &pb );
- } else {
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index c10f788..bf57a33 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -5,7 +5,7 @@
- * All rights reserved.
- *
- * License: GPL (version 3 or any later version).
-- * See LICENSE for details.
-+ * See LICENSE for details.
- * END COPYRIGHT BLOCK **/
-
- #ifdef HAVE_CONFIG_H
-@@ -1677,6 +1677,11 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- (*(IFP*)value) = pblock->pb_txn_ruv_mods_fn;
- break;
-
-+ /* dbverify */
-+ case SLAPI_DBVERIFY_DBDIR:
-+ (*(char **)value) = pblock->pb_dbverify_dbdir;
-+ break;
-+
- /* Search results set */
- case SLAPI_SEARCH_RESULT_SET:
- if(pblock->pb_op!=NULL)
-@@ -3520,6 +3525,11 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
- pblock->pb_aci_target_check = *((int *) value);
- break;
-
-+ /* dbverify */
-+ case SLAPI_DBVERIFY_DBDIR:
-+ pblock->pb_dbverify_dbdir = (char *) value;
-+ break;
-+
- default:
- LDAPDebug( LDAP_DEBUG_ANY,
- "Unknown parameter block argument %d\n", arg, 0, 0 );
-diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
-index 6d1ad7b..823568d 100644
---- a/ldap/servers/slapd/slap.h
-+++ b/ldap/servers/slapd/slap.h
-@@ -1600,6 +1600,8 @@ typedef struct slapi_pblock {
- int pb_seq_type;
- char *pb_seq_attrname;
- char *pb_seq_val;
-+ /* dbverify argument */
-+ char *pb_dbverify_dbdir;
- /* ldif2db arguments */
- char *pb_ldif_file;
- int pb_removedupvals;
-diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
-index a8c7a4a..6b04610 100644
---- a/ldap/servers/slapd/slapi-plugin.h
-+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -7289,6 +7289,9 @@ typedef struct slapi_plugindesc {
- /* ACI Target Check */
- #define SLAPI_ACI_TARGET_CHECK 1946
-
-+/* dbverify */
-+#define SLAPI_DBVERIFY_DBDIR 1947
-+
- /* convenience macros for checking modify operation types */
- #define SLAPI_IS_MOD_ADD(x) (((x) & ~LDAP_MOD_BVALUES) == LDAP_MOD_ADD)
- #define SLAPI_IS_MOD_DELETE(x) (((x) & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE)
-diff --git a/man/man8/dbverify.8 b/man/man8/dbverify.8
-index 30d6933..c74747a 100644
---- a/man/man8/dbverify.8
-+++ b/man/man8/dbverify.8
-@@ -31,6 +31,9 @@ one instance on the system, this option can be skipped.
- .B \fB\-n\fR \fIBackend Name\fR
- The name of the LDBM database to reindex. Example: userRoot
- .TP
-+.B \fB\-a\fR \fIDatabase Directory\fR
-+Location of database if it is different than what is in the server configuration(e.g. backup directories)
-+.TP
- .B \fB\-d\fR \fIDebug Level\fR
- Sets the debugging level.
- .TP
---
-1.9.3
-
diff --git a/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch b/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch
new file mode 100644
index 0000000..8cc9460
--- /dev/null
+++ b/SOURCES/0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch
@@ -0,0 +1,183 @@
+From 1cd2d9b06b8bc006078ed26bb0d3cbe808681a86 Mon Sep 17 00:00:00 2001
+From: Ludwig Krispenz <lkrispen@redhat.com>
+Date: Fri, 12 Aug 2016 14:06:21 +0200
+Subject: [PATCH 34/35] Ticket 48954 - replication fails because anchorcsn
+ cannot be found
+
+Bug Description: the anchorcsn is calculated based on supploier and consumer
+ ruv. If this csn is not found in the changelog
+ replication stops.
+
+Fix Description: Fix consists of two parts
+ 1. log start-iteration csn record for all replicas
+ after initialization
+ 2. If the csn still cannot be found
+ - log an error
+ - use the closest csn available by calling
+ cursor->c_get with DB_SET_RANGE instead of DB_SET
+
+https://fedorahosted.org/389/ticket/48954
+
+Reviewed by: Noriko, Thierry. thanks
+
+(cherry picked from commit 0721856d5a203689c15ea66ffe6c94ce4d785bd7)
+---
+ ldap/servers/plugins/replication/cl5_clcache.c | 32 +++++++++++--
+ ldap/servers/plugins/replication/repl5_replica.c | 58 ++++++++++++++++--------
+ 2 files changed, 67 insertions(+), 23 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
+index 2d3bb28..74f0fec 100644
+--- a/ldap/servers/plugins/replication/cl5_clcache.c
++++ b/ldap/servers/plugins/replication/cl5_clcache.c
+@@ -376,6 +376,7 @@ clcache_load_buffer_bulk ( CLC_Buffer *buf, int flag )
+ DBC *cursor = NULL;
+ int rc = 0;
+ int tries = 0;
++ int use_flag = flag;
+
+ #if 0 /* txn control seems not improving anything so turn it off */
+ if ( *(_pool->pl_dbenv) ) {
+@@ -400,20 +401,44 @@ clcache_load_buffer_bulk ( CLC_Buffer *buf, int flag )
+ retry:
+ if ( 0 == ( rc = clcache_open_cursor ( txn, buf, &cursor )) ) {
+
+- if ( flag == DB_NEXT ) {
++ if ( use_flag == DB_NEXT ) {
+ /* For bulk read, position the cursor before read the next block */
+ rc = cursor->c_get ( cursor,
+ & buf->buf_key,
+ & buf->buf_data,
+ DB_SET );
++ if (rc == DB_NOTFOUND) {
++ /* the start position in the changelog is not found
++ * 1. log an error
++ * 2. try to find another starting position as close
++ * as possible
++ */
++ slapi_log_error ( SLAPI_LOG_FATAL, "clcache_load_buffer_bulk",
++ "changelog record with csn (%s) not found for DB_NEXT\n",
++ (char *)buf->buf_key.data );
++ rc = cursor->c_get ( cursor, & buf->buf_key, & buf->buf_data,
++ DB_SET_RANGE );
++ /* this moves the cursor ahead of the tageted csn,
++ * so we achieved what was intended with DB_SET/DB_NEXT
++ * continute at this csn.
++ */
++ use_flag = DB_CURRENT;
++ }
+ }
+
+ /*
+ * Continue if the error is no-mem since we don't need to
+ * load in the key record anyway with DB_SET.
+ */
+- if ( 0 == rc || DB_BUFFER_SMALL == rc )
+- rc = clcache_cursor_get ( cursor, buf, flag );
++ if ( 0 == rc || DB_BUFFER_SMALL == rc ) {
++ rc = clcache_cursor_get ( cursor, buf, use_flag );
++ if ( rc == DB_NOTFOUND && use_flag == DB_SET) {
++ slapi_log_error ( SLAPI_LOG_FATAL, "clcache_load_buffer_bulk",
++ "changelog record with csn (%s) not found for DB_SET\n",
++ (char *)buf->buf_key.data );
++ rc = clcache_cursor_get ( cursor, buf, DB_SET_RANGE );
++ }
++ }
+
+ }
+
+@@ -434,6 +459,7 @@ retry:
+ /* back off */
+ interval = PR_MillisecondsToInterval(slapi_rand() % 100);
+ DS_Sleep(interval);
++ use_flag = flag;
+ goto retry;
+ }
+ if ((rc == DB_LOCK_DEADLOCK) && (tries >= MAX_TRIALS)) {
+diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
+index b5d65ef..7360d97 100644
+--- a/ldap/servers/plugins/replication/repl5_replica.c
++++ b/ldap/servers/plugins/replication/repl5_replica.c
+@@ -3794,41 +3794,59 @@ replica_remove_legacy_attr (const Slapi_DN *repl_root_sdn, const char *attr)
+ slapi_mods_done (&smods);
+ slapi_pblock_destroy (pb);
+ }
++typedef struct replinfo {
++ char *repl_gen;
++ char *repl_name;
++} replinfo;
++
++static int
++replica_log_start_iteration(const ruv_enum_data *rid_data, void *data)
++{
++ int rc = 0;
++ replinfo *r_info = (replinfo *)data;
++ slapi_operation_parameters op_params;
++
++ if (rid_data->csn == NULL) return 0;
++
++ memset (&op_params, 0, sizeof (op_params));
++ op_params.operation_type = SLAPI_OPERATION_DELETE;
++ op_params.target_address.sdn = slapi_sdn_new_ndn_byval(START_ITERATION_ENTRY_DN);
++ op_params.target_address.uniqueid = START_ITERATION_ENTRY_UNIQUEID;
++ op_params.csn = csn_dup(rid_data->csn);
++ rc = cl5WriteOperation(r_info->repl_name, r_info->repl_gen, &op_params, PR_FALSE);
++ if (rc == CL5_SUCCESS)
++ rc = 0;
++ else
++ rc = -1;
++
++ slapi_sdn_free(&op_params.target_address.sdn);
++ csn_free (&op_params.csn);
++
++ return rc;
++}
+
+ static int
+ replica_log_ruv_elements_nolock (const Replica *r)
+ {
+ int rc = 0;
+- slapi_operation_parameters op_params;
+ RUV *ruv;
+ char *repl_gen;
+- CSN *csn = NULL;
++ replinfo r_info;
+
+ ruv = (RUV*) object_get_data (r->repl_ruv);
+ PR_ASSERT (ruv);
+
+- if ((ruv_get_min_csn(ruv, &csn) == RUV_SUCCESS) && csn)
+- {
+ /* we log it as a delete operation to have the least number of fields
+ to set. the entry can be identified by a special target uniqueid and
+ special target dn */
+- memset (&op_params, 0, sizeof (op_params));
+- op_params.operation_type = SLAPI_OPERATION_DELETE;
+- op_params.target_address.sdn = slapi_sdn_new_ndn_byval(START_ITERATION_ENTRY_DN);
+- op_params.target_address.uniqueid = START_ITERATION_ENTRY_UNIQUEID;
+- op_params.csn = csn;
+- repl_gen = ruv_get_replica_generation (ruv);
+-
+- rc = cl5WriteOperation(r->repl_name, repl_gen, &op_params, PR_FALSE);
+- if (rc == CL5_SUCCESS)
+- rc = 0;
+- else
+- rc = -1;
++ repl_gen = ruv_get_replica_generation (ruv);
+
+- slapi_ch_free ((void**)&repl_gen);
+- slapi_sdn_free(&op_params.target_address.sdn);
+- csn_free (&csn);
+- }
++ r_info.repl_name = r->repl_name;
++ r_info.repl_gen = repl_gen;
++
++ rc = ruv_enumerate_elements(ruv, replica_log_start_iteration, &r_info);
++
++ slapi_ch_free ((void**)&repl_gen);
+
+ return rc;
+ }
+--
+2.4.11
+
diff --git a/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch b/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch
deleted file mode 100644
index b0931eb..0000000
--- a/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 4fdac66777dd780bd1e46d91bf38513832934695 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 6 Aug 2015 10:13:40 -0400
-Subject: [PATCH 35/39] Ticket 48215 - update dbverify usage
-
-Description: Need to add the "-a" argument usage
-
-https://fedorahosted.org/389/ticket/48215
-(cherry picked from commit 20284e6539f557efc0679d974d5156cdcd55c407)
-(cherry picked from commit 8e08c8b53641d807b63d87ee79564c596c5da4dd)
----
- ldap/admin/src/scripts/dbverify.in | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
-index 778a9ba..461cc16 100755
---- a/ldap/admin/src/scripts/dbverify.in
-+++ b/ldap/admin/src/scripts/dbverify.in
-@@ -14,15 +14,16 @@ PATH=$PATH:/bin
-
- usage()
- {
-- echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V] [-v] [-d debuglevel] [-h]"
-+ echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-a db_directory ] [-V] [-v] [-d debuglevel] [-h]"
- echo "Note if \"-n backend\" is not passed, verify all DBs."
- echo "Options:"
-- echo " -Z - Server instance identifier"
-- echo " -n backend - Backend database name. Example: userRoot"
-- echo " -V - Verbose output"
-- echo " -d debuglevel - Debugging level"
-- echo " -v - Display version"
-- echo " -h - Display usage"
-+ echo " -Z - Server instance identifier"
-+ echo " -n backend - Backend database name. Example: userRoot"
-+ echo " -a db_directory - Database directory"
-+ echo " -V - Verbose output"
-+ echo " -d debuglevel - Debugging level"
-+ echo " -v - Display version"
-+ echo " -h - Display usage"
- }
-
- display_version="no"
---
-1.9.3
-
diff --git a/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch b/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch
new file mode 100644
index 0000000..2a21292
--- /dev/null
+++ b/SOURCES/0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch
@@ -0,0 +1,320 @@
+From 3d1a6717b4b8c11dda68dd3d1a923acb2e6c5eeb Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Wed, 17 Aug 2016 16:46:47 +0200
+Subject: [PATCH 35/35] Ticket 48956 ns-accountstatus.pl showing "activated"
+ user even if it is inactivated
+
+Bug Description:
+ If the account policy DN is long (suffix is long), it is fold on several lines.
+ So when looking for it, the base DN is invalid and fail to retrieve it and the limit value.
+
+Fix Description:
+ Change the DSutil search to be in no fold
+
+https://fedorahosted.org/389/ticket/48956
+
+Reviewed by: Noriko Hosoi (Thanks Noriko)
+
+Platforms tested: F23
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit 3cce9f9188a38e1a5043c9659ecbc5955ddb0242)
+---
+ dirsrvtests/tests/tickets/ticket48956_test.py | 167 ++++++++++++++++++++++++++
+ ldap/admin/src/scripts/DSUtil.pm.in | 34 +++---
+ 2 files changed, 185 insertions(+), 16 deletions(-)
+ create mode 100644 dirsrvtests/tests/tickets/ticket48956_test.py
+
+diff --git a/dirsrvtests/tests/tickets/ticket48956_test.py b/dirsrvtests/tests/tickets/ticket48956_test.py
+new file mode 100644
+index 0000000..291dd4e
+--- /dev/null
++++ b/dirsrvtests/tests/tickets/ticket48956_test.py
+@@ -0,0 +1,167 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++import subprocess
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++
++DEBUGGING = False
++
++RDN_LONG_SUFFIX = 'this'
++LONG_SUFFIX = "dc=%s,dc=is,dc=a,dc=very,dc=long,dc=suffix,dc=so,dc=long,dc=suffix,dc=extremely,dc=long,dc=suffix" % RDN_LONG_SUFFIX
++LONG_SUFFIX_BE = 'ticket48956'
++
++
++ACCT_POLICY_PLUGIN_DN = 'cn=%s,cn=plugins,cn=config' % PLUGIN_ACCT_POLICY
++ACCT_POLICY_CONFIG_DN = 'cn=config,%s' % ACCT_POLICY_PLUGIN_DN
++
++
++INACTIVITY_LIMIT = '9'
++SEARCHFILTER = '(objectclass=*)'
++
++TEST_USER = 'ticket48956user'
++TEST_USER_PW = '%s' % TEST_USER
++
++if DEBUGGING:
++ logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++ logging.getLogger(__name__).setLevel(logging.INFO)
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++ """The DS Topology Class"""
++ def __init__(self, standalone):
++ """Init"""
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ """Create DS Deployment"""
++
++ # Creating standalone instance ...
++ if DEBUGGING:
++ standalone = DirSrv(verbose=True)
++ else:
++ standalone = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++ instance_standalone = standalone.exists()
++ if instance_standalone:
++ standalone.delete()
++ standalone.create()
++ standalone.open()
++
++ def fin():
++ """If we are debugging just stop the instances, otherwise remove them
++ """
++ if DEBUGGING:
++ standalone.stop()
++ else:
++ standalone.delete()
++ request.addfinalizer(fin)
++
++ return TopologyStandalone(standalone)
++
++def _check_status(topology, user, expected):
++ nsaccountstatus = '%s/sbin/ns-accountstatus.pl' % topology.standalone.prefix
++ proc = subprocess.Popen([nsaccountstatus, '-Z', 'standalone', '-D', DN_DM, '-w', PASSWORD, '-p', str(topology.standalone.port), '-I', user], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
++
++ found = False
++ while True:
++ l = proc.stdout.readline()
++ log.info("output: %s" % l)
++ if l == "":
++ break
++ if expected in l:
++ found = True
++ break
++ return found
++
++def _check_inactivity(topology, mysuffix):
++ ACCT_POLICY_DN = 'cn=Account Inactivation Policy,%s' % mysuffix
++ log.info("\n######################### Adding Account Policy entry: %s ######################\n" % ACCT_POLICY_DN)
++ topology.standalone.add_s(Entry((ACCT_POLICY_DN, {'objectclass': "top ldapsubentry extensibleObject accountpolicy".split(),
++ 'accountInactivityLimit': INACTIVITY_LIMIT})))
++ TEST_USER_DN = 'uid=%s,%s' % (TEST_USER, mysuffix)
++ log.info("\n######################### Adding Test User entry: %s ######################\n" % TEST_USER_DN)
++ topology.standalone.add_s(Entry((TEST_USER_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
++ 'cn': TEST_USER,
++ 'sn': TEST_USER,
++ 'givenname': TEST_USER,
++ 'userPassword': TEST_USER_PW,
++ 'acctPolicySubentry': ACCT_POLICY_DN})))
++
++ # Setting the lastLoginTime
++ try:
++ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PW)
++ except ldap.CONSTRAINT_VIOLATION as e:
++ log.error('CONSTRAINT VIOLATION ' + e.message['desc'])
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++
++ assert(_check_status(topology, TEST_USER_DN, '- activated'))
++
++ time.sleep(int(INACTIVITY_LIMIT) + 5)
++ assert(_check_status(topology, TEST_USER_DN, '- inactivated (inactivity limit exceeded'))
++
++def test_ticket48956(topology):
++ """Write your testcase here...
++
++ Also, if you need any testcase initialization,
++ please, write additional fixture for that(include finalizer).
++
++ """
++
++ topology.standalone.modify_s(ACCT_POLICY_PLUGIN_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', ACCT_POLICY_CONFIG_DN)])
++
++ topology.standalone.modify_s(ACCT_POLICY_CONFIG_DN, [(ldap.MOD_REPLACE, 'alwaysrecordlogin', 'yes'),
++ (ldap.MOD_REPLACE, 'stateattrname', 'lastLoginTime'),
++ (ldap.MOD_REPLACE, 'altstateattrname', 'createTimestamp'),
++ (ldap.MOD_REPLACE, 'specattrname', 'acctPolicySubentry'),
++ (ldap.MOD_REPLACE, 'limitattrname', 'accountInactivityLimit')])
++
++ # Enable the plugins
++ topology.standalone.plugins.enable(name=PLUGIN_ACCT_POLICY)
++
++ topology.standalone.restart(timeout=10)
++
++ # Check inactivity on standard suffix (short)
++ _check_inactivity(topology, SUFFIX)
++
++ # Check inactivity on a long suffix
++ topology.standalone.backend.create(LONG_SUFFIX, {BACKEND_NAME: LONG_SUFFIX_BE})
++ topology.standalone.mappingtree.create(LONG_SUFFIX, bename=LONG_SUFFIX_BE)
++ topology.standalone.add_s(Entry((LONG_SUFFIX, {
++ 'objectclass': "top domain".split(),
++ 'dc': RDN_LONG_SUFFIX})))
++ _check_inactivity(topology, LONG_SUFFIX)
++
++
++ if DEBUGGING:
++ # Add debugging steps(if any)...
++ pass
++
++ log.info('Test PASSED')
++
++
++if __name__ == '__main__':
++ # Run isolated
++ # -s for DEBUG mode
++ CURRENT_FILE = os.path.realpath(__file__)
++ pytest.main("-s %s" % CURRENT_FILE)
++
+diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
+index f53f0c0..756d6ea 100644
+--- a/ldap/admin/src/scripts/DSUtil.pm.in
++++ b/ldap/admin/src/scripts/DSUtil.pm.in
+@@ -1201,8 +1201,10 @@ sub get_info {
+ my $toollib = `ldapsearch -V 2>&1`;
+ if ($toollib =~ /OpenLDAP/) {
+ $info{openldap} = "yes";
++ $info{nofold} = "-o ldif-wrap=no";
+ } else {
+ $info{openldap} = "no";
++ $info{nofold} = "-T";
+ }
+
+ #
+@@ -1537,10 +1539,10 @@ sub ldapsrch {
+ print "STARTTLS)\n";
+ }
+ if($info{openldap} eq "yes"){
+- $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " .
++ $search = "ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " .
+ "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+ } else {
+- $search = "ldapsearch -ZZZ -P \"$info{certdir}\" -p $info{port} -h $info{host} -D \"$info{rootdn}\" " .
++ $search = "ldapsearch -ZZZ -P \"$info{certdir}\" -p $info{port} -h $info{host} -D \"$info{rootdn}\" $info{nofold} " .
+ "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+ }
+ } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){
+@@ -1551,10 +1553,10 @@ sub ldapsrch {
+ print "LDAPS)\n";
+ }
+ if($info{openldap} eq "yes"){
+- $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" " .
++ $search = "ldapsearch -x -LLL -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" $info{nofold} " .
+ "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+ } else {
+- $search = "ldapsearch -Z -P \"$info{certdir}\" -p $info{secure_port} -h $info{host} -D \"$info{rootdn}\" " .
++ $search = "ldapsearch -Z -P \"$info{certdir}\" -p $info{secure_port} -h $info{host} -D \"$info{rootdn}\" $info{nofold} " .
+ "-w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+ }
+ } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){
+@@ -1562,10 +1564,10 @@ sub ldapsrch {
+ # LDAPI
+ #
+ if ($< == 0 && $info{autobind} eq "on"){
+- $search = "ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL " .
++ $search = "ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{nofold} " .
+ "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} 2>/dev/null";
+ } else {
+- $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw " .
++ $search = "ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " .
+ "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+ }
+ } else {
+@@ -1576,10 +1578,10 @@ sub ldapsrch {
+ print "LDAP)\n";
+ }
+ if($info{openldap} eq "yes"){
+- $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " .
++ $search = "ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " .
+ "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+ } else {
+- $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw " .
++ $search = "ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} " .
+ "$info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs}";
+ }
+ }
+@@ -1611,9 +1613,9 @@ sub ldapsrch_ext {
+ print "STARTTLS)\n";
+ }
+ if($info{openldap} eq "yes"){
+- return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++ return `ldapsearch -x -LLL -ZZ -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+ } else {
+- return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++ return `ldapsearch -ZZZ -P $info{certdir} -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+ }
+ } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){
+ #
+@@ -1623,18 +1625,18 @@ sub ldapsrch_ext {
+ print "LDAPS)\n";
+ }
+ if($info{openldap} eq "yes"){
+- return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++ return `ldapsearch -x -LLL -H ldaps://$info{host}:$info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+ } else {
+- return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++ return `ldapsearch -Z -P $info{certdir} -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+ }
+ } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){
+ #
+ # LDAPI
+ #
+ if ($< == 0 && $info{autobind} eq "on"){
+- return `ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect} 2>/dev/null`;
++ return `ldapsearch -LLL -H \"$info{ldapiURL}\" -Y EXTERNAL $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect} 2>/dev/null`;
+ } else {
+- return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++ return `ldapsearch -x -LLL -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+ }
+ } else {
+ #
+@@ -1644,9 +1646,9 @@ sub ldapsrch_ext {
+ print "LDAP)\n";
+ }
+ if($info{openldap} eq "yes"){
+- return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++ return `ldapsearch -x -LLL -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+ } else {
+- return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
++ return `ldapsearch -p $info{port} -h $info{host} -D \"$info{rootdn}\" -w $myrootdnpw $info{nofold} $info{srch_args} -b \"$info{base}\" -s $info{scope} \"$info{filter}\" $info{attrs} $info{redirect}`;
+ }
+ }
+ }
+--
+2.4.11
+
diff --git a/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch b/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
deleted file mode 100644
index 82f9189..0000000
--- a/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 5e348707ba4bece4ad4c75a8b640f1c40cbbaa0e Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 6 Aug 2015 11:27:40 -0400
-Subject: [PATCH 36/39] Ticket 48215 - update dbverify usage in main.c
-
-Description: Need to update dbverify usage in main.c
-
-https://fedorahosted.org/389/ticket/48215
-(cherry picked from commit c1912cdcac8319e2fe0f98f765aa935e6a8ff297)
-(cherry picked from commit c842dbe3d0ee2ac28c55e31b9b8e5e5a3c5dc200)
----
- ldap/servers/slapd/main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
-index 922de97..4f9fbfe 100644
---- a/ldap/servers/slapd/main.c
-+++ b/ldap/servers/slapd/main.c
-@@ -398,7 +398,7 @@ usage( char *name, char *extraname )
- usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-N] -n backend-instance-name -a fullpath-backend-instance-dir-full\n";
- break;
- case SLAPD_EXEMODE_DBVERIFY:
-- usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-n backend-instance-name]\n";
-+ usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-n backend-instance-name] [-a db-directory]\n";
- break;
-
- default: /* SLAPD_EXEMODE_SLAPD */
---
-1.9.3
-
diff --git a/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch b/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch
new file mode 100644
index 0000000..f48a0e5
--- /dev/null
+++ b/SOURCES/0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch
@@ -0,0 +1,212 @@
+From 4525faed1a8cb985596c0617abc6ce32fb85b7c2 Mon Sep 17 00:00:00 2001
+From: William Brown <firstyear@redhat.com>
+Date: Fri, 19 Aug 2016 12:49:17 +1000
+Subject: [PATCH 36/45] Ticket 48958 - Audit fail log doesn't work if audit log
+ disabled.
+
+Bug Description: Due to a configuration interpretation issue, when audit was
+not enabled, but auditfail was with no log defined, the fail log should write to
+the audit log location on failed events, but audit events should not be written.
+This did not work.
+
+Fix Description: This was because when we wrote to the audit file in the
+abscence of the auditfail log, the audit enabled state was checked. This adds a
+check to determine what the source event was from, and to check the correct log
+enabled state during the event processing.
+
+https://fedorahosted.org/389/ticket/48958
+
+Author: wibrown
+
+Review by: nhosoi (Thank you!)
+
+(cherry picked from commit 5fed8021a0487c092af6038d4a7dcce1ef3fab75)
+---
+ ldap/servers/slapd/auditlog.c | 15 +++++----
+ ldap/servers/slapd/log.c | 71 ++++++++++++++++++++++++-----------------
+ ldap/servers/slapd/proto-slap.h | 4 +--
+ 3 files changed, 53 insertions(+), 37 deletions(-)
+
+diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
+index 0f4cc94..ec7111b 100644
+--- a/ldap/servers/slapd/auditlog.c
++++ b/ldap/servers/slapd/auditlog.c
+@@ -33,7 +33,7 @@ static int audit_hide_unhashed_pw = 1;
+ static int auditfail_hide_unhashed_pw = 1;
+
+ /* Forward Declarations */
+-static void write_audit_file(int logtype, int optype, const char *dn, void *change, int flag, time_t curtime, int rc );
++static void write_audit_file(int logtype, int optype, const char *dn, void *change, int flag, time_t curtime, int rc, int sourcelog );
+
+ static const char *modrdn_changes[4];
+
+@@ -98,7 +98,7 @@ write_audit_log_entry( Slapi_PBlock *pb )
+ curtime = current_time();
+ /* log the raw, unnormalized DN */
+ dn = slapi_sdn_get_udn(sdn);
+- write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, LDAP_SUCCESS);
++ write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, LDAP_SUCCESS, SLAPD_AUDIT_LOG);
+ }
+
+ void
+@@ -169,10 +169,10 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+ auditfail_config = config_get_auditfaillog();
+ if (auditfail_config == NULL || strlen(auditfail_config) == 0) {
+ /* If no auditfail log write to audit log */
+- write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc);
++ write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
+ } else {
+ /* If we have our own auditfail log path */
+- write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc);
++ write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
+ }
+ slapi_ch_free_string(&auditfail_config);
+ }
+@@ -181,6 +181,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+ /*
+ * Function: write_audit_file
+ * Arguments:
++ * logtype - Destination where the message will go.
+ * optype - type of LDAP operation being logged
+ * dn - distinguished name of entry being changed
+ * change - pointer to the actual change operation
+@@ -188,6 +189,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+ * flag - only used by modrdn operations - value of deleteoldrdn flag
+ * curtime - the current time
+ * rc - The ldap result code. Used in conjunction with auditfail
++ * sourcelog - The source of the message (audit or auditfail)
+ * Returns: nothing
+ */
+ static void
+@@ -198,7 +200,8 @@ write_audit_file(
+ void *change,
+ int flag,
+ time_t curtime,
+- int rc
++ int rc,
++ int sourcelog
+ )
+ {
+ LDAPMod **mods;
+@@ -359,7 +362,7 @@ write_audit_file(
+ switch (logtype)
+ {
+ case SLAPD_AUDIT_LOG:
+- slapd_log_audit (l->ls_buf, l->ls_len);
++ slapd_log_audit (l->ls_buf, l->ls_len, sourcelog);
+ break;
+ case SLAPD_AUDITFAIL_LOG:
+ slapd_log_auditfail (l->ls_buf, l->ls_len);
+diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
+index a16c395..ae8b5f8 100644
+--- a/ldap/servers/slapd/log.c
++++ b/ldap/servers/slapd/log.c
+@@ -1962,14 +1962,26 @@ auditfail_log_openf( char *pathname, int locked)
+
+ int
+ slapd_log_audit (
+- char *buffer,
+- int buf_len)
++ char *buffer,
++ int buf_len,
++ int sourcelog)
+ {
+ /* We use this to route audit log entries to where they need to go */
+ int retval = LDAP_SUCCESS;
+ int lbackend = loginfo.log_backend; /* We copy this to make these next checks atomic */
++
++ int state = 0;
++ if (sourcelog == SLAPD_AUDIT_LOG) {
++ state = loginfo.log_audit_state;
++ } else if (sourcelog == SLAPD_AUDITFAIL_LOG ) {
++ state = loginfo.log_auditfail_state;
++ } else {
++ /* How did we even get here! */
++ return 1;
++ }
++
+ if (lbackend & LOGGING_BACKEND_INTERNAL) {
+- retval = slapd_log_audit_internal(buffer, buf_len);
++ retval = slapd_log_audit_internal(buffer, buf_len, state);
+ }
+
+ if (retval != LDAP_SUCCESS) {
+@@ -1989,33 +2001,34 @@ slapd_log_audit (
+
+ int
+ slapd_log_audit_internal (
+- char *buffer,
+- int buf_len)
++ char *buffer,
++ int buf_len,
++ int state)
+ {
+- if ( (loginfo.log_audit_state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL) ){
+- LOG_AUDIT_LOCK_WRITE( );
+- if (log__needrotation(loginfo.log_audit_fdes,
+- SLAPD_AUDIT_LOG) == LOG_ROTATE) {
+- if (log__open_auditlogfile(LOGFILE_NEW, 1) != LOG_SUCCESS) {
+- LDAPDebug(LDAP_DEBUG_ANY,
+- "LOGINFO: Unable to open audit file:%s\n",
+- loginfo.log_audit_file,0,0);
+- LOG_AUDIT_UNLOCK_WRITE();
+- return 0;
+- }
+- while (loginfo.log_audit_rotationsyncclock <= loginfo.log_audit_ctime) {
+- loginfo.log_audit_rotationsyncclock += PR_ABS(loginfo.log_audit_rotationtime_secs);
+- }
+- }
+- if (loginfo.log_audit_state & LOGGING_NEED_TITLE) {
+- log_write_title( loginfo.log_audit_fdes);
+- loginfo.log_audit_state &= ~LOGGING_NEED_TITLE;
+- }
+- LOG_WRITE_NOW_NO_ERR(loginfo.log_audit_fdes, buffer, buf_len, 0);
+- LOG_AUDIT_UNLOCK_WRITE();
+- return 0;
+- }
+- return 0;
++ if ( (state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL) ){
++ LOG_AUDIT_LOCK_WRITE( );
++ if (log__needrotation(loginfo.log_audit_fdes,
++ SLAPD_AUDIT_LOG) == LOG_ROTATE) {
++ if (log__open_auditlogfile(LOGFILE_NEW, 1) != LOG_SUCCESS) {
++ LDAPDebug(LDAP_DEBUG_ANY,
++ "LOGINFO: Unable to open audit file:%s\n",
++ loginfo.log_audit_file,0,0);
++ LOG_AUDIT_UNLOCK_WRITE();
++ return 0;
++ }
++ while (loginfo.log_audit_rotationsyncclock <= loginfo.log_audit_ctime) {
++ loginfo.log_audit_rotationsyncclock += PR_ABS(loginfo.log_audit_rotationtime_secs);
++ }
++ }
++ if (state & LOGGING_NEED_TITLE) {
++ log_write_title( loginfo.log_audit_fdes);
++ state &= ~LOGGING_NEED_TITLE;
++ }
++ LOG_WRITE_NOW_NO_ERR(loginfo.log_audit_fdes, buffer, buf_len, 0);
++ LOG_AUDIT_UNLOCK_WRITE();
++ return 0;
++ }
++ return 0;
+ }
+ /******************************************************************************
+ * write in the audit fail log
+diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
+index 6bc1065..1f37010 100644
+--- a/ldap/servers/slapd/proto-slap.h
++++ b/ldap/servers/slapd/proto-slap.h
+@@ -766,8 +766,8 @@ int slapi_log_access( int level, char *fmt, ... )
+ #else
+ ;
+ #endif
+-int slapd_log_audit(char *buffer, int buf_len);
+-int slapd_log_audit_internal(char *buffer, int buf_len);
++int slapd_log_audit(char *buffer, int buf_len, int sourcelog);
++int slapd_log_audit_internal(char *buffer, int buf_len, int state);
+ int slapd_log_auditfail(char *buffer, int buf_len);
+ int slapd_log_auditfail_internal(char *buffer, int buf_len);
+ void log_access_flush();
+--
+2.4.11
+
diff --git a/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch b/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
deleted file mode 100644
index 7e4a3ba..0000000
--- a/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-From a3d41922c0f211aa7602fb843f7cb4980f4bf285 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 3 Aug 2015 18:49:58 -0700
-Subject: [PATCH 37/39] Ticket #48228 - wrong password check if
- passwordInHistory is decreased.
-
-Bug Description: When N passwords to be remembered (passwordInHistroy)
-and N passwords are remembered, decreasing the passwordInHistory value
-to M (< N) does not allow to use the oldest password which should have
-been discarded from the history and should be allowed.
-
-Fix Description: Before checking if the password is in the history or
-not, adding a check the passwordInHistory value (M) is less than the
-count of passwords remembered (N). If M < N, discard the (N-M) oldest
-passwords.
-
-https://fedorahosted.org/389/ticket/48228
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 1a119125856006543aae0520b5800a8b52c3b049)
-(cherry picked from commit dd85ee9c9ac24f1b141dd806943de236d2e44c90)
----
- ldap/servers/slapd/pw.c | 193 ++++++++++++++++++++++++++++--------------------
- 1 file changed, 114 insertions(+), 79 deletions(-)
-
-diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
-index f883010..3abebbf 100644
---- a/ldap/servers/slapd/pw.c
-+++ b/ldap/servers/slapd/pw.c
-@@ -613,7 +613,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)
-
- /* update passwordHistory */
- if ( old_pw != NULL && pwpolicy->pw_history == 1 ) {
-- update_pw_history(pb, sdn, old_pw);
-+ (void)update_pw_history(pb, sdn, old_pw);
- slapi_ch_free ( (void**)&old_pw );
- }
-
-@@ -654,8 +654,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)
- */
- if ((internal_op && pwpolicy->pw_must_change && (!pb->pb_conn || strcasecmp(target_dn, pb->pb_conn->c_dn))) ||
- (!internal_op && pwpolicy->pw_must_change &&
-- ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy))))
-- {
-+ ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy)))) {
- pw_exp_date = NO_TIME;
- } else if ( pwpolicy->pw_exp == 1 ) {
- Slapi_Entry *pse = NULL;
-@@ -996,6 +995,7 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
-
- /* get the entry and check for the password history if this is called by a modify operation */
- if ( mod_op ) {
-+retry:
- /* retrieve the entry */
- e = get_entry ( pb, dn );
- if ( e == NULL ) {
-@@ -1004,19 +1004,21 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
-
- /* check for password history */
- if ( pwpolicy->pw_history == 1 ) {
-+ Slapi_Value **va = NULL;
- attr = attrlist_find(e->e_attrs, "passwordHistory");
-- if (attr &&
-- !valueset_isempty(&attr->a_present_values))
-- {
-- Slapi_Value **va= attr_get_present_values(attr);
-+ if (attr && !valueset_isempty(&attr->a_present_values)) {
-+ /* Resetting password history array if necessary. */
-+ if (0 == update_pw_history(pb, sdn, NULL)) {
-+ /* There was an update in the password history. Retry... */
-+ slapi_entry_free(e);
-+ goto retry;
-+ }
-+ va = attr_get_present_values(attr);
- if ( pw_in_history( va, vals[0] ) == 0 ) {
- if ( pwresponse_req == 1 ) {
-- slapi_pwpolicy_make_response_control ( pb, -1, -1,
-- LDAP_PWPOLICY_PWDINHISTORY );
-+ slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDINHISTORY);
- }
-- pw_send_ldap_result ( pb,
-- LDAP_CONSTRAINT_VIOLATION, NULL,
-- "password in history", 0, NULL );
-+ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
- slapi_entry_free( e );
- return ( 1 );
- }
-@@ -1024,26 +1026,17 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
-
- /* get current password. check it and remember it */
- attr = attrlist_find(e->e_attrs, "userpassword");
-- if (attr && !valueset_isempty(&attr->a_present_values))
-- {
-- Slapi_Value **va= valueset_get_valuearray(&attr->a_present_values);
-- if (slapi_is_encoded((char*)slapi_value_get_string(vals[0])))
-- {
-- if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 )
-- {
-- pw_send_ldap_result ( pb,
-- LDAP_CONSTRAINT_VIOLATION ,NULL,
-- "password in history", 0, NULL);
-+ if (attr && !valueset_isempty(&attr->a_present_values)) {
-+ va = valueset_get_valuearray(&attr->a_present_values);
-+ if (slapi_is_encoded((char*)slapi_value_get_string(vals[0]))) {
-+ if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 ) {
-+ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
- slapi_entry_free( e );
- return ( 1 );
- }
-- } else
-- {
-- if ( slapi_pw_find_sv ( va, vals[0] ) == 0 )
-- {
-- pw_send_ldap_result ( pb,
-- LDAP_CONSTRAINT_VIOLATION ,NULL,
-- "password in history", 0, NULL);
-+ } else {
-+ if ( slapi_pw_find_sv ( va, vals[0] ) == 0 ) {
-+ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
- slapi_entry_free( e );
- return ( 1 );
- }
-@@ -1086,68 +1079,112 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
-
- }
-
-+/*
-+ * Basically, h0 and h1 must be longer than GENERALIZED_TIME_LENGTH.
-+ */
-+static int
-+pw_history_cmp(const void *h0, const void *h1)
-+{
-+ size_t h0sz = 0;
-+ size_t h1sz = 0;
-+ if (!h0) {
-+ if (!h1) {
-+ return 0;
-+ } else {
-+ return -1;
-+ }
-+ } else {
-+ if (!h1) {
-+ return 1;
-+ } else {
-+ size_t delta;
-+ h0sz = strlen(h0);
-+ h1sz = strlen(h1);
-+ delta = h0sz - h1sz;
-+ if (!delta) {
-+ return delta;
-+ }
-+ if (h0sz < GENERALIZED_TIME_LENGTH) {
-+ /* too short for the history str. */
-+ return 0;
-+ }
-+ }
-+ }
-+ return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH);
-+}
-+
-+
- static int
- update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
- {
-- time_t t, old_t, cur_time;
-- int i = 0, oldest = 0;
-- int res;
-- Slapi_Entry *e;
-- Slapi_Attr *attr;
-+ time_t cur_time;
-+ int res = 1; /* no update, by default */
-+ Slapi_Entry *e = NULL;
- LDAPMod attribute;
-- char *values_replace[25]; /* 2-24 passwords in history */
- LDAPMod *list_of_mods[2];
- Slapi_PBlock mod_pb;
-- char *history_str;
-- char *str;
-+ char *str = NULL;
- passwdPolicy *pwpolicy = NULL;
- const char *dn = slapi_sdn_get_dn(sdn);
-+ char **values_replace = NULL;
-+ int vacnt = 0;
-+ int vacnt_todelete = 0;
-
- pwpolicy = new_passwdPolicy(pb, dn);
-
- /* retrieve the entry */
- e = get_entry ( pb, dn );
- if ( e == NULL ) {
-- return ( 1 );
-+ return res;
- }
-
-- history_str = (char *)slapi_ch_malloc(GENERALIZED_TIME_LENGTH + strlen(old_pw) + 1);
-- /* get password history, and find the oldest password in history */
-- cur_time = current_time ();
-- old_t = cur_time;
-- str = format_genTime ( cur_time );
-- attr = attrlist_find(e->e_attrs, "passwordHistory");
-- if (attr && !valueset_isempty(&attr->a_present_values))
-- {
-- Slapi_Value **va= valueset_get_valuearray(&attr->a_present_values);
-- for ( i = oldest = 0 ;
-- (va[i] != NULL) && (slapi_value_get_length(va[i]) > 0) ;
-- i++ ) {
--
-- values_replace[i] = (char*)slapi_value_get_string(va[i]);
-- strncpy( history_str, values_replace[i], GENERALIZED_TIME_LENGTH);
-- history_str[GENERALIZED_TIME_LENGTH] = '\0';
-- if (history_str[GENERALIZED_TIME_LENGTH - 1] != 'Z'){
-- /* The time is not a generalized Time. Probably a password history from 4.x */
-- history_str[GENERALIZED_TIME_LENGTH - 1] = '\0';
-- }
-- t = parse_genTime ( history_str );
-- if ( difftime ( t, old_t ) < 0 ) {
-- oldest = i;
-- old_t = t;
-- }
-+ /* get password history */
-+ values_replace = slapi_entry_attr_get_charray_ext(e, "passwordHistory", &vacnt);
-+ if (old_pw) {
-+ /* we have a password to replace with the oldest one in the history. */
-+ if (!values_replace || !vacnt) { /* This is the first one to store */
-+ values_replace = (char **)slapi_ch_calloc(2, sizeof(char *));
- }
-+ } else {
-+ /* we are checking the history size if it stores more than the current inhistory count. */
-+ if (!values_replace || !vacnt) { /* nothing to revise */
-+ res = 1;
-+ goto bail;
-+ }
-+ /*
-+ * If revising the passwords in the passwordHistory values
-+ * and the password count in the value array is less than the inhistory,
-+ * we have nothing to do.
-+ */
-+ if (vacnt <= pwpolicy->pw_inhistory) {
-+ res = 1;
-+ goto bail;
-+ }
-+ vacnt_todelete = vacnt - pwpolicy->pw_inhistory;
- }
-- strcpy ( history_str, str );
-- strcat ( history_str, old_pw );
-- if ( i >= pwpolicy->pw_inhistory ) {
-- /* replace the oldest password in history */
-- values_replace[oldest] = history_str;
-- values_replace[pwpolicy->pw_inhistory] = NULL;
-+
-+ cur_time = current_time();
-+ str = format_genTime(cur_time);
-+ /* values_replace is sorted. */
-+ if (old_pw) {
-+ if ( vacnt >= pwpolicy->pw_inhistory ) {
-+ slapi_ch_free_string(&values_replace[0]);
-+ values_replace[0] = slapi_ch_smprintf("%s%s", str, old_pw);
-+ } else {
-+ /* add old_pw at the end of password history */
-+ values_replace = (char **)slapi_ch_realloc((char *)values_replace, sizeof(char *) * (vacnt + 2));
-+ values_replace[vacnt] = slapi_ch_smprintf("%s%s", str, old_pw);
-+ values_replace[vacnt+1] = NULL;
-+ }
-+ qsort((void *)values_replace, vacnt, (size_t)sizeof(char *), pw_history_cmp);
- } else {
-- /* add old_pw at the end of password history */
-- values_replace[i] = history_str;
-- values_replace[++i]=NULL;
-+ int i;
-+ /* vacnt > pwpolicy->pw_inhistory */
-+ for (i = 0; i < vacnt_todelete; i++) {
-+ slapi_ch_free_string(&values_replace[i]);
-+ }
-+ memmove(values_replace, values_replace + vacnt_todelete, sizeof(char *) * pwpolicy->pw_inhistory);
-+ values_replace[pwpolicy->pw_inhistory] = NULL;
- }
-
- /* modify the attribute */
-@@ -1159,21 +1196,19 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
- list_of_mods[1] = NULL;
-
- pblock_init(&mod_pb);
-- slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL,
-- pw_get_componentID(), 0);
-+ slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL, pw_get_componentID(), 0);
- slapi_modify_internal_pb(&mod_pb);
- slapi_pblock_get(&mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
- if (res != LDAP_SUCCESS){
- LDAPDebug2Args(LDAP_DEBUG_ANY,
- "WARNING: passwordPolicy modify error %d on entry '%s'\n", res, dn);
- }
--
- pblock_done(&mod_pb);
--
-- slapi_ch_free((void **) &str );
-- slapi_ch_free((void **) &history_str );
-+ slapi_ch_free_string(&str);
-+bail:
-+ slapi_ch_array_free(values_replace);
- slapi_entry_free( e );
-- return 0;
-+ return res;
- }
-
- static
---
-1.9.3
-
diff --git a/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch b/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch
new file mode 100644
index 0000000..07ea823
--- /dev/null
+++ b/SOURCES/0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch
@@ -0,0 +1,88 @@
+From b20743a90c1eac752341d19a283e7d3ebf07ac10 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Fri, 19 Aug 2016 14:32:47 +0200
+Subject: [PATCH 37/45] Ticket 48960 Crash in import_wait_for_space_in_fifo().
+
+Bug Description:
+ At online total import on a consumer, the total import startup
+ function allocates a fifo queue and monitor the overall import.
+ This queue contain the entries later received during import.
+
+ When monitoring ends (import complete or error) it frees
+ the queue.
+
+ Under error condition, there is a possibility that monitoring
+ ends while entries are still received (bulk_import_queue).
+ So there is a risk that the received entries will be added into
+ the queue at the same time the monitoring thread frees the queue
+
+Fix Description:
+ The thread storing the entries into the queue runs while
+ holding the job->wire_lock.
+
+ To prevent the monitoring thread to frees the queue under
+ bulk_import_queue, make sure to acquire job->wire_lock
+ before calling import_free_job
+
+https://fedorahosted.org/389/ticket/48960
+
+Reviewed by: Mark Reynolds (thanks Mark !)
+
+Platforms tested: F23
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit 776d94214295cc95f9a906d4bb6268397a6bf091)
+---
+ ldap/servers/slapd/back-ldbm/import-threads.c | 5 +++++
+ ldap/servers/slapd/back-ldbm/import.c | 15 ++++++++++++++-
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
+index 1759478..c3fca2b 100644
+--- a/ldap/servers/slapd/back-ldbm/import-threads.c
++++ b/ldap/servers/slapd/back-ldbm/import-threads.c
+@@ -3201,6 +3201,11 @@ static int bulk_import_queue(ImportJob *job, Slapi_Entry *entry)
+ return -1;
+ }
+
++ /* The import is aborted, just ignore that entry */
++ if(job->flags & FLAG_ABORT) {
++ return -1;
++ }
++
+ PR_Lock(job->wire_lock);
+ /* Let's do this inside the lock !*/
+ id = job->lead_ID + 1;
+diff --git a/ldap/servers/slapd/back-ldbm/import.c b/ldap/servers/slapd/back-ldbm/import.c
+index 9b6ae0d..78aefbf 100644
+--- a/ldap/servers/slapd/back-ldbm/import.c
++++ b/ldap/servers/slapd/back-ldbm/import.c
+@@ -408,8 +408,21 @@ void import_free_job(ImportJob *job)
+
+ ldbm_back_free_incl_excl(job->include_subtrees, job->exclude_subtrees);
+ charray_free(job->input_filenames);
+- if (job->fifo.size)
++ if (job->fifo.size) {
++ /* bulk_import_queue is running, while holding the job lock.
++ * bulk_import_queue is using the fifo queue.
++ * To avoid freeing fifo queue under bulk_import_queue use
++ * job lock to synchronize
++ */
++ if (job->wire_lock)
++ PR_Lock(job->wire_lock);
++
+ import_fifo_destroy(job);
++
++ if (job->wire_lock)
++ PR_Unlock(job->wire_lock);
++ }
++
+ if (NULL != job->uuid_namespace)
+ slapi_ch_free((void **)&job->uuid_namespace);
+ if (job->wire_lock)
+--
+2.4.11
+
diff --git a/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch b/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch
new file mode 100644
index 0000000..fd34e7e
--- /dev/null
+++ b/SOURCES/0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch
@@ -0,0 +1,54 @@
+From 0927945fa67133654ec8d8178ffcfe0c20103454 Mon Sep 17 00:00:00 2001
+From: kamlesh <kchaudha@redhat.com>
+Date: Mon, 22 Aug 2016 14:20:27 +0530
+Subject: [PATCH 38/45] Bugzilla: 1368956 man page of ns-accountstatus.pl shows
+ redundant entries for -p port option
+
+ Bug Description:
+ Description of problem:
+ man page of ns-accountstatus.pl contain redundant entries for -p option
+
+ -p port
+ Port number of the Directory Server.
+
+ -p port
+ Port number of the Directory Server.
+
+ -p port
+ Port number of the Directory Server.
+
+ Fix Description:
+ Delete the redundant entrys
+
+ Platforms tested: RHEL7.3
+
+ Flag Day: no
+
+ Doc impact: yes
+
+Signed-off-by: kamlesh <kchaudha@redhat.com>
+(cherry picked from commit 370a70c431d5f235d4371e4cb080215ac4500b6c)
+---
+ man/man8/ns-accountstatus.pl.8 | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/man/man8/ns-accountstatus.pl.8 b/man/man8/ns-accountstatus.pl.8
+index be3a8e9..9ffc4d3 100644
+--- a/man/man8/ns-accountstatus.pl.8
++++ b/man/man8/ns-accountstatus.pl.8
+@@ -57,12 +57,6 @@ Host name of the Directory Server.
+ .B \fB\-p\fR \fIport\fR
+ Port number of the Directory Server.
+ .TP
+-.B \fB\-p\fR \fIport\fR
+-Port number of the Directory Server.
+-.TP
+-.B \fB\-p\fR \fIport\fR
+-Port number of the Directory Server.
+-.TP
+ .B \fB\-b\fR \fIbasedn\fR
+ The suffix DN from which to search from.
+ .TP
+--
+2.4.11
+
diff --git a/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
deleted file mode 100644
index 8d833cf..0000000
--- a/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
+++ /dev/null
@@ -1,350 +0,0 @@
-From 970672905f7ca994f1d0f92e82f4c80484796181 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 5 Aug 2015 14:40:12 -0700
-Subject: [PATCH 38/39] Ticket #48228 - CI test: added test cases for ticket
- 48228
-
-Description: wrong password check if passwordInHistory is decreased.
-(cherry picked from commit 6b138a2091bf7d78f3bc60a13f226a39296e0f4c)
-(cherry picked from commit e62b4815f0682845992dc9a4375e1d7c5597bfba)
----
- dirsrvtests/tickets/ticket48228_test.py | 327 ++++++++++++++++++++++++++++++++
- 1 file changed, 327 insertions(+)
- create mode 100644 dirsrvtests/tickets/ticket48228_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48228_test.py b/dirsrvtests/tickets/ticket48228_test.py
-new file mode 100644
-index 0000000..e0595bb
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48228_test.py
-@@ -0,0 +1,327 @@
-+# --- BEGIN COPYRIGHT BLOCK ---
-+# Copyright (C) 2015 Red Hat, Inc.
-+# All rights reserved.
-+#
-+# License: GPL (version 3 or any later version).
-+# See LICENSE for details.
-+# --- END COPYRIGHT BLOCK ---
-+#
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+# Assuming DEFAULT_SUFFIX is "dc=example,dc=com", otherwise it does not work... :(
-+SUBTREE_CONTAINER = 'cn=nsPwPolicyContainer,' + DEFAULT_SUFFIX
-+SUBTREE_PWPDN = 'cn=nsPwPolicyEntry,' + DEFAULT_SUFFIX
-+SUBTREE_PWP = 'cn=cn\3DnsPwPolicyEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER
-+SUBTREE_COS_TMPLDN = 'cn=nsPwTemplateEntry,' + DEFAULT_SUFFIX
-+SUBTREE_COS_TMPL = 'cn=cn\3DnsPwTemplateEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER
-+SUBTREE_COS_DEF = 'cn=nsPwPolicy_CoS,' + DEFAULT_SUFFIX
-+
-+USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
-+USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to standalone topology for the 'module'.
-+ '''
-+ global installation_prefix
-+
-+ if installation_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ standalone = DirSrv(verbose=False)
-+
-+ # Args for the standalone instance
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_standalone = standalone.exists()
-+
-+ # Remove the instance
-+ if instance_standalone:
-+ standalone.delete()
-+
-+ # Create the instance
-+ standalone.create()
-+
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # clear the tmp directory
-+ standalone.clearTmpDir(__file__)
-+
-+ # Here we have standalone instance up and running
-+ return TopologyStandalone(standalone)
-+
-+def set_global_pwpolicy(topology, inhistory):
-+ log.info(" +++++ Enable global password policy +++++\n")
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ # Enable password policy
-+ try:
-+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-pwpolicy-local', 'on')])
-+ except ldap.LDAPError, e:
-+ log.error('Failed to set pwpolicy-local: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info(" Set global password history on\n")
-+ try:
-+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordHistory', 'on')])
-+ except ldap.LDAPError, e:
-+ log.error('Failed to set passwordHistory: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info(" Set global passwords in history\n")
-+ try:
-+ count = "%d" % inhistory
-+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordInHistory', count)])
-+ except ldap.LDAPError, e:
-+ log.error('Failed to set passwordInHistory: error ' + e.message['desc'])
-+ assert False
-+
-+def set_subtree_pwpolicy(topology):
-+ log.info(" +++++ Enable subtree level password policy +++++\n")
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ log.info(" Add the container")
-+ try:
-+ topology.standalone.add_s(Entry((SUBTREE_CONTAINER, {'objectclass': 'top nsContainer'.split(),
-+ 'cn': 'nsPwPolicyContainer'})))
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add subtree container: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info(" Add the password policy subentry {passwordHistory: on, passwordInHistory: 6}")
-+ try:
-+ topology.standalone.add_s(Entry((SUBTREE_PWP, {'objectclass': 'top ldapsubentry passwordpolicy'.split(),
-+ 'cn': SUBTREE_PWPDN,
-+ 'passwordMustChange': 'off',
-+ 'passwordExp': 'off',
-+ 'passwordHistory': 'on',
-+ 'passwordInHistory': '6',
-+ 'passwordMinAge': '0',
-+ 'passwordChange': 'on',
-+ 'passwordStorageScheme': 'clear'})))
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add passwordpolicy: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info(" Add the COS template")
-+ try:
-+ topology.standalone.add_s(Entry((SUBTREE_COS_TMPL, {'objectclass': 'top ldapsubentry costemplate extensibleObject'.split(),
-+ 'cn': SUBTREE_PWPDN,
-+ 'cosPriority': '1',
-+ 'cn': SUBTREE_COS_TMPLDN,
-+ 'pwdpolicysubentry': SUBTREE_PWP})))
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add COS template: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info(" Add the COS definition")
-+ try:
-+ topology.standalone.add_s(Entry((SUBTREE_COS_DEF, {'objectclass': 'top ldapsubentry cosSuperDefinition cosPointerDefinition'.split(),
-+ 'cn': SUBTREE_PWPDN,
-+ 'costemplatedn': SUBTREE_COS_TMPL,
-+ 'cosAttribute': 'pwdpolicysubentry default operational-default'})))
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add COS def: error ' + e.message['desc'])
-+ assert False
-+
-+def check_passwd_inhistory(topology, user, cpw, passwd):
-+ inhistory = 0
-+ log.info(" Bind as {%s,%s}" % (user, cpw))
-+ topology.standalone.simple_bind_s(user, cpw)
-+ try:
-+ topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', passwd)])
-+ except ldap.LDAPError, e:
-+ log.info(' The password ' + passwd + ' of user' + USER1_DN + ' in history: error ' + e.message['desc'])
-+ inhistory = 1
-+ return inhistory
-+
-+def update_passwd(topology, user, passwd, times):
-+ cpw = passwd
-+ loop = 0
-+ while loop < times:
-+ log.info(" Bind as {%s,%s}" % (user, cpw))
-+ topology.standalone.simple_bind_s(user, cpw)
-+ cpw = 'password%d' % loop
-+ try:
-+ topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw)])
-+ except ldap.LDAPError, e:
-+ log.fatal('test_ticket48228: Failed to update the password ' + cpw + ' of user ' + user + ': error ' + e.message['desc'])
-+ assert False
-+ loop += 1
-+
-+ # checking the first password, which is supposed to be in history
-+ inhistory = check_passwd_inhistory(topology, user, cpw, passwd)
-+ assert inhistory == 1
-+
-+def test_ticket48228_test_global_policy(topology):
-+ """
-+ Check global password policy
-+ """
-+
-+ log.info(' Set inhistory = 6')
-+ set_global_pwpolicy(topology, 6)
-+
-+ log.info(' Bind as directory manager')
-+ log.info("Bind as %s" % DN_DM)
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+
-+ log.info(' Add an entry' + USER1_DN)
-+ try:
-+ topology.standalone.add_s(Entry((USER1_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
-+ 'sn': '1',
-+ 'cn': 'user 1',
-+ 'uid': 'user1',
-+ 'givenname': 'user',
-+ 'mail': 'user1@example.com',
-+ 'userpassword': 'password'})))
-+ except ldap.LDAPError, e:
-+ log.fatal('test_ticket48228: Failed to add user' + USER1_DN + ': error ' + e.message['desc'])
-+ assert False
-+
-+ log.info(' Update the password of ' + USER1_DN + ' 6 times')
-+ update_passwd(topology, USER1_DN, 'password', 6)
-+
-+ log.info(' Set inhistory = 4')
-+ set_global_pwpolicy(topology, 4)
-+
-+ log.info(' checking the first password, which is supposed NOT to be in history any more')
-+ cpw = 'password%d' % 5
-+ tpw = 'password'
-+ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
-+ assert inhistory == 0
-+
-+ log.info(' checking the second password, which is supposed NOT to be in history any more')
-+ cpw = tpw
-+ tpw = 'password%d' % 0
-+ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
-+ assert inhistory == 0
-+
-+ log.info(' checking the second password, which is supposed NOT to be in history any more')
-+ cpw = tpw
-+ tpw = 'password%d' % 1
-+ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
-+ assert inhistory == 0
-+
-+ log.info(' checking the third password, which is supposed to be in history')
-+ cpw = tpw
-+ tpw = 'password%d' % 2
-+ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
-+ assert inhistory == 1
-+
-+ log.info("Global policy was successfully verified.")
-+
-+def test_ticket48228_test_subtree_policy(topology):
-+ """
-+ Check subtree level password policy
-+ """
-+
-+ log.info(' Set inhistory = 6')
-+ set_subtree_pwpolicy(topology)
-+
-+ log.info(' Bind as directory manager')
-+ log.info("Bind as %s" % DN_DM)
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+
-+ log.info(' Add an entry' + USER2_DN)
-+ try:
-+ topology.standalone.add_s(Entry((USER2_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
-+ 'sn': '2',
-+ 'cn': 'user 2',
-+ 'uid': 'user2',
-+ 'givenname': 'user',
-+ 'mail': 'user2@example.com',
-+ 'userpassword': 'password'})))
-+ except ldap.LDAPError, e:
-+ log.fatal('test_ticket48228: Failed to add user' + USER2_DN + ': error ' + e.message['desc'])
-+ assert False
-+
-+ log.info(' Update the password of ' + USER2_DN + ' 6 times')
-+ update_passwd(topology, USER2_DN, 'password', 6)
-+
-+ log.info(' Set inhistory = 4')
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ try:
-+ topology.standalone.modify_s(SUBTREE_PWP, [(ldap.MOD_REPLACE, 'passwordInHistory', '4')])
-+ except ldap.LDAPError, e:
-+ log.error('Failed to set pwpolicy-local: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info(' checking the first password, which is supposed NOT to be in history any more')
-+ cpw = 'password%d' % 5
-+ tpw = 'password'
-+ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
-+ assert inhistory == 0
-+
-+ log.info(' checking the second password, which is supposed NOT to be in history any more')
-+ cpw = tpw
-+ tpw = 'password%d' % 0
-+ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
-+ assert inhistory == 0
-+
-+ log.info(' checking the second password, which is supposed NOT to be in history any more')
-+ cpw = tpw
-+ tpw = 'password%d' % 1
-+ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
-+ assert inhistory == 0
-+
-+ log.info(' checking the third password, which is supposed to be in history')
-+ cpw = tpw
-+ tpw = 'password%d' % 2
-+ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
-+ assert inhistory == 1
-+
-+ log.info("Subtree level policy was successfully verified.")
-+
-+def test_ticket48228_final(topology):
-+ topology.standalone.delete()
-+ log.info('Testcase PASSED')
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ topo = topology(True)
-+ log.info('Testing Ticket 48228 - wrong password check if passwordInHistory is decreased')
-+
-+ test_ticket48228_test_global_policy(topo)
-+
-+ test_ticket48228_test_subtree_policy(topo)
-+
-+ test_ticket48228_final(topo)
-+
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
---
-1.9.3
-
diff --git a/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch b/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
deleted file mode 100644
index 2cb87d6..0000000
--- a/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
+++ /dev/null
@@ -1,1282 +0,0 @@
-From 9ba3240a177c156e365f22c721432321bb0a679e Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 4 Aug 2015 12:19:31 -0400
-Subject: [PATCH 39/39] Ticket 47931 - memberOf & retrocl deadlocks
-
-Bug Description: When concurrently updating multiple backends the
- memberOf and retrocl plugins can deadlock on each
- other. This is caused by the required retrocl lock,
- and the db lock on the changenumber index in the
- retrocl db.
-
-Fix Description: Added scoping to the retrocl that allows subtrees/suffixes
- to be included or excluded. Also moved the existing
- memberOf scoping outside of its global lock.
-
- Also improved the memberOf config copying to be consistent
- and more efficient. Improved the memberOf scoping attributes
- to be multivalued. And, properly valdiated new config
- settings in the preop valdiation function, instead of the
- "apply config" function.
-
-https://fedorahosted.org/389/ticket/47931
-
-Valgrind: passed
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit fd959ac864d6d86d24928bc2c6f097d1a6031ecd)
-(cherry picked from commit d8108476d3bedbcc03f6c61bfb3d50e921faaf42)
----
- ldap/servers/plugins/memberof/memberof.c | 217 +++++++++++++--------
- ldap/servers/plugins/memberof/memberof.h | 8 +-
- ldap/servers/plugins/memberof/memberof_config.c | 249 +++++++++++++++++-------
- ldap/servers/plugins/retrocl/retrocl.c | 183 +++++++++++++++--
- ldap/servers/plugins/retrocl/retrocl.h | 4 +
- ldap/servers/plugins/retrocl/retrocl_po.c | 41 +++-
- 6 files changed, 516 insertions(+), 186 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index da52bc8..9b577b9 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -116,7 +116,7 @@ static int memberof_compare(MemberOfConfig *config, const void *a, const void *b
- static int memberof_qsort_compare(const void *a, const void *b);
- static void memberof_load_array(Slapi_Value **array, Slapi_Attr *attr);
- static int memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *sdn);
--static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
-+static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, MemberOfConfig *config,
- char **types, plugin_search_entry_callback callback, void *callback_data);
- static int memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn,
- Slapi_Value *memberdn);
-@@ -144,7 +144,7 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
- static void memberof_fixup_task_thread(void *arg);
- static int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str);
- static int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data);
--
-+static int memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn);
-
- /*** implementation ***/
-
-@@ -489,7 +489,8 @@ memberof_get_plugin_area()
- int memberof_postop_del(Slapi_PBlock *pb)
- {
- int ret = SLAPI_PLUGIN_SUCCESS;
-- MemberOfConfig configCopy = {0, 0, 0, 0};
-+ MemberOfConfig *mainConfig = NULL;
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- Slapi_DN *sdn;
- void *caller_id = NULL;
-
-@@ -509,12 +510,13 @@ int memberof_postop_del(Slapi_PBlock *pb)
- struct slapi_entry *e = NULL;
-
- slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &e );
--
-- /* We need to get the config lock first. Trying to get the
-- * config lock after we already hold the op lock can cause
-- * a deadlock. */
- memberof_rlock_config();
-- /* copy config so it doesn't change out from under us */
-+ mainConfig = memberof_get_config();
-+ if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){
-+ /* The entry is not in scope, bail...*/
-+ memberof_unlock_config();
-+ goto bail;
-+ }
- memberof_copy_config(&configCopy, memberof_get_config());
- memberof_unlock_config();
-
-@@ -529,7 +531,6 @@ int memberof_postop_del(Slapi_PBlock *pb)
- "memberof_postop_del: error deleting dn (%s) from group. Error (%d)\n",
- slapi_sdn_get_dn(sdn),ret);
- memberof_unlock();
-- memberof_free_config(&configCopy);
- goto bail;
- }
-
-@@ -554,10 +555,10 @@ int memberof_postop_del(Slapi_PBlock *pb)
- }
- }
- memberof_unlock();
-+bail:
- memberof_free_config(&configCopy);
- }
-
--bail:
- if(ret){
- slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
- ret = SLAPI_PLUGIN_FAILURE;
-@@ -591,7 +592,7 @@ memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *
-
- groupattrs[0] = config->groupattrs[i];
-
-- rc = memberof_call_foreach_dn(pb, sdn, groupattrs,
-+ rc = memberof_call_foreach_dn(pb, sdn, config, groupattrs,
- memberof_del_dn_type_callback, &data);
- }
-
-@@ -641,6 +642,20 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
- return rc;
- }
-
-+/* Check if the the entry include scope is a child of the sdn */
-+static Slapi_DN*
-+memberof_scope_is_child_of_dn(MemberOfConfig *config, Slapi_DN *sdn)
-+{
-+ int i = 0;
-+
-+ while(config->entryScopes && config->entryScopes[i]){
-+ if(slapi_sdn_issuffix(config->entryScopes[i], sdn)){
-+ return config->entryScopes[i];
-+ }
-+ i++;
-+ }
-+ return NULL;
-+}
- /*
- * Does a callback search of "type=dn" under the db suffix that "dn" is in,
- * unless all_backends is set, then we look at all the backends. If "dn"
-@@ -649,7 +664,7 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
- */
- int
- memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
-- char **types, plugin_search_entry_callback callback, void *callback_data)
-+ MemberOfConfig *config, char **types, plugin_search_entry_callback callback, void *callback_data)
- {
- Slapi_PBlock *search_pb = NULL;
- Slapi_DN *base_sdn = NULL;
-@@ -657,9 +672,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- char *escaped_filter_val;
- char *filter_str = NULL;
- char *cookie = NULL;
-- int all_backends = memberof_config_get_all_backends();
-- Slapi_DN *entry_scope = memberof_config_get_entry_scope();
-- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
-+ int all_backends = config->allBackends;
- int types_name_len = 0;
- int num_types = 0;
- int dn_len = slapi_sdn_get_ndn_len(sdn);
-@@ -667,11 +680,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- int rc = 0;
- int i = 0;
-
-- if (entry_scope && !slapi_sdn_issuffix(sdn, entry_scope)) {
-- return (rc);
-- }
--
-- if (entry_scope_exclude_subtree && slapi_sdn_issuffix(sdn, entry_scope_exclude_subtree)) {
-+ if (!memberof_entry_in_scope(config, sdn)) {
- return (rc);
- }
-
-@@ -728,6 +737,8 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- search_pb = slapi_pblock_new();
- be = slapi_get_first_backend(&cookie);
- while(be){
-+ Slapi_DN *scope_sdn = NULL;
-+
- if(!all_backends){
- be = slapi_be_select(sdn);
- if(be == NULL){
-@@ -743,13 +754,14 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- continue;
- }
- }
-- if (entry_scope) {
-- if (slapi_sdn_issuffix(base_sdn, entry_scope)) {
-+
-+ if (config->entryScopes || config->entryScopeExcludeSubtrees) {
-+ if (memberof_entry_in_scope(config, base_sdn)) {
- /* do nothing, entry scope is spanning
- * multiple suffixes, start at suffix */
-- } else if (slapi_sdn_issuffix(entry_scope, base_sdn)) {
-+ } else if ((scope_sdn = memberof_scope_is_child_of_dn(config, base_sdn))) {
- /* scope is below suffix, set search base */
-- base_sdn = entry_scope;
-+ base_sdn = scope_sdn;
- } else if(!all_backends){
- break;
- } else {
-@@ -767,7 +779,6 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- break;
- }
-
--
- if(!all_backends){
- break;
- }
-@@ -792,10 +803,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- {
- int ret = SLAPI_PLUGIN_SUCCESS;
- void *caller_id = NULL;
-- Slapi_DN *entry_scope = NULL;
-- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
-
-- entry_scope = memberof_config_get_entry_scope();
- slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
- "--> memberof_postop_modrdn\n" );
-
-@@ -810,7 +818,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- if(memberof_oktodo(pb))
- {
- MemberOfConfig *mainConfig = 0;
-- MemberOfConfig configCopy = {0, 0, 0, 0};
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- struct slapi_entry *pre_e = NULL;
- struct slapi_entry *post_e = NULL;
- Slapi_DN *pre_sdn = 0;
-@@ -818,7 +826,6 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
-
- slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e );
- slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &post_e );
--
- if(pre_e && post_e)
- {
- pre_sdn = slapi_entry_get_sdn(pre_e);
-@@ -831,11 +838,19 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- memberof_copy_config(&configCopy, mainConfig);
- memberof_unlock_config();
-
-+ /* Need to check both the pre/post entries */
-+ if((pre_sdn && !memberof_entry_in_scope(&configCopy, pre_sdn)) &&
-+ (post_sdn && !memberof_entry_in_scope(&configCopy, post_sdn)))
-+ {
-+ /* The entry is not in scope */
-+ goto bail;
-+ }
-+
- memberof_lock();
-
- /* update any downstream members */
- if(pre_sdn && post_sdn && configCopy.group_filter &&
-- 0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
-+ 0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
- {
- int i = 0;
- Slapi_Attr *attr = 0;
-@@ -847,7 +862,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- if(0 == slapi_entry_attr_find(post_e, configCopy.groupattrs[i], &attr))
- {
- if((ret = memberof_moddn_attr_list(pb, &configCopy, pre_sdn,
-- post_sdn, attr) != 0))
-+ post_sdn, attr) != 0))
- {
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_postop_modrdn - update failed for (%s), error (%d)\n",
-@@ -862,49 +877,49 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- * of other group entries. We need to update any member
- * attributes to refer to the new name. */
- if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) {
-- if ((entry_scope && !slapi_sdn_issuffix(post_sdn, entry_scope)) ||
-- (entry_scope_exclude_subtree && slapi_sdn_issuffix(post_sdn, entry_scope_exclude_subtree))) {
-+ if (!memberof_entry_in_scope(&configCopy, post_sdn)){
- if((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_sdn))){
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_postop_modrdn - delete dn failed for (%s), error (%d)\n",
- slapi_sdn_get_dn(pre_sdn), ret);
- }
- if(ret == LDAP_SUCCESS && pre_e && configCopy.group_filter &&
-- 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) {
-+ 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter))
-+ {
- /* is the entry of interest as a group? */
-- int i = 0;
-- Slapi_Attr *attr = 0;
--
-- /* Loop through to find each grouping attribute separately. */
-- for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
-- if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
-- if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
-- slapi_sdn_get_dn(pre_sdn),ret);
-- }
-+ int i = 0;
-+ Slapi_Attr *attr = 0;
-
-+ /* Loop through to find each grouping attribute separately. */
-+ for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
-+ if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
-+ if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
-+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
-+ slapi_sdn_get_dn(pre_sdn),ret);
- }
-+
- }
-- }
-+ }
-+ }
- if(ret == LDAP_SUCCESS) {
-- memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
-- if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
-- slapi_entry_get_dn(post_e), ret);
-- }
-+ memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
-+ if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
-+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
-+ slapi_entry_get_dn(post_e), ret);
- }
-+ }
- } else {
- if((ret = memberof_replace_dn_from_groups(pb, &configCopy, pre_sdn, post_sdn))){
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "memberof_postop_modrdn - replace dne failed for (%s), error (%d)\n",
-+ "memberof_postop_modrdn - replace dn failed for (%s), error (%d)\n",
- slapi_sdn_get_dn(pre_sdn), ret);
- }
- }
- }
--
- memberof_unlock();
-+bail:
- memberof_free_config(&configCopy);
- }
-
-@@ -946,7 +961,7 @@ memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config,
-
- groupattrs[0] = config->groupattrs[i];
-
-- if((ret = memberof_call_foreach_dn(pb, pre_sdn, groupattrs,
-+ if((ret = memberof_call_foreach_dn(pb, pre_sdn, config, groupattrs,
- memberof_replace_dn_type_callback,
- &data)))
- {
-@@ -1064,12 +1079,11 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- goto done;
- }
-
--
-- if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
-+ if(memberof_oktodo(pb))
- {
- int config_copied = 0;
- MemberOfConfig *mainConfig = 0;
-- MemberOfConfig configCopy = {0, 0, 0, 0};
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-
- /* get the mod set */
- slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
-@@ -1088,19 +1102,22 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- * only copy the config the first time it's needed so
- * it remains the same for all mods in the operation,
- * despite any config changes that may be made. */
-- if (!config_copied)
-- {
-+ if (!config_copied){
- memberof_rlock_config();
- mainConfig = memberof_get_config();
-
- if (memberof_is_grouping_attr(type, mainConfig))
- {
- interested = 1;
-+ if (!memberof_entry_in_scope(mainConfig, sdn)){
-+ /* Entry is not in scope */
-+ memberof_unlock_config();
-+ goto bail;
-+ }
- /* copy config so it doesn't change out from under us */
- memberof_copy_config(&configCopy, mainConfig);
- config_copied = 1;
- }
--
- memberof_unlock_config();
- } else {
- if (memberof_is_grouping_attr(type, &configCopy))
-@@ -1197,8 +1214,7 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- }
-
- bail:
-- if (config_copied)
-- {
-+ if (config_copied){
- memberof_free_config(&configCopy);
- }
-
-@@ -1244,22 +1260,25 @@ int memberof_postop_add(Slapi_PBlock *pb)
-
- if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
- {
-- MemberOfConfig *mainConfig = 0;
-- MemberOfConfig configCopy = {0, 0, 0, 0};
- struct slapi_entry *e = NULL;
--
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-+ MemberOfConfig *mainConfig;
- slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &e );
--
-
- /* is the entry of interest? */
- memberof_rlock_config();
- mainConfig = memberof_get_config();
- if(e && mainConfig && mainConfig->group_filter &&
- 0 == slapi_filter_test_simple(e, mainConfig->group_filter))
-+
- {
- interested = 1;
-- /* copy config so it doesn't change out from under us */
-- memberof_copy_config(&configCopy, mainConfig);
-+ if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){
-+ /* Entry is not in scope */
-+ memberof_unlock_config();
-+ goto bail;
-+ }
-+ memberof_copy_config(&configCopy, memberof_get_config());
- }
- memberof_unlock_config();
-
-@@ -1284,11 +1303,11 @@ int memberof_postop_add(Slapi_PBlock *pb)
- }
-
- memberof_unlock();
--
- memberof_free_config(&configCopy);
- }
- }
-
-+bail:
- if(ret){
- slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
- ret = SLAPI_PLUGIN_FAILURE;
-@@ -1326,26 +1345,61 @@ int memberof_oktodo(Slapi_PBlock *pb)
- }
-
- if(slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0)
-- {
-+ {
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_postop_oktodo: could not get parameters\n" );
- ret = -1;
- }
-
-- /* this plugin should only execute if the operation succeeded
-- */
-- if(oprc != 0)
-+ /* this plugin should only execute if the operation succeeded */
-+ if(oprc != 0)
- {
- ret = 0;
- }
--
-+
-+bail:
- slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
- "<-- memberof_postop_oktodo\n" );
-
--bail:
- return ret;
- }
-
-+/*
-+ * Return 1 if the entry is in the scope.
-+ * For MODRDN the caller should check both the preop
-+ * and postop entries. If we are moving out of, or
-+ * into scope, we should process it.
-+ */
-+static int
-+memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn)
-+{
-+ if (config->entryScopeExcludeSubtrees){
-+ int i = 0;
-+
-+ /* check the excludes */
-+ while(config->entryScopeExcludeSubtrees[i]){
-+ if (slapi_sdn_issuffix(sdn, config->entryScopeExcludeSubtrees[i])){
-+ return 0;
-+ }
-+ i++;
-+ }
-+ }
-+ if (config->entryScopes){
-+ int i = 0;
-+
-+ /* check the excludes */
-+ while(config->entryScopes[i]){
-+ if (slapi_sdn_issuffix(sdn, config->entryScopes[i])){
-+ return 1;
-+ }
-+ i++;
-+ }
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
- static Slapi_DN *
- memberof_getsdn(Slapi_PBlock *pb)
- {
-@@ -2013,7 +2067,7 @@ memberof_get_groups_r(MemberOfConfig *config, Slapi_DN *member_sdn,
- {
- /* Search for any grouping attributes that point to memberdn.
- * For each match, add it to the list, recurse and do same search */
-- return memberof_call_foreach_dn(NULL, member_sdn, config->groupattrs,
-+ return memberof_call_foreach_dn(NULL, member_sdn, config, config->groupattrs,
- memberof_get_groups_callback, data);
- }
-
-@@ -2030,7 +2084,6 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- Slapi_Value *group_dn_val = 0;
- Slapi_ValueSet *groupvals = *((memberof_get_groups_data*)callback_data)->groupvals;
- Slapi_ValueSet *group_norm_vals = *((memberof_get_groups_data*)callback_data)->group_norm_vals;
-- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
- MemberOfConfig *config = ((memberof_get_groups_data*)callback_data)->config;
- int rc = 0;
-
-@@ -2086,7 +2139,7 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- }
-
- /* if the group does not belong to an excluded subtree, adds it to the valueset */
-- if (!(entry_scope_exclude_subtree && slapi_sdn_issuffix(group_sdn, entry_scope_exclude_subtree))) {
-+ if (memberof_entry_in_scope(config, group_sdn)) {
- /* Push group_dn_val into the valueset. This memory is now owned
- * by the valueset. */
- group_dn_val = slapi_value_new_string(group_dn);
-@@ -2188,8 +2241,8 @@ memberof_test_membership(Slapi_PBlock *pb, MemberOfConfig *config,
- {
- char *attrs[2] = {config->memberof_attr, 0};
-
-- return memberof_call_foreach_dn(pb, group_sdn, attrs,
-- memberof_test_membership_callback , config);
-+ return memberof_call_foreach_dn(pb, group_sdn, config, attrs,
-+ memberof_test_membership_callback, config);
- }
-
- /*
-diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h
-index 5a70400..9d9d158 100644
---- a/ldap/servers/plugins/memberof/memberof.h
-+++ b/ldap/servers/plugins/memberof/memberof.h
-@@ -52,8 +52,10 @@ typedef struct memberofconfig {
- char **groupattrs;
- char *memberof_attr;
- int allBackends;
-- Slapi_DN *entryScope;
-- Slapi_DN *entryScopeExcludeSubtree;
-+ Slapi_DN **entryScopes;
-+ int entryScopeCount;
-+ Slapi_DN **entryScopeExcludeSubtrees;
-+ int entryExcludeScopeCount;
- Slapi_Filter *group_filter;
- Slapi_Attr **group_slapiattrs;
- int skip_nested;
-@@ -74,8 +76,6 @@ void memberof_rlock_config();
- void memberof_wlock_config();
- void memberof_unlock_config();
- int memberof_config_get_all_backends();
--Slapi_DN * memberof_config_get_entry_scope();
--Slapi_DN * memberof_config_get_entry_scope_exclude_subtree();
- void memberof_set_config_area(Slapi_DN *sdn);
- Slapi_DN * memberof_get_config_area();
- void memberof_set_plugin_area(Slapi_DN *sdn);
-diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
-index ac2d045..b4cc941 100644
---- a/ldap/servers/plugins/memberof/memberof_config.c
-+++ b/ldap/servers/plugins/memberof/memberof_config.c
-@@ -48,7 +48,7 @@ static int memberof_search (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_En
- /* This is the main configuration which is updated from dse.ldif. The
- * config will be copied when it is used by the plug-in to prevent it
- * being changed out from under a running memberOf operation. */
--static MemberOfConfig theConfig = {NULL, NULL,0, NULL, NULL, NULL, NULL};
-+static MemberOfConfig theConfig = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- static Slapi_RWLock *memberof_config_lock = 0;
- static int inited = 0;
-
-@@ -60,6 +60,19 @@ static int dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Ent
- return SLAPI_DSE_CALLBACK_ERROR;
- }
-
-+static void
-+memberof_free_scope(Slapi_DN **scopes, int *count)
-+{
-+ int i = 0;
-+
-+ while(scopes && scopes[i]){
-+ slapi_sdn_free(&scopes[i]);
-+ i++;
-+ }
-+ slapi_ch_free((void**)&scopes);
-+ *count = 0;
-+}
-+
- /*
- * memberof_config()
- *
-@@ -155,17 +168,22 @@ memberof_release_config()
- *
- * Validate the pending changes in the e entry.
- */
--static int
-+int
- memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
- int *returncode, char *returntext, void *arg)
- {
- Slapi_Attr *memberof_attr = NULL;
- Slapi_Attr *group_attr = NULL;
- Slapi_DN *config_sdn = NULL;
-+ Slapi_DN **include_dn = NULL;
-+ Slapi_DN **exclude_dn = NULL;
- char *syntaxoid = NULL;
- char *config_dn = NULL;
- char *skip_nested = NULL;
-+ char **entry_scopes = NULL;
-+ char **entry_exclude_scopes = NULL;
- int not_dn_syntax = 0;
-+ int num_vals = 0;
-
- *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
-
-@@ -283,8 +301,112 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- }
- }
-+ /*
-+ * Check the entry scopes
-+ */
-+ entry_scopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals);
-+ if(entry_scopes){
-+ int i = 0;
-+
-+ /* Validate the syntax before we create our DN array */
-+ for (i = 0;i < num_vals; i++){
-+ if(slapi_dn_syntax_check(pb, entry_scopes[i], 1)){
-+ /* invalid dn syntax */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s: Invalid DN (%s) for include suffix.",
-+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+ slapi_ch_array_free(entry_scopes);
-+ theConfig.entryScopeCount = 0;
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ goto done;
-+ }
-+ }
-+ /* Now create our SDN array for conflict checking */
-+ include_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ include_dn[i] = slapi_sdn_new_dn_passin(entry_scopes[i]);
-+ }
-+ }
-+ /*
-+ * Check and process the entry exclude scopes
-+ */
-+ entry_exclude_scopes =
-+ slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals);
-+ if(entry_exclude_scopes){
-+ int i = 0;
-+
-+ /* Validate the syntax before we create our DN array */
-+ for (i = 0;i < num_vals; i++){
-+ if(slapi_dn_syntax_check(pb, entry_exclude_scopes[i], 1)){
-+ /* invalid dn syntax */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s: Invalid DN (%s) for exclude suffix.",
-+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+ slapi_ch_array_free(entry_exclude_scopes);
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ goto done;
-+ }
-+ }
-+ /* Now create our SDN array for conflict checking */
-+ exclude_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ exclude_dn[i] = slapi_sdn_new_dn_passin(entry_exclude_scopes[i]);
-+ }
-+ }
-+ /*
-+ * Need to do conflict checking
-+ */
-+ if(include_dn && exclude_dn){
-+ /*
-+ * Make sure we haven't mixed the same suffix, and there are no
-+ * conflicts between the includes and excludes
-+ */
-+ int i = 0;
-+
-+ while(include_dn[i]){
-+ int x = 0;
-+ while(exclude_dn[x]){
-+ if(slapi_sdn_compare(include_dn[i], exclude_dn[x] ) == 0)
-+ {
-+ /* we have a conflict */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s: include suffix (%s) is also listed as an exclude suffix list",
-+ MEMBEROF_PLUGIN_SUBSYSTEM, slapi_sdn_get_dn(include_dn[i]));
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ goto done;
-+ }
-+ x++;
-+ }
-+ i++;
-+ }
-+
-+ /* Check for parent/child conflicts */
-+ i = 0;
-+ while(include_dn[i]){
-+ int x = 0;
-+ while(exclude_dn[x]){
-+ if(slapi_sdn_issuffix(include_dn[i], exclude_dn[x]))
-+ {
-+ /* we have a conflict */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s: include suffix (%s) is a child of the exclude suffix(%s)",
-+ MEMBEROF_PLUGIN_SUBSYSTEM,
-+ slapi_sdn_get_dn(include_dn[i]),
-+ slapi_sdn_get_dn(exclude_dn[i]));
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ goto done;
-+ }
-+ x++;
-+ }
-+ i++;
-+ }
-+ }
-
- done:
-+ memberof_free_scope(exclude_dn, &num_vals);
-+ memberof_free_scope(include_dn, &num_vals);
-+ slapi_ch_free((void**)&entry_scopes);
-+ slapi_ch_free((void**)&entry_exclude_scopes);
- slapi_sdn_free(&config_sdn);
- slapi_ch_free_string(&config_dn);
- slapi_ch_free_string(&skip_nested);
-@@ -299,7 +421,6 @@ done:
- }
- }
-
--
- /*
- * memberof_apply_config()
- *
-@@ -318,10 +439,11 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- int num_groupattrs = 0;
- int groupattr_name_len = 0;
- char *allBackends = NULL;
-- char *entryScope = NULL;
-- char *entryScopeExcludeSubtree = NULL;
-+ char **entryScopes = NULL;
-+ char **entryScopeExcludeSubtrees = NULL;
- char *sharedcfg = NULL;
- char *skip_nested = NULL;
-+ int num_vals = 0;
-
- *returncode = LDAP_SUCCESS;
-
-@@ -353,8 +475,6 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR);
- memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR);
- allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR);
-- entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR);
-- entryScopeExcludeSubtree = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE);
- skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR);
-
- /*
-@@ -480,49 +600,39 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- theConfig.allBackends = 0;
- }
-
-- slapi_sdn_free(&theConfig.entryScope);
-- if (entryScope)
-- {
-- if (slapi_dn_syntax_check(NULL, entryScope, 1) == 1) {
-- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "Error: Ignoring invalid DN used as plugin entry scope: [%s]\n",
-- entryScope);
-- theConfig.entryScope = NULL;
-- slapi_ch_free_string(&entryScope);
-- } else {
-- theConfig.entryScope = slapi_sdn_new_dn_passin(entryScope);
-+ /*
-+ * Check and process the entry scopes
-+ */
-+ memberof_free_scope(theConfig.entryScopes, &theConfig.entryScopeCount);
-+ entryScopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals);
-+ if(entryScopes){
-+ int i = 0;
-+
-+ /* Validation has already been performed in preop, just build the DN's */
-+ theConfig.entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ theConfig.entryScopes[i] = slapi_sdn_new_dn_passin(entryScopes[i]);
- }
-- } else {
-- theConfig.entryScope = NULL;
-+ theConfig.entryScopeCount = num_vals; /* shortcut for config copy */
- }
--
-- slapi_sdn_free(&theConfig.entryScopeExcludeSubtree);
-- if (entryScopeExcludeSubtree)
-- {
-- if (theConfig.entryScope == NULL) {
-- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "Error: Ignoring ExcludeSubtree (%s) because entryScope is not define\n",
-- entryScopeExcludeSubtree);
-- theConfig.entryScopeExcludeSubtree = NULL;
-- slapi_ch_free_string(&entryScopeExcludeSubtree);
-- } else if (slapi_dn_syntax_check(NULL, entryScopeExcludeSubtree, 1) == 1) {
-- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "Error: Ignoring invalid DN used as plugin entry exclude subtree: [%s]\n",
-- entryScopeExcludeSubtree);
-- theConfig.entryScopeExcludeSubtree = NULL;
-- slapi_ch_free_string(&entryScopeExcludeSubtree);
-- } else {
-- theConfig.entryScopeExcludeSubtree = slapi_sdn_new_dn_passin(entryScopeExcludeSubtree);
-+ /*
-+ * Check and process the entry exclude scopes
-+ */
-+ memberof_free_scope(theConfig.entryScopeExcludeSubtrees,
-+ &theConfig.entryExcludeScopeCount);
-+ entryScopeExcludeSubtrees =
-+ slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals);
-+ if(entryScopeExcludeSubtrees){
-+ int i = 0;
-+
-+ /* Validation has already been performed in preop, just build the DN's */
-+ theConfig.entryScopeExcludeSubtrees =
-+ (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ theConfig.entryScopeExcludeSubtrees[i] =
-+ slapi_sdn_new_dn_passin(entryScopeExcludeSubtrees[i]);
- }
-- } else {
-- theConfig.entryScopeExcludeSubtree = NULL;
-- }
-- if (theConfig.entryScopeExcludeSubtree && theConfig.entryScope && !slapi_sdn_issuffix(theConfig.entryScopeExcludeSubtree, theConfig.entryScope)) {
-- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "Error: Ignoring ExcludeSubtree (%s) that is out of the scope (%s)\n",
-- slapi_sdn_get_dn(theConfig.entryScopeExcludeSubtree),
-- slapi_sdn_get_dn(theConfig.entryScope));
-- slapi_sdn_free(&theConfig.entryScopeExcludeSubtree);
-+ theConfig.entryExcludeScopeCount = num_vals; /* shortcut for config copy */
- }
-
- /* release the lock */
-@@ -536,6 +646,8 @@ done:
- slapi_ch_free_string(&memberof_attr);
- slapi_ch_free_string(&allBackends);
- slapi_ch_free_string(&skip_nested);
-+ slapi_ch_free((void **)&entryScopes);
-+ slapi_ch_free((void **)&entryScopeExcludeSubtrees);
-
- if (*returncode != LDAP_SUCCESS)
- {
-@@ -616,6 +728,23 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
- {
- dest->allBackends = src->allBackends;
- }
-+
-+ if(src->entryScopes){
-+ int num_vals = 0;
-+
-+ dest->entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryScopeCount+1);
-+ for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+ dest->entryScopes[num_vals] = slapi_sdn_dup(src->entryScopes[num_vals]);
-+ }
-+ }
-+ if(src->entryScopeExcludeSubtrees){
-+ int num_vals = 0;
-+
-+ dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1);
-+ for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+ dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]);
-+ }
-+ }
- }
- }
-
-@@ -641,6 +770,8 @@ memberof_free_config(MemberOfConfig *config)
- slapi_ch_free((void **)&config->group_slapiattrs);
-
- slapi_ch_free_string(&config->memberof_attr);
-+ memberof_free_scope(config->entryScopes, &config->entryScopeCount);
-+ memberof_free_scope(config->entryScopeExcludeSubtrees, &config->entryExcludeScopeCount);
- }
- }
-
-@@ -706,30 +837,6 @@ memberof_config_get_all_backends()
- return all_backends;
- }
-
--Slapi_DN *
--memberof_config_get_entry_scope()
--{
-- Slapi_DN *entry_scope;
--
-- slapi_rwlock_rdlock(memberof_config_lock);
-- entry_scope = theConfig.entryScope;
-- slapi_rwlock_unlock(memberof_config_lock);
--
-- return entry_scope;
--}
--
--Slapi_DN *
--memberof_config_get_entry_scope_exclude_subtree()
--{
-- Slapi_DN *entry_exclude_subtree;
--
-- slapi_rwlock_rdlock(memberof_config_lock);
-- entry_exclude_subtree = theConfig.entryScopeExcludeSubtree;
-- slapi_rwlock_unlock(memberof_config_lock);
--
-- return entry_exclude_subtree;
--}
--
- /*
- * Check if we are modifying the config, or changing the shared config entry
- */
-diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c
-index 78a0c6d..4bcbb38 100644
---- a/ldap/servers/plugins/retrocl/retrocl.c
-+++ b/ldap/servers/plugins/retrocl/retrocl.c
-@@ -45,6 +45,9 @@ char **retrocl_attributes = NULL;
- char **retrocl_aliases = NULL;
- int retrocl_log_deleted = 0;
-
-+static Slapi_DN **retrocl_includes = NULL;
-+static Slapi_DN **retrocl_excludes = NULL;
-+
- /* ----------------------------- Retrocl Plugin */
-
- static Slapi_PluginDesc retrocldesc = {"retrocl", VENDOR, DS_PACKAGE_VERSION, "Retrocl Plugin"};
-@@ -349,6 +352,8 @@ static int retrocl_start (Slapi_PBlock *pb)
- int rc = 0;
- Slapi_Entry *e = NULL;
- char **values = NULL;
-+ int num_vals = 0;
-+ int i = 0;
-
- retrocl_rootdse_init(pb);
-
-@@ -369,6 +374,87 @@ static int retrocl_start (Slapi_PBlock *pb)
- return -1;
- }
-
-+ /* Get the exclude suffixes */
-+ values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_EXCLUDE_SUFFIX, &num_vals);
-+ if(values){
-+ /* Validate the syntax before we create our DN array */
-+ for (i = 0;i < num_vals; i++){
-+ if(slapi_dn_syntax_check(pb, values[i], 1)){
-+ /* invalid dn syntax */
-+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "Invalid DN (%s) for exclude suffix.\n", values[i] );
-+ slapi_ch_array_free(values);
-+ return -1;
-+ }
-+ }
-+ /* Now create our SDN array */
-+ retrocl_excludes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ retrocl_excludes[i] = slapi_sdn_new_dn_byval(values[i]);
-+ }
-+ slapi_ch_array_free(values);
-+ }
-+ /* Get the include suffixes */
-+ values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_INCLUDE_SUFFIX, &num_vals);
-+ if(values){
-+ for (i = 0;i < num_vals; i++){
-+ /* Validate the syntax before we create our DN array */
-+ if(slapi_dn_syntax_check(pb, values[i], 1)){
-+ /* invalid dn syntax */
-+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "Invalid DN (%s) for include suffix.\n", values[i] );
-+ slapi_ch_array_free(values);
-+ return -1;
-+ }
-+ }
-+ /* Now create our SDN array */
-+ retrocl_includes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ retrocl_includes[i] = slapi_sdn_new_dn_byval(values[i]);
-+ }
-+ slapi_ch_array_free(values);
-+ }
-+ if(retrocl_includes && retrocl_excludes){
-+ /*
-+ * Make sure we haven't mixed the same suffix, and there are no
-+ * conflicts between the includes and excludes
-+ */
-+ int i = 0;
-+
-+ while(retrocl_includes[i]){
-+ int x = 0;
-+ while(retrocl_excludes[x]){
-+ if(slapi_sdn_compare(retrocl_includes[i], retrocl_excludes[x] ) == 0){
-+ /* we have a conflict */
-+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "include suffix (%s) is also listed in exclude suffix list\n",
-+ slapi_sdn_get_dn(retrocl_includes[i]));
-+ return -1;
-+ }
-+ x++;
-+ }
-+ i++;
-+ }
-+
-+ /* Check for parent/child conflicts */
-+ i = 0;
-+ while(retrocl_includes[i]){
-+ int x = 0;
-+ while(retrocl_excludes[x]){
-+ if(slapi_sdn_issuffix(retrocl_includes[i], retrocl_excludes[x])){
-+ /* we have a conflict */
-+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "include suffix (%s) is a child of the exclude suffix(%s)\n",
-+ slapi_sdn_get_dn(retrocl_includes[i]),
-+ slapi_sdn_get_dn(retrocl_excludes[i]));
-+ return -1;
-+ }
-+ x++;
-+ }
-+ i++;
-+ }
-+ }
-+
- values = slapi_entry_attr_get_charray(e, "nsslapd-attribute");
- if (values != NULL) {
- int n = 0;
-@@ -434,6 +520,49 @@ static int retrocl_start (Slapi_PBlock *pb)
- }
-
- /*
-+ * Check if an entry is in the configured scope.
-+ * Return 1 if entry is in the scope, or 0 otherwise.
-+ * For MODRDN the caller should check both the preop
-+ * and postop entries. If we are moving out of, or
-+ * into scope, we should record it.
-+ */
-+int
-+retrocl_entry_in_scope(Slapi_Entry *e)
-+{
-+ Slapi_DN *sdn = slapi_entry_get_sdn(e);
-+
-+ if (e == NULL){
-+ return 1;
-+ }
-+
-+ if (retrocl_excludes){
-+ int i = 0;
-+
-+ /* check the excludes */
-+ while(retrocl_excludes[i]){
-+ if (slapi_sdn_issuffix(sdn, retrocl_excludes[i])){
-+ return 0;
-+ }
-+ i++;
-+ }
-+ }
-+ if (retrocl_includes){
-+ int i = 0;
-+
-+ /* check the excludes */
-+ while(retrocl_includes[i]){
-+ if (slapi_sdn_issuffix(sdn, retrocl_includes[i])){
-+ return 1;
-+ }
-+ i++;
-+ }
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+/*
- * Function: retrocl_stop
- *
- * Returns: 0
-@@ -446,26 +575,40 @@ static int retrocl_start (Slapi_PBlock *pb)
-
- static int retrocl_stop (Slapi_PBlock *pb)
- {
-- int rc = 0;
--
-- slapi_ch_array_free(retrocl_attributes);
-- retrocl_attributes = NULL;
-- slapi_ch_array_free(retrocl_aliases);
-- retrocl_aliases = NULL;
--
-- retrocl_stop_trimming();
-- retrocl_be_changelog = NULL;
-- retrocl_forget_changenumbers();
-- PR_DestroyLock(retrocl_internal_lock);
-- retrocl_internal_lock = NULL;
-- slapi_destroy_rwlock(retrocl_cn_lock);
-- retrocl_cn_lock = NULL;
-- legacy_initialised = 0;
--
-- slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "",
-- LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search);
--
-- return rc;
-+ int rc = 0;
-+ int i = 0;
-+
-+ slapi_ch_array_free(retrocl_attributes);
-+ retrocl_attributes = NULL;
-+ slapi_ch_array_free(retrocl_aliases);
-+ retrocl_aliases = NULL;
-+
-+ while(retrocl_excludes && retrocl_excludes[i]){
-+ slapi_sdn_free(&retrocl_excludes[i]);
-+ i++;
-+ }
-+ slapi_ch_free((void**)&retrocl_excludes);
-+ i = 0;
-+
-+ while(retrocl_includes && retrocl_includes[i]){
-+ slapi_sdn_free(&retrocl_includes[i]);
-+ i++;
-+ }
-+ slapi_ch_free((void**)&retrocl_includes);
-+
-+ retrocl_stop_trimming();
-+ retrocl_be_changelog = NULL;
-+ retrocl_forget_changenumbers();
-+ PR_DestroyLock(retrocl_internal_lock);
-+ retrocl_internal_lock = NULL;
-+ slapi_destroy_rwlock(retrocl_cn_lock);
-+ retrocl_cn_lock = NULL;
-+ legacy_initialised = 0;
-+
-+ slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "",
-+ LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search);
-+
-+ return rc;
- }
-
- /*
-diff --git a/ldap/servers/plugins/retrocl/retrocl.h b/ldap/servers/plugins/retrocl/retrocl.h
-index ae0139c..7edd62f 100644
---- a/ldap/servers/plugins/retrocl/retrocl.h
-+++ b/ldap/servers/plugins/retrocl/retrocl.h
-@@ -67,6 +67,8 @@ typedef struct _cnumRet {
- /* was originally changelogmaximumage */
- #define CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE "nsslapd-changelogmaxage"
- #define CONFIG_CHANGELOG_DIRECTORY_ATTRIBUTE "nsslapd-changelogdir"
-+#define CONFIG_CHANGELOG_INCLUDE_SUFFIX "nsslapd-include-suffix"
-+#define CONFIG_CHANGELOG_EXCLUDE_SUFFIX "nsslapd-exclude-suffix"
-
- #define RETROCL_CHANGELOG_DN "cn=changelog"
- #define RETROCL_MAPPINGTREE_DN "cn=\"cn=changelog\",cn=mapping tree,cn=config"
-@@ -140,4 +142,6 @@ extern void retrocl_init_trimming(void);
- extern void retrocl_stop_trimming(void);
- extern char *retrocl_get_config_str(const char *attrt);
-
-+int retrocl_entry_in_scope(Slapi_Entry *e);
-+
- #endif /* _H_RETROCL */
-diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
-index 7083d0a..f689373 100644
---- a/ldap/servers/plugins/retrocl/retrocl_po.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
-@@ -140,6 +140,7 @@ write_replog_db(
- int flag,
- time_t curtime,
- Slapi_Entry *log_e,
-+ Slapi_Entry *post_entry,
- const char *newrdn,
- LDAPMod **modrdn_mods,
- const char *newsuperior
-@@ -156,11 +157,26 @@ write_replog_db(
- int err = 0;
- int ret = LDAP_SUCCESS;
- int i;
-+ int mark = 0;
-
- if (!dn) {
- slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
- return ret;
- }
-+ mark = (post_entry && retrocl_entry_in_scope(post_entry));
-+ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
-+
-+ if (post_entry){
-+ if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
-+ /* modrdn: entry not in scope, just return... */
-+ return ret;
-+ }
-+ } else {
-+ if(!retrocl_entry_in_scope(log_e)){
-+ /* entry not in scope, just return... */
-+ return ret;
-+ }
-+ }
-
- PR_Lock(retrocl_internal_lock);
- changenum = retrocl_assign_changenumber();
-@@ -319,7 +335,7 @@ write_replog_db(
- break;
-
- case OP_DELETE:
-- if (log_e) {
-+ if (retrocl_log_deleted) {
- /* we have to log the full entry */
- if ( entry2reple( e, log_e, OP_DELETE ) != 0 ) {
- err = SLAPI_PLUGIN_FAILURE;
-@@ -559,7 +575,8 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
- char *dn;
- LDAPMod **log_m = NULL;
- int flag = 0;
-- Slapi_Entry *te = NULL;
-+ Slapi_Entry *entry = NULL;
-+ Slapi_Entry *post_entry = NULL;
- Slapi_Operation *op = NULL;
- LDAPMod **modrdn_mods = NULL;
- char *newrdn = NULL;
-@@ -624,7 +641,12 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
- LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change for nsTombstone entries\n");
- return SLAPI_PLUGIN_SUCCESS;
- }
--
-+ /*
-+ * Start by grabbing the preop entry, ADD will replace it as needed. Getting the entry
-+ * allows up to perform scoping in write_replog_db() for all op types.
-+ */
-+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry);
-+
- switch ( optype ) {
- case OP_MODIFY:
- (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &log_m );
-@@ -634,14 +656,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
- * For adds, we want the unnormalized dn, so we can preserve
- * spacing, case, when replicating it.
- */
-- (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &te );
-- if ( NULL != te ) {
-- dn = slapi_entry_get_dn( te );
-+ (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &entry );
-+ if ( NULL != entry ) {
-+ dn = slapi_entry_get_dn( entry );
- }
- break;
- case OP_DELETE:
- if (retrocl_log_deleted)
-- (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &te);
-+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry);
- break;
- case OP_MODRDN:
- /* newrdn is used just for logging; no need to be normalized */
-@@ -649,13 +671,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
- (void)slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
- (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &modrdn_mods );
- (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior );
-+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &post_entry);
- break;
- }
-
- /* check if we should log change to retro changelog, and
- * if so, do it here */
-- if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, te,
-- newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) )))
-+ if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, entry,
-+ post_entry, newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) )))
- {
- slapi_log_error(SLAPI_LOG_FATAL, "retrocl-plugin",
- "retrocl_postob: operation failure [%d]\n", rc);
---
-1.9.3
-
diff --git a/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch b/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch
new file mode 100644
index 0000000..e45ee51
--- /dev/null
+++ b/SOURCES/0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch
@@ -0,0 +1,330 @@
+From e71e44e4393a803900ac79d26a91f96ad0068e59 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 23 Aug 2016 12:06:30 -0400
+Subject: [PATCH 39/45] Ticket 48964 - cleanAllRUV changelog purging
+ incorrectly processes all backends
+
+Bug Description: When the changelog was being purged of "cleaned" rids it was checking
+ all the backend changelogs, and not the one from which the
+ cleanAllRUV task originated from. This could corrupt a different
+ backend's changelog if both backends used the same RID.
+
+Fix Description: Purge the changelog associated with the backend that is specified in
+ the cleanAllRUV task. Also moved the "purging" to its own function,
+ and fixed a few compiler warnings.
+
+https://fedorahosted.org/389/ticket/48965
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit fda00435a7536c1ded72bb78a975f3370d09a3be)
+---
+ ldap/servers/plugins/replication/cl5_api.c | 162 +++++++++++++--------
+ ldap/servers/plugins/replication/cl5_api.h | 2 +-
+ .../plugins/replication/repl5_replica_config.c | 2 +-
+ 3 files changed, 106 insertions(+), 60 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
+index 3adaf86..6a09aea 100644
+--- a/ldap/servers/plugins/replication/cl5_api.c
++++ b/ldap/servers/plugins/replication/cl5_api.c
+@@ -317,7 +317,7 @@ static int _cl5CheckMissingCSN (const CSN *minCsn, const RUV *supplierRUV, CL5DB
+ static int _cl5TrimInit ();
+ static void _cl5TrimCleanup ();
+ static int _cl5TrimMain (void *param);
+-static void _cl5DoTrimming (ReplicaId rid);
++static void _cl5DoTrimming ();
+ static void _cl5CompactDBs();
+ static void _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid);
+ static int _cl5PurgeGetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key);
+@@ -3447,43 +3447,37 @@ static int _cl5TrimMain (void *param)
+ return 0;
+ }
+
+-/* We remove an entry if it has been replayed to all consumers and
+- and the number of entries in the changelog is larger than maxEntries
+- or age of the entry is larger than maxAge.
+- Also we can't purge entries which correspond to max csns in the
+- supplier's ruv. Here is a example where we can get into trouble:
+- The server is setup with time based trimming and no consumer's
+- At some point all the entries are trimmed from the changelog.
+- At a later point a consumer is added and initialized online
+- Then a change is made on the supplier.
+- To update the consumer, the supplier would attempt to locate
+- the last change sent to the consumer in the changelog and will
+- fail because the change was removed.
+-
++/*
++ * We remove an entry if it has been replayed to all consumers and the number
++ * of entries in the changelog is larger than maxEntries or age of the entry
++ * is larger than maxAge. Also we can't purge entries which correspond to max
++ * csns in the supplier's ruv. Here is a example where we can get into trouble:
++ *
++ * The server is setup with time based trimming and no consumer's
++ * At some point all the entries are trimmed from the changelog.
++ * At a later point a consumer is added and initialized online.
++ * Then a change is made on the supplier.
++ * To update the consumer, the supplier would attempt to locate the last
++ * change sent to the consumer in the changelog and will fail because the
++ * change was removed.
+ */
+-
+-static void _cl5DoTrimming (ReplicaId rid)
++static void _cl5DoTrimming ()
+ {
+ Object *obj;
+ long numToTrim;
+
+ PR_Lock (s_cl5Desc.dbTrim.lock);
+
+- /* ONREPL We trim file by file which means that some files will be
+- trimmed more often than other. We might have to fix that by, for
+- example, randomizing starting point */
++ /*
++ * We are trimming all the changelogs. We trim file by file which
++ * means that some files will be trimmed more often than other. We
++ * might have to fix that by, for example, randomizing the starting
++ * point.
++ */
+ obj = objset_first_obj (s_cl5Desc.dbFiles);
+- while (obj && (_cl5CanTrim ((time_t)0, &numToTrim) || rid))
++ while (obj && _cl5CanTrim ((time_t)0, &numToTrim))
+ {
+- if (rid){
+- /*
+- * We are cleaning an invalid rid, and need to strip it
+- * from the changelog.
+- */
+- _cl5PurgeRID (obj, rid);
+- } else {
+- _cl5TrimFile (obj, &numToTrim);
+- }
++ _cl5TrimFile (obj, &numToTrim);
+ obj = objset_next_obj (s_cl5Desc.dbFiles, obj);
+ }
+
+@@ -3495,6 +3489,43 @@ static void _cl5DoTrimming (ReplicaId rid)
+ return;
+ }
+
++/*
++ * We are purging a changelog after a cleanAllRUV task. Find the specific
++ * changelog for the backend that is being cleaned, and purge all the records
++ * with the cleaned rid.
++ */
++static void _cl5DoPurging (Replica *replica)
++{
++ ReplicaId rid = replica_get_rid(replica);
++ const Slapi_DN *sdn = replica_get_root(replica);
++ const char *replName = replica_get_name(replica);
++ char *replGen = replica_get_generation(replica);
++ char *fileName;
++ Object *obj;
++
++ PR_Lock (s_cl5Desc.dbTrim.lock);
++ fileName = _cl5MakeFileName (replName, replGen);
++ obj = objset_find(s_cl5Desc.dbFiles, _cl5CompareDBFile, fileName);
++ if (obj) {
++ /* We found our changelog, now purge it */
++ _cl5PurgeRID (obj, rid);
++ object_release (obj);
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
++ "Purged rid (%d) from suffix (%s)\n",
++ rid, slapi_sdn_get_dn(sdn));
++ } else {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "Purge rid (%d) failed to find changelog file (%s) for suffix (%s)\n",
++ rid, fileName, slapi_sdn_get_dn(sdn));
++ }
++ PR_Unlock (s_cl5Desc.dbTrim.lock);
++
++ slapi_ch_free_string(&replGen);
++ slapi_ch_free_string(&fileName);
++
++ return;
++}
++
+ /* clear free page files to reduce changelog */
+ static void
+ _cl5CompactDBs()
+@@ -4072,23 +4103,25 @@ static PRBool _cl5CanTrim (time_t time, long *numToTrim)
+ {
+ *numToTrim = 0;
+
+- if (s_cl5Desc.dbTrim.maxAge == 0 && s_cl5Desc.dbTrim.maxEntries == 0)
++ if (s_cl5Desc.dbTrim.maxAge == 0 && s_cl5Desc.dbTrim.maxEntries == 0) {
+ return PR_FALSE;
+-
++ }
+ if (s_cl5Desc.dbTrim.maxAge == 0)
+ {
+ *numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries;
+ return ( *numToTrim > 0 );
+ }
+
+- if (s_cl5Desc.dbTrim.maxEntries > 0 &&
+- (*numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries) > 0)
+- return PR_TRUE;
++ if (s_cl5Desc.dbTrim.maxEntries > 0 &&
++ (*numToTrim = cl5GetOperationCount (NULL) - s_cl5Desc.dbTrim.maxEntries) > 0) {
++ return PR_TRUE;
++ }
+
+- if (time)
++ if (time) {
+ return (current_time () - time > s_cl5Desc.dbTrim.maxAge);
+- else
+- return PR_TRUE;
++ } else {
++ return PR_TRUE;
++ }
+ }
+
+ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+@@ -4101,7 +4134,6 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+ char *pos;
+ char *agmt_name;
+
+-
+ PR_ASSERT (replGen && obj);
+
+ file = (CL5DBFile*)object_get_data (obj);
+@@ -4109,13 +4141,12 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+
+ agmt_name = get_thread_private_agmtname();
+
+- if (purge) /* read purge vector entry */
+- key.data = _cl5GetHelperEntryKey (PURGE_RUV_TIME, csnStr);
+- else /* read upper bound vector */
+- key.data = _cl5GetHelperEntryKey (MAX_RUV_TIME, csnStr);
+-
++ if (purge) { /* read purge vector entry */
++ key.data = _cl5GetHelperEntryKey (PURGE_RUV_TIME, csnStr);
++ } else { /* read upper bound vector */
++ key.data = _cl5GetHelperEntryKey (MAX_RUV_TIME, csnStr);
++ }
+ key.size = CSN_STRSIZE;
+-
+ data.flags = DB_DBT_MALLOC;
+
+ rc = file->db->get(file->db, NULL/*txn*/, &key, &data, 0);
+@@ -4125,13 +4156,13 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+ rc = _cl5ReadBervals (&vals, &pos, data.size);
+ slapi_ch_free (&(data.data));
+ if (rc != CL5_SUCCESS)
+- goto done;
++ goto done;
+
+- if (purge)
++ if (purge) {
+ rc = ruv_init_from_bervals(vals, &file->purgeRUV);
+- else
++ } else {
+ rc = ruv_init_from_bervals(vals, &file->maxRUV);
+-
++ }
+ if (rc != RUV_SUCCESS)
+ {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
+@@ -4139,7 +4170,7 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+ "RUV error %d\n", agmt_name, purge? "purge" : "upper bound", rc);
+
+ rc = CL5_RUV_ERROR;
+- goto done;
++ goto done;
+ }
+
+ /* delete the entry; it is re-added when file
+@@ -4151,7 +4182,7 @@ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge)
+
+ case DB_NOTFOUND: /* RUV is lost - need to construct */
+ rc = _cl5ConstructRUV (replGen, obj, purge);
+- goto done;
++ goto done;
+
+ default: slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "%s: _cl5ReadRUV: failed to get purge RUV; "
+@@ -6946,12 +6977,14 @@ cl5CleanRUV(ReplicaId rid){
+ slapi_rwlock_unlock (s_cl5Desc.stLock);
+ }
+
+-void trigger_cl_purging(ReplicaId rid){
++/*
++ * Create a thread to purge a changelog of cleaned RIDs
++ */
++void trigger_cl_purging(Replica *replica){
+ PRThread *trim_tid = NULL;
+
+- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_purging: rid (%d)\n",(int)rid);
+ trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread,
+- (void *)&rid, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
++ (void *)replica, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE);
+ if (NULL == trim_tid){
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+@@ -6963,19 +6996,32 @@ void trigger_cl_purging(ReplicaId rid){
+ }
+ }
+
++/*
++ * Purge a changelog of entries that originated from a particular replica(rid)
++ */
+ void
+ trigger_cl_purging_thread(void *arg){
+- ReplicaId rid = *(ReplicaId *)arg;
++ Replica *replica = (Replica *)arg;
+
+- /* make sure we have a change log, and we aren't closing it */
+- if(s_cl5Desc.dbState == CL5_STATE_CLOSED || s_cl5Desc.dbState == CL5_STATE_CLOSING){
++ /* Make sure we have a change log, and we aren't closing it */
++ if (replica == NULL ||
++ s_cl5Desc.dbState == CL5_STATE_CLOSED ||
++ s_cl5Desc.dbState == CL5_STATE_CLOSING) {
+ return;
+ }
++
++ /* Bump the changelog thread count */
+ if (CL5_SUCCESS != _cl5AddThread()) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+- "trigger_cl_purging: failed to increment thread count "
++ "trigger_cl_purging: Abort - failed to increment thread count "
+ "NSPR error - %d\n", PR_GetError ());
++ return;
+ }
+- _cl5DoTrimming(rid);
++
++ /* Purge the changelog */
++ _cl5DoPurging(replica);
+ _cl5RemoveThread();
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
++ "trigger_cl_purging: purged changelog for (%s) rid (%d)\n",
++ slapi_sdn_get_dn(replica_get_root(replica)), replica_get_rid(replica));
+ }
+diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h
+index 4c3b8e8..1a1c2f5 100644
+--- a/ldap/servers/plugins/replication/cl5_api.h
++++ b/ldap/servers/plugins/replication/cl5_api.h
+@@ -467,6 +467,6 @@ int cl5WriteRUV();
+ int cl5DeleteRUV();
+ void cl5CleanRUV(ReplicaId rid);
+ void cl5NotifyCleanup(int rid);
+-void trigger_cl_purging(ReplicaId rid);
++void trigger_cl_purging(Replica *replica);
+
+ #endif
+diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
+index 59d3374..011e4ca 100644
+--- a/ldap/servers/plugins/replication/repl5_replica_config.c
++++ b/ldap/servers/plugins/replication/repl5_replica_config.c
+@@ -1467,7 +1467,7 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not
+ /*
+ * Now purge the changelog
+ */
+- trigger_cl_purging(rid);
++ trigger_cl_purging(replica);
+
+ if (rc != RUV_SUCCESS){
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc);
+--
+2.4.11
+
diff --git a/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch b/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch
deleted file mode 100644
index d1ac778..0000000
--- a/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From a389bc3bafccb1f7bd9917a734230680e382af91 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 10 Aug 2015 10:42:40 -0400
-Subject: [PATCH] Ticket 47931 - Fix coverity issues
-
-Description: Fix coverity issues in memberof_config.c
-
- 13316 - double free
- 13315 - Dereference after null check
- 13314 - Dereference after null check
- 13313 - copy/paste error
-
-https://fedorahosted.org/389/ticket/47931
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 5daea973e4526584ee41d7b9f4b1b4993b4de6f1)
-(cherry picked from commit 9a0047ef75f6dbeb1980ac77fab5d62865c77e6a)
----
- ldap/servers/plugins/memberof/memberof_config.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
-index b4cc941..10cbd7a 100644
---- a/ldap/servers/plugins/memberof/memberof_config.c
-+++ b/ldap/servers/plugins/memberof/memberof_config.c
-@@ -316,6 +316,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- "%s: Invalid DN (%s) for include suffix.",
- MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
- slapi_ch_array_free(entry_scopes);
-+ entry_scopes = NULL;
- theConfig.entryScopeCount = 0;
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- goto done;
-@@ -341,8 +342,9 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- /* invalid dn syntax */
- PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
- "%s: Invalid DN (%s) for exclude suffix.",
-- MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_exclude_scopes[i]);
- slapi_ch_array_free(entry_exclude_scopes);
-+ entry_exclude_scopes = NULL;
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- goto done;
- }
-@@ -741,7 +743,7 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
- int num_vals = 0;
-
- dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1);
-- for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+ for(num_vals = 0; src->entryScopeExcludeSubtrees[num_vals]; num_vals++){
- dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]);
- }
- }
---
-1.9.3
-
diff --git a/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch b/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
new file mode 100644
index 0000000..8205429
--- /dev/null
+++ b/SOURCES/0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
@@ -0,0 +1,72 @@
+From 192deb3b1bf9e5f359e0468809cdd81df51af4a0 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 22 Aug 2016 22:24:51 -0700
+Subject: [PATCH 40/45] Ticket #48969 - nsslapd-auditfaillog always has an
+ explicit path
+
+Bug Description:
+In the current implementation, nsslapd-auditfaillog is not set,
+by default. Internally, the value is NULL, which let audit fail
+log share the same audit log file with nsslapd-auditlog.
+
+Once, some path is set to nsslapd-auditfaillog, it is not allowed
+to delete or set NULL or empty to it. That is, there is no way to
+go back to the default behaviour.
+
+There is another issue for the default value. Since search for
+nsslapd-auditfaillog under cn=config does not return anything,
+it is hard to find out where the failed logs are written.
+
+Fix Description:
+To solve the 2 issues, this patch changes the default value to an
+explicit path /path/to/logdir/audit.
+
+https://fedorahosted.org/389/ticket/48969
+
+Reviewed by wibrown@redhat.com (Thank you, William!)
+
+(cherry picked from commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4)
+---
+ ldap/ldif/template-dse.ldif.in | 1 +
+ ldap/servers/slapd/auditlog.c | 6 ++++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
+index 46b416b..8258b70 100644
+--- a/ldap/ldif/template-dse.ldif.in
++++ b/ldap/ldif/template-dse.ldif.in
+@@ -53,6 +53,7 @@ nsslapd-auditlog-maxlogsize: 100
+ nsslapd-auditlog-logrotationtime: 1
+ nsslapd-auditlog-logrotationtimeunit: day
+ nsslapd-auditlog-logging-enabled: off
++nsslapd-auditfaillog: %log_dir%/audit
+ nsslapd-auditfaillog-logging-enabled: off
+ nsslapd-rootdn: %rootdn%
+ nsslapd-rootpw: %ds_passwd%
+diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
+index ec7111b..85d136c 100644
+--- a/ldap/servers/slapd/auditlog.c
++++ b/ldap/servers/slapd/auditlog.c
+@@ -112,6 +112,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+ Operation *op;
+ int pbrc = 0;
+ char *auditfail_config = NULL;
++ char *audit_config = NULL;
+
+ /* if the audit log is not enabled, just skip all of
+ this stuff */
+@@ -167,8 +168,9 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+ /* log the raw, unnormalized DN */
+ dn = slapi_sdn_get_udn(sdn);
+ auditfail_config = config_get_auditfaillog();
+- if (auditfail_config == NULL || strlen(auditfail_config) == 0) {
+- /* If no auditfail log write to audit log */
++ audit_config = config_get_auditlog();
++ if (auditfail_config == NULL || strlen(auditfail_config) == 0 || PL_strcasecmp(auditfail_config, audit_config) == 0) {
++ /* If no auditfail log or "auditfaillog" == "auditlog", write to audit log */
+ write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
+ } else {
+ /* If we have our own auditfail log path */
+--
+2.4.11
+
diff --git a/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch b/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch
deleted file mode 100644
index 9a24344..0000000
--- a/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From a6532aa364e350224dcace082484a7cc58d678dc Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 10 Aug 2015 12:19:00 -0400
-Subject: [PATCH 41/45] Ticket 47686 - removing chaining database links trigger
- valgrind read errors
-
-Bug Description: Plugins that remove their dse callback from the dse callback
- function lead to invalid reads in dse_call_callback().
-
-Fix Description: In dse_call_callback(), save the pointers to the next callback,
- and its plugin, before we call the callback function. So in
- case the callback function removes itself, we are not accessing
- the freed callback pointer later on.
-
-https://fedorahosted.org/389/ticket/47686
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit a799c4670f2e6f6be1fc9a2828dc4a0f738d3021)
-(cherry picked from commit 29c669e43e16611a290e1c82dfdcf5b51903319e)
----
- ldap/servers/slapd/dse.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
-index 61e2629..e8e393b 100644
---- a/ldap/servers/slapd/dse.c
-+++ b/ldap/servers/slapd/dse.c
-@@ -2607,18 +2607,21 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags,
-
- if (pdse->dse_callback != NULL) {
- struct dse_callback *p = pdse->dse_callback;
-+ struct dse_callback *next = NULL;
- int result = SLAPI_DSE_CALLBACK_OK;
-
- while (p != NULL) {
-+ next = p->next;
- if ((p->operation & operation) && (p->flags & flags)) {
- if(slapi_sdn_scope_test(slapi_entry_get_sdn_const(entryBefore), p->base, p->scope)){
- if(NULL == p->slapifilter || slapi_vattr_filter_test(pb, entryBefore, p->slapifilter, 0) == 0){
-+ struct slapdplugin *plugin = p->plugin;
- int plugin_started = 1;
-
-- if(p->plugin){
-+ if(plugin){
- /* this is a plugin callback, update the operation counter */
-- slapi_plugin_op_started(p->plugin);
-- if(!p->plugin->plg_started){
-+ slapi_plugin_op_started(plugin);
-+ if(!plugin->plg_started){
- /* must be a task function being called */
- result = SLAPI_DSE_CALLBACK_ERROR;
- PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-@@ -2633,11 +2636,11 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags,
- if(result < rc){
- rc = result;
- }
-- slapi_plugin_op_finished(p->plugin);
-+ slapi_plugin_op_finished(plugin);
- }
- }
- }
-- p = p->next;
-+ p = next;
- }
- }
- return rc;
---
-1.9.3
-
diff --git a/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch b/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch
new file mode 100644
index 0000000..3fed75f
--- /dev/null
+++ b/SOURCES/0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch
@@ -0,0 +1,35 @@
+From 755a15ebafb8ae98cef681512d3ab3ef0470e11d Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 23 Aug 2016 14:18:32 -0700
+Subject: [PATCH 41/45] Ticket #48967 - passwordMinAge attribute doesn't limit
+ the minimum age of the password
+
+Description: There was a logic error in check_pw_minage. Password-
+MinAge was ignored by the error. This patch fixes the logic error.
+
+https://fedorahosted.org/389/ticket/48967
+
+Reviewed and tested by wibrown@redhat.com and spichugi@redhat.com.
+(Thank you, William and Simon!)
+
+(cherry picked from commit 790e723e4f30b3d245535ce7a9d5d00477878341)
+---
+ ldap/servers/slapd/pw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 6b865ec..7469b9e 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -729,7 +729,7 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals)
+ pwpolicy = new_passwdPolicy(pb, dn);
+ slapi_pblock_get ( pb, SLAPI_PWPOLICY, &pwresponse_req );
+
+- if (!pb->pb_op->o_isroot && !pwpolicy->pw_minage) {
++ if (!pb->pb_op->o_isroot && pwpolicy->pw_minage) {
+
+ Slapi_Entry *e;
+ char *passwordAllowChangeTime;
+--
+2.4.11
+
diff --git a/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch b/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
deleted file mode 100644
index 067ca01..0000000
--- a/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
+++ /dev/null
@@ -1,1250 +0,0 @@
-From 9075d78f6878907f676fda1062779c921b23ae59 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 10 Aug 2015 17:04:25 -0700
-Subject: [PATCH 42/45] Ticket #47511 - bashisms in 389-ds-base admin scripts
-
-Description by mvocu (Thank you):
-The shell scripts in 389-ds-base/ldap/admin/src/scripts use 'source'
-to source common scripts; the 'source' keyword is bash-specific (or
-c-shell, if memory serves). The interpreter is set to /bin/sh, which
-is not guaranteed to be bash (and at least on Debian 7.1 it is dash).
-The 'source' keyword can be replaced by '.', which should work.
-
-The patch was provided by tjaalton@ubuntu.com (Thank you, Timo!).
-
-https://fedorahosted.org/389/ticket/47511
-
-Reviewed and tested by nhosoi@redhat.com.
-
-(cherry picked from commit 2ce7a7334bcb89e47c0f5c544144aec37010a5b9)
-(cherry picked from commit 49245911410cdd04bc53b00d8973c26defa5a37b)
----
- ldap/admin/src/initconfig.in | 4 +-
- ldap/admin/src/scripts/DSSharedLib.in | 92 +++++++++++++++----------------
- ldap/admin/src/scripts/bak2db.in | 23 ++++----
- ldap/admin/src/scripts/db2bak.in | 7 +--
- ldap/admin/src/scripts/db2index.in | 4 +-
- ldap/admin/src/scripts/db2ldif.in | 22 ++++----
- ldap/admin/src/scripts/dbverify.in | 6 +-
- ldap/admin/src/scripts/dn2rdn.in | 4 +-
- ldap/admin/src/scripts/ldif2db.in | 4 +-
- ldap/admin/src/scripts/ldif2ldap.in | 46 ++++++++--------
- ldap/admin/src/scripts/monitor.in | 44 +++++++--------
- ldap/admin/src/scripts/restart-dirsrv.in | 2 +-
- ldap/admin/src/scripts/restoreconfig.in | 4 +-
- ldap/admin/src/scripts/saveconfig.in | 6 +-
- ldap/admin/src/scripts/start-dirsrv.in | 16 +++---
- ldap/admin/src/scripts/stop-dirsrv.in | 14 ++---
- ldap/admin/src/scripts/suffix2instance.in | 6 +-
- ldap/admin/src/scripts/upgradedb.in | 4 +-
- ldap/admin/src/scripts/upgradednformat.in | 6 +-
- ldap/admin/src/scripts/vlvindex.in | 4 +-
- rpm/389-ds-base-git.sh | 2 +-
- rpm/add_patches.sh | 4 +-
- rpm/rpmverrel.sh | 2 +-
- wrappers/initscript.in | 26 +++------
- wrappers/ldap-agent-initscript.in | 28 ++++------
- 25 files changed, 181 insertions(+), 199 deletions(-)
-
-diff --git a/ldap/admin/src/initconfig.in b/ldap/admin/src/initconfig.in
-index 134e82c..7afa315 100644
---- a/ldap/admin/src/initconfig.in
-+++ b/ldap/admin/src/initconfig.in
-@@ -2,11 +2,11 @@
- OS=`uname -s`
- # use the new mt slab memory allocator on Solaris
- # this requires Solaris 9 update 3 or later
--if [ "$OS" = "SunOS" -a -f /usr/lib/libumem.so ] ; then
-+if [ "$OS" = "SunOS" ] && [ -f /usr/lib/libumem.so ] ; then
- LD_PRELOAD=/usr/lib/libumem.so
- export LD_PRELOAD
- fi
--if [ "$OS" = "SunOS" -a -f /usr/lib/64/libumem.so ] ; then
-+if [ "$OS" = "SunOS" ] && [ -f /usr/lib/64/libumem.so ] ; then
- LD_PRELOAD_64=/usr/lib/64/libumem.so
- export LD_PRELOAD_64
- fi
-diff --git a/ldap/admin/src/scripts/DSSharedLib.in b/ldap/admin/src/scripts/DSSharedLib.in
-index 3683696..8317c58 100644
---- a/ldap/admin/src/scripts/DSSharedLib.in
-+++ b/ldap/admin/src/scripts/DSSharedLib.in
-@@ -98,13 +98,13 @@ get_init_file()
- do
- inst_count=`expr $inst_count + 1`
- id=`normalize_server_id $configfile`
-- if [ -n "$servid" -a "$id" = "$servid" ]
-+ if [ -n "$servid" ] && [ "$id" = "$servid" ]
- then
- # found it
- echo $configfile
- exit 0
- fi
-- if [ $first == "yes" ]
-+ if [ $first = "yes" ]
- then
- instances=$id
- first="no"
-@@ -114,7 +114,7 @@ get_init_file()
- done
-
- # server id not provided, check if there is only one instance
-- if [ -z "$servid" -a $inst_count -eq 1 ]
-+ if [ -z "$servid" ] && [ $inst_count -eq 1 ]
- then
- # return the file
- echo $configfile
-@@ -135,48 +135,44 @@ process_dse ()
- configdir=$1
- pid=$2
- file="$configdir/dse.ldif"
-- shopt -s nocasematch
-- OLD_IFC=$IFC
-+ OLD_IFS=$IFS
- IFS=""
- while read -r LINE
- do
-- if [[ $LINE != \ * ]] && [ "$output" != "" ]
-+ case $LINE in
-+ ' '*)
-+ ;;
-+ *)
-+ if [ -n "$output" ]
-+ then
-+ echo "$output" >> /tmp/DSSharedLib.$pid
-+ output=""
-+ fi
-+ ;;
-+ esac
-+ if [ -n "$output" ]
- then
-- echo "$output" >> /tmp/DSSharedLib.$pid
-- output=""
-- fi
-- if [ "$output" != "" ] && [[ $LINE == \ * ]]
-- then
-- # continuation line, strip the space and append it
-- LINE=`echo "$LINE" | sed -e 's/^ //'`
-- output=$output$LINE
-- elif [[ $LINE == nsslapd-port* ]]
-- then
-- output=$LINE;
-- elif [[ $LINE == nsslapd-localhost* ]]
-- then
-- output=$LINE;
-- elif [[ $LINE == nsslapd-securePort* ]]
-- then
-- output=$LINE;
-- elif [[ $LINE == nsslapd-security* ]]
-- then
-- output=$LINE;
-- elif [[ $LINE == nsslapd-ldapilisten* ]]
-- then
-- output=$LINE;
-- elif [[ $LINE == nsslapd-ldapifilepath* ]]
-- then
-- output=$LINE;
-- elif [[ $LINE == nsslapd-rootdn* ]]
-- then
-- output=$LINE;
-- elif [[ $LINE == nsslapd-ldapiautobind* ]]
-- then
-- output=$LINE;
-- elif [[ $LINE == nsslapd-certdir* ]]
-- then
-- output=$LINE;
-+ case $LINE in
-+ ' '*)
-+ # continuation line, strip the space and append it
-+ LINE=`echo "$LINE" | sed -e 's/^ //'`
-+ output=$output$LINE
-+ ;;
-+ esac
-+ else
-+ case $LINE in
-+ nsslapd-certdir*|\
-+ nsslapd-ldapiautobind*|\
-+ nsslapd-ldapilisten*|\
-+ nsslapd-ldapifilepath*|\
-+ nsslapd-localhost*|\
-+ nsslapd-port*|\
-+ nsslapd-rootdn*|\
-+ nsslapd-securePort*|\
-+ nsslapd-security*)
-+ output=$LINE
-+ ;;
-+ esac
- fi
-
- done < $file
-@@ -194,19 +190,19 @@ check_protocol ()
- ldapi=$3
- openldap=$4
-
-- if [ "$protocol" == "LDAPI" ] && [ "$openldap" != "yes" ]; then
-+ if [ "$protocol" = "LDAPI" ] && [ "$openldap" != "yes" ]; then
- echo ""
- exit
-- elif [ "$protocol" == "LDAPI" ] && [ "$ldapi" == "off" ]; then
-+ elif [ "$protocol" = "LDAPI" ] && [ "$ldapi" = "off" ]; then
- echo ""
- exit
-- elif [ "$protocol" == "STARTTLS" ]; then
-- if [ "$security" == "" ] || [ "$security" == "off" ]; then
-+ elif [ "$protocol" = "STARTTLS" ]; then
-+ if [ -z "$security" ] || [ "$security" = "off" ]; then
- echo ""
- exit
- fi
-- elif [ "$protocol" == "LDAPS" ]; then
-- if [ "$security" == "" ] || [ "$security" == "off" ]; then
-+ elif [ "$protocol" = "LDAPS" ]; then
-+ if [ -z "$security" ] || [ "$security" = "off" ]; then
- echo ""
- exit
- fi
-@@ -224,4 +220,4 @@ check_protocol ()
- fi
-
- echo "$protocol"
--}
-\ No newline at end of file
-+}
-diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in
-index f0cede4..a2e54cc 100755
---- a/ldap/admin/src/scripts/bak2db.in
-+++ b/ldap/admin/src/scripts/bak2db.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -26,15 +26,18 @@ if [ $# -lt 1 ] || [ $# -gt 7 ]
- then
- usage
- exit 1
--elif [[ $1 == -* ]]
--then
-- usage
-- exit 1
--else
-- archivedir=$1
-- shift
- fi
--
-+case $1 in
-+ -*)
-+ usage
-+ exit 1
-+ ;;
-+ *)
-+ archivedir=$1
-+ shift
-+ ;;
-+esac
-+
- while getopts "hn:Z:qd:vi:a:SD:" flag
- do
- case $flag in
-@@ -55,7 +58,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in
-index dacd7b0..1896c19 100755
---- a/ldap/admin/src/scripts/db2bak.in
-+++ b/ldap/admin/src/scripts/db2bak.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -26,7 +26,6 @@ then
- usage
- exit 1
- fi
--
- if [ "$#" -gt 0 ]
- then
- if [[ $1 != -* ]]
-@@ -56,7 +55,7 @@ done
-
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-@@ -67,7 +66,7 @@ fi
- servid=`normalize_server_id $initfile`
- . $initfile
-
--if [ -z $bak_dir ]
-+if [ -z "$bak_dir" ]
- then
- bak_dir=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H_%M_%S`
- fi
-diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
-index a1321ea..2b76cd1 100755
---- a/ldap/admin/src/scripts/db2index.in
-+++ b/ldap/admin/src/scripts/db2index.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -59,7 +59,7 @@ then
- fi
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in
-index d7e0ff0..fcf73a0 100755
---- a/ldap/admin/src/scripts/db2ldif.in
-+++ b/ldap/admin/src/scripts/db2ldif.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -39,7 +39,7 @@ make_ldiffile()
- be=""
- while [ "$1" != "" ]
- do
-- if [ "$1" = "-a" ]; then
-+ if [ "x$1" = "x-a" ]; then
- shift
- if [ `expr "$1" : "/.*"` -gt 0 ]; then
- if [ `expr "$1" : "/.*"` -gt 0 ]; then
-@@ -56,17 +56,17 @@ make_ldiffile()
- shift
- return 0
- fi
-- elif [ "$1" = "-n" ]; then
-+ elif [ "x$1" = "x-n" ]; then
- shift
-- if [ "$be" = "" ]; then
-+ if [ -z "$be" ]; then
- be="$1"
- else
- tmpbe="$be"
- be="${tmpbe}-$1"
- fi
-- elif [ "$1" = "-s" ]; then
-+ elif [ "x$1" = "x-s" ]; then
- shift
-- if [ "$1" != "" ]; then
-+ if [ -n "$1" ]; then
- rdn=`echo $1 | awk -F, '{print $1}'`
- rdnval=`echo $rdn | awk -F= '{print $2}'`
- if [ "$be" = "" ]; then
-@@ -76,15 +76,15 @@ make_ldiffile()
- be="${tmpbe}-$rdnval"
- fi
- fi
-- elif [ "$1" = "-M" ]; then
-+ elif [ "x$1" = "x-M" ]; then
- be=""
- fi
-- if [ "$1" != "" ]; then
-+ if [ -n "$1" ]; then
- shift
- fi
- done
-
-- if [ "$be" = "" ]; then
-+ if [ -z "$be" ]; then
- echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-`date +%Y_%m_%d_%H%M%S`.ldif
- else
- echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-${be}-`date +%Y_%m_%d_%H%M%S`.ldif
-@@ -92,7 +92,7 @@ make_ldiffile()
- return 0
- }
-
--if [ "$#" -lt 2 ];
-+if [ $# -lt 2 ];
- then
- usage
- exit 1
-@@ -137,7 +137,7 @@ then
- fi
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
-index 461cc16..bbacc17 100755
---- a/ldap/admin/src/scripts/dbverify.in
-+++ b/ldap/admin/src/scripts/dbverify.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -47,7 +47,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-@@ -58,7 +58,7 @@ fi
- . $initfile
-
- @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
--if [ $display_version == "yes" ]; then
-+if [ $display_version = "yes" ]; then
- exit 0
- fi
- if [ $? -eq 0 ]; then
-diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in
-index 32a70c8..616969a 100755
---- a/ldap/admin/src/scripts/dn2rdn.in
-+++ b/ldap/admin/src/scripts/dn2rdn.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -39,7 +39,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in
-index ce15349..a34241a 100755
---- a/ldap/admin/src/scripts/ldif2db.in
-+++ b/ldap/admin/src/scripts/ldif2db.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -82,7 +82,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/ldif2ldap.in b/ldap/admin/src/scripts/ldif2ldap.in
-index 874b1bb..1e871be 100755
---- a/ldap/admin/src/scripts/ldif2ldap.in
-+++ b/ldap/admin/src/scripts/ldif2ldap.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@ldapsdk_libdir@"
- libpath_add "@libdir@"
-@@ -40,14 +40,14 @@ do
- esac
- done
-
--if [ "$input_file" == "" ]
-+if [ -z "$input_file" ]
- then
- usage
- exit 1
- fi
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-@@ -67,13 +67,13 @@ ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
- ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
- certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
- autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
--if [ "$rootdn" == "" ]; then
-+if [ -z "$rootdn" ]; then
- value=$(grep -i 'nsslapd-rootdn' $file)
- rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
- fi
- rm $file
-
--if [ "$ldapiURL" != "" ]; then
-+if [ -n "$ldapiURL" ]; then
- ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
- ldapiURL="ldapi://"$ldapiURL
- fi
-@@ -86,7 +86,7 @@ then
- export LDAPTLS_CACERTDIR=$certdir
- fi
-
--if [ -z $security ]; then
-+if [ -z "$security" ]; then
- security="off"
- fi
- revised_protocol=$(check_protocol $protocol $security $ldapi $openldap)
-@@ -99,12 +99,12 @@ protocol=$revised_protocol
- #
- # STARTTLS
- #
--if [ "$security" == "on" ]; then
-- if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then
-- if [ "$error" == "yes" ]; then
-+if [ "$security" = "on" ]; then
-+ if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(STARTTLS)"
- fi
-- if [ "$openldap" == "yes" ]; then
-+ if [ "$openldap" = "yes" ]; then
- ldapmodify -x -ZZ -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
- else
- ldapmodify -ZZZ -P $certdir -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
-@@ -116,12 +116,12 @@ fi
- #
- # LDAPS
- #
--if [ "$security" == "on" ]; then
-- if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then
-- if [ "$error" == "yes" ]; then
-+if [ "$security" = "on" ]; then
-+ if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(LDAPS)"
- fi
-- if [ "$openldap" == "yes" ]; then
-+ if [ "$openldap" = "yes" ]; then
- ldapmodify -x -H "ldaps://$host:$secure_port" -D $rootdn -w $passwd -a -f $input_file
- else
- ldapmodify -Z -P $certdir -p $secure_port -h $host -D $rootdn -w $passwd -a -f $input_file
-@@ -133,21 +133,21 @@ fi
- #
- # LDAPI
- #
--if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then
-- if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then
-- if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then
-- if [ "$error" == "yes" ]; then
-+if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then
-+ if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then
-+ if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
- fi
- ldapmodify -H $ldapiURL -Y EXTERNAL -a -f $input_file 2>/dev/null
- else
-- if [ "$error" == "yes" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(LDAPI)"
- fi
- ldapmodify -x -H $ldapiURL -D $rootdn -w $passwd -a -f $input_file
- fi
- rc=$?
-- if [ $rc != 0 ]
-+ if [ $rc -ne 0 ]
- then
- echo "Operation failed (error $rc)"
- fi
-@@ -158,11 +158,11 @@ fi
- #
- # LDAP
- #
--if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then
-- if [ "$error" == "yes" ]; then
-+if [ "$protocol" = "LDAP" ] || [ -z "$protocol" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(LDAP)"
- fi
-- if [ "$openldap" == "yes" ]; then
-+ if [ "$openldap" = "yes" ]; then
- ldapmodify -x -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
- else
- ldapmodify -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
-diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in
-index 7b2058b..36a2fc9 100755
---- a/ldap/admin/src/scripts/monitor.in
-+++ b/ldap/admin/src/scripts/monitor.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@ldapsdk_libdir@"
-@@ -41,7 +41,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-@@ -66,17 +66,17 @@ ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
- ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
- certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
- autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
--if [ "$rootdn" == "" ]; then
-+if [ -z "$rootdn" ]; then
- value=$(grep -i 'nsslapd-rootdn' $file)
- rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
- fi
- rm $file
-
--if [ "$passwd" != "" ]; then
-+if [ -n "$passwd" ]; then
- dn="-D $rootdn"
- passwd="-w$passwd"
- fi
--if [ "$ldapiURL" != "" ]
-+if [ -n "$ldapiURL" ]
- then
- ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
- ldapiURL="ldapi://"$ldapiURL
-@@ -103,12 +103,12 @@ protocol=$revised_protocol
- #
- # STARTTLS
- #
--if [ "$security" == "on" ]; then
-- if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then
-- if [ "$error" == "yes" ]; then
-+if [ "$security" = "on" ]; then
-+ if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(STARTTLS)"
- fi
-- if [ "$openldap" == "yes" ]; then
-+ if [ "$openldap" = "yes" ]; then
- ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
- else
- ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-@@ -120,12 +120,12 @@ fi
- #
- # LDAPS
- #
--if [ "$security" == "on" ]; then
-- if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then
-- if [ "$error" == "yes" ]; then
-+if [ "$security" = "on" ]; then
-+ if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(LDAPS)"
- fi
-- if [ "$openldap" == "yes" ]; then
-+ if [ "$openldap" = "yes" ]; then
- ldapsearch -x -LLL -H "ldaps://$host:$secure_port" -b "$MDN" -s base $dn $passwd "objectClass=*"
- else
- ldapsearch -Z -P $certdir -p $secure_port -b "$MDN" -s base $dn $passwd "objectClass=*"
-@@ -137,15 +137,15 @@ fi
- #
- # LDAPI
- #
--if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then
-- if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then
-- if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then
-- if [ "$error" == "yes" ]; then
-+if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then
-+ if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then
-+ if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
- fi
- ldapsearch -LLL -H "$ldapiURL" -b "$MDN" -s base -Y EXTERNAL "objectClass=*" 2>/dev/null
- else
-- if [ "$error" == "yes" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(LDAPI)"
- fi
- ldapsearch -x -LLL -H "$ldapiURL" -b "$MDN" -s base $dn $passwd "objectClass=*"
-@@ -157,14 +157,14 @@ fi
- #
- # LDAP
- #
--if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then
-- if [ "$error" == "yes" ]; then
-+if [ "$protocol" = "LDAP" ] || [ "$protocol" = "" ]; then
-+ if [ "$error" = "yes" ]; then
- echo "Using the next most secure protocol(LDAP)"
- fi
-- if [ "$openldap" == "yes" ]; then
-+ if [ "$openldap" = "yes" ]; then
- ldapsearch -x -LLL -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
- else
- ldapsearch -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-- fi
-+ fi
- exit $?
- fi
-diff --git a/ldap/admin/src/scripts/restart-dirsrv.in b/ldap/admin/src/scripts/restart-dirsrv.in
-index 130e06e..e86a24c 100644
---- a/ldap/admin/src/scripts/restart-dirsrv.in
-+++ b/ldap/admin/src/scripts/restart-dirsrv.in
-@@ -7,7 +7,7 @@
- # 2: Server started successfully (was not running)
- # 3: Server could not be stopped
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- restart_instance() {
- SERV_ID=$1
-diff --git a/ldap/admin/src/scripts/restoreconfig.in b/ldap/admin/src/scripts/restoreconfig.in
-index 9bb1acf..56c9e43 100755
---- a/ldap/admin/src/scripts/restoreconfig.in
-+++ b/ldap/admin/src/scripts/restoreconfig.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@nss_libdir@"
-@@ -31,7 +31,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/saveconfig.in b/ldap/admin/src/scripts/saveconfig.in
-index 65d80f3..16e3efc 100755
---- a/ldap/admin/src/scripts/saveconfig.in
-+++ b/ldap/admin/src/scripts/saveconfig.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@libdir@"
-@@ -31,7 +31,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-@@ -45,7 +45,7 @@ servid=`normalize_server_id $initfile`
- echo saving configuration...
- conf_ldif=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H%M%S`.ldif
- @sbindir@/ns-slapd db2ldif -N -D $CONFIG_DIR -s "o=NetscapeRoot" -a $conf_ldif -n NetscapeRoot 2>&1
--if [ "$?" -ge 1 ]
-+if [ $? -ge 1 ]
- then
- echo Error occurred while saving configuration
- exit 1
-diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in
-index 481797d..458f0e8 100755
---- a/ldap/admin/src/scripts/start-dirsrv.in
-+++ b/ldap/admin/src/scripts/start-dirsrv.in
-@@ -6,7 +6,7 @@
- # 1: Server could not be started
- # 2: Server already running
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- # Starts a single instance
- start_instance() {
-@@ -44,7 +44,7 @@ start_instance() {
- STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid
- if test -f $STARTPIDFILE ; then
- PID=`cat $STARTPIDFILE`
-- if kill -0 $PID > /dev/null 2>&1 ; then
-+ if kill -s 0 $PID > /dev/null 2>&1 ; then
- echo There is an ns-slapd process already running: $PID
- return 2;
- else
-@@ -53,7 +53,7 @@ start_instance() {
- fi
- if test -f $PIDFILE ; then
- PID=`cat $PIDFILE`
-- if kill -0 $PID > /dev/null 2>&1 ; then
-+ if kill -s 0 $PID > /dev/null 2>&1 ; then
- echo There is an ns-slapd running: $PID
- return 2;
- else
-@@ -64,7 +64,7 @@ start_instance() {
- # Use systemctl if available and running as root,
- # otherwise start the instance the old way.
- #
-- if [ -d "@systemdsystemunitdir@" ] && [ "$(id -u)" == "0" ];then
-+ if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then
- @bindir@/systemctl start @package_name@@$SERV_ID.service
- if [ $? -ne 0 ]; then
- return 1
-@@ -96,7 +96,7 @@ start_instance() {
- while test $loop_counter -le $max_count; do
- loop_counter=`expr $loop_counter + 1`
- if test ! -f $PIDFILE ; then
-- if kill -0 $PID > /dev/null 2>&1 ; then
-+ if kill -s 0 $PID > /dev/null 2>&1 ; then
- sleep 1
- else
- echo Server failed to start !!! Please check errors log for problems
-@@ -123,12 +123,12 @@ do
- done
- shift $(($OPTIND-1))
-
--if [ "$initconfig_dir" = "" ]; then
-+if [ -z "$initconfig_dir" ]; then
- initconfig_dir=@initconfigdir@
- fi
-
- found=0
--if [ "$#" -eq 0 ]; then
-+if [ $# -eq 0 ]; then
- # We're starting all instances.
- ret=0
- initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; }
-@@ -137,7 +137,7 @@ if [ "$#" -eq 0 ]; then
- echo Starting instance \"$inst\"
- start_instance $inst
- rv=$?
-- if [ "$rv" -ne 0 ]; then
-+ if [ $rv -ne 0 ]; then
- ret=$rv
- fi
- done
-diff --git a/ldap/admin/src/scripts/stop-dirsrv.in b/ldap/admin/src/scripts/stop-dirsrv.in
-index 3f02e78..72e2b85 100755
---- a/ldap/admin/src/scripts/stop-dirsrv.in
-+++ b/ldap/admin/src/scripts/stop-dirsrv.in
-@@ -6,7 +6,7 @@
- # 1: Server could not be stopped
- # 2: Server was not running
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- stop_instance() {
- SERV_ID=$1
-@@ -28,7 +28,7 @@ stop_instance() {
- fi
- PID=`cat $PIDFILE`
- # see if the server is already stopped
-- kill -0 $PID > /dev/null 2>&1 || {
-+ kill -s 0 $PID > /dev/null 2>&1 || {
- echo Server not running
- if test -f $PIDFILE ; then
- rm -f $PIDFILE
-@@ -39,7 +39,7 @@ stop_instance() {
- #
- # use systemctl if running as root
- #
-- if [ -d "@systemdsystemunitdir@" ] && [ "$(id -u)" == "0" ];then
-+ if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then
- #
- # Now, check if systemctl is aware of this running instance
- #
-@@ -65,7 +65,7 @@ stop_instance() {
- max_count=600
- while test $loop_counter -le $max_count; do
- loop_counter=`expr $loop_counter + 1`
-- if kill -0 $PID > /dev/null 2>&1 ; then
-+ if kill -s 0 $PID > /dev/null 2>&1 ; then
- sleep 1;
- else
- if test -f $PIDFILE ; then
-@@ -88,11 +88,11 @@ do
- done
- shift $(($OPTIND-1))
-
--if [ "$initconfig_dir" = "" ]; then
-+if [ -z "$initconfig_dir" ]; then
- initconfig_dir=@initconfigdir@
- fi
-
--if [ "$#" -eq 0 ]; then
-+if [ $# -eq 0 ]; then
- # We're stopping all instances.
- ret=0
- initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; }
-@@ -105,7 +105,7 @@ if [ "$#" -eq 0 ]; then
- echo Stopping instance \"$inst\"
- stop_instance $inst
- rv=$?
-- if [ "$rv" -ne 0 ]; then
-+ if [ $rv -ne 0 ]; then
- ret=$rv
- fi
- done
-diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in
-index e2f73c3..7774148 100755
---- a/ldap/admin/src/scripts/suffix2instance.in
-+++ b/ldap/admin/src/scripts/suffix2instance.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@libdir@"
-@@ -32,14 +32,14 @@ do
- esac
- done
-
--if [ "$args" == "" ]
-+if [ -z "$args" ]
- then
- usage
- exit 1
- fi
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in
-index 211bdce..bf600dd 100755
---- a/ldap/admin/src/scripts/upgradedb.in
-+++ b/ldap/admin/src/scripts/upgradedb.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@libdir@"
-@@ -39,7 +39,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
- echo "Available instances: $initfile"
-diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in
-index e9d8cab..51585ae 100755
---- a/ldap/admin/src/scripts/upgradednformat.in
-+++ b/ldap/admin/src/scripts/upgradednformat.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- # upgradednformat -- upgrade DN format to the new style (RFC 4514)
- # Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory
-@@ -49,13 +49,13 @@ do
- esac
- done
-
--if [ "$be" = "" ] || [ "$dir" = "" ]; then
-+if [ -z "$be" ] || [ -z "$dir" ]; then
- usage
- exit 1
- fi
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in
-index 0b46b27..365e32f 100755
---- a/ldap/admin/src/scripts/vlvindex.in
-+++ b/ldap/admin/src/scripts/vlvindex.in
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--source @datadir@/@package_name@/data/DSSharedLib
-+. @datadir@/@package_name@/data/DSSharedLib
-
- libpath_add "@libdir@/@package_name@/"
- libpath_add "@libdir@"
-@@ -45,7 +45,7 @@ do
- done
-
- initfile=$(get_init_file "@initconfigdir@" $servid)
--if [ $? == 1 ]
-+if [ $? -eq 1 ]
- then
- usage
- echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
-diff --git a/rpm/389-ds-base-git.sh b/rpm/389-ds-base-git.sh
-index e5aaa8a..1a38da1 100644
---- a/rpm/389-ds-base-git.sh
-+++ b/rpm/389-ds-base-git.sh
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
-
- DATE=`date +%Y%m%d`
- # use a real tag name here
-diff --git a/rpm/add_patches.sh b/rpm/add_patches.sh
-index 690d0b2..31823d5 100755
---- a/rpm/add_patches.sh
-+++ b/rpm/add_patches.sh
-@@ -1,6 +1,6 @@
- #!/bin/sh
-
--function usage()
-+usage()
- {
- echo "Adds patches to a specfile"
- echo ""
-@@ -51,5 +51,5 @@ for p in $patches; do
- sed -i -e "/${prefix}/a Patch${i}: ${p}" -e "/$prepprefix/a %patch${i} -p1" $specfile
- prefix="Patch${i}:"
- prepprefix="%patch${i}"
-- i=$(($i+1))
-+ i=`expr $i + 1`
- done
-diff --git a/rpm/rpmverrel.sh b/rpm/rpmverrel.sh
-index 86b808e..06e97c7 100755
---- a/rpm/rpmverrel.sh
-+++ b/rpm/rpmverrel.sh
-@@ -6,7 +6,7 @@ srcdir=`pwd`
-
- # Source VERSION.sh to set the version
- # and release environment variables.
--source ./VERSION.sh
-+. ./VERSION.sh
-
- if [ "$1" = "version" ]; then
- echo $RPM_VERSION
-diff --git a/wrappers/initscript.in b/wrappers/initscript.in
-index ad4ea2b..fa79dbd 100644
---- a/wrappers/initscript.in
-+++ b/wrappers/initscript.in
-@@ -32,28 +32,20 @@ then
- fi
- fi
-
--# figure out which echo we're using
--ECHO_N=`echo -n`
--
--# some shells echo cannot use -n - linux echo by default cannot use \c
- echo_n()
- {
-- if [ "$ECHO_N" = '-n' ] ; then
-- echo "$*\c"
-- else
-- echo -n "$*"
-- fi
-+ printf '%s' "$*"
- }
-
- # failure and success are not defined on some platforms
--type failure > /dev/null 2>&1 || {
-+which failure > /dev/null 2>&1 || {
- failure()
- {
- echo_n " FAILED"
- }
- }
-
--type success > /dev/null 2>&1 || {
-+which success > /dev/null 2>&1 || {
- success()
- {
- echo_n " SUCCESS"
-@@ -178,7 +170,7 @@ start() {
- pid=`cat $pidfile`
- instlockfile="@localstatedir@/lock/@package_name@/slapd-$instance/server/$pid"
- name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
-- if kill -0 $pid && [ $name = "ns-slapd" ]; then
-+ if kill -s 0 $pid && [ $name = "ns-slapd" ]; then
- echo_n " already running"
- success; echo
- successes=`expr $successes + 1`
-@@ -239,7 +231,7 @@ start() {
- while test $loop_counter -le $max_count ; do
- loop_counter=`expr $loop_counter + 1`
- if test ! -f $pidfile ; then
-- if kill -0 $pid > /dev/null 2>&1 ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 ; then
- sleep 1
- else
- break
-@@ -249,7 +241,7 @@ start() {
- break
- fi
- done
-- if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
- success; echo
- successes=`expr $successes + 1`
- else
-@@ -278,7 +270,7 @@ stop() {
- if [ -f $pidfile ]; then
- pid=`cat $pidfile`
- server_stopped=0
-- if kill -0 $pid > /dev/null 2>&1 ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 ; then
- kill $pid
- if [ $? -eq 0 ]; then
- server_stopped=1
-@@ -297,7 +289,7 @@ stop() {
- max_count=600
- while test $loop_counter -le $max_count; do
- loop_counter=`expr $loop_counter + 1`
-- if kill -0 $pid > /dev/null 2>&1 ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 ; then
- sleep 1
- else
- if test -f $pidfile ; then
-@@ -339,7 +331,7 @@ status() {
- for instance in $INSTANCES; do
- if [ -f $piddir/slapd-$instance.pid ]; then
- pid=`cat $piddir/slapd-$instance.pid`
-- if kill -0 $pid > /dev/null 2>&1 ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 ; then
- echo "$prog $instance (pid $pid) is running..."
- else
- echo "$prog $instance dead but pid file exists"
-diff --git a/wrappers/ldap-agent-initscript.in b/wrappers/ldap-agent-initscript.in
-index dd8ee97..b7aa4fe 100644
---- a/wrappers/ldap-agent-initscript.in
-+++ b/wrappers/ldap-agent-initscript.in
-@@ -31,28 +31,20 @@ then
- fi
- fi
-
--# figure out which echo we're using
--ECHO_N=`echo -n`
--
--# some shells echo cannot use -n - linux echo by default cannot use \c
- echo_n()
- {
-- if [ "$ECHO_N" = '-n' ] ; then
-- echo "$*\c"
-- else
-- echo -n "$*"
-- fi
-+ printf '%s' "$*"
- }
-
- # failure and success are not defined on some platforms
--type failure > /dev/null 2>&1 || {
-+which failure > /dev/null 2>&1 || {
- failure()
- {
- echo_n " FAILED"
- }
- }
-
--type success > /dev/null 2>&1 || {
-+which success > /dev/null 2>&1 || {
- success()
- {
- echo_n " SUCCESS"
-@@ -92,7 +84,7 @@ start() {
- if [ -f $pidfile ]; then
- pid=`cat $pidfile`
- name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
-- if kill -0 $pid && [ $name = "$processname" ]; then
-+ if kill -s 0 $pid && [ $name = "$processname" ]; then
- echo_n " already running"
- success; echo
- subagent_running=1
-@@ -121,7 +113,7 @@ start() {
- while test $loop_counter -le $max_count ; do
- loop_counter=`expr $loop_counter + 1`
- if test ! -f $pidfile ; then
-- if kill -0 $pid > /dev/null 2>&1 ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 ; then
- sleep 1
- else
- break
-@@ -131,7 +123,7 @@ start() {
- break
- fi
- done
-- if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
- success; echo
- else
- failure; echo
-@@ -147,7 +139,7 @@ stop() {
- if [ -f $pidfile ]; then
- pid=`cat $pidfile`
- subagent_stopped=0
-- if kill -0 $pid > /dev/null 2>&1 ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 ; then
- kill $pid
- if [ $? -eq 0 ]; then
- subagent_stopped=1
-@@ -164,7 +156,7 @@ stop() {
- max_count=10
- while test $loop_counter -le $max_count; do
- loop_counter=`expr $loop_counter + 1`
-- if kill -0 $pid > /dev/null 2>&1 ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 ; then
- sleep 1
- else
- if test -f $pidfile ; then
-@@ -200,7 +192,7 @@ condrestart() {
- if [ -f $pidfile ]; then
- pid=`cat $pidfile`
- name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
-- if kill -0 $pid && [ $name = "$processname" ]; then
-+ if kill -s 0 $pid && [ $name = "$processname" ]; then
- restart
- fi
- fi
-@@ -210,7 +202,7 @@ status() {
- ret=0
- if [ -f $pidfile ]; then
- pid=`cat $pidfile`
-- if kill -0 $pid > /dev/null 2>&1 ; then
-+ if kill -s 0 $pid > /dev/null 2>&1 ; then
- echo "$prog (pid $pid) is running..."
- else
- echo "$prog dead but pid file exists"
---
-1.9.3
-
diff --git a/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch b/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch
new file mode 100644
index 0000000..593e292
--- /dev/null
+++ b/SOURCES/0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch
@@ -0,0 +1,933 @@
+From 986930d491d64ce32b91ed70d452074f2963fc55 Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <spichugi@redhat.com>
+Date: Wed, 24 Aug 2016 10:08:29 +0200
+Subject: [PATCH 42/45] Ticket 48967 - Add CI test and refactor test suite
+
+Description: Add a test case to password policy test suite.
+Refactor structure of password test suite so it would become more
+logical.
+
+https://fedorahosted.org/389/ticket/48967
+
+Reviewed by: nhosoi (Thank you, Noriko!)
+
+(cherry picked from commit 6abd5f49d8e32732a97794e68f642045f16f23e3)
+---
+ .../suites/password/pwdPolicy_attribute_test.py | 339 +++++++++++++++++++++
+ .../tests/suites/password/pwdPolicy_syntax_test.py | 151 +++++++++
+ .../tests/suites/password/pwdPolicy_test.py | 151 ---------
+ .../tests/suites/password/pwd_change_policytest.py | 240 ---------------
+ 4 files changed, 490 insertions(+), 391 deletions(-)
+ create mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
+ create mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py
+ delete mode 100644 dirsrvtests/tests/suites/password/pwdPolicy_test.py
+ delete mode 100644 dirsrvtests/tests/suites/password/pwd_change_policytest.py
+
+diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
+new file mode 100644
+index 0000000..d3be7e2
+--- /dev/null
++++ b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
+@@ -0,0 +1,339 @@
++import os
++import sys
++import time
++import subprocess
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++DEBUGGING = False
++OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX)
++TEST_USER_NAME = 'simplepaged_test'
++TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE)
++TEST_USER_PWD = 'simplepaged_test'
++PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\
++ 'ou=people,dc=example,dc=com",'\
++ 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
++PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\
++ 'ou=people,dc=example,dc=com",'\
++ 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
++
++if DEBUGGING:
++ logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++ logging.getLogger(__name__).setLevel(logging.INFO)
++
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++ """The DS Topology Class"""
++ def __init__(self, standalone):
++ """Init"""
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ """Create DS Deployment"""
++
++ # Creating standalone instance ...
++ if DEBUGGING:
++ standalone = DirSrv(verbose=True)
++ else:
++ standalone = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++ instance_standalone = standalone.exists()
++ if instance_standalone:
++ standalone.delete()
++ standalone.create()
++ standalone.open()
++
++ def fin():
++ """If we are debugging just stop the instances, otherwise remove
++ them
++ """
++ if DEBUGGING:
++ standalone.stop()
++ else:
++ standalone.delete()
++
++ request.addfinalizer(fin)
++
++
++ return TopologyStandalone(standalone)
++
++
++@pytest.fixture(scope="module")
++def test_user(topology, request):
++ """User for binding operation"""
++
++ log.info('Adding user {}'.format(TEST_USER_DN))
++ try:
++ topology.standalone.add_s(Entry((TEST_USER_DN, {
++ 'objectclass': 'top person'.split(),
++ 'objectclass': 'organizationalPerson',
++ 'objectclass': 'inetorgperson',
++ 'cn': TEST_USER_NAME,
++ 'sn': TEST_USER_NAME,
++ 'userpassword': TEST_USER_PWD,
++ 'mail': '%s@redhat.com' % TEST_USER_NAME,
++ 'uid': TEST_USER_NAME
++ })))
++ except ldap.LDAPError as e:
++ log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
++ e.message['desc']))
++ raise e
++
++ def fin():
++ log.info('Deleting user {}'.format(TEST_USER_DN))
++ topology.standalone.delete_s(TEST_USER_DN)
++ request.addfinalizer(fin)
++
++
++@pytest.fixture(scope="module")
++def password_policy(topology, test_user):
++ """Set up password policy for subtree and user"""
++
++ log.info('Enable fine-grained policy')
++ try:
++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
++ 'nsslapd-pwpolicy-local',
++ 'on')])
++ except ldap.LDAPError as e:
++ log.error('Failed to set fine-grained policy: error {}'.format(
++ e.message['desc']))
++ raise e
++
++ log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
++ try:
++ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
++ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
++ '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
++ except subprocess.CalledProcessError as e:
++ log.error('Failed to create pw policy policy for {}: error {}'.format(
++ OU_PEOPLE, e.message['desc']))
++ raise e
++
++ log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE))
++ try:
++ topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE,
++ 'pwdpolicysubentry',
++ PW_POLICY_CONT_PEOPLE)])
++ except ldap.LDAPError as e:
++ log.error('Failed to pwdpolicysubentry pw policy '\
++ 'policy for {}: error {}'.format(OU_PEOPLE,
++ e.message['desc']))
++ raise e
++
++ log.info('Create password policy for subtree {}'.format(TEST_USER_DN))
++ try:
++ subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
++ '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
++ '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE])
++ except subprocess.CalledProcessError as e:
++ log.error('Failed to create pw policy policy for {}: error {}'.format(
++ TEST_USER_DN, e.message['desc']))
++ raise e
++
++ log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN))
++ try:
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'pwdpolicysubentry',
++ PW_POLICY_CONT_USER)])
++ except ldap.LDAPError as e:
++ log.error('Failed to pwdpolicysubentry pw policy '\
++ 'policy for {}: error {}'.format(TEST_USER_DN,
++ e.message['desc']))
++ raise e
++
++
++@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception',
++ [('on', 'off', ldap.UNWILLING_TO_PERFORM),
++ ('off', 'off', ldap.UNWILLING_TO_PERFORM),
++ ('off', 'on', None), ('on', 'on', None)])
++def test_change_pwd(topology, test_user, password_policy,
++ subtree_pwchange, user_pwchange, exception):
++ """Verify that 'passwordChange' attr works as expected
++ User should have a priority over a subtree.
++
++ :Feature: Password policy
++
++ :Setup: Standalone instance, test user,
++ password policy entries for a user and a subtree
++
++ :Steps: 1. Set passwordChange on the user and the subtree
++ to various combinations
++ 2. Bind as test user
++ 3. Try to change password
++
++ :Assert: Subtree/User passwordChange - result
++ off/on, on/on - success
++ on/off, off/off - UNWILLING_TO_PERFORM
++ """
++
++ log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange,
++ PW_POLICY_CONT_PEOPLE))
++ try:
++ topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE,
++ 'passwordChange',
++ subtree_pwchange)])
++ except ldap.LDAPError as e:
++ log.error('Failed to set passwordChange '\
++ 'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE,
++ e.message['desc']))
++ raise e
++
++
++ log.info('Set passwordChange to "{}" - {}'.format(user_pwchange,
++ PW_POLICY_CONT_USER))
++ try:
++ topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE,
++ 'passwordChange',
++ user_pwchange)])
++ except ldap.LDAPError as e:
++ log.error('Failed to set passwordChange '\
++ 'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
++ e.message['desc']))
++ raise e
++
++ try:
++ log.info('Bind as user and modify userPassword')
++ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++ if exception:
++ with pytest.raises(exception):
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ 'new_pass')])
++ else:
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ 'new_pass')])
++ except ldap.LDAPError as e:
++ log.error('Failed to change userpassword for {}: error {}'.format(
++ TEST_USER_DN, e.message['info']))
++ raise e
++ finally:
++ log.info('Bind as DM')
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ TEST_USER_PWD)])
++
++
++def test_pwd_min_age(topology, test_user, password_policy):
++ """If we set passwordMinAge to some value, for example to 10, then it
++ should not allow the user to change the password within 10 seconds after
++ his previous change.
++
++ :Feature: Password policy
++
++ :Setup: Standalone instance, test user,
++ password policy entries for a user and a subtree
++
++ :Steps: 1. Set passwordMinAge to 10 on the user pwpolicy entry
++ 2. Set passwordMinAge to 10 on the subtree pwpolicy entry
++ 3. Set passwordMinAge to 10 on the cn=config entry
++ 4. Bind as test user
++ 5. Try to change password two times in a row
++ 6. Wait 12 seconds
++ 7. Try to change password
++
++ :Assert: User should be not allowed to change the password
++ right after previous change - CONSTRAINT_VIOLATION
++ User should be not allowed to change the password
++ after 12 seconds passed
++ """
++
++ num_seconds = '10'
++
++ log.info('Set passwordminage to "{}" - {}'.format(num_seconds, PW_POLICY_CONT_PEOPLE))
++ try:
++ topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE,
++ 'passwordminage',
++ num_seconds)])
++ except ldap.LDAPError as e:
++ log.error('Failed to set passwordminage '\
++ 'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE,
++ e.message['desc']))
++ raise e
++
++ log.info('Set passwordminage to "{}" - {}'.format(num_seconds, PW_POLICY_CONT_USER))
++ try:
++ topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE,
++ 'passwordminage',
++ num_seconds)])
++ except ldap.LDAPError as e:
++ log.error('Failed to set passwordminage '\
++ 'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
++ e.message['desc']))
++ raise e
++
++ log.info('Set passwordminage to "{}" - {}'.format(num_seconds, DN_CONFIG))
++ try:
++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
++ 'passwordminage',
++ num_seconds)])
++ except ldap.LDAPError as e:
++ log.error('Failed to set passwordminage '\
++ 'policy for {}: error {}'.format(DN_CONFIG,
++ e.message['desc']))
++ raise e
++
++ try:
++ log.info('Bind as user and modify userPassword')
++ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ 'new_pass')])
++ except ldap.LDAPError as e:
++ log.error('Failed to change userpassword for {}: error {}'.format(
++ TEST_USER_DN, e.message['info']))
++ raise e
++
++
++ log.info('Bind as user and modify userPassword straight away after previous change')
++ topology.standalone.simple_bind_s(TEST_USER_DN, 'new_pass')
++ with pytest.raises(ldap.CONSTRAINT_VIOLATION):
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ 'new_new_pass')])
++
++ log.info('Wait {} second'.format(int(num_seconds) + 2))
++ time.sleep(int(num_seconds) + 2)
++
++ try:
++ log.info('Bind as user and modify userPassword')
++ topology.standalone.simple_bind_s(TEST_USER_DN, 'new_pass')
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ TEST_USER_PWD)])
++ except ldap.LDAPError as e:
++ log.error('Failed to change userpassword for {}: error {}'.format(
++ TEST_USER_DN, e.message['info']))
++ raise e
++ finally:
++ log.info('Bind as DM')
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++ topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
++ 'userPassword',
++ TEST_USER_PWD)])
++
++
++if __name__ == '__main__':
++ # Run isolated
++ # -s for DEBUG mode
++ CURRENT_FILE = os.path.realpath(__file__)
++ pytest.main("-s %s" % CURRENT_FILE)
+diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py
+new file mode 100644
+index 0000000..653d033
+--- /dev/null
++++ b/dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py
+@@ -0,0 +1,151 @@
++# --- BEGIN COPYRIGHT BLOCK ---
++# Copyright (C) 2015 Red Hat, Inc.
++# All rights reserved.
++#
++# License: GPL (version 3 or any later version).
++# See LICENSE for details.
++# --- END COPYRIGHT BLOCK ---
++#
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++from lib389.config import RSA, Encryption, Config
++
++DEBUGGING = False
++
++USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX
++
++if DEBUGGING:
++ logging.getLogger(__name__).setLevel(logging.DEBUG)
++else:
++ logging.getLogger(__name__).setLevel(logging.INFO)
++
++
++log = logging.getLogger(__name__)
++
++
++class TopologyStandalone(object):
++ """The DS Topology Class"""
++ def __init__(self, standalone):
++ """Init"""
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ """Create DS Deployment"""
++
++ # Creating standalone instance ...
++ if DEBUGGING:
++ standalone = DirSrv(verbose=True)
++ else:
++ standalone = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++ instance_standalone = standalone.exists()
++ if instance_standalone:
++ standalone.delete()
++ standalone.create()
++ standalone.open()
++
++ # Deploy certs
++ # This is a trick. The nss db that ships with DS is broken
++ for f in ('key3.db', 'cert8.db', 'key4.db', 'cert9.db', 'secmod.db', 'pkcs11.txt'):
++ try:
++ os.remove("%s/%s" % (topology.standalone.confdir, f ))
++ except:
++ pass
++
++ assert(standalone.nss_ssl.reinit() is True)
++ assert(standalone.nss_ssl.create_rsa_ca() is True)
++ assert(standalone.nss_ssl.create_rsa_key_and_cert() is True)
++
++ # Say that we accept the cert
++ # Connect again!
++
++ # Enable the SSL options
++ standalone.rsa.create()
++ standalone.rsa.set('nsSSLPersonalitySSL', 'Server-Cert')
++ standalone.rsa.set('nsSSLToken', 'internal (software)')
++ standalone.rsa.set('nsSSLActivation', 'on')
++
++ standalone.config.set('nsslapd-secureport', PORT_STANDALONE2)
++ standalone.config.set('nsslapd-security', 'on')
++
++ standalone.restart()
++
++
++ def fin():
++ """If we are debugging just stop the instances, otherwise remove
++ them
++ """
++ if DEBUGGING:
++ standalone.stop()
++ else:
++ standalone.delete()
++
++ request.addfinalizer(fin)
++
++ # Clear out the tmp dir
++ standalone.clearTmpDir(__file__)
++
++ return TopologyStandalone(standalone)
++
++def _create_user(inst):
++ inst.add_s(Entry((
++ USER_DN, {
++ 'objectClass': 'top account simplesecurityobject'.split(),
++ 'uid': 'user',
++ 'userpassword': 'password'
++ })))
++
++
++def test_pwdPolicy_constraint(topology):
++ '''
++ Password policy test: Ensure that on a password change, the policy is
++ enforced correctly.
++ '''
++
++ # Create a user
++ _create_user(topology.standalone)
++ # Set the password policy globally
++ topology.standalone.config.set('passwordMinLength', '10')
++ topology.standalone.config.set('passwordMinDigits', '2')
++ topology.standalone.config.set('passwordCheckSyntax', 'on')
++ topology.standalone.config.set('nsslapd-pwpolicy-local', 'off')
++ # Now open a new ldap connection with TLS
++ userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE))
++ userconn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap. OPT_X_TLS_NEVER )
++ userconn.start_tls_s()
++ userconn.simple_bind_s(USER_DN, 'password')
++ # This should have an exception!
++ try:
++ userconn.passwd_s(USER_DN, 'password', 'password1')
++ assert(False)
++ except ldap.CONSTRAINT_VIOLATION:
++ assert(True)
++ # Change the password to something invalid!
++
++
++if __name__ == '__main__':
++ # Run isolated
++ # -s for DEBUG mode
++ CURRENT_FILE = os.path.realpath(__file__)
++ pytest.main("-s %s" % CURRENT_FILE)
+diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_test.py
+deleted file mode 100644
+index 653d033..0000000
+--- a/dirsrvtests/tests/suites/password/pwdPolicy_test.py
++++ /dev/null
+@@ -1,151 +0,0 @@
+-# --- BEGIN COPYRIGHT BLOCK ---
+-# Copyright (C) 2015 Red Hat, Inc.
+-# All rights reserved.
+-#
+-# License: GPL (version 3 or any later version).
+-# See LICENSE for details.
+-# --- END COPYRIGHT BLOCK ---
+-#
+-import os
+-import sys
+-import time
+-import ldap
+-import logging
+-import pytest
+-from lib389 import DirSrv, Entry, tools, tasks
+-from lib389.tools import DirSrvTools
+-from lib389._constants import *
+-from lib389.properties import *
+-from lib389.tasks import *
+-
+-logging.getLogger(__name__).setLevel(logging.DEBUG)
+-log = logging.getLogger(__name__)
+-
+-from lib389.config import RSA, Encryption, Config
+-
+-DEBUGGING = False
+-
+-USER_DN = 'uid=user,ou=People,%s' % DEFAULT_SUFFIX
+-
+-if DEBUGGING:
+- logging.getLogger(__name__).setLevel(logging.DEBUG)
+-else:
+- logging.getLogger(__name__).setLevel(logging.INFO)
+-
+-
+-log = logging.getLogger(__name__)
+-
+-
+-class TopologyStandalone(object):
+- """The DS Topology Class"""
+- def __init__(self, standalone):
+- """Init"""
+- standalone.open()
+- self.standalone = standalone
+-
+-
+-@pytest.fixture(scope="module")
+-def topology(request):
+- """Create DS Deployment"""
+-
+- # Creating standalone instance ...
+- if DEBUGGING:
+- standalone = DirSrv(verbose=True)
+- else:
+- standalone = DirSrv(verbose=False)
+- args_instance[SER_HOST] = HOST_STANDALONE
+- args_instance[SER_PORT] = PORT_STANDALONE
+- args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+- args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+- args_standalone = args_instance.copy()
+- standalone.allocate(args_standalone)
+- instance_standalone = standalone.exists()
+- if instance_standalone:
+- standalone.delete()
+- standalone.create()
+- standalone.open()
+-
+- # Deploy certs
+- # This is a trick. The nss db that ships with DS is broken
+- for f in ('key3.db', 'cert8.db', 'key4.db', 'cert9.db', 'secmod.db', 'pkcs11.txt'):
+- try:
+- os.remove("%s/%s" % (topology.standalone.confdir, f ))
+- except:
+- pass
+-
+- assert(standalone.nss_ssl.reinit() is True)
+- assert(standalone.nss_ssl.create_rsa_ca() is True)
+- assert(standalone.nss_ssl.create_rsa_key_and_cert() is True)
+-
+- # Say that we accept the cert
+- # Connect again!
+-
+- # Enable the SSL options
+- standalone.rsa.create()
+- standalone.rsa.set('nsSSLPersonalitySSL', 'Server-Cert')
+- standalone.rsa.set('nsSSLToken', 'internal (software)')
+- standalone.rsa.set('nsSSLActivation', 'on')
+-
+- standalone.config.set('nsslapd-secureport', PORT_STANDALONE2)
+- standalone.config.set('nsslapd-security', 'on')
+-
+- standalone.restart()
+-
+-
+- def fin():
+- """If we are debugging just stop the instances, otherwise remove
+- them
+- """
+- if DEBUGGING:
+- standalone.stop()
+- else:
+- standalone.delete()
+-
+- request.addfinalizer(fin)
+-
+- # Clear out the tmp dir
+- standalone.clearTmpDir(__file__)
+-
+- return TopologyStandalone(standalone)
+-
+-def _create_user(inst):
+- inst.add_s(Entry((
+- USER_DN, {
+- 'objectClass': 'top account simplesecurityobject'.split(),
+- 'uid': 'user',
+- 'userpassword': 'password'
+- })))
+-
+-
+-def test_pwdPolicy_constraint(topology):
+- '''
+- Password policy test: Ensure that on a password change, the policy is
+- enforced correctly.
+- '''
+-
+- # Create a user
+- _create_user(topology.standalone)
+- # Set the password policy globally
+- topology.standalone.config.set('passwordMinLength', '10')
+- topology.standalone.config.set('passwordMinDigits', '2')
+- topology.standalone.config.set('passwordCheckSyntax', 'on')
+- topology.standalone.config.set('nsslapd-pwpolicy-local', 'off')
+- # Now open a new ldap connection with TLS
+- userconn = ldap.initialize("ldap://%s:%s" % (HOST_STANDALONE, PORT_STANDALONE))
+- userconn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap. OPT_X_TLS_NEVER )
+- userconn.start_tls_s()
+- userconn.simple_bind_s(USER_DN, 'password')
+- # This should have an exception!
+- try:
+- userconn.passwd_s(USER_DN, 'password', 'password1')
+- assert(False)
+- except ldap.CONSTRAINT_VIOLATION:
+- assert(True)
+- # Change the password to something invalid!
+-
+-
+-if __name__ == '__main__':
+- # Run isolated
+- # -s for DEBUG mode
+- CURRENT_FILE = os.path.realpath(__file__)
+- pytest.main("-s %s" % CURRENT_FILE)
+diff --git a/dirsrvtests/tests/suites/password/pwd_change_policytest.py b/dirsrvtests/tests/suites/password/pwd_change_policytest.py
+deleted file mode 100644
+index 1d48c65..0000000
+--- a/dirsrvtests/tests/suites/password/pwd_change_policytest.py
++++ /dev/null
+@@ -1,240 +0,0 @@
+-import os
+-import sys
+-import time
+-import subprocess
+-import ldap
+-import logging
+-import pytest
+-from lib389 import DirSrv, Entry, tools, tasks
+-from lib389.tools import DirSrvTools
+-from lib389._constants import *
+-from lib389.properties import *
+-from lib389.tasks import *
+-from lib389.utils import *
+-
+-DEBUGGING = False
+-OU_PEOPLE = 'ou=people,{}'.format(DEFAULT_SUFFIX)
+-TEST_USER_NAME = 'simplepaged_test'
+-TEST_USER_DN = 'uid={},{}'.format(TEST_USER_NAME, OU_PEOPLE)
+-TEST_USER_PWD = 'simplepaged_test'
+-PW_POLICY_CONT_USER = 'cn="cn=nsPwPolicyEntry,uid=simplepaged_test,'\
+- 'ou=people,dc=example,dc=com",'\
+- 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
+-PW_POLICY_CONT_PEOPLE = 'cn="cn=nsPwPolicyEntry,'\
+- 'ou=people,dc=example,dc=com",'\
+- 'cn=nsPwPolicyContainer,ou=people,dc=example,dc=com'
+-
+-if DEBUGGING:
+- logging.getLogger(__name__).setLevel(logging.DEBUG)
+-else:
+- logging.getLogger(__name__).setLevel(logging.INFO)
+-
+-log = logging.getLogger(__name__)
+-
+-
+-class TopologyStandalone(object):
+- """The DS Topology Class"""
+- def __init__(self, standalone):
+- """Init"""
+- standalone.open()
+- self.standalone = standalone
+-
+-
+-@pytest.fixture(scope="module")
+-def topology(request):
+- """Create DS Deployment"""
+-
+- # Creating standalone instance ...
+- if DEBUGGING:
+- standalone = DirSrv(verbose=True)
+- else:
+- standalone = DirSrv(verbose=False)
+- args_instance[SER_HOST] = HOST_STANDALONE
+- args_instance[SER_PORT] = PORT_STANDALONE
+- args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+- args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+- args_standalone = args_instance.copy()
+- standalone.allocate(args_standalone)
+- instance_standalone = standalone.exists()
+- if instance_standalone:
+- standalone.delete()
+- standalone.create()
+- standalone.open()
+-
+- def fin():
+- """If we are debugging just stop the instances, otherwise remove
+- them
+- """
+- if DEBUGGING:
+- standalone.stop()
+- else:
+- standalone.delete()
+-
+- request.addfinalizer(fin)
+-
+-
+- return TopologyStandalone(standalone)
+-
+-
+-@pytest.fixture(scope="module")
+-def test_user(topology, request):
+- """User for binding operation"""
+-
+- log.info('Adding user {}'.format(TEST_USER_DN))
+- try:
+- topology.standalone.add_s(Entry((TEST_USER_DN, {
+- 'objectclass': 'top person'.split(),
+- 'objectclass': 'organizationalPerson',
+- 'objectclass': 'inetorgperson',
+- 'cn': TEST_USER_NAME,
+- 'sn': TEST_USER_NAME,
+- 'userpassword': TEST_USER_PWD,
+- 'mail': '%s@redhat.com' % TEST_USER_NAME,
+- 'uid': TEST_USER_NAME
+- })))
+- except ldap.LDAPError as e:
+- log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
+- e.message['desc']))
+- raise e
+-
+- def fin():
+- log.info('Deleting user {}'.format(TEST_USER_DN))
+- topology.standalone.delete_s(TEST_USER_DN)
+- request.addfinalizer(fin)
+-
+-
+-@pytest.fixture(scope="module")
+-def password_policy(topology, test_user):
+- """Set up password policy for subtree and user"""
+-
+- log.info('Enable fine-grained policy')
+- try:
+- topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE,
+- 'nsslapd-pwpolicy-local',
+- 'on')])
+- except ldap.LDAPError as e:
+- log.error('Failed to set fine-grained policy: error {}'.format(
+- e.message['desc']))
+- raise e
+-
+- log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
+- try:
+- subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
+- '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
+- '-S', OU_PEOPLE, '-Z', SERVERID_STANDALONE])
+- except subprocess.CalledProcessError as e:
+- log.error('Failed to create pw policy policy for {}: error {}'.format(
+- OU_PEOPLE, e.message['desc']))
+- raise e
+-
+- log.info('Add pwdpolicysubentry attribute to {}'.format(OU_PEOPLE))
+- try:
+- topology.standalone.modify_s(OU_PEOPLE, [(ldap.MOD_REPLACE,
+- 'pwdpolicysubentry',
+- PW_POLICY_CONT_PEOPLE)])
+- except ldap.LDAPError as e:
+- log.error('Failed to pwdpolicysubentry pw policy '\
+- 'policy for {}: error {}'.format(OU_PEOPLE,
+- e.message['desc']))
+- raise e
+-
+- log.info('Create password policy for subtree {}'.format(TEST_USER_DN))
+- try:
+- subprocess.call(['ns-newpwpolicy.pl', '-D', DN_DM, '-w', PASSWORD,
+- '-p', str(PORT_STANDALONE), '-h', HOST_STANDALONE,
+- '-U', TEST_USER_DN, '-Z', SERVERID_STANDALONE])
+- except subprocess.CalledProcessError as e:
+- log.error('Failed to create pw policy policy for {}: error {}'.format(
+- TEST_USER_DN, e.message['desc']))
+- raise e
+-
+- log.info('Add pwdpolicysubentry attribute to {}'.format(TEST_USER_DN))
+- try:
+- topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
+- 'pwdpolicysubentry',
+- PW_POLICY_CONT_USER)])
+- except ldap.LDAPError as e:
+- log.error('Failed to pwdpolicysubentry pw policy '\
+- 'policy for {}: error {}'.format(TEST_USER_DN,
+- e.message['desc']))
+- raise e
+-
+-
+-@pytest.mark.parametrize('subtree_pwchange,user_pwchange,exception',
+- [('off', 'on', None), ('on', 'on', None),
+- ('on', 'off', ldap.UNWILLING_TO_PERFORM),
+- ('off', 'off', ldap.UNWILLING_TO_PERFORM)])
+-def test_change_pwd(topology, test_user, password_policy,
+- subtree_pwchange, user_pwchange, exception):
+- """Verify that 'passwordChange' attr works as expected
+- User should have a priority over a subtree.
+-
+- :Feature: Password policy
+-
+- :Setup: Standalone instance, test user,
+- password policy entries for a user and a subtree
+-
+- :Steps: 1. Set passwordChange on the user and the subtree
+- to various combinations
+- 2. Bind as test user
+- 3. Try to change password
+-
+- :Assert: Subtree/User passwordChange - result
+- off/on, on/on - success
+- on/off, off/off - UNWILLING_TO_PERFORM
+- """
+-
+- log.info('Set passwordChange to "{}" - {}'.format(subtree_pwchange,
+- PW_POLICY_CONT_PEOPLE))
+- try:
+- topology.standalone.modify_s(PW_POLICY_CONT_PEOPLE, [(ldap.MOD_REPLACE,
+- 'passwordChange',
+- subtree_pwchange)])
+- except ldap.LDAPError as e:
+- log.error('Failed to set passwordChange '\
+- 'policy for {}: error {}'.format(PW_POLICY_CONT_PEOPLE,
+- e.message['desc']))
+- raise e
+-
+-
+- log.info('Set passwordChange to "{}" - {}'.format(user_pwchange,
+- PW_POLICY_CONT_USER))
+- try:
+- topology.standalone.modify_s(PW_POLICY_CONT_USER, [(ldap.MOD_REPLACE,
+- 'passwordChange',
+- user_pwchange)])
+- except ldap.LDAPError as e:
+- log.error('Failed to set passwordChange '\
+- 'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
+- e.message['desc']))
+- raise e
+-
+- try:
+- log.info('Bind as user and modify userPassword')
+- topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
+- if exception:
+- with pytest.raises(exception):
+- topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
+- 'userPassword',
+- 'new_pass')])
+- else:
+- topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
+- 'userPassword',
+- 'new_pass')])
+- except ldap.LDAPError as e:
+- log.error('Failed to change userpassword for {}: error {}'.format(
+- TEST_USER_DN, e.message['info']))
+- raise e
+- finally:
+- log.info('Bind as DM')
+- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+- topology.standalone.modify_s(TEST_USER_DN, [(ldap.MOD_REPLACE,
+- 'userPassword',
+- TEST_USER_PWD)])
+-
+-
+-if __name__ == '__main__':
+- # Run isolated
+- # -s for DEBUG mode
+- CURRENT_FILE = os.path.realpath(__file__)
+- pytest.main("-s %s" % CURRENT_FILE)
+--
+2.4.11
+
diff --git a/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch b/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
deleted file mode 100644
index 94219a4..0000000
--- a/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 0cb8a7e2f797b4d48a20e650cf8510b8495a35e6 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 11 Aug 2015 10:23:21 -0700
-Subject: [PATCH 43/45] Ticket #48245 - Man pages and help for remove-ds.pl
- doesn't display "-a" option
-
-Description: Adding the description for "-a" to the man page and the help usage.
-
-https://fedorahosted.org/389/ticket/48245
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit a2dbb56ec5ad468972a41a500e1cdbb4ced01cb0)
-(cherry picked from commit 06dafdfed1528ea6724f61492f4c93977a3ce809)
----
- ldap/admin/src/scripts/remove-ds.pl.in | 5 +++--
- man/man8/remove-ds.pl.8 | 5 ++++-
- 2 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in
-index e7eb591..b35ae32 100755
---- a/ldap/admin/src/scripts/remove-ds.pl.in
-+++ b/ldap/admin/src/scripts/remove-ds.pl.in
-@@ -21,8 +21,9 @@ Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd
- my $res = new Resource("@propertydir@/setup-ds.res");
-
- sub usage {
-- print(STDERR "Usage: $0 [-f] [-d -d ... -d] -i instance\n\n");
-- print(STDERR " Opts: -f - force removal\n");
-+ print(STDERR "Usage: $0 [-a] [-f] [-d -d ... -d] -i instance\n\n");
-+ print(STDERR " Opts: -a - remove all\n");
-+ print(STDERR " -f - force removal\n");
- print(STDERR " -i instance - instance name to remove (e.g. - slapd-example)\n");
- print(STDERR " -d - turn on debugging output\n");
- }
-diff --git a/man/man8/remove-ds.pl.8 b/man/man8/remove-ds.pl.8
-index 8c7c118..0568ff8 100644
---- a/man/man8/remove-ds.pl.8
-+++ b/man/man8/remove-ds.pl.8
-@@ -19,7 +19,7 @@
- remove\-ds.pl \- Remove an instance of Directory Server
- .SH SYNOPSIS
- .B remove-ds.pl
--[\-f] [\-d \-d ... \-d] \-i \fIinstance\fR
-+[\-a] [\-f] [\-d \-d ... \-d] \-i \fIinstance\fR
- .SH DESCRIPTION
- Removes a Directory Server instance from the system. The instance
- will be shutdown and the files will be removed. The certificate
-@@ -33,6 +33,9 @@ will contain the retained certificate database files.
- .SH OPTIONS
- A summary of options is included below:
- .TP
-+.B \fB\-a\fR
-+Removes all files and directories belonging to the instance
-+.TP
- .B \fB\-f\fR
- Force removal
- .TP
---
-1.9.3
-
diff --git a/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch b/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch
new file mode 100644
index 0000000..be4eeee
--- /dev/null
+++ b/SOURCES/0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch
@@ -0,0 +1,105 @@
+From 8bfade183d98992172425642edbfcf5952a74319 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 25 Aug 2016 13:39:25 -0400
+Subject: [PATCH 43/45] Ticket 48950 - Add systemd warning to the LD_PRELOAD
+ example in /etc/sysconfig/dirsrv
+
+Description: systemd warning about omitting the PORT was missing from the
+ LD_PRELOAD example.
+
+ Also fixed up file format/layout..
+
+https://fedorahosted.org/389/ticket/48950
+
+Reviewed by: nhosoi, amsharma, lkrispen (Thanks!!!)
+
+(cherry picked from commit 1e44c1f321d03dcb30615bcacfc5c099612b1c66)
+---
+ ldap/admin/src/base-initconfig.in | 67 +++++++++++++++++++--------------------
+ 1 file changed, 33 insertions(+), 34 deletions(-)
+
+diff --git a/ldap/admin/src/base-initconfig.in b/ldap/admin/src/base-initconfig.in
+index 0481c3e..8507296 100644
+--- a/ldap/admin/src/base-initconfig.in
++++ b/ldap/admin/src/base-initconfig.in
+@@ -7,44 +7,43 @@
+
+ @preamble@
+
+-# In order to make more file descriptors available
+-# to the directory server, first make sure the system
+-# hard limits are raised, then use ulimit - uncomment
+-# out the following line and change the value to the
+-# desired value
+-# ulimit -n 8192
+-# note - if using systemd, ulimit won't work - you must edit
+-# the systemd unit file for directory server to add the
+-# LimitNOFILE option - see man systemd.exec for more info
+-
+-# A per instance keytab does not make much sense for servers.
+-# Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN, there
+-# is nothing that can make a client understand how to get a per-instance ticket.
+-# Therefore by default a keytab should be considered a per server option.
+-
+-# Also this file is sourced for all instances, so again all
+-# instances would ultimately get the same keytab.
+-
++# In order to make more file descriptors available to the directory server,
++# first make sure the system hard limits are raised, then use ulimit -
++# uncomment out the following line and change the value to the desired value
++#ulimit -n 8192
++# note - if using systemd, ulimit won't work - you must edit the systemd unit
++# file for directory server to add the LimitNOFILE option - see "man
++# systemd.exec" for more info
++
++# A per instance keytab does not make much sense for servers. Kerberos clients
++# use the machine FQDN to obtain a ticket like ldap/FQDN, there is nothing that
++# can make a client understand how to get a per-instance ticket. Therefore by
++# default a keytab should be considered a per server option.
++#
++# Also this file is sourced for all instances, so again all instances would
++# ultimately get the same keytab.
++#
+ # Finally a keytab is normally named either krb5.keytab or <service>.keytab
+-
+-# In order to use SASL/GSSAPI (Kerberos) the directory
+-# server needs to know where to find its keytab
+-# file - uncomment the following line and set
+-# the path and filename appropriately
+-# if using systemd, omit the "; export VARNAME" at the end
+-# KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME
+-
+-# how many seconds to wait for the startpid file to show
+-# up before we assume there is a problem and fail to start
+-# if using systemd, omit the "; export VARNAME" at the end
++#
++# In order to use SASL/GSSAPI (Kerberos) the directory server needs to know
++# where to find its keytab file - uncomment the following line and set the
++# path and filename appropriately.
++# If using systemd, omit the "; export VARNAME" at the end.
++#KRB5_KTNAME=@instconfigdir@/myname.keytab ; export KRB5_KTNAME
++
++# How many seconds to wait for the startpid file to show up before we assume
++# there is a problem and fail to start.
++# If using systemd, omit the "; export STARTPID_TIME" at the end.
+ #STARTPID_TIME=10 ; export STARTPID_TIME
+-# how many seconds to wait for the pid file to show
+-# up before we assume there is a problem and fail to start
+-# if using systemd, omit the "; export VARNAME" at the end
++
++# How many seconds to wait for the pid file to show up before we assume there
++# is a problem and fail to start.
++# If using systemd, omit the "; export PID_TIME" at the end.
+ #PID_TIME=600 ; export PID_TIME
+
+ # The tcmalloc memory allocator has been shown to have a positive impact on
+ # the Directory Server's virtual & resident memory size/growth. tcmalloc is
+-# available on RHEL/Fedora in the gperftools package (this could be different
+-# on other platforms). Here is an example of preloading tcmalloc:
++# available on RHEL/Fedora in the gperftools-libs package (this could be
++# different on other platforms).
++# If using systemd, omit the "; export LD_PRELOAD" at the end.
+ #LD_PRELOAD=@libdir@/libtcmalloc.so.4 ; export LD_PRELOAD
+--
+2.4.11
+
diff --git a/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch b/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
deleted file mode 100644
index 75a2224..0000000
--- a/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3598e701b5362633daa40380088d6ba9c8e2d103 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 14 Aug 2015 12:32:31 +0200
-Subject: [PATCH 44/45] Ticket 48249: sync_repl uuid may be invalid
-
-Bug Description:
- uuid is computed from nsuniqueid of the entry.
- If the computed uuid contains NULL char, slapi_ch_smprintf("%s")
- will stop on the it, leaving the rest of the buffer with the value
- that was on the heap at that time
-
-Fix Description:
- use malloc/memcpy instead of slapi_ch_smprintf
-
-https://fedorahosted.org/389/ticket/48249
-
-Reviewed by: Noriko Hosoi (thank you !!)
-
-Platforms tested: F22
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit a80fe155cb302e0ef10e14cb238c88698b5995a2)
----
- ldap/servers/plugins/sync/sync_util.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
-index 00dc182..1dcff91 100644
---- a/ldap/servers/plugins/sync/sync_util.c
-+++ b/ldap/servers/plugins/sync/sync_util.c
-@@ -107,7 +107,8 @@ sync_nsuniqueid2uuid(const char *nsuniqueid)
-
- u[16] = '\0';
-
-- uuid = slapi_ch_smprintf("%s",(char *)u);
-+ uuid = slapi_ch_malloc(sizeof(u));
-+ memcpy(uuid, u, sizeof(u));
-
- return(uuid);
- }
---
-1.9.3
-
diff --git a/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch b/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch
new file mode 100644
index 0000000..6605130
--- /dev/null
+++ b/SOURCES/0044-Ticket-48957-set-proper-update-status-to-replication.patch
@@ -0,0 +1,582 @@
+From e48616639e254b698edaa778d41597094243ced5 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Fri, 26 Aug 2016 15:04:02 -0400
+Subject: [PATCH 44/45] Ticket 48957 - set proper update status to replication
+ agreement in case of failure
+
+Bug Description: If a replication agreement fails to send updates it always returns
+ a generic error message even though there are many ways it could be
+ failing.
+
+Fix Description: Set a proper error message when we fail to update a replica. Also made
+ all the messages consistent in format, and added new response strings
+ for known errors.
+
+ Also fixed some minor compiler warnings.
+
+https://fedorahosted.org/389/ticket/48957
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit cdf4fb4ea6f26b4198d2d6b146ca51dcd51a31ef)
+---
+ ldap/servers/plugins/replication/repl5.h | 15 +++--
+ ldap/servers/plugins/replication/repl5_agmt.c | 26 ++++----
+ .../plugins/replication/repl5_inc_protocol.c | 70 ++++++++++++++--------
+ .../plugins/replication/repl5_protocol_util.c | 65 ++++++++++++++++++--
+ .../plugins/replication/repl5_replica_config.c | 4 +-
+ ldap/servers/plugins/replication/repl5_total.c | 5 +-
+ 6 files changed, 132 insertions(+), 53 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
+index 6f6c81a..13a38fd 100644
+--- a/ldap/servers/plugins/replication/repl5.h
++++ b/ldap/servers/plugins/replication/repl5.h
+@@ -91,11 +91,16 @@
+ #define NSDS50_REPL_BELOW_PURGEPOINT 0x07 /* Supplier provided a CSN below the consumer's purge point */
+ #define NSDS50_REPL_INTERNAL_ERROR 0x08 /* Something bad happened on consumer */
+ #define NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED 0x09 /* Replica released successfully */
+-#define NSDS50_REPL_LEGACY_CONSUMER 0x0A /* replica is a legacy consumer */
+-#define NSDS50_REPL_REPLICAID_ERROR 0x0B /* replicaID doesn't seem to be unique */
+-#define NSDS50_REPL_DISABLED 0x0C /* replica suffix is disabled */
+-#define NSDS50_REPL_UPTODATE 0x0D /* replica is uptodate */
+-#define NSDS50_REPL_BACKOFF 0x0E /* replica wants master to go into backoff mode */
++#define NSDS50_REPL_LEGACY_CONSUMER 0x0A /* replica is a legacy consumer */
++#define NSDS50_REPL_REPLICAID_ERROR 0x0B /* replicaID doesn't seem to be unique */
++#define NSDS50_REPL_DISABLED 0x0C /* replica suffix is disabled */
++#define NSDS50_REPL_UPTODATE 0x0D /* replica is uptodate */
++#define NSDS50_REPL_BACKOFF 0x0E /* replica wants master to go into backoff mode */
++#define NSDS50_REPL_CL_ERROR 0x0F /* Problem reading changelog */
++#define NSDS50_REPL_CONN_ERROR 0x10 /* Problem with replication connection*/
++#define NSDS50_REPL_CONN_TIMEOUT 0x11 /* Connection timeout */
++#define NSDS50_REPL_TRANSIENT_ERROR 0x12 /* Transient error */
++#define NSDS50_REPL_RUV_ERROR 0x13 /* Problem with the RUV */
+ #define NSDS50_REPL_REPLICA_NO_RESPONSE 0xff /* No response received */
+
+ /* Protocol status */
+diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
+index 76d26a1..52cc8b6 100644
+--- a/ldap/servers/plugins/replication/repl5_agmt.c
++++ b/ldap/servers/plugins/replication/repl5_agmt.c
+@@ -2460,9 +2460,9 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
+ replmsg = NULL;
+ }
+ }
+- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d %s%sLDAP error: %s%s%s",
++ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (%d) %s%s - LDAP error: %s%s%s%s",
+ ldaprc, message?message:"",message?"":" - ",
+- slapi_err2string(ldaprc), replmsg ? " - " : "", replmsg ? replmsg : "");
++ slapi_err2string(ldaprc), replmsg ? " (" : "", replmsg ? replmsg : "", replmsg ? ")" : "");
+ }
+ /* ldaprc == LDAP_SUCCESS */
+ else if (replrc != 0)
+@@ -2470,16 +2470,15 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
+ if (replrc == NSDS50_REPL_REPLICA_BUSY)
+ {
+ PR_snprintf(ra->last_update_status, STATUS_LEN,
+- "%d Can't acquire busy replica", replrc );
++ "Error (%d) Can't acquire busy replica", replrc );
+ }
+ else if (replrc == NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED)
+ {
+- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d %s",
+- ldaprc, "Replication session successful");
++ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (0) Replication session successful");
+ }
+ else if (replrc == NSDS50_REPL_DISABLED)
+ {
+- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d Incremental update aborted: "
++ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (%d) Incremental update aborted: "
+ "Replication agreement for %s\n can not be updated while the replica is disabled.\n"
+ "(If the suffix is disabled you must enable it then restart the server for replication to take place).",
+ replrc, ra->long_name ? ra->long_name : "a replica");
+@@ -2493,20 +2492,18 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
+ else
+ {
+ PR_snprintf(ra->last_update_status, STATUS_LEN,
+- "%d Replication error acquiring replica: %s%s%s",
+- replrc, protocol_response2string(replrc),
+- message?" - ":"",message?message:"");
++ "Error (%d) Replication error acquiring replica: %s%s(%s)",
++ replrc, message?message:"", message?" ":"", protocol_response2string(replrc));
+ }
+ }
+ else if (message != NULL) /* replrc == NSDS50_REPL_REPLICA_READY == 0 */
+ {
+- PR_snprintf(ra->last_update_status, STATUS_LEN,
+- "%d Replica acquired successfully: %s",
+- ldaprc, message);
++ PR_snprintf(ra->last_update_status, STATUS_LEN,
++ "Error (0) Replica acquired successfully: %s", message);
+ }
+ else
+ { /* agmt_set_last_update_status(0,0,NULL) to reset agmt */
+- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d", ldaprc);
++ ra->last_update_status[0] = '\0';
+ }
+ }
+ }
+@@ -2737,7 +2734,8 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
+ slapi_entry_add_string(e, "nsds5replicaChangesSentSinceStartup", changecount_string);
+ if (ra->last_update_status[0] == '\0')
+ {
+- slapi_entry_add_string(e, "nsds5replicaLastUpdateStatus", "0 No replication sessions started since server startup");
++ slapi_entry_add_string(e, "nsds5replicaLastUpdateStatus",
++ "Error (0) No replication sessions started since server startup");
+ }
+ else
+ {
+diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+index 27bac5d..d1de6c5 100644
+--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+@@ -671,7 +671,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ int wait_change_timer_set = 0;
+ int current_state = STATE_START;
+ int next_state = STATE_START;
+- int optype, ldaprc;
+ int done;
+ int e1;
+
+@@ -838,14 +837,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ } else if (rc == ACQUIRE_FATAL_ERROR){
+ next_state = STATE_STOP_FATAL_ERROR;
+ }
+-
+- if (rc != ACQUIRE_SUCCESS){
+- int optype, ldaprc;
+- conn_get_error(prp->conn, &optype, &ldaprc);
+- agmt_set_last_update_status(prp->agmt, ldaprc,
+- prp->last_acquire_response_code, "Unable to acquire replica");
+- }
+-
+ object_release(prp->replica_object);
+ break;
+
+@@ -934,10 +925,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ } else if (rc == ACQUIRE_FATAL_ERROR){
+ next_state = STATE_STOP_FATAL_ERROR;
+ }
+- if (rc != ACQUIRE_SUCCESS){
+- conn_get_error(prp->conn, &optype, &ldaprc);
+- agmt_set_last_update_status(prp->agmt, ldaprc, prp->last_acquire_response_code, "Unable to acquire replica");
+- }
+ /*
+ * We either need to step the backoff timer, or
+ * destroy it if we don't need it anymore
+@@ -1037,7 +1024,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Replica has no update vector. It has never been initialized.\n",
+ agmt_get_long_name(prp->agmt));
+- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica is not initialized");
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
++ "Replica is not initialized");
+ next_state = STATE_BACKOFF_START;
+ break;
+ case EXAMINE_RUV_GENERATION_MISMATCH:
+@@ -1045,8 +1033,9 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ "%s: The remote replica has a different database generation ID than "
+ "the local database. You may have to reinitialize the remote replica, "
+ "or the local replica.\n", agmt_get_long_name(prp->agmt));
+- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica has different database "
+- "generation ID, remote replica may need to be initialized");
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
++ "Replica has different database generation ID, remote "
++ "replica may need to be initialized");
+ next_state = STATE_BACKOFF_START;
+ break;
+ case EXAMINE_RUV_REPLICA_TOO_OLD:
+@@ -1054,7 +1043,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ "%s: Replica update vector is too out of date to bring "
+ "into sync using the incremental protocol. The replica "
+ "must be reinitialized.\n", agmt_get_long_name(prp->agmt));
+- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica needs to be reinitialized");
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
++ "Replica needs to be reinitialized");
+ next_state = STATE_BACKOFF_START;
+ break;
+ case EXAMINE_RUV_OK:
+@@ -1069,11 +1059,15 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Incremental protocol: fatal error - too much time skew between replicas!\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_EXCESSIVE_CLOCK_SKEW,
++ "fatal error - too much time skew between replicas");
+ next_state = STATE_STOP_FATAL_ERROR;
+ } else if (rc != 0) /* internal error */ {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Incremental protocol: fatal internal error updating the CSN generator!\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_INTERNAL_ERROR,
++ "fatal internal error updating the CSN generator");
+ next_state = STATE_STOP_FATAL_ERROR;
+ } else {
+ /*
+@@ -1097,7 +1091,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ next_state = STATE_BACKOFF_START;
+ } else if (rc == UPDATE_TRANSIENT_ERROR){
+ dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TRANSIENT_ERROR -> STATE_BACKOFF_START");
+- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update transient error. Backing off, will retry update later.");
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_TRANSIENT_ERROR,
++ "Incremental update transient error. Backing off, will retry update later.");
+ next_state = STATE_BACKOFF_START;
+ } else if (rc == UPDATE_FATAL_ERROR){
+ dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_FATAL_ERROR -> STATE_STOP_FATAL_ERROR");
+@@ -1114,11 +1109,13 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ conn_disconnect (prp->conn);
+ } else if (rc == UPDATE_CONNECTION_LOST){
+ dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_CONNECTION_LOST -> STATE_BACKOFF_START");
+- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update connection error. Backing off, will retry update later.");
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CONN_ERROR,
++ "Incremental update connection error. Backing off, will retry update later.");
+ next_state = STATE_BACKOFF_START;
+ } else if (rc == UPDATE_TIMEOUT){
+ dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TIMEOUT -> STATE_BACKOFF_START");
+- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update timeout error. Backing off, will retry update later.");
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CONN_TIMEOUT,
++ "Incremental update timeout error. Backing off, will retry update later.");
+ next_state = STATE_BACKOFF_START;
+ }
+ /* Set the updates times based off the result of send_updates() */
+@@ -1173,8 +1170,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
+ /*
+ * We encountered some sort of a fatal error. Suspend.
+ */
+- /* XXXggood update state in replica */
+- agmt_set_last_update_status(prp->agmt, -1, 0, "Incremental update has failed and requires administrator action");
+ dev_debug("repl5_inc_run(STATE_STOP_FATAL_ERROR)");
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Incremental update failed and requires administrator action\n",
+@@ -1630,30 +1625,40 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Invalid parameter passed to cl5CreateReplayIterator\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Invalid parameter passed to cl5CreateReplayIterator");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_BAD_FORMAT: /* db data has unexpected format */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Unexpected format encountered in changelog database\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Unexpected format encountered in changelog database");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_BAD_STATE: /* changelog is in an incorrect state for attempted operation */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Changelog database was in an incorrect state\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Changelog database was in an incorrect state");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_BAD_DBVERSION: /* changelog has invalid dbversion */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Incorrect dbversion found in changelog database\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Incorrect dbversion found in changelog database");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_DB_ERROR: /* database error */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: A changelog database error was encountered\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Changelog database error was encountered");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_NOTFOUND: /* we have no changes to send */
+@@ -1666,6 +1671,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Memory allocation error occurred\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "changelog memory allocation error occurred");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_SYSTEM_ERROR: /* NSPR error occurred: use PR_GetError for further info */
+@@ -1694,15 +1701,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ break;
+ case CL5_PURGED_DATA: /* requested data has been purged */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+- "%s: Data required to update replica has been purged. "
++ "%s: Data required to update replica has been purged from the changelog. "
+ "The replica must be reinitialized.\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Data required to update replica has been purged from the changelog. "
++ "The replica must be reinitialized.");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_MISSING_DATA: /* data should be in the changelog, but is missing */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Missing data encountered\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Changelog data is missing");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_UNKNOWN_ERROR: /* unclassified error */
+@@ -1738,8 +1750,9 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ rc = repl5_inc_create_async_result_thread(rd);
+ if (rc) {
+ slapi_log_error (SLAPI_LOG_FATAL, repl_plugin_name, "%s: repl5_inc_run: "
+- "repl5_tot_create_async_result_thread failed; error - %d\n",
++ "repl5_inc_create_async_result_thread failed; error - %d\n",
+ agmt_get_long_name(prp->agmt), rc);
++ agmt_set_last_update_status(prp->agmt, 0, rc, "Failed to create result thread");
+ return_value = UPDATE_FATAL_ERROR;
+ }
+ }
+@@ -1898,6 +1911,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Invalid parameter passed to cl5GetNextOperationToReplay\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Invalid parameter passed to cl5GetNextOperationToReplay");
+ return_value = UPDATE_FATAL_ERROR;
+ finished = 1;
+ break;
+@@ -1912,6 +1927,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: A database error occurred (cl5GetNextOperationToReplay)\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Database error occurred while getting the next operation to replay");
+ return_value = UPDATE_FATAL_ERROR;
+ finished = 1;
+ break;
+@@ -1922,8 +1939,10 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ break;
+ case CL5_MEMORY_ERROR:
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+- "%s: A memory allocation error occurred (cl5GetNextOperationToRepla)\n",
++ "%s: A memory allocation error occurred (cl5GetNextOperationToReplay)\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
++ "Memory allocation error occurred (cl5GetNextOperationToReplay)");
+ return_value = UPDATE_FATAL_ERROR;
+ break;
+ case CL5_IGNORE_OP:
+@@ -1985,6 +2004,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ if (!replarea_sdn) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "send_updates: Unknown replication area due to agreement not found.");
++ agmt_set_last_update_status(prp->agmt, 0, -1, "Agreement is corrupted: missing suffix");
+ return_value = UPDATE_FATAL_ERROR;
+ } else {
+ replica_subentry_update(replarea_sdn, rid);
+diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
+index ce27a8a..ce6281a 100644
+--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
++++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
+@@ -140,10 +140,18 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ crc = conn_connect(conn);
+ if (CONN_OPERATION_FAILED == crc)
+ {
++ int operation, error;
++ conn_get_error(conn, &operation, &error);
++ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
++ "Problem connecting to replica");
+ return_value = ACQUIRE_TRANSIENT_ERROR;
+ }
+ else if (CONN_SSL_NOT_ENABLED == crc)
+ {
++ int operation, error;
++ conn_get_error(conn, &operation, &error);
++ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
++ "Problem connecting to replica (SSL not enabled)");
+ return_value = ACQUIRE_FATAL_ERROR;
+ }
+ else
+@@ -295,6 +303,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "an internal error occurred on the remote replica. "
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, extop_result,
++ "Failed to acquire replica: "
++ "Internal error occurred on the remote replica");
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_PERMISSION_DENIED:
+@@ -307,6 +318,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "supply replication updates to the replica. "
+ "Will retry later.\n",
+ agmt_get_long_name(prp->agmt), repl_binddn);
++ agmt_set_last_update_status(prp->agmt, 0, extop_result,
++ "Unable to acquire replica: permission denied. "
++ "The bind dn does not have permission to "
++ "supply replication updates to the replica. "
++ "Will retry later.");
+ slapi_ch_free((void **)&repl_binddn);
+ return_value = ACQUIRE_TRANSIENT_ERROR;
+ break;
+@@ -321,6 +337,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt),
+ slapi_sdn_get_dn(repl_root));
++ agmt_set_last_update_status(prp->agmt, 0, extop_result,
++ "Unable to acquire replica: there is no "
++ "replicated area on the consumer server. "
++ "Replication is aborting.");
+ slapi_sdn_free(&repl_root);
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+@@ -342,6 +362,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "startReplicationRequest extended operation sent by the "
+ "supplier. Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, extop_result,
++ "Unable to acquire replica: "
++ "the consumer was unable to decode the "
++ "startReplicationRequest extended operation sent "
++ "by the supplier. Replication is aborting.");
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_REPLICA_BUSY:
+@@ -365,6 +390,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "by another supplier. Will try later\n",
+ agmt_get_long_name(prp->agmt));
+ }
++ agmt_set_last_update_status(prp->agmt, 0, extop_result,
++ "Unable to acquire replica: "
++ "the replica is currently being updated by another "
++ "supplier.");
+ return_value = ACQUIRE_REPLICA_BUSY;
+ break;
+ case NSDS50_REPL_LEGACY_CONSUMER:
+@@ -373,6 +402,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "%s: Unable to acquire replica: the replica "
+ "is supplied by a legacy supplier. "
+ "Replication is aborting.\n", agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, extop_result,
++ "Unable to acquire replica: the replica is supplied "
++ "by a legacy supplier. Replication is aborting.");
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_REPLICAID_ERROR:
+@@ -382,6 +414,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "has the same Replica ID as this one. "
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, 0,
++ "Unable to aquire replica: the replica has the same "
++ "Replica ID as this one. Replication is aborting.");
+ return_value = ACQUIRE_FATAL_ERROR;
+ break;
+ case NSDS50_REPL_BACKOFF:
+@@ -392,6 +427,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "the replica instructed us to go into "
+ "backoff mode. Will retry later.\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, extop_result,
++ "Unable to acquire replica: the replica instructed "
++ "us to go into backoff mode. Will retry later.");
+ return_value = ACQUIRE_TRANSIENT_ERROR;
+ break;
+ case NSDS50_REPL_REPLICA_READY:
+@@ -450,6 +488,8 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ return_value = ACQUIRE_SUCCESS;
+ break;
+ default:
++ agmt_set_last_update_status(prp->agmt, 0, extop_result,
++ "Unable to acquire replica");
+ return_value = ACQUIRE_FATAL_ERROR;
+ }
+ }
+@@ -461,6 +501,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "startReplication extended operation. "
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_DECODING_ERROR,
++ "Unable to parse the response to the "
++ "startReplication extended operation. "
++ "Replication is aborting.");
+ prp->last_acquire_response_code = NSDS50_REPL_INTERNAL_ERROR;
+ return_value = ACQUIRE_FATAL_ERROR;
+ }
+@@ -477,6 +521,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "extended operation to consumer (%s). Will retry later.\n",
+ agmt_get_long_name(prp->agmt),
+ error ? ldap_err2string(error) : "unknown error");
++ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
++ "Unable to receive the response for a startReplication "
++ "extended operation to consumer. Will retry later.");
+ }
+ }
+ else
+@@ -486,6 +533,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
+ "%s: Unable to obtain current CSN. "
+ "Replication is aborting.\n",
+ agmt_get_long_name(prp->agmt));
++ agmt_set_last_update_status(prp->agmt, 0, 0,
++ "Unable to obtain current CSN. "
++ "Replication is aborting.");
+ return_value = ACQUIRE_FATAL_ERROR;
+ }
+ }
+@@ -535,8 +585,8 @@ release_replica(Private_Repl_Protocol *prp)
+ PR_ASSERT(NULL != prp);
+ PR_ASSERT(NULL != prp->conn);
+
+- if (!prp->replica_acquired)
+- return;
++ if (!prp->replica_acquired)
++ return;
+
+ replarea_sdn = agmt_get_replarea(prp->agmt);
+ payload = NSDS50EndReplicationRequest_new((char *)slapi_sdn_get_dn(replarea_sdn)); /* XXXggood had to cast away const */
+@@ -650,9 +700,14 @@ protocol_response2string (int response)
+ case NSDS50_REPL_BELOW_PURGEPOINT: return "csn below purge point";
+ case NSDS50_REPL_INTERNAL_ERROR: return "internal error";
+ case NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED: return "replica released";
+- case NSDS50_REPL_LEGACY_CONSUMER: return "replica is a legacy consumer";
+- case NSDS50_REPL_REPLICAID_ERROR: return "duplicate replica ID detected";
+- case NSDS50_REPL_UPTODATE: return "no change to send";
++ case NSDS50_REPL_LEGACY_CONSUMER: return "replica is a legacy consumer";
++ case NSDS50_REPL_REPLICAID_ERROR: return "duplicate replica ID detected";
++ case NSDS50_REPL_UPTODATE: return "no change to send";
++ case NSDS50_REPL_CL_ERROR: return "changelog error";
++ case NSDS50_REPL_CONN_ERROR: return "connection error";
++ case NSDS50_REPL_CONN_TIMEOUT: return "connection timeout";
++ case NSDS50_REPL_TRANSIENT_ERROR: return "transient error";
++ case NSDS50_REPL_RUV_ERROR: return "RUV error";
+ default: return "unknown error";
+ }
+ }
+diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
+index 011e4ca..59e5298 100644
+--- a/ldap/servers/plugins/replication/repl5_replica_config.c
++++ b/ldap/servers/plugins/replication/repl5_replica_config.c
+@@ -639,8 +639,8 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
+ }
+
+ done:
+- if (mtnode_ext->replica)
+- object_release (mtnode_ext->replica);
++ if (mtnode_ext->replica)
++ object_release (mtnode_ext->replica);
+
+ /* slapi_ch_free accepts NULL pointer */
+ slapi_ch_free_string(&replica_root);
+diff --git a/ldap/servers/plugins/replication/repl5_total.c b/ldap/servers/plugins/replication/repl5_total.c
+index 0512dfa..dcb7af5 100644
+--- a/ldap/servers/plugins/replication/repl5_total.c
++++ b/ldap/servers/plugins/replication/repl5_total.c
+@@ -533,8 +533,9 @@ my_ber_scanf_value(BerElement *ber, Slapi_Value **value, PRBool *deleted)
+ goto loser;
+ }
+
+- if (attrval)
+- ber_bvfree(attrval);
++ if (attrval)
++ ber_bvfree(attrval);
++
+ return 0;
+
+ loser:
+--
+2.4.11
+
diff --git a/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch b/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
deleted file mode 100644
index 077923f..0000000
--- a/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 0cf9e38234476a0f3680ea388351f9bf90735818 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 14 Aug 2015 11:19:24 -0700
-Subject: [PATCH 45/45] Ticket #48250 - Slapd crashes reported from latest
- build
-
-Bug Description: There was a conflict between an import task and
-deleting the instance. While the import task was still running,
-the backend instance was removed, which should have been rejected.
-
-Fix Description: Backend tasks keeps instance refcnt positive and
-disable the backend in the mapping tree. This patch adds the
-check for the mapping tree in the backend deletion callback. If
-the instance refcnt is positive or the mapping tree is disabled,
-the deletion is backed off.
-
-For the backend deletion, the referral info is not needed. To
-reduce unnecessary allocation and free, adding the code which
-checks if the given referral variable is NULL or not to mtn_get_be.
-If it is NULL, no allocation for the referral entry occurs.
-
-https://fedorahosted.org/389/ticket/48250
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 01fea1f89a680358245677f72a67e9ccf196f66d)
-(cherry picked from commit 7a4b0a705ec7376e704f6ae591beabf6c8f890af)
----
- ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 11 +++--
- ldap/servers/slapd/mapping_tree.c | 52 ++++++++++++++----------
- 2 files changed, 39 insertions(+), 24 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
-index 895d846..42c8ffe 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
-@@ -128,7 +128,7 @@ ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_
-
- /*
- * Config DSE callback for index deletes.
-- */
-+ */
- int
- ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg)
- {
-@@ -138,15 +138,19 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
- const struct berval *attrValue;
- int rc = SLAPI_DSE_CALLBACK_OK;
- struct attrinfo *ainfo = NULL;
-+ Slapi_Backend *be = NULL;
-
- returntext[0] = '\0';
- *returncode = LDAP_SUCCESS;
-
-- if (slapi_counter_get_value(inst->inst_ref_count) > 0) {
-+ if ((slapi_counter_get_value(inst->inst_ref_count) > 0) ||
-+ /* check if the backend is ON or not.
-+ * If offline or being deleted, non SUCCESS is returned. */
-+ (slapi_mapping_tree_select(pb, &be, NULL, returntext) != LDAP_SUCCESS)) {
- *returncode = LDAP_UNAVAILABLE;
- rc = SLAPI_DSE_CALLBACK_ERROR;
-+ goto bail;
- }
--
- *returncode = LDAP_SUCCESS;
-
- slapi_entry_attr_find(e, "cn", &attr);
-@@ -165,6 +169,7 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
- rc = SLAPI_DSE_CALLBACK_ERROR;
- }
- }
-+bail:
- return rc;
- }
-
-diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
-index ca8d6af..165eba1 100644
---- a/ldap/servers/slapd/mapping_tree.c
-+++ b/ldap/servers/slapd/mapping_tree.c
-@@ -2171,7 +2171,9 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
- }
-
- be[0] = NULL;
-- referral[0] = NULL;
-+ if (referral) {
-+ referral[0] = NULL;
-+ }
-
- mtn_lock();
-
-@@ -2658,7 +2660,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
- ((SLAPI_OPERATION_SEARCH == op_type)||(SLAPI_OPERATION_BIND == op_type) ||
- (SLAPI_OPERATION_UNBIND == op_type) || (SLAPI_OPERATION_COMPARE == op_type))) ||
- override_referral) {
-- *referral = NULL;
-+ if (referral) {
-+ *referral = NULL;
-+ }
- if ((target_node == mapping_tree_root) ){
- /* If we got here, then we couldn't find a matching node
- * for the target. We'll use the default backend. Once
-@@ -2679,22 +2683,25 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
- /* there is only one backend no choice possible */
- *index = 0;
- } else {
-- *index = mtn_get_be_distributed(pb, target_node,
-- target_sdn, &flag_stop);
-- if (*index == SLAPI_BE_NO_BACKEND)
-- result = LDAP_UNWILLING_TO_PERFORM;
-- }
-- }
-- if (*index == SLAPI_BE_REMOTE_BACKEND) {
-- *be = NULL;
-- *referral = (target_node->mtn_referral_entry ?
-- slapi_entry_dup(target_node->mtn_referral_entry) :
-- NULL);
-+ *index = mtn_get_be_distributed(pb, target_node, target_sdn, &flag_stop);
-+ if (*index == SLAPI_BE_NO_BACKEND) {
-+ result = LDAP_UNWILLING_TO_PERFORM;
-+ }
-+ }
-+ }
-+ if (*index == SLAPI_BE_REMOTE_BACKEND) {
-+ *be = NULL;
-+ if (referral) {
-+ *referral = (target_node->mtn_referral_entry ?
-+ slapi_entry_dup(target_node->mtn_referral_entry) : NULL);
-+ }
- (*index)++;
- }else if ((*index == SLAPI_BE_NO_BACKEND) || (*index >= target_node->mtn_be_count)) {
-- /* we have already returned all backends -> return NULL */
-+ /* we have already returned all backends -> return NULL */
- *be = NULL;
-- *referral = NULL;
-+ if (referral) {
-+ *referral = NULL;
-+ }
- } else {
- /* return next backend, increment index */
- *be = target_node->mtn_be[*index];
-@@ -2749,7 +2756,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
- * send back NULL to jump to next node
- */
- *be = NULL;
-- *referral = NULL;
-+ if (referral) {
-+ *referral = NULL;
-+ }
- result = LDAP_SUCCESS;
- } else {
- /* first time we hit this referral -> return it
-@@ -2758,11 +2767,12 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
- * returned this referral
- */
- *be = NULL;
-- *referral = (target_node->mtn_referral_entry ?
-- slapi_entry_dup(target_node->mtn_referral_entry) :
-- NULL);
-+ if (referral) {
-+ *referral = (target_node->mtn_referral_entry ?
-+ slapi_entry_dup(target_node->mtn_referral_entry) : NULL);
-+ }
- (*index)++;
-- if (NULL == *referral) {
-+ if (NULL == target_node->mtn_referral_entry) {
- if (errorbuf) {
- PR_snprintf(errorbuf, BUFSIZ,
- "Mapping tree node for %s is set to return a referral,"
-@@ -2782,7 +2792,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
- "mapping tree selected backend : %s\n",
- slapi_be_get_name(*be));
- slapi_be_Rlock(*be);
-- } else if (*referral) {
-+ } else if (referral && *referral) {
- slapi_log_error(SLAPI_LOG_ARGS, NULL,
- "mapping tree selected referral at node : %s\n",
- slapi_sdn_get_dn(target_node->mtn_subtree));
---
-1.9.3
-
diff --git a/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch b/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch
new file mode 100644
index 0000000..094033c
--- /dev/null
+++ b/SOURCES/0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch
@@ -0,0 +1,227 @@
+From 1c4faa3c235c42abde1d7fe93cb43429772b65a6 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Fri, 26 Aug 2016 18:51:42 -0400
+Subject: [PATCH 45/45] Ticket 48972 - remove old pwp code that adds/removes
+ ACIs
+
+Bug Description: Old legacy code is still present in the DS that used
+ to enforce the password policy "user may change password"
+ using ACIs. This old code would re-add the ACI for
+ selfwrite on userpassword at server startup.
+
+Fix Description: The current password policy does not depend on these access
+ access control rules to enforce if a user can change their
+ password or not.
+
+https://fedorahosted.org/389/ticket/48972
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 32881be120f14b952de67a0d533ad94ba0956093)
+---
+ ldap/servers/slapd/add.c | 15 --------
+ ldap/servers/slapd/libglobs.c | 14 -------
+ ldap/servers/slapd/proto-slap.h | 3 --
+ ldap/servers/slapd/pw.c | 81 -----------------------------------------
+ ldap/servers/slapd/pw_mgmt.c | 9 +----
+ 5 files changed, 1 insertion(+), 121 deletions(-)
+
+diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
+index 629017e..708d3e7 100644
+--- a/ldap/servers/slapd/add.c
++++ b/ldap/servers/slapd/add.c
+@@ -643,21 +643,6 @@ static void op_shared_add (Slapi_PBlock *pb)
+ }
+
+ slapi_pblock_set(pb, SLAPI_BACKEND, be);
+- /* we set local password policy ACI for non-replicated operations only */
+- if (!repl_op &&
+- !operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP) &&
+- !operation_is_flag_set(operation, OP_FLAG_LEGACY_REPLICATION_DN) &&
+- !slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA) &&
+- !slapi_be_private(be) &&
+- slapi_be_issuffix (be, slapi_entry_get_sdn_const(e)))
+- {
+- /* this is a suffix. update the pw aci */
+- slapdFrontendConfig_t *slapdFrontendConfig;
+- slapdFrontendConfig = getFrontendConfig();
+- pw_add_allowchange_aci(e, !slapdFrontendConfig->pw_policy.pw_change &&
+- !slapdFrontendConfig->pw_policy.pw_must_change);
+- }
+-
+
+ if (!repl_op)
+ {
+diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
+index a630c6c..faf521b 100644
+--- a/ldap/servers/slapd/libglobs.c
++++ b/ldap/servers/slapd/libglobs.c
+@@ -2601,13 +2601,6 @@ config_set_pw_change( const char *attrname, char *value, char *errorbuf, int app
+ errorbuf,
+ apply);
+
+- if (retVal == LDAP_SUCCESS) {
+- /* LP: Update ACI to reflect the value ! */
+- if (apply)
+- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
+- !slapdFrontendConfig->pw_policy.pw_must_change);
+- }
+-
+ return retVal;
+ }
+
+@@ -2638,13 +2631,6 @@ config_set_pw_must_change( const char *attrname, char *value, char *errorbuf, in
+ errorbuf,
+ apply);
+
+- if (retVal == LDAP_SUCCESS) {
+- /* LP: Update ACI to reflect the value ! */
+- if (apply)
+- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
+- !slapdFrontendConfig->pw_policy.pw_must_change);
+- }
+-
+ return retVal;
+ }
+
+diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
+index 1f37010..712642f 100644
+--- a/ldap/servers/slapd/proto-slap.h
++++ b/ldap/servers/slapd/proto-slap.h
+@@ -951,9 +951,6 @@ void get_old_pw( Slapi_PBlock *pb, const Slapi_DN *sdn, char **old_pw);
+ int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only /*no wire/no pw policy*/);
+ int check_pw_minage( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) ;
+ void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e );
+-void mod_allowchange_aci(char *val);
+-void pw_mod_allowchange_aci(int pw_prohibit_change);
+-void pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change);
+
+ int add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e);
+
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 7469b9e..3f2cdb0 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -1337,69 +1337,6 @@ slapi_add_pwd_control ( Slapi_PBlock *pb, char *arg, long time) {
+ }
+
+ void
+-pw_mod_allowchange_aci(int pw_prohibit_change)
+-{
+- const Slapi_DN *base;
+- char *values_mod[2];
+- LDAPMod mod;
+- LDAPMod *mods[2];
+- Slapi_Backend *be;
+- char *cookie = NULL;
+-
+- mods[0] = &mod;
+- mods[1] = NULL;
+- mod.mod_type = "aci";
+- mod.mod_values = values_mod;
+-
+- if (pw_prohibit_change) {
+- mod.mod_op = LDAP_MOD_ADD;
+- }
+- else
+- {
+- /* Allow change password by default */
+- /* remove the aci if it is there. it is ok to fail */
+- mod.mod_op = LDAP_MOD_DELETE;
+- }
+-
+- be = slapi_get_first_backend (&cookie);
+- /* Foreach backend... */
+- while (be)
+- {
+- /* Don't add aci on a chaining backend holding remote entries */
+- if((!be->be_private) && (!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA)))
+- {
+- /* There's only One suffix per DB now. No need to loop */
+- base = slapi_be_getsuffix(be, 0);
+- if (base != NULL)
+- {
+- Slapi_PBlock pb;
+- int rc;
+-
+- pblock_init (&pb);
+- values_mod[0] = DENY_PW_CHANGE_ACI;
+- values_mod[1] = NULL;
+- slapi_modify_internal_set_pb_ext(&pb, base, mods, NULL, NULL,
+- pw_get_componentID(), 0);
+- slapi_modify_internal_pb(&pb);
+- slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
+- if (rc == LDAP_SUCCESS){
+- /*
+- ** Since we modified the acl
+- ** successfully, let's update the
+- ** in-memory acl list
+- */
+- slapi_pblock_set(&pb, SLAPI_TARGET_SDN, (void *)base);
+- plugin_call_acl_mods_update (&pb, LDAP_REQ_MODIFY );
+- }
+- pblock_done(&pb);
+- }
+- }
+- be = slapi_get_next_backend (cookie);
+- }
+- slapi_ch_free((void **) &cookie);
+-}
+-
+-void
+ add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e )
+ {
+ struct berval bv;
+@@ -1583,24 +1520,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char
+ return ( 0 );
+ }
+
+-
+-void
+-pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change) {
+- char *aci_pw = NULL;
+- const char *aciattr = "aci";
+-
+- aci_pw = slapi_ch_strdup(DENY_PW_CHANGE_ACI);
+-
+- if (pw_prohibit_change) {
+- /* Add ACI */
+- slapi_entry_add_string(e, aciattr, aci_pw);
+- } else {
+- /* Remove ACI */
+- slapi_entry_delete_string(e, aciattr, aci_pw);
+- }
+- slapi_ch_free((void **) &aci_pw);
+-}
+-
+ int
+ pw_is_pwp_admin(Slapi_PBlock *pb, passwdPolicy *pwp){
+ Slapi_DN *bind_sdn = NULL;
+diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
+index 5470556..7252c08 100644
+--- a/ldap/servers/slapd/pw_mgmt.c
++++ b/ldap/servers/slapd/pw_mgmt.c
+@@ -256,13 +256,8 @@ skip:
+ void
+ pw_init ( void )
+ {
+- slapdFrontendConfig_t *slapdFrontendConfig;
+-
+ pw_set_componentID(generate_componentid(NULL, COMPONENT_PWPOLICY));
+-
+- slapdFrontendConfig = getFrontendConfig();
+- pw_mod_allowchange_aci (!slapdFrontendConfig->pw_policy.pw_change &&
+- !slapdFrontendConfig->pw_policy.pw_must_change);
++
+ #if defined(USE_OLD_UNHASHED)
+ slapi_add_internal_attr_syntax( PSEUDO_ATTR_UNHASHEDUSERPASSWORD,
+ PSEUDO_ATTR_UNHASHEDUSERPASSWORD_OID,
+@@ -273,5 +268,3 @@ pw_init ( void )
+ SLAPI_ATTR_FLAG_NOEXPOSE);
+ #endif
+ }
+-
+-
+--
+2.4.11
+
diff --git a/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch b/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
deleted file mode 100644
index 245fe21..0000000
--- a/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-From 34024061a980fa5472fab680b873c0666413e5ec Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 17 Aug 2015 14:51:17 -0400
-Subject: [PATCH 46/47] Ticket 48233 - Server crashes in ACL_LasFindFlush
- during shutdown if ACIs contain IP addresss restrictions
-
-Bug Description: The server will crash at shutdown if there are ACI's that use IP rules.
-
-Fix Description: When we stop the acl plugin we need to free aci avl list first, before
- we free the libaccess ACL global lists. Otherwise, we dereference a freed
- struct.
-
-https://fedorahosted.org/389/ticket/48233
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 22d315b910b086d3e7edca3b6b52511d5da63802)
-(cherry picked from commit 57c5d35b4a5ea3e85ae2a7471cbe487531ee3835)
----
- dirsrvtests/tickets/ticket48233_test.py | 105 ++++++++++++++++++++++++++++++++
- ldap/servers/plugins/acl/aclplugin.c | 2 +-
- 2 files changed, 106 insertions(+), 1 deletion(-)
- create mode 100644 dirsrvtests/tickets/ticket48233_test.py
-
-diff --git a/dirsrvtests/tickets/ticket48233_test.py b/dirsrvtests/tickets/ticket48233_test.py
-new file mode 100644
-index 0000000..387279d
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48233_test.py
-@@ -0,0 +1,105 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ global installation1_prefix
-+ if installation1_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+ # Creating standalone instance ...
-+ standalone = DirSrv(verbose=False)
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ standalone.delete()
-+ standalone.create()
-+ standalone.open()
-+
-+ # Delete each instance in the end
-+ def fin():
-+ standalone.delete()
-+ request.addfinalizer(fin)
-+
-+ # Clear out the tmp dir
-+ standalone.clearTmpDir(__file__)
-+
-+ return TopologyStandalone(standalone)
-+
-+
-+def test_ticket48233(topology):
-+ """Test that ACI's that use IP restrictions do not crash the server at
-+ shutdown
-+ """
-+
-+ # Add aci to restrict access my ip
-+ aci_text = ('(targetattr != "userPassword")(version 3.0;acl ' +
-+ '"Enable anonymous access - IP"; allow (read,compare,search)' +
-+ '(userdn = "ldap:///anyone") and (ip="127.0.0.1");)')
-+
-+ try:
-+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', aci_text)])
-+ except ldap.LDAPError as e:
-+ log.error('Failed to add aci: (%s) error %s' % (aci_text, e.message['desc']))
-+ assert False
-+ time.sleep(1)
-+
-+ # Anonymous search to engage the aci
-+ try:
-+ topology.standalone.simple_bind_s("", "")
-+ except ldap.LDAPError as e:
-+ log.error('Failed to anonymously bind -error %s' % (e.message['desc']))
-+ assert False
-+
-+ try:
-+ entries = topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'objectclass=*')
-+ if not entries:
-+ log.fatal('Failed return an entries from search')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('Search failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Restart the server
-+ topology.standalone.restart(timeout=10)
-+
-+ # Check for crash
-+ if topology.standalone.detectDisorderlyShutdown():
-+ log.fatal('Server crashed!')
-+ assert False
-+
-+ log.info('Test complete')
-+
-+
-+if __name__ == '__main__':
-+ # Run isolated
-+ # -s for DEBUG mode
-+ CURRENT_FILE = os.path.realpath(__file__)
-+ pytest.main("-s %s" % CURRENT_FILE)
-\ No newline at end of file
-diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c
-index 45a6315..d90996e 100644
---- a/ldap/servers/plugins/acl/aclplugin.c
-+++ b/ldap/servers/plugins/acl/aclplugin.c
-@@ -269,13 +269,13 @@ aclplugin_stop ( Slapi_PBlock *pb )
- {
- int rc = 0; /* OK */
-
-+ free_acl_avl_list();
- ACL_Destroy();
- acl_destroy_aclpb_pool();
- acl_remove_ext();
- ACL_AttrGetterHashDestroy();
- ACL_MethodHashDestroy();
- ACL_DestroyPools();
-- free_acl_avl_list();
- aclanom__del_profile(1);
- aclgroup_free();
- //aclext_free_lockarray();
---
-1.9.3
-
diff --git a/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch b/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch
new file mode 100644
index 0000000..d710373
--- /dev/null
+++ b/SOURCES/0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch
@@ -0,0 +1,192 @@
+From d8399105d3b9ca281522624fdd471360b8ea59f6 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 30 Aug 2016 10:32:45 -0400
+Subject: [PATCH 46/47] Ticket 48970 - Serverside sorting crashes the server
+
+Bug Description: When using a matching rule and server side sorting
+ the server does a double-free on the matching rule
+ keys which crashes the server.
+
+Fix Description: Set the pblock pointer to NULL after the keys are
+ freed. This prevents the double free.
+
+ Also fixed some complier warnings/indentation.
+
+Valgrind: passed
+
+https://fedorahosted.org/389/ticket/48970
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 43997fa8782ca93e20595ae10e303d85e5b765f4)
+---
+ ldap/servers/plugins/collation/collate.c | 14 ++++----
+ ldap/servers/plugins/collation/orfilter.c | 55 ++++++++++++++++++-------------
+ ldap/servers/slapd/back-ldbm/sort.c | 12 +++----
+ 3 files changed, 43 insertions(+), 38 deletions(-)
+
+diff --git a/ldap/servers/plugins/collation/collate.c b/ldap/servers/plugins/collation/collate.c
+index 0480280..483a132 100644
+--- a/ldap/servers/plugins/collation/collate.c
++++ b/ldap/servers/plugins/collation/collate.c
+@@ -347,23 +347,23 @@ collation_index (indexer_t* ix, struct berval** bvec, struct berval** prefixes)
+ return keys;
+ }
+
++/* The destructor function for a collation-based indexer. */
+ static void
+ collation_indexer_destroy (indexer_t* ix)
+- /* The destructor function for a collation-based indexer. */
+ {
+ collation_indexer_t* etc = (collation_indexer_t*) ix->ix_etc;
+ if (etc->converter) {
+- ucnv_close(etc->converter);
+- etc->converter = NULL;
++ ucnv_close(etc->converter);
++ etc->converter = NULL;
+ }
+
+ if (etc->collator) {
+- ucol_close(etc->collator);
+- etc->collator = NULL;
++ ucol_close(etc->collator);
++ etc->collator = NULL;
+ }
+ if (etc->ix_keys != NULL) {
+- ber_bvecfree (etc->ix_keys);
+- etc->ix_keys = NULL;
++ ber_bvecfree (etc->ix_keys);
++ etc->ix_keys = NULL;
+ }
+ slapi_ch_free((void**)&ix->ix_etc);
+ ix->ix_etc = NULL; /* just for hygiene */
+diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c
+index 8dc4246..084fdf6 100644
+--- a/ldap/servers/plugins/collation/orfilter.c
++++ b/ldap/servers/plugins/collation/orfilter.c
+@@ -34,7 +34,7 @@ static void
+ indexer_free (indexer_t* ix)
+ {
+ if (ix->ix_destroy != NULL) {
+- ix->ix_destroy (ix);
++ ix->ix_destroy (ix);
+ }
+ slapi_ch_free((void**)&ix);
+ }
+@@ -221,23 +221,28 @@ op_filter_match (or_filter_t* or, struct berval** vals)
+ auto indexer_t* ix = or->or_indexer;
+ auto struct berval** v = ix->ix_index (ix, vals, NULL);
+ if (v != NULL) for (; *v; ++v) {
+- auto struct berval** k = or->or_match_keys;
+- if (k != NULL) for (; *k; ++k) {
+- switch (or->or_op) {
+- case SLAPI_OP_LESS:
+- if (slapi_berval_cmp (*v, *k) < 0) return 0; break;
+- case SLAPI_OP_LESS_OR_EQUAL:
+- if (slapi_berval_cmp (*v, *k) <= 0) return 0; break;
+- case SLAPI_OP_EQUAL:
+- if (SLAPI_BERVAL_EQ (*v, *k)) return 0; break;
+- case SLAPI_OP_GREATER_OR_EQUAL:
+- if (slapi_berval_cmp (*v, *k) >= 0) return 0; break;
+- case SLAPI_OP_GREATER:
+- if (slapi_berval_cmp (*v, *k) > 0) return 0; break;
+- default:
+- break;
+- }
+- }
++ auto struct berval** k = or->or_match_keys;
++ if (k != NULL) for (; *k; ++k) {
++ switch (or->or_op) {
++ case SLAPI_OP_LESS:
++ if (slapi_berval_cmp (*v, *k) < 0) return 0;
++ break;
++ case SLAPI_OP_LESS_OR_EQUAL:
++ if (slapi_berval_cmp (*v, *k) <= 0) return 0;
++ break;
++ case SLAPI_OP_EQUAL:
++ if (SLAPI_BERVAL_EQ (*v, *k)) return 0;
++ break;
++ case SLAPI_OP_GREATER_OR_EQUAL:
++ if (slapi_berval_cmp (*v, *k) >= 0) return 0;
++ break;
++ case SLAPI_OP_GREATER:
++ if (slapi_berval_cmp (*v, *k) > 0) return 0;
++ break;
++ default:
++ break;
++ }
++ }
+ }
+ return -1;
+ }
+@@ -570,7 +575,9 @@ op_indexer_destroy (Slapi_PBlock* pb)
+ auto indexer_t* ix = op_indexer_get (pb);
+ LDAPDebug (LDAP_DEBUG_FILTER, "op_indexer_destroy(%p)\n", (void*)ix, 0, 0);
+ if (ix != NULL) {
+- indexer_free (ix);
++ indexer_free (ix);
++ /* The keys were freed, but we need to reset the pblock pointer */
++ slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL);
+ }
+ return 0;
+ }
+@@ -623,10 +630,10 @@ typedef struct ss_indexer_t {
+ static void
+ ss_indexer_free (ss_indexer_t* ss)
+ {
+- slapi_ch_free((void**)&ss->ss_oid);
++ slapi_ch_free_string(&ss->ss_oid);
+ if (ss->ss_indexer != NULL) {
+- indexer_free (ss->ss_indexer);
+- ss->ss_indexer = NULL;
++ indexer_free (ss->ss_indexer);
++ ss->ss_indexer = NULL;
+ }
+ slapi_ch_free((void**)&ss);
+ }
+@@ -647,7 +654,9 @@ ss_indexer_destroy (Slapi_PBlock* pb)
+ auto ss_indexer_t* ss = ss_indexer_get (pb);
+ LDAPDebug (LDAP_DEBUG_FILTER, "ss_indexer_destroy(%p)\n", (void*)ss, 0, 0);
+ if (ss) {
+- ss_indexer_free (ss);
++ ss_indexer_free(ss);
++ /* The keys were freed, but we need to reset the pblock pointer */
++ slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL);
+ }
+ }
+
+diff --git a/ldap/servers/slapd/back-ldbm/sort.c b/ldap/servers/slapd/back-ldbm/sort.c
+index 69fe659..46f2dbd 100644
+--- a/ldap/servers/slapd/back-ldbm/sort.c
++++ b/ldap/servers/slapd/back-ldbm/sort.c
+@@ -32,15 +32,11 @@ static int print_out_sort_spec(char* buffer,sort_spec *s,int *size);
+
+ static void sort_spec_thing_free(sort_spec_thing *s)
+ {
+- if (NULL != s->type) {
+- slapi_ch_free((void **)&s->type);
+- }
+- if (NULL != s->matchrule) {
+- slapi_ch_free( (void**)&s->matchrule);
+- }
++ slapi_ch_free_string(&s->type);
++ slapi_ch_free_string(&s->matchrule);
+ if (NULL != s->mr_pb) {
+ destroy_matchrule_indexer(s->mr_pb);
+- slapi_pblock_destroy (s->mr_pb);
++ slapi_pblock_destroy (s->mr_pb);
+ }
+ attr_done(&s->sattr);
+ slapi_ch_free( (void**)&s);
+@@ -116,7 +112,7 @@ void sort_log_access(Slapi_PBlock *pb,sort_spec_thing *s,IDList *candidates)
+ /* Now output it */
+ ldbm_log_access_message(pb,buffer);
+ if (buffer != stack_buffer) {
+- slapi_ch_free( (void**)&buffer);
++ slapi_ch_free_string(&buffer);
+ }
+ }
+
+--
+2.4.11
+
diff --git a/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch b/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
deleted file mode 100644
index 616cc6b..0000000
--- a/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From d88650af2dc614519bdb138b162d3c6e3b5ae9c5 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 18 Aug 2015 13:43:55 -0700
-Subject: [PATCH 47/47] Ticket #48243 - replica upgrade failed in starting
- dirsrv service due to upgrade scripts did not run
-
-Description: In the upgrade process, there is a combination of requirements:
- . the server is running.
- . the server instance service is disabled.
- . upgrade scripts are expected to run against the instance.
- . the server is restarted once the upgrade is done.
- . the server instance service remains disabled.
-To fulfill the requirements,
- . spec file is modified to enumerate slapd dir (except .remove) in the
- /etc/dirsrv for getting the server instance.
- . Start/Update perl scripts are modified not to create a symlink in
- /etc/systemd/system/dirsrv.target.wants for the upgrade case, which
- means the service remains disabled.
-
-https://fedorahosted.org/389/ticket/48243
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 29c09a5bcc7d54be1aa6880b4f2a423edd3dc463)
-(cherry picked from commit 2c5e0d5692bcabe16a7e3b8e0d24eb3a88913155)
----
- ldap/admin/src/scripts/DSCreate.pm.in | 7 ++++---
- ldap/admin/src/scripts/DSMigration.pm.in | 2 +-
- ldap/admin/src/scripts/DSUpdate.pm.in | 2 +-
- rpm/389-ds-base.spec.in | 20 +++++++++++++-------
- 4 files changed, 19 insertions(+), 12 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
-index e4a4ed0..cdde339 100644
---- a/ldap/admin/src/scripts/DSCreate.pm.in
-+++ b/ldap/admin/src/scripts/DSCreate.pm.in
-@@ -1098,6 +1098,7 @@ sub updateTmpfilesDotD {
- }
-
- sub updateSystemD {
-+ my $noservicelink = shift;
- my $inf = shift;
- my $unitdir = "@systemdsystemunitdir@";
- my $confbasedir = "@systemdsystemconfdir@";
-@@ -1129,7 +1130,7 @@ sub updateSystemD {
- next;
- } else {
- my $servicelink = "$confdir/$pkgname\@$inst.service";
-- if (! -l $servicelink) {
-+ if (! -l $servicelink && ! $noservicelink) {
- if (!symlink($servicefile, $servicelink)) {
- debug(1, "error updating link $servicelink to $servicefile - $!\n");
- push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ];
-@@ -1216,7 +1217,7 @@ sub createDSInstance {
- return @errs;
- }
-
-- if (@errs = updateSystemD($inf)) {
-+ if (@errs = updateSystemD(0, $inf)) {
- return @errs;
- }
-
-@@ -1452,7 +1453,7 @@ sub removeDSInstance {
- }
-
- # update systemd files
-- push @errs, updateSystemD();
-+ push @errs, updateSystemD(0);
-
- # if we got here, report success
- if (@errs) {
-diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in
-index e59e667..630ab43 100644
---- a/ldap/admin/src/scripts/DSMigration.pm.in
-+++ b/ldap/admin/src/scripts/DSMigration.pm.in
-@@ -1132,7 +1132,7 @@ sub migrateDS {
- }
-
- # do the systemd stuff
-- @errs = DSCreate::updateSystemD($inf);
-+ @errs = DSCreate::updateSystemD(0, $inf);
- if (@errs) {
- $mig->msg(@errs);
- goto cleanup;
-diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in
-index 1809ad9..be1e67c 100644
---- a/ldap/admin/src/scripts/DSUpdate.pm.in
-+++ b/ldap/admin/src/scripts/DSUpdate.pm.in
-@@ -408,7 +408,7 @@ sub updateDSInstance {
-
- push @errs, updateTmpfilesDotD($inf);
-
-- push @errs, updateSystemD($inf);
-+ push @errs, updateSystemD(1, $inf);
-
- return @errs;
- }
-diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
-index d0bbb7a..b7556e1 100644
---- a/rpm/389-ds-base.spec.in
-+++ b/rpm/389-ds-base.spec.in
-@@ -248,6 +248,7 @@ rm -rf $RPM_BUILD_ROOT
-
- %post
- output=/dev/null
-+output2=/dev/null
- %systemd_post %{pkgname}-snmp.service
- # reload to pick up any changes to systemd files
- /bin/systemctl daemon-reload >$output 2>&1 || :
-@@ -260,12 +261,17 @@ instances="" # instances that require a restart after upgrade
- ninst=0 # number of instances found in total
- if [ -n "$DEBUGPOSTTRANS" ] ; then
- output=$DEBUGPOSTTRANS
-+ output2=${DEBUGPOSTTRANS}.upgrade
- fi
--echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
--for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
-- if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
-- inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
-- echo found instance $inst - getting status >> $output 2>&1 || :
-+echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
-+instbase="%{_sysconfdir}/%{pkgname}"
-+for dir in $instbase/slapd-* ; do
-+ echo dir = $dir >> $output 2>&1 || :
-+ if [ ! -d "$dir" ] ; then continue ; fi
-+ case "$dir" in *.removed) continue ;; esac
-+ basename=`basename $dir`
-+ inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
-+ echo found instance $inst - getting status >> $output 2>&1 || :
- if /bin/systemctl -q is-active $inst ; then
- echo instance $inst is running >> $output 2>&1 || :
- instances="$instances $inst"
-@@ -290,9 +296,9 @@ echo remove pid files . . . >> $output 2>&1 || :
- echo upgrading instances . . . >> $output 2>&1 || :
- DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
- if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
-- %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
-+ %{_sbindir}/setup-ds.pl -l $output2 -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
- else
-- %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
-+ %{_sbindir}/setup-ds.pl -l $output2 -u -s General.UpdateMode=offline >> $output 2>&1 || :
- fi
-
- # restart instances that require it
---
-1.9.3
-
diff --git a/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch b/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch
new file mode 100644
index 0000000..1ad2767
--- /dev/null
+++ b/SOURCES/0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch
@@ -0,0 +1,85 @@
+From eaf8b3b97e22bf06152d42b90940212e7acc8e00 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 30 Aug 2016 14:25:15 -0400
+Subject: [PATCH 47/47] Ticket 48975- Disabling CLEAR password storage scheme
+ will crash server when setting a password
+
+Bug Description: If the CLEAR password storage scheme plugin is disabled, and a
+ userpassword is set, the server crashes. This is because we
+ expect this plugin to be enabled when working with the unhashed
+ password.
+
+Fix Description: Always check if the password scheme, returned by pw_val2scheme(),
+ is NULL before dereferencing it. If it is NULL treat it as a
+ clear text password.
+
+Valgrind: Passed
+
+https://fedorahosted.org/389/ticket/48975
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 52230585a1191bf1e747780b592f291d652e26dd)
+---
+ ldap/servers/slapd/modify.c | 8 ++++----
+ ldap/servers/slapd/pw.c | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
+index 4a5faa0..72f2db4 100644
+--- a/ldap/servers/slapd/modify.c
++++ b/ldap/servers/slapd/modify.c
+@@ -827,7 +827,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
+ for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) {
+ password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val);
+ pwsp = pw_val2scheme( password, &valpwd, 1 );
+- if(strcmp(pwsp->pws_name, "CLEAR") == 0){
++ if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
+ /*
+ * CLEAR password
+ *
+@@ -851,7 +851,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
+ const char *userpwd = slapi_value_get_string(present_values[ii]);
+
+ pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 );
+- if(strcmp(pass_scheme->pws_name,"CLEAR")){
++ if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){
+ /* its encoded, so compare it */
+ if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){
+ /*
+@@ -912,7 +912,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
+ * provided by the client.
+ */
+ unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 );
+- if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
++ if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
+ if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){
+ /* match, add the delete mod for this particular unhashed userpassword */
+ if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
+@@ -1156,7 +1156,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value ***
+ *cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *));
+ for(i=0,p=0;i<n;i++){
+ pwsp = pw_val2scheme( bvals[i]->bv_val, NULL, 1 );
+- if(strcmp(pwsp->pws_name, "CLEAR") == 0){
++ if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
+ (*cvals)[p++] = slapi_value_new_berval(bvals[i]);
+ }
+ free_pw_scheme( pwsp );
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 3f2cdb0..6f02f90 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -234,8 +234,8 @@ void free_pw_scheme(struct pw_scheme *pwsp)
+ {
+ if ( pwsp != NULL )
+ {
+- slapi_ch_free( (void**)&pwsp->pws_name );
+- slapi_ch_free( (void**)&pwsp );
++ slapi_ch_free_string(&pwsp->pws_name);
++ slapi_ch_free((void**)&pwsp);
+ }
+ }
+
+--
+2.4.11
+
diff --git a/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch b/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
deleted file mode 100644
index 8a3830b..0000000
--- a/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0e44c819b72dfad40a7f9eea6067f6060fa9c35b Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 19 Aug 2015 10:03:50 -0400
-Subject: [PATCH] Ticket 47831 - remove debug logging from retro cl
-
-Description: Instrumented debug logging was accidentally left in the source.
- This logging is being removed.
-
-https://fedorahosted.org/389/ticket/47931
-
-Reviewed by: mreynolds
-
-(cherry picked from commit db7153f89bf3dda935e6ef4f175697bda32fe720)
-(cherry picked from commit 1781280f133c4877f83949400294641a558f5406)
----
- ldap/servers/plugins/retrocl/retrocl_po.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
-index f689373..d9f4e6d 100644
---- a/ldap/servers/plugins/retrocl/retrocl_po.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
-@@ -157,14 +157,11 @@ write_replog_db(
- int err = 0;
- int ret = LDAP_SUCCESS;
- int i;
-- int mark = 0;
-
- if (!dn) {
- slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
- return ret;
- }
-- mark = (post_entry && retrocl_entry_in_scope(post_entry));
-- slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
-
- if (post_entry){
- if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
---
-1.9.3
-
diff --git a/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch b/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch
new file mode 100644
index 0000000..a9753ed
--- /dev/null
+++ b/SOURCES/0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch
@@ -0,0 +1,39 @@
+From 1eebfaff67aa6af7821fcc861fcdf3ef7fc9d25a Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 1 Sep 2016 12:54:08 -0400
+Subject: [PATCH 48/49] Ticket 48957 - Update repl-monitor to handle new status
+ messages
+
+Bug Description: The replication agreement status messages have changed,
+ and the repl-monitor script was not updated to reflect
+ these changes. This lead to the html report incorrectly
+ color coding a successfull status.
+
+Fix Description: Update the script to ignore "Error (0)"
+
+https://fedorahosted.org/389/ticket/48957
+
+Reviewed by: mreynolds (one line commit rule)
+
+(cherry picked from commit 32ee33b2222a9bbc0657ceb912ca3fa74ee27dcc)
+(cherry picked from commit cf5683ae112528597af70a4e06cfb51e8e0c3c74)
+---
+ ldap/admin/src/scripts/repl-monitor.pl.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/admin/src/scripts/repl-monitor.pl.in b/ldap/admin/src/scripts/repl-monitor.pl.in
+index aa7ab1e..a3efa8e 100755
+--- a/ldap/admin/src/scripts/repl-monitor.pl.in
++++ b/ldap/admin/src/scripts/repl-monitor.pl.in
+@@ -877,7 +877,7 @@ sub print_consumers
+ }
+ my $redfontstart = "";
+ my $redfontend = "";
+- if ($status =~ /error/i) {
++ if ($status !~ /Error \(0\)/i) {
+ $redfontstart = "<font color='red'>";
+ $redfontend = "</font>";
+ }
+--
+2.4.11
+
diff --git a/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch b/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
deleted file mode 100644
index e717cd5..0000000
--- a/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 6a07ebb40ee121c176f789d01937d7ceedc77776 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 20 Aug 2015 17:01:28 -0700
-Subject: [PATCH 49/52] Ticket #48254 - CLI db2index fails with usage errors
-
-Bug Description:
-1) CLI db2index had an issue in option handling, which accidentally
-added '=' at the end of the previous option.
-2) if a value of an option includes a white space, e.g., -T "by MCC
-ou=People dc=example dc=com", the value was not passed to the program
-as a string.
-
-Fix Description:
-1) Removed unnecessary '='.
-2) Quote $OPTARG which could include a white space, and call ns-slapd
- command line vai eval.
-
-https://fedorahosted.org/389/ticket/48254
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 3507c46c9f1156df11b6cf05eba695d81088b416)
-(cherry picked from commit a6d7e3bd29eb63def170f73dc21e967df230f20a)
----
- ldap/admin/src/scripts/db2index.in | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
-index 2b76cd1..6a0785e 100755
---- a/ldap/admin/src/scripts/db2index.in
-+++ b/ldap/admin/src/scripts/db2index.in
-@@ -39,13 +39,13 @@ do
- benameopt="set";;
- s) args=$args" -s $OPTARG"
- includeSuffix="set";;
-- t) args=$args" -t $OPTARG";;
-- T) args=$args=" -T $OPTARG";;
-- d) args=$args=" -d $OPTARG";;
-- a) args=$args=" -a $OPTARG";;
-- x) args=$args=" -x $OPTARG";;
-- v) args=$args=" -v";;
-- S) args=$args=" -S";;
-+ t) args=$args" -t "\"$OPTARG\";;
-+ T) args=$args" -T "\"$OPTARG\";;
-+ d) args=$args" -d $OPTARG";;
-+ a) args=$args" -a $OPTARG";;
-+ x) args=$args" -x $OPTARG";;
-+ v) args=$args" -v";;
-+ S) args=$args" -S";;
- D) args=$args" -D $OPTARG";;
- ?) usage
- exit 1;;
-@@ -79,5 +79,5 @@ then
- usage
- exit 1
- else
-- @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
-+ eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
- fi
---
-1.9.3
-
diff --git a/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch b/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
new file mode 100644
index 0000000..b86c3f8
--- /dev/null
+++ b/SOURCES/0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
@@ -0,0 +1,35 @@
+From 009e862b170b9a9037852952640558c03ecda481 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 1 Sep 2016 11:34:53 -0700
+Subject: [PATCH 49/49] Ticket #48969 - nsslapd-auditfaillog always has an
+ explicit path
+
+Description: commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4
+introduced a RESOURCE_LEAK.
+ auditlog.c:180: leaked_storage: Variable "audit_config" going
+ out of scope leaks the storage it points to.
+
+Reviewed by nhosoi (one line commit rule)
+
+(cherry picked from commit 95d820901e7264490bae02b8ca943d09a344d7ac)
+(cherry picked from commit b0fc82233a5ea929c5fad835f9e825a8f0b97968)
+(cherry picked from commit fc1310e352e124d66d58d0a3e86d45c5573cbfb2)
+---
+ ldap/servers/slapd/auditlog.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
+index 85d136c..74d1b46 100644
+--- a/ldap/servers/slapd/auditlog.c
++++ b/ldap/servers/slapd/auditlog.c
+@@ -177,6 +177,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
+ write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
+ }
+ slapi_ch_free_string(&auditfail_config);
++ slapi_ch_free_string(&audit_config);
+ }
+
+
+--
+2.4.11
+
diff --git a/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch b/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch
new file mode 100644
index 0000000..ba1d19b
--- /dev/null
+++ b/SOURCES/0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch
@@ -0,0 +1,52 @@
+From 34ef42f8f839a7c7f40366ae2516aa2692582672 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Thu, 8 Sep 2016 11:38:15 +0200
+Subject: [PATCH] Bug 1321124 - use a consumer maxcsn only as anchor if
+ supplier is more advanced
+
+(cherry picked from commit f4301f6be6bbff3c7bb0180a38f6dfd7e31b8558)
+---
+ ldap/servers/plugins/replication/cl5_clcache.c | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
+index 74f0fec..ca8b841 100644
+--- a/ldap/servers/plugins/replication/cl5_clcache.c
++++ b/ldap/servers/plugins/replication/cl5_clcache.c
+@@ -717,24 +717,22 @@ clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag )
+ curr, conmaxcsn);
+ }
+
+- if (csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 ||
+- csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) > 0 ) {
+- if (csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
++ if (csn_compare(cscb->local_maxcsn, cscb->consumer_maxcsn) > 0) {
++ /* We have something to send for this RID */
++
++ if (csn_compare(cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 ||
++ csn_compare(cscb->prev_local_maxcsn, buf->buf_current_csn) > 0) {
++ /* No new changes or it remains, in the buffer, updates to send */
+ rid_anchor = buf->buf_current_csn;
+- }
+- } else {
+- /* prev local max csn < csnBuffer AND different from local maxcsn */
+- if (cscb->prev_local_maxcsn == NULL) {
++ } else {
++ /* prev local max csn < csnBuffer AND different from local maxcsn */
+ if (cscb->consumer_maxcsn == NULL) {
+ /* the consumer hasn't seen changes for this RID */
+ rid_anchor = cscb->local_mincsn;
+ rid_flag = DB_SET;
+- } else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
++ } else {
+ rid_anchor = cscb->consumer_maxcsn;
+ }
+- } else {
+- /* csnPrevMaxSup > 0 */
+- rid_anchor = cscb->consumer_maxcsn;
+ }
+ }
+
+--
+2.4.11
+
diff --git a/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch b/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
deleted file mode 100644
index 4582e71..0000000
--- a/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
+++ /dev/null
@@ -1,375 +0,0 @@
-From 94bde9f69f10e0811e261b5d53e5bebfcd891820 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 25 Aug 2015 11:48:31 -0700
-Subject: [PATCH 50/52] Ticket #48254 - Shell CLI fails with usage errors if an
- argument containing white spaces is given
-
-Description: In addition to the patch:
- Ticket #48254 - CLI db2index fails with usage errors
- commit 3507c46c9f1156df11b6cf05eba695d81088b416
-applying the similar changes to all the shell CLI which could be given
-arguments that include white spaces.
-
-https://fedorahosted.org/389/ticket/48254
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 5fe28921810a53dcd31525ba1f675582b6aba0f7)
-(cherry picked from commit 19b0d4af54e319e3479b16bf1366568271e3daa6)
----
- ldap/admin/src/scripts/bak2db.in | 10 +++++-----
- ldap/admin/src/scripts/db2bak.in | 8 ++++----
- ldap/admin/src/scripts/db2index.in | 10 +++++-----
- ldap/admin/src/scripts/db2ldif.in | 14 +++++++-------
- ldap/admin/src/scripts/dbverify.in | 10 +++++-----
- ldap/admin/src/scripts/dn2rdn.in | 8 ++++----
- ldap/admin/src/scripts/ldif2db.in | 22 +++++++++++-----------
- ldap/admin/src/scripts/monitor.in | 8 ++++----
- ldap/admin/src/scripts/suffix2instance.in | 4 ++--
- ldap/admin/src/scripts/upgradedb.in | 8 ++++----
- ldap/admin/src/scripts/upgradednformat.in | 10 +++++-----
- ldap/admin/src/scripts/vlvindex.in | 16 ++++++++--------
- 12 files changed, 64 insertions(+), 64 deletions(-)
-
-diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in
-index a2e54cc..ab7c6b3 100755
---- a/ldap/admin/src/scripts/bak2db.in
-+++ b/ldap/admin/src/scripts/bak2db.in
-@@ -44,12 +44,12 @@ do
- h) usage
- exit 0;;
- Z) servid=$OPTARG;;
-- n) args=$args" -n $OPTARG";;
-+ n) args=$args" -n \"$OPTARG\"";;
- q) args=$args" -q";;
-- d) args=$args" -d $OPTARG";;
-+ d) args=$args" -d \"$OPTARG\"";;
- v) args=$args" -v";;
-- D) args=$args" -D $OPTARG";;
-- i) args=$args" -i $OPTARG";;
-+ D) args=$args" -D \"$OPTARG\"";;
-+ i) args=$args" -i \"$OPTARG\"";;
- a) archivedir=$OPTARG;;
- S) args=$args" -S";;
- ?) usage
-@@ -76,4 +76,4 @@ else
- archivedir=`pwd`/$archivedir
- fi
-
--@sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args
-+eval @sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args
-diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in
-index 1896c19..adbe30b 100755
---- a/ldap/admin/src/scripts/db2bak.in
-+++ b/ldap/admin/src/scripts/db2bak.in
-@@ -43,10 +43,10 @@ do
- q) args=$args" -q";;
- v) args=$args" -v";;
- S) args=$args" -S";;
-- D) args=$args" -D $OPTARG";;
-- i) args=$args" -i $OPTARG";;
-+ D) args=$args" -D \"$OPTARG\"";;
-+ i) args=$args" -i \"$OPTARG\"";;
- a) $bakdir=$OPTARG;;
-- d) args=$args" -d $OPTARG";;
-+ d) args=$args" -d \"$OPTARG\"";;
- Z) servid=$OPTARG;;
- ?) usage
- exit 1;;
-@@ -72,4 +72,4 @@ then
- fi
-
- echo "Back up directory: $bak_dir"
--@sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args
-+eval @sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args
-diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
-index 6a0785e..c8e9075 100755
---- a/ldap/admin/src/scripts/db2index.in
-+++ b/ldap/admin/src/scripts/db2index.in
-@@ -35,15 +35,15 @@ do
- h) usage
- exit 0;;
- Z) servid=$OPTARG;;
-- n) args=$args" -n $OPTARG"
-+ n) args=$args" -n \"$OPTARG\""
- benameopt="set";;
-- s) args=$args" -s $OPTARG"
-+ s) args=$args" -s \"$OPTARG\""
- includeSuffix="set";;
- t) args=$args" -t "\"$OPTARG\";;
- T) args=$args" -T "\"$OPTARG\";;
-- d) args=$args" -d $OPTARG";;
-- a) args=$args" -a $OPTARG";;
-- x) args=$args" -x $OPTARG";;
-+ d) args=$args" -d \"$OPTARG\"";;
-+ a) args=$args" -a \"$OPTARG\"";;
-+ x) args=$args" -x \"$OPTARG\"";;
- v) args=$args" -v";;
- S) args=$args" -S";;
- D) args=$args" -D $OPTARG";;
-diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in
-index fcf73a0..e9f7f7e 100755
---- a/ldap/admin/src/scripts/db2ldif.in
-+++ b/ldap/admin/src/scripts/db2ldif.in
-@@ -106,12 +106,12 @@ do
- Z) servid=$OPTARG;;
- n) benameopt="-n $OPTARG"
- required_param="yes";;
-- s) includeSuffix="-s $OPTARG"
-+ s) includeSuffix="-s \"$OPTARG\""
- required_param="yes";;
-- x) excludeSuffix="-x $OPTARG";;
-- a) outputFile="-a $OPTARG";;
-- d) args=$args" -d $OPTARG";;
-- D) args=$args" -D $OPTARG";;
-+ x) excludeSuffix="-x \"$OPTARG\"";;
-+ a) outputFile="-a \"$OPTARG\"";;
-+ d) args=$args" -d \"$OPTARG\"";;
-+ D) args=$args" -D \"$OPTARG\"";;
- N) args=$args" -N";;
- E) args=$args" -E";;
- S) args=$args" -S";;
-@@ -154,7 +154,7 @@ rn=$?
- echo "Exported ldif file: $ldif_file"
- if [ $rn -eq 1 ]
- then
-- @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args
-+ eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args
- else
-- @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file
-+ eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file
- fi
-diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
-index bbacc17..b98e9b2 100755
---- a/ldap/admin/src/scripts/dbverify.in
-+++ b/ldap/admin/src/scripts/dbverify.in
-@@ -33,14 +33,14 @@ do
- h) usage
- exit 0;;
- Z) servid=$OPTARG;;
-- n) args=$args" -n $OPTARG";;
-- d) args=$args" -d $OPTARG";;
-+ n) args=$args" -n \"$OPTARG\"";;
-+ d) args=$args" -d \"$OPTARG\"";;
- V) args=$args" -V";;
- v) args=$args" -v"
- display_version="yes";;
- f) args=$args" -f";;
-- D) args=$args" -D $OPTARG";;
-- a) args=$args" -a $OPTARG";;
-+ D) args=$args" -D \"$OPTARG\"";;
-+ a) args=$args" -a \"$OPTARG\"";;
- ?) usage
- exit 1;;
- esac
-@@ -57,7 +57,7 @@ fi
-
- . $initfile
-
--@sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
-+eval @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
- if [ $display_version = "yes" ]; then
- exit 0
- fi
-diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in
-index 616969a..762e63a 100755
---- a/ldap/admin/src/scripts/dn2rdn.in
-+++ b/ldap/admin/src/scripts/dn2rdn.in
-@@ -27,12 +27,12 @@ do
- h) usage
- exit 0;;
- Z) servid=$OPTARG;;
-- d) arg=$arg" -d $OPTARG";;
-- a) arg=$arg" -a $OPTARG"
-+ d) arg=$arg" -d \"$OPTARG\"";;
-+ a) arg=$arg" -a \"$OPTARG\""
- archive="provided";;
- v) arg=$arg" -v";;
- f) arg=$arg" -f";;
-- D) arg=$arg" -D $OPTARG";;
-+ D) arg=$arg" -D \"$OPTARG\"";;
- ?) usage
- exit 1;;
- esac
-@@ -55,4 +55,4 @@ if [ "$archive" != "provided" ]; then
- args=$args"-a $bak_dir"
- fi
-
--@sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args
-+eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args
-diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in
-index a34241a..3aed469 100755
---- a/ldap/admin/src/scripts/ldif2db.in
-+++ b/ldap/admin/src/scripts/ldif2db.in
-@@ -59,16 +59,16 @@ do
- h) usage
- exit 0;;
- Z) servid=$OPTARG;;
-- n) args=$args" -n $OPTARG";;
-- i) args=$args" -i $OPTARG";;
-- s) args=$args" -s $OPTARG";;
-- x) args=$args" -x $OPTARG";;
-- c) args=$args" -c $OPTARG";;
-- d) args=$args" -d $OPTARG";;
-- g) args=$args" -g $OPTARG";;
-- G) args=$args" -G $OPTARG";;
-- t) args=$args" -t $OPTARG";;
-- D) args=$args" -D $OPTARG";;
-+ n) args=$args" -n \"$OPTARG\"";;
-+ i) args=$args" -i \"$OPTARG\"";;
-+ s) args=$args" -s \"$OPTARG\"";;
-+ x) args=$args" -x \"$OPTARG\"";;
-+ c) args=$args" -c \"$OPTARG\"";;
-+ d) args=$args" -d \"$OPTARG\"";;
-+ g) args=$args" -g \"$OPTARG\"";;
-+ G) args=$args" -G \"$OPTARG\"";;
-+ t) args=$args" -t \"$OPTARG\"";;
-+ D) args=$args" -D \"$OPTARG\"";;
- E) args=$args" -E";;
- v) args=$args" -v";;
- N) args=$args" -N";;
-@@ -104,6 +104,6 @@ if [ $quiet -eq 0 ]; then
- echo importing data ...
- fi
-
--@sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1
-+eval @sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1
-
- exit $?
-diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in
-index 36a2fc9..e9265a1 100755
---- a/ldap/admin/src/scripts/monitor.in
-+++ b/ldap/admin/src/scripts/monitor.in
-@@ -73,8 +73,8 @@ fi
- rm $file
-
- if [ -n "$passwd" ]; then
-- dn="-D $rootdn"
-- passwd="-w$passwd"
-+ dn="-D \"$rootdn\""
-+ passwd="-w \"$passwd\""
- fi
- if [ -n "$ldapiURL" ]
- then
-@@ -109,9 +109,9 @@ if [ "$security" = "on" ]; then
- echo "Using the next most secure protocol(STARTTLS)"
- fi
- if [ "$openldap" = "yes" ]; then
-- ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-+ eval ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
- else
-- ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
-+ eval ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
- fi
- exit $?
- fi
-diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in
-index 7774148..d7c6661 100755
---- a/ldap/admin/src/scripts/suffix2instance.in
-+++ b/ldap/admin/src/scripts/suffix2instance.in
-@@ -24,7 +24,7 @@ while getopts "Z:s:h" flag
- do
- case $flag in
- Z) servid=$OPTARG;;
-- s) args=$args" -s $OPTARG";;
-+ s) args=$args" -s \"$OPTARG\"";;
- h) usage
- exit 0;;
- ?) usage
-@@ -55,4 +55,4 @@ then
- exit 1
- fi
-
--@sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1
-+eval @sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1
-diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in
-index bf600dd..2b7c79d 100755
---- a/ldap/admin/src/scripts/upgradedb.in
-+++ b/ldap/admin/src/scripts/upgradedb.in
-@@ -29,10 +29,10 @@ do
- v) args=$args" -v";;
- f) args=$args" -f";;
- r) args=$args" -r";;
-- d) args=$args" -d $OPTARG";;
-- a) args=$args" -a $OPTARG"
-+ d) args=$args" -d \"$OPTARG\"";;
-+ a) args=$args" -a \"$OPTARG\""
- archive_provided="yes";;
-- D) args=$args" -D $OPTARG";;
-+ D) args=$args" -D \"$OPTARG\"";;
- h) usage
- exit 0;;
- esac
-@@ -56,4 +56,4 @@ then
- fi
-
- echo upgrade index files ...
--@sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args
-+eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args
-diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in
-index 51585ae..9de60ea 100755
---- a/ldap/admin/src/scripts/upgradednformat.in
-+++ b/ldap/admin/src/scripts/upgradednformat.in
-@@ -36,14 +36,14 @@ do
- Z) servid=$OPTARG;;
- v) args=$args" -v";;
- N) args=$args" -N";;
-- d) args=$args" -d $OPTARG";;
-- a) args=$args" -a $OPTARG"
-+ d) args=$args" -d \"$OPTARG\"";;
-+ a) args=$args" -a \"$OPTARG\""
- dir="set";;
-- n) args=$args" -n $OPTARG"
-+ n) args=$args" -n \"$OPTARG\""
- be="set";;
- h) usage
- exit 0;;
-- D) args=$args" -D $OPTARG";;
-+ D) args=$args" -D \"$OPTARG\"";;
- ?) usage
- exit 1;;
- esac
-@@ -65,7 +65,7 @@ fi
-
- . $initfile
-
--@sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args
-+eval @sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args
- rc=$?
-
- exit $rc
-diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in
-index 365e32f..a1696bc 100755
---- a/ldap/admin/src/scripts/vlvindex.in
-+++ b/ldap/admin/src/scripts/vlvindex.in
-@@ -29,14 +29,14 @@ do
- case $flag in
- Z) servid=$OPTARG;;
- v) args=$args" -v";;
-- s) args=$args" -s $OPTARG";;
-- d) args=$args" -d $OPTARG";;
-- a) args=$args" -a $OPTARG";;
-- T) args=$args" -T $OPTARG";;
-+ s) args=$args" -s \"$OPTARG\"";;
-+ d) args=$args" -d \"$OPTARG\"";;
-+ a) args=$args" -a \"$OPTARG\"";;
-+ T) args=$args" -T \"$OPTARG\"";;
- S) args=$args" -S";;
-- n) args=$args" -n $OPTARG";;
-- x) args=$args" -x $OPTARG";;
-- D) args=$args" -D $OPTARG";;
-+ n) args=$args" -n \"$OPTARG\"";;
-+ x) args=$args" -x \"$OPTARG\"";;
-+ D) args=$args" -D \"$OPTARG\"";;
- h) usage
- exit 0;;
- ?) usage
-@@ -61,4 +61,4 @@ then
- exit 1
- fi
-
--@sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
-+eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
---
-1.9.3
-
diff --git a/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch b/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
deleted file mode 100644
index f24f18a..0000000
--- a/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From ba9f2607b8bf565e2f6d1f8751c16c0b485a7210 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 24 Aug 2015 16:13:12 -0700
-Subject: [PATCH 51/52] Ticket #47757 - Unable to dereference unqiemember
- attribute because it is dn [#UID] not dn syntax
-
-Description: In addtion to DN syntax, adding Name and Optional UID
-syntax to the deref attr's OID check.
-
-https://fedorahosted.org/389/ticket/47757
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 2dbbb9df4691590f788049a822c47eb501182c85)
-(cherry picked from commit 626f2d7060390a3234ebb50b92937d1ec5a89481)
----
- ldap/servers/plugins/deref/deref.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
-index 35c2564..f476a4d 100644
---- a/ldap/servers/plugins/deref/deref.c
-+++ b/ldap/servers/plugins/deref/deref.c
-@@ -20,6 +20,9 @@
- #ifndef DN_SYNTAX_OID
- #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
- #endif
-+#ifndef NAME_AND_OPTIONAL_UID_SYNTAX_OID
-+#define NAME_AND_OPTIONAL_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34"
-+#endif
-
- /*
- * Plug-in globals
-@@ -290,7 +293,7 @@ deref_check_for_dn_syntax(const char *derefattr)
-
- slapi_attr_init(attr, derefattr);
- slapi_attr_get_syntax_oid_copy(attr, &oid);
-- ret = oid && !strcmp(oid, DN_SYNTAX_OID);
-+ ret = oid && (!strcmp(oid, DN_SYNTAX_OID) || !strcmp(oid, NAME_AND_OPTIONAL_UID_SYNTAX_OID));
- slapi_ch_free_string(&oid);
- slapi_attr_free(&attr);
- }
---
-1.9.3
-
diff --git a/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch b/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
deleted file mode 100644
index 4b31ffd..0000000
--- a/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 679e7b024e36ac9dfce85766f5d82cc272911e53 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 25 Aug 2015 16:31:10 -0700
-Subject: [PATCH 52/52] Ticket #48228 - wrong password check if
- passwordInHistory is decreased.
-
-Description: Regression was added by this commit:
- commit 1a119125856006543aae0520b5800a8b52c3b049
- Ticket #48228 - wrong password check if passwordInHistory is decreased.
-Compare function pw_history_cmp used in qsort did not check the correct
-address for the timestamp string, which made qsort return the password
-history in the wrong order.
-
-https://fedorahosted.org/389/ticket/48228
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!)
-
-(cherry picked from commit 391acfcf9a67b9b27ebbd98d1dfe30ef54a027c4)
-(cherry picked from commit 096b386663c949136095def77a7fb12eee64e542)
----
- ldap/servers/slapd/pw.c | 21 ++++++++-------------
- 1 file changed, 8 insertions(+), 13 deletions(-)
-
-diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
-index 3abebbf..4e222d7 100644
---- a/ldap/servers/slapd/pw.c
-+++ b/ldap/servers/slapd/pw.c
-@@ -1085,8 +1085,6 @@ retry:
- static int
- pw_history_cmp(const void *h0, const void *h1)
- {
-- size_t h0sz = 0;
-- size_t h1sz = 0;
- if (!h0) {
- if (!h1) {
- return 0;
-@@ -1097,23 +1095,20 @@ pw_history_cmp(const void *h0, const void *h1)
- if (!h1) {
- return 1;
- } else {
-- size_t delta;
-- h0sz = strlen(h0);
-- h1sz = strlen(h1);
-- delta = h0sz - h1sz;
-- if (!delta) {
-- return delta;
-- }
-- if (h0sz < GENERALIZED_TIME_LENGTH) {
-+ char *h0str = *(char **)h0;
-+ char *h1str = *(char **)h1;
-+ size_t h0sz = strlen(h0str);
-+ size_t h1sz = strlen(h1str);
-+ if ((h0sz < GENERALIZED_TIME_LENGTH) ||
-+ (h1sz < GENERALIZED_TIME_LENGTH)) {
- /* too short for the history str. */
-- return 0;
-+ return h0sz - h1sz;
- }
-+ return PL_strncmp(h0str, h1str, GENERALIZED_TIME_LENGTH);
- }
- }
-- return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH);
- }
-
--
- static int
- update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
- {
---
-1.9.3
-
diff --git a/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch b/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
deleted file mode 100644
index a428a37..0000000
--- a/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From c03a9f7c121355aefadc92ed67bcb6f400196017 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 2 Sep 2015 14:28:27 -0700
-Subject: [PATCH 53/54] Ticket #48265 - Complex filter in a search request
- doen't work as expected. (regression)
-
-Description: commit c2658c14802783d0a8919783aa7123be9e749c18 to fix
-Ticket 47521 - Complex filter in a search request doen't work as expected.
-regressed this case:
- "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(|(uid=*test*)(cn=*test*))(o=X))"
-in which a simple filter follows a complex filter which choice is
-different from the outer choice. I.e., '|' for (uid=...)(cn=...)
-is different from the first '&'.
-
-The fix for 47521 solves this case:
- "(&(&(uid=A)(cn=B))(&(givenname=C))(mail=D)(&(description=E)))"
-in this case, (mail=D) used to be dropped from the filter in the
-function index_subsys_flatten_filter.
-
-The 47521 fix saved the simple filter "(mail=D)" in the 2nd example,
-but it forced to skip the complex filter with the different choice
-and converted the 1st example to:
- "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(o=X))"
-This patch saves such a complex filter, as well.
-
-https://fedorahosted.org/389/ticket/48265
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 8c3d3e4648fbb5229e329e2154d46f1ae808ba02)
-(cherry picked from commit 3d9dbf2d441e551495a1f3169dc2020324c484b4)
----
- ldap/servers/slapd/index_subsystem.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/ldap/servers/slapd/index_subsystem.c b/ldap/servers/slapd/index_subsystem.c
-index fdaef6a..93bf9d5 100644
---- a/ldap/servers/slapd/index_subsystem.c
-+++ b/ldap/servers/slapd/index_subsystem.c
-@@ -412,6 +412,11 @@ static void index_subsys_flatten_filter(Slapi_Filter *flist)
- }
- else
- {
-+ /* don't loose a nested filter having a different choice */
-+ if (flast) {
-+ flast->f_next = f;
-+ flast = f;
-+ }
- fprev = f;
- f = f->f_next;
- }
---
-1.9.3
-
diff --git a/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch b/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
deleted file mode 100644
index 56c535a..0000000
--- a/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 8d4369e6060f7c079b02fa87a0cd0d2ae0488ecd Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 2 Sep 2015 18:04:27 -0700
-Subject: [PATCH 54/54] Ticket #47981 - COS cache doesn't properly mark vattr
- cache as invalid when there are multiple suffixes
-
-Description: commit 42e2df3858a4e14706d57b5c907d1d3768f4d970 for fixing
-icket 47981 accidentally added "break" to the while loop when a
-condition is satisfied:
- if(!cos_cache_add_dn_defs(suffixVals[valIndex]->bv_val ,pDefs))
-which skips the rest of the definitions. This patch removes the
-"break".
-
-https://fedorahosted.org/389/ticket/47981
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 6557b820dca7980067afc2a33184197b2d154a51)
-(cherry picked from commit c1721f1d6e2344eefaec817ed47119c15c43fcfc)
----
- ldap/servers/plugins/cos/cos_cache.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
-index ddb85ab..e0b841d 100644
---- a/ldap/servers/plugins/cos/cos_cache.c
-+++ b/ldap/servers/plugins/cos/cos_cache.c
-@@ -647,7 +647,6 @@ static int cos_cache_build_definition_list(cosDefinitions **pDefs, int *vattr_ca
- {
- *vattr_cacheable = -1;
- cos_def_available = 1;
-- break;
- }
- }
- valIndex++;
---
-1.9.3
-
diff --git a/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch b/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
deleted file mode 100644
index f77fb37..0000000
--- a/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 4040a7b0968db2aa5b905c7268abf57eca2ec8c2 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 14 Sep 2015 12:01:08 -0400
-Subject: [PATCH 55/61] Ticket 48276 - initialize free_flags in
- reslimit_update_from_entry()
-
-Description: In reslimit_update_from_entry() the free_flags was not initialized,
- which could lead to it being seen as set, and cause an entry's
- vattrs to be incorrectly/unexpectedly freed.
-
-https://fedorahosted.org/389/ticket/48276
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 2311c71cec33c29863bdb1dabe1ed363679316d3)
-(cherry picked from commit 5f32582d043a5498791dda5af7091bf1a4a320f0)
----
- ldap/servers/slapd/resourcelimit.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/slapd/resourcelimit.c b/ldap/servers/slapd/resourcelimit.c
-index 8c0a09c..7630f88 100644
---- a/ldap/servers/slapd/resourcelimit.c
-+++ b/ldap/servers/slapd/resourcelimit.c
-@@ -342,11 +342,14 @@ reslimit_update_from_dn( Slapi_Connection *conn, Slapi_DN *dn )
- int
- reslimit_update_from_entry( Slapi_Connection *conn, Slapi_Entry *e )
- {
-- char *fnname = "reslimit_update_from_entry()";
-- char *actual_type_name, *get_ext_logname;
-- int i, rc, type_name_disposition, free_flags;
-- SLAPIResLimitConnData *rlcdp;
-- Slapi_ValueSet *vs;
-+ SLAPIResLimitConnData *rlcdp = NULL;
-+ Slapi_ValueSet *vs = NULL;
-+ char *fnname = "reslimit_update_from_entry()";
-+ char *actual_type_name = NULL;
-+ char *get_ext_logname = NULL;
-+ int type_name_disposition = 0;
-+ int free_flags = 0;
-+ int rc, i;
-
- LDAPDebug( SLAPI_RESLIMIT_TRACELEVEL, "=> %s conn=0x%x, entry=0x%x\n",
- fnname, conn, e );
---
-1.9.3
-
diff --git a/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
deleted file mode 100644
index adc14d9..0000000
--- a/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 14e08bde4a48a8e8b56edc817b5d1e3d56b96c72 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 15 Sep 2015 18:25:02 -0700
-Subject: [PATCH 56/61] Ticket #48226 - In MMR, double free coould occur under
- some special condition
-
-Description: commit a0f8e0f981a046882db299a7a6d6d1c01bc19571 introduced
-a memory leak in the case of resolve_attribute_state_present_to_deleted.
-In the case, csnset is not consumed. Thus, it has to be freed by csnset_
-free.
-
-https://fedorahosted.org/389/ticket/48226
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit b26ec6762fe2b5d37ade59243086cfd2308e8f0a)
-(cherry picked from commit 4a3efc3330a034fa485f33e453054758561d4cea)
----
- ldap/servers/slapd/entrywsi.c | 22 +++++++++++-----------
- ldap/servers/slapd/valueset.c | 1 +
- 2 files changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
-index e719dce..a8f8455 100644
---- a/ldap/servers/slapd/entrywsi.c
-+++ b/ldap/servers/slapd/entrywsi.c
-@@ -1280,23 +1280,23 @@ resolve_attribute_state_present_to_deleted(Slapi_Entry *e, Slapi_Attr *a, Slapi_
- const CSN *adcsn= attr_get_deletion_csn(a);
- int i;
- if ( valuestoupdate != NULL && valuestoupdate[0] != NULL ) {
-- for (i=0;valuestoupdate[i]!=NULL;++i) {
-- /* This call ensures that the value does not contain a deletion_csn
-- * which is before the presence_csn or distinguished_csn of the value.
-- */
-- purge_attribute_state_multi_valued(a, valuestoupdate[i]);
-- vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
-- vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
-- deletedcsn= csn_max(vdcsn, adcsn);
-+ for (i=0;valuestoupdate[i]!=NULL;++i) {
-+ /* This call ensures that the value does not contain a deletion_csn
-+ * which is before the presence_csn or distinguished_csn of the value.
-+ */
-+ purge_attribute_state_multi_valued(a, valuestoupdate[i]);
-+ vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
-+ vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
-+ deletedcsn= csn_max(vdcsn, adcsn);
- if(csn_compare(vucsn,deletedcsn)<0)
- {
-- if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
-+ if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
- {
- entry_present_value_to_deleted_value(a,valuestoupdate[i]);
- }
- }
-- valuestoupdate[i]->v_csnset = NULL;
-- }
-+ csnset_free(&valuestoupdate[i]->v_csnset);
-+ }
- }
- }
-
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index 7eabb82..50c0e52 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1416,6 +1416,7 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- {
- value_update_csn(v,t,csn);
- if (csnref_updated) {
-+ csnset_free(&valuestoupdate[i]->v_csnset);
- valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
- }
- valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
---
-1.9.3
-
diff --git a/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch b/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
deleted file mode 100644
index 35347f1..0000000
--- a/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
+++ /dev/null
@@ -1,335 +0,0 @@
-From 05e127c89281cece8bc1fa79bac6b95cc23dcca9 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 11 Sep 2015 18:56:53 +0200
-Subject: [PATCH 57/61] Ticket 48266: Fractional replication evaluates several
- times the same CSN
-
-Bug Description:
- In fractional replication if there are only skipped updates and many of them, the supplier
- acquire the replica for a long time. At the end of the session, RUV is not updated
- so the next session will restart evaluating the same skipped updates
-
-Fix Description:
- The fix introduces subentries under the suffix: 'cn=repl keep alive <rid>,$SUFFIX'
- During an incremental replication session, if the session only contains skipped updates
- and the number of them overpass a threshold (100), it triggers an update on that subentry.
-
- This update will eventually be replicated, moving forward the RUV
-
-https://fedorahosted.org/389/ticket/48266
-
-Reviewed by: Noriko Hosoi, Rich Megginson, Simon Pichugin
-
-Platforms tested: <plat>
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 6343e4cba17802e19daa5c971120fa352ff80ad4)
----
- ldap/servers/plugins/replication/repl5.h | 2 +
- .../plugins/replication/repl5_inc_protocol.c | 39 ++++++
- ldap/servers/plugins/replication/repl5_replica.c | 156 +++++++++++++++++++++
- .../plugins/replication/repl5_tot_protocol.c | 13 +-
- 4 files changed, 209 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 0b0f26b..17282bb 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -523,6 +523,8 @@ Replica *windows_replica_new(const Slapi_DN *root);
- during addition of the replica over LDAP */
- Replica *replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_operation);
- void replica_destroy(void **arg);
-+int replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid);
-+int replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid);
- PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid,
- const char *locking_purl,
- char **current_purl);
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 216de3c..e0599e5 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -1672,6 +1672,11 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- int finished = 0;
- ConnResult replay_crc;
- char csn_str[CSN_STRSIZE];
-+ PRBool subentry_update_sent = PR_FALSE;
-+ PRBool subentry_update_needed = PR_FALSE;
-+ int skipped_updates = 0;
-+ int fractional_repl;
-+#define FRACTIONAL_SKIPPED_THRESHOLD 100
-
- /* Start the results reading thread */
- rd = repl5_inc_rd_new(prp);
-@@ -1688,6 +1693,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
-
- memset ( (void*)&op, 0, sizeof (op) );
- entry.op = &op;
-+ fractional_repl = agmt_is_fractional(prp->agmt);
- do {
- cl5_operation_parameters_done ( entry.op );
- memset ( (void*)entry.op, 0, sizeof (op) );
-@@ -1783,6 +1789,15 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- csn_as_string(entry.op->csn, PR_FALSE, csn_str);
- replica_id = csn_get_replicaid(entry.op->csn);
- uniqueid = entry.op->target_address.uniqueid;
-+
-+ if (fractional_repl && message_id)
-+ {
-+ /* This update was sent no need to update the subentry
-+ * and restart counting the skipped updates
-+ */
-+ subentry_update_needed = PR_FALSE;
-+ skipped_updates = 0;
-+ }
-
- if (prp->repl50consumer && message_id)
- {
-@@ -1813,6 +1828,16 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- agmt_get_long_name(prp->agmt),
- entry.op->target_address.uniqueid, csn_str);
- agmt_inc_last_update_changecount (prp->agmt, csn_get_replicaid(entry.op->csn), 1 /*skipped*/);
-+ if (fractional_repl)
-+ {
-+ skipped_updates++;
-+ if (skipped_updates > FRACTIONAL_SKIPPED_THRESHOLD) {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "%s: skipped updates is too high (%d) if no other update is sent we will update the subentry\n",
-+ agmt_get_long_name(prp->agmt), skipped_updates);
-+ subentry_update_needed = PR_TRUE;
-+ }
-+ }
- }
- }
- break;
-@@ -1878,6 +1903,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- PR_Unlock(rd->lock);
- } while (!finished);
-
-+ if (fractional_repl && subentry_update_needed)
-+ {
-+ Replica *replica;
-+ ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
-+ replica = (Replica*) object_get_data(prp->replica_object);
-+ if (replica)
-+ {
-+ rid = replica_get_rid(replica);
-+ }
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "%s: skipped updates was definitely too high (%d) update the subentry now\n",
-+ agmt_get_long_name(prp->agmt), skipped_updates);
-+ replica_subentry_update(agmt_get_replarea(prp->agmt), rid);
-+ }
- /* Terminate the results reading thread */
- if (!prp->repl50consumer)
- {
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 92b4e96..6ac28c1 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -414,6 +414,161 @@ replica_destroy(void **arg)
- slapi_ch_free((void **)arg);
- }
-
-+#define KEEP_ALIVE_ATTR "keepalivetimestamp"
-+#define KEEP_ALIVE_ENTRY "repl keep alive"
-+#define KEEP_ALIVE_DN_FORMAT "cn=%s %d,%s"
-+
-+
-+static int
-+replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
-+{
-+ char *entry_string = NULL;
-+ Slapi_Entry *e = NULL;
-+ Slapi_PBlock *pb = NULL;
-+ int return_value;
-+ int rc = 0;
-+
-+ entry_string = slapi_ch_smprintf("dn: cn=%s %d,%s\nobjectclass: top\nobjectclass: ldapsubentry\nobjectclass: extensibleObject\ncn: %s %d",
-+ KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), KEEP_ALIVE_ENTRY, rid);
-+ if (entry_string == NULL) {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "replica_subentry_create add failed in slapi_ch_smprintf\n");
-+ rc = -1;
-+ goto done;
-+ }
-+
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "add %s\n", entry_string);
-+ e = slapi_str2entry(entry_string, 0);
-+
-+ /* create the entry */
-+ pb = slapi_pblock_new();
-+
-+
-+ slapi_add_entry_internal_set_pb(pb, e, NULL, /* controls */
-+ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* flags */);
-+ slapi_add_internal_pb(pb);
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value);
-+ if (return_value != LDAP_SUCCESS && return_value != LDAP_ALREADY_EXISTS)
-+ {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
-+ "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
-+ ldap_err2string(return_value));
-+ rc = -1;
-+ slapi_entry_free(e); /* The entry was not consumed */
-+ goto done;
-+ }
-+
-+done:
-+
-+ slapi_pblock_destroy(pb);
-+ slapi_ch_free_string(&entry_string);
-+ return rc;
-+
-+}
-+
-+int
-+replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
-+{
-+ Slapi_PBlock *pb;
-+ char *filter = NULL;
-+ Slapi_Entry **entries = NULL;
-+ int res;
-+ int rc = 0;
-+
-+ pb = slapi_pblock_new();
-+ filter = slapi_ch_smprintf("(&(objectclass=ldapsubentry)(cn=%s %d))", KEEP_ALIVE_ENTRY, rid);
-+ slapi_search_internal_set_pb(pb, slapi_sdn_get_dn(repl_root), LDAP_SCOPE_ONELEVEL,
-+ filter, NULL, 0, NULL, NULL,
-+ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
-+ slapi_search_internal_pb(pb);
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
-+ if (res == LDAP_SUCCESS)
-+ {
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+ if (entries && (entries[0] == NULL))
-+ {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "Need to create replication keep alive entry <cn=%s %d,%s>\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
-+ rc = replica_subentry_create(repl_root, rid);
-+ } else {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "replication keep alive entry <cn=%s %d,%s> already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
-+ rc = 0;
-+ }
-+ } else {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "Error accessing replication keep alive entry <cn=%s %d,%s> res=%d\n",
-+ KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), res);
-+ /* The status of the entry is not clear, do not attempt to create it */
-+ rc = 1;
-+ }
-+ slapi_free_search_results_internal(pb);
-+
-+ slapi_pblock_destroy(pb);
-+ slapi_ch_free_string(&filter);
-+ return rc;
-+}
-+
-+int
-+replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid)
-+{
-+ int ldrc;
-+ int rc = LDAP_SUCCESS; /* Optimistic default */
-+ LDAPMod * mods[2];
-+ LDAPMod mod;
-+ struct berval * vals[2];
-+ char buf[20];
-+ time_t curtime;
-+ struct tm ltm;
-+ struct berval val;
-+ Slapi_PBlock *modpb = NULL;
-+ char *dn;
-+
-+ replica_subentry_check(repl_root, rid);
-+ curtime = current_time();
-+ gmtime_r(&curtime, <m);
-+ strftime(buf, sizeof (buf), "%Y%m%d%H%M%SZ", <m);
-+
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "subentry_update called at %s\n", buf);
-+
-+
-+ val.bv_val = buf;
-+ val.bv_len = strlen(val.bv_val);
-+
-+ vals [0] = &val;
-+ vals [1] = NULL;
-+
-+ mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
-+ mod.mod_type = KEEP_ALIVE_ATTR;
-+ mod.mod_bvalues = vals;
-+
-+ mods[0] = &mod;
-+ mods[1] = NULL;
-+
-+ modpb = slapi_pblock_new();
-+ dn = slapi_ch_smprintf(KEEP_ALIVE_DN_FORMAT, KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
-+
-+ slapi_modify_internal_set_pb(modpb, dn, mods, NULL, NULL,
-+ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
-+ slapi_modify_internal_pb(modpb);
-+
-+ slapi_pblock_get(modpb, SLAPI_PLUGIN_INTOP_RESULT, &ldrc);
-+
-+ if (ldrc != LDAP_SUCCESS)
-+ {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "Failure (%d) to update replication keep alive entry \"%s: %s\"\n", ldrc, KEEP_ALIVE_ATTR, buf);
-+ rc = ldrc;
-+ } else {
-+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name,
-+ "Successful update of replication keep alive entry \"%s: %s\"\n", KEEP_ALIVE_ATTR, buf);
-+ }
-+
-+ slapi_pblock_destroy(modpb);
-+ slapi_ch_free_string(&dn);
-+ return rc;
-+
-+}
- /*
- * Attempt to obtain exclusive access to replica (advisory only)
- *
-@@ -3816,6 +3971,7 @@ replica_enable_replication (Replica *r)
- /* What to do ? */
- }
-
-+ replica_subentry_check(r->repl_root, replica_get_rid(r));
- /* Replica came back online, Check if the total update was terminated.
- If flag is still set, it was not terminated, therefore the data is
- very likely to be incorrect, and we should not restart Replication threads...
-diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-index d9401cf..e004af4 100644
---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-@@ -318,6 +318,9 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- int portnum = 0;
- Slapi_DN *area_sdn = NULL;
- CSN *remote_schema_csn = NULL;
-+ int init_retry = 0;
-+ Replica *replica;
-+ ReplicaId rid = 0; /* Used to create the replica keep alive subentry */
-
- PR_ASSERT(NULL != prp);
-
-@@ -395,7 +398,15 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- ctrls = (LDAPControl **)slapi_ch_calloc (3, sizeof (LDAPControl *));
- ctrls[0] = create_managedsait_control ();
- ctrls[1] = create_backend_control(area_sdn);
--
-+
-+ /* Time to make sure it exists a keep alive subentry for that replica */
-+ replica = (Replica*) object_get_data(prp->replica_object);
-+ if (replica)
-+ {
-+ rid = replica_get_rid(replica);
-+ }
-+ replica_subentry_check(area_sdn, rid);
-+
- slapi_search_internal_set_pb (pb, slapi_sdn_get_dn (area_sdn),
- LDAP_SCOPE_SUBTREE, "(|(objectclass=ldapsubentry)(objectclass=nstombstone)(nsuniqueid=*))", NULL, 0, ctrls, NULL,
- repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
---
-1.9.3
-
diff --git a/SOURCES/0058-Ticket-48266-coverity-issue.patch b/SOURCES/0058-Ticket-48266-coverity-issue.patch
deleted file mode 100644
index 7cbc726..0000000
--- a/SOURCES/0058-Ticket-48266-coverity-issue.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 25fa7a078549404141f1fd36b277a857a615df83 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Fri, 18 Sep 2015 18:38:19 +0200
-Subject: [PATCH 58/61] Ticket 48266: coverity issue
-
-(cherry picked from commit 8cd4f45a9621dfaea7249179919b783857c9f22c)
----
- ldap/servers/plugins/replication/repl5_inc_protocol.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index e0599e5..7680340 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -1672,7 +1672,6 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- int finished = 0;
- ConnResult replay_crc;
- char csn_str[CSN_STRSIZE];
-- PRBool subentry_update_sent = PR_FALSE;
- PRBool subentry_update_needed = PR_FALSE;
- int skipped_updates = 0;
- int fractional_repl;
---
-1.9.3
-
diff --git a/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch b/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
deleted file mode 100644
index b6f97be..0000000
--- a/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From ac98944372376a0d41a33dfe84a99bfaa151699f Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 18 Sep 2015 11:56:29 -0400
-Subject: [PATCH 59/61] Ticket 48217 - cleanallruv - fix regression with server
- shutdown
-
-Bug Description: Recent checks for server shutdown were added to cleanallruv task,
- but we did not properly check for "shutdown" at the end of the task.
- This caused the server to think the task successfully finished,
- when in fact it did not.
-
-Fix Description: Properly check for shutdown at the end of the task, and handler it
- appropriately.
-
-https://fedorahosted.org/389/ticket/48217
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit c41d36de0ca438bf23e4e810bfec0fd59cbc790b)
-(cherry picked from commit d9f03f5fddfc8ba7009c9dcc584686e43d6339e8)
----
- ldap/servers/plugins/replication/repl5_replica_config.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 446da3f..8d3c481 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1948,7 +1948,7 @@ done:
- /*
- * If the replicas are cleaned, release the rid
- */
-- if(!aborted){
-+ if(!aborted && !slapi_is_shutting_down()){
- delete_cleaned_rid_config(data);
- /* make sure all the replicas have been "pre_cleaned" before finishing */
- check_replicas_are_done_cleaning(data);
-@@ -3005,7 +3005,7 @@ replica_abort_task_thread(void *arg)
- }
-
- /*
-- * Now send the cleanruv extended op to all the agreements
-+ * Now send the abort cleanruv extended op to all the agreements
- */
- while(agmt_not_notified && !slapi_is_shutting_down()){
- agmt_obj = agmtlist_get_first_agreement_for_replica (data->replica);
-@@ -3013,7 +3013,7 @@ replica_abort_task_thread(void *arg)
- agmt_not_notified = 0;
- break;
- }
-- while (agmt_obj){
-+ while (agmt_obj && !slapi_is_shutting_down()){
- agmt = (Repl_Agmt*)object_get_data (agmt_obj);
- if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
- agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
-@@ -3058,7 +3058,7 @@ replica_abort_task_thread(void *arg)
- } /* while */
-
- done:
-- if(agmt_not_notified){
-+ if(agmt_not_notified || slapi_is_shutting_down()){
- /* failure */
- cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Abort task failed, will resume the task at the next server startup.");
- } else {
---
-1.9.3
-
diff --git a/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch b/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
deleted file mode 100644
index f9138cf..0000000
--- a/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From caab3e19a97d58450bbf06034974d4631aa904b6 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Fri, 18 Sep 2015 11:13:43 -0700
-Subject: [PATCH 60/61] Ticket #48188 - segfault in ns-slapd due to accessing
- Slapi_DN freed in pre bind plug-in
-
-This patch is based upon the patch provided by Simo Sorce <simo@redhat.com> for
-Ticket #48272 - Allow PRE_BIND plugins to mangle DNs
-
-Description:
-Allow a pre_bind plugin to map a DN to another
-
-This is useful for plugins that deal with virtual trees or non-standard
-clients binding with values that are not proper DNs and similar situations.
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
-
-2 changes are made to the original patch:
-1. removed "slapi_sdn_free(&sdn)" with this comment:
- * It is a plug-in's responsibility to free the original Slapi_DN.
- Note: slapi-nis already freed the original sdn.
-2. reset dn from the new sdn.
- dn = slapi_sdn_get_dn(sdn);
-
-https://fedorahosted.org/389/ticket/48188
-
-Reviewed by rmeggins@redhat.com and lkrispen@redhat.com.
-
-(cherry picked from commit 40e0d0f80d6fd1271431e105580293747c43c327)
-(cherry picked from commit 6871f4f6d14198563f7f3cb0646a00faa28d35ea)
----
- ldap/servers/slapd/bind.c | 21 ++++++++++++++++++---
- 1 file changed, 18 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
-index 1bd604f..4ec276a 100644
---- a/ldap/servers/slapd/bind.c
-+++ b/ldap/servers/slapd/bind.c
-@@ -669,7 +669,7 @@ do_bind( Slapi_PBlock *pb )
-
- slapi_pblock_set( pb, SLAPI_BACKEND, be );
-
-- /* not root dn - pass to the backend */
-+ /* not root dn - pass to the backend */
- if ( be->be_bind != NULL ) {
-
- /*
-@@ -677,10 +677,25 @@ do_bind( Slapi_PBlock *pb )
- * the backend bind function. then call the post-bind
- * plugins.
- */
-- if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN )
-- == 0 ) {
-+ if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 ) {
- rc = 0;
-
-+ /* Check if a pre_bind plugin mapped the DN to another backend */
-+ Slapi_DN *pb_sdn;
-+ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
-+ if (pb_sdn != sdn) {
-+ /*
-+ * Slapi_DN set in pblock was changed by a pre bind plug-in.
-+ * It is a plug-in's responsibility to free the original Slapi_DN.
-+ */
-+ sdn = pb_sdn;
-+ dn = slapi_sdn_get_dn(sdn);
-+
-+ slapi_be_Unlock(be);
-+ be = slapi_be_select(sdn);
-+ slapi_be_Rlock(be);
-+ }
-+
- /*
- * Is this account locked ?
- * could be locked through the account inactivation
---
-1.9.3
-
diff --git a/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch b/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
deleted file mode 100644
index 0ce22e8..0000000
--- a/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 91e8872841e18eb96f2680fba180d636bb0a2a67 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 18 Sep 2015 15:19:51 -0700
-Subject: [PATCH 61/61] Ticket #48188 - segfault in ns-slapd due to accessing
- Slapi_DN freed in pre bind plug-in
-
-Description: Additional fixes based upon the comments by rmeggins@redhat.com
-(Thank you, Rich!!).
-https://fedorahosted.org/389/ticket/48188?replyto=24#comment:24
-1. Implemented the case 2)
- If the plugin changes the SLAPI_BIND_TARGET_SDN *value*,
- we need to select a different backend. It is possible
- (but not very useful) for the plugin to change the pointer,
- but use the same value.
-2. Added an api slapi_be_select_exact which returns NULL if
- there is no matching backend.
-
-https://fedorahosted.org/389/ticket/48188
-
-Reviewed by rmeggins@redhat.com (Thank you!)
-
-(cherry picked from commit 8212a8913b748cd1f5e986a754c37ef41db8272a)
-(cherry picked from commit a215c006e0900caaa555def9e047e295844d8652)
----
- ldap/servers/slapd/bind.c | 47 +++++++++++++++++++++++++++++----------
- ldap/servers/slapd/mapping_tree.c | 19 ++++++++++++++++
- ldap/servers/slapd/slapi-plugin.h | 1 +
- 3 files changed, 55 insertions(+), 12 deletions(-)
-
-diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
-index 4ec276a..474b508 100644
---- a/ldap/servers/slapd/bind.c
-+++ b/ldap/servers/slapd/bind.c
-@@ -107,6 +107,7 @@ do_bind( Slapi_PBlock *pb )
- int auto_bind = 0;
- int minssf = 0;
- int minssf_exclude_rootdse = 0;
-+ Slapi_DN *original_sdn = NULL;
-
- LDAPDebug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
-
-@@ -660,10 +661,9 @@ do_bind( Slapi_PBlock *pb )
- goto free_and_return;
- }
-
-- if (referral)
-- {
-- send_referrals_from_entry(pb,referral);
-- slapi_entry_free(referral);
-+ if (referral) {
-+ send_referrals_from_entry(pb,referral);
-+ slapi_entry_free(referral);
- goto free_and_return;
- }
-
-@@ -671,29 +671,50 @@ do_bind( Slapi_PBlock *pb )
-
- /* not root dn - pass to the backend */
- if ( be->be_bind != NULL ) {
--
-+ original_sdn = slapi_sdn_dup(sdn);
- /*
- * call the pre-bind plugins. if they succeed, call
- * the backend bind function. then call the post-bind
- * plugins.
- */
- if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 ) {
-+ int sdn_updated = 0;
- rc = 0;
-
- /* Check if a pre_bind plugin mapped the DN to another backend */
- Slapi_DN *pb_sdn;
- slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
-- if (pb_sdn != sdn) {
-+ if (!pb_sdn) {
-+ PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n");
-+ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
-+ goto free_and_return;
-+ } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) {
- /*
- * Slapi_DN set in pblock was changed by a pre bind plug-in.
- * It is a plug-in's responsibility to free the original Slapi_DN.
- */
- sdn = pb_sdn;
- dn = slapi_sdn_get_dn(sdn);
--
-- slapi_be_Unlock(be);
-- be = slapi_be_select(sdn);
-- slapi_be_Rlock(be);
-+ if (!dn) {
-+ PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n");
-+ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
-+ goto free_and_return;
-+ }
-+ if (!sdn_updated) { /* pb_sdn != sdn; need to compare the dn's. */
-+ sdn_updated = slapi_sdn_compare(original_sdn, sdn);
-+ }
-+ if (sdn_updated) { /* call slapi_be_select only when the DN is updated. */
-+ slapi_be_Unlock(be);
-+ be = slapi_be_select_exact(sdn);
-+ if (be) {
-+ slapi_be_Rlock(be);
-+ slapi_pblock_set( pb, SLAPI_BACKEND, be );
-+ } else {
-+ PR_snprintf(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn);
-+ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
-+ goto free_and_return;
-+ }
-+ }
- }
-
- /*
-@@ -845,10 +866,12 @@ account_locked:
- }
-
- free_and_return:;
-- if (be)
-+ slapi_sdn_free(&original_sdn);
-+ if (be) {
- slapi_be_Unlock(be);
-+ }
- if (bind_sdn_in_pb) {
-- slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
-+ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
- }
- slapi_sdn_free(&sdn);
- slapi_ch_free_string( &saslmech );
-diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
-index 165eba1..20c2cc3 100644
---- a/ldap/servers/slapd/mapping_tree.c
-+++ b/ldap/servers/slapd/mapping_tree.c
-@@ -3095,6 +3095,25 @@ slapi_be_select( const Slapi_DN *sdn ) /* JCM - The name of this should change??
- return be;
- }
-
-+Slapi_Backend *
-+slapi_be_select_exact(const Slapi_DN *sdn)
-+{
-+ Slapi_Backend *be = NULL;
-+ mapping_tree_node *node = NULL;
-+
-+ if (!sdn) {
-+ LDAPDebug0Args(LDAP_DEBUG_ANY, "slapi_be_select_exact: Empty Slapi_DN is given.\n");
-+ return NULL;
-+ }
-+ node = slapi_get_mapping_tree_node_by_dn(sdn);
-+
-+ if (node && node->mtn_be) {
-+ be = node->mtn_be[0];
-+ }
-+
-+ return be;
-+}
-+
- /* Check if the dn targets an internal reserved backends */
- int
- slapi_on_internal_backends(const Slapi_DN *sdn)
-diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
-index 6b04610..564da44 100644
---- a/ldap/servers/slapd/slapi-plugin.h
-+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -6338,6 +6338,7 @@ Slapi_Backend *slapi_be_new( const char *type, const char *name,
- int isprivate, int logchanges );
- void slapi_be_free(Slapi_Backend **be);
- Slapi_Backend *slapi_be_select( const Slapi_DN *sdn );
-+Slapi_Backend *slapi_be_select_exact(const Slapi_DN *sdn);
- Slapi_Backend *slapi_be_select_by_instance_name( const char *name );
- int slapi_be_exist(const Slapi_DN *sdn);
- void slapi_be_delete_onexit(Slapi_Backend *be);
---
-1.9.3
-
diff --git a/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch b/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch
deleted file mode 100644
index 6f83044..0000000
--- a/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 02c520c6fa44f9f2499c79e48531b59d62875a39 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Sat, 19 Sep 2015 09:58:39 -0700
-Subject: [PATCH] Ticket 48266 - coverity -- unused variable 'init_retry'
-
-Description: Backport error for Ticket 48266 - Fractional replication
- evaluates several times the same CSN
- (commit 05e127c89281cece8bc1fa79bac6b95cc23dcca9)
----
- ldap/servers/plugins/replication/repl5_tot_protocol.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-index e004af4..7da893a 100644
---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-@@ -318,7 +318,6 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- int portnum = 0;
- Slapi_DN *area_sdn = NULL;
- CSN *remote_schema_csn = NULL;
-- int init_retry = 0;
- Replica *replica;
- ReplicaId rid = 0; /* Used to create the replica keep alive subentry */
-
---
-1.9.3
-
diff --git a/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch b/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch
deleted file mode 100644
index 2d85f36..0000000
--- a/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 060b9298fd03cbdac725be398e7754f67aa2b5c1 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 22 Sep 2015 09:49:12 -0400
-Subject: [PATCH 63/65] Ticket 48266 - Online init crashes consumer
-
-Bug Description: When trying to create the 'replica keep alive' entry
- on a consumer during an online init, the entry gets freed
- in op_shared_add(), and then freed again in
- replica_subentry_create() which leads to a crash.
-
-Fix Description: Do not free the "keep alive" entry if a referral is
- returned when trying to create the keep-alive entry.
-
-https://fedorahosted.org/389/ticket/48266
-
-Reviewed by: tbordaz(Thanks!)
-
-(cherry picked from commit 5538bac519c5363bb456e98d615c9366dedd57d8)
-(cherry picked from commit 1c127b40c1c7298839562326babbf2cba65cce1b)
----
- ldap/servers/plugins/replication/repl5_replica.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 6ac28c1..708008c 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -448,7 +448,9 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
- repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* flags */);
- slapi_add_internal_pb(pb);
- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value);
-- if (return_value != LDAP_SUCCESS && return_value != LDAP_ALREADY_EXISTS)
-+ if (return_value != LDAP_SUCCESS &&
-+ return_value != LDAP_ALREADY_EXISTS &&
-+ return_value != LDAP_REFERRAL /* CONSUMER */)
- {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
- "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
---
-1.9.3
-
diff --git a/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch b/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch
deleted file mode 100644
index ebe138e..0000000
--- a/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From d1598673937a83127249e6c26de6af3a18a5f51c Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 22 Sep 2015 13:41:06 -0400
-Subject: [PATCH 64/65] Ticket 48284 - free entry when internal add fails
-
-Bug Description: The entry passed to an internal add operaton is expected
- to be consumed, but it is not freed during an internal
- add when setting slapi_add_internal_pb() returns an error.
-
-Fix Description: Free the entry in slapi_add_internal_pb() when the operation
- is not allowed.
-
-https://fedorahosted.org/389/ticket/48284
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 622be8bfbc942fe100b8880df72db26e99e1c954)
-(cherry picked from commit 99dbfb7601daea80f80d1ea9d29766d76555e01a)
----
- ldap/servers/slapd/add.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
-index 5eb2042..31012a2 100644
---- a/ldap/servers/slapd/add.c
-+++ b/ldap/servers/slapd/add.c
-@@ -316,6 +316,12 @@ int slapi_add_internal_pb (Slapi_PBlock *pb)
-
- if (!allow_operation (pb))
- {
-+ /* free the entry as it's expected to be consumed */
-+ Slapi_Entry *e;
-+ slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
-+ slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
-+ slapi_entry_free(e);
-+
- slapi_send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
- "This plugin is not configured to access operation target data", 0, NULL );
- return 0;
-@@ -727,8 +733,8 @@ static void op_shared_add (Slapi_PBlock *pb)
- slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &pse);
- do_ps_service(pse, NULL, LDAP_CHANGETYPE_ADD, 0);
- /*
-- * If be_add succeeded, then e is consumed except the resurect case.
-- * If it is resurect, the corresponding tombstone entry is resurected
-+ * If be_add succeeded, then e is consumed except the resurrect case.
-+ * If it is resurrect, the corresponding tombstone entry is resurrected
- * and put into the cache.
- * Otherwise, we set e to NULL to prevent freeing it ourselves.
- */
---
-1.9.3
-
diff --git a/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch b/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
deleted file mode 100644
index 23541a8..0000000
--- a/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 3a3d1f22ea262270bc859aeb4c80928d5a085817 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 22 Sep 2015 13:58:38 -0400
-Subject: [PATCH 65/65] Ticket 48266 - do not free repl keep alive entry on
- error
-
-Description: There is no need to free the "repl keep alive" entry
- if any stage of the "add" fails. Otherwise we could
- potentially run into a double free.
-
-https://fedorahosted.org/389/ticket/48266
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit e5d9b0c741af1c3ea5e8212148a3ba95ee18925b)
-(cherry picked from commit f95e73f620987de9107246b30b28fd463024b61f)
----
- ldap/servers/plugins/replication/repl5_replica.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 708008c..8b53f3c 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -456,7 +456,6 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
- "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
- ldap_err2string(return_value));
- rc = -1;
-- slapi_entry_free(e); /* The entry was not consumed */
- goto done;
- }
-
---
-1.9.3
-
diff --git a/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch b/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
deleted file mode 100644
index d2e826c..0000000
--- a/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 695f06f02f6285bad4c494fda98f8f17ace2d1aa Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 30 Sep 2015 13:32:05 -0700
-Subject: [PATCH 66/68] Ticket #48299 - pagedresults - when timed out, search
- results could have been already freed.
-
-Description: When a search results object is freed, there is a window
-until the information is set to the pagedresults handle. If the paged-
-results handle is released due to a timeout in the window, double free
-occurs.
-
-This patch sets NULL just before the search results object is freed
-in the backend as well as in dse.
-
-Plus, fixed a minor memory leak in pagedresults_parse_control_value.
-
-https://fedorahosted.org/389/ticket/48299
-
-Reviewed and a bug found by tbordaz@redhat.com (Thank you, Thierry!!)
-
-(cherry picked from commit f90c3a6e1933b9cc19a51b17a038f26652c4b2bc)
-(cherry picked from commit 56151ed75bbd63af80932fe73a512df835b17593)
----
- ldap/servers/slapd/back-ldbm/ldbm_search.c | 1 +
- ldap/servers/slapd/dse.c | 1 +
- ldap/servers/slapd/pagedresults.c | 33 +++++++++++++++++++++++++++++-
- ldap/servers/slapd/proto-slap.h | 1 +
- 4 files changed, 35 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c
-index 73c54d3..8ed6b4d 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_search.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c
-@@ -1890,6 +1890,7 @@ delete_search_result_set( Slapi_PBlock *pb, back_search_result_set **sr )
- /* If the op is pagedresults, let the module clean up sr. */
- return;
- }
-+ pagedresults_set_search_result_pb(pb, NULL, 0);
- slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
- }
- if ( NULL != (*sr)->sr_candidates )
-diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
-index e8e393b..68ce751 100644
---- a/ldap/servers/slapd/dse.c
-+++ b/ldap/servers/slapd/dse.c
-@@ -2830,6 +2830,7 @@ dse_next_search_entry (Slapi_PBlock *pb)
- /* we reached the end of the list */
- if (e == NULL)
- {
-+ pagedresults_set_search_result_pb(pb, NULL, 0);
- dse_search_set_delete (ss);
- slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
- }
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index d0c93cd..6dd6432 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -172,7 +172,6 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- }
- /* reset sizelimit */
- op->o_pagedresults_sizelimit = -1;
-- slapi_ch_free((void **)&cookie.bv_val);
-
- if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)) {
- if (conn->c_pagedresults.prl_list[*index].pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) {
-@@ -189,6 +188,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- LDAPDebug1Arg(LDAP_DEBUG_ANY, "pagedresults_parse_control_value: invalid cookie: %d\n", *index);
- }
- bail:
-+ slapi_ch_free((void **)&cookie.bv_val);
- /* cleaning up the rest of the timedout or abandoned if any */
- prp = conn->c_pagedresults.prl_list;
- for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
-@@ -1010,3 +1010,34 @@ pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
- PR_Unlock(conn->c_mutex);
- return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
- }
-+
-+int
-+pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked)
-+{
-+ int rc = -1;
-+ Connection *conn = NULL;
-+ Operation *op = NULL;
-+ int index = -1;
-+ if (!pb) {
-+ return 0;
-+ }
-+ slapi_pblock_get(pb, SLAPI_OPERATION, &op);
-+ if (!op_is_pagedresults(op)) {
-+ return 0; /* noop */
-+ }
-+ slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
-+ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &index);
-+ LDAPDebug2Args(LDAP_DEBUG_TRACE,
-+ "--> pagedresults_set_search_result_pb: idx=%d, sr=%p\n", index, sr);
-+ if (conn && (index > -1)) {
-+ if (!locked) PR_Lock(conn->c_mutex);
-+ if (index < conn->c_pagedresults.prl_maxlen) {
-+ conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
-+ rc = 0;
-+ }
-+ if (!locked) PR_Unlock(conn->c_mutex);
-+ }
-+ LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-+ "<-- pagedresults_set_search_result_pb: %d\n", rc);
-+ return rc;
-+}
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index e8673e1..b10c1eb 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1488,6 +1488,7 @@ void op_set_pagedresults(Operation *op);
- void pagedresults_lock(Connection *conn, int index);
- void pagedresults_unlock(Connection *conn, int index);
- int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
-+int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked);
-
- /*
- * sort.c
---
-1.9.3
-
diff --git a/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
deleted file mode 100644
index 913e0c4..0000000
--- a/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 6b1aeee584c74c47abf8f7190d4783c061607279 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 1 Oct 2015 15:11:24 -0700
-Subject: [PATCH 67/68] Ticket #48192 - Individual abandoned simple paged
- results request has no chance to be cleaned up
-
-Description: If CONN_FLAG_PAGEDRESULTS_ABANDONED is set to pr_flags,
-the search results in the pagedresults handle is supposed to have been
-cleaned up. But when there is a contention, there is a case that it
-is reset with the already released search results. This patch adds an
-additional check for abandoned flag in pagedresults_set_search_result.
-If the pagedresults handle shows it is abandoned, the search results
-is not set to the handle unless it is for cleaning up with NULL.
-
-https://fedorahosted.org/389/ticket/48192
-
-Reviewed by rmeggins@redhat.com (Thanks, Rich!!)
-
-(cherry picked from commit 6e453918e82af6c597390aebf92a8eb3283c3591)
-(cherry picked from commit 96b9b6794e0a6bfa0d74c84f6c80131c4f820fa7)
----
- ldap/servers/slapd/pagedresults.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 6dd6432..87447c4 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -337,7 +337,7 @@ pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid )
- for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
- if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) {
- PagedResults *prp = conn->c_pagedresults.prl_list + i;
-- if (prp && prp->pr_current_be &&
-+ if (prp->pr_current_be &&
- prp->pr_current_be->be_search_results_release &&
- prp->pr_search_result_set) {
- prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
-@@ -429,7 +429,11 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr,
- if (conn && (index > -1)) {
- if (!locked) PR_Lock(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
-- conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
-+ PagedResults *prp = conn->c_pagedresults.prl_list + index;
-+ if (!(prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) || !sr) {
-+ /* If abandoned, don't set the search result unless it is NULL */
-+ prp->pr_search_result_set = sr;
-+ }
- rc = 0;
- }
- if (!locked) PR_Unlock(conn->c_mutex);
---
-1.9.3
-
diff --git a/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch b/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
deleted file mode 100644
index 0e44b72..0000000
--- a/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
+++ /dev/null
@@ -1,343 +0,0 @@
-From 5b2efd34c07c65e24f4129430064f7299803dbf8 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 2 Oct 2015 11:38:01 -0700
-Subject: [PATCH 68/68] Ticket #48298 - ns-slapd crash during
- ipa-replica-manage del
-
-Bug Description: The cause of the problem is rather not a race condition but
-accessing an already freed agreement in a plug-in:
-> The crashed thread is deleting an agreement object, which calls mep_pre_op.
-> It eventually calls op_shared_search with the deleted agreement object with
-> base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))"
-> Since it is a DSE entry it goes to dse_search, in which it calls agmt_get_
-> replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN...
-
-Fix Description: This patch adds the check to agmt_get_replarea, in which if
-the agreement is not in the agreement list, it returnes NULL repl area. When
-the NULL repl area is returned the callers back off with an error.
-
-https://fedorahosted.org/389/ticket/48298
-
-Reviewed by rmeggins@redhat.com (Thanks, Rich!)
-
-(cherry picked from commit 3cbdfa613ed8668337213fe9c3c15cf54ce798aa)
-(cherry picked from commit f09eb8c0f8ee315b2a20d6460c975a546207411e)
----
- ldap/servers/plugins/replication/repl5.h | 1 +
- ldap/servers/plugins/replication/repl5_agmt.c | 17 +++++++++--
- ldap/servers/plugins/replication/repl5_agmtlist.c | 34 ++++++++++++++++++----
- .../plugins/replication/repl5_inc_protocol.c | 10 ++++++-
- .../plugins/replication/repl5_replica_config.c | 6 +++-
- .../plugins/replication/repl5_tot_protocol.c | 12 ++++++--
- .../plugins/replication/repl_session_plugin.c | 22 +++++++++++---
- .../plugins/replication/windows_protocol_util.c | 12 ++++++++
- 8 files changed, 98 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 17282bb..df92ca0 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -390,6 +390,7 @@ void agmtlist_shutdown();
- void agmtlist_notify_all(Slapi_PBlock *pb);
- Object* agmtlist_get_first_agreement_for_replica (Replica *r);
- Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev);
-+int agmtlist_agmt_exists(const Repl_Agmt *ra);
-
- /* In repl5_backoff.c */
- typedef struct backoff_timer Backoff_Timer;
-diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
-index f84eacb..76d26a1 100644
---- a/ldap/servers/plugins/replication/repl5_agmt.c
-+++ b/ldap/servers/plugins/replication/repl5_agmt.c
-@@ -696,6 +696,12 @@ agmt_start(Repl_Agmt *ra)
- * index.
- */
- repl_sdn = agmt_get_replarea(ra);
-+ if (!repl_sdn) {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "agmt_start: failed to get repl area. Please check agreement.\n");
-+ prot_free(&prot);
-+ return -1;
-+ }
-
- pb = slapi_pblock_new();
- attrs[0] = (char*)type_agmtMaxCSN;
-@@ -770,7 +776,7 @@ agmt_start(Repl_Agmt *ra)
- slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
- ra->hostname, ra->port);
- if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
-- /* Set the maxcsn */
-+ /* Set the maxcsn */
- slapi_ch_free_string(&ra->maxcsn);
- ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
- ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
-@@ -976,8 +982,11 @@ agmt_get_bindmethod(const Repl_Agmt *ra)
- Slapi_DN *
- agmt_get_replarea(const Repl_Agmt *ra)
- {
-- Slapi_DN *return_value;
-+ Slapi_DN *return_value = NULL;
- PR_ASSERT(NULL != ra);
-+ if (!agmtlist_agmt_exists(ra)) {
-+ return return_value;
-+ }
- PR_Lock(ra->lock);
- return_value = slapi_sdn_new();
- slapi_sdn_copy(ra->replarea, return_value);
-@@ -2690,6 +2699,9 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
- Object *repl_obj = NULL;
-
- replarea_sdn = agmt_get_replarea(ra);
-+ if (!replarea_sdn) {
-+ goto bail;
-+ }
- repl_obj = replica_get_replica_from_dn(replarea_sdn);
- slapi_sdn_free(&replarea_sdn);
- if (repl_obj) {
-@@ -2748,6 +2760,7 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
- slapi_entry_add_string(e, "nsds5replicaLastInitStatus", ra->last_init_status);
- }
- }
-+bail:
- return SLAPI_DSE_CALLBACK_OK;
- }
-
-diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c
-index 34650b4..f50862f 100644
---- a/ldap/servers/plugins/replication/repl5_agmtlist.c
-+++ b/ldap/servers/plugins/replication/repl5_agmtlist.c
-@@ -109,6 +109,24 @@ agmtlist_release_agmt(Repl_Agmt *ra)
- }
- }
-
-+int
-+agmtlist_agmt_exists(const Repl_Agmt *ra)
-+{
-+ Object *ro;
-+ int exists = 0;
-+
-+ PR_ASSERT(NULL != agmt_set);
-+ if (!ra) {
-+ return exists;
-+ }
-+ ro = objset_find(agmt_set, agmt_ptr_cmp, (const void *)ra);
-+ if (ro) {
-+ exists = 1;
-+ object_release(ro);
-+ }
-+ return exists;
-+}
-+
-
- /*
- * Note: when we add the new object, we have a reference to it. We hold
-@@ -135,6 +153,9 @@ add_new_agreement(Slapi_Entry *e)
-
- /* get the replica for this agreement */
- replarea_sdn = agmt_get_replarea(ra);
-+ if (!replarea_sdn) {
-+ return 1;
-+ }
- repl_obj = replica_get_replica_from_dn(replarea_sdn);
- slapi_sdn_free(&replarea_sdn);
- if (repl_obj) {
-@@ -841,13 +862,16 @@ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev)
- else
- obj = objset_first_obj(agmt_set);
-
-- while (obj)
-- {
-+ for ( ; obj; obj = objset_next_obj(agmt_set, obj)) {
- agmt = (Repl_Agmt*)object_get_data (obj);
-- PR_ASSERT (agmt);
-+ if (!agmt) {
-+ continue;
-+ }
-
- agmt_root = agmt_get_replarea(agmt);
-- PR_ASSERT (agmt_root);
-+ if (!agmt_root) {
-+ continue;
-+ }
-
- if (slapi_sdn_compare (replica_root, agmt_root) == 0)
- {
-@@ -856,7 +880,7 @@ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev)
- }
-
- slapi_sdn_free (&agmt_root);
-- obj = objset_next_obj(agmt_set, obj);
-+
- }
-
- return NULL;
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 7680340..244bbb2 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -1906,6 +1906,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- {
- Replica *replica;
- ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
-+ Slapi_DN *replarea_sdn = NULL;
- replica = (Replica*) object_get_data(prp->replica_object);
- if (replica)
- {
-@@ -1914,7 +1915,14 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "%s: skipped updates was definitely too high (%d) update the subentry now\n",
- agmt_get_long_name(prp->agmt), skipped_updates);
-- replica_subentry_update(agmt_get_replarea(prp->agmt), rid);
-+ replarea_sdn = agmt_get_replarea(prp->agmt);
-+ if (!replarea_sdn) {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "send_updates: Unknown replication area due to agreement not found.");
-+ return_value = UPDATE_FATAL_ERROR;
-+ } else {
-+ replica_subentry_update(replarea_sdn, rid);
-+ }
- }
- /* Terminate the results reading thread */
- if (!prp->repl50consumer)
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 8d3c481..e85ae3e 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -2368,13 +2368,17 @@ replica_send_cleanruv_task(Repl_Agmt *agmt, cleanruv_data *clean_data)
- conn_delete_internal_ext(conn);
- return;
- }
-- val.bv_len = PR_snprintf(data, sizeof(data), "CLEANRUV%d", clean_data->rid);
- sdn = agmt_get_replarea(agmt);
-+ if (!sdn) {
-+ conn_delete_internal_ext(conn);
-+ return;
-+ }
- mod.mod_op = LDAP_MOD_ADD|LDAP_MOD_BVALUES;
- mod.mod_type = "nsds5task";
- mod.mod_bvalues = vals;
- vals [0] = &val;
- vals [1] = NULL;
-+ val.bv_len = PR_snprintf(data, sizeof(data), "CLEANRUV%d", clean_data->rid);
- val.bv_val = data;
- mods[0] = &mod;
- mods[1] = NULL;
-diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-index 7da893a..16b51b5 100644
---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-@@ -329,6 +329,13 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- goto done;
- }
-
-+ area_sdn = agmt_get_replarea(prp->agmt);
-+ if (!area_sdn) {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
-+ "get repl area. Please check agreement.\n");
-+ goto done;
-+ }
-+
- conn_set_timeout(prp->conn, agmt_get_timeout(prp->agmt));
-
- /* acquire remote replica */
-@@ -387,11 +394,10 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Beginning total update of replica "
- "\"%s\".\n", agmt_get_long_name(prp->agmt));
-
-- pb = slapi_pblock_new ();
-+ /* RMREPL - need to send schema here */
-
-- /* RMREPL - need to send schema here */
-+ pb = slapi_pblock_new ();
-
-- area_sdn = agmt_get_replarea(prp->agmt);
- /* we need to provide managedsait control so that referral entries can
- be replicated */
- ctrls = (LDAPControl **)slapi_ch_calloc (3, sizeof (LDAPControl *));
-diff --git a/ldap/servers/plugins/replication/repl_session_plugin.c b/ldap/servers/plugins/replication/repl_session_plugin.c
-index 1c04089..2fa993d 100644
---- a/ldap/servers/plugins/replication/repl_session_plugin.c
-+++ b/ldap/servers/plugins/replication/repl_session_plugin.c
-@@ -48,6 +48,10 @@ repl_session_plugin_call_agmt_init_cb(Repl_Agmt *ra)
- }
- if (initfunc) {
- replarea = agmt_get_replarea(ra);
-+ if (!replarea) {
-+ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_agmt_init_cb -- Aborted -- No replication area\n");
-+ return;
-+ }
- cookie = (*initfunc)(replarea);
- slapi_sdn_free(&replarea);
- }
-@@ -73,8 +77,11 @@ repl_session_plugin_call_pre_acquire_cb(const Repl_Agmt *ra, int is_total,
-
- if (thefunc) {
- replarea = agmt_get_replarea(ra);
-- rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total,
-- data_guid, data);
-+ if (!replarea) {
-+ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_pre_acquire_cb -- Aborted -- No replication area\n");
-+ return 1;
-+ }
-+ rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, data_guid, data);
- slapi_sdn_free(&replarea);
- }
-
-@@ -95,8 +102,11 @@ repl_session_plugin_call_post_acquire_cb(const Repl_Agmt *ra, int is_total,
-
- if (thefunc) {
- replarea = agmt_get_replarea(ra);
-- rc = (*thefunc)(agmt_get_priv(ra), replarea,
-- is_total, data_guid, data);
-+ if (!replarea) {
-+ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_post_acquire_cb -- Aborted -- No replication area\n");
-+ return 1;
-+ }
-+ rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, data_guid, data);
- slapi_sdn_free(&replarea);
- }
-
-@@ -151,6 +161,10 @@ repl_session_plugin_call_destroy_agmt_cb(const Repl_Agmt *ra)
-
- if (thefunc) {
- replarea = agmt_get_replarea(ra);
-+ if (!replarea) {
-+ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_destroy_agmt_cb -- Aborted -- No replication area\n");
-+ return;
-+ }
- (*thefunc)(agmt_get_priv(ra), replarea);
- slapi_sdn_free(&replarea);
- }
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index 5c12af7..084b520 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -5319,6 +5319,13 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,
- * in the groups caused by moving member entries.
- * We need to update the local groups manually... */
- local_subtree = agmt_get_replarea(prp->agmt);
-+ if (!local_subtree) {
-+ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
-+ "failed to get local subtree from agreement\n");
-+ local_entry = orig_local_entry;
-+ orig_local_entry = NULL;
-+ goto bail;
-+ }
- local_subtree_sdn = local_subtree;
- orig_local_sdn = slapi_entry_get_sdn_const(orig_local_entry);
- escaped_filter_val = slapi_escape_filter_value((char *)slapi_sdn_get_ndn(orig_local_sdn),
-@@ -5651,6 +5658,11 @@ windows_search_local_entry_by_uniqueid(Private_Repl_Protocol *prp,
- *ret_entry = NULL;
- if (is_global) { /* Search from the suffix (rename case) */
- local_subtree = agmt_get_replarea(prp->agmt);
-+ if (!local_subtree) {
-+ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
-+ "failed to get local subtree from agreement\n");
-+ return LDAP_PARAM_ERROR;
-+ }
- local_subtree_sdn = local_subtree;
- } else {
- local_subtree_sdn = windows_private_get_directory_treetop(prp->agmt);
---
-1.9.3
-
diff --git a/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch b/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
deleted file mode 100644
index e98104e..0000000
--- a/SOURCES/0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 68cdd9df5c923cca591dfe7d22207d7d31ef4928 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 23 Oct 2015 15:17:44 -0400
-Subject: [PATCH 69/75] Ticket 48311 - nunc-stans: Attempt to release
- connection that is not acquired
-
-Bug Description: ns_connection_post_io_or_closing() was not aquiring the
- connection in the optimized build, which led to the connection
- ref count getting out sequence.
-
-Fix Description Do not call connection_acquire_nolock() inside a PR_ASSERT call.
-
- Also changed other PR_ASSERTs to only be called if DEBUG is set
-
-https://fedorahosted.org/389/ticket/48311
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 97946bd212c5094a490d6a3429e0d5763ccd39ce)
-(cherry picked from commit a8d30b356f312b24132f4ced324a67601b7cfb9b)
----
- ldap/servers/slapd/daemon.c | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index ba73da3..82099bc 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1836,7 +1836,11 @@ ns_handle_closure(struct ns_job_t *job)
- int do_yield = 0;
-
- /* this function must be called from the event loop thread */
-+#ifdef DEBUG
- PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
-+#else
-+ NS_JOB_IS_THREAD(ns_job_get_type(job));
-+#endif
- PR_Lock(c->c_mutex);
- connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */
- PR_ASSERT(c->c_ns_close_jobs == 1); /* should be exactly 1 active close job - this one */
-@@ -1889,7 +1893,11 @@ ns_connection_post_io_or_closing(Connection *conn)
- /* process event normally - wait for I/O until idletimeout */
- tv.tv_sec = conn->c_idletimeout;
- tv.tv_usec = 0;
-- PR_ASSERT(0 == connection_acquire_nolock(conn)); /* event framework now has a reference */
-+#ifdef DEBUG
-+ PR_ASSERT(0 == connection_acquire_nolock(conn));
-+#else
-+ connection_acquire_nolock(conn); /* event framework now has a reference */
-+#endif
- ns_add_io_timeout_job(conn->c_tp, conn->c_prfd, &tv,
- NS_JOB_READ|NS_JOB_PRESERVE_FD,
- ns_handle_pr_read_ready, conn, NULL);
-@@ -1911,7 +1919,11 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
- Connection *c = (Connection *)ns_job_get_data(job);
-
- /* this function must be called from the event loop thread */
-+#ifdef DEBUG
- PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
-+#else
-+ NS_JOB_IS_THREAD(ns_job_get_type(job));
-+#endif
-
- PR_Lock(c->c_mutex);
- LDAPDebug2Args(LDAP_DEBUG_CONNS, "activity on conn %" NSPRIu64 " for fd=%d\n",
---
-2.4.3
-
diff --git a/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch b/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
deleted file mode 100644
index c574566..0000000
--- a/SOURCES/0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From d7609aa1166fb79dd5e1f838f5ab27e0924441a1 Mon Sep 17 00:00:00 2001
-From: William Brown <firstyear@redhat.com>
-Date: Fri, 6 Nov 2015 14:56:44 +1000
-Subject: [PATCH 70/75] Ticket 48311 -nunc-stans: Attempt to release
- connection that is not acquired https://fedorahosted.org/389/ticket/48311
-
-Bug Description: DS with nunc stans enabled produces lots of messages like
-[13/Oct/2015:11:29:24 -0400] connection - conn=98 fd=161 Attempt to release
-connection that is not acquired
-
-FixDescription: From the original patch:
- * Do not call connection_acquire_nolock() inside a PR_ASSERT call.
- * Also changed other PR_ASSERTs to only be called if DEBUG is set
-
-This additionally guarantees the return codes of these functions since we have
-removed the PR_ASSERT that previously wrapped these function calls. If these
-assertions fail, we log to the error log in all cases.
-
-Author: wibrown
-
-Review by: mreynolds, nhosoi (Thanks!)
-
-(cherry picked from commit 49aaf98732d1e16dde3edb81272de8203aded21c)
-(cherry picked from commit b03987689c3a2477630e2a3452e64cc7759ba5f3)
----
- ldap/servers/slapd/daemon.c | 23 ++++++++++++++++++++---
- 1 file changed, 20 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index 82099bc..bd3bfb2 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1839,7 +1839,12 @@ ns_handle_closure(struct ns_job_t *job)
- #ifdef DEBUG
- PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
- #else
-- NS_JOB_IS_THREAD(ns_job_get_type(job));
-+ /* This doesn't actually confirm it's in the event loop thread, but it's a start */
-+ if (NS_JOB_IS_THREAD(ns_job_get_type(job)) != 0) {
-+ LDAPDebug2Args(LDAP_DEBUG_ANY, "ns_handle_closure: Attempt to close outside of event loop thread %" NSPRIu64 " for fd=%d\n",
-+ c->c_connid, c->c_sd);
-+ return;
-+ }
- #endif
- PR_Lock(c->c_mutex);
- connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */
-@@ -1896,7 +1901,14 @@ ns_connection_post_io_or_closing(Connection *conn)
- #ifdef DEBUG
- PR_ASSERT(0 == connection_acquire_nolock(conn));
- #else
-- connection_acquire_nolock(conn); /* event framework now has a reference */
-+ if (connection_acquire_nolock(conn) != 0) { /* event framework now has a reference */
-+ /*
-+ * This has already been logged as an error in ./ldap/servers/slapd/connection.c
-+ * The error occurs when we get a connection in a closing state.
-+ * For now we return, but there is probably a better way to handle the error case.
-+ */
-+ return;
-+ }
- #endif
- ns_add_io_timeout_job(conn->c_tp, conn->c_prfd, &tv,
- NS_JOB_READ|NS_JOB_PRESERVE_FD,
-@@ -1922,7 +1934,12 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
- #ifdef DEBUG
- PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
- #else
-- NS_JOB_IS_THREAD(ns_job_get_type(job));
-+ /* This doesn't actually confirm it's in the event loop thread, but it's a start */
-+ if (NS_JOB_IS_THREAD(ns_job_get_type(job)) != 0) {
-+ LDAPDebug2Args(LDAP_DEBUG_ANY, "ns_handle_pr_read_ready: Attempt to handle read ready outside of event loop thread %" NSPRIu64 " for fd=%d\n",
-+ c->c_connid, c->c_sd);
-+ return;
-+ }
- #endif
-
- PR_Lock(c->c_mutex);
---
-2.4.3
-
diff --git a/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch b/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch
deleted file mode 100644
index 90743ca..0000000
--- a/SOURCES/0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 34239335f2658905a2f96865bea0503bb6ad5ec1 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Tue, 3 Nov 2015 15:59:54 +0100
-Subject: [PATCH 71/75] Ticket 47976: deadlock in mep delete post op
-
-Bug Description:
- When deleting the original entry, some DB pages are acquired in write.
- The deadlock occurs because when reading the parent entry of the MEP entry
- MEP plugin requires read access to one of the page acquired by the deletion of the original entry.
- The read access can be granted if it is using the parent txn.
- This bug requires that the parent entry of the MEP entry is not found in the entry cache, so
- it requires database access
-
-Fix Description:
- Fix ldbm_delete, so that it reads id2entry db with parent txn
-
-https://fedorahosted.org/389/ticket/47976
-
-Reviewed by: Ludwig Krispenz, Rich Megginson (Thanks you !!)
-
-Platforms tested: F17
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 55434d308b4e459ba3a169eff94568312dba767c)
----
- ldap/servers/slapd/back-ldbm/ldbm_delete.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-index f31d545..100a71d 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-@@ -477,7 +477,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
- * the parent. If we fail to lock the entry, just try again.
- */
- while(1){
-- parent = id2entry(be, pid ,NULL, &retval);
-+ parent = id2entry(be, pid ,&txn, &retval);
- if (parent && (cache_retry = cache_lock_entry(&inst->inst_cache, parent))) {
- /* Failed to obtain parent entry's entry lock */
- if(cache_retry == RETRY_CACHE_LOCK &&
---
-2.4.3
-
diff --git a/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch b/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
deleted file mode 100644
index aed49ee..0000000
--- a/SOURCES/0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From 24129b41820b87d613e721f8530e1955f1cce0ff Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 5 Nov 2015 10:44:08 -0800
-Subject: [PATCH 72/75] Ticket #48338 - SimplePagedResults -- abandon could
- happen between the abandon check and sending results
-
-Description: An abandon request for a SimplePagedResults request could
-happened between the abandon check and the code for sending the search
-results. The abandon frees the search results although sending result
-code still refers it.
-
-Fix description: The code (from getting search results through sending
-the search results) in op_shared_search is protected by c_mutex locking.
-
-https://fedorahosted.org/389/ticket/48338
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 390b8bd9076e8976facc0858e60985d6b4fac05c)
-(cherry picked from commit 8f49d33d30fade7b579062414250a0ddb1a66c62)
----
- ldap/servers/slapd/opshared.c | 13 ++++++++-----
- ldap/servers/slapd/pagedresults.c | 28 ++++++++++++++++++----------
- ldap/servers/slapd/proto-slap.h | 5 ++---
- 3 files changed, 28 insertions(+), 18 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index dcdbb04..586ca1f 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -500,7 +500,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- be = be_list[index];
- }
- }
-- pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
-+ pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 0/*not locked*/, pr_idx);
- estimate = pagedresults_get_search_result_set_size_estimate(pb->pb_conn, operation, pr_idx);
- if (pagedresults_get_unindexed(pb->pb_conn, operation, pr_idx)) {
- opnote |= SLAPI_OP_NOTE_UNINDEXED;
-@@ -675,13 +675,15 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- * In async paged result case, the search result might be released
- * by other theads. We need to double check it in the locked region.
- */
-- pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
-+ PR_Lock(pb->pb_conn->c_mutex);
-+ pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 1/*locked*/, pr_idx);
- if (pr_search_result) {
-- if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+ if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 1/*locked*/, pr_idx)) {
- pagedresults_unlock(pb->pb_conn, pr_idx);
- /* Previous operation was abandoned and the simplepaged object is not in use. */
- send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
- rc = LDAP_SUCCESS;
-+ PR_Unlock(pb->pb_conn->c_mutex);
- goto free_and_return;
- } else {
- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-@@ -689,7 +691,8 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-
- /* search result could be reset in the backend/dse */
- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
-- pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
-+ pagedresults_set_search_result(pb->pb_conn, operation, sr, 1/*locked*/, pr_idx);
-+ PR_Unlock(pb->pb_conn->c_mutex);
- }
- } else {
- pr_stat = PAGEDRESULTS_SEARCH_END;
-@@ -720,7 +723,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- if (PAGEDRESULTS_SEARCH_END == pr_stat) {
- pagedresults_lock(pb->pb_conn, pr_idx);
- slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
-- if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+ if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 0/*not locked*/, pr_idx)) {
- pagedresults_free_one(pb->pb_conn, operation, pr_idx);
- }
- pagedresults_unlock(pb->pb_conn, pr_idx);
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 87447c4..4458cfb 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -395,20 +395,25 @@ pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int
- }
-
- void *
--pagedresults_get_search_result(Connection *conn, Operation *op, int index)
-+pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index)
- {
- void *sr = NULL;
- if (!op_is_pagedresults(op)) {
- return sr; /* noop */
- }
-- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-- "--> pagedresults_get_search_result: idx=%d\n", index);
-+ LDAPDebug2Args(LDAP_DEBUG_TRACE,
-+ "--> pagedresults_get_search_result(%s): idx=%d\n",
-+ locked?"locked":"not locked", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ if (!locked) {
-+ PR_Lock(conn->c_mutex);
-+ }
- if (index < conn->c_pagedresults.prl_maxlen) {
- sr = conn->c_pagedresults.prl_list[index].pr_search_result_set;
- }
-- PR_Unlock(conn->c_mutex);
-+ if (!locked) {
-+ PR_Unlock(conn->c_mutex);
-+ }
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_get_search_result: %p\n", sr);
-@@ -416,8 +421,7 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int index)
- }
-
- int
--pagedresults_set_search_result(Connection *conn, Operation *op, void *sr,
-- int locked, int index)
-+pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index)
- {
- int rc = -1;
- if (!op_is_pagedresults(op)) {
-@@ -1003,15 +1007,19 @@ pagedresults_unlock( Connection *conn, int index )
- }
-
- int
--pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
-+pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index)
- {
- PagedResults *prp;
- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
- return 1; /* not abandoned, but do not want to proceed paged results op. */
- }
-- PR_Lock(conn->c_mutex);
-+ if (!locked) {
-+ PR_Lock(conn->c_mutex);
-+ }
- prp = conn->c_pagedresults.prl_list + index;
-- PR_Unlock(conn->c_mutex);
-+ if (!locked) {
-+ PR_Unlock(conn->c_mutex);
-+ }
- return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
- }
-
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index b10c1eb..e1cb53e 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1445,8 +1445,7 @@ void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical,
- int curr_search_count, int index);
- Slapi_Backend *pagedresults_get_current_be(Connection *conn, int index);
- int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock);
--void *pagedresults_get_search_result(Connection *conn, Operation *op,
-- int index);
-+void *pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int index);
- int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr,
- int locked, int index);
- int pagedresults_get_search_result_count(Connection *conn, Operation *op,
-@@ -1487,7 +1486,7 @@ int pagedresults_cleanup_all(Connection *conn, int needlock);
- void op_set_pagedresults(Operation *op);
- void pagedresults_lock(Connection *conn, int index);
- void pagedresults_unlock(Connection *conn, int index);
--int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
-+int pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int index);
- int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked);
-
- /*
---
-2.4.3
-
diff --git a/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch b/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch
deleted file mode 100644
index 37db567..0000000
--- a/SOURCES/0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 1a10e14ce3f05f961e80c4c8cf170d92945c25a1 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 6 Nov 2015 14:41:36 -0500
-Subject: [PATCH 73/75] Ticket 48325 - Replica promotion leaves RUV out of
- order
-
-Bug Description: When promoting a consumer to a master the new RUV
- element is appended to the RUV. However, when trying
- to replicate from the newly promoted replica the
- remote replica checks the first element in the RUV
- and sees that its the same replica ID, and aborts the
- replication session. Essentailly this completely
- breaks replication between the two servers, and can
- actually corrupt other RUVs on other replicas.
-
-Fix Description: When promoting a replica to a master, reorder the RUV
- so that it is the first in the list.
-
-https://fedorahosted.org/389/ticket/48325
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit b896840d270a540698f35a4aac4f7a91742952b0)
-(cherry picked from commit 6180b91c3f65e9c5e375816a72baa95678458a0a)
----
- ldap/servers/plugins/replication/repl5_replica_config.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index e85ae3e..4d7135c 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1003,6 +1003,7 @@ replica_config_change_type_and_id (Replica *r, const char *new_type,
- csngen_rewrite_rid(gen, rid);
- if(purl && type == REPLICA_TYPE_UPDATABLE){
- ruv_add_replica(ruv, rid, purl);
-+ ruv_move_local_supplier_to_first(ruv, rid);
- replica_reset_csn_pl(r);
- }
- ruv_delete_replica(ruv, oldrid);
---
-2.4.3
-
diff --git a/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch b/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch
deleted file mode 100644
index 0d2fceb..0000000
--- a/SOURCES/0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0fa9e46da9f56221b579a7729deebaed73364c27 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 10 Nov 2015 15:35:41 -0800
-Subject: [PATCH 74/75] Ticket #48344 - acl - regression - trailing ', (comma)'
- in macro matched value is not removed.
-
-Description: acl_match_macro_in_target in acl plug-in returns matched value
-with a trailing comma, e.g., "o=kaki.com,". It's used to create a group DN,
-e.g., "cn=Domain Administrators,ou=Groups,o=kaki.como=ace industry,c=us".
-
-Due to the duplicated commas, the bind unexpectedly fails with 50 (insufficient
-access).
-
-In getting the matched value from target DN, it checks if a character at the
-end position is a comma or not. If it is, '\0' is set there. The position
-was one byte ahead. It was introduced by #48141 - aci with wildcard and macro
-not correctly evaluated.
-
-https://fedorahosted.org/389/ticket/48344
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 8e421fb9af2752144cc93e62090fd873524c5633)
-(cherry picked from commit 1a6390d6ffa743f38be206f7ed7bb0ac3bcfe26b)
----
- ldap/servers/plugins/acl/aclutil.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c
-index 2f37107..308cf8b 100644
---- a/ldap/servers/plugins/acl/aclutil.c
-+++ b/ldap/servers/plugins/acl/aclutil.c
-@@ -935,7 +935,7 @@ acl_match_macro_in_target( const char *ndn, char * match_this,
-
- matched_val_len = ndn_len-macro_suffix_len-
- ndn_prefix_end;
-- if (ndn[ndn_len - macro_suffix_len] == ',')
-+ if (ndn[ndn_len - macro_suffix_len - 1] == ',')
- matched_val_len -= 1;
-
- matched_val = (char *)slapi_ch_malloc(matched_val_len + 1);
---
-2.4.3
-
diff --git a/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch b/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch
deleted file mode 100644
index 7c54385..0000000
--- a/SOURCES/0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 70cdfa2ef8bcb0e8bae1c18f69c42d99dff2b5be Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 5 Nov 2015 13:08:56 -0800
-Subject: [PATCH 75/75] Ticket #48339 - Share nsslapd-threadnumber in the case
- nunc-stans is enabled, as well.
-
-Description: When nunc-stans is enabled, instead of getting the
-thread number from the environment variable MAX_THREADS, use the
-value of config parameter nsslapd-threadnumber.
-
-https://fedorahosted.org/389/ticket/48339
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit ab8ed9a5ebb0d15b55d7525ed1d5dbeebd8c7563)
-(cherry picked from commit a4c0a9eeba031b9304d63ca05d8b9fab9ebca1b2)
----
- ldap/servers/slapd/daemon.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index bd3bfb2..5d70647 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1199,10 +1199,7 @@ void slapd_daemon( daemon_ports_t *ports )
- #ifdef ENABLE_NUNC_STANS
- if (enable_nunc_stans && !g_get_shutdown()) {
- int ii;
-- PRInt32 maxthreads = 3;
-- if (getenv("MAX_THREADS")) {
-- maxthreads = atoi(getenv("MAX_THREADS"));
-- }
-+ PRInt32 maxthreads = (PRInt32)config_get_threadnumber();
- /* Set the nunc-stans thread pool config */
- ns_thrpool_config_init(&tp_config);
-
---
-2.4.3
-
diff --git a/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch b/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
deleted file mode 100644
index 3fa78c6..0000000
--- a/SOURCES/0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 62d2b0026e895448b9dff76f2565012340afdfcd Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 18 Nov 2015 11:44:35 -0800
-Subject: [PATCH] Ticket #48338 - SimplePagedResults -- abandon could happen
- between the abandon check and sending results
-
-Description: commit 390b8bd9076e8976facc0858e60985d6b4fac05c introduced
-a self deadlock (see also bz1282607: 389-ds-base-1.2.11.15-67.el6_7 hang)
-
-First phase of the following approach:
- Fix design by Ludwig Krispenz and Rich Megginson (Thanks!)
- Investigate the connection params used in the pblock access one by one and.
- - for fields not used, either remove the access or just leave it as is
- - With a big ASSERT to flag cases if the field is ever used, and a plan to
- deprecate and remove the field.
- - for fields with atomic access, like c_isreplication_session remove the mutex
- - for filelds requiring copying, define them directly in the pblock and when
- the pblock is created, populate them from the connection, the pblock access
- would no longer need the c_mutex.
-Removing PR_Lock(c_mutex) from slapi_pblock_get(SLAPI_CONN_CLIENTNETADDR) since
-acquiring the lock is not necessary for the atomic reads. This change solves
-the self deadlock.
-
-https://fedorahosted.org/389/ticket/48338#comment:11
-
-Reviewed by nkinder@redhat.com and mreynolds@redhat.com (Thank you, Nathan and Mark!)
-
-(cherry picked from commit 79ca67d1fc5d50d8a9ae6b686b9564f3960f8592)
-(cherry picked from commit 36245abd78f7abfed8219a5ac4a4cf50c1c0237c)
----
- ldap/servers/slapd/pblock.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index bf57a33..f2017be 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -223,14 +223,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- memset( value, 0, sizeof( PRNetAddr ));
- break;
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ /* For fields with atomic access, remove the PR_Lock(c_mutex) */
- if ( pblock->pb_conn->cin_addr == NULL ) {
- memset( value, 0, sizeof( PRNetAddr ));
- } else {
-- (*(PRNetAddr *)value) =
-- *(pblock->pb_conn->cin_addr);
-+ (*(PRNetAddr *)value) = *(pblock->pb_conn->cin_addr);
- }
-- PR_Unlock( pblock->pb_conn->c_mutex );
- break;
- case SLAPI_CONN_SERVERNETADDR:
- if (pblock->pb_conn == NULL)
---
-2.4.3
-
diff --git a/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch b/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch
deleted file mode 100644
index d4c29f9..0000000
--- a/SOURCES/0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch
+++ /dev/null
@@ -1,929 +0,0 @@
-From 4a52c95b2f7815c15efd84daf57ced08e7855cc2 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 7 Dec 2015 16:45:06 -0500
-Subject: [PATCH 77/78] Ticket 48370 - The 'eq' index does not get updated
- properly when deleting and re-adding attributes in
- the same modify operation
-
-Bug Description: If you delete several values of the same attribute, and
- add at least one of them back in the same operation, the
- equality index does not get updated.
-
-Fix Description: Modify the logic of the index code to update the index if
- at least one of the values in the entry changes.
-
- Also did pep8 cleanup of create_test.py
-
-https://fedorahosted.org/389/ticket/48370
-
-Reviewed by: wibrown(Thanks!)
-
-(cherry picked from commit 63b80b5c31ebda51445c662903a28e2a79ebe60a)
-(cherry picked from commit 4a53592ec89d288f182c509dc7fcc104d8cbc4a8)
----
- dirsrvtests/create_test.py | 393 +++++++++++++++++++-------------
- dirsrvtests/tickets/ticket48370_test.py | 236 +++++++++++++++++++
- ldap/servers/slapd/back-ldbm/index.c | 29 +--
- 3 files changed, 480 insertions(+), 178 deletions(-)
- create mode 100644 dirsrvtests/tickets/ticket48370_test.py
-
-diff --git a/dirsrvtests/create_test.py b/dirsrvtests/create_test.py
-index 941e922..5293991 100755
---- a/dirsrvtests/create_test.py
-+++ b/dirsrvtests/create_test.py
-@@ -22,14 +22,16 @@ import optparse
-
-
- def displayUsage():
-- print ('\nUsage:\ncreate_ticket.py -t|--ticket <ticket number> -s|--suite <suite name> ' +
-- '[ i|--instances <number of standalone instances> [ -m|--masters <number of masters> ' +
-- '-h|--hubs <number of hubs> -c|--consumers <number of consumers> ] ' +
-- '-o|--outputfile ]\n')
-- print ('If only "-t" is provided then a single standalone instance is created. ' +
-- 'Or you can create a test suite script using "-s|--suite" instead of using "-t|--ticket".' +
-- 'The "-i" option can add mulitple standalone instances(maximum 10). ' +
-- 'However, you can not mix "-i" with the replication options(-m, -h , -c). ' +
-+ print ('\nUsage:\ncreate_ticket.py -t|--ticket <ticket number> ' +
-+ '-s|--suite <suite name> ' +
-+ '[ i|--instances <number of standalone instances> ' +
-+ '[ -m|--masters <number of masters> -h|--hubs <number of hubs> ' +
-+ '-c|--consumers <number of consumers> ] -o|--outputfile ]\n')
-+ print ('If only "-t" is provided then a single standalone instance is ' +
-+ 'created. Or you can create a test suite script using ' +
-+ '"-s|--suite" instead of using "-t|--ticket". The "-i" option ' +
-+ 'can add mulitple standalone instances(maximum 10). However, you' +
-+ ' can not mix "-i" with the replication options(-m, -h , -c). ' +
- 'There is a maximum of 10 masters, 10 hubs, and 10 consumers.')
- exit(1)
-
-@@ -59,34 +61,47 @@ if len(sys.argv) > 0:
- displayUsage()
-
- if args.ticket and args.suite:
-- print 'You must choose either "-t|--ticket" or "-s|--suite", but not both.'
-+ print('You must choose either "-t|--ticket" or "-s|--suite", ' +
-+ 'but not both.')
- displayUsage()
-
- if int(args.masters) == 0:
- if int(args.hubs) > 0 or int(args.consumers) > 0:
-- print 'You must use "-m|--masters" if you want to have hubs and/or consumers'
-+ print('You must use "-m|--masters" if you want to have hubs ' +
-+ 'and/or consumers')
- displayUsage()
-
-- if not args.masters.isdigit() or int(args.masters) > 10 or int(args.masters) < 0:
-- print 'Invalid value for "--masters", it must be a number and it can not be greater than 10'
-+ if not args.masters.isdigit() or \
-+ int(args.masters) > 10 or \
-+ int(args.masters) < 0:
-+ print('Invalid value for "--masters", it must be a number and it can' +
-+ ' not be greater than 10')
- displayUsage()
-
- if not args.hubs.isdigit() or int(args.hubs) > 10 or int(args.hubs) < 0:
-- print 'Invalid value for "--hubs", it must be a number and it can not be greater than 10'
-+ print('Invalid value for "--hubs", it must be a number and it can ' +
-+ 'not be greater than 10')
- displayUsage()
-
-- if not args.consumers.isdigit() or int(args.consumers) > 10 or int(args.consumers) < 0:
-- print 'Invalid value for "--consumers", it must be a number and it can not be greater than 10'
-+ if not args.consumers.isdigit() or \
-+ int(args.consumers) > 10 or \
-+ int(args.consumers) < 0:
-+ print('Invalid value for "--consumers", it must be a number and it ' +
-+ 'can not be greater than 10')
- displayUsage()
-
- if args.inst:
-- if not args.inst.isdigit() or int(args.inst) > 10 or int(args.inst) < 1:
-- print ('Invalid value for "--instances", it must be a number greater than 0 ' +
-- 'and not greater than 10')
-+ if not args.inst.isdigit() or \
-+ int(args.inst) > 10 or \
-+ int(args.inst) < 1:
-+ print('Invalid value for "--instances", it must be a number ' +
-+ 'greater than 0 and not greater than 10')
- displayUsage()
- if int(args.inst) > 0:
-- if int(args.masters) > 0 or int(args.hubs) > 0 or int(args.consumers) > 0:
-- print 'You can not mix "--instances" with replication.'
-+ if int(args.masters) > 0 or \
-+ int(args.hubs) > 0 or \
-+ int(args.consumers) > 0:
-+ print('You can not mix "--instances" with replication.')
- displayUsage()
-
- # Extract usable values
-@@ -120,9 +135,11 @@ if len(sys.argv) > 0:
- #
- # Write the imports
- #
-- TEST.write('import os\nimport sys\nimport time\nimport ldap\nimport logging\nimport pytest\n')
-- TEST.write('from lib389 import DirSrv, Entry, tools, tasks\nfrom lib389.tools import DirSrvTools\n' +
-- 'from lib389._constants import *\nfrom lib389.properties import *\n' +
-+ TEST.write('import os\nimport sys\nimport time\nimport ldap\n' +
-+ 'import logging\nimport pytest\n')
-+ TEST.write('from lib389 import DirSrv, Entry, tools, tasks\nfrom ' +
-+ 'lib389.tools import DirSrvTools\nfrom lib389._constants ' +
-+ 'import *\nfrom lib389.properties import *\n' +
- 'from lib389.tasks import *\nfrom lib389.utils import *\n\n')
-
- #
-@@ -154,13 +171,16 @@ if len(sys.argv) > 0:
-
- for idx in range(masters):
- TEST.write(' master' + str(idx + 1) + '.open()\n')
-- TEST.write(' self.master' + str(idx + 1) + ' = master' + str(idx + 1) + '\n')
-+ TEST.write(' self.master' + str(idx + 1) + ' = master' +
-+ str(idx + 1) + '\n')
- for idx in range(hubs):
- TEST.write(' hub' + str(idx + 1) + '.open()\n')
-- TEST.write(' self.hub' + str(idx + 1) + ' = hub' + str(idx + 1) + '\n')
-+ TEST.write(' self.hub' + str(idx + 1) + ' = hub' +
-+ str(idx + 1) + '\n')
- for idx in range(consumers):
- TEST.write(' consumer' + str(idx + 1) + '.open()\n')
-- TEST.write(' self.consumer' + str(idx + 1) + ' = consumer' + str(idx + 1) + '\n')
-+ TEST.write(' self.consumer' + str(idx + 1) + ' = consumer' +
-+ str(idx + 1) + '\n')
- TEST.write('\n\n')
- else:
- #
-@@ -184,7 +204,8 @@ if len(sys.argv) > 0:
- else:
- idx = str(idx)
- TEST.write(' standalone' + idx + '.open()\n')
-- TEST.write(' self.standalone' + idx + ' = standalone' + idx + '\n')
-+ TEST.write(' self.standalone' + idx + ' = standalone' +
-+ idx + '\n')
- TEST.write('\n\n')
-
- #
-@@ -194,7 +215,8 @@ if len(sys.argv) > 0:
- TEST.write('def topology(request):\n')
- TEST.write(' global installation1_prefix\n')
- TEST.write(' if installation1_prefix:\n')
-- TEST.write(' args_instance[SER_DEPLOYED_DIR] = installation1_prefix\n\n')
-+ TEST.write(' args_instance[SER_DEPLOYED_DIR] = ' +
-+ 'installation1_prefix\n\n')
-
- if repl_deployment:
- #
-@@ -204,20 +226,25 @@ if len(sys.argv) > 0:
- idx = str(idx + 1)
- TEST.write(' # Creating master ' + idx + '...\n')
- TEST.write(' master' + idx + ' = DirSrv(verbose=False)\n')
-- TEST.write(' args_instance[SER_HOST] = HOST_MASTER_' + idx + '\n')
-- TEST.write(' args_instance[SER_PORT] = PORT_MASTER_' + idx + '\n')
-- TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_' + idx + '\n')
-- TEST.write(' args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n')
-+ TEST.write(' args_instance[SER_HOST] = HOST_MASTER_' + idx +
-+ '\n')
-+ TEST.write(' args_instance[SER_PORT] = PORT_MASTER_' + idx +
-+ '\n')
-+ TEST.write(' args_instance[SER_SERVERID_PROP] = ' +
-+ 'SERVERID_MASTER_' + idx + '\n')
-+ TEST.write(' args_instance[SER_CREATION_SUFFIX] = ' +
-+ 'DEFAULT_SUFFIX\n')
- TEST.write(' args_master = args_instance.copy()\n')
- TEST.write(' master' + idx + '.allocate(args_master)\n')
-- TEST.write(' instance_master' + idx + ' = master' + idx + '.exists()\n')
-+ TEST.write(' instance_master' + idx + ' = master' + idx +
-+ '.exists()\n')
- TEST.write(' if instance_master' + idx + ':\n')
- TEST.write(' master' + idx + '.delete()\n')
- TEST.write(' master' + idx + '.create()\n')
- TEST.write(' master' + idx + '.open()\n')
-- TEST.write(' master' + idx + '.replica.enableReplication(suffix=SUFFIX, ' +
-- 'role=REPLICAROLE_MASTER, ' +
-- 'replicaId=REPLICAID_MASTER_' + idx + ')\n\n')
-+ TEST.write(' master' + idx + '.replica.enableReplication' +
-+ '(suffix=SUFFIX, role=REPLICAROLE_MASTER, ' +
-+ 'replicaId=REPLICAID_MASTER_' + idx + ')\n\n')
-
- for idx in range(hubs):
- idx = str(idx + 1)
-@@ -225,37 +252,45 @@ if len(sys.argv) > 0:
- TEST.write(' hub' + idx + ' = DirSrv(verbose=False)\n')
- TEST.write(' args_instance[SER_HOST] = HOST_HUB_' + idx + '\n')
- TEST.write(' args_instance[SER_PORT] = PORT_HUB_' + idx + '\n')
-- TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_HUB_' + idx + '\n')
-- TEST.write(' args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n')
-+ TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_HUB_' +
-+ idx + '\n')
-+ TEST.write(' args_instance[SER_CREATION_SUFFIX] = ' +
-+ 'DEFAULT_SUFFIX\n')
- TEST.write(' args_hub = args_instance.copy()\n')
- TEST.write(' hub' + idx + '.allocate(args_hub)\n')
-- TEST.write(' instance_hub' + idx + ' = hub' + idx + '.exists()\n')
-+ TEST.write(' instance_hub' + idx + ' = hub' + idx +
-+ '.exists()\n')
- TEST.write(' if instance_hub' + idx + ':\n')
- TEST.write(' hub' + idx + '.delete()\n')
- TEST.write(' hub' + idx + '.create()\n')
- TEST.write(' hub' + idx + '.open()\n')
-- TEST.write(' hub' + idx + '.replica.enableReplication(suffix=SUFFIX, ' +
-- 'role=REPLICAROLE_HUB, ' +
-- 'replicaId=REPLICAID_HUB_' + idx + ')\n\n')
-+ TEST.write(' hub' + idx + '.replica.enableReplication' +
-+ '(suffix=SUFFIX, role=REPLICAROLE_HUB, ' +
-+ 'replicaId=REPLICAID_HUB_' + idx + ')\n\n')
-
- for idx in range(consumers):
- idx = str(idx + 1)
- TEST.write(' # Creating consumer ' + idx + '...\n')
- TEST.write(' consumer' + idx + ' = DirSrv(verbose=False)\n')
-- TEST.write(' args_instance[SER_HOST] = HOST_CONSUMER_' + idx + '\n')
-- TEST.write(' args_instance[SER_PORT] = PORT_CONSUMER_' + idx + '\n')
-- TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_CONSUMER_' + idx + '\n')
-- TEST.write(' args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n')
-+ TEST.write(' args_instance[SER_HOST] = HOST_CONSUMER_' + idx +
-+ '\n')
-+ TEST.write(' args_instance[SER_PORT] = PORT_CONSUMER_' + idx +
-+ '\n')
-+ TEST.write(' args_instance[SER_SERVERID_PROP] = ' +
-+ 'SERVERID_CONSUMER_' + idx + '\n')
-+ TEST.write(' args_instance[SER_CREATION_SUFFIX] = ' +
-+ 'DEFAULT_SUFFIX\n')
- TEST.write(' args_consumer = args_instance.copy()\n')
- TEST.write(' consumer' + idx + '.allocate(args_consumer)\n')
-- TEST.write(' instance_consumer' + idx + ' = consumer' + idx + '.exists()\n')
-+ TEST.write(' instance_consumer' + idx + ' = consumer' + idx +
-+ '.exists()\n')
- TEST.write(' if instance_consumer' + idx + ':\n')
- TEST.write(' consumer' + idx + '.delete()\n')
- TEST.write(' consumer' + idx + '.create()\n')
- TEST.write(' consumer' + idx + '.open()\n')
-- TEST.write(' consumer' + idx + '.replica.enableReplication(suffix=SUFFIX, ' +
-- 'role=REPLICAROLE_CONSUMER, ' +
-- 'replicaId=CONSUMER_REPLICAID)\n\n')
-+ TEST.write(' consumer' + idx + '.replica.enableReplication' +
-+ '(suffix=SUFFIX, role=REPLICAROLE_CONSUMER, ' +
-+ 'replicaId=CONSUMER_REPLICAID)\n\n')
-
- #
- # Create the master agreements
-@@ -274,39 +309,61 @@ if len(sys.argv) > 0:
- if master_idx == idx:
- # skip ourselves
- continue
-- TEST.write(' # Creating agreement from master ' + str(master_idx) + ' to master ' + str(idx) + '\n')
-- TEST.write(" properties = {RA_NAME: r'meTo_$host:$port',\n")
-- TEST.write(" RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],\n")
-- TEST.write(" RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],\n")
-- TEST.write(" RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],\n")
-- TEST.write(" RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n")
-- TEST.write(' m' + str(master_idx) + '_m' + str(idx) + '_agmt = master' + str(master_idx) +
-+ TEST.write(' # Creating agreement from master ' +
-+ str(master_idx) + ' to master ' + str(idx) + '\n')
-+ TEST.write(" properties = {RA_NAME: " +
-+ "r'meTo_$host:$port',\n")
-+ TEST.write(" RA_BINDDN: " +
-+ "defaultProperties[REPLICATION_BIND_DN],\n")
-+ TEST.write(" RA_BINDPW: " +
-+ "defaultProperties[REPLICATION_BIND_PW],\n")
-+ TEST.write(" RA_METHOD: " +
-+ "defaultProperties[REPLICATION_BIND_METHOD],\n")
-+ TEST.write(" RA_TRANSPORT_PROT: " +
-+ "defaultProperties[REPLICATION_TRANSPORT]}\n")
-+ TEST.write(' m' + str(master_idx) + '_m' + str(idx) +
-+ '_agmt = master' + str(master_idx) +
- '.agreement.create(suffix=SUFFIX, host=master' +
-- str(idx) + '.host, port=master' + str(idx) + '.port, properties=properties)\n')
-- TEST.write(' if not m' + str(master_idx) + '_m' + str(idx) + '_agmt:\n')
-- TEST.write(' log.fatal("Fail to create a master -> master replica agreement")\n')
-+ str(idx) + '.host, port=master' + str(idx) +
-+ '.port, properties=properties)\n')
-+ TEST.write(' if not m' + str(master_idx) + '_m' + str(idx) +
-+ '_agmt:\n')
-+ TEST.write(' log.fatal("Fail to create a master -> ' +
-+ 'master replica agreement")\n')
- TEST.write(' sys.exit(1)\n')
-- TEST.write(' log.debug("%s created" % m' + str(master_idx) + '_m' + str(idx) + '_agmt)\n\n')
-+ TEST.write(' log.debug("%s created" % m' + str(master_idx) +
-+ '_m' + str(idx) + '_agmt)\n\n')
- agmt_count += 1
-
- for idx in range(hubs):
- idx += 1
- #
-- # Create agreements from each master to each hub (master -> hub)
-+ # Create agmts from each master to each hub (master -> hub)
- #
-- TEST.write(' # Creating agreement from master ' + str(master_idx) + ' to hub ' + str(idx) + '\n')
-- TEST.write(" properties = {RA_NAME: r'meTo_$host:$port',\n")
-- TEST.write(" RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],\n")
-- TEST.write(" RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],\n")
-- TEST.write(" RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],\n")
-- TEST.write(" RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n")
-- TEST.write(' m' + str(master_idx) + '_h' + str(idx) + '_agmt = master' + str(master_idx) +
-- '.agreement.create(suffix=SUFFIX, host=hub' +
-- str(idx) + '.host, port=hub' + str(idx) + '.port, properties=properties)\n')
-- TEST.write(' if not m' + str(master_idx) + '_h' + str(idx) + '_agmt:\n')
-- TEST.write(' log.fatal("Fail to create a master -> hub replica agreement")\n')
-+ TEST.write(' # Creating agreement from master ' +
-+ str(master_idx) + ' to hub ' + str(idx) + '\n')
-+ TEST.write(" properties = {RA_NAME: " +
-+ "r'meTo_$host:$port',\n")
-+ TEST.write(" RA_BINDDN: " +
-+ "defaultProperties[REPLICATION_BIND_DN],\n")
-+ TEST.write(" RA_BINDPW: " +
-+ "defaultProperties[REPLICATION_BIND_PW],\n")
-+ TEST.write(" RA_METHOD: " +
-+ "defaultProperties[REPLICATION_BIND_METHOD],\n")
-+ TEST.write(" RA_TRANSPORT_PROT: " +
-+ "defaultProperties[REPLICATION_TRANSPORT]}\n")
-+ TEST.write(' m' + str(master_idx) + '_h' + str(idx) +
-+ '_agmt = master' + str(master_idx) +
-+ '.agreement.create(suffix=SUFFIX, host=hub' +
-+ str(idx) + '.host, port=hub' + str(idx) +
-+ '.port, properties=properties)\n')
-+ TEST.write(' if not m' + str(master_idx) + '_h' + str(idx) +
-+ '_agmt:\n')
-+ TEST.write(' log.fatal("Fail to create a master -> ' +
-+ 'hub replica agreement")\n')
- TEST.write(' sys.exit(1)\n')
-- TEST.write(' log.debug("%s created" % m' + str(master_idx) + '_h' + str(idx) + '_agmt)\n\n')
-+ TEST.write(' log.debug("%s created" % m' + str(master_idx) +
-+ '_h' + str(idx) + '_agmt)\n\n')
- agmt_count += 1
-
- #
-@@ -322,24 +379,35 @@ if len(sys.argv) > 0:
- #
- # Create agreements from each hub to each consumer
- #
-- TEST.write(' # Creating agreement from hub ' + str(hub_idx) + ' to consumer ' + str(idx) + '\n')
-- TEST.write(" properties = {RA_NAME: r'meTo_$host:$port',\n")
-- TEST.write(" RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],\n")
-- TEST.write(" RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],\n")
-- TEST.write(" RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],\n")
-- TEST.write(" RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n")
-- TEST.write(' h' + str(hub_idx) + '_c' + str(idx) + '_agmt = hub' +
-- str(hub_idx) + '.agreement.create(suffix=SUFFIX, host=consumer' +
-- str(idx) + '.host, port=consumer' + str(idx) + '.port, properties=properties)\n')
-- TEST.write(' if not h' + str(hub_idx) + '_c' + str(idx) + '_agmt:\n')
-- TEST.write(' log.fatal("Fail to create a hub -> consumer replica agreement")\n')
-+ TEST.write(' # Creating agreement from hub ' + str(hub_idx)
-+ + ' to consumer ' + str(idx) + '\n')
-+ TEST.write(" properties = {RA_NAME: " +
-+ "r'meTo_$host:$port',\n")
-+ TEST.write(" RA_BINDDN: " +
-+ "defaultProperties[REPLICATION_BIND_DN],\n")
-+ TEST.write(" RA_BINDPW: " +
-+ "defaultProperties[REPLICATION_BIND_PW],\n")
-+ TEST.write(" RA_METHOD: " +
-+ "defaultProperties[REPLICATION_BIND_METHOD],\n")
-+ TEST.write(" RA_TRANSPORT_PROT: " +
-+ "defaultProperties[REPLICATION_TRANSPORT]}\n")
-+ TEST.write(' h' + str(hub_idx) + '_c' + str(idx) +
-+ '_agmt = hub' + str(hub_idx) +
-+ '.agreement.create(suffix=SUFFIX, host=consumer' +
-+ str(idx) + '.host, port=consumer' + str(idx) +
-+ '.port, properties=properties)\n')
-+ TEST.write(' if not h' + str(hub_idx) + '_c' + str(idx) +
-+ '_agmt:\n')
-+ TEST.write(' log.fatal("Fail to create a hub -> ' +
-+ 'consumer replica agreement")\n')
- TEST.write(' sys.exit(1)\n')
-- TEST.write(' log.debug("%s created" % h' + str(hub_idx) + '_c' + str(idx) + '_agmt)\n\n')
-+ TEST.write(' log.debug("%s created" % h' + str(hub_idx) +
-+ '_c' + str(idx) + '_agmt)\n\n')
- agmt_count += 1
-
- if hubs == 0:
- #
-- # No Hubs, see if there are any consumers to create agreements to...
-+ # No Hubs, see if there are any consumers to create agreements to
- #
- for idx in range(masters):
- master_idx = idx + 1
-@@ -351,27 +419,40 @@ if len(sys.argv) > 0:
- #
- # Create agreements from each master to each consumer
- #
-- TEST.write(' # Creating agreement from master ' + str(master_idx) +
-- ' to consumer ' + str(idx) + '\n')
-- TEST.write(" properties = {RA_NAME: r'meTo_$host:$port',\n")
-- TEST.write(" RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],\n")
-- TEST.write(" RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],\n")
-- TEST.write(" RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],\n")
-- TEST.write(" RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}\n")
-- TEST.write(' m' + str(master_idx) + '_c' + str(idx) + '_agmt = master' + str(master_idx) +
-- '.agreement.create(suffix=SUFFIX, host=consumer' +
-- str(idx) + '.host, port=consumer' + str(idx) +
-- '.port, properties=properties)\n')
-- TEST.write(' if not m' + str(master_idx) + '_c' + str(idx) + '_agmt:\n')
-- TEST.write(' log.fatal("Fail to create a hub -> consumer replica agreement")\n')
-+ TEST.write(' # Creating agreement from master ' +
-+ str(master_idx) + ' to consumer ' + str(idx) +
-+ '\n')
-+ TEST.write(" properties = {RA_NAME: " +
-+ "r'meTo_$host:$port',\n")
-+ TEST.write(" RA_BINDDN: " +
-+ "defaultProperties[REPLICATION_BIND_DN],\n")
-+ TEST.write(" RA_BINDPW: " +
-+ "defaultProperties[REPLICATION_BIND_PW],\n")
-+ TEST.write(" RA_METHOD: " +
-+ "defaultProperties[REPLICATION_BIND_METHOD],\n")
-+ TEST.write(" RA_TRANSPORT_PROT: " +
-+ "defaultProperties[REPLICATION_TRANSPORT]}\n")
-+ TEST.write(' m' + str(master_idx) + '_c' + str(idx) +
-+ '_agmt = master' + str(master_idx) +
-+ '.agreement.create(suffix=SUFFIX, ' +
-+ 'host=consumer' + str(idx) +
-+ '.host, port=consumer' + str(idx) +
-+ '.port, properties=properties)\n')
-+ TEST.write(' if not m' + str(master_idx) + '_c' +
-+ str(idx) + '_agmt:\n')
-+ TEST.write(' log.fatal("Fail to create a hub -> ' +
-+ 'consumer replica agreement")\n')
- TEST.write(' sys.exit(1)\n')
-- TEST.write(' log.debug("%s created" % m' + str(master_idx) + '_c' + str(idx) + '_agmt)\n\n')
-+ TEST.write(' log.debug("%s created" % m' +
-+ str(master_idx) + '_c' + str(idx) +
-+ '_agmt)\n\n')
- agmt_count += 1
-
- #
- # Add sleep that allows all the agreemnts to get situated
- #
-- TEST.write(' # Allow the replicas to get situated with the new agreements...\n')
-+ TEST.write(' # Allow the replicas to get situated with the new ' +
-+ 'agreements...\n')
- TEST.write(' time.sleep(5)\n\n')
-
- #
-@@ -388,7 +469,8 @@ if len(sys.argv) > 0:
- continue
- TEST.write(' master1.agreement.init(SUFFIX, HOST_MASTER_' +
- str(idx) + ', PORT_MASTER_' + str(idx) + ')\n')
-- TEST.write(' master1.waitForReplInit(m1_m' + str(idx) + '_agmt)\n')
-+ TEST.write(' master1.waitForReplInit(m1_m' + str(idx) +
-+ '_agmt)\n')
-
- # Hubs
- consumers_inited = False
-@@ -396,23 +478,27 @@ if len(sys.argv) > 0:
- idx += 1
- TEST.write(' master1.agreement.init(SUFFIX, HOST_HUB_' +
- str(idx) + ', PORT_HUB_' + str(idx) + ')\n')
-- TEST.write(' master1.waitForReplInit(m1_h' + str(idx) + '_agmt)\n')
-+ TEST.write(' master1.waitForReplInit(m1_h' + str(idx) +
-+ '_agmt)\n')
- for idx in range(consumers):
- if consumers_inited:
- continue
- idx += 1
- TEST.write(' hub1.agreement.init(SUFFIX, HOST_CONSUMER_' +
- str(idx) + ', PORT_CONSUMER_' + str(idx) + ')\n')
-- TEST.write(' hub1.waitForReplInit(h1_c' + str(idx) + '_agmt)\n')
-+ TEST.write(' hub1.waitForReplInit(h1_c' + str(idx) +
-+ '_agmt)\n')
- consumers_inited = True
-
- # Consumers (master -> consumer)
- if hubs == 0:
- for idx in range(consumers):
- idx += 1
-- TEST.write(' master1.agreement.init(SUFFIX, HOST_CONSUMER_' +
-- str(idx) + ', PORT_CONSUMER_' + str(idx) + ')\n')
-- TEST.write(' master1.waitForReplInit(m1_c' + str(idx) + '_agmt)\n')
-+ TEST.write(' master1.agreement.init(SUFFIX, ' +
-+ 'HOST_CONSUMER_' + str(idx) + ', PORT_CONSUMER_' +
-+ str(idx) + ')\n')
-+ TEST.write(' master1.waitForReplInit(m1_c' + str(idx) +
-+ '_agmt)\n')
-
- TEST.write('\n')
-
-@@ -420,7 +506,7 @@ if len(sys.argv) > 0:
- # Write replicaton check
- #
- if agmt_count > 0:
-- # Find the lowest replica type in the deployment(consumer -> master)
-+ # Find the lowest replica type (consumer -> master)
- if consumers > 0:
- replica = 'consumer1'
- elif hubs > 0:
-@@ -428,7 +514,8 @@ if len(sys.argv) > 0:
- else:
- replica = 'master2'
- TEST.write(' # Check replication is working...\n')
-- TEST.write(' if master1.testReplication(DEFAULT_SUFFIX, ' + replica + '):\n')
-+ TEST.write(' if master1.testReplication(DEFAULT_SUFFIX, ' +
-+ replica + '):\n')
- TEST.write(" log.info('Replication is working.')\n")
- TEST.write(' else:\n')
- TEST.write(" log.fatal('Replication is not working.')\n")
-@@ -465,15 +552,22 @@ if len(sys.argv) > 0:
- idx = str(idx)
- TEST.write(' # Creating standalone instance ' + idx + '...\n')
- TEST.write(' standalone' + idx + ' = DirSrv(verbose=False)\n')
-- TEST.write(' args_instance[SER_HOST] = HOST_STANDALONE' + idx + '\n')
-- TEST.write(' args_instance[SER_PORT] = PORT_STANDALONE' + idx + '\n')
-- TEST.write(' args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE' + idx + '\n')
-- TEST.write(' args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX\n')
-- TEST.write(' args_standalone' + idx + ' = args_instance.copy()\n')
-- TEST.write(' standalone' + idx + '.allocate(args_standalone' + idx + ')\n')
-+ TEST.write(' args_instance[SER_HOST] = HOST_STANDALONE' +
-+ idx + '\n')
-+ TEST.write(' args_instance[SER_PORT] = PORT_STANDALONE' +
-+ idx + '\n')
-+ TEST.write(' args_instance[SER_SERVERID_PROP] = ' +
-+ 'SERVERID_STANDALONE' + idx + '\n')
-+ TEST.write(' args_instance[SER_CREATION_SUFFIX] = ' +
-+ 'DEFAULT_SUFFIX\n')
-+ TEST.write(' args_standalone' + idx + ' = args_instance.copy' +
-+ '()\n')
-+ TEST.write(' standalone' + idx + '.allocate(args_standalone' +
-+ idx + ')\n')
-
- # Get the status of the instance and restart it if it exists
-- TEST.write(' instance_standalone' + idx + ' = standalone' + idx + '.exists()\n')
-+ TEST.write(' instance_standalone' + idx + ' = standalone' +
-+ idx + '.exists()\n')
-
- # Remove the instance
- TEST.write(' if instance_standalone' + idx + ':\n')
-@@ -503,12 +597,20 @@ if len(sys.argv) > 0:
- TEST.write('def test_ticket' + ticket + '(topology):\n')
- TEST.write(" '''\n")
- if repl_deployment:
-- TEST.write(' Write your replication testcase here.\n\n')
-- TEST.write(' To access each DirSrv instance use: topology.master1, topology.master2,\n' +
-- ' ..., topology.hub1, ..., topology.consumer1, ...\n')
-+ TEST.write(' """Write your replication testcase here.\n\n')
-+ TEST.write(' To access each DirSrv instance use: ' +
-+ 'topology.master1, topology.master2,\n' +
-+ ' ..., topology.hub1, ..., topology.consumer1' +
-+ ',...\n\n')
-+ TEST.write(' Also, if you need any testcase initialization,\n')
-+ TEST.write(' please, write additional fixture for that' +
-+ '(include ' + 'finalizer).\n')
- else:
-- TEST.write(' Write your testcase here...\n')
-- TEST.write(" '''\n\n")
-+ TEST.write(' """Write your testcase here...\n\n')
-+ TEST.write(' Also, if you need any testcase initialization,\n')
-+ TEST.write(' please, write additional fixture for that' +
-+ '(include finalizer).\n')
-+ TEST.write(' """\n\n')
- TEST.write(" log.info('Test complete')\n")
- TEST.write("\n\n")
- else:
-@@ -520,43 +622,11 @@ if len(sys.argv) > 0:
-
- # Write the first initial empty test function
- TEST.write('def test_' + suite + '_#####(topology):\n')
-- TEST.write(" '''\n")
-- TEST.write(' Write a single test here...\n')
-- TEST.write(" '''\n\n return\n\n\n")
--
-- #
-- # Write the final function here - delete each instance
-- #
-- if ticket:
-- TEST.write('def test_ticket' + ticket + '_final(topology):\n')
-- else:
-- # suite
-- TEST.write('def test_' + suite + '_final(topology):\n')
-- if repl_deployment:
-- for idx in range(masters):
-- idx += 1
-- TEST.write(' topology.master' + str(idx) + '.delete()\n')
-- for idx in range(hubs):
-- idx += 1
-- TEST.write(' topology.hub' + str(idx) + '.delete()\n')
-- for idx in range(consumers):
-- idx += 1
-- TEST.write(' topology.consumer' + str(idx) + '.delete()\n')
-- else:
-- for idx in range(instances):
-- idx += 1
-- if idx == 1:
-- idx = ''
-- else:
-- idx = str(idx)
-- TEST.write(' topology.standalone' + idx + '.delete()\n')
--
-- if ticket:
-- TEST.write(" log.info('Testcase PASSED')\n")
-- else:
-- # suite
-- TEST.write(" log.info('" + suite + " test suite PASSED')\n")
-- TEST.write('\n\n')
-+ TEST.write(' """Write a single test here...\n\n')
-+ TEST.write(' Also, if you need any test suite initialization,\n')
-+ TEST.write(' please, write additional fixture for that(include ' +
-+ 'finalizer).\n')
-+ TEST.write(' """\n\n return\n\n\n')
-
- #
- # Write the main function
-@@ -576,7 +646,10 @@ if len(sys.argv) > 0:
- TEST.write('\n\n')
-
- TEST.write("if __name__ == '__main__':\n")
-- TEST.write(' run_isolated()\n\n')
-+ TEST.write(' # Run isolated\n')
-+ TEST.write(' # -s for DEBUG mode\n')
-+ TEST.write(' CURRENT_FILE = os.path.realpath(__file__)\n')
-+ TEST.write(' pytest.main("-s %s" % CURRENT_FILE)\n')
-
- #
- # Done, close things up
-diff --git a/dirsrvtests/tickets/ticket48370_test.py b/dirsrvtests/tickets/ticket48370_test.py
-new file mode 100644
-index 0000000..f5b1f47
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket48370_test.py
-@@ -0,0 +1,236 @@
-+import os
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ global installation1_prefix
-+ if installation1_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+ # Creating standalone instance ...
-+ standalone = DirSrv(verbose=False)
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ standalone.delete()
-+ standalone.create()
-+ standalone.open()
-+
-+ # Delete each instance in the end
-+ def fin():
-+ standalone.delete()
-+ request.addfinalizer(fin)
-+
-+ # Clear out the tmp dir
-+ standalone.clearTmpDir(__file__)
-+
-+ return TopologyStandalone(standalone)
-+
-+
-+def test_ticket48370(topology):
-+ """
-+ Deleting attirbute values and readding a value does not properly update
-+ the pres index. The values are not actually deleted from the index
-+ """
-+
-+ DN = 'uid=user0099,' + DEFAULT_SUFFIX
-+
-+ #
-+ # Add an entry
-+ #
-+ topology.standalone.add_s(Entry((DN, {
-+ 'objectclass': ['top', 'person',
-+ 'organizationalPerson',
-+ 'inetorgperson',
-+ 'posixAccount'],
-+ 'givenname': 'test',
-+ 'sn': 'user',
-+ 'loginshell': '/bin/bash',
-+ 'uidNumber': '10099',
-+ 'gidNumber': '10099',
-+ 'gecos': 'Test User',
-+ 'mail': ['user0099@dev.null',
-+ 'alias@dev.null',
-+ 'user0099@redhat.com'],
-+ 'cn': 'Test User',
-+ 'homeDirectory': '/home/user0099',
-+ 'uid': 'admin2',
-+ 'userpassword': 'password'})))
-+
-+ #
-+ # Perform modify (delete & add mail attributes)
-+ #
-+ try:
-+ topology.standalone.modify_s(DN, [(ldap.MOD_DELETE,
-+ 'mail',
-+ 'user0099@dev.null'),
-+ (ldap.MOD_DELETE,
-+ 'mail',
-+ 'alias@dev.null'),
-+ (ldap.MOD_ADD,
-+ 'mail', 'user0099@dev.null')])
-+ except ldap.LDAPError as e:
-+ log.fatal('Failedto modify user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Search using deleted attribute value- no entries should be returned
-+ #
-+ try:
-+ entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ 'mail=alias@dev.null')
-+ if entry:
-+ log.fatal('Entry incorrectly returned')
-+ assert False
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to search for user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Search using existing attribute value - the entry should be returned
-+ #
-+ try:
-+ entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ 'mail=user0099@dev.null')
-+ if entry is None:
-+ log.fatal('Entry not found, but it should have been')
-+ assert False
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to search for user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Delete the last values
-+ #
-+ try:
-+ topology.standalone.modify_s(DN, [(ldap.MOD_DELETE,
-+ 'mail',
-+ 'user0099@dev.null'),
-+ (ldap.MOD_DELETE,
-+ 'mail',
-+ 'user0099@redhat.com')
-+ ])
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to modify user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Search using deleted attribute value - no entries should be returned
-+ #
-+ try:
-+ entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ 'mail=user0099@redhat.com')
-+ if entry:
-+ log.fatal('Entry incorrectly returned')
-+ assert False
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to search for user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Make sure presence index is correctly updated - no entries should be
-+ # returned
-+ #
-+ try:
-+ entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ 'mail=*')
-+ if entry:
-+ log.fatal('Entry incorrectly returned')
-+ assert False
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to search for user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Now add the attributes back, and lets run a different set of tests with
-+ # a different number of attributes
-+ #
-+ try:
-+ topology.standalone.modify_s(DN, [(ldap.MOD_ADD,
-+ 'mail',
-+ ['user0099@dev.null',
-+ 'alias@dev.null'])])
-+ except ldap.LDAPError as e:
-+ log.fatal('Failedto modify user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Remove and readd some attibutes
-+ #
-+ try:
-+ topology.standalone.modify_s(DN, [(ldap.MOD_DELETE,
-+ 'mail',
-+ 'alias@dev.null'),
-+ (ldap.MOD_DELETE,
-+ 'mail',
-+ 'user0099@dev.null'),
-+ (ldap.MOD_ADD,
-+ 'mail', 'user0099@dev.null')])
-+ except ldap.LDAPError as e:
-+ log.fatal('Failedto modify user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Search using deleted attribute value - no entries should be returned
-+ #
-+ try:
-+ entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ 'mail=alias@dev.null')
-+ if entry:
-+ log.fatal('Entry incorrectly returned')
-+ assert False
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to search for user: ' + str(e))
-+ assert False
-+
-+ #
-+ # Search using existing attribute value - the entry should be returned
-+ #
-+ try:
-+ entry = topology.standalone.search_s(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ 'mail=user0099@dev.null')
-+ if entry is None:
-+ log.fatal('Entry not found, but it should have been')
-+ assert False
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to search for user: ' + str(e))
-+ assert False
-+
-+ log.info('Test PASSED')
-+
-+
-+if __name__ == '__main__':
-+ # Run isolated
-+ # -s for DEBUG mode
-+ CURRENT_FILE = os.path.realpath(__file__)
-+ pytest.main("-s %s" % CURRENT_FILE)
-diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
-index 2adf2f8..00e78a7 100644
---- a/ldap/servers/slapd/back-ldbm/index.c
-+++ b/ldap/servers/slapd/back-ldbm/index.c
-@@ -727,31 +727,24 @@ index_add_mods(
- flags = BE_INDEX_DEL|BE_INDEX_PRESENCE|BE_INDEX_EQUALITY;
- } else {
- flags = BE_INDEX_DEL;
--
-- /* If the same value doesn't exist in a subtype, set
-- * BE_INDEX_EQUALITY flag so the equality index is
-- * removed.
-- */
- curr_attr = NULL;
- slapi_entry_attr_find(olde->ep_entry,
-- mods[i]->mod_type, &curr_attr);
-+ mods[i]->mod_type,
-+ &curr_attr);
- if (curr_attr) {
-- int found = 0;
- for (j = 0; mods_valueArray[j] != NULL; j++ ) {
-- if ( slapi_valueset_find(curr_attr, all_vals, mods_valueArray[j])) {
-- /* The same value found in evals.
-- * We don't touch the equality index. */
-- found = 1;
-+ if ( !slapi_valueset_find(curr_attr, all_vals, mods_valueArray[j]) ) {
-+ /*
-+ * If the mod del value is not found in all_vals
-+ * we need to update the equality index as the
-+ * final value(s) have changed
-+ */
-+ if (!(flags & BE_INDEX_EQUALITY)) {
-+ flags |= BE_INDEX_EQUALITY;
-+ }
- break;
- }
- }
-- /*
-- * to-be-deleted curr_attr does not exist in the
-- * new value set evals. So, we can remove it.
-- */
-- if (!found && !(flags & BE_INDEX_EQUALITY)) {
-- flags |= BE_INDEX_EQUALITY;
-- }
- }
- }
-
---
-2.4.3
-
diff --git a/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch b/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch
deleted file mode 100644
index 11ceecf..0000000
--- a/SOURCES/0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From ba82865fe34c4b6f1a3df283b4848f29ee99ae05 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 9 Dec 2015 12:05:24 -0800
-Subject: [PATCH 78/78] Ticket #48375 - SimplePagedResults -- in the search
- error case, simple paged results slot was not released.
-
-Description: If a simple paged results search fails in the backend,
-the simple paged results slot was not released. This patch adds it.
-
-https://fedorahosted.org/389/ticket/48375
-
-Reviewed by tbordaz@redhat.com (Thank you, Thierry!!)
-
-(cherry picked from commit 5a54717bfa40e3ef987bd85c5806125e49b2b278)
-(cherry picked from commit b91aad03b660aea85cb745554f27101c690f8402)
----
- ldap/servers/slapd/opshared.c | 21 ++++++++++++++++-----
- 1 file changed, 16 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 586ca1f..5cafc3c 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -814,15 +814,26 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- * wait the end of the loop to send back this error
- */
- flag_no_such_object = 1;
-- break;
-+ } else {
-+ /* err something other than LDAP_NO_SUCH_OBJECT, so the backend will
-+ * have sent the result -
-+ * Set a flag here so we don't return another result. */
-+ sent_result = 1;
- }
-- /* err something other than LDAP_NO_SUCH_OBJECT, so the backend will
-- * have sent the result -
-- * Set a flag here so we don't return another result. */
-- sent_result = 1;
- /* fall through */
-
- case -1: /* an error occurred */
-+ /* PAGED RESULTS */
-+ if (op_is_pagedresults(operation)) {
-+ /* cleanup the slot */
-+ PR_Lock(pb->pb_conn->c_mutex);
-+ pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
-+ rc = pagedresults_set_current_be(pb->pb_conn, NULL, pr_idx, 1);
-+ PR_Unlock(pb->pb_conn->c_mutex);
-+ }
-+ if (1 == flag_no_such_object) {
-+ break;
-+ }
- slapi_pblock_get(pb, SLAPI_RESULT_CODE, &err);
- if (err == LDAP_NO_SUCH_OBJECT)
- {
---
-2.4.3
-
diff --git a/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch b/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch
deleted file mode 100644
index 9346196..0000000
--- a/SOURCES/0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 818f6a27ff92bf7adb5f378f985e9c8f36193812 Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Tue, 22 Sep 2015 17:51:35 +0200
-Subject: [PATCH] Ticket 48283 - many attrlist_replace errors in connection
- with cleanallruv
-
-Bug Description: attrlist_replace error messages are logged because the
- list of values contains duplicate attributes
-
-Fix Description: the duplicate values can appear because when a replica
- is removed from the ruv the array is compacted, but
- memcpy is used instead of memmove
-
-https://fedorahosted.org/389/ticket/48283
-
-Reviewed by: Rich, Thanks
-
-(cherry picked from commit 2674f5594a2eb088be34728c12c1169df36b1588)
----
- ldap/servers/slapd/dl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/dl.c b/ldap/servers/slapd/dl.c
-index 8233519..c6858f3 100644
---- a/ldap/servers/slapd/dl.c
-+++ b/ldap/servers/slapd/dl.c
-@@ -219,7 +219,7 @@ void *dl_delete (DataList *dl, const void *element, CMPFN cmpfn, FREEFN freefn)
-
- if (i != dl->element_count - 1)
- {
-- memcpy (&dl->elements[i], &dl->elements[i+1], (dl->element_count - i - 1) * sizeof (void*));
-+ memmove (&dl->elements[i], &dl->elements[i+1], (dl->element_count - i - 1) * sizeof (void*));
- }
-
- dl->element_count --;
---
-2.4.3
-
diff --git a/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch b/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch
deleted file mode 100644
index 661eb52..0000000
--- a/SOURCES/0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 45ea72050bfafa3dab744cec4338dd8ddca41a0c Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 7 Jan 2016 18:04:19 -0800
-Subject: [PATCH 80/81] Revert "Ticket #48338 - SimplePagedResults -- abandon
- could happen between the abandon check and sending results"
-
-This reverts commit 79ca67d1fc5d50d8a9ae6b686b9564f3960f8592.
-
-The commit caused the bug 1296694 - ns-slapd crash in ipa context -
-c_mutex lock memory corruption and self locks
-
-(cherry picked from commit 181847863bda74c2e3d77b6a7d9278350d50d4cc)
-(cherry picked from commit c8b1817896af7db6e4fab42734b827e002a7a25b)
----
- ldap/servers/slapd/pblock.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index f2017be..bf57a33 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -223,12 +223,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- memset( value, 0, sizeof( PRNetAddr ));
- break;
- }
-- /* For fields with atomic access, remove the PR_Lock(c_mutex) */
-+ PR_Lock( pblock->pb_conn->c_mutex );
- if ( pblock->pb_conn->cin_addr == NULL ) {
- memset( value, 0, sizeof( PRNetAddr ));
- } else {
-- (*(PRNetAddr *)value) = *(pblock->pb_conn->cin_addr);
-+ (*(PRNetAddr *)value) =
-+ *(pblock->pb_conn->cin_addr);
- }
-+ PR_Unlock( pblock->pb_conn->c_mutex );
- break;
- case SLAPI_CONN_SERVERNETADDR:
- if (pblock->pb_conn == NULL)
---
-2.4.3
-
diff --git a/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch b/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
deleted file mode 100644
index cb99e65..0000000
--- a/SOURCES/0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
+++ /dev/null
@@ -1,1510 +0,0 @@
-From ae9df61b523152e01051afa8c115c97fe59310b5 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 11 Jan 2016 15:53:28 -0800
-Subject: [PATCH 81/81] Ticket #48406 - Avoid self deadlock by
- PR_Lock(conn->c_mutex)
-
-Description: Fixing ticket 48338 introduced a self deadlock.
-To avoid the self deadlock, tried to remove PR_Lock(conn->c_mutex)
-which looked harmless, but it introduced a crash by memory corruption.
-
-This patch replaces PR_Lock/Unlock with PR_EnterMonitor/ExitMonitor,
-respectively.
-
-https://fedorahosted.org/389/ticket/48406
-
-Reviewed by rmeggins@redhat.com, lkrispen@redhat.com, and wibrown@redhat.com.
-Thank you, Rich, Ludwig and William!
-
-(cherry picked from commit f25f804a8bce83b3790e7045dfc03230d7ece1af)
-(cherry picked from commit 84da7d05ddc5a963b0d025df08f38a6ccd7d90d2)
----
- ldap/servers/slapd/abandon.c | 4 +-
- ldap/servers/slapd/bind.c | 4 +-
- ldap/servers/slapd/connection.c | 64 +++++++++++-----------
- ldap/servers/slapd/conntable.c | 19 +++----
- ldap/servers/slapd/daemon.c | 22 ++++----
- ldap/servers/slapd/extendop.c | 10 ++--
- ldap/servers/slapd/operation.c | 18 +++----
- ldap/servers/slapd/opshared.c | 18 +++----
- ldap/servers/slapd/pagedresults.c | 100 +++++++++++++++++------------------
- ldap/servers/slapd/pblock.c | 72 ++++++++++++-------------
- ldap/servers/slapd/psearch.c | 10 ++--
- ldap/servers/slapd/saslbind.c | 26 ++++-----
- ldap/servers/slapd/slap.h | 2 +-
- ldap/servers/slapd/start_tls_extop.c | 10 ++--
- ldap/servers/slapd/unbind.c | 4 +-
- 15 files changed, 192 insertions(+), 191 deletions(-)
-
-diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c
-index 761b895..9a39f6a 100644
---- a/ldap/servers/slapd/abandon.c
-+++ b/ldap/servers/slapd/abandon.c
-@@ -77,7 +77,7 @@ do_abandon( Slapi_PBlock *pb )
- * flag and abort the operation at a convenient time.
- */
-
-- PR_Lock( pb->pb_conn->c_mutex );
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- for ( o = pb->pb_conn->c_ops; o != NULL; o = o->o_next ) {
- if ( o->o_msgid == id && o != pb->pb_op)
- break;
-@@ -138,7 +138,7 @@ do_abandon( Slapi_PBlock *pb )
- o->o_results.r.r_search.nentries, current_time() - o->o_time );
- }
-
-- PR_Unlock( pb->pb_conn->c_mutex );
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
- /*
- * Wake up the persistent searches, so they
- * can notice if they've been abandoned.
-diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
-index 474b508..f81edfb 100644
---- a/ldap/servers/slapd/bind.c
-+++ b/ldap/servers/slapd/bind.c
-@@ -258,7 +258,7 @@ do_bind( Slapi_PBlock *pb )
- slapi_pblock_get (pb, SLAPI_PWPOLICY, &pw_response_requested);
- }
-
-- PR_Lock( pb->pb_conn->c_mutex );
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
-
- bind_credentials_clear( pb->pb_conn, PR_FALSE, /* do not lock conn */
- PR_FALSE /* do not clear external creds. */ );
-@@ -291,7 +291,7 @@ do_bind( Slapi_PBlock *pb )
- * bound user can work properly
- */
- pb->pb_conn->c_needpw = 0;
-- PR_Unlock( pb->pb_conn->c_mutex );
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
-
- log_bind_access(pb, dn?dn:"empty", method, version, saslmech, NULL);
-
-diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
-index fc3b741..a3d123e 100644
---- a/ldap/servers/slapd/connection.c
-+++ b/ldap/servers/slapd/connection.c
-@@ -147,7 +147,7 @@ connection_done(Connection *conn)
- }
- if (NULL != conn->c_mutex)
- {
-- PR_DestroyLock(conn->c_mutex);
-+ PR_DestroyMonitor(conn->c_mutex);
- }
- if (NULL != conn->c_pdumutex)
- {
-@@ -738,10 +738,10 @@ int connection_is_free (Connection *conn)
- {
- int rc;
-
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- rc = conn->c_sd == SLAPD_INVALID_SOCKET && conn->c_refcnt == 0 &&
- !(conn->c_flags & CONN_FLAG_CLOSING);
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
-
- return rc;
- }
-@@ -1128,7 +1128,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- PRInt32 syserr = 0;
- size_t buffer_data_avail;
-
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- /*
- * if the socket is still valid, get the ber element
- * waiting for us on this connection. timeout is handled
-@@ -1317,15 +1317,15 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- }
- op->o_tag = *tag;
- done:
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- return ret;
- }
-
- void connection_make_readable(Connection *conn)
- {
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- conn->c_gettingber = 0;
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- signal_listner();
- }
-
-@@ -1347,7 +1347,7 @@ void connection_check_activity_level(Connection *conn)
- {
- int current_count = 0;
- int delta_count = 0;
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- /* get the current op count */
- current_count = conn->c_opscompleted;
- /* compare to the previous op count */
-@@ -1358,7 +1358,7 @@ void connection_check_activity_level(Connection *conn)
- conn->c_private->previous_op_count = current_count;
- /* update the last checked time */
- conn->c_private->previous_count_check_time = current_time();
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " activity level = %d\n",conn->c_connid,delta_count,0);
- }
-
-@@ -1402,7 +1402,7 @@ void connection_enter_leave_turbo(Connection *conn, int current_turbo_flag, int
- int connection_count = 0;
- int our_rank = 0;
- int threshold_rank = 0;
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- /* We can already be in turbo mode, or not */
- current_mode = current_turbo_flag;
- if (pagedresults_in_use_nolock(conn)) {
-@@ -1458,7 +1458,7 @@ void connection_enter_leave_turbo(Connection *conn, int current_turbo_flag, int
- }
- }
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- if (current_mode != new_mode) {
- if (current_mode) {
- LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode\n",conn->c_connid,0,0);
-@@ -1564,13 +1564,13 @@ connection_threadmain()
- */
- PR_Sleep(PR_INTERVAL_NO_WAIT);
-
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- /* Make our own pb in turbo mode */
- connection_make_new_pb(pb,conn);
- if (connection_call_io_layer_callbacks(conn)) {
- LDAPDebug0Args( LDAP_DEBUG_ANY, "Error: could not add/remove IO layers from connection\n" );
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- if (! config_check_referral_mode()) {
- slapi_counter_increment(ops_initiated);
- slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsInOps);
-@@ -1685,7 +1685,7 @@ connection_threadmain()
- */
- } else if (!enable_nunc_stans) { /* more data in conn - just put back on work_q - bypass poll */
- bypasspollcnt++;
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- /* don't do this if it would put us over the max threads per conn */
- if (conn->c_threadnumber < maxthreads) {
- /* for turbo, c_idlesince is set above - for !turbo and
-@@ -1700,7 +1700,7 @@ connection_threadmain()
- /* keep count of how many times maxthreads has blocked an operation */
- conn->c_maxthreadsblocked++;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- }
-
-@@ -1736,14 +1736,14 @@ connection_threadmain()
-
- done:
- if (doshutdown) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- connection_remove_operation_ext(pb, conn, op);
- connection_make_readable_nolock(conn);
- conn->c_threadnumber--;
- slapi_counter_decrement(conns_in_maxthreads);
- slapi_counter_decrement(g_get_global_snmp_vars()->ops_tbl.dsConnectionsInMaxThreads);
- connection_release_nolock(conn);
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- signal_listner();
- return;
- }
-@@ -1760,9 +1760,9 @@ done:
- slapi_counter_increment(ops_completed);
- /* If this op isn't a persistent search, remove it */
- if ( pb->pb_op->o_flags & OP_FLAG_PS ) {
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- connection_release_nolock (conn); /* psearch acquires ref to conn - release this one now */
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- /* ps_add makes a shallow copy of the pb - so we
- * can't free it or init it here - just memset it to 0
- * ps_send_results will call connection_remove_operation_ext to free it
-@@ -1770,7 +1770,7 @@ done:
- memset(pb, 0, sizeof(*pb));
- } else {
- /* delete from connection operation queue & decr refcnt */
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- connection_remove_operation_ext( pb, conn, op );
-
- /* If we're in turbo mode, we keep our reference to the connection alive */
-@@ -1811,7 +1811,7 @@ done:
- signal_listner();
- }
- }
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- }
- } /* while (1) */
- }
-@@ -2071,16 +2071,16 @@ op_copy_identity(Connection *conn, Operation *op)
- size_t dnlen;
- size_t typelen;
-
-- PR_Lock( conn->c_mutex );
-- dnlen= conn->c_dn ? strlen (conn->c_dn) : 0;
-- typelen= conn->c_authtype ? strlen (conn->c_authtype) : 0;
-+ PR_EnterMonitor(conn->c_mutex);
-+ dnlen= conn->c_dn ? strlen (conn->c_dn) : 0;
-+ typelen= conn->c_authtype ? strlen (conn->c_authtype) : 0;
-
-- slapi_sdn_done(&op->o_sdn);
-- slapi_ch_free_string(&(op->o_authtype));
-+ slapi_sdn_done(&op->o_sdn);
-+ slapi_ch_free_string(&(op->o_authtype));
- if (dnlen <= 0 && typelen <= 0) {
- op->o_authtype = NULL;
- } else {
-- slapi_sdn_set_dn_byval(&op->o_sdn,conn->c_dn);
-+ slapi_sdn_set_dn_byval(&op->o_sdn,conn->c_dn);
- op->o_authtype = slapi_ch_strdup(conn->c_authtype);
- /* set the thread data bind dn index */
- slapi_td_set_dn(slapi_ch_strdup(conn->c_dn));
-@@ -2103,14 +2103,14 @@ op_copy_identity(Connection *conn, Operation *op)
- op->o_ssf = conn->c_local_ssf;
- }
-
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- }
-
- /* Sets the SSL SSF in the connection struct. */
- static void
- connection_set_ssl_ssf(Connection *conn)
- {
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
-
- if (conn->c_flags & CONN_FLAG_SSL) {
- SSL_SecurityStatus(conn->c_prfd, NULL, NULL, NULL, &(conn->c_ssl_ssf), NULL, NULL);
-@@ -2118,7 +2118,7 @@ connection_set_ssl_ssf(Connection *conn)
- conn->c_ssl_ssf = 0;
- }
-
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- }
-
- static int
-@@ -2165,9 +2165,9 @@ log_ber_too_big_error(const Connection *conn, ber_len_t ber_len,
- void
- disconnect_server( Connection *conn, PRUint64 opconnid, int opid, PRErrorCode reason, PRInt32 error )
- {
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- disconnect_server_nomutex( conn, opconnid, opid, reason, error );
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- }
-
- static ps_wakeup_all_fn_ptr ps_wakeup_all_fn = NULL;
-diff --git a/ldap/servers/slapd/conntable.c b/ldap/servers/slapd/conntable.c
-index d5b9058..37da9a5 100644
---- a/ldap/servers/slapd/conntable.c
-+++ b/ldap/servers/slapd/conntable.c
-@@ -85,11 +85,11 @@ connection_table_abandon_all_operations(Connection_Table *ct)
- int i;
- for ( i = 0; i < ct->size; i++ )
- {
-- if ( ct->c[i].c_mutex != NULL )
-+ if ( ct->c[i].c_mutex )
- {
-- PR_Lock( ct->c[i].c_mutex );
-+ PR_EnterMonitor(ct->c[i].c_mutex);
- connection_abandon_operations( &ct->c[i] );
-- PR_Unlock( ct->c[i].c_mutex );
-+ PR_ExitMonitor(ct->c[i].c_mutex);
- }
- }
- }
-@@ -139,7 +139,7 @@ connection_table_get_connection(Connection_Table *ct, int sd)
- if ( c->c_mutex == NULL )
- {
- PR_Lock( ct->table_mutex );
-- c->c_mutex = PR_NewLock();
-+ c->c_mutex = PR_NewMonitor();
- c->c_pdumutex = PR_NewLock();
- PR_Unlock( ct->table_mutex );
- if ( c->c_mutex == NULL || c->c_pdumutex == NULL )
-@@ -360,7 +360,7 @@ connection_table_as_entry(Connection_Table *ct, Slapi_Entry *e)
- /* Can't take c_mutex if holding table_mutex; temporarily unlock */
- PR_Unlock( ct->table_mutex );
-
-- PR_Lock( ct->c[i].c_mutex );
-+ PR_EnterMonitor(ct->c[i].c_mutex);
- if ( ct->c[i].c_sd != SLAPD_INVALID_SOCKET )
- {
- char buf2[20];
-@@ -420,7 +420,7 @@ connection_table_as_entry(Connection_Table *ct, Slapi_Entry *e)
- attrlist_merge( &e->e_attrs, "connection", vals );
- slapi_ch_free_string(&newbuf);
- }
-- PR_Unlock( ct->c[i].c_mutex );
-+ PR_ExitMonitor(ct->c[i].c_mutex);
- }
-
- PR_snprintf( buf, sizeof(buf), "%d", nconns );
-@@ -458,14 +458,15 @@ void
- connection_table_dump_activity_to_errors_log(Connection_Table *ct)
- {
- int i;
-+
- for ( i = 0; i < ct->size; i++ )
- {
- Connection *c= &(ct->c[i]);
-- if ( c->c_mutex != NULL )
-+ if ( c->c_mutex )
- {
- /* Find the connection we are referring to */
- int j= c->c_fdi;
-- PR_Lock( c->c_mutex );
-+ PR_EnterMonitor(c->c_mutex);
- if ( (c->c_sd != SLAPD_INVALID_SOCKET) &&
- (j >= 0) && (c->c_prfd == ct->fd[j].fd) )
- {
-@@ -475,7 +476,7 @@ connection_table_dump_activity_to_errors_log(Connection_Table *ct)
- LDAPDebug( LDAP_DEBUG_CONNS,"activity on %d%s\n", i, r ? "r" : "",0 );
- }
- }
-- PR_Unlock( c->c_mutex );
-+ PR_ExitMonitor(c->c_mutex);
- }
- }
- }
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index 5d70647..355f0fc 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1612,7 +1612,7 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps
- }
- else
- {
-- PR_Lock( c->c_mutex );
-+ PR_EnterMonitor(c->c_mutex);
- if (c->c_flags & CONN_FLAG_CLOSING)
- {
- /* A worker thread has marked that this connection
-@@ -1661,7 +1661,7 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps
- c->c_fdi = SLAPD_INVALID_SOCKET_INDEX;
- }
- }
-- PR_Unlock( c->c_mutex );
-+ PR_ExitMonitor(c->c_mutex);
- }
- c = next;
- }
-@@ -1680,7 +1680,7 @@ handle_timeout( void )
- time_t curtime = current_time();
-
- if (0 == prevtime) {
-- prevtime = time (&housekeeping_fire_time);
-+ prevtime = time (&housekeeping_fire_time);
- }
-
- if ( difftime(curtime, prevtime) >=
-@@ -1740,7 +1740,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
- {
- if ( c->c_mutex != NULL )
- {
-- PR_Lock( c->c_mutex );
-+ PR_EnterMonitor(c->c_mutex);
- if ( connection_is_active_nolock (c) && c->c_gettingber == 0 )
- {
- PRInt16 out_flags;
-@@ -1797,7 +1797,7 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
- SLAPD_DISCONNECT_IDLE_TIMEOUT, EAGAIN );
- }
- }
-- PR_Unlock( c->c_mutex );
-+ PR_ExitMonitor(c->c_mutex);
- }
- }
- }
-@@ -1843,12 +1843,12 @@ ns_handle_closure(struct ns_job_t *job)
- return;
- }
- #endif
-- PR_Lock(c->c_mutex);
-+ PR_EnterMonitor(c->c_mutex);
- connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */
- PR_ASSERT(c->c_ns_close_jobs == 1); /* should be exactly 1 active close job - this one */
- c->c_ns_close_jobs--; /* this job is processing closure */
- do_yield = ns_handle_closure_nomutex(c);
-- PR_Unlock(c->c_mutex);
-+ PR_ExitMonitor(c->c_mutex);
- ns_job_done(job);
- if (do_yield) {
- /* closure not done - another reference still outstanding */
-@@ -1939,7 +1939,7 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
- }
- #endif
-
-- PR_Lock(c->c_mutex);
-+ PR_EnterMonitor(c->c_mutex);
- LDAPDebug2Args(LDAP_DEBUG_CONNS, "activity on conn %" NSPRIu64 " for fd=%d\n",
- c->c_connid, c->c_sd);
- /* if we were called due to some i/o event, see what the state of the socket is */
-@@ -1986,7 +1986,7 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
- LDAPDebug2Args(LDAP_DEBUG_CONNS, "queued conn %" NSPRIu64 " for fd=%d\n",
- c->c_connid, c->c_sd);
- }
-- PR_Unlock(c->c_mutex);
-+ PR_ExitMonitor(c->c_mutex);
- ns_job_done(job);
- return;
- }
-@@ -2493,7 +2493,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
- PR_Close(pr_acceptfd);
- return -1;
- }
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
-
- /*
- * Set the default idletimeout and the handle. We'll update c_idletimeout
-@@ -2592,7 +2592,7 @@ handle_new_connection(Connection_Table *ct, int tcps, PRFileDesc *pr_acceptfd, i
- connection_table_move_connection_on_to_active_list(the_connection_table,conn);
- }
-
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
-
- g_increment_current_conn_count();
-
-diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c
-index 94036c6..8d0b8fb 100644
---- a/ldap/servers/slapd/extendop.c
-+++ b/ldap/servers/slapd/extendop.c
-@@ -61,7 +61,7 @@ static void extop_handle_import_start(Slapi_PBlock *pb, char *extoid,
- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL);
- return;
- }
-- suffix = slapi_sdn_get_dn(sdn);
-+ suffix = slapi_sdn_get_dn(sdn);
- /* be = slapi_be_select(sdn); */
- be = slapi_mapping_tree_find_backend_for_sdn(sdn);
- if (be == NULL || be == defbackend_get_backend()) {
-@@ -135,10 +135,10 @@ static void extop_handle_import_start(Slapi_PBlock *pb, char *extoid,
- /* okay, the import is starting now -- save the backend in the
- * connection block & mark this connection as belonging to a bulk import
- */
-- PR_Lock(pb->pb_conn->c_mutex);
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- pb->pb_conn->c_flags |= CONN_FLAG_IMPORT;
- pb->pb_conn->c_bi_backend = be;
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
-
- slapi_pblock_set(pb, SLAPI_EXT_OP_RET_OID, EXTOP_BULK_IMPORT_START_OID);
- bv.bv_val = NULL;
-@@ -160,11 +160,11 @@ static void extop_handle_import_done(Slapi_PBlock *pb, char *extoid,
- struct berval bv;
- int ret;
-
-- PR_Lock(pb->pb_conn->c_mutex);
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- pb->pb_conn->c_flags &= ~CONN_FLAG_IMPORT;
- be = pb->pb_conn->c_bi_backend;
- pb->pb_conn->c_bi_backend = NULL;
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
-
- if ((be == NULL) || (be->be_wire_import == NULL)) {
- /* can this even happen? */
-diff --git a/ldap/servers/slapd/operation.c b/ldap/servers/slapd/operation.c
-index 869298b..6c95552 100644
---- a/ldap/servers/slapd/operation.c
-+++ b/ldap/servers/slapd/operation.c
-@@ -570,7 +570,7 @@ int slapi_connection_acquire(Slapi_Connection *conn)
- {
- int rc;
-
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- /* rc = connection_acquire_nolock(conn); */
- /* connection in the closing state can't be acquired */
- if (conn->c_flags & CONN_FLAG_CLOSING)
-@@ -586,7 +586,7 @@ int slapi_connection_acquire(Slapi_Connection *conn)
- conn->c_refcnt++;
- rc = 0;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- return(rc);
- }
-
-@@ -596,7 +596,7 @@ slapi_connection_remove_operation( Slapi_PBlock *pb, Slapi_Connection *conn, Sla
- int rc = 0;
- Slapi_Operation **olist= &conn->c_ops;
- Slapi_Operation **tmp;
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- /* connection_remove_operation_ext(pb, conn,op); */
- for ( tmp = olist; *tmp != NULL && *tmp != op; tmp = &(*tmp)->o_next )
- ; /* NULL */
-@@ -614,15 +614,15 @@ slapi_connection_remove_operation( Slapi_PBlock *pb, Slapi_Connection *conn, Sla
- if (release) {
- /* connection_release_nolock(conn); */
- if (conn->c_refcnt <= 0) {
-- slapi_log_error(SLAPI_LOG_FATAL, "connection",
-- "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not acquired\n",
-- conn->c_connid, conn->c_sd);
-- rc = -1;
-+ slapi_log_error(SLAPI_LOG_FATAL, "connection",
-+ "conn=%" NSPRIu64 " fd=%d Attempt to release connection that is not acquired\n",
-+ conn->c_connid, conn->c_sd);
-+ rc = -1;
- } else {
-- conn->c_refcnt--;
-+ conn->c_refcnt--;
- rc = 0;
- }
- }
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- return (rc);
- }
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 5cafc3c..e76ca0f 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -675,7 +675,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- * In async paged result case, the search result might be released
- * by other theads. We need to double check it in the locked region.
- */
-- PR_Lock(pb->pb_conn->c_mutex);
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, 1/*locked*/, pr_idx);
- if (pr_search_result) {
- if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, 1/*locked*/, pr_idx)) {
-@@ -683,7 +683,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- /* Previous operation was abandoned and the simplepaged object is not in use. */
- send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
- rc = LDAP_SUCCESS;
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
- goto free_and_return;
- } else {
- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-@@ -692,7 +692,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- /* search result could be reset in the backend/dse */
- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
- pagedresults_set_search_result(pb->pb_conn, operation, sr, 1/*locked*/, pr_idx);
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
- }
- } else {
- pr_stat = PAGEDRESULTS_SEARCH_END;
-@@ -826,10 +826,10 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- /* PAGED RESULTS */
- if (op_is_pagedresults(operation)) {
- /* cleanup the slot */
-- PR_Lock(pb->pb_conn->c_mutex);
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
- rc = pagedresults_set_current_be(pb->pb_conn, NULL, pr_idx, 1);
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
- }
- if (1 == flag_no_such_object) {
- break;
-@@ -871,11 +871,11 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
- if (PAGEDRESULTS_SEARCH_END == pr_stat) {
- /* no more entries, but at least another backend */
-- PR_Lock(pb->pb_conn->c_mutex);
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
- be->be_search_results_release(&sr);
- rc = pagedresults_set_current_be(pb->pb_conn, next_be, pr_idx, 1);
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
- if (NULL == next_be) {
- /* no more entries && no more backends */
- curr_search_count = -1;
-@@ -900,9 +900,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- next_be = NULL; /* to break the loop */
- if (operation->o_status & SLAPI_OP_STATUS_ABANDONED) {
- /* It turned out this search was abandoned. */
-- PR_Lock(pb->pb_conn->c_mutex);
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- pagedresults_free_one_msgid_nolock( pb->pb_conn, operation->o_msgid);
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
- /* paged-results-request was abandoned; making an empty cookie. */
- pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx);
- send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 4458cfb..d394dab 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -98,7 +98,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- return LDAP_UNWILLING_TO_PERFORM;
- }
-
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- /* the ber encoding is no longer needed */
- ber_free(ber, 1);
- if ( cookie.bv_len <= 0 ) {
-@@ -204,7 +204,7 @@ bail:
- }
- }
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
-
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_parse_control_value: idx %d\n", *index);
-@@ -301,7 +301,7 @@ pagedresults_free_one( Connection *conn, Operation *op, int index )
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_free_one: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (conn->c_pagedresults.prl_count <= 0) {
- LDAPDebug2Args(LDAP_DEBUG_TRACE, "pagedresults_free_one: "
- "conn=%d paged requests list count is %d\n",
-@@ -312,7 +312,7 @@ pagedresults_free_one( Connection *conn, Operation *op, int index )
- conn->c_pagedresults.prl_count--;
- rc = 0;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
-
- LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc);
-@@ -364,11 +364,11 @@ pagedresults_get_current_be(Connection *conn, int index)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_get_current_be: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- be = conn->c_pagedresults.prl_list[index].pr_current_be;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_get_current_be: %p\n", be);
-@@ -382,12 +382,12 @@ pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_set_current_be: idx=%d\n", index);
- if (conn && (index > -1)) {
-- if (!nolock) PR_Lock(conn->c_mutex);
-+ if (!nolock) PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- conn->c_pagedresults.prl_list[index].pr_current_be = be;
- }
- rc = 0;
-- if (!nolock) PR_Unlock(conn->c_mutex);
-+ if (!nolock) PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_set_current_be: %d\n", rc);
-@@ -406,13 +406,13 @@ pagedresults_get_search_result(Connection *conn, Operation *op, int locked, int
- locked?"locked":"not locked", index);
- if (conn && (index > -1)) {
- if (!locked) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- }
- if (index < conn->c_pagedresults.prl_maxlen) {
- sr = conn->c_pagedresults.prl_list[index].pr_search_result_set;
- }
- if (!locked) {
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -431,7 +431,7 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo
- "--> pagedresults_set_search_result: idx=%d, sr=%p\n",
- index, sr);
- if (conn && (index > -1)) {
-- if (!locked) PR_Lock(conn->c_mutex);
-+ if (!locked) PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- PagedResults *prp = conn->c_pagedresults.prl_list + index;
- if (!(prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) || !sr) {
-@@ -440,7 +440,7 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int lo
- }
- rc = 0;
- }
-- if (!locked) PR_Unlock(conn->c_mutex);
-+ if (!locked) PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_set_search_result: %d\n", rc);
-@@ -457,11 +457,11 @@ pagedresults_get_search_result_count(Connection *conn, Operation *op, int index)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_get_search_result_count: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- count = conn->c_pagedresults.prl_list[index].pr_search_result_count;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_get_search_result_count: %d\n", count);
-@@ -479,11 +479,11 @@ pagedresults_set_search_result_count(Connection *conn, Operation *op,
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_set_search_result_count: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- conn->c_pagedresults.prl_list[index].pr_search_result_count = count;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- rc = 0;
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -504,11 +504,11 @@ pagedresults_get_search_result_set_size_estimate(Connection *conn,
- "--> pagedresults_get_search_result_set_size_estimate: "
- "idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- count = conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_get_search_result_set_size_estimate: %d\n",
-@@ -529,11 +529,11 @@ pagedresults_set_search_result_set_size_estimate(Connection *conn,
- "--> pagedresults_set_search_result_set_size_estimate: "
- "idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- conn->c_pagedresults.prl_list[index].pr_search_result_set_size_estimate = count;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- rc = 0;
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -552,11 +552,11 @@ pagedresults_get_with_sort(Connection *conn, Operation *op, int index)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_get_with_sort: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- flags = conn->c_pagedresults.prl_list[index].pr_flags&CONN_FLAG_PAGEDRESULTS_WITH_SORT;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_get_with_sort: %p\n", flags);
-@@ -574,14 +574,14 @@ pagedresults_set_with_sort(Connection *conn, Operation *op,
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_set_with_sort: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- if (flags & OP_FLAG_SERVER_SIDE_SORTING) {
- conn->c_pagedresults.prl_list[index].pr_flags |=
- CONN_FLAG_PAGEDRESULTS_WITH_SORT;
- }
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- rc = 0;
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_set_with_sort: %d\n", rc);
-@@ -598,11 +598,11 @@ pagedresults_get_unindexed(Connection *conn, Operation *op, int index)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_get_unindexed: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- flags = conn->c_pagedresults.prl_list[index].pr_flags&CONN_FLAG_PAGEDRESULTS_UNINDEXED;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_get_unindexed: %p\n", flags);
-@@ -619,12 +619,12 @@ pagedresults_set_unindexed(Connection *conn, Operation *op, int index)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_set_unindexed: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- conn->c_pagedresults.prl_list[index].pr_flags |=
- CONN_FLAG_PAGEDRESULTS_UNINDEXED;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- rc = 0;
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -642,11 +642,11 @@ pagedresults_get_sort_result_code(Connection *conn, Operation *op, int index)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_get_sort_result_code: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- code = conn->c_pagedresults.prl_list[index].pr_sort_result_code;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_get_sort_result_code: %d\n", code);
-@@ -664,11 +664,11 @@ pagedresults_set_sort_result_code(Connection *conn, Operation *op,
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_set_sort_result_code: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- conn->c_pagedresults.prl_list[index].pr_sort_result_code = code;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- rc = 0;
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -687,11 +687,11 @@ pagedresults_set_timelimit(Connection *conn, Operation *op,
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_set_timelimit: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- conn->c_pagedresults.prl_list[index].pr_timelimit = timelimit;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- rc = 0;
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_set_timelimit: %d\n", rc);
-@@ -749,7 +749,7 @@ pagedresults_cleanup(Connection *conn, int needlock)
- }
-
- if (needlock) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- }
- for (i = 0; conn->c_pagedresults.prl_list &&
- i < conn->c_pagedresults.prl_maxlen; i++) {
-@@ -767,7 +767,7 @@ pagedresults_cleanup(Connection *conn, int needlock)
- }
- conn->c_pagedresults.prl_count = 0;
- if (needlock) {
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_cleanup: %d\n", rc);
- return rc;
-@@ -794,7 +794,7 @@ pagedresults_cleanup_all(Connection *conn, int needlock)
- }
-
- if (needlock) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- }
- for (i = 0; conn->c_pagedresults.prl_list &&
- i < conn->c_pagedresults.prl_maxlen; i++) {
-@@ -813,7 +813,7 @@ pagedresults_cleanup_all(Connection *conn, int needlock)
- conn->c_pagedresults.prl_maxlen = 0;
- conn->c_pagedresults.prl_count = 0;
- if (needlock) {
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_cleanup_all: %d\n", rc);
- return rc;
-@@ -832,7 +832,7 @@ pagedresults_check_or_set_processing(Connection *conn, int index)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_check_or_set_processing\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- ret = (conn->c_pagedresults.prl_list[index].pr_flags &
- CONN_FLAG_PAGEDRESULTS_PROCESSING);
-@@ -840,7 +840,7 @@ pagedresults_check_or_set_processing(Connection *conn, int index)
- conn->c_pagedresults.prl_list[index].pr_flags |=
- CONN_FLAG_PAGEDRESULTS_PROCESSING;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_check_or_set_processing: %d\n", ret);
-@@ -859,7 +859,7 @@ pagedresults_reset_processing(Connection *conn, int index)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_reset_processing: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- ret = (conn->c_pagedresults.prl_list[index].pr_flags &
- CONN_FLAG_PAGEDRESULTS_PROCESSING);
-@@ -867,7 +867,7 @@ pagedresults_reset_processing(Connection *conn, int index)
- conn->c_pagedresults.prl_list[index].pr_flags &=
- ~CONN_FLAG_PAGEDRESULTS_PROCESSING;
- }
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_reset_processing: %d\n", ret);
-@@ -981,9 +981,9 @@ pagedresults_lock( Connection *conn, int index )
- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
- return;
- }
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- prp = conn->c_pagedresults.prl_list + index;
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- if (prp->pr_mutex) {
- PR_Lock(prp->pr_mutex);
- }
-@@ -997,9 +997,9 @@ pagedresults_unlock( Connection *conn, int index )
- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
- return;
- }
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- prp = conn->c_pagedresults.prl_list + index;
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- if (prp->pr_mutex) {
- PR_Unlock(prp->pr_mutex);
- }
-@@ -1014,11 +1014,11 @@ pagedresults_is_abandoned_or_notavailable(Connection *conn, int locked, int inde
- return 1; /* not abandoned, but do not want to proceed paged results op. */
- }
- if (!locked) {
-- PR_Lock(conn->c_mutex);
-+ PR_EnterMonitor(conn->c_mutex);
- }
- prp = conn->c_pagedresults.prl_list + index;
- if (!locked) {
-- PR_Unlock(conn->c_mutex);
-+ PR_ExitMonitor(conn->c_mutex);
- }
- return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
- }
-@@ -1042,12 +1042,12 @@ pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked)
- LDAPDebug2Args(LDAP_DEBUG_TRACE,
- "--> pagedresults_set_search_result_pb: idx=%d, sr=%p\n", index, sr);
- if (conn && (index > -1)) {
-- if (!locked) PR_Lock(conn->c_mutex);
-+ if (!locked) PR_EnterMonitor(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
- rc = 0;
- }
-- if (!locked) PR_Unlock(conn->c_mutex);
-+ if (!locked) PR_ExitMonitor(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_set_search_result_pb: %d\n", rc);
-diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
-index bf57a33..d373d99 100644
---- a/ldap/servers/slapd/pblock.c
-+++ b/ldap/servers/slapd/pblock.c
-@@ -117,7 +117,7 @@ if ( PBLOCK ->pb_plugin->plg_type != TYPE) return( -1 )
- int
- slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- {
-- char *authtype;
-+ char *authtype;
- Slapi_Backend *be;
-
- PR_ASSERT( NULL != pblock );
-@@ -174,10 +174,10 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_DN \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- (*(char **)value) = (NULL == pblock->pb_conn->c_dn ? NULL :
- slapi_ch_strdup( pblock->pb_conn->c_dn ));
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_AUTHTYPE:/* deprecated */
- if (pblock->pb_conn == NULL) {
-@@ -185,9 +185,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_AUTHTYPE \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-- authtype = pblock->pb_conn->c_authtype;
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
-+ authtype = pblock->pb_conn->c_authtype;
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- if (authtype == NULL) {
- (*(char **)value) = NULL;
- } else if (strcasecmp(authtype, SLAPD_AUTH_NONE) == 0) {
-@@ -212,10 +212,10 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_AUTHMETHOD \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- (*(char **)value) = pblock->pb_conn->c_authtype ?
- slapi_ch_strdup(pblock->pb_conn->c_authtype) : NULL;
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_CLIENTNETADDR:
- if (pblock->pb_conn == NULL)
-@@ -223,14 +223,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- memset( value, 0, sizeof( PRNetAddr ));
- break;
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- if ( pblock->pb_conn->cin_addr == NULL ) {
- memset( value, 0, sizeof( PRNetAddr ));
- } else {
- (*(PRNetAddr *)value) =
- *(pblock->pb_conn->cin_addr);
- }
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_SERVERNETADDR:
- if (pblock->pb_conn == NULL)
-@@ -238,14 +238,14 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- memset( value, 0, sizeof( PRNetAddr ));
- break;
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- if ( pblock->pb_conn->cin_destaddr == NULL ) {
- memset( value, 0, sizeof( PRNetAddr ));
- } else {
- (*(PRNetAddr *)value) =
- *(pblock->pb_conn->cin_destaddr);
- }
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_CLIENTIP:
- if (pblock->pb_conn == NULL)
-@@ -253,7 +253,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- memset( value, 0, sizeof( struct in_addr ));
- break;
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- if ( pblock->pb_conn->cin_addr == NULL ) {
- memset( value, 0, sizeof( struct in_addr ));
- } else {
-@@ -268,7 +268,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- memset( value, 0, sizeof( struct in_addr ));
- }
- }
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_SERVERIP:
- if (pblock->pb_conn == NULL)
-@@ -276,7 +276,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- memset( value, 0, sizeof( struct in_addr ));
- break;
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- if ( pblock->pb_conn->cin_destaddr == NULL ) {
- memset( value, 0, sizeof( PRNetAddr ));
- } else {
-@@ -292,7 +292,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- }
-
- }
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_IS_REPLICATION_SESSION:
- if (pblock->pb_conn == NULL) {
-@@ -300,9 +300,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_IS_REPLICATION_SESSION \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- (*(int *)value) = pblock->pb_conn->c_isreplication_session;
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_IS_SSL_SESSION:
- if (pblock->pb_conn == NULL) {
-@@ -310,9 +310,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_IS_SSL_SESSION \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- (*(int *)value) = pblock->pb_conn->c_flags & CONN_FLAG_SSL;
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_SASL_SSF:
- if (pblock->pb_conn == NULL) {
-@@ -320,9 +320,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_SASL_SSF \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- (*(int *)value) = pblock->pb_conn->c_sasl_ssf;
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_SSL_SSF:
- if (pblock->pb_conn == NULL) {
-@@ -330,9 +330,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_SSL_SSF \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- (*(int *)value) = pblock->pb_conn->c_ssl_ssf;
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_LOCAL_SSF:
- if (pblock->pb_conn == NULL) {
-@@ -340,9 +340,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_LOCAL_SSF \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- (*(int *)value) = pblock->pb_conn->c_local_ssf;
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_CERT:
- if (pblock->pb_conn == NULL) {
-@@ -1953,7 +1953,7 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
- int
- slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
- {
-- char *authtype;
-+ char *authtype;
-
- PR_ASSERT( NULL != pblock );
-
-@@ -2020,10 +2020,10 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_AUTHMETHOD \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-- slapi_ch_free((void**)&pblock->pb_conn->c_authtype);
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
-+ slapi_ch_free((void**)&pblock->pb_conn->c_authtype);
- pblock->pb_conn->c_authtype = slapi_ch_strdup((char *) value);
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
- case SLAPI_CONN_IS_REPLICATION_SESSION:
- if (pblock->pb_conn == NULL) {
-@@ -2031,9 +2031,9 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
- "Connection is NULL and hence cannot access SLAPI_CONN_IS_REPLICATION_SESSION \n", 0, 0, 0 );
- return (-1);
- }
-- PR_Lock( pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(pblock->pb_conn->c_mutex);
- pblock->pb_conn->c_isreplication_session = *((int *) value);
-- PR_Unlock( pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(pblock->pb_conn->c_mutex);
- break;
-
- /* stuff related to config file processing */
-@@ -3571,7 +3571,7 @@ bind_credentials_clear( Connection *conn, PRBool lock_conn,
- PRBool clear_externalcreds )
- {
- if ( lock_conn ) {
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- }
-
- if ( conn->c_dn != NULL ) { /* a non-anonymous bind has occurred */
-@@ -3597,7 +3597,7 @@ bind_credentials_clear( Connection *conn, PRBool lock_conn,
- }
-
- if ( lock_conn ) {
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- }
-
- }
-@@ -3653,10 +3653,10 @@ void
- bind_credentials_set( Connection *conn, char *authtype, char *normdn,
- char *extauthtype, char *externaldn, CERTCertificate *clientcert, Slapi_Entry * bind_target_entry )
- {
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- bind_credentials_set_nolock(conn, authtype, normdn,
- extauthtype, externaldn, clientcert, bind_target_entry);
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- }
-
- void
-diff --git a/ldap/servers/slapd/psearch.c b/ldap/servers/slapd/psearch.c
-index c9d23cf..00f13be 100644
---- a/ldap/servers/slapd/psearch.c
-+++ b/ldap/servers/slapd/psearch.c
-@@ -277,9 +277,9 @@ ps_send_results( void *arg )
-
- /* need to acquire a reference to this connection so that it will not
- be released or cleaned up out from under us */
-- PR_Lock( ps->ps_pblock->pb_conn->c_mutex );
-+ PR_EnterMonitor(ps->ps_pblock->pb_conn->c_mutex);
- conn_acq_flag = connection_acquire_nolock(ps->ps_pblock->pb_conn);
-- PR_Unlock( ps->ps_pblock->pb_conn->c_mutex );
-+ PR_ExitMonitor(ps->ps_pblock->pb_conn->c_mutex);
-
- if (conn_acq_flag) {
- slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search",
-@@ -397,7 +397,7 @@ ps_send_results( void *arg )
-
- conn = ps->ps_pblock->pb_conn; /* save to release later - connection_remove_operation_ext will NULL the pb_conn */
- /* Clean up the connection structure */
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
-
- slapi_log_error(SLAPI_LOG_CONNS, "Persistent Search",
- "conn=%" NSPRIu64 " op=%d Releasing the connection and operation\n",
-@@ -407,9 +407,9 @@ ps_send_results( void *arg )
-
- /* Decrement the connection refcnt */
- if (conn_acq_flag == 0) { /* we acquired it, so release it */
-- connection_release_nolock (conn);
-+ connection_release_nolock (conn);
- }
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- conn = NULL;
-
- PR_DestroyLock ( ps->ps_lock );
-diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c
-index 1e3e94d..7259d78 100644
---- a/ldap/servers/slapd/saslbind.c
-+++ b/ldap/servers/slapd/saslbind.c
-@@ -659,7 +659,7 @@ char **ids_sasl_listmech(Slapi_PBlock *pb)
- if (sasl_conn == NULL) return ret;
-
- /* sasl library mechanisms are connection dependent */
-- PR_Lock(pb->pb_conn->c_mutex);
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- if (sasl_listmech(sasl_conn,
- NULL, /* username */
- "", ",", "",
-@@ -672,7 +672,7 @@ char **ids_sasl_listmech(Slapi_PBlock *pb)
- charray_free(others);
- slapi_ch_free((void**)&dupstr);
- }
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
-
- LDAPDebug( LDAP_DEBUG_TRACE, "<= ids_sasl_listmech\n", 0, 0, 0 );
-
-@@ -755,13 +755,13 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
- PR_ASSERT(pb);
- PR_ASSERT(pb->pb_conn);
-
-- PR_Lock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+ PR_EnterMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- continuing = pb->pb_conn->c_flags & CONN_FLAG_SASL_CONTINUE;
- pb->pb_conn->c_flags &= ~CONN_FLAG_SASL_CONTINUE; /* reset flag */
-
- sasl_conn = (sasl_conn_t*)pb->pb_conn->c_sasl_conn;
- if (sasl_conn == NULL) {
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
- "sasl library unavailable", 0, NULL );
- return;
-@@ -842,7 +842,7 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
- if (sasl_conn == NULL) {
- send_ldap_result( pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
- "sasl library unavailable", 0, NULL );
-- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- return;
- }
- }
-@@ -858,7 +858,7 @@ sasl_check_result:
- /* retrieve the authenticated username */
- if (sasl_getprop(sasl_conn, SASL_USERNAME,
- (const void**)&username) != SASL_OK) {
-- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
- "could not obtain sasl username", 0, NULL);
- break;
-@@ -879,7 +879,7 @@ sasl_check_result:
- }
- }
- if (dn == NULL) {
-- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
- "could not get auth dn from sasl", 0, NULL);
- break;
-@@ -920,7 +920,7 @@ sasl_check_result:
- slapi_ch_strdup(normdn),
- NULL, NULL, NULL, bind_target_entry);
-
-- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-
- if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){
- break;
-@@ -995,9 +995,9 @@ sasl_check_result:
- /* see if we negotiated a security layer */
- if (*ssfp > 0) {
- /* Enable SASL I/O on the connection */
-- PR_Lock(pb->pb_conn->c_mutex);
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- connection_set_io_layer_cb(pb->pb_conn, sasl_io_enable, NULL, NULL);
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
- }
-
- /* send successful result */
-@@ -1010,7 +1010,7 @@ sasl_check_result:
-
- case SASL_CONTINUE: /* another step needed */
- pb->pb_conn->c_flags |= CONN_FLAG_SASL_CONTINUE;
-- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
-
- if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){
- break;
-@@ -1032,7 +1032,7 @@ sasl_check_result:
-
- case SASL_NOMECH:
-
-- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- send_ldap_result(pb, LDAP_AUTH_METHOD_NOT_SUPPORTED, NULL,
- "sasl mechanism not supported", 0, NULL);
- break;
-@@ -1040,7 +1040,7 @@ sasl_check_result:
- default: /* other error */
- errstr = sasl_errdetail(sasl_conn);
-
-- PR_Unlock(pb->pb_conn->c_mutex); /* BIG LOCK */
-+ PR_ExitMonitor(pb->pb_conn->c_mutex); /* BIG LOCK */
- send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL,
- (char*)errstr, 0, NULL);
- break;
-diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
-index 823568d..2641f76 100644
---- a/ldap/servers/slapd/slap.h
-+++ b/ldap/servers/slapd/slap.h
-@@ -1411,7 +1411,7 @@ typedef struct conn {
- PRInt32 c_opscompleted; /* # ops completed */
- PRInt32 c_threadnumber; /* # threads used in this conn */
- int c_refcnt; /* # ops refering to this conn */
-- PRLock *c_mutex; /* protect each conn structure */
-+ PRMonitor *c_mutex; /* protect each conn structure; need to be re-entrant */
- PRLock *c_pdumutex; /* only write one pdu at a time */
- time_t c_idlesince; /* last time of activity on conn */
- int c_idletimeout; /* local copy of idletimeout */
-diff --git a/ldap/servers/slapd/start_tls_extop.c b/ldap/servers/slapd/start_tls_extop.c
-index 69b8607..af8d8f7 100644
---- a/ldap/servers/slapd/start_tls_extop.c
-+++ b/ldap/servers/slapd/start_tls_extop.c
-@@ -172,7 +172,7 @@ start_tls( Slapi_PBlock *pb )
- /* At least we know that the request was indeed an Start TLS one. */
-
- conn = pb->pb_conn;
-- PR_Lock( conn->c_mutex );
-+ PR_EnterMonitor(conn->c_mutex);
- /* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */
- if ( conn->c_prfd == (PRFileDesc *) NULL ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls",
-@@ -246,10 +246,10 @@ start_tls( Slapi_PBlock *pb )
- * we send a success response back to the client. */
- ldapmsg = "Start TLS request accepted.Server willing to negotiate SSL.";
- unlock_and_return:
-- PR_Unlock( conn->c_mutex );
-+ PR_ExitMonitor(conn->c_mutex);
- slapi_send_ldap_result( pb, ldaprc, NULL, ldapmsg, 0, NULL );
-
-- return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
-+ return( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
-
- }/* start_tls */
-
-@@ -312,7 +312,7 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator )
- */
- }
-
-- PR_Lock( c->c_mutex );
-+ PR_EnterMonitor(c->c_mutex);
-
- /* "Unimport" the socket from SSL, i.e. get rid of the upper layer of the
- * file descriptor stack, which represents SSL.
-@@ -342,7 +342,7 @@ start_tls_graceful_closure( Connection *c, Slapi_PBlock * pb, int is_initiator )
-
- bind_credentials_clear( c, PR_FALSE, PR_TRUE );
-
-- PR_Unlock( c->c_mutex );
-+ PR_ExitMonitor(c->c_mutex);
-
- return ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT );
- }
-diff --git a/ldap/servers/slapd/unbind.c b/ldap/servers/slapd/unbind.c
-index 9b6a70f..c0dec9d 100644
---- a/ldap/servers/slapd/unbind.c
-+++ b/ldap/servers/slapd/unbind.c
-@@ -73,9 +73,9 @@ do_unbind( Slapi_PBlock *pb )
- }
-
- /* target spec is used to decide which plugins are applicable for the operation */
-- PR_Lock( pb->pb_conn->c_mutex );
-+ PR_EnterMonitor(pb->pb_conn->c_mutex);
- operation_set_target_spec_str (operation, pb->pb_conn->c_dn);
-- PR_Unlock( pb->pb_conn->c_mutex );
-+ PR_ExitMonitor(pb->pb_conn->c_mutex);
-
- /* ONREPL - plugins should be called and passed bind dn and, possibly, other data */
-
---
-2.4.3
-
diff --git a/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch b/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
deleted file mode 100644
index 212d4ce..0000000
--- a/SOURCES/0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-From da9f4a9942f7a41ce8d07c7a73f67a0799424266 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 15 Jan 2016 11:35:16 -0500
-Subject: [PATCH] Ticket 48412 - worker threads do not detect abnormally closed
- connections
-
-Bug Description: If a connection is abnormally closed there can still be
- data in the connection buffer(bytes vs offset). This prevents
- the connection from being removed from the connection table.
- The worker thread then goes into a loop trying to read this data
- on an already closed connection. If there are enough abnormally
- closed conenction eventually all the worker threads are stuck,
- and new connections are not accepted.
-
-Fix Description: When looking if there is more data in the buffer check if the
- connection was closed, and return 0 (no more data).
-
- Also did a little code cleanup.
-
-https://fedorahosted.org/389/ticket/48412
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 30c4852a3d9ca527b78c0f89df5909bc9a268392)
-(cherry picked from commit cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2)
----
- ldap/servers/slapd/connection.c | 46 ++++++++++++++++++++++++++++-------------
- 1 file changed, 32 insertions(+), 14 deletions(-)
-
-diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
-index a3d123e..3e435a7 100644
---- a/ldap/servers/slapd/connection.c
-+++ b/ldap/servers/slapd/connection.c
-@@ -1102,9 +1102,16 @@ connection_read_ldap_data(Connection *conn, PRInt32 *err)
- }
-
- static size_t
--conn_buffered_data_avail_nolock(Connection *conn)
-+conn_buffered_data_avail_nolock(Connection *conn, int *conn_closed)
- {
-- return conn->c_private->c_buffer_bytes - conn->c_private->c_buffer_offset;
-+ if ( (conn->c_sd == SLAPD_INVALID_SOCKET) || (conn->c_flags & CONN_FLAG_CLOSING) ) {
-+ /* connection is closed - ignore the buffer */
-+ *conn_closed = 1;
-+ return 0;
-+ } else {
-+ *conn_closed = 0;
-+ return conn->c_private->c_buffer_bytes - conn->c_private->c_buffer_offset;
-+ }
- }
-
- /* Upon returning from this function, we have either:
-@@ -1127,6 +1134,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- PRErrorCode err = 0;
- PRInt32 syserr = 0;
- size_t buffer_data_avail;
-+ int conn_closed = 0;
-
- PR_EnterMonitor(conn->c_mutex);
- /*
-@@ -1142,7 +1150,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
-
- *tag = LBER_DEFAULT;
- /* First check to see if we have buffered data from "before" */
-- if ((buffer_data_avail = conn_buffered_data_avail_nolock(conn))) {
-+ if ((buffer_data_avail = conn_buffered_data_avail_nolock(conn, &conn_closed))) {
- /* If so, use that data first */
- if ( 0 != get_next_from_buffer( buffer
- + conn->c_private->c_buffer_offset,
-@@ -1157,7 +1165,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- while (*tag == LBER_DEFAULT) {
- int ioblocktimeout_waits = config_get_ioblocktimeout() / CONN_TURBO_TIMEOUT_INTERVAL;
- /* We should never get here with data remaining in the buffer */
-- PR_ASSERT( !new_operation || 0 == conn_buffered_data_avail_nolock(conn) );
-+ PR_ASSERT( !new_operation || !conn_buffered_data_avail_nolock(conn, &conn_closed));
- /* We make a non-blocking read call */
- if (CONNECTION_BUFFER_OFF != conn->c_private->use_buffer) {
- ret = connection_read_ldap_data(conn,&err);
-@@ -1269,8 +1277,12 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
- }
- }
- /* If there is remaining buffered data, set the flag to tell the caller */
-- if (conn_buffered_data_avail_nolock(conn)) {
-+ if (conn_buffered_data_avail_nolock(conn, &conn_closed)) {
- *remaining_data = 1;
-+ } else if (conn_closed){
-+ /* connection closed */
-+ ret = CONN_DONE;
-+ goto done;
- }
-
- if ( *tag != LDAP_TAG_MESSAGE ) {
-@@ -1521,7 +1533,7 @@ connection_threadmain()
- continue;
- case CONN_SHUTDOWN:
- LDAPDebug( LDAP_DEBUG_TRACE,
-- "op_thread received shutdown signal\n", 0, 0, 0 );
-+ "op_thread received shutdown signal\n", 0, 0, 0 );
- g_decr_active_threadcnt();
- return;
- case CONN_FOUND_WORK_TO_DO:
-@@ -1542,8 +1554,9 @@ connection_threadmain()
- Slapi_DN *anon_sdn = slapi_sdn_new_normdn_byref( anon_dn );
- reslimit_update_from_dn( pb->pb_conn, anon_sdn );
- slapi_sdn_free( &anon_sdn );
-- if (slapi_reslimit_get_integer_limit(pb->pb_conn, pb->pb_conn->c_idletimeout_handle,
-- &idletimeout)
-+ if (slapi_reslimit_get_integer_limit(pb->pb_conn,
-+ pb->pb_conn->c_idletimeout_handle,
-+ &idletimeout)
- == SLAPI_RESLIMIT_STATUS_SUCCESS)
- {
- pb->pb_conn->c_idletimeout = idletimeout;
-@@ -1581,7 +1594,7 @@ connection_threadmain()
- op = pb->pb_op;
- maxthreads = config_get_maxthreadsperconn();
- more_data = 0;
-- ret = connection_read_operation(conn,op,&tag,&more_data);
-+ ret = connection_read_operation(conn, op, &tag, &more_data);
- if ((ret == CONN_DONE) || (ret == CONN_TIMEDOUT)) {
- slapi_log_error(SLAPI_LOG_CONNS, "connection_threadmain",
- "conn %" NSPRIu64 " read not ready due to %d - thread_turbo_flag %d more_data %d "
-@@ -1614,7 +1627,8 @@ connection_threadmain()
- /* turn off turbo mode immediately if any pb waiting in global queue */
- if (thread_turbo_flag && !WORK_Q_EMPTY) {
- thread_turbo_flag = 0;
-- LDAPDebug2Args(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode - pb_q is not empty %d\n",conn->c_connid,work_q_size);
-+ LDAPDebug2Args(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode - pb_q is not empty %d\n",
-+ conn->c_connid,work_q_size);
- }
- #endif
-
-@@ -1639,7 +1653,8 @@ connection_threadmain()
- * should call connection_make_readable after the op is removed
- * connection_make_readable(conn);
- */
-- LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode due to %d\n",conn->c_connid,ret,0);
-+ LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode due to %d\n",
-+ conn->c_connid,ret,0);
- goto done;
- case CONN_SHUTDOWN:
- LDAPDebug( LDAP_DEBUG_TRACE,
-@@ -1695,7 +1710,8 @@ connection_threadmain()
- */
- conn->c_idlesince = curtime;
- connection_activity(conn, maxthreads);
-- LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " queued because more_data\n",conn->c_connid,0,0);
-+ LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " queued because more_data\n",
-+ conn->c_connid,0,0);
- } else {
- /* keep count of how many times maxthreads has blocked an operation */
- conn->c_maxthreadsblocked++;
-@@ -1770,13 +1786,15 @@ done:
- memset(pb, 0, sizeof(*pb));
- } else {
- /* delete from connection operation queue & decr refcnt */
-+ int conn_closed = 0;
- PR_EnterMonitor(conn->c_mutex);
- connection_remove_operation_ext( pb, conn, op );
-
- /* If we're in turbo mode, we keep our reference to the connection alive */
- /* can't use the more_data var because connection could have changed in another thread */
-- more_data = conn_buffered_data_avail_nolock(conn) ? 1 : 0;
-- LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " check more_data %d thread_turbo_flag %d\n",conn->c_connid,more_data,thread_turbo_flag);
-+ more_data = conn_buffered_data_avail_nolock(conn, &conn_closed) ? 1 : 0;
-+ LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " check more_data %d thread_turbo_flag %d\n",
-+ conn->c_connid,more_data,thread_turbo_flag);
- if (!more_data) {
- if (!thread_turbo_flag) {
- /*
---
-2.4.3
-
diff --git a/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch b/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch
deleted file mode 100644
index eb0047e..0000000
--- a/SOURCES/0083-Ticket-48341-deadlock-on-connection-mutex.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 666fdac51b94450391e8fec8d16db34db09502ae Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Wed, 13 Jan 2016 13:15:53 +0100
-Subject: [PATCH] Ticket: 48341 - deadlock on connection mutex
-
-If thread is blocked in connection_read_operation() it holds the connection mutex
-and the main thread iterating through the connection table is also blocked.
-
-But if the main thread would get the mutex it would just detect that the connection has still the
-C_gettingber flag set and immediately release the lock.
-
-The check if c_gettingber == 0 can be done without holding the mutex and so the deadlock
-can be avoided
-
-Reviewed by Rich, Thanks
-
-(cherry picked from commit a1635fc45f681ed9066f6beed9be7e1672490f9f)
----
- ldap/servers/slapd/daemon.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index 355f0fc..d25c44d 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -1740,6 +1740,9 @@ handle_pr_read_ready(Connection_Table *ct, PRIntn num_poll)
- {
- if ( c->c_mutex != NULL )
- {
-+ /* this check can be done without acquiring the mutex */
-+ if (c->c_gettingber) continue;
-+
- PR_EnterMonitor(c->c_mutex);
- if ( connection_is_active_nolock (c) && c->c_gettingber == 0 )
- {
---
-2.4.3
-
diff --git a/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch b/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch
deleted file mode 100644
index 5cfe33f..0000000
--- a/SOURCES/0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From c92cbe6a93a7933abc59b2fe4bf96a32aff2c6d8 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 9 Feb 2016 16:12:07 -0800
-Subject: [PATCH 84/86] Ticket #48536 - Crash in slapi_get_object_extension
-
-Description: The crashed was caused by the combination of psearch and
-updating one of these group values: groupOfNames, groupOfUniqueNames,
-groupOfCertificates, groupOfURL.
-
-In the psearch, it creates aclpb in the acl plug-in and sets the original
-pblock address in the aclpb. Then, psearch creates a copy of the pblock and
-sets it in the psearch structure. Now, the pblock address in aclpb and the
-pblock address in the psearch structure do not match. The original pblock
-itself is freed and the pblock area which address is stored in aclpb is not
-guaranteed what is in it.
-
-If nothing occurs, the freed pblock in aclpb is not accessed. But once one
-of the group values is updated, the acl plug-in signature is updated and it
-triggers to get aclpb from the pblock.
-
-The acl_get_aclpb call accesses the freed pblock (e.g., NULL op) and it
-crashes the server.
-
-This patch checks the current pblock address and the pblock address in aclpb.
-If they don't match, the address in aclpb is reassigned to the current pblock
-address.
-
-https://fedorahosted.org/389/ticket/48536
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 091a5f5daf3fa378f029e293c5358ae9be9f548e)
-(cherry picked from commit 8a83a93977f13db36e42798a5eed041c1b3868a9)
----
- ldap/servers/plugins/acl/acl.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index 678a999..d56bed6 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -317,6 +317,13 @@ acl_access_allowed(
- goto cleanup_and_ret;
- }
-
-+ if (pb != aclpb->aclpb_pblock) {
-+ slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
-+ "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
-+ aclpb->aclpb_pblock, pb);
-+ aclpb->aclpb_pblock = pb;
-+ }
-+
- if ( !aclpb->aclpb_curr_entry_sdn ) {
- slapi_log_error ( SLAPI_LOG_FATAL, plugin_name, "NULL aclpb_curr_entry_sdn \n" );
- ret_val = LDAP_OPERATIONS_ERROR;
-@@ -932,6 +939,13 @@ acl_read_access_allowed_on_entry (
- tnf_string,end,"aclpb error");
- return LDAP_OPERATIONS_ERROR;
- }
-+
-+ if (pb != aclpb->aclpb_pblock) {
-+ slapi_log_error(SLAPI_LOG_ACL, plugin_name,
-+ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
-+ aclpb->aclpb_pblock, pb);
-+ aclpb->aclpb_pblock = pb;
-+ }
-
- /*
- * Am I a anonymous dude ? then we can use our anonympous profile
---
-2.4.3
-
diff --git a/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch b/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch
deleted file mode 100644
index 899493b..0000000
--- a/SOURCES/0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From ac782ed2990d5d8149c6796aa9aaf03044ad1446 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 10 Feb 2016 13:45:50 -0800
-Subject: [PATCH 85/86] Ticket #48536 - Crash in slapi_get_object_extension
-
-Description: commit 091a5f5daf3fa378f029e293c5358ae9be9f548e introduced
-a compier warning: format '%x' expects argument of type 'unsigned int',
-but argument 4 has type 'Slapi_PBlock * {aka struct slapi_pblock *}
-
-Replacing '%x' with '%p'.
-
-(cherry picked from commit b31749f2a0bed838712719b2e6533bed0a4144e0)
-(cherry picked from commit 7fb593fe56dbbce06f707bd9807bf14748273ea2)
----
- ldap/servers/plugins/acl/acl.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index d56bed6..7b7fea1 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -319,7 +319,7 @@ acl_access_allowed(
-
- if (pb != aclpb->aclpb_pblock) {
- slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
-- "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
-+ "acl_access_allowed: Resetting aclpb_pblock %p to pblock addr %p\n",
- aclpb->aclpb_pblock, pb);
- aclpb->aclpb_pblock = pb;
- }
-@@ -942,7 +942,7 @@ acl_read_access_allowed_on_entry (
-
- if (pb != aclpb->aclpb_pblock) {
- slapi_log_error(SLAPI_LOG_ACL, plugin_name,
-- "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
-+ "acl_read_access_allowed_on_entry: Resetting aclpb_pblock %p to pblock addr %p\n",
- aclpb->aclpb_pblock, pb);
- aclpb->aclpb_pblock = pb;
- }
---
-2.4.3
-
diff --git a/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch b/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch
deleted file mode 100644
index a38c3c5..0000000
--- a/SOURCES/0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 9e58aecdd4265759a1c9aac2817da858849f08a1 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Wed, 10 Feb 2016 15:17:02 +0100
-Subject: [PATCH 86/86] Ticket 48445: keep alive entries can break replication
-
-Bug Description:
- On the consumer side, at the end of a total update the replica is enabled and the changelog recreated.
- When the replica is enabled the keep alive entry (for that replica) is created .
- There is a race condition (that look quite systematic in our tests) if the creation of the entry is added to the changelog
- before the changelog is recreated.
- In that case the ADD is erased from the CL and will never be replicated.
-
- The keep alive entry is created (if it does not already exist) :
- - during a total update (as supplier)
- - when the keep alive is updated
- - when the replica is enabled
-
-Fix Description:
- It is not strictly necessary to create the keep alive when the replica is enabled.
- So we can skip the creation during that step.
-
-https://fedorahosted.org/389/ticket/48445
-
-Reviewed by: Mark Reynolds (thank you Mark)
-
-Platforms tested: F23
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 71a891f0dcfd1aafeb3913279d42e33ed2355312)
-(cherry picked from commit 02af085c2a9c23536c8d276ee35794ec6efc81f5)
----
- ldap/servers/plugins/replication/repl5_replica.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 8b53f3c..31c5f0f 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -3972,7 +3972,6 @@ replica_enable_replication (Replica *r)
- /* What to do ? */
- }
-
-- replica_subentry_check(r->repl_root, replica_get_rid(r));
- /* Replica came back online, Check if the total update was terminated.
- If flag is still set, it was not terminated, therefore the data is
- very likely to be incorrect, and we should not restart Replication threads...
---
-2.4.3
-
diff --git a/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch b/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch
deleted file mode 100644
index be909d2..0000000
--- a/SOURCES/0087-Ticket-48420-change-severity-of-some-messages-relate.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 202bac76ade2dcff8318f545fbccdecaec3bdde8 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Tue, 1 Mar 2016 11:14:54 +0100
-Subject: [PATCH] Ticket 48420: change severity of some messages related to
- "keep alive" entries
-
-Bug Description:
- "keep alive" entries are used to prevent fractional replication
- to evaluate several times the same skipped updates. (see https://fedorahosted.org/389/ticket/48266)
-
- This entry is created on the fly when two many evaluated
- updates have been skipped. This is a quite common situation
- and the creation of such entry is not a FATAL error
-
-Fix Description:
- Change the log level to replication level
-
-https://fedorahosted.org/389/ticket/48420
-
-Reviewed by: Ludwig Krispenz (thanks Ludwig)
-
-Platforms tested: F17
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 6788445974404398bc02da8fa105b06514e8a450)
-(cherry picked from commit 17bb0688b9249693da0bda239fb7c3b35aa8e1c9)
----
- ldap/servers/plugins/replication/repl5_replica.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 31c5f0f..c7cf25f 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -492,7 +492,7 @@ replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
- "Need to create replication keep alive entry <cn=%s %d,%s>\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
- rc = replica_subentry_create(repl_root, rid);
- } else {
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "replication keep alive entry <cn=%s %d,%s> already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
- rc = 0;
- }
---
-2.4.3
-
diff --git a/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch b/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
deleted file mode 100644
index 933cadf..0000000
--- a/SOURCES/0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 3bc24e232913684830edb2e029d1695f3470308e Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 8 Mar 2016 14:52:37 -0800
-Subject: [PATCH] Ticket #48757 - License tag does not match actual license of
- code
-
-Fix Description: License tag in the spec file was updated to match the
-actual license of code.
-
-(cherry picked from commit 415d8553eddfe9b19fd9b8d8be9b934bf75a5765)
-(cherry picked from commit c9bd68813c658e1caeaba9ee2c2aef62f0cc6dd6)
----
- rpm/389-ds-base.spec.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
-index b7556e1..8bbd979 100644
---- a/rpm/389-ds-base.spec.in
-+++ b/rpm/389-ds-base.spec.in
-@@ -33,7 +33,7 @@ Name: 389-ds-base
- Version: __VERSION__
- #Release: %{?relprefix}1%{?prerel}%{?dist}
- Release: __RELEASE__%{?dist}
--License: GPLv2 with exceptions
-+License: GPLv3+
- URL: http://port389.org/
- Group: System Environment/Daemons
- BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
---
-2.4.3
-
diff --git a/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch b/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch
deleted file mode 100644
index 8e36a84..0000000
--- a/SOURCES/0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-From e40a6ef764f13b6efcf573a6181b6747bb029b90 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 24 Mar 2016 09:46:11 -0400
-Subject: [PATCH] Ticket 47888 - DES to AES password conversion fails if a
- backend is empty
-
-Bug Description: The process of converting DES passwords to AES can incorrectly
- disable the DES plugin if an error is encountered. In this case
- it was because a backend was defined but was missing the top entry
- which lead to an error 32 when searching for DES passwords. This
- causes the existing DES passwords to fail to decode.
-
-Fix Description: There are two issues here. One, we should ignore errors when
- searching all the backends for passwords. Two, we should only
- disable the DES plugin if all the DES passwords were successfully
- converted.
-
-https://fedorahosted.org/389/ticket/48777
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 6b7f980e80af3803bc395e50bd4228ded9bceb00)
-(cherry picked from commit c6eaf691c6ff3330dc1a3dcbf4dcc31af52c2919)
----
- ldap/servers/slapd/daemon.c | 53 ++++++++++++++++++++++-----------------------
- 1 file changed, 26 insertions(+), 27 deletions(-)
-
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index d25c44d..d702129 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -694,7 +694,8 @@ convert_pbe_des_to_aes()
- char **attrs = NULL;
- char **backends = NULL;
- char *val = NULL;
-- int converted_des = 0;
-+ int converted_des_passwd = 0;
-+ int disable_des = 1;
- int result = -1;
- int have_aes = 0;
- int have_des = 0;
-@@ -739,7 +740,7 @@ convert_pbe_des_to_aes()
- char *cookie = NULL;
-
- LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes: "
-- "Converting DES passwords to AES...\n",0,0,0);
-+ "Checking for DES passwords to convert to AES...\n",0,0,0);
-
- be = slapi_get_first_backend(&cookie);
- while (be){
-@@ -777,10 +778,13 @@ convert_pbe_des_to_aes()
- slapi_search_internal_pb(pb);
- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
- if (LDAP_SUCCESS != result) {
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "failed to search for password on (%s) error (%d)\n",
-- backends[be_idx], result, 0);
-- goto done;
-+ slapi_log_error(SLAPI_LOG_TRACE, "convert_pbe_des_to_aes: ",
-+ "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
-+ attrs[i], result, backends[be_idx]);
-+ slapi_free_search_results_internal(pb);
-+ slapi_pblock_destroy(pb);
-+ pb = NULL;
-+ continue;
- }
- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
- for (ii = 0; entries && entries[ii]; ii++){
-@@ -799,9 +803,9 @@ convert_pbe_des_to_aes()
- /* decode the DES password */
- if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "failed to decode existing DES password for (%s)\n",
-+ "Failed to decode existing DES password for (%s)\n",
- slapi_entry_get_dn(entries[ii]), 0, 0);
-- converted_des = 0;
-+ disable_des = 0;
- goto done;
- }
-
-@@ -813,7 +817,7 @@ convert_pbe_des_to_aes()
- slapi_entry_get_dn(entries[ii]), 0, 0);
- slapi_ch_free_string(&passwd);
- slapi_value_free(&sval);
-- converted_des = 0;
-+ disable_des = 0;
- goto done;
- }
-
-@@ -834,22 +838,18 @@ convert_pbe_des_to_aes()
- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
- if (LDAP_SUCCESS != result) {
- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "failed to convert password for (%s) error (%d)\n",
-+ "Failed to convert password for (%s) error (%d)\n",
- slapi_entry_get_dn(entries[ii]), result, 0);
-- converted_des = -1;
-+ disable_des = 0;
- } else {
- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "successfully converted password for (%s)\n",
-+ "Successfully converted password for (%s)\n",
- slapi_entry_get_dn(entries[ii]), result, 0);
-- converted_des = 1;
--
-+ converted_des_passwd = 1;
- }
- slapi_ch_free_string(&passwd);
- slapi_value_free(&sval);
- slapi_pblock_destroy(mod_pb);
-- if(result){
-- goto done;
-- }
- }
- slapi_ch_free_string(&val);
- }
-@@ -860,6 +860,10 @@ convert_pbe_des_to_aes()
- }
- slapi_ch_free_string(&filter);
- }
-+ if (!converted_des_passwd){
-+ slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes",
-+ "No DES passwords found to convert.\n");
-+ }
- }
-
- done:
-@@ -870,9 +874,9 @@ done:
-
- if (have_aes && have_des){
- /*
-- * If a conversion attempt did not fail, disable DES plugin
-+ * If a conversion attempt did not fail then we can disable the DES plugin
- */
-- if(converted_des != -1){
-+ if(converted_des_passwd && disable_des){
- /*
- * Disable the DES plugin - this also prevents potentially expensive
- * searches at every server startup.
-@@ -905,14 +909,9 @@ done:
- des_dn, 0, 0);
- }
- slapi_pblock_destroy(pb);
-- }
-- if(converted_des == 1){
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "Finished - all DES passwords have been converted to AES.\n",
-- 0, 0, 0);
-- } else if (converted_des == 0){
-- LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes: "
-- "Finished - no DES passwords to convert.\n",0,0,0);
-+ LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-+ "All DES passwords have been converted to AES.\n",
-+ 0, 0, 0);
- }
- }
- }
---
-2.4.3
-
diff --git a/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch b/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch
deleted file mode 100644
index 3ed408d..0000000
--- a/SOURCES/0090-Ticket-48492-heap-corruption-at-schema-replication.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From ce824731f4839f7812109b8c04ce704a56eeca4b Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 10 Feb 2016 11:36:32 -0800
-Subject: [PATCH 90/93] Ticket #48492 - heap corruption at schema replication.
-
-Description: 389-ds-base-1.3.2 and newer uses openldap schema parser,
-which is more strict with the definition. For instance, the older
-389-ds-base could have a schema such as SINTAX OID in single quotes,
-which is not acceptable on the newer version. There was a bug to
-handle the error case that caused a crash.
-
-This patch adds
-1) the null reference check to attr_syntax_free (attrsyntax.c),
-2) a null init to the output arg in parse_at_str and parse_oc_str
- (schema.c) and
-3) an error logging to schema_berval_to_atlist & schema_berval_to_oclist
- (schema.c) for troubleshooting.
-
-https://fedorahosted.org/389/ticket/48492
-
-Reviewed by wibrown@redhat.com and mreynolds@redhat.com (Thank you, William and Mark!)
-
-(cherry picked from commit b5bfa2a0386e168ce2196a077169382ae53a94b4)
-(cherry picked from commit 9bd53c297683e691fef174bf1aed6842f475fb9f)
----
- ldap/servers/slapd/attrsyntax.c | 3 +++
- ldap/servers/slapd/schema.c | 16 +++++++++++++++-
- 2 files changed, 18 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
-index 4cdcf86..8b2a77a 100644
---- a/ldap/servers/slapd/attrsyntax.c
-+++ b/ldap/servers/slapd/attrsyntax.c
-@@ -189,6 +189,9 @@ attr_syntax_check_oids()
- void
- attr_syntax_free( struct asyntaxinfo *a )
- {
-+ if (!a) {
-+ return;
-+ }
- cool_charray_free( a->asi_aliases );
- slapi_ch_free_string(&a->asi_name );
- slapi_ch_free_string(&a->asi_desc );
-diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
-index 65cbad5..dd56599 100644
---- a/ldap/servers/slapd/schema.c
-+++ b/ldap/servers/slapd/schema.c
-@@ -263,6 +263,9 @@ static PRCallOnceType schema_dse_mandatory_init_callonce = { 0, 0, 0 };
- static int parse_at_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, size_t errorbufsize,
- PRUint32 schema_flags, int is_user_defined, int schema_ds4x_compat, int is_remote)
- {
-+ if (asipp) {
-+ *asipp = NULL;
-+ }
- #ifdef USE_OPENLDAP
- return parse_attr_str(input, asipp, errorbuf, errorbufsize, schema_flags, is_user_defined,schema_ds4x_compat,is_remote);
- #else
-@@ -274,6 +277,9 @@ static int parse_oc_str(const char *input, struct objclass **oc, char *errorbuf,
- size_t errorbufsize, PRUint32 schema_flags, int is_user_defined,
- int schema_ds4x_compat, struct objclass* private_schema )
- {
-+ if (oc) {
-+ *oc = NULL;
-+ }
- #ifdef USE_OPENLDAP
- return parse_objclass_str (input, oc, errorbuf, errorbufsize, schema_flags, is_user_defined, schema_ds4x_compat, private_schema );
- #else
-@@ -7146,11 +7152,15 @@ schema_berval_to_oclist(struct berval **oc_berval)
- oc_list = NULL;
- oc_tail = NULL;
- if (oc_berval != NULL) {
-+ errorbuf[0] = '\0';
- for (i = 0; oc_berval[i] != NULL; i++) {
- /* parse the objectclass value */
- if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
- errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
- schema_ds4x_compat, oc_list))) {
-+ slapi_log_error(SLAPI_LOG_FATAL, "schema",
-+ "parse_oc_str returned error: %s\n",
-+ errorbuf[0]?errorbuf:"unknown");
- oc_free(&oc);
- rc = 1;
- break;
-@@ -7184,11 +7194,15 @@ schema_berval_to_atlist(struct berval **at_berval)
- schema_ds4x_compat = config_get_ds4_compatible_schema();
-
- if (at_berval != NULL) {
-+ errorbuf[0] = '\0';
- for (i = 0; at_berval[i] != NULL; i++) {
- /* parse the objectclass value */
- rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
- DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
-- if(rc){
-+ if (rc) {
-+ slapi_log_error(SLAPI_LOG_FATAL, "schema",
-+ "parse_oc_str returned error: %s\n",
-+ errorbuf[0]?errorbuf:"unknown");
- attr_syntax_free(at);
- break;
- }
---
-2.4.11
-
diff --git a/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch b/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch
deleted file mode 100644
index d70e6b0..0000000
--- a/SOURCES/0091-Ticket-48492-heap-corruption-at-schema-replication.patch
+++ /dev/null
@@ -1,218 +0,0 @@
-From bc3328ebbe1b8279f77ad1020bce9fb638d4c94c Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 8 Apr 2016 14:17:12 -0700
-Subject: [PATCH 91/93] Ticket #48492 - heap corruption at schema replication.
-
-Bug Description: If nsslapd-enquote-sup-oc is on, the server is supposed to
-handle the quoted SYNTAX values although the spec is deprecated. Currently,
-if nsslapd-enquote-sup-oc is on, it wraps SYNTAX values with quotes, but the
-information is not passed to the openldap schema parser where the parsing the
-schema fails.
-
-Fix Description: This patch passes the info (flag LDAP_SCHEMA_ALLOW_QUOTED)
-to the openldap API ldap_str2attributetype if nsslapd-enquote-sup-oc is on.
-
-Additionally, to support the old style quoted SYNTAX values in the schema
-files, loading the schema has to get the enquote information prior to the
-configuration parameters evaluated. To pass the information, this patch
-accepts the environment variable LDAP_SCHEMA_ALLOW_QUOTED. If it is defined
-with any value, old style schema files are processed.
-
-To set the environment variable, add
- LDAP_SCHEMA_ALLOW_QUOTED="on"
-to /etc/sysconfig/dirsrv-INSTANCE.
-
-https://fedorahosted.org/389/ticket/48492
-
-Reviewed by firstyear@redhat.com (Thank you, William!!)
-
-(cherry picked from commit 955dc66d42511c2cc8d6ff18cf030508f6da2770)
-(cherry picked from commit 7927e4420fb185ae328d56cfd4741583ae1f667b)
----
- ldap/servers/slapd/schema.c | 66 ++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 51 insertions(+), 15 deletions(-)
-
-diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
-index dd56599..806c38d 100644
---- a/ldap/servers/slapd/schema.c
-+++ b/ldap/servers/slapd/schema.c
-@@ -1638,6 +1638,16 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
- }
-
- if ( !aew->schema_ds4x_compat ) {
-+#if defined (USE_OPENLDAP)
-+ /*
-+ * These values in quotes are not supported by the openldap parser.
-+ * Even if nsslapd-enquote-sup-oc is on, quotes should not be added.
-+ */
-+ outp += put_tagged_oid( outp, "SUP ", asip->asi_superior, NULL, 0 );
-+ outp += put_tagged_oid( outp, "EQUALITY ", asip->asi_mr_equality, NULL, 0 );
-+ outp += put_tagged_oid( outp, "ORDERING ", asip->asi_mr_ordering, NULL, 0 );
-+ outp += put_tagged_oid( outp, "SUBSTR ", asip->asi_mr_substring, NULL, 0 );
-+#else
- outp += put_tagged_oid( outp, "SUP ",
- asip->asi_superior, NULL, aew->enquote_sup_oc );
- outp += put_tagged_oid( outp, "EQUALITY ",
-@@ -1646,6 +1656,7 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
- asip->asi_mr_ordering, NULL, aew->enquote_sup_oc );
- outp += put_tagged_oid( outp, "SUBSTR ",
- asip->asi_mr_substring, NULL, aew->enquote_sup_oc );
-+#endif
- }
-
- outp += put_tagged_oid( outp, "SYNTAX ", syntaxoid, syntaxlengthbuf,
-@@ -4105,7 +4116,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
- char **attr_names = NULL;
- unsigned long flags = SLAPI_ATTR_FLAG_OVERRIDE;
- /* If we ever accept openldap schema directly, then make parser_flags configurable */
-- const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
-+ unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
- int invalid_syntax_error;
- int syntaxlength = SLAPI_SYNTAXLENGTH_NONE;
- int num_names = 0;
-@@ -4113,6 +4124,17 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
- int rc = 0;
- int a, aa;
-
-+ if (config_get_enquote_sup_oc()) {
-+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
-+ } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
-+ char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
-+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
-+ if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
-+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
-+ CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
-+ }
-+ }
-+
- /*
- * OpenLDAP AttributeType struct
- *
-@@ -4159,7 +4181,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
- /* trim any leading spaces */
- input++;
- }
-- if((atype = ldap_str2attributetype(input, &rc, &errp, parser_flags )) == NULL){
-+ if((atype = ldap_str2attributetype(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at, input,
- "Failed to parse attribute, error(%d - %s) at (%s)", rc, ldap_scherr2str(rc), errp );
- return invalid_syntax_error;
-@@ -4478,12 +4500,23 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
- char **OrigRequiredAttrsArray, **OrigAllowedAttrsArray;
- char *first_oc_name = NULL;
- /* If we ever accept openldap schema directly, then make parser_flags configurable */
-- const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
-+ unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
- PRUint8 flags = 0;
- int invalid_syntax_error;
- int i, j;
- int rc = 0;
-
-+ if (config_get_enquote_sup_oc()) {
-+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
-+ } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
-+ char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
-+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
-+ if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
-+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
-+ CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
-+ }
-+ }
-+
- /*
- * openLDAP Objectclass struct
- *
-@@ -4521,10 +4554,10 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
- * Parse the input and create the openLdap objectclass structure
- */
- while(isspace(*input)){
-- /* trim any leading spaces */
-+ /* trim any leading spaces */
- input++;
- }
-- if((objClass = ldap_str2objectclass(input, &rc, &errp, parser_flags )) == NULL){
-+ if((objClass = ldap_str2objectclass(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc, input,
- "Failed to parse objectclass, error(%d) at (%s)", rc, errp );
- return invalid_syntax_error;
-@@ -5592,7 +5625,7 @@ get_tagged_oid( const char *tag, const char **inputp,
- PR_ASSERT( NULL != *inputp );
- PR_ASSERT( NULL != tag );
- PR_ASSERT( '\0' != tag[ 0 ] );
-- if('(' !=tag[0])
-+ if('(' !=tag[0])
- PR_ASSERT((' ' == tag[ strlen( tag ) - 1 ]) || ('(' == tag[ strlen( tag ) - 1 ]));
-
- if ( NULL == strstr_fn ) {
-@@ -5611,8 +5644,8 @@ get_tagged_oid( const char *tag, const char **inputp,
- /* skip past the leading single quote, if present */
- if ( *startp == '\'' ) {
- ++startp;
-- /* skip past any extra white space */
-- startp = skipWS( startp );
-+ /* skip past any extra white space */
-+ startp = skipWS( startp );
- }
-
- /* locate the end of the OID */
-@@ -7155,6 +7188,7 @@ schema_berval_to_oclist(struct berval **oc_berval)
- errorbuf[0] = '\0';
- for (i = 0; oc_berval[i] != NULL; i++) {
- /* parse the objectclass value */
-+ oc = NULL;
- if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
- errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
- schema_ds4x_compat, oc_list))) {
-@@ -7197,12 +7231,13 @@ schema_berval_to_atlist(struct berval **at_berval)
- errorbuf[0] = '\0';
- for (i = 0; at_berval[i] != NULL; i++) {
- /* parse the objectclass value */
-+ at = NULL;
- rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
- DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
- if (rc) {
- slapi_log_error(SLAPI_LOG_FATAL, "schema",
-- "parse_oc_str returned error: %s\n",
-- errorbuf[0]?errorbuf:"unknown");
-+ "schema_berval_to_atlist: parse_at_str(%s) failed - %s\n",
-+ at_berval[i]->bv_val, errorbuf[0]?errorbuf:"unknown");
- attr_syntax_free(at);
- break;
- }
-@@ -7217,6 +7252,7 @@ schema_berval_to_atlist(struct berval **at_berval)
- }
- if (rc) {
- schema_atlist_free(head);
-+ head = NULL;
- }
-
- return head;
-@@ -7319,12 +7355,12 @@ schema_attributetypes_superset_check(struct berval **remote_schema, char *type)
- static void
- modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
- {
-- Slapi_PBlock *newpb;
-+ Slapi_PBlock *newpb;
- int op_result;
-- CSN *schema_csn;
-+ CSN *schema_csn;
-
-- /* allocate internal mod components: pblock*/
-- newpb = slapi_pblock_new();
-+ /* allocate internal mod components: pblock*/
-+ newpb = slapi_pblock_new();
-
- slapi_modify_internal_set_pb_ext (
- newpb,
-@@ -7333,7 +7369,7 @@ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
- NULL, /* Controls */
- NULL,
- (void *)plugin_get_default_component_id(),
-- 0);
-+ 0);
-
- /* do modify */
- slapi_modify_internal_pb (newpb);
---
-2.4.11
-
diff --git a/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch b/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
deleted file mode 100644
index 37f3621..0000000
--- a/SOURCES/0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 39a14eaab84e7eac940d1d707cabc9610ef570c6 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 26 Apr 2016 13:53:02 -0700
-Subject: [PATCH 92/93] Ticket #48808 - Paged results search returns the blank
- list of entries
-
-Bug Description: When a simple paged results slot in a connection is
-discarded due to an error, e.g., SIZELIMIT_EXCEEDED, the slot was not
-properly cleaned up. Then, if the slot was reused, the leftover flag
-confused the code and ended up returning the 0 search result.
-
-Fix Description: This patch adds the clean up code when a slot is re-
-used.
-
-https://fedorahosted.org/389/ticket/48808
-
-Reviewed by wibrown@redhat.com (Thank you, William!!)
-
-(cherry picked from commit 09180b25570696d24c86e3a046fb497c15549c64)
-(cherry picked from commit a8486ab3b364a9ae088d6404d025058b04ac358d)
----
- ldap/servers/slapd/pagedresults.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index d394dab..52d2158 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -124,6 +124,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- prp = conn->c_pagedresults.prl_list;
- for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
- if (!prp->pr_current_be) { /* unused slot; take it */
-+ _pr_cleanup_one_slot(prp);
- prp->pr_current_be = be;
- *index = i;
- break;
---
-2.4.11
-
diff --git a/SOURCES/0093-Ticket-48808-Add-test-case.patch b/SOURCES/0093-Ticket-48808-Add-test-case.patch
deleted file mode 100644
index 8c92d51..0000000
--- a/SOURCES/0093-Ticket-48808-Add-test-case.patch
+++ /dev/null
@@ -1,370 +0,0 @@
-From fc0ca25b9f143083528cc5f87dc89fe69baf38fd Mon Sep 17 00:00:00 2001
-From: Simon Pichugin <spichugi@redhat.com>
-Date: Thu, 28 Apr 2016 11:49:24 +0200
-Subject: [PATCH 93/93] Ticket 48808 - Add test case
-
-Description: Add test case for paged results search returns the blank
-list of entries issue.
-
-Bug description: After series of actions, paged result search that
-should returns list of entries returns blank list of entries. It is
-hardly reproducible manually, but it is easy to reproduce with python
-automation.
-
-https://fedorahosted.org/389/ticket/48808
-
-Reviewed by: nhosoi and wbrown (Thanks!)
-
-(cherry picked from commit 91f3e592713ea58602412ed773a497583f2ebd6c)
-(cherry picked from commit 99b5048b09e64cea6f8bf5e7d524679960ce0a44)
----
- dirsrvtests/tests/tickets/ticket48808_test.py | 337 ++++++++++++++++++++++++++
- 1 file changed, 337 insertions(+)
- create mode 100644 dirsrvtests/tests/tickets/ticket48808_test.py
-
-diff --git a/dirsrvtests/tests/tickets/ticket48808_test.py b/dirsrvtests/tests/tickets/ticket48808_test.py
-new file mode 100644
-index 0000000..3dbceac
---- /dev/null
-+++ b/dirsrvtests/tests/tickets/ticket48808_test.py
-@@ -0,0 +1,337 @@
-+import time
-+import ldap
-+import logging
-+import pytest
-+from random import sample
-+from ldap.controls import SimplePagedResultsControl
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+TEST_USER_NAME = 'simplepaged_test'
-+TEST_USER_DN = 'uid=%s,%s' % (TEST_USER_NAME, DEFAULT_SUFFIX)
-+TEST_USER_PWD = 'simplepaged_test'
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ # Creating standalone instance ...
-+ standalone = DirSrv(verbose=False)
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ standalone.delete()
-+ standalone.create()
-+ standalone.open()
-+
-+ # Delete each instance in the end
-+ def fin():
-+ standalone.delete()
-+ request.addfinalizer(fin)
-+
-+ # Clear out the tmp dir
-+ standalone.clearTmpDir(__file__)
-+
-+ return TopologyStandalone(standalone)
-+
-+
-+@pytest.fixture(scope="module")
-+def test_user(topology):
-+ """User for binding operation"""
-+
-+ try:
-+ topology.standalone.add_s(Entry((TEST_USER_DN, {
-+ 'objectclass': 'top person'.split(),
-+ 'objectclass': 'organizationalPerson',
-+ 'objectclass': 'inetorgperson',
-+ 'cn': TEST_USER_NAME,
-+ 'sn': TEST_USER_NAME,
-+ 'userpassword': TEST_USER_PWD,
-+ 'mail': '%s@redhat.com' % TEST_USER_NAME,
-+ 'uid': TEST_USER_NAME
-+ })))
-+ except ldap.LDAPError as e:
-+ log.error('Failed to add user (%s): error (%s)' % (TEST_USER_DN,
-+ e.message['desc']))
-+ raise e
-+
-+
-+def add_users(topology, users_num):
-+ """Add users to the default suffix
-+ and return a list of added user DNs.
-+ """
-+
-+ users_list = []
-+ log.info('Adding %d users' % users_num)
-+ for num in sample(range(1000), users_num):
-+ num_ran = int(round(num))
-+ USER_NAME = 'test%05d' % num_ran
-+ USER_DN = 'uid=%s,%s' % (USER_NAME, DEFAULT_SUFFIX)
-+ users_list.append(USER_DN)
-+ try:
-+ topology.standalone.add_s(Entry((USER_DN, {
-+ 'objectclass': 'top person'.split(),
-+ 'objectclass': 'organizationalPerson',
-+ 'objectclass': 'inetorgperson',
-+ 'cn': USER_NAME,
-+ 'sn': USER_NAME,
-+ 'userpassword': 'pass%s' % num_ran,
-+ 'mail': '%s@redhat.com' % USER_NAME,
-+ 'uid': USER_NAME
-+ })))
-+ except ldap.LDAPError as e:
-+ log.error('Failed to add user (%s): error (%s)' % (USER_DN,
-+ e.message['desc']))
-+ raise e
-+ return users_list
-+
-+
-+def del_users(topology, users_list):
-+ """Delete users with DNs from given list"""
-+
-+ log.info('Deleting %d users' % len(users_list))
-+ for user_dn in users_list:
-+ try:
-+ topology.standalone.delete_s(user_dn)
-+ except ldap.LDAPError as e:
-+ log.error('Failed to delete user (%s): error (%s)' % (user_dn,
-+ e.message['desc']))
-+ raise e
-+
-+
-+def change_conf_attr(topology, suffix, attr_name, attr_value):
-+ """Change configurational attribute in the given suffix.
-+ Funtion returns previous attribute value.
-+ """
-+
-+ try:
-+ entries = topology.standalone.search_s(suffix, ldap.SCOPE_BASE,
-+ 'objectclass=top',
-+ [attr_name])
-+ attr_value_bck = entries[0].data.get(attr_name)
-+ log.info('Set %s to %s. Previous value - %s. Modified suffix - %s.' % (
-+ attr_name, attr_value, attr_value_bck, suffix))
-+ if attr_value is None:
-+ topology.standalone.modify_s(suffix, [(ldap.MOD_DELETE,
-+ attr_name,
-+ attr_value)])
-+ else:
-+ topology.standalone.modify_s(suffix, [(ldap.MOD_REPLACE,
-+ attr_name,
-+ attr_value)])
-+ except ldap.LDAPError as e:
-+ log.error('Failed to change attr value (%s): error (%s)' % (attr_name,
-+ e.message['desc']))
-+ raise e
-+
-+ return attr_value_bck
-+
-+
-+def paged_search(topology, controls, search_flt, searchreq_attrlist):
-+ """Search at the DEFAULT_SUFFIX with ldap.SCOPE_SUBTREE
-+ using Simple Paged Control(should the first item in the
-+ list controls.
-+ Return the list with results summarized from all pages
-+ """
-+
-+ pages = 0
-+ pctrls = []
-+ all_results = []
-+ req_ctrl = controls[0]
-+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ search_flt,
-+ searchreq_attrlist,
-+ serverctrls=controls)
-+ while True:
-+ log.info('Getting page %d' % (pages,))
-+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
-+ all_results.extend(rdata)
-+ pages += 1
-+ pctrls = [
-+ c
-+ for c in rctrls
-+ if c.controlType == SimplePagedResultsControl.controlType
-+ ]
-+
-+ if pctrls:
-+ if pctrls[0].cookie:
-+ # Copy cookie from response control to request control
-+ req_ctrl.cookie = pctrls[0].cookie
-+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ search_flt,
-+ searchreq_attrlist,
-+ serverctrls=controls)
-+ else:
-+ break # no more pages available
-+ else:
-+ break
-+
-+ assert not pctrls[0].cookie
-+ return all_results
-+
-+
-+def test_ticket48808(topology, test_user):
-+ log.info('Run multiple paging controls on a single connection')
-+ users_num = 100
-+ page_size = 30
-+ users_list = add_users(topology, users_num)
-+ search_flt = r'(uid=test*)'
-+ searchreq_attrlist = ['dn', 'sn']
-+
-+ log.info('Set user bind')
-+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
-+
-+ log.info('Create simple paged results control instance')
-+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
-+ controls = [req_ctrl]
-+
-+ for ii in xrange(3):
-+ log.info('Iteration %d' % ii)
-+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ search_flt,
-+ searchreq_attrlist,
-+ serverctrls=controls)
-+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
-+ pctrls = [
-+ c
-+ for c in rctrls
-+ if c.controlType == SimplePagedResultsControl.controlType
-+ ]
-+
-+ req_ctrl.cookie = pctrls[0].cookie
-+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ search_flt,
-+ searchreq_attrlist,
-+ serverctrls=controls)
-+ log.info('Set Directory Manager bind back')
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ del_users(topology, users_list)
-+
-+ log.info('Abandon the search')
-+ users_num = 10
-+ page_size = 0
-+ users_list = add_users(topology, users_num)
-+ search_flt = r'(uid=test*)'
-+ searchreq_attrlist = ['dn', 'sn']
-+
-+ log.info('Set user bind')
-+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
-+
-+ log.info('Create simple paged results control instance')
-+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
-+ controls = [req_ctrl]
-+
-+ msgid = topology.standalone.search_ext(DEFAULT_SUFFIX,
-+ ldap.SCOPE_SUBTREE,
-+ search_flt,
-+ searchreq_attrlist,
-+ serverctrls=controls)
-+ rtype, rdata, rmsgid, rctrls = topology.standalone.result3(msgid)
-+ pctrls = [
-+ c
-+ for c in rctrls
-+ if c.controlType == SimplePagedResultsControl.controlType
-+ ]
-+ assert not pctrls[0].cookie
-+
-+ log.info('Set Directory Manager bind back')
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ del_users(topology, users_list)
-+
-+ log.info("Search should fail with 'nsPagedSizeLimit = 5'"
-+ "and 'nsslapd-pagedsizelimit = 15' with 10 users")
-+ conf_attr = '15'
-+ user_attr = '5'
-+ expected_rs = ldap.SIZELIMIT_EXCEEDED
-+ users_num = 10
-+ page_size = 10
-+ users_list = add_users(topology, users_num)
-+ search_flt = r'(uid=test*)'
-+ searchreq_attrlist = ['dn', 'sn']
-+ conf_attr_bck = change_conf_attr(topology, DN_CONFIG,
-+ 'nsslapd-pagedsizelimit', conf_attr)
-+ user_attr_bck = change_conf_attr(topology, TEST_USER_DN,
-+ 'nsPagedSizeLimit', user_attr)
-+
-+ log.info('Set user bind')
-+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
-+
-+ log.info('Create simple paged results control instance')
-+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
-+ controls = [req_ctrl]
-+
-+ log.info('Expect to fail with SIZELIMIT_EXCEEDED')
-+ with pytest.raises(expected_rs):
-+ all_results = paged_search(topology, controls,
-+ search_flt, searchreq_attrlist)
-+
-+ log.info('Set Directory Manager bind back')
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ del_users(topology, users_list)
-+ change_conf_attr(topology, DN_CONFIG,
-+ 'nsslapd-pagedsizelimit', conf_attr_bck)
-+ change_conf_attr(topology, TEST_USER_DN,
-+ 'nsPagedSizeLimit', user_attr_bck)
-+
-+ log.info("Search should pass with 'nsPagedSizeLimit = 15'"
-+ "and 'nsslapd-pagedsizelimit = 5' with 10 users")
-+ conf_attr = '5'
-+ user_attr = '15'
-+ users_num = 10
-+ page_size = 10
-+ users_list = add_users(topology, users_num)
-+ search_flt = r'(uid=test*)'
-+ searchreq_attrlist = ['dn', 'sn']
-+ conf_attr_bck = change_conf_attr(topology, DN_CONFIG,
-+ 'nsslapd-pagedsizelimit', conf_attr)
-+ user_attr_bck = change_conf_attr(topology, TEST_USER_DN,
-+ 'nsPagedSizeLimit', user_attr)
-+
-+ log.info('Set user bind')
-+ topology.standalone.simple_bind_s(TEST_USER_DN, TEST_USER_PWD)
-+
-+ log.info('Create simple paged results control instance')
-+ req_ctrl = SimplePagedResultsControl(True, size=page_size, cookie='')
-+ controls = [req_ctrl]
-+
-+ log.info('Search should PASS')
-+ all_results = paged_search(topology, controls,
-+ search_flt, searchreq_attrlist)
-+ log.info('%d results' % len(all_results))
-+ assert len(all_results) == len(users_list)
-+
-+ log.info('Set Directory Manager bind back')
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ del_users(topology, users_list)
-+ change_conf_attr(topology, DN_CONFIG,
-+ 'nsslapd-pagedsizelimit', conf_attr_bck)
-+ change_conf_attr(topology, TEST_USER_DN,
-+ 'nsPagedSizeLimit', user_attr_bck)
-+
-+
-+if __name__ == '__main__':
-+ # Run isolated
-+ # -s for DEBUG mode
-+ CURRENT_FILE = os.path.realpath(__file__)
-+ pytest.main("-s %s" % CURRENT_FILE)
---
-2.4.11
-
diff --git a/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch b/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
deleted file mode 100644
index 8f1ea00..0000000
--- a/SOURCES/0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
+++ /dev/null
@@ -1,936 +0,0 @@
-From 72562d03b0f758902e0ee858fd43d5bcfbef379b Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 7 Jun 2016 10:02:42 -0400
-Subject: [PATCH] Ticket 48862 - At startup DES to AES password conversion
- causes timeout in start script
-
-Bug Description: At server start all the backends are searches for entries that contain
- DES password attributes as defined in the plugin. These are typically
- unindexed searches, and if there is a very large backend this can cause
- the server startup to timeout.
-
-Fix Description: At startup only check "cn=config" for entries with DES password attributes.
- A new "conversion" task has been created that can be run after startup
- to search all backends(if a suffix is not specified), or specific backends.
-
- dn: cn=convertPasswords, cn=des2aes,cn=tasks,cn=config
- objectclass: top
- objectclass: extensibleObject
- suffix: dc=example,dc=com
- suffix: dc=other,dc=suffix
-
- Another bug was discovered in pw_rever_encode() in pw.c where a "for" loop
- counter was accidentially reused by a second "for" loop. This could lead
- to an infinite loop/hang.
-
- Updated the CI test to perform the conversion task.
-
-https://fedorahosted.org/389/ticket/48862
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 11f55f3dd2a2c44ddf7b5be54273401add13b1bc)
-(cherry picked from commit c0ad918939c40779e463b71c41ab106e7ee890e2)
----
- dirsrvtests/tickets/ticket47462_test.py | 133 ++++++++----
- ldap/servers/slapd/daemon.c | 195 +++++-------------
- ldap/servers/slapd/pw.c | 4 +-
- ldap/servers/slapd/task.c | 346 +++++++++++++++++++++++++++++++-
- 4 files changed, 493 insertions(+), 185 deletions(-)
-
-diff --git a/dirsrvtests/tickets/ticket47462_test.py b/dirsrvtests/tickets/ticket47462_test.py
-index 17854fa..2d2c507 100644
---- a/dirsrvtests/tickets/ticket47462_test.py
-+++ b/dirsrvtests/tickets/ticket47462_test.py
-@@ -32,6 +32,7 @@ AGMT_DN = ''
- USER_DN = 'cn=test_user,' + DEFAULT_SUFFIX
- USER1_DN = 'cn=test_user1,' + DEFAULT_SUFFIX
- TEST_REPL_DN = 'cn=test repl,' + DEFAULT_SUFFIX
-+DES2AES_TASK_DN = 'cn=convert,cn=des2aes,cn=tasks,cn=config'
-
-
- class TopologyMaster1Master2(object):
-@@ -134,6 +135,11 @@ def topology(request):
- # clear the tmp directory
- master1.clearTmpDir(__file__)
-
-+ def fin():
-+ master1.delete()
-+ master2.delete()
-+ request.addfinalizer(fin)
-+
- return TopologyMaster1Master2(master1, master2)
-
-
-@@ -144,11 +150,9 @@ def test_ticket47462(topology):
- """
-
- #
-- # First set config as if it's an older version. Set DES to use libdes-plugin,
-- # MMR to depend on DES, delete the existing AES plugin, and set a DES password
-- # for the replication agreement.
-- #
--
-+ # First set config as if it's an older version. Set DES to use
-+ # libdes-plugin, MMR to depend on DES, delete the existing AES plugin,
-+ # and set a DES password for the replication agreement.
- #
- # Add an extra attribute to the DES plugin args
- #
-@@ -168,7 +172,9 @@ def test_ticket47462(topology):
-
- try:
- topology.master1.modify_s(MMR_PLUGIN,
-- [(ldap.MOD_DELETE, 'nsslapd-plugin-depends-on-named', 'AES')])
-+ [(ldap.MOD_DELETE,
-+ 'nsslapd-plugin-depends-on-named',
-+ 'AES')])
-
- except ldap.NO_SUCH_ATTRIBUTE:
- pass
-@@ -194,7 +200,8 @@ def test_ticket47462(topology):
- # Get the agmt dn, and set the password
- #
- try:
-- entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, 'objectclass=nsDS5ReplicationAgreement')
-+ entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE,
-+ 'objectclass=nsDS5ReplicationAgreement')
- if entry:
- agmt_dn = entry[0].dn
- log.info('Found agmt dn (%s)' % agmt_dn)
-@@ -207,7 +214,8 @@ def test_ticket47462(topology):
-
- try:
- properties = {RA_BINDPW: "password"}
-- topology.master1.agreement.setProperties(None, agmt_dn, None, properties)
-+ topology.master1.agreement.setProperties(None, agmt_dn, None,
-+ properties)
- log.info('Successfully modified replication agreement')
- except ValueError:
- log.error('Failed to update replica agreement: ' + AGMT_DN)
-@@ -220,12 +228,14 @@ def test_ticket47462(topology):
- topology.master1.add_s(Entry((USER1_DN,
- {'objectclass': "top person".split(),
- 'sn': 'sn',
-+ 'description': 'DES value to convert',
- 'cn': 'test_user'})))
- loop = 0
- ent = None
- while loop <= 10:
- try:
-- ent = topology.master2.getEntry(USER1_DN, ldap.SCOPE_BASE, "(objectclass=*)")
-+ ent = topology.master2.getEntry(USER1_DN, ldap.SCOPE_BASE,
-+ "(objectclass=*)")
- break
- except ldap.NO_SUCH_OBJECT:
- time.sleep(1)
-@@ -250,7 +260,8 @@ def test_ticket47462(topology):
- # Check that the restart converted existing DES credentials
- #
- try:
-- entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE, 'nsDS5ReplicaCredentials=*')
-+ entry = topology.master1.search_s('cn=config', ldap.SCOPE_SUBTREE,
-+ 'nsDS5ReplicaCredentials=*')
- if entry:
- val = entry[0].getValue('nsDS5ReplicaCredentials')
- if val.startswith('{AES-'):
-@@ -259,22 +270,25 @@ def test_ticket47462(topology):
- log.fatal('Failed to convert credentials from DES to AES!')
- assert False
- else:
-- log.fatal('Failed to find any entries with nsDS5ReplicaCredentials ')
-+ log.fatal('Failed to find entries with nsDS5ReplicaCredentials')
- assert False
- except ldap.LDAPError, e:
- log.fatal('Failed to search for replica credentials: ' + e.message['desc'])
- assert False
-
- #
-- # Check that the AES plugin exists, and has all the attributes listed in DES plugin.
-- # The attributes might not be in the expected order so check all the attributes.
-+ # Check that the AES plugin exists, and has all the attributes listed in
-+ # DES plugin. The attributes might not be in the expected order so check
-+ # all the attributes.
- #
- try:
-- entry = topology.master1.search_s(AES_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
-+ entry = topology.master1.search_s(AES_PLUGIN, ldap.SCOPE_BASE,
-+ 'objectclass=*')
- if not entry[0].hasValue('nsslapd-pluginarg0', 'description') and \
- not entry[0].hasValue('nsslapd-pluginarg1', 'description') and \
- not entry[0].hasValue('nsslapd-pluginarg2', 'description'):
-- log.fatal('The AES plugin did not have the DES attribute copied over correctly')
-+ log.fatal('The AES plugin did not have the DES attribute copied ' +
-+ 'over correctly')
- assert False
- else:
- log.info('The AES plugin was correctly setup')
-@@ -286,7 +300,8 @@ def test_ticket47462(topology):
- # Check that the MMR plugin was updated
- #
- try:
-- entry = topology.master1.search_s(MMR_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
-+ entry = topology.master1.search_s(MMR_PLUGIN, ldap.SCOPE_BASE,
-+ 'objectclass=*')
- if not entry[0].hasValue('nsslapd-plugin-depends-on-named', 'AES'):
- log.fatal('The MMR Plugin was not correctly updated')
- assert False
-@@ -300,7 +315,8 @@ def test_ticket47462(topology):
- # Check that the DES plugin was correctly updated
- #
- try:
-- entry = topology.master1.search_s(DES_PLUGIN, ldap.SCOPE_BASE, 'objectclass=*')
-+ entry = topology.master1.search_s(DES_PLUGIN, ldap.SCOPE_BASE,
-+ 'objectclass=*')
- if not entry[0].hasValue('nsslapd-pluginPath', 'libpbe-plugin'):
- log.fatal('The DES Plugin was not correctly updated')
- assert False
-@@ -322,7 +338,8 @@ def test_ticket47462(topology):
- ent = None
- while loop <= 10:
- try:
-- ent = topology.master2.getEntry(USER_DN, ldap.SCOPE_BASE, "(objectclass=*)")
-+ ent = topology.master2.getEntry(USER_DN, ldap.SCOPE_BASE,
-+ "(objectclass=*)")
- break
- except ldap.NO_SUCH_OBJECT:
- time.sleep(1)
-@@ -336,30 +353,66 @@ def test_ticket47462(topology):
- log.fatal('Failed to add test user: ' + e.message['desc'])
- assert False
-
-+ # Check the entry
-+ log.info('Entry before running task...')
-+ try:
-+ entry = topology.master1.search_s(USER1_DN,
-+ ldap.SCOPE_BASE,
-+ 'objectclass=*')
-+ if entry:
-+ print(str(entry))
-+ else:
-+ log.fatal('Failed to find entries')
-+ assert False
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to search for entries: ' +
-+ e.message['desc'])
-+ assert False
-
--def test_ticket47462_final(topology):
-- topology.master1.delete()
-- topology.master2.delete()
-- log.info('Testcase PASSED')
--
--
--def run_isolated():
-- '''
-- run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-- To run isolated without py.test, you need to
-- - edit this file and comment '@pytest.fixture' line before 'topology' function.
-- - set the installation prefix
-- - run this program
-- '''
-- global installation1_prefix
-- global installation2_prefix
-- installation1_prefix = None
-- installation2_prefix = None
-+ #
-+ # Test the DES2AES Task on USER1_DN
-+ #
-+ try:
-+ topology.master1.add_s(Entry((DES2AES_TASK_DN,
-+ {'objectclass': ['top',
-+ 'extensibleObject'],
-+ 'suffix': DEFAULT_SUFFIX,
-+ 'cn': 'convert'})))
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to add task entry: ' + e.message['desc'])
-+ assert False
-
-- topo = topology(True)
-- test_ticket47462(topo)
-- test_ticket47462_final(topo)
-+ # Wait for task
-+ task_entry = Entry(DES2AES_TASK_DN)
-+ (done, exitCode) = topology.master1.tasks.checkTask(task_entry, True)
-+ if exitCode:
-+ log.fatal("Error: des2aes task exited with %d" % (exitCode))
-+ assert False
-
-+ # Check the entry
-+ try:
-+ entry = topology.master1.search_s(USER1_DN,
-+ ldap.SCOPE_BASE,
-+ 'objectclass=*')
-+ if entry:
-+ val = entry[0].getValue('description')
-+ print(str(entry[0]))
-+ if val.startswith('{AES-'):
-+ log.info('Task: DES credentials have been converted to AES')
-+ else:
-+ log.fatal('Task: Failed to convert credentials from DES to ' +
-+ 'AES! (%s)' % (val))
-+ assert False
-+ else:
-+ log.fatal('Failed to find entries')
-+ assert False
-+ except ldap.LDAPError as e:
-+ log.fatal('Failed to search for entries: ' +
-+ e.message['desc'])
-+ assert False
-
- if __name__ == '__main__':
-- run_isolated()
-+ # Run isolated
-+ # -s for DEBUG mode
-+ CURRENT_FILE = os.path.realpath(__file__)
-+ pytest.main("-s %s" % CURRENT_FILE)
-diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
-index d702129..29562ae 100644
---- a/ldap/servers/slapd/daemon.c
-+++ b/ldap/servers/slapd/daemon.c
-@@ -692,14 +692,12 @@ convert_pbe_des_to_aes()
- Slapi_Entry **entries = NULL;
- struct slapdplugin *plugin = NULL;
- char **attrs = NULL;
-- char **backends = NULL;
- char *val = NULL;
- int converted_des_passwd = 0;
-- int disable_des = 1;
- int result = -1;
- int have_aes = 0;
- int have_des = 0;
-- int i = 0, ii = 0, be_idx = 0;
-+ int i = 0, ii = 0;
-
- /*
- * Check that AES plugin is enabled, and grab all the unique
-@@ -733,94 +731,56 @@ convert_pbe_des_to_aes()
-
- if(have_aes && have_des){
- /*
-- * Build a list of all the backend dn's
-+ * Find any entries in cn=config that contain DES passwords and convert
-+ * them to AES
- */
-- Slapi_Backend *be = NULL;
-- struct suffixlist *list;
-- char *cookie = NULL;
--
-- LDAPDebug(LDAP_DEBUG_ANY, "convert_pbe_des_to_aes: "
-- "Checking for DES passwords to convert to AES...\n",0,0,0);
--
-- be = slapi_get_first_backend(&cookie);
-- while (be){
-- int suffix_idx = 0;
-- int count = slapi_counter_get_value(be->be_suffixcounter);
--
-- list = be->be_suffixlist;
-- for (suffix_idx = 0; list && suffix_idx < count; suffix_idx++) {
-- char *suffix = (char *)slapi_sdn_get_ndn(list->be_suffix);
-- if(charray_inlist(backends, suffix) || strlen(suffix) == 0){
-- list = list->next;
-- continue;
-- }
-- charray_add(&backends, slapi_ch_strdup(suffix));
-- list = list->next;
-- }
-- be = slapi_get_next_backend (cookie);
-- }
-- slapi_ch_free ((void **)&cookie);
-+ slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes",
-+ "Converting DES passwords to AES...\n");
-
-- /*
-- * Search for the password attributes
-- */
- for (i = 0; attrs && attrs[i]; i++){
- char *filter = PR_smprintf("%s=*", attrs[i]);
-- /*
-- * Loop over all the backends looking for the password attribute
-- */
-- for(be_idx = 0; backends && backends[be_idx]; be_idx++){
-- pb = slapi_pblock_new();
-- slapi_search_internal_set_pb(pb, backends[be_idx],
-- LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
-- (void *)plugin_get_default_component_id(),
-- SLAPI_OP_FLAG_IGNORE_UNINDEXED);
-- slapi_search_internal_pb(pb);
-- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-- if (LDAP_SUCCESS != result) {
-- slapi_log_error(SLAPI_LOG_TRACE, "convert_pbe_des_to_aes: ",
-- "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
-- attrs[i], result, backends[be_idx]);
-- slapi_free_search_results_internal(pb);
-- slapi_pblock_destroy(pb);
-- pb = NULL;
-- continue;
-- }
-- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-- for (ii = 0; entries && entries[ii]; ii++){
-- if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
-- if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
-- /*
-- * We have a DES encoded password, convert it AES
-- */
-- Slapi_PBlock *mod_pb = NULL;
-- Slapi_Value *sval = NULL;
-- LDAPMod mod_replace;
-- LDAPMod *mods[2];
-- char *replace_val[2];
-- char *passwd = NULL;
--
-- /* decode the DES password */
-- if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "Failed to decode existing DES password for (%s)\n",
-- slapi_entry_get_dn(entries[ii]), 0, 0);
-- disable_des = 0;
-- goto done;
-- }
-
-- /* encode the password */
-+ pb = slapi_pblock_new();
-+ slapi_search_internal_set_pb(pb, "cn=config",
-+ LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
-+ (void *)plugin_get_default_component_id(),
-+ SLAPI_OP_FLAG_IGNORE_UNINDEXED);
-+ slapi_search_internal_pb(pb);
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+ for (ii = 0; entries && entries[ii]; ii++){
-+ if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
-+ if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
-+ /*
-+ * We have a DES encoded password, convert it to AES
-+ */
-+ Slapi_PBlock *mod_pb = NULL;
-+ Slapi_Value *sval = NULL;
-+ LDAPMod mod_replace;
-+ LDAPMod *mods[2];
-+ char *replace_val[2];
-+ char *passwd = NULL;
-+ int rc = 0;
-+
-+ /* decode the DES password */
-+ if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
-+ slapi_log_error(SLAPI_LOG_FATAL ,"convert_pbe_des_to_aes",
-+ "Failed to decode existing DES password for (%s)\n",
-+ slapi_entry_get_dn(entries[ii]));
-+ rc = -1;
-+ }
-+
-+ /* encode the password */
-+ if (rc == 0){
- sval = slapi_value_new_string(passwd);
- if(pw_rever_encode(&sval, attrs[i]) == -1){
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-+ slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes",
- "failed to encode AES password for (%s)\n",
-- slapi_entry_get_dn(entries[ii]), 0, 0);
-- slapi_ch_free_string(&passwd);
-- slapi_value_free(&sval);
-- disable_des = 0;
-- goto done;
-+ slapi_entry_get_dn(entries[ii]));
-+ rc = -1;
- }
-+ }
-
-+ if (rc == 0){
- /* replace the attribute in the entry */
- replace_val[0] = (char *)slapi_value_get_string(sval);
- replace_val[1] = NULL;
-@@ -837,83 +797,34 @@ convert_pbe_des_to_aes()
-
- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
- if (LDAP_SUCCESS != result) {
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-+ slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes"
- "Failed to convert password for (%s) error (%d)\n",
-- slapi_entry_get_dn(entries[ii]), result, 0);
-- disable_des = 0;
-+ slapi_entry_get_dn(entries[ii]), result);
- } else {
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-+ slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes",
- "Successfully converted password for (%s)\n",
-- slapi_entry_get_dn(entries[ii]), result, 0);
-+ slapi_entry_get_dn(entries[ii]));
- converted_des_passwd = 1;
- }
-- slapi_ch_free_string(&passwd);
-- slapi_value_free(&sval);
-- slapi_pblock_destroy(mod_pb);
- }
-- slapi_ch_free_string(&val);
-+ slapi_ch_free_string(&passwd);
-+ slapi_value_free(&sval);
-+ slapi_pblock_destroy(mod_pb);
- }
-+ slapi_ch_free_string(&val);
- }
-- slapi_free_search_results_internal(pb);
-- slapi_pblock_destroy(pb);
-- pb = NULL;
- }
-+ slapi_free_search_results_internal(pb);
-+ slapi_pblock_destroy(pb);
-+ pb = NULL;
- slapi_ch_free_string(&filter);
- }
- if (!converted_des_passwd){
-- slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes",
-+ slapi_log_error(SLAPI_LOG_HOUSE, "convert_pbe_des_to_aes",
- "No DES passwords found to convert.\n");
- }
- }
--
--done:
- charray_free(attrs);
-- charray_free(backends);
-- slapi_free_search_results_internal(pb);
-- slapi_pblock_destroy(pb);
--
-- if (have_aes && have_des){
-- /*
-- * If a conversion attempt did not fail then we can disable the DES plugin
-- */
-- if(converted_des_passwd && disable_des){
-- /*
-- * Disable the DES plugin - this also prevents potentially expensive
-- * searches at every server startup.
-- */
-- LDAPMod mod_replace;
-- LDAPMod *mods[2];
-- char *replace_val[2];
-- char *des_dn = "cn=DES,cn=Password Storage Schemes,cn=plugins,cn=config";
--
-- replace_val[0] = "off";
-- replace_val[1] = NULL;
-- mod_replace.mod_op = LDAP_MOD_REPLACE;
-- mod_replace.mod_type = "nsslapd-pluginEnabled";
-- mod_replace.mod_values = replace_val;
-- mods[0] = &mod_replace;
-- mods[1] = 0;
--
-- pb = slapi_pblock_new();
-- slapi_modify_internal_set_pb(pb, des_dn, mods, 0, 0,
-- (void *)plugin_get_default_component_id(), 0);
-- slapi_modify_internal_pb(pb);
-- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-- if (LDAP_SUCCESS != result) {
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "Failed to disable DES plugin (%s), error (%d)\n",
-- des_dn, result, 0);
-- } else {
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "Successfully disabled DES plugin (%s)\n",
-- des_dn, 0, 0);
-- }
-- slapi_pblock_destroy(pb);
-- LDAPDebug(LDAP_DEBUG_ANY,"convert_pbe_des_to_aes: "
-- "All DES passwords have been converted to AES.\n",
-- 0, 0, 0);
-- }
-- }
- }
-
- #ifdef ENABLE_NUNC_STANS
-diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
-index 4e222d7..883ef80 100644
---- a/ldap/servers/slapd/pw.c
-+++ b/ldap/servers/slapd/pw.c
-@@ -516,10 +516,10 @@ pw_rever_encode(Slapi_Value **vals, char * attr_name)
- for ( p = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME); p != NULL; p = p->plg_next )
- {
- char *L_attr = NULL;
-- int i = 0;
-+ int i = 0, ii = 0;
-
- /* Get the appropriate encoding function */
-- for ( L_attr = p->plg_argv[i]; i<p->plg_argc; L_attr = p->plg_argv[++i] )
-+ for ( L_attr = p->plg_argv[ii]; ii<p->plg_argc; L_attr = p->plg_argv[++ii] )
- {
- if (slapi_attr_types_equivalent(L_attr, attr_name))
- {
-diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
-index db3c222..405f0bf 100644
---- a/ldap/servers/slapd/task.c
-+++ b/ldap/servers/slapd/task.c
-@@ -53,6 +53,8 @@ static int shutting_down = 0;
- #define TASK_TOMBSTONE_FIXUP_BACKEND "backend"
- #define TASK_TOMBSTONE_FIXUP_SUFFIX "suffix"
- #define TASK_TOMBSTONE_FIXUP_STRIPCSN "stripcsn"
-+#define TASK_DES2AES "des2aes task"
-+
-
- #define LOG_BUFFER 256
- /* if the cumul. log gets larger than this, it's truncated: */
-@@ -83,8 +85,10 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
- const char *default_val);
- static Slapi_Entry *get_internal_entry(Slapi_PBlock *pb, char *dn);
- static void modify_internal_entry(char *dn, LDAPMod **mods);
--
- static void fixup_tombstone_task_destructor(Slapi_Task *task);
-+static void task_des2aes_thread(void *arg);
-+static void des2aes_task_destructor(Slapi_Task *task);
-+
-
- /***********************************
- * Public Functions
-@@ -2425,6 +2429,345 @@ fixup_tombstone_task_destructor(Slapi_Task *task)
- "fixup_tombstone_task_destructor <--\n" );
- }
-
-+/*
-+ * des2aes Task
-+ *
-+ * Convert any DES passwords to AES
-+ *
-+ * dn: cn=convertPasswords, cn=des2aes,cn=tasks,cn=config
-+ * objectclass: top
-+ * objectclass: extensibleObject
-+ * suffix: dc=example,dc=com (If empty all backends are checked)
-+ * suffix: dc=other,dc=suffix
-+ */
-+struct task_des2aes_data
-+{
-+ char **suffixes;
-+ Slapi_Task *task;
-+};
-+
-+static int
-+task_des2aes(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
-+ int *returncode, char *returntext, void *arg)
-+{
-+ struct task_des2aes_data *task_data = NULL;
-+ PRThread *thread = NULL;
-+ Slapi_Task *task = NULL;
-+ char **suffix = NULL;
-+ char **bases = NULL;
-+ int rc = SLAPI_DSE_CALLBACK_OK;
-+
-+ /* Get the suffixes */
-+ if((suffix = slapi_entry_attr_get_charray(e, "suffix"))){
-+ int i;
-+ for (i = 0; suffix && suffix[i]; i++){
-+ /* Make sure "suffix" is NUL terminated string */
-+ char *dn = slapi_create_dn_string("%s", suffix[i]);
-+
-+ if(dn){
-+ if(slapi_dn_syntax_check(pb, dn, 1)){
-+ /* invalid suffix name */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "Invalid DN syntax (%s) specified for \"suffix\"\n",
-+ suffix[i]);
-+ *returncode = LDAP_INVALID_DN_SYNTAX;
-+ slapi_ch_free_string(&dn);
-+ rc = SLAPI_DSE_CALLBACK_ERROR;
-+ goto error;
-+ } else {
-+ slapi_ch_array_add(&bases, dn);
-+ }
-+ } else{
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "Invalid DN (%s) specified for \"suffix\"\n", suffix[i]);
-+ *returncode = LDAP_INVALID_DN_SYNTAX;
-+ rc = SLAPI_DSE_CALLBACK_ERROR;
-+ goto error;
-+ }
-+ }
-+ }
-+
-+ /* Build the task data and fire off a thread to perform the conversion */
-+ task = slapi_new_task(slapi_entry_get_ndn(e));
-+
-+ /* register our destructor for cleaning up our private data */
-+ slapi_task_set_destructor_fn(task, des2aes_task_destructor);
-+ task_data = (struct task_des2aes_data *)slapi_ch_calloc(1, sizeof(struct task_des2aes_data));
-+ task_data->suffixes = bases;
-+ task_data->task = task;
-+
-+ /* Start the conversion thread */
-+ thread = PR_CreateThread(PR_USER_THREAD, task_des2aes_thread,
-+ (void *)task_data, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
-+ PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE);
-+ if (thread == NULL) {
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "unable to create des2aes thread!\n");
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "unable to create des2aes thread!\n");
-+ *returncode = LDAP_OPERATIONS_ERROR;
-+ slapi_task_finish(task, *returncode);
-+ rc = SLAPI_DSE_CALLBACK_ERROR;
-+ }
-+
-+error:
-+ if (rc == SLAPI_DSE_CALLBACK_ERROR){
-+ slapi_ch_array_free(bases);
-+ slapi_ch_array_free(suffix);
-+ slapi_ch_free((void **)&task_data);
-+ }
-+ return rc;
-+}
-+
-+static void
-+task_des2aes_thread(void *arg)
-+{
-+ struct task_des2aes_data *task_data = arg;
-+ Slapi_PBlock *pb = NULL;
-+ Slapi_Entry **entries = NULL;
-+ Slapi_Task *task = task_data->task;
-+ struct slapdplugin *plugin = NULL;
-+ char **attrs = NULL;
-+ char **backends = NULL;
-+ char *val = NULL;
-+ int converted_des_passwd = 0;
-+ int result = -1;
-+ int have_aes = 0;
-+ int have_des = 0;
-+ int i = 0, ii = 0, be_idx = 0;
-+ int rc = 0;
-+
-+ /*
-+ * Check that AES plugin is enabled, and grab all the unique
-+ * password attributes.
-+ */
-+ for ( plugin = get_plugin_list(PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME);
-+ plugin != NULL;
-+ plugin = plugin->plg_next )
-+ {
-+ char *plugin_arg = NULL;
-+
-+ if(plugin->plg_started && strcasecmp(plugin->plg_name, "AES") == 0){
-+ /* We have the AES plugin, and its enabled */
-+ have_aes = 1;
-+ }
-+ if(plugin->plg_started && strcasecmp(plugin->plg_name, "DES") == 0){
-+ /* We have the DES plugin, and its enabled */
-+ have_des = 1;
-+ }
-+ /* Gather all the unique password attributes from all the PBE plugins */
-+ for ( i = 0, plugin_arg = plugin->plg_argv[i];
-+ i < plugin->plg_argc;
-+ plugin_arg = plugin->plg_argv[++i] )
-+ {
-+ if(charray_inlist(attrs, plugin_arg)){
-+ continue;
-+ }
-+ charray_add(&attrs, slapi_ch_strdup(plugin_arg));
-+ }
-+ }
-+
-+ if(have_aes && have_des){
-+ if(task_data->suffixes == NULL){
-+ /*
-+ * Build a list of all the backend dn's
-+ */
-+ Slapi_Backend *be = NULL;
-+ struct suffixlist *list;
-+ char *cookie = NULL;
-+
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "Checking for DES passwords to convert to AES...\n");
-+ slapi_task_log_notice(task,
-+ "Checking for DES passwords to convert to AES...\n");
-+
-+ be = slapi_get_first_backend(&cookie);
-+ while (be){
-+ int suffix_idx = 0;
-+ int count = slapi_counter_get_value(be->be_suffixcounter);
-+
-+ list = be->be_suffixlist;
-+ for (suffix_idx = 0; list && suffix_idx < count; suffix_idx++) {
-+ char *suffix = (char *)slapi_sdn_get_ndn(list->be_suffix);
-+ if(charray_inlist(backends, suffix) || strlen(suffix) == 0){
-+ list = list->next;
-+ continue;
-+ }
-+ charray_add(&backends, slapi_ch_strdup(suffix));
-+ list = list->next;
-+ }
-+ be = slapi_get_next_backend (cookie);
-+ }
-+ slapi_ch_free ((void **)&cookie);
-+ } else {
-+ backends = task_data->suffixes;
-+ }
-+
-+ /*
-+ * Search for the password attributes
-+ */
-+ for (i = 0; attrs && attrs[i]; i++){
-+ char *filter = PR_smprintf("%s=*", attrs[i]);
-+ /*
-+ * Loop over all the backends looking for the password attribute
-+ */
-+ for(be_idx = 0; backends && backends[be_idx]; be_idx++){
-+ pb = slapi_pblock_new();
-+ slapi_search_internal_set_pb(pb, backends[be_idx],
-+ LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL,
-+ (void *)plugin_get_default_component_id(),
-+ SLAPI_OP_FLAG_IGNORE_UNINDEXED);
-+ slapi_search_internal_pb(pb);
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-+ if (LDAP_SUCCESS != result) {
-+ slapi_log_error(SLAPI_LOG_FATAL, "convert_pbe_des_to_aes: ",
-+ "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
-+ attrs[i], result, backends[be_idx]);
-+ slapi_task_log_notice(task,
-+ "Failed to search for password attribute (%s) error (%d), skipping suffix (%s)\n",
-+ attrs[i], result, backends[be_idx]);
-+ slapi_free_search_results_internal(pb);
-+ slapi_pblock_destroy(pb);
-+ pb = NULL;
-+ continue;
-+ }
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+ for (ii = 0; entries && entries[ii]; ii++){
-+ if((val = slapi_entry_attr_get_charptr(entries[ii], attrs[i]))){
-+ if(strlen(val) >= 5 && strncmp(val,"{DES}", 5) == 0){
-+ /*
-+ * We have a DES encoded password, convert it AES
-+ */
-+ Slapi_PBlock *mod_pb = NULL;
-+ Slapi_Value *sval = NULL;
-+ LDAPMod mod_replace;
-+ LDAPMod *mods[2];
-+ char *replace_val[2];
-+ char *passwd = NULL;
-+
-+ /* Decode the DES password */
-+ if(pw_rever_decode(val, &passwd, attrs[i]) == -1){
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "Failed to decode existing DES password for (%s)\n",
-+ slapi_entry_get_dn(entries[ii]));
-+ slapi_task_log_notice(task,
-+ "Failed to decode existing DES password for (%s)\n",
-+ slapi_entry_get_dn(entries[ii]));
-+ rc = 1;
-+ goto done;
-+ }
-+
-+ /* Encode the password */
-+ sval = slapi_value_new_string(passwd);
-+ if(pw_rever_encode(&sval, attrs[i]) == -1){
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "failed to encode AES password for (%s)\n",
-+ slapi_entry_get_dn(entries[ii]));
-+ slapi_task_log_notice(task,
-+ "failed to encode AES password for (%s)\n",
-+ slapi_entry_get_dn(entries[ii]));
-+ slapi_ch_free_string(&passwd);
-+ slapi_value_free(&sval);
-+ rc = 1;
-+ goto done;
-+ }
-+
-+ /* Replace the attribute in the entry */
-+ replace_val[0] = (char *)slapi_value_get_string(sval);
-+ replace_val[1] = NULL;
-+ mod_replace.mod_op = LDAP_MOD_REPLACE;
-+ mod_replace.mod_type = attrs[i];
-+ mod_replace.mod_values = replace_val;
-+ mods[0] = &mod_replace;
-+ mods[1] = 0;
-+
-+ mod_pb = slapi_pblock_new();
-+ slapi_modify_internal_set_pb(mod_pb, slapi_entry_get_dn(entries[ii]),
-+ mods, 0, 0, (void *)plugin_get_default_component_id(), 0);
-+ slapi_modify_internal_pb(mod_pb);
-+
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
-+ if (LDAP_SUCCESS != result) {
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "Failed to convert password for (%s) error (%d)\n",
-+ slapi_entry_get_dn(entries[ii]), result);
-+ slapi_task_log_notice(task,
-+ "Failed to convert password for (%s) error (%d)\n",
-+ slapi_entry_get_dn(entries[ii]), result);
-+ rc = 1;
-+ } else {
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "Successfully converted password for (%s)\n",
-+ slapi_entry_get_dn(entries[ii]));
-+ slapi_task_log_notice(task,
-+ "Successfully converted password for (%s)\n",
-+ slapi_entry_get_dn(entries[ii]));
-+ converted_des_passwd = 1;
-+ }
-+ slapi_ch_free_string(&passwd);
-+ slapi_value_free(&sval);
-+ slapi_pblock_destroy(mod_pb);
-+ }
-+ slapi_ch_free_string(&val);
-+ }
-+ }
-+ slapi_free_search_results_internal(pb);
-+ slapi_pblock_destroy(pb);
-+ pb = NULL;
-+ }
-+ slapi_ch_free_string(&filter);
-+ }
-+ if (!converted_des_passwd){
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "No DES passwords found to convert.\n");
-+ slapi_task_log_notice(task, "No DES passwords found to convert.\n");
-+ }
-+ } else {
-+ /* No AES/DES */
-+ if (!have_des){
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "DES plugin not enabled\n");
-+ slapi_task_log_notice(task, "DES plugin not enabled\n");
-+ }
-+ if (!have_aes){
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "AES plugin not enabled\n");
-+ slapi_task_log_notice(task, "AES plugin not enabled\n");
-+ }
-+ slapi_log_error(SLAPI_LOG_FATAL, TASK_DES2AES,
-+ "Unable to convert passwords\n");
-+ slapi_task_log_notice(task, "Unable to convert passwords\n");
-+ rc = 1;
-+ }
-+
-+done:
-+ charray_free(attrs);
-+ charray_free(backends);
-+ slapi_free_search_results_internal(pb);
-+ slapi_pblock_destroy(pb);
-+ slapi_task_finish(task, rc);
-+}
-+
-+static void
-+des2aes_task_destructor(Slapi_Task *task)
-+{
-+ slapi_log_error(SLAPI_LOG_TRACE, TASK_DES2AES,
-+ "des2aes_task_destructor -->\n" );
-+ if (task) {
-+ struct task_des2aes_data *task_data = (struct task_des2aes_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the task to finish. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
-+ if (task_data) {
-+ slapi_ch_array_free(task_data->suffixes);
-+ slapi_ch_free((void **)&task_data);
-+ }
-+ }
-+ slapi_log_error(SLAPI_LOG_TRACE, TASK_DES2AES,
-+ "des2aes_task_destructor <--\n" );
-+}
-+
- /* cleanup old tasks that may still be in the DSE from a previous session
- * (this can happen if the server crashes [no matter how unlikely we like
- * to think that is].)
-@@ -2506,6 +2849,7 @@ void task_init(void)
- slapi_task_register_handler("upgradedb", task_upgradedb_add);
- slapi_task_register_handler("sysconfig reload", task_sysconfig_reload_add);
- slapi_task_register_handler("fixup tombstones", task_fixup_tombstones_add);
-+ slapi_task_register_handler("des2aes", task_des2aes);
- }
-
- /* called when the server is shutting down -- abort all existing tasks */
---
-2.4.11
-
diff --git a/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch b/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch
deleted file mode 100644
index c6fda99..0000000
--- a/SOURCES/0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch
+++ /dev/null
@@ -1,744 +0,0 @@
-From a39e2b7cba91b9f13fe54123b7e8b510bf5bcee8 Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Wed, 8 Jun 2016 11:28:07 +0200
-Subject: [PATCH 95/99] Ticket 48766 - Replication changelog can incorrectly
- skip over updates
-
-Bug Description:
- The changelog iterator uses a buffer to load and send changes, when the buffer is empty
- there were scenarios when the straing point for reloading the buffer was incorrectly set
- and changes were skipped
-
-Fix Description: reworked clcach buffer code following design at
- http://www.port389.org/docs/389ds/design/changelog-processing-in-repl-state-sending-updates.html
-
-https://fedorahosted.org/389/ticket/48766
-
-Reviewed by: Mark and Thierry, thanks
-
-(cherry picked from commit b08df71aa9eb18572f58e55e8d6b9ef7fe181773)
-(cherry picked from commit ec15a75ccdba713e4d74dcd760e3244ba43b6191)
----
- ldap/servers/plugins/replication/cl5_api.c | 171 +++------------
- ldap/servers/plugins/replication/cl5_clcache.c | 292 +++++++++++++++----------
- ldap/servers/plugins/replication/cl5_clcache.h | 2 +-
- 3 files changed, 214 insertions(+), 251 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
-index ae23353..3adaf86 100644
---- a/ldap/servers/plugins/replication/cl5_api.c
-+++ b/ldap/servers/plugins/replication/cl5_api.c
-@@ -5489,18 +5489,13 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
- {
- CLC_Buffer *clcache = NULL;
- CL5DBFile *file;
-- int i;
-- CSN **csns = NULL;
- CSN *startCSN = NULL;
-- CSN *minCSN = NULL;
- char csnStr [CSN_STRSIZE];
- int rc = CL5_SUCCESS;
- Object *supplierRuvObj = NULL;
- RUV *supplierRuv = NULL;
-- PRBool newReplica;
- PRBool haveChanges = PR_FALSE;
- char *agmt_name;
-- ReplicaId rid;
-
- PR_ASSERT (consumerRuv && replica && fileObj && iterator);
- csnStr[0] = '\0';
-@@ -5528,111 +5523,32 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
- ruv_dump (supplierRuv, agmt_name, NULL);
- }
-
-- /*
-- * get the sorted list of SupplierMinCSN (if no ConsumerMaxCSN)
-- * and ConsumerMaxCSN for those RIDs where consumer is not
-- * up-to-date.
-- */
-- csns = cl5BuildCSNList (consumerRuv, supplierRuv);
-- if (csns == NULL)
-- {
-- rc = CL5_NOTFOUND;
-- goto done;
-- }
-
-- /* iterate over elements of consumer's (and/or supplier's) ruv */
-- for (i = 0; csns[i]; i++)
-- {
-- CSN *consumerMaxCSN = NULL;
--
-- rid = csn_get_replicaid(csns[i]);
--
-- /*
-- * Skip CSN that is originated from the consumer.
-- * If RID==65535, the CSN is originated from a
-- * legacy consumer. In this case the supplier
-- * and the consumer may have the same RID.
-- */
-- if ((rid == consumerRID && rid != MAX_REPLICA_ID) || (is_cleaned_rid(rid)) )
-- continue;
-+ /* initialize the changelog buffer and do the initial load */
-
-- startCSN = csns[i];
-+ rc = clcache_get_buffer ( &clcache, file->db, consumerRID, consumerRuv, supplierRuv );
-+ if ( rc != 0 ) goto done;
-
-- rc = clcache_get_buffer ( &clcache, file->db, consumerRID, consumerRuv, supplierRuv );
-- if ( rc != 0 ) goto done;
--
-- /* This is the first loading of this iteration. For replicas
-- * already known to the consumer, we exclude the last entry
-- * sent to the consumer by using DB_NEXT. However, for
-- * replicas new to the consumer, we include the first change
-- * ever generated by that replica.
-- */
-- newReplica = ruv_get_largest_csn_for_replica (consumerRuv, rid, &consumerMaxCSN);
-- csn_free(&consumerMaxCSN);
-- rc = clcache_load_buffer (clcache, startCSN, (newReplica ? DB_SET : DB_NEXT));
--
-- /* there is a special case which can occur just after migration - in this case,
-- the consumer RUV will contain the last state of the supplier before migration,
-- but the supplier will have an empty changelog, or the supplier changelog will
-- not contain any entries within the consumer min and max CSN - also, since
-- the purge RUV contains no CSNs, the changelog has never been purged
-- ASSUMPTIONS - it is assumed that the supplier had no pending changes to send
-- to any consumers; that is, we can assume that no changes were lost due to
-- either changelog purging or database reload - bug# 603061 - richm@netscape.com
-- */
-- if ((rc == DB_NOTFOUND) && !ruv_has_csns(file->purgeRUV))
-- {
-- char mincsnStr[CSN_STRSIZE];
--
-- /* use the supplier min csn for the buffer start csn - we know
-- this csn is in our changelog */
-- if ((RUV_SUCCESS == ruv_get_min_csn_ext(supplierRuv, &minCSN, 1 /* ignore cleaned rids */)) &&
-- minCSN)
-- { /* must now free startCSN */
-- if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-- csn_as_string(startCSN, PR_FALSE, csnStr);
-- csn_as_string(minCSN, PR_FALSE, mincsnStr);
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-- "%s: CSN %s not found and no purging, probably a reinit\n",
-- agmt_name, csnStr);
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-- "%s: Will try to use supplier min CSN %s to load changelog\n",
-- agmt_name, mincsnStr);
-- }
-- startCSN = minCSN;
-- rc = clcache_load_buffer (clcache, startCSN, DB_SET);
-- }
-- else
-- {
-- if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-- csn_as_string(startCSN, PR_FALSE, csnStr);
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "%s: CSN %s not found and no purging, probably a reinit\n",
-- agmt_name, csnStr);
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "%s: Could not get the min csn from the supplier RUV\n",
-- agmt_name);
-- }
-- rc = CL5_RUV_ERROR;
-- goto done;
-- }
-- }
-+ rc = clcache_load_buffer (clcache, &startCSN);
-
- if (rc == 0) {
-- haveChanges = PR_TRUE;
-- rc = CL5_SUCCESS;
-- if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-- csn_as_string(startCSN, PR_FALSE, csnStr);
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-- "%s: CSN %s found, position set for replay\n", agmt_name, csnStr);
-- }
-- if (startCSN != csns[i]) {
-- csn_free(&startCSN);
-- }
-- break;
-+ haveChanges = PR_TRUE;
-+ rc = CL5_SUCCESS;
-+ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-+ csn_as_string(startCSN, PR_FALSE, csnStr);
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ "%s: CSN %s found, position set for replay\n", agmt_name, csnStr);
-+ }
- }
-- else if (rc == DB_NOTFOUND) /* entry not found */
-- {
-+ else if (rc == DB_NOTFOUND) {
-+ /* buffer not loaded.
-+ * either because no changes have to be sent ==> startCSN is NULL
-+ * or the calculated startCSN cannot be found in the changelog
-+ */
-+ if (startCSN == NULL) {
-+ rc = CL5_NOTFOUND;
-+ goto done;
-+ }
- /* check whether this csn should be present */
- rc = _cl5CheckMissingCSN (startCSN, supplierRuv, file);
- if (rc == CL5_MISSING_DATA) /* we should have had the change but we don't */
-@@ -5650,17 +5566,6 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
- "%s: CSN %s not found, we aren't as up to date, or we purged\n",
- agmt_name, csnStr);
- }
-- if (startCSN != csns[i]) {
-- csn_free(&startCSN);
-- }
-- if (rc == CL5_MISSING_DATA) /* we should have had the change but we don't */
-- {
-- break;
-- }
-- else /* we are not as up to date or we purged */
-- {
-- continue;
-- }
- }
- else
- {
-@@ -5669,34 +5574,29 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "%s: Failed to retrieve change with CSN %s; db error - %d %s\n",
- agmt_name, csnStr, rc, db_strerror(rc));
-- if (startCSN != csns[i]) {
-- csn_free(&startCSN);
-- }
-
- rc = CL5_DB_ERROR;
-- break;
-- }
-+ }
-
-- } /* end for */
-
- /* setup the iterator */
- if (haveChanges)
- {
-- *iterator = (CL5ReplayIterator*) slapi_ch_calloc (1, sizeof (CL5ReplayIterator));
-+ *iterator = (CL5ReplayIterator*) slapi_ch_calloc (1, sizeof (CL5ReplayIterator));
-
-- if (*iterator == NULL)
-- {
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ if (*iterator == NULL)
-+ {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "%s: _cl5PositionCursorForReplay: failed to allocate iterator\n", agmt_name);
-- rc = CL5_MEMORY_ERROR;
-- goto done;
-- }
-+ rc = CL5_MEMORY_ERROR;
-+ goto done;
-+ }
-
- /* ONREPL - should we make a copy of both RUVs here ?*/
-- (*iterator)->fileObj = fileObj;
-- (*iterator)->clcache = clcache; clcache = NULL;
-- (*iterator)->consumerRID = consumerRID;
-- (*iterator)->consumerRuv = consumerRuv;
-+ (*iterator)->fileObj = fileObj;
-+ (*iterator)->clcache = clcache; clcache = NULL;
-+ (*iterator)->consumerRID = consumerRID;
-+ (*iterator)->consumerRuv = consumerRuv;
- (*iterator)->supplierRuvObj = supplierRuvObj;
- }
- else if (rc == CL5_SUCCESS)
-@@ -5706,11 +5606,8 @@ static int _cl5PositionCursorForReplay (ReplicaId consumerRID, const RUV *consum
- }
-
- done:
-- if ( clcache )
-- clcache_return_buffer ( &clcache );
--
-- if (csns)
-- cl5DestroyCSNList (&csns);
-+ if ( clcache )
-+ clcache_return_buffer ( &clcache );
-
- if (rc != CL5_SUCCESS)
- {
-diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
-index b53d7c0..2d3bb28 100644
---- a/ldap/servers/plugins/replication/cl5_clcache.c
-+++ b/ldap/servers/plugins/replication/cl5_clcache.c
-@@ -39,6 +39,7 @@
- #define DEFAULT_CLC_BUFFER_COUNT_MAX 0
- #define DEFAULT_CLC_BUFFER_PAGE_COUNT 32
- #define DEFAULT_CLC_BUFFER_PAGE_SIZE 1024
-+#define WORK_CLC_BUFFER_PAGE_SIZE 8*DEFAULT_CLC_BUFFER_PAGE_SIZE
-
- enum {
- CLC_STATE_READY = 0, /* ready to iterate */
-@@ -56,8 +57,9 @@ struct csn_seq_ctrl_block {
- ReplicaId rid; /* RID this block serves */
- CSN *consumer_maxcsn; /* Don't send CSN <= this */
- CSN *local_maxcsn; /* Don't send CSN > this */
-- CSN *prev_local_maxcsn; /* */
-- int state; /* CLC_STATE_* */
-+ CSN *prev_local_maxcsn; /* Copy of last state at buffer loading */
-+ CSN *local_mincsn; /* Used to determin anchor csn*/
-+ int state; /* CLC_STATE_* */
- };
-
- /*
-@@ -70,6 +72,8 @@ struct clc_buffer {
- ReplicaId buf_consumer_rid; /* help checking threshold csn */
- const RUV *buf_consumer_ruv; /* used to skip change */
- const RUV *buf_local_ruv; /* used to refresh local_maxcsn */
-+ int buf_ignoreConsumerRID; /* how to handle updates from consumer */
-+ int buf_load_cnt; /* number of loads for session */
-
- /*
- * fields for retriving data from DB
-@@ -90,7 +94,6 @@ struct clc_buffer {
- int buf_max_cscbs;
-
- /* fields for debugging stat */
-- int buf_load_cnt; /* number of loads for session */
- int buf_record_cnt; /* number of changes for session */
- int buf_record_skipped; /* number of changes skipped */
- int buf_skipped_new_rid; /* number of changes skipped due to new_rid */
-@@ -133,7 +136,8 @@ struct clc_pool {
- static struct clc_pool *_pool = NULL; /* process's buffer pool */
-
- /* static prototypes */
--static int clcache_adjust_anchorcsn ( CLC_Buffer *buf );
-+static int clcache_initial_anchorcsn ( CLC_Buffer *buf, int *flag );
-+static int clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag );
- static void clcache_refresh_consumer_maxcsns ( CLC_Buffer *buf );
- static int clcache_refresh_local_maxcsns ( CLC_Buffer *buf );
- static int clcache_skip_change ( CLC_Buffer *buf );
-@@ -251,8 +255,23 @@ clcache_get_buffer ( CLC_Buffer **buf, DB *db, ReplicaId consumer_rid, const RUV
- }
-
- if ( NULL != *buf ) {
-+ CSN *c_csn = NULL;
-+ CSN *l_csn = NULL;
- (*buf)->buf_consumer_ruv = consumer_ruv;
- (*buf)->buf_local_ruv = local_ruv;
-+ (*buf)->buf_load_flag = DB_MULTIPLE_KEY;
-+ ruv_get_largest_csn_for_replica (consumer_ruv, consumer_rid, &c_csn);
-+ ruv_get_largest_csn_for_replica (local_ruv, consumer_rid, &l_csn);
-+ if (l_csn && csn_compare(l_csn, c_csn) > 0) {
-+ /* the supplier has updates for the consumer RID and
-+ * these updates are newer than on the consumer
-+ */
-+ (*buf)->buf_ignoreConsumerRID = 0;
-+ } else {
-+ (*buf)->buf_ignoreConsumerRID = 1;
-+ }
-+ csn_free(&c_csn);
-+ csn_free(&l_csn);
- }
- else {
- slapi_log_error ( SLAPI_LOG_FATAL, get_thread_private_agmtname(),
-@@ -305,36 +324,25 @@ clcache_return_buffer ( CLC_Buffer **buf )
- * historic reason.
- */
- int
--clcache_load_buffer ( CLC_Buffer *buf, CSN *anchorcsn, int flag )
-+clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN )
- {
- int rc = 0;
-+ int flag = DB_NEXT;
-
-+ if (anchorCSN) *anchorCSN = NULL;
- clcache_refresh_local_maxcsns ( buf );
-
-- /* Set the loading key */
-- if ( anchorcsn ) {
-+ if (buf->buf_load_cnt == 0 ) {
- clcache_refresh_consumer_maxcsns ( buf );
-- buf->buf_load_flag = DB_MULTIPLE_KEY;
-- csn_as_string ( anchorcsn, 0, (char*)buf->buf_key.data );
-- slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name,
-- "session start: anchorcsn=%s\n", (char*)buf->buf_key.data );
-- }
-- else if ( csn_get_time(buf->buf_current_csn) == 0 ) {
-- /* time == 0 means this csn has never been set */
-- rc = DB_NOTFOUND;
-- }
-- else if ( clcache_adjust_anchorcsn ( buf ) != 0 ) {
-- rc = DB_NOTFOUND;
-- }
-- else {
-- csn_as_string ( buf->buf_current_csn, 0, (char*)buf->buf_key.data );
-- slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name,
-- "load next: anchorcsn=%s\n", (char*)buf->buf_key.data );
-+ rc = clcache_initial_anchorcsn ( buf, &flag );
-+ } else {
-+ rc = clcache_adjust_anchorcsn ( buf, &flag );
- }
-
- if ( rc == 0 ) {
-
- buf->buf_state = CLC_STATE_READY;
-+ if (anchorCSN) *anchorCSN = buf->buf_current_csn;
- rc = clcache_load_buffer_bulk ( buf, flag );
-
- /* Reset some flag variables */
-@@ -344,21 +352,15 @@ clcache_load_buffer ( CLC_Buffer *buf, CSN *anchorcsn, int flag )
- buf->buf_cscbs[i]->state = CLC_STATE_READY;
- }
- }
-- else if ( anchorcsn ) {
-- /* Report error only when the missing is persistent */
-- if ( buf->buf_missing_csn && csn_compare (buf->buf_missing_csn, anchorcsn) == 0 ) {
-- if (!buf->buf_prev_missing_csn || csn_compare (buf->buf_prev_missing_csn, anchorcsn)) {
-- slapi_log_error ( SLAPI_LOG_FATAL, buf->buf_agmt_name,
-- "Can't locate CSN %s in the changelog (DB rc=%d). If replication stops, the consumer may need to be reinitialized.\n",
-- (char*)buf->buf_key.data, rc );
-- csn_dup_or_init_by_csn (&buf->buf_prev_missing_csn, anchorcsn);
-- }
-- }
-- else {
-- csn_dup_or_init_by_csn (&buf->buf_missing_csn, anchorcsn);
-- }
-+ else {
-+ slapi_log_error ( SLAPI_LOG_FATAL, buf->buf_agmt_name,
-+ "Can't locate CSN %s in the changelog (DB rc=%d). If replication stops, the consumer may need to be reinitialized.\n",
-+ (char*)buf->buf_key.data, rc );
- }
-+ } else if (rc == CLC_STATE_DONE) {
-+ rc = DB_NOTFOUND;
- }
-+
- if ( rc != 0 ) {
- slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name,
- "clcache_load_buffer: rc=%d\n", rc );
-@@ -483,7 +485,7 @@ clcache_get_next_change ( CLC_Buffer *buf, void **key, size_t *keylen, void **da
- * We're done with the current buffer. Now load the next chunk.
- */
- if ( NULL == *key && CLC_STATE_READY == buf->buf_state ) {
-- rc = clcache_load_buffer ( buf, NULL, DB_NEXT );
-+ rc = clcache_load_buffer ( buf, NULL );
- if ( 0 == rc && buf->buf_record_ptr ) {
- DB_MULTIPLE_KEY_NEXT ( buf->buf_record_ptr, &buf->buf_data,
- *key, *keylen, *data, *datalen );
-@@ -521,7 +523,6 @@ clcache_refresh_consumer_maxcsns ( CLC_Buffer *buf )
- int i;
-
- for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
-- csn_free(&buf->buf_cscbs[i]->consumer_maxcsn);
- ruv_get_largest_csn_for_replica (
- buf->buf_consumer_ruv,
- buf->buf_cscbs[i]->rid,
-@@ -538,14 +539,11 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data )
- int i;
-
- rid = csn_get_replicaid ( rid_data->csn );
--
-- /*
-- * No need to create cscb for consumer's RID.
-- * If RID==65535, the CSN is originated from a
-- * legacy consumer. In this case the supplier
-- * and the consumer may have the same RID.
-+ /* we do not handle updates originated at the consumer if not required
-+ * and we ignore RID which have been cleaned
- */
-- if ( rid == buf->buf_consumer_rid && rid != MAX_REPLICA_ID )
-+ if ( (rid == buf->buf_consumer_rid && buf->buf_ignoreConsumerRID) ||
-+ is_cleaned_rid(rid) )
- return rc;
-
- for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
-@@ -564,9 +562,20 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data )
- }
- buf->buf_cscbs[i]->rid = rid;
- buf->buf_num_cscbs++;
-+ /* this is the first time we have a local change for the RID
-+ * we need to check what the consumer knows about it.
-+ */
-+ ruv_get_largest_csn_for_replica (
-+ buf->buf_consumer_ruv,
-+ buf->buf_cscbs[i]->rid,
-+ &buf->buf_cscbs[i]->consumer_maxcsn );
- }
-
-+ if (buf->buf_cscbs[i]->local_maxcsn)
-+ csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->prev_local_maxcsn, buf->buf_cscbs[i]->local_maxcsn );
-+
- csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->local_maxcsn, rid_data->csn );
-+ csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->local_mincsn, rid_data->min_csn );
-
- if ( buf->buf_cscbs[i]->consumer_maxcsn &&
- csn_compare (buf->buf_cscbs[i]->consumer_maxcsn, rid_data->csn) >= 0 ) {
-@@ -580,88 +589,147 @@ clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data )
- static int
- clcache_refresh_local_maxcsns ( CLC_Buffer *buf )
- {
-- int i;
-
-- for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
-- csn_dup_or_init_by_csn ( &buf->buf_cscbs[i]->prev_local_maxcsn,
-- buf->buf_cscbs[i]->local_maxcsn );
-- }
- return ruv_enumerate_elements ( buf->buf_local_ruv, clcache_refresh_local_maxcsn, buf );
- }
-
- /*
- * Algorithm:
- *
-- * 1. Snapshot local RUVs;
-- * 2. Load buffer;
-- * 3. Send to the consumer only those CSNs that are covered
-- * by the RUVs snapshot taken in the first step;
-- * All CSNs that are covered by the RUVs snapshot taken in the
-- * first step are guaranteed in consecutive order for the respected
-- * RIDs because of the the CSN pending list control;
-- * A CSN that is not covered by the RUVs snapshot may be out of order
-- * since it is possible that a smaller CSN might not have committed
-- * yet by the time the buffer was loaded.
-- * 4. Determine anchorcsn for each RID:
-- *
-- * Case| Local vs. Buffer | New Local | Next
-- * | MaxCSN MaxCSN | MaxCSN | Anchor-CSN
-- * ----+-------------------+-----------+----------------
-- * 1 | Cl >= Cb | * | Cb
-- * 2 | Cl < Cb | Cl | Cb
-- * 3 | Cl < Cb | Cl2 | Cl
-- *
-- * 5. Determine anchorcsn for next load:
-+ * 1. Determine anchorcsn for each RID:
-+ * 2. Determine anchorcsn for next load:
- * Anchor-CSN = min { all Next-Anchor-CSN, Buffer-MaxCSN }
- */
- static int
--clcache_adjust_anchorcsn ( CLC_Buffer *buf )
-+clcache_initial_anchorcsn ( CLC_Buffer *buf, int *flag )
- {
- PRBool hasChange = PR_FALSE;
- struct csn_seq_ctrl_block *cscb;
- int i;
-+ CSN *anchorcsn = NULL;
-
- if ( buf->buf_state == CLC_STATE_READY ) {
- for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
-+ CSN *rid_anchor = NULL;
-+ int rid_flag = DB_NEXT;
- cscb = buf->buf_cscbs[i];
-
-- if ( cscb->state == CLC_STATE_UP_TO_DATE )
-- continue;
-+ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-+ char prevmax[CSN_STRSIZE];
-+ char local[CSN_STRSIZE];
-+ char curr[CSN_STRSIZE];
-+ char conmaxcsn[CSN_STRSIZE];
-+ csn_as_string(cscb->prev_local_maxcsn, 0, prevmax);
-+ csn_as_string(cscb->local_maxcsn, 0, local);
-+ csn_as_string(buf->buf_current_csn, 0, curr);
-+ csn_as_string(cscb->consumer_maxcsn, 0, conmaxcsn);
-+ slapi_log_error(SLAPI_LOG_REPL, "clcache_initial_anchorcsn" ,
-+ "%s - (cscb %d - state %d) - csnPrevMax (%s) "
-+ "csnMax (%s) csnBuf (%s) csnConsumerMax (%s)\n",
-+ buf->buf_agmt_name, i, cscb->state, prevmax, local,
-+ curr, conmaxcsn);
-+ }
-
-- /*
-- * Case 3 unsafe ruv change: next buffer load should start
-- * from where the maxcsn in the old ruv was. Since each
-- * cscb has remembered the maxcsn sent to the consumer,
-- * CSNs that may be loaded again could easily be skipped.
-- */
-- if ( cscb->prev_local_maxcsn &&
-- csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) < 0 &&
-- csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) != 0 ) {
-+ if (cscb->consumer_maxcsn == NULL) {
-+ /* the consumer hasn't seen changes for this RID */
-+ rid_anchor = cscb->local_mincsn;
-+ rid_flag = DB_SET;
-+ } else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
-+ rid_anchor = cscb->consumer_maxcsn;
-+ }
-+
-+ if (rid_anchor && (anchorcsn == NULL ||
-+ ( csn_compare(rid_anchor, anchorcsn) < 0))) {
-+ anchorcsn = rid_anchor;
-+ *flag = rid_flag;
- hasChange = PR_TRUE;
-- cscb->state = CLC_STATE_READY;
-- csn_init_by_csn ( buf->buf_current_csn, cscb->prev_local_maxcsn );
-- csn_as_string ( cscb->prev_local_maxcsn, 0, (char*)buf->buf_key.data );
-- slapi_log_error ( SLAPI_LOG_REPL, buf->buf_agmt_name,
-- "adjust anchor csn upon %s\n",
-- ( cscb->state == CLC_STATE_CSN_GT_RUV ? "out of sequence csn" : "unsafe ruv change") );
-- continue;
- }
-
-- /*
-- * check if there are still changes to send for this RID
-- * Assume we had compared the local maxcsn and the consumer
-- * max csn before this function was called and hence the
-- * cscb->state had been set accordingly.
-- */
-- if ( hasChange == PR_FALSE &&
-- csn_compare (cscb->local_maxcsn, buf->buf_current_csn) > 0 ) {
-+
-+ }
-+ }
-+
-+ if ( !hasChange ) {
-+ buf->buf_state = CLC_STATE_DONE;
-+ } else {
-+ csn_init_by_csn(buf->buf_current_csn, anchorcsn);
-+ csn_as_string(buf->buf_current_csn, 0, (char *)buf->buf_key.data);
-+ slapi_log_error(SLAPI_LOG_REPL, "clcache_initial_anchorcsn",
-+ "anchor is now: %s\n", (char *)buf->buf_key.data);
-+ }
-+
-+ return buf->buf_state;
-+}
-+
-+static int
-+clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag )
-+{
-+ PRBool hasChange = PR_FALSE;
-+ struct csn_seq_ctrl_block *cscb;
-+ int i;
-+ CSN *anchorcsn = NULL;
-+
-+ if ( buf->buf_state == CLC_STATE_READY ) {
-+ for ( i = 0; i < buf->buf_num_cscbs; i++ ) {
-+ CSN *rid_anchor = NULL;
-+ int rid_flag = DB_NEXT;
-+ cscb = buf->buf_cscbs[i];
-+
-+ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-+ char prevmax[CSN_STRSIZE];
-+ char local[CSN_STRSIZE];
-+ char curr[CSN_STRSIZE];
-+ char conmaxcsn[CSN_STRSIZE];
-+ csn_as_string(cscb->prev_local_maxcsn, 0, prevmax);
-+ csn_as_string(cscb->local_maxcsn, 0, local);
-+ csn_as_string(buf->buf_current_csn, 0, curr);
-+ csn_as_string(cscb->consumer_maxcsn, 0, conmaxcsn);
-+ slapi_log_error(SLAPI_LOG_REPL, "clcache_adjust_anchorcsn" ,
-+ "%s - (cscb %d - state %d) - csnPrevMax (%s) "
-+ "csnMax (%s) csnBuf (%s) csnConsumerMax (%s)\n",
-+ buf->buf_agmt_name, i, cscb->state, prevmax, local,
-+ curr, conmaxcsn);
-+ }
-+
-+ if (csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 ||
-+ csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) > 0 ) {
-+ if (csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
-+ rid_anchor = buf->buf_current_csn;
-+ }
-+ } else {
-+ /* prev local max csn < csnBuffer AND different from local maxcsn */
-+ if (cscb->prev_local_maxcsn == NULL) {
-+ if (cscb->consumer_maxcsn == NULL) {
-+ /* the consumer hasn't seen changes for this RID */
-+ rid_anchor = cscb->local_mincsn;
-+ rid_flag = DB_SET;
-+ } else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
-+ rid_anchor = cscb->consumer_maxcsn;
-+ }
-+ } else {
-+ /* csnPrevMaxSup > 0 */
-+ rid_anchor = cscb->consumer_maxcsn;
-+ }
-+ }
-+
-+ if (rid_anchor && (anchorcsn == NULL ||
-+ ( csn_compare(rid_anchor, anchorcsn) < 0))) {
-+ anchorcsn = rid_anchor;
-+ *flag = rid_flag;
- hasChange = PR_TRUE;
- }
-+
-+
- }
- }
-
- if ( !hasChange ) {
- buf->buf_state = CLC_STATE_DONE;
-+ } else {
-+ csn_init_by_csn(buf->buf_current_csn, anchorcsn);
-+ csn_as_string(buf->buf_current_csn, 0, (char *)buf->buf_key.data);
-+ slapi_log_error(SLAPI_LOG_REPL, "clcache_adjust_anchorcsn",
-+ "anchor is now: %s\n", (char *)buf->buf_key.data);
- }
-
- return buf->buf_state;
-@@ -675,7 +743,6 @@ clcache_skip_change ( CLC_Buffer *buf )
- int skip = 1;
- int i;
- char buf_cur_csn_str[CSN_STRSIZE];
-- char oth_csn_str[CSN_STRSIZE];
-
- do {
-
-@@ -688,25 +755,14 @@ clcache_skip_change ( CLC_Buffer *buf )
- * legacy consumer. In this case the supplier
- * and the consumer may have the same RID.
- */
-- if (rid == buf->buf_consumer_rid && rid != MAX_REPLICA_ID){
-- CSN *cons_maxcsn = NULL;
--
-- ruv_get_max_csn(buf->buf_consumer_ruv, &cons_maxcsn);
-- if ( csn_compare ( buf->buf_current_csn, cons_maxcsn) > 0 ) {
-- /*
-- * The consumer must have been "restored" and needs this newer update.
-- */
-- skip = 0;
-- } else if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
-+ if (rid == buf->buf_consumer_rid && buf->buf_ignoreConsumerRID){
-+ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) {
- csn_as_string(buf->buf_current_csn, 0, buf_cur_csn_str);
-- csn_as_string(cons_maxcsn, 0, oth_csn_str);
- slapi_log_error(SLAPI_LOG_REPL, buf->buf_agmt_name,
-- "Skipping update because the changelog buffer current csn [%s] is "
-- "less than or equal to the consumer max csn [%s]\n",
-- buf_cur_csn_str, oth_csn_str);
-+ "Skipping update because the consumer with Rid: [%d] is "
-+ "ignored\n", rid);
- buf->buf_skipped_csn_gt_cons_maxcsn++;
- }
-- csn_free(&cons_maxcsn);
- break;
- }
-
-@@ -821,6 +877,7 @@ clcache_free_cscb ( struct csn_seq_ctrl_block ** cscb )
- csn_free ( & (*cscb)->consumer_maxcsn );
- csn_free ( & (*cscb)->local_maxcsn );
- csn_free ( & (*cscb)->prev_local_maxcsn );
-+ csn_free ( & (*cscb)->local_mincsn );
- slapi_ch_free ( (void **) cscb );
- }
-
-@@ -1003,6 +1060,15 @@ clcache_cursor_get ( DBC *cursor, CLC_Buffer *buf, int flag )
- {
- int rc;
-
-+ if (buf->buf_data.ulen > WORK_CLC_BUFFER_PAGE_SIZE) {
-+ /*
-+ * The buffer size had to be increased,
-+ * reset it to a smaller working size,
-+ * if not sufficient it will be increased again
-+ */
-+ buf->buf_data.ulen = WORK_CLC_BUFFER_PAGE_SIZE;
-+ }
-+
- rc = cursor->c_get ( cursor,
- & buf->buf_key,
- & buf->buf_data,
-diff --git a/ldap/servers/plugins/replication/cl5_clcache.h b/ldap/servers/plugins/replication/cl5_clcache.h
-index 4c459ab..75b2817 100644
---- a/ldap/servers/plugins/replication/cl5_clcache.h
-+++ b/ldap/servers/plugins/replication/cl5_clcache.h
-@@ -23,7 +23,7 @@ typedef struct clc_buffer CLC_Buffer;
- int clcache_init ( DB_ENV **dbenv );
- void clcache_set_config ();
- int clcache_get_buffer ( CLC_Buffer **buf, DB *db, ReplicaId consumer_rid, const RUV *consumer_ruv, const RUV *local_ruv );
--int clcache_load_buffer ( CLC_Buffer *buf, CSN *startCSN, int flag );
-+int clcache_load_buffer ( CLC_Buffer *buf, CSN **anchorCSN );
- void clcache_return_buffer ( CLC_Buffer **buf );
- int clcache_get_next_change ( CLC_Buffer *buf, void **key, size_t *keylen, void **data, size_t *datalen, CSN **csn );
- void clcache_destroy ();
---
-2.4.11
-
diff --git a/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch b/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch
deleted file mode 100644
index 2367de5..0000000
--- a/SOURCES/0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch
+++ /dev/null
@@ -1,446 +0,0 @@
-From 09cff2c4c01bbcaf45df553869d0b6cb8acfad2b Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Sun, 17 Jan 2016 18:25:43 -0500
-Subject: [PATCH 96/99] Ticket 47788 - Supplier can skip a failing update,
- although it should retry
-
-Bug Description: If a replicated update fails on the consumer,
- the update is never tried. This is due to the
- replication async result thread missing the failure
- before another update is replicated and it succeeds.
-
- This second update that succeeds updates the consumer
- RUV. This makes it appear that the consumer is caught
- up, and the supplier never resends that original
- failed update.
-
-Fix Description: When a replicated update fails, and its an error we can
- not ignore, the connection is closed. Which stops the
- replication session, and prevents any further updates
- coming in and updating the consumer RUV. This allows
- the supplier to correctly retry the operation that
- failed on the next replication session.
-
-https://fedorahosted.org/389/ticket/47788
-
-Reviewed by: nhosoi, wibrown, and rmeggins (Thanks!!!)
-
-(cherry picked from commit ab6501a963c94b2b6b5fa8d1924519ef1c26b0bd)
-(cherry picked from commit 407c545f07c06520f8378649fc0ac8fe20748dc7)
----
- ldap/servers/plugins/replication/repl5.h | 1 +
- .../servers/plugins/replication/repl5_connection.c | 19 +--
- .../plugins/replication/repl5_inc_protocol.c | 182 ++++++++++++---------
- ldap/servers/plugins/replication/repl5_plugins.c | 60 ++++++-
- ldap/servers/plugins/replication/urp.c | 2 +-
- 5 files changed, 168 insertions(+), 96 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index df92ca0..307da82 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -608,6 +608,7 @@ void replica_incr_agmt_count(Replica *r);
- void replica_decr_agmt_count(Replica *r);
- PRUint64 replica_get_precise_purging(Replica *r);
- void replica_set_precise_purging(Replica *r, PRUint64 on_off);
-+PRBool ignore_error_and_keep_going(int error);
-
- /* The functions below handles the state flag */
- /* Current internal state flags */
-diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
-index 1515ca1..d193938 100644
---- a/ldap/servers/plugins/replication/repl5_connection.c
-+++ b/ldap/servers/plugins/replication/repl5_connection.c
-@@ -480,17 +480,17 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
- conn->last_ldap_error = rc;
- close_connection_internal(conn); /* we already have the lock */
- return_value = CONN_NOT_CONNECTED;
-+ goto done;
- }
- else if (IS_DISCONNECT_ERROR(err))
- {
- conn->last_ldap_error = err;
- close_connection_internal(conn); /* we already have the lock */
- return_value = CONN_NOT_CONNECTED;
-+ goto done;
- }
- /* Got a result */
-- if ((rc == LDAP_SUCCESS) && (err == LDAP_BUSY))
-- return_value = CONN_BUSY;
-- else if (retoidp)
-+ if (retoidp /* total update */)
- {
- if (!((rc == LDAP_SUCCESS) && (err == LDAP_BUSY)))
- {
-@@ -519,16 +519,11 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
- }
- return_value = LDAP_SUCCESS == conn->last_ldap_error ? CONN_OPERATION_SUCCESS : CONN_OPERATION_FAILED;
- }
-- /*
-- * XXXggood do I need to free matched, referrals,
-- * anything else? Or can I pass NULL for the args
-- * I'm not interested in?
-- */
-- /* Good question! Meanwhile, as RTM aproaches, let's free them... */
-- slapi_ch_free((void **) &errmsg);
-- slapi_ch_free((void **) &matched);
-- charray_free(referrals);
- conn->status = STATUS_CONNECTED;
-+done:
-+ slapi_ch_free_string(&errmsg);
-+ slapi_ch_free_string(&matched);
-+ charray_free(referrals);
- }
- if (res) ldap_msgfree(res);
- PR_Unlock(conn->lock); /* release the conn lock */
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 244bbb2..927f835 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -146,7 +146,6 @@ static void protocol_sleep(Private_Repl_Protocol *prp, PRIntervalTime duration);
- static int send_updates(Private_Repl_Protocol *prp, RUV *ruv, PRUint32 *num_changes_sent);
- static void repl5_inc_backoff_expired(time_t timer_fire_time, void *arg);
- static int examine_update_vector(Private_Repl_Protocol *prp, RUV *ruv);
--static PRBool ignore_error_and_keep_going(int error);
- static const char* state2name (int state);
- static const char* event2name (int event);
- static const char* op2string (int op);
-@@ -450,11 +449,13 @@ repl5_inc_flow_control_results(Repl_Agmt *agmt, result_data *rd)
- PR_Unlock(rd->lock);
- }
-
--static void
-+static int
- repl5_inc_waitfor_async_results(result_data *rd)
- {
- int done = 0;
- int loops = 0;
-+ int rc = UPDATE_NO_MORE_UPDATES;
-+
- /* Keep pulling results off the LDAP connection until we catch up to the last message id stored in the rd */
- while (!done && !slapi_is_shutting_down())
- {
-@@ -470,6 +471,10 @@ repl5_inc_waitfor_async_results(result_data *rd)
- } else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) {
- done = 1; /* no connection == no more results */
- }
-+ /*
-+ * Return the last operation result
-+ */
-+ rc = rd->result;
- PR_Unlock(rd->lock);
- if (!done) {
- /* If not then sleep a bit */
-@@ -487,6 +492,7 @@ repl5_inc_waitfor_async_results(result_data *rd)
- done = 1;
- }
- }
-+ return rc;
- }
-
- /*
-@@ -1467,78 +1473,84 @@ static int
- repl5_inc_update_from_op_result(Private_Repl_Protocol *prp, ConnResult replay_crc, int connection_error, char *csn_str, char *uniqueid, ReplicaId replica_id, int* finished, PRUint32 *num_changes_sent)
- {
- int return_value = 0;
--
-- /* Indentation is wrong here so we can get a sensible cvs diff */
-- if (CONN_OPERATION_SUCCESS != replay_crc)
-- {
-- /* Figure out what to do next */
-- if (CONN_OPERATION_FAILED == replay_crc)
-- {
-- /* Map ldap error code to return value */
-- if (!ignore_error_and_keep_going(connection_error))
-- {
-- return_value = UPDATE_TRANSIENT_ERROR;
-- *finished = 1;
-- }
-- else
-- {
-- agmt_inc_last_update_changecount (prp->agmt, replica_id, 1 /*skipped*/);
-- }
-- slapi_log_error(*finished ? SLAPI_LOG_FATAL : slapi_log_urp, repl_plugin_name,
-- "%s: Consumer failed to replay change (uniqueid %s, CSN %s): %s (%d). %s.\n",
-- agmt_get_long_name(prp->agmt),
-- uniqueid, csn_str,
-- ldap_err2string(connection_error), connection_error,
-- *finished ? "Will retry later" : "Skipping");
-- }
-- else if (CONN_NOT_CONNECTED == replay_crc)
-- {
-- /* We lost the connection - enter backoff state */
-
-- return_value = UPDATE_CONNECTION_LOST;
-- *finished = 1;
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-- "%s: Consumer failed to replay change (uniqueid %s, CSN %s): "
-- "%s(%d). Will retry later.\n",
-- agmt_get_long_name(prp->agmt),
-- uniqueid, csn_str,
-- connection_error ? ldap_err2string(connection_error) : "Connection lost",
-- connection_error);
-- }
-- else if (CONN_TIMEOUT == replay_crc)
-- {
-- return_value = UPDATE_TIMEOUT;
-- *finished = 1;
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-- "%s: Consumer timed out to replay change (uniqueid %s, CSN %s): "
-- "%s.\n",
-- agmt_get_long_name(prp->agmt),
-- uniqueid, csn_str,
-- connection_error ? ldap_err2string(connection_error) : "Timeout");
-- }
-- else if (CONN_LOCAL_ERROR == replay_crc)
-- {
-- /*
-- * Something bad happened on the local server - enter
-- * backoff state.
-- */
-- return_value = UPDATE_TRANSIENT_ERROR;
-- *finished = 1;
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-- "%s: Failed to replay change (uniqueid %s, CSN %s): "
-- "Local error. Will retry later.\n",
-- agmt_get_long_name(prp->agmt),
-- uniqueid, csn_str);
-- }
--
-- }
-- else
-- {
-- /* Positive response received */
-- (*num_changes_sent)++;
-- agmt_inc_last_update_changecount (prp->agmt, replica_id, 0 /*replayed*/);
-- }
-- return return_value;
-+ if (CONN_OPERATION_SUCCESS != replay_crc)
-+ {
-+ /* Figure out what to do next */
-+ if (CONN_OPERATION_FAILED == replay_crc)
-+ {
-+ /* Map ldap error code to return value */
-+ if (!ignore_error_and_keep_going(connection_error))
-+ {
-+ return_value = UPDATE_TRANSIENT_ERROR;
-+ *finished = 1;
-+ }
-+ else
-+ {
-+ agmt_inc_last_update_changecount (prp->agmt, replica_id, 1 /*skipped*/);
-+ }
-+ slapi_log_error(*finished ? SLAPI_LOG_FATAL : slapi_log_urp, repl_plugin_name,
-+ "%s: Consumer failed to replay change (uniqueid %s, CSN %s): %s (%d). %s.\n",
-+ agmt_get_long_name(prp->agmt),
-+ uniqueid, csn_str,
-+ ldap_err2string(connection_error), connection_error,
-+ *finished ? "Will retry later" : "Skipping");
-+ }
-+ else if (CONN_NOT_CONNECTED == replay_crc)
-+ {
-+ /* We lost the connection - enter backoff state */
-+
-+ return_value = UPDATE_CONNECTION_LOST;
-+ *finished = 1;
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "%s: Consumer failed to replay change (uniqueid %s, CSN %s): "
-+ "%s(%d). Will retry later.\n",
-+ agmt_get_long_name(prp->agmt),
-+ uniqueid, csn_str,
-+ connection_error ? ldap_err2string(connection_error) : "Connection lost",
-+ connection_error);
-+ }
-+ else if (CONN_TIMEOUT == replay_crc)
-+ {
-+ return_value = UPDATE_TIMEOUT;
-+ *finished = 1;
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "%s: Consumer timed out to replay change (uniqueid %s, CSN %s): "
-+ "%s.\n",
-+ agmt_get_long_name(prp->agmt),
-+ uniqueid, csn_str,
-+ connection_error ? ldap_err2string(connection_error) : "Timeout");
-+ }
-+ else if (CONN_LOCAL_ERROR == replay_crc)
-+ {
-+ /*
-+ * Something bad happened on the local server - enter
-+ * backoff state.
-+ */
-+ return_value = UPDATE_TRANSIENT_ERROR;
-+ *finished = 1;
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "%s: Failed to replay change (uniqueid %s, CSN %s): "
-+ "Local error. Will retry later.\n",
-+ agmt_get_long_name(prp->agmt),
-+ uniqueid, csn_str);
-+ }
-+ if (*finished){
-+ /*
-+ * A serious error has occurred, the consumer might have closed
-+ * the connection already, but we need to close the conn on the
-+ * supplier side to properly set the conn structure as closed.
-+ */
-+ conn_disconnect(prp->conn);
-+ }
-+ }
-+ else
-+ {
-+ /* Positive response received */
-+ (*num_changes_sent)++;
-+ agmt_inc_last_update_changecount (prp->agmt, replica_id, 0 /*replayed*/);
-+ }
-+ return return_value;
- }
-
- /*
-@@ -1556,7 +1568,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- {
- CL5Entry entry;
- slapi_operation_parameters op;
-- int return_value;
-+ int return_value = 0;
- int rc;
- CL5ReplayIterator *changelog_iterator;
- int message_id = 0;
-@@ -1929,9 +1941,23 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- {
- /* We need to ensure that we wait until all the responses have been received from our operations */
- if (return_value != UPDATE_CONNECTION_LOST) {
-- rd->WaitForAsyncResults = agmt_get_WaitForAsyncResults(prp->agmt);
-- /* if connection was lost/closed, there will be nothing to read */
-- repl5_inc_waitfor_async_results(rd);
-+ /*
-+ * If we already have an error, there is no need to check the
-+ * async result thread anymore.
-+ */
-+ if (return_value == UPDATE_NO_MORE_UPDATES)
-+ {
-+ /*
-+ * We need to double check that an error hasn't popped up from
-+ * the async result thread since our last check.
-+ */
-+ int final_result;
-+
-+ rd->WaitForAsyncResults = agmt_get_WaitForAsyncResults(prp->agmt);
-+ if((final_result = repl5_inc_waitfor_async_results(rd))){
-+ return_value = final_result;
-+ }
-+ }
- }
-
- rc = repl5_inc_destroy_async_result_thread(rd);
-@@ -2220,7 +2246,7 @@ examine_update_vector(Private_Repl_Protocol *prp, RUV *remote_ruv)
- * We stop if there's some indication that the server just completely
- * failed to process the operation, e.g. LDAP_OPERATIONS_ERROR.
- */
--static PRBool
-+PRBool
- ignore_error_and_keep_going(int error)
- {
- int return_value = PR_FALSE;
-diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
-index 8992055..c2fa214 100644
---- a/ldap/servers/plugins/replication/repl5_plugins.c
-+++ b/ldap/servers/plugins/replication/repl5_plugins.c
-@@ -1231,12 +1231,13 @@ write_changelog_and_ruv (Slapi_PBlock *pb)
- static int
- process_postop (Slapi_PBlock *pb)
- {
-- int rc = LDAP_SUCCESS;
-- Slapi_Operation *op;
-+ Slapi_Operation *op;
- Slapi_Backend *be;
-- int is_replicated_operation = 0;
-+ int is_replicated_operation = 0;
- CSN *opcsn = NULL;
- char sessionid[REPL_SESSION_ID_SIZE];
-+ int retval = LDAP_SUCCESS;
-+ int rc = 0;
-
- /* we just let fixup operations through */
- slapi_pblock_get( pb, SLAPI_OPERATION, &op );
-@@ -1260,8 +1261,8 @@ process_postop (Slapi_PBlock *pb)
-
- get_repl_session_id (pb, sessionid, &opcsn);
-
-- slapi_pblock_get(pb, SLAPI_RESULT_CODE, &rc);
-- if (rc == LDAP_SUCCESS)
-+ slapi_pblock_get(pb, SLAPI_RESULT_CODE, &retval);
-+ if (retval == LDAP_SUCCESS)
- {
- agmtlist_notify_all(pb);
- rc = SLAPI_PLUGIN_SUCCESS;
-@@ -1306,6 +1307,55 @@ process_postop (Slapi_PBlock *pb)
- slapi_ch_free((void **) &op_params->p.p_modrdn.modrdn_newsuperior_address.uniqueid);
- }
- }
-+ if (!ignore_error_and_keep_going(retval)){
-+ /*
-+ * We have an error we can't ignore. Release the replica and close
-+ * the connection to stop the replication session.
-+ */
-+ consumer_connection_extension *connext = NULL;
-+ Slapi_Connection *conn = NULL;
-+ char csn_str[CSN_STRSIZE] = {'\0'};
-+ PRUint64 connid = 0;
-+ int opid = 0;
-+
-+ slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
-+ slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
-+ slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
-+ if (conn)
-+ {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "process_postop: Failed to apply update (%s) error (%d). "
-+ "Aborting replication session(conn=%" NSPRIu64 " op=%d)\n",
-+ csn_as_string(opcsn, PR_FALSE, csn_str), retval,
-+ connid, opid);
-+ /*
-+ * Release this replica so new sessions can begin
-+ */
-+ connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid);
-+ if (connext && connext->replica_acquired)
-+ {
-+ int zero = 0;
-+ Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired);
-+
-+ replica_relinquish_exclusive_access(r, connid, opid);
-+ object_release ((Object*)connext->replica_acquired);
-+ connext->replica_acquired = NULL;
-+ connext->isreplicationsession = 0;
-+ slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero );
-+ }
-+ if (connext){
-+ consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE);
-+ }
-+
-+ /*
-+ * Close the connection to end the current session with the
-+ * supplier. This prevents new updates from coming in and
-+ * updating the consumer RUV - which would cause this failed
-+ * update to be never be replayed.
-+ */
-+ slapi_disconnect_server(conn);
-+ }
-+ }
- if (NULL == opcsn)
- opcsn = operation_get_csn(op);
- if (opcsn)
-diff --git a/ldap/servers/plugins/replication/urp.c b/ldap/servers/plugins/replication/urp.c
-index 5fe6f55..8d0d735 100644
---- a/ldap/servers/plugins/replication/urp.c
-+++ b/ldap/servers/plugins/replication/urp.c
-@@ -122,7 +122,7 @@ urp_add_operation( Slapi_PBlock *pb )
- slapi_log_error(slapi_log_urp, sessionid,
- "urp_add (%s): an entry with this uniqueid already exists.\n",
- slapi_entry_get_dn_const(existing_uniqueid_entry));
-- op_result= LDAP_UNWILLING_TO_PERFORM;
-+ op_result= LDAP_ALREADY_EXISTS;
- slapi_pblock_set(pb, SLAPI_RESULT_CODE, &op_result);
- rc = SLAPI_PLUGIN_NOOP; /* Ignore this Operation */
- PROFILE_POINT; /* Add Conflict; UniqueID Exists; Ignore */
---
-2.4.11
-
diff --git a/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch b/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch
deleted file mode 100644
index 1a0eb59..0000000
--- a/SOURCES/0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From a9135e8b535bc58a986d4b19b05e6ce2718c07aa Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 11 Feb 2016 16:18:00 -0500
-Subject: [PATCH 97/99] Ticket 47788 - Only check postop result if its a
- replication operation
-
-Bug Description: With IPA tests, without using replication, an error is
- being triggered that is stoipping nomral updates from
- going through.
-
-Fix Description: Move the error checking up into the code block above
- which only executes for replicated operations.
-
-https://fedorahosted.org/389/ticket/47788
-
-Reviewed by: nhosoi & tbordaz(Thanks!!)
-
-(cherry picked from commit d7b598da2eff95070936bf7c3e01bcd11c44ed60)
-(cherry picked from commit bd254a2eea380ade90700b22567e1d9063890f02)
----
- ldap/servers/plugins/replication/repl5_plugins.c | 87 ++++++++++++------------
- 1 file changed, 44 insertions(+), 43 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
-index c2fa214..bb43b9b 100644
---- a/ldap/servers/plugins/replication/repl5_plugins.c
-+++ b/ldap/servers/plugins/replication/repl5_plugins.c
-@@ -1306,54 +1306,55 @@ process_postop (Slapi_PBlock *pb)
- slapi_pblock_get( pb, SLAPI_OPERATION_PARAMETERS, &op_params );
- slapi_ch_free((void **) &op_params->p.p_modrdn.modrdn_newsuperior_address.uniqueid);
- }
-- }
-- if (!ignore_error_and_keep_going(retval)){
-- /*
-- * We have an error we can't ignore. Release the replica and close
-- * the connection to stop the replication session.
-- */
-- consumer_connection_extension *connext = NULL;
-- Slapi_Connection *conn = NULL;
-- char csn_str[CSN_STRSIZE] = {'\0'};
-- PRUint64 connid = 0;
-- int opid = 0;
-
-- slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
-- slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
-- slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
-- if (conn)
-- {
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-- "process_postop: Failed to apply update (%s) error (%d). "
-- "Aborting replication session(conn=%" NSPRIu64 " op=%d)\n",
-- csn_as_string(opcsn, PR_FALSE, csn_str), retval,
-- connid, opid);
-+ if (!ignore_error_and_keep_going(retval)){
- /*
-- * Release this replica so new sessions can begin
-+ * We have an error we can't ignore. Release the replica and close
-+ * the connection to stop the replication session.
- */
-- connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid);
-- if (connext && connext->replica_acquired)
-+ consumer_connection_extension *connext = NULL;
-+ Slapi_Connection *conn = NULL;
-+ char csn_str[CSN_STRSIZE] = {'\0'};
-+ PRUint64 connid = 0;
-+ int opid = 0;
-+
-+ slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
-+ slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
-+ slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
-+ if (conn)
- {
-- int zero = 0;
-- Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired);
--
-- replica_relinquish_exclusive_access(r, connid, opid);
-- object_release ((Object*)connext->replica_acquired);
-- connext->replica_acquired = NULL;
-- connext->isreplicationsession = 0;
-- slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero );
-- }
-- if (connext){
-- consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE);
-- }
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "process_postop: Failed to apply update (%s) error (%d). "
-+ "Aborting replication session(conn=%" NSPRIu64 " op=%d)\n",
-+ csn_as_string(opcsn, PR_FALSE, csn_str), retval,
-+ connid, opid);
-+ /*
-+ * Release this replica so new sessions can begin
-+ */
-+ connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid);
-+ if (connext && connext->replica_acquired)
-+ {
-+ int zero = 0;
-+ Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired);
-+
-+ replica_relinquish_exclusive_access(r, connid, opid);
-+ object_release ((Object*)connext->replica_acquired);
-+ connext->replica_acquired = NULL;
-+ connext->isreplicationsession = 0;
-+ slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero );
-+ }
-+ if (connext){
-+ consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE);
-+ }
-
-- /*
-- * Close the connection to end the current session with the
-- * supplier. This prevents new updates from coming in and
-- * updating the consumer RUV - which would cause this failed
-- * update to be never be replayed.
-- */
-- slapi_disconnect_server(conn);
-+ /*
-+ * Close the connection to end the current session with the
-+ * supplier. This prevents new updates from coming in and
-+ * updating the consumer RUV - which would cause this failed
-+ * update to be never be replayed.
-+ */
-+ slapi_disconnect_server(conn);
-+ }
- }
- }
- if (NULL == opcsn)
---
-2.4.11
-
diff --git a/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch b/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch
deleted file mode 100644
index 488b619..0000000
--- a/SOURCES/0098-Ticket-48636-Improve-replication-convergence.patch
+++ /dev/null
@@ -1,690 +0,0 @@
-From 94377fba9dbcfc2fe47a32cc7cb85766813ad482 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 8 Jun 2016 13:06:46 -0400
-Subject: [PATCH 98/99] Ticket 48636 - Improve replication convergence
-
-Bug Description: In a busy MMR environment where multiple masters are being
- updated at the same time the replica sessions stay open for
- a very long time. This causes other masters to wait to send
- their updates. This causes lop-sided convergence. Where
- entries added to the MMR environment, but on different masters,
- take a very different amount of time until they are each seen
- on all the replicas.
-
-Fix Description: A new configuratoin setting was added (nsds5ReplicaReleaseTimeout)
- to the replica configuration entry. So when replica A tries
- to acquire a replica B, replica B send a control back to the
- master(master C) that is updating replica B to abort the session.
- Master C will continue sending updates for the amount of time
- specified in the the "release timeout", then it will "yield" its
- current session so other replicas can acquire that replica.
-
-https://fedorahosted.org/389/ticket/48636
-
-Reviewed by: lkrispen & nhosoi(Thanks!!)
-
-(cherry picked from commit a1545cdae48e4b4e1fc87a168e4d8f959626f112)
-(cherry picked from commit a085b0cd6b39fc85821777b7bcd2a8a2482a48bf)
----
- ldap/schema/01core389.ldif | 3 +-
- ldap/servers/plugins/replication/repl5.h | 14 ++-
- .../plugins/replication/repl5_inc_protocol.c | 102 ++++++++++++----
- ldap/servers/plugins/replication/repl5_plugins.c | 3 +-
- ldap/servers/plugins/replication/repl5_replica.c | 135 +++++++++++++++++----
- .../plugins/replication/repl5_replica_config.c | 22 ++++
- ldap/servers/plugins/replication/repl_globals.c | 1 +
- 7 files changed, 229 insertions(+), 51 deletions(-)
-
-diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
-index aebdb5a..14143ed 100644
---- a/ldap/schema/01core389.ldif
-+++ b/ldap/schema/01core389.ldif
-@@ -278,6 +278,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPause'
- attributeTypes: ( 2.16.840.1.113730.3.1.2313 NAME 'nsslapd-changelogtrim-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- attributeTypes: ( 2.16.840.1.113730.3.1.2314 NAME 'nsslapd-changelogcompactdb-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- attributeTypes: ( 2.16.840.1.113730.3.1.2315 NAME 'nsDS5ReplicaWaitForAsyncResults' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
-+attributeTypes: ( 2.16.840.1.113730.3.1.2333 NAME 'nsds5ReplicaReleaseTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- #
- # objectclasses
- #
-@@ -287,7 +288,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defined
- objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
--objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax ) X-ORIGIN 'Netscape Directory Server' )
-+objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax $ nsds5ReplicaReleaseTimeout ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nstombstonecsn $ nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 307da82..6f6c81a 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -69,6 +69,10 @@
- #define REPL_ABORT_CLEANRUV_OID "2.16.840.1.113730.3.6.6"
- #define REPL_CLEANRUV_GET_MAXCSN_OID "2.16.840.1.113730.3.6.7"
- #define REPL_CLEANRUV_CHECK_STATUS_OID "2.16.840.1.113730.3.6.8"
-+#define REPL_ABORT_SESSION_OID "2.16.840.1.113730.3.6.9"
-+#define SESSION_ACQUIRED 0
-+#define ABORT_SESSION 1
-+#define SESSION_ABORTED 2
-
- #define CLEANRUV_ACCEPTED "accepted"
- #define CLEANRUV_REJECTED "rejected"
-@@ -141,6 +145,7 @@ extern const char *type_nsds5ReplicaStripAttrs;
- extern const char *type_nsds5ReplicaFlowControlWindow;
- extern const char *type_nsds5ReplicaFlowControlPause;
- extern const char *type_replicaProtocolTimeout;
-+extern const char *type_replicaReleaseTimeout;
- extern const char *type_replicaBackoffMin;
- extern const char *type_replicaBackoffMax;
- extern const char *type_replicaPrecisePurge;
-@@ -526,9 +531,9 @@ Replica *replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_
- void replica_destroy(void **arg);
- int replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid);
- int replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid);
--PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid,
-- const char *locking_purl,
-- char **current_purl);
-+PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid,
-+ int opid, const char *locking_purl,
-+ char **current_purl);
- void replica_relinquish_exclusive_access(Replica *r, PRUint64 connid, int opid);
- PRBool replica_get_tombstone_reap_active(const Replica *r);
- const Slapi_DN *replica_get_root(const Replica *r);
-@@ -598,6 +603,8 @@ void replica_update_state (time_t when, void *arg);
- void replica_reset_csn_pl(Replica *r);
- PRUint64 replica_get_protocol_timeout(Replica *r);
- void replica_set_protocol_timeout(Replica *r, PRUint64 timeout);
-+PRUint64 replica_get_release_timeout(Replica *r);
-+void replica_set_release_timeout(Replica *r, PRUint64 timeout);
- void replica_set_groupdn_checkinterval(Replica *r, int timeout);
- PRUint64 replica_get_backoff_min(Replica *r);
- PRUint64 replica_get_backoff_max(Replica *r);
-@@ -609,6 +616,7 @@ void replica_decr_agmt_count(Replica *r);
- PRUint64 replica_get_precise_purging(Replica *r);
- void replica_set_precise_purging(Replica *r, PRUint64 on_off);
- PRBool ignore_error_and_keep_going(int error);
-+void replica_check_release_timeout(Replica *r, Slapi_PBlock *pb);
-
- /* The functions below handles the state flag */
- /* Current internal state flags */
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 927f835..d6fb898 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -36,6 +36,11 @@ Perhaps these events should be properties of the main protocol.
- #include "repl5_prot_private.h"
- #include "cl5_api.h"
-
-+#include "repl5.h"
-+#include "repl5_prot_private.h"
-+#include "cl5_api.h"
-+#include "slapi-plugin.h"
-+
- extern int slapi_log_urp;
-
- /*** from proto-slap.h ***/
-@@ -82,6 +87,7 @@ typedef struct result_data
- int flowcontrol_detection;
- int result; /* The UPDATE_TRANSIENT_ERROR etc */
- int WaitForAsyncResults;
-+ time_t abort_time;
- } result_data;
-
- /* Various states the incremental protocol can pass through */
-@@ -121,6 +127,7 @@ typedef struct result_data
- #define EXAMINE_RUV_PARAM_ERROR 405
-
- #define MAX_CHANGES_PER_SESSION 10000
-+
- /*
- * Maximum time to wait between replication sessions. If we
- * don't see any updates for a period equal to this interval,
-@@ -240,19 +247,21 @@ repl5_inc_result_threadmain(void *param)
- Repl_Connection *conn = rd->prp->conn;
- int finished = 0;
- int message_id = 0;
-+ int yield_session = 0;
-
- slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain starting\n");
- while (!finished)
- {
-+ LDAPControl **returned_controls = NULL;
- repl5_inc_operation *op = NULL;
-- int connection_error = 0;
-+ ReplicaId replica_id = 0;
- char *csn_str = NULL;
- char *uniqueid = NULL;
-- ReplicaId replica_id = 0;
-- int operation_code = 0;
- char *ldap_error_string = NULL;
- time_t time_now = 0;
- time_t start_time = time( NULL );
-+ int connection_error = 0;
-+ int operation_code = 0;
- int backoff_time = 1;
-
- /* Read the next result */
-@@ -264,7 +273,7 @@ repl5_inc_result_threadmain(void *param)
-
- while (!finished)
- {
-- conres = conn_read_result_ex(conn, NULL, NULL, NULL, LDAP_RES_ANY, &message_id, 0);
-+ conres = conn_read_result_ex(conn, NULL, NULL, &returned_controls, LDAP_RES_ANY, &message_id, 0);
- slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: read result for message_id %d\n", message_id);
- /* Timeout here means that we didn't block, not a real timeout */
- if (CONN_TIMEOUT == conres)
-@@ -292,9 +301,19 @@ repl5_inc_result_threadmain(void *param)
- finished = 1;
- }
- PR_Unlock(rd->lock);
-- } else
-- {
-- /* Something other than a timeout, so we exit the loop */
-+ } else {
-+ /*
-+ * Something other than a timeout, so we exit the loop.
-+ * First check if we were told to abort the session
-+ */;
-+ Replica *r = (Replica*)object_get_data(rd->prp->replica_object);
-+ if (replica_get_release_timeout(r) &&
-+ slapi_control_present(returned_controls,
-+ REPL_ABORT_SESSION_OID,
-+ NULL, NULL))
-+ {
-+ yield_session = 1;
-+ }
- break;
- }
- }
-@@ -318,21 +337,29 @@ repl5_inc_result_threadmain(void *param)
- }
-
- conn_get_error_ex(conn, &operation_code, &connection_error, &ldap_error_string);
-- slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: result %d, %d, %d, %d, %s\n", operation_code,connection_error,conres,message_id,ldap_error_string);
-- return_value = repl5_inc_update_from_op_result(rd->prp, conres, connection_error, csn_str, uniqueid, replica_id, &should_finish, &(rd->num_changes_sent));
-+ slapi_log_error(SLAPI_LOG_REPL, NULL,
-+ "repl5_inc_result_threadmain: result %d, %d, %d, %d, %s\n",
-+ operation_code,connection_error,conres,message_id,ldap_error_string);
-+ return_value = repl5_inc_update_from_op_result(rd->prp, conres, connection_error,
-+ csn_str, uniqueid, replica_id, &should_finish,
-+ &(rd->num_changes_sent));
- if (return_value || should_finish)
- {
-- slapi_log_error(SLAPI_LOG_REPL, NULL, "repl5_inc_result_threadmain: got op result %d should finish %d\n", return_value, should_finish);
-+ slapi_log_error(SLAPI_LOG_REPL, NULL,
-+ "repl5_inc_result_threadmain: got op result %d should finish %d\n",
-+ return_value, should_finish);
- /* If so then we need to take steps to abort the update process */
- PR_Lock(rd->lock);
- rd->result = return_value;
-- rd->abort = 1;
-+ rd->abort = ABORT_SESSION;
- PR_Unlock(rd->lock);
-- /* We also need to log the error, including details stored from when the operation was sent */
-- /* we cannot finish yet - we still need to waitfor the pending results, then
-- the main repl code will shut down this thread */
-- /* we can finish if we have disconnected - in that case, there will be nothing
-- to read */
-+ /*
-+ * We also need to log the error, including details stored from
-+ * when the operation was sent. We cannot finish yet - we still
-+ * need to wait for the pending results, then the main repl code
-+ * will shut down this thread. We can finish if we have
-+ * disconnected - in that case, there will be nothing to read
-+ */
- if (return_value == UPDATE_CONNECTION_LOST) {
- finished = 1;
- }
-@@ -341,8 +368,16 @@ repl5_inc_result_threadmain(void *param)
- rd->result = return_value;
- }
- }
-+
- /* Should we stop ? */
- PR_Lock(rd->lock);
-+ if (!finished && yield_session && rd->abort != SESSION_ABORTED && rd->abort_time == 0) {
-+ rd->abort_time = time( NULL );
-+ rd->abort = SESSION_ABORTED; /* only set the abort time once */
-+ slapi_log_error(SLAPI_LOG_REPL, "repl5_inc_result_threadmain",
-+ "Abort control detected, setting abort time...(%s)\n",
-+ agmt_get_long_name(rd->prp->agmt));
-+ }
- if (rd->stop_result_thread)
- {
- finished = 1;
-@@ -468,7 +503,8 @@ repl5_inc_waitfor_async_results(result_data *rd)
- if (rd->last_message_id_received >= rd->last_message_id_sent) {
- /* If so then we're done */
- done = 1;
-- } else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) {
-+ } else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST))
-+ {
- done = 1; /* no connection == no more results */
- }
- /*
-@@ -846,10 +882,10 @@ repl5_inc_run(Private_Repl_Protocol *prp)
- if (!busywaittime){
- busywaittime = repl5_get_backoff_min(prp);
- }
-- prp_priv->backoff = backoff_new(BACKOFF_FIXED, busywaittime, busywaittime);
-+ prp_priv->backoff = backoff_new(BACKOFF_FIXED, busywaittime , busywaittime);
- } else {
- prp_priv->backoff = backoff_new(BACKOFF_EXPONENTIAL, repl5_get_backoff_min(prp),
-- repl5_get_backoff_max(prp));
-+ repl5_get_backoff_max(prp));
- }
- next_state = STATE_BACKOFF;
- backoff_reset(prp_priv->backoff, repl5_inc_backoff_expired, (void *)prp);
-@@ -1055,6 +1091,7 @@ repl5_inc_run(Private_Repl_Protocol *prp)
- } else if (rc == UPDATE_YIELD){
- dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_YIELD -> STATE_BACKOFF_START");
- agmt_set_last_update_status(prp->agmt, 0, 0, "Incremental update succeeded and yielded");
-+ use_busy_backoff_timer = PR_TRUE;
- next_state = STATE_BACKOFF_START;
- } else if (rc == UPDATE_TRANSIENT_ERROR){
- dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TRANSIENT_ERROR -> STATE_BACKOFF_START");
-@@ -1099,6 +1136,7 @@ repl5_inc_run(Private_Repl_Protocol *prp)
- ruv_destroy(&ruv); ruv = NULL;
- }
- agmt_update_done(prp->agmt, 0);
-+
- /* If timed out, close the connection after released the replica */
- release_replica(prp);
- if (rc == UPDATE_TIMEOUT) {
-@@ -1681,12 +1719,14 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- }
- else
- {
-- int finished = 0;
- ConnResult replay_crc;
-- char csn_str[CSN_STRSIZE];
-+ Replica *replica = (Replica*) object_get_data(prp->replica_object);
- PRBool subentry_update_needed = PR_FALSE;
-+ PRUint64 release_timeout = replica_get_release_timeout(replica);
-+ char csn_str[CSN_STRSIZE];
- int skipped_updates = 0;
- int fractional_repl;
-+ int finished = 0;
- #define FRACTIONAL_SKIPPED_THRESHOLD 100
-
- /* Start the results reading thread */
-@@ -1906,7 +1946,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- }
- PR_Lock(rd->lock);
- /* See if the result thread has hit a problem */
-- if (!finished && rd->abort)
-+
-+ if(!finished && rd->abort_time){
-+ time_t current_time = time ( NULL );
-+ if ((current_time - rd->abort_time) >= release_timeout){
-+ rd->result = UPDATE_YIELD;
-+ return_value = UPDATE_YIELD;
-+ finished = 1;
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "Aborting send_updates...(%s)\n",
-+ agmt_get_long_name(rd->prp->agmt));
-+ }
-+ }
-+
-+ if (!finished && rd->abort == ABORT_SESSION)
- {
- return_value = rd->result;
- finished = 1;
-@@ -1916,10 +1969,9 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
-
- if (fractional_repl && subentry_update_needed)
- {
-- Replica *replica;
- ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
- Slapi_DN *replarea_sdn = NULL;
-- replica = (Replica*) object_get_data(prp->replica_object);
-+
- if (replica)
- {
- rid = replica_get_rid(replica);
-@@ -1945,7 +1997,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- * If we already have an error, there is no need to check the
- * async result thread anymore.
- */
-- if (return_value == UPDATE_NO_MORE_UPDATES)
-+ if (return_value == UPDATE_NO_MORE_UPDATES || return_value == UPDATE_YIELD)
- {
- /*
- * We need to double check that an error hasn't popped up from
-diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
-index bb43b9b..9f38d05 100644
---- a/ldap/servers/plugins/replication/repl5_plugins.c
-+++ b/ldap/servers/plugins/replication/repl5_plugins.c
-@@ -1077,6 +1077,8 @@ write_changelog_and_ruv (Slapi_PBlock *pb)
- r = (Replica*)object_get_data (repl_obj);
- PR_ASSERT (r);
-
-+ replica_check_release_timeout(r, pb);
-+
- if (replica_is_flag_set (r, REPLICA_LOG_CHANGES) &&
- (cl5GetState () == CL5_STATE_OPEN))
- {
-@@ -1365,7 +1367,6 @@ process_postop (Slapi_PBlock *pb)
- return rc;
- }
-
--
- /*
- * Cancel an operation CSN. This removes it from any CSN pending lists.
- * This function is called when a previously-generated CSN will not
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index c7cf25f..6d2452a 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -23,8 +23,8 @@
-
- #define RUV_SAVE_INTERVAL (30 * 1000) /* 30 seconds */
-
--#define REPLICA_RDN "cn=replica"
--#define CHANGELOG_RDN "cn=legacy changelog"
-+#define REPLICA_RDN "cn=replica"
-+#define CHANGELOG_RDN "cn=legacy changelog"
-
- /*
- * A replica is a locally-held copy of a portion of the DIT.
-@@ -68,6 +68,8 @@ struct replica {
- Slapi_Counter *backoff_max; /* backoff retry maximum */
- Slapi_Counter *precise_purging; /* Enable precise tombstone purging */
- PRUint64 agmt_count; /* Number of agmts */
-+ Slapi_Counter *release_timeout; /* The amount of time to wait before releasing active replica */
-+ PRUint64 abort_session; /* Abort the current replica session */
- };
-
-
-@@ -201,6 +203,7 @@ replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_operation
-
- /* init the slapi_counter/atomic settings */
- r->protocol_timeout = slapi_counter_new();
-+ r->release_timeout = slapi_counter_new();
- r->backoff_min = slapi_counter_new();
- r->backoff_max = slapi_counter_new();
-
-@@ -408,6 +411,7 @@ replica_destroy(void **arg)
- }
-
- slapi_counter_destroy(&r->protocol_timeout);
-+ slapi_counter_destroy(&r->release_timeout);
- slapi_counter_destroy(&r->backoff_min);
- slapi_counter_destroy(&r->backoff_max);
-
-@@ -585,8 +589,7 @@ replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid)
- */
- PRBool
- replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid,
-- const char *locking_purl,
-- char **current_purl)
-+ const char *locking_purl, char **current_purl)
- {
- PRBool rval = PR_TRUE;
-
-@@ -609,6 +612,15 @@ replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opi
- {
- *current_purl = slapi_ch_strdup(r->locking_purl);
- }
-+ if (!(r->repl_state_flags & REPLICA_TOTAL_IN_PROGRESS) &&
-+ replica_get_release_timeout(r))
-+ {
-+ /*
-+ * We are not doing a total update, so abort the current session
-+ * so other replicas can acquire this server.
-+ */
-+ r->abort_session = ABORT_SESSION;
-+ }
- }
- else
- {
-@@ -617,14 +629,17 @@ replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opi
- connid, opid,
- slapi_sdn_get_dn(r->repl_root));
- r->repl_state_flags |= REPLICA_IN_USE;
-+ r->abort_session = SESSION_ACQUIRED;
- if (isInc && *isInc)
- {
- r->repl_state_flags |= REPLICA_INCREMENTAL_IN_PROGRESS;
- }
- else
- {
-- /* if connid or opid != 0, it's a total update */
-- /* Both set to 0 means we're disabling replication */
-+ /*
-+ * If connid or opid != 0, it's a total update.
-+ * Both set to 0 means we're disabling replication
-+ */
- if (connid || opid)
- {
- r->repl_state_flags |= REPLICA_TOTAL_IN_PROGRESS;
-@@ -652,13 +667,13 @@ replica_relinquish_exclusive_access(Replica *r, PRUint64 connid, int opid)
- /* check to see if the replica is in use and log a warning if not */
- if (!(r->repl_state_flags & REPLICA_IN_USE))
- {
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "conn=%" NSPRIu64 " op=%d repl=\"%s\": "
- "Replica not in use\n",
- connid, opid,
- slapi_sdn_get_dn(r->repl_root));
- } else {
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "conn=%" NSPRIu64 " op=%d repl=\"%s\": "
- "Released replica held by locking_purl=%s\n",
- connid, opid,
-@@ -970,6 +985,24 @@ replica_get_protocol_timeout(Replica *r)
- }
- }
-
-+PRUint64
-+replica_get_release_timeout(Replica *r)
-+{
-+ if(r){
-+ return slapi_counter_get_value(r->release_timeout);
-+ } else {
-+ return 0;
-+ }
-+}
-+
-+void
-+replica_set_release_timeout(Replica *r, PRUint64 limit)
-+{
-+ if(r){
-+ slapi_counter_set_value(r->release_timeout, limit);
-+ }
-+}
-+
- void
- replica_set_protocol_timeout(Replica *r, PRUint64 timeout)
- {
-@@ -977,6 +1010,7 @@ replica_set_protocol_timeout(Replica *r, PRUint64 timeout)
- slapi_counter_set_value(r->protocol_timeout, timeout);
- }
- }
-+
- void
- replica_set_groupdn_checkinterval(Replica *r, int interval)
- {
-@@ -1064,11 +1098,7 @@ replica_get_legacy_purl (const Replica *r)
- char *purl;
-
- replica_lock(r->repl_lock);
--
-- PR_ASSERT (r->legacy_consumer);
--
- purl = slapi_ch_strdup(r->legacy_purl);
--
- replica_unlock(r->repl_lock);
-
- return purl;
-@@ -1924,6 +1954,7 @@ _replica_init_from_config (Replica *r, Slapi_Entry *e, char *errortext)
- int backoff_min;
- int backoff_max;
- int ptimeout = 0;
-+ int release_timeout = 0;
- int rc;
-
- PR_ASSERT (r && e);
-@@ -2008,6 +2039,14 @@ _replica_init_from_config (Replica *r, Slapi_Entry *e, char *errortext)
- slapi_counter_set_value(r->protocol_timeout, ptimeout);
- }
-
-+ /* Get the release timeout */
-+ release_timeout = slapi_entry_attr_get_int(e, type_replicaReleaseTimeout);
-+ if(release_timeout <= 0){
-+ slapi_counter_set_value(r->release_timeout, 0);
-+ } else {
-+ slapi_counter_set_value(r->release_timeout, release_timeout);
-+ }
-+
- /* check for precise tombstone purging */
- precise_purging = slapi_entry_attr_get_charptr(e, type_replicaPrecisePurge);
- if(precise_purging){
-@@ -4029,21 +4068,21 @@ replica_disable_replication (Replica *r, Object *r_obj)
- ruv_get_first_id_and_purl(repl_ruv, &junkrid, &p_locking_purl);
- locking_purl = slapi_ch_strdup(p_locking_purl);
- p_locking_purl = NULL;
-- repl_ruv = NULL;
-- while (!replica_get_exclusive_access(r, &isInc, 0, 0, "replica_disable_replication",
-+ repl_ruv = NULL;
-+ while (!replica_get_exclusive_access(r, &isInc, 0, 0, "replica_disable_replication",
- ¤t_purl)) {
-- if (!isInc) /* already locked, but not by inc update - break */
-- break;
-- isInc = PR_FALSE;
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ if (!isInc) /* already locked, but not by inc update - break */
-+ break;
-+ isInc = PR_FALSE;
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "replica_disable_replication: "
- "replica %s is already locked by (%s) for incoming "
- "incremental update; sleeping 100ms\n",
-- slapi_sdn_get_ndn (replica_get_root (r)),
-+ slapi_sdn_get_ndn (replica_get_root (r)),
- current_purl ? current_purl : "unknown");
- slapi_ch_free_string(¤t_purl);
-- DS_Sleep(PR_MillisecondsToInterval(100));
-- }
-+ DS_Sleep(PR_MillisecondsToInterval(100));
-+ }
-
- slapi_ch_free_string(¤t_purl);
- slapi_ch_free_string(&locking_purl);
-@@ -4281,3 +4320,57 @@ replica_decr_agmt_count(Replica *r)
- }
- }
- }
-+
-+/*
-+ * Add the "Abort Replication Session" control to the pblock
-+ */
-+static void
-+replica_add_session_abort_control(Slapi_PBlock *pb)
-+{
-+ LDAPControl ctrl = {0};
-+ BerElement *ber;
-+ struct berval *bvp;
-+ int rc;
-+
-+ /* Build the BER payload */
-+ if ( (ber = der_alloc()) == NULL ) {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "add_session_abort_control: Failed to create ber\n");
-+ return;
-+ }
-+ rc = ber_printf( ber, "{}");
-+ if (rc != -1) {
-+ rc = ber_flatten( ber, &bvp );
-+ }
-+ ber_free( ber, 1 );
-+ if ( rc == -1 ) {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "add_session_abort_control: Failed to flatten ber\n");
-+ return;
-+ }
-+
-+ ctrl.ldctl_oid = slapi_ch_strdup( REPL_ABORT_SESSION_OID );
-+ ctrl.ldctl_value = *bvp;
-+ bvp->bv_val = NULL;
-+ ber_bvfree( bvp );
-+ slapi_pblock_set(pb, SLAPI_ADD_RESCONTROL, &ctrl);
-+
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "add_session_abort_control: abort control successfully added to result\n");
-+}
-+
-+/*
-+ * Check if we have exceeded the failed replica acquire limit,
-+ * if so, end the replication session.
-+ */
-+void
-+replica_check_release_timeout(Replica *r, Slapi_PBlock *pb)
-+{
-+ replica_lock(r->repl_lock);
-+ if(r->abort_session == ABORT_SESSION){
-+ /* Need to abort this session (just send the control once) */
-+ replica_add_session_abort_control(pb);
-+ r->abort_session = SESSION_ABORTED;
-+ }
-+ replica_unlock(r->repl_lock);
-+}
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 4d7135c..71b3c92 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -406,6 +406,11 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- if (apply_mods)
- replica_set_precise_purging(r, 0);
- }
-+ else if (strcasecmp (config_attr, type_replicaReleaseTimeout) == 0 )
-+ {
-+ if (apply_mods)
-+ replica_set_release_timeout(r, 0);
-+ }
- else
- {
- *returncode = LDAP_UNWILLING_TO_PERFORM;
-@@ -592,6 +597,23 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- }
- }
- }
-+ else if (strcasecmp (config_attr, type_replicaReleaseTimeout) == 0 )
-+ {
-+ if (apply_mods)
-+ {
-+ PRUint64 val = atoll(config_attr_value);
-+
-+ if(val < 0){
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "attribute %s value (%s) is invalid, must be a number zero or greater.\n",
-+ config_attr, config_attr_value);
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_config_modify: %s\n", errortext);
-+ break;
-+ }
-+ replica_set_release_timeout(r, val);
-+ }
-+ }
- else
- {
- *returncode = LDAP_UNWILLING_TO_PERFORM;
-diff --git a/ldap/servers/plugins/replication/repl_globals.c b/ldap/servers/plugins/replication/repl_globals.c
-index 331f839..8b891fb 100644
---- a/ldap/servers/plugins/replication/repl_globals.c
-+++ b/ldap/servers/plugins/replication/repl_globals.c
-@@ -87,6 +87,7 @@ const char *type_ruvElementUpdatetime = "nsruvReplicaLastModified";
- const char *type_replicaCleanRUV = "nsds5ReplicaCleanRUV";
- const char *type_replicaAbortCleanRUV = "nsds5ReplicaAbortCleanRUV";
- const char *type_replicaProtocolTimeout = "nsds5ReplicaProtocolTimeout";
-+const char *type_replicaReleaseTimeout = "nsds5ReplicaReleaseTimeout";
- const char *type_replicaBackoffMin = "nsds5ReplicaBackoffMin";
- const char *type_replicaBackoffMax = "nsds5ReplicaBackoffMax";
- const char *type_replicaPrecisePurge = "nsds5ReplicaPreciseTombstonePurging";
---
-2.4.11
-
diff --git a/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch b/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch
deleted file mode 100644
index cc60631..0000000
--- a/SOURCES/0099-Ticket-48636-Fix-config-validation-check.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From f9a4b8153a1b46da5052ffda60723596048b20fb Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 14 Jun 2016 17:19:48 -0400
-Subject: [PATCH 99/99] Ticket 48636 - Fix config validation check
-
-Bug Description: We were previous checking if an unsigfned int was less than zero
-
-Fix Description: Improve config validation by using long instead of PRUint64
-
-https://fedorahosted.org/389/ticket/48636
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 43d5ac680f7781f95205db94e5ff2958d39b78a4)
-(cherry picked from commit b8239e0da865f33cae930088dd2a746a49f2d32a)
----
- ldap/servers/plugins/replication/repl5_replica_config.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 71b3c92..866a712 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -601,17 +601,20 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- {
- if (apply_mods)
- {
-- PRUint64 val = atoll(config_attr_value);
-+ long val = atol(config_attr_value);
-
-- if(val < 0){
-+ if (val < 0){
- *returncode = LDAP_UNWILLING_TO_PERFORM;
-- PR_snprintf (errortext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ PR_snprintf(errortext, SLAPI_DSE_RETURNTEXT_SIZE,
- "attribute %s value (%s) is invalid, must be a number zero or greater.\n",
- config_attr, config_attr_value);
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_config_modify: %s\n", errortext);
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "replica_config_modify: %s\n", errortext);
- break;
-+ } else {
-+ /* Set the timeout */
-+ replica_set_release_timeout(r, val);
- }
-- replica_set_release_timeout(r, val);
- }
- }
- else
---
-2.4.11
-
diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec
index 5adf500..e700853 100644
--- a/SPECS/389-ds-base.spec
+++ b/SPECS/389-ds-base.spec
@@ -13,13 +13,13 @@
%global use_Socket6 0
# nunc-stans only builds on x86_64 for now
%ifarch x86_64
-# To build without nunc-stans, set 0 to use_nunc_stans.
+# To build without nunc-stans, set use_nunc_stans to 0.
%global use_nunc_stans 1
%else
%global use_nunc_stans 0
%endif
-%global nunc_stans_ver 0.1.5
+%global nunc_stans_ver 0.1.8
# fedora 15 and later uses tmpfiles.d
# otherwise, comment this out
@@ -33,10 +33,10 @@
Summary: 389 Directory Server (base)
Name: 389-ds-base
-Version: 1.3.4.0
-Release: %{?relprefix}33%{?prerel}%{?dist}
+Version: 1.3.5.10
+Release: %{?relprefix}11%{?prerel}%{?dist}
License: GPLv3+
-URL: http://port389.org/
+URL: https://port389.org/
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Obsoletes: %{name}-selinux
@@ -46,7 +46,7 @@ Provides: ldif2ldbm
BuildRequires: nspr-devel
BuildRequires: nss-devel
-BuildRequires: svrcore-devel
+BuildRequires: svrcore-devel >= 4.1.2
%if %{use_openldap}
BuildRequires: openldap-devel
%else
@@ -74,9 +74,12 @@ BuildRequires: tcp_wrappers
# the following is for the pam passthru auth plug-in
BuildRequires: pam-devel
BuildRequires: systemd-units
+BuildRequires: systemd-devel
# this is needed for using semanage from our setup scripts
Requires: policycoreutils-python
+Requires: /usr/sbin/semanage
+Requires: libsemanage-python
# the following are needed for some of our scripts
%if %{use_openldap}
@@ -114,114 +117,72 @@ Requires(postun): systemd-units
# for setup-ds.pl to support ipv6
%if %{use_Socket6}
Requires: perl-Socket6
-%else Requires: perl-Socket
+%else
+Requires: perl-Socket
%endif
Requires: perl-NetAddr-IP
+Requires: systemd-libs
+Requires: svrcore >= 4.1.2
-Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
+# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
+Obsoletes: %{name} <= 1.3.5.4
+
+Source0: https://port389.org/binaries/%{name}-%{version}%{?prerel}.tar.bz2
# 389-ds-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Source2: %{name}-devel.README
Source3: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2
-Patch0: 0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
-Patch1: 0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
-Patch2: 0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
-Patch3: 0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
-Patch4: 0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
-Patch5: 0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
-Patch6: 0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
-Patch7: 0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
-Patch8: 0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
-Patch9: 0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
-Patch10: 0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
-Patch11: 0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
-Patch12: 0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
-Patch13: 0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
-Patch14: 0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
-Patch15: 0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
-Patch16: 0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
-Patch17: 0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
-Patch18: 0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
-Patch19: 0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
-Patch20: 0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
-Patch21: 0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
-Patch22: 0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
-Patch23: 0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
-Patch24: 0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
-Patch25: 0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
-Patch26: 0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
-Patch27: 0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
-Patch28: 0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
-Patch29: 0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
-Patch30: 0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
-Patch31: 0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
-Patch32: 0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
-Patch33: 0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
-Patch34: 0035-Ticket-48215-update-dbverify-usage.patch
-Patch35: 0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
-Patch36: 0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
-Patch37: 0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
-Patch38: 0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
-Patch39: 0040-Ticket-47931-Fix-coverity-issues.patch
-Patch40: 0041-Ticket-47686-removing-chaining-database-links-trigge.patch
-Patch41: 0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
-Patch42: 0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
-Patch43: 0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
-Patch44: 0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
-Patch45: 0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
-Patch46: 0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
-Patch47: 0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
-Patch48: 0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
-Patch49: 0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
-Patch50: 0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
-Patch51: 0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
-Patch52: 0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
-Patch53: 0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
-Patch54: 0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
-Patch55: 0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
-Patch56: 0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
-Patch57: 0058-Ticket-48266-coverity-issue.patch
-Patch58: 0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
-Patch59: 0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
-Patch60: 0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
-Patch61: 0062-Ticket-48266-coverity-unused-variable-init_retry.patch
-Patch62: 0063-Ticket-48266-Online-init-crashes-consumer.patch
-Patch63: 0064-Ticket-48284-free-entry-when-internal-add-fails.patch
-Patch64: 0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
-Patch65: 0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
-Patch66: 0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
-Patch67: 0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
-Patch68: 0069-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
-Patch69: 0070-Ticket-48311-nunc-stans-Attempt-to-release-connectio.patch
-Patch70: 0071-Ticket-47976-deadlock-in-mep-delete-post-op.patch
-Patch71: 0072-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
-Patch72: 0073-Ticket-48325-Replica-promotion-leaves-RUV-out-of-ord.patch
-Patch73: 0074-Ticket-48344-acl-regression-trailing-comma-in-macro-.patch
-Patch74: 0075-Ticket-48339-Share-nsslapd-threadnumber-in-the-case-.patch
-Patch75: 0076-Ticket-48338-SimplePagedResults-abandon-could-happen.patch
-Patch76: 0077-Ticket-48370-The-eq-index-does-not-get-updated-prope.patch
-Patch77: 0078-Ticket-48375-SimplePagedResults-in-the-search-error-.patch
-Patch78: 0079-Ticket-48283-many-attrlist_replace-errors-in-connect.patch
-Patch79: 0080-Revert-Ticket-48338-SimplePagedResults-abandon-could.patch
-Patch80: 0081-Ticket-48406-Avoid-self-deadlock-by-PR_Lock-conn-c_m.patch
-Patch81: 0082-Ticket-48412-worker-threads-do-not-detect-abnormally.patch
-Patch82: 0083-Ticket-48341-deadlock-on-connection-mutex.patch
-Patch83: 0084-Ticket-48536-Crash-in-slapi_get_object_extension.patch
-Patch84: 0085-Ticket-48536-Crash-in-slapi_get_object_extension.patch
-Patch85: 0086-Ticket-48445-keep-alive-entries-can-break-replicatio.patch
-Patch86: 0087-Ticket-48420-change-severity-of-some-messages-relate.patch
-Patch87: 0088-Ticket-48757-License-tag-does-not-match-actual-licen.patch
-Patch88: 0089-Ticket-47888-DES-to-AES-password-conversion-fails-if.patch
-Patch89: 0090-Ticket-48492-heap-corruption-at-schema-replication.patch
-Patch90: 0091-Ticket-48492-heap-corruption-at-schema-replication.patch
-Patch91: 0092-Ticket-48808-Paged-results-search-returns-the-blank-.patch
-Patch92: 0093-Ticket-48808-Add-test-case.patch
-Patch93: 0094-Ticket-48862-At-startup-DES-to-AES-password-conversi.patch
-Patch94: 0095-Ticket-48766-Replication-changelog-can-incorrectly-s.patch
-Patch95: 0096-Ticket-47788-Supplier-can-skip-a-failing-update-alth.patch
-Patch96: 0097-Ticket-47788-Only-check-postop-result-if-its-a-repli.patch
-Patch97: 0098-Ticket-48636-Improve-replication-convergence.patch
-Patch98: 0099-Ticket-48636-Fix-config-validation-check.patch
+Patch0: 0000-Ticket-48743-If-a-cipher-is-disabled-do-not-attempt-.patch
+Patch1: 0001-Ticket-48755-moving-an-entry-could-make-the-online-i.patch
+Patch2: 0002-Ticket-48914-db2bak.pl-task-enters-infinitive-loop-w.patch
+Patch3: 0003-Ticket-48918-Upgrade-to-389-ds-base-1.3.5.5-doesn-t-.patch
+Patch4: 0004-Ticket-48916-DNA-Threshold-set-to-0-causes-SIGFPE.patch
+Patch5: 0005-Ticket-48144-Add-usr-sbin-status-dirsrv-script-to-ge.patch
+Patch6: 0006-Ticket-48767-flow-control-in-replication-also-blocks.patch
+Patch7: 0007-Ticket-48922-Fix-crash-when-deleting-backend-while-i.patch
+Patch8: 0008-Ticket-48924-Fixup-tombstone-task-needs-to-set-prope.patch
+Patch9: 0009-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
+Patch10: 0010-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
+Patch11: 0011-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
+Patch12: 0012-Bug-1347760-CI-test-test-case-for-bug-1347760.patch
+Patch13: 0013-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
+Patch14: 0014-Ticket-48925-slapd-crash-with-SIGILL-Dsktune-should-.patch
+Patch15: 0015-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
+Patch16: 0016-Ticket-48919-Compiler-warnings-while-building-389-ds.patch
+Patch17: 0017-Ticket-48928-log-of-page-result-cookie-should-log-em.patch
+Patch18: 0018-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
+Patch19: 0019-Ticket-48939-nsslapd-workingdir-is-empty-when-ns-sla.patch
+Patch20: 0020-Ticket-48934-remove-ds.pl-deletes-an-instance-even-i.patch
+Patch21: 0021-Ticket-48940-DS-logs-have-warning-ancestorid-not-ind.patch
+Patch22: 0022-Ticket-48882-server-can-hang-in-connection-list-proc.patch
+Patch23: 0023-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
+Patch24: 0024-Ticket-48943-When-fine-grained-policy-is-applied-a-s.patch
+Patch25: 0025-Ticket-48943-Add-CI-Test-for-the-password-test-suite.patch
+Patch26: 0026-Ticket-48936-Duplicate-collation-entries.patch
+Patch27: 0027-Ticket-48450-Add-prestart-work-around-for-systemd-as.patch
+Patch28: 0028-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
+Patch29: 0029-Bug-1347760-CVE-2016-4992-389-ds-base-Information-di.patch
+Patch30: 0030-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
+Patch31: 0031-Ticket-48450-Autotools-components-for-ds_systemd_ask.patch
+Patch32: 0032-Ticket-bz1358565-clear-and-unsalted-password-types-a.patch
+Patch33: 0033-Ticket-48950-Change-example-in-etc-sysconfig-dirsrv-.patch
+Patch34: 0034-Ticket-48954-replication-fails-because-anchorcsn-can.patch
+Patch35: 0035-Ticket-48956-ns-accountstatus.pl-showing-activated-u.patch
+Patch36: 0036-Ticket-48958-Audit-fail-log-doesn-t-work-if-audit-lo.patch
+Patch37: 0037-Ticket-48960-Crash-in-import_wait_for_space_in_fifo.patch
+Patch38: 0038-Bugzilla-1368956-man-page-of-ns-accountstatus.pl-sho.patch
+Patch39: 0039-Ticket-48964-cleanAllRUV-changelog-purging-incorrect.patch
+Patch40: 0040-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
+Patch41: 0041-Ticket-48967-passwordMinAge-attribute-doesn-t-limit-.patch
+Patch42: 0042-Ticket-48967-Add-CI-test-and-refactor-test-suite.patch
+Patch43: 0043-Ticket-48950-Add-systemd-warning-to-the-LD_PRELOAD-e.patch
+Patch44: 0044-Ticket-48957-set-proper-update-status-to-replication.patch
+Patch45: 0045-Ticket-48972-remove-old-pwp-code-that-adds-removes-A.patch
+Patch46: 0046-Ticket-48970-Serverside-sorting-crashes-the-server.patch
+Patch47: 0047-Ticket-48975-Disabling-CLEAR-password-storage-scheme.patch
+Patch48: 0048-Ticket-48957-Update-repl-monitor-to-handle-new-statu.patch
+Patch49: 0049-Ticket-48969-nsslapd-auditfaillog-always-has-an-expl.patch
+Patch50: 0050-Bug-1321124-use-a-consumer-maxcsn-only-as-anchor-if-.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@@ -232,7 +193,7 @@ Summary: Core libraries for 389 Directory Server
Group: System Environment/Daemons
BuildRequires: nspr-devel
BuildRequires: nss-devel
-BuildRequires: svrcore-devel
+BuildRequires: svrcore-devel >= 4.1.2
%if %{use_openldap}
BuildRequires: openldap-devel
%else
@@ -251,6 +212,7 @@ BuildRequires: libtalloc-devel
BuildRequires: libevent-devel
BuildRequires: libtevent-devel
%endif
+BuildRequires: systemd-devel
%description libs
Core libraries for the 389 Directory Server base package. These libraries
@@ -264,7 +226,7 @@ Requires: %{name}-libs = %{version}-%{release}
Requires: pkgconfig
Requires: nspr-devel
Requires: nss-devel
-Requires: svrcore-devel
+Requires: svrcore-devel >= 4.1.2
%if %{use_openldap}
Requires: openldap-devel
%else
@@ -275,10 +237,31 @@ Requires: libtalloc
Requires: libevent
Requires: libtevent
%endif
+Requires: systemd-libs
%description devel
Development Libraries and headers for the 389 Directory Server base package.
+%package snmp
+Summary: SNMP Agent for 389 Directory Server
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+
+# upgrade path from monolithic %{name} (including -libs & -devel) to %{name} + %{name}-snmp
+Obsoletes: %{name} <= 1.3.5.4
+
+%description snmp
+SNMP Agent for the 389 Directory Server base package.
+
+%package tests
+Summary: The lib389 Continuous Integration Tests
+Group: Development/Libraries
+Requires: python-lib389
+BuildArch: noarch
+
+%description tests
+The lib389 CI tests that can be run against the Directory Server.
+
%prep
%setup -q -n %{name}-%{version}%{?prerel}
%if %{use_nunc_stans}
@@ -336,61 +319,13 @@ cp %{SOURCE2} README.devel
%patch48 -p1
%patch49 -p1
%patch50 -p1
-%patch51 -p1
-%patch52 -p1
-%patch53 -p1
-%patch54 -p1
-%patch55 -p1
-%patch56 -p1
-%patch57 -p1
-%patch58 -p1
-%patch59 -p1
-%patch60 -p1
-%patch61 -p1
-%patch62 -p1
-%patch63 -p1
-%patch64 -p1
-%patch65 -p1
-%patch66 -p1
-%patch67 -p1
-%patch68 -p1
-%patch69 -p1
-%patch70 -p1
-%patch71 -p1
-%patch72 -p1
-%patch73 -p1
-%patch74 -p1
-%patch75 -p1
-%patch76 -p1
-%patch77 -p1
-%patch78 -p1
-%patch79 -p1
-%patch80 -p1
-%patch81 -p1
-%patch82 -p1
-%patch83 -p1
-%patch84 -p1
-%patch85 -p1
-%patch86 -p1
-%patch87 -p1
-%patch88 -p1
-%patch89 -p1
-%patch90 -p1
-%patch91 -p1
-%patch92 -p1
-%patch93 -p1
-%patch94 -p1
-%patch95 -p1
-%patch96 -p1
-%patch97 -p1
-%patch98 -p1
%build
%if %{use_nunc_stans}
pushd ../nunc-stans-%{nunc_stans_ver}
%configure --with-fhs --libdir=%{_libdir}/%{pkgname}
make %{?_smp_mflags}
-mkdir lib
+mkdir -p lib
cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so
mkdir -p include/nunc-stans
cp nunc-stans.h include/nunc-stans/nunc-stans.h
@@ -404,12 +339,14 @@ OPENLDAP_FLAG="--with-openldap"
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
%if %{use_nunc_stans}
-NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
+NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
%endif
%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
- --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS
+ --with-perldir=/usr/bin \
+ --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS \
+ --with-systemd
# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS
@@ -422,14 +359,14 @@ make %{?_smp_mflags}
%install
-rm -rf $RPM_BUILD_ROOT
-
%if %{use_nunc_stans}
pushd ../nunc-stans-%{nunc_stans_ver}
make DESTDIR="$RPM_BUILD_ROOT" install
rm -rf $RPM_BUILD_ROOT%{_includedir} $RPM_BUILD_ROOT%{_datadir} \
$RPM_BUILD_ROOT%{_libdir}/%{pkgname}/pkgconfig
popd
+%else
+rm -rf $RPM_BUILD_ROOT
%endif
make DESTDIR="$RPM_BUILD_ROOT" install
@@ -441,28 +378,31 @@ mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
# for systemd
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
-#remove libtool and static libs
-rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
-rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
-rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
-rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
+#remove libtool archives and static libs
+find %{buildroot} -type f -name "*.la" -delete
+find %{buildroot} -type f -name "*.a" -delete
-# make sure perl scripts have a proper shebang
+# make sure perl scripts have a proper shebang
sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl
+# Why are we not making this a proper python package?
+pushd ../%{name}-%{version}%{?prerel}
+cp -r dirsrvtests $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}
+find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type f -name '*.pyc' -delete
+find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type f -name '*.pyo' -delete
+find $RPM_BUILD_ROOT/%{_sysconfdir}/%{pkgname}/dirsrvtests -type d -name '__pycache__' -delete
+popd
+
%clean
rm -rf $RPM_BUILD_ROOT
%post
output=/dev/null
output2=/dev/null
-%systemd_post %{pkgname}-snmp.service
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
# reload to pick up any shared lib changes
/sbin/ldconfig
-# restart the snmp subagent if needed
-/bin/systemctl try-restart %{pkgname}-snmp.service > $output 2>&1 || :
# find all instances
instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
@@ -470,14 +410,31 @@ if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
output2=${DEBUGPOSTTRANS}.upgrade
fi
-echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
-instbase="%{_sysconfdir}/%{pkgname}"
-for dir in $instbase/slapd-* ; do
- echo dir = $dir >> $output 2>&1 || :
- if [ ! -d "$dir" ] ; then continue ; fi
- case "$dir" in *.removed) continue ;; esac
- basename=`basename $dir`
- inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
+
+has_dirsrv=`/usr/bin/egrep -i "^dirsrv\>" /etc/passwd` || :
+if [ "$has_dirsrv" = "" ]; then
+ dirsrv_uid=389
+ while [ "`getent passwd | awk -F: '{print $3}' | grep $dirsrv_uid`" != "" ]; do
+ dirsrv_uid=`expr $dirsrv_uid + 1`
+ done
+ echo "User dirsrv does not exist, create it with uid %dirsrv_uid." >> $output 2>&1 || :
+ /usr/sbin/useradd -c "389-ds-base" -u $dirsrv_uid \
+ -s /sbin/nologin -r -d /usr/share/dirsrv dirsrv 2> /dev/null || :
+fi
+has_dirsrv=`/usr/bin/egrep -i "^dirsrv\>" /etc/group` || :
+if [ "$has_dirsrv" = "" ]; then
+ dirsrv_gid=389
+ while [ "`getent group | grep $dirsrv_gid`" != "" ]; do
+ dirsrv_gid=`expr $dirsrv_gid + 1`
+ done
+ echo "Group dirsrv does not exist, create it with uid %dirsrv_gid." >> $output 2>&1 || :
+ /usr/sbin/groupadd -g $dirsrv_gid -r dirsrv 2> /dev/null || :
+fi
+
+echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
+for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
+ if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
+ inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
@@ -517,8 +474,6 @@ exit 0
%preun
if [ $1 -eq 0 ]; then # Final removal
- # Package removal, not upgrade
- %systemd_preun %{pkgname}-snmp.service %{groupname}
# remove instance specific service files/links
rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
fi
@@ -529,6 +484,15 @@ if [ $1 = 0 ]; then # Final removal
rm -rf /var/run/%{pkgname}
fi
+%post snmp
+%systemd_post %{pkgname}-snmp.service
+
+%preun snmp
+%systemd_preun %{pkgname}-snmp.service %{groupname}
+
+%postun snmp
+%systemd_postun_with_restart %{pkgname}-snmp.service
+
%files
%defattr(-,root,root,-)
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
@@ -539,7 +503,6 @@ fi
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
-%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}
%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}.systemd
@@ -556,12 +519,15 @@ fi
%ghost %dir %{_localstatedir}/lock/%{pkgname}
%{_mandir}/man1/*
%{_mandir}/man8/*
+%exclude %{_sbindir}/ldap-agent*
+%exclude %{_mandir}/man1/ldap-agent.1.gz
%files devel
%defattr(-,root,root,-)
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%{_includedir}/%{pkgname}
%{_libdir}/%{pkgname}/libslapd.so
+%{_libdir}/%{pkgname}/libns-dshttpd.so
%if %{use_nunc_stans}
%{_libdir}/%{pkgname}/libnunc-stans.so
%endif
@@ -572,77 +538,232 @@ fi
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%dir %{_libdir}/%{pkgname}
%{_libdir}/%{pkgname}/libslapd.so.*
-%{_libdir}/%{pkgname}/libns-dshttpd.so*
+%{_libdir}/%{pkgname}/libns-dshttpd.so.*
%if %{use_nunc_stans}
%{_libdir}/%{pkgname}/libnunc-stans.so.*
%endif
+%files snmp
+%defattr(-,root,root,-)
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
+%{_sbindir}/ldap-agent*
+%{_mandir}/man1/ldap-agent.1.gz
+
+%files tests
+%defattr(-,root,root,-)
+%doc LICENSE LICENSE.GPLv3+
+%{_sysconfdir}/%{pkgname}/dirsrvtests
+
%changelog
-* Thu Jun 30 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-33
-- release 1.3.4.0-33
-- Resolves: bug 1351323 - Improve MMR replication convergence (DS 48636)
-- Resolves: bug 1351447 - Supplier can skip a failing update, although it should retry. (DS 47788)
-- Resolves: bug 1350707 - Replication changelog can incorrectly skip over updates (DS 48766)
-
-* Thu Jun 9 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-32
-- release 1.3.4.0-32
-- Resolves: bug 1344293 - At startup DES to AES password conversion causes timeout in start script (DS 48862)
-
-* Thu May 12 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-31
-- release 1.3.4.0-31
-- Resolves: bug 1335423 - heap corruption at schema replication. (DS 48492)
-- Resolves: bug 1335107 - Paged results search returns the blank list of entries (DS 48808)
-
-* Wed Mar 30 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-30
-- release 1.3.4.0-30
-- Resolves: bug 1321891 - DES to AES password conversion fails if a backend is empty (DS 48777)
-
-* Thu Mar 10 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-29
-- release 1.3.4.0-29
-- Resolves: bug 1316552 - License tag does not match actual license of code (DS 48757)
-
-* Tue Mar 8 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-28
-- release 1.3.4.0-28
-- Resolves: bug 1315181 - change severity of some messages related to "keep alive" entries (DS 48420)
-
-* Fri Feb 19 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-27
-- release 1.3.4.0-27
-- Resolves: bug 1309963 - keep alive entries can break replication (DS 48445)
-- Resolves: bug 1309964 - Crash in slapi_get_object_extension (DS 48536)
-
-* Mon Jan 25 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-26
-- release 1.3.4.0-26
-- Resolves: bug 1299346 - deadlock on connection mutex (DS 48341)
-
-* Thu Jan 21 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-25
-- release 1.3.4.0-25
-- Resolves: bug 1299757 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS
-
-* Wed Jan 13 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-24
-- release 1.3.4.0-24
-- Resolves: bug 1298105 - 389-ds hanging after a few minutes of operation (DS 48406)
-
-* Tue Jan 5 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-23
-- release 1.3.4.0-23
-- Resolves: bug 1295684 - many attrlist_replace errors in connection with cleanallruv (DS 48283)
-
-* Fri Dec 11 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-22
-- release 1.3.4.0-22
-- Resolves: bug 1290725 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375)
-- Resolves: bug 1290726 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same modify operation (DS 48370)
-
-* Wed Nov 18 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-21
-- release 1.3.4.0-21
-- Resolves: bug 1278730 - SimplePagedResults -- abandon could happen between the abandon check and sending results -- Fixing a regression introduced in 1.3.4.0-20 (DS 48338)
-
-* Thu Nov 12 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-20
-- release 1.3.4.0-20
-- Resolves: bug 1278729 - Share nsslapd-threadnumber in the case nunc-stans is enabled (DS 48339)
-- Resolves: bug 1278730 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338)
-- Resolves: bug 1279572 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325)
-- Resolves: bug 1279573 - nunc-stans: Attempt to release connection that is not acquired (DS 48311)
-- Resolves: bug 1280210 - deadlock in mep delete post op (DS 47976)
-- Resolves: bug 1281522 - acl - regression - trailing ', (comma)' in macro matched value is not removed (DS 48344)
+* Tue Sep 13 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-11
+- Release 1.3.5.10-11
+- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates
+
+* Thu Sep 1 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-10
+- Release 1.3.5.10-10
+- Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957)
+- Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969)
+
+* Tue Aug 30 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-9
+- Release 1.3.5.10-9
+- Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950)
+- Resolves: bug 1366828 - audit on failure doesn't work if attribute nsslapd-auditlog-logging-enabled is NOT enabled (DS 48958)
+- Resolves: bug 1368520 - Crash in import_wait_for_space_in_fifo() (DS 48960)
+- Resolves: bug 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option
+- Resolves: bug 1369537 - passwordMinAge attribute doesn't limit the minimum age of the password (DS 48967)
+- Resolves: bug 1369570 - cleanallruv changelog cleaning incorrectly impacts all backends (DS 48964)
+- Resolves: bug 1369425 - ACI behaves erratically (DS 48972)
+- Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957)
+- Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969)
+- Resolves: bug 1371283 - Server Side Sorting crashes the server. (DS 48970)
+- Resolves: bug 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password (DS 48975)
+
+* Thu Aug 18 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-8
+- Release 1.3.5.10-8
+- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48954)
+- Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950)
+- Resolves: bug 1366561 - ns-accountstatus.pl giving error even "No such object (32)" (DS 48956)
+
+* Mon Aug 8 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-7
+- Release 1.3.5.10-7
+- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
+- Resolves: bug 1360976 - fixing a compiler warning
+
+* Thu Aug 4 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-6
+- Release 1.3.5.10-6
+- Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48928)
+- Resolves: bug 1360447 - nsslapd-workingdir is empty when ns-slapd is started by systemd (DS 48939)
+- Resolves: bug 1360327 - remove-ds.pl deletes an instance even if wrong prefix was specified (DS 48934)
+- Resolves: bug 1349815 - DS logs have warning:ancestorid not indexed for all CS subsystems (DS 48940)
+- Resolves: bug 1329061 - 389-ds-base-1.3.4.0-29.el7_2 "hang" (DS 48882)
+- Resolves: bug 1360976 - EMBARGOED CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack
+- Resolves: bug 1361134 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password (DS 48943)
+- Resolves: bug 1361321 - Duplicate collation entries (DS 48936)
+- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
+- Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat
+
+* Thu Jul 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-5
+- Release 1.3.5.10-5
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919)
+
+* Thu Jul 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-4
+- Release 1.3.5.10-4
+- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919)
+- Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat
+- Resolves: bug 1354660 - flow control in replication also blocks receiving results (DS 48767)
+- Resolves: bug 1356261 - Fixup tombstone task needs to set proper flag when updating (DS 48924)
+- Resolves: bug 1355760 - ns-slapd crashes during the deletion of backend (DS 48922)
+- Resolves: bug 1353629 - DS shuts down automatically if dnaThreshold is set to 0 in a MMR setup (DS 48916)
+- Resolves: bug 1355879 - nunc-stans: ns-slapd crashes during startup with SIGILL on AMD Opteron 280 (DS 48925)
+
+* Mon Jul 11 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-3
+- Release 1.3.5.10-3
+- Resolves: bug 1354374 - Fixing the tarball version in the sources file.
+
+* Mon Jul 11 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-2
+- Release 1.3.5.10-2
+- Resolves: bug 1353714 - If a cipher is disabled do not attempt to look it up (DS 48743)
+- Resolves: bug 1353592 - Setup-ds.pl --update fails - regression (DS 48755)
+- Resolves: bug 1353544 - db2bak.pl task enters infinitive loop when bak fs is almost full (DS 48914)
+- Resolves: bug 1354374 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't install 389-ds-base-snmp (DS 48918)
+
+* Wed Jun 29 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.10-1
+- Release 1.3.5.10-1
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48905)
+
+* Wed Jun 29 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.9-1
+- Release 1.3.5.9-1
+- Resolves: bug 1349571 - Improve MMR replication convergence (DS 48636)
+- Resolves: bug 1304682 - "stale" automember rule (associated to a removed group) causes discrepancies in the database (DS 48637)
+- Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755)
+- Resolves: bug 1316731 - syncrepl search returning error 329; plugin sending a bad error code (DS 48904)
+- Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule (DS 48891)
+- Resolves: bug 1349577 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. (DS 48899)
+- Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT (DS 48898)
+- Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538)
+- Resolves: bug 1350632 - ns-slapd shutdown crashes if pwdstorageschema name is from stack. (DS 48902)
+
+* Tue Jun 21 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.8-1
+- Release 1.3.5.8-1
+- Resolves: bug 1290101 - proxyauth support does not work when bound as directory manager (DS 48366)
+
+* Tue Jun 21 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.7-1
+- Release 1.3.5.7-1
+- Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109)
+- Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449)
+- Resolves: bug 1290101 - proxyauth support does not work when bound as directory manager (DS 48366)
+- Resolves: bug 1338872 - Wrong result code display in audit-failure log (DS 48892)
+- Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538)
+- Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule (DS 48891)
+- Resolves: bug 1347407 - By default aci can be read by anonymous (DS 48354)
+- Resolves: bug 1347412 - cn=SNMP,cn=config entry can be read by anonymous (DS 48893)
+
+* Tue Jun 14 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.6-1
+- Release 1.3.5.6-1
+- Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982)
+- Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48766, DS 48636)
+- Resolves: bug 1233926 - "matching rules" in ACI's "bind rules not fully evaluated (DS 48234)
+- Resolves: bug 1346165 - 389-ds-base-1.3.5.5-1.el7.x86_64 requires policycoreutils-py
+
+* Mon Jun 13 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.5-1
+- Release 1.3.5.5-1
+- Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 48833)
+- Resolves: bug 1344414 - [RFE] adding pre/post extop ability (DS 48880)
+- Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449)
+- Resolves: bug 1257568 - /usr/lib64/dirsrv/libnunc-stans.so is owned by both -libs and -devel (DS 48404)
+- Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file "(bulk import)" (DS 48755)
+- Resolves: bug 1342609 - At startup DES to AES password conversion causes timeout in start script (DS 48862)
+- Resolves: bug 1316328 - search returns no entry when OR filter component contains non readable attribute (DS 48275)
+- Resolves: bug 1280456 - setup-ds should detect if port is already defined (DS 48336)
+- Resolves: bug 1312557 - dirsrv service fails to start when nsslapd-listenhost is configured (DS 48747)
+- Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48752)
+- Resolves: bug 1340307 - Running db2index with no options breaks replication (DS 48854)
+- Resolves: bug 1337195 - Regression introduced in matching rules by DS 48746 (DS 48844)
+- Resolves: bug 1335492 - Modifier's name is not recorded in the audit log with modrdn and moddn operations (DS 48834)
+- Resolves: bug 1316741 - ldctl should support -H with ldap uris (DS 48754)
+
+* Wed May 18 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.4-1
+- release 1.3.5.4-1
+- Resolves: bug 1334455 - db2ldif is not taking into account multiple suffixes or backends (DS 48828)
+- Resolves: bug 1241563 - The "repl-monitor" web page does not display "year" in date. (DS 48220)
+- Resolves: bug 1335618 - Server ram sanity checks work in isolation (DS 48617)
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48837)
+
+* Sat May 7 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.3-1
+- release 1.3.5.3-1
+- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
+- Resolves: bug 1332533 - ns-accountstatus.pl gives error message on execution along with results. (DS 48815)
+- Resolves: bug 1332709 - password history is not updated when an admin resets the password (DS 48813)
+- Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48822)
+- Resolves: bug 1333515 - Enable DS to offer weaker DH params in NSS (DS 48798)
+
+* Tue May 3 2016 Noriko Hosoi <nhosoi@redhat.com> - 1.3.5.2-1
+- release 1.3.5.2-1
+- Resolves: bug 1270020 - Rebase 389-ds-base to 1.3.5 in RHEL-7.3
+- Resolves: bug 1288229 - many attrlist_replace errors in connection with cleanallruv (DS 48283)
+- Resolves: bug 1315893 - License tag does not match actual license of code (DS 48757)
+- Resolves: bug 1320715 - DES to AES password conversion fails if a backend is empty (DS 48777)
+- Resolves: bug 190862 - [RFE] Default password syntax settings don't work with fine-grained policies (DS 142)
+- Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 548)
+- Resolves: bug 1143066 - The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid (DS 48285)
+- Resolves: bug 1153758 - [RFE] Support SASL/GSSAPI when ns-slapd is behind a load-balancer (DS 48332)
+- Resolves: bug 1160902 - search, matching rules and filter error "unsupported type 0xA9" (DS 48016)
+- Resolves: bug 1186512 - High memory fragmentation observed in ns-slapd; OOM-Killer invoked (DS 48377, 48129)
+- Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109)
+- Resolves: bug 1209094 - [RFE] Allow logging of rejected changes (DS 48145, 48280)
+- Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144)
+- Resolves: bug 1210842 - [RFE] Add PIDFile option to systemd service file (DS 47951)
+- Resolves: bug 1223510 - [RFE] it could be nice to have nsslapd-maxbersize default to bigger than 2Mb (DS 48326)
+- Resolves: bug 1229799 - ldclt-bin killed by SIGSEGV (DS 48289)
+- Resolves: bug 1249908 - No validation check for the value for nsslapd-db-locks. (DS 48244)
+- Resolves: bug 1254887 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers (DS 48290)
+- Resolves: bug 1255557 - db2index creates index entry from deleted records (DS 48252)
+- Resolves: bug 1258610 - total update request must not be lost (DS 48255)
+- Resolves: bug 1258611 - dna plugin needs to handle binddn groups for authorization (DS 48258)
+- Resolves: bug 1259624 - [RFE] Provide a utility to detect accounts locked due to inactivity (DS 48269)
+- Resolves: bug 1259950 - Add config setting to MemberOf Plugin to add required objectclass got memberOf attribute (DS 48267)
+- Resolves: bug 1266510 - Linked Attributes plug-in - wrong behaviour when adding valid and broken links (DS 48295)
+- Resolves: bug 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation (DS 48294)
+- Resolves: bug 1267750 - pagedresults - when timed out, search results could have been already freed. (DS 48299)
+- Resolves: bug 1269378 - ds-logpipe.py with wrong arguments - python exception in the output (DS 48302)
+- Resolves: bug 1271330 - nunc-stans: Attempt to release connection that is not acquired (DS 48311)
+- Resolves: bug 1272677 - nunc stans: ns-slapd killed by SIGTERM
+- Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT
+- Resolves: bug 1273142 - crash in Managed Entry plugin (DS 48312)
+- Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982)
+- Resolves: bug 1273550 - Deadlock between two MODs on the same entry between entry cache and backend lock (DS 47978)
+- Resolves: bug 1273555 - deadlock in mep delete post op (DS 47976)
+- Resolves: bug 1273584 - lower password history minimum to 1 (DS 48394)
+- Resolves: bug 1275763 - [RFE] add setup-ds.pl option to disable instance specific scripts (DS 47840)
+- Resolves: bug 1276072 - [RFE] Allow RHDS to be setup using a DNS CNAME alias for General.FullMachineName (DS 48328)
+- Resolves: bug 1278567 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338)
+- Resolves: bug 1278584 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well. (DS 48339)
+- Resolves: bug 1278755 - deadlock on connection mutex (DS 48341)
+- Resolves: bug 1278987 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325)
+- Resolves: bug 1280123 - acl - regression - trailing ', (comma)' in macro matched value is not removed. (DS 48344)
+- Resolves: bug 1290111 - [RFE] Support for rfc3673 '+' to return operational attributes (DS 48363)
+- Resolves: bug 1290141 - With exhausted range, part of DNA shared configuration is deleted after server restart (DS 48362)
+- Resolves: bug 1290242 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375)
+- Resolves: bug 1290600 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation (DS 48370)
+- Resolves: bug 1295947 - 389-ds hanging after a few minutes of operation (DS 48406, revert 48338)
+- Resolves: bug 1296310 - ldclt - segmentation fault error while binding (DS 48400)
+- Resolves: bug 1299758 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS [rhel-7.3]
+- Resolves: bug 1301097 - logconv.pl displays negative operation speeds (DS 48446)
+- Resolves: bug 1302823 - Crash in slapi_get_object_extension (DS 48536)
+- Resolves: bug 1303641 - heap corruption at schema replication. (DS 48492)
+- Resolves: bug 1307151 - keep alive entries can break replication (DS 48445)
+- Resolves: bug 1310848 - Supplier can skip a failing update, although it should retry. (DS 47788)
+- Resolves: bug 1314557 - change severity of some messages related to "keep alive" enties (DS 48420)
+- Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450)
+- Resolves: bug 1316742 - no plugin calls in tombstone purging (DS 48759)
+- Resolves: bug 1319329 - [RFE] add nsslapd-auditlog-logging-enabled: off to template-dse.ldif (DS 48145)
+- Resolves: bug 1320295 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. (DS 48775)
+- Resolves: bug 1326520 - db2index uses a buffer size derived from dbcachesize (DS 48383)
+- Resolves: bug 1328936 - objectclass values could be dropped on the consumer (DS 48799)
+- Resolves: bug 1287475 - [RFE] response control for password age should be sent by default by RHDS (DS 48369)
+- Resolves: bug 1331343 - Paged results search returns the blank list of entries (DS 48808)
* Mon Oct 5 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-19
- release 1.3.4.0-19