diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata
index 39e4851..c23be8f 100644
--- a/.389-ds-base.metadata
+++ b/.389-ds-base.metadata
@@ -1 +1,2 @@
-952e538aa0fd95a4cbee5cf2bb2795fbed43a826 SOURCES/389-ds-base-1.3.3.1.tar.bz2
+edf4fc7da08f84699a07586e21d55856e5be7d4f SOURCES/389-ds-base-1.3.4.0.tar.bz2
+7e52309f61c38b241fcdaf0284559d683f3ba700 SOURCES/nunc-stans-0.1.5.tar.bz2
diff --git a/.gitignore b/.gitignore
index a20c80c..61b66d3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-SOURCES/389-ds-base-1.3.3.1.tar.bz2
+SOURCES/389-ds-base-1.3.4.0.tar.bz2
+SOURCES/nunc-stans-0.1.5.tar.bz2
diff --git a/SOURCES/0000-Ticket-47748-Simultaneous-adding-a-user-and-binding-.patch b/SOURCES/0000-Ticket-47748-Simultaneous-adding-a-user-and-binding-.patch
deleted file mode 100644
index 049a080..0000000
--- a/SOURCES/0000-Ticket-47748-Simultaneous-adding-a-user-and-binding-.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From dc2157e3a4b04b522147a86477bbd974a9c0b63a Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 9 Sep 2014 12:45:58 -0700
-Subject: [PATCH 0/7] Ticket #47748 - Simultaneous adding a user and binding as
- the user could fail in the password policy check
-
-Description: commit 4fc53e1a63222d0ff67c30a59f2cff4b535f90a8 fix for
-Ticket #47748 introduced a bug: "Simple bind hangs after enabling
-password policy".
-
-In do_bind, slapi_check_account_lock and need_new_pw overwrote the
-return code from backend bind which is used later. This patch fixes
-it not to override the return code.
-
-https://fedorahosted.org/389/ticket/47748
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 4f11606b02419c8ccdb319b8040e683af9109d1b)
-(cherry picked from commit 8c82941c0f2b0b5d7fa698a1ca3e4f26245cf85a)
----
- ldap/servers/slapd/bind.c | 13 +++++++------
- 1 file changed, 7 insertions(+), 6 deletions(-)
-
-diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
-index 58a4e13..bc4aa24 100644
---- a/ldap/servers/slapd/bind.c
-+++ b/ldap/servers/slapd/bind.c
-@@ -769,6 +769,7 @@ do_bind( Slapi_PBlock *pb )
- }
-
- if ( rc == SLAPI_BIND_SUCCESS ) {
-+ int myrc = 0;
- if (!auto_bind) {
- /*
- * There could be a race that bind_target_entry was not added
-@@ -779,9 +780,9 @@ do_bind( Slapi_PBlock *pb )
- if (!bind_target_entry) {
- bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn));
- if (bind_target_entry) {
-- rc = slapi_check_account_lock(pb, bind_target_entry,
-+ myrc = slapi_check_account_lock(pb, bind_target_entry,
- pw_response_requested, 1, 1);
-- if (1 == rc) { /* account is locked */
-+ if (1 == myrc) { /* account is locked */
- goto account_locked;
- }
- } else {
-@@ -795,8 +796,8 @@ do_bind( Slapi_PBlock *pb )
- if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) {
- /* check if need new password before sending
- the bind success result */
-- rc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested);
-- switch (rc) {
-+ myrc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested);
-+ switch (myrc) {
- case 1:
- (void)slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0);
- break;
-@@ -811,8 +812,8 @@ do_bind( Slapi_PBlock *pb )
- if (auth_response_requested) {
- slapi_add_auth_response_control(pb, slapi_sdn_get_ndn(sdn));
- }
-- if (-1 == rc) {
-- /* neeed_new_pw failed; need_new_pw already send_ldap_result in it. */
-+ if (-1 == myrc) {
-+ /* need_new_pw failed; need_new_pw already send_ldap_result in it. */
- goto free_and_return;
- }
- } else { /* anonymous */
---
-1.9.3
-
diff --git a/SOURCES/0001-Ticket-47834-Tombstone_to_glue-if-parents-are-also-c.patch b/SOURCES/0001-Ticket-47834-Tombstone_to_glue-if-parents-are-also-c.patch
deleted file mode 100644
index 6486e03..0000000
--- a/SOURCES/0001-Ticket-47834-Tombstone_to_glue-if-parents-are-also-c.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From 2566e87a956938a6be3addc586fb2fe53cc8b9f8 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 8 Sep 2014 14:29:29 -0700
-Subject: [PATCH 1/7] Ticket #47834 - Tombstone_to_glue: if parents are also
- converted to glue, the target entry's DN must be adjusted.
-
-Description: Previous fix for the ticket #47834 broke the CI test case
-47815.
-
-The fix for 47815 removed the addingentry from the entry cache if
-SLAPI_PLUGIN_BE_TXN_POST_ADD_FN failed. The #47834 patch accidentally
-deleted the code.
-
-Instead of adding it back, this patch moves the deletion of the entry
-from the entry cache to cover both cases SLAPI_PLUGIN_BE_TXN_POST_ADD
-_FN successes or fails.
-
-https://fedorahosted.org/389/ticket/47834
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 7db4fa90caa543b59352046138f453236c0fd652)
-(cherry picked from commit 78fdd6165cb2c9da4e30452ebdcdcf7aad3d30c7)
----
- ldap/servers/slapd/back-ldbm/ldbm_add.c | 59 ++++++++++++++++++++++++---------
- 1 file changed, 43 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
-index 2f1b398..b74154a 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
-@@ -1209,21 +1209,6 @@ error_return:
- {
- next_id_return( be, addingentry->ep_id );
- }
-- if ( addingentry )
-- {
-- if (inst && cache_is_in_cache(&inst->inst_cache, addingentry)) {
-- CACHE_REMOVE(&inst->inst_cache, addingentry);
-- /* tell frontend not to free this entry */
-- slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
-- }
-- else if (!cache_has_otherref(&inst->inst_cache, addingentry))
-- {
-- if (!is_resurect_operation) { /* if resurect, tombstoneentry is dupped. */
-- backentry_clear_entry(addingentry); /* e is released in the frontend */
-- }
-- }
-- CACHE_RETURN( &inst->inst_cache, &addingentry );
-- }
- if (rc == DB_RUNRECOVERY) {
- dblayer_remember_disk_filled(li);
- ldbm_nasty("Add",80,rc);
-@@ -1244,6 +1229,20 @@ error_return:
- }
- diskfull_return:
- if (disk_full) {
-+ if ( addingentry ) {
-+ if (inst && cache_is_in_cache(&inst->inst_cache, addingentry)) {
-+ CACHE_REMOVE(&inst->inst_cache, addingentry);
-+ /* tell frontend not to free this entry */
-+ slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
-+ }
-+ else if (!cache_has_otherref(&inst->inst_cache, addingentry))
-+ {
-+ if (!is_resurect_operation) { /* if resurect, tombstoneentry is dupped. */
-+ backentry_clear_entry(addingentry); /* e is released in the frontend */
-+ }
-+ }
-+ CACHE_RETURN( &inst->inst_cache, &addingentry );
-+ }
- rc = return_on_disk_full(li);
- } else {
- /* It is safer not to abort when the transaction is not started. */
-@@ -1277,13 +1276,41 @@ diskfull_return:
- }
- slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
- }
--
-+ if ( addingentry ) {
-+ if (inst && cache_is_in_cache(&inst->inst_cache, addingentry)) {
-+ CACHE_REMOVE(&inst->inst_cache, addingentry);
-+ /* tell frontend not to free this entry */
-+ slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
-+ }
-+ else if (!cache_has_otherref(&inst->inst_cache, addingentry))
-+ {
-+ if (!is_resurect_operation) { /* if resurect, tombstoneentry is dupped. */
-+ backentry_clear_entry(addingentry); /* e is released in the frontend */
-+ }
-+ }
-+ CACHE_RETURN( &inst->inst_cache, &addingentry );
-+ }
- /* Release SERIAL LOCK */
- if (!noabort) {
- dblayer_txn_abort(be, &txn); /* abort crashes in case disk full */
- }
- /* txn is no longer valid - reset the txn pointer to the parent */
- slapi_pblock_set(pb, SLAPI_TXN, parent_txn);
-+ } else {
-+ if ( addingentry ) {
-+ if (inst && cache_is_in_cache(&inst->inst_cache, addingentry)) {
-+ CACHE_REMOVE(&inst->inst_cache, addingentry);
-+ /* tell frontend not to free this entry */
-+ slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
-+ }
-+ else if (!cache_has_otherref(&inst->inst_cache, addingentry))
-+ {
-+ if (!is_resurect_operation) { /* if resurect, tombstoneentry is dupped. */
-+ backentry_clear_entry(addingentry); /* e is released in the frontend */
-+ }
-+ }
-+ CACHE_RETURN( &inst->inst_cache, &addingentry );
-+ }
- }
- if (!not_an_error) {
- rc = SLAPI_FAIL_GENERAL;
---
-1.9.3
-
diff --git a/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch b/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
new file mode 100644
index 0000000..ee98694
--- /dev/null
+++ b/SOURCES/0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
@@ -0,0 +1,89 @@
+From 97da9cb32b41d87d9dc5930a2ad931df559ae7f5 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 23 Jun 2015 14:48:13 -0700
+Subject: [PATCH 1/2] Ticket #48203 - Fix coverity issues - 06/22/2015
+
+Description:
+13294 Uninitialized scalar variable -- retrocl_init_trimming (introduced by #47669)
+13293 Resource leak -- retrocl_init_trimming (introduced by #47669)
+
+2. Defect type: CHECKED_RETURN
+50. ldap/servers/slapd/tools/ldclt/ldapfct.c:1945:
+9. ldap/servers/slapd/tools/ldclt/ldapfct.c:952:
+ check_return: Calling "addErrorStat" without checking return value
+ (as is done elsewhere 26 out of 28 times).
+
+1. Defect type: COMPILER_WARNING
+2. ldap/servers/slapd/daemon.c:1412:21:
+ warning: 'tp' may be used uninitialized in this function [-Wmaybe-uninitialized]
+
+https://fedorahosted.org/389/ticket/48203
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit 32d45c74231545ad91934147962bfb676dcdd391)
+---
+ ldap/servers/plugins/retrocl/retrocl_trim.c | 3 ++-
+ ldap/servers/slapd/daemon.c | 2 +-
+ ldap/servers/slapd/tools/ldclt/ldapfct.c | 4 ++--
+ 3 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/ldap/servers/plugins/retrocl/retrocl_trim.c b/ldap/servers/plugins/retrocl/retrocl_trim.c
+index 65f3015..b09f669 100644
+--- a/ldap/servers/plugins/retrocl/retrocl_trim.c
++++ b/ldap/servers/plugins/retrocl/retrocl_trim.c
+@@ -412,7 +412,7 @@ void retrocl_housekeeping ( time_t cur_time, void *noarg )
+ void retrocl_init_trimming (void)
+ {
+ const char *cl_maxage;
+- time_t ageval;
++ time_t ageval = 0; /* Don't trim, by default */
+ const char *cl_trim_interval;
+
+ cl_maxage = retrocl_get_config_str(CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE);
+@@ -425,6 +425,7 @@ void retrocl_init_trimming (void)
+ "retrocl_init_trimming: ignoring invalid %s value %s; "
+ "not trimming retro changelog.\n",
+ CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE, cl_maxage);
++ slapi_ch_free_string((char **)&cl_maxage);
+ return;
+ }
+ }
+diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
+index 436f3d5..ba73da3 100644
+--- a/ldap/servers/slapd/daemon.c
++++ b/ldap/servers/slapd/daemon.c
+@@ -1026,7 +1026,7 @@ void slapd_daemon( daemon_ports_t *ports )
+ int threads;
+ int in_referral_mode = config_check_referral_mode();
+ #ifdef ENABLE_NUNC_STANS
+- ns_thrpool_t *tp;
++ ns_thrpool_t *tp = NULL;
+ struct ns_thrpool_config tp_config;
+ #endif
+ int connection_table_size = get_configured_connection_table_size();
+diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
+index bc8c89d..f906c5a 100644
+--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
++++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
+@@ -949,7 +949,7 @@ connectToServer (
+ fprintf (stderr, "ldclt[%d]: T%03d: cannot ldap_unbind(), error=%d (%s)\n",
+ mctx.pid, tttctx->thrdNum, ret,strerror (ret));
+ fflush (stderr);
+- addErrorStat(ret);
++ (void)addErrorStat(ret);
+ return (-1);
+ }
+ tttctx->ldapCtx = NULL;
+@@ -1942,7 +1942,7 @@ createMissingNodes (
+ printf ("ldclt[%d]: T%03d: Cannot add (%s), error=%d (%s)\n",
+ mctx.pid, tttctx->thrdNum, nodeDN, ret, my_ldap_err2string (ret));
+ fflush (stdout);
+- addErrorStat(ret);
++ (void)addErrorStat(ret);
+ return (-1);
+ }
+
+--
+1.9.3
+
diff --git a/SOURCES/0002-Ticket-47890-minor-memory-leaks-in-utilities.patch b/SOURCES/0002-Ticket-47890-minor-memory-leaks-in-utilities.patch
deleted file mode 100644
index 3022e20..0000000
--- a/SOURCES/0002-Ticket-47890-minor-memory-leaks-in-utilities.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From ed7316fc2e770c4e0c877e220434489318735c76 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 9 Sep 2014 14:27:40 -0700
-Subject: [PATCH 2/7] Ticket #47890 - minor memory leaks in utilities
-
-Description:
-tools/rsearch/nametable.c - if nt_push fails and the strdup'ed
- string is not pushed to the table,
- free the string.
-tools/migratecred.c - free strdup'ed strings oldpath, newpath,
- prefixCred, and pluginpath at the end of
- the process.
-
-https://fedorahosted.org/389/ticket/47890
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 1279f0e0fe1d0f5456e42ef5b7a9f395f793cc9e)
-(cherry picked from commit aa8ff4b066243f68175f2e664239b7db8747e1d1)
----
- ldap/servers/slapd/tools/migratecred.c | 13 ++++++++++++-
- ldap/servers/slapd/tools/rsearch/nametable.c | 13 ++++++++-----
- 2 files changed, 20 insertions(+), 6 deletions(-)
-
-diff --git a/ldap/servers/slapd/tools/migratecred.c b/ldap/servers/slapd/tools/migratecred.c
-index 085a21a..c1e37bf 100644
---- a/ldap/servers/slapd/tools/migratecred.c
-+++ b/ldap/servers/slapd/tools/migratecred.c
-@@ -163,6 +163,10 @@ main( int argc, char **argv)
-
- if ( !oldpath || !newpath || !cred )
- {
-+ free(oldpath);
-+ free(newpath);
-+ free(prefixCred);
-+ free(pluginpath);
- usage(cmd);
- }
-
-@@ -208,6 +212,10 @@ main( int argc, char **argv)
- "DES Plugin", 1 /* report errors */ );
- if ( fct == NULL )
- {
-+ free(oldpath);
-+ free(newpath);
-+ free(prefixCred);
-+ free(pluginpath);
- usage(cmd);
- return(1);
- }
-@@ -215,7 +223,10 @@ main( int argc, char **argv)
- newcred = (fct)(oldpath, newpath, cred);
-
- fprintf(stdout, "%s", newcred);
--
-+ free(oldpath);
-+ free(newpath);
-+ free(prefixCred);
-+ free(pluginpath);
- return(0);
-
- }
-diff --git a/ldap/servers/slapd/tools/rsearch/nametable.c b/ldap/servers/slapd/tools/rsearch/nametable.c
-index e5d04cd..03a6ae1 100644
---- a/ldap/servers/slapd/tools/rsearch/nametable.c
-+++ b/ldap/servers/slapd/tools/rsearch/nametable.c
-@@ -152,11 +152,14 @@ int nt_load(NameTable *nt, const char *filename)
- if (!fd) return 0;
-
- while (PR_Available(fd) > 0) {
-- char temp[4096], *s;
-- if (PR_GetLine(fd, temp, sizeof(temp))) break;
-- s = strdup(temp);
-- if (!s) break;
-- if (!nt_push(nt, s)) break;
-+ char temp[4096], *s;
-+ if (PR_GetLine(fd, temp, sizeof(temp))) break;
-+ s = strdup(temp);
-+ if (!s) break;
-+ if (!nt_push(nt, s)) {
-+ free(s);
-+ break;
-+ }
- }
- PR_Close(fd);
- return nt->size;
---
-1.9.3
-
diff --git a/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch b/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
new file mode 100644
index 0000000..f6890db
--- /dev/null
+++ b/SOURCES/0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
@@ -0,0 +1,44 @@
+From 0ad9acb61f83244af02081ffd79c350af831f21c Mon Sep 17 00:00:00 2001
+From: Ludwig Krispenz <lkrispen@redhat.com>
+Date: Thu, 18 Jun 2015 15:22:54 +0200
+Subject: [PATCH 2/2] Ticket 48195 - Slow replication when deleting large
+ quantities of multi-valued attributes
+
+https://fedorahosted.org/389/ticket/48195
+
+In update resoultion for entry deletion, there is still use of valuearray_find() to find an existingvalue to update its csn.
+with the fix for ticket #346 there exists slapi_valueset_find() which uses the possibility to do a binary search on the
+values.
+Fix: do not use valuearray_find
+
+Review: Rich, Thanks
+(cherry picked from commit 09ab8c799fc3d87db7a5b3aa07eccf9b41ea43d5)
+(cherry picked from commit a980b795ac03200fd01a2d05ce568691681d50ef)
+---
+ ldap/servers/slapd/valueset.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
+index 73208f5..0cf3ded 100644
+--- a/ldap/servers/slapd/valueset.c
++++ b/ldap/servers/slapd/valueset.c
+@@ -1411,12 +1411,12 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
+ int del_index = -1, del_count = 0;
+ for (i=0;valuestoupdate[i]!=NULL;++i)
+ {
+- int index= valuearray_find(a, vs->va, valuestoupdate[i]);
+- if(index!=-1)
++ Slapi_Value *v = slapi_valueset_find(a, vs, valuestoupdate[i]);
++ if(v)
+ {
+- value_update_csn(vs->va[index],t,csn);
++ value_update_csn(v,t,csn);
+ if (csnref_updated)
+- valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(vs->va[index]);
++ valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v);
+ valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
+ valuestoupdate[i]= NULL;
+ del_count++;
+--
+1.9.3
+
diff --git a/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch b/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
new file mode 100644
index 0000000..93e3d89
--- /dev/null
+++ b/SOURCES/0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
@@ -0,0 +1,52 @@
+From 2ad324a00c8e429171d5c096a56c32aed3206466 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 1 Jul 2015 18:16:20 -0700
+Subject: [PATCH 3/7] Ticket #48212 - Dynamic nsMatchingRule changes had no
+ effect on the attrinfo thus following reindexing, as well.
+
+Description: When nsMatchingRule was dynamically updated in an index entry,
+the value was set to the configuration but was not applied to the attribute
+info. On-line reindexing following the nsMatchingRule change actually ignored
+the setting. On the other hand, the standalone utility dbverify independently
+picked up the nsMatchingRule from the configuration and generated the attribute
+info, which expected the index reindexed based upon the new nsMatchingRule. But
+it was actually not and dbverify reported the index corruption.
+
+This patch applies the changes to the attribute info when nsMatchingRule is
+modified.
+
+https://fedorahosted.org/389/ticket/48212
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!)
+
+(cherry picked from commit d9679725e69df1d191864ca00bad6b79b13e7362)
+(cherry picked from commit d15beff66fd28902bd8ca80af12ad76a7ecbe57d)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_attr.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
+index 62ed6e1..092b6b5 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
+@@ -127,7 +127,16 @@ ainfo_dup(
+ attrinfo_delete_idlistinfo(&a->ai_idlistinfo);
+ a->ai_idlistinfo = b->ai_idlistinfo;
+ b->ai_idlistinfo = NULL;
+-
++
++ /* copy cmp functions and substr lengths */
++ a->ai_key_cmp_fn = b->ai_key_cmp_fn;
++ a->ai_dup_cmp_fn = b->ai_dup_cmp_fn;
++ if (b->ai_substr_lens) {
++ size_t substrlen = sizeof(int) * INDEX_SUBSTRLEN;
++ a->ai_substr_lens = (int *)slapi_ch_calloc(1, substrlen);
++ memcpy(a->ai_substr_lens, b->ai_substr_lens, substrlen);
++ }
++
+ return( 1 );
+ }
+
+--
+1.9.3
+
diff --git a/SOURCES/0003-fix-for-47885-did-not-always-return-a-response-contr.patch b/SOURCES/0003-fix-for-47885-did-not-always-return-a-response-contr.patch
deleted file mode 100644
index 93e27f0..0000000
--- a/SOURCES/0003-fix-for-47885-did-not-always-return-a-response-contr.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 09f106acd0ad639965fdc1b97fd1718ce4eec355 Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Wed, 10 Sep 2014 13:22:06 +0200
-Subject: [PATCH 3/7] fix for 47885 did not always return a response control
-
-reviewd by rich, thanks
-
-(cherry picked from commit 55e317f2a5d8fc488e7eeee6f2b4155298a45d25)
----
- ldap/servers/plugins/deref/deref.c | 30 ++++++++++++------------------
- 1 file changed, 12 insertions(+), 18 deletions(-)
-
-diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
-index 96d42e6..1bab0ab 100644
---- a/ldap/servers/plugins/deref/deref.c
-+++ b/ldap/servers/plugins/deref/deref.c
-@@ -591,14 +591,13 @@ deref_values_free(Slapi_ValueSet** results, char** actual_type_name, int buffer_
- slapi_vattr_values_free(results, actual_type_name, buffer_flags);
- }
-
--static int
-+static void
- deref_do_deref_attr(Slapi_PBlock *pb, BerElement *ctrlber, const char *derefdn, const char *derefattr, const char **attrs)
- {
- char **retattrs = NULL;
- Slapi_PBlock *derefpb = NULL;
- Slapi_Entry **entries = NULL;
- int rc;
-- int needcontrol = 0;
-
- /* If the access check on the attributes is done without retrieveing the entry
- * it cannot handle acis which need teh entry, eg to apply a targetfilter rule
-@@ -628,7 +627,6 @@ deref_do_deref_attr(Slapi_PBlock *pb, BerElement *ctrlber, const char *derefdn,
- "The client does not have permission to read the requested "
- "attributes in entry %s\n", derefdn);
- } else {
-- needcontrol = 1;
- ber_printf(ctrlber, "{ss", derefattr, derefdn); /* begin DerefRes + derefAttr + derefVal */
- for (ii = 0; retattrs[ii]; ++ii) {
- Slapi_Value *sv;
-@@ -704,7 +702,6 @@ deref_do_deref_attr(Slapi_PBlock *pb, BerElement *ctrlber, const char *derefdn,
- slapi_pblock_destroy(derefpb);
- slapi_ch_free((void **)&retattrs); /* retattrs does not own the strings */
-
-- return needcontrol;
- }
-
- static int
-@@ -718,7 +715,6 @@ deref_pre_entry(Slapi_PBlock *pb)
- LDAPControl *ctrl = NULL;
- const LDAPControl **searchctrls = NULL;
- LDAPControl **newsearchctrls = NULL;
-- int needcontrol = 0;
-
- if (!speclist) {
- return 0; /* nothing to do */
-@@ -762,25 +758,23 @@ deref_pre_entry(Slapi_PBlock *pb)
- for (; results && sv; idx = slapi_valueset_next_value(results, idx, &sv)) {
- const char *derefdn = slapi_value_get_string(sv);
-
-- needcontrol += deref_do_deref_attr(pb, ctrlber, derefdn, spec->derefattr, (const char **)spec->attrs);
-+ deref_do_deref_attr(pb, ctrlber, derefdn, spec->derefattr, (const char **)spec->attrs);
- }
- deref_values_free(&results, &actual_type_name, buffer_flags);
- }
-
- ber_printf(ctrlber, "}"); /* end control val */
-
-- if (needcontrol) {
-- slapi_build_control(LDAP_CONTROL_X_DEREF, ctrlber, 0, &ctrl);
-- /* get the list of controls */
-- slapi_pblock_get(pb, SLAPI_SEARCH_CTRLS, &searchctrls);
-- /* dup them */
-- slapi_add_controls(&newsearchctrls, (LDAPControl **)searchctrls, 1);
-- /* add our control */
-- slapi_add_control_ext(&newsearchctrls, ctrl, 0);
-- ctrl = NULL; /* newsearchctrls owns it now */
-- /* set the controls in the pblock */
-- slapi_pblock_set(pb, SLAPI_SEARCH_CTRLS, newsearchctrls);
-- }
-+ slapi_build_control(LDAP_CONTROL_X_DEREF, ctrlber, 0, &ctrl);
-+ /* get the list of controls */
-+ slapi_pblock_get(pb, SLAPI_SEARCH_CTRLS, &searchctrls);
-+ /* dup them */
-+ slapi_add_controls(&newsearchctrls, (LDAPControl **)searchctrls, 1);
-+ /* add our control */
-+ slapi_add_control_ext(&newsearchctrls, ctrl, 0);
-+ ctrl = NULL; /* newsearchctrls owns it now */
-+ /* set the controls in the pblock */
-+ slapi_pblock_set(pb, SLAPI_SEARCH_CTRLS, newsearchctrls);
- ber_free(ctrlber, 1);
-
- return 0;
---
-1.9.3
-
diff --git a/SOURCES/0004-Ticket-47838-harden-the-list-of-ciphers-available-by.patch b/SOURCES/0004-Ticket-47838-harden-the-list-of-ciphers-available-by.patch
deleted file mode 100644
index b9cea64..0000000
--- a/SOURCES/0004-Ticket-47838-harden-the-list-of-ciphers-available-by.patch
+++ /dev/null
@@ -1,468 +0,0 @@
-From 2c550346512bc3dec27c9329f4902663759e4b65 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 11 Sep 2014 11:46:51 -0700
-Subject: [PATCH 4/7] Ticket #47838 - harden the list of ciphers available by
- default
-
-Description:
-1. Introducing a new attribute allowWeakCipher in "cn=encryption,cn=config".
- allowWeakCipher: [on | off]
- on -- allows weak ciphers.
- Default setting for user specified ciphers.
- off -- rejects weak ciphers.
- Default setting for +all and default.
-
-2. allowWeakCipher is applied only to the user specified cipher suites
- such as "nsSSL3Ciphers: +rsa_rc4_128_md5".
- If allowWeakCipher is enabled and the user specified cipher is weak,
- SSL alert is logged in the error log:
- SSL alert: Cipher rsa_rc4_128_md5 is weak. It is enabled since
- allowWeakCipher is "on" (default setting for the backward compatibility).
- We strongly recommend to set it to "off". Please replace the value of
- allowWeakCipher with "off" in the encryption config entry cn=encryption,
- cn=config and restart the server.
-
-3. If specified cipher suite is not supported, ignore the cipher suite
- and continue setting ciphers.
-
-https://fedorahosted.org/389/ticket/47838
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 5f3c87e1380e56d76d4a4bef3af07633a8589891)
-(cherry picked from commit 58cb12a7b8cf938c5a4b920c4a1ad1da02fecdb8)
----
- ldap/schema/01core389.ldif | 3 +-
- ldap/servers/slapd/ssl.c | 262 +++++++++++++++++++++++++++------------------
- 2 files changed, 162 insertions(+), 103 deletions(-)
-
-diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
-index 1b8a70b..c7aec70 100644
---- a/ldap/schema/01core389.ldif
-+++ b/ldap/schema/01core389.ldif
-@@ -128,6 +128,7 @@ attributeTypes: ( nsSSL3SessionTimeout-oid NAME 'nsSSL3SessionTimeout' DESC 'Net
- attributeTypes: ( nsSSL2Ciphers-oid NAME 'nsSSL2Ciphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )
- attributeTypes: ( nsSSL3Ciphers-oid NAME 'nsSSL3Ciphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )
- attributeTypes: ( nsSSLSupportedCiphers-oid NAME 'nsSSLSupportedCiphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )
-+attributeTypes: ( allowWeakCipher-oid NAME 'allowWeakCipher' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )
- attributeTypes: ( nsSSLToken-oid NAME 'nsSSLToken' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )
- attributeTypes: ( nsSSLPersonalitySSL-oid NAME 'nsSSLPersonalitySSL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )
- attributeTypes: ( nsSSLActivation-oid NAME 'nsSSLActivation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )
-@@ -316,7 +317,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC
- objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' )
--objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers) X-ORIGIN 'Netscape' )
-+objectClasses: ( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers $ allowWeakCipher) X-ORIGIN 'Netscape' )
- objectClasses: ( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsSSLToken $ nsSSLPersonalityssl $ nsSSLActivation ) X-ORIGIN 'Netscape' )
- objectClasses: ( 2.16.840.1.113730.3.2.327 NAME 'rootDNPluginConfig' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( rootdn-open-time $ rootdn-close-time $ rootdn-days-allowed $ rootdn-allow-host $ rootdn-deny-host $ rootdn-allow-ip $ rootdn-deny-ip ) X-ORIGIN 'Netscape' )
- objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC 'Netscape defined objectclass' SUP top MAY ( cn $ schemaUpdateObjectclassAccept $ schemaUpdateObjectclassReject $ schemaUpdateAttributeAccept $ schemaUpdateAttributeReject) X-ORIGIN 'Netscape Directory Server' )
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index 1a21df0..03b5904 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -119,7 +119,21 @@ static char * configDN = "cn=encryption,cn=config";
- #define FILE_PATHSEP '/'
-
- /* ----------------------- Multiple cipher support ------------------------ */
--
-+/* cipher set flags */
-+#define CIPHER_SET_ALL 0x1
-+#define CIPHER_SET_NONE 0x0
-+#define CIPHER_SET_DEFAULT 0x2
-+#define CIPHER_SET_CORE (CIPHER_SET_ALL|CIPHER_SET_DEFAULT|CIPHER_SET_NONE)
-+#define CIPHER_SET_ALLOWWEAKCIPHER 0x10 /* can be or'ed with other CIPHER_SET flags */
-+
-+#define CIPHER_SET_ISDEFAULT(flag) \
-+ ((((flag)&CIPHER_SET_CORE) == CIPHER_SET_DEFAULT) ? PR_TRUE : PR_FALSE)
-+#define CIPHER_SET_ISALL(flag) \
-+ ((((flag)&CIPHER_SET_CORE) == CIPHER_SET_ALL) ? PR_TRUE : PR_FALSE)
-+#define CIPHER_SET_ALLOWSWEAKCIPHER(flag) \
-+ (((flag)&CIPHER_SET_ALLOWWEAKCIPHER) ? PR_TRUE : PR_FALSE)
-+#define CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flag) \
-+ ((flag)&~CIPHER_SET_ALLOWWEAKCIPHER)
-
- /* flags */
- #define CIPHER_IS_DEFAULT 0x1
-@@ -158,7 +172,7 @@ static lookup_cipher _lookup_cipher[] = {
- {"tls_rsa_3des_sha", "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
- {"rsa_fips_3des_sha", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
- {"fips_3des_sha", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
-- {"rsa_des_sha", "TLS_RSA_WITH_DES_CBC_SHA"},
-+ {"rsa_des_sha", "SSL_RSA_WITH_DES_CBC_SHA"},
- {"rsa_fips_des_sha", "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
- {"fips_des_sha", "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, /* ditto */
- {"rsa_rc4_40_md5", "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
-@@ -339,21 +353,20 @@ _conf_init_ciphers()
- return;
- }
-
--#define CIPHER_SET_ALL 1
--#define CIPHER_SET_NONE 0
--#define CIPHER_SET_DEFAULT 2
- /*
-- * flag: 1 -- enable all
-- * 0 -- disable all
-- * 2 -- set default ciphers
-+ * flag: CIPHER_SET_ALL -- enable all
-+ * CIPHER_SET_NONE -- disable all
-+ * CIPHER_SET_DEFAULT -- set default ciphers
-+ * CIPHER_SET_ALLOW_WEAKCIPHER -- allow weak ciphers (can be or'ed with the ather CIPHER_SET flags)
- */
- static void
- _conf_setallciphers(int flag, char ***suplist, char ***unsuplist)
- {
- int x;
- SECStatus rc;
-- PRBool setdefault = (flag == CIPHER_SET_DEFAULT) ? PR_TRUE : PR_FALSE;
-- PRBool enabled = (flag == CIPHER_SET_ALL) ? PR_TRUE : PR_FALSE;
-+ PRBool setdefault = CIPHER_SET_ISDEFAULT(flag);
-+ PRBool enabled = CIPHER_SET_ISALL(flag);
-+ PRBool allowweakcipher = CIPHER_SET_ALLOWSWEAKCIPHER(flag);
- PRBool setme = PR_FALSE;
- const PRUint16 *implementedCiphers = SSL_GetImplementedCiphers();
-
-@@ -361,8 +374,9 @@ _conf_setallciphers(int flag, char ***suplist, char ***unsuplist)
-
- for (x = 0; implementedCiphers && (x < SSL_NumImplementedCiphers); x++) {
- if (_conf_ciphers[x].flags & CIPHER_IS_DEFAULT) {
-+ /* certainly, not the first time. */
- setme = PR_TRUE;
-- } else {
-+ } else if (setdefault) {
- /*
- * SSL_CipherPrefGetDefault
- * If the application has not previously set the default preference,
-@@ -375,15 +389,16 @@ _conf_setallciphers(int flag, char ***suplist, char ***unsuplist)
- _conf_ciphers[x].name);
- continue;
- }
-- if (_conf_ciphers[x].flags & CIPHER_IS_WEAK) {
-+ if (!allowweakcipher && (_conf_ciphers[x].flags & CIPHER_IS_WEAK)) {
- setme = PR_FALSE;
- }
- _conf_ciphers[x].flags |= setme?CIPHER_IS_DEFAULT:0;
-- }
-- if (setdefault) {
-- /* Use the NSS default settings */
- } else if (enabled && !(_conf_ciphers[x].flags & CIPHER_MUST_BE_DISABLED)) {
-- setme = PR_TRUE;
-+ if (!allowweakcipher && (_conf_ciphers[x].flags & CIPHER_IS_WEAK)) {
-+ setme = PR_FALSE;
-+ } else {
-+ setme = PR_TRUE;
-+ }
- } else {
- setme = PR_FALSE;
- }
-@@ -433,7 +448,7 @@ _conf_dumpciphers()
- }
-
- char *
--_conf_setciphers(char *ciphers)
-+_conf_setciphers(char *ciphers, int flags)
- {
- char *t, err[MAGNUS_ERROR_LEN];
- int x, i, active;
-@@ -445,7 +460,7 @@ _conf_setciphers(char *ciphers)
- /* #47838: harden the list of ciphers available by default */
- /* Default is to activate all of them ==> none of them*/
- if (!ciphers || (ciphers[0] == '\0') || !PL_strcasecmp(ciphers, "default")) {
-- _conf_setallciphers(CIPHER_SET_DEFAULT, NULL, NULL);
-+ _conf_setallciphers((CIPHER_SET_DEFAULT|CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flags)), NULL, NULL);
- slapd_SSL_warn("Security Initialization: Enabling default cipher set.");
- _conf_dumpciphers();
- return NULL;
-@@ -458,11 +473,11 @@ _conf_setciphers(char *ciphers)
- * set of ciphers in the table. Right now there is no support for this
- * from the console
- */
-- _conf_setallciphers(CIPHER_SET_ALL, &suplist, NULL);
-+ _conf_setallciphers(CIPHER_SET_ALL|CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flags), &suplist, NULL);
- } else {
- /* If "+all" is not in nsSSL3Ciphers value, disable all first,
- * then enable specified ciphers. */
-- _conf_setallciphers(0 /* disabled */, NULL, NULL);
-+ _conf_setallciphers(CIPHER_SET_NONE /* disabled */, NULL, NULL);
- }
-
- t = ciphers;
-@@ -482,12 +497,28 @@ _conf_setciphers(char *ciphers)
- if( (t = strchr(ciphers, ',')) )
- *t++ = '\0';
-
-- if(strcasecmp(ciphers, "all")) { /* if not all */
-+ if (strcasecmp(ciphers, "all")) { /* if not all */
- PRBool enabled = active ? PR_TRUE : PR_FALSE;
- lookup = 1;
-- for(x = 0; _conf_ciphers[x].name; x++) {
-- if(!PL_strcasecmp(ciphers, _conf_ciphers[x].name)) {
-+ for (x = 0; _conf_ciphers[x].name; x++) {
-+ if (!PL_strcasecmp(ciphers, _conf_ciphers[x].name)) {
-+ if (_conf_ciphers[x].flags & CIPHER_IS_WEAK) {
-+ if (CIPHER_SET_ALLOWSWEAKCIPHER(flags)) {
-+ slapd_SSL_warn("Cipher %s is weak. It is enabled since allowWeakCipher is \"on\" "
-+ "(default setting for the backward compatibility). "
-+ "We strongly recommend to set it to \"off\". "
-+ "Please replace the value of allowWeakCipher with \"off\" in "
-+ "the encryption config entry cn=encryption,cn=config and "
-+ "restart the server.", ciphers);
-+ } else {
-+ /* if the cipher is weak and we don't allow weak cipher,
-+ disable it. */
-+ enabled = PR_FALSE;
-+ }
-+ }
- if (enabled) {
-+ /* if the cipher is not weak or we allow weak cipher,
-+ check fips. */
- enabled = cipher_check_fips(x, NULL, &unsuplist);
- }
- SSL_CipherPrefSetDefault(_conf_ciphers[x].num, enabled);
-@@ -499,14 +530,33 @@ _conf_setciphers(char *ciphers)
- for (i = 0; _lookup_cipher[i].alias; i++) {
- if (!PL_strcasecmp(ciphers, _lookup_cipher[i].alias)) {
- if (!_lookup_cipher[i].name[0]) {
-- slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d",
-- ciphers, NSS_VMAJOR, NSS_VMINOR);
-- break;
-+ slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d. Ignoring %s",
-+ ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers);
-+ continue;
- }
- for (x = 0; _conf_ciphers[x].name; x++) {
- if (!PL_strcasecmp(_lookup_cipher[i].name, _conf_ciphers[x].name)) {
- if (enabled) {
-- enabled = cipher_check_fips(x, NULL, &unsuplist);
-+ if (_conf_ciphers[x].flags & CIPHER_IS_WEAK) {
-+ if (CIPHER_SET_ALLOWSWEAKCIPHER(flags)) {
-+ slapd_SSL_warn("Cipher %s is weak. "
-+ "It is enabled since allowWeakCipher is \"on\" "
-+ "(default setting for the backward compatibility). "
-+ "We strongly recommend to set it to \"off\". "
-+ "Please replace the value of allowWeakCipher with \"off\" in "
-+ "the encryption config entry cn=encryption,cn=config and "
-+ "restart the server.", ciphers);
-+ } else {
-+ /* if the cipher is weak and we don't allow weak cipher,
-+ disable it. */
-+ enabled = PR_FALSE;
-+ }
-+ }
-+ if (enabled) {
-+ /* if the cipher is not weak or we allow weak cipher,
-+ check fips. */
-+ enabled = cipher_check_fips(x, NULL, &unsuplist);
-+ }
- }
- SSL_CipherPrefSetDefault(_conf_ciphers[x].num, enabled);
- break;
-@@ -1008,6 +1058,7 @@ slapd_ssl_init()
- int rv = 0;
- PK11SlotInfo *slot;
- Slapi_Entry *entry = NULL;
-+ int allowweakcipher = CIPHER_SET_ALLOWWEAKCIPHER;
-
- /* Get general information */
-
-@@ -1017,21 +1068,21 @@ slapd_ssl_init()
- ciphers = slapi_entry_attr_get_charptr( entry, "nsssl3ciphers" );
-
- /* We are currently using the value of sslSessionTimeout
-- for ssl3SessionTimeout, see SSL_ConfigServerSessionIDCache() */
-+ for ssl3SessionTimeout, see SSL_ConfigServerSessionIDCache() */
- /* Note from Tom Weinstein on the meaning of the timeout:
-
- Timeouts are in seconds. '0' means use the default, which is
-- 24hrs for SSL3 and 100 seconds for SSL2.
-+ 24hrs for SSL3 and 100 seconds for SSL2.
- */
-
- if(!val) {
- errorCode = PR_GetError();
- slapd_SSL_warn("Security Initialization: Failed to retrieve SSL "
- "configuration information ("
-- SLAPI_COMPONENT_NAME_NSPR " error %d - %s): "
-- "nssslSessionTimeout: %s ",
-- errorCode, slapd_pr_strerror(errorCode),
-- (val ? "found" : "not found"));
-+ SLAPI_COMPONENT_NAME_NSPR " error %d - %s): "
-+ "nssslSessionTimeout: %s ",
-+ errorCode, slapd_pr_strerror(errorCode),
-+ (val ? "found" : "not found"));
- slapi_ch_free((void **) &val);
- slapi_ch_free((void **) &ciphers);
- freeConfigEntry( &entry );
-@@ -1042,79 +1093,86 @@ slapd_ssl_init()
- slapi_ch_free((void **) &val);
-
- if (svrcore_setup()) {
-- freeConfigEntry( &entry );
-- return -1;
-+ freeConfigEntry( &entry );
-+ return -1;
- }
-
-- if((family_list = getChildren(configDN))) {
-- char **family;
-- char *token;
-- char *activation;
-+ val = slapi_entry_attr_get_charptr(entry, "allowWeakCipher");
-+ if (val && (!PL_strcasecmp(val, "off") || !PL_strcasecmp(val, "false") ||
-+ !PL_strcmp(val, "0") || !PL_strcasecmp(val, "no"))) {
-+ allowweakcipher = 0;
-+ }
-+ slapi_ch_free((void **) &val);
-+
-+ if ((family_list = getChildren(configDN))) {
-+ char **family;
-+ char *token;
-+ char *activation;
-
-- for (family = family_list; *family; family++) {
-+ for (family = family_list; *family; family++) {
-
-- token = NULL;
-- activation = NULL;
-+ token = NULL;
-+ activation = NULL;
-
-- freeConfigEntry( &entry );
-+ freeConfigEntry( &entry );
-
-- getConfigEntry( *family, &entry );
-- if ( entry == NULL ) {
-- continue;
-- }
-+ getConfigEntry( *family, &entry );
-+ if ( entry == NULL ) {
-+ continue;
-+ }
-
-- activation = slapi_entry_attr_get_charptr( entry, "nssslactivation" );
-- if((!activation) || (!PL_strcasecmp(activation, "off"))) {
-- /* this family was turned off, goto next */
-- slapi_ch_free((void **) &activation);
-- continue;
-- }
-+ activation = slapi_entry_attr_get_charptr( entry, "nssslactivation" );
-+ if((!activation) || (!PL_strcasecmp(activation, "off"))) {
-+ /* this family was turned off, goto next */
-+ slapi_ch_free((void **) &activation);
-+ continue;
-+ }
-
-- slapi_ch_free((void **) &activation);
--
-- token = slapi_entry_attr_get_charptr( entry, "nsssltoken" );
-- if( token ) {
-- if( !PL_strcasecmp(token, "internal") ||
-- !PL_strcasecmp(token, "internal (software)"))
-- slot = slapd_pk11_getInternalKeySlot();
-- else
-- slot = slapd_pk11_findSlotByName(token);
-- } else {
-- errorCode = PR_GetError();
-- slapd_SSL_warn("Security Initialization: Unable to get token ("
-- SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-- errorCode, slapd_pr_strerror(errorCode));
-- freeChildren(family_list);
-- freeConfigEntry( &entry );
-- return -1;
-- }
-+ slapi_ch_free((void **) &activation);
-
-- slapi_ch_free((void **) &token);
-+ token = slapi_entry_attr_get_charptr( entry, "nsssltoken" );
-+ if ( token ) {
-+ if (!PL_strcasecmp(token, "internal") ||
-+ !PL_strcasecmp(token, "internal (software)")) {
-+ slot = slapd_pk11_getInternalKeySlot();
-+ } else {
-+ slot = slapd_pk11_findSlotByName(token);
-+ }
-+ } else {
-+ errorCode = PR_GetError();
-+ slapd_SSL_warn("Security Initialization: Unable to get token ("
-+ SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-+ errorCode, slapd_pr_strerror(errorCode));
-+ freeChildren(family_list);
-+ freeConfigEntry( &entry );
-+ return -1;
-+ }
-
-- if (!slot) {
-- errorCode = PR_GetError();
-- slapd_SSL_warn("Security Initialization: Unable to find slot ("
-- SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-- errorCode, slapd_pr_strerror(errorCode));
-- freeChildren(family_list);
-- freeConfigEntry( &entry );
-- return -1;
-- }
-- /* authenticate */
-- if(slapd_pk11_authenticate(slot, PR_TRUE, NULL) != SECSuccess)
-- {
-- errorCode = PR_GetError();
-- slapd_SSL_warn("Security Initialization: Unable to authenticate ("
-- SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-- errorCode, slapd_pr_strerror(errorCode));
-- freeChildren(family_list);
-- freeConfigEntry( &entry );
-- return -1;
-- }
-- }
-- freeChildren( family_list );
-+ slapi_ch_free((void **) &token);
-+
-+ if (!slot) {
-+ errorCode = PR_GetError();
-+ slapd_SSL_warn("Security Initialization: Unable to find slot ("
-+ SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-+ errorCode, slapd_pr_strerror(errorCode));
-+ freeChildren(family_list);
-+ freeConfigEntry( &entry );
-+ return -1;
-+ }
-+ /* authenticate */
-+ if (slapd_pk11_authenticate(slot, PR_TRUE, NULL) != SECSuccess) {
-+ errorCode = PR_GetError();
-+ slapd_SSL_warn("Security Initialization: Unable to authenticate ("
-+ SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-+ errorCode, slapd_pr_strerror(errorCode));
-+ freeChildren(family_list);
-+ freeConfigEntry( &entry );
-+ return -1;
-+ }
-+ }
-+ freeChildren( family_list );
-+ freeConfigEntry( &entry );
- }
-- freeConfigEntry( &entry );
-
- /* ugaston- Cipher preferences must be set before any sslSocket is created
- * for such sockets to take preferences into account.
-@@ -1126,13 +1184,13 @@ slapd_ssl_init()
- PL_strncpyz(cipher_string, ciphers, sizeof(cipher_string));
- slapi_ch_free((void **) &ciphers);
-
-- if( NULL != (val = _conf_setciphers(cipher_string)) ) {
-- errorCode = PR_GetError();
-- slapd_SSL_warn("Security Initialization: Failed to set SSL cipher "
-- "preference information: %s (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-- val, errorCode, slapd_pr_strerror(errorCode));
-- rv = 3;
-- slapi_ch_free((void **) &val);
-+ if ( NULL != (val = _conf_setciphers(cipher_string, allowweakcipher)) ) {
-+ errorCode = PR_GetError();
-+ slapd_SSL_warn("Security Initialization: Failed to set SSL cipher "
-+ "preference information: %s (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-+ val, errorCode, slapd_pr_strerror(errorCode));
-+ rv = 3;
-+ slapi_ch_free((void **) &val);
- }
-
- freeConfigEntry( &entry );
---
-1.9.3
-
diff --git a/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
new file mode 100644
index 0000000..e3e8236
--- /dev/null
+++ b/SOURCES/0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
@@ -0,0 +1,17261 @@
+From b9de59847038d4baecacfb911c21798f78e3c52a Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 1 Jul 2015 18:23:22 -0700
+Subject: [PATCH 4/7] Ticket #48212 - CI test: added test cases for ticket
+ 48212
+
+Description: Dynamic nsMatchingRule changes had no effect on the attrinfo
+ thus following reindexing, as well.
+
+https://fedorahosted.org/389/ticket/48212
+(cherry picked from commit a533145d1dc3c11bb0aa7745f656049b287e501e)
+(cherry picked from commit 0e079ab39f7ee3d5fe77b505fb40c647d149f1b0)
+---
+ dirsrvtests/data/ticket48212/example1k_posix.ldif | 17017 ++++++++++++++++++++
+ dirsrvtests/tickets/ticket48212_test.py | 210 +
+ 2 files changed, 17227 insertions(+)
+ create mode 100644 dirsrvtests/data/ticket48212/example1k_posix.ldif
+ create mode 100644 dirsrvtests/tickets/ticket48212_test.py
+
+diff --git a/dirsrvtests/data/ticket48212/example1k_posix.ldif b/dirsrvtests/data/ticket48212/example1k_posix.ldif
+new file mode 100644
+index 0000000..50000f2
+--- /dev/null
++++ b/dirsrvtests/data/ticket48212/example1k_posix.ldif
+@@ -0,0 +1,17017 @@
++dn: dc=example,dc=com
++objectClass: top
++objectClass: domain
++dc: example
++aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "acl1"; allow(write) userdn = "ldap:///self";)
++aci: (target=ldap:///dc=example,dc=com)(targetattr=*)(version 3.0; acl "acl2"; allow(read, search, compare) userdn = "ldap:///anyone";)
++
++dn: ou=People,dc=example,dc=com
++objectClass: top
++objectClass: organizationalunit
++ou: People
++
++dn: ou=Groups,dc=example,dc=com
++objectClass: top
++objectClass: organizationalunit
++ou: Groups
++
++dn: cn=user0,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user0
++sn: user0
++uid: uid0
++givenname: givenname0
++description: description0
++userPassword: password0
++mail: uid0
++uidnumber: 0
++gidnumber: 0
++homeDirectory: /home/uid0
++
++dn: cn=user1,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user1
++sn: user1
++uid: uid1
++givenname: givenname1
++description: description1
++userPassword: password1
++mail: uid1
++uidnumber: 1
++gidnumber: 1
++homeDirectory: /home/uid1
++
++dn: cn=user2,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user2
++sn: user2
++uid: uid2
++givenname: givenname2
++description: description2
++userPassword: password2
++mail: uid2
++uidnumber: 2
++gidnumber: 2
++homeDirectory: /home/uid2
++
++dn: cn=user3,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user3
++sn: user3
++uid: uid3
++givenname: givenname3
++description: description3
++userPassword: password3
++mail: uid3
++uidnumber: 3
++gidnumber: 3
++homeDirectory: /home/uid3
++
++dn: cn=user4,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user4
++sn: user4
++uid: uid4
++givenname: givenname4
++description: description4
++userPassword: password4
++mail: uid4
++uidnumber: 4
++gidnumber: 4
++homeDirectory: /home/uid4
++
++dn: cn=user5,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user5
++sn: user5
++uid: uid5
++givenname: givenname5
++description: description5
++userPassword: password5
++mail: uid5
++uidnumber: 5
++gidnumber: 5
++homeDirectory: /home/uid5
++
++dn: cn=user6,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user6
++sn: user6
++uid: uid6
++givenname: givenname6
++description: description6
++userPassword: password6
++mail: uid6
++uidnumber: 6
++gidnumber: 6
++homeDirectory: /home/uid6
++
++dn: cn=user7,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user7
++sn: user7
++uid: uid7
++givenname: givenname7
++description: description7
++userPassword: password7
++mail: uid7
++uidnumber: 7
++gidnumber: 7
++homeDirectory: /home/uid7
++
++dn: cn=user8,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user8
++sn: user8
++uid: uid8
++givenname: givenname8
++description: description8
++userPassword: password8
++mail: uid8
++uidnumber: 8
++gidnumber: 8
++homeDirectory: /home/uid8
++
++dn: cn=user9,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user9
++sn: user9
++uid: uid9
++givenname: givenname9
++description: description9
++userPassword: password9
++mail: uid9
++uidnumber: 9
++gidnumber: 9
++homeDirectory: /home/uid9
++
++dn: cn=user10,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user10
++sn: user10
++uid: uid10
++givenname: givenname10
++description: description10
++userPassword: password10
++mail: uid10
++uidnumber: 10
++gidnumber: 10
++homeDirectory: /home/uid10
++
++dn: cn=user11,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user11
++sn: user11
++uid: uid11
++givenname: givenname11
++description: description11
++userPassword: password11
++mail: uid11
++uidnumber: 11
++gidnumber: 11
++homeDirectory: /home/uid11
++
++dn: cn=user12,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user12
++sn: user12
++uid: uid12
++givenname: givenname12
++description: description12
++userPassword: password12
++mail: uid12
++uidnumber: 12
++gidnumber: 12
++homeDirectory: /home/uid12
++
++dn: cn=user13,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user13
++sn: user13
++uid: uid13
++givenname: givenname13
++description: description13
++userPassword: password13
++mail: uid13
++uidnumber: 13
++gidnumber: 13
++homeDirectory: /home/uid13
++
++dn: cn=user14,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user14
++sn: user14
++uid: uid14
++givenname: givenname14
++description: description14
++userPassword: password14
++mail: uid14
++uidnumber: 14
++gidnumber: 14
++homeDirectory: /home/uid14
++
++dn: cn=user15,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user15
++sn: user15
++uid: uid15
++givenname: givenname15
++description: description15
++userPassword: password15
++mail: uid15
++uidnumber: 15
++gidnumber: 15
++homeDirectory: /home/uid15
++
++dn: cn=user16,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user16
++sn: user16
++uid: uid16
++givenname: givenname16
++description: description16
++userPassword: password16
++mail: uid16
++uidnumber: 16
++gidnumber: 16
++homeDirectory: /home/uid16
++
++dn: cn=user17,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user17
++sn: user17
++uid: uid17
++givenname: givenname17
++description: description17
++userPassword: password17
++mail: uid17
++uidnumber: 17
++gidnumber: 17
++homeDirectory: /home/uid17
++
++dn: cn=user18,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user18
++sn: user18
++uid: uid18
++givenname: givenname18
++description: description18
++userPassword: password18
++mail: uid18
++uidnumber: 18
++gidnumber: 18
++homeDirectory: /home/uid18
++
++dn: cn=user19,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user19
++sn: user19
++uid: uid19
++givenname: givenname19
++description: description19
++userPassword: password19
++mail: uid19
++uidnumber: 19
++gidnumber: 19
++homeDirectory: /home/uid19
++
++dn: cn=user20,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user20
++sn: user20
++uid: uid20
++givenname: givenname20
++description: description20
++userPassword: password20
++mail: uid20
++uidnumber: 20
++gidnumber: 20
++homeDirectory: /home/uid20
++
++dn: cn=user21,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user21
++sn: user21
++uid: uid21
++givenname: givenname21
++description: description21
++userPassword: password21
++mail: uid21
++uidnumber: 21
++gidnumber: 21
++homeDirectory: /home/uid21
++
++dn: cn=user22,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user22
++sn: user22
++uid: uid22
++givenname: givenname22
++description: description22
++userPassword: password22
++mail: uid22
++uidnumber: 22
++gidnumber: 22
++homeDirectory: /home/uid22
++
++dn: cn=user23,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user23
++sn: user23
++uid: uid23
++givenname: givenname23
++description: description23
++userPassword: password23
++mail: uid23
++uidnumber: 23
++gidnumber: 23
++homeDirectory: /home/uid23
++
++dn: cn=user24,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user24
++sn: user24
++uid: uid24
++givenname: givenname24
++description: description24
++userPassword: password24
++mail: uid24
++uidnumber: 24
++gidnumber: 24
++homeDirectory: /home/uid24
++
++dn: cn=user25,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user25
++sn: user25
++uid: uid25
++givenname: givenname25
++description: description25
++userPassword: password25
++mail: uid25
++uidnumber: 25
++gidnumber: 25
++homeDirectory: /home/uid25
++
++dn: cn=user26,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user26
++sn: user26
++uid: uid26
++givenname: givenname26
++description: description26
++userPassword: password26
++mail: uid26
++uidnumber: 26
++gidnumber: 26
++homeDirectory: /home/uid26
++
++dn: cn=user27,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user27
++sn: user27
++uid: uid27
++givenname: givenname27
++description: description27
++userPassword: password27
++mail: uid27
++uidnumber: 27
++gidnumber: 27
++homeDirectory: /home/uid27
++
++dn: cn=user28,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user28
++sn: user28
++uid: uid28
++givenname: givenname28
++description: description28
++userPassword: password28
++mail: uid28
++uidnumber: 28
++gidnumber: 28
++homeDirectory: /home/uid28
++
++dn: cn=user29,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user29
++sn: user29
++uid: uid29
++givenname: givenname29
++description: description29
++userPassword: password29
++mail: uid29
++uidnumber: 29
++gidnumber: 29
++homeDirectory: /home/uid29
++
++dn: cn=user30,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user30
++sn: user30
++uid: uid30
++givenname: givenname30
++description: description30
++userPassword: password30
++mail: uid30
++uidnumber: 30
++gidnumber: 30
++homeDirectory: /home/uid30
++
++dn: cn=user31,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user31
++sn: user31
++uid: uid31
++givenname: givenname31
++description: description31
++userPassword: password31
++mail: uid31
++uidnumber: 31
++gidnumber: 31
++homeDirectory: /home/uid31
++
++dn: cn=user32,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user32
++sn: user32
++uid: uid32
++givenname: givenname32
++description: description32
++userPassword: password32
++mail: uid32
++uidnumber: 32
++gidnumber: 32
++homeDirectory: /home/uid32
++
++dn: cn=user33,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user33
++sn: user33
++uid: uid33
++givenname: givenname33
++description: description33
++userPassword: password33
++mail: uid33
++uidnumber: 33
++gidnumber: 33
++homeDirectory: /home/uid33
++
++dn: cn=user34,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user34
++sn: user34
++uid: uid34
++givenname: givenname34
++description: description34
++userPassword: password34
++mail: uid34
++uidnumber: 34
++gidnumber: 34
++homeDirectory: /home/uid34
++
++dn: cn=user35,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user35
++sn: user35
++uid: uid35
++givenname: givenname35
++description: description35
++userPassword: password35
++mail: uid35
++uidnumber: 35
++gidnumber: 35
++homeDirectory: /home/uid35
++
++dn: cn=user36,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user36
++sn: user36
++uid: uid36
++givenname: givenname36
++description: description36
++userPassword: password36
++mail: uid36
++uidnumber: 36
++gidnumber: 36
++homeDirectory: /home/uid36
++
++dn: cn=user37,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user37
++sn: user37
++uid: uid37
++givenname: givenname37
++description: description37
++userPassword: password37
++mail: uid37
++uidnumber: 37
++gidnumber: 37
++homeDirectory: /home/uid37
++
++dn: cn=user38,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user38
++sn: user38
++uid: uid38
++givenname: givenname38
++description: description38
++userPassword: password38
++mail: uid38
++uidnumber: 38
++gidnumber: 38
++homeDirectory: /home/uid38
++
++dn: cn=user39,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user39
++sn: user39
++uid: uid39
++givenname: givenname39
++description: description39
++userPassword: password39
++mail: uid39
++uidnumber: 39
++gidnumber: 39
++homeDirectory: /home/uid39
++
++dn: cn=user40,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user40
++sn: user40
++uid: uid40
++givenname: givenname40
++description: description40
++userPassword: password40
++mail: uid40
++uidnumber: 40
++gidnumber: 40
++homeDirectory: /home/uid40
++
++dn: cn=user41,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user41
++sn: user41
++uid: uid41
++givenname: givenname41
++description: description41
++userPassword: password41
++mail: uid41
++uidnumber: 41
++gidnumber: 41
++homeDirectory: /home/uid41
++
++dn: cn=user42,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user42
++sn: user42
++uid: uid42
++givenname: givenname42
++description: description42
++userPassword: password42
++mail: uid42
++uidnumber: 42
++gidnumber: 42
++homeDirectory: /home/uid42
++
++dn: cn=user43,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user43
++sn: user43
++uid: uid43
++givenname: givenname43
++description: description43
++userPassword: password43
++mail: uid43
++uidnumber: 43
++gidnumber: 43
++homeDirectory: /home/uid43
++
++dn: cn=user44,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user44
++sn: user44
++uid: uid44
++givenname: givenname44
++description: description44
++userPassword: password44
++mail: uid44
++uidnumber: 44
++gidnumber: 44
++homeDirectory: /home/uid44
++
++dn: cn=user45,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user45
++sn: user45
++uid: uid45
++givenname: givenname45
++description: description45
++userPassword: password45
++mail: uid45
++uidnumber: 45
++gidnumber: 45
++homeDirectory: /home/uid45
++
++dn: cn=user46,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user46
++sn: user46
++uid: uid46
++givenname: givenname46
++description: description46
++userPassword: password46
++mail: uid46
++uidnumber: 46
++gidnumber: 46
++homeDirectory: /home/uid46
++
++dn: cn=user47,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user47
++sn: user47
++uid: uid47
++givenname: givenname47
++description: description47
++userPassword: password47
++mail: uid47
++uidnumber: 47
++gidnumber: 47
++homeDirectory: /home/uid47
++
++dn: cn=user48,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user48
++sn: user48
++uid: uid48
++givenname: givenname48
++description: description48
++userPassword: password48
++mail: uid48
++uidnumber: 48
++gidnumber: 48
++homeDirectory: /home/uid48
++
++dn: cn=user49,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user49
++sn: user49
++uid: uid49
++givenname: givenname49
++description: description49
++userPassword: password49
++mail: uid49
++uidnumber: 49
++gidnumber: 49
++homeDirectory: /home/uid49
++
++dn: cn=user50,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user50
++sn: user50
++uid: uid50
++givenname: givenname50
++description: description50
++userPassword: password50
++mail: uid50
++uidnumber: 50
++gidnumber: 50
++homeDirectory: /home/uid50
++
++dn: cn=user51,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user51
++sn: user51
++uid: uid51
++givenname: givenname51
++description: description51
++userPassword: password51
++mail: uid51
++uidnumber: 51
++gidnumber: 51
++homeDirectory: /home/uid51
++
++dn: cn=user52,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user52
++sn: user52
++uid: uid52
++givenname: givenname52
++description: description52
++userPassword: password52
++mail: uid52
++uidnumber: 52
++gidnumber: 52
++homeDirectory: /home/uid52
++
++dn: cn=user53,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user53
++sn: user53
++uid: uid53
++givenname: givenname53
++description: description53
++userPassword: password53
++mail: uid53
++uidnumber: 53
++gidnumber: 53
++homeDirectory: /home/uid53
++
++dn: cn=user54,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user54
++sn: user54
++uid: uid54
++givenname: givenname54
++description: description54
++userPassword: password54
++mail: uid54
++uidnumber: 54
++gidnumber: 54
++homeDirectory: /home/uid54
++
++dn: cn=user55,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user55
++sn: user55
++uid: uid55
++givenname: givenname55
++description: description55
++userPassword: password55
++mail: uid55
++uidnumber: 55
++gidnumber: 55
++homeDirectory: /home/uid55
++
++dn: cn=user56,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user56
++sn: user56
++uid: uid56
++givenname: givenname56
++description: description56
++userPassword: password56
++mail: uid56
++uidnumber: 56
++gidnumber: 56
++homeDirectory: /home/uid56
++
++dn: cn=user57,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user57
++sn: user57
++uid: uid57
++givenname: givenname57
++description: description57
++userPassword: password57
++mail: uid57
++uidnumber: 57
++gidnumber: 57
++homeDirectory: /home/uid57
++
++dn: cn=user58,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user58
++sn: user58
++uid: uid58
++givenname: givenname58
++description: description58
++userPassword: password58
++mail: uid58
++uidnumber: 58
++gidnumber: 58
++homeDirectory: /home/uid58
++
++dn: cn=user59,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user59
++sn: user59
++uid: uid59
++givenname: givenname59
++description: description59
++userPassword: password59
++mail: uid59
++uidnumber: 59
++gidnumber: 59
++homeDirectory: /home/uid59
++
++dn: cn=user60,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user60
++sn: user60
++uid: uid60
++givenname: givenname60
++description: description60
++userPassword: password60
++mail: uid60
++uidnumber: 60
++gidnumber: 60
++homeDirectory: /home/uid60
++
++dn: cn=user61,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user61
++sn: user61
++uid: uid61
++givenname: givenname61
++description: description61
++userPassword: password61
++mail: uid61
++uidnumber: 61
++gidnumber: 61
++homeDirectory: /home/uid61
++
++dn: cn=user62,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user62
++sn: user62
++uid: uid62
++givenname: givenname62
++description: description62
++userPassword: password62
++mail: uid62
++uidnumber: 62
++gidnumber: 62
++homeDirectory: /home/uid62
++
++dn: cn=user63,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user63
++sn: user63
++uid: uid63
++givenname: givenname63
++description: description63
++userPassword: password63
++mail: uid63
++uidnumber: 63
++gidnumber: 63
++homeDirectory: /home/uid63
++
++dn: cn=user64,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user64
++sn: user64
++uid: uid64
++givenname: givenname64
++description: description64
++userPassword: password64
++mail: uid64
++uidnumber: 64
++gidnumber: 64
++homeDirectory: /home/uid64
++
++dn: cn=user65,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user65
++sn: user65
++uid: uid65
++givenname: givenname65
++description: description65
++userPassword: password65
++mail: uid65
++uidnumber: 65
++gidnumber: 65
++homeDirectory: /home/uid65
++
++dn: cn=user66,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user66
++sn: user66
++uid: uid66
++givenname: givenname66
++description: description66
++userPassword: password66
++mail: uid66
++uidnumber: 66
++gidnumber: 66
++homeDirectory: /home/uid66
++
++dn: cn=user67,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user67
++sn: user67
++uid: uid67
++givenname: givenname67
++description: description67
++userPassword: password67
++mail: uid67
++uidnumber: 67
++gidnumber: 67
++homeDirectory: /home/uid67
++
++dn: cn=user68,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user68
++sn: user68
++uid: uid68
++givenname: givenname68
++description: description68
++userPassword: password68
++mail: uid68
++uidnumber: 68
++gidnumber: 68
++homeDirectory: /home/uid68
++
++dn: cn=user69,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user69
++sn: user69
++uid: uid69
++givenname: givenname69
++description: description69
++userPassword: password69
++mail: uid69
++uidnumber: 69
++gidnumber: 69
++homeDirectory: /home/uid69
++
++dn: cn=user70,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user70
++sn: user70
++uid: uid70
++givenname: givenname70
++description: description70
++userPassword: password70
++mail: uid70
++uidnumber: 70
++gidnumber: 70
++homeDirectory: /home/uid70
++
++dn: cn=user71,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user71
++sn: user71
++uid: uid71
++givenname: givenname71
++description: description71
++userPassword: password71
++mail: uid71
++uidnumber: 71
++gidnumber: 71
++homeDirectory: /home/uid71
++
++dn: cn=user72,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user72
++sn: user72
++uid: uid72
++givenname: givenname72
++description: description72
++userPassword: password72
++mail: uid72
++uidnumber: 72
++gidnumber: 72
++homeDirectory: /home/uid72
++
++dn: cn=user73,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user73
++sn: user73
++uid: uid73
++givenname: givenname73
++description: description73
++userPassword: password73
++mail: uid73
++uidnumber: 73
++gidnumber: 73
++homeDirectory: /home/uid73
++
++dn: cn=user74,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user74
++sn: user74
++uid: uid74
++givenname: givenname74
++description: description74
++userPassword: password74
++mail: uid74
++uidnumber: 74
++gidnumber: 74
++homeDirectory: /home/uid74
++
++dn: cn=user75,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user75
++sn: user75
++uid: uid75
++givenname: givenname75
++description: description75
++userPassword: password75
++mail: uid75
++uidnumber: 75
++gidnumber: 75
++homeDirectory: /home/uid75
++
++dn: cn=user76,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user76
++sn: user76
++uid: uid76
++givenname: givenname76
++description: description76
++userPassword: password76
++mail: uid76
++uidnumber: 76
++gidnumber: 76
++homeDirectory: /home/uid76
++
++dn: cn=user77,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user77
++sn: user77
++uid: uid77
++givenname: givenname77
++description: description77
++userPassword: password77
++mail: uid77
++uidnumber: 77
++gidnumber: 77
++homeDirectory: /home/uid77
++
++dn: cn=user78,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user78
++sn: user78
++uid: uid78
++givenname: givenname78
++description: description78
++userPassword: password78
++mail: uid78
++uidnumber: 78
++gidnumber: 78
++homeDirectory: /home/uid78
++
++dn: cn=user79,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user79
++sn: user79
++uid: uid79
++givenname: givenname79
++description: description79
++userPassword: password79
++mail: uid79
++uidnumber: 79
++gidnumber: 79
++homeDirectory: /home/uid79
++
++dn: cn=user80,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user80
++sn: user80
++uid: uid80
++givenname: givenname80
++description: description80
++userPassword: password80
++mail: uid80
++uidnumber: 80
++gidnumber: 80
++homeDirectory: /home/uid80
++
++dn: cn=user81,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user81
++sn: user81
++uid: uid81
++givenname: givenname81
++description: description81
++userPassword: password81
++mail: uid81
++uidnumber: 81
++gidnumber: 81
++homeDirectory: /home/uid81
++
++dn: cn=user82,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user82
++sn: user82
++uid: uid82
++givenname: givenname82
++description: description82
++userPassword: password82
++mail: uid82
++uidnumber: 82
++gidnumber: 82
++homeDirectory: /home/uid82
++
++dn: cn=user83,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user83
++sn: user83
++uid: uid83
++givenname: givenname83
++description: description83
++userPassword: password83
++mail: uid83
++uidnumber: 83
++gidnumber: 83
++homeDirectory: /home/uid83
++
++dn: cn=user84,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user84
++sn: user84
++uid: uid84
++givenname: givenname84
++description: description84
++userPassword: password84
++mail: uid84
++uidnumber: 84
++gidnumber: 84
++homeDirectory: /home/uid84
++
++dn: cn=user85,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user85
++sn: user85
++uid: uid85
++givenname: givenname85
++description: description85
++userPassword: password85
++mail: uid85
++uidnumber: 85
++gidnumber: 85
++homeDirectory: /home/uid85
++
++dn: cn=user86,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user86
++sn: user86
++uid: uid86
++givenname: givenname86
++description: description86
++userPassword: password86
++mail: uid86
++uidnumber: 86
++gidnumber: 86
++homeDirectory: /home/uid86
++
++dn: cn=user87,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user87
++sn: user87
++uid: uid87
++givenname: givenname87
++description: description87
++userPassword: password87
++mail: uid87
++uidnumber: 87
++gidnumber: 87
++homeDirectory: /home/uid87
++
++dn: cn=user88,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user88
++sn: user88
++uid: uid88
++givenname: givenname88
++description: description88
++userPassword: password88
++mail: uid88
++uidnumber: 88
++gidnumber: 88
++homeDirectory: /home/uid88
++
++dn: cn=user89,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user89
++sn: user89
++uid: uid89
++givenname: givenname89
++description: description89
++userPassword: password89
++mail: uid89
++uidnumber: 89
++gidnumber: 89
++homeDirectory: /home/uid89
++
++dn: cn=user90,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user90
++sn: user90
++uid: uid90
++givenname: givenname90
++description: description90
++userPassword: password90
++mail: uid90
++uidnumber: 90
++gidnumber: 90
++homeDirectory: /home/uid90
++
++dn: cn=user91,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user91
++sn: user91
++uid: uid91
++givenname: givenname91
++description: description91
++userPassword: password91
++mail: uid91
++uidnumber: 91
++gidnumber: 91
++homeDirectory: /home/uid91
++
++dn: cn=user92,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user92
++sn: user92
++uid: uid92
++givenname: givenname92
++description: description92
++userPassword: password92
++mail: uid92
++uidnumber: 92
++gidnumber: 92
++homeDirectory: /home/uid92
++
++dn: cn=user93,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user93
++sn: user93
++uid: uid93
++givenname: givenname93
++description: description93
++userPassword: password93
++mail: uid93
++uidnumber: 93
++gidnumber: 93
++homeDirectory: /home/uid93
++
++dn: cn=user94,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user94
++sn: user94
++uid: uid94
++givenname: givenname94
++description: description94
++userPassword: password94
++mail: uid94
++uidnumber: 94
++gidnumber: 94
++homeDirectory: /home/uid94
++
++dn: cn=user95,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user95
++sn: user95
++uid: uid95
++givenname: givenname95
++description: description95
++userPassword: password95
++mail: uid95
++uidnumber: 95
++gidnumber: 95
++homeDirectory: /home/uid95
++
++dn: cn=user96,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user96
++sn: user96
++uid: uid96
++givenname: givenname96
++description: description96
++userPassword: password96
++mail: uid96
++uidnumber: 96
++gidnumber: 96
++homeDirectory: /home/uid96
++
++dn: cn=user97,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user97
++sn: user97
++uid: uid97
++givenname: givenname97
++description: description97
++userPassword: password97
++mail: uid97
++uidnumber: 97
++gidnumber: 97
++homeDirectory: /home/uid97
++
++dn: cn=user98,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user98
++sn: user98
++uid: uid98
++givenname: givenname98
++description: description98
++userPassword: password98
++mail: uid98
++uidnumber: 98
++gidnumber: 98
++homeDirectory: /home/uid98
++
++dn: cn=user99,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user99
++sn: user99
++uid: uid99
++givenname: givenname99
++description: description99
++userPassword: password99
++mail: uid99
++uidnumber: 99
++gidnumber: 99
++homeDirectory: /home/uid99
++
++dn: cn=user100,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user100
++sn: user100
++uid: uid100
++givenname: givenname100
++description: description100
++userPassword: password100
++mail: uid100
++uidnumber: 100
++gidnumber: 100
++homeDirectory: /home/uid100
++
++dn: cn=user101,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user101
++sn: user101
++uid: uid101
++givenname: givenname101
++description: description101
++userPassword: password101
++mail: uid101
++uidnumber: 101
++gidnumber: 101
++homeDirectory: /home/uid101
++
++dn: cn=user102,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user102
++sn: user102
++uid: uid102
++givenname: givenname102
++description: description102
++userPassword: password102
++mail: uid102
++uidnumber: 102
++gidnumber: 102
++homeDirectory: /home/uid102
++
++dn: cn=user103,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user103
++sn: user103
++uid: uid103
++givenname: givenname103
++description: description103
++userPassword: password103
++mail: uid103
++uidnumber: 103
++gidnumber: 103
++homeDirectory: /home/uid103
++
++dn: cn=user104,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user104
++sn: user104
++uid: uid104
++givenname: givenname104
++description: description104
++userPassword: password104
++mail: uid104
++uidnumber: 104
++gidnumber: 104
++homeDirectory: /home/uid104
++
++dn: cn=user105,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user105
++sn: user105
++uid: uid105
++givenname: givenname105
++description: description105
++userPassword: password105
++mail: uid105
++uidnumber: 105
++gidnumber: 105
++homeDirectory: /home/uid105
++
++dn: cn=user106,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user106
++sn: user106
++uid: uid106
++givenname: givenname106
++description: description106
++userPassword: password106
++mail: uid106
++uidnumber: 106
++gidnumber: 106
++homeDirectory: /home/uid106
++
++dn: cn=user107,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user107
++sn: user107
++uid: uid107
++givenname: givenname107
++description: description107
++userPassword: password107
++mail: uid107
++uidnumber: 107
++gidnumber: 107
++homeDirectory: /home/uid107
++
++dn: cn=user108,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user108
++sn: user108
++uid: uid108
++givenname: givenname108
++description: description108
++userPassword: password108
++mail: uid108
++uidnumber: 108
++gidnumber: 108
++homeDirectory: /home/uid108
++
++dn: cn=user109,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user109
++sn: user109
++uid: uid109
++givenname: givenname109
++description: description109
++userPassword: password109
++mail: uid109
++uidnumber: 109
++gidnumber: 109
++homeDirectory: /home/uid109
++
++dn: cn=user110,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user110
++sn: user110
++uid: uid110
++givenname: givenname110
++description: description110
++userPassword: password110
++mail: uid110
++uidnumber: 110
++gidnumber: 110
++homeDirectory: /home/uid110
++
++dn: cn=user111,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user111
++sn: user111
++uid: uid111
++givenname: givenname111
++description: description111
++userPassword: password111
++mail: uid111
++uidnumber: 111
++gidnumber: 111
++homeDirectory: /home/uid111
++
++dn: cn=user112,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user112
++sn: user112
++uid: uid112
++givenname: givenname112
++description: description112
++userPassword: password112
++mail: uid112
++uidnumber: 112
++gidnumber: 112
++homeDirectory: /home/uid112
++
++dn: cn=user113,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user113
++sn: user113
++uid: uid113
++givenname: givenname113
++description: description113
++userPassword: password113
++mail: uid113
++uidnumber: 113
++gidnumber: 113
++homeDirectory: /home/uid113
++
++dn: cn=user114,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user114
++sn: user114
++uid: uid114
++givenname: givenname114
++description: description114
++userPassword: password114
++mail: uid114
++uidnumber: 114
++gidnumber: 114
++homeDirectory: /home/uid114
++
++dn: cn=user115,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user115
++sn: user115
++uid: uid115
++givenname: givenname115
++description: description115
++userPassword: password115
++mail: uid115
++uidnumber: 115
++gidnumber: 115
++homeDirectory: /home/uid115
++
++dn: cn=user116,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user116
++sn: user116
++uid: uid116
++givenname: givenname116
++description: description116
++userPassword: password116
++mail: uid116
++uidnumber: 116
++gidnumber: 116
++homeDirectory: /home/uid116
++
++dn: cn=user117,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user117
++sn: user117
++uid: uid117
++givenname: givenname117
++description: description117
++userPassword: password117
++mail: uid117
++uidnumber: 117
++gidnumber: 117
++homeDirectory: /home/uid117
++
++dn: cn=user118,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user118
++sn: user118
++uid: uid118
++givenname: givenname118
++description: description118
++userPassword: password118
++mail: uid118
++uidnumber: 118
++gidnumber: 118
++homeDirectory: /home/uid118
++
++dn: cn=user119,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user119
++sn: user119
++uid: uid119
++givenname: givenname119
++description: description119
++userPassword: password119
++mail: uid119
++uidnumber: 119
++gidnumber: 119
++homeDirectory: /home/uid119
++
++dn: cn=user120,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user120
++sn: user120
++uid: uid120
++givenname: givenname120
++description: description120
++userPassword: password120
++mail: uid120
++uidnumber: 120
++gidnumber: 120
++homeDirectory: /home/uid120
++
++dn: cn=user121,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user121
++sn: user121
++uid: uid121
++givenname: givenname121
++description: description121
++userPassword: password121
++mail: uid121
++uidnumber: 121
++gidnumber: 121
++homeDirectory: /home/uid121
++
++dn: cn=user122,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user122
++sn: user122
++uid: uid122
++givenname: givenname122
++description: description122
++userPassword: password122
++mail: uid122
++uidnumber: 122
++gidnumber: 122
++homeDirectory: /home/uid122
++
++dn: cn=user123,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user123
++sn: user123
++uid: uid123
++givenname: givenname123
++description: description123
++userPassword: password123
++mail: uid123
++uidnumber: 123
++gidnumber: 123
++homeDirectory: /home/uid123
++
++dn: cn=user124,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user124
++sn: user124
++uid: uid124
++givenname: givenname124
++description: description124
++userPassword: password124
++mail: uid124
++uidnumber: 124
++gidnumber: 124
++homeDirectory: /home/uid124
++
++dn: cn=user125,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user125
++sn: user125
++uid: uid125
++givenname: givenname125
++description: description125
++userPassword: password125
++mail: uid125
++uidnumber: 125
++gidnumber: 125
++homeDirectory: /home/uid125
++
++dn: cn=user126,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user126
++sn: user126
++uid: uid126
++givenname: givenname126
++description: description126
++userPassword: password126
++mail: uid126
++uidnumber: 126
++gidnumber: 126
++homeDirectory: /home/uid126
++
++dn: cn=user127,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user127
++sn: user127
++uid: uid127
++givenname: givenname127
++description: description127
++userPassword: password127
++mail: uid127
++uidnumber: 127
++gidnumber: 127
++homeDirectory: /home/uid127
++
++dn: cn=user128,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user128
++sn: user128
++uid: uid128
++givenname: givenname128
++description: description128
++userPassword: password128
++mail: uid128
++uidnumber: 128
++gidnumber: 128
++homeDirectory: /home/uid128
++
++dn: cn=user129,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user129
++sn: user129
++uid: uid129
++givenname: givenname129
++description: description129
++userPassword: password129
++mail: uid129
++uidnumber: 129
++gidnumber: 129
++homeDirectory: /home/uid129
++
++dn: cn=user130,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user130
++sn: user130
++uid: uid130
++givenname: givenname130
++description: description130
++userPassword: password130
++mail: uid130
++uidnumber: 130
++gidnumber: 130
++homeDirectory: /home/uid130
++
++dn: cn=user131,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user131
++sn: user131
++uid: uid131
++givenname: givenname131
++description: description131
++userPassword: password131
++mail: uid131
++uidnumber: 131
++gidnumber: 131
++homeDirectory: /home/uid131
++
++dn: cn=user132,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user132
++sn: user132
++uid: uid132
++givenname: givenname132
++description: description132
++userPassword: password132
++mail: uid132
++uidnumber: 132
++gidnumber: 132
++homeDirectory: /home/uid132
++
++dn: cn=user133,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user133
++sn: user133
++uid: uid133
++givenname: givenname133
++description: description133
++userPassword: password133
++mail: uid133
++uidnumber: 133
++gidnumber: 133
++homeDirectory: /home/uid133
++
++dn: cn=user134,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user134
++sn: user134
++uid: uid134
++givenname: givenname134
++description: description134
++userPassword: password134
++mail: uid134
++uidnumber: 134
++gidnumber: 134
++homeDirectory: /home/uid134
++
++dn: cn=user135,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user135
++sn: user135
++uid: uid135
++givenname: givenname135
++description: description135
++userPassword: password135
++mail: uid135
++uidnumber: 135
++gidnumber: 135
++homeDirectory: /home/uid135
++
++dn: cn=user136,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user136
++sn: user136
++uid: uid136
++givenname: givenname136
++description: description136
++userPassword: password136
++mail: uid136
++uidnumber: 136
++gidnumber: 136
++homeDirectory: /home/uid136
++
++dn: cn=user137,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user137
++sn: user137
++uid: uid137
++givenname: givenname137
++description: description137
++userPassword: password137
++mail: uid137
++uidnumber: 137
++gidnumber: 137
++homeDirectory: /home/uid137
++
++dn: cn=user138,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user138
++sn: user138
++uid: uid138
++givenname: givenname138
++description: description138
++userPassword: password138
++mail: uid138
++uidnumber: 138
++gidnumber: 138
++homeDirectory: /home/uid138
++
++dn: cn=user139,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user139
++sn: user139
++uid: uid139
++givenname: givenname139
++description: description139
++userPassword: password139
++mail: uid139
++uidnumber: 139
++gidnumber: 139
++homeDirectory: /home/uid139
++
++dn: cn=user140,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user140
++sn: user140
++uid: uid140
++givenname: givenname140
++description: description140
++userPassword: password140
++mail: uid140
++uidnumber: 140
++gidnumber: 140
++homeDirectory: /home/uid140
++
++dn: cn=user141,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user141
++sn: user141
++uid: uid141
++givenname: givenname141
++description: description141
++userPassword: password141
++mail: uid141
++uidnumber: 141
++gidnumber: 141
++homeDirectory: /home/uid141
++
++dn: cn=user142,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user142
++sn: user142
++uid: uid142
++givenname: givenname142
++description: description142
++userPassword: password142
++mail: uid142
++uidnumber: 142
++gidnumber: 142
++homeDirectory: /home/uid142
++
++dn: cn=user143,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user143
++sn: user143
++uid: uid143
++givenname: givenname143
++description: description143
++userPassword: password143
++mail: uid143
++uidnumber: 143
++gidnumber: 143
++homeDirectory: /home/uid143
++
++dn: cn=user144,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user144
++sn: user144
++uid: uid144
++givenname: givenname144
++description: description144
++userPassword: password144
++mail: uid144
++uidnumber: 144
++gidnumber: 144
++homeDirectory: /home/uid144
++
++dn: cn=user145,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user145
++sn: user145
++uid: uid145
++givenname: givenname145
++description: description145
++userPassword: password145
++mail: uid145
++uidnumber: 145
++gidnumber: 145
++homeDirectory: /home/uid145
++
++dn: cn=user146,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user146
++sn: user146
++uid: uid146
++givenname: givenname146
++description: description146
++userPassword: password146
++mail: uid146
++uidnumber: 146
++gidnumber: 146
++homeDirectory: /home/uid146
++
++dn: cn=user147,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user147
++sn: user147
++uid: uid147
++givenname: givenname147
++description: description147
++userPassword: password147
++mail: uid147
++uidnumber: 147
++gidnumber: 147
++homeDirectory: /home/uid147
++
++dn: cn=user148,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user148
++sn: user148
++uid: uid148
++givenname: givenname148
++description: description148
++userPassword: password148
++mail: uid148
++uidnumber: 148
++gidnumber: 148
++homeDirectory: /home/uid148
++
++dn: cn=user149,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user149
++sn: user149
++uid: uid149
++givenname: givenname149
++description: description149
++userPassword: password149
++mail: uid149
++uidnumber: 149
++gidnumber: 149
++homeDirectory: /home/uid149
++
++dn: cn=user150,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user150
++sn: user150
++uid: uid150
++givenname: givenname150
++description: description150
++userPassword: password150
++mail: uid150
++uidnumber: 150
++gidnumber: 150
++homeDirectory: /home/uid150
++
++dn: cn=user151,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user151
++sn: user151
++uid: uid151
++givenname: givenname151
++description: description151
++userPassword: password151
++mail: uid151
++uidnumber: 151
++gidnumber: 151
++homeDirectory: /home/uid151
++
++dn: cn=user152,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user152
++sn: user152
++uid: uid152
++givenname: givenname152
++description: description152
++userPassword: password152
++mail: uid152
++uidnumber: 152
++gidnumber: 152
++homeDirectory: /home/uid152
++
++dn: cn=user153,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user153
++sn: user153
++uid: uid153
++givenname: givenname153
++description: description153
++userPassword: password153
++mail: uid153
++uidnumber: 153
++gidnumber: 153
++homeDirectory: /home/uid153
++
++dn: cn=user154,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user154
++sn: user154
++uid: uid154
++givenname: givenname154
++description: description154
++userPassword: password154
++mail: uid154
++uidnumber: 154
++gidnumber: 154
++homeDirectory: /home/uid154
++
++dn: cn=user155,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user155
++sn: user155
++uid: uid155
++givenname: givenname155
++description: description155
++userPassword: password155
++mail: uid155
++uidnumber: 155
++gidnumber: 155
++homeDirectory: /home/uid155
++
++dn: cn=user156,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user156
++sn: user156
++uid: uid156
++givenname: givenname156
++description: description156
++userPassword: password156
++mail: uid156
++uidnumber: 156
++gidnumber: 156
++homeDirectory: /home/uid156
++
++dn: cn=user157,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user157
++sn: user157
++uid: uid157
++givenname: givenname157
++description: description157
++userPassword: password157
++mail: uid157
++uidnumber: 157
++gidnumber: 157
++homeDirectory: /home/uid157
++
++dn: cn=user158,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user158
++sn: user158
++uid: uid158
++givenname: givenname158
++description: description158
++userPassword: password158
++mail: uid158
++uidnumber: 158
++gidnumber: 158
++homeDirectory: /home/uid158
++
++dn: cn=user159,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user159
++sn: user159
++uid: uid159
++givenname: givenname159
++description: description159
++userPassword: password159
++mail: uid159
++uidnumber: 159
++gidnumber: 159
++homeDirectory: /home/uid159
++
++dn: cn=user160,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user160
++sn: user160
++uid: uid160
++givenname: givenname160
++description: description160
++userPassword: password160
++mail: uid160
++uidnumber: 160
++gidnumber: 160
++homeDirectory: /home/uid160
++
++dn: cn=user161,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user161
++sn: user161
++uid: uid161
++givenname: givenname161
++description: description161
++userPassword: password161
++mail: uid161
++uidnumber: 161
++gidnumber: 161
++homeDirectory: /home/uid161
++
++dn: cn=user162,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user162
++sn: user162
++uid: uid162
++givenname: givenname162
++description: description162
++userPassword: password162
++mail: uid162
++uidnumber: 162
++gidnumber: 162
++homeDirectory: /home/uid162
++
++dn: cn=user163,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user163
++sn: user163
++uid: uid163
++givenname: givenname163
++description: description163
++userPassword: password163
++mail: uid163
++uidnumber: 163
++gidnumber: 163
++homeDirectory: /home/uid163
++
++dn: cn=user164,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user164
++sn: user164
++uid: uid164
++givenname: givenname164
++description: description164
++userPassword: password164
++mail: uid164
++uidnumber: 164
++gidnumber: 164
++homeDirectory: /home/uid164
++
++dn: cn=user165,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user165
++sn: user165
++uid: uid165
++givenname: givenname165
++description: description165
++userPassword: password165
++mail: uid165
++uidnumber: 165
++gidnumber: 165
++homeDirectory: /home/uid165
++
++dn: cn=user166,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user166
++sn: user166
++uid: uid166
++givenname: givenname166
++description: description166
++userPassword: password166
++mail: uid166
++uidnumber: 166
++gidnumber: 166
++homeDirectory: /home/uid166
++
++dn: cn=user167,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user167
++sn: user167
++uid: uid167
++givenname: givenname167
++description: description167
++userPassword: password167
++mail: uid167
++uidnumber: 167
++gidnumber: 167
++homeDirectory: /home/uid167
++
++dn: cn=user168,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user168
++sn: user168
++uid: uid168
++givenname: givenname168
++description: description168
++userPassword: password168
++mail: uid168
++uidnumber: 168
++gidnumber: 168
++homeDirectory: /home/uid168
++
++dn: cn=user169,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user169
++sn: user169
++uid: uid169
++givenname: givenname169
++description: description169
++userPassword: password169
++mail: uid169
++uidnumber: 169
++gidnumber: 169
++homeDirectory: /home/uid169
++
++dn: cn=user170,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user170
++sn: user170
++uid: uid170
++givenname: givenname170
++description: description170
++userPassword: password170
++mail: uid170
++uidnumber: 170
++gidnumber: 170
++homeDirectory: /home/uid170
++
++dn: cn=user171,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user171
++sn: user171
++uid: uid171
++givenname: givenname171
++description: description171
++userPassword: password171
++mail: uid171
++uidnumber: 171
++gidnumber: 171
++homeDirectory: /home/uid171
++
++dn: cn=user172,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user172
++sn: user172
++uid: uid172
++givenname: givenname172
++description: description172
++userPassword: password172
++mail: uid172
++uidnumber: 172
++gidnumber: 172
++homeDirectory: /home/uid172
++
++dn: cn=user173,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user173
++sn: user173
++uid: uid173
++givenname: givenname173
++description: description173
++userPassword: password173
++mail: uid173
++uidnumber: 173
++gidnumber: 173
++homeDirectory: /home/uid173
++
++dn: cn=user174,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user174
++sn: user174
++uid: uid174
++givenname: givenname174
++description: description174
++userPassword: password174
++mail: uid174
++uidnumber: 174
++gidnumber: 174
++homeDirectory: /home/uid174
++
++dn: cn=user175,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user175
++sn: user175
++uid: uid175
++givenname: givenname175
++description: description175
++userPassword: password175
++mail: uid175
++uidnumber: 175
++gidnumber: 175
++homeDirectory: /home/uid175
++
++dn: cn=user176,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user176
++sn: user176
++uid: uid176
++givenname: givenname176
++description: description176
++userPassword: password176
++mail: uid176
++uidnumber: 176
++gidnumber: 176
++homeDirectory: /home/uid176
++
++dn: cn=user177,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user177
++sn: user177
++uid: uid177
++givenname: givenname177
++description: description177
++userPassword: password177
++mail: uid177
++uidnumber: 177
++gidnumber: 177
++homeDirectory: /home/uid177
++
++dn: cn=user178,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user178
++sn: user178
++uid: uid178
++givenname: givenname178
++description: description178
++userPassword: password178
++mail: uid178
++uidnumber: 178
++gidnumber: 178
++homeDirectory: /home/uid178
++
++dn: cn=user179,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user179
++sn: user179
++uid: uid179
++givenname: givenname179
++description: description179
++userPassword: password179
++mail: uid179
++uidnumber: 179
++gidnumber: 179
++homeDirectory: /home/uid179
++
++dn: cn=user180,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user180
++sn: user180
++uid: uid180
++givenname: givenname180
++description: description180
++userPassword: password180
++mail: uid180
++uidnumber: 180
++gidnumber: 180
++homeDirectory: /home/uid180
++
++dn: cn=user181,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user181
++sn: user181
++uid: uid181
++givenname: givenname181
++description: description181
++userPassword: password181
++mail: uid181
++uidnumber: 181
++gidnumber: 181
++homeDirectory: /home/uid181
++
++dn: cn=user182,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user182
++sn: user182
++uid: uid182
++givenname: givenname182
++description: description182
++userPassword: password182
++mail: uid182
++uidnumber: 182
++gidnumber: 182
++homeDirectory: /home/uid182
++
++dn: cn=user183,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user183
++sn: user183
++uid: uid183
++givenname: givenname183
++description: description183
++userPassword: password183
++mail: uid183
++uidnumber: 183
++gidnumber: 183
++homeDirectory: /home/uid183
++
++dn: cn=user184,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user184
++sn: user184
++uid: uid184
++givenname: givenname184
++description: description184
++userPassword: password184
++mail: uid184
++uidnumber: 184
++gidnumber: 184
++homeDirectory: /home/uid184
++
++dn: cn=user185,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user185
++sn: user185
++uid: uid185
++givenname: givenname185
++description: description185
++userPassword: password185
++mail: uid185
++uidnumber: 185
++gidnumber: 185
++homeDirectory: /home/uid185
++
++dn: cn=user186,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user186
++sn: user186
++uid: uid186
++givenname: givenname186
++description: description186
++userPassword: password186
++mail: uid186
++uidnumber: 186
++gidnumber: 186
++homeDirectory: /home/uid186
++
++dn: cn=user187,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user187
++sn: user187
++uid: uid187
++givenname: givenname187
++description: description187
++userPassword: password187
++mail: uid187
++uidnumber: 187
++gidnumber: 187
++homeDirectory: /home/uid187
++
++dn: cn=user188,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user188
++sn: user188
++uid: uid188
++givenname: givenname188
++description: description188
++userPassword: password188
++mail: uid188
++uidnumber: 188
++gidnumber: 188
++homeDirectory: /home/uid188
++
++dn: cn=user189,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user189
++sn: user189
++uid: uid189
++givenname: givenname189
++description: description189
++userPassword: password189
++mail: uid189
++uidnumber: 189
++gidnumber: 189
++homeDirectory: /home/uid189
++
++dn: cn=user190,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user190
++sn: user190
++uid: uid190
++givenname: givenname190
++description: description190
++userPassword: password190
++mail: uid190
++uidnumber: 190
++gidnumber: 190
++homeDirectory: /home/uid190
++
++dn: cn=user191,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user191
++sn: user191
++uid: uid191
++givenname: givenname191
++description: description191
++userPassword: password191
++mail: uid191
++uidnumber: 191
++gidnumber: 191
++homeDirectory: /home/uid191
++
++dn: cn=user192,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user192
++sn: user192
++uid: uid192
++givenname: givenname192
++description: description192
++userPassword: password192
++mail: uid192
++uidnumber: 192
++gidnumber: 192
++homeDirectory: /home/uid192
++
++dn: cn=user193,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user193
++sn: user193
++uid: uid193
++givenname: givenname193
++description: description193
++userPassword: password193
++mail: uid193
++uidnumber: 193
++gidnumber: 193
++homeDirectory: /home/uid193
++
++dn: cn=user194,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user194
++sn: user194
++uid: uid194
++givenname: givenname194
++description: description194
++userPassword: password194
++mail: uid194
++uidnumber: 194
++gidnumber: 194
++homeDirectory: /home/uid194
++
++dn: cn=user195,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user195
++sn: user195
++uid: uid195
++givenname: givenname195
++description: description195
++userPassword: password195
++mail: uid195
++uidnumber: 195
++gidnumber: 195
++homeDirectory: /home/uid195
++
++dn: cn=user196,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user196
++sn: user196
++uid: uid196
++givenname: givenname196
++description: description196
++userPassword: password196
++mail: uid196
++uidnumber: 196
++gidnumber: 196
++homeDirectory: /home/uid196
++
++dn: cn=user197,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user197
++sn: user197
++uid: uid197
++givenname: givenname197
++description: description197
++userPassword: password197
++mail: uid197
++uidnumber: 197
++gidnumber: 197
++homeDirectory: /home/uid197
++
++dn: cn=user198,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user198
++sn: user198
++uid: uid198
++givenname: givenname198
++description: description198
++userPassword: password198
++mail: uid198
++uidnumber: 198
++gidnumber: 198
++homeDirectory: /home/uid198
++
++dn: cn=user199,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user199
++sn: user199
++uid: uid199
++givenname: givenname199
++description: description199
++userPassword: password199
++mail: uid199
++uidnumber: 199
++gidnumber: 199
++homeDirectory: /home/uid199
++
++dn: cn=user200,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user200
++sn: user200
++uid: uid200
++givenname: givenname200
++description: description200
++userPassword: password200
++mail: uid200
++uidnumber: 200
++gidnumber: 200
++homeDirectory: /home/uid200
++
++dn: cn=user201,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user201
++sn: user201
++uid: uid201
++givenname: givenname201
++description: description201
++userPassword: password201
++mail: uid201
++uidnumber: 201
++gidnumber: 201
++homeDirectory: /home/uid201
++
++dn: cn=user202,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user202
++sn: user202
++uid: uid202
++givenname: givenname202
++description: description202
++userPassword: password202
++mail: uid202
++uidnumber: 202
++gidnumber: 202
++homeDirectory: /home/uid202
++
++dn: cn=user203,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user203
++sn: user203
++uid: uid203
++givenname: givenname203
++description: description203
++userPassword: password203
++mail: uid203
++uidnumber: 203
++gidnumber: 203
++homeDirectory: /home/uid203
++
++dn: cn=user204,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user204
++sn: user204
++uid: uid204
++givenname: givenname204
++description: description204
++userPassword: password204
++mail: uid204
++uidnumber: 204
++gidnumber: 204
++homeDirectory: /home/uid204
++
++dn: cn=user205,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user205
++sn: user205
++uid: uid205
++givenname: givenname205
++description: description205
++userPassword: password205
++mail: uid205
++uidnumber: 205
++gidnumber: 205
++homeDirectory: /home/uid205
++
++dn: cn=user206,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user206
++sn: user206
++uid: uid206
++givenname: givenname206
++description: description206
++userPassword: password206
++mail: uid206
++uidnumber: 206
++gidnumber: 206
++homeDirectory: /home/uid206
++
++dn: cn=user207,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user207
++sn: user207
++uid: uid207
++givenname: givenname207
++description: description207
++userPassword: password207
++mail: uid207
++uidnumber: 207
++gidnumber: 207
++homeDirectory: /home/uid207
++
++dn: cn=user208,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user208
++sn: user208
++uid: uid208
++givenname: givenname208
++description: description208
++userPassword: password208
++mail: uid208
++uidnumber: 208
++gidnumber: 208
++homeDirectory: /home/uid208
++
++dn: cn=user209,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user209
++sn: user209
++uid: uid209
++givenname: givenname209
++description: description209
++userPassword: password209
++mail: uid209
++uidnumber: 209
++gidnumber: 209
++homeDirectory: /home/uid209
++
++dn: cn=user210,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user210
++sn: user210
++uid: uid210
++givenname: givenname210
++description: description210
++userPassword: password210
++mail: uid210
++uidnumber: 210
++gidnumber: 210
++homeDirectory: /home/uid210
++
++dn: cn=user211,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user211
++sn: user211
++uid: uid211
++givenname: givenname211
++description: description211
++userPassword: password211
++mail: uid211
++uidnumber: 211
++gidnumber: 211
++homeDirectory: /home/uid211
++
++dn: cn=user212,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user212
++sn: user212
++uid: uid212
++givenname: givenname212
++description: description212
++userPassword: password212
++mail: uid212
++uidnumber: 212
++gidnumber: 212
++homeDirectory: /home/uid212
++
++dn: cn=user213,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user213
++sn: user213
++uid: uid213
++givenname: givenname213
++description: description213
++userPassword: password213
++mail: uid213
++uidnumber: 213
++gidnumber: 213
++homeDirectory: /home/uid213
++
++dn: cn=user214,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user214
++sn: user214
++uid: uid214
++givenname: givenname214
++description: description214
++userPassword: password214
++mail: uid214
++uidnumber: 214
++gidnumber: 214
++homeDirectory: /home/uid214
++
++dn: cn=user215,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user215
++sn: user215
++uid: uid215
++givenname: givenname215
++description: description215
++userPassword: password215
++mail: uid215
++uidnumber: 215
++gidnumber: 215
++homeDirectory: /home/uid215
++
++dn: cn=user216,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user216
++sn: user216
++uid: uid216
++givenname: givenname216
++description: description216
++userPassword: password216
++mail: uid216
++uidnumber: 216
++gidnumber: 216
++homeDirectory: /home/uid216
++
++dn: cn=user217,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user217
++sn: user217
++uid: uid217
++givenname: givenname217
++description: description217
++userPassword: password217
++mail: uid217
++uidnumber: 217
++gidnumber: 217
++homeDirectory: /home/uid217
++
++dn: cn=user218,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user218
++sn: user218
++uid: uid218
++givenname: givenname218
++description: description218
++userPassword: password218
++mail: uid218
++uidnumber: 218
++gidnumber: 218
++homeDirectory: /home/uid218
++
++dn: cn=user219,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user219
++sn: user219
++uid: uid219
++givenname: givenname219
++description: description219
++userPassword: password219
++mail: uid219
++uidnumber: 219
++gidnumber: 219
++homeDirectory: /home/uid219
++
++dn: cn=user220,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user220
++sn: user220
++uid: uid220
++givenname: givenname220
++description: description220
++userPassword: password220
++mail: uid220
++uidnumber: 220
++gidnumber: 220
++homeDirectory: /home/uid220
++
++dn: cn=user221,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user221
++sn: user221
++uid: uid221
++givenname: givenname221
++description: description221
++userPassword: password221
++mail: uid221
++uidnumber: 221
++gidnumber: 221
++homeDirectory: /home/uid221
++
++dn: cn=user222,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user222
++sn: user222
++uid: uid222
++givenname: givenname222
++description: description222
++userPassword: password222
++mail: uid222
++uidnumber: 222
++gidnumber: 222
++homeDirectory: /home/uid222
++
++dn: cn=user223,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user223
++sn: user223
++uid: uid223
++givenname: givenname223
++description: description223
++userPassword: password223
++mail: uid223
++uidnumber: 223
++gidnumber: 223
++homeDirectory: /home/uid223
++
++dn: cn=user224,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user224
++sn: user224
++uid: uid224
++givenname: givenname224
++description: description224
++userPassword: password224
++mail: uid224
++uidnumber: 224
++gidnumber: 224
++homeDirectory: /home/uid224
++
++dn: cn=user225,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user225
++sn: user225
++uid: uid225
++givenname: givenname225
++description: description225
++userPassword: password225
++mail: uid225
++uidnumber: 225
++gidnumber: 225
++homeDirectory: /home/uid225
++
++dn: cn=user226,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user226
++sn: user226
++uid: uid226
++givenname: givenname226
++description: description226
++userPassword: password226
++mail: uid226
++uidnumber: 226
++gidnumber: 226
++homeDirectory: /home/uid226
++
++dn: cn=user227,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user227
++sn: user227
++uid: uid227
++givenname: givenname227
++description: description227
++userPassword: password227
++mail: uid227
++uidnumber: 227
++gidnumber: 227
++homeDirectory: /home/uid227
++
++dn: cn=user228,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user228
++sn: user228
++uid: uid228
++givenname: givenname228
++description: description228
++userPassword: password228
++mail: uid228
++uidnumber: 228
++gidnumber: 228
++homeDirectory: /home/uid228
++
++dn: cn=user229,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user229
++sn: user229
++uid: uid229
++givenname: givenname229
++description: description229
++userPassword: password229
++mail: uid229
++uidnumber: 229
++gidnumber: 229
++homeDirectory: /home/uid229
++
++dn: cn=user230,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user230
++sn: user230
++uid: uid230
++givenname: givenname230
++description: description230
++userPassword: password230
++mail: uid230
++uidnumber: 230
++gidnumber: 230
++homeDirectory: /home/uid230
++
++dn: cn=user231,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user231
++sn: user231
++uid: uid231
++givenname: givenname231
++description: description231
++userPassword: password231
++mail: uid231
++uidnumber: 231
++gidnumber: 231
++homeDirectory: /home/uid231
++
++dn: cn=user232,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user232
++sn: user232
++uid: uid232
++givenname: givenname232
++description: description232
++userPassword: password232
++mail: uid232
++uidnumber: 232
++gidnumber: 232
++homeDirectory: /home/uid232
++
++dn: cn=user233,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user233
++sn: user233
++uid: uid233
++givenname: givenname233
++description: description233
++userPassword: password233
++mail: uid233
++uidnumber: 233
++gidnumber: 233
++homeDirectory: /home/uid233
++
++dn: cn=user234,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user234
++sn: user234
++uid: uid234
++givenname: givenname234
++description: description234
++userPassword: password234
++mail: uid234
++uidnumber: 234
++gidnumber: 234
++homeDirectory: /home/uid234
++
++dn: cn=user235,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user235
++sn: user235
++uid: uid235
++givenname: givenname235
++description: description235
++userPassword: password235
++mail: uid235
++uidnumber: 235
++gidnumber: 235
++homeDirectory: /home/uid235
++
++dn: cn=user236,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user236
++sn: user236
++uid: uid236
++givenname: givenname236
++description: description236
++userPassword: password236
++mail: uid236
++uidnumber: 236
++gidnumber: 236
++homeDirectory: /home/uid236
++
++dn: cn=user237,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user237
++sn: user237
++uid: uid237
++givenname: givenname237
++description: description237
++userPassword: password237
++mail: uid237
++uidnumber: 237
++gidnumber: 237
++homeDirectory: /home/uid237
++
++dn: cn=user238,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user238
++sn: user238
++uid: uid238
++givenname: givenname238
++description: description238
++userPassword: password238
++mail: uid238
++uidnumber: 238
++gidnumber: 238
++homeDirectory: /home/uid238
++
++dn: cn=user239,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user239
++sn: user239
++uid: uid239
++givenname: givenname239
++description: description239
++userPassword: password239
++mail: uid239
++uidnumber: 239
++gidnumber: 239
++homeDirectory: /home/uid239
++
++dn: cn=user240,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user240
++sn: user240
++uid: uid240
++givenname: givenname240
++description: description240
++userPassword: password240
++mail: uid240
++uidnumber: 240
++gidnumber: 240
++homeDirectory: /home/uid240
++
++dn: cn=user241,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user241
++sn: user241
++uid: uid241
++givenname: givenname241
++description: description241
++userPassword: password241
++mail: uid241
++uidnumber: 241
++gidnumber: 241
++homeDirectory: /home/uid241
++
++dn: cn=user242,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user242
++sn: user242
++uid: uid242
++givenname: givenname242
++description: description242
++userPassword: password242
++mail: uid242
++uidnumber: 242
++gidnumber: 242
++homeDirectory: /home/uid242
++
++dn: cn=user243,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user243
++sn: user243
++uid: uid243
++givenname: givenname243
++description: description243
++userPassword: password243
++mail: uid243
++uidnumber: 243
++gidnumber: 243
++homeDirectory: /home/uid243
++
++dn: cn=user244,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user244
++sn: user244
++uid: uid244
++givenname: givenname244
++description: description244
++userPassword: password244
++mail: uid244
++uidnumber: 244
++gidnumber: 244
++homeDirectory: /home/uid244
++
++dn: cn=user245,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user245
++sn: user245
++uid: uid245
++givenname: givenname245
++description: description245
++userPassword: password245
++mail: uid245
++uidnumber: 245
++gidnumber: 245
++homeDirectory: /home/uid245
++
++dn: cn=user246,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user246
++sn: user246
++uid: uid246
++givenname: givenname246
++description: description246
++userPassword: password246
++mail: uid246
++uidnumber: 246
++gidnumber: 246
++homeDirectory: /home/uid246
++
++dn: cn=user247,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user247
++sn: user247
++uid: uid247
++givenname: givenname247
++description: description247
++userPassword: password247
++mail: uid247
++uidnumber: 247
++gidnumber: 247
++homeDirectory: /home/uid247
++
++dn: cn=user248,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user248
++sn: user248
++uid: uid248
++givenname: givenname248
++description: description248
++userPassword: password248
++mail: uid248
++uidnumber: 248
++gidnumber: 248
++homeDirectory: /home/uid248
++
++dn: cn=user249,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user249
++sn: user249
++uid: uid249
++givenname: givenname249
++description: description249
++userPassword: password249
++mail: uid249
++uidnumber: 249
++gidnumber: 249
++homeDirectory: /home/uid249
++
++dn: cn=user250,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user250
++sn: user250
++uid: uid250
++givenname: givenname250
++description: description250
++userPassword: password250
++mail: uid250
++uidnumber: 250
++gidnumber: 250
++homeDirectory: /home/uid250
++
++dn: cn=user251,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user251
++sn: user251
++uid: uid251
++givenname: givenname251
++description: description251
++userPassword: password251
++mail: uid251
++uidnumber: 251
++gidnumber: 251
++homeDirectory: /home/uid251
++
++dn: cn=user252,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user252
++sn: user252
++uid: uid252
++givenname: givenname252
++description: description252
++userPassword: password252
++mail: uid252
++uidnumber: 252
++gidnumber: 252
++homeDirectory: /home/uid252
++
++dn: cn=user253,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user253
++sn: user253
++uid: uid253
++givenname: givenname253
++description: description253
++userPassword: password253
++mail: uid253
++uidnumber: 253
++gidnumber: 253
++homeDirectory: /home/uid253
++
++dn: cn=user254,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user254
++sn: user254
++uid: uid254
++givenname: givenname254
++description: description254
++userPassword: password254
++mail: uid254
++uidnumber: 254
++gidnumber: 254
++homeDirectory: /home/uid254
++
++dn: cn=user255,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user255
++sn: user255
++uid: uid255
++givenname: givenname255
++description: description255
++userPassword: password255
++mail: uid255
++uidnumber: 255
++gidnumber: 255
++homeDirectory: /home/uid255
++
++dn: cn=user256,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user256
++sn: user256
++uid: uid256
++givenname: givenname256
++description: description256
++userPassword: password256
++mail: uid256
++uidnumber: 256
++gidnumber: 256
++homeDirectory: /home/uid256
++
++dn: cn=user257,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user257
++sn: user257
++uid: uid257
++givenname: givenname257
++description: description257
++userPassword: password257
++mail: uid257
++uidnumber: 257
++gidnumber: 257
++homeDirectory: /home/uid257
++
++dn: cn=user258,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user258
++sn: user258
++uid: uid258
++givenname: givenname258
++description: description258
++userPassword: password258
++mail: uid258
++uidnumber: 258
++gidnumber: 258
++homeDirectory: /home/uid258
++
++dn: cn=user259,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user259
++sn: user259
++uid: uid259
++givenname: givenname259
++description: description259
++userPassword: password259
++mail: uid259
++uidnumber: 259
++gidnumber: 259
++homeDirectory: /home/uid259
++
++dn: cn=user260,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user260
++sn: user260
++uid: uid260
++givenname: givenname260
++description: description260
++userPassword: password260
++mail: uid260
++uidnumber: 260
++gidnumber: 260
++homeDirectory: /home/uid260
++
++dn: cn=user261,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user261
++sn: user261
++uid: uid261
++givenname: givenname261
++description: description261
++userPassword: password261
++mail: uid261
++uidnumber: 261
++gidnumber: 261
++homeDirectory: /home/uid261
++
++dn: cn=user262,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user262
++sn: user262
++uid: uid262
++givenname: givenname262
++description: description262
++userPassword: password262
++mail: uid262
++uidnumber: 262
++gidnumber: 262
++homeDirectory: /home/uid262
++
++dn: cn=user263,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user263
++sn: user263
++uid: uid263
++givenname: givenname263
++description: description263
++userPassword: password263
++mail: uid263
++uidnumber: 263
++gidnumber: 263
++homeDirectory: /home/uid263
++
++dn: cn=user264,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user264
++sn: user264
++uid: uid264
++givenname: givenname264
++description: description264
++userPassword: password264
++mail: uid264
++uidnumber: 264
++gidnumber: 264
++homeDirectory: /home/uid264
++
++dn: cn=user265,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user265
++sn: user265
++uid: uid265
++givenname: givenname265
++description: description265
++userPassword: password265
++mail: uid265
++uidnumber: 265
++gidnumber: 265
++homeDirectory: /home/uid265
++
++dn: cn=user266,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user266
++sn: user266
++uid: uid266
++givenname: givenname266
++description: description266
++userPassword: password266
++mail: uid266
++uidnumber: 266
++gidnumber: 266
++homeDirectory: /home/uid266
++
++dn: cn=user267,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user267
++sn: user267
++uid: uid267
++givenname: givenname267
++description: description267
++userPassword: password267
++mail: uid267
++uidnumber: 267
++gidnumber: 267
++homeDirectory: /home/uid267
++
++dn: cn=user268,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user268
++sn: user268
++uid: uid268
++givenname: givenname268
++description: description268
++userPassword: password268
++mail: uid268
++uidnumber: 268
++gidnumber: 268
++homeDirectory: /home/uid268
++
++dn: cn=user269,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user269
++sn: user269
++uid: uid269
++givenname: givenname269
++description: description269
++userPassword: password269
++mail: uid269
++uidnumber: 269
++gidnumber: 269
++homeDirectory: /home/uid269
++
++dn: cn=user270,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user270
++sn: user270
++uid: uid270
++givenname: givenname270
++description: description270
++userPassword: password270
++mail: uid270
++uidnumber: 270
++gidnumber: 270
++homeDirectory: /home/uid270
++
++dn: cn=user271,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user271
++sn: user271
++uid: uid271
++givenname: givenname271
++description: description271
++userPassword: password271
++mail: uid271
++uidnumber: 271
++gidnumber: 271
++homeDirectory: /home/uid271
++
++dn: cn=user272,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user272
++sn: user272
++uid: uid272
++givenname: givenname272
++description: description272
++userPassword: password272
++mail: uid272
++uidnumber: 272
++gidnumber: 272
++homeDirectory: /home/uid272
++
++dn: cn=user273,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user273
++sn: user273
++uid: uid273
++givenname: givenname273
++description: description273
++userPassword: password273
++mail: uid273
++uidnumber: 273
++gidnumber: 273
++homeDirectory: /home/uid273
++
++dn: cn=user274,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user274
++sn: user274
++uid: uid274
++givenname: givenname274
++description: description274
++userPassword: password274
++mail: uid274
++uidnumber: 274
++gidnumber: 274
++homeDirectory: /home/uid274
++
++dn: cn=user275,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user275
++sn: user275
++uid: uid275
++givenname: givenname275
++description: description275
++userPassword: password275
++mail: uid275
++uidnumber: 275
++gidnumber: 275
++homeDirectory: /home/uid275
++
++dn: cn=user276,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user276
++sn: user276
++uid: uid276
++givenname: givenname276
++description: description276
++userPassword: password276
++mail: uid276
++uidnumber: 276
++gidnumber: 276
++homeDirectory: /home/uid276
++
++dn: cn=user277,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user277
++sn: user277
++uid: uid277
++givenname: givenname277
++description: description277
++userPassword: password277
++mail: uid277
++uidnumber: 277
++gidnumber: 277
++homeDirectory: /home/uid277
++
++dn: cn=user278,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user278
++sn: user278
++uid: uid278
++givenname: givenname278
++description: description278
++userPassword: password278
++mail: uid278
++uidnumber: 278
++gidnumber: 278
++homeDirectory: /home/uid278
++
++dn: cn=user279,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user279
++sn: user279
++uid: uid279
++givenname: givenname279
++description: description279
++userPassword: password279
++mail: uid279
++uidnumber: 279
++gidnumber: 279
++homeDirectory: /home/uid279
++
++dn: cn=user280,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user280
++sn: user280
++uid: uid280
++givenname: givenname280
++description: description280
++userPassword: password280
++mail: uid280
++uidnumber: 280
++gidnumber: 280
++homeDirectory: /home/uid280
++
++dn: cn=user281,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user281
++sn: user281
++uid: uid281
++givenname: givenname281
++description: description281
++userPassword: password281
++mail: uid281
++uidnumber: 281
++gidnumber: 281
++homeDirectory: /home/uid281
++
++dn: cn=user282,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user282
++sn: user282
++uid: uid282
++givenname: givenname282
++description: description282
++userPassword: password282
++mail: uid282
++uidnumber: 282
++gidnumber: 282
++homeDirectory: /home/uid282
++
++dn: cn=user283,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user283
++sn: user283
++uid: uid283
++givenname: givenname283
++description: description283
++userPassword: password283
++mail: uid283
++uidnumber: 283
++gidnumber: 283
++homeDirectory: /home/uid283
++
++dn: cn=user284,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user284
++sn: user284
++uid: uid284
++givenname: givenname284
++description: description284
++userPassword: password284
++mail: uid284
++uidnumber: 284
++gidnumber: 284
++homeDirectory: /home/uid284
++
++dn: cn=user285,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user285
++sn: user285
++uid: uid285
++givenname: givenname285
++description: description285
++userPassword: password285
++mail: uid285
++uidnumber: 285
++gidnumber: 285
++homeDirectory: /home/uid285
++
++dn: cn=user286,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user286
++sn: user286
++uid: uid286
++givenname: givenname286
++description: description286
++userPassword: password286
++mail: uid286
++uidnumber: 286
++gidnumber: 286
++homeDirectory: /home/uid286
++
++dn: cn=user287,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user287
++sn: user287
++uid: uid287
++givenname: givenname287
++description: description287
++userPassword: password287
++mail: uid287
++uidnumber: 287
++gidnumber: 287
++homeDirectory: /home/uid287
++
++dn: cn=user288,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user288
++sn: user288
++uid: uid288
++givenname: givenname288
++description: description288
++userPassword: password288
++mail: uid288
++uidnumber: 288
++gidnumber: 288
++homeDirectory: /home/uid288
++
++dn: cn=user289,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user289
++sn: user289
++uid: uid289
++givenname: givenname289
++description: description289
++userPassword: password289
++mail: uid289
++uidnumber: 289
++gidnumber: 289
++homeDirectory: /home/uid289
++
++dn: cn=user290,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user290
++sn: user290
++uid: uid290
++givenname: givenname290
++description: description290
++userPassword: password290
++mail: uid290
++uidnumber: 290
++gidnumber: 290
++homeDirectory: /home/uid290
++
++dn: cn=user291,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user291
++sn: user291
++uid: uid291
++givenname: givenname291
++description: description291
++userPassword: password291
++mail: uid291
++uidnumber: 291
++gidnumber: 291
++homeDirectory: /home/uid291
++
++dn: cn=user292,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user292
++sn: user292
++uid: uid292
++givenname: givenname292
++description: description292
++userPassword: password292
++mail: uid292
++uidnumber: 292
++gidnumber: 292
++homeDirectory: /home/uid292
++
++dn: cn=user293,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user293
++sn: user293
++uid: uid293
++givenname: givenname293
++description: description293
++userPassword: password293
++mail: uid293
++uidnumber: 293
++gidnumber: 293
++homeDirectory: /home/uid293
++
++dn: cn=user294,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user294
++sn: user294
++uid: uid294
++givenname: givenname294
++description: description294
++userPassword: password294
++mail: uid294
++uidnumber: 294
++gidnumber: 294
++homeDirectory: /home/uid294
++
++dn: cn=user295,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user295
++sn: user295
++uid: uid295
++givenname: givenname295
++description: description295
++userPassword: password295
++mail: uid295
++uidnumber: 295
++gidnumber: 295
++homeDirectory: /home/uid295
++
++dn: cn=user296,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user296
++sn: user296
++uid: uid296
++givenname: givenname296
++description: description296
++userPassword: password296
++mail: uid296
++uidnumber: 296
++gidnumber: 296
++homeDirectory: /home/uid296
++
++dn: cn=user297,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user297
++sn: user297
++uid: uid297
++givenname: givenname297
++description: description297
++userPassword: password297
++mail: uid297
++uidnumber: 297
++gidnumber: 297
++homeDirectory: /home/uid297
++
++dn: cn=user298,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user298
++sn: user298
++uid: uid298
++givenname: givenname298
++description: description298
++userPassword: password298
++mail: uid298
++uidnumber: 298
++gidnumber: 298
++homeDirectory: /home/uid298
++
++dn: cn=user299,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user299
++sn: user299
++uid: uid299
++givenname: givenname299
++description: description299
++userPassword: password299
++mail: uid299
++uidnumber: 299
++gidnumber: 299
++homeDirectory: /home/uid299
++
++dn: cn=user300,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user300
++sn: user300
++uid: uid300
++givenname: givenname300
++description: description300
++userPassword: password300
++mail: uid300
++uidnumber: 300
++gidnumber: 300
++homeDirectory: /home/uid300
++
++dn: cn=user301,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user301
++sn: user301
++uid: uid301
++givenname: givenname301
++description: description301
++userPassword: password301
++mail: uid301
++uidnumber: 301
++gidnumber: 301
++homeDirectory: /home/uid301
++
++dn: cn=user302,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user302
++sn: user302
++uid: uid302
++givenname: givenname302
++description: description302
++userPassword: password302
++mail: uid302
++uidnumber: 302
++gidnumber: 302
++homeDirectory: /home/uid302
++
++dn: cn=user303,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user303
++sn: user303
++uid: uid303
++givenname: givenname303
++description: description303
++userPassword: password303
++mail: uid303
++uidnumber: 303
++gidnumber: 303
++homeDirectory: /home/uid303
++
++dn: cn=user304,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user304
++sn: user304
++uid: uid304
++givenname: givenname304
++description: description304
++userPassword: password304
++mail: uid304
++uidnumber: 304
++gidnumber: 304
++homeDirectory: /home/uid304
++
++dn: cn=user305,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user305
++sn: user305
++uid: uid305
++givenname: givenname305
++description: description305
++userPassword: password305
++mail: uid305
++uidnumber: 305
++gidnumber: 305
++homeDirectory: /home/uid305
++
++dn: cn=user306,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user306
++sn: user306
++uid: uid306
++givenname: givenname306
++description: description306
++userPassword: password306
++mail: uid306
++uidnumber: 306
++gidnumber: 306
++homeDirectory: /home/uid306
++
++dn: cn=user307,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user307
++sn: user307
++uid: uid307
++givenname: givenname307
++description: description307
++userPassword: password307
++mail: uid307
++uidnumber: 307
++gidnumber: 307
++homeDirectory: /home/uid307
++
++dn: cn=user308,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user308
++sn: user308
++uid: uid308
++givenname: givenname308
++description: description308
++userPassword: password308
++mail: uid308
++uidnumber: 308
++gidnumber: 308
++homeDirectory: /home/uid308
++
++dn: cn=user309,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user309
++sn: user309
++uid: uid309
++givenname: givenname309
++description: description309
++userPassword: password309
++mail: uid309
++uidnumber: 309
++gidnumber: 309
++homeDirectory: /home/uid309
++
++dn: cn=user310,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user310
++sn: user310
++uid: uid310
++givenname: givenname310
++description: description310
++userPassword: password310
++mail: uid310
++uidnumber: 310
++gidnumber: 310
++homeDirectory: /home/uid310
++
++dn: cn=user311,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user311
++sn: user311
++uid: uid311
++givenname: givenname311
++description: description311
++userPassword: password311
++mail: uid311
++uidnumber: 311
++gidnumber: 311
++homeDirectory: /home/uid311
++
++dn: cn=user312,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user312
++sn: user312
++uid: uid312
++givenname: givenname312
++description: description312
++userPassword: password312
++mail: uid312
++uidnumber: 312
++gidnumber: 312
++homeDirectory: /home/uid312
++
++dn: cn=user313,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user313
++sn: user313
++uid: uid313
++givenname: givenname313
++description: description313
++userPassword: password313
++mail: uid313
++uidnumber: 313
++gidnumber: 313
++homeDirectory: /home/uid313
++
++dn: cn=user314,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user314
++sn: user314
++uid: uid314
++givenname: givenname314
++description: description314
++userPassword: password314
++mail: uid314
++uidnumber: 314
++gidnumber: 314
++homeDirectory: /home/uid314
++
++dn: cn=user315,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user315
++sn: user315
++uid: uid315
++givenname: givenname315
++description: description315
++userPassword: password315
++mail: uid315
++uidnumber: 315
++gidnumber: 315
++homeDirectory: /home/uid315
++
++dn: cn=user316,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user316
++sn: user316
++uid: uid316
++givenname: givenname316
++description: description316
++userPassword: password316
++mail: uid316
++uidnumber: 316
++gidnumber: 316
++homeDirectory: /home/uid316
++
++dn: cn=user317,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user317
++sn: user317
++uid: uid317
++givenname: givenname317
++description: description317
++userPassword: password317
++mail: uid317
++uidnumber: 317
++gidnumber: 317
++homeDirectory: /home/uid317
++
++dn: cn=user318,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user318
++sn: user318
++uid: uid318
++givenname: givenname318
++description: description318
++userPassword: password318
++mail: uid318
++uidnumber: 318
++gidnumber: 318
++homeDirectory: /home/uid318
++
++dn: cn=user319,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user319
++sn: user319
++uid: uid319
++givenname: givenname319
++description: description319
++userPassword: password319
++mail: uid319
++uidnumber: 319
++gidnumber: 319
++homeDirectory: /home/uid319
++
++dn: cn=user320,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user320
++sn: user320
++uid: uid320
++givenname: givenname320
++description: description320
++userPassword: password320
++mail: uid320
++uidnumber: 320
++gidnumber: 320
++homeDirectory: /home/uid320
++
++dn: cn=user321,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user321
++sn: user321
++uid: uid321
++givenname: givenname321
++description: description321
++userPassword: password321
++mail: uid321
++uidnumber: 321
++gidnumber: 321
++homeDirectory: /home/uid321
++
++dn: cn=user322,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user322
++sn: user322
++uid: uid322
++givenname: givenname322
++description: description322
++userPassword: password322
++mail: uid322
++uidnumber: 322
++gidnumber: 322
++homeDirectory: /home/uid322
++
++dn: cn=user323,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user323
++sn: user323
++uid: uid323
++givenname: givenname323
++description: description323
++userPassword: password323
++mail: uid323
++uidnumber: 323
++gidnumber: 323
++homeDirectory: /home/uid323
++
++dn: cn=user324,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user324
++sn: user324
++uid: uid324
++givenname: givenname324
++description: description324
++userPassword: password324
++mail: uid324
++uidnumber: 324
++gidnumber: 324
++homeDirectory: /home/uid324
++
++dn: cn=user325,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user325
++sn: user325
++uid: uid325
++givenname: givenname325
++description: description325
++userPassword: password325
++mail: uid325
++uidnumber: 325
++gidnumber: 325
++homeDirectory: /home/uid325
++
++dn: cn=user326,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user326
++sn: user326
++uid: uid326
++givenname: givenname326
++description: description326
++userPassword: password326
++mail: uid326
++uidnumber: 326
++gidnumber: 326
++homeDirectory: /home/uid326
++
++dn: cn=user327,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user327
++sn: user327
++uid: uid327
++givenname: givenname327
++description: description327
++userPassword: password327
++mail: uid327
++uidnumber: 327
++gidnumber: 327
++homeDirectory: /home/uid327
++
++dn: cn=user328,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user328
++sn: user328
++uid: uid328
++givenname: givenname328
++description: description328
++userPassword: password328
++mail: uid328
++uidnumber: 328
++gidnumber: 328
++homeDirectory: /home/uid328
++
++dn: cn=user329,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user329
++sn: user329
++uid: uid329
++givenname: givenname329
++description: description329
++userPassword: password329
++mail: uid329
++uidnumber: 329
++gidnumber: 329
++homeDirectory: /home/uid329
++
++dn: cn=user330,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user330
++sn: user330
++uid: uid330
++givenname: givenname330
++description: description330
++userPassword: password330
++mail: uid330
++uidnumber: 330
++gidnumber: 330
++homeDirectory: /home/uid330
++
++dn: cn=user331,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user331
++sn: user331
++uid: uid331
++givenname: givenname331
++description: description331
++userPassword: password331
++mail: uid331
++uidnumber: 331
++gidnumber: 331
++homeDirectory: /home/uid331
++
++dn: cn=user332,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user332
++sn: user332
++uid: uid332
++givenname: givenname332
++description: description332
++userPassword: password332
++mail: uid332
++uidnumber: 332
++gidnumber: 332
++homeDirectory: /home/uid332
++
++dn: cn=user333,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user333
++sn: user333
++uid: uid333
++givenname: givenname333
++description: description333
++userPassword: password333
++mail: uid333
++uidnumber: 333
++gidnumber: 333
++homeDirectory: /home/uid333
++
++dn: cn=user334,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user334
++sn: user334
++uid: uid334
++givenname: givenname334
++description: description334
++userPassword: password334
++mail: uid334
++uidnumber: 334
++gidnumber: 334
++homeDirectory: /home/uid334
++
++dn: cn=user335,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user335
++sn: user335
++uid: uid335
++givenname: givenname335
++description: description335
++userPassword: password335
++mail: uid335
++uidnumber: 335
++gidnumber: 335
++homeDirectory: /home/uid335
++
++dn: cn=user336,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user336
++sn: user336
++uid: uid336
++givenname: givenname336
++description: description336
++userPassword: password336
++mail: uid336
++uidnumber: 336
++gidnumber: 336
++homeDirectory: /home/uid336
++
++dn: cn=user337,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user337
++sn: user337
++uid: uid337
++givenname: givenname337
++description: description337
++userPassword: password337
++mail: uid337
++uidnumber: 337
++gidnumber: 337
++homeDirectory: /home/uid337
++
++dn: cn=user338,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user338
++sn: user338
++uid: uid338
++givenname: givenname338
++description: description338
++userPassword: password338
++mail: uid338
++uidnumber: 338
++gidnumber: 338
++homeDirectory: /home/uid338
++
++dn: cn=user339,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user339
++sn: user339
++uid: uid339
++givenname: givenname339
++description: description339
++userPassword: password339
++mail: uid339
++uidnumber: 339
++gidnumber: 339
++homeDirectory: /home/uid339
++
++dn: cn=user340,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user340
++sn: user340
++uid: uid340
++givenname: givenname340
++description: description340
++userPassword: password340
++mail: uid340
++uidnumber: 340
++gidnumber: 340
++homeDirectory: /home/uid340
++
++dn: cn=user341,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user341
++sn: user341
++uid: uid341
++givenname: givenname341
++description: description341
++userPassword: password341
++mail: uid341
++uidnumber: 341
++gidnumber: 341
++homeDirectory: /home/uid341
++
++dn: cn=user342,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user342
++sn: user342
++uid: uid342
++givenname: givenname342
++description: description342
++userPassword: password342
++mail: uid342
++uidnumber: 342
++gidnumber: 342
++homeDirectory: /home/uid342
++
++dn: cn=user343,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user343
++sn: user343
++uid: uid343
++givenname: givenname343
++description: description343
++userPassword: password343
++mail: uid343
++uidnumber: 343
++gidnumber: 343
++homeDirectory: /home/uid343
++
++dn: cn=user344,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user344
++sn: user344
++uid: uid344
++givenname: givenname344
++description: description344
++userPassword: password344
++mail: uid344
++uidnumber: 344
++gidnumber: 344
++homeDirectory: /home/uid344
++
++dn: cn=user345,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user345
++sn: user345
++uid: uid345
++givenname: givenname345
++description: description345
++userPassword: password345
++mail: uid345
++uidnumber: 345
++gidnumber: 345
++homeDirectory: /home/uid345
++
++dn: cn=user346,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user346
++sn: user346
++uid: uid346
++givenname: givenname346
++description: description346
++userPassword: password346
++mail: uid346
++uidnumber: 346
++gidnumber: 346
++homeDirectory: /home/uid346
++
++dn: cn=user347,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user347
++sn: user347
++uid: uid347
++givenname: givenname347
++description: description347
++userPassword: password347
++mail: uid347
++uidnumber: 347
++gidnumber: 347
++homeDirectory: /home/uid347
++
++dn: cn=user348,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user348
++sn: user348
++uid: uid348
++givenname: givenname348
++description: description348
++userPassword: password348
++mail: uid348
++uidnumber: 348
++gidnumber: 348
++homeDirectory: /home/uid348
++
++dn: cn=user349,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user349
++sn: user349
++uid: uid349
++givenname: givenname349
++description: description349
++userPassword: password349
++mail: uid349
++uidnumber: 349
++gidnumber: 349
++homeDirectory: /home/uid349
++
++dn: cn=user350,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user350
++sn: user350
++uid: uid350
++givenname: givenname350
++description: description350
++userPassword: password350
++mail: uid350
++uidnumber: 350
++gidnumber: 350
++homeDirectory: /home/uid350
++
++dn: cn=user351,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user351
++sn: user351
++uid: uid351
++givenname: givenname351
++description: description351
++userPassword: password351
++mail: uid351
++uidnumber: 351
++gidnumber: 351
++homeDirectory: /home/uid351
++
++dn: cn=user352,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user352
++sn: user352
++uid: uid352
++givenname: givenname352
++description: description352
++userPassword: password352
++mail: uid352
++uidnumber: 352
++gidnumber: 352
++homeDirectory: /home/uid352
++
++dn: cn=user353,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user353
++sn: user353
++uid: uid353
++givenname: givenname353
++description: description353
++userPassword: password353
++mail: uid353
++uidnumber: 353
++gidnumber: 353
++homeDirectory: /home/uid353
++
++dn: cn=user354,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user354
++sn: user354
++uid: uid354
++givenname: givenname354
++description: description354
++userPassword: password354
++mail: uid354
++uidnumber: 354
++gidnumber: 354
++homeDirectory: /home/uid354
++
++dn: cn=user355,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user355
++sn: user355
++uid: uid355
++givenname: givenname355
++description: description355
++userPassword: password355
++mail: uid355
++uidnumber: 355
++gidnumber: 355
++homeDirectory: /home/uid355
++
++dn: cn=user356,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user356
++sn: user356
++uid: uid356
++givenname: givenname356
++description: description356
++userPassword: password356
++mail: uid356
++uidnumber: 356
++gidnumber: 356
++homeDirectory: /home/uid356
++
++dn: cn=user357,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user357
++sn: user357
++uid: uid357
++givenname: givenname357
++description: description357
++userPassword: password357
++mail: uid357
++uidnumber: 357
++gidnumber: 357
++homeDirectory: /home/uid357
++
++dn: cn=user358,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user358
++sn: user358
++uid: uid358
++givenname: givenname358
++description: description358
++userPassword: password358
++mail: uid358
++uidnumber: 358
++gidnumber: 358
++homeDirectory: /home/uid358
++
++dn: cn=user359,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user359
++sn: user359
++uid: uid359
++givenname: givenname359
++description: description359
++userPassword: password359
++mail: uid359
++uidnumber: 359
++gidnumber: 359
++homeDirectory: /home/uid359
++
++dn: cn=user360,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user360
++sn: user360
++uid: uid360
++givenname: givenname360
++description: description360
++userPassword: password360
++mail: uid360
++uidnumber: 360
++gidnumber: 360
++homeDirectory: /home/uid360
++
++dn: cn=user361,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user361
++sn: user361
++uid: uid361
++givenname: givenname361
++description: description361
++userPassword: password361
++mail: uid361
++uidnumber: 361
++gidnumber: 361
++homeDirectory: /home/uid361
++
++dn: cn=user362,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user362
++sn: user362
++uid: uid362
++givenname: givenname362
++description: description362
++userPassword: password362
++mail: uid362
++uidnumber: 362
++gidnumber: 362
++homeDirectory: /home/uid362
++
++dn: cn=user363,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user363
++sn: user363
++uid: uid363
++givenname: givenname363
++description: description363
++userPassword: password363
++mail: uid363
++uidnumber: 363
++gidnumber: 363
++homeDirectory: /home/uid363
++
++dn: cn=user364,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user364
++sn: user364
++uid: uid364
++givenname: givenname364
++description: description364
++userPassword: password364
++mail: uid364
++uidnumber: 364
++gidnumber: 364
++homeDirectory: /home/uid364
++
++dn: cn=user365,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user365
++sn: user365
++uid: uid365
++givenname: givenname365
++description: description365
++userPassword: password365
++mail: uid365
++uidnumber: 365
++gidnumber: 365
++homeDirectory: /home/uid365
++
++dn: cn=user366,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user366
++sn: user366
++uid: uid366
++givenname: givenname366
++description: description366
++userPassword: password366
++mail: uid366
++uidnumber: 366
++gidnumber: 366
++homeDirectory: /home/uid366
++
++dn: cn=user367,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user367
++sn: user367
++uid: uid367
++givenname: givenname367
++description: description367
++userPassword: password367
++mail: uid367
++uidnumber: 367
++gidnumber: 367
++homeDirectory: /home/uid367
++
++dn: cn=user368,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user368
++sn: user368
++uid: uid368
++givenname: givenname368
++description: description368
++userPassword: password368
++mail: uid368
++uidnumber: 368
++gidnumber: 368
++homeDirectory: /home/uid368
++
++dn: cn=user369,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user369
++sn: user369
++uid: uid369
++givenname: givenname369
++description: description369
++userPassword: password369
++mail: uid369
++uidnumber: 369
++gidnumber: 369
++homeDirectory: /home/uid369
++
++dn: cn=user370,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user370
++sn: user370
++uid: uid370
++givenname: givenname370
++description: description370
++userPassword: password370
++mail: uid370
++uidnumber: 370
++gidnumber: 370
++homeDirectory: /home/uid370
++
++dn: cn=user371,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user371
++sn: user371
++uid: uid371
++givenname: givenname371
++description: description371
++userPassword: password371
++mail: uid371
++uidnumber: 371
++gidnumber: 371
++homeDirectory: /home/uid371
++
++dn: cn=user372,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user372
++sn: user372
++uid: uid372
++givenname: givenname372
++description: description372
++userPassword: password372
++mail: uid372
++uidnumber: 372
++gidnumber: 372
++homeDirectory: /home/uid372
++
++dn: cn=user373,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user373
++sn: user373
++uid: uid373
++givenname: givenname373
++description: description373
++userPassword: password373
++mail: uid373
++uidnumber: 373
++gidnumber: 373
++homeDirectory: /home/uid373
++
++dn: cn=user374,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user374
++sn: user374
++uid: uid374
++givenname: givenname374
++description: description374
++userPassword: password374
++mail: uid374
++uidnumber: 374
++gidnumber: 374
++homeDirectory: /home/uid374
++
++dn: cn=user375,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user375
++sn: user375
++uid: uid375
++givenname: givenname375
++description: description375
++userPassword: password375
++mail: uid375
++uidnumber: 375
++gidnumber: 375
++homeDirectory: /home/uid375
++
++dn: cn=user376,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user376
++sn: user376
++uid: uid376
++givenname: givenname376
++description: description376
++userPassword: password376
++mail: uid376
++uidnumber: 376
++gidnumber: 376
++homeDirectory: /home/uid376
++
++dn: cn=user377,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user377
++sn: user377
++uid: uid377
++givenname: givenname377
++description: description377
++userPassword: password377
++mail: uid377
++uidnumber: 377
++gidnumber: 377
++homeDirectory: /home/uid377
++
++dn: cn=user378,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user378
++sn: user378
++uid: uid378
++givenname: givenname378
++description: description378
++userPassword: password378
++mail: uid378
++uidnumber: 378
++gidnumber: 378
++homeDirectory: /home/uid378
++
++dn: cn=user379,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user379
++sn: user379
++uid: uid379
++givenname: givenname379
++description: description379
++userPassword: password379
++mail: uid379
++uidnumber: 379
++gidnumber: 379
++homeDirectory: /home/uid379
++
++dn: cn=user380,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user380
++sn: user380
++uid: uid380
++givenname: givenname380
++description: description380
++userPassword: password380
++mail: uid380
++uidnumber: 380
++gidnumber: 380
++homeDirectory: /home/uid380
++
++dn: cn=user381,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user381
++sn: user381
++uid: uid381
++givenname: givenname381
++description: description381
++userPassword: password381
++mail: uid381
++uidnumber: 381
++gidnumber: 381
++homeDirectory: /home/uid381
++
++dn: cn=user382,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user382
++sn: user382
++uid: uid382
++givenname: givenname382
++description: description382
++userPassword: password382
++mail: uid382
++uidnumber: 382
++gidnumber: 382
++homeDirectory: /home/uid382
++
++dn: cn=user383,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user383
++sn: user383
++uid: uid383
++givenname: givenname383
++description: description383
++userPassword: password383
++mail: uid383
++uidnumber: 383
++gidnumber: 383
++homeDirectory: /home/uid383
++
++dn: cn=user384,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user384
++sn: user384
++uid: uid384
++givenname: givenname384
++description: description384
++userPassword: password384
++mail: uid384
++uidnumber: 384
++gidnumber: 384
++homeDirectory: /home/uid384
++
++dn: cn=user385,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user385
++sn: user385
++uid: uid385
++givenname: givenname385
++description: description385
++userPassword: password385
++mail: uid385
++uidnumber: 385
++gidnumber: 385
++homeDirectory: /home/uid385
++
++dn: cn=user386,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user386
++sn: user386
++uid: uid386
++givenname: givenname386
++description: description386
++userPassword: password386
++mail: uid386
++uidnumber: 386
++gidnumber: 386
++homeDirectory: /home/uid386
++
++dn: cn=user387,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user387
++sn: user387
++uid: uid387
++givenname: givenname387
++description: description387
++userPassword: password387
++mail: uid387
++uidnumber: 387
++gidnumber: 387
++homeDirectory: /home/uid387
++
++dn: cn=user388,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user388
++sn: user388
++uid: uid388
++givenname: givenname388
++description: description388
++userPassword: password388
++mail: uid388
++uidnumber: 388
++gidnumber: 388
++homeDirectory: /home/uid388
++
++dn: cn=user389,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user389
++sn: user389
++uid: uid389
++givenname: givenname389
++description: description389
++userPassword: password389
++mail: uid389
++uidnumber: 389
++gidnumber: 389
++homeDirectory: /home/uid389
++
++dn: cn=user390,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user390
++sn: user390
++uid: uid390
++givenname: givenname390
++description: description390
++userPassword: password390
++mail: uid390
++uidnumber: 390
++gidnumber: 390
++homeDirectory: /home/uid390
++
++dn: cn=user391,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user391
++sn: user391
++uid: uid391
++givenname: givenname391
++description: description391
++userPassword: password391
++mail: uid391
++uidnumber: 391
++gidnumber: 391
++homeDirectory: /home/uid391
++
++dn: cn=user392,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user392
++sn: user392
++uid: uid392
++givenname: givenname392
++description: description392
++userPassword: password392
++mail: uid392
++uidnumber: 392
++gidnumber: 392
++homeDirectory: /home/uid392
++
++dn: cn=user393,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user393
++sn: user393
++uid: uid393
++givenname: givenname393
++description: description393
++userPassword: password393
++mail: uid393
++uidnumber: 393
++gidnumber: 393
++homeDirectory: /home/uid393
++
++dn: cn=user394,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user394
++sn: user394
++uid: uid394
++givenname: givenname394
++description: description394
++userPassword: password394
++mail: uid394
++uidnumber: 394
++gidnumber: 394
++homeDirectory: /home/uid394
++
++dn: cn=user395,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user395
++sn: user395
++uid: uid395
++givenname: givenname395
++description: description395
++userPassword: password395
++mail: uid395
++uidnumber: 395
++gidnumber: 395
++homeDirectory: /home/uid395
++
++dn: cn=user396,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user396
++sn: user396
++uid: uid396
++givenname: givenname396
++description: description396
++userPassword: password396
++mail: uid396
++uidnumber: 396
++gidnumber: 396
++homeDirectory: /home/uid396
++
++dn: cn=user397,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user397
++sn: user397
++uid: uid397
++givenname: givenname397
++description: description397
++userPassword: password397
++mail: uid397
++uidnumber: 397
++gidnumber: 397
++homeDirectory: /home/uid397
++
++dn: cn=user398,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user398
++sn: user398
++uid: uid398
++givenname: givenname398
++description: description398
++userPassword: password398
++mail: uid398
++uidnumber: 398
++gidnumber: 398
++homeDirectory: /home/uid398
++
++dn: cn=user399,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user399
++sn: user399
++uid: uid399
++givenname: givenname399
++description: description399
++userPassword: password399
++mail: uid399
++uidnumber: 399
++gidnumber: 399
++homeDirectory: /home/uid399
++
++dn: cn=user400,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user400
++sn: user400
++uid: uid400
++givenname: givenname400
++description: description400
++userPassword: password400
++mail: uid400
++uidnumber: 400
++gidnumber: 400
++homeDirectory: /home/uid400
++
++dn: cn=user401,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user401
++sn: user401
++uid: uid401
++givenname: givenname401
++description: description401
++userPassword: password401
++mail: uid401
++uidnumber: 401
++gidnumber: 401
++homeDirectory: /home/uid401
++
++dn: cn=user402,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user402
++sn: user402
++uid: uid402
++givenname: givenname402
++description: description402
++userPassword: password402
++mail: uid402
++uidnumber: 402
++gidnumber: 402
++homeDirectory: /home/uid402
++
++dn: cn=user403,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user403
++sn: user403
++uid: uid403
++givenname: givenname403
++description: description403
++userPassword: password403
++mail: uid403
++uidnumber: 403
++gidnumber: 403
++homeDirectory: /home/uid403
++
++dn: cn=user404,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user404
++sn: user404
++uid: uid404
++givenname: givenname404
++description: description404
++userPassword: password404
++mail: uid404
++uidnumber: 404
++gidnumber: 404
++homeDirectory: /home/uid404
++
++dn: cn=user405,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user405
++sn: user405
++uid: uid405
++givenname: givenname405
++description: description405
++userPassword: password405
++mail: uid405
++uidnumber: 405
++gidnumber: 405
++homeDirectory: /home/uid405
++
++dn: cn=user406,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user406
++sn: user406
++uid: uid406
++givenname: givenname406
++description: description406
++userPassword: password406
++mail: uid406
++uidnumber: 406
++gidnumber: 406
++homeDirectory: /home/uid406
++
++dn: cn=user407,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user407
++sn: user407
++uid: uid407
++givenname: givenname407
++description: description407
++userPassword: password407
++mail: uid407
++uidnumber: 407
++gidnumber: 407
++homeDirectory: /home/uid407
++
++dn: cn=user408,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user408
++sn: user408
++uid: uid408
++givenname: givenname408
++description: description408
++userPassword: password408
++mail: uid408
++uidnumber: 408
++gidnumber: 408
++homeDirectory: /home/uid408
++
++dn: cn=user409,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user409
++sn: user409
++uid: uid409
++givenname: givenname409
++description: description409
++userPassword: password409
++mail: uid409
++uidnumber: 409
++gidnumber: 409
++homeDirectory: /home/uid409
++
++dn: cn=user410,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user410
++sn: user410
++uid: uid410
++givenname: givenname410
++description: description410
++userPassword: password410
++mail: uid410
++uidnumber: 410
++gidnumber: 410
++homeDirectory: /home/uid410
++
++dn: cn=user411,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user411
++sn: user411
++uid: uid411
++givenname: givenname411
++description: description411
++userPassword: password411
++mail: uid411
++uidnumber: 411
++gidnumber: 411
++homeDirectory: /home/uid411
++
++dn: cn=user412,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user412
++sn: user412
++uid: uid412
++givenname: givenname412
++description: description412
++userPassword: password412
++mail: uid412
++uidnumber: 412
++gidnumber: 412
++homeDirectory: /home/uid412
++
++dn: cn=user413,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user413
++sn: user413
++uid: uid413
++givenname: givenname413
++description: description413
++userPassword: password413
++mail: uid413
++uidnumber: 413
++gidnumber: 413
++homeDirectory: /home/uid413
++
++dn: cn=user414,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user414
++sn: user414
++uid: uid414
++givenname: givenname414
++description: description414
++userPassword: password414
++mail: uid414
++uidnumber: 414
++gidnumber: 414
++homeDirectory: /home/uid414
++
++dn: cn=user415,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user415
++sn: user415
++uid: uid415
++givenname: givenname415
++description: description415
++userPassword: password415
++mail: uid415
++uidnumber: 415
++gidnumber: 415
++homeDirectory: /home/uid415
++
++dn: cn=user416,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user416
++sn: user416
++uid: uid416
++givenname: givenname416
++description: description416
++userPassword: password416
++mail: uid416
++uidnumber: 416
++gidnumber: 416
++homeDirectory: /home/uid416
++
++dn: cn=user417,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user417
++sn: user417
++uid: uid417
++givenname: givenname417
++description: description417
++userPassword: password417
++mail: uid417
++uidnumber: 417
++gidnumber: 417
++homeDirectory: /home/uid417
++
++dn: cn=user418,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user418
++sn: user418
++uid: uid418
++givenname: givenname418
++description: description418
++userPassword: password418
++mail: uid418
++uidnumber: 418
++gidnumber: 418
++homeDirectory: /home/uid418
++
++dn: cn=user419,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user419
++sn: user419
++uid: uid419
++givenname: givenname419
++description: description419
++userPassword: password419
++mail: uid419
++uidnumber: 419
++gidnumber: 419
++homeDirectory: /home/uid419
++
++dn: cn=user420,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user420
++sn: user420
++uid: uid420
++givenname: givenname420
++description: description420
++userPassword: password420
++mail: uid420
++uidnumber: 420
++gidnumber: 420
++homeDirectory: /home/uid420
++
++dn: cn=user421,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user421
++sn: user421
++uid: uid421
++givenname: givenname421
++description: description421
++userPassword: password421
++mail: uid421
++uidnumber: 421
++gidnumber: 421
++homeDirectory: /home/uid421
++
++dn: cn=user422,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user422
++sn: user422
++uid: uid422
++givenname: givenname422
++description: description422
++userPassword: password422
++mail: uid422
++uidnumber: 422
++gidnumber: 422
++homeDirectory: /home/uid422
++
++dn: cn=user423,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user423
++sn: user423
++uid: uid423
++givenname: givenname423
++description: description423
++userPassword: password423
++mail: uid423
++uidnumber: 423
++gidnumber: 423
++homeDirectory: /home/uid423
++
++dn: cn=user424,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user424
++sn: user424
++uid: uid424
++givenname: givenname424
++description: description424
++userPassword: password424
++mail: uid424
++uidnumber: 424
++gidnumber: 424
++homeDirectory: /home/uid424
++
++dn: cn=user425,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user425
++sn: user425
++uid: uid425
++givenname: givenname425
++description: description425
++userPassword: password425
++mail: uid425
++uidnumber: 425
++gidnumber: 425
++homeDirectory: /home/uid425
++
++dn: cn=user426,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user426
++sn: user426
++uid: uid426
++givenname: givenname426
++description: description426
++userPassword: password426
++mail: uid426
++uidnumber: 426
++gidnumber: 426
++homeDirectory: /home/uid426
++
++dn: cn=user427,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user427
++sn: user427
++uid: uid427
++givenname: givenname427
++description: description427
++userPassword: password427
++mail: uid427
++uidnumber: 427
++gidnumber: 427
++homeDirectory: /home/uid427
++
++dn: cn=user428,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user428
++sn: user428
++uid: uid428
++givenname: givenname428
++description: description428
++userPassword: password428
++mail: uid428
++uidnumber: 428
++gidnumber: 428
++homeDirectory: /home/uid428
++
++dn: cn=user429,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user429
++sn: user429
++uid: uid429
++givenname: givenname429
++description: description429
++userPassword: password429
++mail: uid429
++uidnumber: 429
++gidnumber: 429
++homeDirectory: /home/uid429
++
++dn: cn=user430,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user430
++sn: user430
++uid: uid430
++givenname: givenname430
++description: description430
++userPassword: password430
++mail: uid430
++uidnumber: 430
++gidnumber: 430
++homeDirectory: /home/uid430
++
++dn: cn=user431,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user431
++sn: user431
++uid: uid431
++givenname: givenname431
++description: description431
++userPassword: password431
++mail: uid431
++uidnumber: 431
++gidnumber: 431
++homeDirectory: /home/uid431
++
++dn: cn=user432,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user432
++sn: user432
++uid: uid432
++givenname: givenname432
++description: description432
++userPassword: password432
++mail: uid432
++uidnumber: 432
++gidnumber: 432
++homeDirectory: /home/uid432
++
++dn: cn=user433,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user433
++sn: user433
++uid: uid433
++givenname: givenname433
++description: description433
++userPassword: password433
++mail: uid433
++uidnumber: 433
++gidnumber: 433
++homeDirectory: /home/uid433
++
++dn: cn=user434,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user434
++sn: user434
++uid: uid434
++givenname: givenname434
++description: description434
++userPassword: password434
++mail: uid434
++uidnumber: 434
++gidnumber: 434
++homeDirectory: /home/uid434
++
++dn: cn=user435,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user435
++sn: user435
++uid: uid435
++givenname: givenname435
++description: description435
++userPassword: password435
++mail: uid435
++uidnumber: 435
++gidnumber: 435
++homeDirectory: /home/uid435
++
++dn: cn=user436,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user436
++sn: user436
++uid: uid436
++givenname: givenname436
++description: description436
++userPassword: password436
++mail: uid436
++uidnumber: 436
++gidnumber: 436
++homeDirectory: /home/uid436
++
++dn: cn=user437,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user437
++sn: user437
++uid: uid437
++givenname: givenname437
++description: description437
++userPassword: password437
++mail: uid437
++uidnumber: 437
++gidnumber: 437
++homeDirectory: /home/uid437
++
++dn: cn=user438,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user438
++sn: user438
++uid: uid438
++givenname: givenname438
++description: description438
++userPassword: password438
++mail: uid438
++uidnumber: 438
++gidnumber: 438
++homeDirectory: /home/uid438
++
++dn: cn=user439,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user439
++sn: user439
++uid: uid439
++givenname: givenname439
++description: description439
++userPassword: password439
++mail: uid439
++uidnumber: 439
++gidnumber: 439
++homeDirectory: /home/uid439
++
++dn: cn=user440,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user440
++sn: user440
++uid: uid440
++givenname: givenname440
++description: description440
++userPassword: password440
++mail: uid440
++uidnumber: 440
++gidnumber: 440
++homeDirectory: /home/uid440
++
++dn: cn=user441,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user441
++sn: user441
++uid: uid441
++givenname: givenname441
++description: description441
++userPassword: password441
++mail: uid441
++uidnumber: 441
++gidnumber: 441
++homeDirectory: /home/uid441
++
++dn: cn=user442,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user442
++sn: user442
++uid: uid442
++givenname: givenname442
++description: description442
++userPassword: password442
++mail: uid442
++uidnumber: 442
++gidnumber: 442
++homeDirectory: /home/uid442
++
++dn: cn=user443,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user443
++sn: user443
++uid: uid443
++givenname: givenname443
++description: description443
++userPassword: password443
++mail: uid443
++uidnumber: 443
++gidnumber: 443
++homeDirectory: /home/uid443
++
++dn: cn=user444,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user444
++sn: user444
++uid: uid444
++givenname: givenname444
++description: description444
++userPassword: password444
++mail: uid444
++uidnumber: 444
++gidnumber: 444
++homeDirectory: /home/uid444
++
++dn: cn=user445,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user445
++sn: user445
++uid: uid445
++givenname: givenname445
++description: description445
++userPassword: password445
++mail: uid445
++uidnumber: 445
++gidnumber: 445
++homeDirectory: /home/uid445
++
++dn: cn=user446,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user446
++sn: user446
++uid: uid446
++givenname: givenname446
++description: description446
++userPassword: password446
++mail: uid446
++uidnumber: 446
++gidnumber: 446
++homeDirectory: /home/uid446
++
++dn: cn=user447,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user447
++sn: user447
++uid: uid447
++givenname: givenname447
++description: description447
++userPassword: password447
++mail: uid447
++uidnumber: 447
++gidnumber: 447
++homeDirectory: /home/uid447
++
++dn: cn=user448,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user448
++sn: user448
++uid: uid448
++givenname: givenname448
++description: description448
++userPassword: password448
++mail: uid448
++uidnumber: 448
++gidnumber: 448
++homeDirectory: /home/uid448
++
++dn: cn=user449,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user449
++sn: user449
++uid: uid449
++givenname: givenname449
++description: description449
++userPassword: password449
++mail: uid449
++uidnumber: 449
++gidnumber: 449
++homeDirectory: /home/uid449
++
++dn: cn=user450,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user450
++sn: user450
++uid: uid450
++givenname: givenname450
++description: description450
++userPassword: password450
++mail: uid450
++uidnumber: 450
++gidnumber: 450
++homeDirectory: /home/uid450
++
++dn: cn=user451,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user451
++sn: user451
++uid: uid451
++givenname: givenname451
++description: description451
++userPassword: password451
++mail: uid451
++uidnumber: 451
++gidnumber: 451
++homeDirectory: /home/uid451
++
++dn: cn=user452,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user452
++sn: user452
++uid: uid452
++givenname: givenname452
++description: description452
++userPassword: password452
++mail: uid452
++uidnumber: 452
++gidnumber: 452
++homeDirectory: /home/uid452
++
++dn: cn=user453,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user453
++sn: user453
++uid: uid453
++givenname: givenname453
++description: description453
++userPassword: password453
++mail: uid453
++uidnumber: 453
++gidnumber: 453
++homeDirectory: /home/uid453
++
++dn: cn=user454,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user454
++sn: user454
++uid: uid454
++givenname: givenname454
++description: description454
++userPassword: password454
++mail: uid454
++uidnumber: 454
++gidnumber: 454
++homeDirectory: /home/uid454
++
++dn: cn=user455,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user455
++sn: user455
++uid: uid455
++givenname: givenname455
++description: description455
++userPassword: password455
++mail: uid455
++uidnumber: 455
++gidnumber: 455
++homeDirectory: /home/uid455
++
++dn: cn=user456,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user456
++sn: user456
++uid: uid456
++givenname: givenname456
++description: description456
++userPassword: password456
++mail: uid456
++uidnumber: 456
++gidnumber: 456
++homeDirectory: /home/uid456
++
++dn: cn=user457,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user457
++sn: user457
++uid: uid457
++givenname: givenname457
++description: description457
++userPassword: password457
++mail: uid457
++uidnumber: 457
++gidnumber: 457
++homeDirectory: /home/uid457
++
++dn: cn=user458,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user458
++sn: user458
++uid: uid458
++givenname: givenname458
++description: description458
++userPassword: password458
++mail: uid458
++uidnumber: 458
++gidnumber: 458
++homeDirectory: /home/uid458
++
++dn: cn=user459,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user459
++sn: user459
++uid: uid459
++givenname: givenname459
++description: description459
++userPassword: password459
++mail: uid459
++uidnumber: 459
++gidnumber: 459
++homeDirectory: /home/uid459
++
++dn: cn=user460,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user460
++sn: user460
++uid: uid460
++givenname: givenname460
++description: description460
++userPassword: password460
++mail: uid460
++uidnumber: 460
++gidnumber: 460
++homeDirectory: /home/uid460
++
++dn: cn=user461,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user461
++sn: user461
++uid: uid461
++givenname: givenname461
++description: description461
++userPassword: password461
++mail: uid461
++uidnumber: 461
++gidnumber: 461
++homeDirectory: /home/uid461
++
++dn: cn=user462,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user462
++sn: user462
++uid: uid462
++givenname: givenname462
++description: description462
++userPassword: password462
++mail: uid462
++uidnumber: 462
++gidnumber: 462
++homeDirectory: /home/uid462
++
++dn: cn=user463,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user463
++sn: user463
++uid: uid463
++givenname: givenname463
++description: description463
++userPassword: password463
++mail: uid463
++uidnumber: 463
++gidnumber: 463
++homeDirectory: /home/uid463
++
++dn: cn=user464,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user464
++sn: user464
++uid: uid464
++givenname: givenname464
++description: description464
++userPassword: password464
++mail: uid464
++uidnumber: 464
++gidnumber: 464
++homeDirectory: /home/uid464
++
++dn: cn=user465,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user465
++sn: user465
++uid: uid465
++givenname: givenname465
++description: description465
++userPassword: password465
++mail: uid465
++uidnumber: 465
++gidnumber: 465
++homeDirectory: /home/uid465
++
++dn: cn=user466,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user466
++sn: user466
++uid: uid466
++givenname: givenname466
++description: description466
++userPassword: password466
++mail: uid466
++uidnumber: 466
++gidnumber: 466
++homeDirectory: /home/uid466
++
++dn: cn=user467,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user467
++sn: user467
++uid: uid467
++givenname: givenname467
++description: description467
++userPassword: password467
++mail: uid467
++uidnumber: 467
++gidnumber: 467
++homeDirectory: /home/uid467
++
++dn: cn=user468,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user468
++sn: user468
++uid: uid468
++givenname: givenname468
++description: description468
++userPassword: password468
++mail: uid468
++uidnumber: 468
++gidnumber: 468
++homeDirectory: /home/uid468
++
++dn: cn=user469,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user469
++sn: user469
++uid: uid469
++givenname: givenname469
++description: description469
++userPassword: password469
++mail: uid469
++uidnumber: 469
++gidnumber: 469
++homeDirectory: /home/uid469
++
++dn: cn=user470,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user470
++sn: user470
++uid: uid470
++givenname: givenname470
++description: description470
++userPassword: password470
++mail: uid470
++uidnumber: 470
++gidnumber: 470
++homeDirectory: /home/uid470
++
++dn: cn=user471,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user471
++sn: user471
++uid: uid471
++givenname: givenname471
++description: description471
++userPassword: password471
++mail: uid471
++uidnumber: 471
++gidnumber: 471
++homeDirectory: /home/uid471
++
++dn: cn=user472,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user472
++sn: user472
++uid: uid472
++givenname: givenname472
++description: description472
++userPassword: password472
++mail: uid472
++uidnumber: 472
++gidnumber: 472
++homeDirectory: /home/uid472
++
++dn: cn=user473,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user473
++sn: user473
++uid: uid473
++givenname: givenname473
++description: description473
++userPassword: password473
++mail: uid473
++uidnumber: 473
++gidnumber: 473
++homeDirectory: /home/uid473
++
++dn: cn=user474,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user474
++sn: user474
++uid: uid474
++givenname: givenname474
++description: description474
++userPassword: password474
++mail: uid474
++uidnumber: 474
++gidnumber: 474
++homeDirectory: /home/uid474
++
++dn: cn=user475,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user475
++sn: user475
++uid: uid475
++givenname: givenname475
++description: description475
++userPassword: password475
++mail: uid475
++uidnumber: 475
++gidnumber: 475
++homeDirectory: /home/uid475
++
++dn: cn=user476,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user476
++sn: user476
++uid: uid476
++givenname: givenname476
++description: description476
++userPassword: password476
++mail: uid476
++uidnumber: 476
++gidnumber: 476
++homeDirectory: /home/uid476
++
++dn: cn=user477,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user477
++sn: user477
++uid: uid477
++givenname: givenname477
++description: description477
++userPassword: password477
++mail: uid477
++uidnumber: 477
++gidnumber: 477
++homeDirectory: /home/uid477
++
++dn: cn=user478,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user478
++sn: user478
++uid: uid478
++givenname: givenname478
++description: description478
++userPassword: password478
++mail: uid478
++uidnumber: 478
++gidnumber: 478
++homeDirectory: /home/uid478
++
++dn: cn=user479,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user479
++sn: user479
++uid: uid479
++givenname: givenname479
++description: description479
++userPassword: password479
++mail: uid479
++uidnumber: 479
++gidnumber: 479
++homeDirectory: /home/uid479
++
++dn: cn=user480,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user480
++sn: user480
++uid: uid480
++givenname: givenname480
++description: description480
++userPassword: password480
++mail: uid480
++uidnumber: 480
++gidnumber: 480
++homeDirectory: /home/uid480
++
++dn: cn=user481,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user481
++sn: user481
++uid: uid481
++givenname: givenname481
++description: description481
++userPassword: password481
++mail: uid481
++uidnumber: 481
++gidnumber: 481
++homeDirectory: /home/uid481
++
++dn: cn=user482,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user482
++sn: user482
++uid: uid482
++givenname: givenname482
++description: description482
++userPassword: password482
++mail: uid482
++uidnumber: 482
++gidnumber: 482
++homeDirectory: /home/uid482
++
++dn: cn=user483,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user483
++sn: user483
++uid: uid483
++givenname: givenname483
++description: description483
++userPassword: password483
++mail: uid483
++uidnumber: 483
++gidnumber: 483
++homeDirectory: /home/uid483
++
++dn: cn=user484,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user484
++sn: user484
++uid: uid484
++givenname: givenname484
++description: description484
++userPassword: password484
++mail: uid484
++uidnumber: 484
++gidnumber: 484
++homeDirectory: /home/uid484
++
++dn: cn=user485,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user485
++sn: user485
++uid: uid485
++givenname: givenname485
++description: description485
++userPassword: password485
++mail: uid485
++uidnumber: 485
++gidnumber: 485
++homeDirectory: /home/uid485
++
++dn: cn=user486,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user486
++sn: user486
++uid: uid486
++givenname: givenname486
++description: description486
++userPassword: password486
++mail: uid486
++uidnumber: 486
++gidnumber: 486
++homeDirectory: /home/uid486
++
++dn: cn=user487,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user487
++sn: user487
++uid: uid487
++givenname: givenname487
++description: description487
++userPassword: password487
++mail: uid487
++uidnumber: 487
++gidnumber: 487
++homeDirectory: /home/uid487
++
++dn: cn=user488,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user488
++sn: user488
++uid: uid488
++givenname: givenname488
++description: description488
++userPassword: password488
++mail: uid488
++uidnumber: 488
++gidnumber: 488
++homeDirectory: /home/uid488
++
++dn: cn=user489,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user489
++sn: user489
++uid: uid489
++givenname: givenname489
++description: description489
++userPassword: password489
++mail: uid489
++uidnumber: 489
++gidnumber: 489
++homeDirectory: /home/uid489
++
++dn: cn=user490,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user490
++sn: user490
++uid: uid490
++givenname: givenname490
++description: description490
++userPassword: password490
++mail: uid490
++uidnumber: 490
++gidnumber: 490
++homeDirectory: /home/uid490
++
++dn: cn=user491,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user491
++sn: user491
++uid: uid491
++givenname: givenname491
++description: description491
++userPassword: password491
++mail: uid491
++uidnumber: 491
++gidnumber: 491
++homeDirectory: /home/uid491
++
++dn: cn=user492,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user492
++sn: user492
++uid: uid492
++givenname: givenname492
++description: description492
++userPassword: password492
++mail: uid492
++uidnumber: 492
++gidnumber: 492
++homeDirectory: /home/uid492
++
++dn: cn=user493,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user493
++sn: user493
++uid: uid493
++givenname: givenname493
++description: description493
++userPassword: password493
++mail: uid493
++uidnumber: 493
++gidnumber: 493
++homeDirectory: /home/uid493
++
++dn: cn=user494,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user494
++sn: user494
++uid: uid494
++givenname: givenname494
++description: description494
++userPassword: password494
++mail: uid494
++uidnumber: 494
++gidnumber: 494
++homeDirectory: /home/uid494
++
++dn: cn=user495,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user495
++sn: user495
++uid: uid495
++givenname: givenname495
++description: description495
++userPassword: password495
++mail: uid495
++uidnumber: 495
++gidnumber: 495
++homeDirectory: /home/uid495
++
++dn: cn=user496,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user496
++sn: user496
++uid: uid496
++givenname: givenname496
++description: description496
++userPassword: password496
++mail: uid496
++uidnumber: 496
++gidnumber: 496
++homeDirectory: /home/uid496
++
++dn: cn=user497,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user497
++sn: user497
++uid: uid497
++givenname: givenname497
++description: description497
++userPassword: password497
++mail: uid497
++uidnumber: 497
++gidnumber: 497
++homeDirectory: /home/uid497
++
++dn: cn=user498,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user498
++sn: user498
++uid: uid498
++givenname: givenname498
++description: description498
++userPassword: password498
++mail: uid498
++uidnumber: 498
++gidnumber: 498
++homeDirectory: /home/uid498
++
++dn: cn=user499,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user499
++sn: user499
++uid: uid499
++givenname: givenname499
++description: description499
++userPassword: password499
++mail: uid499
++uidnumber: 499
++gidnumber: 499
++homeDirectory: /home/uid499
++
++dn: cn=user500,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user500
++sn: user500
++uid: uid500
++givenname: givenname500
++description: description500
++userPassword: password500
++mail: uid500
++uidnumber: 500
++gidnumber: 500
++homeDirectory: /home/uid500
++
++dn: cn=user501,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user501
++sn: user501
++uid: uid501
++givenname: givenname501
++description: description501
++userPassword: password501
++mail: uid501
++uidnumber: 501
++gidnumber: 501
++homeDirectory: /home/uid501
++
++dn: cn=user502,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user502
++sn: user502
++uid: uid502
++givenname: givenname502
++description: description502
++userPassword: password502
++mail: uid502
++uidnumber: 502
++gidnumber: 502
++homeDirectory: /home/uid502
++
++dn: cn=user503,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user503
++sn: user503
++uid: uid503
++givenname: givenname503
++description: description503
++userPassword: password503
++mail: uid503
++uidnumber: 503
++gidnumber: 503
++homeDirectory: /home/uid503
++
++dn: cn=user504,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user504
++sn: user504
++uid: uid504
++givenname: givenname504
++description: description504
++userPassword: password504
++mail: uid504
++uidnumber: 504
++gidnumber: 504
++homeDirectory: /home/uid504
++
++dn: cn=user505,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user505
++sn: user505
++uid: uid505
++givenname: givenname505
++description: description505
++userPassword: password505
++mail: uid505
++uidnumber: 505
++gidnumber: 505
++homeDirectory: /home/uid505
++
++dn: cn=user506,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user506
++sn: user506
++uid: uid506
++givenname: givenname506
++description: description506
++userPassword: password506
++mail: uid506
++uidnumber: 506
++gidnumber: 506
++homeDirectory: /home/uid506
++
++dn: cn=user507,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user507
++sn: user507
++uid: uid507
++givenname: givenname507
++description: description507
++userPassword: password507
++mail: uid507
++uidnumber: 507
++gidnumber: 507
++homeDirectory: /home/uid507
++
++dn: cn=user508,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user508
++sn: user508
++uid: uid508
++givenname: givenname508
++description: description508
++userPassword: password508
++mail: uid508
++uidnumber: 508
++gidnumber: 508
++homeDirectory: /home/uid508
++
++dn: cn=user509,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user509
++sn: user509
++uid: uid509
++givenname: givenname509
++description: description509
++userPassword: password509
++mail: uid509
++uidnumber: 509
++gidnumber: 509
++homeDirectory: /home/uid509
++
++dn: cn=user510,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user510
++sn: user510
++uid: uid510
++givenname: givenname510
++description: description510
++userPassword: password510
++mail: uid510
++uidnumber: 510
++gidnumber: 510
++homeDirectory: /home/uid510
++
++dn: cn=user511,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user511
++sn: user511
++uid: uid511
++givenname: givenname511
++description: description511
++userPassword: password511
++mail: uid511
++uidnumber: 511
++gidnumber: 511
++homeDirectory: /home/uid511
++
++dn: cn=user512,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user512
++sn: user512
++uid: uid512
++givenname: givenname512
++description: description512
++userPassword: password512
++mail: uid512
++uidnumber: 512
++gidnumber: 512
++homeDirectory: /home/uid512
++
++dn: cn=user513,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user513
++sn: user513
++uid: uid513
++givenname: givenname513
++description: description513
++userPassword: password513
++mail: uid513
++uidnumber: 513
++gidnumber: 513
++homeDirectory: /home/uid513
++
++dn: cn=user514,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user514
++sn: user514
++uid: uid514
++givenname: givenname514
++description: description514
++userPassword: password514
++mail: uid514
++uidnumber: 514
++gidnumber: 514
++homeDirectory: /home/uid514
++
++dn: cn=user515,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user515
++sn: user515
++uid: uid515
++givenname: givenname515
++description: description515
++userPassword: password515
++mail: uid515
++uidnumber: 515
++gidnumber: 515
++homeDirectory: /home/uid515
++
++dn: cn=user516,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user516
++sn: user516
++uid: uid516
++givenname: givenname516
++description: description516
++userPassword: password516
++mail: uid516
++uidnumber: 516
++gidnumber: 516
++homeDirectory: /home/uid516
++
++dn: cn=user517,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user517
++sn: user517
++uid: uid517
++givenname: givenname517
++description: description517
++userPassword: password517
++mail: uid517
++uidnumber: 517
++gidnumber: 517
++homeDirectory: /home/uid517
++
++dn: cn=user518,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user518
++sn: user518
++uid: uid518
++givenname: givenname518
++description: description518
++userPassword: password518
++mail: uid518
++uidnumber: 518
++gidnumber: 518
++homeDirectory: /home/uid518
++
++dn: cn=user519,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user519
++sn: user519
++uid: uid519
++givenname: givenname519
++description: description519
++userPassword: password519
++mail: uid519
++uidnumber: 519
++gidnumber: 519
++homeDirectory: /home/uid519
++
++dn: cn=user520,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user520
++sn: user520
++uid: uid520
++givenname: givenname520
++description: description520
++userPassword: password520
++mail: uid520
++uidnumber: 520
++gidnumber: 520
++homeDirectory: /home/uid520
++
++dn: cn=user521,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user521
++sn: user521
++uid: uid521
++givenname: givenname521
++description: description521
++userPassword: password521
++mail: uid521
++uidnumber: 521
++gidnumber: 521
++homeDirectory: /home/uid521
++
++dn: cn=user522,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user522
++sn: user522
++uid: uid522
++givenname: givenname522
++description: description522
++userPassword: password522
++mail: uid522
++uidnumber: 522
++gidnumber: 522
++homeDirectory: /home/uid522
++
++dn: cn=user523,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user523
++sn: user523
++uid: uid523
++givenname: givenname523
++description: description523
++userPassword: password523
++mail: uid523
++uidnumber: 523
++gidnumber: 523
++homeDirectory: /home/uid523
++
++dn: cn=user524,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user524
++sn: user524
++uid: uid524
++givenname: givenname524
++description: description524
++userPassword: password524
++mail: uid524
++uidnumber: 524
++gidnumber: 524
++homeDirectory: /home/uid524
++
++dn: cn=user525,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user525
++sn: user525
++uid: uid525
++givenname: givenname525
++description: description525
++userPassword: password525
++mail: uid525
++uidnumber: 525
++gidnumber: 525
++homeDirectory: /home/uid525
++
++dn: cn=user526,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user526
++sn: user526
++uid: uid526
++givenname: givenname526
++description: description526
++userPassword: password526
++mail: uid526
++uidnumber: 526
++gidnumber: 526
++homeDirectory: /home/uid526
++
++dn: cn=user527,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user527
++sn: user527
++uid: uid527
++givenname: givenname527
++description: description527
++userPassword: password527
++mail: uid527
++uidnumber: 527
++gidnumber: 527
++homeDirectory: /home/uid527
++
++dn: cn=user528,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user528
++sn: user528
++uid: uid528
++givenname: givenname528
++description: description528
++userPassword: password528
++mail: uid528
++uidnumber: 528
++gidnumber: 528
++homeDirectory: /home/uid528
++
++dn: cn=user529,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user529
++sn: user529
++uid: uid529
++givenname: givenname529
++description: description529
++userPassword: password529
++mail: uid529
++uidnumber: 529
++gidnumber: 529
++homeDirectory: /home/uid529
++
++dn: cn=user530,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user530
++sn: user530
++uid: uid530
++givenname: givenname530
++description: description530
++userPassword: password530
++mail: uid530
++uidnumber: 530
++gidnumber: 530
++homeDirectory: /home/uid530
++
++dn: cn=user531,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user531
++sn: user531
++uid: uid531
++givenname: givenname531
++description: description531
++userPassword: password531
++mail: uid531
++uidnumber: 531
++gidnumber: 531
++homeDirectory: /home/uid531
++
++dn: cn=user532,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user532
++sn: user532
++uid: uid532
++givenname: givenname532
++description: description532
++userPassword: password532
++mail: uid532
++uidnumber: 532
++gidnumber: 532
++homeDirectory: /home/uid532
++
++dn: cn=user533,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user533
++sn: user533
++uid: uid533
++givenname: givenname533
++description: description533
++userPassword: password533
++mail: uid533
++uidnumber: 533
++gidnumber: 533
++homeDirectory: /home/uid533
++
++dn: cn=user534,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user534
++sn: user534
++uid: uid534
++givenname: givenname534
++description: description534
++userPassword: password534
++mail: uid534
++uidnumber: 534
++gidnumber: 534
++homeDirectory: /home/uid534
++
++dn: cn=user535,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user535
++sn: user535
++uid: uid535
++givenname: givenname535
++description: description535
++userPassword: password535
++mail: uid535
++uidnumber: 535
++gidnumber: 535
++homeDirectory: /home/uid535
++
++dn: cn=user536,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user536
++sn: user536
++uid: uid536
++givenname: givenname536
++description: description536
++userPassword: password536
++mail: uid536
++uidnumber: 536
++gidnumber: 536
++homeDirectory: /home/uid536
++
++dn: cn=user537,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user537
++sn: user537
++uid: uid537
++givenname: givenname537
++description: description537
++userPassword: password537
++mail: uid537
++uidnumber: 537
++gidnumber: 537
++homeDirectory: /home/uid537
++
++dn: cn=user538,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user538
++sn: user538
++uid: uid538
++givenname: givenname538
++description: description538
++userPassword: password538
++mail: uid538
++uidnumber: 538
++gidnumber: 538
++homeDirectory: /home/uid538
++
++dn: cn=user539,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user539
++sn: user539
++uid: uid539
++givenname: givenname539
++description: description539
++userPassword: password539
++mail: uid539
++uidnumber: 539
++gidnumber: 539
++homeDirectory: /home/uid539
++
++dn: cn=user540,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user540
++sn: user540
++uid: uid540
++givenname: givenname540
++description: description540
++userPassword: password540
++mail: uid540
++uidnumber: 540
++gidnumber: 540
++homeDirectory: /home/uid540
++
++dn: cn=user541,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user541
++sn: user541
++uid: uid541
++givenname: givenname541
++description: description541
++userPassword: password541
++mail: uid541
++uidnumber: 541
++gidnumber: 541
++homeDirectory: /home/uid541
++
++dn: cn=user542,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user542
++sn: user542
++uid: uid542
++givenname: givenname542
++description: description542
++userPassword: password542
++mail: uid542
++uidnumber: 542
++gidnumber: 542
++homeDirectory: /home/uid542
++
++dn: cn=user543,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user543
++sn: user543
++uid: uid543
++givenname: givenname543
++description: description543
++userPassword: password543
++mail: uid543
++uidnumber: 543
++gidnumber: 543
++homeDirectory: /home/uid543
++
++dn: cn=user544,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user544
++sn: user544
++uid: uid544
++givenname: givenname544
++description: description544
++userPassword: password544
++mail: uid544
++uidnumber: 544
++gidnumber: 544
++homeDirectory: /home/uid544
++
++dn: cn=user545,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user545
++sn: user545
++uid: uid545
++givenname: givenname545
++description: description545
++userPassword: password545
++mail: uid545
++uidnumber: 545
++gidnumber: 545
++homeDirectory: /home/uid545
++
++dn: cn=user546,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user546
++sn: user546
++uid: uid546
++givenname: givenname546
++description: description546
++userPassword: password546
++mail: uid546
++uidnumber: 546
++gidnumber: 546
++homeDirectory: /home/uid546
++
++dn: cn=user547,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user547
++sn: user547
++uid: uid547
++givenname: givenname547
++description: description547
++userPassword: password547
++mail: uid547
++uidnumber: 547
++gidnumber: 547
++homeDirectory: /home/uid547
++
++dn: cn=user548,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user548
++sn: user548
++uid: uid548
++givenname: givenname548
++description: description548
++userPassword: password548
++mail: uid548
++uidnumber: 548
++gidnumber: 548
++homeDirectory: /home/uid548
++
++dn: cn=user549,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user549
++sn: user549
++uid: uid549
++givenname: givenname549
++description: description549
++userPassword: password549
++mail: uid549
++uidnumber: 549
++gidnumber: 549
++homeDirectory: /home/uid549
++
++dn: cn=user550,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user550
++sn: user550
++uid: uid550
++givenname: givenname550
++description: description550
++userPassword: password550
++mail: uid550
++uidnumber: 550
++gidnumber: 550
++homeDirectory: /home/uid550
++
++dn: cn=user551,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user551
++sn: user551
++uid: uid551
++givenname: givenname551
++description: description551
++userPassword: password551
++mail: uid551
++uidnumber: 551
++gidnumber: 551
++homeDirectory: /home/uid551
++
++dn: cn=user552,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user552
++sn: user552
++uid: uid552
++givenname: givenname552
++description: description552
++userPassword: password552
++mail: uid552
++uidnumber: 552
++gidnumber: 552
++homeDirectory: /home/uid552
++
++dn: cn=user553,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user553
++sn: user553
++uid: uid553
++givenname: givenname553
++description: description553
++userPassword: password553
++mail: uid553
++uidnumber: 553
++gidnumber: 553
++homeDirectory: /home/uid553
++
++dn: cn=user554,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user554
++sn: user554
++uid: uid554
++givenname: givenname554
++description: description554
++userPassword: password554
++mail: uid554
++uidnumber: 554
++gidnumber: 554
++homeDirectory: /home/uid554
++
++dn: cn=user555,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user555
++sn: user555
++uid: uid555
++givenname: givenname555
++description: description555
++userPassword: password555
++mail: uid555
++uidnumber: 555
++gidnumber: 555
++homeDirectory: /home/uid555
++
++dn: cn=user556,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user556
++sn: user556
++uid: uid556
++givenname: givenname556
++description: description556
++userPassword: password556
++mail: uid556
++uidnumber: 556
++gidnumber: 556
++homeDirectory: /home/uid556
++
++dn: cn=user557,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user557
++sn: user557
++uid: uid557
++givenname: givenname557
++description: description557
++userPassword: password557
++mail: uid557
++uidnumber: 557
++gidnumber: 557
++homeDirectory: /home/uid557
++
++dn: cn=user558,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user558
++sn: user558
++uid: uid558
++givenname: givenname558
++description: description558
++userPassword: password558
++mail: uid558
++uidnumber: 558
++gidnumber: 558
++homeDirectory: /home/uid558
++
++dn: cn=user559,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user559
++sn: user559
++uid: uid559
++givenname: givenname559
++description: description559
++userPassword: password559
++mail: uid559
++uidnumber: 559
++gidnumber: 559
++homeDirectory: /home/uid559
++
++dn: cn=user560,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user560
++sn: user560
++uid: uid560
++givenname: givenname560
++description: description560
++userPassword: password560
++mail: uid560
++uidnumber: 560
++gidnumber: 560
++homeDirectory: /home/uid560
++
++dn: cn=user561,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user561
++sn: user561
++uid: uid561
++givenname: givenname561
++description: description561
++userPassword: password561
++mail: uid561
++uidnumber: 561
++gidnumber: 561
++homeDirectory: /home/uid561
++
++dn: cn=user562,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user562
++sn: user562
++uid: uid562
++givenname: givenname562
++description: description562
++userPassword: password562
++mail: uid562
++uidnumber: 562
++gidnumber: 562
++homeDirectory: /home/uid562
++
++dn: cn=user563,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user563
++sn: user563
++uid: uid563
++givenname: givenname563
++description: description563
++userPassword: password563
++mail: uid563
++uidnumber: 563
++gidnumber: 563
++homeDirectory: /home/uid563
++
++dn: cn=user564,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user564
++sn: user564
++uid: uid564
++givenname: givenname564
++description: description564
++userPassword: password564
++mail: uid564
++uidnumber: 564
++gidnumber: 564
++homeDirectory: /home/uid564
++
++dn: cn=user565,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user565
++sn: user565
++uid: uid565
++givenname: givenname565
++description: description565
++userPassword: password565
++mail: uid565
++uidnumber: 565
++gidnumber: 565
++homeDirectory: /home/uid565
++
++dn: cn=user566,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user566
++sn: user566
++uid: uid566
++givenname: givenname566
++description: description566
++userPassword: password566
++mail: uid566
++uidnumber: 566
++gidnumber: 566
++homeDirectory: /home/uid566
++
++dn: cn=user567,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user567
++sn: user567
++uid: uid567
++givenname: givenname567
++description: description567
++userPassword: password567
++mail: uid567
++uidnumber: 567
++gidnumber: 567
++homeDirectory: /home/uid567
++
++dn: cn=user568,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user568
++sn: user568
++uid: uid568
++givenname: givenname568
++description: description568
++userPassword: password568
++mail: uid568
++uidnumber: 568
++gidnumber: 568
++homeDirectory: /home/uid568
++
++dn: cn=user569,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user569
++sn: user569
++uid: uid569
++givenname: givenname569
++description: description569
++userPassword: password569
++mail: uid569
++uidnumber: 569
++gidnumber: 569
++homeDirectory: /home/uid569
++
++dn: cn=user570,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user570
++sn: user570
++uid: uid570
++givenname: givenname570
++description: description570
++userPassword: password570
++mail: uid570
++uidnumber: 570
++gidnumber: 570
++homeDirectory: /home/uid570
++
++dn: cn=user571,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user571
++sn: user571
++uid: uid571
++givenname: givenname571
++description: description571
++userPassword: password571
++mail: uid571
++uidnumber: 571
++gidnumber: 571
++homeDirectory: /home/uid571
++
++dn: cn=user572,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user572
++sn: user572
++uid: uid572
++givenname: givenname572
++description: description572
++userPassword: password572
++mail: uid572
++uidnumber: 572
++gidnumber: 572
++homeDirectory: /home/uid572
++
++dn: cn=user573,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user573
++sn: user573
++uid: uid573
++givenname: givenname573
++description: description573
++userPassword: password573
++mail: uid573
++uidnumber: 573
++gidnumber: 573
++homeDirectory: /home/uid573
++
++dn: cn=user574,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user574
++sn: user574
++uid: uid574
++givenname: givenname574
++description: description574
++userPassword: password574
++mail: uid574
++uidnumber: 574
++gidnumber: 574
++homeDirectory: /home/uid574
++
++dn: cn=user575,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user575
++sn: user575
++uid: uid575
++givenname: givenname575
++description: description575
++userPassword: password575
++mail: uid575
++uidnumber: 575
++gidnumber: 575
++homeDirectory: /home/uid575
++
++dn: cn=user576,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user576
++sn: user576
++uid: uid576
++givenname: givenname576
++description: description576
++userPassword: password576
++mail: uid576
++uidnumber: 576
++gidnumber: 576
++homeDirectory: /home/uid576
++
++dn: cn=user577,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user577
++sn: user577
++uid: uid577
++givenname: givenname577
++description: description577
++userPassword: password577
++mail: uid577
++uidnumber: 577
++gidnumber: 577
++homeDirectory: /home/uid577
++
++dn: cn=user578,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user578
++sn: user578
++uid: uid578
++givenname: givenname578
++description: description578
++userPassword: password578
++mail: uid578
++uidnumber: 578
++gidnumber: 578
++homeDirectory: /home/uid578
++
++dn: cn=user579,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user579
++sn: user579
++uid: uid579
++givenname: givenname579
++description: description579
++userPassword: password579
++mail: uid579
++uidnumber: 579
++gidnumber: 579
++homeDirectory: /home/uid579
++
++dn: cn=user580,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user580
++sn: user580
++uid: uid580
++givenname: givenname580
++description: description580
++userPassword: password580
++mail: uid580
++uidnumber: 580
++gidnumber: 580
++homeDirectory: /home/uid580
++
++dn: cn=user581,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user581
++sn: user581
++uid: uid581
++givenname: givenname581
++description: description581
++userPassword: password581
++mail: uid581
++uidnumber: 581
++gidnumber: 581
++homeDirectory: /home/uid581
++
++dn: cn=user582,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user582
++sn: user582
++uid: uid582
++givenname: givenname582
++description: description582
++userPassword: password582
++mail: uid582
++uidnumber: 582
++gidnumber: 582
++homeDirectory: /home/uid582
++
++dn: cn=user583,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user583
++sn: user583
++uid: uid583
++givenname: givenname583
++description: description583
++userPassword: password583
++mail: uid583
++uidnumber: 583
++gidnumber: 583
++homeDirectory: /home/uid583
++
++dn: cn=user584,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user584
++sn: user584
++uid: uid584
++givenname: givenname584
++description: description584
++userPassword: password584
++mail: uid584
++uidnumber: 584
++gidnumber: 584
++homeDirectory: /home/uid584
++
++dn: cn=user585,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user585
++sn: user585
++uid: uid585
++givenname: givenname585
++description: description585
++userPassword: password585
++mail: uid585
++uidnumber: 585
++gidnumber: 585
++homeDirectory: /home/uid585
++
++dn: cn=user586,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user586
++sn: user586
++uid: uid586
++givenname: givenname586
++description: description586
++userPassword: password586
++mail: uid586
++uidnumber: 586
++gidnumber: 586
++homeDirectory: /home/uid586
++
++dn: cn=user587,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user587
++sn: user587
++uid: uid587
++givenname: givenname587
++description: description587
++userPassword: password587
++mail: uid587
++uidnumber: 587
++gidnumber: 587
++homeDirectory: /home/uid587
++
++dn: cn=user588,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user588
++sn: user588
++uid: uid588
++givenname: givenname588
++description: description588
++userPassword: password588
++mail: uid588
++uidnumber: 588
++gidnumber: 588
++homeDirectory: /home/uid588
++
++dn: cn=user589,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user589
++sn: user589
++uid: uid589
++givenname: givenname589
++description: description589
++userPassword: password589
++mail: uid589
++uidnumber: 589
++gidnumber: 589
++homeDirectory: /home/uid589
++
++dn: cn=user590,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user590
++sn: user590
++uid: uid590
++givenname: givenname590
++description: description590
++userPassword: password590
++mail: uid590
++uidnumber: 590
++gidnumber: 590
++homeDirectory: /home/uid590
++
++dn: cn=user591,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user591
++sn: user591
++uid: uid591
++givenname: givenname591
++description: description591
++userPassword: password591
++mail: uid591
++uidnumber: 591
++gidnumber: 591
++homeDirectory: /home/uid591
++
++dn: cn=user592,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user592
++sn: user592
++uid: uid592
++givenname: givenname592
++description: description592
++userPassword: password592
++mail: uid592
++uidnumber: 592
++gidnumber: 592
++homeDirectory: /home/uid592
++
++dn: cn=user593,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user593
++sn: user593
++uid: uid593
++givenname: givenname593
++description: description593
++userPassword: password593
++mail: uid593
++uidnumber: 593
++gidnumber: 593
++homeDirectory: /home/uid593
++
++dn: cn=user594,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user594
++sn: user594
++uid: uid594
++givenname: givenname594
++description: description594
++userPassword: password594
++mail: uid594
++uidnumber: 594
++gidnumber: 594
++homeDirectory: /home/uid594
++
++dn: cn=user595,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user595
++sn: user595
++uid: uid595
++givenname: givenname595
++description: description595
++userPassword: password595
++mail: uid595
++uidnumber: 595
++gidnumber: 595
++homeDirectory: /home/uid595
++
++dn: cn=user596,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user596
++sn: user596
++uid: uid596
++givenname: givenname596
++description: description596
++userPassword: password596
++mail: uid596
++uidnumber: 596
++gidnumber: 596
++homeDirectory: /home/uid596
++
++dn: cn=user597,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user597
++sn: user597
++uid: uid597
++givenname: givenname597
++description: description597
++userPassword: password597
++mail: uid597
++uidnumber: 597
++gidnumber: 597
++homeDirectory: /home/uid597
++
++dn: cn=user598,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user598
++sn: user598
++uid: uid598
++givenname: givenname598
++description: description598
++userPassword: password598
++mail: uid598
++uidnumber: 598
++gidnumber: 598
++homeDirectory: /home/uid598
++
++dn: cn=user599,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user599
++sn: user599
++uid: uid599
++givenname: givenname599
++description: description599
++userPassword: password599
++mail: uid599
++uidnumber: 599
++gidnumber: 599
++homeDirectory: /home/uid599
++
++dn: cn=user600,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user600
++sn: user600
++uid: uid600
++givenname: givenname600
++description: description600
++userPassword: password600
++mail: uid600
++uidnumber: 600
++gidnumber: 600
++homeDirectory: /home/uid600
++
++dn: cn=user601,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user601
++sn: user601
++uid: uid601
++givenname: givenname601
++description: description601
++userPassword: password601
++mail: uid601
++uidnumber: 601
++gidnumber: 601
++homeDirectory: /home/uid601
++
++dn: cn=user602,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user602
++sn: user602
++uid: uid602
++givenname: givenname602
++description: description602
++userPassword: password602
++mail: uid602
++uidnumber: 602
++gidnumber: 602
++homeDirectory: /home/uid602
++
++dn: cn=user603,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user603
++sn: user603
++uid: uid603
++givenname: givenname603
++description: description603
++userPassword: password603
++mail: uid603
++uidnumber: 603
++gidnumber: 603
++homeDirectory: /home/uid603
++
++dn: cn=user604,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user604
++sn: user604
++uid: uid604
++givenname: givenname604
++description: description604
++userPassword: password604
++mail: uid604
++uidnumber: 604
++gidnumber: 604
++homeDirectory: /home/uid604
++
++dn: cn=user605,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user605
++sn: user605
++uid: uid605
++givenname: givenname605
++description: description605
++userPassword: password605
++mail: uid605
++uidnumber: 605
++gidnumber: 605
++homeDirectory: /home/uid605
++
++dn: cn=user606,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user606
++sn: user606
++uid: uid606
++givenname: givenname606
++description: description606
++userPassword: password606
++mail: uid606
++uidnumber: 606
++gidnumber: 606
++homeDirectory: /home/uid606
++
++dn: cn=user607,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user607
++sn: user607
++uid: uid607
++givenname: givenname607
++description: description607
++userPassword: password607
++mail: uid607
++uidnumber: 607
++gidnumber: 607
++homeDirectory: /home/uid607
++
++dn: cn=user608,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user608
++sn: user608
++uid: uid608
++givenname: givenname608
++description: description608
++userPassword: password608
++mail: uid608
++uidnumber: 608
++gidnumber: 608
++homeDirectory: /home/uid608
++
++dn: cn=user609,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user609
++sn: user609
++uid: uid609
++givenname: givenname609
++description: description609
++userPassword: password609
++mail: uid609
++uidnumber: 609
++gidnumber: 609
++homeDirectory: /home/uid609
++
++dn: cn=user610,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user610
++sn: user610
++uid: uid610
++givenname: givenname610
++description: description610
++userPassword: password610
++mail: uid610
++uidnumber: 610
++gidnumber: 610
++homeDirectory: /home/uid610
++
++dn: cn=user611,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user611
++sn: user611
++uid: uid611
++givenname: givenname611
++description: description611
++userPassword: password611
++mail: uid611
++uidnumber: 611
++gidnumber: 611
++homeDirectory: /home/uid611
++
++dn: cn=user612,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user612
++sn: user612
++uid: uid612
++givenname: givenname612
++description: description612
++userPassword: password612
++mail: uid612
++uidnumber: 612
++gidnumber: 612
++homeDirectory: /home/uid612
++
++dn: cn=user613,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user613
++sn: user613
++uid: uid613
++givenname: givenname613
++description: description613
++userPassword: password613
++mail: uid613
++uidnumber: 613
++gidnumber: 613
++homeDirectory: /home/uid613
++
++dn: cn=user614,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user614
++sn: user614
++uid: uid614
++givenname: givenname614
++description: description614
++userPassword: password614
++mail: uid614
++uidnumber: 614
++gidnumber: 614
++homeDirectory: /home/uid614
++
++dn: cn=user615,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user615
++sn: user615
++uid: uid615
++givenname: givenname615
++description: description615
++userPassword: password615
++mail: uid615
++uidnumber: 615
++gidnumber: 615
++homeDirectory: /home/uid615
++
++dn: cn=user616,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user616
++sn: user616
++uid: uid616
++givenname: givenname616
++description: description616
++userPassword: password616
++mail: uid616
++uidnumber: 616
++gidnumber: 616
++homeDirectory: /home/uid616
++
++dn: cn=user617,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user617
++sn: user617
++uid: uid617
++givenname: givenname617
++description: description617
++userPassword: password617
++mail: uid617
++uidnumber: 617
++gidnumber: 617
++homeDirectory: /home/uid617
++
++dn: cn=user618,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user618
++sn: user618
++uid: uid618
++givenname: givenname618
++description: description618
++userPassword: password618
++mail: uid618
++uidnumber: 618
++gidnumber: 618
++homeDirectory: /home/uid618
++
++dn: cn=user619,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user619
++sn: user619
++uid: uid619
++givenname: givenname619
++description: description619
++userPassword: password619
++mail: uid619
++uidnumber: 619
++gidnumber: 619
++homeDirectory: /home/uid619
++
++dn: cn=user620,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user620
++sn: user620
++uid: uid620
++givenname: givenname620
++description: description620
++userPassword: password620
++mail: uid620
++uidnumber: 620
++gidnumber: 620
++homeDirectory: /home/uid620
++
++dn: cn=user621,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user621
++sn: user621
++uid: uid621
++givenname: givenname621
++description: description621
++userPassword: password621
++mail: uid621
++uidnumber: 621
++gidnumber: 621
++homeDirectory: /home/uid621
++
++dn: cn=user622,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user622
++sn: user622
++uid: uid622
++givenname: givenname622
++description: description622
++userPassword: password622
++mail: uid622
++uidnumber: 622
++gidnumber: 622
++homeDirectory: /home/uid622
++
++dn: cn=user623,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user623
++sn: user623
++uid: uid623
++givenname: givenname623
++description: description623
++userPassword: password623
++mail: uid623
++uidnumber: 623
++gidnumber: 623
++homeDirectory: /home/uid623
++
++dn: cn=user624,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user624
++sn: user624
++uid: uid624
++givenname: givenname624
++description: description624
++userPassword: password624
++mail: uid624
++uidnumber: 624
++gidnumber: 624
++homeDirectory: /home/uid624
++
++dn: cn=user625,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user625
++sn: user625
++uid: uid625
++givenname: givenname625
++description: description625
++userPassword: password625
++mail: uid625
++uidnumber: 625
++gidnumber: 625
++homeDirectory: /home/uid625
++
++dn: cn=user626,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user626
++sn: user626
++uid: uid626
++givenname: givenname626
++description: description626
++userPassword: password626
++mail: uid626
++uidnumber: 626
++gidnumber: 626
++homeDirectory: /home/uid626
++
++dn: cn=user627,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user627
++sn: user627
++uid: uid627
++givenname: givenname627
++description: description627
++userPassword: password627
++mail: uid627
++uidnumber: 627
++gidnumber: 627
++homeDirectory: /home/uid627
++
++dn: cn=user628,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user628
++sn: user628
++uid: uid628
++givenname: givenname628
++description: description628
++userPassword: password628
++mail: uid628
++uidnumber: 628
++gidnumber: 628
++homeDirectory: /home/uid628
++
++dn: cn=user629,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user629
++sn: user629
++uid: uid629
++givenname: givenname629
++description: description629
++userPassword: password629
++mail: uid629
++uidnumber: 629
++gidnumber: 629
++homeDirectory: /home/uid629
++
++dn: cn=user630,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user630
++sn: user630
++uid: uid630
++givenname: givenname630
++description: description630
++userPassword: password630
++mail: uid630
++uidnumber: 630
++gidnumber: 630
++homeDirectory: /home/uid630
++
++dn: cn=user631,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user631
++sn: user631
++uid: uid631
++givenname: givenname631
++description: description631
++userPassword: password631
++mail: uid631
++uidnumber: 631
++gidnumber: 631
++homeDirectory: /home/uid631
++
++dn: cn=user632,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user632
++sn: user632
++uid: uid632
++givenname: givenname632
++description: description632
++userPassword: password632
++mail: uid632
++uidnumber: 632
++gidnumber: 632
++homeDirectory: /home/uid632
++
++dn: cn=user633,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user633
++sn: user633
++uid: uid633
++givenname: givenname633
++description: description633
++userPassword: password633
++mail: uid633
++uidnumber: 633
++gidnumber: 633
++homeDirectory: /home/uid633
++
++dn: cn=user634,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user634
++sn: user634
++uid: uid634
++givenname: givenname634
++description: description634
++userPassword: password634
++mail: uid634
++uidnumber: 634
++gidnumber: 634
++homeDirectory: /home/uid634
++
++dn: cn=user635,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user635
++sn: user635
++uid: uid635
++givenname: givenname635
++description: description635
++userPassword: password635
++mail: uid635
++uidnumber: 635
++gidnumber: 635
++homeDirectory: /home/uid635
++
++dn: cn=user636,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user636
++sn: user636
++uid: uid636
++givenname: givenname636
++description: description636
++userPassword: password636
++mail: uid636
++uidnumber: 636
++gidnumber: 636
++homeDirectory: /home/uid636
++
++dn: cn=user637,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user637
++sn: user637
++uid: uid637
++givenname: givenname637
++description: description637
++userPassword: password637
++mail: uid637
++uidnumber: 637
++gidnumber: 637
++homeDirectory: /home/uid637
++
++dn: cn=user638,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user638
++sn: user638
++uid: uid638
++givenname: givenname638
++description: description638
++userPassword: password638
++mail: uid638
++uidnumber: 638
++gidnumber: 638
++homeDirectory: /home/uid638
++
++dn: cn=user639,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user639
++sn: user639
++uid: uid639
++givenname: givenname639
++description: description639
++userPassword: password639
++mail: uid639
++uidnumber: 639
++gidnumber: 639
++homeDirectory: /home/uid639
++
++dn: cn=user640,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user640
++sn: user640
++uid: uid640
++givenname: givenname640
++description: description640
++userPassword: password640
++mail: uid640
++uidnumber: 640
++gidnumber: 640
++homeDirectory: /home/uid640
++
++dn: cn=user641,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user641
++sn: user641
++uid: uid641
++givenname: givenname641
++description: description641
++userPassword: password641
++mail: uid641
++uidnumber: 641
++gidnumber: 641
++homeDirectory: /home/uid641
++
++dn: cn=user642,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user642
++sn: user642
++uid: uid642
++givenname: givenname642
++description: description642
++userPassword: password642
++mail: uid642
++uidnumber: 642
++gidnumber: 642
++homeDirectory: /home/uid642
++
++dn: cn=user643,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user643
++sn: user643
++uid: uid643
++givenname: givenname643
++description: description643
++userPassword: password643
++mail: uid643
++uidnumber: 643
++gidnumber: 643
++homeDirectory: /home/uid643
++
++dn: cn=user644,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user644
++sn: user644
++uid: uid644
++givenname: givenname644
++description: description644
++userPassword: password644
++mail: uid644
++uidnumber: 644
++gidnumber: 644
++homeDirectory: /home/uid644
++
++dn: cn=user645,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user645
++sn: user645
++uid: uid645
++givenname: givenname645
++description: description645
++userPassword: password645
++mail: uid645
++uidnumber: 645
++gidnumber: 645
++homeDirectory: /home/uid645
++
++dn: cn=user646,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user646
++sn: user646
++uid: uid646
++givenname: givenname646
++description: description646
++userPassword: password646
++mail: uid646
++uidnumber: 646
++gidnumber: 646
++homeDirectory: /home/uid646
++
++dn: cn=user647,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user647
++sn: user647
++uid: uid647
++givenname: givenname647
++description: description647
++userPassword: password647
++mail: uid647
++uidnumber: 647
++gidnumber: 647
++homeDirectory: /home/uid647
++
++dn: cn=user648,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user648
++sn: user648
++uid: uid648
++givenname: givenname648
++description: description648
++userPassword: password648
++mail: uid648
++uidnumber: 648
++gidnumber: 648
++homeDirectory: /home/uid648
++
++dn: cn=user649,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user649
++sn: user649
++uid: uid649
++givenname: givenname649
++description: description649
++userPassword: password649
++mail: uid649
++uidnumber: 649
++gidnumber: 649
++homeDirectory: /home/uid649
++
++dn: cn=user650,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user650
++sn: user650
++uid: uid650
++givenname: givenname650
++description: description650
++userPassword: password650
++mail: uid650
++uidnumber: 650
++gidnumber: 650
++homeDirectory: /home/uid650
++
++dn: cn=user651,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user651
++sn: user651
++uid: uid651
++givenname: givenname651
++description: description651
++userPassword: password651
++mail: uid651
++uidnumber: 651
++gidnumber: 651
++homeDirectory: /home/uid651
++
++dn: cn=user652,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user652
++sn: user652
++uid: uid652
++givenname: givenname652
++description: description652
++userPassword: password652
++mail: uid652
++uidnumber: 652
++gidnumber: 652
++homeDirectory: /home/uid652
++
++dn: cn=user653,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user653
++sn: user653
++uid: uid653
++givenname: givenname653
++description: description653
++userPassword: password653
++mail: uid653
++uidnumber: 653
++gidnumber: 653
++homeDirectory: /home/uid653
++
++dn: cn=user654,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user654
++sn: user654
++uid: uid654
++givenname: givenname654
++description: description654
++userPassword: password654
++mail: uid654
++uidnumber: 654
++gidnumber: 654
++homeDirectory: /home/uid654
++
++dn: cn=user655,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user655
++sn: user655
++uid: uid655
++givenname: givenname655
++description: description655
++userPassword: password655
++mail: uid655
++uidnumber: 655
++gidnumber: 655
++homeDirectory: /home/uid655
++
++dn: cn=user656,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user656
++sn: user656
++uid: uid656
++givenname: givenname656
++description: description656
++userPassword: password656
++mail: uid656
++uidnumber: 656
++gidnumber: 656
++homeDirectory: /home/uid656
++
++dn: cn=user657,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user657
++sn: user657
++uid: uid657
++givenname: givenname657
++description: description657
++userPassword: password657
++mail: uid657
++uidnumber: 657
++gidnumber: 657
++homeDirectory: /home/uid657
++
++dn: cn=user658,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user658
++sn: user658
++uid: uid658
++givenname: givenname658
++description: description658
++userPassword: password658
++mail: uid658
++uidnumber: 658
++gidnumber: 658
++homeDirectory: /home/uid658
++
++dn: cn=user659,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user659
++sn: user659
++uid: uid659
++givenname: givenname659
++description: description659
++userPassword: password659
++mail: uid659
++uidnumber: 659
++gidnumber: 659
++homeDirectory: /home/uid659
++
++dn: cn=user660,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user660
++sn: user660
++uid: uid660
++givenname: givenname660
++description: description660
++userPassword: password660
++mail: uid660
++uidnumber: 660
++gidnumber: 660
++homeDirectory: /home/uid660
++
++dn: cn=user661,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user661
++sn: user661
++uid: uid661
++givenname: givenname661
++description: description661
++userPassword: password661
++mail: uid661
++uidnumber: 661
++gidnumber: 661
++homeDirectory: /home/uid661
++
++dn: cn=user662,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user662
++sn: user662
++uid: uid662
++givenname: givenname662
++description: description662
++userPassword: password662
++mail: uid662
++uidnumber: 662
++gidnumber: 662
++homeDirectory: /home/uid662
++
++dn: cn=user663,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user663
++sn: user663
++uid: uid663
++givenname: givenname663
++description: description663
++userPassword: password663
++mail: uid663
++uidnumber: 663
++gidnumber: 663
++homeDirectory: /home/uid663
++
++dn: cn=user664,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user664
++sn: user664
++uid: uid664
++givenname: givenname664
++description: description664
++userPassword: password664
++mail: uid664
++uidnumber: 664
++gidnumber: 664
++homeDirectory: /home/uid664
++
++dn: cn=user665,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user665
++sn: user665
++uid: uid665
++givenname: givenname665
++description: description665
++userPassword: password665
++mail: uid665
++uidnumber: 665
++gidnumber: 665
++homeDirectory: /home/uid665
++
++dn: cn=user666,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user666
++sn: user666
++uid: uid666
++givenname: givenname666
++description: description666
++userPassword: password666
++mail: uid666
++uidnumber: 666
++gidnumber: 666
++homeDirectory: /home/uid666
++
++dn: cn=user667,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user667
++sn: user667
++uid: uid667
++givenname: givenname667
++description: description667
++userPassword: password667
++mail: uid667
++uidnumber: 667
++gidnumber: 667
++homeDirectory: /home/uid667
++
++dn: cn=user668,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user668
++sn: user668
++uid: uid668
++givenname: givenname668
++description: description668
++userPassword: password668
++mail: uid668
++uidnumber: 668
++gidnumber: 668
++homeDirectory: /home/uid668
++
++dn: cn=user669,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user669
++sn: user669
++uid: uid669
++givenname: givenname669
++description: description669
++userPassword: password669
++mail: uid669
++uidnumber: 669
++gidnumber: 669
++homeDirectory: /home/uid669
++
++dn: cn=user670,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user670
++sn: user670
++uid: uid670
++givenname: givenname670
++description: description670
++userPassword: password670
++mail: uid670
++uidnumber: 670
++gidnumber: 670
++homeDirectory: /home/uid670
++
++dn: cn=user671,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user671
++sn: user671
++uid: uid671
++givenname: givenname671
++description: description671
++userPassword: password671
++mail: uid671
++uidnumber: 671
++gidnumber: 671
++homeDirectory: /home/uid671
++
++dn: cn=user672,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user672
++sn: user672
++uid: uid672
++givenname: givenname672
++description: description672
++userPassword: password672
++mail: uid672
++uidnumber: 672
++gidnumber: 672
++homeDirectory: /home/uid672
++
++dn: cn=user673,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user673
++sn: user673
++uid: uid673
++givenname: givenname673
++description: description673
++userPassword: password673
++mail: uid673
++uidnumber: 673
++gidnumber: 673
++homeDirectory: /home/uid673
++
++dn: cn=user674,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user674
++sn: user674
++uid: uid674
++givenname: givenname674
++description: description674
++userPassword: password674
++mail: uid674
++uidnumber: 674
++gidnumber: 674
++homeDirectory: /home/uid674
++
++dn: cn=user675,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user675
++sn: user675
++uid: uid675
++givenname: givenname675
++description: description675
++userPassword: password675
++mail: uid675
++uidnumber: 675
++gidnumber: 675
++homeDirectory: /home/uid675
++
++dn: cn=user676,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user676
++sn: user676
++uid: uid676
++givenname: givenname676
++description: description676
++userPassword: password676
++mail: uid676
++uidnumber: 676
++gidnumber: 676
++homeDirectory: /home/uid676
++
++dn: cn=user677,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user677
++sn: user677
++uid: uid677
++givenname: givenname677
++description: description677
++userPassword: password677
++mail: uid677
++uidnumber: 677
++gidnumber: 677
++homeDirectory: /home/uid677
++
++dn: cn=user678,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user678
++sn: user678
++uid: uid678
++givenname: givenname678
++description: description678
++userPassword: password678
++mail: uid678
++uidnumber: 678
++gidnumber: 678
++homeDirectory: /home/uid678
++
++dn: cn=user679,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user679
++sn: user679
++uid: uid679
++givenname: givenname679
++description: description679
++userPassword: password679
++mail: uid679
++uidnumber: 679
++gidnumber: 679
++homeDirectory: /home/uid679
++
++dn: cn=user680,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user680
++sn: user680
++uid: uid680
++givenname: givenname680
++description: description680
++userPassword: password680
++mail: uid680
++uidnumber: 680
++gidnumber: 680
++homeDirectory: /home/uid680
++
++dn: cn=user681,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user681
++sn: user681
++uid: uid681
++givenname: givenname681
++description: description681
++userPassword: password681
++mail: uid681
++uidnumber: 681
++gidnumber: 681
++homeDirectory: /home/uid681
++
++dn: cn=user682,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user682
++sn: user682
++uid: uid682
++givenname: givenname682
++description: description682
++userPassword: password682
++mail: uid682
++uidnumber: 682
++gidnumber: 682
++homeDirectory: /home/uid682
++
++dn: cn=user683,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user683
++sn: user683
++uid: uid683
++givenname: givenname683
++description: description683
++userPassword: password683
++mail: uid683
++uidnumber: 683
++gidnumber: 683
++homeDirectory: /home/uid683
++
++dn: cn=user684,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user684
++sn: user684
++uid: uid684
++givenname: givenname684
++description: description684
++userPassword: password684
++mail: uid684
++uidnumber: 684
++gidnumber: 684
++homeDirectory: /home/uid684
++
++dn: cn=user685,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user685
++sn: user685
++uid: uid685
++givenname: givenname685
++description: description685
++userPassword: password685
++mail: uid685
++uidnumber: 685
++gidnumber: 685
++homeDirectory: /home/uid685
++
++dn: cn=user686,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user686
++sn: user686
++uid: uid686
++givenname: givenname686
++description: description686
++userPassword: password686
++mail: uid686
++uidnumber: 686
++gidnumber: 686
++homeDirectory: /home/uid686
++
++dn: cn=user687,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user687
++sn: user687
++uid: uid687
++givenname: givenname687
++description: description687
++userPassword: password687
++mail: uid687
++uidnumber: 687
++gidnumber: 687
++homeDirectory: /home/uid687
++
++dn: cn=user688,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user688
++sn: user688
++uid: uid688
++givenname: givenname688
++description: description688
++userPassword: password688
++mail: uid688
++uidnumber: 688
++gidnumber: 688
++homeDirectory: /home/uid688
++
++dn: cn=user689,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user689
++sn: user689
++uid: uid689
++givenname: givenname689
++description: description689
++userPassword: password689
++mail: uid689
++uidnumber: 689
++gidnumber: 689
++homeDirectory: /home/uid689
++
++dn: cn=user690,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user690
++sn: user690
++uid: uid690
++givenname: givenname690
++description: description690
++userPassword: password690
++mail: uid690
++uidnumber: 690
++gidnumber: 690
++homeDirectory: /home/uid690
++
++dn: cn=user691,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user691
++sn: user691
++uid: uid691
++givenname: givenname691
++description: description691
++userPassword: password691
++mail: uid691
++uidnumber: 691
++gidnumber: 691
++homeDirectory: /home/uid691
++
++dn: cn=user692,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user692
++sn: user692
++uid: uid692
++givenname: givenname692
++description: description692
++userPassword: password692
++mail: uid692
++uidnumber: 692
++gidnumber: 692
++homeDirectory: /home/uid692
++
++dn: cn=user693,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user693
++sn: user693
++uid: uid693
++givenname: givenname693
++description: description693
++userPassword: password693
++mail: uid693
++uidnumber: 693
++gidnumber: 693
++homeDirectory: /home/uid693
++
++dn: cn=user694,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user694
++sn: user694
++uid: uid694
++givenname: givenname694
++description: description694
++userPassword: password694
++mail: uid694
++uidnumber: 694
++gidnumber: 694
++homeDirectory: /home/uid694
++
++dn: cn=user695,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user695
++sn: user695
++uid: uid695
++givenname: givenname695
++description: description695
++userPassword: password695
++mail: uid695
++uidnumber: 695
++gidnumber: 695
++homeDirectory: /home/uid695
++
++dn: cn=user696,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user696
++sn: user696
++uid: uid696
++givenname: givenname696
++description: description696
++userPassword: password696
++mail: uid696
++uidnumber: 696
++gidnumber: 696
++homeDirectory: /home/uid696
++
++dn: cn=user697,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user697
++sn: user697
++uid: uid697
++givenname: givenname697
++description: description697
++userPassword: password697
++mail: uid697
++uidnumber: 697
++gidnumber: 697
++homeDirectory: /home/uid697
++
++dn: cn=user698,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user698
++sn: user698
++uid: uid698
++givenname: givenname698
++description: description698
++userPassword: password698
++mail: uid698
++uidnumber: 698
++gidnumber: 698
++homeDirectory: /home/uid698
++
++dn: cn=user699,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user699
++sn: user699
++uid: uid699
++givenname: givenname699
++description: description699
++userPassword: password699
++mail: uid699
++uidnumber: 699
++gidnumber: 699
++homeDirectory: /home/uid699
++
++dn: cn=user700,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user700
++sn: user700
++uid: uid700
++givenname: givenname700
++description: description700
++userPassword: password700
++mail: uid700
++uidnumber: 700
++gidnumber: 700
++homeDirectory: /home/uid700
++
++dn: cn=user701,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user701
++sn: user701
++uid: uid701
++givenname: givenname701
++description: description701
++userPassword: password701
++mail: uid701
++uidnumber: 701
++gidnumber: 701
++homeDirectory: /home/uid701
++
++dn: cn=user702,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user702
++sn: user702
++uid: uid702
++givenname: givenname702
++description: description702
++userPassword: password702
++mail: uid702
++uidnumber: 702
++gidnumber: 702
++homeDirectory: /home/uid702
++
++dn: cn=user703,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user703
++sn: user703
++uid: uid703
++givenname: givenname703
++description: description703
++userPassword: password703
++mail: uid703
++uidnumber: 703
++gidnumber: 703
++homeDirectory: /home/uid703
++
++dn: cn=user704,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user704
++sn: user704
++uid: uid704
++givenname: givenname704
++description: description704
++userPassword: password704
++mail: uid704
++uidnumber: 704
++gidnumber: 704
++homeDirectory: /home/uid704
++
++dn: cn=user705,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user705
++sn: user705
++uid: uid705
++givenname: givenname705
++description: description705
++userPassword: password705
++mail: uid705
++uidnumber: 705
++gidnumber: 705
++homeDirectory: /home/uid705
++
++dn: cn=user706,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user706
++sn: user706
++uid: uid706
++givenname: givenname706
++description: description706
++userPassword: password706
++mail: uid706
++uidnumber: 706
++gidnumber: 706
++homeDirectory: /home/uid706
++
++dn: cn=user707,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user707
++sn: user707
++uid: uid707
++givenname: givenname707
++description: description707
++userPassword: password707
++mail: uid707
++uidnumber: 707
++gidnumber: 707
++homeDirectory: /home/uid707
++
++dn: cn=user708,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user708
++sn: user708
++uid: uid708
++givenname: givenname708
++description: description708
++userPassword: password708
++mail: uid708
++uidnumber: 708
++gidnumber: 708
++homeDirectory: /home/uid708
++
++dn: cn=user709,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user709
++sn: user709
++uid: uid709
++givenname: givenname709
++description: description709
++userPassword: password709
++mail: uid709
++uidnumber: 709
++gidnumber: 709
++homeDirectory: /home/uid709
++
++dn: cn=user710,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user710
++sn: user710
++uid: uid710
++givenname: givenname710
++description: description710
++userPassword: password710
++mail: uid710
++uidnumber: 710
++gidnumber: 710
++homeDirectory: /home/uid710
++
++dn: cn=user711,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user711
++sn: user711
++uid: uid711
++givenname: givenname711
++description: description711
++userPassword: password711
++mail: uid711
++uidnumber: 711
++gidnumber: 711
++homeDirectory: /home/uid711
++
++dn: cn=user712,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user712
++sn: user712
++uid: uid712
++givenname: givenname712
++description: description712
++userPassword: password712
++mail: uid712
++uidnumber: 712
++gidnumber: 712
++homeDirectory: /home/uid712
++
++dn: cn=user713,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user713
++sn: user713
++uid: uid713
++givenname: givenname713
++description: description713
++userPassword: password713
++mail: uid713
++uidnumber: 713
++gidnumber: 713
++homeDirectory: /home/uid713
++
++dn: cn=user714,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user714
++sn: user714
++uid: uid714
++givenname: givenname714
++description: description714
++userPassword: password714
++mail: uid714
++uidnumber: 714
++gidnumber: 714
++homeDirectory: /home/uid714
++
++dn: cn=user715,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user715
++sn: user715
++uid: uid715
++givenname: givenname715
++description: description715
++userPassword: password715
++mail: uid715
++uidnumber: 715
++gidnumber: 715
++homeDirectory: /home/uid715
++
++dn: cn=user716,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user716
++sn: user716
++uid: uid716
++givenname: givenname716
++description: description716
++userPassword: password716
++mail: uid716
++uidnumber: 716
++gidnumber: 716
++homeDirectory: /home/uid716
++
++dn: cn=user717,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user717
++sn: user717
++uid: uid717
++givenname: givenname717
++description: description717
++userPassword: password717
++mail: uid717
++uidnumber: 717
++gidnumber: 717
++homeDirectory: /home/uid717
++
++dn: cn=user718,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user718
++sn: user718
++uid: uid718
++givenname: givenname718
++description: description718
++userPassword: password718
++mail: uid718
++uidnumber: 718
++gidnumber: 718
++homeDirectory: /home/uid718
++
++dn: cn=user719,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user719
++sn: user719
++uid: uid719
++givenname: givenname719
++description: description719
++userPassword: password719
++mail: uid719
++uidnumber: 719
++gidnumber: 719
++homeDirectory: /home/uid719
++
++dn: cn=user720,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user720
++sn: user720
++uid: uid720
++givenname: givenname720
++description: description720
++userPassword: password720
++mail: uid720
++uidnumber: 720
++gidnumber: 720
++homeDirectory: /home/uid720
++
++dn: cn=user721,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user721
++sn: user721
++uid: uid721
++givenname: givenname721
++description: description721
++userPassword: password721
++mail: uid721
++uidnumber: 721
++gidnumber: 721
++homeDirectory: /home/uid721
++
++dn: cn=user722,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user722
++sn: user722
++uid: uid722
++givenname: givenname722
++description: description722
++userPassword: password722
++mail: uid722
++uidnumber: 722
++gidnumber: 722
++homeDirectory: /home/uid722
++
++dn: cn=user723,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user723
++sn: user723
++uid: uid723
++givenname: givenname723
++description: description723
++userPassword: password723
++mail: uid723
++uidnumber: 723
++gidnumber: 723
++homeDirectory: /home/uid723
++
++dn: cn=user724,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user724
++sn: user724
++uid: uid724
++givenname: givenname724
++description: description724
++userPassword: password724
++mail: uid724
++uidnumber: 724
++gidnumber: 724
++homeDirectory: /home/uid724
++
++dn: cn=user725,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user725
++sn: user725
++uid: uid725
++givenname: givenname725
++description: description725
++userPassword: password725
++mail: uid725
++uidnumber: 725
++gidnumber: 725
++homeDirectory: /home/uid725
++
++dn: cn=user726,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user726
++sn: user726
++uid: uid726
++givenname: givenname726
++description: description726
++userPassword: password726
++mail: uid726
++uidnumber: 726
++gidnumber: 726
++homeDirectory: /home/uid726
++
++dn: cn=user727,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user727
++sn: user727
++uid: uid727
++givenname: givenname727
++description: description727
++userPassword: password727
++mail: uid727
++uidnumber: 727
++gidnumber: 727
++homeDirectory: /home/uid727
++
++dn: cn=user728,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user728
++sn: user728
++uid: uid728
++givenname: givenname728
++description: description728
++userPassword: password728
++mail: uid728
++uidnumber: 728
++gidnumber: 728
++homeDirectory: /home/uid728
++
++dn: cn=user729,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user729
++sn: user729
++uid: uid729
++givenname: givenname729
++description: description729
++userPassword: password729
++mail: uid729
++uidnumber: 729
++gidnumber: 729
++homeDirectory: /home/uid729
++
++dn: cn=user730,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user730
++sn: user730
++uid: uid730
++givenname: givenname730
++description: description730
++userPassword: password730
++mail: uid730
++uidnumber: 730
++gidnumber: 730
++homeDirectory: /home/uid730
++
++dn: cn=user731,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user731
++sn: user731
++uid: uid731
++givenname: givenname731
++description: description731
++userPassword: password731
++mail: uid731
++uidnumber: 731
++gidnumber: 731
++homeDirectory: /home/uid731
++
++dn: cn=user732,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user732
++sn: user732
++uid: uid732
++givenname: givenname732
++description: description732
++userPassword: password732
++mail: uid732
++uidnumber: 732
++gidnumber: 732
++homeDirectory: /home/uid732
++
++dn: cn=user733,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user733
++sn: user733
++uid: uid733
++givenname: givenname733
++description: description733
++userPassword: password733
++mail: uid733
++uidnumber: 733
++gidnumber: 733
++homeDirectory: /home/uid733
++
++dn: cn=user734,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user734
++sn: user734
++uid: uid734
++givenname: givenname734
++description: description734
++userPassword: password734
++mail: uid734
++uidnumber: 734
++gidnumber: 734
++homeDirectory: /home/uid734
++
++dn: cn=user735,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user735
++sn: user735
++uid: uid735
++givenname: givenname735
++description: description735
++userPassword: password735
++mail: uid735
++uidnumber: 735
++gidnumber: 735
++homeDirectory: /home/uid735
++
++dn: cn=user736,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user736
++sn: user736
++uid: uid736
++givenname: givenname736
++description: description736
++userPassword: password736
++mail: uid736
++uidnumber: 736
++gidnumber: 736
++homeDirectory: /home/uid736
++
++dn: cn=user737,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user737
++sn: user737
++uid: uid737
++givenname: givenname737
++description: description737
++userPassword: password737
++mail: uid737
++uidnumber: 737
++gidnumber: 737
++homeDirectory: /home/uid737
++
++dn: cn=user738,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user738
++sn: user738
++uid: uid738
++givenname: givenname738
++description: description738
++userPassword: password738
++mail: uid738
++uidnumber: 738
++gidnumber: 738
++homeDirectory: /home/uid738
++
++dn: cn=user739,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user739
++sn: user739
++uid: uid739
++givenname: givenname739
++description: description739
++userPassword: password739
++mail: uid739
++uidnumber: 739
++gidnumber: 739
++homeDirectory: /home/uid739
++
++dn: cn=user740,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user740
++sn: user740
++uid: uid740
++givenname: givenname740
++description: description740
++userPassword: password740
++mail: uid740
++uidnumber: 740
++gidnumber: 740
++homeDirectory: /home/uid740
++
++dn: cn=user741,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user741
++sn: user741
++uid: uid741
++givenname: givenname741
++description: description741
++userPassword: password741
++mail: uid741
++uidnumber: 741
++gidnumber: 741
++homeDirectory: /home/uid741
++
++dn: cn=user742,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user742
++sn: user742
++uid: uid742
++givenname: givenname742
++description: description742
++userPassword: password742
++mail: uid742
++uidnumber: 742
++gidnumber: 742
++homeDirectory: /home/uid742
++
++dn: cn=user743,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user743
++sn: user743
++uid: uid743
++givenname: givenname743
++description: description743
++userPassword: password743
++mail: uid743
++uidnumber: 743
++gidnumber: 743
++homeDirectory: /home/uid743
++
++dn: cn=user744,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user744
++sn: user744
++uid: uid744
++givenname: givenname744
++description: description744
++userPassword: password744
++mail: uid744
++uidnumber: 744
++gidnumber: 744
++homeDirectory: /home/uid744
++
++dn: cn=user745,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user745
++sn: user745
++uid: uid745
++givenname: givenname745
++description: description745
++userPassword: password745
++mail: uid745
++uidnumber: 745
++gidnumber: 745
++homeDirectory: /home/uid745
++
++dn: cn=user746,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user746
++sn: user746
++uid: uid746
++givenname: givenname746
++description: description746
++userPassword: password746
++mail: uid746
++uidnumber: 746
++gidnumber: 746
++homeDirectory: /home/uid746
++
++dn: cn=user747,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user747
++sn: user747
++uid: uid747
++givenname: givenname747
++description: description747
++userPassword: password747
++mail: uid747
++uidnumber: 747
++gidnumber: 747
++homeDirectory: /home/uid747
++
++dn: cn=user748,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user748
++sn: user748
++uid: uid748
++givenname: givenname748
++description: description748
++userPassword: password748
++mail: uid748
++uidnumber: 748
++gidnumber: 748
++homeDirectory: /home/uid748
++
++dn: cn=user749,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user749
++sn: user749
++uid: uid749
++givenname: givenname749
++description: description749
++userPassword: password749
++mail: uid749
++uidnumber: 749
++gidnumber: 749
++homeDirectory: /home/uid749
++
++dn: cn=user750,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user750
++sn: user750
++uid: uid750
++givenname: givenname750
++description: description750
++userPassword: password750
++mail: uid750
++uidnumber: 750
++gidnumber: 750
++homeDirectory: /home/uid750
++
++dn: cn=user751,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user751
++sn: user751
++uid: uid751
++givenname: givenname751
++description: description751
++userPassword: password751
++mail: uid751
++uidnumber: 751
++gidnumber: 751
++homeDirectory: /home/uid751
++
++dn: cn=user752,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user752
++sn: user752
++uid: uid752
++givenname: givenname752
++description: description752
++userPassword: password752
++mail: uid752
++uidnumber: 752
++gidnumber: 752
++homeDirectory: /home/uid752
++
++dn: cn=user753,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user753
++sn: user753
++uid: uid753
++givenname: givenname753
++description: description753
++userPassword: password753
++mail: uid753
++uidnumber: 753
++gidnumber: 753
++homeDirectory: /home/uid753
++
++dn: cn=user754,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user754
++sn: user754
++uid: uid754
++givenname: givenname754
++description: description754
++userPassword: password754
++mail: uid754
++uidnumber: 754
++gidnumber: 754
++homeDirectory: /home/uid754
++
++dn: cn=user755,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user755
++sn: user755
++uid: uid755
++givenname: givenname755
++description: description755
++userPassword: password755
++mail: uid755
++uidnumber: 755
++gidnumber: 755
++homeDirectory: /home/uid755
++
++dn: cn=user756,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user756
++sn: user756
++uid: uid756
++givenname: givenname756
++description: description756
++userPassword: password756
++mail: uid756
++uidnumber: 756
++gidnumber: 756
++homeDirectory: /home/uid756
++
++dn: cn=user757,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user757
++sn: user757
++uid: uid757
++givenname: givenname757
++description: description757
++userPassword: password757
++mail: uid757
++uidnumber: 757
++gidnumber: 757
++homeDirectory: /home/uid757
++
++dn: cn=user758,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user758
++sn: user758
++uid: uid758
++givenname: givenname758
++description: description758
++userPassword: password758
++mail: uid758
++uidnumber: 758
++gidnumber: 758
++homeDirectory: /home/uid758
++
++dn: cn=user759,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user759
++sn: user759
++uid: uid759
++givenname: givenname759
++description: description759
++userPassword: password759
++mail: uid759
++uidnumber: 759
++gidnumber: 759
++homeDirectory: /home/uid759
++
++dn: cn=user760,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user760
++sn: user760
++uid: uid760
++givenname: givenname760
++description: description760
++userPassword: password760
++mail: uid760
++uidnumber: 760
++gidnumber: 760
++homeDirectory: /home/uid760
++
++dn: cn=user761,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user761
++sn: user761
++uid: uid761
++givenname: givenname761
++description: description761
++userPassword: password761
++mail: uid761
++uidnumber: 761
++gidnumber: 761
++homeDirectory: /home/uid761
++
++dn: cn=user762,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user762
++sn: user762
++uid: uid762
++givenname: givenname762
++description: description762
++userPassword: password762
++mail: uid762
++uidnumber: 762
++gidnumber: 762
++homeDirectory: /home/uid762
++
++dn: cn=user763,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user763
++sn: user763
++uid: uid763
++givenname: givenname763
++description: description763
++userPassword: password763
++mail: uid763
++uidnumber: 763
++gidnumber: 763
++homeDirectory: /home/uid763
++
++dn: cn=user764,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user764
++sn: user764
++uid: uid764
++givenname: givenname764
++description: description764
++userPassword: password764
++mail: uid764
++uidnumber: 764
++gidnumber: 764
++homeDirectory: /home/uid764
++
++dn: cn=user765,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user765
++sn: user765
++uid: uid765
++givenname: givenname765
++description: description765
++userPassword: password765
++mail: uid765
++uidnumber: 765
++gidnumber: 765
++homeDirectory: /home/uid765
++
++dn: cn=user766,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user766
++sn: user766
++uid: uid766
++givenname: givenname766
++description: description766
++userPassword: password766
++mail: uid766
++uidnumber: 766
++gidnumber: 766
++homeDirectory: /home/uid766
++
++dn: cn=user767,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user767
++sn: user767
++uid: uid767
++givenname: givenname767
++description: description767
++userPassword: password767
++mail: uid767
++uidnumber: 767
++gidnumber: 767
++homeDirectory: /home/uid767
++
++dn: cn=user768,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user768
++sn: user768
++uid: uid768
++givenname: givenname768
++description: description768
++userPassword: password768
++mail: uid768
++uidnumber: 768
++gidnumber: 768
++homeDirectory: /home/uid768
++
++dn: cn=user769,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user769
++sn: user769
++uid: uid769
++givenname: givenname769
++description: description769
++userPassword: password769
++mail: uid769
++uidnumber: 769
++gidnumber: 769
++homeDirectory: /home/uid769
++
++dn: cn=user770,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user770
++sn: user770
++uid: uid770
++givenname: givenname770
++description: description770
++userPassword: password770
++mail: uid770
++uidnumber: 770
++gidnumber: 770
++homeDirectory: /home/uid770
++
++dn: cn=user771,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user771
++sn: user771
++uid: uid771
++givenname: givenname771
++description: description771
++userPassword: password771
++mail: uid771
++uidnumber: 771
++gidnumber: 771
++homeDirectory: /home/uid771
++
++dn: cn=user772,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user772
++sn: user772
++uid: uid772
++givenname: givenname772
++description: description772
++userPassword: password772
++mail: uid772
++uidnumber: 772
++gidnumber: 772
++homeDirectory: /home/uid772
++
++dn: cn=user773,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user773
++sn: user773
++uid: uid773
++givenname: givenname773
++description: description773
++userPassword: password773
++mail: uid773
++uidnumber: 773
++gidnumber: 773
++homeDirectory: /home/uid773
++
++dn: cn=user774,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user774
++sn: user774
++uid: uid774
++givenname: givenname774
++description: description774
++userPassword: password774
++mail: uid774
++uidnumber: 774
++gidnumber: 774
++homeDirectory: /home/uid774
++
++dn: cn=user775,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user775
++sn: user775
++uid: uid775
++givenname: givenname775
++description: description775
++userPassword: password775
++mail: uid775
++uidnumber: 775
++gidnumber: 775
++homeDirectory: /home/uid775
++
++dn: cn=user776,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user776
++sn: user776
++uid: uid776
++givenname: givenname776
++description: description776
++userPassword: password776
++mail: uid776
++uidnumber: 776
++gidnumber: 776
++homeDirectory: /home/uid776
++
++dn: cn=user777,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user777
++sn: user777
++uid: uid777
++givenname: givenname777
++description: description777
++userPassword: password777
++mail: uid777
++uidnumber: 777
++gidnumber: 777
++homeDirectory: /home/uid777
++
++dn: cn=user778,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user778
++sn: user778
++uid: uid778
++givenname: givenname778
++description: description778
++userPassword: password778
++mail: uid778
++uidnumber: 778
++gidnumber: 778
++homeDirectory: /home/uid778
++
++dn: cn=user779,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user779
++sn: user779
++uid: uid779
++givenname: givenname779
++description: description779
++userPassword: password779
++mail: uid779
++uidnumber: 779
++gidnumber: 779
++homeDirectory: /home/uid779
++
++dn: cn=user780,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user780
++sn: user780
++uid: uid780
++givenname: givenname780
++description: description780
++userPassword: password780
++mail: uid780
++uidnumber: 780
++gidnumber: 780
++homeDirectory: /home/uid780
++
++dn: cn=user781,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user781
++sn: user781
++uid: uid781
++givenname: givenname781
++description: description781
++userPassword: password781
++mail: uid781
++uidnumber: 781
++gidnumber: 781
++homeDirectory: /home/uid781
++
++dn: cn=user782,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user782
++sn: user782
++uid: uid782
++givenname: givenname782
++description: description782
++userPassword: password782
++mail: uid782
++uidnumber: 782
++gidnumber: 782
++homeDirectory: /home/uid782
++
++dn: cn=user783,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user783
++sn: user783
++uid: uid783
++givenname: givenname783
++description: description783
++userPassword: password783
++mail: uid783
++uidnumber: 783
++gidnumber: 783
++homeDirectory: /home/uid783
++
++dn: cn=user784,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user784
++sn: user784
++uid: uid784
++givenname: givenname784
++description: description784
++userPassword: password784
++mail: uid784
++uidnumber: 784
++gidnumber: 784
++homeDirectory: /home/uid784
++
++dn: cn=user785,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user785
++sn: user785
++uid: uid785
++givenname: givenname785
++description: description785
++userPassword: password785
++mail: uid785
++uidnumber: 785
++gidnumber: 785
++homeDirectory: /home/uid785
++
++dn: cn=user786,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user786
++sn: user786
++uid: uid786
++givenname: givenname786
++description: description786
++userPassword: password786
++mail: uid786
++uidnumber: 786
++gidnumber: 786
++homeDirectory: /home/uid786
++
++dn: cn=user787,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user787
++sn: user787
++uid: uid787
++givenname: givenname787
++description: description787
++userPassword: password787
++mail: uid787
++uidnumber: 787
++gidnumber: 787
++homeDirectory: /home/uid787
++
++dn: cn=user788,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user788
++sn: user788
++uid: uid788
++givenname: givenname788
++description: description788
++userPassword: password788
++mail: uid788
++uidnumber: 788
++gidnumber: 788
++homeDirectory: /home/uid788
++
++dn: cn=user789,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user789
++sn: user789
++uid: uid789
++givenname: givenname789
++description: description789
++userPassword: password789
++mail: uid789
++uidnumber: 789
++gidnumber: 789
++homeDirectory: /home/uid789
++
++dn: cn=user790,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user790
++sn: user790
++uid: uid790
++givenname: givenname790
++description: description790
++userPassword: password790
++mail: uid790
++uidnumber: 790
++gidnumber: 790
++homeDirectory: /home/uid790
++
++dn: cn=user791,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user791
++sn: user791
++uid: uid791
++givenname: givenname791
++description: description791
++userPassword: password791
++mail: uid791
++uidnumber: 791
++gidnumber: 791
++homeDirectory: /home/uid791
++
++dn: cn=user792,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user792
++sn: user792
++uid: uid792
++givenname: givenname792
++description: description792
++userPassword: password792
++mail: uid792
++uidnumber: 792
++gidnumber: 792
++homeDirectory: /home/uid792
++
++dn: cn=user793,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user793
++sn: user793
++uid: uid793
++givenname: givenname793
++description: description793
++userPassword: password793
++mail: uid793
++uidnumber: 793
++gidnumber: 793
++homeDirectory: /home/uid793
++
++dn: cn=user794,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user794
++sn: user794
++uid: uid794
++givenname: givenname794
++description: description794
++userPassword: password794
++mail: uid794
++uidnumber: 794
++gidnumber: 794
++homeDirectory: /home/uid794
++
++dn: cn=user795,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user795
++sn: user795
++uid: uid795
++givenname: givenname795
++description: description795
++userPassword: password795
++mail: uid795
++uidnumber: 795
++gidnumber: 795
++homeDirectory: /home/uid795
++
++dn: cn=user796,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user796
++sn: user796
++uid: uid796
++givenname: givenname796
++description: description796
++userPassword: password796
++mail: uid796
++uidnumber: 796
++gidnumber: 796
++homeDirectory: /home/uid796
++
++dn: cn=user797,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user797
++sn: user797
++uid: uid797
++givenname: givenname797
++description: description797
++userPassword: password797
++mail: uid797
++uidnumber: 797
++gidnumber: 797
++homeDirectory: /home/uid797
++
++dn: cn=user798,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user798
++sn: user798
++uid: uid798
++givenname: givenname798
++description: description798
++userPassword: password798
++mail: uid798
++uidnumber: 798
++gidnumber: 798
++homeDirectory: /home/uid798
++
++dn: cn=user799,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user799
++sn: user799
++uid: uid799
++givenname: givenname799
++description: description799
++userPassword: password799
++mail: uid799
++uidnumber: 799
++gidnumber: 799
++homeDirectory: /home/uid799
++
++dn: cn=user800,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user800
++sn: user800
++uid: uid800
++givenname: givenname800
++description: description800
++userPassword: password800
++mail: uid800
++uidnumber: 800
++gidnumber: 800
++homeDirectory: /home/uid800
++
++dn: cn=user801,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user801
++sn: user801
++uid: uid801
++givenname: givenname801
++description: description801
++userPassword: password801
++mail: uid801
++uidnumber: 801
++gidnumber: 801
++homeDirectory: /home/uid801
++
++dn: cn=user802,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user802
++sn: user802
++uid: uid802
++givenname: givenname802
++description: description802
++userPassword: password802
++mail: uid802
++uidnumber: 802
++gidnumber: 802
++homeDirectory: /home/uid802
++
++dn: cn=user803,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user803
++sn: user803
++uid: uid803
++givenname: givenname803
++description: description803
++userPassword: password803
++mail: uid803
++uidnumber: 803
++gidnumber: 803
++homeDirectory: /home/uid803
++
++dn: cn=user804,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user804
++sn: user804
++uid: uid804
++givenname: givenname804
++description: description804
++userPassword: password804
++mail: uid804
++uidnumber: 804
++gidnumber: 804
++homeDirectory: /home/uid804
++
++dn: cn=user805,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user805
++sn: user805
++uid: uid805
++givenname: givenname805
++description: description805
++userPassword: password805
++mail: uid805
++uidnumber: 805
++gidnumber: 805
++homeDirectory: /home/uid805
++
++dn: cn=user806,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user806
++sn: user806
++uid: uid806
++givenname: givenname806
++description: description806
++userPassword: password806
++mail: uid806
++uidnumber: 806
++gidnumber: 806
++homeDirectory: /home/uid806
++
++dn: cn=user807,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user807
++sn: user807
++uid: uid807
++givenname: givenname807
++description: description807
++userPassword: password807
++mail: uid807
++uidnumber: 807
++gidnumber: 807
++homeDirectory: /home/uid807
++
++dn: cn=user808,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user808
++sn: user808
++uid: uid808
++givenname: givenname808
++description: description808
++userPassword: password808
++mail: uid808
++uidnumber: 808
++gidnumber: 808
++homeDirectory: /home/uid808
++
++dn: cn=user809,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user809
++sn: user809
++uid: uid809
++givenname: givenname809
++description: description809
++userPassword: password809
++mail: uid809
++uidnumber: 809
++gidnumber: 809
++homeDirectory: /home/uid809
++
++dn: cn=user810,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user810
++sn: user810
++uid: uid810
++givenname: givenname810
++description: description810
++userPassword: password810
++mail: uid810
++uidnumber: 810
++gidnumber: 810
++homeDirectory: /home/uid810
++
++dn: cn=user811,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user811
++sn: user811
++uid: uid811
++givenname: givenname811
++description: description811
++userPassword: password811
++mail: uid811
++uidnumber: 811
++gidnumber: 811
++homeDirectory: /home/uid811
++
++dn: cn=user812,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user812
++sn: user812
++uid: uid812
++givenname: givenname812
++description: description812
++userPassword: password812
++mail: uid812
++uidnumber: 812
++gidnumber: 812
++homeDirectory: /home/uid812
++
++dn: cn=user813,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user813
++sn: user813
++uid: uid813
++givenname: givenname813
++description: description813
++userPassword: password813
++mail: uid813
++uidnumber: 813
++gidnumber: 813
++homeDirectory: /home/uid813
++
++dn: cn=user814,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user814
++sn: user814
++uid: uid814
++givenname: givenname814
++description: description814
++userPassword: password814
++mail: uid814
++uidnumber: 814
++gidnumber: 814
++homeDirectory: /home/uid814
++
++dn: cn=user815,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user815
++sn: user815
++uid: uid815
++givenname: givenname815
++description: description815
++userPassword: password815
++mail: uid815
++uidnumber: 815
++gidnumber: 815
++homeDirectory: /home/uid815
++
++dn: cn=user816,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user816
++sn: user816
++uid: uid816
++givenname: givenname816
++description: description816
++userPassword: password816
++mail: uid816
++uidnumber: 816
++gidnumber: 816
++homeDirectory: /home/uid816
++
++dn: cn=user817,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user817
++sn: user817
++uid: uid817
++givenname: givenname817
++description: description817
++userPassword: password817
++mail: uid817
++uidnumber: 817
++gidnumber: 817
++homeDirectory: /home/uid817
++
++dn: cn=user818,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user818
++sn: user818
++uid: uid818
++givenname: givenname818
++description: description818
++userPassword: password818
++mail: uid818
++uidnumber: 818
++gidnumber: 818
++homeDirectory: /home/uid818
++
++dn: cn=user819,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user819
++sn: user819
++uid: uid819
++givenname: givenname819
++description: description819
++userPassword: password819
++mail: uid819
++uidnumber: 819
++gidnumber: 819
++homeDirectory: /home/uid819
++
++dn: cn=user820,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user820
++sn: user820
++uid: uid820
++givenname: givenname820
++description: description820
++userPassword: password820
++mail: uid820
++uidnumber: 820
++gidnumber: 820
++homeDirectory: /home/uid820
++
++dn: cn=user821,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user821
++sn: user821
++uid: uid821
++givenname: givenname821
++description: description821
++userPassword: password821
++mail: uid821
++uidnumber: 821
++gidnumber: 821
++homeDirectory: /home/uid821
++
++dn: cn=user822,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user822
++sn: user822
++uid: uid822
++givenname: givenname822
++description: description822
++userPassword: password822
++mail: uid822
++uidnumber: 822
++gidnumber: 822
++homeDirectory: /home/uid822
++
++dn: cn=user823,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user823
++sn: user823
++uid: uid823
++givenname: givenname823
++description: description823
++userPassword: password823
++mail: uid823
++uidnumber: 823
++gidnumber: 823
++homeDirectory: /home/uid823
++
++dn: cn=user824,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user824
++sn: user824
++uid: uid824
++givenname: givenname824
++description: description824
++userPassword: password824
++mail: uid824
++uidnumber: 824
++gidnumber: 824
++homeDirectory: /home/uid824
++
++dn: cn=user825,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user825
++sn: user825
++uid: uid825
++givenname: givenname825
++description: description825
++userPassword: password825
++mail: uid825
++uidnumber: 825
++gidnumber: 825
++homeDirectory: /home/uid825
++
++dn: cn=user826,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user826
++sn: user826
++uid: uid826
++givenname: givenname826
++description: description826
++userPassword: password826
++mail: uid826
++uidnumber: 826
++gidnumber: 826
++homeDirectory: /home/uid826
++
++dn: cn=user827,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user827
++sn: user827
++uid: uid827
++givenname: givenname827
++description: description827
++userPassword: password827
++mail: uid827
++uidnumber: 827
++gidnumber: 827
++homeDirectory: /home/uid827
++
++dn: cn=user828,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user828
++sn: user828
++uid: uid828
++givenname: givenname828
++description: description828
++userPassword: password828
++mail: uid828
++uidnumber: 828
++gidnumber: 828
++homeDirectory: /home/uid828
++
++dn: cn=user829,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user829
++sn: user829
++uid: uid829
++givenname: givenname829
++description: description829
++userPassword: password829
++mail: uid829
++uidnumber: 829
++gidnumber: 829
++homeDirectory: /home/uid829
++
++dn: cn=user830,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user830
++sn: user830
++uid: uid830
++givenname: givenname830
++description: description830
++userPassword: password830
++mail: uid830
++uidnumber: 830
++gidnumber: 830
++homeDirectory: /home/uid830
++
++dn: cn=user831,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user831
++sn: user831
++uid: uid831
++givenname: givenname831
++description: description831
++userPassword: password831
++mail: uid831
++uidnumber: 831
++gidnumber: 831
++homeDirectory: /home/uid831
++
++dn: cn=user832,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user832
++sn: user832
++uid: uid832
++givenname: givenname832
++description: description832
++userPassword: password832
++mail: uid832
++uidnumber: 832
++gidnumber: 832
++homeDirectory: /home/uid832
++
++dn: cn=user833,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user833
++sn: user833
++uid: uid833
++givenname: givenname833
++description: description833
++userPassword: password833
++mail: uid833
++uidnumber: 833
++gidnumber: 833
++homeDirectory: /home/uid833
++
++dn: cn=user834,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user834
++sn: user834
++uid: uid834
++givenname: givenname834
++description: description834
++userPassword: password834
++mail: uid834
++uidnumber: 834
++gidnumber: 834
++homeDirectory: /home/uid834
++
++dn: cn=user835,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user835
++sn: user835
++uid: uid835
++givenname: givenname835
++description: description835
++userPassword: password835
++mail: uid835
++uidnumber: 835
++gidnumber: 835
++homeDirectory: /home/uid835
++
++dn: cn=user836,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user836
++sn: user836
++uid: uid836
++givenname: givenname836
++description: description836
++userPassword: password836
++mail: uid836
++uidnumber: 836
++gidnumber: 836
++homeDirectory: /home/uid836
++
++dn: cn=user837,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user837
++sn: user837
++uid: uid837
++givenname: givenname837
++description: description837
++userPassword: password837
++mail: uid837
++uidnumber: 837
++gidnumber: 837
++homeDirectory: /home/uid837
++
++dn: cn=user838,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user838
++sn: user838
++uid: uid838
++givenname: givenname838
++description: description838
++userPassword: password838
++mail: uid838
++uidnumber: 838
++gidnumber: 838
++homeDirectory: /home/uid838
++
++dn: cn=user839,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user839
++sn: user839
++uid: uid839
++givenname: givenname839
++description: description839
++userPassword: password839
++mail: uid839
++uidnumber: 839
++gidnumber: 839
++homeDirectory: /home/uid839
++
++dn: cn=user840,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user840
++sn: user840
++uid: uid840
++givenname: givenname840
++description: description840
++userPassword: password840
++mail: uid840
++uidnumber: 840
++gidnumber: 840
++homeDirectory: /home/uid840
++
++dn: cn=user841,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user841
++sn: user841
++uid: uid841
++givenname: givenname841
++description: description841
++userPassword: password841
++mail: uid841
++uidnumber: 841
++gidnumber: 841
++homeDirectory: /home/uid841
++
++dn: cn=user842,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user842
++sn: user842
++uid: uid842
++givenname: givenname842
++description: description842
++userPassword: password842
++mail: uid842
++uidnumber: 842
++gidnumber: 842
++homeDirectory: /home/uid842
++
++dn: cn=user843,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user843
++sn: user843
++uid: uid843
++givenname: givenname843
++description: description843
++userPassword: password843
++mail: uid843
++uidnumber: 843
++gidnumber: 843
++homeDirectory: /home/uid843
++
++dn: cn=user844,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user844
++sn: user844
++uid: uid844
++givenname: givenname844
++description: description844
++userPassword: password844
++mail: uid844
++uidnumber: 844
++gidnumber: 844
++homeDirectory: /home/uid844
++
++dn: cn=user845,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user845
++sn: user845
++uid: uid845
++givenname: givenname845
++description: description845
++userPassword: password845
++mail: uid845
++uidnumber: 845
++gidnumber: 845
++homeDirectory: /home/uid845
++
++dn: cn=user846,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user846
++sn: user846
++uid: uid846
++givenname: givenname846
++description: description846
++userPassword: password846
++mail: uid846
++uidnumber: 846
++gidnumber: 846
++homeDirectory: /home/uid846
++
++dn: cn=user847,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user847
++sn: user847
++uid: uid847
++givenname: givenname847
++description: description847
++userPassword: password847
++mail: uid847
++uidnumber: 847
++gidnumber: 847
++homeDirectory: /home/uid847
++
++dn: cn=user848,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user848
++sn: user848
++uid: uid848
++givenname: givenname848
++description: description848
++userPassword: password848
++mail: uid848
++uidnumber: 848
++gidnumber: 848
++homeDirectory: /home/uid848
++
++dn: cn=user849,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user849
++sn: user849
++uid: uid849
++givenname: givenname849
++description: description849
++userPassword: password849
++mail: uid849
++uidnumber: 849
++gidnumber: 849
++homeDirectory: /home/uid849
++
++dn: cn=user850,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user850
++sn: user850
++uid: uid850
++givenname: givenname850
++description: description850
++userPassword: password850
++mail: uid850
++uidnumber: 850
++gidnumber: 850
++homeDirectory: /home/uid850
++
++dn: cn=user851,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user851
++sn: user851
++uid: uid851
++givenname: givenname851
++description: description851
++userPassword: password851
++mail: uid851
++uidnumber: 851
++gidnumber: 851
++homeDirectory: /home/uid851
++
++dn: cn=user852,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user852
++sn: user852
++uid: uid852
++givenname: givenname852
++description: description852
++userPassword: password852
++mail: uid852
++uidnumber: 852
++gidnumber: 852
++homeDirectory: /home/uid852
++
++dn: cn=user853,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user853
++sn: user853
++uid: uid853
++givenname: givenname853
++description: description853
++userPassword: password853
++mail: uid853
++uidnumber: 853
++gidnumber: 853
++homeDirectory: /home/uid853
++
++dn: cn=user854,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user854
++sn: user854
++uid: uid854
++givenname: givenname854
++description: description854
++userPassword: password854
++mail: uid854
++uidnumber: 854
++gidnumber: 854
++homeDirectory: /home/uid854
++
++dn: cn=user855,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user855
++sn: user855
++uid: uid855
++givenname: givenname855
++description: description855
++userPassword: password855
++mail: uid855
++uidnumber: 855
++gidnumber: 855
++homeDirectory: /home/uid855
++
++dn: cn=user856,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user856
++sn: user856
++uid: uid856
++givenname: givenname856
++description: description856
++userPassword: password856
++mail: uid856
++uidnumber: 856
++gidnumber: 856
++homeDirectory: /home/uid856
++
++dn: cn=user857,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user857
++sn: user857
++uid: uid857
++givenname: givenname857
++description: description857
++userPassword: password857
++mail: uid857
++uidnumber: 857
++gidnumber: 857
++homeDirectory: /home/uid857
++
++dn: cn=user858,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user858
++sn: user858
++uid: uid858
++givenname: givenname858
++description: description858
++userPassword: password858
++mail: uid858
++uidnumber: 858
++gidnumber: 858
++homeDirectory: /home/uid858
++
++dn: cn=user859,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user859
++sn: user859
++uid: uid859
++givenname: givenname859
++description: description859
++userPassword: password859
++mail: uid859
++uidnumber: 859
++gidnumber: 859
++homeDirectory: /home/uid859
++
++dn: cn=user860,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user860
++sn: user860
++uid: uid860
++givenname: givenname860
++description: description860
++userPassword: password860
++mail: uid860
++uidnumber: 860
++gidnumber: 860
++homeDirectory: /home/uid860
++
++dn: cn=user861,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user861
++sn: user861
++uid: uid861
++givenname: givenname861
++description: description861
++userPassword: password861
++mail: uid861
++uidnumber: 861
++gidnumber: 861
++homeDirectory: /home/uid861
++
++dn: cn=user862,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user862
++sn: user862
++uid: uid862
++givenname: givenname862
++description: description862
++userPassword: password862
++mail: uid862
++uidnumber: 862
++gidnumber: 862
++homeDirectory: /home/uid862
++
++dn: cn=user863,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user863
++sn: user863
++uid: uid863
++givenname: givenname863
++description: description863
++userPassword: password863
++mail: uid863
++uidnumber: 863
++gidnumber: 863
++homeDirectory: /home/uid863
++
++dn: cn=user864,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user864
++sn: user864
++uid: uid864
++givenname: givenname864
++description: description864
++userPassword: password864
++mail: uid864
++uidnumber: 864
++gidnumber: 864
++homeDirectory: /home/uid864
++
++dn: cn=user865,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user865
++sn: user865
++uid: uid865
++givenname: givenname865
++description: description865
++userPassword: password865
++mail: uid865
++uidnumber: 865
++gidnumber: 865
++homeDirectory: /home/uid865
++
++dn: cn=user866,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user866
++sn: user866
++uid: uid866
++givenname: givenname866
++description: description866
++userPassword: password866
++mail: uid866
++uidnumber: 866
++gidnumber: 866
++homeDirectory: /home/uid866
++
++dn: cn=user867,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user867
++sn: user867
++uid: uid867
++givenname: givenname867
++description: description867
++userPassword: password867
++mail: uid867
++uidnumber: 867
++gidnumber: 867
++homeDirectory: /home/uid867
++
++dn: cn=user868,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user868
++sn: user868
++uid: uid868
++givenname: givenname868
++description: description868
++userPassword: password868
++mail: uid868
++uidnumber: 868
++gidnumber: 868
++homeDirectory: /home/uid868
++
++dn: cn=user869,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user869
++sn: user869
++uid: uid869
++givenname: givenname869
++description: description869
++userPassword: password869
++mail: uid869
++uidnumber: 869
++gidnumber: 869
++homeDirectory: /home/uid869
++
++dn: cn=user870,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user870
++sn: user870
++uid: uid870
++givenname: givenname870
++description: description870
++userPassword: password870
++mail: uid870
++uidnumber: 870
++gidnumber: 870
++homeDirectory: /home/uid870
++
++dn: cn=user871,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user871
++sn: user871
++uid: uid871
++givenname: givenname871
++description: description871
++userPassword: password871
++mail: uid871
++uidnumber: 871
++gidnumber: 871
++homeDirectory: /home/uid871
++
++dn: cn=user872,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user872
++sn: user872
++uid: uid872
++givenname: givenname872
++description: description872
++userPassword: password872
++mail: uid872
++uidnumber: 872
++gidnumber: 872
++homeDirectory: /home/uid872
++
++dn: cn=user873,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user873
++sn: user873
++uid: uid873
++givenname: givenname873
++description: description873
++userPassword: password873
++mail: uid873
++uidnumber: 873
++gidnumber: 873
++homeDirectory: /home/uid873
++
++dn: cn=user874,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user874
++sn: user874
++uid: uid874
++givenname: givenname874
++description: description874
++userPassword: password874
++mail: uid874
++uidnumber: 874
++gidnumber: 874
++homeDirectory: /home/uid874
++
++dn: cn=user875,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user875
++sn: user875
++uid: uid875
++givenname: givenname875
++description: description875
++userPassword: password875
++mail: uid875
++uidnumber: 875
++gidnumber: 875
++homeDirectory: /home/uid875
++
++dn: cn=user876,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user876
++sn: user876
++uid: uid876
++givenname: givenname876
++description: description876
++userPassword: password876
++mail: uid876
++uidnumber: 876
++gidnumber: 876
++homeDirectory: /home/uid876
++
++dn: cn=user877,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user877
++sn: user877
++uid: uid877
++givenname: givenname877
++description: description877
++userPassword: password877
++mail: uid877
++uidnumber: 877
++gidnumber: 877
++homeDirectory: /home/uid877
++
++dn: cn=user878,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user878
++sn: user878
++uid: uid878
++givenname: givenname878
++description: description878
++userPassword: password878
++mail: uid878
++uidnumber: 878
++gidnumber: 878
++homeDirectory: /home/uid878
++
++dn: cn=user879,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user879
++sn: user879
++uid: uid879
++givenname: givenname879
++description: description879
++userPassword: password879
++mail: uid879
++uidnumber: 879
++gidnumber: 879
++homeDirectory: /home/uid879
++
++dn: cn=user880,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user880
++sn: user880
++uid: uid880
++givenname: givenname880
++description: description880
++userPassword: password880
++mail: uid880
++uidnumber: 880
++gidnumber: 880
++homeDirectory: /home/uid880
++
++dn: cn=user881,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user881
++sn: user881
++uid: uid881
++givenname: givenname881
++description: description881
++userPassword: password881
++mail: uid881
++uidnumber: 881
++gidnumber: 881
++homeDirectory: /home/uid881
++
++dn: cn=user882,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user882
++sn: user882
++uid: uid882
++givenname: givenname882
++description: description882
++userPassword: password882
++mail: uid882
++uidnumber: 882
++gidnumber: 882
++homeDirectory: /home/uid882
++
++dn: cn=user883,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user883
++sn: user883
++uid: uid883
++givenname: givenname883
++description: description883
++userPassword: password883
++mail: uid883
++uidnumber: 883
++gidnumber: 883
++homeDirectory: /home/uid883
++
++dn: cn=user884,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user884
++sn: user884
++uid: uid884
++givenname: givenname884
++description: description884
++userPassword: password884
++mail: uid884
++uidnumber: 884
++gidnumber: 884
++homeDirectory: /home/uid884
++
++dn: cn=user885,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user885
++sn: user885
++uid: uid885
++givenname: givenname885
++description: description885
++userPassword: password885
++mail: uid885
++uidnumber: 885
++gidnumber: 885
++homeDirectory: /home/uid885
++
++dn: cn=user886,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user886
++sn: user886
++uid: uid886
++givenname: givenname886
++description: description886
++userPassword: password886
++mail: uid886
++uidnumber: 886
++gidnumber: 886
++homeDirectory: /home/uid886
++
++dn: cn=user887,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user887
++sn: user887
++uid: uid887
++givenname: givenname887
++description: description887
++userPassword: password887
++mail: uid887
++uidnumber: 887
++gidnumber: 887
++homeDirectory: /home/uid887
++
++dn: cn=user888,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user888
++sn: user888
++uid: uid888
++givenname: givenname888
++description: description888
++userPassword: password888
++mail: uid888
++uidnumber: 888
++gidnumber: 888
++homeDirectory: /home/uid888
++
++dn: cn=user889,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user889
++sn: user889
++uid: uid889
++givenname: givenname889
++description: description889
++userPassword: password889
++mail: uid889
++uidnumber: 889
++gidnumber: 889
++homeDirectory: /home/uid889
++
++dn: cn=user890,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user890
++sn: user890
++uid: uid890
++givenname: givenname890
++description: description890
++userPassword: password890
++mail: uid890
++uidnumber: 890
++gidnumber: 890
++homeDirectory: /home/uid890
++
++dn: cn=user891,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user891
++sn: user891
++uid: uid891
++givenname: givenname891
++description: description891
++userPassword: password891
++mail: uid891
++uidnumber: 891
++gidnumber: 891
++homeDirectory: /home/uid891
++
++dn: cn=user892,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user892
++sn: user892
++uid: uid892
++givenname: givenname892
++description: description892
++userPassword: password892
++mail: uid892
++uidnumber: 892
++gidnumber: 892
++homeDirectory: /home/uid892
++
++dn: cn=user893,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user893
++sn: user893
++uid: uid893
++givenname: givenname893
++description: description893
++userPassword: password893
++mail: uid893
++uidnumber: 893
++gidnumber: 893
++homeDirectory: /home/uid893
++
++dn: cn=user894,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user894
++sn: user894
++uid: uid894
++givenname: givenname894
++description: description894
++userPassword: password894
++mail: uid894
++uidnumber: 894
++gidnumber: 894
++homeDirectory: /home/uid894
++
++dn: cn=user895,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user895
++sn: user895
++uid: uid895
++givenname: givenname895
++description: description895
++userPassword: password895
++mail: uid895
++uidnumber: 895
++gidnumber: 895
++homeDirectory: /home/uid895
++
++dn: cn=user896,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user896
++sn: user896
++uid: uid896
++givenname: givenname896
++description: description896
++userPassword: password896
++mail: uid896
++uidnumber: 896
++gidnumber: 896
++homeDirectory: /home/uid896
++
++dn: cn=user897,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user897
++sn: user897
++uid: uid897
++givenname: givenname897
++description: description897
++userPassword: password897
++mail: uid897
++uidnumber: 897
++gidnumber: 897
++homeDirectory: /home/uid897
++
++dn: cn=user898,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user898
++sn: user898
++uid: uid898
++givenname: givenname898
++description: description898
++userPassword: password898
++mail: uid898
++uidnumber: 898
++gidnumber: 898
++homeDirectory: /home/uid898
++
++dn: cn=user899,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user899
++sn: user899
++uid: uid899
++givenname: givenname899
++description: description899
++userPassword: password899
++mail: uid899
++uidnumber: 899
++gidnumber: 899
++homeDirectory: /home/uid899
++
++dn: cn=user900,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user900
++sn: user900
++uid: uid900
++givenname: givenname900
++description: description900
++userPassword: password900
++mail: uid900
++uidnumber: 900
++gidnumber: 900
++homeDirectory: /home/uid900
++
++dn: cn=user901,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user901
++sn: user901
++uid: uid901
++givenname: givenname901
++description: description901
++userPassword: password901
++mail: uid901
++uidnumber: 901
++gidnumber: 901
++homeDirectory: /home/uid901
++
++dn: cn=user902,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user902
++sn: user902
++uid: uid902
++givenname: givenname902
++description: description902
++userPassword: password902
++mail: uid902
++uidnumber: 902
++gidnumber: 902
++homeDirectory: /home/uid902
++
++dn: cn=user903,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user903
++sn: user903
++uid: uid903
++givenname: givenname903
++description: description903
++userPassword: password903
++mail: uid903
++uidnumber: 903
++gidnumber: 903
++homeDirectory: /home/uid903
++
++dn: cn=user904,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user904
++sn: user904
++uid: uid904
++givenname: givenname904
++description: description904
++userPassword: password904
++mail: uid904
++uidnumber: 904
++gidnumber: 904
++homeDirectory: /home/uid904
++
++dn: cn=user905,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user905
++sn: user905
++uid: uid905
++givenname: givenname905
++description: description905
++userPassword: password905
++mail: uid905
++uidnumber: 905
++gidnumber: 905
++homeDirectory: /home/uid905
++
++dn: cn=user906,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user906
++sn: user906
++uid: uid906
++givenname: givenname906
++description: description906
++userPassword: password906
++mail: uid906
++uidnumber: 906
++gidnumber: 906
++homeDirectory: /home/uid906
++
++dn: cn=user907,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user907
++sn: user907
++uid: uid907
++givenname: givenname907
++description: description907
++userPassword: password907
++mail: uid907
++uidnumber: 907
++gidnumber: 907
++homeDirectory: /home/uid907
++
++dn: cn=user908,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user908
++sn: user908
++uid: uid908
++givenname: givenname908
++description: description908
++userPassword: password908
++mail: uid908
++uidnumber: 908
++gidnumber: 908
++homeDirectory: /home/uid908
++
++dn: cn=user909,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user909
++sn: user909
++uid: uid909
++givenname: givenname909
++description: description909
++userPassword: password909
++mail: uid909
++uidnumber: 909
++gidnumber: 909
++homeDirectory: /home/uid909
++
++dn: cn=user910,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user910
++sn: user910
++uid: uid910
++givenname: givenname910
++description: description910
++userPassword: password910
++mail: uid910
++uidnumber: 910
++gidnumber: 910
++homeDirectory: /home/uid910
++
++dn: cn=user911,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user911
++sn: user911
++uid: uid911
++givenname: givenname911
++description: description911
++userPassword: password911
++mail: uid911
++uidnumber: 911
++gidnumber: 911
++homeDirectory: /home/uid911
++
++dn: cn=user912,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user912
++sn: user912
++uid: uid912
++givenname: givenname912
++description: description912
++userPassword: password912
++mail: uid912
++uidnumber: 912
++gidnumber: 912
++homeDirectory: /home/uid912
++
++dn: cn=user913,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user913
++sn: user913
++uid: uid913
++givenname: givenname913
++description: description913
++userPassword: password913
++mail: uid913
++uidnumber: 913
++gidnumber: 913
++homeDirectory: /home/uid913
++
++dn: cn=user914,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user914
++sn: user914
++uid: uid914
++givenname: givenname914
++description: description914
++userPassword: password914
++mail: uid914
++uidnumber: 914
++gidnumber: 914
++homeDirectory: /home/uid914
++
++dn: cn=user915,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user915
++sn: user915
++uid: uid915
++givenname: givenname915
++description: description915
++userPassword: password915
++mail: uid915
++uidnumber: 915
++gidnumber: 915
++homeDirectory: /home/uid915
++
++dn: cn=user916,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user916
++sn: user916
++uid: uid916
++givenname: givenname916
++description: description916
++userPassword: password916
++mail: uid916
++uidnumber: 916
++gidnumber: 916
++homeDirectory: /home/uid916
++
++dn: cn=user917,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user917
++sn: user917
++uid: uid917
++givenname: givenname917
++description: description917
++userPassword: password917
++mail: uid917
++uidnumber: 917
++gidnumber: 917
++homeDirectory: /home/uid917
++
++dn: cn=user918,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user918
++sn: user918
++uid: uid918
++givenname: givenname918
++description: description918
++userPassword: password918
++mail: uid918
++uidnumber: 918
++gidnumber: 918
++homeDirectory: /home/uid918
++
++dn: cn=user919,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user919
++sn: user919
++uid: uid919
++givenname: givenname919
++description: description919
++userPassword: password919
++mail: uid919
++uidnumber: 919
++gidnumber: 919
++homeDirectory: /home/uid919
++
++dn: cn=user920,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user920
++sn: user920
++uid: uid920
++givenname: givenname920
++description: description920
++userPassword: password920
++mail: uid920
++uidnumber: 920
++gidnumber: 920
++homeDirectory: /home/uid920
++
++dn: cn=user921,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user921
++sn: user921
++uid: uid921
++givenname: givenname921
++description: description921
++userPassword: password921
++mail: uid921
++uidnumber: 921
++gidnumber: 921
++homeDirectory: /home/uid921
++
++dn: cn=user922,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user922
++sn: user922
++uid: uid922
++givenname: givenname922
++description: description922
++userPassword: password922
++mail: uid922
++uidnumber: 922
++gidnumber: 922
++homeDirectory: /home/uid922
++
++dn: cn=user923,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user923
++sn: user923
++uid: uid923
++givenname: givenname923
++description: description923
++userPassword: password923
++mail: uid923
++uidnumber: 923
++gidnumber: 923
++homeDirectory: /home/uid923
++
++dn: cn=user924,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user924
++sn: user924
++uid: uid924
++givenname: givenname924
++description: description924
++userPassword: password924
++mail: uid924
++uidnumber: 924
++gidnumber: 924
++homeDirectory: /home/uid924
++
++dn: cn=user925,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user925
++sn: user925
++uid: uid925
++givenname: givenname925
++description: description925
++userPassword: password925
++mail: uid925
++uidnumber: 925
++gidnumber: 925
++homeDirectory: /home/uid925
++
++dn: cn=user926,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user926
++sn: user926
++uid: uid926
++givenname: givenname926
++description: description926
++userPassword: password926
++mail: uid926
++uidnumber: 926
++gidnumber: 926
++homeDirectory: /home/uid926
++
++dn: cn=user927,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user927
++sn: user927
++uid: uid927
++givenname: givenname927
++description: description927
++userPassword: password927
++mail: uid927
++uidnumber: 927
++gidnumber: 927
++homeDirectory: /home/uid927
++
++dn: cn=user928,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user928
++sn: user928
++uid: uid928
++givenname: givenname928
++description: description928
++userPassword: password928
++mail: uid928
++uidnumber: 928
++gidnumber: 928
++homeDirectory: /home/uid928
++
++dn: cn=user929,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user929
++sn: user929
++uid: uid929
++givenname: givenname929
++description: description929
++userPassword: password929
++mail: uid929
++uidnumber: 929
++gidnumber: 929
++homeDirectory: /home/uid929
++
++dn: cn=user930,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user930
++sn: user930
++uid: uid930
++givenname: givenname930
++description: description930
++userPassword: password930
++mail: uid930
++uidnumber: 930
++gidnumber: 930
++homeDirectory: /home/uid930
++
++dn: cn=user931,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user931
++sn: user931
++uid: uid931
++givenname: givenname931
++description: description931
++userPassword: password931
++mail: uid931
++uidnumber: 931
++gidnumber: 931
++homeDirectory: /home/uid931
++
++dn: cn=user932,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user932
++sn: user932
++uid: uid932
++givenname: givenname932
++description: description932
++userPassword: password932
++mail: uid932
++uidnumber: 932
++gidnumber: 932
++homeDirectory: /home/uid932
++
++dn: cn=user933,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user933
++sn: user933
++uid: uid933
++givenname: givenname933
++description: description933
++userPassword: password933
++mail: uid933
++uidnumber: 933
++gidnumber: 933
++homeDirectory: /home/uid933
++
++dn: cn=user934,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user934
++sn: user934
++uid: uid934
++givenname: givenname934
++description: description934
++userPassword: password934
++mail: uid934
++uidnumber: 934
++gidnumber: 934
++homeDirectory: /home/uid934
++
++dn: cn=user935,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user935
++sn: user935
++uid: uid935
++givenname: givenname935
++description: description935
++userPassword: password935
++mail: uid935
++uidnumber: 935
++gidnumber: 935
++homeDirectory: /home/uid935
++
++dn: cn=user936,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user936
++sn: user936
++uid: uid936
++givenname: givenname936
++description: description936
++userPassword: password936
++mail: uid936
++uidnumber: 936
++gidnumber: 936
++homeDirectory: /home/uid936
++
++dn: cn=user937,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user937
++sn: user937
++uid: uid937
++givenname: givenname937
++description: description937
++userPassword: password937
++mail: uid937
++uidnumber: 937
++gidnumber: 937
++homeDirectory: /home/uid937
++
++dn: cn=user938,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user938
++sn: user938
++uid: uid938
++givenname: givenname938
++description: description938
++userPassword: password938
++mail: uid938
++uidnumber: 938
++gidnumber: 938
++homeDirectory: /home/uid938
++
++dn: cn=user939,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user939
++sn: user939
++uid: uid939
++givenname: givenname939
++description: description939
++userPassword: password939
++mail: uid939
++uidnumber: 939
++gidnumber: 939
++homeDirectory: /home/uid939
++
++dn: cn=user940,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user940
++sn: user940
++uid: uid940
++givenname: givenname940
++description: description940
++userPassword: password940
++mail: uid940
++uidnumber: 940
++gidnumber: 940
++homeDirectory: /home/uid940
++
++dn: cn=user941,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user941
++sn: user941
++uid: uid941
++givenname: givenname941
++description: description941
++userPassword: password941
++mail: uid941
++uidnumber: 941
++gidnumber: 941
++homeDirectory: /home/uid941
++
++dn: cn=user942,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user942
++sn: user942
++uid: uid942
++givenname: givenname942
++description: description942
++userPassword: password942
++mail: uid942
++uidnumber: 942
++gidnumber: 942
++homeDirectory: /home/uid942
++
++dn: cn=user943,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user943
++sn: user943
++uid: uid943
++givenname: givenname943
++description: description943
++userPassword: password943
++mail: uid943
++uidnumber: 943
++gidnumber: 943
++homeDirectory: /home/uid943
++
++dn: cn=user944,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user944
++sn: user944
++uid: uid944
++givenname: givenname944
++description: description944
++userPassword: password944
++mail: uid944
++uidnumber: 944
++gidnumber: 944
++homeDirectory: /home/uid944
++
++dn: cn=user945,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user945
++sn: user945
++uid: uid945
++givenname: givenname945
++description: description945
++userPassword: password945
++mail: uid945
++uidnumber: 945
++gidnumber: 945
++homeDirectory: /home/uid945
++
++dn: cn=user946,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user946
++sn: user946
++uid: uid946
++givenname: givenname946
++description: description946
++userPassword: password946
++mail: uid946
++uidnumber: 946
++gidnumber: 946
++homeDirectory: /home/uid946
++
++dn: cn=user947,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user947
++sn: user947
++uid: uid947
++givenname: givenname947
++description: description947
++userPassword: password947
++mail: uid947
++uidnumber: 947
++gidnumber: 947
++homeDirectory: /home/uid947
++
++dn: cn=user948,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user948
++sn: user948
++uid: uid948
++givenname: givenname948
++description: description948
++userPassword: password948
++mail: uid948
++uidnumber: 948
++gidnumber: 948
++homeDirectory: /home/uid948
++
++dn: cn=user949,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user949
++sn: user949
++uid: uid949
++givenname: givenname949
++description: description949
++userPassword: password949
++mail: uid949
++uidnumber: 949
++gidnumber: 949
++homeDirectory: /home/uid949
++
++dn: cn=user950,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user950
++sn: user950
++uid: uid950
++givenname: givenname950
++description: description950
++userPassword: password950
++mail: uid950
++uidnumber: 950
++gidnumber: 950
++homeDirectory: /home/uid950
++
++dn: cn=user951,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user951
++sn: user951
++uid: uid951
++givenname: givenname951
++description: description951
++userPassword: password951
++mail: uid951
++uidnumber: 951
++gidnumber: 951
++homeDirectory: /home/uid951
++
++dn: cn=user952,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user952
++sn: user952
++uid: uid952
++givenname: givenname952
++description: description952
++userPassword: password952
++mail: uid952
++uidnumber: 952
++gidnumber: 952
++homeDirectory: /home/uid952
++
++dn: cn=user953,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user953
++sn: user953
++uid: uid953
++givenname: givenname953
++description: description953
++userPassword: password953
++mail: uid953
++uidnumber: 953
++gidnumber: 953
++homeDirectory: /home/uid953
++
++dn: cn=user954,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user954
++sn: user954
++uid: uid954
++givenname: givenname954
++description: description954
++userPassword: password954
++mail: uid954
++uidnumber: 954
++gidnumber: 954
++homeDirectory: /home/uid954
++
++dn: cn=user955,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user955
++sn: user955
++uid: uid955
++givenname: givenname955
++description: description955
++userPassword: password955
++mail: uid955
++uidnumber: 955
++gidnumber: 955
++homeDirectory: /home/uid955
++
++dn: cn=user956,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user956
++sn: user956
++uid: uid956
++givenname: givenname956
++description: description956
++userPassword: password956
++mail: uid956
++uidnumber: 956
++gidnumber: 956
++homeDirectory: /home/uid956
++
++dn: cn=user957,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user957
++sn: user957
++uid: uid957
++givenname: givenname957
++description: description957
++userPassword: password957
++mail: uid957
++uidnumber: 957
++gidnumber: 957
++homeDirectory: /home/uid957
++
++dn: cn=user958,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user958
++sn: user958
++uid: uid958
++givenname: givenname958
++description: description958
++userPassword: password958
++mail: uid958
++uidnumber: 958
++gidnumber: 958
++homeDirectory: /home/uid958
++
++dn: cn=user959,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user959
++sn: user959
++uid: uid959
++givenname: givenname959
++description: description959
++userPassword: password959
++mail: uid959
++uidnumber: 959
++gidnumber: 959
++homeDirectory: /home/uid959
++
++dn: cn=user960,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user960
++sn: user960
++uid: uid960
++givenname: givenname960
++description: description960
++userPassword: password960
++mail: uid960
++uidnumber: 960
++gidnumber: 960
++homeDirectory: /home/uid960
++
++dn: cn=user961,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user961
++sn: user961
++uid: uid961
++givenname: givenname961
++description: description961
++userPassword: password961
++mail: uid961
++uidnumber: 961
++gidnumber: 961
++homeDirectory: /home/uid961
++
++dn: cn=user962,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user962
++sn: user962
++uid: uid962
++givenname: givenname962
++description: description962
++userPassword: password962
++mail: uid962
++uidnumber: 962
++gidnumber: 962
++homeDirectory: /home/uid962
++
++dn: cn=user963,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user963
++sn: user963
++uid: uid963
++givenname: givenname963
++description: description963
++userPassword: password963
++mail: uid963
++uidnumber: 963
++gidnumber: 963
++homeDirectory: /home/uid963
++
++dn: cn=user964,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user964
++sn: user964
++uid: uid964
++givenname: givenname964
++description: description964
++userPassword: password964
++mail: uid964
++uidnumber: 964
++gidnumber: 964
++homeDirectory: /home/uid964
++
++dn: cn=user965,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user965
++sn: user965
++uid: uid965
++givenname: givenname965
++description: description965
++userPassword: password965
++mail: uid965
++uidnumber: 965
++gidnumber: 965
++homeDirectory: /home/uid965
++
++dn: cn=user966,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user966
++sn: user966
++uid: uid966
++givenname: givenname966
++description: description966
++userPassword: password966
++mail: uid966
++uidnumber: 966
++gidnumber: 966
++homeDirectory: /home/uid966
++
++dn: cn=user967,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user967
++sn: user967
++uid: uid967
++givenname: givenname967
++description: description967
++userPassword: password967
++mail: uid967
++uidnumber: 967
++gidnumber: 967
++homeDirectory: /home/uid967
++
++dn: cn=user968,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user968
++sn: user968
++uid: uid968
++givenname: givenname968
++description: description968
++userPassword: password968
++mail: uid968
++uidnumber: 968
++gidnumber: 968
++homeDirectory: /home/uid968
++
++dn: cn=user969,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user969
++sn: user969
++uid: uid969
++givenname: givenname969
++description: description969
++userPassword: password969
++mail: uid969
++uidnumber: 969
++gidnumber: 969
++homeDirectory: /home/uid969
++
++dn: cn=user970,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user970
++sn: user970
++uid: uid970
++givenname: givenname970
++description: description970
++userPassword: password970
++mail: uid970
++uidnumber: 970
++gidnumber: 970
++homeDirectory: /home/uid970
++
++dn: cn=user971,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user971
++sn: user971
++uid: uid971
++givenname: givenname971
++description: description971
++userPassword: password971
++mail: uid971
++uidnumber: 971
++gidnumber: 971
++homeDirectory: /home/uid971
++
++dn: cn=user972,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user972
++sn: user972
++uid: uid972
++givenname: givenname972
++description: description972
++userPassword: password972
++mail: uid972
++uidnumber: 972
++gidnumber: 972
++homeDirectory: /home/uid972
++
++dn: cn=user973,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user973
++sn: user973
++uid: uid973
++givenname: givenname973
++description: description973
++userPassword: password973
++mail: uid973
++uidnumber: 973
++gidnumber: 973
++homeDirectory: /home/uid973
++
++dn: cn=user974,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user974
++sn: user974
++uid: uid974
++givenname: givenname974
++description: description974
++userPassword: password974
++mail: uid974
++uidnumber: 974
++gidnumber: 974
++homeDirectory: /home/uid974
++
++dn: cn=user975,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user975
++sn: user975
++uid: uid975
++givenname: givenname975
++description: description975
++userPassword: password975
++mail: uid975
++uidnumber: 975
++gidnumber: 975
++homeDirectory: /home/uid975
++
++dn: cn=user976,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user976
++sn: user976
++uid: uid976
++givenname: givenname976
++description: description976
++userPassword: password976
++mail: uid976
++uidnumber: 976
++gidnumber: 976
++homeDirectory: /home/uid976
++
++dn: cn=user977,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user977
++sn: user977
++uid: uid977
++givenname: givenname977
++description: description977
++userPassword: password977
++mail: uid977
++uidnumber: 977
++gidnumber: 977
++homeDirectory: /home/uid977
++
++dn: cn=user978,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user978
++sn: user978
++uid: uid978
++givenname: givenname978
++description: description978
++userPassword: password978
++mail: uid978
++uidnumber: 978
++gidnumber: 978
++homeDirectory: /home/uid978
++
++dn: cn=user979,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user979
++sn: user979
++uid: uid979
++givenname: givenname979
++description: description979
++userPassword: password979
++mail: uid979
++uidnumber: 979
++gidnumber: 979
++homeDirectory: /home/uid979
++
++dn: cn=user980,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user980
++sn: user980
++uid: uid980
++givenname: givenname980
++description: description980
++userPassword: password980
++mail: uid980
++uidnumber: 980
++gidnumber: 980
++homeDirectory: /home/uid980
++
++dn: cn=user981,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user981
++sn: user981
++uid: uid981
++givenname: givenname981
++description: description981
++userPassword: password981
++mail: uid981
++uidnumber: 981
++gidnumber: 981
++homeDirectory: /home/uid981
++
++dn: cn=user982,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user982
++sn: user982
++uid: uid982
++givenname: givenname982
++description: description982
++userPassword: password982
++mail: uid982
++uidnumber: 982
++gidnumber: 982
++homeDirectory: /home/uid982
++
++dn: cn=user983,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user983
++sn: user983
++uid: uid983
++givenname: givenname983
++description: description983
++userPassword: password983
++mail: uid983
++uidnumber: 983
++gidnumber: 983
++homeDirectory: /home/uid983
++
++dn: cn=user984,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user984
++sn: user984
++uid: uid984
++givenname: givenname984
++description: description984
++userPassword: password984
++mail: uid984
++uidnumber: 984
++gidnumber: 984
++homeDirectory: /home/uid984
++
++dn: cn=user985,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user985
++sn: user985
++uid: uid985
++givenname: givenname985
++description: description985
++userPassword: password985
++mail: uid985
++uidnumber: 985
++gidnumber: 985
++homeDirectory: /home/uid985
++
++dn: cn=user986,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user986
++sn: user986
++uid: uid986
++givenname: givenname986
++description: description986
++userPassword: password986
++mail: uid986
++uidnumber: 986
++gidnumber: 986
++homeDirectory: /home/uid986
++
++dn: cn=user987,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user987
++sn: user987
++uid: uid987
++givenname: givenname987
++description: description987
++userPassword: password987
++mail: uid987
++uidnumber: 987
++gidnumber: 987
++homeDirectory: /home/uid987
++
++dn: cn=user988,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user988
++sn: user988
++uid: uid988
++givenname: givenname988
++description: description988
++userPassword: password988
++mail: uid988
++uidnumber: 988
++gidnumber: 988
++homeDirectory: /home/uid988
++
++dn: cn=user989,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user989
++sn: user989
++uid: uid989
++givenname: givenname989
++description: description989
++userPassword: password989
++mail: uid989
++uidnumber: 989
++gidnumber: 989
++homeDirectory: /home/uid989
++
++dn: cn=user990,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user990
++sn: user990
++uid: uid990
++givenname: givenname990
++description: description990
++userPassword: password990
++mail: uid990
++uidnumber: 990
++gidnumber: 990
++homeDirectory: /home/uid990
++
++dn: cn=user991,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user991
++sn: user991
++uid: uid991
++givenname: givenname991
++description: description991
++userPassword: password991
++mail: uid991
++uidnumber: 991
++gidnumber: 991
++homeDirectory: /home/uid991
++
++dn: cn=user992,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user992
++sn: user992
++uid: uid992
++givenname: givenname992
++description: description992
++userPassword: password992
++mail: uid992
++uidnumber: 992
++gidnumber: 992
++homeDirectory: /home/uid992
++
++dn: cn=user993,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user993
++sn: user993
++uid: uid993
++givenname: givenname993
++description: description993
++userPassword: password993
++mail: uid993
++uidnumber: 993
++gidnumber: 993
++homeDirectory: /home/uid993
++
++dn: cn=user994,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user994
++sn: user994
++uid: uid994
++givenname: givenname994
++description: description994
++userPassword: password994
++mail: uid994
++uidnumber: 994
++gidnumber: 994
++homeDirectory: /home/uid994
++
++dn: cn=user995,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user995
++sn: user995
++uid: uid995
++givenname: givenname995
++description: description995
++userPassword: password995
++mail: uid995
++uidnumber: 995
++gidnumber: 995
++homeDirectory: /home/uid995
++
++dn: cn=user996,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user996
++sn: user996
++uid: uid996
++givenname: givenname996
++description: description996
++userPassword: password996
++mail: uid996
++uidnumber: 996
++gidnumber: 996
++homeDirectory: /home/uid996
++
++dn: cn=user997,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user997
++sn: user997
++uid: uid997
++givenname: givenname997
++description: description997
++userPassword: password997
++mail: uid997
++uidnumber: 997
++gidnumber: 997
++homeDirectory: /home/uid997
++
++dn: cn=user998,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user998
++sn: user998
++uid: uid998
++givenname: givenname998
++description: description998
++userPassword: password998
++mail: uid998
++uidnumber: 998
++gidnumber: 998
++homeDirectory: /home/uid998
++
++dn: cn=user999,ou=People,dc=example,dc=com
++objectClass: top
++objectClass: person
++objectClass: organizationalPerson
++objectClass: inetOrgPerson
++objectClass: posixAccount
++cn: user999
++sn: user999
++uid: uid999
++givenname: givenname999
++description: description999
++userPassword: password999
++mail: uid999
++uidnumber: 999
++gidnumber: 999
++homeDirectory: /home/uid999
++
+diff --git a/dirsrvtests/tickets/ticket48212_test.py b/dirsrvtests/tickets/ticket48212_test.py
+new file mode 100644
+index 0000000..c3c8c8f
+--- /dev/null
++++ b/dirsrvtests/tickets/ticket48212_test.py
+@@ -0,0 +1,210 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from ldap.controls import SimplePagedResultsControl
++
++log = logging.getLogger(__name__)
++
++installation_prefix = None
++
++MYSUFFIX = 'dc=example,dc=com'
++MYSUFFIXBE = 'userRoot'
++_MYLDIF = 'example1k_posix.ldif'
++UIDNUMBERDN = "cn=uidnumber,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config"
++
++class TopologyStandalone(object):
++ def __init__(self, standalone):
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ '''
++ This fixture is used to standalone topology for the 'module'.
++ '''
++ global installation_prefix
++
++ if installation_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation_prefix
++
++ standalone = DirSrv(verbose=False)
++
++ # Args for the standalone instance
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++
++ # Get the status of the instance and restart it if it exists
++ instance_standalone = standalone.exists()
++
++ # Remove the instance
++ if instance_standalone:
++ standalone.delete()
++
++ # Create the instance
++ standalone.create()
++
++ # Used to retrieve configuration information (dbdir, confdir...)
++ standalone.open()
++
++ # clear the tmp directory
++ standalone.clearTmpDir(__file__)
++
++ # Here we have standalone instance up and running
++ return TopologyStandalone(standalone)
++
++def runDbVerify(topology):
++ topology.standalone.log.info("\n\n +++++ dbverify +++++\n")
++ dbverifyCMD = topology.standalone.sroot + "/slapd-" + topology.standalone.inst + "/dbverify -V"
++ dbverifyOUT = os.popen(dbverifyCMD, "r")
++ topology.standalone.log.info("Running %s" % dbverifyCMD)
++ running = True
++ error = False
++ while running:
++ l = dbverifyOUT.readline()
++ if l == "":
++ running = False
++ elif "libdb:" in l:
++ running = False
++ error = True
++ topology.standalone.log.info("%s" % l)
++ elif "verify failed" in l:
++ error = True
++ running = False
++ topology.standalone.log.info("%s" % l)
++
++ if error:
++ topology.standalone.log.fatal("dbverify failed")
++ assert False
++ else:
++ topology.standalone.log.info("dbverify passed")
++
++def reindexUidNumber(topology):
++ topology.standalone.log.info("\n\n +++++ reindex uidnumber +++++\n")
++ indexCMD = topology.standalone.sroot + "/slapd-" + topology.standalone.inst + "/db2index.pl -D \"" + DN_DM + "\" -w \"" + PASSWORD + "\" -n " + MYSUFFIXBE + " -t uidnumber"
++
++ indexOUT = os.popen(indexCMD, "r")
++ topology.standalone.log.info("Running %s" % indexCMD)
++
++ time.sleep(10)
++
++ tailCMD = "tail -n 3 " + topology.standalone.errlog
++ tailOUT = os.popen(tailCMD, "r")
++ running = True
++ done = False
++ while running:
++ l = tailOUT.readline()
++ if l == "":
++ running = False
++ elif "Finished indexing" in l:
++ running = False
++ done = True
++ topology.standalone.log.info("%s" % l)
++
++ if done:
++ topology.standalone.log.info("%s done" % indexCMD)
++ else:
++ topology.standalone.log.fatal("%s did not finish" % indexCMD)
++ assert False
++
++def test_ticket48212_run(topology):
++ """
++ Import posixAccount entries.
++ Index uidNumber
++ add nsMatchingRule: integerOrderingMatch
++ run dbverify to see if it reports the db corruption or not
++ delete nsMatchingRule: integerOrderingMatch
++ run dbverify to see if it reports the db corruption or not
++ if no corruption is reported, the bug fix was verified.
++ """
++ log.info('Testing Ticket 48212 - Dynamic nsMatchingRule changes had no effect on the attrinfo thus following reindexing, as well.')
++
++ # bind as directory manager
++ topology.standalone.log.info("Bind as %s" % DN_DM)
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++
++ data_dir_path = topology.standalone.getDir(__file__, DATA_DIR)
++ ldif_file = data_dir_path + "ticket48212/" + _MYLDIF
++ topology.standalone.log.info("\n\n######################### Import Test data (%s) ######################\n" % ldif_file)
++ args = {TASK_WAIT: True}
++ importTask = Tasks(topology.standalone)
++ importTask.importLDIF(MYSUFFIX, MYSUFFIXBE, ldif_file, args)
++ args = {TASK_WAIT: True}
++
++ runDbVerify(topology)
++
++ topology.standalone.log.info("\n\n######################### Add index by uidnumber ######################\n")
++ try:
++ topology.standalone.add_s(Entry((UIDNUMBERDN, {'objectclass': "top nsIndex".split(),
++ 'cn': 'uidnumber',
++ 'nsSystemIndex': 'false',
++ 'nsIndexType': "pres eq".split()})))
++ except ValueError:
++ topology.standalone.log.fatal("add_s failed: %s", ValueError)
++
++ topology.standalone.log.info("\n\n######################### reindexing... ######################\n")
++ reindexUidNumber(topology)
++
++ runDbVerify(topology)
++
++ topology.standalone.log.info("\n\n######################### Add nsMatchingRule ######################\n")
++ try:
++ topology.standalone.modify_s(UIDNUMBERDN, [(ldap.MOD_ADD, 'nsMatchingRule', 'integerOrderingMatch')])
++ except ValueError:
++ topology.standalone.log.fatal("modify_s failed: %s", ValueError)
++
++ topology.standalone.log.info("\n\n######################### reindexing... ######################\n")
++ reindexUidNumber(topology)
++
++ runDbVerify(topology)
++
++ topology.standalone.log.info("\n\n######################### Delete nsMatchingRule ######################\n")
++ try:
++ topology.standalone.modify_s(UIDNUMBERDN, [(ldap.MOD_DELETE, 'nsMatchingRule', 'integerOrderingMatch')])
++ except ValueError:
++ topology.standalone.log.fatal("modify_s failed: %s", ValueError)
++
++ reindexUidNumber(topology)
++
++ runDbVerify(topology)
++
++ topology.standalone.log.info("ticket48212 was successfully verified.")
++
++
++def test_ticket48212_final(topology):
++ topology.standalone.delete()
++ log.info('Testcase PASSED')
++
++
++def run_isolated():
++ '''
++ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
++ To run isolated without py.test, you need to
++ - edit this file and comment '@pytest.fixture' line before 'topology' function.
++ - set the installation prefix
++ - run this program
++ '''
++ global installation_prefix
++ installation_prefix = None
++
++ topo = topology(True)
++ test_ticket48212_run(topo)
++
++ test_ticket48212_final(topo)
++
++
++if __name__ == '__main__':
++ run_isolated()
++
+--
+1.9.3
+
diff --git a/SOURCES/0005-Ticket-47838-47895-CI-test-add-test-cases-for-ticket.patch b/SOURCES/0005-Ticket-47838-47895-CI-test-add-test-cases-for-ticket.patch
deleted file mode 100644
index ad744c2..0000000
--- a/SOURCES/0005-Ticket-47838-47895-CI-test-add-test-cases-for-ticket.patch
+++ /dev/null
@@ -1,494 +0,0 @@
-From d15c48e4041d3d7ccde3e791c9ee517af42b7447 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 10 Sep 2014 18:48:07 -0700
-Subject: [PATCH 5/7] Ticket 47838,47895 - CI test: add test cases for ticket
- 47838 and 47895
-
-Description:
-Ticket #47838: harden the list of ciphers available by default
-Adding test cases for default behaviour change of allowWeakCipher.
-
-Ticket #47895 - If no effective ciphers are available, disable security setting.
-Test case for "Even if no cipher is available, the server starts
-without SSL" is added.
-
-https://fedorahosted.org/389/ticket/47838
-(cherry picked from commit 4fb1a04ceb9631680a9bcff844250afb4b6e5b7d)
-(cherry picked from commit 3877981d63fb82716b60cd1294008b2d272197c9)
----
- dirsrvtests/tickets/ticket47838_test.py | 221 +++++++++++++++++++++++---------
- 1 file changed, 163 insertions(+), 58 deletions(-)
-
-diff --git a/dirsrvtests/tickets/ticket47838_test.py b/dirsrvtests/tickets/ticket47838_test.py
-index dedd61d..0e406f3 100644
---- a/dirsrvtests/tickets/ticket47838_test.py
-+++ b/dirsrvtests/tickets/ticket47838_test.py
-@@ -201,6 +201,7 @@ def test_ticket47838_init(topology):
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'on'),
- (ldap.MOD_REPLACE, 'nsSSLClientAuth', 'allowed'),
-+ (ldap.MOD_REPLACE, 'allowWeakCipher', 'on'),
- (ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all')])
-
- topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-security', 'on'),
-@@ -217,6 +218,7 @@ def test_ticket47838_run_0(topology):
- """
- Check nsSSL3Ciphers: +all
- All ciphers are enabled except null.
-+ Note: allowWeakCipher: on
- """
- _header(topology, 'Test Case 1 - Check the ciphers availability for "+all"')
-
-@@ -226,42 +228,78 @@ def test_ticket47838_run_0(topology):
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.restart(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
- log.info("Enabled ciphers: %d" % ecount)
- log.info("Disabled ciphers: %d" % dcount)
-- assert ecount >= 60
-- assert dcount <= 7
-+ assert ecount >= 31
-+ assert dcount <= 36
- global plus_all_ecount
- global plus_all_dcount
- plus_all_ecount = ecount
- plus_all_dcount = dcount
-- weak = os.popen('egrep "SSL alert:" %s | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
-+ weak = os.popen('egrep "SSL alert:" %s | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
- wcount = int(weak.readline().rstrip())
- log.info("Weak ciphers: %d" % wcount)
- assert wcount <= 29
-
- def test_ticket47838_run_1(topology):
- """
-+ Check nsSSL3Ciphers: +all
-+ All ciphers are enabled except null.
-+ Note: allowWeakCipher: off for +all
-+ """
-+ _header(topology, 'Test Case 2 - Check the ciphers availability for "+all" with not allowing WeakCiphers')
-+
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '64')])
-+ # Make sure allowWeakCipher is not set.
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'allowWeakCipher', None)])
-+
-+ log.info("\n######################### Restarting the server ######################\n")
-+ log.info("\n######################### Restarting the server ######################\n")
-+ topology.standalone.stop(timeout=10)
-+ os.system('mv %s %s.47838_0' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('touch %s' % (topology.standalone.errlog))
-+ topology.standalone.start(timeout=120)
-+
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
-+ ecount = int(enabled.readline().rstrip())
-+ dcount = int(disabled.readline().rstrip())
-+
-+ log.info("Enabled ciphers: %d" % ecount)
-+ log.info("Disabled ciphers: %d" % dcount)
-+ assert ecount >= 31
-+ assert dcount <= 36
-+ weak = os.popen('egrep "SSL alert:" %s | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
-+ wcount = int(weak.readline().rstrip())
-+ log.info("Weak ciphers: %d" % wcount)
-+ assert wcount <= 29
-+
-+def test_ticket47838_run_2(topology):
-+ """
- Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha
- rsa_aes_128_sha, tls_rsa_aes_128_sha, rsa_aes_256_sha, tls_rsa_aes_256_sha are enabled.
- """
-- _header(topology, 'Test Case 2 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha"')
-+ _header(topology, 'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha"')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ #topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+rsa_aes_128_sha,+rsa_aes_256_sha'),
-+ # (ldap.MOD_REPLACE, 'allowWeakCipher', 'on')])
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+rsa_aes_128_sha,+rsa_aes_256_sha')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_0' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_1' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-@@ -272,24 +310,24 @@ def test_ticket47838_run_1(topology):
- assert ecount == 2
- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)
-
--def test_ticket47838_run_2(topology):
-+def test_ticket47838_run_3(topology):
- """
- Check nsSSL3Ciphers: -all
- All ciphers are disabled.
- """
-- _header(topology, 'Test Case 3 - Check the ciphers availability for "-all"')
-+ _header(topology, 'Test Case 4 - Check the ciphers availability for "-all"')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '-all')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_1' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_2' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-@@ -300,24 +338,24 @@ def test_ticket47838_run_2(topology):
- assert ecount == 0
- assert dcount == (plus_all_ecount + plus_all_dcount)
-
--def test_ticket47838_run_3(topology):
-+def test_ticket47838_run_4(topology):
- """
- Check no nsSSL3Ciphers
- Default ciphers are enabled.
- """
-- _header(topology, 'Test Case 4 - Check no nssSSL3Chiphers (default setting)')
-+ _header(topology, 'Test Case 5 - Check no nssSSL3Chiphers (default setting)')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', '-all')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_2' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_3' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-@@ -327,29 +365,29 @@ def test_ticket47838_run_3(topology):
- global plus_all_dcount
- assert ecount == 12
- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)
-- weak = os.popen('egrep "SSL alert:" %s | egrep enabled | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
-+ weak = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
- wcount = int(weak.readline().rstrip())
- log.info("Weak ciphers in the default setting: %d" % wcount)
- assert wcount == 0
-
--def test_ticket47838_run_4(topology):
-+def test_ticket47838_run_5(topology):
- """
- Check nsSSL3Ciphers: default
- Default ciphers are enabled.
- """
-- _header(topology, 'Test Case 5 - Check default nssSSL3Chiphers (default setting)')
-+ _header(topology, 'Test Case 6 - Check default nssSSL3Chiphers (default setting)')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', 'default')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_3' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_4' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-@@ -359,29 +397,29 @@ def test_ticket47838_run_4(topology):
- global plus_all_dcount
- assert ecount == 12
- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)
-- weak = os.popen('egrep "SSL alert:" %s | egrep enabled | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
-+ weak = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
- wcount = int(weak.readline().rstrip())
- log.info("Weak ciphers in the default setting: %d" % wcount)
- assert wcount == 0
-
--def test_ticket47838_run_5(topology):
-+def test_ticket47838_run_6(topology):
- """
- Check nssSSL3Chiphers: +all,-rsa_rc4_128_md5
- All ciphers are disabled.
- """
-- _header(topology, 'Test Case 6 - Check nssSSL3Chiphers: +all,-rsa_rc4_128_md5')
-+ _header(topology, 'Test Case 7 - Check nssSSL3Chiphers: +all,-tls_dhe_rsa_aes_128_gcm_sha')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-rsa_rc4_128_md5')])
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-tls_dhe_rsa_aes_128_gcm_sha')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_4' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_5' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-@@ -389,27 +427,29 @@ def test_ticket47838_run_5(topology):
- log.info("Disabled ciphers: %d" % dcount)
- global plus_all_ecount
- global plus_all_dcount
-+ log.info("ALL Ecount: %d" % plus_all_ecount)
-+ log.info("ALL Dcount: %d" % plus_all_dcount)
- assert ecount == (plus_all_ecount - 1)
- assert dcount == (plus_all_dcount + 1)
-
--def test_ticket47838_run_6(topology):
-+def test_ticket47838_run_7(topology):
- """
- Check nssSSL3Chiphers: -all,+rsa_rc4_128_md5
- All ciphers are disabled.
- """
-- _header(topology, 'Test Case 7 - Check nssSSL3Chiphers: -all,+rsa_rc4_128_md5')
-+ _header(topology, 'Test Case 8 - Check nssSSL3Chiphers: -all,+rsa_rc4_128_md5')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '-all,+rsa_rc4_128_md5')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_5' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_6' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-@@ -420,25 +460,59 @@ def test_ticket47838_run_6(topology):
- assert ecount == 1
- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)
-
--def test_ticket47838_run_7(topology):
-+def test_ticket47838_run_8(topology):
-+ """
-+ Check nsSSL3Ciphers: default + allowWeakCipher: off
-+ Strong Default ciphers are enabled.
-+ """
-+ _header(topology, 'Test Case 9 - Check default nssSSL3Chiphers (default setting + allowWeakCipher: off)')
-+
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', 'default'),
-+ (ldap.MOD_REPLACE, 'allowWeakCipher', 'off')])
-+
-+ log.info("\n######################### Restarting the server ######################\n")
-+ topology.standalone.stop(timeout=10)
-+ os.system('mv %s %s.47838_7' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('touch %s' % (topology.standalone.errlog))
-+ topology.standalone.start(timeout=120)
-+
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
-+ ecount = int(enabled.readline().rstrip())
-+ dcount = int(disabled.readline().rstrip())
-+
-+ log.info("Enabled ciphers: %d" % ecount)
-+ log.info("Disabled ciphers: %d" % dcount)
-+ global plus_all_ecount
-+ global plus_all_dcount
-+ assert ecount == 12
-+ assert dcount == (plus_all_ecount + plus_all_dcount - ecount)
-+ weak = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
-+ wcount = int(weak.readline().rstrip())
-+ log.info("Weak ciphers in the default setting: %d" % wcount)
-+ assert wcount == 0
-+
-+def test_ticket47838_run_9(topology):
- """
- Check no nsSSL3Ciphers
- Default ciphers are enabled.
- """
-- _header(topology, 'Test Case 8 - Check no nssSSL3Chiphers (default setting) with no errorlog-level')
-+ _header(topology, 'Test Case 10 - Check no nssSSL3Chiphers (default setting) with no errorlog-level')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', None)])
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', None),
-+ (ldap.MOD_REPLACE, 'allowWeakCipher', 'on')])
- topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_6' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_8' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-@@ -446,12 +520,12 @@ def test_ticket47838_run_7(topology):
- log.info("Disabled ciphers: %d" % dcount)
- assert ecount == 12
- assert dcount == 0
-- weak = os.popen('egrep "SSL alert:" %s | egrep enabled | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
-+ weak = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
- wcount = int(weak.readline().rstrip())
- log.info("Weak ciphers in the default setting: %d" % wcount)
- assert wcount == 0
-
--def test_ticket47838_run_8(topology):
-+def test_ticket47838_run_10(topology):
- """
- Check nssSSL3Chiphers: -TLS_RSA_WITH_NULL_MD5,+TLS_RSA_WITH_RC4_128_MD5,
- +TLS_RSA_EXPORT_WITH_RC4_40_MD5,+TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
-@@ -462,7 +536,7 @@ def test_ticket47838_run_8(topology):
- -SSL_CK_RC2_128_CBC_WITH_MD5,-SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
- -SSL_CK_DES_64_CBC_WITH_MD5,-SSL_CK_DES_192_EDE3_CBC_WITH_MD5
- """
-- _header(topology, 'Test Case 9 - Check nssSSL3Chiphers: long list using the NSS Cipher Suite name')
-+ _header(topology, 'Test Case 11 - Check nssSSL3Chiphers: long list using the NSS Cipher Suite name')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers',
-@@ -470,12 +544,12 @@ def test_ticket47838_run_8(topology):
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_7' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_9' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- enabled = os.popen('egrep "SSL alert:" %s | egrep enabled | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep disabled | wc -l' % topology.standalone.errlog)
-+ enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-+ disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-@@ -485,32 +559,56 @@ def test_ticket47838_run_8(topology):
- global plus_all_dcount
- assert ecount == 9
- assert dcount == 0
-- weak = os.popen('egrep "SSL alert:" %s | egrep enabled | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
-+ weak = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
- wcount = int(weak.readline().rstrip())
- log.info("Weak ciphers in the default setting: %d" % wcount)
-
--def test_ticket47838_run_9(topology):
-+ topology.standalone.log.info("ticket47838 was successfully verified.");
-+
-+def test_ticket47838_run_11(topology):
-+ """
-+ Check nssSSL3Chiphers: +fortezza
-+ SSL_GetImplementedCiphers does not return this as a secuire cipher suite
-+ """
-+ _header(topology, 'Test Case 12 - Check nssSSL3Chiphers: +fortezza, which is not supported')
-+
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+fortezza')])
-+
-+ log.info("\n######################### Restarting the server ######################\n")
-+ topology.standalone.stop(timeout=10)
-+ os.system('mv %s %s.47838_10' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('touch %s' % (topology.standalone.errlog))
-+ topology.standalone.start(timeout=120)
-+
-+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "is not available in NSS"' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected error message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected error message was not found")
-+ assert False
-+
-+def test_ticket47838_run_last(topology):
- """
-- NOTE: Currently, this test case is commented out since if the server fails to start,
-- it repeatedly restarted.
- Check nssSSL3Chiphers: all <== invalid value
- All ciphers are disabled.
- """
-- _header(topology, 'Test Case 10 - Check nssSSL3Chiphers: all, which is invalid')
-+ _header(topology, 'Test Case 13 - Check nssSSL3Chiphers: all, which is invalid')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', 'all')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_7' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_10' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-- errmsg = os.popen('egrep "SSL alert:" %s | egrep "invalid ciphers"' % topology.standalone.errlog)
-+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "invalid ciphers"' % topology.standalone.errlog)
- if errmsg != "":
- log.info("Expected error message:")
-- log.info("%s" % errmsg)
-+ log.info("%s" % errmsg.readline())
- else:
- log.info("Expected error message was not found")
- assert False
-@@ -519,6 +617,9 @@ def test_ticket47838_run_9(topology):
-
- def test_ticket47838_final(topology):
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', 'default'),
-+ (ldap.MOD_REPLACE, 'allowWeakCipher', 'on')])
- topology.standalone.stop(timeout=10)
-
- def run_isolated():
-@@ -544,7 +645,11 @@ def run_isolated():
- test_ticket47838_run_6(topo)
- test_ticket47838_run_7(topo)
- test_ticket47838_run_8(topo)
-- # test_ticket47838_run_9(topo)
-+ test_ticket47838_run_9(topo)
-+ test_ticket47838_run_10(topo)
-+ test_ticket47838_run_11(topo)
-+
-+ test_ticket47838_run_last(topo)
-
- test_ticket47838_final(topo)
-
---
-1.9.3
-
diff --git a/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch b/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
new file mode 100644
index 0000000..b40bdc3
--- /dev/null
+++ b/SOURCES/0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
@@ -0,0 +1,65 @@
+From e37431f50e8d4bfc7015d9a00b58a9b9e77f1c79 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 2 Jul 2015 16:44:09 -0700
+Subject: [PATCH 5/7] Ticket #48214 - ldapsearch on nsslapd-maxbersize returns
+ 0 instead of current value
+
+Description: If nsslapd-maxbersize is not explicitely set in cn=config
+or the value is 0, the default value is assigned. Internally, it was.
+But ldapsearch did not return the default value.
+
+https://fedorahosted.org/389/ticket/48214
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!)
+
+(cherry picked from commit 7d0689aaadfa66a8f8a481b0c1bb70b2465c4986)
+(cherry picked from commit b83c2554fad0bb2a08055c5105bcfa4c9d44af8f)
+---
+ ldap/servers/slapd/libglobs.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
+index 24de4f3..a3c4243 100644
+--- a/ldap/servers/slapd/libglobs.c
++++ b/ldap/servers/slapd/libglobs.c
+@@ -821,7 +821,7 @@ static struct config_get_and_set {
+ {CONFIG_MAXBERSIZE_ATTRIBUTE, config_set_maxbersize,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.maxbersize,
+- CONFIG_INT, NULL, DEFAULT_MAX_BERSIZE},
++ CONFIG_INT, NULL, STRINGIFYDEFINE(DEFAULT_MAXBERSIZE)},
+ {CONFIG_MAXSASLIOSIZE_ATTRIBUTE, config_set_maxsasliosize,
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.maxsasliosize,
+@@ -1540,6 +1540,7 @@ FrontendConfig_init () {
+ init_cn_uses_dn_syntax_in_dns = cfg->cn_uses_dn_syntax_in_dns = LDAP_OFF;
+ init_global_backend_local = LDAP_OFF;
+ cfg->maxsimplepaged_per_conn = DEFAULT_MAXSIMPLEPAGED_PER_CONN;
++ cfg->maxbersize = DEFAULT_MAXBERSIZE;
+ #ifdef ENABLE_NUNC_STANS
+ init_enable_nunc_stans = cfg->enable_nunc_stans = LDAP_OFF;
+ #endif
+@@ -5713,6 +5714,9 @@ config_set_maxbersize( const char *attrname, char *value, char *errorbuf, int ap
+ return retVal;
+ }
+
++ if (size == 0) {
++ size = DEFAULT_MAXBERSIZE;
++ }
+ CFG_LOCK_WRITE(slapdFrontendConfig);
+
+ slapdFrontendConfig->maxbersize = size;
+@@ -5728,8 +5732,9 @@ config_get_maxbersize()
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ maxbersize = slapdFrontendConfig->maxbersize;
+- if(maxbersize==0)
++ if (maxbersize == 0) {
+ maxbersize = DEFAULT_MAXBERSIZE;
++ }
+
+ return maxbersize;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0006-Ticket-47895-If-no-effective-ciphers-are-available-d.patch b/SOURCES/0006-Ticket-47895-If-no-effective-ciphers-are-available-d.patch
deleted file mode 100644
index 06cfdd1..0000000
--- a/SOURCES/0006-Ticket-47895-If-no-effective-ciphers-are-available-d.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From dd2dc9218ec91589f03c89f4f38fe2927bf5e3ab Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 10 Sep 2014 18:56:43 -0700
-Subject: [PATCH 6/7] Ticket #47895 - If no effective ciphers are available,
- disable security setting.
-
-Description: If nsslapd-security is "on" and nsSSL3Ciphers is given
-AND none of the ciphers are available or some syntax error is detected,
-the server sets nsslapd-security "off" and starts up.
-
-https://fedorahosted.org/389/ticket/47895
-
-Reviewed by nkinder@redhat.com (Thank you, Nathan!!)
-
-(cherry picked from commit 0f1a203a0fe85f3cf0440006685f63409502f093)
-(cherry picked from commit cad5b96507caf9e08a12285c52d0353f8e6dcc3b)
----
- ldap/servers/slapd/main.c | 42 ++++++++++++++++++++++++++++++------------
- 1 file changed, 30 insertions(+), 12 deletions(-)
-
-diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
-index d577514..6bad2a0 100644
---- a/ldap/servers/slapd/main.c
-+++ b/ldap/servers/slapd/main.c
-@@ -3077,6 +3077,24 @@ slapd_debug_level_usage( void )
- }
- #endif /* LDAP_DEBUG */
-
-+static int
-+force_to_disable_security(const char *what, int *init_ssl, daemon_ports_t *ports_info)
-+{
-+ char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
-+ errorbuf[0] = '\0';
-+
-+ LDAPDebug2Args(LDAP_DEBUG_ANY, "ERROR: %s Initialization Failed. Disabling %s.\n", what, what);
-+ ports_info->s_socket = SLAPD_INVALID_SOCKET;
-+ ports_info->s_port = 0;
-+ *init_ssl = 0;
-+ if (config_set_security(CONFIG_SECURITY_ATTRIBUTE, "off", errorbuf, 1)) {
-+ LDAPDebug2Args(LDAP_DEBUG_ANY, "ERROR: Failed to disable %s: \"%s\".\n",
-+ CONFIG_SECURITY_ATTRIBUTE, errorbuf[0]?errorbuf:"no error message");
-+ return 1;
-+ }
-+ return 0;
-+}
-+
- /*
- This function does all NSS and SSL related initialization
- required during startup. We use this function rather
-@@ -3113,20 +3131,20 @@ slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt,
- * modules can assume NSS is available
- */
- if ( slapd_nss_init((slapd_exemode == SLAPD_EXEMODE_SLAPD),
-- (slapd_exemode != SLAPD_EXEMODE_REFERRAL) /* have config? */ )) {
-- LDAPDebug(LDAP_DEBUG_ANY,
-- "ERROR: NSS Initialization Failed.\n", 0, 0, 0);
-- return 1;
-+ (slapd_exemode != SLAPD_EXEMODE_REFERRAL) /* have config? */ )) {
-+ if (force_to_disable_security("NSS", &init_ssl, ports_info)) {
-+ return 1;
-+ }
- }
-
- if (slapd_exemode == SLAPD_EXEMODE_SLAPD) {
- client_auth_init();
- }
-
-- if ( init_ssl && ( 0 != slapd_ssl_init())) {
-- LDAPDebug(LDAP_DEBUG_ANY,
-- "ERROR: SSL Initialization Failed.\n", 0, 0, 0 );
-- return 1;
-+ if (init_ssl && slapd_ssl_init()) {
-+ if (force_to_disable_security("SSL", &init_ssl, ports_info)) {
-+ return 1;
-+ }
- }
-
- if ((slapd_exemode == SLAPD_EXEMODE_SLAPD) ||
-@@ -3134,10 +3152,10 @@ slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt,
- if ( init_ssl ) {
- PRFileDesc **sock;
- for (sock = ports_info->s_socket; sock && *sock; sock++) {
-- if ( 0 != slapd_ssl_init2(sock, 0) ) {
-- LDAPDebug(LDAP_DEBUG_ANY,
-- "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 );
-- return 1;
-+ if ( slapd_ssl_init2(sock, 0) ) {
-+ if (force_to_disable_security("SSL2", &init_ssl, ports_info)) {
-+ return 1;
-+ }
- }
- }
- }
---
-1.9.3
-
diff --git a/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
new file mode 100644
index 0000000..a90e65d
--- /dev/null
+++ b/SOURCES/0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
@@ -0,0 +1,197 @@
+From b36cdf27f313bba70f03b687ceef5bb5b3edd78b Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 2 Jul 2015 16:07:14 -0700
+Subject: [PATCH 6/7] Ticket #48214 - CI test: added test cases for ticket
+ 48213
+
+Description: ldapsearch on nsslapd-maxbersize returns 0 instead of
+ current value
+
+https://fedorahosted.org/389/ticket/48214
+(cherry picked from commit b7b663c0e20c2f9bf8885bd7633570dc8d34f394)
+(cherry picked from commit 7c73adc28c8877eb3b0d30a91f7fa8a964fb3fd2)
+---
+ dirsrvtests/tickets/ticket48214_test.py | 171 ++++++++++++++++++++++++++++++++
+ 1 file changed, 171 insertions(+)
+ create mode 100644 dirsrvtests/tickets/ticket48214_test.py
+
+diff --git a/dirsrvtests/tickets/ticket48214_test.py b/dirsrvtests/tickets/ticket48214_test.py
+new file mode 100644
+index 0000000..afbef22
+--- /dev/null
++++ b/dirsrvtests/tickets/ticket48214_test.py
+@@ -0,0 +1,171 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from ldap.controls import SimplePagedResultsControl
++
++log = logging.getLogger(__name__)
++
++installation_prefix = None
++
++MYSUFFIX = 'dc=example,dc=com'
++MYSUFFIXBE = 'userRoot'
++
++class TopologyStandalone(object):
++ def __init__(self, standalone):
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ '''
++ This fixture is used to standalone topology for the 'module'.
++ '''
++ global installation_prefix
++
++ if installation_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation_prefix
++
++ standalone = DirSrv(verbose=False)
++
++ # Args for the standalone instance
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++
++ # Get the status of the instance and restart it if it exists
++ instance_standalone = standalone.exists()
++
++ # Remove the instance
++ if instance_standalone:
++ standalone.delete()
++
++ # Create the instance
++ standalone.create()
++
++ # Used to retrieve configuration information (dbdir, confdir...)
++ standalone.open()
++
++ # clear the tmp directory
++ standalone.clearTmpDir(__file__)
++
++ # Here we have standalone instance up and running
++ return TopologyStandalone(standalone)
++
++def getMaxBerSizeFromDseLdif(topology):
++ topology.standalone.log.info(" +++++ Get maxbersize from dse.ldif +++++\n")
++ dse_ldif = topology.standalone.confdir + '/dse.ldif'
++ grepMaxBerCMD = "egrep nsslapd-maxbersize " + dse_ldif
++ topology.standalone.log.info(" Run CMD: %s\n" % grepMaxBerCMD)
++ grepMaxBerOUT = os.popen(grepMaxBerCMD, "r")
++ running = True
++ maxbersize = -1
++ while running:
++ l = grepMaxBerOUT.readline()
++ if l == "":
++ topology.standalone.log.info(" Empty: %s\n" % l)
++ running = False
++ elif "nsslapd-maxbersize:" in l.lower():
++ running = False
++ fields = l.split()
++ if len(fields) >= 2:
++ maxbersize = fields[1]
++ topology.standalone.log.info(" Right format - %s %s\n" % (fields[0], fields[1]))
++ else:
++ topology.standalone.log.info(" Wrong format - %s\n" % l)
++ else:
++ topology.standalone.log.info(" Else?: %s\n" % l)
++ return maxbersize
++
++def checkMaxBerSize(topology):
++ topology.standalone.log.info(" +++++ Check Max Ber Size +++++\n")
++ maxbersizestr = getMaxBerSizeFromDseLdif(topology)
++ maxbersize = int(maxbersizestr)
++ isdefault = True
++ defaultvalue = 2097152
++ if maxbersize < 0:
++ topology.standalone.log.info(" No nsslapd-maxbersize found in dse.ldif\n")
++ elif maxbersize == 0:
++ topology.standalone.log.info(" nsslapd-maxbersize: %d\n" % maxbersize)
++ else:
++ isdefault = False
++ topology.standalone.log.info(" nsslapd-maxbersize: %d\n" % maxbersize)
++
++ try:
++ entry = topology.standalone.search_s('cn=config', ldap.SCOPE_BASE,
++ "(cn=*)",
++ ['nsslapd-maxbersize'])
++ if entry:
++ searchedsize = entry[0].getValue('nsslapd-maxbersize')
++ topology.standalone.log.info(" ldapsearch returned nsslapd-maxbersize: %s\n" % searchedsize)
++ else:
++ topology.standalone.log.fatal('ERROR: cn=config is not found?')
++ assert False
++ except ldap.LDAPError, e:
++ topology.standalone.log.error('ERROR: Failed to search for user entry: ' + e.message['desc'])
++ assert False
++
++ if isdefault:
++ topology.standalone.log.info(" Checking %d vs %d\n" % (int(searchedsize), defaultvalue))
++ assert int(searchedsize) == defaultvalue
++
++
++def test_ticket48214_run(topology):
++ """
++ Check ldapsearch returns the correct maxbersize when it is not explicitly set.
++ """
++ log.info('Testing Ticket 48214 - ldapsearch on nsslapd-maxbersize returns 0 instead of current value')
++
++ # bind as directory manager
++ topology.standalone.log.info("Bind as %s" % DN_DM)
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++ topology.standalone.log.info("\n\n######################### Out of Box ######################\n")
++ checkMaxBerSize(topology)
++
++ topology.standalone.log.info("\n\n######################### Add nsslapd-maxbersize: 0 ######################\n")
++ topology.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-maxbersize', '0')])
++ checkMaxBerSize(topology)
++
++ topology.standalone.log.info("\n\n######################### Add nsslapd-maxbersize: 10000 ######################\n")
++ topology.standalone.modify_s('cn=config', [(ldap.MOD_REPLACE, 'nsslapd-maxbersize', '10000')])
++ checkMaxBerSize(topology)
++
++ topology.standalone.log.info("ticket48214 was successfully verified.")
++
++
++def test_ticket48214_final(topology):
++ topology.standalone.delete()
++ log.info('Testcase PASSED')
++
++
++def run_isolated():
++ '''
++ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
++ To run isolated without py.test, you need to
++ - edit this file and comment '@pytest.fixture' line before 'topology' function.
++ - set the installation prefix
++ - run this program
++ '''
++ global installation_prefix
++ installation_prefix = None
++
++ topo = topology(True)
++ test_ticket48214_run(topo)
++
++ test_ticket48214_final(topo)
++
++
++if __name__ == '__main__':
++ run_isolated()
++
+--
+1.9.3
+
diff --git a/SOURCES/0007-Ticket-47889-DS-crashed-during-ipa-server-install-on.patch b/SOURCES/0007-Ticket-47889-DS-crashed-during-ipa-server-install-on.patch
deleted file mode 100644
index a5c5bb4..0000000
--- a/SOURCES/0007-Ticket-47889-DS-crashed-during-ipa-server-install-on.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From ea4b10991ea02274cd4861a123494917c3f2e8d5 Mon Sep 17 00:00:00 2001
-From: "Thierry bordaz (tbordaz)" <tbordaz@redhat.com>
-Date: Thu, 11 Sep 2014 09:47:29 +0200
-Subject: [PATCH 7/7] Ticket 47889 - DS crashed during ipa-server-install on
- test_ava_filter
-
-Bug Description:
- During a MOD the target entry is duplicated and mods are applied
- on the duplicated entry that is set in the pblock (SLAPI_MODIFY_EXISTING_ENTRY).
- In case of transient DB error, ldbm_back_modify retries.
- But when retrying the duplicated entry will be freed and needs to be duplicated again.
- The new duplicated entry needs to be set in the pblock.
- https://fedorahosted.org/389/ticket/47834 erronously skip the setting of SLAPI_MODIFY_EXISTING_ENTRY
-
-Fix Description:
- Set SLAPI_MODIFY_EXISTING_ENTRY during mod/retry
-
-https://fedorahosted.org/389/ticket/47889
-
-Reviewed by: ?
-
-Platforms tested: F20
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 3b5f3fa1b82cde2bda1104cf758acb64f6484009)
-(cherry picked from commit 0363fa49265c0c27d510064cea361eb400802548)
----
- ldap/servers/slapd/back-ldbm/ldbm_modify.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-index 254ef29..529bd32 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-@@ -529,6 +529,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
- CACHE_REMOVE(&inst->inst_cache, ec);
- }
- CACHE_RETURN(&inst->inst_cache, &ec);
-+ slapi_pblock_set( pb, SLAPI_MODIFY_EXISTING_ENTRY, original_entry->ep_entry );
- ec = original_entry;
- original_entry = tmpentry;
- tmpentry = NULL;
---
-1.9.3
-
diff --git a/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
new file mode 100644
index 0000000..22f39e0
--- /dev/null
+++ b/SOURCES/0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
@@ -0,0 +1,146 @@
+From 7b17c488de280f29264920b4e53dce862ed5b7e4 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 6 Jul 2015 14:06:11 -0700
+Subject: [PATCH 7/7] Ticket #48192 - Individual abandoned simple paged results
+ request has no chance to be cleaned up
+
+Description: There was a small window that the search on the next page
+after the previous page abandoned referred the cleaned up simple paged
+object.
+
+This patch introduces a pagedresults_is_abandoned helper function to
+check the simple paged results was abandoned or not with some improvements
+based upon the comments by rmeggins@redhat.com (Thank you!!):
+1) adding locking when getting a simplepaged object in pagedresults_is_
+ abandoned_or_notavailable as well as in pagedresults_{un}lock.
+2) sending "Simple Paged Results Search abandoned" if the previous page
+ with the same cookie in the same connection was abandoned.
+
+https://fedorahosted.org/389/ticket/48192
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit e4d83c91fc88fcf9e6c823c608c629ac10e362f8)
+(cherry picked from commit b513a502250f93cfb43df000c2140b27c4ef0d39)
+---
+ ldap/servers/slapd/opshared.c | 22 ++++++++++++++++------
+ ldap/servers/slapd/pagedresults.c | 24 +++++++++++++++++++++++-
+ ldap/servers/slapd/proto-slap.h | 1 +
+ 3 files changed, 40 insertions(+), 7 deletions(-)
+
+diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
+index 177daa6..dcdbb04 100644
+--- a/ldap/servers/slapd/opshared.c
++++ b/ldap/servers/slapd/opshared.c
+@@ -677,12 +677,20 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
+ */
+ pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
+ if (pr_search_result) {
+- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
+- rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
++ if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
++ pagedresults_unlock(pb->pb_conn, pr_idx);
++ /* Previous operation was abandoned and the simplepaged object is not in use. */
++ send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
++ rc = LDAP_SUCCESS;
++ goto free_and_return;
++ } else {
++ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
++ rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
+
+- /* search result could be reset in the backend/dse */
+- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
+- pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
++ /* search result could be reset in the backend/dse */
++ slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
++ pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
++ }
+ } else {
+ pr_stat = PAGEDRESULTS_SEARCH_END;
+ }
+@@ -712,7 +720,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
+ if (PAGEDRESULTS_SEARCH_END == pr_stat) {
+ pagedresults_lock(pb->pb_conn, pr_idx);
+ slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
+- pagedresults_free_one(pb->pb_conn, operation, pr_idx);
++ if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
++ pagedresults_free_one(pb->pb_conn, operation, pr_idx);
++ }
+ pagedresults_unlock(pb->pb_conn, pr_idx);
+ if (next_be) {
+ /* no more entries, but at least another backend */
+diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
+index fdbfa41..d0c93cd 100644
+--- a/ldap/servers/slapd/pagedresults.c
++++ b/ldap/servers/slapd/pagedresults.c
+@@ -877,6 +877,8 @@ pagedresults_reset_processing(Connection *conn, int index)
+ * If there are multiple slots, the connection may be a permanent one.
+ * Do not return timed out here. But let the next request take care the
+ * timedout slot(s).
++ *
++ * must be called within conn->c_mutex
+ */
+ int
+ pagedresults_is_timedout_nolock(Connection *conn)
+@@ -905,7 +907,10 @@ pagedresults_is_timedout_nolock(Connection *conn)
+ return 0;
+ }
+
+-/* reset all timeout */
++/*
++ * reset all timeout
++ * must be called within conn->c_mutex
++ */
+ int
+ pagedresults_reset_timedout_nolock(Connection *conn)
+ {
+@@ -968,7 +973,9 @@ pagedresults_lock( Connection *conn, int index )
+ if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
+ return;
+ }
++ PR_Lock(conn->c_mutex);
+ prp = conn->c_pagedresults.prl_list + index;
++ PR_Unlock(conn->c_mutex);
+ if (prp->pr_mutex) {
+ PR_Lock(prp->pr_mutex);
+ }
+@@ -982,9 +989,24 @@ pagedresults_unlock( Connection *conn, int index )
+ if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
+ return;
+ }
++ PR_Lock(conn->c_mutex);
+ prp = conn->c_pagedresults.prl_list + index;
++ PR_Unlock(conn->c_mutex);
+ if (prp->pr_mutex) {
+ PR_Unlock(prp->pr_mutex);
+ }
+ return;
+ }
++
++int
++pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
++{
++ PagedResults *prp;
++ if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
++ return 1; /* not abandoned, but do not want to proceed paged results op. */
++ }
++ PR_Lock(conn->c_mutex);
++ prp = conn->c_pagedresults.prl_list + index;
++ PR_Unlock(conn->c_mutex);
++ return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
++}
+diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
+index 57a2ce7..e8673e1 100644
+--- a/ldap/servers/slapd/proto-slap.h
++++ b/ldap/servers/slapd/proto-slap.h
+@@ -1487,6 +1487,7 @@ int pagedresults_cleanup_all(Connection *conn, int needlock);
+ void op_set_pagedresults(Operation *op);
+ void pagedresults_lock(Connection *conn, int index);
+ void pagedresults_unlock(Connection *conn, int index);
++int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
+
+ /*
+ * sort.c
+--
+1.9.3
+
diff --git a/SOURCES/0008-Ticket-47892-coverity-defects-found-in-1.3.3.1.patch b/SOURCES/0008-Ticket-47892-coverity-defects-found-in-1.3.3.1.patch
deleted file mode 100644
index 9527614..0000000
--- a/SOURCES/0008-Ticket-47892-coverity-defects-found-in-1.3.3.1.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 80ee43bf0f6ad4a8702f0695b9294a3797483ebe Mon Sep 17 00:00:00 2001
-From: Rich Megginson <rmeggins@redhat.com>
-Date: Fri, 12 Sep 2014 13:11:26 -0600
-Subject: [PATCH] Ticket #47892 coverity defects found in 1.3.3.1
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-https://fedorahosted.org/389/ticket/47892
-Reviewed by: mreynolds, nkinder (Thanks!)
-Branch: rhel-7.1
-Fix Description:
-9. 389-ds-base-1.3.3.1/ldap/servers/plugins/memberof/memberof.c:2079:var_compare_op – Comparing "group_norm_vals" to null implies that "group_norm_vals" might be null.
-11. 389-ds-base-1.3.3.1/ldap/servers/plugins/memberof/memberof.c:2099:var_deref_model – Passing null pointer "group_norm_vals" to function "slapi_valueset_add_value_ext(Slapi_ValueSet *, Slapi_Value const *, unsigned long)", which dereferences it.
-12. 389-ds-base-1.3.3.1/ldap/servers/slapd/valueset.c:896:2:deref_parm_in_call – Function "slapi_valueset_add_attr_valuearray_ext(Slapi_Attr const *, Slapi_ValueSet *, Slapi_Value **, int, unsigned long, int *)" dereferences "vs".
-15. 389-ds-base-1.3.3.1/ldap/servers/slapd/valueset.c:1075:2:deref_parm – Directly dereferencing parameter "vs".
-
-Added a check for group_norm_vals == NULL at beginning of function. I think this had a chain effect causing 11, 12, and 15 as well.
-
-various - deprecated conversion from string constant - added const_cast<char *> as recommended by C++ guides.
-
-2. 389-ds-base-1.3.3.1/ldap/servers/slapd/back-ldbm/ldif2ldbm.c:2198:78:warning – 'j' may be used uninitialized in this function [-Wmaybe-uninitialized]
-
-Should have been using SLAPI_ATTR_TOMBSTONE_CSN
-
-2. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/aclparse.c:538:28:warning – 'is_target_to' may be used uninitialized in this function [-Wmaybe-uninitialized]
-
-2. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/acl.c:2493:26:warning – 'attrFilterArray' may be used uninitialized in this function [-Wmaybe-uninitialized]
-
-These are false positives.
-
-The minor memleaks were also fixed.
-
-Platforms tested: Fedora 20
-Flag Day: no
-Doc impact: no
-
-(cherry picked from commit 66e43aee7151acf6939b1a646eb869c7ccf0f7a4)
-(cherry picked from commit 6dc23ec794cd5644a40c223e7b66066f195d8d7d)
----
- ldap/servers/plugins/memberof/memberof.c | 6 +++---
- ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 2 +-
- ldap/servers/slapd/tools/ldif.c | 5 ++++-
- ldap/servers/slapd/tools/rsearch/nametable.c | 1 +
- lib/base/pool.cpp | 10 +++++-----
- lib/libaccess/aclcache.cpp | 2 +-
- 6 files changed, 15 insertions(+), 11 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index 6549718..bd87ee9 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -2044,10 +2044,10 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- goto bail;
- }
-
-- if (!groupvals)
-+ if (!groupvals || !group_norm_vals)
- {
- slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "memberof_get_groups_callback: NULL groupvals\n");
-+ "memberof_get_groups_callback: NULL groupvals or group_norm_vals\n");
- rc = -1;
- goto bail;
-
-@@ -2076,7 +2076,7 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- * in config. We only need this attribute for it's syntax so the comparison can be
- * performed. Since all of the grouping attributes are validated to use the Dinstinguished
- * Name syntax, we can safely just use the first group_slapiattr. */
-- if (group_norm_vals && slapi_valueset_find(
-+ if (slapi_valueset_find(
- ((memberof_get_groups_data*)callback_data)->config->group_slapiattrs[0], group_norm_vals, group_ndn_val))
- {
- /* we either hit a recursive grouping, or an entry is
-diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
-index ab3a4a5..523da09 100644
---- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
-+++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
-@@ -2195,7 +2195,7 @@ ldbm_back_ldbm2index(Slapi_PBlock *pb)
- if (task) {
- slapi_task_log_notice(task, "%s: ERROR: failed to begin txn for "
- "update index '%s' (err %d: %s)",
-- inst->inst_name, indexAttrs[j], rc,
-+ inst->inst_name, SLAPI_ATTR_TOMBSTONE_CSN, rc,
- dblayer_strerror(rc));
- }
- return_value = -2;
-diff --git a/ldap/servers/slapd/tools/ldif.c b/ldap/servers/slapd/tools/ldif.c
-index e8e6f9b..e4527ba 100644
---- a/ldap/servers/slapd/tools/ldif.c
-+++ b/ldap/servers/slapd/tools/ldif.c
-@@ -142,7 +142,8 @@ int main( int argc, char **argv )
- }
-
- if (( out = ldif_type_and_value( type, val, cur )) == NULL ) {
-- perror( "ldif_type_and_value" );
-+ perror( "ldif_type_and_value" );
-+ free( val );
- return( 1 );
- }
-
-@@ -166,6 +167,7 @@ int main( int argc, char **argv )
- maxlen *= 2;
- if( (buf = (char *)realloc(buf, maxlen)) == NULL ) {
- perror( "realloc" );
-+ free( buf );
- return( 1 );
- }
- (void)fgets(buf+curlen, maxlen/2 + 1, stdin);
-@@ -176,6 +178,7 @@ int main( int argc, char **argv )
- if (( out = ldif_type_and_value( type, buf, strlen( buf ) ))
- == NULL ) {
- perror( "ldif_type_and_value" );
-+ free( buf );
- return( 1 );
- }
- fputs( out, stdout );
-diff --git a/ldap/servers/slapd/tools/rsearch/nametable.c b/ldap/servers/slapd/tools/rsearch/nametable.c
-index 03a6ae1..9d56a34 100644
---- a/ldap/servers/slapd/tools/rsearch/nametable.c
-+++ b/ldap/servers/slapd/tools/rsearch/nametable.c
-@@ -160,6 +160,7 @@ int nt_load(NameTable *nt, const char *filename)
- free(s);
- break;
- }
-+ free(s);
- }
- PR_Close(fd);
- return nt->size;
-diff --git a/lib/base/pool.cpp b/lib/base/pool.cpp
-index 9ee1b8c..ab952d1 100644
---- a/lib/base/pool.cpp
-+++ b/lib/base/pool.cpp
-@@ -178,7 +178,7 @@ _create_block(int size)
- crit_exit(freelist_lock);
- if (((newblock = (block_t *)PERM_MALLOC(sizeof(block_t))) == NULL) ||
- ((newblock->data = (char *)PERM_MALLOC(bytes)) == NULL)) {
-- ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateBlockOutOfMemory_));
-+ ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateBlockOutOfMemory_));
- if (newblock)
- PERM_FREE(newblock);
- return NULL;
-@@ -259,7 +259,7 @@ pool_create()
- }
-
- if ( (newpool->curr_block =_create_block(BLOCK_SIZE)) == NULL) {
-- ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateOutOfMemory_));
-+ ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateOutOfMemory_));
- PERM_FREE(newpool);
- return NULL;
- }
-@@ -280,7 +280,7 @@ pool_create()
- crit_exit(known_pools_lock);
- }
- else
-- ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolCreateOutOfMemory_1));
-+ ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolCreateOutOfMemory_1));
-
- return (pool_handle_t *)newpool;
- }
-@@ -386,7 +386,7 @@ pool_malloc(pool_handle_t *pool_handle, size_t size)
- */
- blocksize = ( (size + BLOCK_SIZE-1) / BLOCK_SIZE ) * BLOCK_SIZE;
- if ( (pool->curr_block = _create_block(blocksize)) == NULL) {
-- ereport(LOG_CATASTROPHE, "%s", XP_GetAdminStr(DBT_poolMallocOutOfMemory_));
-+ ereport(LOG_CATASTROPHE, const_cast<char *>("%s"), XP_GetAdminStr(DBT_poolMallocOutOfMemory_));
- #ifdef POOL_LOCKING
- crit_exit(pool->lock);
- #endif
-@@ -408,7 +408,7 @@ pool_malloc(pool_handle_t *pool_handle, size_t size)
-
- void _pool_free_error()
- {
-- ereport(LOG_WARN, "%s", XP_GetAdminStr(DBT_freeUsedWherePermFreeShouldHaveB_));
-+ ereport(LOG_WARN, const_cast<char *>("%s"), XP_GetAdminStr(DBT_freeUsedWherePermFreeShouldHaveB_));
-
- return;
- }
-diff --git a/lib/libaccess/aclcache.cpp b/lib/libaccess/aclcache.cpp
-index 52e019b..a96b0c9 100644
---- a/lib/libaccess/aclcache.cpp
-+++ b/lib/libaccess/aclcache.cpp
-@@ -133,7 +133,7 @@ ACL_ListHashInit()
- &ACLPermAllocOps,
- NULL);
- if (ACLListHash == NULL) {
-- ereport(LOG_SECURITY, "Unable to allocate ACL List Hash\n");
-+ ereport(LOG_SECURITY, const_cast<char *>("Unable to allocate ACL List Hash\n"));
- return;
- }
-
---
-1.9.3
-
diff --git a/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch b/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
new file mode 100644
index 0000000..f0463b8
--- /dev/null
+++ b/SOURCES/0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
@@ -0,0 +1,71 @@
+From 7f10ea89c30944fc60a95d53e544caa005c03e0e Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 6 Jul 2015 15:55:43 -0400
+Subject: [PATCH] Ticket 48119 - setup-ds.pl does not log invalid --file path
+ errors the same way as other errors.
+
+Bug Description: Errors occuring from Inf.pm are only written to STDERR
+
+Fix Description: Write errors from Inf.pm using the debug function
+
+https://fedorahosted.org/389/ticket/48119
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 6306fc4e8eb2fb5973360f550c83e3c9b220df5c)
+(cherry picked from commit 5bd7119d8529e1c0b763c45e3ec7d1fb497da6c8)
+---
+ ldap/admin/src/scripts/Inf.pm | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm
+index 98649ac..ec433e2 100644
+--- a/ldap/admin/src/scripts/Inf.pm
++++ b/ldap/admin/src/scripts/Inf.pm
+@@ -12,6 +12,7 @@
+
+ package Inf;
+
++use DSUtil;
+ use File::Temp qw(tempfile tempdir);
+
+ #require Exporter;
+@@ -59,7 +60,7 @@ sub read {
+ $inffh = \*STDIN;
+ } else {
+ if (!open(INF, $filename)) {
+- print STDERR "Error: could not open inf file $filename: $!\n";
++ debug(0, "Error: could not open inf file $filename: $!\n");
+ return;
+ }
+ $inffh = \*INF;
+@@ -124,7 +125,7 @@ sub section {
+ my $key = shift;
+
+ if (!exists($self->{$key})) {
+- print "Error: unknown inf section $key\n";
++ debug(0, "Error: unknown inf section $key\n");
+ return undef;
+ }
+
+@@ -187,7 +188,7 @@ sub write {
+ my $savemask = umask(0077);
+ if (!$fh) {
+ if (!open(INF, ">$filename")) {
+- print STDERR "Error: could not write inf file $filename: $!\n";
++ debug(0, "Error: could not write inf file $filename: $!\n");
+ umask($savemask);
+ return;
+ }
+@@ -232,7 +233,7 @@ sub updateFromArgs {
+ $argsinf->{$sec}->{$parm} = $val;
+ }
+ } else { # error
+- print STDERR "Error: unknown command line option $arg\n";
++ debug(0, "Error: unknown command line option $arg\n");
+ return;
+ }
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0009-Ticket-47750-Creating-a-glue-fails-if-one-above-leve.patch b/SOURCES/0009-Ticket-47750-Creating-a-glue-fails-if-one-above-leve.patch
deleted file mode 100644
index a0d1616..0000000
--- a/SOURCES/0009-Ticket-47750-Creating-a-glue-fails-if-one-above-leve.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 1ccde69d778878e331311839d1c5d6be0bbfad26 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 22 Sep 2014 14:34:58 -0700
-Subject: [PATCH 09/14] Ticket #47750 - Creating a glue fails if one above
- level is a conflict or missing
-
-Description: Poring changes made to 1.2.11 branch to newer versions.
-1) Enabiling cache lock in cache_is_in_cache and cache_has_otherref.
-2) Removing unused field new_entry_in_cache from "struct _modify_context".
-
-(cherry picked from commit 5ae13072330e9a769a5949b2e8a91085b38ac4e1)
-(cherry picked from commit ef766784ed7d09aa81e82316b621e8490a368dc6)
----
- ldap/servers/slapd/back-ldbm/back-ldbm.h | 1 -
- ldap/servers/slapd/back-ldbm/cache.c | 10 ++++++----
- 2 files changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h
-index 938d261..fd17453 100644
---- a/ldap/servers/slapd/back-ldbm/back-ldbm.h
-+++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h
-@@ -705,7 +705,6 @@ typedef struct _import_subcount_stuff import_subcount_stuff;
- /* Handy structures for modify operations */
-
- struct _modify_context {
-- int new_entry_in_cache;
- struct backentry *old_entry;
- struct backentry *new_entry;
- Slapi_Mods *smods;
-diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c
-index a98cf0c..4746204 100644
---- a/ldap/servers/slapd/back-ldbm/cache.c
-+++ b/ldap/servers/slapd/back-ldbm/cache.c
-@@ -1506,10 +1506,12 @@ int cache_add_tentative(struct cache *cache, struct backentry *e,
- {
- return entrycache_add_int(cache, e, ENTRY_STATE_CREATING, alt);
- }
-+
- void cache_lock(struct cache *cache)
- {
- PR_EnterMonitor(cache->c_mutex);
- }
-+
- void cache_unlock(struct cache *cache)
- {
- PR_ExitMonitor(cache->c_mutex);
-@@ -2095,9 +2097,9 @@ cache_has_otherref(struct cache *cache, void *ptr)
- return hasref;
- }
- bep = (struct backcommon *)ptr;
-- /* slows down too much? PR_Lock(cache->c_mutex); */
-+ cache_lock(cache);
- hasref = bep->ep_refcnt;
-- /* PR_Unlock(cache->c_mutex); */
-+ cache_unlock(cache);
- return (hasref>1)?1:0;
- }
-
-@@ -2111,8 +2113,8 @@ cache_is_in_cache(struct cache *cache, void *ptr)
- return in_cache;
- }
- bep = (struct backcommon *)ptr;
-- /* slows down too much? PR_Lock(cache->c_mutex); */
-+ cache_lock(cache);
- in_cache = (bep->ep_state & (ENTRY_STATE_DELETED|ENTRY_STATE_NOTINCACHE))?0:1;
-- /* PR_Unlock(cache->c_mutex); */
-+ cache_unlock(cache);
- return in_cache;
- }
---
-1.9.3
-
diff --git a/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch b/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
new file mode 100644
index 0000000..18a0ca7
--- /dev/null
+++ b/SOURCES/0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
@@ -0,0 +1,38 @@
+From 4b532c2fde59790981142e3245535a0176bb7e4f Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 7 Jul 2015 12:54:38 -0700
+Subject: [PATCH] Ticket #48203 - Fix coverity issues - 07/07/2015
+
+Description:
+1. Defect type: CLANG_WARNING
+ 389-ds-base-1.3.4.0/ldap/servers/slapd/conntable.c:161:11: warning:
+ Access to field 'c_ct' results in a dereference of a null pointer
+ (loaded from variable 'c')
+
+Thanks to rmeggins@redhat.com for the advice:
+> PR_NewLock() returns NULL then the server is severely out of some
+> resource (like RAM, stack space, etc.) and probably should just exit.
+
+https://fedorahosted.org/389/ticket/48203#comment:8
+(cherry picked from commit bca0908b1e10ada69cdc051d4aaceda73a940597)
+(cherry picked from commit a741911c9a5090d78f7a81c475bea3f6593d72ad)
+---
+ ldap/servers/slapd/conntable.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/conntable.c b/ldap/servers/slapd/conntable.c
+index 0364d94..d5b9058 100644
+--- a/ldap/servers/slapd/conntable.c
++++ b/ldap/servers/slapd/conntable.c
+@@ -147,7 +147,7 @@ connection_table_get_connection(Connection_Table *ct, int sd)
+ c->c_mutex = NULL;
+ c->c_pdumutex = NULL;
+ LDAPDebug( LDAP_DEBUG_ANY,"PR_NewLock failed\n",0, 0, 0 );
+- c= NULL;
++ exit(1);
+ }
+ }
+ /* Let's make sure there's no cruft left on there from the last time this connection was used. */
+--
+1.9.3
+
diff --git a/SOURCES/0010-Ticket-47908-389-ds-1.3.3.0-does-not-adjust-cipher-s.patch b/SOURCES/0010-Ticket-47908-389-ds-1.3.3.0-does-not-adjust-cipher-s.patch
deleted file mode 100644
index 066ac23..0000000
--- a/SOURCES/0010-Ticket-47908-389-ds-1.3.3.0-does-not-adjust-cipher-s.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 0e32f3731887dbdf9c594a94fee693826f1a96de Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 23 Sep 2014 14:38:00 -0700
-Subject: [PATCH 10/14] Ticket #47908 - 389-ds 1.3.3.0 does not adjust cipher
- suite configuration on upgrade, breaks itself and pki-server
-
-Description:
-In the given cipher list:
- nsSSL3Ciphers: +rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
- +rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5,
- +fortezza
-there were 2 issues.
-1) An old cipher suite name rsa_des_sha was not correctly mapped
- to the name supported by NSS (TLS_RSA_WITH_DES_CBC_SHA) in the
- mapping table. And the unsupported cipher name was not gracefully
- skipped but returned an error. This patch fixes the mapped name
- and the behaviour so that it skips the unknown/unsupported cipher.
-2) A cipher "fortezza" is deprecated. It's now skipped with the
- proper warning message.
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-https://fedorahosted.org/389/ticket/47908
-(cherry picked from commit 83a6ceb556e769f0d0a201f4a3d783ae3915c6bc)
-(cherry picked from commit 4e347407887589635fe077fb6174d20d3d34c7c8)
----
- ldap/servers/slapd/ssl.c | 25 ++++++++++++++++---------
- 1 file changed, 16 insertions(+), 9 deletions(-)
-
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index 03b5904..4e38308 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -172,7 +172,7 @@ static lookup_cipher _lookup_cipher[] = {
- {"tls_rsa_3des_sha", "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
- {"rsa_fips_3des_sha", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
- {"fips_3des_sha", "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
-- {"rsa_des_sha", "SSL_RSA_WITH_DES_CBC_SHA"},
-+ {"rsa_des_sha", "TLS_RSA_WITH_DES_CBC_SHA"},
- {"rsa_fips_des_sha", "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
- {"fips_des_sha", "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, /* ditto */
- {"rsa_rc4_40_md5", "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
-@@ -455,7 +455,7 @@ _conf_setciphers(char *ciphers, int flags)
- char *raw = ciphers;
- char **suplist = NULL;
- char **unsuplist = NULL;
-- int lookup;
-+ PRBool enabledOne = PR_FALSE;
-
- /* #47838: harden the list of ciphers available by default */
- /* Default is to activate all of them ==> none of them*/
-@@ -474,6 +474,7 @@ _conf_setciphers(char *ciphers, int flags)
- * from the console
- */
- _conf_setallciphers(CIPHER_SET_ALL|CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flags), &suplist, NULL);
-+ enabledOne = PR_TRUE;
- } else {
- /* If "+all" is not in nsSSL3Ciphers value, disable all first,
- * then enable specified ciphers. */
-@@ -499,7 +500,7 @@ _conf_setciphers(char *ciphers, int flags)
-
- if (strcasecmp(ciphers, "all")) { /* if not all */
- PRBool enabled = active ? PR_TRUE : PR_FALSE;
-- lookup = 1;
-+ int lookup = 1;
- for (x = 0; _conf_ciphers[x].name; x++) {
- if (!PL_strcasecmp(ciphers, _conf_ciphers[x].name)) {
- if (_conf_ciphers[x].flags & CIPHER_IS_WEAK) {
-@@ -558,6 +559,9 @@ _conf_setciphers(char *ciphers, int flags)
- enabled = cipher_check_fips(x, NULL, &unsuplist);
- }
- }
-+ if (enabled) {
-+ enabledOne = PR_TRUE; /* At least one active cipher is set. */
-+ }
- SSL_CipherPrefSetDefault(_conf_ciphers[x].num, enabled);
- break;
- }
-@@ -566,15 +570,14 @@ _conf_setciphers(char *ciphers, int flags)
- }
- }
- }
-- if(!_conf_ciphers[x].name) {
-- PR_snprintf(err, sizeof(err), "unknown cipher %s", ciphers);
-- slapi_ch_free((void **)&suplist); /* strings inside are static */
-- slapi_ch_free((void **)&unsuplist); /* strings inside are static */
-- return slapi_ch_strdup(err);
-+ if (!lookup && !_conf_ciphers[x].name) { /* If lookup, it's already reported. */
-+ slapd_SSL_warn("Cipher suite %s is not available in NSS %d.%d. Ignoring %s",
-+ ciphers, NSS_VMAJOR, NSS_VMINOR, ciphers);
- }
- }
-- if(t)
-+ if(t) {
- ciphers = t;
-+ }
- }
- if (unsuplist && *unsuplist) {
- char *strsup = charray2str(suplist, ",");
-@@ -592,6 +595,10 @@ _conf_setciphers(char *ciphers, int flags)
- slapi_ch_free((void **)&suplist); /* strings inside are static */
- slapi_ch_free((void **)&unsuplist); /* strings inside are static */
-
-+ if (!enabledOne) {
-+ char *nocipher = PR_smprintf("No active cipher suite is available.");
-+ return nocipher;
-+ }
- _conf_dumpciphers();
-
- return NULL;
---
-1.9.3
-
diff --git a/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch b/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
new file mode 100644
index 0000000..c025f60
--- /dev/null
+++ b/SOURCES/0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
@@ -0,0 +1,808 @@
+From 46cd28db8402517febf0c5db4f2f869c491c41c0 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Wed, 8 Jul 2015 11:48:27 -0400
+Subject: [PATCH 10/20] Ticket 48208 - CleanAllRUV should completely purge
+ changelog
+
+Bug Description: After cleanAllRUV finishes, the changelog still
+ contains entries from the cleaned rid. Under certain
+ conditions this can allow the RUV to get polluted
+ again, and the ruv element will be missing the replica
+ url.
+
+Fix Description: At the end of the cleaning task, fire of a thread to
+ to completely purge the changelog of all entries
+ containing the cleaned rid.
+
+ Also, improved the cleanAllRUV task when dealing
+ with a server shutdown - previously if the timing is
+ right the task can "delay/hang" the shutdown process.
+
+https://fedorahosted.org/389/ticket/48208
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit ff1c34538b0600259dba4801da2b2f0993fa5404)
+(cherry picked from commit 9e4cf12cfbfde0761325b75c3fd5a8b39223760a)
+---
+ ldap/servers/plugins/replication/cl5_api.c | 447 ++++++++++++++++++---
+ ldap/servers/plugins/replication/cl5_api.h | 5 +-
+ .../plugins/replication/repl5_replica_config.c | 44 +-
+ 3 files changed, 430 insertions(+), 66 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
+index a10c3ac..ae23353 100644
+--- a/ldap/servers/plugins/replication/cl5_api.c
++++ b/ldap/servers/plugins/replication/cl5_api.c
+@@ -319,14 +319,17 @@ static void _cl5TrimCleanup ();
+ static int _cl5TrimMain (void *param);
+ static void _cl5DoTrimming (ReplicaId rid);
+ static void _cl5CompactDBs();
+-static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid);
++static void _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid);
++static int _cl5PurgeGetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key);
++static int _cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key);
++static void _cl5TrimFile (Object *obj, long *numToTrim);
+ static PRBool _cl5CanTrim (time_t time, long *numToTrim);
+ static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge);
+ static int _cl5WriteRUV (CL5DBFile *file, PRBool purge);
+ static int _cl5ConstructRUV (const char *replGen, Object *obj, PRBool purge);
+ static int _cl5UpdateRUV (Object *obj, CSN *csn, PRBool newReplica, PRBool purge);
+ static int _cl5GetRUV2Purge2 (Object *fileObj, RUV **ruv);
+-void trigger_cl_trimming_thread(void *rid);
++void trigger_cl_purging_thread(void *rid);
+
+ /* bakup/recovery, import/export */
+ static int _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op,
+@@ -3470,9 +3473,17 @@ static void _cl5DoTrimming (ReplicaId rid)
+ trimmed more often than other. We might have to fix that by, for
+ example, randomizing starting point */
+ obj = objset_first_obj (s_cl5Desc.dbFiles);
+- while (obj && _cl5CanTrim ((time_t)0, &numToTrim))
++ while (obj && (_cl5CanTrim ((time_t)0, &numToTrim) || rid))
+ {
+- _cl5TrimFile (obj, &numToTrim, rid);
++ if (rid){
++ /*
++ * We are cleaning an invalid rid, and need to strip it
++ * from the changelog.
++ */
++ _cl5PurgeRID (obj, rid);
++ } else {
++ _cl5TrimFile (obj, &numToTrim);
++ }
+ obj = objset_next_obj (s_cl5Desc.dbFiles, obj);
+ }
+
+@@ -3549,12 +3560,351 @@ bail:
+ return;
+ }
+
++/*
++ * If the rid is not set it is the very first iteration of the changelog.
++ * If the rid is set, we are doing another pass, and we have a key as our
++ * starting point.
++ */
++static int
++_cl5PurgeGetFirstEntry(Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key)
++{
++ DBC *cursor = NULL;
++ DBT data = {0};
++ CL5Iterator *it;
++ CL5DBFile *file;
++ int rc;
++
++ file = (CL5DBFile*)object_get_data (obj);
++
++ /* create cursor */
++ rc = file->db->cursor(file->db, txnid, &cursor, 0);
++ if (rc != 0)
++ {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5PurgeGetFirstEntry: failed to create cursor; db error - %d %s\n", rc, db_strerror(rc));
++ rc = CL5_DB_ERROR;
++ goto done;
++ }
++
++ key->flags = DB_DBT_MALLOC;
++ data.flags = DB_DBT_MALLOC;
++ while ((rc = cursor->c_get(cursor, key, &data, rid?DB_SET:DB_NEXT)) == 0)
++ {
++ /* skip service entries on the first pass (rid == 0)*/
++ if (!rid && cl5HelperEntry ((char*)key->data, NULL))
++ {
++ slapi_ch_free(&key->data);
++ slapi_ch_free(&(data.data));
++ continue;
++ }
++
++ /* format entry */
++ rc = cl5DBData2Entry(data.data, data.size, entry);
++ slapi_ch_free(&(data.data));
++ if (rc != 0)
++ {
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
++ "_cl5PurgeGetFirstEntry: failed to format entry: %d\n", rc);
++ goto done;
++ }
++
++ it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator));
++ it->cursor = cursor;
++ object_acquire (obj);
++ it->file = obj;
++ *(CL5Iterator**)iterator = it;
++
++ return CL5_SUCCESS;
++ }
++
++ slapi_ch_free(&key->data);
++ slapi_ch_free(&(data.data));
++
++ /* walked of the end of the file */
++ if (rc == DB_NOTFOUND)
++ {
++ rc = CL5_NOTFOUND;
++ goto done;
++ }
++
++ /* db error occured while iterating */
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5PurgeGetFirstEntry: failed to get entry; db error - %d %s\n",
++ rc, db_strerror(rc));
++ rc = CL5_DB_ERROR;
++
++done:
++ /*
++ * We didn't success in assigning this cursor to the iterator,
++ * so we need to free the cursor here.
++ */
++ if (cursor)
++ cursor->c_close(cursor);
++
++ return rc;
++}
++
++/*
++ * Get the next entry. If we get a lock error we will restart the process
++ * starting at the current key.
++ */
++static int
++_cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key)
++{
++ CL5Iterator *it;
++ DBT data={0};
++ int rc;
++
++ it = (CL5Iterator*) iterator;
++
++ key->flags = DB_DBT_MALLOC;
++ data.flags = DB_DBT_MALLOC;
++ while ((rc = it->cursor->c_get(it->cursor, key, &data, DB_NEXT)) == 0)
++ {
++ if (cl5HelperEntry ((char*)key->data, NULL))
++ {
++ slapi_ch_free(&key->data);
++ slapi_ch_free(&(data.data));
++ continue;
++ }
++
++ /* format entry */
++ rc = cl5DBData2Entry (data.data, data.size, entry);
++ slapi_ch_free (&(data.data));
++ if (rc != 0)
++ {
++ if (rc != CL5_DB_LOCK_ERROR){
++ /* Not a lock error, free the key */
++ slapi_ch_free(&key->data);
++ }
++ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
++ repl_plugin_name_cl,
++ "_cl5PurgeGetNextEntry: failed to format entry: %d\n",
++ rc);
++
++ }
++
++ return rc;
++ }
++ slapi_ch_free(&(data.data));
++
++ /* walked of the end of the file or entry is out of range */
++ if (rc == 0 || rc == DB_NOTFOUND){
++ slapi_ch_free(&key->data);
++ return CL5_NOTFOUND;
++ }
++ if (rc != CL5_DB_LOCK_ERROR){
++ /* Not a lock error, free the key */
++ slapi_ch_free(&key->data);
++ }
++
++ /* cursor operation failed */
++ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
++ repl_plugin_name_cl,
++ "_cl5PurgeGetNextEntry: failed to get entry; db error - %d %s\n",
++ rc, db_strerror(rc));
++
++ return rc;
++}
++
++#define MAX_RETRIES 10
++/*
++ * _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid)
++ *
++ * Clean the entire changelog of updates from the "cleaned rid" via CLEANALLRUV
++ * Delete entries in batches so we don't consume too many db locks, and we don't
++ * lockup the changelog during the entire purging process using one transaction.
++ * We save the key from the last iteration so we don't have to start from the
++ * beginning for each new iteration.
++ */
++static void
++_cl5PurgeRID(Object *obj, ReplicaId cleaned_rid)
++{
++ slapi_operation_parameters op = {0};
++ ReplicaId csn_rid;
++ CL5Entry entry;
++ DB_TXN *txnid = NULL;
++ DBT key = {0};
++ void *iterator = NULL;
++ long totalTrimmed = 0;
++ long trimmed = 0;
++ char *starting_key = NULL;
++ int batch_count = 0;
++ int db_lock_retry_count = 0;
++ int first_pass = 1;
++ int finished = 0;
++ int rc = 0;
++
++ PR_ASSERT (obj);
++ entry.op = &op;
++
++ /*
++ * Keep processing the changelog until we are done, shutting down, or we
++ * maxed out on the db lock retries.
++ */
++ while (!finished && db_lock_retry_count < MAX_RETRIES && !slapi_is_shutting_down()){
++ trimmed = 0;
++
++ /*
++ * Sleep a bit to allow others to use the changelog - we can't hog the
++ * changelog for the entire purge.
++ */
++ DS_Sleep(PR_MillisecondsToInterval(100));
++
++ rc = TXN_BEGIN(s_cl5Desc.dbEnv, NULL, &txnid, 0);
++ if (rc != 0){
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5PurgeRID: failed to begin transaction; db error - %d %s. "
++ "Changelog was not purged of rid(%d)\n",
++ rc, db_strerror(rc), cleaned_rid);
++ return;
++ }
++
++ /*
++ * Check every changelog entry for the cleaned rid
++ */
++ rc = _cl5PurgeGetFirstEntry(obj, &entry, &iterator, txnid, first_pass?0:cleaned_rid, &key);
++ first_pass = 0;
++ while (rc == CL5_SUCCESS && !slapi_is_shutting_down()) {
++ /*
++ * Store the new starting key - we need this starting key in case
++ * we run out of locks and have to start the transaction over.
++ */
++ slapi_ch_free_string(&starting_key);
++ starting_key = slapi_ch_strdup((char*)key.data);
++
++ if(trimmed == 10000 || (batch_count && trimmed == batch_count)){
++ /*
++ * Break out, and commit these deletes. Do not free the key,
++ * we need it for the next pass.
++ */
++ cl5_operation_parameters_done (&op);
++ db_lock_retry_count = 0; /* reset the retry count */
++ break;
++ }
++ if(op.csn){
++ csn_rid = csn_get_replicaid (op.csn);
++ if (csn_rid == cleaned_rid){
++ rc = _cl5CurrentDeleteEntry (iterator);
++ if (rc != CL5_SUCCESS){
++ /* log error */
++ cl5_operation_parameters_done (&op);
++ if (rc == CL5_DB_LOCK_ERROR){
++ /*
++ * Ran out of locks, need to restart the transaction.
++ * Reduce the the batch count and reset the key to
++ * the starting point
++ */
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
++ "_cl5PurgeRID: Ran out of db locks deleting entry. "
++ "Reduce the batch value and restart.\n");
++ batch_count = trimmed - 10;
++ if (batch_count < 10){
++ batch_count = 10;
++ }
++ trimmed = 0;
++ slapi_ch_free(&(key.data));
++ key.data = starting_key;
++ starting_key = NULL;
++ db_lock_retry_count++;
++ break;
++ } else {
++ /* fatal error */
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5PurgeRID: fatal error (%d)\n", rc);
++ slapi_ch_free(&(key.data));
++ finished = 1;
++ break;
++ }
++ }
++ trimmed++;
++ }
++ }
++ slapi_ch_free(&(key.data));
++ cl5_operation_parameters_done (&op);
++
++ rc = _cl5PurgeGetNextEntry (&entry, iterator, &key);
++ if (rc == CL5_DB_LOCK_ERROR){
++ /*
++ * Ran out of locks, need to restart the transaction.
++ * Reduce the the batch count and reset the key to the starting
++ * point.
++ */
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5PurgeRID: Ran out of db locks getting the next entry. "
++ "Reduce the batch value and restart.\n");
++ batch_count = trimmed - 10;
++ if (batch_count < 10){
++ batch_count = 10;
++ }
++ trimmed = 0;
++ cl5_operation_parameters_done (&op);
++ slapi_ch_free(&(key.data));
++ key.data = starting_key;
++ starting_key = NULL;
++ db_lock_retry_count++;
++ break;
++ }
++ }
++
++ if (rc == CL5_NOTFOUND){
++ /* Scanned the entire changelog, we're done */
++ finished = 1;
++ }
++
++ /* Destroy the iterator before we finish with the txn */
++ cl5DestroyIterator (iterator);
++
++ /*
++ * Commit or abort the txn
++ */
++ if (rc == CL5_SUCCESS || rc == CL5_NOTFOUND){
++ rc = TXN_COMMIT (txnid, 0);
++ if (rc != 0){
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5PurgeRID: failed to commit transaction; db error - %d %s. "
++ "Changelog was not completely purged of rid (%d)\n",
++ rc, db_strerror(rc), cleaned_rid);
++ break;
++ } else if (finished){
++ /* We're done */
++ totalTrimmed += trimmed;
++ break;
++ } else {
++ /* Not done yet */
++ totalTrimmed += trimmed;
++ trimmed = 0;
++ }
++ } else {
++ rc = TXN_ABORT (txnid);
++ if (rc != 0){
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5PurgeRID: failed to abort transaction; db error - %d %s. "
++ "Changelog was not completely purged of rid (%d)\n",
++ rc, db_strerror(rc), cleaned_rid);
++ }
++ if (batch_count == 0){
++ /* This was not a retry. Fatal error, break out */
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5PurgeRID: Changelog was not purged of rid (%d)\n",
++ cleaned_rid);
++ break;
++ }
++ }
++ }
++ slapi_ch_free_string(&starting_key);
++
++ slapi_log_error (SLAPI_LOG_REPL, repl_plugin_name_cl,
++ "_cl5PurgeRID: Removed (%ld entries) that originated from rid (%d)\n",
++ totalTrimmed, cleaned_rid);
++}
++
+ /* Note that each file contains changes for a single replicated area.
+ trimming algorithm:
+ */
+ #define CL5_TRIM_MAX_PER_TRANSACTION 10
+
+-static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
++static void _cl5TrimFile (Object *obj, long *numToTrim)
+ {
+ DB_TXN *txnid;
+ RUV *ruv = NULL;
+@@ -3577,7 +3927,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
+ }
+
+ entry.op = &op;
+-
+ while ( !finished && !slapi_is_shutting_down() )
+ {
+ it = NULL;
+@@ -3598,7 +3947,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
+ }
+
+ finished = _cl5GetFirstEntry (obj, &entry, &it, txnid);
+- while ( !finished )
++ while ( !finished && !slapi_is_shutting_down())
+ {
+ /*
+ * This change can be trimmed if it exceeds purge
+@@ -3612,11 +3961,12 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
+ continue;
+ }
+ csn_rid = csn_get_replicaid (op.csn);
++
+ if ( (*numToTrim > 0 || _cl5CanTrim (entry.time, numToTrim)) &&
+ ruv_covers_csn_strict (ruv, op.csn) )
+ {
+ rc = _cl5CurrentDeleteEntry (it);
+- if ( rc == CL5_SUCCESS && cleaned_rid != csn_rid)
++ if ( rc == CL5_SUCCESS)
+ {
+ rc = _cl5UpdateRUV (obj, op.csn, PR_FALSE, PR_TRUE);
+ }
+@@ -3630,7 +3980,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
+ /* The above two functions have logged the error */
+ abort = PR_TRUE;
+ }
+-
+ }
+ else
+ {
+@@ -3687,7 +4036,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
+ rc = TXN_ABORT (txnid);
+ if (rc != 0)
+ {
+- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "_cl5TrimFile: failed to abort transaction; db error - %d %s\n",
+ rc, db_strerror(rc));
+ }
+@@ -3698,7 +4047,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
+ if (rc != 0)
+ {
+ finished = 1;
+- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "_cl5TrimFile: failed to commit transaction; db error - %d %s\n",
+ rc, db_strerror(rc));
+ }
+@@ -4722,9 +5071,9 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
+ goto done;
+ }
+ #endif
+- /* back off */
++ /* back off */
+ interval = PR_MillisecondsToInterval(slapi_rand() % 100);
+- DS_Sleep(interval);
++ DS_Sleep(interval);
+ }
+ #if USE_DB_TXN
+ /* begin transaction */
+@@ -4770,19 +5119,19 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
+ }
+ cnt ++;
+ }
+-
++
+ if (rc == 0) /* we successfully added entry */
+ {
+ #if USE_DB_TXN
+ rc = TXN_COMMIT (txnid, 0);
+ #endif
+ }
+- else
++ else
+ {
+- char s[CSN_STRSIZE];
+- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ char s[CSN_STRSIZE];
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "_cl5WriteOperationTxn: failed to write entry with csn (%s); "
+- "db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s),
++ "db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s),
+ rc, db_strerror(rc));
+ #if USE_DB_TXN
+ rc = TXN_ABORT (txnid);
+@@ -4803,7 +5152,7 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
+ /* update purge vector if we have not seen any changes from this replica before */
+ _cl5UpdateRUV (file_obj, op->csn, PR_TRUE, PR_TRUE);
+
+- slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl,
++ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl,
+ "cl5WriteOperationTxn: successfully written entry with csn (%s)\n", csnStr);
+ rc = CL5_SUCCESS;
+ done:
+@@ -4817,7 +5166,7 @@ done:
+ return rc;
+ }
+
+-static int _cl5WriteOperation(const char *replName, const char *replGen,
++static int _cl5WriteOperation(const char *replName, const char *replGen,
+ const slapi_operation_parameters *op, PRBool local)
+ {
+ return _cl5WriteOperationTxn(replName, replGen, op, local, NULL);
+@@ -4868,7 +5217,7 @@ static int _cl5GetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_
+ goto done;
+ }
+
+- it = (CL5Iterator*)slapi_ch_malloc (sizeof (CL5Iterator));
++ it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator));
+ it->cursor = cursor;
+ object_acquire (obj);
+ it->file = obj;
+@@ -4943,7 +5292,7 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator)
+ slapi_ch_free (&(data.data));
+ if (rc != 0)
+ {
+- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "_cl5GetNextEntry: failed to format entry: %d\n", rc);
+ }
+
+@@ -4972,38 +5321,42 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator)
+ }
+
+ /* cursor operation failed */
+- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+- "_cl5GetNextEntry: failed to get entry; db error - %d %s\n",
+- rc, db_strerror(rc));
++ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
++ repl_plugin_name_cl,
++ "_cl5GetNextEntry: failed to get entry; db error - %d %s\n",
++ rc, db_strerror(rc));
+
+- return CL5_DB_ERROR;
++ return rc;
+ }
+
+ static int _cl5CurrentDeleteEntry (void *iterator)
+ {
+ int rc;
+ CL5Iterator *it;
+- CL5DBFile *file;
++ CL5DBFile *file;
+
+- PR_ASSERT (iterator);
++ PR_ASSERT (iterator);
+
+ it = (CL5Iterator*)iterator;
+
+ rc = it->cursor->c_del (it->cursor, 0);
+
+ if (rc == 0) {
+- /* decrement entry count */
+- file = (CL5DBFile*)object_get_data (it->file);
+- PR_AtomicDecrement (&file->entryCount);
+- return CL5_SUCCESS;
+- } else {
+- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+- "_cl5CurrentDeleteEntry failed, err=%d %s\n",
+- rc, db_strerror(rc));
+- /* We don't free(close) the cursor here, as the caller will free it by a call to cl5DestroyIterator */
+- /* Freeing it here is a potential bug, as the cursor can't be referenced later once freed */
+- return CL5_DB_ERROR;
+- }
++ /* decrement entry count */
++ file = (CL5DBFile*)object_get_data (it->file);
++ PR_AtomicDecrement (&file->entryCount);
++ return CL5_SUCCESS;
++ } else {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
++ "_cl5CurrentDeleteEntry failed, err=%d %s\n",
++ rc, db_strerror(rc));
++ /*
++ * We don't free(close) the cursor here, as the caller will free it by
++ * a call to cl5DestroyIterator. Freeing it here is a potential bug,
++ * as the cursor can't be referenced later once freed.
++ */
++ return rc;
++ }
+ }
+
+ static PRBool _cl5IsValidIterator (const CL5Iterator *iterator)
+@@ -6275,7 +6628,7 @@ static int _cl5ExportFile (PRFileDesc *prFile, Object *obj)
+ slapi_write_buffer (prFile, "\n", strlen("\n"));
+
+ entry.op = &op;
+- rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL);
++ rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL);
+ while (rc == CL5_SUCCESS)
+ {
+ rc = _cl5Operation2LDIF (&op, file->replGen, &buff, &len);
+@@ -6696,16 +7049,16 @@ cl5CleanRUV(ReplicaId rid){
+ slapi_rwlock_unlock (s_cl5Desc.stLock);
+ }
+
+-void trigger_cl_trimming(ReplicaId rid){
++void trigger_cl_purging(ReplicaId rid){
+ PRThread *trim_tid = NULL;
+
+- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_trimming: rid (%d)\n",(int)rid);
+- trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_trimming_thread,
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_purging: rid (%d)\n",(int)rid);
++ trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread,
+ (void *)&rid, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+ PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE);
+ if (NULL == trim_tid){
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+- "trigger_cl_trimming: failed to create trimming "
++ "trigger_cl_purging: failed to create trimming "
+ "thread; NSPR error - %d\n", PR_GetError ());
+ } else {
+ /* need a little time for the thread to get started */
+@@ -6714,7 +7067,7 @@ void trigger_cl_trimming(ReplicaId rid){
+ }
+
+ void
+-trigger_cl_trimming_thread(void *arg){
++trigger_cl_purging_thread(void *arg){
+ ReplicaId rid = *(ReplicaId *)arg;
+
+ /* make sure we have a change log, and we aren't closing it */
+@@ -6723,7 +7076,7 @@ trigger_cl_trimming_thread(void *arg){
+ }
+ if (CL5_SUCCESS != _cl5AddThread()) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+- "trigger_cl_trimming: failed to increment thread count "
++ "trigger_cl_purging: failed to increment thread count "
+ "NSPR error - %d\n", PR_GetError ());
+ }
+ _cl5DoTrimming(rid);
+diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h
+index 5809570..4c3b8e8 100644
+--- a/ldap/servers/plugins/replication/cl5_api.h
++++ b/ldap/servers/plugins/replication/cl5_api.h
+@@ -117,6 +117,9 @@ enum
+ CL5_CSN_ERROR, /* CSN API failed */
+ CL5_RUV_ERROR, /* RUV API failed */
+ CL5_OBJSET_ERROR, /* namedobjset api failed */
++ CL5_DB_LOCK_ERROR, /* bdb returns error 12 when the db runs out of locks,
++ this var needs to be in slot 12 of the list.
++ Do not re-order enum above! */
+ CL5_PURGED_DATA, /* requested data has been purged */
+ CL5_MISSING_DATA, /* data should be in the changelog, but is missing */
+ CL5_UNKNOWN_ERROR, /* unclassified error */
+@@ -464,6 +467,6 @@ int cl5WriteRUV();
+ int cl5DeleteRUV();
+ void cl5CleanRUV(ReplicaId rid);
+ void cl5NotifyCleanup(int rid);
+-void trigger_cl_trimming(ReplicaId rid);
++void trigger_cl_purging(ReplicaId rid);
+
+ #endif
+diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
+index 660b134..faa86b8 100644
+--- a/ldap/servers/plugins/replication/repl5_replica_config.c
++++ b/ldap/servers/plugins/replication/repl5_replica_config.c
+@@ -1439,6 +1439,11 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not
+ */
+ cl5CleanRUV(rid);
+
++ /*
++ * Now purge the changelog
++ */
++ trigger_cl_purging(rid);
++
+ if (rc != RUV_SUCCESS){
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc);
+ return LDAP_OPERATIONS_ERROR;
+@@ -1837,7 +1842,7 @@ replica_cleanallruv_thread(void *arg)
+ /* no agmts, just clean this replica */
+ break;
+ }
+- while (agmt_obj){
++ while (agmt_obj && !slapi_is_shutting_down()){
+ agmt = (Repl_Agmt*)object_get_data (agmt_obj);
+ if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
+ agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
+@@ -1919,13 +1924,15 @@ replica_cleanallruv_thread(void *arg)
+ break;
+ }
+ /*
+- * need to sleep between passes
++ * Need to sleep between passes unless we are shutting down
+ */
+- cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Replicas have not been cleaned yet, "
+- "retrying in %d seconds", interval);
+- PR_Lock( notify_lock );
+- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
+- PR_Unlock( notify_lock );
++ if (!slapi_is_shutting_down()){
++ cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Replicas have not been cleaned yet, "
++ "retrying in %d seconds", interval);
++ PR_Lock( notify_lock );
++ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
++ PR_Unlock( notify_lock );
++ }
+
+ if(interval < 14400){ /* 4 hour max */
+ interval = interval * 2;
+@@ -1936,10 +1943,9 @@ replica_cleanallruv_thread(void *arg)
+
+ done:
+ /*
+- * If the replicas are cleaned, release the rid, and trim the changelog
++ * If the replicas are cleaned, release the rid
+ */
+ if(!aborted){
+- trigger_cl_trimming(data->rid);
+ delete_cleaned_rid_config(data);
+ /* make sure all the replicas have been "pre_cleaned" before finishing */
+ check_replicas_are_done_cleaning(data);
+@@ -1949,7 +1955,7 @@ done:
+ /*
+ * Shutdown or abort
+ */
+- if(!is_task_aborted(data->rid)){
++ if(!is_task_aborted(data->rid) || slapi_is_shutting_down()){
+ cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,"Server shutting down. Process will resume at server startup");
+ } else {
+ cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,"Task aborted for rid(%d).",data->rid);
+@@ -2184,7 +2190,7 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn)
+ not_all_caughtup = 0;
+ break;
+ }
+- while (agmt_obj){
++ while (agmt_obj && !slapi_is_shutting_down()){
+ agmt = (Repl_Agmt*)object_get_data (agmt_obj);
+ if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
+ agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
+@@ -2242,7 +2248,7 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task)
+ not_all_alive = 0;
+ break;
+ }
+- while (agmt_obj){
++ while (agmt_obj && !slapi_is_shutting_down()){
+ agmt = (Repl_Agmt*)object_get_data (agmt_obj);
+ if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
+ agmt_obj = agmtlist_get_next_agreement_for_replica (replica, agmt_obj);
+@@ -3022,12 +3028,14 @@ replica_abort_task_thread(void *arg)
+ break;
+ }
+ /*
+- * need to sleep between passes
++ * Need to sleep between passes. unless we are shutting down
+ */
+- cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval);
+- PR_Lock( notify_lock );
+- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
+- PR_Unlock( notify_lock );
++ if (!slapi_is_shutting_down()){
++ cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval);
++ PR_Lock( notify_lock );
++ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
++ PR_Unlock( notify_lock );
++ }
+
+ if(interval < 14400){ /* 4 hour max */
+ interval = interval * 2;
+@@ -3045,7 +3053,7 @@ done:
+ * Wait for this server to stop its cleanallruv task(which removes the rid from the cleaned list)
+ */
+ cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID, "Waiting for CleanAllRUV task to abort...");
+- while(is_cleaned_rid(data->rid)){
++ while(is_cleaned_rid(data->rid) && !slapi_is_shutting_down()){
+ DS_Sleep(PR_SecondsToInterval(1));
+ count++;
+ if(count == 60){ /* it should not take this long */
+--
+1.9.3
+
diff --git a/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch b/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
new file mode 100644
index 0000000..19dc5da
--- /dev/null
+++ b/SOURCES/0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
@@ -0,0 +1,224 @@
+From 3c2165deb45571a0ff0547e5c8c2c970095cca04 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 8 Jul 2015 10:19:15 -0700
+Subject: [PATCH 11/20] Ticket #47799 - Any negative LDAP error code number
+ reported as Illegal error by ldclt.
+
+Description: ldclt was implemented with mozldap, which did not expect
+negative erorr codes, but openldap does. E.g., LDAP_FILTER_ERROR (-7)
+This patch prepares a negativeError array for the negative error codes.
+Example:
+ $ ldclt [...] -e esearch -e random -b "<basedn>" -f "<bad filter>" -v
+ Filter = "<bad filter>"
+ ...
+ ldclt[16030]: T000: Cannot ldap_search(), error=-7 (Bad search filter) -- NULL result
+ ...
+ ldclt[16030]: Global error -7 (Bad search filter) occurs 1001 times
+ ldclt[16030]: Exit status 3 - Max errors reached.
+
+https://fedorahosted.org/389/ticket/47799
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 71be5faaa478593bb056887410ca8e48e05b2fe4)
+(cherry picked from commit 0680a45773ab4b0e92ec26caa3acbb6bab379103)
+---
+ ldap/servers/slapd/tools/ldclt/ldapfct.c | 4 +++
+ ldap/servers/slapd/tools/ldclt/ldclt.c | 35 ++++++++++++++++-----
+ ldap/servers/slapd/tools/ldclt/ldclt.h | 11 ++++++-
+ ldap/servers/slapd/tools/ldclt/threadMain.c | 48 +++++++++++++++++++----------
+ 4 files changed, 73 insertions(+), 25 deletions(-)
+
+diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
+index f906c5a..13e66b8 100644
+--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
++++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
+@@ -1382,6 +1382,10 @@ printErrorFromLdap (
+ printf ("ldclt[%d]: T%03d: %s, error=%d (%s",
+ mctx.pid, tttctx->thrdNum, errmsg,
+ errcode, my_ldap_err2string (errcode));
++ if (!res) {
++ printf (") -- NULL result\n");
++ return -1;
++ }
+
+ /*
+ * See if there is an additional error message...
+diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.c b/ldap/servers/slapd/tools/ldclt/ldclt.c
+index edb687f..9e573a5 100644
+--- a/ldap/servers/slapd/tools/ldclt/ldclt.c
++++ b/ldap/servers/slapd/tools/ldclt/ldclt.c
+@@ -716,19 +716,35 @@ printGlobalStatistics (void)
+ * Note: Maybe implement a way to stop the running threads ?
+ */
+ found = 0;
+- for (i=0 ; i<MAX_ERROR_NB ; i++)
+- if (mctx.errors[i] > 0)
+- {
++ for (i = 0; i < MAX_ERROR_NB; i++) {
++ if (mctx.errors[i] > 0) {
+ found = 1;
+ sprintf (buf, "(%s)", my_ldap_err2string (i));
+ printf ("ldclt[%d]: Global error %2d %s occurs %5d times\n",
+ mctx.pid, i, buf, mctx.errors[i]);
+ }
++ }
++#if defined(USE_OPENLDAP)
++ for (i = 0; i < ABS(NEGATIVE_MAX_ERROR_NB); i++) {
++ if (mctx.negativeErrors[i] > 0) {
++ found = 1;
++ sprintf (buf, "(%s)", my_ldap_err2string (-i));
++ printf ("ldclt[%d]: Global error %2d %s occurs %5d times\n",
++ mctx.pid, -i, buf, mctx.negativeErrors[i]);
++ }
++ }
++#endif
+ if (mctx.errorsBad > 0)
+ {
+ found = 1;
+- printf ("ldclt[%d]: Global illegal errors (codes not in [0, %d]) occurs %5d times\n",
+- mctx.pid, MAX_ERROR_NB-1, mctx.errorsBad);
++ printf("ldclt[%d]: Global illegal errors (codes not in [%d, %d]) occurs %5d times\n",
++ mctx.pid,
++#if defined(USE_OPENLDAP)
++ NEGATIVE_MAX_ERROR_NB,
++#else
++ 0,
++#endif
++ MAX_ERROR_NB-1, mctx.errorsBad);
+ }
+ if (!found)
+ printf ("ldclt[%d]: Global no error occurs during this session.\n", mctx.pid);
+@@ -1293,9 +1309,14 @@ basicInit (void)
+ mctx.totNbOpers = 0;
+ mctx.totNbSamples = 0;
+ mctx.errorsBad = 0;
+- for (i=0 ; i<MAX_ERROR_NB ; i++)
++ for (i = 0; i < MAX_ERROR_NB; i++) {
+ mctx.errors[i] = 0;
+-
++ }
++#if defined(USE_OPENLDAP)
++ for (i = 0; i < ABS(NEGATIVE_MAX_ERROR_NB); i++) {
++ mctx.negativeErrors[i] = 0;
++ }
++#endif
+ /*
+ * Initiate the mutex that protect the errors statistics
+ */
+diff --git a/ldap/servers/slapd/tools/ldclt/ldclt.h b/ldap/servers/slapd/tools/ldclt/ldclt.h
+index a48ab79..4f8f485 100644
+--- a/ldap/servers/slapd/tools/ldclt/ldclt.h
++++ b/ldap/servers/slapd/tools/ldclt/ldclt.h
+@@ -169,6 +169,9 @@ dd/mm/yy | Author | Comments
+ #ifndef LDCLT_H
+ #define LDCLT_H
+
++#if defined(USE_OPENLDAP)
++#define ABS(x) ((x > 0) ? (x) : (-x))
++#endif
+ /*
+ * Misc constant definitions
+ */
+@@ -183,7 +186,10 @@ dd/mm/yy | Author | Comments
+ #define DEF_PORT_CHECK 16000 /* Port used for check processing */
+ #define MAX_ATTRIBS 40 /* Max number of attributes */ /*JLS 28-03-01*/
+ #define MAX_DN_LENGTH 1024 /* Max length for a DN */
+-#define MAX_ERROR_NB 0x62 /* Max ldap err number + 1 */
++#define MAX_ERROR_NB 0x7b /* Max ldap err number + 1 */
++#if defined(USE_OPENLDAP)
++#define NEGATIVE_MAX_ERROR_NB (LDAP_X_CONNECTING - 1) /* Mininum ldap err number */
++#endif
+ #define MAX_IGN_ERRORS 20 /* Max errors ignored */
+ #define MAX_FILTER 512 /* Max filters length */
+ #define MAX_THREADS 1000 /* Max number of threads */ /*JLS 21-11-00*/
+@@ -504,6 +510,9 @@ typedef struct main_context {
+ char *certfile; /* certificate file */ /* BK 11-10-00 */
+ char *cltcertname; /* client cert name */ /* BK 23 11-00 */
+ data_list_file *dlf; /* Data list files */ /*JLS 23-03-01*/
++#if defined(USE_OPENLDAP)
++ int negativeErrors[ABS(NEGATIVE_MAX_ERROR_NB)]; /* Err stats */
++#endif
+ int errors[MAX_ERROR_NB]; /* Err stats */
+ int errorsBad; /* Bad errors */
+ ldclt_mutex_t errors_mutex; /* Protect errors */ /*JLS 28-11-00*/
+diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c
+index be41186..5d915fd 100644
+--- a/ldap/servers/slapd/tools/ldclt/threadMain.c
++++ b/ldap/servers/slapd/tools/ldclt/threadMain.c
+@@ -430,14 +430,26 @@ addErrorStat (
+ /*
+ * Update the counters
+ */
++#if defined(USE_OPENLDAP)
++ if ((err <= NEGATIVE_MAX_ERROR_NB) || (err >= MAX_ERROR_NB))
++#else
+ if ((err <= 0) || (err >= MAX_ERROR_NB))
++#endif
+ {
+ fprintf (stderr, "ldclt[%d]: Illegal error number %d\n", mctx.pid, err);
+ fflush (stderr);
+ mctx.errorsBad++;
+ }
++#if defined(USE_OPENLDAP)
++ else if (err < 0)
++ {
++ mctx.negativeErrors[abs(err)]++;
++ }
++#endif
+ else
++ {
+ mctx.errors[err]++;
++ }
+
+ /*
+ * Release the mutex
+@@ -460,26 +472,28 @@ addErrorStat (
+ * Ok, we should not ignore this error...
+ * Maybe the limit is reached ?
+ */
++#if defined(USE_OPENLDAP)
++ if ((err <= NEGATIVE_MAX_ERROR_NB) || (err >= MAX_ERROR_NB))
++#else
+ if ((err <= 0) || (err >= MAX_ERROR_NB))
+- {
+- if (mctx.errorsBad > mctx.maxErrors)
+- {
+- printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
+- (void) printGlobalStatistics(); /*JLS 25-08-00*/
+- fflush (stdout);
+- ldclt_sleep (5);
+- ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
++#endif
++ {
++ if (mctx.errorsBad > mctx.maxErrors) {
++ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
++ (void) printGlobalStatistics(); /*JLS 25-08-00*/
++ fflush (stdout);
++ ldclt_sleep (5);
++ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
+ }
+- }
+- else
+- if (mctx.errors[err] > mctx.maxErrors)
+- {
+- printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
+- (void) printGlobalStatistics(); /*JLS 25-08-00*/
+- fflush (stdout);
+- ldclt_sleep (5);
+- ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
++ } else {
++ if (mctx.errors[err] + mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
++ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
++ (void) printGlobalStatistics(); /*JLS 25-08-00*/
++ fflush (stdout);
++ ldclt_sleep (5);
++ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
+ }
++ }
+ }
+
+ /*
+--
+1.9.3
+
diff --git a/SOURCES/0011-Ticket-47838-harden-the-list-of-ciphers-available-by.patch b/SOURCES/0011-Ticket-47838-harden-the-list-of-ciphers-available-by.patch
deleted file mode 100644
index 865d197..0000000
--- a/SOURCES/0011-Ticket-47838-harden-the-list-of-ciphers-available-by.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From afffe2dde82708b7c4837d5823cbb624a143dd7d Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 25 Sep 2014 13:38:03 -0700
-Subject: [PATCH 11/14] Ticket #47838 - harden the list of ciphers available by
- default (phase 2)
-
-Description:
-1) By default (i.e., no explicit allowWeakCipher set in cn=encryption,cn=config),
- allowWeakCipher is on for user specified cipher list
- allowWeakCipher is off for "+all" and "default"
-2) Fixed enabled allowWeakCipher (explicitly set "on" to it) is
- applied to "+all" and "default".
-3) If an invalid value is set to allowWeakCipher, this message is
- logged in the error log and set it to the default value.
- SSL alert: The value of allowWeakCipher "poor" in cn=encryption,
- cn=config is invalid. Ignoring it and set it to default.
-
-https://fedorahosted.org/389/ticket/47838
-
-Reviewed by tbordaz@redhat.com (Thank you, Thierry!)
-
-(cherry picked from commit c6febe325a1b5a0e4f7e7e59bcc076c9e4a3b825)
-(cherry picked from commit 411ca8f1cc5aade2fbe7d9f91aff8c658f5e8248)
----
- ldap/servers/slapd/ssl.c | 60 +++++++++++++++++++++++++++++++++++-------------
- 1 file changed, 44 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index 4e38308..28ff475 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -120,18 +120,34 @@ static char * configDN = "cn=encryption,cn=config";
-
- /* ----------------------- Multiple cipher support ------------------------ */
- /* cipher set flags */
--#define CIPHER_SET_ALL 0x1
--#define CIPHER_SET_NONE 0x0
--#define CIPHER_SET_DEFAULT 0x2
--#define CIPHER_SET_CORE (CIPHER_SET_ALL|CIPHER_SET_DEFAULT|CIPHER_SET_NONE)
--#define CIPHER_SET_ALLOWWEAKCIPHER 0x10 /* can be or'ed with other CIPHER_SET flags */
-+#define CIPHER_SET_NONE 0x0
-+#define CIPHER_SET_ALL 0x1
-+#define CIPHER_SET_DEFAULT 0x2
-+#define CIPHER_SET_DEFAULTWEAKCIPHER 0x10 /* allowWeakCipher is not set in cn=encryption */
-+#define CIPHER_SET_ALLOWWEAKCIPHER 0x20 /* allowWeakCipher is on */
-+#define CIPHER_SET_DISALLOWWEAKCIPHER 0x40 /* allowWeakCipher is off */
-
- #define CIPHER_SET_ISDEFAULT(flag) \
-- ((((flag)&CIPHER_SET_CORE) == CIPHER_SET_DEFAULT) ? PR_TRUE : PR_FALSE)
-+ (((flag)&CIPHER_SET_DEFAULT) ? PR_TRUE : PR_FALSE)
- #define CIPHER_SET_ISALL(flag) \
-- ((((flag)&CIPHER_SET_CORE) == CIPHER_SET_ALL) ? PR_TRUE : PR_FALSE)
--#define CIPHER_SET_ALLOWSWEAKCIPHER(flag) \
-+ (((flag)&CIPHER_SET_ALL) ? PR_TRUE : PR_FALSE)
-+
-+#define ALLOWWEAK_ISDEFAULT(flag) \
-+ (((flag)&CIPHER_SET_DEFAULTWEAKCIPHER) ? PR_TRUE : PR_FALSE)
-+#define ALLOWWEAK_ISON(flag) \
- (((flag)&CIPHER_SET_ALLOWWEAKCIPHER) ? PR_TRUE : PR_FALSE)
-+#define ALLOWWEAK_ISOFF(flag) \
-+ (((flag)&CIPHER_SET_DISALLOWWEAKCIPHER) ? PR_TRUE : PR_FALSE)
-+/*
-+ * If ISALL or ISDEFAULT, allowWeakCipher is true only if CIPHER_SET_ALLOWWEAKCIPHER.
-+ * Otherwise (user specified cipher list), allowWeakCipher is true
-+ * if CIPHER_SET_ALLOWWEAKCIPHER or CIPHER_SET_DEFAULTWEAKCIPHER.
-+ */
-+#define CIPHER_SET_ALLOWSWEAKCIPHER(flag) \
-+ ((CIPHER_SET_ISDEFAULT(flag)|CIPHER_SET_ISALL(flag)) ? \
-+ (ALLOWWEAK_ISON(flag) ? PR_TRUE : PR_FALSE) : \
-+ (!ALLOWWEAK_ISOFF(flag) ? PR_TRUE : PR_FALSE))
-+
- #define CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flag) \
- ((flag)&~CIPHER_SET_ALLOWWEAKCIPHER)
-
-@@ -460,7 +476,7 @@ _conf_setciphers(char *ciphers, int flags)
- /* #47838: harden the list of ciphers available by default */
- /* Default is to activate all of them ==> none of them*/
- if (!ciphers || (ciphers[0] == '\0') || !PL_strcasecmp(ciphers, "default")) {
-- _conf_setallciphers((CIPHER_SET_DEFAULT|CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flags)), NULL, NULL);
-+ _conf_setallciphers((CIPHER_SET_DEFAULT|flags), NULL, NULL);
- slapd_SSL_warn("Security Initialization: Enabling default cipher set.");
- _conf_dumpciphers();
- return NULL;
-@@ -473,7 +489,7 @@ _conf_setciphers(char *ciphers, int flags)
- * set of ciphers in the table. Right now there is no support for this
- * from the console
- */
-- _conf_setallciphers(CIPHER_SET_ALL|CIPHER_SET_DISABLE_ALLOWSWEAKCIPHER(flags), &suplist, NULL);
-+ _conf_setallciphers((CIPHER_SET_ALL|flags), &suplist, NULL);
- enabledOne = PR_TRUE;
- } else {
- /* If "+all" is not in nsSSL3Ciphers value, disable all first,
-@@ -504,7 +520,7 @@ _conf_setciphers(char *ciphers, int flags)
- for (x = 0; _conf_ciphers[x].name; x++) {
- if (!PL_strcasecmp(ciphers, _conf_ciphers[x].name)) {
- if (_conf_ciphers[x].flags & CIPHER_IS_WEAK) {
-- if (CIPHER_SET_ALLOWSWEAKCIPHER(flags)) {
-+ if (active && CIPHER_SET_ALLOWSWEAKCIPHER(flags)) {
- slapd_SSL_warn("Cipher %s is weak. It is enabled since allowWeakCipher is \"on\" "
- "(default setting for the backward compatibility). "
- "We strongly recommend to set it to \"off\". "
-@@ -522,6 +538,9 @@ _conf_setciphers(char *ciphers, int flags)
- check fips. */
- enabled = cipher_check_fips(x, NULL, &unsuplist);
- }
-+ if (enabled) {
-+ enabledOne = PR_TRUE; /* At least one active cipher is set. */
-+ }
- SSL_CipherPrefSetDefault(_conf_ciphers[x].num, enabled);
- lookup = 0;
- break;
-@@ -539,7 +558,7 @@ _conf_setciphers(char *ciphers, int flags)
- if (!PL_strcasecmp(_lookup_cipher[i].name, _conf_ciphers[x].name)) {
- if (enabled) {
- if (_conf_ciphers[x].flags & CIPHER_IS_WEAK) {
-- if (CIPHER_SET_ALLOWSWEAKCIPHER(flags)) {
-+ if (active && CIPHER_SET_ALLOWSWEAKCIPHER(flags)) {
- slapd_SSL_warn("Cipher %s is weak. "
- "It is enabled since allowWeakCipher is \"on\" "
- "(default setting for the backward compatibility). "
-@@ -1065,7 +1084,7 @@ slapd_ssl_init()
- int rv = 0;
- PK11SlotInfo *slot;
- Slapi_Entry *entry = NULL;
-- int allowweakcipher = CIPHER_SET_ALLOWWEAKCIPHER;
-+ int allowweakcipher = CIPHER_SET_DEFAULTWEAKCIPHER;
-
- /* Get general information */
-
-@@ -1105,9 +1124,18 @@ slapd_ssl_init()
- }
-
- val = slapi_entry_attr_get_charptr(entry, "allowWeakCipher");
-- if (val && (!PL_strcasecmp(val, "off") || !PL_strcasecmp(val, "false") ||
-- !PL_strcmp(val, "0") || !PL_strcasecmp(val, "no"))) {
-- allowweakcipher = 0;
-+ if (val) {
-+ if (!PL_strcasecmp(val, "off") || !PL_strcasecmp(val, "false") ||
-+ !PL_strcmp(val, "0") || !PL_strcasecmp(val, "no")) {
-+ allowweakcipher = CIPHER_SET_DISALLOWWEAKCIPHER;
-+ } else if (!PL_strcasecmp(val, "on") || !PL_strcasecmp(val, "true") ||
-+ !PL_strcmp(val, "1") || !PL_strcasecmp(val, "yes")) {
-+ allowweakcipher = CIPHER_SET_ALLOWWEAKCIPHER;
-+ } else {
-+ slapd_SSL_warn("The value of allowWeakCipher \"%s\" in "
-+ "cn=encryption,cn=config is invalid. "
-+ "Ignoring it and set it to default.", val);
-+ }
- }
- slapi_ch_free((void **) &val);
-
---
-1.9.3
-
diff --git a/SOURCES/0012-Ticket-47838-CI-test-adjusted-test-cases-based-on-th.patch b/SOURCES/0012-Ticket-47838-CI-test-adjusted-test-cases-based-on-th.patch
deleted file mode 100644
index 63d9653..0000000
--- a/SOURCES/0012-Ticket-47838-CI-test-adjusted-test-cases-based-on-th.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-From d5d6836c9935fe4393e1d2b991271bf7ee53c609 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 24 Sep 2014 15:47:02 -0700
-Subject: [PATCH 12/14] Ticket 47838 - CI test: adjusted test cases based on
- the phase 2 fixes for ticket 47838
-
-https://fedorahosted.org/389/ticket/47838
-(cherry picked from commit c6c73e674ecf79fc7404758f90f4837f04bdbed0)
-(cherry picked from commit b5ce880cc7e6df5f2a1d4bd24de2ce107cf1a5fe)
----
- dirsrvtests/tickets/ticket47838_test.py | 68 ++++++++++++++++++++-------------
- 1 file changed, 41 insertions(+), 27 deletions(-)
-
-diff --git a/dirsrvtests/tickets/ticket47838_test.py b/dirsrvtests/tickets/ticket47838_test.py
-index 0e406f3..1575376 100644
---- a/dirsrvtests/tickets/ticket47838_test.py
-+++ b/dirsrvtests/tickets/ticket47838_test.py
-@@ -25,6 +25,8 @@ LDAPSPORT = '10636'
- SERVERCERT = 'Server-Cert'
- plus_all_ecount = 0
- plus_all_dcount = 0
-+plus_all_ecount_noweak = 0
-+plus_all_dcount_noweak = 0
-
- class TopologyStandalone(object):
- def __init__(self, standalone):
-@@ -220,7 +222,7 @@ def test_ticket47838_run_0(topology):
- All ciphers are enabled except null.
- Note: allowWeakCipher: on
- """
-- _header(topology, 'Test Case 1 - Check the ciphers availability for "+all"')
-+ _header(topology, 'Test Case 1 - Check the ciphers availability for "+all"; allowWeakCipher: on')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '64')])
-@@ -235,8 +237,8 @@ def test_ticket47838_run_0(topology):
-
- log.info("Enabled ciphers: %d" % ecount)
- log.info("Disabled ciphers: %d" % dcount)
-- assert ecount >= 31
-- assert dcount <= 36
-+ assert ecount >= 60
-+ assert dcount <= 7
- global plus_all_ecount
- global plus_all_dcount
- plus_all_ecount = ecount
-@@ -250,9 +252,9 @@ def test_ticket47838_run_1(topology):
- """
- Check nsSSL3Ciphers: +all
- All ciphers are enabled except null.
-- Note: allowWeakCipher: off for +all
-+ Note: default allowWeakCipher (i.e., off) for +all
- """
-- _header(topology, 'Test Case 2 - Check the ciphers availability for "+all" with not allowing WeakCiphers')
-+ _header(topology, 'Test Case 2 - Check the ciphers availability for "+all" with default allowWeakCiphers')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '64')])
-@@ -271,6 +273,11 @@ def test_ticket47838_run_1(topology):
- ecount = int(enabled.readline().rstrip())
- dcount = int(disabled.readline().rstrip())
-
-+ global plus_all_ecount_noweak
-+ global plus_all_dcount_noweak
-+ plus_all_ecount_noweak = ecount
-+ plus_all_dcount_noweak = dcount
-+
- log.info("Enabled ciphers: %d" % ecount)
- log.info("Disabled ciphers: %d" % dcount)
- assert ecount >= 31
-@@ -284,12 +291,11 @@ def test_ticket47838_run_2(topology):
- """
- Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha
- rsa_aes_128_sha, tls_rsa_aes_128_sha, rsa_aes_256_sha, tls_rsa_aes_256_sha are enabled.
-+ default allowWeakCipher
- """
-- _header(topology, 'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha"')
-+ _header(topology, 'Test Case 3 - Check the ciphers availability for "+rsa_aes_128_sha,+rsa_aes_256_sha" with default allowWeakCipher')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-- #topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+rsa_aes_128_sha,+rsa_aes_256_sha'),
-- # (ldap.MOD_REPLACE, 'allowWeakCipher', 'on')])
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+rsa_aes_128_sha,+rsa_aes_256_sha')])
-
- log.info("\n######################### Restarting the server ######################\n")
-@@ -314,6 +320,7 @@ def test_ticket47838_run_3(topology):
- """
- Check nsSSL3Ciphers: -all
- All ciphers are disabled.
-+ default allowWeakCipher
- """
- _header(topology, 'Test Case 4 - Check the ciphers availability for "-all"')
-
-@@ -327,23 +334,23 @@ def test_ticket47838_run_3(topology):
- topology.standalone.start(timeout=120)
-
- enabled = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | wc -l' % topology.standalone.errlog)
-- disabled = os.popen('egrep "SSL alert:" %s | egrep \": disabled\" | wc -l' % topology.standalone.errlog)
- ecount = int(enabled.readline().rstrip())
-- dcount = int(disabled.readline().rstrip())
-
- log.info("Enabled ciphers: %d" % ecount)
-- log.info("Disabled ciphers: %d" % dcount)
- global plus_all_ecount
-- global plus_all_dcount
- assert ecount == 0
-- assert dcount == (plus_all_ecount + plus_all_dcount)
-+
-+ disabledmsg = os.popen('egrep "Disabling SSL" %s' % topology.standalone.errlog)
-+ log.info("Disabling SSL message?: %s" % disabledmsg.readline())
-+ assert disabledmsg != ''
-
- def test_ticket47838_run_4(topology):
- """
- Check no nsSSL3Ciphers
- Default ciphers are enabled.
-+ default allowWeakCipher
- """
-- _header(topology, 'Test Case 5 - Check no nssSSL3Chiphers (default setting)')
-+ _header(topology, 'Test Case 5 - Check no nssSSL3Chiphers (default setting) with default allowWeakCipher')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', '-all')])
-@@ -374,8 +381,9 @@ def test_ticket47838_run_5(topology):
- """
- Check nsSSL3Ciphers: default
- Default ciphers are enabled.
-+ default allowWeakCipher
- """
-- _header(topology, 'Test Case 6 - Check default nssSSL3Chiphers (default setting)')
-+ _header(topology, 'Test Case 6 - Check default nssSSL3Chiphers (default setting) with default allowWeakCipher')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', 'default')])
-@@ -406,8 +414,9 @@ def test_ticket47838_run_6(topology):
- """
- Check nssSSL3Chiphers: +all,-rsa_rc4_128_md5
- All ciphers are disabled.
-+ default allowWeakCipher
- """
-- _header(topology, 'Test Case 7 - Check nssSSL3Chiphers: +all,-tls_dhe_rsa_aes_128_gcm_sha')
-+ _header(topology, 'Test Case 7 - Check nssSSL3Chiphers: +all,-tls_dhe_rsa_aes_128_gcm_sha with default allowWeakCipher')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-tls_dhe_rsa_aes_128_gcm_sha')])
-@@ -425,19 +434,20 @@ def test_ticket47838_run_6(topology):
-
- log.info("Enabled ciphers: %d" % ecount)
- log.info("Disabled ciphers: %d" % dcount)
-- global plus_all_ecount
-- global plus_all_dcount
-- log.info("ALL Ecount: %d" % plus_all_ecount)
-- log.info("ALL Dcount: %d" % plus_all_dcount)
-- assert ecount == (plus_all_ecount - 1)
-- assert dcount == (plus_all_dcount + 1)
-+ global plus_all_ecount_noweak
-+ global plus_all_dcount_noweak
-+ log.info("ALL Ecount: %d" % plus_all_ecount_noweak)
-+ log.info("ALL Dcount: %d" % plus_all_dcount_noweak)
-+ assert ecount == (plus_all_ecount_noweak - 1)
-+ assert dcount == (plus_all_dcount_noweak + 1)
-
- def test_ticket47838_run_7(topology):
- """
- Check nssSSL3Chiphers: -all,+rsa_rc4_128_md5
- All ciphers are disabled.
-+ default allowWeakCipher
- """
-- _header(topology, 'Test Case 8 - Check nssSSL3Chiphers: -all,+rsa_rc4_128_md5')
-+ _header(topology, 'Test Case 8 - Check nssSSL3Chiphers: -all,+rsa_rc4_128_md5 with default allowWeakCipher')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '-all,+rsa_rc4_128_md5')])
-@@ -497,8 +507,10 @@ def test_ticket47838_run_9(topology):
- """
- Check no nsSSL3Ciphers
- Default ciphers are enabled.
-+ allowWeakCipher: on
-+ nsslapd-errorlog-level: 0
- """
-- _header(topology, 'Test Case 10 - Check no nssSSL3Chiphers (default setting) with no errorlog-level')
-+ _header(topology, 'Test Case 10 - Check no nssSSL3Chiphers (default setting) with no errorlog-level & allowWeakCipher on')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', None),
-@@ -518,12 +530,12 @@ def test_ticket47838_run_9(topology):
-
- log.info("Enabled ciphers: %d" % ecount)
- log.info("Disabled ciphers: %d" % dcount)
-- assert ecount == 12
-+ assert ecount == 23
- assert dcount == 0
- weak = os.popen('egrep "SSL alert:" %s | egrep \": enabled\" | egrep "WEAK CIPHER" | wc -l' % topology.standalone.errlog)
- wcount = int(weak.readline().rstrip())
- log.info("Weak ciphers in the default setting: %d" % wcount)
-- assert wcount == 0
-+ assert wcount == 11
-
- def test_ticket47838_run_10(topology):
- """
-@@ -535,8 +547,10 @@ def test_ticket47838_run_10(topology):
- -SSL_CK_RC4_128_WITH_MD5,-SSL_CK_RC4_128_EXPORT40_WITH_MD5,
- -SSL_CK_RC2_128_CBC_WITH_MD5,-SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
- -SSL_CK_DES_64_CBC_WITH_MD5,-SSL_CK_DES_192_EDE3_CBC_WITH_MD5
-+ allowWeakCipher: on
-+ nsslapd-errorlog-level: 0
- """
-- _header(topology, 'Test Case 11 - Check nssSSL3Chiphers: long list using the NSS Cipher Suite name')
-+ _header(topology, 'Test Case 11 - Check nssSSL3Chiphers: long list using the NSS Cipher Suite name with allowWeakCipher on')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers',
---
-1.9.3
-
diff --git a/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch b/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
new file mode 100644
index 0000000..f850942
--- /dev/null
+++ b/SOURCES/0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
@@ -0,0 +1,184 @@
+From a8e885d2d69381adc483d1a506b9f1e739a507f5 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Wed, 8 Jul 2015 17:21:57 -0400
+Subject: [PATCH 12/20] Ticket 48013 - Inconsistent behaviour of DS when LDAP
+ Sync is used with an invalid cookie
+
+Bug Description: Some invalid cookies are treated as errors, while others are not.
+
+Fix Description: Perform the cookie parsing and validation in the same step. This
+ gives consistent results.
+
+https://fedorahosted.org/389/ticket/48013
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit fdf46817fcc3b334bd477316d253bc18f243c0f6)
+(cherry picked from commit 41dff5ba7a6368bfb2d8a2057dd5ba5b6a91d175)
+---
+ dirsrvtests/tickets/ticket48013_test.py | 134 +++++++++++++++++++++++++++++++
+ ldap/servers/plugins/sync/sync_refresh.c | 7 +-
+ 2 files changed, 138 insertions(+), 3 deletions(-)
+ create mode 100644 dirsrvtests/tickets/ticket48013_test.py
+
+diff --git a/dirsrvtests/tickets/ticket48013_test.py b/dirsrvtests/tickets/ticket48013_test.py
+new file mode 100644
+index 0000000..0ccdeba
+--- /dev/null
++++ b/dirsrvtests/tickets/ticket48013_test.py
+@@ -0,0 +1,134 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++import pyasn1
++import pyasn1_modules
++import ldap,ldapurl
++from ldap.ldapobject import SimpleLDAPObject
++from ldap.syncrepl import SyncreplConsumer
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++installation1_prefix = None
++
++
++class TopologyStandalone(object):
++ def __init__(self, standalone):
++ standalone.open()
++ self.standalone = standalone
++
++
++class SyncObject(SimpleLDAPObject, SyncreplConsumer):
++ def __init__(self, uri):
++ # Init the ldap connection
++ SimpleLDAPObject.__init__(self, uri)
++
++ def sync_search(self, test_cookie):
++ self.syncrepl_search('dc=example,dc=com', ldap.SCOPE_SUBTREE,
++ filterstr='(objectclass=*)', mode='refreshOnly',
++ cookie=test_cookie)
++
++ def poll(self):
++ self.syncrepl_poll(all=1)
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ global installation1_prefix
++ if installation1_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
++
++ # Creating standalone instance ...
++ standalone = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++ instance_standalone = standalone.exists()
++ if instance_standalone:
++ standalone.delete()
++ standalone.create()
++ standalone.open()
++
++ # Clear out the tmp dir
++ standalone.clearTmpDir(__file__)
++
++ return TopologyStandalone(standalone)
++
++
++def test_ticket48013(topology):
++ '''
++ Content Synchonization: Test that invalid cookies are caught
++ '''
++
++ cookies = ('#', '##', 'a#a#a', 'a#a#1')
++
++ # Enable dynamic plugins
++ try:
++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', 'on')])
++ except ldap.LDAPError as e:
++ ldap.error('Failed to enable dynamic plugin!' + e.message['desc'])
++ assert False
++
++ # Enable retro changelog
++ topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
++
++ # Enbale content sync plugin
++ topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC)
++
++ # Set everything up
++ ldap_url = ldapurl.LDAPUrl('ldap://localhost:31389')
++ ldap_connection = SyncObject(ldap_url.initializeUrl())
++
++ # Authenticate
++ try:
++ ldap_connection.simple_bind_s(DN_DM, PASSWORD)
++ except ldap.LDAPError as e:
++ print('Login to LDAP server failed: %s' % e.message['desc'])
++ assert False
++
++ # Test invalid cookies
++ for invalid_cookie in cookies:
++ log.info('Testing cookie: %s' % invalid_cookie)
++ try:
++ ldap_connection.sync_search(invalid_cookie)
++ ldap_connection.poll()
++ log.fatal('Invalid cookie accepted!')
++ assert False
++ except Exception as e:
++ log.info('Invalid cookie correctly rejected: %s' % e.message['info'])
++ pass
++
++ # Success
++ log.info('Test complete')
++
++
++def test_ticket48013_final(topology):
++ topology.standalone.delete()
++ log.info('Testcase PASSED')
++
++
++def run_isolated():
++ global installation1_prefix
++ installation1_prefix = None
++
++ topo = topology(True)
++ test_ticket48013(topo)
++ test_ticket48013_final(topo)
++
++
++if __name__ == '__main__':
++ run_isolated()
++
+diff --git a/ldap/servers/plugins/sync/sync_refresh.c b/ldap/servers/plugins/sync/sync_refresh.c
+index 1ae2604..beb87ab 100644
+--- a/ldap/servers/plugins/sync/sync_refresh.c
++++ b/ldap/servers/plugins/sync/sync_refresh.c
+@@ -113,9 +113,10 @@ int sync_srch_refresh_pre_search(Slapi_PBlock *pb)
+ * -- return e-syncRefreshRequired if the data referenced in the cookie are no
+ * longer in the history
+ */
+- if (cookie &&
+- ( client_cookie = sync_cookie_parse (cookie))) {
+- if (sync_cookie_isvalid(client_cookie, session_cookie)) {
++ if (cookie) {
++ if ((client_cookie = sync_cookie_parse (cookie)) &&
++ sync_cookie_isvalid(client_cookie, session_cookie))
++ {
+ rc = sync_refresh_update_content(pb, client_cookie, session_cookie);
+ if (rc == 0)
+ entries_sent = 1;
+--
+1.9.3
+
diff --git a/SOURCES/0013-Ticket-47880-provide-enabled-ciphers-as-search-resul.patch b/SOURCES/0013-Ticket-47880-provide-enabled-ciphers-as-search-resul.patch
deleted file mode 100644
index 4254032..0000000
--- a/SOURCES/0013-Ticket-47880-provide-enabled-ciphers-as-search-resul.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From 82cf90789bd34622e2ae7b4584ff75214d1dea47 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 25 Sep 2014 13:34:00 -0700
-Subject: [PATCH 13/14] Ticket #47880 - provide enabled ciphers as search
- result
-
-Description: Implemented getEnabledCiphers, with which
- ldapsearch -b "cn=encryption,cn=config" nsSSLEnabledCiphers
-returns enabled cipher list. Example of returned enabled cipher
- dn: cn=encryption,cn=config
- nsSSLEnabledCiphers: TLS_RSA_WITH_RC4_128_MD5::RC4::MD5::128
- nsSSLEnabledCiphers: SSL_CK_DES_192_EDE3_CBC_WITH_MD5::3DES::MD5::192
-
-https://fedorahosted.org/389/ticket/47880
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!)
-
-(cherry picked from commit c675243e018a89291760161998944c04ea04b12f)
-(cherry picked from commit 8de80533cbfdb22166f5595839307a6a6db5a636)
----
- ldap/servers/slapd/fedse.c | 14 +++++++++++++-
- ldap/servers/slapd/ssl.c | 42 +++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 54 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/fedse.c b/ldap/servers/slapd/fedse.c
-index 1ffa08d..1f455e5 100644
---- a/ldap/servers/slapd/fedse.c
-+++ b/ldap/servers/slapd/fedse.c
-@@ -76,6 +76,7 @@
- #endif /* _WIN32 */
-
- extern char ** getSupportedCiphers();
-+extern char ** getEnabledCiphers();
-
- /* Note: These DNs are no need to be normalized */
- static const char *internal_entries[] =
-@@ -1695,11 +1696,12 @@ search_encryption( Slapi_PBlock *pb, Slapi_Entry *entry, Slapi_Entry *entryAfter
- struct berval *vals[2];
- struct berval val;
- char ** cipherList = getSupportedCiphers(); /*Get the string array of supported ciphers here */
-+ char ** enabledCipherList = getEnabledCiphers(); /*Get the string array of enabled ciphers here */
- vals[0] = &val;
- vals[1] = NULL;
-
- attrlist_delete ( &entry->e_attrs, "nsSSLSupportedCiphers");
-- while (*cipherList) /* iterarate thru each of them and add to the attr value */
-+ while (cipherList && *cipherList) /* iterarate thru each of them and add to the attr value */
- {
- char *cipher = *cipherList;
- val.bv_val = (char* ) cipher;
-@@ -1708,6 +1710,16 @@ search_encryption( Slapi_PBlock *pb, Slapi_Entry *entry, Slapi_Entry *entryAfter
- cipherList++;
- }
-
-+ attrlist_delete ( &entry->e_attrs, "nsSSLEnabledCiphers");
-+ while (enabledCipherList && *enabledCipherList) /* iterarate thru each of them and add to the attr value */
-+ {
-+ char *cipher = *enabledCipherList;
-+ val.bv_val = (char* ) cipher;
-+ val.bv_len = strlen ( val.bv_val );
-+ attrlist_merge ( &entry->e_attrs, "nsSSLEnabledCiphers", vals);
-+ enabledCipherList++;
-+ }
-+
- return SLAPI_DSE_CALLBACK_OK;
- }
-
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index 28ff475..5f9916b 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -157,6 +157,7 @@ static char * configDN = "cn=encryption,cn=config";
- #define CIPHER_IS_WEAK 0x4
- #define CIPHER_IS_DEPRECATED 0x8
- static char **cipher_names = NULL;
-+static char **enabled_cipher_names = NULL;
- typedef struct {
- char *name;
- int num;
-@@ -265,7 +266,8 @@ slapd_SSL_warn(char *fmt, ...)
- va_end(args);
- }
-
--char ** getSupportedCiphers()
-+char **
-+getSupportedCiphers()
- {
- SSLCipherSuiteInfo info;
- char *sep = "::";
-@@ -294,6 +296,44 @@ char ** getSupportedCiphers()
- return cipher_names;
- }
-
-+char **
-+getEnabledCiphers()
-+{
-+ SSLCipherSuiteInfo info;
-+ char *sep = "::";
-+ int number_of_ciphers = 0;
-+ int x;
-+ int idx = 0;
-+ PRBool enabled;
-+
-+ /* We have to wait until the SSL initialization is done. */
-+ if (!slapd_ssl_listener_is_initialized()) {
-+ return NULL;
-+ }
-+ if ((enabled_cipher_names == NULL) && _conf_ciphers) {
-+ for (x = 0; _conf_ciphers[x].name; x++) {
-+ SSL_CipherPrefGetDefault(_conf_ciphers[x].num, &enabled);
-+ if (enabled) {
-+ number_of_ciphers++;
-+ }
-+ }
-+ enabled_cipher_names = (char **)slapi_ch_calloc((number_of_ciphers + 1), sizeof(char *));
-+ for (x = 0; _conf_ciphers[x].name; x++) {
-+ SSL_CipherPrefGetDefault(_conf_ciphers[x].num, &enabled);
-+ if (enabled) {
-+ SSL_GetCipherSuiteInfo((PRUint16)_conf_ciphers[x].num,&info,sizeof(info));
-+ enabled_cipher_names[idx++] = PR_smprintf("%s%s%s%s%s%s%d",
-+ _conf_ciphers[x].name,sep,
-+ info.symCipherName,sep,
-+ info.macAlgorithmName,sep,
-+ info.symKeyBits);
-+ }
-+ }
-+ }
-+
-+ return enabled_cipher_names;
-+}
-+
- static PRBool
- cipher_check_fips(int idx, char ***suplist, char ***unsuplist)
- {
---
-1.9.3
-
diff --git a/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch b/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
new file mode 100644
index 0000000..3fe4c40
--- /dev/null
+++ b/SOURCES/0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
@@ -0,0 +1,146 @@
+From cb54fa78fdd5e94f890c3fa1c03481358e3c82ce Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 9 Jul 2015 09:59:46 -0400
+Subject: [PATCH 13/20] Ticket 48217 - cleanAllRUV hangs shutdown if not all of
+ the replicas are online
+
+Bug Description: There are race conditions where we might not notify the
+ clean task when a shutdown is occuring. This casues the
+ task refcount to be not decremented, which hangs the
+ destructor function.
+
+Fix Description: Check that the server is not shutting down before going
+ to sleep, and notify the clean/abort tasks to stop in
+ the destructor functions(instead of in the mmr plugin stop
+ function).
+
+https://fedorahosted.org/389/ticket/48217
+
+Reviewed by: lkrispen(Thanks!)
+
+(cherry picked from commit d6269f2e6898a187d43e3368860b13cdbd39ec55)
+(cherry picked from commit 0bb881aea92d64e509cf7604e86559779e4f9b77)
+---
+ .../plugins/replication/repl5_replica_config.c | 49 ++++++++++++++--------
+ 1 file changed, 31 insertions(+), 18 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
+index faa86b8..446da3f 100644
+--- a/ldap/servers/plugins/replication/repl5_replica_config.c
++++ b/ldap/servers/plugins/replication/repl5_replica_config.c
+@@ -1738,7 +1738,9 @@ replica_cleanallruv_thread(void *arg)
+ }
+ if (data->task) {
+ slapi_task_inc_refcount(data->task);
+- slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, "replica_cleanallruv_thread --> refcount incremented.\n");
++ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name,
++ "replica_cleanallruv_thread --> refcount incremented (%d).\n",
++ data->task->task_refcount);
+ }
+ /*
+ * Initialize our settings
+@@ -1871,10 +1873,11 @@ replica_cleanallruv_thread(void *arg)
+ */
+ cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Not all replicas have received the "
+ "cleanallruv extended op, retrying in %d seconds",interval);
+- PR_Lock( notify_lock );
+- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
+- PR_Unlock( notify_lock );
+-
++ if(!slapi_is_shutting_down()){
++ PR_Lock( notify_lock );
++ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
++ PR_Unlock( notify_lock );
++ }
+ if(interval < 14400){ /* 4 hour max */
+ interval = interval * 2;
+ } else {
+@@ -1974,6 +1977,7 @@ done:
+ if(data->repl_obj && free_obj){
+ object_release(data->repl_obj);
+ }
++
+ csn_free(&data->maxcsn);
+ slapi_sdn_free(&data->sdn);
+ slapi_ch_free_string(&data->repl_root);
+@@ -1987,6 +1991,7 @@ replica_cleanall_ruv_destructor(Slapi_Task *task)
+ {
+ slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
+ "replica_cleanall_ruv_destructor -->\n" );
++ stop_ruv_cleaning();
+ if (task) {
+ while (slapi_task_get_refcount(task) > 0) {
+ /* Yield to wait for the fixup task finishes. */
+@@ -2002,6 +2007,7 @@ replica_cleanall_ruv_abort_destructor(Slapi_Task *task)
+ {
+ slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
+ "replica_cleanall_ruv_abort_destructor -->\n" );
++ stop_ruv_cleaning();
+ if (task) {
+ while (slapi_task_get_refcount(task) > 0) {
+ /* Yield to wait for the fixup task finishes. */
+@@ -2055,9 +2061,11 @@ check_replicas_are_done_cleaning(cleanruv_data *data )
+ break;
+ }
+ cleanruv_log(data->task, data->rid, CLEANALLRUV_ID, "Not all replicas finished cleaning, retrying in %d seconds",interval);
+- PR_Lock( notify_lock );
+- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
+- PR_Unlock( notify_lock );
++ if(!slapi_is_shutting_down()){
++ PR_Lock( notify_lock );
++ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
++ PR_Unlock( notify_lock );
++ }
+ if(interval < 14400){ /* 4 hour max */
+ interval = interval * 2;
+ } else {
+@@ -2158,9 +2166,11 @@ check_replicas_are_done_aborting(cleanruv_data *data )
+ break;
+ }
+ cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID, "Not all replicas finished aborting, retrying in %d seconds",interval);
+- PR_Lock( notify_lock );
+- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
+- PR_Unlock( notify_lock );
++ if(!slapi_is_shutting_down()){
++ PR_Lock( notify_lock );
++ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
++ PR_Unlock( notify_lock );
++ }
+ if(interval < 14400){ /* 4 hour max */
+ interval = interval * 2;
+ } else {
+@@ -2212,10 +2222,11 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn)
+ }
+ cleanruv_log(data->task, data->rid, CLEANALLRUV_ID,
+ "Not all replicas caught up, retrying in %d seconds",interval);
+- PR_Lock( notify_lock );
+- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
+- PR_Unlock( notify_lock );
+-
++ if(!slapi_is_shutting_down()){
++ PR_Lock( notify_lock );
++ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
++ PR_Unlock( notify_lock );
++ }
+ if(interval < 14400){ /* 4 hour max */
+ interval = interval * 2;
+ } else {
+@@ -2271,10 +2282,12 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task)
+ }
+ cleanruv_log(task, rid, CLEANALLRUV_ID, "Not all replicas online, retrying in %d seconds...",
+ interval);
+- PR_Lock( notify_lock );
+- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
+- PR_Unlock( notify_lock );
+
++ if(!slapi_is_shutting_down()){
++ PR_Lock( notify_lock );
++ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
++ PR_Unlock( notify_lock );
++ }
+ if(interval < 14400){ /* 4 hour max */
+ interval = interval * 2;
+ } else {
+--
+1.9.3
+
diff --git a/SOURCES/0014-Ticket-47880-CI-test-added-test-cases-for-ticket-478.patch b/SOURCES/0014-Ticket-47880-CI-test-added-test-cases-for-ticket-478.patch
deleted file mode 100644
index fbdd6b2..0000000
--- a/SOURCES/0014-Ticket-47880-CI-test-added-test-cases-for-ticket-478.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-From 85e5ebbddf2a9b39376b7bc3b1529d6f170b907e Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 25 Sep 2014 14:43:16 -0700
-Subject: [PATCH 14/14] Ticket 47880 - CI test: added test cases for ticket
- 47880
-
-Description: Ticket #47880 - provide enabled ciphers as search result
-
-https://fedorahosted.org/389/ticket/47880
-(cherry picked from commit ce7378990855abe1a5b52cd4fbe78ffc33365dcb)
-(cherry picked from commit b922e5d8387535a8bd71bbcea821ba08608d27c2)
----
- dirsrvtests/tickets/ticket47838_test.py | 46 ++++++++++++++++++++++++++++++++-
- 1 file changed, 45 insertions(+), 1 deletion(-)
-
-diff --git a/dirsrvtests/tickets/ticket47838_test.py b/dirsrvtests/tickets/ticket47838_test.py
-index 1575376..c98c36e 100644
---- a/dirsrvtests/tickets/ticket47838_test.py
-+++ b/dirsrvtests/tickets/ticket47838_test.py
-@@ -216,6 +216,24 @@ def test_ticket47838_init(topology):
- 'nsSSLToken': 'internal (software)',
- 'nsSSLActivation': 'on'})))
-
-+def comp_nsSSLEnableCipherCount(topology, ecount):
-+ """
-+ Check nsSSLEnabledCipher count with ecount
-+ """
-+ log.info("Checking nsSSLEnabledCiphers...")
-+ msgid = topology.standalone.search_ext(ENCRYPTION_DN, ldap.SCOPE_BASE, 'cn=*', ['nsSSLEnabledCiphers'])
-+ enabledciphercnt = 0
-+ rtype, rdata, rmsgid = topology.standalone.result2(msgid)
-+ topology.standalone.log.info("%d results" % len(rdata))
-+
-+ topology.standalone.log.info("Results:")
-+ for dn, attrs in rdata:
-+ topology.standalone.log.info("dn: %s" % dn)
-+ if attrs.has_key('nsSSLEnabledCiphers'):
-+ enabledciphercnt = len(attrs['nsSSLEnabledCiphers'])
-+ topology.standalone.log.info("enabledCipherCount: %d" % enabledciphercnt)
-+ assert ecount == enabledciphercnt
-+
- def test_ticket47838_run_0(topology):
- """
- Check nsSSL3Ciphers: +all
-@@ -248,6 +266,8 @@ def test_ticket47838_run_0(topology):
- log.info("Weak ciphers: %d" % wcount)
- assert wcount <= 29
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_1(topology):
- """
- Check nsSSL3Ciphers: +all
-@@ -287,6 +307,8 @@ def test_ticket47838_run_1(topology):
- log.info("Weak ciphers: %d" % wcount)
- assert wcount <= 29
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_2(topology):
- """
- Check nsSSL3Ciphers: +rsa_aes_128_sha,+rsa_aes_256_sha
-@@ -316,6 +338,8 @@ def test_ticket47838_run_2(topology):
- assert ecount == 2
- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_3(topology):
- """
- Check nsSSL3Ciphers: -all
-@@ -344,6 +368,8 @@ def test_ticket47838_run_3(topology):
- log.info("Disabling SSL message?: %s" % disabledmsg.readline())
- assert disabledmsg != ''
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_4(topology):
- """
- Check no nsSSL3Ciphers
-@@ -377,6 +403,8 @@ def test_ticket47838_run_4(topology):
- log.info("Weak ciphers in the default setting: %d" % wcount)
- assert wcount == 0
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_5(topology):
- """
- Check nsSSL3Ciphers: default
-@@ -410,6 +438,8 @@ def test_ticket47838_run_5(topology):
- log.info("Weak ciphers in the default setting: %d" % wcount)
- assert wcount == 0
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_6(topology):
- """
- Check nssSSL3Chiphers: +all,-rsa_rc4_128_md5
-@@ -441,6 +471,8 @@ def test_ticket47838_run_6(topology):
- assert ecount == (plus_all_ecount_noweak - 1)
- assert dcount == (plus_all_dcount_noweak + 1)
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_7(topology):
- """
- Check nssSSL3Chiphers: -all,+rsa_rc4_128_md5
-@@ -470,6 +502,8 @@ def test_ticket47838_run_7(topology):
- assert ecount == 1
- assert dcount == (plus_all_ecount + plus_all_dcount - ecount)
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_8(topology):
- """
- Check nsSSL3Ciphers: default + allowWeakCipher: off
-@@ -503,6 +537,8 @@ def test_ticket47838_run_8(topology):
- log.info("Weak ciphers in the default setting: %d" % wcount)
- assert wcount == 0
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_9(topology):
- """
- Check no nsSSL3Ciphers
-@@ -537,6 +573,8 @@ def test_ticket47838_run_9(topology):
- log.info("Weak ciphers in the default setting: %d" % wcount)
- assert wcount == 11
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_10(topology):
- """
- Check nssSSL3Chiphers: -TLS_RSA_WITH_NULL_MD5,+TLS_RSA_WITH_RC4_128_MD5,
-@@ -579,6 +617,8 @@ def test_ticket47838_run_10(topology):
-
- topology.standalone.log.info("ticket47838 was successfully verified.");
-
-+ comp_nsSSLEnableCipherCount(topology, ecount)
-+
- def test_ticket47838_run_11(topology):
- """
- Check nssSSL3Chiphers: +fortezza
-@@ -603,6 +643,8 @@ def test_ticket47838_run_11(topology):
- log.info("Expected error message was not found")
- assert False
-
-+ comp_nsSSLEnableCipherCount(topology, 0)
-+
- def test_ticket47838_run_last(topology):
- """
- Check nssSSL3Chiphers: all <== invalid value
-@@ -627,7 +669,9 @@ def test_ticket47838_run_last(topology):
- log.info("Expected error message was not found")
- assert False
-
-- topology.standalone.log.info("ticket47838 was successfully verified.");
-+ comp_nsSSLEnableCipherCount(topology, 0)
-+
-+ topology.standalone.log.info("ticket47838, 47880, 47908 were successfully verified.");
-
- def test_ticket47838_final(topology):
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
---
-1.9.3
-
diff --git a/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch b/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
new file mode 100644
index 0000000..f1e78fb
--- /dev/null
+++ b/SOURCES/0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
@@ -0,0 +1,70 @@
+From 4fe9f07d50f383e3765ba97294f8b641f7feefa3 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 9 Jul 2015 17:23:57 -0700
+Subject: [PATCH 14/20] Ticket #48216 - crash in ns-slapd when deleting
+ winSyncSubtreePair from sync agreement
+
+Description: In free_subtree_pairs, the condition for stopping the
+loop to clean up the AD and DS subtree dn was incomplete.
+
+This patch checks the AD and DS subtree dn and if any of the pair
+is NULL, it stops the clean up. Related to the issue, more checks
+for the validation of the winSyncSubtreePair is added so that any
+single valued cases are ignored with an error log.
+[single valued case examples]
+ winSyncSubtreePair: ou=People,dc=anytree
+ winSyncSubtreePair: ou=People,dc=anytree:
+ winSyncSubtreePair: :ou=People,dc=anytree
+
+https://fedorahosted.org/389/ticket/48216
+
+Reviewed by rmeggins@redht.com (Thank you, Rich!!)
+
+(cherry picked from commit 6dce81e77a47dc23e0b825952c97112039f45201)
+(cherry picked from commit 6d177bf359c022f1e46d575c6fe3ad3d97f1cfeb)
+---
+ ldap/servers/plugins/replication/windows_private.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c
+index 36015c2..f5cb44e 100644
+--- a/ldap/servers/plugins/replication/windows_private.c
++++ b/ldap/servers/plugins/replication/windows_private.c
+@@ -885,7 +885,7 @@ windows_private_get_subtreepairs(const Repl_Agmt *ra)
+ return dp->subtree_pairs;
+ }
+
+-/* parray is NOT passed in */
++/* parray is NOT passed in; caller frees it. */
+ void
+ windows_private_set_subtreepairs(const Repl_Agmt *ra, char **parray)
+ {
+@@ -930,6 +930,12 @@ create_subtree_pairs(char **pairs)
+ for (ptr = pairs; ptr && *ptr; ptr++) {
+ p0 = ldap_utf8strtok_r(*ptr, ":", &saveptr);
+ p1 = ldap_utf8strtok_r(NULL, ":", &saveptr);
++ if ((NULL == p0) || (NULL == p1)) {
++ LDAPDebug1Arg(LDAP_DEBUG_ANY,
++ "create_subtree_pairs: "
++ "Ignoring invalid subtree pairs \"%s\".\n", *ptr);
++ continue;
++ }
+ spp->DSsubtree = slapi_sdn_new_dn_byval(p0);
+ if (NULL == spp->DSsubtree) {
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+@@ -960,7 +966,11 @@ free_subtree_pairs(subtreePair **pairs)
+ if (NULL == pairs) {
+ return;
+ }
+- for (p = *pairs; p; p++) {
++ /*
++ * If exists, the subtree pair is both non-NULL or NULL.
++ * Both NULL is the condition to stop the loop.
++ */
++ for (p = *pairs; p && p->ADsubtree && p->DSsubtree; p++) {
+ slapi_sdn_free(&(p->ADsubtree));
+ slapi_sdn_free(&(p->DSsubtree));
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0015-Ticket-47892-coverity-defects-found-in-1.3.3.x.patch b/SOURCES/0015-Ticket-47892-coverity-defects-found-in-1.3.3.x.patch
deleted file mode 100644
index 0542296..0000000
--- a/SOURCES/0015-Ticket-47892-coverity-defects-found-in-1.3.3.x.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From dd3b06c0c6581bf0c2c3c3f347ab7a84c860a15b Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 1 Oct 2014 14:06:06 -0700
-Subject: [PATCH] Ticket #47892 - coverity defects found in 1.3.3.x
-
-Description: fixing compiler warnings reported by covscan on 1.3.3.4.
-https://fedorahosted.org/389/ticket/47892#comment:8
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit afc8b06f9e9cc045906d6d6fb64fe5d5f9d7c3d5)
-(cherry picked from commit 5353f9fd97518074b77698bf13d95325aeb667d9)
----
- ldap/servers/plugins/acl/acl.c | 10 +++++-----
- ldap/servers/plugins/acl/aclparse.c | 2 +-
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index f8b854c..fe863c8 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -2475,13 +2475,13 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int *
- int done;
-
-
-- if (aclpb->aclpb_access & SLAPI_ACL_ADD &&
-- aci->aci_type & ACI_TARGET_ATTR_ADD_FILTERS) {
-+ if ((aclpb->aclpb_access & SLAPI_ACL_ADD) &&
-+ (aci->aci_type & ACI_TARGET_ATTR_ADD_FILTERS)) {
-
- attrFilterArray = aci->targetAttrAddFilters;
-
-- } else if (aclpb->aclpb_access & SLAPI_ACL_DELETE &&
-- aci->aci_type & ACI_TARGET_ATTR_DEL_FILTERS) {
-+ } else if ((aclpb->aclpb_access & SLAPI_ACL_DELETE) &&
-+ (aci->aci_type & ACI_TARGET_ATTR_DEL_FILTERS)) {
-
- attrFilterArray = aci->targetAttrDelFilters;
-
-@@ -2490,7 +2490,7 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int *
- attr_matched = ACL_TRUE;
- num_attrs = 0;
-
-- while (attrFilterArray[num_attrs] && attr_matched) {
-+ while (attrFilterArray && attrFilterArray[num_attrs] && attr_matched) {
- attrFilter = attrFilterArray[num_attrs];
-
- /*
-diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c
-index ae4f2d5..ea64fa7 100644
---- a/ldap/servers/plugins/acl/aclparse.c
-+++ b/ldap/servers/plugins/acl/aclparse.c
-@@ -256,7 +256,7 @@ __aclp__parse_aci(char *str, aci_t *aci_item, char **errbuf)
- int targetattrfilterslen = strlen(aci_targetattrfilters);
- int target_to_len = strlen(aci_target_to);
- int target_from_len = strlen(aci_target_from);
-- PRBool is_target_to;
-+ PRBool is_target_to = PR_FALSE;
-
- __acl_strip_leading_space( &str );
-
---
-1.9.3
-
diff --git a/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch b/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
new file mode 100644
index 0000000..a2c2fe1
--- /dev/null
+++ b/SOURCES/0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
@@ -0,0 +1,103 @@
+From 8f298b2241bb1dc1342b3f7435806af0c22c9f69 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 13 Jul 2015 12:24:19 -0400
+Subject: [PATCH 15/20] Ticket 48119 - Silent install needs to properly exit
+ when INF file is missing
+
+Bug Description: If the INF file is not present, we don't log the error to the
+ setup log file. We also don't properly check for the suitespot
+ user, which also does not properly exit if the calling user is root.
+
+Fix Description: Properly exit if the INF file is missing, or the suitespot user
+ is not set(and we are running the script as root).
+
+https://fedorahosted.org/389/ticket/48119
+
+Reviewed by: rmeggins(Thanks!)
+
+(cherry picked from commit 5363898b122b1a7e7ad07fdc0ad074e91cd1510f)
+(cherry picked from commit eeddc9f03b6131f5c8ba715a0a05bb1280a4f9ef)
+---
+ ldap/admin/src/scripts/DSCreate.pm.in | 3 ++-
+ ldap/admin/src/scripts/Inf.pm | 8 ++++++--
+ ldap/admin/src/scripts/Setup.pm.in | 3 +++
+ ldap/admin/src/scripts/setup-ds.res.in | 1 +
+ 4 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
+index f44afbb..e4a4ed0 100644
+--- a/ldap/admin/src/scripts/DSCreate.pm.in
++++ b/ldap/admin/src/scripts/DSCreate.pm.in
+@@ -797,8 +797,9 @@ sub setDefaults {
+ if (!$inf->{General}->{SuiteSpotUserID}) {
+ if ($> != 0) { # if not root, use the user's uid
+ $inf->{General}->{SuiteSpotUserID} = getLogin;
++ } else {
++ return('error_missing_userid');
+ }
+- # otherwise, the uid must be specified
+ }
+
+ if (!$inf->{General}->{SuiteSpotGroup}) {
+diff --git a/ldap/admin/src/scripts/Inf.pm b/ldap/admin/src/scripts/Inf.pm
+index ec433e2..d4c55f1 100644
+--- a/ldap/admin/src/scripts/Inf.pm
++++ b/ldap/admin/src/scripts/Inf.pm
+@@ -31,7 +31,9 @@ sub new {
+ $self = bless $self, $type;
+
+ if ($self->{filename}) {
+- $self->read();
++ if($self->read() != 0){
++ undef $self;
++ }
+ }
+
+ return $self;
+@@ -61,7 +63,7 @@ sub read {
+ } else {
+ if (!open(INF, $filename)) {
+ debug(0, "Error: could not open inf file $filename: $!\n");
+- return;
++ return -1;
+ }
+ $inffh = \*INF;
+ }
+@@ -118,6 +120,8 @@ sub read {
+ if ($inffh ne \*STDIN) {
+ close $inffh;
+ }
++
++ return 0;
+ }
+
+ sub section {
+diff --git a/ldap/admin/src/scripts/Setup.pm.in b/ldap/admin/src/scripts/Setup.pm.in
+index cd49d95..99025ab 100644
+--- a/ldap/admin/src/scripts/Setup.pm.in
++++ b/ldap/admin/src/scripts/Setup.pm.in
+@@ -117,6 +117,9 @@ sub init {
+ # if user supplied inf file, use that to initialize
+ if (defined($inffile)) {
+ $self->{inf} = new Inf($inffile);
++ if(!$self->{inf}){
++ $self->doExit(1);
++ }
+ } else {
+ $self->{inf} = new Inf;
+ }
+diff --git a/ldap/admin/src/scripts/setup-ds.res.in b/ldap/admin/src/scripts/setup-ds.res.in
+index 011bf36..7134e25 100644
+--- a/ldap/admin/src/scripts/setup-ds.res.in
++++ b/ldap/admin/src/scripts/setup-ds.res.in
+@@ -118,6 +118,7 @@ error_enabling_feature = Could not enable the directory server feature '%s'. Er
+ error_importing_ldif = Could not import LDIF file '%s'. Error: %s. Output: %s\n
+ error_starting_server = Could not start the directory server using command '%s'. The last line from the error log was '%s'. Error: %s\n
+ error_stopping_server = Could not stop the directory server '%s'. Error: %s\n
++error_missing_userid = The SuiteSpotUserID is missing. This must be set to valid user\n
+ error_missing_port_and_ldapi = Either ServerPort or ldapifilepath must be specified. The server must listen to something.\n
+ error_missing_port = No ServerPort specified. The server must have a port number to listen to (default 389).\n
+ error_server_already_exists = Error: the server already exists at '%s'\
+--
+1.9.3
+
diff --git a/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch b/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
new file mode 100644
index 0000000..3d68e2b
--- /dev/null
+++ b/SOURCES/0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
@@ -0,0 +1,34 @@
+From e0ceac7c48a4cc616f1602d4cc3430a306740021 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 13 Jul 2015 13:12:12 -0400
+Subject: [PATCH 16/20] Ticket 47878 - Remove warning suppression in 1.3.4
+
+Description: Perl 5.16 does not support the warning suppression of
+ "smartmatch", but 5.18 does. RHEL 7 is currently only
+ using 5.16, so it needs to be removed from 1.3.4 for now.
+
+https://fedorahosted.org/389/ticket/47878
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit d8b7a3c93692eae229c74ef67f6f608f95eb2eef)
+---
+ ldap/admin/src/scripts/52updateAESplugin.pl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/admin/src/scripts/52updateAESplugin.pl b/ldap/admin/src/scripts/52updateAESplugin.pl
+index ae258b6..4225770 100644
+--- a/ldap/admin/src/scripts/52updateAESplugin.pl
++++ b/ldap/admin/src/scripts/52updateAESplugin.pl
+@@ -6,7 +6,7 @@ use File::Basename;
+ use File::Copy;
+ use DSUtil qw(debug serverIsRunning);
+
+-no warnings 'experimental::smartmatch';
++# no warnings 'experimental::smartmatch'; warning supression available in perl 5.18
+
+ #
+ # Check if there is a DES plugin and make sure the AES plugin contains the same attributes
+--
+1.9.3
+
diff --git a/SOURCES/0016-Ticket-47918-result-of-dna_dn_is_shared_config-is-in.patch b/SOURCES/0016-Ticket-47918-result-of-dna_dn_is_shared_config-is-in.patch
deleted file mode 100644
index 9e59d63..0000000
--- a/SOURCES/0016-Ticket-47918-result-of-dna_dn_is_shared_config-is-in.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 832fb9a26af053e989e59e5bae0aabbc7d2943a7 Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Mon, 6 Oct 2014 17:12:42 +0200
-Subject: [PATCH 16/21] Ticket 47918 - result of dna_dn_is_shared_config is
- incorrectly used
-
-Bug Description: dna_load_shared_servers() is called for all entries,
- except the config entries
-
-Fix Description: revert the logic of the result of dna_dn_is_shared_config()
-
-https://fedorahosted.org/389/ticket/47918
-
-Reviewed by: Mark, Thanks
-
-(cherry picked from commit 8d9679194c945a6e0b06f6527fba6b4548d4844d)
----
- ldap/servers/plugins/dna/dna.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
-index b42150a..bc280a4 100644
---- a/ldap/servers/plugins/dna/dna.c
-+++ b/ldap/servers/plugins/dna/dna.c
-@@ -4163,7 +4163,7 @@ static int dna_config_check_post_op(Slapi_PBlock * pb)
- if (dna_dn_is_config(dn)) {
- dna_load_plugin_config(pb, 0);
- }
-- if(dna_dn_is_shared_config(pb, dn) == 0){
-+ if(dna_dn_is_shared_config(pb, dn)){
- dna_load_shared_servers();
- }
- }
---
-1.9.3
-
diff --git a/SOURCES/0017-Ticket-47892-Fix-remaining-compiler-warnings.patch b/SOURCES/0017-Ticket-47892-Fix-remaining-compiler-warnings.patch
deleted file mode 100644
index 2e95b09..0000000
--- a/SOURCES/0017-Ticket-47892-Fix-remaining-compiler-warnings.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From f8bdd437a0ab09315bfcb980ea590d4463f15189 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 7 Oct 2014 15:38:34 -0400
-Subject: [PATCH 17/21] Ticket 47892 - Fix remaining compiler warnings
-
-Description: Fix the remaining compiler warnings from ds/lib/base/system.cpp
-
-https://fedorahosted.org/389/ticket/47892
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 5f3aaa2872d69c5900eaf52d7e9fc2f1bcea475e)
-(cherry picked from commit 0f29b5e920088ab4d32f5afdc7dcb076a88c5eae)
----
- lib/base/system.cpp | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/lib/base/system.cpp b/lib/base/system.cpp
-index 287d5a8..c4cbfd0 100644
---- a/lib/base/system.cpp
-+++ b/lib/base/system.cpp
-@@ -201,7 +201,7 @@ NSAPI_PUBLIC void *system_realloc_perm(void *ptr, int size)
- return ptr;
- }
- } else {
-- ereport(LOG_WARN, "realloc: attempt to realloc to smaller size");
-+ ereport(LOG_WARN, const_cast<char *>("realloc: attempt to realloc to smaller size"));
- return realloc(ptr, size);
- }
-
-@@ -228,20 +228,20 @@ NSAPI_PUBLIC void system_free_perm(void *ptr)
- cptr += sizeof(int);
- for (index=0; index<DEBUG_MARGIN; index++)
- if (cptr[index] != DEBUG_MARGIN_CHAR) {
-- ereport(LOG_CATASTROPHE, "free: corrupt memory (prebounds overwrite)");
-+ ereport(LOG_CATASTROPHE, const_cast<char *>("free: corrupt memory (prebounds overwrite)"));
- break;
- }
-
- cptr += DEBUG_MARGIN + *length;
- for (index=0; index<DEBUG_MARGIN; index++)
- if (cptr[index] != DEBUG_MARGIN_CHAR) {
-- ereport(LOG_CATASTROPHE, "free: corrupt memory (prebounds overwrite)");
-+ ereport(LOG_CATASTROPHE, const_cast<char *>("free: corrupt memory (prebounds overwrite)"));
- break;
- }
-
- memset(baseptr, DEBUG_FREE_CHAR, *length + 2*DEBUG_MARGIN+sizeof(int));
- } else {
-- ereport(LOG_CATASTROPHE, "free: freeing unallocated memory");
-+ ereport(LOG_CATASTROPHE, const_cast<char *>("free: freeing unallocated memory"));
- }
- free(baseptr);
- #else
---
-1.9.3
-
diff --git a/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch b/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
new file mode 100644
index 0000000..9a1049b
--- /dev/null
+++ b/SOURCES/0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
@@ -0,0 +1,77 @@
+From 8622b69a733a6126414876f11ab627211cb3bd06 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 13 Jul 2015 17:51:01 -0700
+Subject: [PATCH 17/20] Ticket #48223 - Winsync fails when AD users have
+ multiple spaces (two)inside the value of the rdn attribute
+
+Description: When the dirsync search returns a remote entry, winsync
+search the entry with DN to retrieve the whole attribute value pairs.
+The DN used for the search was normalized which replaced multiple white-
+spaces with one in the DN. This patch does not used the normalized DN,
+but the same DN given by AD.
+
+The DN normalization behaviour was introduced to fix a ticket #529 -
+dn normalization must handle multiple space characters in attributes.
+
+Added additional debugging to get the info which entry failed to sync.
+
+https://fedorahosted.org/389/ticket/48223
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit 2c484cc6e89e473bced0e9b25dd6e68d53024bb3)
+(cherry picked from commit 69fd1f188105b2c3ca1bee04b05909e53c980b34)
+---
+ ldap/servers/plugins/posix-winsync/posix-group-func.c | 2 +-
+ ldap/servers/plugins/replication/windows_protocol_util.c | 11 +++++++----
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
+index 5f841e5..a497f3f 100644
+--- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
++++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
+@@ -95,7 +95,7 @@ getEntry(const char *udn, char **attrs)
+ }
+ else {
+ slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
+- "getEntry: error searching for uid: %d\n", rc);
++ "getEntry: error searching for uid %s: %d\n", udn, rc);
+ }
+
+ return NULL;
+diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
+index 4607251..6bf20b7 100644
+--- a/ldap/servers/plugins/replication/windows_protocol_util.c
++++ b/ldap/servers/plugins/replication/windows_protocol_util.c
+@@ -3226,7 +3226,7 @@ windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,
+ const char *searchbase = NULL;
+ Slapi_Entry *found_entry = NULL;
+
+- searchbase = slapi_sdn_get_dn(remote_dn);
++ searchbase = slapi_sdn_get_udn(remote_dn);
+ cres = windows_search_entry_ext(prp->conn, (char*)searchbase, filter, &found_entry, NULL, LDAP_SCOPE_BASE);
+ if (cres)
+ {
+@@ -5886,13 +5886,16 @@ retry:
+ remote_entry = NULL;
+ } else
+ {
+- slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to fetch inbound entry.\n",agmt_get_long_name(prp->agmt));
++ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
++ "%s: windows_process_dirsync_entry: failed to fetch inbound entry %s.\n",
++ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
+ }
+ slapi_entry_free(local_entry);
+ if (rc) {
+ /* Something bad happened */
+- slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",agmt_get_long_name(prp->agmt),
+- slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
++ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
++ "%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",
++ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
+ }
+ } else
+ {
+--
+1.9.3
+
diff --git a/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch b/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
new file mode 100644
index 0000000..a147d49
--- /dev/null
+++ b/SOURCES/0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
@@ -0,0 +1,132 @@
+From 5f0aab1fccab4c191b2083aea88e28856caf1a4c Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 14 Jul 2015 10:09:00 -0400
+Subject: [PATCH 18/20] Ticket 47910 - logconv.pl - validate start and end time
+ args
+
+Description: Add validatation checks for the startTime/endTime configuration
+ arguments(-S, -E)
+
+https://fedorahosted.org/389/ticket/47910
+
+Reviewed by: rmeggins(Thanks!)
+
+(cherry picked from commit 8495afa57ad837e3a51871a4f6da2a9978c8e711)
+(cherry picked from commit 3bf1daaadd7e7c7b0f99d1f7a93d78598730269d)
+---
+ ldap/admin/src/logconv.pl | 65 +++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 49 insertions(+), 16 deletions(-)
+
+diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
+index ce4114e..7ca9084 100755
+--- a/ldap/admin/src/logconv.pl
++++ b/ldap/admin/src/logconv.pl
+@@ -24,6 +24,7 @@ use DB_File;
+ use sigtrap qw(die normal-signals);
+ use Archive::Tar;
+ use IO::Uncompress::AnyUncompress qw($AnyUncompressError);
++use Scalar::Util qw(looks_like_number);
+
+ Getopt::Long::Configure ("bundling");
+ Getopt::Long::Configure ("permute");
+@@ -341,18 +342,18 @@ $connmsg{"P2"} = "Poll";
+ $connmsg{"U1"} = "Cleanly Closed Connections";
+
+ my %monthname = (
+- "Jan" => 0,
+- "Feb" => 1,
+- "Mar" => 2,
+- "Apr" => 3,
+- "May" => 4,
+- "Jun" => 5,
+- "Jul" => 6,
+- "Aug" => 7,
+- "Sep" => 8,
+- "Oct" => 9,
+- "Nov" => 10,
+- "Dec" => 11,
++ "jan" => 0,
++ "feb" => 1,
++ "mar" => 2,
++ "apr" => 3,
++ "may" => 4,
++ "jun" => 5,
++ "jul" => 6,
++ "aug" => 7,
++ "sep" => 8,
++ "oct" => 9,
++ "nov" => 10,
++ "dec" => 11,
+
+ );
+
+@@ -411,11 +412,27 @@ sub convertTimeToSeconds {
+ my $logDate;
+ my @dateComps;
+ my ($timeMonth, $timeDay, $timeYear, $dateTotal);
++ $dateTotal = 0;
+ if ($log_line =~ / *([0-9A-Z\/]+)/i ){
+ $logDate = $1;
+ @dateComps = split /\//, $logDate;
+-
+- $timeMonth = 1 + $monthname{$dateComps[1]};
++ if ($#dateComps < 2) {
++ print "The date string ($log_line) is invalid, exiting...\n";
++ exit(1);
++ }
++ if (!looks_like_number($dateComps[0]) || length $dateComps[0] != 2) {
++ print "The date string ($log_line) has invalid day ($dateComps[0]), exiting...\n";
++ exit(1);
++ }
++ if ($monthname{lc $dateComps[1]} eq "") {
++ print "The date string ($log_line) has invalid month ($dateComps[1]), exiting...\n";
++ exit(1);
++ }
++ if (!looks_like_number($dateComps[2]) || length $dateComps[2] != 4 ) {
++ print "The date string ($log_line) has invalid year ($dateComps[2]), exiting...\n";
++ exit(1);
++ }
++ $timeMonth = 1 + $monthname{lc $dateComps[1]};
+ $timeMonth = $timeMonth * 3600 * 24 * 30;
+ $timeDay= $dateComps[0] * 3600 * 24;
+ $timeYear = $dateComps[2] * 365 * 3600 * 24;
+@@ -425,10 +442,26 @@ sub convertTimeToSeconds {
+ my $logTime;
+ my @timeComps;
+ my ($timeHour, $timeMinute, $timeSecond, $timeTotal);
++ $timeTotal = 0;
+ if ($log_line =~ / *(:[0-9:]+)/i ){
+ $logTime = $1;
+ @timeComps = split /:/, $logTime;
+-
++ if ($#timeComps < 3) {
++ print "The time string ($log_line) is invalid, exiting...\n";
++ exit(1);
++ }
++ if (!looks_like_number($timeComps[1]) || length $timeComps[1] != 2){
++ print "The time string ($log_line) has invalid hour ($timeComps[1]), exiting...\n";
++ exit(1);
++ }
++ if (!looks_like_number($timeComps[2]) || length $timeComps[2] != 2){
++ print "The time string ($log_line) has invalid minute ($timeComps[2]), exiting...\n";
++ exit(1);
++ }
++ if (!looks_like_number($timeComps[3]) || length $timeComps[3] != 2){
++ print "The time string ($log_line) has invalid second ($timeComps[3]), exiting...\n";
++ exit(1);
++ }
+ $timeHour = $timeComps[1] * 3600;
+ $timeMinute = $timeComps[2] * 60;
+ $timeSecond = $timeComps[3];
+@@ -1796,7 +1829,7 @@ sub parseLineNormal
+ }
+ my ($date, $hr, $min, $sec) = split (':', $time);
+ my ($day, $mon, $yr) = split ('/', $date);
+- my $newmin = timegm(0, $min, $hr, $day, $monthname{$mon}, $yr) - $tzoff;
++ my $newmin = timegm(0, $min, $hr, $day, $monthname{lc $mon}, $yr) - $tzoff;
+ $gmtime = $newmin + $sec;
+ print_stats_block( $s_stats );
+ reset_stats_block( $s_stats, $gmtime, $time.' '.$tzone );
+--
+1.9.3
+
diff --git a/SOURCES/0018-Ticket-47919-ldbm_back_modify-SLAPI_PLUGIN_BE_PRE_MO.patch b/SOURCES/0018-Ticket-47919-ldbm_back_modify-SLAPI_PLUGIN_BE_PRE_MO.patch
deleted file mode 100644
index a56c01d..0000000
--- a/SOURCES/0018-Ticket-47919-ldbm_back_modify-SLAPI_PLUGIN_BE_PRE_MO.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 6e09835b2b5b221f285f1bd6d61978d0a77843bd Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 7 Oct 2014 12:12:28 -0700
-Subject: [PATCH 18/21] Ticket #47919 - ldbm_back_modify
- SLAPI_PLUGIN_BE_PRE_MODIFY_FN does not return even if one of the preop
- plugins fails.
-
-Bug Description: In ldbm_back_modify, if one of the be_preop plugins
-called at SLAPI_PLUGIN_BE_PRE_MODIFY_FN fail, ldbm_back_modify does
-not return there but go to the real modify operation.
-
-Fix Description: If an error is returned from be_preop plugins in
-ldbm_back_modify, it returns the error there and does not proceed
-the modify operation.
-
-https://fedorahosted.org/389/ticket/47919
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit cb173814ec579fafbfef515738c16a986a9749cd)
-(cherry picked from commit 17294432e95bdb30c6816cefa7be5035df818a43)
----
- ldap/servers/slapd/back-ldbm/ldbm_modify.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-index 529bd32..d15b050 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-@@ -641,11 +641,11 @@ ldbm_back_modify( Slapi_PBlock *pb )
- if (SLAPI_PLUGIN_NOOP == opreturn) {
- not_an_error = 1;
- rc = opreturn = LDAP_SUCCESS;
-- goto error_return;
- } else if (!opreturn) {
-- opreturn = -1;
-+ opreturn = SLAPI_PLUGIN_FAILURE;
- slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, &opreturn);
- }
-+ goto error_return;
- }
- /* The Plugin may have messed about with some of the PBlock parameters... ie. mods */
- slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
---
-1.9.3
-
diff --git a/SOURCES/0019-Ticket-47920-Encoding-of-SearchResultEntry-is-missin.patch b/SOURCES/0019-Ticket-47920-Encoding-of-SearchResultEntry-is-missin.patch
deleted file mode 100644
index 94eb5ff..0000000
--- a/SOURCES/0019-Ticket-47920-Encoding-of-SearchResultEntry-is-missin.patch
+++ /dev/null
@@ -1,308 +0,0 @@
-From 5d034162124f8d92c4ad3ea205b0e60be81c5c4f Mon Sep 17 00:00:00 2001
-From: "Thierry bordaz (tbordaz)" <tbordaz@redhat.com>
-Date: Thu, 9 Oct 2014 14:31:11 +0200
-Subject: [PATCH 19/21] Ticket 47920: Encoding of SearchResultEntry is missing
- tag
-
-Bug Description:
- The encoding of the PreReadControl,PostReadControl does not
- contain the tag (LDAP_RES_SEARCH_ENTRY = constructed+application).
-
- The server should return SearchResultEntry (http://tools.ietf.org/html/rfc4527 3.1 & 3.2)
- That is
- SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
- objectName LDAPDN,
- attributes PartialAttributeList }
-Fix Description:
- Add the tag to the ber encoding
-
-https://fedorahosted.org/389/ticket/47920
-
-Reviewed by: Noriko (thanks !)
-
-Platforms tested: F17
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 90939dc9c965ea1cb88b88eec0cb735ab97ae551)
----
- dirsrvtests/tickets/ticket47920_test.py | 251 ++++++++++++++++++++++++++++++++
- ldap/servers/slapd/result.c | 2 +-
- 2 files changed, 252 insertions(+), 1 deletion(-)
- create mode 100644 dirsrvtests/tickets/ticket47920_test.py
-
-diff --git a/dirsrvtests/tickets/ticket47920_test.py b/dirsrvtests/tickets/ticket47920_test.py
-new file mode 100644
-index 0000000..1e04626
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket47920_test.py
-@@ -0,0 +1,251 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import socket
-+import time
-+import logging
-+import pytest
-+import re
-+from lib389 import DirSrv, Entry, tools
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from constants import *
-+from ldap.controls.readentry import PreReadControl,PostReadControl
-+
-+
-+SCOPE_IN_CN = 'in'
-+SCOPE_OUT_CN = 'out'
-+SCOPE_IN_DN = 'cn=%s,%s' % (SCOPE_IN_CN, SUFFIX)
-+SCOPE_OUT_DN = 'cn=%s,%s' % (SCOPE_OUT_CN, SUFFIX)
-+
-+PROVISIONING_CN = "provisioning"
-+PROVISIONING_DN = "cn=%s,%s" % (PROVISIONING_CN, SCOPE_IN_DN)
-+
-+
-+
-+
-+ACTIVE_CN = "accounts"
-+STAGE_CN = "staged users"
-+DELETE_CN = "deleted users"
-+ACTIVE_DN = "cn=%s,%s" % (ACTIVE_CN, SCOPE_IN_DN)
-+STAGE_DN = "cn=%s,%s" % (STAGE_CN, PROVISIONING_DN)
-+DELETE_DN = "cn=%s,%s" % (DELETE_CN, PROVISIONING_DN)
-+
-+STAGE_USER_CN = "stage guy"
-+STAGE_USER_DN = "cn=%s,%s" % (STAGE_USER_CN, STAGE_DN)
-+
-+ACTIVE_USER_CN = "active guy"
-+ACTIVE_USER_DN = "cn=%s,%s" % (ACTIVE_USER_CN, ACTIVE_DN)
-+
-+OUT_USER_CN = "out guy"
-+OUT_USER_DN = "cn=%s,%s" % (OUT_USER_CN, SCOPE_OUT_DN)
-+
-+STAGE_GROUP_CN = "stage group"
-+STAGE_GROUP_DN = "cn=%s,%s" % (STAGE_GROUP_CN, STAGE_DN)
-+
-+ACTIVE_GROUP_CN = "active group"
-+ACTIVE_GROUP_DN = "cn=%s,%s" % (ACTIVE_GROUP_CN, ACTIVE_DN)
-+
-+OUT_GROUP_CN = "out group"
-+OUT_GROUP_DN = "cn=%s,%s" % (OUT_GROUP_CN, SCOPE_OUT_DN)
-+
-+INDIRECT_ACTIVE_GROUP_CN = "indirect active group"
-+INDIRECT_ACTIVE_GROUP_DN = "cn=%s,%s" % (INDIRECT_ACTIVE_GROUP_CN, ACTIVE_DN)
-+
-+INITIAL_DESC="inital description"
-+FINAL_DESC ="final description"
-+
-+
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to standalone topology for the 'module'.
-+ At the beginning, It may exists a standalone instance.
-+ It may also exists a backup for the standalone instance.
-+
-+ Principle:
-+ If standalone instance exists:
-+ restart it
-+ If backup of standalone exists:
-+ create/rebind to standalone
-+
-+ restore standalone instance from backup
-+ else:
-+ Cleanup everything
-+ remove instance
-+ remove backup
-+ Create instance
-+ Create backup
-+ '''
-+ global installation_prefix
-+
-+ if installation_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ standalone = DirSrv(verbose=False)
-+
-+ # Args for the standalone instance
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+
-+ # Get the status of the backups
-+ backup_standalone = standalone.checkBackupFS()
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ # assuming the instance is already stopped, just wait 5 sec max
-+ standalone.stop(timeout=5)
-+ standalone.start(timeout=10)
-+
-+ if backup_standalone:
-+ # The backup exist, assuming it is correct
-+ # we just re-init the instance with it
-+ if not instance_standalone:
-+ standalone.create()
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # restore standalone instance from backup
-+ standalone.stop(timeout=10)
-+ standalone.restoreFS(backup_standalone)
-+ standalone.start(timeout=10)
-+
-+ else:
-+ # We should be here only in two conditions
-+ # - This is the first time a test involve standalone instance
-+ # - Something weird happened (instance/backup destroyed)
-+ # so we discard everything and recreate all
-+
-+ # Remove the backup. So even if we have a specific backup file
-+ # (e.g backup_standalone) we clear backup that an instance may have created
-+ if backup_standalone:
-+ standalone.clearBackupFS()
-+
-+ # Remove the instance
-+ if instance_standalone:
-+ standalone.delete()
-+
-+ # Create the instance
-+ standalone.create()
-+
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # Time to create the backups
-+ standalone.stop(timeout=10)
-+ standalone.backupfile = standalone.backupFS()
-+ standalone.start(timeout=10)
-+
-+ # clear the tmp directory
-+ standalone.clearTmpDir(__file__)
-+
-+ #
-+ # Here we have standalone instance up and running
-+ # Either coming from a backup recovery
-+ # or from a fresh (re)init
-+ # Time to return the topology
-+ return TopologyStandalone(standalone)
-+
-+def _header(topology, label):
-+ topology.standalone.log.info("\n\n###############################################")
-+ topology.standalone.log.info("#######")
-+ topology.standalone.log.info("####### %s" % label)
-+ topology.standalone.log.info("#######")
-+ topology.standalone.log.info("###############################################")
-+
-+def _add_user(topology, type='active'):
-+ if type == 'active':
-+ topology.standalone.add_s(Entry((ACTIVE_USER_DN, {
-+ 'objectclass': "top person inetuser".split(),
-+ 'sn': ACTIVE_USER_CN,
-+ 'cn': ACTIVE_USER_CN,
-+ 'description': INITIAL_DESC})))
-+ elif type == 'stage':
-+ topology.standalone.add_s(Entry((STAGE_USER_DN, {
-+ 'objectclass': "top person inetuser".split(),
-+ 'sn': STAGE_USER_CN,
-+ 'cn': STAGE_USER_CN})))
-+ else:
-+ topology.standalone.add_s(Entry((OUT_USER_DN, {
-+ 'objectclass': "top person inetuser".split(),
-+ 'sn': OUT_USER_CN,
-+ 'cn': OUT_USER_CN})))
-+
-+def test_ticket47920_init(topology):
-+ topology.standalone.add_s(Entry((SCOPE_IN_DN, {
-+ 'objectclass': "top nscontainer".split(),
-+ 'cn': SCOPE_IN_DN})))
-+ topology.standalone.add_s(Entry((ACTIVE_DN, {
-+ 'objectclass': "top nscontainer".split(),
-+ 'cn': ACTIVE_CN})))
-+
-+ # add users
-+ _add_user(topology, 'active')
-+
-+
-+def test_ticket47920_mod_readentry_ctrl(topology):
-+ _header(topology, 'MOD: with a readentry control')
-+
-+ topology.standalone.log.info("Check the initial value of the entry")
-+ ent = topology.standalone.getEntry(ACTIVE_USER_DN, ldap.SCOPE_BASE, "(objectclass=*)", ['description'])
-+ assert ent.hasAttr('description')
-+ assert ent.getValue('description') == INITIAL_DESC
-+
-+ pr = PostReadControl(criticality=True,attrList=['cn', 'description'])
-+ _,_,_,resp_ctrls = topology.standalone.modify_ext_s(ACTIVE_USER_DN, [(ldap.MOD_REPLACE, 'description', [FINAL_DESC])], serverctrls= [pr])
-+
-+ assert resp_ctrls[0].dn == ACTIVE_USER_DN
-+ assert resp_ctrls[0].entry.has_key('description')
-+ assert resp_ctrls[0].entry.has_key('cn')
-+ print resp_ctrls[0].entry['description']
-+
-+ ent = topology.standalone.getEntry(ACTIVE_USER_DN, ldap.SCOPE_BASE, "(objectclass=*)", ['description'])
-+ assert ent.hasAttr('description')
-+ assert ent.getValue('description') == FINAL_DESC
-+
-+def test_ticket47920_final(topology):
-+ topology.standalone.stop(timeout=10)
-+
-+
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ topo = topology(True)
-+ test_ticket47920_init(topo)
-+
-+ test_ticket47920_mod_readentry_ctrl(topo)
-+
-+ test_ticket47920_final(topo)
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
-diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
-index fa1788c..92573d5 100644
---- a/ldap/servers/slapd/result.c
-+++ b/ldap/servers/slapd/result.c
-@@ -2176,7 +2176,7 @@ encode_read_entry (Slapi_PBlock *pb, Slapi_Entry *e, char **attrs, int alluserat
- }
-
- /* Start the ber encoding with the DN */
-- rc = ber_printf( ber, "{s{", slapi_entry_get_dn_const(e) );
-+ rc = ber_printf( ber, "t{s{", LDAP_RES_SEARCH_ENTRY, slapi_entry_get_dn_const(e) );
- if ( rc == -1 ) {
- rc = -1;
- goto cleanup;
---
-1.9.3
-
diff --git a/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch b/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
new file mode 100644
index 0000000..7771109
--- /dev/null
+++ b/SOURCES/0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
@@ -0,0 +1,89 @@
+From 5d2f818d33801b1ae6c7d3c19ab67e52a4944251 Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins@redhat.com>
+Date: Mon, 13 Jul 2015 18:27:50 -0600
+Subject: [PATCH 19/20] Ticket #48224 - logconv.pl should handle *.tar.xz,
+ *.txz, *.xz log files
+
+https://fedorahosted.org/389/ticket/48224
+Reviewed by: ???
+Branch: 389-ds-base-1.3.4
+Fix Description: There is no xz support by default, the perl module
+IO::Uncompress::UnXz is required for that. Also, Tar::Archive can't
+handle xz files by default, so they have to be uncompressed first.
+This will also need a spec file change:
+Requires: perl-IO-Compress
+Requires: perl-IO-Compress-Lzma
+Platforms tested: Fedora 21
+Flag Day: no
+Doc impact: no
+
+(cherry picked from commit d1b0acd12faa620774c66044f91e509ae175e4a1)
+(cherry picked from commit 4f3b802fac46adfa8fd5cf49443b875f136fb19c)
+---
+ ldap/admin/src/logconv.pl | 20 +++++++++++++++++++-
+ rpm/389-ds-base.spec.in | 3 +++
+ 2 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
+index 7ca9084..a6bd6c2 100755
+--- a/ldap/admin/src/logconv.pl
++++ b/ldap/admin/src/logconv.pl
+@@ -398,14 +398,26 @@ my $totalLineCount = 0;
+
+ sub isTarArchive {
+ local $_ = shift;
++ if (/\.txz$/ || /\.tar.xz$/) {
++ use IO::Uncompress::UnXz;
++ }
+ return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/;
+ }
+
+ sub isCompressed {
+ local $_ = shift;
++ if (/\.xz$/) {
++ use IO::Uncompress::UnXz;
++ }
+ return /\.gz$/ || /\.bz2$/ || /\.xz$/;
+ }
+
++# Tar::Archive can't grok xz, so have to uncompress first
++sub tarNeedsUncompress {
++ local $_ = shift;
++ return /\.tar.xz$/ || /\.txz$/;
++}
++
+ sub convertTimeToSeconds {
+ my $log_line = shift;
+
+@@ -503,7 +515,13 @@ for (my $count=0; $count < $file_count; $count++){
+ my $comp = 0;
+ if (isTarArchive($logname)) {
+ $tar = Archive::Tar->new();
+- $tariter = Archive::Tar->iter($logname);
++ if (tarNeedsUncompress($logname)) {
++ my $TARFH = new IO::Uncompress::AnyUncompress $logname or
++ do { openFailed($AnyUncompressError, $logname); next };
++ $tariter = Archive::Tar->iter($TARFH);
++ } else {
++ $tariter = Archive::Tar->iter($logname);
++ }
+ if (!$tariter) {
+ print "$logname is not a valid tar archive, or compression is unrecognized: $!\n";
+ next;
+diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
+index d0bbb7a..3405ccd 100644
+--- a/rpm/389-ds-base.spec.in
++++ b/rpm/389-ds-base.spec.in
+@@ -116,6 +116,9 @@ Requires: perl-Socket6
+ Requires: perl-Socket
+ %endif
+ Requires: perl-NetAddr-IP
++# for logconv compressed file support
++Requires: perl-IO-Compress
++Requires: perl-IO-Compress-Lzma
+
+ Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
+ # 389-ds-git.sh should be used to generate the source tarball from git
+--
+1.9.3
+
diff --git a/SOURCES/0020-Ticket-47897-Need-to-move-slapi_pblock_set-pb-SLAPI_.patch b/SOURCES/0020-Ticket-47897-Need-to-move-slapi_pblock_set-pb-SLAPI_.patch
deleted file mode 100644
index e090b64..0000000
--- a/SOURCES/0020-Ticket-47897-Need-to-move-slapi_pblock_set-pb-SLAPI_.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From afe5e1ac7306fd5024dcb6550dce3b0c722cbe31 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 8 Oct 2014 10:38:02 -0700
-Subject: [PATCH 20/21] Ticket #47897 - Need to move slapi_pblock_set(pb,
- SLAPI_MODRDN_EXISTING_ENTRY, original_entry->ep_entry) prior to
- original_entry overwritten
-
-Bug Description: In the DEADLOCK retry code in ldbm_back_modrdn,
-SLAPI_MODRDN_EXISTING_ENTRY in pblock is reset with the new entry
-to be renamed. The location of the setting entry was inappropriate,
-thus instead of the entry, but its backup is set in pblock.
-
-Fix Description: Moving the slapi_pblock_set(SLAPI_MODRDN_EXISTING_
-ENTRY) to the correct position.
-
-Plus, in the DEADLOCK retry code, original_entry is duplicated and
-used for the next loop. The source of the duplication has to be
-the clean entry before updated in the backend code, but in ldbm_add,
-ldbm_modify, and ldbm_modrdn, the current entry was duplicated and
-set to the original entry, which could have been updated in the
-previous loop. This patch fixes it, as well.
-
-https://fedorahosted.org/389/ticket/47897
-
-Reviewed by tbordaz@redhat.com (Thank you, Theirry!!)
-
-(cherry picked from commit 2aabb017bd4eec6d30bf00486eb027f59129cf74)
-(cherry picked from commit 2393a48021944230f5ebcf5363c0095b1c4679ab)
----
- ldap/servers/slapd/back-ldbm/ldbm_add.c | 2 +-
- ldap/servers/slapd/back-ldbm/ldbm_modify.c | 2 +-
- ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 4 ++--
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
-index b74154a..75cb0dc 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
-@@ -225,7 +225,7 @@ ldbm_back_add( Slapi_PBlock *pb )
- slapi_pblock_set(pb, SLAPI_TXN, parent_txn);
- /* must duplicate addingentry before returning it to cache,
- * which could free the entry. */
-- if ( (tmpentry = backentry_dup( addingentry )) == NULL ) {
-+ if ((tmpentry = backentry_dup(originalentry?originalentry:addingentry)) == NULL) {
- ldap_result_code= LDAP_OPERATIONS_ERROR;
- goto error_return;
- }
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-index d15b050..b9f754d 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
-@@ -521,7 +521,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
- if (ec) {
- /* must duplicate ec before returning it to cache,
- * which could free the entry. */
-- if ( (tmpentry = backentry_dup( ec )) == NULL ) {
-+ if ((tmpentry = backentry_dup(original_entry?original_entry:ec)) == NULL) {
- ldap_result_code= LDAP_OPERATIONS_ERROR;
- goto error_return;
- }
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
-index 7bcbcee..6a4982c 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
-@@ -275,7 +275,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
- orig_dn_newsuperiordn = slapi_sdn_dup(orig_dn_newsuperiordn);
- /* must duplicate ec before returning it to cache,
- * which could free the entry. */
-- if ( (tmpentry = backentry_dup( ec )) == NULL ) {
-+ if ((tmpentry = backentry_dup(original_entry?original_entry:ec)) == NULL) {
- ldap_result_code= LDAP_OPERATIONS_ERROR;
- goto error_return;
- }
-@@ -295,10 +295,10 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
- slapi_entry_free(ent);
- slapi_pblock_set( pb, SLAPI_MODRDN_EXISTING_ENTRY, NULL );
- }
-+ slapi_pblock_set( pb, SLAPI_MODRDN_EXISTING_ENTRY, original_entry->ep_entry );
- ec = original_entry;
- original_entry = tmpentry;
- tmpentry = NULL;
-- slapi_pblock_set( pb, SLAPI_MODRDN_EXISTING_ENTRY, original_entry->ep_entry );
- free_modrdn_existing_entry = 0; /* owned by original_entry now */
- if (!cache_is_in_cache(&inst->inst_cache, ec)) {
- /* Put the resetted entry 'ec' into the cache again. */
---
-1.9.3
-
diff --git a/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch b/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
new file mode 100644
index 0000000..df10002
--- /dev/null
+++ b/SOURCES/0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
@@ -0,0 +1,50 @@
+From 5dda81412db1609f67035957ab65a6c726228e00 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 14 Jul 2015 11:12:56 -0700
+Subject: [PATCH 20/20] Ticket #48194 - CI test: fixing test cases for ticket
+ 48194
+
+Description: nsSSL3Ciphers preference not enforced server side
+. Test Case 6 - wrong expectation for RC4-SHA
+. Test Case 7 - removing a extra space in nsSSL3Ciphers
+
+(cherry picked from commit f69ce333052f7f33350fd4038b8f598f650a743f)
+(cherry picked from commit ca9e6f9292289a7b6b7f57602555bf9aeb9ba9de)
+---
+ dirsrvtests/tickets/ticket48194_test.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dirsrvtests/tickets/ticket48194_test.py b/dirsrvtests/tickets/ticket48194_test.py
+index 18739ca..17e179a 100644
+--- a/dirsrvtests/tickets/ticket48194_test.py
++++ b/dirsrvtests/tickets/ticket48194_test.py
+@@ -295,7 +295,7 @@ def test_ticket48194_run_4(topology):
+ Default ciphers are enabled.
+ default allowWeakCipher
+ """
+- _header(topology, 'Test Case 5 - Check no nsSSL3Ciphers (default setting) with default allowWeakCipher')
++ _header(topology, 'Test Case 5 - Check no nsSSL3Ciphers (-all) with default allowWeakCipher')
+
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3Ciphers', '-all')])
+@@ -326,7 +326,7 @@ def test_ticket48194_run_5(topology):
+ os.system('touch %s' % (topology.standalone.errlog))
+ topology.standalone.start(timeout=120)
+
+- connectWithOpenssl(topology, 'RC4-SHA', True)
++ connectWithOpenssl(topology, 'RC4-SHA', False)
+ connectWithOpenssl(topology, 'AES256-SHA256', True)
+
+ def test_ticket48194_run_6(topology):
+@@ -338,7 +338,7 @@ def test_ticket48194_run_6(topology):
+ _header(topology, 'Test Case 7 - Check nsSSL3Ciphers: +all,-TLS_RSA_WITH_AES_256_CBC_SHA256 with default allowWeakCipher')
+
+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
+- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-TLS_RSA_WITH_AES_256_CBC_SHA256 ')])
++ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all,-TLS_RSA_WITH_AES_256_CBC_SHA256')])
+
+ log.info("\n######################### Restarting the server ######################\n")
+ topology.standalone.stop(timeout=10)
+--
+1.9.3
+
diff --git a/SOURCES/0021-Ticket-47922-dynamically-added-macro-aci-is-not-eval.patch b/SOURCES/0021-Ticket-47922-dynamically-added-macro-aci-is-not-eval.patch
deleted file mode 100644
index 6cbf850..0000000
--- a/SOURCES/0021-Ticket-47922-dynamically-added-macro-aci-is-not-eval.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 0a1e9e51568d5caea0b97d79773dbc9f5a900ab3 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 10 Oct 2014 11:50:13 -0700
-Subject: [PATCH 21/21] Ticket #47922 - dynamically added macro aci is not
- evaluated on the fly
-
-Bug Description: When macro aci is dynamically added and if the aci's
-macro target dn is not normalized, the following operation that requires
-the aci could fail with Insufficient access since matching the target dn
-and the macro target dn fails since the code expects normalized macro
-target dn.
-
-Fix Description: Before setting the macro target dn, process the dn by
-slapi_create_dn_string_case.
-
-https://fedorahosted.org/389/ticket/47922
-
-Reviewed by lkrispen@redhat.com and rmeggins@redhat.com (Thank you, Ludwig and Rich!!)
-
-(cherry picked from commit 07c1bc25508a9c1e71dd8e717fd4ce455ddfeff0)
-(cherry picked from commit c6b397c8466fd0859c5404c946a82f240564076e)
----
- ldap/servers/plugins/acl/aclparse.c | 19 +++++++++++++------
- ldap/servers/plugins/acl/aclutil.c | 2 +-
- 2 files changed, 14 insertions(+), 7 deletions(-)
-
-diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c
-index ea64fa7..be86c8b 100644
---- a/ldap/servers/plugins/acl/aclparse.c
-+++ b/ldap/servers/plugins/acl/aclparse.c
-@@ -1849,9 +1849,9 @@ static int
- acl_check_for_target_macro( aci_t *aci_item, char *value)
- {
-
-- char *str = NULL;
-+ char *str = NULL;
-
-- str = strstr(value, ACL_TARGET_MACRO_DN_KEY /* ($dn) */);
-+ str = PL_strcasestr(value, ACL_TARGET_MACRO_DN_KEY /* ($dn) */);
-
- if (str != NULL) {
- char *p0 = NULL, *p1 = NULL;
-@@ -1871,10 +1871,17 @@ acl_check_for_target_macro( aci_t *aci_item, char *value)
- aci_item->aci_type &= ~ACI_TARGET_DN;
- aci_item->aci_type |= ACI_TARGET_MACRO_DN;
- aci_item->aci_macro = (aciMacro *)slapi_ch_malloc(sizeof(aciMacro));
-- aci_item->aci_macro->match_this = slapi_ch_strdup(value);
-- aci_item->aci_macro->macro_ptr = strstr( aci_item->aci_macro->match_this,
-- ACL_TARGET_MACRO_DN_KEY);
-- return(1);
-+ /* Macro dn needs to normalize. E.g., "ou=Groups, ($dN), dn=example,dn=com" */
-+ aci_item->aci_macro->match_this = slapi_create_dn_string_case("%s", value);
-+ if (NULL == aci_item->aci_macro->match_this) {
-+ slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
-+ "acl_check_for_target_macro: Error: Invalid macro target dn: \"%s\"\n", value);
-+ aci_item->aci_type &= ~ACI_TARGET_MACRO_DN;
-+ slapi_ch_free((void **)&aci_item->aci_macro);
-+ return -1;
-+ }
-+ aci_item->aci_macro->macro_ptr = PL_strcasestr(aci_item->aci_macro->match_this, ACL_TARGET_MACRO_DN_KEY);
-+ return(1);
- }
-
- return(0);
-diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c
-index e865a95..0720dae 100644
---- a/ldap/servers/plugins/acl/aclutil.c
-+++ b/ldap/servers/plugins/acl/aclutil.c
-@@ -785,7 +785,7 @@ acl_match_macro_in_target( const char *ndn, char * match_this,
- macro_prefix = slapi_ch_strdup(match_this);
-
- /* we know it's got a $(dn) */
-- tmp_ptr = strstr(macro_prefix, ACL_TARGET_MACRO_DN_KEY);
-+ tmp_ptr = PL_strcasestr(macro_prefix, ACL_TARGET_MACRO_DN_KEY);
- if (!tmp_ptr) {
- LDAPDebug(LDAP_DEBUG_ACL,"acl_match_macro_in_target: "
- "Target macro DN key \"%s\" not found in \"%s\".\n",
---
-1.9.3
-
diff --git a/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch b/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
new file mode 100644
index 0000000..d721123
--- /dev/null
+++ b/SOURCES/0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
@@ -0,0 +1,64 @@
+From e88ffac24b49acb01fb7d460ff4282abe85d3799 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 14 Jul 2015 16:00:03 -0700
+Subject: [PATCH 21/22] Ticket #48203 - Fix coverity issues - 07/14/2015
+
+Description: Overrunning array "mctx.negativeErrors" of 19 4-byte
+elements at element index 122 (byte offset 488) using index "abs(err)"
+(which evaluates to 122).
+
+Commit 71be5faaa478593bb056887410ca8e48e05b2fe4 to fix Ticket #47799
+introduced this problem. The error count checking has to be done per
+error.
+
+https://fedorahosted.org/389/ticket/48203
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!)
+
+(cherry picked from commit cc435b8c382f7da662b5c27339d23fd33a8f4117)
+(cherry picked from commit 6ec1001e507908ba60f8c52568d24b5c7c727855)
+---
+ ldap/servers/slapd/tools/ldclt/threadMain.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/servers/slapd/tools/ldclt/threadMain.c b/ldap/servers/slapd/tools/ldclt/threadMain.c
+index 5d915fd..88353c6 100644
+--- a/ldap/servers/slapd/tools/ldclt/threadMain.c
++++ b/ldap/servers/slapd/tools/ldclt/threadMain.c
+@@ -477,7 +477,7 @@ addErrorStat (
+ #else
+ if ((err <= 0) || (err >= MAX_ERROR_NB))
+ #endif
+- {
++ {
+ if (mctx.errorsBad > mctx.maxErrors) {
+ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
+ (void) printGlobalStatistics(); /*JLS 25-08-00*/
+@@ -485,8 +485,22 @@ addErrorStat (
+ ldclt_sleep (5);
+ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
+ }
+- } else {
+- if (mctx.errors[err] + mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
++ }
++#if defined(USE_OPENLDAP)
++ else if (err < 0)
++ {
++ if (mctx.negativeErrors[abs(err)] > mctx.maxErrors) {
++ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
++ (void) printGlobalStatistics(); /*JLS 25-08-00*/
++ fflush (stdout);
++ ldclt_sleep (5);
++ ldcltExit (EXIT_MAX_ERRORS); /*JLS 25-08-00*/
++ }
++ }
++#endif
++ else
++ {
++ if (mctx.errors[err] > mctx.maxErrors) {
+ printf ("ldclt[%d]: Max error limit reached - exiting.\n", mctx.pid);
+ (void) printGlobalStatistics(); /*JLS 25-08-00*/
+ fflush (stdout);
+--
+1.9.3
+
diff --git a/SOURCES/0022-Ticket-47928-Disable-SSL-v3-by-default.patch b/SOURCES/0022-Ticket-47928-Disable-SSL-v3-by-default.patch
deleted file mode 100644
index 6a13d5a..0000000
--- a/SOURCES/0022-Ticket-47928-Disable-SSL-v3-by-default.patch
+++ /dev/null
@@ -1,741 +0,0 @@
-From 09f4f3932881ce97722480ef4f2196ed35a49ab3 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 22 Oct 2014 14:43:26 -0700
-Subject: [PATCH] Ticket #47928 - Disable SSL v3, by default.
-
-Description:
-There are 2 ways to specify the SSL version in in cn=encryption,cn=config.
- . existing method (SSL version info)
- nsSSL3: on|off
- nsTLS1: on|off
- . new method (SSL version range)
- sslVersionMin: <VERSION>
- sslVersionMax: <VERSION>
- where <VERSION> takes "SSL3", "TLS1.0" through "TLS1.2".
-
-If no SSL version info nor range are set in cn=encryption,cn=config,
- nsSSL3: off
- nsTLS1: on
- sslVersionMin is TLS1.1
- sslVersionMax is TLS1.2
-
-If SSL version info and range have conflicts, a tighter setting is
-chosen. For instance, the case of sslVersionMin: TLS1.1; nsTLS1: off;
-nsSSL3: on, the range setting is respected.
- nsSSL3: off
- nsTLS1: on
- sslVersionMin is TLS1.1
- sslVersionMax is TLS1.2
-"SSL alert: Configured range: min: TLS1.1, max: TLS1.2; but nsSSL3 is on
-and nsTLS1 is off. Respect the configured range." is logged in the error
-log.
-
-When cn=encryption,cn=config is searched, the SSL version info as well
-as the range are retrieved from the settings in ssl.c and returned.
-E.g.,
-dn: cn=encryption,cn=config
-nsSSl2: off
-nsSSL3: off
-nsTLS1: on
-sslVersionMin: TLS1.1
-sslVersionMax: TLS1.2
-
-https://fedorahosted.org/389/ticket/47928
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit c1ecd8b659a0b8f7d84f8157cb69810c85ee26e4)
-(cherry picked from commit 524d127f14d3bb666d8ac11a277c4ef60693045f)
----
- ldap/servers/slapd/fedse.c | 43 +++++-
- ldap/servers/slapd/ssl.c | 360 ++++++++++++++++++++++++++++-----------------
- 2 files changed, 266 insertions(+), 137 deletions(-)
-
-diff --git a/ldap/servers/slapd/fedse.c b/ldap/servers/slapd/fedse.c
-index 1f455e5..87f45a1 100644
---- a/ldap/servers/slapd/fedse.c
-+++ b/ldap/servers/slapd/fedse.c
-@@ -77,6 +77,8 @@
-
- extern char ** getSupportedCiphers();
- extern char ** getEnabledCiphers();
-+extern int getSSLVersionInfo(int *ssl2, int *ssl3, int *tls1);
-+extern int getSSLVersionRange(char **min, char **max);
-
- /* Note: These DNs are no need to be normalized */
- static const char *internal_entries[] =
-@@ -108,8 +110,7 @@ static const char *internal_entries[] =
- "cn:encryption\n"
- "nsSSLSessionTimeout:0\n"
- "nsSSLClientAuth:allowed\n"
-- "nsSSL2:off\n"
-- "nsSSL3:off\n",
-+ "sslVersionMin:tls1.1\n",
-
- "dn:cn=monitor\n"
- "objectclass:top\n"
-@@ -1688,15 +1689,38 @@ dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int
- return SLAPI_DSE_CALLBACK_ERROR;
- }
-
-+static void
-+setEntrySSLVersion(Slapi_Entry *entry, char *sslversion, char *newval)
-+{
-+ char *v = slapi_entry_attr_get_charptr(entry, sslversion);
-+
-+ if (v) {
-+ if (PL_strcasecmp(v, newval)) { /* did not match */
-+ struct berval bv;
-+ struct berval *bvals[2];
-+ bvals[0] = &bv;
-+ bvals[1] = NULL;
-+ bv.bv_val = newval;
-+ bv.bv_len = strlen(bv.bv_val);
-+ slapi_entry_attr_replace(entry, sslversion, bvals );
-+ }
-+ slapi_ch_free_string(&v);
-+ } else {
-+ slapi_entry_attr_set_charptr(entry, sslversion, newval);
-+ }
-+}
-+
- /*This function takes care of the search on the attribute nssslsupportedciphers in cn=encryption,cn=config" entry. This would get the list of supported ciphers from the table in ssl.c and always return that value */
- int
- search_encryption( Slapi_PBlock *pb, Slapi_Entry *entry, Slapi_Entry *entryAfter, int *returncode, char *returntext, void *arg)
- {
--
- struct berval *vals[2];
- struct berval val;
- char ** cipherList = getSupportedCiphers(); /*Get the string array of supported ciphers here */
- char ** enabledCipherList = getEnabledCiphers(); /*Get the string array of enabled ciphers here */
-+ int ssl2, ssl3, tls1;
-+ char *sslVersionMin = NULL;
-+ char *sslVersionMax = NULL;
- vals[0] = &val;
- vals[1] = NULL;
-
-@@ -1720,6 +1744,19 @@ search_encryption( Slapi_PBlock *pb, Slapi_Entry *entry, Slapi_Entry *entryAfter
- enabledCipherList++;
- }
-
-+ if (!getSSLVersionInfo(&ssl2, &ssl3, &tls1)) { /* 0 if the version info is initialized */
-+ setEntrySSLVersion(entry, "nsSSL2", ssl2?"on":"off");
-+ setEntrySSLVersion(entry, "nsSSL3", ssl3?"on":"off");
-+ setEntrySSLVersion(entry, "nsTLS1", tls1?"on":"off");
-+ }
-+
-+ if (!getSSLVersionRange(&sslVersionMin, &sslVersionMax)) { /* 0 if the range is initialized or supported */
-+ setEntrySSLVersion(entry, "sslVersionMin", sslVersionMin);
-+ setEntrySSLVersion(entry, "sslVersionMax", sslVersionMax);
-+ }
-+ slapi_ch_free_string(&sslVersionMin);
-+ slapi_ch_free_string(&sslVersionMax);
-+
- return SLAPI_DSE_CALLBACK_OK;
- }
-
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index 5f9916b..26ef251 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -81,17 +81,25 @@
- #endif
-
- #if NSS_VMAJOR * 100 + NSS_VMINOR >= 315
-+/* TLS1.2 is defined in RFC5246. */
- #define NSS_TLS12 1
- #elif NSS_VMAJOR * 100 + NSS_VMINOR >= 314
-+/* TLS1.1 is defined in RFC4346. */
- #define NSS_TLS11 1
- #else
-+/*
-+ * TLS1.0 is defined in RFC2246.
-+ * Close to SSL 3.0.
-+ */
- #define NSS_TLS10 1
- #endif
-
- extern char* slapd_SSL3ciphers;
- extern symbol_t supported_ciphers[];
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
--static SSLVersionRange enabledNSSVersions;
-+static SSLVersionRange enabledNSSVersions;
-+static SSLVersionRange slapdNSSVersions;
-+static char *getNSSVersion_str(PRUint16 vnum);
- #endif
-
- /* dongle_file_name is set in slapd_nss_init when we set the path for the
-@@ -238,6 +246,20 @@ static lookup_cipher _lookup_cipher[] = {
- {NULL, NULL}
- };
-
-+/* Supported SSL versions */
-+/* nsSSL2: on -- we don't allow this any more. */
-+PRBool enableSSL2 = PR_FALSE;
-+/*
-+ * nsSSL3: on -- disable SSLv3 by default.
-+ * Corresonding to SSL_LIBRARY_VERSION_3_0 and SSL_LIBRARY_VERSION_TLS_1_0
-+ */
-+PRBool enableSSL3 = PR_FALSE;
-+/*
-+ * nsTLS1: on -- enable TLS1 by default.
-+ * Corresonding to SSL_LIBRARY_VERSION_TLS_1_1 and greater.
-+ */
-+PRBool enableTLS1 = PR_TRUE;
-+
- static void
- slapd_SSL_report(int degree, char *fmt, va_list args)
- {
-@@ -372,6 +394,36 @@ cipher_check_fips(int idx, char ***suplist, char ***unsuplist)
- return rc;
- }
-
-+int
-+getSSLVersionInfo(int *ssl2, int *ssl3, int *tls1)
-+{
-+ if (!slapd_ssl_listener_is_initialized()) {
-+ return -1;
-+ }
-+ *ssl2 = enableSSL2;
-+ *ssl3 = enableSSL3;
-+ *tls1 = enableTLS1;
-+ return 0;
-+}
-+
-+int
-+getSSLVersionRange(char **min, char **max)
-+{
-+ if (!slapd_ssl_listener_is_initialized()) {
-+ return -1;
-+ }
-+ if ((NULL == min) || (NULL == max)) {
-+ return -1;
-+ }
-+#if defined(NSS_TLS10)
-+ return -1; /* not supported */
-+#else /* NSS_TLS11 or newer */
-+ *min = slapi_ch_strdup(getNSSVersion_str(slapdNSSVersions.min));
-+ *max = slapi_ch_strdup(getNSSVersion_str(slapdNSSVersions.max));
-+ return 0;
-+#endif
-+}
-+
- static void
- _conf_init_ciphers()
- {
-@@ -834,89 +886,132 @@ getNSSVersion_str(PRUint16 vnum)
- return vstr;
- }
-
--/* restrict SSLVersionRange with the existing SSL config params (nsSSL3, nsTLS1) */
-+#define SSLVGreater(x, y) (((x) > (y)) ? (x) : (y))
-+
-+/*
-+ * Check the SSLVersionRange and the old style config params (nsSSL3, nsTLS1) .
-+ * If there are conflicts, choose the secure setting.
-+ */
- static void
--restrict_SSLVersionRange(SSLVersionRange *sslversion, PRBool enableSSL3, PRBool enableTLS1)
-+restrict_SSLVersionRange(void)
- {
-- int rc = 0;
-+ if (slapdNSSVersions.min > slapdNSSVersions.max) {
-+ slapd_SSL_warn("Invalid configured SSL range: min: %s, max: %s; "
-+ "Resetting the max to the supported max SSL version: %s.",
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max),
-+ getNSSVersion_str(enabledNSSVersions.max));
-+ slapdNSSVersions.max = enabledNSSVersions.max;
-+ }
- if (enableSSL3) {
-+ slapd_SSL_warn("Found unsecure configuration: nsSSL3: on; "
-+ "We strongly recommend to disable nsSSL3 in %s.", configDN);
- if (enableTLS1) {
-- /* no restriction */
-- ;
-+ if (slapdNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ slapd_SSL_warn("Configured range: min: %s, max: %s; "
-+ "but both nsSSL3 and nsTLS1 are on. "
-+ "Respect the supported range.",
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max));
-+ enableSSL3 = PR_FALSE;
-+ }
-+ if (slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
-+ slapd_SSL_warn("Configured range: min: %s, max: %s; "
-+ "but both nsSSL3 and nsTLS1 are on. "
-+ "Resetting the max to the supported max SSL version: %s.",
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max),
-+ getNSSVersion_str(enabledNSSVersions.max));
-+ slapdNSSVersions.max = enabledNSSVersions.max;
-+ }
- } else {
-- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_3_0) {
-- slapd_SSL_warn("Security Initialization: "
-- "Supported range: min: %s, max: %s; "
-- "but the SSL configuration of the server disables nsTLS1. "
-- "Ignoring nsTLS1: off\n",
-+ /* nsTLS1 is explicitly set to off. */
-+ if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ slapd_SSL_warn("Supported range: min: %s, max: %s; "
-+ "but nsSSL3 is on and nsTLS1 is off. "
-+ "Respect the supported range.",
- getNSSVersion_str(enabledNSSVersions.min),
- getNSSVersion_str(enabledNSSVersions.max));
-- rc = 1;
-- } else if (sslversion->min > SSL_LIBRARY_VERSION_3_0) {
-- slapd_SSL_warn("Security Initialization: "
-- "Configured range: min: %s, max: %s; "
-- "but the SSL configuration of the server disables nsTLS1. "
-- "Ignoring nsTLS1: off\n",
-- getNSSVersion_str(sslversion->min),
-- getNSSVersion_str(sslversion->max));
-- rc = 1;
-- } else if (sslversion->max < SSL_LIBRARY_VERSION_3_0) {
-- slapd_SSL_warn("Security Initialization: "
-- "Configured range: min: %s, max: %s; "
-- "but the SSL configuration of the server enabled nsSSL3. "
-- "Ignoring max: %s\n",
-- getNSSVersion_str(sslversion->min),
-- getNSSVersion_str(sslversion->max),
-- getNSSVersion_str(sslversion->max));
-- sslversion->min = SSL_LIBRARY_VERSION_3_0; /* don't enable SSL2 */
-- sslversion->max = SSL_LIBRARY_VERSION_3_0;
-- rc = 1;
-+ slapdNSSVersions.min = SSLVGreater(slapdNSSVersions.min, enabledNSSVersions.min);
-+ enableSSL3 = PR_FALSE;
-+ enableTLS1 = PR_TRUE;
-+ } else if (slapdNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ slapd_SSL_warn("Configured range: min: %s, max: %s; "
-+ "but nsSSL3 is on and nsTLS1 is off. "
-+ "Respect the configured range.",
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max));
-+ enableSSL3 = PR_FALSE;
-+ enableTLS1 = PR_TRUE;
-+ } else if (slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
-+ slapd_SSL_warn("Too low configured range: min: %s, max: %s; "
-+ "Resetting the range to: min: %s, max: %s.",
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max),
-+ getNSSVersion_str(SSL_LIBRARY_VERSION_TLS_1_0),
-+ getNSSVersion_str(SSL_LIBRARY_VERSION_TLS_1_0));
-+ slapdNSSVersions.min = SSL_LIBRARY_VERSION_TLS_1_0;
-+ slapdNSSVersions.max = SSL_LIBRARY_VERSION_TLS_1_0;
- } else {
-- sslversion->min = SSL_LIBRARY_VERSION_3_0; /* don't enable SSL2 */
-- sslversion->max = SSL_LIBRARY_VERSION_3_0;
-+ /*
-+ * slapdNSSVersions.min <= SSL_LIBRARY_VERSION_TLS_1_0 &&
-+ * slapdNSSVersions.max >= SSL_LIBRARY_VERSION_TLS_1_1
-+ */
-+ slapd_SSL_warn("Configured range: min: %s, max: %s; "
-+ "but nsSSL3 is on and nsTLS1 is off. "
-+ "Respect the configured range.",
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max));
-+ enableTLS1 = PR_TRUE;
- }
- }
- } else {
- if (enableTLS1) {
-- if (enabledNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_0) {
-- slapd_SSL_warn("Security Initialization: "
-- "Supported range: min: %s, max: %s; "
-- "but the SSL configuration of the server disables nsSSL3. ",
-- "Ignoring nsSSL3: off\n",
-+ if (enabledNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
-+ /* TLS1 is on, but TLS1 is not supported by NSS. */
-+ slapd_SSL_warn("Supported range: min: %s, max: %s; "
-+ "Setting the version range based upon the supported range.",
- getNSSVersion_str(enabledNSSVersions.min),
- getNSSVersion_str(enabledNSSVersions.max));
-- sslversion->min = SSL_LIBRARY_VERSION_3_0; /* don't enable SSL2 */
-- sslversion->max = SSL_LIBRARY_VERSION_3_0;
-- rc = 1;
-- } else if (sslversion->max < SSL_LIBRARY_VERSION_TLS_1_0) {
-- slapd_SSL_warn("Security Initialization: "
-- "Configured range: min: %s, max: %s; "
-- "but the SSL configuration of the server disables nsSSL3. "
-- "Ignoring nsSSL3: off\n",
-- getNSSVersion_str(sslversion->min),
-- getNSSVersion_str(sslversion->max));
-- sslversion->min = SSL_LIBRARY_VERSION_3_0; /* don't enable SSL2 */
-- sslversion->max = SSL_LIBRARY_VERSION_3_0;
-- rc = 1;
-- } else if (sslversion->min < SSL_LIBRARY_VERSION_TLS_1_0) {
-- sslversion->min = SSL_LIBRARY_VERSION_TLS_1_0;
-+ slapdNSSVersions.max = enabledNSSVersions.max;
-+ slapdNSSVersions.min = enabledNSSVersions.min;
-+ enableSSL3 = PR_TRUE;
-+ enableTLS1 = PR_FALSE;
-+ } else if ((slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) ||
-+ (slapdNSSVersions.min < SSL_LIBRARY_VERSION_TLS_1_1)) {
-+ slapdNSSVersions.max = enabledNSSVersions.max;
-+ slapdNSSVersions.min = SSLVGreater(SSL_LIBRARY_VERSION_TLS_1_1, enabledNSSVersions.min);
-+ slapd_SSL_warn("Default SSL Version settings; "
-+ "Configuring the version range as min: %s, max: %s; ",
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max));
-+ } else {
-+ /*
-+ * slapdNSSVersions.min >= SSL_LIBRARY_VERSION_TLS_1_1 &&
-+ * slapdNSSVersions.max >= SSL_LIBRARY_VERSION_TLS_1_1
-+ */
-+ ;
- }
- } else {
-- slapd_SSL_warn("Security Initialization: "
-- "Supported range: min: %s, max: %s; "
-- "but the SSL configuration of the server disables nsSSL3 and nsTLS1. "
-- "Ignoring nsSSL3: off and nsTLS1: off\n",
-- getNSSVersion_str(enabledNSSVersions.min),
-- getNSSVersion_str(enabledNSSVersions.max));
-- rc = 1;
-+ slapd_SSL_warn("Supported range: min: %s, max: %s; "
-+ "Respect the configured range.",
-+ getNSSVersion_str(enabledNSSVersions.min),
-+ getNSSVersion_str(enabledNSSVersions.max));
-+ /* nsTLS1 is explicitly set to off. */
-+ if (slapdNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ enableTLS1 = PR_TRUE;
-+ } else if (slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
-+ enableSSL3 = PR_TRUE;
-+ } else {
-+ /*
-+ * slapdNSSVersions.min <= SSL_LIBRARY_VERSION_TLS_1_0 &&
-+ * slapdNSSVersions.max >= SSL_LIBRARY_VERSION_TLS_1_1
-+ */
-+ enableSSL3 = PR_TRUE;
-+ enableTLS1 = PR_TRUE;
-+ }
- }
- }
-- if (0 == rc) {
-- slapi_log_error(SLAPI_LOG_FATAL, "SSL Initialization",
-- "SSL version range: min: %s, max: %s\n",
-- getNSSVersion_str(sslversion->min),
-- getNSSVersion_str(sslversion->max));
-- }
- }
- #endif
-
-@@ -949,7 +1044,7 @@ slapd_nss_init(int init_ssl, int config_available)
- SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
-
- slapi_log_error(SLAPI_LOG_CONFIG, "SSL Initialization",
-- "supported range: min: %s, max: %s\n",
-+ "supported range by NSS: min: %s, max: %s\n",
- getNSSVersion_str(enabledNSSVersions.min),
- getNSSVersion_str(enabledNSSVersions.max));
- #endif
-@@ -1120,11 +1215,9 @@ slapd_ssl_init()
- PRErrorCode errorCode;
- char ** family_list;
- char *val = NULL;
-- char cipher_string[1024];
- int rv = 0;
- PK11SlotInfo *slot;
- Slapi_Entry *entry = NULL;
-- int allowweakcipher = CIPHER_SET_DEFAULTWEAKCIPHER;
-
- /* Get general information */
-
-@@ -1162,23 +1255,6 @@ slapd_ssl_init()
- freeConfigEntry( &entry );
- return -1;
- }
--
-- val = slapi_entry_attr_get_charptr(entry, "allowWeakCipher");
-- if (val) {
-- if (!PL_strcasecmp(val, "off") || !PL_strcasecmp(val, "false") ||
-- !PL_strcmp(val, "0") || !PL_strcasecmp(val, "no")) {
-- allowweakcipher = CIPHER_SET_DISALLOWWEAKCIPHER;
-- } else if (!PL_strcasecmp(val, "on") || !PL_strcasecmp(val, "true") ||
-- !PL_strcmp(val, "1") || !PL_strcasecmp(val, "yes")) {
-- allowweakcipher = CIPHER_SET_ALLOWWEAKCIPHER;
-- } else {
-- slapd_SSL_warn("The value of allowWeakCipher \"%s\" in "
-- "cn=encryption,cn=config is invalid. "
-- "Ignoring it and set it to default.", val);
-- }
-- }
-- slapi_ch_free((void **) &val);
--
- if ((family_list = getChildren(configDN))) {
- char **family;
- char *token;
-@@ -1252,22 +1328,6 @@ slapd_ssl_init()
- /* ugaston- Cipher preferences must be set before any sslSocket is created
- * for such sockets to take preferences into account.
- */
--
-- /* Step Three.5: Set SSL cipher preferences */
-- *cipher_string = 0;
-- if(ciphers && (*ciphers) && PL_strcmp(ciphers, "blank"))
-- PL_strncpyz(cipher_string, ciphers, sizeof(cipher_string));
-- slapi_ch_free((void **) &ciphers);
--
-- if ( NULL != (val = _conf_setciphers(cipher_string, allowweakcipher)) ) {
-- errorCode = PR_GetError();
-- slapd_SSL_warn("Security Initialization: Failed to set SSL cipher "
-- "preference information: %s (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-- val, errorCode, slapd_pr_strerror(errorCode));
-- rv = 3;
-- slapi_ch_free((void **) &val);
-- }
--
- freeConfigEntry( &entry );
-
- /* Introduce a way of knowing whether slapd_ssl_init has
-@@ -1308,7 +1368,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_2) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.min;
- } else {
-@@ -1319,7 +1379,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- /* never happens */
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.max));
- (*rval) = enabledNSSVersions.max;
- } else {
-@@ -1331,7 +1391,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_3_0) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.min;
- } else {
-@@ -1342,7 +1402,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- /* never happens */
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.max));
- (*rval) = enabledNSSVersions.max;
- } else {
-@@ -1352,12 +1412,12 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- } else {
- if (ismin) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
-- "\"%s\" is invalid; the default value \"%s\" is used.\n",
-+ "\"%s\" is invalid; the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.min;
- } else {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
-- "\"%s\" is invalid; the default value \"%s\" is used.\n",
-+ "\"%s\" is invalid; the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.max));
- (*rval) = enabledNSSVersions.max;
- }
-@@ -1371,7 +1431,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.min;
- } else {
-@@ -1382,7 +1442,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- /* never happens */
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.max));
- (*rval) = enabledNSSVersions.max;
- } else {
-@@ -1394,7 +1454,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_1) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.min;
- } else {
-@@ -1405,7 +1465,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- /* never happens */
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.max));
- (*rval) = enabledNSSVersions.max;
- } else {
-@@ -1418,7 +1478,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_2) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.min;
- } else {
-@@ -1429,7 +1489,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- /* never happens */
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.max));
- (*rval) = enabledNSSVersions.max;
- } else {
-@@ -1441,13 +1501,13 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- if (ismin) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is out of the range of the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.min;
- } else {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is out of the range of the supported version; "
-- "the default value \"%s\" is used.\n",
-+ "the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.max;
- }
-@@ -1455,12 +1515,12 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- } else {
- if (ismin) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
-- "\"%s\" is invalid; the default value \"%s\" is used.\n",
-+ "\"%s\" is invalid; the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.min;
- } else {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
-- "\"%s\" is invalid; the default value \"%s\" is used.\n",
-+ "\"%s\" is invalid; the default value \"%s\" is used.",
- val, getNSSVersion_str(enabledNSSVersions.min));
- (*rval) = enabledNSSVersions.max;
- }
-@@ -1490,14 +1550,13 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- int slapd_SSLclientAuth;
- char* tmpDir;
- Slapi_Entry *e = NULL;
-- PRBool enableSSL2 = PR_FALSE;
-- PRBool enableSSL3 = PR_TRUE;
-- PRBool enableTLS1 = PR_TRUE;
- PRBool fipsMode = PR_FALSE;
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
- PRUint16 NSSVersionMin = enabledNSSVersions.min;
- PRUint16 NSSVersionMax = enabledNSSVersions.max;
- #endif
-+ char cipher_string[1024];
-+ int allowweakcipher = CIPHER_SET_DEFAULTWEAKCIPHER;
-
- /* turn off the PKCS11 pin interactive mode */
- #ifndef _WIN32
-@@ -1839,6 +1898,8 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- } else {
- enableTLS1 = slapi_entry_attr_get_bool( e, "nsTLS1" );
- }
-+ } else if (enabledNSSVersions.max > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ enableTLS1 = PR_TRUE; /* If available, enable TLS1 */
- }
- slapi_ch_free_string( &val );
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
-@@ -1853,14 +1914,12 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- }
- slapi_ch_free_string( &val );
- if (NSSVersionMin > NSSVersionMax) {
-- slapd_SSL_warn("Security Initialization: The min value of NSS version range "
-- "\"%s\" is greater than the max value \"%s\"; "
-- "the default range \"%s\" - \"%s\" is used.\n",
-+ slapd_SSL_warn("The min value of NSS version range \"%s\" is greater than the max value \"%s\".",
- getNSSVersion_str(NSSVersionMin),
-- getNSSVersion_str(NSSVersionMax),
-- getNSSVersion_str(enabledNSSVersions.min),
-+ getNSSVersion_str(NSSVersionMax));
-+ slapd_SSL_warn("Reset the max \"%s\" to supported max \"%s\".",
-+ getNSSVersion_str(NSSVersionMax),
- getNSSVersion_str(enabledNSSVersions.max));
-- NSSVersionMin = enabledNSSVersions.min;
- NSSVersionMax = enabledNSSVersions.max;
- }
- #endif
-@@ -1868,18 +1927,21 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
- if (NSSVersionMin > 0) {
- /* Use new NSS API SSL_VersionRangeSet (NSS3.14 or newer) */
-- SSLVersionRange myNSSVersions;
-- myNSSVersions.min = NSSVersionMin;
-- myNSSVersions.max = NSSVersionMax;
-- restrict_SSLVersionRange(&myNSSVersions, enableSSL3, enableTLS1);
-- sslStatus = SSL_VersionRangeSet(pr_sock, &myNSSVersions);
-+ slapdNSSVersions.min = NSSVersionMin;
-+ slapdNSSVersions.max = NSSVersionMax;
-+ restrict_SSLVersionRange();
-+ slapi_log_error(SLAPI_LOG_FATAL, "SSL Initialization",
-+ "Configured SSL version range: min: %s, max: %s\n",
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max));
-+ sslStatus = SSL_VersionRangeSet(pr_sock, &slapdNSSVersions);
- if (sslStatus == SECSuccess) {
- /* Set the restricted value to the cn=encryption entry */
- } else {
- slapd_SSL_error("SSL Initialization 2: "
- "Failed to set SSL range: min: %s, max: %s\n",
-- getNSSVersion_str(myNSSVersions.min),
-- getNSSVersion_str(myNSSVersions.max));
-+ getNSSVersion_str(slapdNSSVersions.min),
-+ getNSSVersion_str(slapdNSSVersions.max));
- }
- } else {
- #endif
-@@ -1904,6 +1966,36 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
- }
- #endif
-+ val = slapi_entry_attr_get_charptr(e, "allowWeakCipher");
-+ if (val) {
-+ if (!PL_strcasecmp(val, "off") || !PL_strcasecmp(val, "false") ||
-+ !PL_strcmp(val, "0") || !PL_strcasecmp(val, "no")) {
-+ allowweakcipher = CIPHER_SET_DISALLOWWEAKCIPHER;
-+ } else if (!PL_strcasecmp(val, "on") || !PL_strcasecmp(val, "true") ||
-+ !PL_strcmp(val, "1") || !PL_strcasecmp(val, "yes")) {
-+ allowweakcipher = CIPHER_SET_ALLOWWEAKCIPHER;
-+ } else {
-+ slapd_SSL_warn("The value of allowWeakCipher \"%s\" in %s is invalid.",
-+ "Ignoring it and set it to default.", val, configDN);
-+ }
-+ }
-+ slapi_ch_free((void **) &val);
-+
-+ /* Set SSL cipher preferences */
-+ *cipher_string = 0;
-+ if(ciphers && (*ciphers) && PL_strcmp(ciphers, "blank"))
-+ PL_strncpyz(cipher_string, ciphers, sizeof(cipher_string));
-+ slapi_ch_free((void **) &ciphers);
-+
-+ if ( NULL != (val = _conf_setciphers(cipher_string, allowweakcipher)) ) {
-+ errorCode = PR_GetError();
-+ slapd_SSL_warn("Security Initialization: Failed to set SSL cipher "
-+ "preference information: %s (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-+ val, errorCode, slapd_pr_strerror(errorCode));
-+ rv = 3;
-+ slapi_ch_free((void **) &val);
-+ }
-+
- freeConfigEntry( &e );
-
- if(( slapd_SSLclientAuth = config_get_SSLclientAuth()) != SLAPD_SSLCLIENTAUTH_OFF ) {
---
-1.9.3
-
diff --git a/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch b/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
new file mode 100644
index 0000000..657c214
--- /dev/null
+++ b/SOURCES/0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
@@ -0,0 +1,174 @@
+From abfd367015c9d0dfa0b97b8473923c97eab0dab5 Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins@redhat.com>
+Date: Wed, 15 Jul 2015 14:09:24 -0600
+Subject: [PATCH 22/22] Ticket #48224 - redux - logconv.pl should handle
+ *.tar.xz, *.txz, *.xz log files
+
+https://fedorahosted.org/389/ticket/48224
+Reviewed by: nhosoi, mreynolds (Thanks!)
+Branch: 389-ds-base-1.3.4
+Fix Description: Some platforms have no IO::Uncompress::UnXz, so have
+to pipe out to the 'xz' command for uncompression.
+Doing the 'xz' pipe will not work with compressed xz files in tar
+archives, so issue an appropriate error.
+The tar archive file handling was wrong - have to wrap the data in a
+filehandle before passing to uncompress.
+Added a lot of error checking - trying to uncompress plain text files,
+trying to untar non-tar archives, trying to untar and uncompress a
+tar file that is not compressed, other weird stuff like specifying a
+.bz2 extension on a file compressed with .xz.
+This will also need a spec file change:
+Requires: perl-IO-Compress
+Requires: perl-DB_File
+Requires: perl-Archive-Tar
+Requires: xz
+Platforms tested: Fedora 21, RHEL 7.2 candidate
+Flag Day: no
+Doc impact: no
+
+(cherry picked from commit ae5b62f53557c8ce2d174999c4b561ebc4ccde55)
+(cherry picked from commit 8473ae0c49492dd7931dbdd3a8377119f53ce49b)
+---
+ ldap/admin/src/logconv.pl | 73 ++++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 57 insertions(+), 16 deletions(-)
+
+diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
+index a6bd6c2..d26e91e 100755
+--- a/ldap/admin/src/logconv.pl
++++ b/ldap/admin/src/logconv.pl
+@@ -398,17 +398,11 @@ my $totalLineCount = 0;
+
+ sub isTarArchive {
+ local $_ = shift;
+- if (/\.txz$/ || /\.tar.xz$/) {
+- use IO::Uncompress::UnXz;
+- }
+ return /\.tar$/ || /\.tar\.bz2$/ || /\.tar.gz$/ || /\.tar.xz$/ || /\.tgz$/ || /\.tbz$/ || /\.txz$/;
+ }
+
+ sub isCompressed {
+ local $_ = shift;
+- if (/\.xz$/) {
+- use IO::Uncompress::UnXz;
+- }
+ return /\.gz$/ || /\.bz2$/ || /\.xz$/;
+ }
+
+@@ -418,6 +412,43 @@ sub tarNeedsUncompress {
+ return /\.tar.xz$/ || /\.txz$/;
+ }
+
++# rhel7 can't grok xz
++sub doUncompress {
++ local $_ = shift;
++ my $data = shift;
++ my $TARFH;
++ # some platforms don't have xz support in IO::Uncompress::AnyUncompress
++ if (/\.tar.xz$/ || /\.txz$/ || /\.xz$/) {
++ if ($data) {
++ openFailed("Cannot read from compressed xz file in tar archive.\nPlease un-tar the tar file first, then pass individual .xz files to this program.\n", $_);
++ }
++ # so use the xz command directly
++ # NOTE: This doesn't work if the argument is a file handle e.g. from
++ # Archive::Tar
++ $! = 0; # clear
++ if (!open($TARFH, "xz -dc $_ |") or $!) {
++ openFailed($!, $_);
++ return;
++ }
++ } else {
++ my $uncompressthing;
++ if ($data) {
++ # make a filehandle object from data
++ open($uncompressthing, "<", \$data) or openFailed($!, $_);
++ } else {
++ # just read from the file
++ $uncompressthing = $_;
++ }
++ $TARFH = new IO::Uncompress::AnyUncompress $uncompressthing or
++ do { openFailed($AnyUncompressError, $_); return; };
++ if (*$TARFH->{Plain}) {
++ openFailed("Unknown compression", $_);
++ return;
++ }
++ }
++ return $TARFH;
++}
++
+ sub convertTimeToSeconds {
+ my $log_line = shift;
+
+@@ -497,6 +528,10 @@ for (my $count=0; $count < $file_count; $count++){
+ if($logCount > 1 && $count == 0 && $skipFirstFile == 1){
+ next;
+ }
++ if (! -r $logname) {
++ print "File not found: $logname\n";
++ next;
++ }
+ $linesProcessed = 0; $lineBlockCount = 0;
+ my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$atime,$mtime,$ctime,$blksize,$blocks);
+ ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$cursize,
+@@ -513,11 +548,12 @@ for (my $count=0; $count < $file_count; $count++){
+ my $tariter = 0;
+ my $tarfile = 0;
+ my $comp = 0;
++ $LOGFH = undef;
+ if (isTarArchive($logname)) {
+ $tar = Archive::Tar->new();
+ if (tarNeedsUncompress($logname)) {
+- my $TARFH = new IO::Uncompress::AnyUncompress $logname or
+- do { openFailed($AnyUncompressError, $logname); next };
++ my $TARFH = doUncompress($logname);
++ next if (!$TARFH);
+ $tariter = Archive::Tar->iter($TARFH);
+ } else {
+ $tariter = Archive::Tar->iter($logname);
+@@ -540,24 +576,21 @@ for (my $count=0; $count < $file_count; $count++){
+ next;
+ }
+ if (isCompressed($tarfile->name)) {
+- $LOGFH = new IO::Uncompress::AnyUncompress \$tarfile->name or
+- do { openFailed($AnyUncompressError, $logname); next };
++ $LOGFH = doUncompress($tarfile->name, $tarfile->get_content);
++ next if (!$LOGFH);
+ # no way in general to know how big the uncompressed file is - so
+ # assume a factor of 10 inflation - only used for progress reporting
+ $cursize *= 10;
+ } else {
+- open(LOG,"<",\$tarfile->data) or do { openFailed($!, $tarfile->name) ; next };
+- $LOGFH = \*LOG;
++ open($LOGFH,"<",\$tarfile->data) or do { openFailed($!, $tarfile->name) ; next };
+ }
+ } elsif ($comp) {
+- $LOGFH = new IO::Uncompress::AnyUncompress $logname or
+- do { openFailed($AnyUncompressError, $logname); next };
++ $LOGFH = doUncompress($logname);
+ # no way in general to know how big the uncompressed file is - so
+ # assume a factor of 10 inflation - only used for progress reporting
+ $cursize *= 10;
+ } else {
+- open(LOG,$logname) or do { openFailed($!, $logname); next };
+- $LOGFH = \*LOG;
++ open($LOGFH,$logname) or do { openFailed($!, $logname); next };
+ }
+ my $firstline = "yes";
+ while(<$LOGFH>){
+@@ -588,6 +621,14 @@ for (my $count=0; $count < $file_count; $count++){
+ }
+ last if (!$tariter);
+ }
++ if ($tar) {
++ if ($tar->error()) {
++ openFailed($tar->error(), $logname);
++ }
++ if ($Archive::Tar::error) {
++ openFailed($Archive::Tar::error, $logname);
++ }
++ }
+ }
+
+ if ($totalLineCount eq "0"){
+--
+1.9.3
+
diff --git a/SOURCES/0023-Ticket-47928-CI-test-added-test-cases-for-ticket-479.patch b/SOURCES/0023-Ticket-47928-CI-test-added-test-cases-for-ticket-479.patch
deleted file mode 100644
index 1d3b1e0..0000000
--- a/SOURCES/0023-Ticket-47928-CI-test-added-test-cases-for-ticket-479.patch
+++ /dev/null
@@ -1,229 +0,0 @@
-From 8a412f7c540ac2925ad33ee633e60bf7e55e929c Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 22 Oct 2014 17:11:17 -0700
-Subject: [PATCH 23/28] Ticket 47928 - CI test: added test cases for ticket
- 47928
-
-Description:
-test_ticket47928_run_0 - Test Case 13 - No SSL version config parameters
-test_ticket47928_run_1 - Test Case 14 - No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax
-test_ticket47928_run_2 - Test Case 15 - nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
-test_ticket47928_run_3 - Test Case 16 - nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
-
-(cherry picked from commit 958be1271ab440a15649046e7927b44b57a4e19a)
-Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
----
- dirsrvtests/tickets/ticket47838_test.py | 165 +++++++++++++++++++++++++++++++-
- 1 file changed, 161 insertions(+), 4 deletions(-)
-
-diff --git a/dirsrvtests/tickets/ticket47838_test.py b/dirsrvtests/tickets/ticket47838_test.py
-index c98c36e..50a4b50 100644
---- a/dirsrvtests/tickets/ticket47838_test.py
-+++ b/dirsrvtests/tickets/ticket47838_test.py
-@@ -201,7 +201,8 @@ def test_ticket47838_init(topology):
-
- log.info("\n######################### enable SSL in the directory server with all ciphers ######################\n")
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'on'),
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'off'),
-+ (ldap.MOD_REPLACE, 'nsTLS1', 'on'),
- (ldap.MOD_REPLACE, 'nsSSLClientAuth', 'allowed'),
- (ldap.MOD_REPLACE, 'allowWeakCipher', 'on'),
- (ldap.MOD_REPLACE, 'nsSSL3Ciphers', '+all')])
-@@ -645,19 +646,171 @@ def test_ticket47838_run_11(topology):
-
- comp_nsSSLEnableCipherCount(topology, 0)
-
-+def test_ticket47928_run_0(topology):
-+ """
-+ No SSL version config parameters.
-+ Check SSL3 (TLS1.0) is off.
-+ """
-+ _header(topology, 'Test Case 13 - No SSL version config parameters')
-+
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ # add them once and remove them
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3', 'off'),
-+ (ldap.MOD_REPLACE, 'nsTLS1', 'on'),
-+ (ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
-+ (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2')])
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_DELETE, 'nsSSL3', None),
-+ (ldap.MOD_DELETE, 'nsTLS1', None),
-+ (ldap.MOD_DELETE, 'sslVersionMin', None),
-+ (ldap.MOD_DELETE, 'sslVersionMax', None)])
-+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '64')])
-+
-+ log.info("\n######################### Restarting the server ######################\n")
-+ topology.standalone.stop(timeout=10)
-+ os.system('mv %s %s.47838_11' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('touch %s' % (topology.standalone.errlog))
-+ topology.standalone.start(timeout=120)
-+
-+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Default SSL Version settings; Configuring the version range as min: TLS1.1"' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
-+def test_ticket47928_run_1(topology):
-+ """
-+ No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax
-+ Check sslVersionMax is ignored.
-+ """
-+ _header(topology, 'Test Case 14 - No nsSSL3, nsTLS1; sslVersionMin > sslVersionMax')
-+
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.2'),
-+ (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.1')])
-+
-+ log.info("\n######################### Restarting the server ######################\n")
-+ topology.standalone.stop(timeout=10)
-+ os.system('mv %s %s.47838_12' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('touch %s' % (topology.standalone.errlog))
-+ topology.standalone.start(timeout=120)
-+
-+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "The min value of NSS version range"' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
-+ errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.2, max: TLS1"' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
-+def test_ticket47928_run_2(topology):
-+ """
-+ nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
-+ Conflict between nsSSL3 and range; nsSSL3 is disabled
-+ """
-+ _header(topology, 'Test Case 15 - nsSSL3: on; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2')
-+
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
-+ (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2'),
-+ (ldap.MOD_REPLACE, 'nsSSL3', 'on')])
-+
-+ log.info("\n######################### Restarting the server ######################\n")
-+ topology.standalone.stop(timeout=10)
-+ os.system('mv %s %s.47838_13' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('touch %s' % (topology.standalone.errlog))
-+ topology.standalone.start(timeout=120)
-+
-+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Found unsecure configuration: nsSSL3: on"' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
-+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Respect the supported range."' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
-+ errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.1, max: TLS1"' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
-+def test_ticket47928_run_3(topology):
-+ """
-+ nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2
-+ Conflict between nsSSL3/nsTLS1 and range; nsSSL3 is disabled; nsTLS1 is enabled.
-+ """
-+ _header(topology, 'Test Case 16 - nsSSL3: on; nsTLS1: off; sslVersionMin: TLS1.1; sslVersionMax: TLS1.2')
-+
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'sslVersionMin', 'TLS1.1'),
-+ (ldap.MOD_REPLACE, 'sslVersionMax', 'TLS1.2'),
-+ (ldap.MOD_REPLACE, 'nsSSL3', 'on'),
-+ (ldap.MOD_REPLACE, 'nsTLS1', 'off')])
-+
-+ log.info("\n######################### Restarting the server ######################\n")
-+ topology.standalone.stop(timeout=10)
-+ os.system('mv %s %s.47838_14' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('touch %s' % (topology.standalone.errlog))
-+ topology.standalone.start(timeout=120)
-+
-+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Found unsecure configuration: nsSSL3: on"' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
-+ errmsg = os.popen('egrep "SSL alert:" %s | egrep "Respect the configured range."' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
-+ errmsg = os.popen('egrep "SSL Initialization" %s | egrep "Configured SSL version range: min: TLS1.1, max: TLS1"' % topology.standalone.errlog)
-+ if errmsg != "":
-+ log.info("Expected message:")
-+ log.info("%s" % errmsg.readline())
-+ else:
-+ log.info("Expected message was not found")
-+ assert False
-+
- def test_ticket47838_run_last(topology):
- """
- Check nssSSL3Chiphers: all <== invalid value
- All ciphers are disabled.
- """
-- _header(topology, 'Test Case 13 - Check nssSSL3Chiphers: all, which is invalid')
-+ _header(topology, 'Test Case 17 - Check nssSSL3Chiphers: all, which is invalid')
-
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', None)])
- topology.standalone.modify_s(ENCRYPTION_DN, [(ldap.MOD_REPLACE, 'nsSSL3Ciphers', 'all')])
-
- log.info("\n######################### Restarting the server ######################\n")
- topology.standalone.stop(timeout=10)
-- os.system('mv %s %s.47838_10' % (topology.standalone.errlog, topology.standalone.errlog))
-+ os.system('mv %s %s.47838_15' % (topology.standalone.errlog, topology.standalone.errlog))
- os.system('touch %s' % (topology.standalone.errlog))
- topology.standalone.start(timeout=120)
-
-@@ -671,7 +824,7 @@ def test_ticket47838_run_last(topology):
-
- comp_nsSSLEnableCipherCount(topology, 0)
-
-- topology.standalone.log.info("ticket47838, 47880, 47908 were successfully verified.");
-+ topology.standalone.log.info("ticket47838, 47880, 47908, 47928 were successfully verified.");
-
- def test_ticket47838_final(topology):
- topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-@@ -706,6 +859,10 @@ def run_isolated():
- test_ticket47838_run_9(topo)
- test_ticket47838_run_10(topo)
- test_ticket47838_run_11(topo)
-+ test_ticket47928_run_0(topo)
-+ test_ticket47928_run_1(topo)
-+ test_ticket47928_run_2(topo)
-+ test_ticket47928_run_3(topo)
-
- test_ticket47838_run_last(topo)
-
---
-1.9.3
-
diff --git a/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch b/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
new file mode 100644
index 0000000..cf76685
--- /dev/null
+++ b/SOURCES/0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
@@ -0,0 +1,37 @@
+From 23c9a297b240d1538125721fb0f93abb876ce9c1 Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins@redhat.com>
+Date: Thu, 16 Jul 2015 09:06:45 -0600
+Subject: [PATCH 23/30] Ticket #48224 - redux - logconv.pl should handle
+ *.tar.xz, *.txz, *.xz log files
+
+https://fedorahosted.org/389/ticket/48224
+Reviewed by:
+Branch: master
+Fix Description: Fix Requires: in spec file
+Platforms tested: Fedora 21, RHEL 7.2 candidate
+Flag Day: no
+Doc impact: no
+
+(cherry picked from commit 193d79d4a459b709c5a55cea88794105fa60c453)
+(cherry picked from commit 9109a570edd3ddb58434b19a9fca2f7c021b18ca)
+---
+ rpm/389-ds-base.spec.in | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
+index 3405ccd..d0bbb7a 100644
+--- a/rpm/389-ds-base.spec.in
++++ b/rpm/389-ds-base.spec.in
+@@ -116,9 +116,6 @@ Requires: perl-Socket6
+ Requires: perl-Socket
+ %endif
+ Requires: perl-NetAddr-IP
+-# for logconv compressed file support
+-Requires: perl-IO-Compress
+-Requires: perl-IO-Compress-Lzma
+
+ Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
+ # 389-ds-git.sh should be used to generate the source tarball from git
+--
+1.9.3
+
diff --git a/SOURCES/0024-Ticket-47937-Crash-in-entry_add_present_values_wsi_m.patch b/SOURCES/0024-Ticket-47937-Crash-in-entry_add_present_values_wsi_m.patch
deleted file mode 100644
index c31da71..0000000
--- a/SOURCES/0024-Ticket-47937-Crash-in-entry_add_present_values_wsi_m.patch
+++ /dev/null
@@ -1,319 +0,0 @@
-From 0fb6ca5fe49774a646e36fd7acd59638cc57041c Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 24 Oct 2014 14:14:25 -0400
-Subject: [PATCH 24/28] Ticket 47937 - Crash in
- entry_add_present_values_wsi_multi_valued
-
-Bug Description: If the DNA plugin uses an invlid attribute for "dnaType"
- this can lead to crash when DNA attempts to update this
- attribute.
-
-Fix Description: In the DNA plugin, verify that the attribute exists.
- Also in entrywsi.c, pass in the type from the attribute
- struct(which does do some basic normalization).
-
-https://fedorahosted.org/389/ticket/47937
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 3cdf0eb571d120573f2cda2c140fd2b4215c94fa)
-(cherry picked from commit 738d985dc6f52660e13d94a118271ce288a75ea6)
----
- dirsrvtests/tickets/ticket47937_test.py | 237 ++++++++++++++++++++++++++++++++
- ldap/servers/plugins/dna/dna.c | 8 ++
- ldap/servers/slapd/entrywsi.c | 5 +-
- 3 files changed, 248 insertions(+), 2 deletions(-)
- create mode 100644 dirsrvtests/tickets/ticket47937_test.py
-
-diff --git a/dirsrvtests/tickets/ticket47937_test.py b/dirsrvtests/tickets/ticket47937_test.py
-new file mode 100644
-index 0000000..09ee714
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket47937_test.py
-@@ -0,0 +1,237 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import socket
-+import pytest
-+from lib389 import DirSrv, Entry, tools
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from constants import *
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to standalone topology for the 'module'.
-+ At the beginning, It may exists a standalone instance.
-+ It may also exists a backup for the standalone instance.
-+
-+ Principle:
-+ If standalone instance exists:
-+ restart it
-+ If backup of standalone exists:
-+ create/rebind to standalone
-+
-+ restore standalone instance from backup
-+ else:
-+ Cleanup everything
-+ remove instance
-+ remove backup
-+ Create instance
-+ Create backup
-+ '''
-+ global installation_prefix
-+
-+ if installation_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ standalone = DirSrv(verbose=False)
-+
-+ # Args for the standalone instance
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+
-+ # Get the status of the backups
-+ backup_standalone = standalone.checkBackupFS()
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ # assuming the instance is already stopped, just wait 5 sec max
-+ standalone.stop(timeout=5)
-+ standalone.start(timeout=10)
-+
-+ if backup_standalone:
-+ # The backup exist, assuming it is correct
-+ # we just re-init the instance with it
-+ if not instance_standalone:
-+ standalone.create()
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # restore standalone instance from backup
-+ standalone.stop(timeout=10)
-+ standalone.restoreFS(backup_standalone)
-+ standalone.start(timeout=10)
-+
-+ else:
-+ # We should be here only in two conditions
-+ # - This is the first time a test involve standalone instance
-+ # - Something weird happened (instance/backup destroyed)
-+ # so we discard everything and recreate all
-+
-+ # Remove the backup. So even if we have a specific backup file
-+ # (e.g backup_standalone) we clear backup that an instance may have created
-+ if backup_standalone:
-+ standalone.clearBackupFS()
-+
-+ # Remove the instance
-+ if instance_standalone:
-+ standalone.delete()
-+
-+ # Create the instance
-+ standalone.create()
-+
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # Time to create the backups
-+ standalone.stop(timeout=10)
-+ standalone.backupfile = standalone.backupFS()
-+ standalone.start(timeout=10)
-+
-+ # clear the tmp directory
-+ standalone.clearTmpDir(__file__)
-+
-+ #
-+ # Here we have standalone instance up and running
-+ # Either coming from a backup recovery
-+ # or from a fresh (re)init
-+ # Time to return the topology
-+ return TopologyStandalone(standalone)
-+
-+
-+def test_ticket47937(topology):
-+ """
-+ Test that DNA plugin only accepts valid attributes for "dnaType"
-+ """
-+
-+ log.info("Creating \"ou=people\"...")
-+ try:
-+ topology.standalone.add_s(Entry(('ou=people,' + SUFFIX, {
-+ 'objectclass': 'top organizationalunit'.split(),
-+ 'ou': 'people'
-+ })))
-+
-+ except ldap.ALREADY_EXISTS:
-+ pass
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add ou=people org unit: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info("Creating \"ou=ranges\"...")
-+ try:
-+ topology.standalone.add_s(Entry(('ou=ranges,' + SUFFIX, {
-+ 'objectclass': 'top organizationalunit'.split(),
-+ 'ou': 'ranges'
-+ })))
-+
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add ou=ranges org unit: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info("Creating \"cn=entry\"...")
-+ try:
-+ topology.standalone.add_s(Entry(('cn=entry,ou=people,' + SUFFIX, {
-+ 'objectclass': 'top groupofuniquenames'.split(),
-+ 'cn': 'entry'
-+ })))
-+
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add test entry: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info("Creating DNA shared config entry...")
-+ try:
-+ topology.standalone.add_s(Entry(('dnaHostname=localhost.localdomain+dnaPortNum=389,ou=ranges,%s' % SUFFIX, {
-+ 'objectclass': 'top dnaSharedConfig'.split(),
-+ 'dnaHostname': 'localhost.localdomain',
-+ 'dnaPortNum': '389',
-+ 'dnaSecurePortNum': '636',
-+ 'dnaRemainingValues': '9501'
-+ })))
-+
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add shared config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info("Add dna plugin config entry...")
-+ try:
-+ topology.standalone.add_s(Entry(('cn=dna config,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config', {
-+ 'objectclass': 'top dnaPluginConfig'.split(),
-+ 'dnaType': 'description',
-+ 'dnaMaxValue': '10000',
-+ 'dnaMagicRegen': '0',
-+ 'dnaFilter': '(objectclass=top)',
-+ 'dnaScope': 'ou=people,%s' % SUFFIX,
-+ 'dnaNextValue': '500',
-+ 'dnaSharedCfgDN': 'ou=ranges,%s' % SUFFIX
-+ })))
-+
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add DNA config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ log.info("Enable the DNA plugin...")
-+ try:
-+ topology.standalone.plugins.enable(name=PLUGIN_DNA)
-+ except e:
-+ log.error("Failed to enable DNA Plugin: error " + e.message['desc'])
-+ assert False
-+
-+ log.info("Restarting the server...")
-+ topology.standalone.stop(timeout=120)
-+ time.sleep(1)
-+ topology.standalone.start(timeout=120)
-+ time.sleep(3)
-+
-+ log.info("Apply an invalid attribute to the DNA config(dnaType: foo)...")
-+
-+ try:
-+ topology.standalone.modify_s('cn=dna config,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config',
-+ [(ldap.MOD_REPLACE, 'dnaType', 'foo')])
-+ except ldap.LDAPError, e:
-+ log.info('Operation failed as expected (error: %s)' % e.message['desc'])
-+ else:
-+ log.error('Operation incorectly succeeded! Test Failed!')
-+ assert False
-+
-+ topology.standalone.log.info('Test 47937 Passed.')
-+
-+
-+def test_ticket47937_final(topology):
-+ topology.standalone.stop(timeout=10)
-+
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ topo = topology(True)
-+ test_ticket47937(topo)
-+
-+if __name__ == '__main__':
-+ run_isolated()
-\ No newline at end of file
-diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
-index bc280a4..75edca8 100644
---- a/ldap/servers/plugins/dna/dna.c
-+++ b/ldap/servers/plugins/dna/dna.c
-@@ -936,6 +936,14 @@ dna_parse_config_entry(Slapi_PBlock *pb, Slapi_Entry * e, int apply)
- }
-
- for (i = 0; entry->types && entry->types[i]; i++) {
-+ if (!slapi_attr_syntax_exists(entry->types[i])){
-+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-+ "dna_parse_config_entry: dnaType (%s) does "
-+ "not exist.\n",
-+ entry->types[i]);
-+ ret = DNA_FAILURE;
-+ goto bail;
-+ }
- slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM,
- "----------> %s [%s]\n", DNA_TYPE, entry->types[i]);
- }
-diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
-index 7039bfc..41afe1a 100644
---- a/ldap/servers/slapd/entrywsi.c
-+++ b/ldap/servers/slapd/entrywsi.c
-@@ -423,6 +423,7 @@ static void resolve_attribute_state_present_to_deleted(Slapi_Entry *e, Slapi_Att
- static void resolve_attribute_state_to_present_or_deleted(Slapi_Entry *e, Slapi_Attr *a, Slapi_Value **valuestoupdate, int attribute_state);
- static int entry_add_present_values_wsi_single_valued(Slapi_Entry *e, const char *type, struct berval **bervals, const CSN *csn, int urp, long flags);
- static int entry_add_present_values_wsi_multi_valued(Slapi_Entry *e, const char *type, struct berval **bervals, const CSN *csn, int urp, long flags);
-+
- static int
- entry_add_present_values_wsi(Slapi_Entry *e, const char *type, struct berval **bervals, const CSN *csn, int urp, long flags)
- {
-@@ -439,11 +440,11 @@ entry_add_present_values_wsi(Slapi_Entry *e, const char *type, struct berval **b
-
- if(slapi_attr_flag_is_set(a,SLAPI_ATTR_FLAG_SINGLE))
- {
-- retVal = entry_add_present_values_wsi_single_valued( e, type, bervals, csn, urp, 0 );
-+ retVal = entry_add_present_values_wsi_single_valued( e, a->a_type, bervals, csn, urp, 0 );
- }
- else
- {
-- retVal = entry_add_present_values_wsi_multi_valued( e, type, bervals, csn, urp, 0 );
-+ retVal = entry_add_present_values_wsi_multi_valued( e, a->a_type, bervals, csn, urp, 0 );
- }
- return retVal;
- }
---
-1.9.3
-
diff --git a/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
new file mode 100644
index 0000000..21a99ea
--- /dev/null
+++ b/SOURCES/0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
@@ -0,0 +1,43 @@
+From 413414c98313a076111d8e40a7a10fa369433e6e Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 16 Jul 2015 10:34:47 -0700
+Subject: [PATCH 24/30] Ticket #48226 - In MMR, double free coould occur under
+ some special condition
+
+Bug description:
+ In a replicated topology, a authenticated user that have write access
+ on an entry can send a series of operations that crash the server.
+ The crash is due to an access to a already freed buffer.
+Fix description:
+ To avoid the double free, duplicate a CSNSet and assign it to the
+ Slapi_Value.
+
+https://fedorahosted.org/389/ticket/48226
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit a0f8e0f981a046882db299a7a6d6d1c01bc19571)
+(cherry picked from commit bdbc81e62eb8d7b8dfb298c7ba983cf86353fe66)
+---
+ ldap/servers/slapd/valueset.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
+index 0cf3ded..7eabb82 100644
+--- a/ldap/servers/slapd/valueset.c
++++ b/ldap/servers/slapd/valueset.c
+@@ -1415,8 +1415,9 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
+ if(v)
+ {
+ value_update_csn(v,t,csn);
+- if (csnref_updated)
+- valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v);
++ if (csnref_updated) {
++ valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
++ }
+ valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
+ valuestoupdate[i]= NULL;
+ del_count++;
+--
+1.9.3
+
diff --git a/SOURCES/0025-Ticket-47928-Disable-SSL-v3-by-default.patch b/SOURCES/0025-Ticket-47928-Disable-SSL-v3-by-default.patch
deleted file mode 100644
index ea6855f..0000000
--- a/SOURCES/0025-Ticket-47928-Disable-SSL-v3-by-default.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 02e9d25e7836bc5f350bc81d78ed2b8dd457f9b2 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 27 Oct 2014 09:24:46 -0700
-Subject: [PATCH 25/28] Ticket #47928 - Disable SSL v3, by default.
-
-Description: commit c1ecd8b659a0b8f7d84f8157cb69810c85ee26e4
-introdueced a coverity defect: 12783 - Logically dead code
-
-This patch removes the dead code.
-
-https://fedorahosted.org/389/ticket/47928
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 77989d3bb5471542db50d66de77cc40fe4500cbd)
-(cherry picked from commit 29a41604ce48855bd6d96bbd83cbae870deaa8d7)
----
- ldap/servers/slapd/ssl.c | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index 26ef251..f81d1fb 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -1215,7 +1215,6 @@ slapd_ssl_init()
- PRErrorCode errorCode;
- char ** family_list;
- char *val = NULL;
-- int rv = 0;
- PK11SlotInfo *slot;
- Slapi_Entry *entry = NULL;
-
-@@ -1334,10 +1333,6 @@ slapd_ssl_init()
- * already been executed. */
- _security_library_initialized = 1;
-
-- if ( rv != 0 ) {
-- return rv;
-- }
--
- return 0;
- }
-
---
-1.9.3
-
diff --git a/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
new file mode 100644
index 0000000..3db39ae
--- /dev/null
+++ b/SOURCES/0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
@@ -0,0 +1,266 @@
+From e6b20ffcc995b2ac190b96850073c0569bc6d294 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 16 Jul 2015 10:41:53 -0700
+Subject: [PATCH 25/30] Ticket #48226 - CI test: added test cases for ticket
+ 48226
+
+Description: In MMR, double free coould occur under some special condition
+
+This test script was written by thierry bordaz <tbordaz@redhat.com>.
+A small modification to check the memory leak was added.
+
+(cherry picked from commit f5d24450477f8341261c3e5cb5c54ec1ab83328f)
+(cherry picked from commit 8600a5eabc78848ad1bf0a9c2014823d0cd6cedc)
+---
+ dirsrvtests/tickets/ticket48226_test.py | 239 ++++++++++++++++++++++++++++++++
+ 1 file changed, 239 insertions(+)
+ create mode 100644 dirsrvtests/tickets/ticket48226_test.py
+
+diff --git a/dirsrvtests/tickets/ticket48226_test.py b/dirsrvtests/tickets/ticket48226_test.py
+new file mode 100644
+index 0000000..87814e7
+--- /dev/null
++++ b/dirsrvtests/tickets/ticket48226_test.py
+@@ -0,0 +1,239 @@
++# --- BEGIN COPYRIGHT BLOCK ---
++# Copyright (C) 2015 Red Hat, Inc.
++# All rights reserved.
++#
++# License: GPL (version 3 or any later version).
++# See LICENSE for details.
++# --- END COPYRIGHT BLOCK ---
++#
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++installation1_prefix = None
++
++
++class TopologyReplication(object):
++ def __init__(self, master1, master2):
++ master1.open()
++ self.master1 = master1
++ master2.open()
++ self.master2 = master2
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ global installation1_prefix
++ os.environ['USE_VALGRIND'] = '1'
++ if installation1_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
++
++ # Creating master 1...
++ master1 = DirSrv(verbose=False)
++ if installation1_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
++ args_instance[SER_HOST] = HOST_MASTER_1
++ args_instance[SER_PORT] = PORT_MASTER_1
++ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_master = args_instance.copy()
++ master1.allocate(args_master)
++ instance_master1 = master1.exists()
++ if instance_master1:
++ master1.delete()
++ master1.create()
++ master1.open()
++ master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1)
++
++ # Creating master 2...
++ master2 = DirSrv(verbose=False)
++ if installation1_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
++ args_instance[SER_HOST] = HOST_MASTER_2
++ args_instance[SER_PORT] = PORT_MASTER_2
++ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_master = args_instance.copy()
++ master2.allocate(args_master)
++ instance_master2 = master2.exists()
++ if instance_master2:
++ master2.delete()
++ master2.create()
++ master2.open()
++ master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2)
++
++ #
++ # Create all the agreements
++ #
++ # Creating agreement from master 1 to master 2
++ properties = {RA_NAME: r'meTo_$host:$port',
++ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
++ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
++ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
++ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
++ m1_m2_agmt = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties)
++ if not m1_m2_agmt:
++ log.fatal("Fail to create a master -> master replica agreement")
++ sys.exit(1)
++ log.debug("%s created" % m1_m2_agmt)
++
++ # Creating agreement from master 2 to master 1
++ properties = {RA_NAME: r'meTo_$host:$port',
++ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
++ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
++ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
++ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
++ m2_m1_agmt = master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties)
++ if not m2_m1_agmt:
++ log.fatal("Fail to create a master -> master replica agreement")
++ sys.exit(1)
++ log.debug("%s created" % m2_m1_agmt)
++
++ # Allow the replicas to get situated with the new agreements...
++ time.sleep(5)
++
++ #
++ # Initialize all the agreements
++ #
++ master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2)
++ master1.waitForReplInit(m1_m2_agmt)
++
++ # Check replication is working...
++ if master1.testReplication(DEFAULT_SUFFIX, master2):
++ log.info('Replication is working.')
++ else:
++ log.fatal('Replication is not working.')
++ assert False
++
++ # Clear out the tmp dir
++ master1.clearTmpDir(__file__)
++
++ return TopologyReplication(master1, master2)
++
++def test_ticket11111_set_purgedelay(topology):
++ args = {REPLICA_PURGE_DELAY: '5',
++ REPLICA_PURGE_INTERVAL: '5'}
++ try:
++ topology.master1.replica.setProperties(DEFAULT_SUFFIX, None, None, args)
++ except:
++ log.fatal('Failed to configure replica')
++ assert False
++ try:
++ topology.master2.replica.setProperties(DEFAULT_SUFFIX, None, None, args)
++ except:
++ log.fatal('Failed to configure replica')
++ assert False
++ topology.master1.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-auditlog-logging-enabled', 'on')])
++ topology.master2.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-auditlog-logging-enabled', 'on')])
++ topology.master1.restart(10)
++ topology.master2.restart(10)
++
++
++def test_ticket11111_1(topology):
++ name = 'test_entry'
++ dn = "cn=%s,%s" % (name, SUFFIX)
++
++ topology.master1.add_s(Entry((dn , {
++ 'objectclass': "top person".split(),
++ 'sn': name,
++ 'cn': name})))
++
++ # First do an update that is replicated
++ mods = [(ldap.MOD_ADD, 'description', '5')]
++ topology.master1.modify_s(dn, mods)
++
++ nbtry = 0
++ while (nbtry <= 10):
++ try:
++ ent = topology.master2.getEntry(dn, ldap.SCOPE_BASE, "(objectclass=*)", ['description'])
++ if ent.hasAttr('description') and ent.getValue('description') == '5':
++ break
++ except ldap.NO_SUCH_OBJECT:
++ pass
++ nbtry = nbtry + 1
++ time.sleep(1)
++ assert nbtry <= 10
++
++ # Stop M2 so that it will not receive the next update
++ topology.master2.stop(10)
++
++ # ADD a new value that is not replicated
++ mods = [(ldap.MOD_DELETE, 'description', '5')]
++ topology.master1.modify_s(dn, mods)
++
++ # Stop M1 so that it will keep del '5' that is unknown from master2
++ topology.master1.stop(10)
++
++ # Get the sbin directory so we know where to replace 'ns-slapd'
++ sbin_dir = get_sbin_dir(prefix=topology.master2.prefix)
++
++ # Enable valgrind
++ valgrind_enable(sbin_dir)
++
++ # start M2 to do the next updates
++ topology.master2.start(10)
++
++ # ADD 'description' by '5'
++ mods = [(ldap.MOD_DELETE, 'description', '5')]
++ topology.master2.modify_s(dn, mods)
++
++ # DEL 'description' by '5'
++ mods = [(ldap.MOD_ADD, 'description', '5')]
++ topology.master2.modify_s(dn, mods)
++
++ # sleep of purgedelay so that the next update will purge the CSN_7
++ time.sleep(6)
++
++ # ADD 'description' by '8' that purge the state info
++ mods = [(ldap.MOD_ADD, 'description', '6')]
++ topology.master2.modify_s(dn, mods)
++
++ if valgrind_check_leak(topology.master2, 'csnset_dup'):
++ log.error('test_csnset_dup: Memory leak is present!')
++ else:
++ log.info('test_csnset_dup: No leak is present!')
++
++ if valgrind_check_leak(topology.master2, 'Invalid'):
++ log.info('Valgrind reported invalid!')
++ else:
++ log.info('Valgrind is happy!')
++
++ #log.info("You can attach yourself")
++ #time.sleep(60)
++
++ # Enable valgrind
++ valgrind_disable(sbin_dir)
++
++ topology.master1.start(10)
++
++
++def test_ticket11111_final(topology):
++ topology.master1.delete()
++ topology.master2.delete()
++ log.info('Testcase PASSED')
++
++
++def run_isolated():
++ global installation1_prefix
++ installation1_prefix = None
++
++ topo = topology(True)
++ test_ticket11111_set_purgedelay(topo)
++ test_ticket11111_1(topo)
++
++
++if __name__ == '__main__':
++ run_isolated()
++
+--
+1.9.3
+
diff --git a/SOURCES/0026-Ticket-47939-Malformed-cookie-for-LDAP-Sync-makes-DS.patch b/SOURCES/0026-Ticket-47939-Malformed-cookie-for-LDAP-Sync-makes-DS.patch
deleted file mode 100644
index b217b4e..0000000
--- a/SOURCES/0026-Ticket-47939-Malformed-cookie-for-LDAP-Sync-makes-DS.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From fe0ac5946b04d9ff2455692ddb8c0a8b0c91a7c7 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 3 Nov 2014 16:58:21 -0800
-Subject: [PATCH 26/28] Ticket #47939 - Malformed cookie for LDAP Sync makes DS
- crash
-
-Bug Description: If a cookie sent from clients did not have the
-expected form: server_signature#client_signature#change_info_number,
-a NULL reference triggered a server crash in sync_cookie_isvalid.
-
-Fix Description: If a cookie does not have the expected form,
-sync_cookie_parse returns NULL, which prevents the NULL reference
-in the server_signature and client_signature.
-
-https://fedorahosted.org/389/ticket/47939
-
-Reviewed by lkrispen@redhat.com (Thank you, Ludwig!!)
-
-(cherry picked from commit 8f540a6cee09be13430ebe0b983d2affe2863365)
-(cherry picked from commit d87202acad6426bee7af8753a0ffe5ad5b3082df)
----
- ldap/servers/plugins/sync/sync_util.c | 33 ++++++++++++++++++++++-----------
- 1 file changed, 22 insertions(+), 11 deletions(-)
-
-diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
-index ef4a3f7..de65b99 100644
---- a/ldap/servers/plugins/sync/sync_util.c
-+++ b/ldap/servers/plugins/sync/sync_util.c
-@@ -552,21 +552,21 @@ Sync_Cookie *
- sync_cookie_parse (char *cookie)
- {
- char *p, *q;
-- Sync_Cookie *sc;
-+ Sync_Cookie *sc = NULL;
-
- if (cookie == NULL || *cookie == '\0' ) {
- return NULL;
- }
-
-+ /*
-+ * Format of cookie: server_signature#client_signature#change_info_number
-+ * If the cookie is malformed, NULL is returned.
-+ */
- p = q = cookie;
-- sc = (Sync_Cookie *)slapi_ch_malloc(sizeof(Sync_Cookie));
--
-- sc->cookie_client_signature = NULL;
-- sc->cookie_server_signature = NULL;
-- sc->cookie_change_info = -1;
- p = strchr(q, '#');
- if (p) {
- *p = '\0';
-+ sc = (Sync_Cookie *)slapi_ch_calloc(1, sizeof(Sync_Cookie));
- sc->cookie_server_signature = slapi_ch_strdup(q);
- q = p + 1;
- p = strchr(q, '#');
-@@ -574,21 +574,32 @@ sync_cookie_parse (char *cookie)
- *p = '\0';
- sc->cookie_client_signature = slapi_ch_strdup(q);
- sc->cookie_change_info = sync_number2int(p+1);
-+ if (sc->cookie_change_info < 0) {
-+ goto error_return;
-+ }
-+ } else {
-+ goto error_return;
- }
- }
--
- return (sc);
-+error_return:
-+ slapi_ch_free_string(&(sc->cookie_client_signature));
-+ slapi_ch_free_string(&(sc->cookie_server_signature));
-+ slapi_ch_free((void **)&sc);
-+ return NULL;
- }
-
- int
- sync_cookie_isvalid (Sync_Cookie *testcookie, Sync_Cookie *refcookie)
- {
- /* client and server info must match */
-- if (strcmp(testcookie->cookie_client_signature,refcookie->cookie_client_signature) ||
-- strcmp(testcookie->cookie_server_signature,refcookie->cookie_server_signature) ||
-- testcookie->cookie_change_info == -1 ||
-- testcookie->cookie_change_info > refcookie->cookie_change_info )
-+ if ((testcookie && refcookie) &&
-+ (strcmp(testcookie->cookie_client_signature,refcookie->cookie_client_signature) ||
-+ strcmp(testcookie->cookie_server_signature,refcookie->cookie_server_signature) ||
-+ testcookie->cookie_change_info == -1 ||
-+ testcookie->cookie_change_info > refcookie->cookie_change_info)) {
- return (0);
-+ }
- /* could add an additional check if the requested state in client cookie is still
- * available. Accept any state request for now.
- */
---
-1.9.3
-
diff --git a/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch b/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
new file mode 100644
index 0000000..275a95c
--- /dev/null
+++ b/SOURCES/0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
@@ -0,0 +1,293 @@
+From 1acfdbb4428c70f7f6058da4374ecb29f9bb3149 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Fri, 17 Jul 2015 15:08:00 -0400
+Subject: [PATCH 26/30] Ticket 48179 - Starting a replica agreement can lead to
+ deadlock
+
+Bug Description: When starting a replica agreement and setting the agmt maxcsn
+ a deadlock can occur with another op updating nsuniqueid index.
+ When setting the agmt maxcsn the server searches for the tombstone
+ ruv which uses the nsuniqueid index, and it does this while holding
+ the repl agmt lock. If another thread is doing a delete and
+ writing to the change log, it can also grab a write lock on the
+ nsuniqueid index, before it attempts to grab the agmt lock. This
+ can lead to a deadlock if the timing is right.
+
+Fix Description: When starting the agmt and setting the agmt maxcsn, search/get
+ the tombstone ruv before we take the repl agmt lock.
+
+https://fedorahosted.org/389/ticket/48179
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit eb3086dcb0c56a23d6cee00a12f38b2584fe59a2)
+(cherry picked from commit 23a3ff6082cba3eb749401eff44942b16dc30538)
+---
+ ldap/servers/plugins/replication/repl5.h | 1 -
+ ldap/servers/plugins/replication/repl5_agmt.c | 211 ++++++++++++--------------
+ 2 files changed, 101 insertions(+), 111 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
+index 4a5d859..0b0f26b 100644
+--- a/ldap/servers/plugins/replication/repl5.h
++++ b/ldap/servers/plugins/replication/repl5.h
+@@ -380,7 +380,6 @@ PRUint64 agmt_get_protocol_timeout(Repl_Agmt *agmt);
+ void agmt_set_protocol_timeout(Repl_Agmt *agmt, PRUint64 timeout);
+ void agmt_update_maxcsn(Replica *r, Slapi_DN *sdn, int op, LDAPMod **mods, CSN *csn);
+ void add_agmt_maxcsns(Slapi_Entry *e, Replica *r);
+-void agmt_set_maxcsn(Repl_Agmt *ra);
+ void agmt_remove_maxcsn(Repl_Agmt *ra);
+ int agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod);
+ int agmt_set_WaitForAsyncResults(Repl_Agmt *ra, const Slapi_Entry *e);
+diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
+index 9d1a8f2..f84eacb 100644
+--- a/ldap/servers/plugins/replication/repl5_agmt.c
++++ b/ldap/servers/plugins/replication/repl5_agmt.c
+@@ -668,43 +668,127 @@ int
+ agmt_start(Repl_Agmt *ra)
+ {
+ Repl_Protocol *prot = NULL;
++ Slapi_PBlock *pb = NULL;
++ Slapi_Entry **entries = NULL;
++ Slapi_DN *repl_sdn = NULL;
++ char *attrs[2];
++ int protocol_state;
++ int found_ruv = 0;
++ int rc = 0;
+
+- int protocol_state;
+-
+- /* To Allow Consumer Initialisation when adding an agreement: */
+- if (ra->auto_initialize == STATE_PERFORMING_TOTAL_UPDATE)
+- {
+- protocol_state = STATE_PERFORMING_TOTAL_UPDATE;
+- }
+- else
+- {
+- protocol_state = STATE_PERFORMING_INCREMENTAL_UPDATE;
+- }
++ /* To Allow Consumer Initialisation when adding an agreement: */
++ if (ra->auto_initialize == STATE_PERFORMING_TOTAL_UPDATE){
++ protocol_state = STATE_PERFORMING_TOTAL_UPDATE;
++ } else {
++ protocol_state = STATE_PERFORMING_INCREMENTAL_UPDATE;
++ }
+
+ /* First, create a new protocol object */
+ if ((prot = prot_new(ra, protocol_state)) == NULL) {
+ return -1;
+ }
+
+- /* Now it is safe to own the agreement lock */
++ /*
++ * Set the agmt maxcsn
++ *
++ * We need to get the replica ruv before we take the
++ * agmt lock to avoid potential deadlocks on the nsuniqueid
++ * index.
++ */
++ repl_sdn = agmt_get_replarea(ra);
++
++ pb = slapi_pblock_new();
++ attrs[0] = (char*)type_agmtMaxCSN;
++ attrs[1] = NULL;
++ slapi_search_internal_set_pb_ext(
++ pb,
++ repl_sdn,
++ LDAP_SCOPE_BASE,
++ "objectclass=*",
++ attrs,
++ 0,
++ NULL,
++ RUV_STORAGE_ENTRY_UNIQUEID,
++ repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION),
++ OP_FLAG_REPLICATED);
++ slapi_search_internal_pb (pb);
++
++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
++ if (rc == LDAP_SUCCESS){
++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
++ if (NULL == entries || NULL == entries[0]){
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
++ "agmt_start: replica ruv tombstone entry for "
++ "replica %s not found\n",
++ slapi_sdn_get_dn(ra->replarea));
++ } else {
++ found_ruv = 1;
++ }
++ }
++
++ /*
++ * Now it is safe to own the agreement lock
++ */
+ PR_Lock(ra->lock);
+
+ /* Check that replication is not already started */
+ if (ra->protocol != NULL) {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "replication already started for agreement \"%s\"\n", agmt_get_long_name(ra));
+- PR_Unlock(ra->lock);
+ prot_free(&prot);
+- return 0;
++ goto done;
+ }
+
++ /* Set and start the protocol */
+ ra->protocol = prot;
+-
+- /* Start the protocol thread */
+ prot_start(ra->protocol);
+
+- agmt_set_maxcsn(ra);
++ /*
++ * If we found the repl ruv, set the agmt maxcsn...
++ */
++ if (found_ruv){
++ Replica *r;
++ Object *repl_obj;
++ char **maxcsns = NULL;
++ int i;
+
++ maxcsns = slapi_entry_attr_get_charray(entries[0], type_agmtMaxCSN);
++ repl_obj = prot_get_replica_object(ra->protocol);
++ if(repl_obj && maxcsns){
++ r = (Replica *)object_get_data(repl_obj);
++ if(r){
++ /*
++ * Loop over all the agmt maxcsns and find ours...
++ */
++ for(i = 0; maxcsns[i]; i++){
++ char buf[BUFSIZ];
++ char unavail_buf[BUFSIZ];
++
++ PR_snprintf(buf,BUFSIZ,"%s;%s;%s;%d;",slapi_sdn_get_dn(repl_sdn),
++ slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
++ ra->hostname, ra->port);
++ PR_snprintf(unavail_buf, BUFSIZ,"%s;%s;%s;%d;unavailable", slapi_sdn_get_dn(repl_sdn),
++ slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
++ ra->hostname, ra->port);
++ if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
++ /* Set the maxcsn */
++ slapi_ch_free_string(&ra->maxcsn);
++ ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
++ ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
++ ra->tmpConsumerRID = 1;
++ break;
++ }
++ }
++ }
++ }
++ slapi_ch_array_free(maxcsns);
++ }
++
++done:
+ PR_Unlock(ra->lock);
++ slapi_free_search_results_internal(pb);
++ slapi_pblock_destroy (pb);
++ slapi_sdn_free(&repl_sdn);
++
+ return 0;
+ }
+
+@@ -3052,99 +3136,6 @@ agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod)
+ }
+
+ /*
+- * Called when we start a repl agmt
+- */
+-void
+-agmt_set_maxcsn(Repl_Agmt *ra)
+-{
+- Slapi_PBlock *pb = NULL;
+- Slapi_Entry **entries = NULL;
+- Replica *r = NULL;
+- Object *repl_obj;
+- const Slapi_DN *tombstone_sdn = NULL;
+- char *attrs[2];
+- int rc;
+-
+- /* read ruv state from the ruv tombstone entry */
+- pb = slapi_pblock_new();
+- if (!pb) {
+- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "agmt_set_maxcsn: Out of memory\n");
+- goto done;
+- }
+- repl_obj = prot_get_replica_object(ra->protocol);
+- if(repl_obj){
+- r = (Replica *)object_get_data(repl_obj);
+- tombstone_sdn = replica_get_root(r);
+- }
+- ra->maxcsn = NULL;
+- attrs[0] = (char*)type_agmtMaxCSN;
+- attrs[1] = NULL;
+- slapi_search_internal_set_pb_ext(
+- pb,
+- (Slapi_DN *)tombstone_sdn,
+- LDAP_SCOPE_BASE,
+- "objectclass=*",
+- attrs,
+- 0, /* attrsonly */
+- NULL, /* controls */
+- RUV_STORAGE_ENTRY_UNIQUEID,
+- repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION),
+- OP_FLAG_REPLICATED); /* flags */
+- slapi_search_internal_pb (pb);
+-
+- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
+- if (rc == LDAP_SUCCESS){
+- Replica *r;
+- Object *repl_obj;
+- char **maxcsns;
+- int i;
+-
+- slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
+- if (NULL == entries || NULL == entries[0]){
+- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+- "agmt_set_maxcsn: replica ruv tombstone entry for "
+- "replica %s not found\n",
+- slapi_sdn_get_dn(ra->replarea));
+- goto done;
+- }
+- maxcsns = slapi_entry_attr_get_charray(entries[0], type_agmtMaxCSN);
+- repl_obj = prot_get_replica_object(ra->protocol);
+- if(repl_obj && maxcsns){
+- r = (Replica *)object_get_data(repl_obj);
+- if(r){
+- /*
+- * Loop over all the agmt maxcsns and find ours
+- */
+- for(i = 0; maxcsns[i]; i++){
+- char buf[BUFSIZ];
+- char unavail_buf[BUFSIZ];
+-
+- PR_snprintf(buf,BUFSIZ,"%s;%s;%s;%d;",slapi_sdn_get_dn(ra->replarea),
+- slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
+- ra->hostname, ra->port);
+- PR_snprintf(unavail_buf, BUFSIZ,"%s;%s;%s;%d;unavailable", slapi_sdn_get_dn(ra->replarea),
+- slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
+- ra->hostname, ra->port);
+- if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
+- slapi_ch_free_string(&ra->maxcsn);
+- ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
+- ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
+- ra->tmpConsumerRID = 1;
+- break;
+- }
+- }
+- }
+- }
+- slapi_ch_array_free(maxcsns);
+- }
+-done:
+- if (NULL != pb){
+- slapi_free_search_results_internal(pb);
+- slapi_pblock_destroy (pb);
+- }
+-}
+-
+-/*
+ * Parse out the consumer replicaID from the agmt maxcsn
+ *
+ * "repl area;agmt_rdn;hostname;port;consumer_rid;maxcsn"
+--
+1.9.3
+
diff --git a/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch b/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
new file mode 100644
index 0000000..5ad4f0c
--- /dev/null
+++ b/SOURCES/0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
@@ -0,0 +1,72 @@
+From 422028f6589250523c8a8669827bd0cccc347090 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 20 Jul 2015 11:18:12 -0400
+Subject: [PATCH 27/30] Ticket 47910 - logconv.pl - check that the end time is
+ greater than the start time
+
+Bug Description: There is no check if the end time is greater than the start time.
+ This leads to an empty report being generated, when an error
+ should be returned instead.
+
+Fix Description: If start and end time are used, validate that the end time is
+ greater than the start time.
+
+ Also, improved an error message when the tool options are not
+ correctly used.
+
+https://fedorahosted.org/389/ticket/47910
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 34ffa6c44734b99c252e7585bb499089ac8e6a67)
+(cherry picked from commit 16b95b12d26fb293d68be154c602398798353bb8)
+---
+ ldap/admin/src/logconv.pl | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
+index d26e91e..0038a03 100755
+--- a/ldap/admin/src/logconv.pl
++++ b/ldap/admin/src/logconv.pl
+@@ -148,14 +148,13 @@ while($arg_count <= $#ARGV){
+ }
+
+ if($file_count == 0){
+- if($reportStatsSecFile or $reportStatsMinFile){
+- print "Usage error for option -m or -M, either the output file or access log is missing!\n\n";
+- } else {
+- print "There are no access logs specified!\n\n";
+- }
++ print "There are no access logs specified, or the tool options have not been used correctly!\n";
+ exit 1;
+ }
+
++#
++# Initialize the statistic blocks
++#
+ if ($reportStatsSecFile) {
+ $s_stats = new_stats_block($reportStatsSecFile);
+ $reportStats = "-m";
+@@ -357,6 +356,19 @@ my %monthname = (
+
+ );
+
++#
++# Validate start/end times (if specified)
++#
++if ($startTime and $endTime){
++ # Make sure the end time is not earlier than the start time
++ my $testStart = convertTimeToSeconds($startTime);
++ my $testEnd = convertTimeToSeconds($endTime);
++ if ($testStart > $testEnd){
++ print "Start time ($startTime) is greater than end time ($endTime)!\n";
++ exit 1;
++ }
++}
++
+ my $linesProcessed;
+ my $lineBlockCount;
+ my $cursize = 0;
+--
+1.9.3
+
diff --git a/SOURCES/0027-Ticket-47945-Add-SSL-TLS-version-info-to-the-access-.patch b/SOURCES/0027-Ticket-47945-Add-SSL-TLS-version-info-to-the-access-.patch
deleted file mode 100644
index 675fa31..0000000
--- a/SOURCES/0027-Ticket-47945-Add-SSL-TLS-version-info-to-the-access-.patch
+++ /dev/null
@@ -1,641 +0,0 @@
-From e7c71a8c3a361fa7cbf96a0c57723c74d044922a Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 10 Nov 2014 13:51:34 -0800
-Subject: [PATCH 27/28] Ticket #47945 - Add SSL/TLS version info to the access
- log
-
-Description: Added the currently used SSL library version info per
-connection to the access log.
-Sample output:
- SSL
- [..] conn=3 fd=64 slot=64 SSL connection from ::1 to ::1
- [..] conn=3 TLS1.2 128-bit AES-GCM
-
- startTLS
- [..] conn=4 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
- [..] conn=4 op=0 RESULT err=0 tag=120 nentries=0 etime=0
- [..] conn=4 TLS1.2 128-bit AES-GCM
-
-To convert the SSL version number to string (e.g., SSL_LIBRARY_VERSION_
-TLS_1_2 --> "TLS1.2"), instead of maintaining a mapping table, this
-patch calculates the number and generates the version string.
-
-https://fedorahosted.org/389/ticket/47945
-
-Reviewed and adviced by rmeggins@redhat.com (Thanks a lot, Rich!!)
-
-(cherry picked from commit a2e0de3aa90f04593427628afeb7fe090dac93fb)
-(cherry picked from commit 0d1087d0c4dc9b6af3a01776ae11e0977c447fb7)
----
- ldap/servers/slapd/auth.c | 85 +++++++++-------
- ldap/servers/slapd/slapi-private.h | 19 ++++
- ldap/servers/slapd/ssl.c | 194 ++++++++++++++++++++-----------------
- 3 files changed, 174 insertions(+), 124 deletions(-)
-
-diff --git a/ldap/servers/slapd/auth.c b/ldap/servers/slapd/auth.c
-index 5b7dc31..0219576 100644
---- a/ldap/servers/slapd/auth.c
-+++ b/ldap/servers/slapd/auth.c
-@@ -430,9 +430,10 @@ handle_handshake_done (PRFileDesc *prfd, void* clientData)
- int keySize = 0;
- char* cipher = NULL;
- char* extraErrorMsg = "";
-- SSLChannelInfo channelInfo;
-- SSLCipherSuiteInfo cipherInfo;
-- char* subject = NULL;
-+ SSLChannelInfo channelInfo;
-+ SSLCipherSuiteInfo cipherInfo;
-+ char* subject = NULL;
-+ char sslversion[64];
-
- if ( (slapd_ssl_getChannelInfo (prfd, &channelInfo, sizeof(channelInfo))) != SECSuccess ) {
- PRErrorCode errorCode = PR_GetError();
-@@ -460,38 +461,48 @@ handle_handshake_done (PRFileDesc *prfd, void* clientData)
- * to be enough, close the SSL connection. */
- if ( conn->c_flags & CONN_FLAG_START_TLS ) {
- if ( cipherInfo.symKeyBits == 0 ) {
-- start_tls_graceful_closure( conn, NULL, 1 );
-- goto done;
-- }
-+ start_tls_graceful_closure( conn, NULL, 1 );
-+ goto done;
-+ }
- }
-
- if (config_get_SSLclientAuth() == SLAPD_SSLCLIENTAUTH_OFF ) {
-- slapi_log_access (LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " SSL %i-bit %s\n",
-- (long long unsigned int)conn->c_connid, keySize, cipher ? cipher : "NULL" );
-- goto done;
-- }
-+ (void) slapi_getSSLVersion_str(channelInfo.protocolVersion, sslversion, sizeof(sslversion));
-+ slapi_log_access (LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " %s %i-bit %s\n",
-+ (long long unsigned int)conn->c_connid,
-+ sslversion, keySize, cipher ? cipher : "NULL" );
-+ goto done;
-+ }
- if (clientCert == NULL) {
-- slapi_log_access (LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " SSL %i-bit %s\n",
-- (long long unsigned int)conn->c_connid, keySize, cipher ? cipher : "NULL" );
-+ (void) slapi_getSSLVersion_str(channelInfo.protocolVersion, sslversion, sizeof(sslversion));
-+ slapi_log_access (LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " %s %i-bit %s\n",
-+ (long long unsigned int)conn->c_connid,
-+ sslversion, keySize, cipher ? cipher : "NULL" );
- } else {
-- subject = subject_of (clientCert);
-- if (!subject) {
-- slapi_log_access( LDAP_DEBUG_STATS,
-- "conn=%" NSPRIu64 " SSL %i-bit %s; missing subject\n",
-- (long long unsigned int)conn->c_connid, keySize, cipher ? cipher : "NULL");
-- goto done;
-- }
-- {
-- char* issuer = issuer_of (clientCert);
-- char sbuf[ BUFSIZ ], ibuf[ BUFSIZ ];
-- slapi_log_access( LDAP_DEBUG_STATS,
-- "conn=%" NSPRIu64 " SSL %i-bit %s; client %s; issuer %s\n",
-- (long long unsigned int)conn->c_connid, keySize, cipher ? cipher : "NULL",
-- subject ? escape_string( subject, sbuf ) : "NULL",
-- issuer ? escape_string( issuer, ibuf ) : "NULL");
-- if (issuer) free (issuer);
-- }
-- slapi_dn_normalize (subject);
-+ subject = subject_of (clientCert);
-+ if (!subject) {
-+ (void) slapi_getSSLVersion_str(channelInfo.protocolVersion,
-+ sslversion, sizeof(sslversion));
-+ slapi_log_access( LDAP_DEBUG_STATS,
-+ "conn=%" NSPRIu64 " %s %i-bit %s; missing subject\n",
-+ (long long unsigned int)conn->c_connid,
-+ sslversion, keySize, cipher ? cipher : "NULL");
-+ goto done;
-+ }
-+ {
-+ char* issuer = issuer_of (clientCert);
-+ char sbuf[ BUFSIZ ], ibuf[ BUFSIZ ];
-+ (void) slapi_getSSLVersion_str(channelInfo.protocolVersion,
-+ sslversion, sizeof(sslversion));
-+ slapi_log_access( LDAP_DEBUG_STATS,
-+ "conn=%" NSPRIu64 " %s %i-bit %s; client %s; issuer %s\n",
-+ (long long unsigned int)conn->c_connid,
-+ sslversion, keySize, cipher ? cipher : "NULL",
-+ subject ? escape_string( subject, sbuf ) : "NULL",
-+ issuer ? escape_string( issuer, ibuf ) : "NULL");
-+ if (issuer) free (issuer);
-+ }
-+ slapi_dn_normalize (subject);
- {
- LDAPMessage* chain = NULL;
- char *basedn = config_get_basedn();
-@@ -525,14 +536,20 @@ handle_handshake_done (PRFileDesc *prfd, void* clientData)
- sdn = slapi_sdn_new_dn_passin(clientDN);
- clientDN = slapi_ch_strdup(slapi_sdn_get_dn(sdn));
- slapi_sdn_free(&sdn);
-+ (void) slapi_getSSLVersion_str(channelInfo.protocolVersion,
-+ sslversion, sizeof(sslversion));
- slapi_log_access (LDAP_DEBUG_STATS,
-- "conn=%" NSPRIu64 " SSL client bound as %s\n",
-- (long long unsigned int)conn->c_connid, clientDN);
-+ "conn=%" NSPRIu64 " %s client bound as %s\n",
-+ (long long unsigned int)conn->c_connid,
-+ sslversion, clientDN);
- } else if (clientCert != NULL) {
-+ (void) slapi_getSSLVersion_str(channelInfo.protocolVersion,
-+ sslversion, sizeof(sslversion));
- slapi_log_access (LDAP_DEBUG_STATS,
-- "conn=%" NSPRIu64 " SSL failed to map client "
-+ "conn=%" NSPRIu64 " %s failed to map client "
- "certificate to LDAP DN (%s)\n",
-- (long long unsigned int)conn->c_connid, extraErrorMsg );
-+ (long long unsigned int)conn->c_connid,
-+ sslversion, extraErrorMsg);
- }
-
- /*
-diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
-index a8d7738..921c397 100644
---- a/ldap/servers/slapd/slapi-private.h
-+++ b/ldap/servers/slapd/slapi-private.h
-@@ -1336,6 +1336,25 @@ void add_internal_modifiersname(Slapi_PBlock *pb, Slapi_Entry *e);
- /* ldaputil.c */
- char *ldaputil_get_saslpath();
-
-+/* ssl.c */
-+/*
-+ * If non NULL buf and positive bufsize is given,
-+ * the memory is used to store the version string.
-+ * Otherwise, the memory for the string is allocated.
-+ * The latter case, caller is responsible to free it.
-+ */
-+/* vnum is supposed to be in one of the following:
-+ * nss3/sslproto.h
-+ * #define SSL_LIBRARY_VERSION_2 0x0002
-+ * #define SSL_LIBRARY_VERSION_3_0 0x0300
-+ * #define SSL_LIBRARY_VERSION_TLS_1_0 0x0301
-+ * #define SSL_LIBRARY_VERSION_TLS_1_1 0x0302
-+ * #define SSL_LIBRARY_VERSION_TLS_1_2 0x0303
-+ * #define SSL_LIBRARY_VERSION_TLS_1_3 0x0304
-+ * ...
-+ */
-+char *slapi_getSSLVersion_str(PRUint16 vnum, char *buf, size_t bufsize);
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index f81d1fb..5d6919a 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -99,7 +99,6 @@ extern symbol_t supported_ciphers[];
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
- static SSLVersionRange enabledNSSVersions;
- static SSLVersionRange slapdNSSVersions;
--static char *getNSSVersion_str(PRUint16 vnum);
- #endif
-
- /* dongle_file_name is set in slapd_nss_init when we set the path for the
-@@ -246,6 +245,9 @@ static lookup_cipher _lookup_cipher[] = {
- {NULL, NULL}
- };
-
-+/* E.g., "SSL3", "TLS1.2", "Unknown SSL version: 0x0" */
-+#define VERSION_STR_LENGTH 64
-+
- /* Supported SSL versions */
- /* nsSSL2: on -- we don't allow this any more. */
- PRBool enableSSL2 = PR_FALSE;
-@@ -418,8 +420,8 @@ getSSLVersionRange(char **min, char **max)
- #if defined(NSS_TLS10)
- return -1; /* not supported */
- #else /* NSS_TLS11 or newer */
-- *min = slapi_ch_strdup(getNSSVersion_str(slapdNSSVersions.min));
-- *max = slapi_ch_strdup(getNSSVersion_str(slapdNSSVersions.max));
-+ *min = slapi_getSSLVersion_str(slapdNSSVersions.min, NULL, 0);
-+ *max = slapi_getSSLVersion_str(slapdNSSVersions.max, NULL, 0);
- return 0;
- #endif
- }
-@@ -854,34 +856,48 @@ warn_if_no_key_file(const char *dir, int no_log)
- }
-
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
--typedef struct _nss_version_list {
-- PRUint16 vnum;
-- char* vname;
--} NSSVersion_list;
--NSSVersion_list _NSSVersion_list[] =
--{
-- {SSL_LIBRARY_VERSION_2, "SSL2"},
-- {SSL_LIBRARY_VERSION_3_0, "SSL3"},
-- {SSL_LIBRARY_VERSION_TLS_1_0, "TLS1.0"},
-- {SSL_LIBRARY_VERSION_TLS_1_1, "TLS1.1"},
--#if defined(NSS_TLS12)
-- {SSL_LIBRARY_VERSION_TLS_1_2, "TLS1.2"},
--#endif
-- {0, "unknown"}
--};
--
--static char *
--getNSSVersion_str(PRUint16 vnum)
-+/*
-+ * If non NULL buf and positive bufsize is given,
-+ * the memory is used to store the version string.
-+ * Otherwise, the memory for the string is allocated.
-+ * The latter case, caller is responsible to free it.
-+ */
-+char *
-+slapi_getSSLVersion_str(PRUint16 vnum, char *buf, size_t bufsize)
- {
-- NSSVersion_list *nvlp = NULL;
-- char *vstr = "none";
-- if (vnum) {
-- for (nvlp = _NSSVersion_list; nvlp && nvlp->vnum; nvlp++) {
-- if (nvlp->vnum == vnum) {
-- vstr = nvlp->vname;
-- break;
-+ char *vstr = buf;
-+ if (vnum >= SSL_LIBRARY_VERSION_3_0) {
-+ if (vnum == SSL_LIBRARY_VERSION_3_0) { /* SSL3 */
-+ if (buf && bufsize) {
-+ PR_snprintf(buf, bufsize, "SSL3");
-+ } else {
-+ vstr = slapi_ch_smprintf("SSL3");
-+ }
-+ } else { /* TLS v X.Y */
-+ const char *TLSFMT = "TLS%d.%d";
-+ int minor_offset = 0; /* e.g. 0x0401 -> TLS v 2.1, not 2.0 */
-+
-+ if ((vnum & SSL_LIBRARY_VERSION_3_0) == SSL_LIBRARY_VERSION_3_0) {
-+ minor_offset = 1; /* e.g. 0x0301 -> TLS v 1.0, not 1.1 */
-+ }
-+ if (buf && bufsize) {
-+ PR_snprintf(buf, bufsize, TLSFMT, (vnum >> 8) - 2, (vnum & 0xff) - minor_offset);
-+ } else {
-+ vstr = slapi_ch_smprintf(TLSFMT, (vnum >> 8) - 2, (vnum & 0xff) - minor_offset);
- }
- }
-+ } else if (vnum == SSL_LIBRARY_VERSION_2) { /* SSL2 */
-+ if (buf && bufsize) {
-+ PR_snprintf(buf, bufsize, "SSL2");
-+ } else {
-+ vstr = slapi_ch_smprintf("SSL2");
-+ }
-+ } else {
-+ if (buf && bufsize) {
-+ PR_snprintf(buf, bufsize, "Unknown SSL version: 0x%x", vnum);
-+ } else {
-+ vstr = slapi_ch_smprintf("Unknown SSL version: 0x%x", vnum);
-+ }
- }
- return vstr;
- }
-@@ -895,12 +911,16 @@ getNSSVersion_str(PRUint16 vnum)
- static void
- restrict_SSLVersionRange(void)
- {
-+ char mymin[VERSION_STR_LENGTH], mymax[VERSION_STR_LENGTH];
-+ char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
-+ (void) slapi_getSSLVersion_str(slapdNSSVersions.min, mymin, sizeof(mymin));
-+ (void) slapi_getSSLVersion_str(slapdNSSVersions.max, mymax, sizeof(mymax));
-+ (void) slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
-+ (void) slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
- if (slapdNSSVersions.min > slapdNSSVersions.max) {
- slapd_SSL_warn("Invalid configured SSL range: min: %s, max: %s; "
- "Resetting the max to the supported max SSL version: %s.",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max),
-- getNSSVersion_str(enabledNSSVersions.max));
-+ mymin, mymax, emax);
- slapdNSSVersions.max = enabledNSSVersions.max;
- }
- if (enableSSL3) {
-@@ -911,17 +931,14 @@ restrict_SSLVersionRange(void)
- slapd_SSL_warn("Configured range: min: %s, max: %s; "
- "but both nsSSL3 and nsTLS1 are on. "
- "Respect the supported range.",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max));
-+ mymin, mymax);
- enableSSL3 = PR_FALSE;
- }
- if (slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
- slapd_SSL_warn("Configured range: min: %s, max: %s; "
- "but both nsSSL3 and nsTLS1 are on. "
- "Resetting the max to the supported max SSL version: %s.",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max),
-- getNSSVersion_str(enabledNSSVersions.max));
-+ mymin, mymax, emax);
- slapdNSSVersions.max = enabledNSSVersions.max;
- }
- } else {
-@@ -930,8 +947,7 @@ restrict_SSLVersionRange(void)
- slapd_SSL_warn("Supported range: min: %s, max: %s; "
- "but nsSSL3 is on and nsTLS1 is off. "
- "Respect the supported range.",
-- getNSSVersion_str(enabledNSSVersions.min),
-- getNSSVersion_str(enabledNSSVersions.max));
-+ emin, emax);
- slapdNSSVersions.min = SSLVGreater(slapdNSSVersions.min, enabledNSSVersions.min);
- enableSSL3 = PR_FALSE;
- enableTLS1 = PR_TRUE;
-@@ -939,19 +955,13 @@ restrict_SSLVersionRange(void)
- slapd_SSL_warn("Configured range: min: %s, max: %s; "
- "but nsSSL3 is on and nsTLS1 is off. "
- "Respect the configured range.",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max));
-+ mymin, mymax);
- enableSSL3 = PR_FALSE;
- enableTLS1 = PR_TRUE;
- } else if (slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
- slapd_SSL_warn("Too low configured range: min: %s, max: %s; "
-- "Resetting the range to: min: %s, max: %s.",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max),
-- getNSSVersion_str(SSL_LIBRARY_VERSION_TLS_1_0),
-- getNSSVersion_str(SSL_LIBRARY_VERSION_TLS_1_0));
-- slapdNSSVersions.min = SSL_LIBRARY_VERSION_TLS_1_0;
-- slapdNSSVersions.max = SSL_LIBRARY_VERSION_TLS_1_0;
-+ "We strongly recommend to set sslVersionMax higher than %s.",
-+ mymin, mymax, emax);
- } else {
- /*
- * slapdNSSVersions.min <= SSL_LIBRARY_VERSION_TLS_1_0 &&
-@@ -960,8 +970,7 @@ restrict_SSLVersionRange(void)
- slapd_SSL_warn("Configured range: min: %s, max: %s; "
- "but nsSSL3 is on and nsTLS1 is off. "
- "Respect the configured range.",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max));
-+ mymin, mymax);
- enableTLS1 = PR_TRUE;
- }
- }
-@@ -971,8 +980,7 @@ restrict_SSLVersionRange(void)
- /* TLS1 is on, but TLS1 is not supported by NSS. */
- slapd_SSL_warn("Supported range: min: %s, max: %s; "
- "Setting the version range based upon the supported range.",
-- getNSSVersion_str(enabledNSSVersions.min),
-- getNSSVersion_str(enabledNSSVersions.max));
-+ emin, emax);
- slapdNSSVersions.max = enabledNSSVersions.max;
- slapdNSSVersions.min = enabledNSSVersions.min;
- enableSSL3 = PR_TRUE;
-@@ -983,8 +991,7 @@ restrict_SSLVersionRange(void)
- slapdNSSVersions.min = SSLVGreater(SSL_LIBRARY_VERSION_TLS_1_1, enabledNSSVersions.min);
- slapd_SSL_warn("Default SSL Version settings; "
- "Configuring the version range as min: %s, max: %s; ",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max));
-+ mymin, mymax);
- } else {
- /*
- * slapdNSSVersions.min >= SSL_LIBRARY_VERSION_TLS_1_1 &&
-@@ -995,8 +1002,7 @@ restrict_SSLVersionRange(void)
- } else {
- slapd_SSL_warn("Supported range: min: %s, max: %s; "
- "Respect the configured range.",
-- getNSSVersion_str(enabledNSSVersions.min),
-- getNSSVersion_str(enabledNSSVersions.max));
-+ emin, emax);
- /* nsTLS1 is explicitly set to off. */
- if (slapdNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
- enableTLS1 = PR_TRUE;
-@@ -1040,13 +1046,15 @@ slapd_nss_init(int init_ssl, int config_available)
- char *keydb_file_name = NULL;
- char *secmoddb_file_name = NULL;
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
-+ char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
- /* Get the range of the supported SSL version */
- SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledNSSVersions);
-
-+ (void) slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
-+ (void) slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
- slapi_log_error(SLAPI_LOG_CONFIG, "SSL Initialization",
- "supported range by NSS: min: %s, max: %s\n",
-- getNSSVersion_str(enabledNSSVersions.min),
-- getNSSVersion_str(enabledNSSVersions.max));
-+ emin, emax);
- #endif
-
- /* set in slapd_bootstrap_config,
-@@ -1351,34 +1359,37 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- {
- char *vp, *endp;
- int vnum;
-+ char emin[VERSION_STR_LENGTH], emax[VERSION_STR_LENGTH];
-
- if (NULL == rval) {
- return 1;
- }
-+ (void) slapi_getSSLVersion_str(enabledNSSVersions.min, emin, sizeof(emin));
-+ (void) slapi_getSSLVersion_str(enabledNSSVersions.max, emax, sizeof(emax));
- if (!strncasecmp(val, SSLSTR, SSLLEN)) { /* ssl# */
- vp = val + SSLLEN;
- vnum = strtol(vp, &endp, 10);
- if (2 == vnum) {
- if (ismin) {
- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_2) {
-- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
-- "\"%s\" is lower than the supported version; "
-- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-- (*rval) = enabledNSSVersions.min;
-+ slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
-+ "\"%s\" is lower than the supported version; "
-+ "the default value \"%s\" is used.",
-+ val, emin);
-+ (*rval) = enabledNSSVersions.min;
- } else {
-- (*rval) = SSL_LIBRARY_VERSION_2;
-+ (*rval) = SSL_LIBRARY_VERSION_2;
- }
- } else {
- if (enabledNSSVersions.max < SSL_LIBRARY_VERSION_2) {
- /* never happens */
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
-- "\"%s\" is higher than the supported version; "
-- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.max));
-- (*rval) = enabledNSSVersions.max;
-+ "\"%s\" is higher than the supported version; "
-+ "the default value \"%s\" is used.",
-+ val, emax);
-+ (*rval) = enabledNSSVersions.max;
- } else {
-- (*rval) = SSL_LIBRARY_VERSION_2;
-+ (*rval) = SSL_LIBRARY_VERSION_2;
- }
- }
- } else if (3 == vnum) {
-@@ -1387,7 +1398,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emin);
- (*rval) = enabledNSSVersions.min;
- } else {
- (*rval) = SSL_LIBRARY_VERSION_3_0;
-@@ -1398,7 +1409,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.max));
-+ val, emax);
- (*rval) = enabledNSSVersions.max;
- } else {
- (*rval) = SSL_LIBRARY_VERSION_3_0;
-@@ -1408,12 +1419,12 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- if (ismin) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is invalid; the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emin);
- (*rval) = enabledNSSVersions.min;
- } else {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is invalid; the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.max));
-+ val, emax);
- (*rval) = enabledNSSVersions.max;
- }
- }
-@@ -1427,7 +1438,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emin);
- (*rval) = enabledNSSVersions.min;
- } else {
- (*rval) = SSL_LIBRARY_VERSION_TLS_1_0;
-@@ -1438,7 +1449,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.max));
-+ val, emax);
- (*rval) = enabledNSSVersions.max;
- } else {
- (*rval) = SSL_LIBRARY_VERSION_TLS_1_0;
-@@ -1450,7 +1461,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emin);
- (*rval) = enabledNSSVersions.min;
- } else {
- (*rval) = SSL_LIBRARY_VERSION_TLS_1_1;
-@@ -1461,7 +1472,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.max));
-+ val, emax);
- (*rval) = enabledNSSVersions.max;
- } else {
- (*rval) = SSL_LIBRARY_VERSION_TLS_1_1;
-@@ -1474,7 +1485,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emin);
- (*rval) = enabledNSSVersions.min;
- } else {
- (*rval) = SSL_LIBRARY_VERSION_TLS_1_2;
-@@ -1485,7 +1496,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.max));
-+ val, emax);
- (*rval) = enabledNSSVersions.max;
- } else {
- (*rval) = SSL_LIBRARY_VERSION_TLS_1_2;
-@@ -1497,13 +1508,13 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is out of the range of the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emin);
- (*rval) = enabledNSSVersions.min;
- } else {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is out of the range of the supported version; "
- "the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emax);
- (*rval) = enabledNSSVersions.max;
- }
- }
-@@ -1511,12 +1522,12 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- if (ismin) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is invalid; the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emin);
- (*rval) = enabledNSSVersions.min;
- } else {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is invalid; the default value \"%s\" is used.",
-- val, getNSSVersion_str(enabledNSSVersions.min));
-+ val, emax);
- (*rval) = enabledNSSVersions.max;
- }
- }
-@@ -1549,6 +1560,8 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
- PRUint16 NSSVersionMin = enabledNSSVersions.min;
- PRUint16 NSSVersionMax = enabledNSSVersions.max;
-+ char mymin[VERSION_STR_LENGTH], mymax[VERSION_STR_LENGTH];
-+ char newmax[VERSION_STR_LENGTH];
- #endif
- char cipher_string[1024];
- int allowweakcipher = CIPHER_SET_DEFAULTWEAKCIPHER;
-@@ -1909,12 +1922,13 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- }
- slapi_ch_free_string( &val );
- if (NSSVersionMin > NSSVersionMax) {
-+ (void) slapi_getSSLVersion_str(NSSVersionMin, mymin, sizeof(mymin));
-+ (void) slapi_getSSLVersion_str(NSSVersionMax, mymax, sizeof(mymax));
- slapd_SSL_warn("The min value of NSS version range \"%s\" is greater than the max value \"%s\".",
-- getNSSVersion_str(NSSVersionMin),
-- getNSSVersion_str(NSSVersionMax));
-+ mymin, mymax);
-+ (void) slapi_getSSLVersion_str(enabledNSSVersions.max, newmax, sizeof(newmax));
- slapd_SSL_warn("Reset the max \"%s\" to supported max \"%s\".",
-- getNSSVersion_str(NSSVersionMax),
-- getNSSVersion_str(enabledNSSVersions.max));
-+ mymax, newmax);
- NSSVersionMax = enabledNSSVersions.max;
- }
- #endif
-@@ -1925,18 +1939,18 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- slapdNSSVersions.min = NSSVersionMin;
- slapdNSSVersions.max = NSSVersionMax;
- restrict_SSLVersionRange();
-+ (void) slapi_getSSLVersion_str(slapdNSSVersions.min, mymin, sizeof(mymin));
-+ (void) slapi_getSSLVersion_str(slapdNSSVersions.max, mymax, sizeof(mymax));
- slapi_log_error(SLAPI_LOG_FATAL, "SSL Initialization",
- "Configured SSL version range: min: %s, max: %s\n",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max));
-+ mymin, mymax);
- sslStatus = SSL_VersionRangeSet(pr_sock, &slapdNSSVersions);
- if (sslStatus == SECSuccess) {
- /* Set the restricted value to the cn=encryption entry */
- } else {
- slapd_SSL_error("SSL Initialization 2: "
- "Failed to set SSL range: min: %s, max: %s\n",
-- getNSSVersion_str(slapdNSSVersions.min),
-- getNSSVersion_str(slapdNSSVersions.max));
-+ mymin, mymax);
- }
- } else {
- #endif
---
-1.9.3
-
diff --git a/SOURCES/0028-Ticket-47948-ldap_sasl_bind-fails-assertion-ld-NULL-.patch b/SOURCES/0028-Ticket-47948-ldap_sasl_bind-fails-assertion-ld-NULL-.patch
deleted file mode 100644
index 71b1487..0000000
--- a/SOURCES/0028-Ticket-47948-ldap_sasl_bind-fails-assertion-ld-NULL-.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From fa5ccbb5f5b730122b624b31c0225762492797d7 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 10 Nov 2014 13:12:48 -0800
-Subject: [PATCH 28/28] Ticket #47948 - ldap_sasl_bind fails assertion (ld !=
- NULL) if it is called from chainingdb_bind over SSL/startTLS
-
-Bug Description: In case startTLS, if ldap_start_tls_s called from
-cb_get_connection failed and it returned non LDAP_SUCCESS return
-code, the code was stored in the local variable just in the error
-case, used only for error logging and abandoned in the scope; the
-caller cb_get_connection returned LDAP_SUCCESS even if the connection
-was not established. That confuses the caller of cb_get_connection
-and let it call ldap_sasl_bind with NULL ld and it causes the assertion
-failure.
-
-Fix Description: remove the local variable declaration in the scope.
-
-https://fedorahosted.org/389/ticket/47948
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 47868d3e5278d425abe5e8325f2965de66c10cff)
-(cherry picked from commit cb4f0cb2d120bc899bfb68dfe134ec3a26f3f334)
----
- ldap/servers/plugins/chainingdb/cb_conn_stateless.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
-index a85b392..4b323b1 100644
---- a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
-+++ b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
-@@ -463,7 +463,6 @@ cb_get_connection(cb_conn_pool * pool,
- ldap_controls_free(serverctrls);
- }
- } else if (secure == 2) {
-- int rc;
- /* the start_tls operation is usually performed in slapi_ldap_bind, but
- since we are not binding we still need to start_tls */
- if (cb_debug_on()) {
---
-1.9.3
-
diff --git a/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch b/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
new file mode 100644
index 0000000..4ad70ad
--- /dev/null
+++ b/SOURCES/0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
@@ -0,0 +1,40 @@
+From 53e51059c4e95fab6c3601952069191343fe92b3 Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins@redhat.com>
+Date: Mon, 20 Jul 2015 10:31:46 -0600
+Subject: [PATCH 28/30] Ticket #48224 - redux 2 - logconv.pl should handle
+ *.tar.xz, *.txz, *.xz log files
+
+https://fedorahosted.org/389/ticket/48224
+Reviewed by: nhosoi (Thanks!)
+Branch: 389-ds-base-1.3.4
+Fix Description: Use $? instead of $! to get pipe errors.
+Platforms tested: Fedora 21, RHEL 7.2 candidate
+Flag Day: no
+Doc impact: no
+
+(cherry picked from commit 29043c5716a1bc8364689d518cb4e35722eaaf77)
+(cherry picked from commit 0e31d818366e846f45c60b2c24bdb8026a82c048)
+---
+ ldap/admin/src/logconv.pl | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
+index 0038a03..3113f8a 100755
+--- a/ldap/admin/src/logconv.pl
++++ b/ldap/admin/src/logconv.pl
+@@ -437,9 +437,9 @@ sub doUncompress {
+ # so use the xz command directly
+ # NOTE: This doesn't work if the argument is a file handle e.g. from
+ # Archive::Tar
+- $! = 0; # clear
+- if (!open($TARFH, "xz -dc $_ |") or $!) {
+- openFailed($!, $_);
++ $? = 0; # clear
++ if (!open($TARFH, "xz -dc $_ |") or $?) {
++ openFailed($?, $_);
+ return;
+ }
+ } else {
+--
+1.9.3
+
diff --git a/SOURCES/0029-Ticket-47953-Should-not-check-aci-syntax-when-deleti.patch b/SOURCES/0029-Ticket-47953-Should-not-check-aci-syntax-when-deleti.patch
deleted file mode 100644
index d4c5521..0000000
--- a/SOURCES/0029-Ticket-47953-Should-not-check-aci-syntax-when-deleti.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From d14caafc91ea6f417b1c602a91153764cc70f1d9 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 12 Nov 2014 10:15:46 -0500
-Subject: [PATCH 29/30] Ticket 47953 - Should not check aci syntax when
- deleting an aci
-
-Bug Description: Trying to delete an aci that has an invalid sytenx, generates a
- syntax error when trying to remove it.
-
-Fix Description: Do not check the syntax of an aci if it's being deleted.
-
-https://fedorahosted.org/389/ticket/47953
-
-Reviewed by: ?
-
-(cherry picked from commit 3ce60db0a404b4663df6005b78027332d0e56f95)
-(cherry picked from commit 6a435f1cce137990c9c55f3f571f97c09ad6d9f4)
----
- ldap/servers/plugins/acl/acl.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index fe863c8..5416330 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -1553,11 +1553,12 @@ acl_check_mods(
-
- /* Are we adding/replacing a aci attribute
- ** value. In that case, we need to make
-- ** sure that the new value has thr right
-+ ** sure that the new value has the right
- ** syntax
- */
-- if (strcmp(mod->mod_type,
-- aci_attr_type) == 0) {
-+ if (!SLAPI_IS_MOD_DELETE(mod->mod_op) &&
-+ strcmp(mod->mod_type, aci_attr_type) == 0)
-+ {
- if ( 0 != (rv = acl_verify_syntax(pb, e_sdn,
- mod->mod_bvalues[i], errbuf))) {
- aclutil_print_err(rv, e_sdn,
---
-1.9.3
-
diff --git a/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch b/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
new file mode 100644
index 0000000..a162506
--- /dev/null
+++ b/SOURCES/0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
@@ -0,0 +1,66 @@
+From 4c275349c72a01803b772717ee29e7ac6f9a903f Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 20 Jul 2015 14:22:05 -0400
+Subject: [PATCH 29/30] Ticket 48206 - Crash during retro changelog trimming
+
+Bug Description: If the retro changelog entry is small, its possible that
+ during the trimming the reto changelog entry is not in the
+ cache after the trim, but its tries to blindly unlock it
+ from the cache, which leads to a crash.
+
+FIx Description: After we call the post op plugins and retrieve the entry
+ from the cache, double check that it was found. If it
+ is not found, do not unlock it.
+
+https://fedorahosted.org/389/ticket/48206
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 2a8a8c8ced5849dada34ab28d79e87dd3636e413)
+(cherry picked from commit 6d439887b99da557e8d7bc0c611d9afa909fdce7)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_delete.c | 27 +++++++++++++++++----------
+ 1 file changed, 17 insertions(+), 10 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+index 59c1f76..f31d545 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+@@ -1257,17 +1257,24 @@ ldbm_back_delete( Slapi_PBlock *pb )
+ CACHE_RETURN(&inst->inst_cache, &e);
+ }
+ }
+- if (cache_is_in_cache(&inst->inst_cache, e)) {
+- ep_id = e->ep_id; /* Otherwise, e might have been freed. */
+- CACHE_REMOVE(&inst->inst_cache, e);
+- }
+- cache_unlock_entry(&inst->inst_cache, e);
+- CACHE_RETURN(&inst->inst_cache, &e);
+- /*
+- * e is unlocked and no longer in cache.
+- * It could be freed at any moment.
++
++ /*
++ * e could have been replaced by cache_find_id(), recheck if it's NULL
++ * before trying to unlock it, etc.
+ */
+- e = NULL;
++ if (e) {
++ if (cache_is_in_cache(&inst->inst_cache, e)) {
++ ep_id = e->ep_id; /* Otherwise, e might have been freed. */
++ CACHE_REMOVE(&inst->inst_cache, e);
++ }
++ cache_unlock_entry(&inst->inst_cache, e);
++ CACHE_RETURN(&inst->inst_cache, &e);
++ /*
++ * e is unlocked and no longer in cache.
++ * It could be freed at any moment.
++ */
++ e = NULL;
++ }
+
+ if (entryrdn_get_switch() && ep_id) { /* subtree-rename: on */
+ /* since the op was successful, delete the tombstone dn from the dn cache */
+--
+1.9.3
+
diff --git a/SOURCES/0030-Ticket-47928-Disable-SSL-v3-by-default.patch b/SOURCES/0030-Ticket-47928-Disable-SSL-v3-by-default.patch
deleted file mode 100644
index f6c0215..0000000
--- a/SOURCES/0030-Ticket-47928-Disable-SSL-v3-by-default.patch
+++ /dev/null
@@ -1,275 +0,0 @@
-From c2bb6286434ea3bb87d454a8c9451dcc8f278297 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 13 Nov 2014 12:14:48 -0800
-Subject: [PATCH 30/30] Ticket #47928 - Disable SSL v3, by default.
-
-Description:
-Changing the default SSL Version Min value from TLS 1.1 to TLS 1.0.
-In dn: cn=encryption,cn=config,
-0) Setting no SSL version attrs (using defaults); supported max is TLS1.2
- ==>
- SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
-
-1) Setting old/new SSL version attrs; no conflict; supported max is TLS1.2
- sslVersionMin: TLS1.0
- sslVersionMax: TLS1.3
- nsSSL3: off
- nsTLS1: on
- ==>
- SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
-2) Setting new SSL version attrs; supported max is TLS1.2
- sslVersionMin: TLS1.0
- sslVersionMax: TLS1.3
- ==>
- SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
-
-3) Setting old/new SSL version attrs; conflict (new min is stricter); supported max is TLS1.2
- nsSSL3: on
- sslVersionMin: TLS1.0
- ==>
- SSL alert: Found unsecure configuration: nsSSL3: on; We strongly recommend to dis
- able nsSSL3 in cn=encryption,cn=config.
- SSL alert: Configured range: min: TLS1.0, max: TLS1.2; but both nsSSL3 and nsTLS1
- are on. Respect the supported range.
- SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
-
-4) Setting old/new SSL version attrs; conflict (old min is stricter); supported max is TLS1.2
- nsSSL3: off
- sslVersionMin: SSL3
- sslVersionMax: SSL3
- ==>
- SSL alert: nsTLS1 is on, but the version range is lower than "TLS1.0"; Configuring
- the version range as default min: TLS1.0, max: TLS1.2.
- SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
-
-5) Setting old/new SSL version attrs; no conflict; setting SSL3
- nsSSL3: on
- nsTLS1: off
- sslVersionMin: SSL3
- sslVersionMax: SSL3
- ==>
- SSL alert: Found unsecure configuration: nsSSL3: on; We strongly recommend to disable
- nsSSL3 in cn=encryption,cn=config.
- SSL alert: Too low configured range: min: SSL3, max: SSL3; We strongly recommend
- to set sslVersionMin higher than TLS1.0.
- SSL Initialization - Configured SSL version range: min: SSL3, max: SSL3
-
-https://fedorahosted.org/389/ticket/47928
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit ad7885eae64a2085a89d516c1106b578142be502)
-(cherry picked from commit 3e7321ba1641234651fbf1e8fc01bf9fbecbc696)
----
- ldap/servers/slapd/fedse.c | 2 +-
- ldap/servers/slapd/ssl.c | 74 ++++++++++++++++++++++++++--------------------
- 2 files changed, 43 insertions(+), 33 deletions(-)
-
-diff --git a/ldap/servers/slapd/fedse.c b/ldap/servers/slapd/fedse.c
-index 87f45a1..d10fb3e 100644
---- a/ldap/servers/slapd/fedse.c
-+++ b/ldap/servers/slapd/fedse.c
-@@ -110,7 +110,7 @@ static const char *internal_entries[] =
- "cn:encryption\n"
- "nsSSLSessionTimeout:0\n"
- "nsSSLClientAuth:allowed\n"
-- "sslVersionMin:tls1.1\n",
-+ "sslVersionMin:TLS1.0\n",
-
- "dn:cn=monitor\n"
- "objectclass:top\n"
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index 5d6919a..6b51e0c 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -87,13 +87,23 @@
- /* TLS1.1 is defined in RFC4346. */
- #define NSS_TLS11 1
- #else
--/*
-- * TLS1.0 is defined in RFC2246.
-- * Close to SSL 3.0.
-- */
- #define NSS_TLS10 1
- #endif
-
-+/******************************************************************************
-+ * Default SSL Version Rule
-+ * Old SSL version attributes:
-+ * nsSSL3: off -- nsSSL3 == SSL_LIBRARY_VERSION_3_0
-+ * nsTLS1: on -- nsTLS1 == SSL_LIBRARY_VERSION_TLS_1_0 and greater
-+ * Note: TLS1.0 is defined in RFC2246, which is close to SSL 3.0.
-+ * New SSL version attributes:
-+ * sslVersionMin: TLS1.0
-+ * sslVersionMax: max ssl version supported by NSS
-+ ******************************************************************************/
-+
-+#define DEFVERSION "TLS1.0"
-+#define CURRENT_DEFAULT_SSL_VERSION SSL_LIBRARY_VERSION_TLS_1_0
-+
- extern char* slapd_SSL3ciphers;
- extern symbol_t supported_ciphers[];
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
-@@ -253,12 +263,12 @@ static lookup_cipher _lookup_cipher[] = {
- PRBool enableSSL2 = PR_FALSE;
- /*
- * nsSSL3: on -- disable SSLv3 by default.
-- * Corresonding to SSL_LIBRARY_VERSION_3_0 and SSL_LIBRARY_VERSION_TLS_1_0
-+ * Corresonding to SSL_LIBRARY_VERSION_3_0
- */
- PRBool enableSSL3 = PR_FALSE;
- /*
- * nsTLS1: on -- enable TLS1 by default.
-- * Corresonding to SSL_LIBRARY_VERSION_TLS_1_1 and greater.
-+ * Corresonding to SSL_LIBRARY_VERSION_TLS_1_0 and greater.
- */
- PRBool enableTLS1 = PR_TRUE;
-
-@@ -927,14 +937,14 @@ restrict_SSLVersionRange(void)
- slapd_SSL_warn("Found unsecure configuration: nsSSL3: on; "
- "We strongly recommend to disable nsSSL3 in %s.", configDN);
- if (enableTLS1) {
-- if (slapdNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ if (slapdNSSVersions.min >= CURRENT_DEFAULT_SSL_VERSION) {
- slapd_SSL_warn("Configured range: min: %s, max: %s; "
- "but both nsSSL3 and nsTLS1 are on. "
- "Respect the supported range.",
- mymin, mymax);
- enableSSL3 = PR_FALSE;
- }
-- if (slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
-+ if (slapdNSSVersions.max < CURRENT_DEFAULT_SSL_VERSION) {
- slapd_SSL_warn("Configured range: min: %s, max: %s; "
- "but both nsSSL3 and nsTLS1 are on. "
- "Resetting the max to the supported max SSL version: %s.",
-@@ -943,7 +953,7 @@ restrict_SSLVersionRange(void)
- }
- } else {
- /* nsTLS1 is explicitly set to off. */
-- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ if (enabledNSSVersions.min >= CURRENT_DEFAULT_SSL_VERSION) {
- slapd_SSL_warn("Supported range: min: %s, max: %s; "
- "but nsSSL3 is on and nsTLS1 is off. "
- "Respect the supported range.",
-@@ -951,20 +961,20 @@ restrict_SSLVersionRange(void)
- slapdNSSVersions.min = SSLVGreater(slapdNSSVersions.min, enabledNSSVersions.min);
- enableSSL3 = PR_FALSE;
- enableTLS1 = PR_TRUE;
-- } else if (slapdNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ } else if (slapdNSSVersions.min >= CURRENT_DEFAULT_SSL_VERSION) {
- slapd_SSL_warn("Configured range: min: %s, max: %s; "
- "but nsSSL3 is on and nsTLS1 is off. "
- "Respect the configured range.",
- mymin, mymax);
- enableSSL3 = PR_FALSE;
- enableTLS1 = PR_TRUE;
-- } else if (slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
-+ } else if (slapdNSSVersions.min < CURRENT_DEFAULT_SSL_VERSION) {
- slapd_SSL_warn("Too low configured range: min: %s, max: %s; "
-- "We strongly recommend to set sslVersionMax higher than %s.",
-- mymin, mymax, emax);
-+ "We strongly recommend to set sslVersionMin higher than %s.",
-+ mymin, mymax, DEFVERSION);
- } else {
- /*
-- * slapdNSSVersions.min <= SSL_LIBRARY_VERSION_TLS_1_0 &&
-+ * slapdNSSVersions.min < SSL_LIBRARY_VERSION_TLS_1_0 &&
- * slapdNSSVersions.max >= SSL_LIBRARY_VERSION_TLS_1_1
- */
- slapd_SSL_warn("Configured range: min: %s, max: %s; "
-@@ -976,7 +986,7 @@ restrict_SSLVersionRange(void)
- }
- } else {
- if (enableTLS1) {
-- if (enabledNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
-+ if (enabledNSSVersions.max < CURRENT_DEFAULT_SSL_VERSION) {
- /* TLS1 is on, but TLS1 is not supported by NSS. */
- slapd_SSL_warn("Supported range: min: %s, max: %s; "
- "Setting the version range based upon the supported range.",
-@@ -985,17 +995,17 @@ restrict_SSLVersionRange(void)
- slapdNSSVersions.min = enabledNSSVersions.min;
- enableSSL3 = PR_TRUE;
- enableTLS1 = PR_FALSE;
-- } else if ((slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) ||
-- (slapdNSSVersions.min < SSL_LIBRARY_VERSION_TLS_1_1)) {
-+ } else if ((slapdNSSVersions.max < CURRENT_DEFAULT_SSL_VERSION) ||
-+ (slapdNSSVersions.min < CURRENT_DEFAULT_SSL_VERSION)) {
- slapdNSSVersions.max = enabledNSSVersions.max;
-- slapdNSSVersions.min = SSLVGreater(SSL_LIBRARY_VERSION_TLS_1_1, enabledNSSVersions.min);
-- slapd_SSL_warn("Default SSL Version settings; "
-- "Configuring the version range as min: %s, max: %s; ",
-- mymin, mymax);
-+ slapdNSSVersions.min = SSLVGreater(CURRENT_DEFAULT_SSL_VERSION, enabledNSSVersions.min);
-+ slapd_SSL_warn("nsTLS1 is on, but the version range is lower than \"%s\"; "
-+ "Configuring the version range as default min: %s, max: %s.",
-+ DEFVERSION, DEFVERSION, emax);
- } else {
- /*
-- * slapdNSSVersions.min >= SSL_LIBRARY_VERSION_TLS_1_1 &&
-- * slapdNSSVersions.max >= SSL_LIBRARY_VERSION_TLS_1_1
-+ * slapdNSSVersions.min >= SSL_LIBRARY_VERSION_TLS_1_0 &&
-+ * slapdNSSVersions.max >= SSL_LIBRARY_VERSION_TLS_1_0
- */
- ;
- }
-@@ -1004,14 +1014,14 @@ restrict_SSLVersionRange(void)
- "Respect the configured range.",
- emin, emax);
- /* nsTLS1 is explicitly set to off. */
-- if (slapdNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ if (slapdNSSVersions.min >= CURRENT_DEFAULT_SSL_VERSION) {
- enableTLS1 = PR_TRUE;
-- } else if (slapdNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_1) {
-+ } else if (slapdNSSVersions.max < CURRENT_DEFAULT_SSL_VERSION) {
- enableSSL3 = PR_TRUE;
- } else {
- /*
-- * slapdNSSVersions.min <= SSL_LIBRARY_VERSION_TLS_1_0 &&
-- * slapdNSSVersions.max >= SSL_LIBRARY_VERSION_TLS_1_1
-+ * slapdNSSVersions.min < SSL_LIBRARY_VERSION_TLS_1_0 &&
-+ * slapdNSSVersions.max >= SSL_LIBRARY_VERSION_TLS_1_0
- */
- enableSSL3 = PR_TRUE;
- enableTLS1 = PR_TRUE;
-@@ -1434,17 +1444,17 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- sscanf(vp, "%4f", &tlsv);
- if (tlsv < 1.1) { /* TLS1.0 */
- if (ismin) {
-- if (enabledNSSVersions.min > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ if (enabledNSSVersions.min > CURRENT_DEFAULT_SSL_VERSION) {
- slapd_SSL_warn("Security Initialization: The value of sslVersionMin "
- "\"%s\" is lower than the supported version; "
- "the default value \"%s\" is used.",
- val, emin);
- (*rval) = enabledNSSVersions.min;
- } else {
-- (*rval) = SSL_LIBRARY_VERSION_TLS_1_0;
-+ (*rval) = CURRENT_DEFAULT_SSL_VERSION;
- }
- } else {
-- if (enabledNSSVersions.max < SSL_LIBRARY_VERSION_TLS_1_0) {
-+ if (enabledNSSVersions.max < CURRENT_DEFAULT_SSL_VERSION) {
- /* never happens */
- slapd_SSL_warn("Security Initialization: The value of sslVersionMax "
- "\"%s\" is higher than the supported version; "
-@@ -1452,7 +1462,7 @@ set_NSS_version(char *val, PRUint16 *rval, int ismin)
- val, emax);
- (*rval) = enabledNSSVersions.max;
- } else {
-- (*rval) = SSL_LIBRARY_VERSION_TLS_1_0;
-+ (*rval) = CURRENT_DEFAULT_SSL_VERSION;
- }
- }
- } else if (tlsv < 1.2) { /* TLS1.1 */
-@@ -1906,7 +1916,7 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- } else {
- enableTLS1 = slapi_entry_attr_get_bool( e, "nsTLS1" );
- }
-- } else if (enabledNSSVersions.max > SSL_LIBRARY_VERSION_TLS_1_0) {
-+ } else if (enabledNSSVersions.max >= CURRENT_DEFAULT_SSL_VERSION) {
- enableTLS1 = PR_TRUE; /* If available, enable TLS1 */
- }
- slapi_ch_free_string( &val );
---
-1.9.3
-
diff --git a/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch b/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
new file mode 100644
index 0000000..b6a5197
--- /dev/null
+++ b/SOURCES/0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
@@ -0,0 +1,222 @@
+From bc26583d161168ce664d160592a30abbd98b9a1f Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 22 Jul 2015 09:41:46 -0700
+Subject: [PATCH 30/30] Ticket #48010 - winsync range retrieval gets only 5000
+ values upon initialization
+
+Description: Search with DirSync control does not support range subtype.
+On WS2012, it returns all the multi-valued attribute values regardless
+of MaxValRange, but on WS2008, it cuts at the physical limit 5000.
+This patch does not rely on the entry returned by the DirySync search.
+
+Also, since DirSync search does not support the range subtype, removing
+the range related code from the DirSync search.
+
+Researched and tested by vashirov@redhat.com (Thank you, Viktor!!)
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+https://fedorahosted.org/389/ticket/48010
+(cherry picked from commit c6b211f8ea4970623f8ac1b365d040756d46bf3c)
+(cherry picked from commit d9af22eb940353c0692b6d73cc0a2d6998311498)
+---
+ .../plugins/replication/windows_connection.c | 21 ++-----
+ ldap/servers/plugins/replication/windows_private.c | 70 ----------------------
+ .../plugins/replication/windows_protocol_util.c | 21 +++++--
+ ldap/servers/plugins/replication/windowsrepl.h | 5 --
+ 4 files changed, 21 insertions(+), 96 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c
+index 5db43a5..a06a07e 100644
+--- a/ldap/servers/plugins/replication/windows_connection.c
++++ b/ldap/servers/plugins/replication/windows_connection.c
+@@ -821,7 +821,6 @@ send_dirsync_search(Repl_Connection *conn)
+ const char *old_dn = slapi_sdn_get_ndn( windows_private_get_windows_subtree(conn->agmt) );
+ /* LDAP_SERVER_DIRSYNC_OID requires the search base Naming Context */
+ char *dn = slapi_ch_strdup(strstr(old_dn, "dc="));
+- char **exattrs = NULL;
+
+ if (conn->supports_dirsync == 0)
+ {
+@@ -847,10 +846,6 @@ send_dirsync_search(Repl_Connection *conn)
+
+ winsync_plugin_call_dirsync_search_params_cb(conn->agmt, old_dn, &dn, &scope, &filter,
+ &attrs, &server_controls);
+- exattrs = windows_private_get_range_attrs(conn->agmt);
+- charray_merge(&attrs, exattrs, 0 /* pass in */);
+- slapi_ch_free((void **)&exattrs); /* strings are passed in */
+-
+ LDAPDebug( LDAP_DEBUG_REPL, "Sending dirsync search request\n", 0, 0, 0 );
+
+ rc = ldap_search_ext( conn->ld, dn, scope, filter, attrs, PR_FALSE, server_controls,
+@@ -1010,20 +1005,14 @@ Slapi_Entry * windows_conn_get_search_result(Repl_Connection *conn)
+ {
+ if (( dn = ldap_get_dn( conn->ld, res )) != NULL )
+ {
+- char **exattrs = NULL;
+ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"received entry from dirsync: %s\n", dn);
+ lm = ldap_first_entry( conn->ld, res );
+- e = windows_private_get_curr_entry(conn->agmt); /* if range search, e != NULL */
+- e = windows_LDAPMessage2Entry(e, conn, lm, 0, &exattrs);
++ /*
++ * we don't have to retrieve all the members here.
++ * here, we have to make sure to get the entry once.
++ */
++ e = windows_LDAPMessage2Entry(e, conn, lm, 0, NULL);
+ ldap_memfree(dn);
+- if (exattrs) {
+- /* some attribute returned "<attr>;range=low-high" */
+- windows_private_set_curr_entry(conn->agmt, e);
+- windows_private_set_range_attrs(conn->agmt, exattrs);
+- } else {
+- windows_private_set_curr_entry(conn->agmt, NULL);
+- windows_private_set_range_attrs(conn->agmt, NULL);
+- }
+ }
+ }
+ break;
+diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c
+index f5cb44e..c118236 100644
+--- a/ldap/servers/plugins/replication/windows_private.c
++++ b/ldap/servers/plugins/replication/windows_private.c
+@@ -1570,76 +1570,6 @@ windows_private_set_move_action(const Repl_Agmt *ra, int value)
+ LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_move_action\n" );
+ }
+
+-/* Get entry being retrieved; used for the range retrieval */
+-Slapi_Entry *
+-windows_private_get_curr_entry(const Repl_Agmt *ra)
+-{
+- Dirsync_Private *dp;
+-
+- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_curr_entry\n" );
+-
+- PR_ASSERT(ra);
+-
+- dp = (Dirsync_Private *) agmt_get_priv(ra);
+- PR_ASSERT (dp);
+-
+- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_curr_entry\n" );
+-
+- return dp->curr_entry;
+-}
+-
+-/* Set entry being retrieved; used for the range retrieval */
+-void
+-windows_private_set_curr_entry(const Repl_Agmt *ra, Slapi_Entry *e)
+-{
+- Dirsync_Private *dp;
+-
+- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_curr_entry\n" );
+-
+- PR_ASSERT(ra);
+-
+- dp = (Dirsync_Private *) agmt_get_priv(ra);
+- PR_ASSERT (dp);
+- dp->curr_entry = e;
+-
+- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_curr_entry\n" );
+-}
+-
+-/* Get next range retrieval attributes */
+-char **
+-windows_private_get_range_attrs(const Repl_Agmt *ra)
+-{
+- Dirsync_Private *dp;
+-
+- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_get_range_attrs\n" );
+-
+- PR_ASSERT(ra);
+-
+- dp = (Dirsync_Private *) agmt_get_priv(ra);
+- PR_ASSERT (dp);
+-
+- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_get_range_attrs\n" );
+-
+- return dp->range_attrs;
+-}
+-
+-/* Set next range retrieval attributes */
+-void
+-windows_private_set_range_attrs(const Repl_Agmt *ra, char **attrs)
+-{
+- Dirsync_Private *dp;
+-
+- LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_private_set_move_action\n" );
+-
+- PR_ASSERT(ra);
+-
+- dp = (Dirsync_Private *) agmt_get_priv(ra);
+- PR_ASSERT (dp);
+- dp->range_attrs = attrs;
+-
+- LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_private_set_move_action\n" );
+-}
+-
+ static PRCallOnceType winsync_callOnce = {0,0};
+
+ struct winsync_plugin {
+diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
+index 6bf20b7..4cfa20d 100644
+--- a/ldap/servers/plugins/replication/windows_protocol_util.c
++++ b/ldap/servers/plugins/replication/windows_protocol_util.c
+@@ -5847,6 +5847,9 @@ windows_process_dirsync_entry(Private_Repl_Protocol *prp,Slapi_Entry *e, int is_
+ /* Is this entry one we should be interested in ? */
+ if (is_subject_of_agreement_remote(e,prp->agmt))
+ {
++ ConnResult cres = 0;
++ const char *searchbase = slapi_entry_get_dn_const(e);
++ char *filter = "(objectclass=*)";
+ retry:
+ /* First make its local DN */
+ rc = map_entry_dn_inbound(e, &local_sdn, prp->agmt);
+@@ -5902,7 +5905,19 @@ retry:
+ /* If it doesn't exist, try to make it */
+ if (add_local_entry_allowed(prp,e))
+ {
+- windows_create_local_entry(prp,e,local_sdn);
++ found_entry = NULL;
++ /*
++ * BZ 1172037: Search with DirSync Control does not return the range subtype.
++ * Re-search the entry to get all the attribute values over hard limit MaxValRange
++ * on 2008R2. Note: 2012R2 does not have the hard limit.
++ * If we stop supporting 2008R2, this windows_search_entry_ext call can be removed.
++ */
++ cres = windows_search_entry_ext(prp->conn, (char*)searchbase,
++ filter, &found_entry, NULL, LDAP_SCOPE_BASE);
++ if (found_entry) {
++ e = found_entry;
++ }
++ windows_create_local_entry(prp, e, local_sdn);
+ } else
+ {
+ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: not allowed to add entry %s.\n",agmt_get_long_name(prp->agmt)
+@@ -5918,10 +5933,6 @@ retry:
+ * We search Windows with the dn and retry using the found
+ * entry.
+ */
+- ConnResult cres = 0;
+- const char *searchbase = slapi_entry_get_dn_const(e);
+- char *filter = "(objectclass=*)";
+-
+ retried = 1;
+ cres = windows_search_entry_ext(prp->conn, (char*)searchbase,
+ filter, &found_entry, NULL, LDAP_SCOPE_BASE);
+diff --git a/ldap/servers/plugins/replication/windowsrepl.h b/ldap/servers/plugins/replication/windowsrepl.h
+index fd80212..66f4804 100644
+--- a/ldap/servers/plugins/replication/windowsrepl.h
++++ b/ldap/servers/plugins/replication/windowsrepl.h
+@@ -66,11 +66,6 @@ void windows_private_set_one_way(const Repl_Agmt *ra, PRBool value);
+ int windows_private_get_move_action(const Repl_Agmt *ra);
+ void windows_private_set_move_action(const Repl_Agmt *ra, int value);
+
+-Slapi_Entry *windows_private_get_curr_entry(const Repl_Agmt *ra);
+-void windows_private_set_curr_entry(const Repl_Agmt *ra, Slapi_Entry *e);
+-char **windows_private_get_range_attrs(const Repl_Agmt *ra);
+-void windows_private_set_range_attrs(const Repl_Agmt *ra, char **attrs);
+-
+ void windows_private_set_directory_userfilter(const Repl_Agmt *ra, char *filter);
+ void windows_private_set_windows_userfilter(const Repl_Agmt *ra, char *filter);
+ const char* windows_private_get_directory_userfilter(const Repl_Agmt *ra);
+--
+1.9.3
+
diff --git a/SOURCES/0031-Fix-for-CVE-2014-8112.patch b/SOURCES/0031-Fix-for-CVE-2014-8112.patch
deleted file mode 100644
index ef94acf..0000000
--- a/SOURCES/0031-Fix-for-CVE-2014-8112.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From e5de803f4ab1b097c637c269fcc8b567e664c00d Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Fri, 28 Nov 2014 14:23:06 +0100
-Subject: [PATCH 31/53] Fix for CVE-2014-8112
-
- If the unhashed pw switch is set to off this should only
- prevent the generation of the unhashed#user#password
- attribute.
- But encoding of pw values and detiecetion which values have
- to be deleted needs to stay intact.
- So the check if the switch is set has to be placed close to
- the generation of the attribute in different 'if' branches
-
-Reviewed by Noriko, thanks
----
- ldap/servers/plugins/retrocl/retrocl_po.c | 6 +++++
- ldap/servers/slapd/modify.c | 39 +++++++++++++++++--------------
- 2 files changed, 28 insertions(+), 17 deletions(-)
-
-diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
-index 4b2cdda..3f8af81 100644
---- a/ldap/servers/plugins/retrocl/retrocl_po.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
-@@ -101,6 +101,12 @@ static lenstr *make_changes_string(LDAPMod **ldm, const char **includeattrs)
- continue;
- }
- }
-+ if (SLAPD_UNHASHED_PW_NOLOG == slapi_config_get_unhashed_pw_switch()) {
-+ if (0 == strcasecmp(ldm[ i ]->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) {
-+ /* If nsslapd-unhashed-pw-switch == nolog, skip writing it to cl. */
-+ continue;
-+ }
-+ }
- switch ( ldm[ i ]->mod_op & ~LDAP_MOD_BVALUES ) {
- case LDAP_MOD_ADD:
- addlenstr( l, "add: " );
-diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
-index fb0fdde..de44fd3 100644
---- a/ldap/servers/slapd/modify.c
-+++ b/ldap/servers/slapd/modify.c
-@@ -836,8 +836,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
- * before calling the preop plugins
- */
-
-- if (pw_change && !repl_op &&
-- (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch())) {
-+ if (pw_change && !repl_op ) {
- Slapi_Value **va = NULL;
-
- unhashed_pw_attr = slapi_attr_syntax_normalize(PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
-@@ -907,13 +906,15 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
- * Finally, delete the unhashed userpassword
- * (this will update the password entry extension)
- */
-- bval.bv_val = password;
-- bval.bv_len = strlen(password);
-- bv[0] = &bval;
-- bv[1] = NULL;
-- valuearray_init_bervalarray(bv, &va);
-- slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
-- valuearray_free(&va);
-+ if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
-+ bval.bv_val = password;
-+ bval.bv_len = strlen(password);
-+ bv[0] = &bval;
-+ bv[1] = NULL;
-+ valuearray_init_bervalarray(bv, &va);
-+ slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
-+ valuearray_free(&va);
-+ }
- } else {
- /*
- * Password is encoded, try and find a matching unhashed_password to delete
-@@ -945,19 +946,23 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
- if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
- if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){
- /* match, add the delete mod for this particular unhashed userpassword */
-- valuearray_init_bervalarray(bv, &va);
-- slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
-- valuearray_free(&va);
-- free_pw_scheme( unhashed_pwsp );
-+ if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
-+ valuearray_init_bervalarray(bv, &va);
-+ slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
-+ valuearray_free(&va);
-+ free_pw_scheme( unhashed_pwsp );
-+ }
- break;
- }
- } else {
- /*
- * We have a hashed unhashed_userpassword! We must delete it.
- */
-- valuearray_init_bervalarray(bv, &va);
-- slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
-- valuearray_free(&va);
-+ if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
-+ valuearray_init_bervalarray(bv, &va);
-+ slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
-+ valuearray_free(&va);
-+ }
- }
- free_pw_scheme( unhashed_pwsp );
- }
-@@ -972,7 +977,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
- if (remove_unhashed_pw && !slapi_entry_attr_find(e, unhashed_pw_attr, &a)){
- slapi_mods_add_mod_values(&smods, pw_mod->mod_op,unhashed_pw_attr, va);
- }
-- } else {
-+ } else if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
- /* add pseudo password attribute */
- valuearray_init_bervalarray_unhashed_only(pw_mod->mod_bvalues, &va);
- if(va && va[0]){
---
-1.9.3
-
diff --git a/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch b/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
new file mode 100644
index 0000000..1464ae9
--- /dev/null
+++ b/SOURCES/0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
@@ -0,0 +1,47 @@
+From bf8da26adf08db15ae2cbaeadb40f62af6c52037 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 29 Jul 2015 11:26:22 -0700
+Subject: [PATCH 31/39] Ticket #48232 - winsync lastlogon attribute not syncing
+ between DS and AD.
+
+Bug Description:
+From Microsoft forum:
+ The DirSync control taps into the replication stream to get the necessary
+ changes. Since lastLogon is not replicated, it isn't available via the
+ DirSync control.
+Additional notes:
+ The lastLogon attribute is not replicated.
+ In contrast the lastLogontimeStamp attribute is replicated.
+
+Fix Description:
+ Instead of lastLogon|lastLogoff, sync lastLogonTimestamp|lastLogoffTimestamp
+ which are the target of DirSync, to ntUserLastLogon|ntUserLastLogoff.
+
+https://fedorahosted.org/389/ticket/48232
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit 0db29788e6c1b17f944fcafa368b66580e1e90d5)
+(cherry picked from commit b81adb0bc8ad97fec50fba30454e94858476bad5)
+---
+ ldap/servers/plugins/replication/windows_protocol_util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
+index 4cfa20d..5c12af7 100644
+--- a/ldap/servers/plugins/replication/windows_protocol_util.c
++++ b/ldap/servers/plugins/replication/windows_protocol_util.c
+@@ -194,8 +194,8 @@ static windows_attribute_map user_attribute_map[] =
+ {
+ { "homeDirectory", "ntUserHomeDir", bidirectional, always, normal},
+ { "scriptPath", "ntUserScriptPath", bidirectional, always, normal},
+- { "lastLogon", "ntUserLastLogon", fromwindowsonly, always, normal},
+- { "lastLogoff", "ntUserLastLogoff", fromwindowsonly, always, normal},
++ { "lastLogonTimestamp", "ntUserLastLogon", fromwindowsonly, always, normal},
++ { "lastLogoffTimestamp", "ntUserLastLogoff", fromwindowsonly, always, normal},
+ { "accountExpires", "ntUserAcctExpires", bidirectional, always, normal},
+ { "codePage", "ntUserCodePage", bidirectional, always, normal},
+ { "logonHours", "ntUserLogonHours", bidirectional, always, normal},
+--
+1.9.3
+
diff --git a/SOURCES/0032-Ticket-47942-DS-hangs-during-online-total-update.patch b/SOURCES/0032-Ticket-47942-DS-hangs-during-online-total-update.patch
deleted file mode 100644
index aa5cd5c..0000000
--- a/SOURCES/0032-Ticket-47942-DS-hangs-during-online-total-update.patch
+++ /dev/null
@@ -1,784 +0,0 @@
-From 5b0283a5a5b12c9b2ccee049ddc611decaa07a09 Mon Sep 17 00:00:00 2001
-From: "Thierry bordaz (tbordaz)" <tbordaz@redhat.com>
-Date: Mon, 15 Dec 2014 15:12:35 +0100
-Subject: [PATCH 32/53] Ticket 47942: DS hangs during online total update
-
-Bug Description:
- During incremental or total update of a consumer the replica agreement thread may hang.
- For total update:
- The replica agreement thread that send the entries flowed the consumer that is not
- able to process fast enough the entries. So the TCP connection get full and
- the RA sender sleep on the connection to be able to write the next entries.
-
- Sleeping on the poll or write the RA.sender holds the connection lock.
-
- It prevents the replica agreement result thread to read the results from the
- network. So the consumer is also halted because is can no longer send the results.
-
- For incrementatl update:
- During incremental update, all updates are sent by the RA.sender.
- If many updates need to be send, the supplier may overflow the consumer
- that is very late. This flow of updates can fill the TCP connection
- so that the RA.sender hang when writing the next update.
- On the hang, it holds the connection lock preventing the RA.reader
- to receive the acks. And so the consumer can also hang trying to send the
- acks.
-
-Fix Description:
- For total update there are two parts of the fix:
-
- To prevent the RA.sender to sleep too long on the poll, the fix (conn_is_available)
- splits the RA.timeout into 1s period.
- If unable to write for 1s, it releases the connection for a short period of time 100ms.
-
- To prevent the RA.sender to sleep on the write, the fix (check_flow_control_tot_init)
- checks how late is the consumer and if it is too late, it pauses (releasing the connection
- during that time). This second part of the fix is configurable and it may need to be
- tune according to the observed failures.
-
- For incremental update:
- The fix is to implement a flow control on the RA.sender.
- After each sent update, if the window (update.sent - update.acked) cross the limit
- The RA.sender pause during a configured delay.
- When the RA.sender pause it does not hold the connection lock
-
- Tuning can be done with nsds5ReplicaFlowControlWindow (how late is the consumer in terms of
- number of entries/updates acknowledged) and nsds5ReplicaFlowControlPause (how long the RA.sender will
- pause if the consumer is too late)
-
- Logging:
- For total update, the first time the flow control pauses, it logs a message (FATAL level).
- If flow control happened, then at the end of the total update, it also logs the number
- of flow control pauses (FATAL level).
-
- For incremental update, if flow control happened it logs the number of pause (REPL level).
-
-https://fedorahosted.org/389/ticket/47942
-
-Reviewed by: Mark Reynolds, Rich Megginson, Andrey Ivanov, Noriko Hosoi (many many thanks to all of you !)
-
-Platforms tested: RHEL 7.0, Centos
-
-Flag Day: no
-
-Doc impact: no
----
- ldap/schema/01core389.ldif | 4 +-
- ldap/servers/plugins/replication/repl5.h | 10 ++
- ldap/servers/plugins/replication/repl5_agmt.c | 160 ++++++++++++++++++++
- ldap/servers/plugins/replication/repl5_agmtlist.c | 26 ++++
- .../servers/plugins/replication/repl5_connection.c | 163 ++++++++++++++++++++-
- .../plugins/replication/repl5_inc_protocol.c | 32 +++-
- .../plugins/replication/repl5_prot_private.h | 2 +
- .../plugins/replication/repl5_tot_protocol.c | 53 ++++++-
- ldap/servers/plugins/replication/repl_globals.c | 2 +
- 9 files changed, 446 insertions(+), 6 deletions(-)
-
-diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
-index c7aec70..c59d762 100644
---- a/ldap/schema/01core389.ldif
-+++ b/ldap/schema/01core389.ldif
-@@ -302,6 +302,8 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2306 NAME 'nsslapd-return-default-opattr
- attributeTypes: ( 2.16.840.1.113730.3.1.2307 NAME 'nsslapd-allow-hashed-passwords' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- attributeTypes: ( 2.16.840.1.113730.3.1.2308 NAME 'nstombstonecsn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- attributeTypes: ( 2.16.840.1.113730.3.1.2309 NAME 'nsds5ReplicaPreciseTombstonePurging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
-+attributeTypes: ( 2.16.840.1.113730.3.1.2310 NAME 'nsds5ReplicaFlowControlWindow' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
-+attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPause' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
- #
- # objectclasses
- #
-@@ -313,7 +315,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape d
- objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nstombstonecsn $ nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' )
--objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout ) X-ORIGIN 'Netscape Directory Server' )
-+objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' )
- objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' )
-diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
-index 86c77ce..e2b6209 100644
---- a/ldap/servers/plugins/replication/repl5.h
-+++ b/ldap/servers/plugins/replication/repl5.h
-@@ -170,6 +170,8 @@ extern const char *type_nsds5ReplicaBusyWaitTime;
- extern const char *type_nsds5ReplicaSessionPauseTime;
- extern const char *type_nsds5ReplicaEnabled;
- extern const char *type_nsds5ReplicaStripAttrs;
-+extern const char *type_nsds5ReplicaFlowControlWindow;
-+extern const char *type_nsds5ReplicaFlowControlPause;
- extern const char *type_replicaProtocolTimeout;
- extern const char *type_replicaBackoffMin;
- extern const char *type_replicaBackoffMax;
-@@ -332,6 +334,8 @@ int agmt_get_auto_initialize(const Repl_Agmt *ra);
- long agmt_get_timeout(const Repl_Agmt *ra);
- long agmt_get_busywaittime(const Repl_Agmt *ra);
- long agmt_get_pausetime(const Repl_Agmt *ra);
-+long agmt_get_flowcontrolwindow(const Repl_Agmt *ra);
-+long agmt_get_flowcontrolpause(const Repl_Agmt *ra);
- int agmt_start(Repl_Agmt *ra);
- int windows_agmt_start(Repl_Agmt *ra);
- int agmt_stop(Repl_Agmt *ra);
-@@ -352,6 +356,8 @@ int agmt_replarea_matches(const Repl_Agmt *ra, const Slapi_DN *name);
- int agmt_schedule_in_window_now(const Repl_Agmt *ra);
- int agmt_set_schedule_from_entry( Repl_Agmt *ra, const Slapi_Entry *e );
- int agmt_set_timeout_from_entry( Repl_Agmt *ra, const Slapi_Entry *e );
-+int agmt_set_flowcontrolwindow_from_entry(Repl_Agmt *ra, const Slapi_Entry *e);
-+int agmt_set_flowcontrolpause_from_entry(Repl_Agmt *ra, const Slapi_Entry *e);
- int agmt_set_busywaittime_from_entry( Repl_Agmt *ra, const Slapi_Entry *e );
- int agmt_set_pausetime_from_entry( Repl_Agmt *ra, const Slapi_Entry *e );
- int agmt_set_credentials_from_entry( Repl_Agmt *ra, const Slapi_Entry *e );
-@@ -490,6 +496,10 @@ void conn_lock(Repl_Connection *conn);
- void conn_unlock(Repl_Connection *conn);
- void conn_delete_internal_ext(Repl_Connection *conn);
- const char* conn_get_bindmethod(Repl_Connection *conn);
-+void conn_set_tot_update_cb(Repl_Connection *conn, void *cb_data);
-+void conn_set_tot_update_cb_nolock(Repl_Connection *conn, void *cb_data);
-+void conn_get_tot_update_cb(Repl_Connection *conn, void **cb_data);
-+void conn_get_tot_update_cb_nolock(Repl_Connection *conn, void **cb_data);
-
- /* In repl5_protocol.c */
- typedef struct repl_protocol Repl_Protocol;
-diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
-index 7c5c37c..91be757 100644
---- a/ldap/servers/plugins/replication/repl5_agmt.c
-+++ b/ldap/servers/plugins/replication/repl5_agmt.c
-@@ -87,6 +87,8 @@
- #include "slapi-plugin.h"
-
- #define DEFAULT_TIMEOUT 600 /* (seconds) default outbound LDAP connection */
-+#define DEFAULT_FLOWCONTROL_WINDOW 1000 /* #entries sent without acknowledgment */
-+#define DEFAULT_FLOWCONTROL_PAUSE 2000 /* msec of pause when #entries sent witout acknowledgment */
- #define STATUS_LEN 1024
-
- struct changecounter {
-@@ -145,6 +147,12 @@ typedef struct repl5agmt {
- int agreement_type;
- Slapi_Counter *protocol_timeout;
- char *maxcsn; /* agmt max csn */
-+ long flowControlWindow; /* This is the maximum number of entries
-+ * sent without acknowledgment
-+ */
-+ long flowControlPause; /* When nb of not acknowledged entries overpass totalUpdateWindow
-+ * This is the duration (in msec) that the RA will pause before sending the next entry
-+ */
- Slapi_RWLock *attr_lock; /* RW lock for all the stripped attrs */
- } repl5agmt;
-
-@@ -345,6 +353,28 @@ agmt_new_from_entry(Slapi_Entry *e)
- }
- }
-
-+ /* flow control update window. */
-+ ra->flowControlWindow = DEFAULT_FLOWCONTROL_WINDOW;
-+ if (slapi_entry_attr_find(e, type_nsds5ReplicaFlowControlWindow, &sattr) == 0)
-+ {
-+ Slapi_Value *sval;
-+ if (slapi_attr_first_value(sattr, &sval) == 0)
-+ {
-+ ra->flowControlWindow = slapi_value_get_long(sval);
-+ }
-+ }
-+
-+ /* flow control update pause. */
-+ ra->flowControlPause = DEFAULT_FLOWCONTROL_PAUSE;
-+ if (slapi_entry_attr_find(e, type_nsds5ReplicaFlowControlPause, &sattr) == 0)
-+ {
-+ Slapi_Value *sval;
-+ if (slapi_attr_first_value(sattr, &sval) == 0)
-+ {
-+ ra->flowControlPause = slapi_value_get_long(sval);
-+ }
-+ }
-+
- /* DN of entry at root of replicated area */
- tmpstr = slapi_entry_attr_get_charptr(e, type_nsds5ReplicaRoot);
- if (NULL != tmpstr)
-@@ -1014,6 +1044,26 @@ agmt_get_pausetime(const Repl_Agmt *ra)
- return return_value;
- }
-
-+long
-+agmt_get_flowcontrolwindow(const Repl_Agmt *ra)
-+{
-+ long return_value;
-+ PR_ASSERT(NULL != ra);
-+ PR_Lock(ra->lock);
-+ return_value = ra->flowControlWindow;
-+ PR_Unlock(ra->lock);
-+ return return_value;
-+}
-+long
-+agmt_get_flowcontrolpause(const Repl_Agmt *ra)
-+{
-+ long return_value;
-+ PR_ASSERT(NULL != ra);
-+ PR_Lock(ra->lock);
-+ return_value = ra->flowControlPause;
-+ PR_Unlock(ra->lock);
-+ return return_value;
-+}
- /*
- * Warning - reference to the long name of the agreement is returned.
- * The long name of an agreement is the DN of the agreement entry,
-@@ -1775,6 +1825,90 @@ agmt_set_timeout_from_entry(Repl_Agmt *ra, const Slapi_Entry *e)
- return return_value;
- }
-
-+/*
-+ * Set or reset the windows of entries sent without acknowledgment.
-+ * The window is used during update to determine the number of
-+ * entries will be send by the replica agreement without acknowledgment from the consumer
-+ *
-+ * Returns 0 if window set, or -1 if an error occurred.
-+ */
-+int
-+agmt_set_flowcontrolwindow_from_entry(Repl_Agmt *ra, const Slapi_Entry *e)
-+{
-+ Slapi_Attr *sattr = NULL;
-+ int return_value = -1;
-+
-+ PR_ASSERT(NULL != ra);
-+ PR_Lock(ra->lock);
-+ if (ra->stop_in_progress)
-+ {
-+ PR_Unlock(ra->lock);
-+ return return_value;
-+ }
-+
-+ slapi_entry_attr_find(e, type_nsds5ReplicaFlowControlWindow, &sattr);
-+ if (NULL != sattr)
-+ {
-+ Slapi_Value *sval = NULL;
-+ slapi_attr_first_value(sattr, &sval);
-+ if (NULL != sval)
-+ {
-+ long tmpval = slapi_value_get_long(sval);
-+ if (tmpval >= 0) {
-+ ra->flowControlWindow = tmpval;
-+ return_value = 0; /* success! */
-+ }
-+ }
-+ }
-+ PR_Unlock(ra->lock);
-+ if (return_value == 0)
-+ {
-+ prot_notify_agmt_changed(ra->protocol, ra->long_name);
-+ }
-+ return return_value;
-+}
-+
-+/*
-+ * Set or reset the pause duration when #entries sent without acknowledgment overpass flow control window
-+ *
-+ * Returns 0 if pause set, or -1 if an error occurred.
-+ */
-+int
-+agmt_set_flowcontrolpause_from_entry(Repl_Agmt *ra, const Slapi_Entry *e)
-+{
-+ Slapi_Attr *sattr = NULL;
-+ int return_value = -1;
-+
-+ PR_ASSERT(NULL != ra);
-+ PR_Lock(ra->lock);
-+ if (ra->stop_in_progress)
-+ {
-+ PR_Unlock(ra->lock);
-+ return return_value;
-+ }
-+
-+ slapi_entry_attr_find(e, type_nsds5ReplicaFlowControlPause, &sattr);
-+ if (NULL != sattr)
-+ {
-+ Slapi_Value *sval = NULL;
-+ slapi_attr_first_value(sattr, &sval);
-+ if (NULL != sval)
-+ {
-+ long tmpval = slapi_value_get_long(sval);
-+ if (tmpval >= 0) {
-+ ra->flowControlPause = tmpval;
-+ return_value = 0; /* success! */
-+ }
-+ }
-+ }
-+ PR_Unlock(ra->lock);
-+ if (return_value == 0)
-+ {
-+ prot_notify_agmt_changed(ra->protocol, ra->long_name);
-+ }
-+ return return_value;
-+}
-+
- int
- agmt_set_timeout(Repl_Agmt *ra, long timeout)
- {
-@@ -1788,6 +1922,32 @@ agmt_set_timeout(Repl_Agmt *ra, long timeout)
-
- return 0;
- }
-+int
-+agmt_set_flowcontrolwindow(Repl_Agmt *ra, long window)
-+{
-+ PR_Lock(ra->lock);
-+ if (ra->stop_in_progress){
-+ PR_Unlock(ra->lock);
-+ return -1;
-+ }
-+ ra->flowControlWindow = window;
-+ PR_Unlock(ra->lock);
-+
-+ return 0;
-+}
-+int
-+agmt_set_flowcontrolpause(Repl_Agmt *ra, long pause)
-+{
-+ PR_Lock(ra->lock);
-+ if (ra->stop_in_progress){
-+ PR_Unlock(ra->lock);
-+ return -1;
-+ }
-+ ra->flowControlPause = pause;
-+ PR_Unlock(ra->lock);
-+
-+ return 0;
-+}
-
- /*
- * Set or reset the busywaittime
-diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c
-index 8a70055..5eead07 100644
---- a/ldap/servers/plugins/replication/repl5_agmtlist.c
-+++ b/ldap/servers/plugins/replication/repl5_agmtlist.c
-@@ -330,6 +330,32 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
- }
- }
- else if (slapi_attr_types_equivalent(mods[i]->mod_type,
-+ type_nsds5ReplicaFlowControlWindow))
-+ {
-+ /* New replica timeout */
-+ if (agmt_set_flowcontrolwindow_from_entry(agmt, e) != 0)
-+ {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: "
-+ "failed to update the flow control window for agreement %s\n",
-+ agmt_get_long_name(agmt));
-+ *returncode = LDAP_OPERATIONS_ERROR;
-+ rc = SLAPI_DSE_CALLBACK_ERROR;
-+ }
-+ }
-+ else if (slapi_attr_types_equivalent(mods[i]->mod_type,
-+ type_nsds5ReplicaFlowControlPause))
-+ {
-+ /* New replica timeout */
-+ if (agmt_set_flowcontrolpause_from_entry(agmt, e) != 0)
-+ {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: "
-+ "failed to update the flow control pause for agreement %s\n",
-+ agmt_get_long_name(agmt));
-+ *returncode = LDAP_OPERATIONS_ERROR;
-+ rc = SLAPI_DSE_CALLBACK_ERROR;
-+ }
-+ }
-+ else if (slapi_attr_types_equivalent(mods[i]->mod_type,
- type_nsds5ReplicaBusyWaitTime))
- {
- /* New replica busywaittime */
-diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
-index c004bfb..2971025 100644
---- a/ldap/servers/plugins/replication/repl5_connection.c
-+++ b/ldap/servers/plugins/replication/repl5_connection.c
-@@ -52,6 +52,7 @@ replica locked. Seems like right thing to do.
- */
-
- #include "repl5.h"
-+#include "repl5_prot_private.h"
- #include "slapi-private.h"
- #if defined(USE_OPENLDAP)
- #include "ldap.h"
-@@ -91,6 +92,7 @@ typedef struct repl_connection
- struct timeval timeout;
- int flag_agmt_changed;
- char *plain;
-+ void *tot_init_callback; /* Used during total update to do flow control */
- } repl_connection;
-
- /* #define DEFAULT_LINGER_TIME (5 * 60) */ /* 5 minutes */
-@@ -274,6 +276,32 @@ conn_delete(Repl_Connection *conn)
- PR_Unlock(conn->lock);
- }
-
-+void
-+conn_set_tot_update_cb_nolock(Repl_Connection *conn, void *cb_data)
-+{
-+ conn->tot_init_callback = (void *) cb_data;
-+}
-+void
-+conn_set_tot_update_cb(Repl_Connection *conn, void *cb_data)
-+{
-+ PR_Lock(conn->lock);
-+ conn_set_tot_update_cb_nolock(conn, cb_data);
-+ PR_Unlock(conn->lock);
-+}
-+
-+void
-+conn_get_tot_update_cb_nolock(Repl_Connection *conn, void **cb_data)
-+{
-+ *cb_data = (void *) conn->tot_init_callback;
-+}
-+void
-+conn_get_tot_update_cb(Repl_Connection *conn, void **cb_data)
-+{
-+ PR_Lock(conn->lock);
-+ conn_get_tot_update_cb_nolock(conn, cb_data);
-+ PR_Unlock(conn->lock);
-+}
-+
- /*
- * Return the last operation type processed by the connection
- * object, and the LDAP error encountered.
-@@ -640,6 +668,131 @@ see_if_write_available(Repl_Connection *conn, PRIntervalTime timeout)
- }
- #endif /* ! USE_OPENLDAP */
-
-+/*
-+ * During a total update, this function checks how much entries
-+ * have been sent to the consumer without having received their acknowledgment.
-+ * Basically it checks how late is the consumer.
-+ *
-+ * If the consumer is too late, it pause the RA.sender (releasing the lock) to
-+ * let the consumer to catch up and RA.reader to receive the acknowledgments.
-+ *
-+ * Caller must hold conn->lock
-+ */
-+static void
-+check_flow_control_tot_init(Repl_Connection *conn, int optype, const char *extop_oid, int sent_msgid)
-+{
-+ int rcv_msgid;
-+ int once;
-+
-+ if ((sent_msgid != 0) && (optype == CONN_EXTENDED_OPERATION) && (strcmp(extop_oid, REPL_NSDS50_REPLICATION_ENTRY_REQUEST_OID) == 0)) {
-+ /* We are sending entries part of the total update of a consumer
-+ * Wait a bit if the consumer needs to catchup from the current sent entries
-+ */
-+ rcv_msgid = repl5_tot_last_rcv_msgid(conn);
-+ if (rcv_msgid == -1) {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "%s: check_flow_control_tot_init no callback data [ msgid sent: %d]\n",
-+ agmt_get_long_name(conn->agmt),
-+ sent_msgid);
-+ } else if (sent_msgid < rcv_msgid) {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "%s: check_flow_control_tot_init invalid message ids [ msgid sent: %d, rcv: %d]\n",
-+ agmt_get_long_name(conn->agmt),
-+ sent_msgid,
-+ rcv_msgid);
-+ } else if ((sent_msgid - rcv_msgid) > agmt_get_flowcontrolwindow(conn->agmt)) {
-+ int totalUpdatePause;
-+
-+ totalUpdatePause = agmt_get_flowcontrolpause(conn->agmt);
-+ if (totalUpdatePause) {
-+ /* The consumer is late. Last sent entry compare to last acknowledged entry
-+ * overpass the allowed limit (flowcontrolwindow)
-+ * Give some time to the consumer to catch up
-+ */
-+ once = repl5_tot_flowcontrol_detection(conn, 1);
-+ PR_Unlock(conn->lock);
-+ if (once == 1) {
-+ /* This is the first time we hit total update flow control.
-+ * Log it at least once to inform administrator there is
-+ * a potential configuration issue here
-+ */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "%s: Total update flow control gives time (%d msec) to the consumer before sending more entries [ msgid sent: %d, rcv: %d])\n"
-+ "If total update fails you can try to increase %s and/or decrease %s in the replica agreement configuration\n",
-+ agmt_get_long_name(conn->agmt),
-+ totalUpdatePause,
-+ sent_msgid,
-+ rcv_msgid,
-+ type_nsds5ReplicaFlowControlPause,
-+ type_nsds5ReplicaFlowControlWindow);
-+ }
-+ DS_Sleep(PR_MillisecondsToInterval(totalUpdatePause));
-+ PR_Lock(conn->lock);
-+ }
-+ }
-+ }
-+
-+}
-+/*
-+ * Test if the connection is available to do a write.
-+ * This function is doing a periodic polling of the connection.
-+ * If the polling times out:
-+ * - it releases the connection lock (to let other thread ,i.e.
-+ * replication result thread, the opportunity to use the connection)
-+ * - Sleeps for a short period (100ms)
-+ * - acquires the connection lock
-+ *
-+ * It loops until
-+ * - it is available
-+ * - exceeds RA complete timeout
-+ * - server is shutdown
-+ * - connection is disconnected (Disable, stop, delete the RA
-+ * 'terminate' the replication protocol and disconnect the connection)
-+ *
-+ * Return:
-+ * - CONN_OPERATION_SUCCESS if the connection is available
-+ * - CONN_TIMEOUT if the overall polling/sleeping delay exceeds RA timeout
-+ * - CONN_NOT_CONNECTED if the replication connection state is disconnected
-+ * - other ConnResult
-+ *
-+ * Caller must hold conn->Lock. At the exit, conn->lock is held
-+ */
-+static ConnResult
-+conn_is_available(Repl_Connection *conn)
-+{
-+ time_t poll_timeout_sec = 1; /* Polling for 1sec */
-+ time_t yield_delay_msec = 100; /* Delay to wait */
-+ time_t start_time = time( NULL );
-+ time_t time_now;
-+ ConnResult return_value = CONN_OPERATION_SUCCESS;
-+
-+ while (!slapi_is_shutting_down() && (conn->state != STATE_DISCONNECTED)) {
-+ return_value = see_if_write_available(conn, PR_SecondsToInterval(poll_timeout_sec));
-+ if (return_value == CONN_TIMEOUT) {
-+ /* in case of timeout we return CONN_TIMEOUT only
-+ * if the RA.timeout is exceeded
-+ */
-+ time_now = time(NULL);
-+ if (conn->timeout.tv_sec <= (time_now - start_time)) {
-+ break;
-+ } else {
-+ /* Else give connection to others threads */
-+ PR_Unlock(conn->lock);
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "%s: perform_operation transient timeout. retry)\n",
-+ agmt_get_long_name(conn->agmt));
-+ DS_Sleep(PR_MillisecondsToInterval(yield_delay_msec));
-+ PR_Lock(conn->lock);
-+ }
-+ } else {
-+ break;
-+ }
-+ }
-+ if (conn->state == STATE_DISCONNECTED) {
-+ return_value = CONN_NOT_CONNECTED;
-+ }
-+ return return_value;
-+}
- /*
- * Common code to send an LDAPv3 operation and collect the result.
- * Return values:
-@@ -683,10 +836,13 @@ perform_operation(Repl_Connection *conn, int optype, const char *dn,
-
- Slapi_Eq_Context eqctx = repl5_start_debug_timeout(&setlevel);
-
-- return_value = see_if_write_available(
-- conn, PR_SecondsToInterval(conn->timeout.tv_sec));
-+ return_value = conn_is_available(conn);
- if (return_value != CONN_OPERATION_SUCCESS) {
- PR_Unlock(conn->lock);
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "%s: perform_operation connection is not available (%d)\n",
-+ agmt_get_long_name(conn->agmt),
-+ return_value);
- return return_value;
- }
- conn->last_operation = optype;
-@@ -758,6 +914,9 @@ perform_operation(Repl_Connection *conn, int optype, const char *dn,
- */
- return_value = CONN_NOT_CONNECTED;
- }
-+
-+ check_flow_control_tot_init(conn, optype, extop_oid, msgid);
-+
- PR_Unlock(conn->lock); /* release the lock */
- if (message_id)
- {
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index 3bb68e7..b867fc4 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -108,6 +108,7 @@ typedef struct result_data
- int stop_result_thread; /* Flag used to tell the result thread to exit */
- int last_message_id_sent;
- int last_message_id_received;
-+ int flowcontrol_detection;
- int result; /* The UPDATE_TRANSIENT_ERROR etc */
- } result_data;
-
-@@ -460,6 +461,23 @@ repl5_inc_destroy_async_result_thread(result_data *rd)
- return retval;
- }
-
-+/* The interest of this routine is to give time to the consumer
-+ * to apply the sent updates and return the acks.
-+ * So the caller should not hold the replication connection lock
-+ * to let the RA.reader receives the acks.
-+ */
-+static void
-+repl5_inc_flow_control_results(Repl_Agmt *agmt, result_data *rd)
-+{
-+ PR_Lock(rd->lock);
-+ if ((rd->last_message_id_received <= rd->last_message_id_sent) &&
-+ ((rd->last_message_id_sent - rd->last_message_id_received) >= agmt_get_flowcontrolwindow(agmt))) {
-+ rd->flowcontrol_detection++;
-+ DS_Sleep(PR_MillisecondsToInterval(agmt_get_flowcontrolpause(agmt)));
-+ }
-+ PR_Unlock(rd->lock);
-+}
-+
- static void
- repl5_inc_waitfor_async_results(result_data *rd)
- {
-@@ -1683,7 +1701,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- {
- int finished = 0;
- ConnResult replay_crc;
-- char csn_str[CSN_STRSIZE];
-+ char csn_str[CSN_STRSIZE];
-
- /* Start the results reading thread */
- rd = repl5_inc_rd_new(prp);
-@@ -1818,6 +1836,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- sop->replica_id = replica_id;
- PL_strncpyz(sop->uniqueid, uniqueid, sizeof(sop->uniqueid));
- repl5_int_push_operation(rd,sop);
-+ repl5_inc_flow_control_results(prp->agmt, rd);
- } else {
- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "%s: Skipping update operation with no message_id (uniqueid %s, CSN %s):\n",
-@@ -1906,6 +1925,17 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
- }
- *num_changes_sent = rd->num_changes_sent;
- }
-+ PR_Lock(rd->lock);
-+ if (rd->flowcontrol_detection) {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "%s: Incremental update flow control triggered %d times\n"
-+ "You may increase %s and/or decrease %s in the replica agreement configuration\n",
-+ agmt_get_long_name(prp->agmt),
-+ rd->flowcontrol_detection,
-+ type_nsds5ReplicaFlowControlPause,
-+ type_nsds5ReplicaFlowControlWindow);
-+ }
-+ PR_Unlock(rd->lock);
- repl5_inc_rd_destroy(&rd);
-
- cl5_operation_parameters_done ( entry.op );
-diff --git a/ldap/servers/plugins/replication/repl5_prot_private.h b/ldap/servers/plugins/replication/repl5_prot_private.h
-index 586e1eb..1b1c00b 100644
---- a/ldap/servers/plugins/replication/repl5_prot_private.h
-+++ b/ldap/servers/plugins/replication/repl5_prot_private.h
-@@ -79,6 +79,8 @@ typedef struct private_repl_protocol
-
- extern Private_Repl_Protocol *Repl_5_Inc_Protocol_new();
- extern Private_Repl_Protocol *Repl_5_Tot_Protocol_new();
-+extern int repl5_tot_last_rcv_msgid(Repl_Connection *conn);
-+extern int repl5_tot_flowcontrol_detection(Repl_Connection *conn, int increment);
- extern Private_Repl_Protocol *Windows_Inc_Protocol_new();
- extern Private_Repl_Protocol *Windows_Tot_Protocol_new();
-
-diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-index d4f0fcc..adadd44 100644
---- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
-@@ -82,6 +82,7 @@ typedef struct callback_data
- int stop_result_thread; /* Flag used to tell the result thread to exit */
- int last_message_id_sent;
- int last_message_id_received;
-+ int flowcontrol_detection;
- } callback_data;
-
- /*
-@@ -428,13 +429,19 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- LDAP_SCOPE_SUBTREE, "(|(objectclass=ldapsubentry)(objectclass=nstombstone)(nsuniqueid=*))", NULL, 0, ctrls, NULL,
- repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
-
-- cb_data.prp = prp;
-- cb_data.rc = 0;
-+ cb_data.prp = prp;
-+ cb_data.rc = 0;
- cb_data.num_entries = 0UL;
- cb_data.sleep_on_busy = 0UL;
- cb_data.last_busy = current_time ();
-+ cb_data.flowcontrol_detection = 0;
- cb_data.lock = PR_NewLock();
-
-+ /* This allows during perform_operation to check the callback data
-+ * especially to do flow contol on delta send msgid / recv msgid
-+ */
-+ conn_set_tot_update_cb(prp->conn, (void *) &cb_data);
-+
- /* Before we get started on sending entries to the replica, we need to
- * setup things for async propagation:
- * 1. Create a thread that will read the LDAP results from the connection.
-@@ -506,6 +513,17 @@ repl5_tot_run(Private_Repl_Protocol *prp)
- done:
- slapi_sdn_free(&area_sdn);
- slapi_ch_free_string(&hostname);
-+ if (cb_data.flowcontrol_detection > 1)
-+ {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-+ "%s: Total update flow control triggered %d times\n"
-+ "You may increase %s and/or decrease %s in the replica agreement configuration\n",
-+ agmt_get_long_name(prp->agmt),
-+ cb_data.flowcontrol_detection,
-+ type_nsds5ReplicaFlowControlPause,
-+ type_nsds5ReplicaFlowControlWindow);
-+ }
-+ conn_set_tot_update_cb(prp->conn, NULL);
- if (cb_data.lock)
- {
- PR_DestroyLock(cb_data.lock);
-@@ -645,6 +663,37 @@ void get_result (int rc, void *cb_data)
- ((callback_data*)cb_data)->rc = rc;
- }
-
-+/* Call must hold the connection lock */
-+int
-+repl5_tot_last_rcv_msgid(Repl_Connection *conn)
-+{
-+ struct callback_data *cb_data;
-+
-+ conn_get_tot_update_cb_nolock(conn, (void **) &cb_data);
-+ if (cb_data == NULL) {
-+ return -1;
-+ } else {
-+ return cb_data->last_message_id_received;
-+ }
-+}
-+
-+/* Increase the flowcontrol counter
-+ * Call must hold the connection lock
-+ */
-+int
-+repl5_tot_flowcontrol_detection(Repl_Connection *conn, int increment)
-+{
-+ struct callback_data *cb_data;
-+
-+ conn_get_tot_update_cb_nolock(conn, (void **) &cb_data);
-+ if (cb_data == NULL) {
-+ return -1;
-+ } else {
-+ cb_data->flowcontrol_detection += increment;
-+ return cb_data->flowcontrol_detection;
-+ }
-+}
-+
- static
- int send_entry (Slapi_Entry *e, void *cb_data)
- {
-diff --git a/ldap/servers/plugins/replication/repl_globals.c b/ldap/servers/plugins/replication/repl_globals.c
-index 5609def..e2157fa 100644
---- a/ldap/servers/plugins/replication/repl_globals.c
-+++ b/ldap/servers/plugins/replication/repl_globals.c
-@@ -139,6 +139,8 @@ const char *type_nsds5ReplicaBusyWaitTime = "nsds5ReplicaBusyWaitTime";
- const char *type_nsds5ReplicaSessionPauseTime = "nsds5ReplicaSessionPauseTime";
- const char *type_nsds5ReplicaEnabled = "nsds5ReplicaEnabled";
- const char *type_nsds5ReplicaStripAttrs = "nsds5ReplicaStripAttrs";
-+const char* type_nsds5ReplicaFlowControlWindow = "nsds5ReplicaFlowControlWindow";
-+const char* type_nsds5ReplicaFlowControlPause = "nsds5ReplicaFlowControlPause";
-
- /* windows sync specific attributes */
- const char *type_nsds7WindowsReplicaArea = "nsds7WindowsReplicaSubtree";
---
-1.9.3
-
diff --git a/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch b/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
new file mode 100644
index 0000000..f9682d7
--- /dev/null
+++ b/SOURCES/0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
@@ -0,0 +1,39 @@
+From ddf6d5dfd566d44a10af342d049f22b5dbe26381 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 30 Jul 2015 11:07:40 -0700
+Subject: [PATCH 32/39] Ticket #48231 - logconv autobind handling regression
+ caused by 47446
+
+Description: When there are autobinds with ldapi, the tool fails with
+an syntax error:
+ Use of uninitialized value in transliteration (tr///) at /Local/dirsrv/bin/logconv.pl line 2018, <$LOGFH> line 207.
+ Use of uninitialized value $tmpp in hash element at /Local/dirsrv/bin/logconv.pl line 2019, <$LOGFH> line 207.
+
+Thanks for providing the fix and testing it, pj101 and rmeggins@redhat.com.
+
+Reviewed by nhosoi@redhat.com.
+
+https://fedorahosted.org/389/ticket/48231
+(cherry picked from commit 44a223f73a537445976a77af1652515ea46f970b)
+(cherry picked from commit e7fc14305e7e431034d5e076f31d2ee22742578f)
+---
+ ldap/admin/src/logconv.pl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
+index 3113f8a..9cd9aaa 100755
+--- a/ldap/admin/src/logconv.pl
++++ b/ldap/admin/src/logconv.pl
+@@ -2025,8 +2025,8 @@ sub parseLineNormal
+ if($1 eq $rootDN){
+ $rootDNBindCount++;
+ }
++ $tmpp = $1;
+ if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
+- $tmpp = $1;
+ $tmpp =~ tr/A-Z/a-z/;
+ $hashes->{bindlist}->{$tmpp}++;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0033-Fix-for-CVE-2014-8105.patch b/SOURCES/0033-Fix-for-CVE-2014-8105.patch
deleted file mode 100644
index cc52f96..0000000
--- a/SOURCES/0033-Fix-for-CVE-2014-8105.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 4b812a1af367ed409e21abe73a77e57092e5a5f3 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 16 Dec 2014 16:53:07 -0500
-Subject: [PATCH 33/53] Fix for CVE-2014-8105
-
-Description: At server startup check for the Retro Changelog default ACI
- on cn=changelog, if present delete it.
-
-Reviewed by: lkrispenz(Thanks!)
----
- ldap/servers/plugins/retrocl/retrocl.c | 67 ++++++++++++++++++++++++++-
- ldap/servers/plugins/retrocl/retrocl_create.c | 4 --
- 2 files changed, 66 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c
-index 0d2a6dc..8a0f350 100644
---- a/ldap/servers/plugins/retrocl/retrocl.c
-+++ b/ldap/servers/plugins/retrocl/retrocl.c
-@@ -308,6 +308,68 @@ char *retrocl_get_config_str(const char *attrt)
- return ma;
- }
-
-+static void
-+retrocl_remove_legacy_default_aci(void)
-+{
-+ Slapi_PBlock *pb = NULL;
-+ Slapi_Entry **entries;
-+ char **aci_vals = NULL;
-+ char *attrs[] = {"aci", NULL};
-+ int rc;
-+
-+ pb = slapi_pblock_new();
-+ slapi_search_internal_set_pb(pb, RETROCL_CHANGELOG_DN, LDAP_SCOPE_BASE, "objectclass=*",
-+ attrs, 0, NULL, NULL, g_plg_identity[PLUGIN_RETROCL] , 0);
-+ slapi_search_internal_pb(pb);
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
-+ if (rc == LDAP_SUCCESS) {
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-+ if(entries && entries[0]){
-+ if((aci_vals = slapi_entry_attr_get_charray(entries[0], "aci"))){
-+ if(charray_inlist(aci_vals, RETROCL_ACL)){
-+ /*
-+ * Okay, we need to remove the aci
-+ */
-+ LDAPMod mod;
-+ LDAPMod *mods[2];
-+ char *val[2];
-+ Slapi_PBlock *mod_pb = 0;
-+
-+ mod_pb = slapi_pblock_new();
-+ mods[0] = &mod;
-+ mods[1] = 0;
-+ val[0] = RETROCL_ACL;
-+ val[1] = 0;
-+ mod.mod_op = LDAP_MOD_DELETE;
-+ mod.mod_type = "aci";
-+ mod.mod_values = val;
-+
-+ slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(entries[0]),
-+ mods, 0, 0, g_plg_identity[PLUGIN_RETROCL], 0);
-+ slapi_modify_internal_pb(mod_pb);
-+ slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
-+ if(rc == LDAP_SUCCESS){
-+ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "Successfully removed vulnerable legacy default aci \"%s\". "
-+ "If the aci removal was not desired please use a different \"acl "
-+ "name\" so it is not removed at the next plugin startup.\n",
-+ RETROCL_ACL);
-+ } else {
-+ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "Failed to removed vulnerable legacy default aci (%s) error %d\n",
-+ RETROCL_ACL, rc);
-+ }
-+ slapi_pblock_destroy(mod_pb);
-+ }
-+ slapi_ch_array_free(aci_vals);
-+ }
-+ }
-+ }
-+ slapi_free_search_results_internal(pb);
-+ slapi_pblock_destroy(pb);
-+}
-+
-+
- /*
- * Function: retrocl_start
- *
-@@ -333,7 +395,10 @@ static int retrocl_start (Slapi_PBlock *pb)
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,"Couldnt find backend, not trimming retro changelog (%d).\n",rc);
- return rc;
- }
--
-+
-+ /* Remove the old default aci as it exposes passwords changes to anonymous users */
-+ retrocl_remove_legacy_default_aci();
-+
- retrocl_init_trimming();
-
- if (slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e) != 0) {
-diff --git a/ldap/servers/plugins/retrocl/retrocl_create.c b/ldap/servers/plugins/retrocl/retrocl_create.c
-index 1ffdaae..870421c 100644
---- a/ldap/servers/plugins/retrocl/retrocl_create.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_create.c
-@@ -344,10 +344,6 @@ void retrocl_create_cle (void)
- val.bv_len = strlen(val.bv_val);
- slapi_entry_add_values( e, "cn", vals );
-
-- val.bv_val = RETROCL_ACL;
-- val.bv_len = strlen(val.bv_val);
-- slapi_entry_add_values( e, "aci", vals );
--
- pb = slapi_pblock_new ();
- slapi_add_entry_internal_set_pb( pb, e, NULL /* controls */,
- g_plg_identity[PLUGIN_RETROCL],
---
-1.9.3
-
diff --git a/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch b/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
new file mode 100644
index 0000000..2803014
--- /dev/null
+++ b/SOURCES/0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
@@ -0,0 +1,182 @@
+From 0536984f7b3e9d6e143936b0eda92b510f63d304 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 4 Aug 2015 12:15:31 -0400
+Subject: [PATCH 33/39] Ticket 47810 - memberOf plugin not properly rejecting
+ updates
+
+Bug Description: When the memberOf plugin tries to add memberOf attribute to
+ an entry during a mod-replace on a group, even though the
+ update to the user entry fails, but plugin still allows
+ the member to be added to the group.
+
+Fix Description: During a mod/replace check and return an error if the member
+ update fails.
+
+https://fedorahosted.org/389/ticket/47810
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit eb54f03e240402a4bd16f9cde1d66539805f56ea)
+(cherry picked from commit b4b6adcec7d810c7893fd9cb888fa906b9ffa836)
+---
+ dirsrvtests/suites/betxns/betxn_test.py | 64 +++++++++++++++++++++++++++++++-
+ ldap/servers/plugins/memberof/memberof.c | 13 ++++---
+ 2 files changed, 70 insertions(+), 7 deletions(-)
+
+diff --git a/dirsrvtests/suites/betxns/betxn_test.py b/dirsrvtests/suites/betxns/betxn_test.py
+index 93c4c31..5da6e50 100644
+--- a/dirsrvtests/suites/betxns/betxn_test.py
++++ b/dirsrvtests/suites/betxns/betxn_test.py
+@@ -3,7 +3,7 @@
+ # All rights reserved.
+ #
+ # License: GPL (version 3 or any later version).
+-# See LICENSE for details.
++# See LICENSE for details.
+ # --- END COPYRIGHT BLOCK ---
+ #
+ import os
+@@ -174,6 +174,67 @@ def test_betxn_attr_uniqueness(topology):
+ log.info('test_betxn_attr_uniqueness: PASSED')
+
+
++def test_betxn_memberof(topology):
++ ENTRY1_DN = 'cn=group1,' + DEFAULT_SUFFIX
++ ENTRY2_DN = 'cn=group2,' + DEFAULT_SUFFIX
++ PLUGIN_DN = 'cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config'
++
++ # Enable and configure memberOf plugin
++ topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
++ try:
++ topology.standalone.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'member')])
++ except ldap.LDAPError, e:
++ log.fatal('test_betxn_memberof: Failed to update config(member): error ' + e.message['desc'])
++ assert False
++
++ # Add our test entries
++ try:
++ topology.standalone.add_s(Entry((ENTRY1_DN, {'objectclass': "top groupofnames".split(),
++ 'cn': 'group1'})))
++ except ldap.LDAPError, e:
++ log.error('test_betxn_memberof: Failed to add group1:' +
++ ENTRY1_DN + ', error ' + e.message['desc'])
++ assert False
++
++ try:
++ topology.standalone.add_s(Entry((ENTRY2_DN, {'objectclass': "top groupofnames".split(),
++ 'cn': 'group1'})))
++ except ldap.LDAPError, e:
++ log.error('test_betxn_memberof: Failed to add group2:' +
++ ENTRY2_DN + ', error ' + e.message['desc'])
++ assert False
++
++ #
++ # Test mod replace
++ #
++
++ # Add group2 to group1 - it should fail with objectclass violation
++ try:
++ topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_REPLACE, 'member', ENTRY2_DN)])
++ log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1')
++ assert False
++ except ldap.LDAPError, e:
++ log.info('test_betxn_memberof: Group2 was correctly rejected (mod replace): error ' + e.message['desc'])
++
++ #
++ # Test mod add
++ #
++
++ # Add group2 to group1 - it should fail with objectclass violation
++ try:
++ topology.standalone.modify_s(ENTRY1_DN, [(ldap.MOD_ADD, 'member', ENTRY2_DN)])
++ log.fatal('test_betxn_memberof: Group2 was incorrectly allowed to be added to group1')
++ assert False
++ except ldap.LDAPError, e:
++ log.info('test_betxn_memberof: Group2 was correctly rejected (mod add): error ' + e.message['desc'])
++
++ #
++ # Done
++ #
++
++ log.info('test_betxn_memberof: PASSED')
++
++
+ def test_betxn_final(topology):
+ topology.standalone.delete()
+ log.info('betxn test suite PASSED')
+@@ -187,6 +248,7 @@ def run_isolated():
+ test_betxn_init(topo)
+ test_betxt_7bit(topo)
+ test_betxn_attr_uniqueness(topo)
++ test_betxn_memberof(topo)
+ test_betxn_final(topo)
+
+
+diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
+index 144285b..da52bc8 100644
+--- a/ldap/servers/plugins/memberof/memberof.c
++++ b/ldap/servers/plugins/memberof/memberof.c
+@@ -2373,6 +2373,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
+ struct slapi_entry *post_e = NULL;
+ Slapi_Attr *pre_attr = 0;
+ Slapi_Attr *post_attr = 0;
++ int rc = 0;
+ int i = 0;
+
+ slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e );
+@@ -2449,14 +2450,14 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
+ in pre, not in post, delete from entry
+ not in pre, in post, add to entry
+ */
+- while(pre_index < pre_total || post_index < post_total)
++ while(rc == 0 && (pre_index < pre_total || post_index < post_total))
+ {
+ if(pre_index == pre_total)
+ {
+ /* add the rest of post */
+ slapi_sdn_set_normdn_byref(sdn,
+ slapi_value_get_string(post_array[post_index]));
+- memberof_add_one(pb, config, group_sdn, sdn);
++ rc = memberof_add_one(pb, config, group_sdn, sdn);
+
+ post_index++;
+ }
+@@ -2465,7 +2466,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
+ /* delete the rest of pre */
+ slapi_sdn_set_normdn_byref(sdn,
+ slapi_value_get_string(pre_array[pre_index]));
+- memberof_del_one(pb, config, group_sdn, sdn);
++ rc = memberof_del_one(pb, config, group_sdn, sdn);
+
+ pre_index++;
+ }
+@@ -2482,7 +2483,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
+ /* delete pre array */
+ slapi_sdn_set_normdn_byref(sdn,
+ slapi_value_get_string(pre_array[pre_index]));
+- memberof_del_one(pb, config, group_sdn, sdn);
++ rc = memberof_del_one(pb, config, group_sdn, sdn);
+
+ pre_index++;
+ }
+@@ -2491,7 +2492,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
+ /* add post array */
+ slapi_sdn_set_normdn_byref(sdn,
+ slapi_value_get_string(post_array[post_index]));
+- memberof_add_one(pb, config, group_sdn, sdn);
++ rc = memberof_add_one(pb, config, group_sdn, sdn);
+
+ post_index++;
+ }
+@@ -2509,7 +2510,7 @@ memberof_replace_list(Slapi_PBlock *pb, MemberOfConfig *config,
+ }
+ }
+
+- return 0;
++ return rc;
+ }
+
+ /* memberof_load_array()
+--
+1.9.3
+
diff --git a/SOURCES/0034-Additional-fix-for-ticket-47526-v3.patch b/SOURCES/0034-Additional-fix-for-ticket-47526-v3.patch
deleted file mode 100644
index 9c52246..0000000
--- a/SOURCES/0034-Additional-fix-for-ticket-47526-v3.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From b046f03c6a7b828152246f44bcacfee6347e5337 Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Wed, 17 Dec 2014 18:11:44 +0100
-Subject: [PATCH 34/53] Additional fix for ticket 47526 v3
-
- In modrdn we need to distinguish if the entry is changed is a group or a
- regular memebr of a group. for the group case do the same as when deleting a group
- For the modrdn of an user entry, the case where no memberof attribute exists has
- to succeed.
-
- Reviewed by: noriko, thanks
-
- https://fedorahosted.org/389/ticket/47526
-
-(cherry picked from commit c8951669b3a74cb9fda013ffe914031b76e2e452)
----
- ldap/servers/plugins/memberof/memberof.c | 46 +++++++++++++++++++++++++-------
- 1 file changed, 36 insertions(+), 10 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index bd87ee9..80b52ab 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -566,7 +566,7 @@ int memberof_postop_del(Slapi_PBlock *pb)
- }
-
- /* is the entry of interest as a group? */
-- if(e && configCopy.group_filter && !slapi_filter_test_simple(e, configCopy.group_filter))
-+ if(e && configCopy.group_filter && 0 == slapi_filter_test_simple(e, configCopy.group_filter))
- {
- int i = 0;
- Slapi_Attr *attr = 0;
-@@ -664,6 +664,12 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
-
- slapi_pblock_destroy(mod_pb);
-
-+ if (rc == LDAP_NO_SUCH_ATTRIBUTE && val[0] == NULL) {
-+ /* if no memberof attribut exists
-+ * handle as success
-+ */
-+ rc = LDAP_SUCCESS;
-+ }
- return rc;
- }
-
-@@ -861,7 +867,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
-
- /* update any downstream members */
- if(pre_sdn && post_sdn && configCopy.group_filter &&
-- !slapi_filter_test_simple(post_e, configCopy.group_filter))
-+ 0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
- {
- int i = 0;
- Slapi_Attr *attr = 0;
-@@ -890,17 +896,37 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) {
- if ((entry_scope && !slapi_sdn_issuffix(post_sdn, entry_scope)) ||
- (entry_scope_exclude_subtree && slapi_sdn_issuffix(post_sdn, entry_scope_exclude_subtree))) {
-- memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
- if((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_sdn))){
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_postop_modrdn - delete dn failed for (%s), error (%d)\n",
- slapi_sdn_get_dn(pre_sdn), ret);
- }
-- if(ret == LDAP_SUCCESS && (ret = memberof_del_dn_type_callback(post_e, &del_data))){
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
-- slapi_entry_get_dn(post_e), ret);
-- }
-+ if(ret == LDAP_SUCCESS && pre_e && configCopy.group_filter &&
-+ 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) {
-+ /* is the entry of interest as a group? */
-+ int i = 0;
-+ Slapi_Attr *attr = 0;
-+
-+ /* Loop through to find each grouping attribute separately. */
-+ for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
-+ if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
-+ if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
-+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
-+ slapi_sdn_get_dn(pre_sdn),ret);
-+ }
-+
-+ }
-+ }
-+ }
-+ if(ret == LDAP_SUCCESS) {
-+ memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
-+ if(ret = memberof_del_dn_type_callback(post_e, &del_data)){
-+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
-+ slapi_entry_get_dn(post_e), ret);
-+ }
-+ }
- } else {
- if((ret = memberof_replace_dn_from_groups(pb, &configCopy, pre_sdn, post_sdn))){
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-@@ -1261,7 +1287,7 @@ int memberof_postop_add(Slapi_PBlock *pb)
- memberof_rlock_config();
- mainConfig = memberof_get_config();
- if(e && mainConfig && mainConfig->group_filter &&
-- !slapi_filter_test_simple(e, mainConfig->group_filter))
-+ 0 == slapi_filter_test_simple(e, mainConfig->group_filter))
- {
- interested = 1;
- /* copy config so it doesn't change out from under us */
-@@ -1554,7 +1580,7 @@ memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config,
- "memberof_modop_one_replace_r: %s %s in %s\n"
- ,op_str, op_this, op_to);
-
-- if(config->group_filter && !slapi_filter_test_simple(e, config->group_filter))
-+ if(config->group_filter && 0 == slapi_filter_test_simple(e, config->group_filter))
- {
- /* group */
- Slapi_Value *ll_dn_val = 0;
---
-1.9.3
-
diff --git a/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch b/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
new file mode 100644
index 0000000..288ff91
--- /dev/null
+++ b/SOURCES/0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
@@ -0,0 +1,288 @@
+From a117d87aac507e4002429e5f7aebe61a867da06d Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Wed, 5 Aug 2015 16:31:49 -0400
+Subject: [PATCH 34/39] Ticket 48215 - verify_db.pl doesn't verify DB specified
+ by -a option
+
+Bug Description: verify_db.pl -a only uses the db location for
+ checking the transaction logs, because it ends up
+ calling "nsslapd dbverify" which only checks the
+ db files in the server configuration.
+
+Fix Description: Allow a new argument to be passed to "nsslapd dbverify"
+ that specifies the db parent directory.
+
+https://fedorahosted.org/389/ticket/48215
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 27fadb75ec1f3b252028ce715cd7fa16da1f6525)
+(cherry picked from commit 210071c682751897099e8eb138e5db1e47ac2bae)
+---
+ ldap/admin/src/scripts/dbverify.in | 3 ++-
+ ldap/admin/src/scripts/verify-db.pl.in | 17 +++++++++--------
+ ldap/servers/slapd/back-ldbm/dbverify.c | 13 +++++++++++++
+ ldap/servers/slapd/main.c | 18 +++++++++++++-----
+ ldap/servers/slapd/pblock.c | 12 +++++++++++-
+ ldap/servers/slapd/slap.h | 2 ++
+ ldap/servers/slapd/slapi-plugin.h | 3 +++
+ man/man8/dbverify.8 | 3 +++
+ 8 files changed, 56 insertions(+), 15 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
+index 6306a07..778a9ba 100755
+--- a/ldap/admin/src/scripts/dbverify.in
++++ b/ldap/admin/src/scripts/dbverify.in
+@@ -26,7 +26,7 @@ usage()
+ }
+
+ display_version="no"
+-while getopts "Z:n:hVvfd:n:D:" flag
++while getopts "Z:n:hVvfd:n:D:a:" flag
+ do
+ case $flag in
+ h) usage
+@@ -39,6 +39,7 @@ do
+ display_version="yes";;
+ f) args=$args" -f";;
+ D) args=$args" -D $OPTARG";;
++ a) args=$args" -a $OPTARG";;
+ ?) usage
+ exit 1;;
+ esac
+diff --git a/ldap/admin/src/scripts/verify-db.pl.in b/ldap/admin/src/scripts/verify-db.pl.in
+index ae56a16..d481ecb 100644
+--- a/ldap/admin/src/scripts/verify-db.pl.in
++++ b/ldap/admin/src/scripts/verify-db.pl.in
+@@ -16,7 +16,7 @@ DSUtil::libpath_add("@db_libdir@");
+ DSUtil::libpath_add("@libdir@");
+ $ENV{'PATH'} = "@libdir@/@package_name@/slapd-$servid:@db_bindir@:/usr/bin:/";
+ $ENV{'SHLIB_PATH'} = "$ENV{'LD_LIBRARY_PATH'}";
+-
++my $custom_dbdir = 0;
+ my $i = 0;
+
+ sub usage
+@@ -118,12 +118,7 @@ sub getLastLogfile
+ return \$logfile;
+ }
+
+-$isWin = -d '\\';
+-if ($isWin) {
+- $NULL = "nul";
+-} else {
+- $NULL = "/dev/null";
+-}
++$NULL = "/dev/null";
+
+ while ($i <= $#ARGV) {
+ if ( "$ARGV[$i]" eq "-a" ) { # path to search the db files
+@@ -149,6 +144,8 @@ print("*****************************************************************\n");
+
+ if ( "$startpoint" eq "" ) {
+ $startpoint = "@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/db";
++} else {
++ $custom_dbdir = 1;
+ }
+ # get dirs having DBVERSION
+ my $dbdirs = getDbDir($startpoint);
+@@ -192,7 +189,11 @@ for (my $i = 0; "$$dbdirs[$i]" ne ""; $i++)
+
+ # Check db files by db_verify
+ print "Verify db files ... ";
+-open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |");
++if ($custom_dbdir){
++ open(DBVERIFY, "@sbindir@/dbverify -Z $servid -a $startpoint 2>&1 1> $NULL |");
++} else {
++ open(DBVERIFY, "@sbindir@/dbverify -Z $servid 2>&1 1> $NULL |");
++}
+ sleep 1;
+ my $bad_index = 0;
+ my $bad_id2entry = 0;
+diff --git a/ldap/servers/slapd/back-ldbm/dbverify.c b/ldap/servers/slapd/back-ldbm/dbverify.c
+index 85ee7a0..315ef93 100644
+--- a/ldap/servers/slapd/back-ldbm/dbverify.c
++++ b/ldap/servers/slapd/back-ldbm/dbverify.c
+@@ -186,13 +186,16 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
+ int rval = 1;
+ int rval_main = 0;
+ char **instance_names = NULL;
++ char *dbdir = NULL;
+
+ slapi_log_error(SLAPI_LOG_TRACE, "verify DB", "Verifying db files...\n");
+ slapi_pblock_get(pb, SLAPI_BACKEND_INSTANCE_NAME, &instance_names);
+ slapi_pblock_get(pb, SLAPI_SEQ_TYPE, &verbose);
+ slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &li);
++ slapi_pblock_get(pb, SLAPI_DBVERIFY_DBDIR, &dbdir);
+ ldbm_config_load_dse_info(li);
+ ldbm_config_internal_set(li, CONFIG_DB_TRANSACTION_LOGGING, "off");
++
+ /* no write needed; choose EXPORT MODE */
+ if (0 != dblayer_start(li, DBLAYER_EXPORT_MODE))
+ {
+@@ -211,6 +214,11 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
+ inst = ldbm_instance_find_by_name(li, *inp);
+ if (inst)
+ {
++ if (dbdir){
++ /* verifying backup */
++ slapi_ch_free_string(&inst->inst_parent_dir_name);
++ inst->inst_parent_dir_name = slapi_ch_strdup(dbdir);
++ }
+ rval_main |= dbverify_ext(inst, verbose);
+ }
+ else
+@@ -235,6 +243,11 @@ ldbm_back_dbverify( Slapi_PBlock *pb )
+ inst->inst_name);
+ continue; /* skip this instance and go to the next*/
+ }
++ if (dbdir){
++ /* verifying backup */
++ slapi_ch_free_string(&inst->inst_parent_dir_name);
++ inst->inst_parent_dir_name = slapi_ch_strdup(dbdir);
++ }
+ rval_main |= dbverify_ext(inst, verbose);
+ }
+ }
+diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
+index 9016144..922de97 100644
+--- a/ldap/servers/slapd/main.c
++++ b/ldap/servers/slapd/main.c
+@@ -435,13 +435,15 @@ static int ldif_printkey = EXPORT_PRINTKEY|EXPORT_APPENDMODE;
+ static char *archive_name = NULL;
+ static int db2ldif_dump_replica = 0;
+ static int db2ldif_dump_uniqueid = 1;
+-static int ldif2db_generate_uniqueid = SLAPI_UNIQUEID_GENERATE_TIME_BASED;
+-static int dbverify_verbose = 0;
++static int ldif2db_generate_uniqueid = SLAPI_UNIQUEID_GENERATE_TIME_BASED;
+ static char *ldif2db_namespaceid = NULL;
+ int importexport_encrypt = 0;
+ static int upgradedb_flags = 0;
+ static int upgradednformat_dryrun = 0;
+ static int is_quiet = 0;
++/* dbverify options */
++static int dbverify_verbose = 0;
++static char *dbverify_dbdir = NULL;
+
+ /* taken from idsktune */
+ #if defined(__sun)
+@@ -1301,13 +1303,14 @@ process_command_line(int argc, char **argv, char *myname,
+ {"dryrun",ArgNone,'N'},
+ {0,0,0}};
+
+- char *opts_dbverify = "vVfd:n:D:";
++ char *opts_dbverify = "vVfd:n:D:a:";
+ struct opt_ext long_options_dbverify[] = {
+ {"version",ArgNone,'v'},
+ {"debug",ArgRequired,'d'},
+ {"backend",ArgRequired,'n'},
+ {"configDir",ArgRequired,'D'},
+ {"verbose",ArgNone,'V'},
++ {"dbdir",ArgRequired,'a'},
+ {0,0,0}};
+
+ char *opts_referral = "vd:p:r:SD:";
+@@ -1674,7 +1677,11 @@ process_command_line(int argc, char **argv, char *myname,
+ break;
+
+ case 'a': /* archive pathname for db */
+- archive_name = optarg_ext;
++ if ( slapd_exemode == SLAPD_EXEMODE_DBVERIFY ) {
++ dbverify_dbdir = optarg_ext;
++ } else {
++ archive_name = optarg_ext;
++ }
+ break;
+
+ case 'Z':
+@@ -2688,7 +2695,8 @@ slapd_exemode_dbverify()
+ pb.pb_plugin = backend_plugin;
+ pb.pb_instance_name = (char *)cmd_line_instance_names;
+ pb.pb_task_flags = SLAPI_TASK_RUNNING_FROM_COMMANDLINE;
+-
++ pb.pb_dbverify_dbdir = dbverify_dbdir;
++
+ if ( backend_plugin->plg_dbverify != NULL ) {
+ return_value = (*backend_plugin->plg_dbverify)( &pb );
+ } else {
+diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
+index c10f788..bf57a33 100644
+--- a/ldap/servers/slapd/pblock.c
++++ b/ldap/servers/slapd/pblock.c
+@@ -5,7 +5,7 @@
+ * All rights reserved.
+ *
+ * License: GPL (version 3 or any later version).
+- * See LICENSE for details.
++ * See LICENSE for details.
+ * END COPYRIGHT BLOCK **/
+
+ #ifdef HAVE_CONFIG_H
+@@ -1677,6 +1677,11 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
+ (*(IFP*)value) = pblock->pb_txn_ruv_mods_fn;
+ break;
+
++ /* dbverify */
++ case SLAPI_DBVERIFY_DBDIR:
++ (*(char **)value) = pblock->pb_dbverify_dbdir;
++ break;
++
+ /* Search results set */
+ case SLAPI_SEARCH_RESULT_SET:
+ if(pblock->pb_op!=NULL)
+@@ -3520,6 +3525,11 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
+ pblock->pb_aci_target_check = *((int *) value);
+ break;
+
++ /* dbverify */
++ case SLAPI_DBVERIFY_DBDIR:
++ pblock->pb_dbverify_dbdir = (char *) value;
++ break;
++
+ default:
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "Unknown parameter block argument %d\n", arg, 0, 0 );
+diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
+index 6d1ad7b..823568d 100644
+--- a/ldap/servers/slapd/slap.h
++++ b/ldap/servers/slapd/slap.h
+@@ -1600,6 +1600,8 @@ typedef struct slapi_pblock {
+ int pb_seq_type;
+ char *pb_seq_attrname;
+ char *pb_seq_val;
++ /* dbverify argument */
++ char *pb_dbverify_dbdir;
+ /* ldif2db arguments */
+ char *pb_ldif_file;
+ int pb_removedupvals;
+diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
+index a8c7a4a..6b04610 100644
+--- a/ldap/servers/slapd/slapi-plugin.h
++++ b/ldap/servers/slapd/slapi-plugin.h
+@@ -7289,6 +7289,9 @@ typedef struct slapi_plugindesc {
+ /* ACI Target Check */
+ #define SLAPI_ACI_TARGET_CHECK 1946
+
++/* dbverify */
++#define SLAPI_DBVERIFY_DBDIR 1947
++
+ /* convenience macros for checking modify operation types */
+ #define SLAPI_IS_MOD_ADD(x) (((x) & ~LDAP_MOD_BVALUES) == LDAP_MOD_ADD)
+ #define SLAPI_IS_MOD_DELETE(x) (((x) & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE)
+diff --git a/man/man8/dbverify.8 b/man/man8/dbverify.8
+index 30d6933..c74747a 100644
+--- a/man/man8/dbverify.8
++++ b/man/man8/dbverify.8
+@@ -31,6 +31,9 @@ one instance on the system, this option can be skipped.
+ .B \fB\-n\fR \fIBackend Name\fR
+ The name of the LDBM database to reindex. Example: userRoot
+ .TP
++.B \fB\-a\fR \fIDatabase Directory\fR
++Location of database if it is different than what is in the server configuration(e.g. backup directories)
++.TP
+ .B \fB\-d\fR \fIDebug Level\fR
+ Sets the debugging level.
+ .TP
+--
+1.9.3
+
diff --git a/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch b/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch
new file mode 100644
index 0000000..b0931eb
--- /dev/null
+++ b/SOURCES/0035-Ticket-48215-update-dbverify-usage.patch
@@ -0,0 +1,45 @@
+From 4fdac66777dd780bd1e46d91bf38513832934695 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 6 Aug 2015 10:13:40 -0400
+Subject: [PATCH 35/39] Ticket 48215 - update dbverify usage
+
+Description: Need to add the "-a" argument usage
+
+https://fedorahosted.org/389/ticket/48215
+(cherry picked from commit 20284e6539f557efc0679d974d5156cdcd55c407)
+(cherry picked from commit 8e08c8b53641d807b63d87ee79564c596c5da4dd)
+---
+ ldap/admin/src/scripts/dbverify.in | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
+index 778a9ba..461cc16 100755
+--- a/ldap/admin/src/scripts/dbverify.in
++++ b/ldap/admin/src/scripts/dbverify.in
+@@ -14,15 +14,16 @@ PATH=$PATH:/bin
+
+ usage()
+ {
+- echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-V] [-v] [-d debuglevel] [-h]"
++ echo "Usage: dbverify [-Z serverID] [-n backend_instance] [-a db_directory ] [-V] [-v] [-d debuglevel] [-h]"
+ echo "Note if \"-n backend\" is not passed, verify all DBs."
+ echo "Options:"
+- echo " -Z - Server instance identifier"
+- echo " -n backend - Backend database name. Example: userRoot"
+- echo " -V - Verbose output"
+- echo " -d debuglevel - Debugging level"
+- echo " -v - Display version"
+- echo " -h - Display usage"
++ echo " -Z - Server instance identifier"
++ echo " -n backend - Backend database name. Example: userRoot"
++ echo " -a db_directory - Database directory"
++ echo " -V - Verbose output"
++ echo " -d debuglevel - Debugging level"
++ echo " -v - Display version"
++ echo " -h - Display usage"
+ }
+
+ display_version="no"
+--
+1.9.3
+
diff --git a/SOURCES/0035-fix-jenkins-warning.patch b/SOURCES/0035-fix-jenkins-warning.patch
deleted file mode 100644
index c65e3ff..0000000
--- a/SOURCES/0035-fix-jenkins-warning.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 841e1bb9dc9ae1e5ab0897a339f647baaf51524e Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Wed, 17 Dec 2014 19:54:33 +0100
-Subject: [PATCH 35/53] fix jenkins warning
-
-(cherry picked from commit 4760dc6c66249a793c8485a23c147954265f6fd3)
----
- ldap/servers/plugins/memberof/memberof.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index 80b52ab..ce48f01 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -921,7 +921,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- }
- if(ret == LDAP_SUCCESS) {
- memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
-- if(ret = memberof_del_dn_type_callback(post_e, &del_data)){
-+ if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
- slapi_entry_get_dn(post_e), ret);
---
-1.9.3
-
diff --git a/SOURCES/0036-Ticket-47950-Bind-DN-tracking-unable-to-write-to-int.patch b/SOURCES/0036-Ticket-47950-Bind-DN-tracking-unable-to-write-to-int.patch
deleted file mode 100644
index 943ed9a..0000000
--- a/SOURCES/0036-Ticket-47950-Bind-DN-tracking-unable-to-write-to-int.patch
+++ /dev/null
@@ -1,534 +0,0 @@
-From 7ad3f7283e41f3d690626db5b38a9fb63fa8e005 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 18 Nov 2014 09:24:21 -0500
-Subject: [PATCH 36/53] Ticket 47950 - Bind DN tracking unable to write to
- internalModifiersName without special permissions
-
-Bug Description: When a non-rootDN entry makes an update when plugin bind dn tracking
- is enabled, it is incorrectly rejected with an error 50.
-
-Fix Description: Create a function to check if an attribute is one of last mod attributes,
- including the internalModfieresname/internalModifytimestamp. Use this
- new function wherever we are checking for last mod attributes.
-
-https://fedorahosted.org/389/ticket/47950
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit c973e7150cf1e7fb3f61a76cf1baf3c0fa91f756)
-(cherry picked from commit fa8f7dc3d1ab508c762fc2e18de0cb860ed84657)
----
- dirsrvtests/tickets/ticket47950_test.py | 273 +++++++++++++++++++++
- ldap/servers/plugins/acl/acl.c | 4 +-
- ldap/servers/plugins/replication/cl5_config.c | 9 +-
- ldap/servers/plugins/replication/repl5_agmtlist.c | 3 +-
- .../plugins/replication/repl5_replica_config.c | 3 +-
- ldap/servers/slapd/add.c | 4 +-
- ldap/servers/slapd/back-ldbm/ldbm_config.c | 3 +-
- ldap/servers/slapd/configdse.c | 5 +-
- ldap/servers/slapd/opshared.c | 17 ++
- ldap/servers/slapd/result.c | 2 +
- ldap/servers/slapd/slapi-plugin.h | 2 +
- ldap/servers/slapd/task.c | 4 +-
- ldap/servers/slapd/tools/mmldif.c | 12 +-
- 13 files changed, 309 insertions(+), 32 deletions(-)
- create mode 100644 dirsrvtests/tickets/ticket47950_test.py
-
-diff --git a/dirsrvtests/tickets/ticket47950_test.py b/dirsrvtests/tickets/ticket47950_test.py
-new file mode 100644
-index 0000000..976f964
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket47950_test.py
-@@ -0,0 +1,273 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import socket
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from constants import *
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+USER1_DN = "uid=user1,%s" % DEFAULT_SUFFIX
-+USER2_DN = "uid=user2,%s" % DEFAULT_SUFFIX
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to standalone topology for the 'module'.
-+ At the beginning, It may exists a standalone instance.
-+ It may also exists a backup for the standalone instance.
-+
-+ Principle:
-+ If standalone instance exists:
-+ restart it
-+ If backup of standalone exists:
-+ create/rebind to standalone
-+
-+ restore standalone instance from backup
-+ else:
-+ Cleanup everything
-+ remove instance
-+ remove backup
-+ Create instance
-+ Create backup
-+ '''
-+ global installation_prefix
-+
-+ if installation_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ standalone = DirSrv(verbose=False)
-+
-+ # Args for the standalone instance
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+
-+ # Get the status of the backups
-+ backup_standalone = standalone.checkBackupFS()
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ # assuming the instance is already stopped, just wait 5 sec max
-+ standalone.stop(timeout=5)
-+ standalone.start(timeout=10)
-+
-+ if backup_standalone:
-+ # The backup exist, assuming it is correct
-+ # we just re-init the instance with it
-+ if not instance_standalone:
-+ standalone.create()
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # restore standalone instance from backup
-+ standalone.stop(timeout=10)
-+ standalone.restoreFS(backup_standalone)
-+ standalone.start(timeout=10)
-+
-+ else:
-+ # We should be here only in two conditions
-+ # - This is the first time a test involve standalone instance
-+ # - Something weird happened (instance/backup destroyed)
-+ # so we discard everything and recreate all
-+
-+ # Remove the backup. So even if we have a specific backup file
-+ # (e.g backup_standalone) we clear backup that an instance may have created
-+ if backup_standalone:
-+ standalone.clearBackupFS()
-+
-+ # Remove the instance
-+ if instance_standalone:
-+ standalone.delete()
-+
-+ # Create the instance
-+ standalone.create()
-+
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # Time to create the backups
-+ standalone.stop(timeout=10)
-+ standalone.backupfile = standalone.backupFS()
-+ standalone.start(timeout=10)
-+
-+ # clear the tmp directory
-+ standalone.clearTmpDir(__file__)
-+
-+ #
-+ # Here we have standalone instance up and running
-+ # Either coming from a backup recovery
-+ # or from a fresh (re)init
-+ # Time to return the topology
-+ return TopologyStandalone(standalone)
-+
-+
-+def test_ticket47950(topology):
-+ """
-+ Testing nsslapd-plugin-binddn-tracking does not cause issues around
-+ access control and reconfiguring replication/repl agmt.
-+ """
-+
-+ log.info('Testing Ticket 47950 - Testing nsslapd-plugin-binddn-tracking')
-+
-+ #
-+ # Turn on bind dn tracking
-+ #
-+ try:
-+ topology.standalone.modify_s("cn=config", [(ldap.MOD_REPLACE, 'nsslapd-plugin-binddn-tracking', 'on')])
-+ log.info('nsslapd-plugin-binddn-tracking enabled.')
-+ except ldap.LDAPError, e:
-+ log.error('Failed to enable bind dn tracking: ' + e.message['desc'])
-+ assert False
-+
-+ #
-+ # Add two users
-+ #
-+ try:
-+ topology.standalone.add_s(Entry((USER1_DN, {
-+ 'objectclass': "top person inetuser".split(),
-+ 'userpassword': "password",
-+ 'sn': "1",
-+ 'cn': "user 1"})))
-+ log.info('Added test user %s' % USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add %s: %s' % (USER1_DN, e.message['desc']))
-+ assert False
-+
-+ try:
-+ topology.standalone.add_s(Entry((USER2_DN, {
-+ 'objectclass': "top person inetuser".split(),
-+ 'sn': "2",
-+ 'cn': "user 2"})))
-+ log.info('Added test user %s' % USER2_DN)
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add user1: ' + e.message['desc'])
-+ assert False
-+
-+ #
-+ # Add an aci
-+ #
-+ try:
-+ acival = '(targetattr ="cn")(version 3.0;acl "Test bind dn tracking"' + \
-+ ';allow (all) (userdn = "ldap:///%s");)' % USER1_DN
-+
-+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', acival)])
-+ log.info('Added aci')
-+ except ldap.LDAPError, e:
-+ log.error('Failed to add aci: ' + e.message['desc'])
-+ assert False
-+
-+ #
-+ # Make modification as user
-+ #
-+ try:
-+ topology.standalone.simple_bind_s(USER1_DN, "password")
-+ log.info('Bind as user %s successful' % USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('Failed to bind as user1: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ topology.standalone.modify_s(USER2_DN, [(ldap.MOD_REPLACE, 'cn', 'new value')])
-+ log.info('%s successfully modified user %s' % (USER1_DN, USER2_DN))
-+ except ldap.LDAPError, e:
-+ log.error('Failed to update user2: ' + e.message['desc'])
-+ assert False
-+
-+ #
-+ # Setup replica and create a repl agmt
-+ #
-+ try:
-+ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
-+ log.info('Bind as %s successful' % DN_DM)
-+ except ldap.LDAPError, e:
-+ log.error('Failed to bind as rootDN: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ topology.standalone.replica.enableReplication(suffix=DEFAULT_SUFFIX, role=REPLICAROLE_MASTER,
-+ replicaId=REPLICAID_MASTER)
-+ log.info('Successfully enabled replication.')
-+ except ValueError:
-+ log.error('Failed to enable replication')
-+ assert False
-+
-+ properties = {RA_NAME: r'test plugin internal bind dn',
-+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
-+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
-+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
-+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
-+
-+ try:
-+ repl_agreement = topology.standalone.agreement.create(suffix=DEFAULT_SUFFIX, host="127.0.0.1",
-+ port="7777", properties=properties)
-+ log.info('Successfully created replication agreement')
-+ except InvalidArgumentError, e:
-+ log.error('Failed to create replication agreement: ' + e.message['desc'])
-+ assert False
-+
-+ #
-+ # modify replica
-+ #
-+ try:
-+ properties = {REPLICA_ID: "7"}
-+ topology.standalone.replica.setProperties(DEFAULT_SUFFIX, None, None, properties)
-+ log.info('Successfully modified replica')
-+ except ldap.LDAPError, e:
-+ log.error('Failed to update replica config: ' + e.message['desc'])
-+ assert False
-+
-+ #
-+ # modify repl agmt
-+ #
-+ try:
-+ properties = {RA_CONSUMER_PORT: "8888"}
-+ topology.standalone.agreement.setProperties(None, repl_agreement, None, properties)
-+ log.info('Successfully modified replication agreement')
-+ except ValueError:
-+ log.error('Failed to update replica agreement: ' + repl_agreement)
-+ assert False
-+
-+ # We passed
-+ log.info("Test Passed.")
-+
-+
-+def test_ticket47953_final(topology):
-+ topology.standalone.stop(timeout=10)
-+
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ topo = topology(True)
-+ test_ticket47950(topo)
-+
-+if __name__ == '__main__':
-+ run_isolated()
-\ No newline at end of file
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index 5416330..403c5b3 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -1450,9 +1450,7 @@ acl_check_mods(
- if (be != NULL)
- slapi_pblock_get ( pb, SLAPI_BE_LASTMOD, &lastmod );
- }
-- if (lastmod &&
-- (strcmp (mod->mod_type, "modifiersname")== 0 ||
-- strcmp (mod->mod_type, "modifytimestamp")== 0)) {
-+ if (lastmod && slapi_attr_is_last_mod(mod->mod_type)) {
- /* skip pseudo attr(s) */
- continue;
- }
-diff --git a/ldap/servers/plugins/replication/cl5_config.c b/ldap/servers/plugins/replication/cl5_config.c
-index 55727c2..a3a0fb3 100644
---- a/ldap/servers/plugins/replication/cl5_config.c
-+++ b/ldap/servers/plugins/replication/cl5_config.c
-@@ -357,15 +357,10 @@ changelog5_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- config_attr = (char *) mods[i]->mod_type;
- config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val;
-
--#define ATTR_MODIFIERSNAME "modifiersname"
--#define ATTR_MODIFYTIMESTAMP "modifytimestamp"
--
-- if ( strcasecmp ( config_attr, ATTR_MODIFIERSNAME ) == 0 ) {
-- continue;
-- }
-- if ( strcasecmp ( config_attr, ATTR_MODIFYTIMESTAMP ) == 0 ) {
-+ if ( slapi_attr_is_last_mod(config_attr)){
- continue;
- }
-+
- /* replace existing value */
- if ( strcasecmp (config_attr, CONFIG_CHANGELOG_DIR_ATTRIBUTE ) == 0 )
- {
-diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c
-index 5eead07..4a1ff5d 100644
---- a/ldap/servers/plugins/replication/repl5_agmtlist.c
-+++ b/ldap/servers/plugins/replication/repl5_agmtlist.c
-@@ -524,8 +524,7 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
- repl5_set_debug_timeout(val);
- slapi_ch_free_string(&val);
- }
-- else if (strcasecmp (mods[i]->mod_type, "modifytimestamp") == 0 ||
-- strcasecmp (mods[i]->mod_type, "modifiersname") == 0 ||
-+ else if (slapi_attr_is_last_mod(mods[i]->mod_type) ||
- strcasecmp (mods[i]->mod_type, "description") == 0)
- {
- /* ignore modifier's name and timestamp attributes and the description. */
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 2810b11..3bc3916 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -534,8 +534,7 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- }
- }
- /* ignore modifiers attributes added by the server */
-- else if (strcasecmp (config_attr, "modifytimestamp") == 0 ||
-- strcasecmp (config_attr, "modifiersname") == 0)
-+ else if (slapi_attr_is_last_mod(config_attr))
- {
- *returncode = LDAP_SUCCESS;
- }
-diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
-index 875ad22..28fae32 100644
---- a/ldap/servers/slapd/add.c
-+++ b/ldap/servers/slapd/add.c
-@@ -911,8 +911,8 @@ static int check_rdn_for_created_attrs(Slapi_Entry *e)
- int i, rc = 0;
- Slapi_RDN *rdn = NULL;
- char *value = NULL;
-- char *type[] = {SLAPI_ATTR_UNIQUEID, "modifytimestamp", "createtimestamp",
-- "creatorsname", "modifiersname", 0};
-+ char *type[] = {SLAPI_ATTR_UNIQUEID, "modifytimestamp", "modifiersname", "internalmodifytimestamp",
-+ "internalmodifiersname", "createtimestamp", "creatorsname", 0};
-
- if ((rdn = slapi_rdn_new())) {
- slapi_rdn_init_dn(rdn, slapi_entry_get_dn_const(e));
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.c b/ldap/servers/slapd/back-ldbm/ldbm_config.c
-index 0f8cc76..294999c 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_config.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.c
-@@ -1849,10 +1849,9 @@ int ldbm_config_ignored_attr(char *attr_name)
- if (!strcasecmp("objectclass", attr_name) ||
- !strcasecmp("cn", attr_name) ||
- !strcasecmp("creatorsname", attr_name) ||
-- !strcasecmp("modifiersname", attr_name) ||
- !strcasecmp("createtimestamp", attr_name) ||
- !strcasecmp(LDBM_NUMSUBORDINATES_STR, attr_name) ||
-- !strcasecmp("modifytimestamp", attr_name)) {
-+ slapi_attr_is_last_mod(attr_name)){
- return 1;
- } else {
- return 0;
-diff --git a/ldap/servers/slapd/configdse.c b/ldap/servers/slapd/configdse.c
-index 339be42..e70e340 100644
---- a/ldap/servers/slapd/configdse.c
-+++ b/ldap/servers/slapd/configdse.c
-@@ -116,10 +116,9 @@ ignore_attr_type(const char *attr_type)
- (strcasecmp (attr_type, "aci") == 0) ||
- (strcasecmp (attr_type, "objectclass") == 0) ||
- (strcasecmp (attr_type, "numsubordinates") == 0) ||
-- (strcasecmp (attr_type, "internalModifiersname") == 0) ||
- (strcasecmp (attr_type, "internalCreatorsname") == 0) ||
-- (strcasecmp (attr_type, "modifytimestamp") == 0) ||
-- (strcasecmp (attr_type, "modifiersname") == 0)) {
-+ slapi_attr_is_last_mod((char *)attr_type))
-+ {
- return 1;
- }
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 4e06652..ebd4fdf 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -218,6 +218,23 @@ modify_update_last_modified_attr(Slapi_PBlock *pb, Slapi_Mods *smods)
- }
-
- /*
-+ * If the attribute is one of the last mod attributes return 1,
-+ * otherwise return 0;
-+ */
-+int
-+slapi_attr_is_last_mod(char *attr)
-+{
-+ if(strcasecmp (attr, "modifytimestamp") == 0 ||
-+ strcasecmp (attr, "modifiersname") == 0 ||
-+ strcasecmp (attr, "internalmodifytimestamp") == 0 ||
-+ strcasecmp (attr, "internalmodifiersname") == 0)
-+ {
-+ return 1;
-+ }
-+ return 0;
-+}
-+
-+/*
- * Returns: 0 - if the operation is successful
- * < 0 - if operation fails.
- * Note that an operation is considered "failed" if a result is sent
-diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
-index 92573d5..ca2fa43 100644
---- a/ldap/servers/slapd/result.c
-+++ b/ldap/servers/slapd/result.c
-@@ -1059,6 +1059,8 @@ encode_attr(
-
- #define LASTMODATTR( x ) (strcasecmp( x, "modifytimestamp" ) == 0 \
- || strcasecmp( x, "modifiersname" ) == 0 \
-+ || strcasecmp( x, "internalmodifytimestamp" ) == 0 \
-+ || strcasecmp( x, "internalmodifiersname" ) == 0 \
- || strcasecmp( x, "createtimestamp" ) == 0 \
- || strcasecmp( x, "creatorsname" ) == 0)
-
-diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
-index f1ecfe8..8ffc582 100644
---- a/ldap/servers/slapd/slapi-plugin.h
-+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -5278,6 +5278,8 @@ int slapi_filter_compare(struct slapi_filter *f1, struct slapi_filter *f2);
- Slapi_Filter *slapi_filter_dup(Slapi_Filter *f);
- int slapi_filter_changetype(Slapi_Filter *f, const char *newtype);
-
-+int slapi_attr_is_last_mod(char *attr);
-+
- /**
- * Normalize in-place the given filter. Normalizes the attribute types always.
- * If norm_values is true, will also normalize the values.
-diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
-index a4d85a8..2a0cb82 100644
---- a/ldap/servers/slapd/task.c
-+++ b/ldap/servers/slapd/task.c
-@@ -802,8 +802,8 @@ static int task_modify(Slapi_PBlock *pb, Slapi_Entry *e,
- * stuck in by the server */
- if ((strcasecmp(mods[i]->mod_type, "ttl") != 0) &&
- (strcasecmp(mods[i]->mod_type, "nsTaskCancel") != 0) &&
-- (strcasecmp(mods[i]->mod_type, "modifiersName") != 0) &&
-- (strcasecmp(mods[i]->mod_type, "modifyTimestamp") != 0)) {
-+ !slapi_attr_is_last_mod(mods[i]->mod_type))
-+ {
- /* you aren't allowed to change this! */
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- return SLAPI_DSE_CALLBACK_ERROR;
-diff --git a/ldap/servers/slapd/tools/mmldif.c b/ldap/servers/slapd/tools/mmldif.c
-index bf20945..156d892 100644
---- a/ldap/servers/slapd/tools/mmldif.c
-+++ b/ldap/servers/slapd/tools/mmldif.c
-@@ -1009,9 +1009,7 @@ addnew(FILE * edf3, const char *changetype, record_t * first)
- for (attnum = 1, att = &first->data;
- attnum <= first->nattrs;
- attnum++, att = attribnext(att)) {
-- if (!stricmp(attribname(att), "modifytimestamp"))
-- continue;
-- if (!stricmp(attribname(att), "modifiersname"))
-+ if (slapi_attr_is_last_mod(attribname(att)))
- continue;
- if (!putvalue(edf3, NULL, attribname(att), att->namelen,
- attribvalue(att), att->valuelen)) {
-@@ -1066,15 +1064,11 @@ addmodified(FILE * edf3, attrib1_t * attrib, record_t * first)
- */
- while (a != NULL || num_b <= tot_b) {
- /* ignore operational attrs */
-- if (num_b <= tot_b &&
-- (stricmp(attribname(b), "modifytimestamp") == 0 ||
-- stricmp(attribname(b), "modifiersname") == 0)) {
-+ if ( num_b <= tot_b && slapi_attr_is_last_mod(attribname(b)) ){
- b = attribnext(b); num_b++;
- continue;
- }
-- if (a != NULL &&
-- (stricmp(a->name, "modifytimestamp") == 0 ||
-- stricmp(a->name, "modifiersname") == 0)) {
-+ if (a != NULL && slapi_attr_is_last_mod(a->name)) {
- a = a->next;
- continue;
- }
---
-1.9.3
-
diff --git a/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch b/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
new file mode 100644
index 0000000..82f9189
--- /dev/null
+++ b/SOURCES/0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
@@ -0,0 +1,30 @@
+From 5e348707ba4bece4ad4c75a8b640f1c40cbbaa0e Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Thu, 6 Aug 2015 11:27:40 -0400
+Subject: [PATCH 36/39] Ticket 48215 - update dbverify usage in main.c
+
+Description: Need to update dbverify usage in main.c
+
+https://fedorahosted.org/389/ticket/48215
+(cherry picked from commit c1912cdcac8319e2fe0f98f765aa935e6a8ff297)
+(cherry picked from commit c842dbe3d0ee2ac28c55e31b9b8e5e5a3c5dc200)
+---
+ ldap/servers/slapd/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c
+index 922de97..4f9fbfe 100644
+--- a/ldap/servers/slapd/main.c
++++ b/ldap/servers/slapd/main.c
+@@ -398,7 +398,7 @@ usage( char *name, char *extraname )
+ usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-N] -n backend-instance-name -a fullpath-backend-instance-dir-full\n";
+ break;
+ case SLAPD_EXEMODE_DBVERIFY:
+- usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-n backend-instance-name]\n";
++ usagestr = "usage: %s %s%s-D configdir [-d debuglevel] [-n backend-instance-name] [-a db-directory]\n";
+ break;
+
+ default: /* SLAPD_EXEMODE_SLAPD */
+--
+1.9.3
+
diff --git a/SOURCES/0037-Ticket-47949-logconv.pl-support-parsing-showing-repo.patch b/SOURCES/0037-Ticket-47949-logconv.pl-support-parsing-showing-repo.patch
deleted file mode 100644
index 11ba18e..0000000
--- a/SOURCES/0037-Ticket-47949-logconv.pl-support-parsing-showing-repo.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From b4a38681279529caab2c221ed19ead5636c41071 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Fri, 5 Dec 2014 15:42:45 -0500
-Subject: [PATCH 37/53] Ticket 47949 - logconv.pl -- support
- parsing/showing/reporting different protocol versions
-
-Description: Update script to report on the secure protocol versions that are now available
- in the access log.
-
- Also, revised the connection section output, cleaned up the SASL bind report,
- and handled issue with log(s) that only span 1 second(0 elapsed time)
-
-https://fedorahosted.org/389/ticket/47949
-
-Reviewed by: nhosoi & rmeggins(Thanks!!)
-
-(cherry picked from commit 7aeeb7c968a03f4a75c8338ffbd7cbbaa73e102d)
-(cherry picked from commit 8b7ae6d930927171c7976fe9093f2f765714c8ac)
----
- ldap/admin/src/logconv.pl | 69 ++++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 53 insertions(+), 16 deletions(-)
-
-diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
-index 0611755..e4bbfbc 100755
---- a/ldap/admin/src/logconv.pl
-+++ b/ldap/admin/src/logconv.pl
-@@ -69,7 +69,7 @@ if ($#ARGV < 0){;
-
- my $file_count = 0;
- my $arg_count = 0;
--my $logversion = "8.0";
-+my $logversion = "8.1";
- my $sizeCount = "20";
- my $startFlag = 0;
- my $startTime = 0;
-@@ -262,7 +262,14 @@ my $startTLSCount = 0;
- my $ldapiCount = 0;
- my $autobindCount = 0;
- my $limit = 25000; # number of lines processed to trigger output
--
-+my $searchStat;
-+my $modStat;
-+my $addStat;
-+my $deleteStat;
-+my $modrdnStat;
-+my $compareStat;
-+my $bindCountStat;
-+my %cipher = ();
- my @removefiles = ();
-
- my @conncodes = qw(A1 B1 B4 T1 T2 B2 B3 R1 P1 P2 U1);
-@@ -680,27 +687,45 @@ if($reportStats ne ""){
-
- print "Restarts: $serverRestartCount\n";
- print "Total Connections: $connectionCount\n";
--print " - StartTLS Connections: $startTLSCount\n";
--print " - LDAPS Connections: $sslCount\n";
-+print " - LDAP Connections: " . ($connectionCount - $sslCount - $ldapiCount) . "\n";
- print " - LDAPI Connections: $ldapiCount\n";
-+print " - LDAPS Connections: $sslCount\n";
-+print " - StartTLS Extended Ops: $startTLSCount\n";
-+if(%cipher){
-+ print " Secure Protocol Versions:\n";
-+ foreach my $key (sort { $b cmp $a } keys %cipher) {
-+ print " - $key - $cipher{$key}\n";
-+ }
-+ print "\n";
-+}
-+
- print "Peak Concurrent Connections: $maxsimConnection\n";
- print "Total Operations: $allOps\n";
- print "Total Results: $allResults\n";
- my ($perf, $tmp);
- if ($allOps ne "0"){
-- print sprintf "Overall Performance: %.1f%%\n\n" , ($perf = ($tmp = ($allResults / $allOps)*100) > 100 ? 100.0 : $tmp) ;
-- }
--else {
-- print "Overall Performance: No Operations to evaluate\n\n";
-+ print sprintf "Overall Performance: %.1f%%\n\n" , ($perf = ($tmp = ($allResults / $allOps)*100) > 100 ? 100.0 : $tmp) ;
-+} else {
-+ print "Overall Performance: No Operations to evaluate\n\n";
- }
-
--my $searchStat = sprintf "(%.2f/sec) (%.2f/min)\n",($srchCount / $totalTimeInSecs), $srchCount / ($totalTimeInSecs/60);
--my $modStat = sprintf "(%.2f/sec) (%.2f/min)\n",$modCount / $totalTimeInSecs, $modCount/($totalTimeInSecs/60);
--my $addStat = sprintf "(%.2f/sec) (%.2f/min)\n",$addCount/$totalTimeInSecs, $addCount/($totalTimeInSecs/60);
--my $deleteStat = sprintf "(%.2f/sec) (%.2f/min)\n",$delCount/$totalTimeInSecs, $delCount/($totalTimeInSecs/60);
--my $modrdnStat = sprintf "(%.2f/sec) (%.2f/min)\n",$modrdnCount/$totalTimeInSecs, $modrdnCount/($totalTimeInSecs/60);
--my $compareStat = sprintf "(%.2f/sec) (%.2f/min)\n",$cmpCount/$totalTimeInSecs, $cmpCount/($totalTimeInSecs/60);
--my $bindCountStat = sprintf "(%.2f/sec) (%.2f/min)\n",$bindCount/$totalTimeInSecs, $bindCount/($totalTimeInSecs/60);
-+if ($totalTimeInSecs == 0){
-+ $searchStat = sprintf "(%.2f/sec) (%.2f/min)\n","0", "0";
-+ $modStat = sprintf "(%.2f/sec) (%.2f/min)\n","0", "0";
-+ $addStat = sprintf "(%.2f/sec) (%.2f/min)\n","0", "0";
-+ $deleteStat = sprintf "(%.2f/sec) (%.2f/min)\n","0", "0";
-+ $modrdnStat = sprintf "(%.2f/sec) (%.2f/min)\n","0", "0";
-+ $compareStat = sprintf "(%.2f/sec) (%.2f/min)\n","0", "0";
-+ $bindCountStat = sprintf "(%.2f/sec) (%.2f/min)\n","0", "0";
-+} else {
-+ $searchStat = sprintf "(%.2f/sec) (%.2f/min)\n",($srchCount / $totalTimeInSecs), $srchCount / ($totalTimeInSecs/60);
-+ $modStat = sprintf "(%.2f/sec) (%.2f/min)\n",$modCount / $totalTimeInSecs, $modCount/($totalTimeInSecs/60);
-+ $addStat = sprintf "(%.2f/sec) (%.2f/min)\n",$addCount/$totalTimeInSecs, $addCount/($totalTimeInSecs/60);
-+ $deleteStat = sprintf "(%.2f/sec) (%.2f/min)\n",$delCount/$totalTimeInSecs, $delCount/($totalTimeInSecs/60);
-+ $modrdnStat = sprintf "(%.2f/sec) (%.2f/min)\n",$modrdnCount/$totalTimeInSecs, $modrdnCount/($totalTimeInSecs/60);
-+ $compareStat = sprintf "(%.2f/sec) (%.2f/min)\n",$cmpCount/$totalTimeInSecs, $cmpCount/($totalTimeInSecs/60);
-+ $bindCountStat = sprintf "(%.2f/sec) (%.2f/min)\n",$bindCount/$totalTimeInSecs, $bindCount/($totalTimeInSecs/60);
-+}
-
- format STDOUT =
- Searches: @<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
-@@ -973,7 +998,7 @@ print " - SASL Binds: $saslBindCount\n";
- if ($saslBindCount > 0){
- my $saslmech = $hashes->{saslmech};
- foreach my $saslb ( sort {$saslmech->{$b} <=> $saslmech->{$a} } (keys %{$saslmech}) ){
-- printf " %-4s %-12s\n",$saslmech->{$saslb}, $saslb;
-+ printf " %-4s - %s\n",$saslb, $saslmech->{$saslb};
- }
- }
-
-@@ -1908,6 +1933,18 @@ sub parseLineNormal
- handleRestart();
- }
- if (m/ SSL connection from/){$sslCount++; if($reportStats){ inc_stats('sslconns',$s_stats,$m_stats); }}
-+ # Gather TLS and SSL version info
-+ if ($_ =~ /conn= *([0-9A-Z]+) TLS *(.*)/){
-+ $cipher{"TLS" . $2}++;
-+ }
-+ if ($_ =~ /conn= *([0-9A-Z]+) SSL *(.*)/){
-+ my $sslversion = $2;
-+ if(/SSL /){
-+ $cipher{"SSL " . $sslversion}++;
-+ } else {
-+ $cipher{"SSL" . $sslversion}++;
-+ }
-+ }
- if (m/ connection from local to /){$ldapiCount++;}
- if($_ =~ /AUTOBIND dn=\"(.*)\"/){
- $autobindCount++;
---
-1.9.3
-
diff --git a/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch b/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
new file mode 100644
index 0000000..7e4a3ba
--- /dev/null
+++ b/SOURCES/0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
@@ -0,0 +1,309 @@
+From a3d41922c0f211aa7602fb843f7cb4980f4bf285 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 3 Aug 2015 18:49:58 -0700
+Subject: [PATCH 37/39] Ticket #48228 - wrong password check if
+ passwordInHistory is decreased.
+
+Bug Description: When N passwords to be remembered (passwordInHistroy)
+and N passwords are remembered, decreasing the passwordInHistory value
+to M (< N) does not allow to use the oldest password which should have
+been discarded from the history and should be allowed.
+
+Fix Description: Before checking if the password is in the history or
+not, adding a check the passwordInHistory value (M) is less than the
+count of passwords remembered (N). If M < N, discard the (N-M) oldest
+passwords.
+
+https://fedorahosted.org/389/ticket/48228
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 1a119125856006543aae0520b5800a8b52c3b049)
+(cherry picked from commit dd85ee9c9ac24f1b141dd806943de236d2e44c90)
+---
+ ldap/servers/slapd/pw.c | 193 ++++++++++++++++++++++++++++--------------------
+ 1 file changed, 114 insertions(+), 79 deletions(-)
+
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index f883010..3abebbf 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -613,7 +613,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)
+
+ /* update passwordHistory */
+ if ( old_pw != NULL && pwpolicy->pw_history == 1 ) {
+- update_pw_history(pb, sdn, old_pw);
++ (void)update_pw_history(pb, sdn, old_pw);
+ slapi_ch_free ( (void**)&old_pw );
+ }
+
+@@ -654,8 +654,7 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw)
+ */
+ if ((internal_op && pwpolicy->pw_must_change && (!pb->pb_conn || strcasecmp(target_dn, pb->pb_conn->c_dn))) ||
+ (!internal_op && pwpolicy->pw_must_change &&
+- ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy))))
+- {
++ ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy)))) {
+ pw_exp_date = NO_TIME;
+ } else if ( pwpolicy->pw_exp == 1 ) {
+ Slapi_Entry *pse = NULL;
+@@ -996,6 +995,7 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
+
+ /* get the entry and check for the password history if this is called by a modify operation */
+ if ( mod_op ) {
++retry:
+ /* retrieve the entry */
+ e = get_entry ( pb, dn );
+ if ( e == NULL ) {
+@@ -1004,19 +1004,21 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
+
+ /* check for password history */
+ if ( pwpolicy->pw_history == 1 ) {
++ Slapi_Value **va = NULL;
+ attr = attrlist_find(e->e_attrs, "passwordHistory");
+- if (attr &&
+- !valueset_isempty(&attr->a_present_values))
+- {
+- Slapi_Value **va= attr_get_present_values(attr);
++ if (attr && !valueset_isempty(&attr->a_present_values)) {
++ /* Resetting password history array if necessary. */
++ if (0 == update_pw_history(pb, sdn, NULL)) {
++ /* There was an update in the password history. Retry... */
++ slapi_entry_free(e);
++ goto retry;
++ }
++ va = attr_get_present_values(attr);
+ if ( pw_in_history( va, vals[0] ) == 0 ) {
+ if ( pwresponse_req == 1 ) {
+- slapi_pwpolicy_make_response_control ( pb, -1, -1,
+- LDAP_PWPOLICY_PWDINHISTORY );
++ slapi_pwpolicy_make_response_control(pb, -1, -1, LDAP_PWPOLICY_PWDINHISTORY);
+ }
+- pw_send_ldap_result ( pb,
+- LDAP_CONSTRAINT_VIOLATION, NULL,
+- "password in history", 0, NULL );
++ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
+ slapi_entry_free( e );
+ return ( 1 );
+ }
+@@ -1024,26 +1026,17 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
+
+ /* get current password. check it and remember it */
+ attr = attrlist_find(e->e_attrs, "userpassword");
+- if (attr && !valueset_isempty(&attr->a_present_values))
+- {
+- Slapi_Value **va= valueset_get_valuearray(&attr->a_present_values);
+- if (slapi_is_encoded((char*)slapi_value_get_string(vals[0])))
+- {
+- if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 )
+- {
+- pw_send_ldap_result ( pb,
+- LDAP_CONSTRAINT_VIOLATION ,NULL,
+- "password in history", 0, NULL);
++ if (attr && !valueset_isempty(&attr->a_present_values)) {
++ va = valueset_get_valuearray(&attr->a_present_values);
++ if (slapi_is_encoded((char*)slapi_value_get_string(vals[0]))) {
++ if (slapi_attr_value_find(attr, (struct berval *)slapi_value_get_berval(vals[0])) == 0 ) {
++ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
+ slapi_entry_free( e );
+ return ( 1 );
+ }
+- } else
+- {
+- if ( slapi_pw_find_sv ( va, vals[0] ) == 0 )
+- {
+- pw_send_ldap_result ( pb,
+- LDAP_CONSTRAINT_VIOLATION ,NULL,
+- "password in history", 0, NULL);
++ } else {
++ if ( slapi_pw_find_sv ( va, vals[0] ) == 0 ) {
++ pw_send_ldap_result(pb, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL);
+ slapi_entry_free( e );
+ return ( 1 );
+ }
+@@ -1086,68 +1079,112 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
+
+ }
+
++/*
++ * Basically, h0 and h1 must be longer than GENERALIZED_TIME_LENGTH.
++ */
++static int
++pw_history_cmp(const void *h0, const void *h1)
++{
++ size_t h0sz = 0;
++ size_t h1sz = 0;
++ if (!h0) {
++ if (!h1) {
++ return 0;
++ } else {
++ return -1;
++ }
++ } else {
++ if (!h1) {
++ return 1;
++ } else {
++ size_t delta;
++ h0sz = strlen(h0);
++ h1sz = strlen(h1);
++ delta = h0sz - h1sz;
++ if (!delta) {
++ return delta;
++ }
++ if (h0sz < GENERALIZED_TIME_LENGTH) {
++ /* too short for the history str. */
++ return 0;
++ }
++ }
++ }
++ return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH);
++}
++
++
+ static int
+ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
+ {
+- time_t t, old_t, cur_time;
+- int i = 0, oldest = 0;
+- int res;
+- Slapi_Entry *e;
+- Slapi_Attr *attr;
++ time_t cur_time;
++ int res = 1; /* no update, by default */
++ Slapi_Entry *e = NULL;
+ LDAPMod attribute;
+- char *values_replace[25]; /* 2-24 passwords in history */
+ LDAPMod *list_of_mods[2];
+ Slapi_PBlock mod_pb;
+- char *history_str;
+- char *str;
++ char *str = NULL;
+ passwdPolicy *pwpolicy = NULL;
+ const char *dn = slapi_sdn_get_dn(sdn);
++ char **values_replace = NULL;
++ int vacnt = 0;
++ int vacnt_todelete = 0;
+
+ pwpolicy = new_passwdPolicy(pb, dn);
+
+ /* retrieve the entry */
+ e = get_entry ( pb, dn );
+ if ( e == NULL ) {
+- return ( 1 );
++ return res;
+ }
+
+- history_str = (char *)slapi_ch_malloc(GENERALIZED_TIME_LENGTH + strlen(old_pw) + 1);
+- /* get password history, and find the oldest password in history */
+- cur_time = current_time ();
+- old_t = cur_time;
+- str = format_genTime ( cur_time );
+- attr = attrlist_find(e->e_attrs, "passwordHistory");
+- if (attr && !valueset_isempty(&attr->a_present_values))
+- {
+- Slapi_Value **va= valueset_get_valuearray(&attr->a_present_values);
+- for ( i = oldest = 0 ;
+- (va[i] != NULL) && (slapi_value_get_length(va[i]) > 0) ;
+- i++ ) {
+-
+- values_replace[i] = (char*)slapi_value_get_string(va[i]);
+- strncpy( history_str, values_replace[i], GENERALIZED_TIME_LENGTH);
+- history_str[GENERALIZED_TIME_LENGTH] = '\0';
+- if (history_str[GENERALIZED_TIME_LENGTH - 1] != 'Z'){
+- /* The time is not a generalized Time. Probably a password history from 4.x */
+- history_str[GENERALIZED_TIME_LENGTH - 1] = '\0';
+- }
+- t = parse_genTime ( history_str );
+- if ( difftime ( t, old_t ) < 0 ) {
+- oldest = i;
+- old_t = t;
+- }
++ /* get password history */
++ values_replace = slapi_entry_attr_get_charray_ext(e, "passwordHistory", &vacnt);
++ if (old_pw) {
++ /* we have a password to replace with the oldest one in the history. */
++ if (!values_replace || !vacnt) { /* This is the first one to store */
++ values_replace = (char **)slapi_ch_calloc(2, sizeof(char *));
+ }
++ } else {
++ /* we are checking the history size if it stores more than the current inhistory count. */
++ if (!values_replace || !vacnt) { /* nothing to revise */
++ res = 1;
++ goto bail;
++ }
++ /*
++ * If revising the passwords in the passwordHistory values
++ * and the password count in the value array is less than the inhistory,
++ * we have nothing to do.
++ */
++ if (vacnt <= pwpolicy->pw_inhistory) {
++ res = 1;
++ goto bail;
++ }
++ vacnt_todelete = vacnt - pwpolicy->pw_inhistory;
+ }
+- strcpy ( history_str, str );
+- strcat ( history_str, old_pw );
+- if ( i >= pwpolicy->pw_inhistory ) {
+- /* replace the oldest password in history */
+- values_replace[oldest] = history_str;
+- values_replace[pwpolicy->pw_inhistory] = NULL;
++
++ cur_time = current_time();
++ str = format_genTime(cur_time);
++ /* values_replace is sorted. */
++ if (old_pw) {
++ if ( vacnt >= pwpolicy->pw_inhistory ) {
++ slapi_ch_free_string(&values_replace[0]);
++ values_replace[0] = slapi_ch_smprintf("%s%s", str, old_pw);
++ } else {
++ /* add old_pw at the end of password history */
++ values_replace = (char **)slapi_ch_realloc((char *)values_replace, sizeof(char *) * (vacnt + 2));
++ values_replace[vacnt] = slapi_ch_smprintf("%s%s", str, old_pw);
++ values_replace[vacnt+1] = NULL;
++ }
++ qsort((void *)values_replace, vacnt, (size_t)sizeof(char *), pw_history_cmp);
+ } else {
+- /* add old_pw at the end of password history */
+- values_replace[i] = history_str;
+- values_replace[++i]=NULL;
++ int i;
++ /* vacnt > pwpolicy->pw_inhistory */
++ for (i = 0; i < vacnt_todelete; i++) {
++ slapi_ch_free_string(&values_replace[i]);
++ }
++ memmove(values_replace, values_replace + vacnt_todelete, sizeof(char *) * pwpolicy->pw_inhistory);
++ values_replace[pwpolicy->pw_inhistory] = NULL;
+ }
+
+ /* modify the attribute */
+@@ -1159,21 +1196,19 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
+ list_of_mods[1] = NULL;
+
+ pblock_init(&mod_pb);
+- slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL,
+- pw_get_componentID(), 0);
++ slapi_modify_internal_set_pb_ext(&mod_pb, sdn, list_of_mods, NULL, NULL, pw_get_componentID(), 0);
+ slapi_modify_internal_pb(&mod_pb);
+ slapi_pblock_get(&mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
+ if (res != LDAP_SUCCESS){
+ LDAPDebug2Args(LDAP_DEBUG_ANY,
+ "WARNING: passwordPolicy modify error %d on entry '%s'\n", res, dn);
+ }
+-
+ pblock_done(&mod_pb);
+-
+- slapi_ch_free((void **) &str );
+- slapi_ch_free((void **) &history_str );
++ slapi_ch_free_string(&str);
++bail:
++ slapi_ch_array_free(values_replace);
+ slapi_entry_free( e );
+- return 0;
++ return res;
+ }
+
+ static
+--
+1.9.3
+
diff --git a/SOURCES/0038-Ticket-47947-start-dirsrv-after-chrony-on-RHEL7-and-.patch b/SOURCES/0038-Ticket-47947-start-dirsrv-after-chrony-on-RHEL7-and-.patch
deleted file mode 100644
index a1134b9..0000000
--- a/SOURCES/0038-Ticket-47947-start-dirsrv-after-chrony-on-RHEL7-and-.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 30877169647515a43ae9a1a7a1873e890c7798cc Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 16 Dec 2014 13:42:56 -0800
-Subject: [PATCH 38/53] Ticket #47947 - start dirsrv after chrony on RHEL7 and
- Fedora
-
-Description: After=chronyd.service to systemd.template.service.in,
-which is installed as this file:
- /usr/lib/systemd/system/dirsrv@.service
-and pointed by each server's service file:
- /etc/systemd/system/dirsrv.target.wants/dirsrv@YOURID.service
-
-https://fedorahosted.org/389/ticket/47947
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit c3389a46c584fa39b2278a295f8b2b6dad726d31)
-(cherry picked from commit 6e4e21ff010041eb636cc06b23bb3ed0de78ef1d)
----
- wrappers/systemd.template.service.in | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/wrappers/systemd.template.service.in b/wrappers/systemd.template.service.in
-index 42c7c23..9432cb0 100644
---- a/wrappers/systemd.template.service.in
-+++ b/wrappers/systemd.template.service.in
-@@ -15,6 +15,7 @@
- [Unit]
- Description=@capbrand@ Directory Server %i.
- PartOf=@systemdgroupname@
-+After=chronyd.service
-
- [Service]
- Type=forking
---
-1.9.3
-
diff --git a/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch b/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
new file mode 100644
index 0000000..8d833cf
--- /dev/null
+++ b/SOURCES/0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
@@ -0,0 +1,350 @@
+From 970672905f7ca994f1d0f92e82f4c80484796181 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 5 Aug 2015 14:40:12 -0700
+Subject: [PATCH 38/39] Ticket #48228 - CI test: added test cases for ticket
+ 48228
+
+Description: wrong password check if passwordInHistory is decreased.
+(cherry picked from commit 6b138a2091bf7d78f3bc60a13f226a39296e0f4c)
+(cherry picked from commit e62b4815f0682845992dc9a4375e1d7c5597bfba)
+---
+ dirsrvtests/tickets/ticket48228_test.py | 327 ++++++++++++++++++++++++++++++++
+ 1 file changed, 327 insertions(+)
+ create mode 100644 dirsrvtests/tickets/ticket48228_test.py
+
+diff --git a/dirsrvtests/tickets/ticket48228_test.py b/dirsrvtests/tickets/ticket48228_test.py
+new file mode 100644
+index 0000000..e0595bb
+--- /dev/null
++++ b/dirsrvtests/tickets/ticket48228_test.py
+@@ -0,0 +1,327 @@
++# --- BEGIN COPYRIGHT BLOCK ---
++# Copyright (C) 2015 Red Hat, Inc.
++# All rights reserved.
++#
++# License: GPL (version 3 or any later version).
++# See LICENSE for details.
++# --- END COPYRIGHT BLOCK ---
++#
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++
++log = logging.getLogger(__name__)
++
++installation_prefix = None
++
++# Assuming DEFAULT_SUFFIX is "dc=example,dc=com", otherwise it does not work... :(
++SUBTREE_CONTAINER = 'cn=nsPwPolicyContainer,' + DEFAULT_SUFFIX
++SUBTREE_PWPDN = 'cn=nsPwPolicyEntry,' + DEFAULT_SUFFIX
++SUBTREE_PWP = 'cn=cn\3DnsPwPolicyEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER
++SUBTREE_COS_TMPLDN = 'cn=nsPwTemplateEntry,' + DEFAULT_SUFFIX
++SUBTREE_COS_TMPL = 'cn=cn\3DnsPwTemplateEntry\2Cdc\3Dexample\2Cdc\3Dcom,' + SUBTREE_CONTAINER
++SUBTREE_COS_DEF = 'cn=nsPwPolicy_CoS,' + DEFAULT_SUFFIX
++
++USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
++USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
++
++class TopologyStandalone(object):
++ def __init__(self, standalone):
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ '''
++ This fixture is used to standalone topology for the 'module'.
++ '''
++ global installation_prefix
++
++ if installation_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation_prefix
++
++ standalone = DirSrv(verbose=False)
++
++ # Args for the standalone instance
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++
++ # Get the status of the instance and restart it if it exists
++ instance_standalone = standalone.exists()
++
++ # Remove the instance
++ if instance_standalone:
++ standalone.delete()
++
++ # Create the instance
++ standalone.create()
++
++ # Used to retrieve configuration information (dbdir, confdir...)
++ standalone.open()
++
++ # clear the tmp directory
++ standalone.clearTmpDir(__file__)
++
++ # Here we have standalone instance up and running
++ return TopologyStandalone(standalone)
++
++def set_global_pwpolicy(topology, inhistory):
++ log.info(" +++++ Enable global password policy +++++\n")
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++ # Enable password policy
++ try:
++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-pwpolicy-local', 'on')])
++ except ldap.LDAPError, e:
++ log.error('Failed to set pwpolicy-local: error ' + e.message['desc'])
++ assert False
++
++ log.info(" Set global password history on\n")
++ try:
++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordHistory', 'on')])
++ except ldap.LDAPError, e:
++ log.error('Failed to set passwordHistory: error ' + e.message['desc'])
++ assert False
++
++ log.info(" Set global passwords in history\n")
++ try:
++ count = "%d" % inhistory
++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'passwordInHistory', count)])
++ except ldap.LDAPError, e:
++ log.error('Failed to set passwordInHistory: error ' + e.message['desc'])
++ assert False
++
++def set_subtree_pwpolicy(topology):
++ log.info(" +++++ Enable subtree level password policy +++++\n")
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++ log.info(" Add the container")
++ try:
++ topology.standalone.add_s(Entry((SUBTREE_CONTAINER, {'objectclass': 'top nsContainer'.split(),
++ 'cn': 'nsPwPolicyContainer'})))
++ except ldap.LDAPError, e:
++ log.error('Failed to add subtree container: error ' + e.message['desc'])
++ assert False
++
++ log.info(" Add the password policy subentry {passwordHistory: on, passwordInHistory: 6}")
++ try:
++ topology.standalone.add_s(Entry((SUBTREE_PWP, {'objectclass': 'top ldapsubentry passwordpolicy'.split(),
++ 'cn': SUBTREE_PWPDN,
++ 'passwordMustChange': 'off',
++ 'passwordExp': 'off',
++ 'passwordHistory': 'on',
++ 'passwordInHistory': '6',
++ 'passwordMinAge': '0',
++ 'passwordChange': 'on',
++ 'passwordStorageScheme': 'clear'})))
++ except ldap.LDAPError, e:
++ log.error('Failed to add passwordpolicy: error ' + e.message['desc'])
++ assert False
++
++ log.info(" Add the COS template")
++ try:
++ topology.standalone.add_s(Entry((SUBTREE_COS_TMPL, {'objectclass': 'top ldapsubentry costemplate extensibleObject'.split(),
++ 'cn': SUBTREE_PWPDN,
++ 'cosPriority': '1',
++ 'cn': SUBTREE_COS_TMPLDN,
++ 'pwdpolicysubentry': SUBTREE_PWP})))
++ except ldap.LDAPError, e:
++ log.error('Failed to add COS template: error ' + e.message['desc'])
++ assert False
++
++ log.info(" Add the COS definition")
++ try:
++ topology.standalone.add_s(Entry((SUBTREE_COS_DEF, {'objectclass': 'top ldapsubentry cosSuperDefinition cosPointerDefinition'.split(),
++ 'cn': SUBTREE_PWPDN,
++ 'costemplatedn': SUBTREE_COS_TMPL,
++ 'cosAttribute': 'pwdpolicysubentry default operational-default'})))
++ except ldap.LDAPError, e:
++ log.error('Failed to add COS def: error ' + e.message['desc'])
++ assert False
++
++def check_passwd_inhistory(topology, user, cpw, passwd):
++ inhistory = 0
++ log.info(" Bind as {%s,%s}" % (user, cpw))
++ topology.standalone.simple_bind_s(user, cpw)
++ try:
++ topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', passwd)])
++ except ldap.LDAPError, e:
++ log.info(' The password ' + passwd + ' of user' + USER1_DN + ' in history: error ' + e.message['desc'])
++ inhistory = 1
++ return inhistory
++
++def update_passwd(topology, user, passwd, times):
++ cpw = passwd
++ loop = 0
++ while loop < times:
++ log.info(" Bind as {%s,%s}" % (user, cpw))
++ topology.standalone.simple_bind_s(user, cpw)
++ cpw = 'password%d' % loop
++ try:
++ topology.standalone.modify_s(user, [(ldap.MOD_REPLACE, 'userpassword', cpw)])
++ except ldap.LDAPError, e:
++ log.fatal('test_ticket48228: Failed to update the password ' + cpw + ' of user ' + user + ': error ' + e.message['desc'])
++ assert False
++ loop += 1
++
++ # checking the first password, which is supposed to be in history
++ inhistory = check_passwd_inhistory(topology, user, cpw, passwd)
++ assert inhistory == 1
++
++def test_ticket48228_test_global_policy(topology):
++ """
++ Check global password policy
++ """
++
++ log.info(' Set inhistory = 6')
++ set_global_pwpolicy(topology, 6)
++
++ log.info(' Bind as directory manager')
++ log.info("Bind as %s" % DN_DM)
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++ log.info(' Add an entry' + USER1_DN)
++ try:
++ topology.standalone.add_s(Entry((USER1_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
++ 'sn': '1',
++ 'cn': 'user 1',
++ 'uid': 'user1',
++ 'givenname': 'user',
++ 'mail': 'user1@example.com',
++ 'userpassword': 'password'})))
++ except ldap.LDAPError, e:
++ log.fatal('test_ticket48228: Failed to add user' + USER1_DN + ': error ' + e.message['desc'])
++ assert False
++
++ log.info(' Update the password of ' + USER1_DN + ' 6 times')
++ update_passwd(topology, USER1_DN, 'password', 6)
++
++ log.info(' Set inhistory = 4')
++ set_global_pwpolicy(topology, 4)
++
++ log.info(' checking the first password, which is supposed NOT to be in history any more')
++ cpw = 'password%d' % 5
++ tpw = 'password'
++ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
++ assert inhistory == 0
++
++ log.info(' checking the second password, which is supposed NOT to be in history any more')
++ cpw = tpw
++ tpw = 'password%d' % 0
++ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
++ assert inhistory == 0
++
++ log.info(' checking the second password, which is supposed NOT to be in history any more')
++ cpw = tpw
++ tpw = 'password%d' % 1
++ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
++ assert inhistory == 0
++
++ log.info(' checking the third password, which is supposed to be in history')
++ cpw = tpw
++ tpw = 'password%d' % 2
++ inhistory = check_passwd_inhistory(topology, USER1_DN, cpw, tpw)
++ assert inhistory == 1
++
++ log.info("Global policy was successfully verified.")
++
++def test_ticket48228_test_subtree_policy(topology):
++ """
++ Check subtree level password policy
++ """
++
++ log.info(' Set inhistory = 6')
++ set_subtree_pwpolicy(topology)
++
++ log.info(' Bind as directory manager')
++ log.info("Bind as %s" % DN_DM)
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++
++ log.info(' Add an entry' + USER2_DN)
++ try:
++ topology.standalone.add_s(Entry((USER2_DN, {'objectclass': "top person organizationalPerson inetOrgPerson".split(),
++ 'sn': '2',
++ 'cn': 'user 2',
++ 'uid': 'user2',
++ 'givenname': 'user',
++ 'mail': 'user2@example.com',
++ 'userpassword': 'password'})))
++ except ldap.LDAPError, e:
++ log.fatal('test_ticket48228: Failed to add user' + USER2_DN + ': error ' + e.message['desc'])
++ assert False
++
++ log.info(' Update the password of ' + USER2_DN + ' 6 times')
++ update_passwd(topology, USER2_DN, 'password', 6)
++
++ log.info(' Set inhistory = 4')
++ topology.standalone.simple_bind_s(DN_DM, PASSWORD)
++ try:
++ topology.standalone.modify_s(SUBTREE_PWP, [(ldap.MOD_REPLACE, 'passwordInHistory', '4')])
++ except ldap.LDAPError, e:
++ log.error('Failed to set pwpolicy-local: error ' + e.message['desc'])
++ assert False
++
++ log.info(' checking the first password, which is supposed NOT to be in history any more')
++ cpw = 'password%d' % 5
++ tpw = 'password'
++ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
++ assert inhistory == 0
++
++ log.info(' checking the second password, which is supposed NOT to be in history any more')
++ cpw = tpw
++ tpw = 'password%d' % 0
++ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
++ assert inhistory == 0
++
++ log.info(' checking the second password, which is supposed NOT to be in history any more')
++ cpw = tpw
++ tpw = 'password%d' % 1
++ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
++ assert inhistory == 0
++
++ log.info(' checking the third password, which is supposed to be in history')
++ cpw = tpw
++ tpw = 'password%d' % 2
++ inhistory = check_passwd_inhistory(topology, USER2_DN, cpw, tpw)
++ assert inhistory == 1
++
++ log.info("Subtree level policy was successfully verified.")
++
++def test_ticket48228_final(topology):
++ topology.standalone.delete()
++ log.info('Testcase PASSED')
++
++def run_isolated():
++ '''
++ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
++ To run isolated without py.test, you need to
++ - edit this file and comment '@pytest.fixture' line before 'topology' function.
++ - set the installation prefix
++ - run this program
++ '''
++ global installation_prefix
++ installation_prefix = None
++
++ topo = topology(True)
++ log.info('Testing Ticket 48228 - wrong password check if passwordInHistory is decreased')
++
++ test_ticket48228_test_global_policy(topo)
++
++ test_ticket48228_test_subtree_policy(topo)
++
++ test_ticket48228_final(topo)
++
++
++if __name__ == '__main__':
++ run_isolated()
++
+--
+1.9.3
+
diff --git a/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch b/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
new file mode 100644
index 0000000..2cb87d6
--- /dev/null
+++ b/SOURCES/0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
@@ -0,0 +1,1282 @@
+From 9ba3240a177c156e365f22c721432321bb0a679e Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 4 Aug 2015 12:19:31 -0400
+Subject: [PATCH 39/39] Ticket 47931 - memberOf & retrocl deadlocks
+
+Bug Description: When concurrently updating multiple backends the
+ memberOf and retrocl plugins can deadlock on each
+ other. This is caused by the required retrocl lock,
+ and the db lock on the changenumber index in the
+ retrocl db.
+
+Fix Description: Added scoping to the retrocl that allows subtrees/suffixes
+ to be included or excluded. Also moved the existing
+ memberOf scoping outside of its global lock.
+
+ Also improved the memberOf config copying to be consistent
+ and more efficient. Improved the memberOf scoping attributes
+ to be multivalued. And, properly valdiated new config
+ settings in the preop valdiation function, instead of the
+ "apply config" function.
+
+https://fedorahosted.org/389/ticket/47931
+
+Valgrind: passed
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit fd959ac864d6d86d24928bc2c6f097d1a6031ecd)
+(cherry picked from commit d8108476d3bedbcc03f6c61bfb3d50e921faaf42)
+---
+ ldap/servers/plugins/memberof/memberof.c | 217 +++++++++++++--------
+ ldap/servers/plugins/memberof/memberof.h | 8 +-
+ ldap/servers/plugins/memberof/memberof_config.c | 249 +++++++++++++++++-------
+ ldap/servers/plugins/retrocl/retrocl.c | 183 +++++++++++++++--
+ ldap/servers/plugins/retrocl/retrocl.h | 4 +
+ ldap/servers/plugins/retrocl/retrocl_po.c | 41 +++-
+ 6 files changed, 516 insertions(+), 186 deletions(-)
+
+diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
+index da52bc8..9b577b9 100644
+--- a/ldap/servers/plugins/memberof/memberof.c
++++ b/ldap/servers/plugins/memberof/memberof.c
+@@ -116,7 +116,7 @@ static int memberof_compare(MemberOfConfig *config, const void *a, const void *b
+ static int memberof_qsort_compare(const void *a, const void *b);
+ static void memberof_load_array(Slapi_Value **array, Slapi_Attr *attr);
+ static int memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *sdn);
+-static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
++static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, MemberOfConfig *config,
+ char **types, plugin_search_entry_callback callback, void *callback_data);
+ static int memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn,
+ Slapi_Value *memberdn);
+@@ -144,7 +144,7 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
+ static void memberof_fixup_task_thread(void *arg);
+ static int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str);
+ static int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data);
+-
++static int memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn);
+
+ /*** implementation ***/
+
+@@ -489,7 +489,8 @@ memberof_get_plugin_area()
+ int memberof_postop_del(Slapi_PBlock *pb)
+ {
+ int ret = SLAPI_PLUGIN_SUCCESS;
+- MemberOfConfig configCopy = {0, 0, 0, 0};
++ MemberOfConfig *mainConfig = NULL;
++ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ Slapi_DN *sdn;
+ void *caller_id = NULL;
+
+@@ -509,12 +510,13 @@ int memberof_postop_del(Slapi_PBlock *pb)
+ struct slapi_entry *e = NULL;
+
+ slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &e );
+-
+- /* We need to get the config lock first. Trying to get the
+- * config lock after we already hold the op lock can cause
+- * a deadlock. */
+ memberof_rlock_config();
+- /* copy config so it doesn't change out from under us */
++ mainConfig = memberof_get_config();
++ if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){
++ /* The entry is not in scope, bail...*/
++ memberof_unlock_config();
++ goto bail;
++ }
+ memberof_copy_config(&configCopy, memberof_get_config());
+ memberof_unlock_config();
+
+@@ -529,7 +531,6 @@ int memberof_postop_del(Slapi_PBlock *pb)
+ "memberof_postop_del: error deleting dn (%s) from group. Error (%d)\n",
+ slapi_sdn_get_dn(sdn),ret);
+ memberof_unlock();
+- memberof_free_config(&configCopy);
+ goto bail;
+ }
+
+@@ -554,10 +555,10 @@ int memberof_postop_del(Slapi_PBlock *pb)
+ }
+ }
+ memberof_unlock();
++bail:
+ memberof_free_config(&configCopy);
+ }
+
+-bail:
+ if(ret){
+ slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
+ ret = SLAPI_PLUGIN_FAILURE;
+@@ -591,7 +592,7 @@ memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *
+
+ groupattrs[0] = config->groupattrs[i];
+
+- rc = memberof_call_foreach_dn(pb, sdn, groupattrs,
++ rc = memberof_call_foreach_dn(pb, sdn, config, groupattrs,
+ memberof_del_dn_type_callback, &data);
+ }
+
+@@ -641,6 +642,20 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
+ return rc;
+ }
+
++/* Check if the the entry include scope is a child of the sdn */
++static Slapi_DN*
++memberof_scope_is_child_of_dn(MemberOfConfig *config, Slapi_DN *sdn)
++{
++ int i = 0;
++
++ while(config->entryScopes && config->entryScopes[i]){
++ if(slapi_sdn_issuffix(config->entryScopes[i], sdn)){
++ return config->entryScopes[i];
++ }
++ i++;
++ }
++ return NULL;
++}
+ /*
+ * Does a callback search of "type=dn" under the db suffix that "dn" is in,
+ * unless all_backends is set, then we look at all the backends. If "dn"
+@@ -649,7 +664,7 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
+ */
+ int
+ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
+- char **types, plugin_search_entry_callback callback, void *callback_data)
++ MemberOfConfig *config, char **types, plugin_search_entry_callback callback, void *callback_data)
+ {
+ Slapi_PBlock *search_pb = NULL;
+ Slapi_DN *base_sdn = NULL;
+@@ -657,9 +672,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
+ char *escaped_filter_val;
+ char *filter_str = NULL;
+ char *cookie = NULL;
+- int all_backends = memberof_config_get_all_backends();
+- Slapi_DN *entry_scope = memberof_config_get_entry_scope();
+- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
++ int all_backends = config->allBackends;
+ int types_name_len = 0;
+ int num_types = 0;
+ int dn_len = slapi_sdn_get_ndn_len(sdn);
+@@ -667,11 +680,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
+ int rc = 0;
+ int i = 0;
+
+- if (entry_scope && !slapi_sdn_issuffix(sdn, entry_scope)) {
+- return (rc);
+- }
+-
+- if (entry_scope_exclude_subtree && slapi_sdn_issuffix(sdn, entry_scope_exclude_subtree)) {
++ if (!memberof_entry_in_scope(config, sdn)) {
+ return (rc);
+ }
+
+@@ -728,6 +737,8 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
+ search_pb = slapi_pblock_new();
+ be = slapi_get_first_backend(&cookie);
+ while(be){
++ Slapi_DN *scope_sdn = NULL;
++
+ if(!all_backends){
+ be = slapi_be_select(sdn);
+ if(be == NULL){
+@@ -743,13 +754,14 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
+ continue;
+ }
+ }
+- if (entry_scope) {
+- if (slapi_sdn_issuffix(base_sdn, entry_scope)) {
++
++ if (config->entryScopes || config->entryScopeExcludeSubtrees) {
++ if (memberof_entry_in_scope(config, base_sdn)) {
+ /* do nothing, entry scope is spanning
+ * multiple suffixes, start at suffix */
+- } else if (slapi_sdn_issuffix(entry_scope, base_sdn)) {
++ } else if ((scope_sdn = memberof_scope_is_child_of_dn(config, base_sdn))) {
+ /* scope is below suffix, set search base */
+- base_sdn = entry_scope;
++ base_sdn = scope_sdn;
+ } else if(!all_backends){
+ break;
+ } else {
+@@ -767,7 +779,6 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
+ break;
+ }
+
+-
+ if(!all_backends){
+ break;
+ }
+@@ -792,10 +803,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
+ {
+ int ret = SLAPI_PLUGIN_SUCCESS;
+ void *caller_id = NULL;
+- Slapi_DN *entry_scope = NULL;
+- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
+
+- entry_scope = memberof_config_get_entry_scope();
+ slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "--> memberof_postop_modrdn\n" );
+
+@@ -810,7 +818,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
+ if(memberof_oktodo(pb))
+ {
+ MemberOfConfig *mainConfig = 0;
+- MemberOfConfig configCopy = {0, 0, 0, 0};
++ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ struct slapi_entry *pre_e = NULL;
+ struct slapi_entry *post_e = NULL;
+ Slapi_DN *pre_sdn = 0;
+@@ -818,7 +826,6 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
+
+ slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e );
+ slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &post_e );
+-
+ if(pre_e && post_e)
+ {
+ pre_sdn = slapi_entry_get_sdn(pre_e);
+@@ -831,11 +838,19 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
+ memberof_copy_config(&configCopy, mainConfig);
+ memberof_unlock_config();
+
++ /* Need to check both the pre/post entries */
++ if((pre_sdn && !memberof_entry_in_scope(&configCopy, pre_sdn)) &&
++ (post_sdn && !memberof_entry_in_scope(&configCopy, post_sdn)))
++ {
++ /* The entry is not in scope */
++ goto bail;
++ }
++
+ memberof_lock();
+
+ /* update any downstream members */
+ if(pre_sdn && post_sdn && configCopy.group_filter &&
+- 0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
++ 0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
+ {
+ int i = 0;
+ Slapi_Attr *attr = 0;
+@@ -847,7 +862,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
+ if(0 == slapi_entry_attr_find(post_e, configCopy.groupattrs[i], &attr))
+ {
+ if((ret = memberof_moddn_attr_list(pb, &configCopy, pre_sdn,
+- post_sdn, attr) != 0))
++ post_sdn, attr) != 0))
+ {
+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "memberof_postop_modrdn - update failed for (%s), error (%d)\n",
+@@ -862,49 +877,49 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
+ * of other group entries. We need to update any member
+ * attributes to refer to the new name. */
+ if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) {
+- if ((entry_scope && !slapi_sdn_issuffix(post_sdn, entry_scope)) ||
+- (entry_scope_exclude_subtree && slapi_sdn_issuffix(post_sdn, entry_scope_exclude_subtree))) {
++ if (!memberof_entry_in_scope(&configCopy, post_sdn)){
+ if((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_sdn))){
+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "memberof_postop_modrdn - delete dn failed for (%s), error (%d)\n",
+ slapi_sdn_get_dn(pre_sdn), ret);
+ }
+ if(ret == LDAP_SUCCESS && pre_e && configCopy.group_filter &&
+- 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) {
++ 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter))
++ {
+ /* is the entry of interest as a group? */
+- int i = 0;
+- Slapi_Attr *attr = 0;
+-
+- /* Loop through to find each grouping attribute separately. */
+- for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
+- if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
+- if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
+- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+- "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
+- slapi_sdn_get_dn(pre_sdn),ret);
+- }
++ int i = 0;
++ Slapi_Attr *attr = 0;
+
++ /* Loop through to find each grouping attribute separately. */
++ for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
++ if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
++ if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
++ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
++ "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
++ slapi_sdn_get_dn(pre_sdn),ret);
+ }
++
+ }
+- }
++ }
++ }
+ if(ret == LDAP_SUCCESS) {
+- memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
+- if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
+- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+- "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
+- slapi_entry_get_dn(post_e), ret);
+- }
++ memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
++ if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
++ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
++ "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
++ slapi_entry_get_dn(post_e), ret);
+ }
++ }
+ } else {
+ if((ret = memberof_replace_dn_from_groups(pb, &configCopy, pre_sdn, post_sdn))){
+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+- "memberof_postop_modrdn - replace dne failed for (%s), error (%d)\n",
++ "memberof_postop_modrdn - replace dn failed for (%s), error (%d)\n",
+ slapi_sdn_get_dn(pre_sdn), ret);
+ }
+ }
+ }
+-
+ memberof_unlock();
++bail:
+ memberof_free_config(&configCopy);
+ }
+
+@@ -946,7 +961,7 @@ memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config,
+
+ groupattrs[0] = config->groupattrs[i];
+
+- if((ret = memberof_call_foreach_dn(pb, pre_sdn, groupattrs,
++ if((ret = memberof_call_foreach_dn(pb, pre_sdn, config, groupattrs,
+ memberof_replace_dn_type_callback,
+ &data)))
+ {
+@@ -1064,12 +1079,11 @@ int memberof_postop_modify(Slapi_PBlock *pb)
+ goto done;
+ }
+
+-
+- if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
++ if(memberof_oktodo(pb))
+ {
+ int config_copied = 0;
+ MemberOfConfig *mainConfig = 0;
+- MemberOfConfig configCopy = {0, 0, 0, 0};
++ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+ /* get the mod set */
+ slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
+@@ -1088,19 +1102,22 @@ int memberof_postop_modify(Slapi_PBlock *pb)
+ * only copy the config the first time it's needed so
+ * it remains the same for all mods in the operation,
+ * despite any config changes that may be made. */
+- if (!config_copied)
+- {
++ if (!config_copied){
+ memberof_rlock_config();
+ mainConfig = memberof_get_config();
+
+ if (memberof_is_grouping_attr(type, mainConfig))
+ {
+ interested = 1;
++ if (!memberof_entry_in_scope(mainConfig, sdn)){
++ /* Entry is not in scope */
++ memberof_unlock_config();
++ goto bail;
++ }
+ /* copy config so it doesn't change out from under us */
+ memberof_copy_config(&configCopy, mainConfig);
+ config_copied = 1;
+ }
+-
+ memberof_unlock_config();
+ } else {
+ if (memberof_is_grouping_attr(type, &configCopy))
+@@ -1197,8 +1214,7 @@ int memberof_postop_modify(Slapi_PBlock *pb)
+ }
+
+ bail:
+- if (config_copied)
+- {
++ if (config_copied){
+ memberof_free_config(&configCopy);
+ }
+
+@@ -1244,22 +1260,25 @@ int memberof_postop_add(Slapi_PBlock *pb)
+
+ if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
+ {
+- MemberOfConfig *mainConfig = 0;
+- MemberOfConfig configCopy = {0, 0, 0, 0};
+ struct slapi_entry *e = NULL;
+-
++ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
++ MemberOfConfig *mainConfig;
+ slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &e );
+-
+
+ /* is the entry of interest? */
+ memberof_rlock_config();
+ mainConfig = memberof_get_config();
+ if(e && mainConfig && mainConfig->group_filter &&
+ 0 == slapi_filter_test_simple(e, mainConfig->group_filter))
++
+ {
+ interested = 1;
+- /* copy config so it doesn't change out from under us */
+- memberof_copy_config(&configCopy, mainConfig);
++ if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){
++ /* Entry is not in scope */
++ memberof_unlock_config();
++ goto bail;
++ }
++ memberof_copy_config(&configCopy, memberof_get_config());
+ }
+ memberof_unlock_config();
+
+@@ -1284,11 +1303,11 @@ int memberof_postop_add(Slapi_PBlock *pb)
+ }
+
+ memberof_unlock();
+-
+ memberof_free_config(&configCopy);
+ }
+ }
+
++bail:
+ if(ret){
+ slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
+ ret = SLAPI_PLUGIN_FAILURE;
+@@ -1326,26 +1345,61 @@ int memberof_oktodo(Slapi_PBlock *pb)
+ }
+
+ if(slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0)
+- {
++ {
+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "memberof_postop_oktodo: could not get parameters\n" );
+ ret = -1;
+ }
+
+- /* this plugin should only execute if the operation succeeded
+- */
+- if(oprc != 0)
++ /* this plugin should only execute if the operation succeeded */
++ if(oprc != 0)
+ {
+ ret = 0;
+ }
+-
++
++bail:
+ slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
+ "<-- memberof_postop_oktodo\n" );
+
+-bail:
+ return ret;
+ }
+
++/*
++ * Return 1 if the entry is in the scope.
++ * For MODRDN the caller should check both the preop
++ * and postop entries. If we are moving out of, or
++ * into scope, we should process it.
++ */
++static int
++memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn)
++{
++ if (config->entryScopeExcludeSubtrees){
++ int i = 0;
++
++ /* check the excludes */
++ while(config->entryScopeExcludeSubtrees[i]){
++ if (slapi_sdn_issuffix(sdn, config->entryScopeExcludeSubtrees[i])){
++ return 0;
++ }
++ i++;
++ }
++ }
++ if (config->entryScopes){
++ int i = 0;
++
++ /* check the excludes */
++ while(config->entryScopes[i]){
++ if (slapi_sdn_issuffix(sdn, config->entryScopes[i])){
++ return 1;
++ }
++ i++;
++ }
++ return 0;
++ }
++
++ return 1;
++}
++
+ static Slapi_DN *
+ memberof_getsdn(Slapi_PBlock *pb)
+ {
+@@ -2013,7 +2067,7 @@ memberof_get_groups_r(MemberOfConfig *config, Slapi_DN *member_sdn,
+ {
+ /* Search for any grouping attributes that point to memberdn.
+ * For each match, add it to the list, recurse and do same search */
+- return memberof_call_foreach_dn(NULL, member_sdn, config->groupattrs,
++ return memberof_call_foreach_dn(NULL, member_sdn, config, config->groupattrs,
+ memberof_get_groups_callback, data);
+ }
+
+@@ -2030,7 +2084,6 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
+ Slapi_Value *group_dn_val = 0;
+ Slapi_ValueSet *groupvals = *((memberof_get_groups_data*)callback_data)->groupvals;
+ Slapi_ValueSet *group_norm_vals = *((memberof_get_groups_data*)callback_data)->group_norm_vals;
+- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
+ MemberOfConfig *config = ((memberof_get_groups_data*)callback_data)->config;
+ int rc = 0;
+
+@@ -2086,7 +2139,7 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
+ }
+
+ /* if the group does not belong to an excluded subtree, adds it to the valueset */
+- if (!(entry_scope_exclude_subtree && slapi_sdn_issuffix(group_sdn, entry_scope_exclude_subtree))) {
++ if (memberof_entry_in_scope(config, group_sdn)) {
+ /* Push group_dn_val into the valueset. This memory is now owned
+ * by the valueset. */
+ group_dn_val = slapi_value_new_string(group_dn);
+@@ -2188,8 +2241,8 @@ memberof_test_membership(Slapi_PBlock *pb, MemberOfConfig *config,
+ {
+ char *attrs[2] = {config->memberof_attr, 0};
+
+- return memberof_call_foreach_dn(pb, group_sdn, attrs,
+- memberof_test_membership_callback , config);
++ return memberof_call_foreach_dn(pb, group_sdn, config, attrs,
++ memberof_test_membership_callback, config);
+ }
+
+ /*
+diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h
+index 5a70400..9d9d158 100644
+--- a/ldap/servers/plugins/memberof/memberof.h
++++ b/ldap/servers/plugins/memberof/memberof.h
+@@ -52,8 +52,10 @@ typedef struct memberofconfig {
+ char **groupattrs;
+ char *memberof_attr;
+ int allBackends;
+- Slapi_DN *entryScope;
+- Slapi_DN *entryScopeExcludeSubtree;
++ Slapi_DN **entryScopes;
++ int entryScopeCount;
++ Slapi_DN **entryScopeExcludeSubtrees;
++ int entryExcludeScopeCount;
+ Slapi_Filter *group_filter;
+ Slapi_Attr **group_slapiattrs;
+ int skip_nested;
+@@ -74,8 +76,6 @@ void memberof_rlock_config();
+ void memberof_wlock_config();
+ void memberof_unlock_config();
+ int memberof_config_get_all_backends();
+-Slapi_DN * memberof_config_get_entry_scope();
+-Slapi_DN * memberof_config_get_entry_scope_exclude_subtree();
+ void memberof_set_config_area(Slapi_DN *sdn);
+ Slapi_DN * memberof_get_config_area();
+ void memberof_set_plugin_area(Slapi_DN *sdn);
+diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
+index ac2d045..b4cc941 100644
+--- a/ldap/servers/plugins/memberof/memberof_config.c
++++ b/ldap/servers/plugins/memberof/memberof_config.c
+@@ -48,7 +48,7 @@ static int memberof_search (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_En
+ /* This is the main configuration which is updated from dse.ldif. The
+ * config will be copied when it is used by the plug-in to prevent it
+ * being changed out from under a running memberOf operation. */
+-static MemberOfConfig theConfig = {NULL, NULL,0, NULL, NULL, NULL, NULL};
++static MemberOfConfig theConfig = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ static Slapi_RWLock *memberof_config_lock = 0;
+ static int inited = 0;
+
+@@ -60,6 +60,19 @@ static int dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Ent
+ return SLAPI_DSE_CALLBACK_ERROR;
+ }
+
++static void
++memberof_free_scope(Slapi_DN **scopes, int *count)
++{
++ int i = 0;
++
++ while(scopes && scopes[i]){
++ slapi_sdn_free(&scopes[i]);
++ i++;
++ }
++ slapi_ch_free((void**)&scopes);
++ *count = 0;
++}
++
+ /*
+ * memberof_config()
+ *
+@@ -155,17 +168,22 @@ memberof_release_config()
+ *
+ * Validate the pending changes in the e entry.
+ */
+-static int
++int
+ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
+ int *returncode, char *returntext, void *arg)
+ {
+ Slapi_Attr *memberof_attr = NULL;
+ Slapi_Attr *group_attr = NULL;
+ Slapi_DN *config_sdn = NULL;
++ Slapi_DN **include_dn = NULL;
++ Slapi_DN **exclude_dn = NULL;
+ char *syntaxoid = NULL;
+ char *config_dn = NULL;
+ char *skip_nested = NULL;
++ char **entry_scopes = NULL;
++ char **entry_exclude_scopes = NULL;
+ int not_dn_syntax = 0;
++ int num_vals = 0;
+
+ *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
+
+@@ -283,8 +301,112 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
+ }
+ }
++ /*
++ * Check the entry scopes
++ */
++ entry_scopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals);
++ if(entry_scopes){
++ int i = 0;
++
++ /* Validate the syntax before we create our DN array */
++ for (i = 0;i < num_vals; i++){
++ if(slapi_dn_syntax_check(pb, entry_scopes[i], 1)){
++ /* invalid dn syntax */
++ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
++ "%s: Invalid DN (%s) for include suffix.",
++ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
++ slapi_ch_array_free(entry_scopes);
++ theConfig.entryScopeCount = 0;
++ *returncode = LDAP_UNWILLING_TO_PERFORM;
++ goto done;
++ }
++ }
++ /* Now create our SDN array for conflict checking */
++ include_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1);
++ for (i = 0;i < num_vals; i++){
++ include_dn[i] = slapi_sdn_new_dn_passin(entry_scopes[i]);
++ }
++ }
++ /*
++ * Check and process the entry exclude scopes
++ */
++ entry_exclude_scopes =
++ slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals);
++ if(entry_exclude_scopes){
++ int i = 0;
++
++ /* Validate the syntax before we create our DN array */
++ for (i = 0;i < num_vals; i++){
++ if(slapi_dn_syntax_check(pb, entry_exclude_scopes[i], 1)){
++ /* invalid dn syntax */
++ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
++ "%s: Invalid DN (%s) for exclude suffix.",
++ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
++ slapi_ch_array_free(entry_exclude_scopes);
++ *returncode = LDAP_UNWILLING_TO_PERFORM;
++ goto done;
++ }
++ }
++ /* Now create our SDN array for conflict checking */
++ exclude_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
++ for (i = 0;i < num_vals; i++){
++ exclude_dn[i] = slapi_sdn_new_dn_passin(entry_exclude_scopes[i]);
++ }
++ }
++ /*
++ * Need to do conflict checking
++ */
++ if(include_dn && exclude_dn){
++ /*
++ * Make sure we haven't mixed the same suffix, and there are no
++ * conflicts between the includes and excludes
++ */
++ int i = 0;
++
++ while(include_dn[i]){
++ int x = 0;
++ while(exclude_dn[x]){
++ if(slapi_sdn_compare(include_dn[i], exclude_dn[x] ) == 0)
++ {
++ /* we have a conflict */
++ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
++ "%s: include suffix (%s) is also listed as an exclude suffix list",
++ MEMBEROF_PLUGIN_SUBSYSTEM, slapi_sdn_get_dn(include_dn[i]));
++ *returncode = LDAP_UNWILLING_TO_PERFORM;
++ goto done;
++ }
++ x++;
++ }
++ i++;
++ }
++
++ /* Check for parent/child conflicts */
++ i = 0;
++ while(include_dn[i]){
++ int x = 0;
++ while(exclude_dn[x]){
++ if(slapi_sdn_issuffix(include_dn[i], exclude_dn[x]))
++ {
++ /* we have a conflict */
++ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
++ "%s: include suffix (%s) is a child of the exclude suffix(%s)",
++ MEMBEROF_PLUGIN_SUBSYSTEM,
++ slapi_sdn_get_dn(include_dn[i]),
++ slapi_sdn_get_dn(exclude_dn[i]));
++ *returncode = LDAP_UNWILLING_TO_PERFORM;
++ goto done;
++ }
++ x++;
++ }
++ i++;
++ }
++ }
+
+ done:
++ memberof_free_scope(exclude_dn, &num_vals);
++ memberof_free_scope(include_dn, &num_vals);
++ slapi_ch_free((void**)&entry_scopes);
++ slapi_ch_free((void**)&entry_exclude_scopes);
+ slapi_sdn_free(&config_sdn);
+ slapi_ch_free_string(&config_dn);
+ slapi_ch_free_string(&skip_nested);
+@@ -299,7 +421,6 @@ done:
+ }
+ }
+
+-
+ /*
+ * memberof_apply_config()
+ *
+@@ -318,10 +439,11 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
+ int num_groupattrs = 0;
+ int groupattr_name_len = 0;
+ char *allBackends = NULL;
+- char *entryScope = NULL;
+- char *entryScopeExcludeSubtree = NULL;
++ char **entryScopes = NULL;
++ char **entryScopeExcludeSubtrees = NULL;
+ char *sharedcfg = NULL;
+ char *skip_nested = NULL;
++ int num_vals = 0;
+
+ *returncode = LDAP_SUCCESS;
+
+@@ -353,8 +475,6 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
+ groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR);
+ memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR);
+ allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR);
+- entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR);
+- entryScopeExcludeSubtree = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE);
+ skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR);
+
+ /*
+@@ -480,49 +600,39 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
+ theConfig.allBackends = 0;
+ }
+
+- slapi_sdn_free(&theConfig.entryScope);
+- if (entryScope)
+- {
+- if (slapi_dn_syntax_check(NULL, entryScope, 1) == 1) {
+- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+- "Error: Ignoring invalid DN used as plugin entry scope: [%s]\n",
+- entryScope);
+- theConfig.entryScope = NULL;
+- slapi_ch_free_string(&entryScope);
+- } else {
+- theConfig.entryScope = slapi_sdn_new_dn_passin(entryScope);
++ /*
++ * Check and process the entry scopes
++ */
++ memberof_free_scope(theConfig.entryScopes, &theConfig.entryScopeCount);
++ entryScopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals);
++ if(entryScopes){
++ int i = 0;
++
++ /* Validation has already been performed in preop, just build the DN's */
++ theConfig.entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1);
++ for (i = 0;i < num_vals; i++){
++ theConfig.entryScopes[i] = slapi_sdn_new_dn_passin(entryScopes[i]);
+ }
+- } else {
+- theConfig.entryScope = NULL;
++ theConfig.entryScopeCount = num_vals; /* shortcut for config copy */
+ }
+-
+- slapi_sdn_free(&theConfig.entryScopeExcludeSubtree);
+- if (entryScopeExcludeSubtree)
+- {
+- if (theConfig.entryScope == NULL) {
+- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+- "Error: Ignoring ExcludeSubtree (%s) because entryScope is not define\n",
+- entryScopeExcludeSubtree);
+- theConfig.entryScopeExcludeSubtree = NULL;
+- slapi_ch_free_string(&entryScopeExcludeSubtree);
+- } else if (slapi_dn_syntax_check(NULL, entryScopeExcludeSubtree, 1) == 1) {
+- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+- "Error: Ignoring invalid DN used as plugin entry exclude subtree: [%s]\n",
+- entryScopeExcludeSubtree);
+- theConfig.entryScopeExcludeSubtree = NULL;
+- slapi_ch_free_string(&entryScopeExcludeSubtree);
+- } else {
+- theConfig.entryScopeExcludeSubtree = slapi_sdn_new_dn_passin(entryScopeExcludeSubtree);
++ /*
++ * Check and process the entry exclude scopes
++ */
++ memberof_free_scope(theConfig.entryScopeExcludeSubtrees,
++ &theConfig.entryExcludeScopeCount);
++ entryScopeExcludeSubtrees =
++ slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals);
++ if(entryScopeExcludeSubtrees){
++ int i = 0;
++
++ /* Validation has already been performed in preop, just build the DN's */
++ theConfig.entryScopeExcludeSubtrees =
++ (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
++ for (i = 0;i < num_vals; i++){
++ theConfig.entryScopeExcludeSubtrees[i] =
++ slapi_sdn_new_dn_passin(entryScopeExcludeSubtrees[i]);
+ }
+- } else {
+- theConfig.entryScopeExcludeSubtree = NULL;
+- }
+- if (theConfig.entryScopeExcludeSubtree && theConfig.entryScope && !slapi_sdn_issuffix(theConfig.entryScopeExcludeSubtree, theConfig.entryScope)) {
+- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+- "Error: Ignoring ExcludeSubtree (%s) that is out of the scope (%s)\n",
+- slapi_sdn_get_dn(theConfig.entryScopeExcludeSubtree),
+- slapi_sdn_get_dn(theConfig.entryScope));
+- slapi_sdn_free(&theConfig.entryScopeExcludeSubtree);
++ theConfig.entryExcludeScopeCount = num_vals; /* shortcut for config copy */
+ }
+
+ /* release the lock */
+@@ -536,6 +646,8 @@ done:
+ slapi_ch_free_string(&memberof_attr);
+ slapi_ch_free_string(&allBackends);
+ slapi_ch_free_string(&skip_nested);
++ slapi_ch_free((void **)&entryScopes);
++ slapi_ch_free((void **)&entryScopeExcludeSubtrees);
+
+ if (*returncode != LDAP_SUCCESS)
+ {
+@@ -616,6 +728,23 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
+ {
+ dest->allBackends = src->allBackends;
+ }
++
++ if(src->entryScopes){
++ int num_vals = 0;
++
++ dest->entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryScopeCount+1);
++ for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
++ dest->entryScopes[num_vals] = slapi_sdn_dup(src->entryScopes[num_vals]);
++ }
++ }
++ if(src->entryScopeExcludeSubtrees){
++ int num_vals = 0;
++
++ dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1);
++ for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
++ dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]);
++ }
++ }
+ }
+ }
+
+@@ -641,6 +770,8 @@ memberof_free_config(MemberOfConfig *config)
+ slapi_ch_free((void **)&config->group_slapiattrs);
+
+ slapi_ch_free_string(&config->memberof_attr);
++ memberof_free_scope(config->entryScopes, &config->entryScopeCount);
++ memberof_free_scope(config->entryScopeExcludeSubtrees, &config->entryExcludeScopeCount);
+ }
+ }
+
+@@ -706,30 +837,6 @@ memberof_config_get_all_backends()
+ return all_backends;
+ }
+
+-Slapi_DN *
+-memberof_config_get_entry_scope()
+-{
+- Slapi_DN *entry_scope;
+-
+- slapi_rwlock_rdlock(memberof_config_lock);
+- entry_scope = theConfig.entryScope;
+- slapi_rwlock_unlock(memberof_config_lock);
+-
+- return entry_scope;
+-}
+-
+-Slapi_DN *
+-memberof_config_get_entry_scope_exclude_subtree()
+-{
+- Slapi_DN *entry_exclude_subtree;
+-
+- slapi_rwlock_rdlock(memberof_config_lock);
+- entry_exclude_subtree = theConfig.entryScopeExcludeSubtree;
+- slapi_rwlock_unlock(memberof_config_lock);
+-
+- return entry_exclude_subtree;
+-}
+-
+ /*
+ * Check if we are modifying the config, or changing the shared config entry
+ */
+diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c
+index 78a0c6d..4bcbb38 100644
+--- a/ldap/servers/plugins/retrocl/retrocl.c
++++ b/ldap/servers/plugins/retrocl/retrocl.c
+@@ -45,6 +45,9 @@ char **retrocl_attributes = NULL;
+ char **retrocl_aliases = NULL;
+ int retrocl_log_deleted = 0;
+
++static Slapi_DN **retrocl_includes = NULL;
++static Slapi_DN **retrocl_excludes = NULL;
++
+ /* ----------------------------- Retrocl Plugin */
+
+ static Slapi_PluginDesc retrocldesc = {"retrocl", VENDOR, DS_PACKAGE_VERSION, "Retrocl Plugin"};
+@@ -349,6 +352,8 @@ static int retrocl_start (Slapi_PBlock *pb)
+ int rc = 0;
+ Slapi_Entry *e = NULL;
+ char **values = NULL;
++ int num_vals = 0;
++ int i = 0;
+
+ retrocl_rootdse_init(pb);
+
+@@ -369,6 +374,87 @@ static int retrocl_start (Slapi_PBlock *pb)
+ return -1;
+ }
+
++ /* Get the exclude suffixes */
++ values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_EXCLUDE_SUFFIX, &num_vals);
++ if(values){
++ /* Validate the syntax before we create our DN array */
++ for (i = 0;i < num_vals; i++){
++ if(slapi_dn_syntax_check(pb, values[i], 1)){
++ /* invalid dn syntax */
++ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
++ "Invalid DN (%s) for exclude suffix.\n", values[i] );
++ slapi_ch_array_free(values);
++ return -1;
++ }
++ }
++ /* Now create our SDN array */
++ retrocl_excludes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
++ for (i = 0;i < num_vals; i++){
++ retrocl_excludes[i] = slapi_sdn_new_dn_byval(values[i]);
++ }
++ slapi_ch_array_free(values);
++ }
++ /* Get the include suffixes */
++ values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_INCLUDE_SUFFIX, &num_vals);
++ if(values){
++ for (i = 0;i < num_vals; i++){
++ /* Validate the syntax before we create our DN array */
++ if(slapi_dn_syntax_check(pb, values[i], 1)){
++ /* invalid dn syntax */
++ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
++ "Invalid DN (%s) for include suffix.\n", values[i] );
++ slapi_ch_array_free(values);
++ return -1;
++ }
++ }
++ /* Now create our SDN array */
++ retrocl_includes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
++ for (i = 0;i < num_vals; i++){
++ retrocl_includes[i] = slapi_sdn_new_dn_byval(values[i]);
++ }
++ slapi_ch_array_free(values);
++ }
++ if(retrocl_includes && retrocl_excludes){
++ /*
++ * Make sure we haven't mixed the same suffix, and there are no
++ * conflicts between the includes and excludes
++ */
++ int i = 0;
++
++ while(retrocl_includes[i]){
++ int x = 0;
++ while(retrocl_excludes[x]){
++ if(slapi_sdn_compare(retrocl_includes[i], retrocl_excludes[x] ) == 0){
++ /* we have a conflict */
++ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
++ "include suffix (%s) is also listed in exclude suffix list\n",
++ slapi_sdn_get_dn(retrocl_includes[i]));
++ return -1;
++ }
++ x++;
++ }
++ i++;
++ }
++
++ /* Check for parent/child conflicts */
++ i = 0;
++ while(retrocl_includes[i]){
++ int x = 0;
++ while(retrocl_excludes[x]){
++ if(slapi_sdn_issuffix(retrocl_includes[i], retrocl_excludes[x])){
++ /* we have a conflict */
++ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
++ "include suffix (%s) is a child of the exclude suffix(%s)\n",
++ slapi_sdn_get_dn(retrocl_includes[i]),
++ slapi_sdn_get_dn(retrocl_excludes[i]));
++ return -1;
++ }
++ x++;
++ }
++ i++;
++ }
++ }
++
+ values = slapi_entry_attr_get_charray(e, "nsslapd-attribute");
+ if (values != NULL) {
+ int n = 0;
+@@ -434,6 +520,49 @@ static int retrocl_start (Slapi_PBlock *pb)
+ }
+
+ /*
++ * Check if an entry is in the configured scope.
++ * Return 1 if entry is in the scope, or 0 otherwise.
++ * For MODRDN the caller should check both the preop
++ * and postop entries. If we are moving out of, or
++ * into scope, we should record it.
++ */
++int
++retrocl_entry_in_scope(Slapi_Entry *e)
++{
++ Slapi_DN *sdn = slapi_entry_get_sdn(e);
++
++ if (e == NULL){
++ return 1;
++ }
++
++ if (retrocl_excludes){
++ int i = 0;
++
++ /* check the excludes */
++ while(retrocl_excludes[i]){
++ if (slapi_sdn_issuffix(sdn, retrocl_excludes[i])){
++ return 0;
++ }
++ i++;
++ }
++ }
++ if (retrocl_includes){
++ int i = 0;
++
++ /* check the excludes */
++ while(retrocl_includes[i]){
++ if (slapi_sdn_issuffix(sdn, retrocl_includes[i])){
++ return 1;
++ }
++ i++;
++ }
++ return 0;
++ }
++
++ return 1;
++}
++
++/*
+ * Function: retrocl_stop
+ *
+ * Returns: 0
+@@ -446,26 +575,40 @@ static int retrocl_start (Slapi_PBlock *pb)
+
+ static int retrocl_stop (Slapi_PBlock *pb)
+ {
+- int rc = 0;
+-
+- slapi_ch_array_free(retrocl_attributes);
+- retrocl_attributes = NULL;
+- slapi_ch_array_free(retrocl_aliases);
+- retrocl_aliases = NULL;
+-
+- retrocl_stop_trimming();
+- retrocl_be_changelog = NULL;
+- retrocl_forget_changenumbers();
+- PR_DestroyLock(retrocl_internal_lock);
+- retrocl_internal_lock = NULL;
+- slapi_destroy_rwlock(retrocl_cn_lock);
+- retrocl_cn_lock = NULL;
+- legacy_initialised = 0;
+-
+- slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "",
+- LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search);
+-
+- return rc;
++ int rc = 0;
++ int i = 0;
++
++ slapi_ch_array_free(retrocl_attributes);
++ retrocl_attributes = NULL;
++ slapi_ch_array_free(retrocl_aliases);
++ retrocl_aliases = NULL;
++
++ while(retrocl_excludes && retrocl_excludes[i]){
++ slapi_sdn_free(&retrocl_excludes[i]);
++ i++;
++ }
++ slapi_ch_free((void**)&retrocl_excludes);
++ i = 0;
++
++ while(retrocl_includes && retrocl_includes[i]){
++ slapi_sdn_free(&retrocl_includes[i]);
++ i++;
++ }
++ slapi_ch_free((void**)&retrocl_includes);
++
++ retrocl_stop_trimming();
++ retrocl_be_changelog = NULL;
++ retrocl_forget_changenumbers();
++ PR_DestroyLock(retrocl_internal_lock);
++ retrocl_internal_lock = NULL;
++ slapi_destroy_rwlock(retrocl_cn_lock);
++ retrocl_cn_lock = NULL;
++ legacy_initialised = 0;
++
++ slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "",
++ LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search);
++
++ return rc;
+ }
+
+ /*
+diff --git a/ldap/servers/plugins/retrocl/retrocl.h b/ldap/servers/plugins/retrocl/retrocl.h
+index ae0139c..7edd62f 100644
+--- a/ldap/servers/plugins/retrocl/retrocl.h
++++ b/ldap/servers/plugins/retrocl/retrocl.h
+@@ -67,6 +67,8 @@ typedef struct _cnumRet {
+ /* was originally changelogmaximumage */
+ #define CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE "nsslapd-changelogmaxage"
+ #define CONFIG_CHANGELOG_DIRECTORY_ATTRIBUTE "nsslapd-changelogdir"
++#define CONFIG_CHANGELOG_INCLUDE_SUFFIX "nsslapd-include-suffix"
++#define CONFIG_CHANGELOG_EXCLUDE_SUFFIX "nsslapd-exclude-suffix"
+
+ #define RETROCL_CHANGELOG_DN "cn=changelog"
+ #define RETROCL_MAPPINGTREE_DN "cn=\"cn=changelog\",cn=mapping tree,cn=config"
+@@ -140,4 +142,6 @@ extern void retrocl_init_trimming(void);
+ extern void retrocl_stop_trimming(void);
+ extern char *retrocl_get_config_str(const char *attrt);
+
++int retrocl_entry_in_scope(Slapi_Entry *e);
++
+ #endif /* _H_RETROCL */
+diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
+index 7083d0a..f689373 100644
+--- a/ldap/servers/plugins/retrocl/retrocl_po.c
++++ b/ldap/servers/plugins/retrocl/retrocl_po.c
+@@ -140,6 +140,7 @@ write_replog_db(
+ int flag,
+ time_t curtime,
+ Slapi_Entry *log_e,
++ Slapi_Entry *post_entry,
+ const char *newrdn,
+ LDAPMod **modrdn_mods,
+ const char *newsuperior
+@@ -156,11 +157,26 @@ write_replog_db(
+ int err = 0;
+ int ret = LDAP_SUCCESS;
+ int i;
++ int mark = 0;
+
+ if (!dn) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
+ return ret;
+ }
++ mark = (post_entry && retrocl_entry_in_scope(post_entry));
++ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
++
++ if (post_entry){
++ if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
++ /* modrdn: entry not in scope, just return... */
++ return ret;
++ }
++ } else {
++ if(!retrocl_entry_in_scope(log_e)){
++ /* entry not in scope, just return... */
++ return ret;
++ }
++ }
+
+ PR_Lock(retrocl_internal_lock);
+ changenum = retrocl_assign_changenumber();
+@@ -319,7 +335,7 @@ write_replog_db(
+ break;
+
+ case OP_DELETE:
+- if (log_e) {
++ if (retrocl_log_deleted) {
+ /* we have to log the full entry */
+ if ( entry2reple( e, log_e, OP_DELETE ) != 0 ) {
+ err = SLAPI_PLUGIN_FAILURE;
+@@ -559,7 +575,8 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
+ char *dn;
+ LDAPMod **log_m = NULL;
+ int flag = 0;
+- Slapi_Entry *te = NULL;
++ Slapi_Entry *entry = NULL;
++ Slapi_Entry *post_entry = NULL;
+ Slapi_Operation *op = NULL;
+ LDAPMod **modrdn_mods = NULL;
+ char *newrdn = NULL;
+@@ -624,7 +641,12 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
+ LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change for nsTombstone entries\n");
+ return SLAPI_PLUGIN_SUCCESS;
+ }
+-
++ /*
++ * Start by grabbing the preop entry, ADD will replace it as needed. Getting the entry
++ * allows up to perform scoping in write_replog_db() for all op types.
++ */
++ (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry);
++
+ switch ( optype ) {
+ case OP_MODIFY:
+ (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &log_m );
+@@ -634,14 +656,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
+ * For adds, we want the unnormalized dn, so we can preserve
+ * spacing, case, when replicating it.
+ */
+- (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &te );
+- if ( NULL != te ) {
+- dn = slapi_entry_get_dn( te );
++ (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &entry );
++ if ( NULL != entry ) {
++ dn = slapi_entry_get_dn( entry );
+ }
+ break;
+ case OP_DELETE:
+ if (retrocl_log_deleted)
+- (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &te);
++ (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry);
+ break;
+ case OP_MODRDN:
+ /* newrdn is used just for logging; no need to be normalized */
+@@ -649,13 +671,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
+ (void)slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
+ (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &modrdn_mods );
+ (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior );
++ (void)slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &post_entry);
+ break;
+ }
+
+ /* check if we should log change to retro changelog, and
+ * if so, do it here */
+- if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, te,
+- newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) )))
++ if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, entry,
++ post_entry, newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) )))
+ {
+ slapi_log_error(SLAPI_LOG_FATAL, "retrocl-plugin",
+ "retrocl_postob: operation failure [%d]\n", rc);
+--
+1.9.3
+
diff --git a/SOURCES/0039-Ticket-47967-cos_cache_build_definition_list-does-no.patch b/SOURCES/0039-Ticket-47967-cos_cache_build_definition_list-does-no.patch
deleted file mode 100644
index 070a463..0000000
--- a/SOURCES/0039-Ticket-47967-cos_cache_build_definition_list-does-no.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 28027d3f0d3f6df742c1a8360c75c7a922cb1819 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 4 Dec 2014 11:11:13 -0500
-Subject: [PATCH 39/53] Ticket 47967 - cos_cache_build_definition_list does not
- stop during server shutdown
-
-Bug Description: If the COS cache is being rebuilt (where there are many COS
- definitions/templates), attempting to stop the server can
- take take a very long time.
-
-Fix Description: In the callback functions check for server shutdown to abort
- out of the search callback loops.
-
-https://fedorahosted.org/389/ticket/47967
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 99f99743617c1d082e748e7d3e83adf953d2ad05)
-(cherry picked from commit f2df95ea7a78e95535eaf798fdf3edff9cb33b72)
----
- ldap/servers/plugins/cos/cos_cache.c | 20 ++++++++++----------
- 1 file changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
-index 3f3841f..a7993c8 100644
---- a/ldap/servers/plugins/cos/cos_cache.c
-+++ b/ldap/servers/plugins/cos/cos_cache.c
-@@ -725,7 +725,7 @@ struct dn_defs_info {
- /*
- * Currently, always returns 0 to continue the search for definitions, even
- * if a particular attempt to add a definition fails: info.ret gets set to
-- * zero only if we succed to add a def.
-+ * zero only if we succeed to add a def.
- */
- static int
- cos_dn_defs_cb (Slapi_Entry* e, void *callback_data)
-@@ -1056,10 +1056,10 @@ bail:
- /* This particular definition may not have yielded anything
- * worth caching (eg. no template was found for it) but
- * that should not cause us to abort the search for other more well behaved
-- * definitions.
-+ * definitions unless we are shutting down.
- * return info->ret;
-- */
-- return (0);
-+ */
-+ return slapi_is_shutting_down();
-
- }
-
-@@ -1116,7 +1116,7 @@ struct tmpl_info {
- /*
- * Currently, always returns 0 to continue the search for templates, even
- * if a particular attempt to add a template fails: info.ret gets set to
-- * zero only if we succed to add at least one tmpl.
-+ * zero only if we succeed to add at least one tmpl.
- */
- static int cos_dn_tmpl_entries_cb (Slapi_Entry* e, void *callback_data) {
- cosAttrValue *pDn = 0;
-@@ -1166,7 +1166,7 @@ static int cos_dn_tmpl_entries_cb (Slapi_Entry* e, void *callback_data) {
-
- if(pSneakyVal == NULL)
- {
-- /* look for the atrribute in the dynamic attributes */
-+ /* look for the attribute in the dynamic attributes */
- if(cos_cache_attrval_exists(info->pAttrs, attrType))
- {
- pSneakyVal = &pCosAttribute;
-@@ -1269,10 +1269,10 @@ static int cos_dn_tmpl_entries_cb (Slapi_Entry* e, void *callback_data) {
- }
- }
- /*
-- * Always contine the search even if a particular attempt
-- * to add a template failed.
-- */
-- return 0;
-+ * Always continue the search even if a particular attempt
-+ * to add a template failed unless we are shutting down
-+ */
-+ return slapi_is_shutting_down();
- }
-
- /*
---
-1.9.3
-
diff --git a/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch b/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch
new file mode 100644
index 0000000..d1ac778
--- /dev/null
+++ b/SOURCES/0040-Ticket-47931-Fix-coverity-issues.patch
@@ -0,0 +1,57 @@
+From a389bc3bafccb1f7bd9917a734230680e382af91 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 10 Aug 2015 10:42:40 -0400
+Subject: [PATCH] Ticket 47931 - Fix coverity issues
+
+Description: Fix coverity issues in memberof_config.c
+
+ 13316 - double free
+ 13315 - Dereference after null check
+ 13314 - Dereference after null check
+ 13313 - copy/paste error
+
+https://fedorahosted.org/389/ticket/47931
+
+Reviewed by: rmeggins(Thanks!)
+
+(cherry picked from commit 5daea973e4526584ee41d7b9f4b1b4993b4de6f1)
+(cherry picked from commit 9a0047ef75f6dbeb1980ac77fab5d62865c77e6a)
+---
+ ldap/servers/plugins/memberof/memberof_config.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
+index b4cc941..10cbd7a 100644
+--- a/ldap/servers/plugins/memberof/memberof_config.c
++++ b/ldap/servers/plugins/memberof/memberof_config.c
+@@ -316,6 +316,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
+ "%s: Invalid DN (%s) for include suffix.",
+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
+ slapi_ch_array_free(entry_scopes);
++ entry_scopes = NULL;
+ theConfig.entryScopeCount = 0;
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+@@ -341,8 +342,9 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
+ /* invalid dn syntax */
+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+ "%s: Invalid DN (%s) for exclude suffix.",
+- MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
++ MEMBEROF_PLUGIN_SUBSYSTEM, entry_exclude_scopes[i]);
+ slapi_ch_array_free(entry_exclude_scopes);
++ entry_exclude_scopes = NULL;
+ *returncode = LDAP_UNWILLING_TO_PERFORM;
+ goto done;
+ }
+@@ -741,7 +743,7 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
+ int num_vals = 0;
+
+ dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1);
+- for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
++ for(num_vals = 0; src->entryScopeExcludeSubtrees[num_vals]; num_vals++){
+ dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]);
+ }
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0040-Ticket-47969-COS-memory-leak-when-rebuilding-the-cac.patch b/SOURCES/0040-Ticket-47969-COS-memory-leak-when-rebuilding-the-cac.patch
deleted file mode 100644
index 1fd571c..0000000
--- a/SOURCES/0040-Ticket-47969-COS-memory-leak-when-rebuilding-the-cac.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From cedd8dde2e4e16c883569fe900da317e9d0d69e9 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 2 Dec 2014 13:38:06 -0500
-Subject: [PATCH 40/53] Ticket 47969 - COS memory leak when rebuilding the
- cache
-
-Bug Description: When the COS cache is released, not all of the schema
- objectclasses are freed. So every time we rebuild the
- COS cache we leak memory.
-
-Fix Description: After we free the schema attributes, the very first
- attribute still needs to be freed. It is not freed
- initially because of the duplicate checking logic, so
- it is now done after the loop.
-
-https://fedorahosted.org/389/ticket/47969
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit d2dfda95c543f106443f898436151b00c68e4270)
-(cherry picked from commit bc47239c5c7e6d19564fcd2839c6f2bd81a5b540)
----
- ldap/servers/plugins/cos/cos_cache.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
-index a7993c8..fd163f9 100644
---- a/ldap/servers/plugins/cos/cos_cache.c
-+++ b/ldap/servers/plugins/cos/cos_cache.c
-@@ -1864,6 +1864,8 @@ static void cos_cache_del_schema(cosCache *pCache)
- }
- }
- }
-+ /* Finally, remove the first attribute's objectclass list */
-+ cos_cache_del_attrval_list(&(pCache->ppAttrIndex[0]->pObjectclasses));
-
- LDAPDebug( LDAP_DEBUG_TRACE, "<-- cos_cache_del_schema\n",0,0,0);
- }
---
-1.9.3
-
diff --git a/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch b/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch
new file mode 100644
index 0000000..9a24344
--- /dev/null
+++ b/SOURCES/0041-Ticket-47686-removing-chaining-database-links-trigge.patch
@@ -0,0 +1,70 @@
+From a6532aa364e350224dcace082484a7cc58d678dc Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 10 Aug 2015 12:19:00 -0400
+Subject: [PATCH 41/45] Ticket 47686 - removing chaining database links trigger
+ valgrind read errors
+
+Bug Description: Plugins that remove their dse callback from the dse callback
+ function lead to invalid reads in dse_call_callback().
+
+Fix Description: In dse_call_callback(), save the pointers to the next callback,
+ and its plugin, before we call the callback function. So in
+ case the callback function removes itself, we are not accessing
+ the freed callback pointer later on.
+
+https://fedorahosted.org/389/ticket/47686
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit a799c4670f2e6f6be1fc9a2828dc4a0f738d3021)
+(cherry picked from commit 29c669e43e16611a290e1c82dfdcf5b51903319e)
+---
+ ldap/servers/slapd/dse.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
+index 61e2629..e8e393b 100644
+--- a/ldap/servers/slapd/dse.c
++++ b/ldap/servers/slapd/dse.c
+@@ -2607,18 +2607,21 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags,
+
+ if (pdse->dse_callback != NULL) {
+ struct dse_callback *p = pdse->dse_callback;
++ struct dse_callback *next = NULL;
+ int result = SLAPI_DSE_CALLBACK_OK;
+
+ while (p != NULL) {
++ next = p->next;
+ if ((p->operation & operation) && (p->flags & flags)) {
+ if(slapi_sdn_scope_test(slapi_entry_get_sdn_const(entryBefore), p->base, p->scope)){
+ if(NULL == p->slapifilter || slapi_vattr_filter_test(pb, entryBefore, p->slapifilter, 0) == 0){
++ struct slapdplugin *plugin = p->plugin;
+ int plugin_started = 1;
+
+- if(p->plugin){
++ if(plugin){
+ /* this is a plugin callback, update the operation counter */
+- slapi_plugin_op_started(p->plugin);
+- if(!p->plugin->plg_started){
++ slapi_plugin_op_started(plugin);
++ if(!plugin->plg_started){
+ /* must be a task function being called */
+ result = SLAPI_DSE_CALLBACK_ERROR;
+ PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE,
+@@ -2633,11 +2636,11 @@ dse_call_callback(struct dse* pdse, Slapi_PBlock *pb, int operation, int flags,
+ if(result < rc){
+ rc = result;
+ }
+- slapi_plugin_op_finished(p->plugin);
++ slapi_plugin_op_finished(plugin);
+ }
+ }
+ }
+- p = p->next;
++ p = next;
+ }
+ }
+ return rc;
+--
+1.9.3
+
diff --git a/SOURCES/0041-Ticket-47969-Fix-coverity-issue.patch b/SOURCES/0041-Ticket-47969-Fix-coverity-issue.patch
deleted file mode 100644
index a99e54a..0000000
--- a/SOURCES/0041-Ticket-47969-Fix-coverity-issue.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 64010b34bb2ca9c62c6cfff70ce406bcaacef8b0 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 8 Dec 2014 09:57:50 -0500
-Subject: [PATCH 41/53] Ticket 47969 - Fix coverity issue
-
-Description: Fix coverity issue 12948 & 12949 (NULL pointer dereference)
-
-https://fedorahosted.org/389/ticket/47969
-
-Reviewed by: mreynolds
-
-(cherry picked from commit 1553b665bfecbbccd54c439442d9a22c5d35d4a1)
-(cherry picked from commit af163d345b4524c121296626cb2e9da26d6d061e)
----
- ldap/servers/plugins/cos/cos_cache.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
-index fd163f9..a74389d 100644
---- a/ldap/servers/plugins/cos/cos_cache.c
-+++ b/ldap/servers/plugins/cos/cos_cache.c
-@@ -1863,9 +1863,9 @@ static void cos_cache_del_schema(cosCache *pCache)
- cos_cache_del_attrval_list(&(pCache->ppAttrIndex[attr_index]->pObjectclasses));
- }
- }
-+ /* Finally, remove the first attribute's objectclass list */
-+ cos_cache_del_attrval_list(&(pCache->ppAttrIndex[0]->pObjectclasses));
- }
-- /* Finally, remove the first attribute's objectclass list */
-- cos_cache_del_attrval_list(&(pCache->ppAttrIndex[0]->pObjectclasses));
-
- LDAPDebug( LDAP_DEBUG_TRACE, "<-- cos_cache_del_schema\n",0,0,0);
- }
---
-1.9.3
-
diff --git a/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch b/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
new file mode 100644
index 0000000..067ca01
--- /dev/null
+++ b/SOURCES/0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
@@ -0,0 +1,1250 @@
+From 9075d78f6878907f676fda1062779c921b23ae59 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 10 Aug 2015 17:04:25 -0700
+Subject: [PATCH 42/45] Ticket #47511 - bashisms in 389-ds-base admin scripts
+
+Description by mvocu (Thank you):
+The shell scripts in 389-ds-base/ldap/admin/src/scripts use 'source'
+to source common scripts; the 'source' keyword is bash-specific (or
+c-shell, if memory serves). The interpreter is set to /bin/sh, which
+is not guaranteed to be bash (and at least on Debian 7.1 it is dash).
+The 'source' keyword can be replaced by '.', which should work.
+
+The patch was provided by tjaalton@ubuntu.com (Thank you, Timo!).
+
+https://fedorahosted.org/389/ticket/47511
+
+Reviewed and tested by nhosoi@redhat.com.
+
+(cherry picked from commit 2ce7a7334bcb89e47c0f5c544144aec37010a5b9)
+(cherry picked from commit 49245911410cdd04bc53b00d8973c26defa5a37b)
+---
+ ldap/admin/src/initconfig.in | 4 +-
+ ldap/admin/src/scripts/DSSharedLib.in | 92 +++++++++++++++----------------
+ ldap/admin/src/scripts/bak2db.in | 23 ++++----
+ ldap/admin/src/scripts/db2bak.in | 7 +--
+ ldap/admin/src/scripts/db2index.in | 4 +-
+ ldap/admin/src/scripts/db2ldif.in | 22 ++++----
+ ldap/admin/src/scripts/dbverify.in | 6 +-
+ ldap/admin/src/scripts/dn2rdn.in | 4 +-
+ ldap/admin/src/scripts/ldif2db.in | 4 +-
+ ldap/admin/src/scripts/ldif2ldap.in | 46 ++++++++--------
+ ldap/admin/src/scripts/monitor.in | 44 +++++++--------
+ ldap/admin/src/scripts/restart-dirsrv.in | 2 +-
+ ldap/admin/src/scripts/restoreconfig.in | 4 +-
+ ldap/admin/src/scripts/saveconfig.in | 6 +-
+ ldap/admin/src/scripts/start-dirsrv.in | 16 +++---
+ ldap/admin/src/scripts/stop-dirsrv.in | 14 ++---
+ ldap/admin/src/scripts/suffix2instance.in | 6 +-
+ ldap/admin/src/scripts/upgradedb.in | 4 +-
+ ldap/admin/src/scripts/upgradednformat.in | 6 +-
+ ldap/admin/src/scripts/vlvindex.in | 4 +-
+ rpm/389-ds-base-git.sh | 2 +-
+ rpm/add_patches.sh | 4 +-
+ rpm/rpmverrel.sh | 2 +-
+ wrappers/initscript.in | 26 +++------
+ wrappers/ldap-agent-initscript.in | 28 ++++------
+ 25 files changed, 181 insertions(+), 199 deletions(-)
+
+diff --git a/ldap/admin/src/initconfig.in b/ldap/admin/src/initconfig.in
+index 134e82c..7afa315 100644
+--- a/ldap/admin/src/initconfig.in
++++ b/ldap/admin/src/initconfig.in
+@@ -2,11 +2,11 @@
+ OS=`uname -s`
+ # use the new mt slab memory allocator on Solaris
+ # this requires Solaris 9 update 3 or later
+-if [ "$OS" = "SunOS" -a -f /usr/lib/libumem.so ] ; then
++if [ "$OS" = "SunOS" ] && [ -f /usr/lib/libumem.so ] ; then
+ LD_PRELOAD=/usr/lib/libumem.so
+ export LD_PRELOAD
+ fi
+-if [ "$OS" = "SunOS" -a -f /usr/lib/64/libumem.so ] ; then
++if [ "$OS" = "SunOS" ] && [ -f /usr/lib/64/libumem.so ] ; then
+ LD_PRELOAD_64=/usr/lib/64/libumem.so
+ export LD_PRELOAD_64
+ fi
+diff --git a/ldap/admin/src/scripts/DSSharedLib.in b/ldap/admin/src/scripts/DSSharedLib.in
+index 3683696..8317c58 100644
+--- a/ldap/admin/src/scripts/DSSharedLib.in
++++ b/ldap/admin/src/scripts/DSSharedLib.in
+@@ -98,13 +98,13 @@ get_init_file()
+ do
+ inst_count=`expr $inst_count + 1`
+ id=`normalize_server_id $configfile`
+- if [ -n "$servid" -a "$id" = "$servid" ]
++ if [ -n "$servid" ] && [ "$id" = "$servid" ]
+ then
+ # found it
+ echo $configfile
+ exit 0
+ fi
+- if [ $first == "yes" ]
++ if [ $first = "yes" ]
+ then
+ instances=$id
+ first="no"
+@@ -114,7 +114,7 @@ get_init_file()
+ done
+
+ # server id not provided, check if there is only one instance
+- if [ -z "$servid" -a $inst_count -eq 1 ]
++ if [ -z "$servid" ] && [ $inst_count -eq 1 ]
+ then
+ # return the file
+ echo $configfile
+@@ -135,48 +135,44 @@ process_dse ()
+ configdir=$1
+ pid=$2
+ file="$configdir/dse.ldif"
+- shopt -s nocasematch
+- OLD_IFC=$IFC
++ OLD_IFS=$IFS
+ IFS=""
+ while read -r LINE
+ do
+- if [[ $LINE != \ * ]] && [ "$output" != "" ]
++ case $LINE in
++ ' '*)
++ ;;
++ *)
++ if [ -n "$output" ]
++ then
++ echo "$output" >> /tmp/DSSharedLib.$pid
++ output=""
++ fi
++ ;;
++ esac
++ if [ -n "$output" ]
+ then
+- echo "$output" >> /tmp/DSSharedLib.$pid
+- output=""
+- fi
+- if [ "$output" != "" ] && [[ $LINE == \ * ]]
+- then
+- # continuation line, strip the space and append it
+- LINE=`echo "$LINE" | sed -e 's/^ //'`
+- output=$output$LINE
+- elif [[ $LINE == nsslapd-port* ]]
+- then
+- output=$LINE;
+- elif [[ $LINE == nsslapd-localhost* ]]
+- then
+- output=$LINE;
+- elif [[ $LINE == nsslapd-securePort* ]]
+- then
+- output=$LINE;
+- elif [[ $LINE == nsslapd-security* ]]
+- then
+- output=$LINE;
+- elif [[ $LINE == nsslapd-ldapilisten* ]]
+- then
+- output=$LINE;
+- elif [[ $LINE == nsslapd-ldapifilepath* ]]
+- then
+- output=$LINE;
+- elif [[ $LINE == nsslapd-rootdn* ]]
+- then
+- output=$LINE;
+- elif [[ $LINE == nsslapd-ldapiautobind* ]]
+- then
+- output=$LINE;
+- elif [[ $LINE == nsslapd-certdir* ]]
+- then
+- output=$LINE;
++ case $LINE in
++ ' '*)
++ # continuation line, strip the space and append it
++ LINE=`echo "$LINE" | sed -e 's/^ //'`
++ output=$output$LINE
++ ;;
++ esac
++ else
++ case $LINE in
++ nsslapd-certdir*|\
++ nsslapd-ldapiautobind*|\
++ nsslapd-ldapilisten*|\
++ nsslapd-ldapifilepath*|\
++ nsslapd-localhost*|\
++ nsslapd-port*|\
++ nsslapd-rootdn*|\
++ nsslapd-securePort*|\
++ nsslapd-security*)
++ output=$LINE
++ ;;
++ esac
+ fi
+
+ done < $file
+@@ -194,19 +190,19 @@ check_protocol ()
+ ldapi=$3
+ openldap=$4
+
+- if [ "$protocol" == "LDAPI" ] && [ "$openldap" != "yes" ]; then
++ if [ "$protocol" = "LDAPI" ] && [ "$openldap" != "yes" ]; then
+ echo ""
+ exit
+- elif [ "$protocol" == "LDAPI" ] && [ "$ldapi" == "off" ]; then
++ elif [ "$protocol" = "LDAPI" ] && [ "$ldapi" = "off" ]; then
+ echo ""
+ exit
+- elif [ "$protocol" == "STARTTLS" ]; then
+- if [ "$security" == "" ] || [ "$security" == "off" ]; then
++ elif [ "$protocol" = "STARTTLS" ]; then
++ if [ -z "$security" ] || [ "$security" = "off" ]; then
+ echo ""
+ exit
+ fi
+- elif [ "$protocol" == "LDAPS" ]; then
+- if [ "$security" == "" ] || [ "$security" == "off" ]; then
++ elif [ "$protocol" = "LDAPS" ]; then
++ if [ -z "$security" ] || [ "$security" = "off" ]; then
+ echo ""
+ exit
+ fi
+@@ -224,4 +220,4 @@ check_protocol ()
+ fi
+
+ echo "$protocol"
+-}
+\ No newline at end of file
++}
+diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in
+index f0cede4..a2e54cc 100755
+--- a/ldap/admin/src/scripts/bak2db.in
++++ b/ldap/admin/src/scripts/bak2db.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@nss_libdir@"
+@@ -26,15 +26,18 @@ if [ $# -lt 1 ] || [ $# -gt 7 ]
+ then
+ usage
+ exit 1
+-elif [[ $1 == -* ]]
+-then
+- usage
+- exit 1
+-else
+- archivedir=$1
+- shift
+ fi
+-
++case $1 in
++ -*)
++ usage
++ exit 1
++ ;;
++ *)
++ archivedir=$1
++ shift
++ ;;
++esac
++
+ while getopts "hn:Z:qd:vi:a:SD:" flag
+ do
+ case $flag in
+@@ -55,7 +58,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in
+index dacd7b0..1896c19 100755
+--- a/ldap/admin/src/scripts/db2bak.in
++++ b/ldap/admin/src/scripts/db2bak.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@nss_libdir@"
+@@ -26,7 +26,6 @@ then
+ usage
+ exit 1
+ fi
+-
+ if [ "$#" -gt 0 ]
+ then
+ if [[ $1 != -* ]]
+@@ -56,7 +55,7 @@ done
+
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+@@ -67,7 +66,7 @@ fi
+ servid=`normalize_server_id $initfile`
+ . $initfile
+
+-if [ -z $bak_dir ]
++if [ -z "$bak_dir" ]
+ then
+ bak_dir=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H_%M_%S`
+ fi
+diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
+index a1321ea..2b76cd1 100755
+--- a/ldap/admin/src/scripts/db2index.in
++++ b/ldap/admin/src/scripts/db2index.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@nss_libdir@"
+@@ -59,7 +59,7 @@ then
+ fi
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in
+index d7e0ff0..fcf73a0 100755
+--- a/ldap/admin/src/scripts/db2ldif.in
++++ b/ldap/admin/src/scripts/db2ldif.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@nss_libdir@"
+@@ -39,7 +39,7 @@ make_ldiffile()
+ be=""
+ while [ "$1" != "" ]
+ do
+- if [ "$1" = "-a" ]; then
++ if [ "x$1" = "x-a" ]; then
+ shift
+ if [ `expr "$1" : "/.*"` -gt 0 ]; then
+ if [ `expr "$1" : "/.*"` -gt 0 ]; then
+@@ -56,17 +56,17 @@ make_ldiffile()
+ shift
+ return 0
+ fi
+- elif [ "$1" = "-n" ]; then
++ elif [ "x$1" = "x-n" ]; then
+ shift
+- if [ "$be" = "" ]; then
++ if [ -z "$be" ]; then
+ be="$1"
+ else
+ tmpbe="$be"
+ be="${tmpbe}-$1"
+ fi
+- elif [ "$1" = "-s" ]; then
++ elif [ "x$1" = "x-s" ]; then
+ shift
+- if [ "$1" != "" ]; then
++ if [ -n "$1" ]; then
+ rdn=`echo $1 | awk -F, '{print $1}'`
+ rdnval=`echo $rdn | awk -F= '{print $2}'`
+ if [ "$be" = "" ]; then
+@@ -76,15 +76,15 @@ make_ldiffile()
+ be="${tmpbe}-$rdnval"
+ fi
+ fi
+- elif [ "$1" = "-M" ]; then
++ elif [ "x$1" = "x-M" ]; then
+ be=""
+ fi
+- if [ "$1" != "" ]; then
++ if [ -n "$1" ]; then
+ shift
+ fi
+ done
+
+- if [ "$be" = "" ]; then
++ if [ -z "$be" ]; then
+ echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-`date +%Y_%m_%d_%H%M%S`.ldif
+ else
+ echo @localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/ldif/$servid-${be}-`date +%Y_%m_%d_%H%M%S`.ldif
+@@ -92,7 +92,7 @@ make_ldiffile()
+ return 0
+ }
+
+-if [ "$#" -lt 2 ];
++if [ $# -lt 2 ];
+ then
+ usage
+ exit 1
+@@ -137,7 +137,7 @@ then
+ fi
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
+index 461cc16..bbacc17 100755
+--- a/ldap/admin/src/scripts/dbverify.in
++++ b/ldap/admin/src/scripts/dbverify.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@nss_libdir@"
+@@ -47,7 +47,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+@@ -58,7 +58,7 @@ fi
+ . $initfile
+
+ @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
+-if [ $display_version == "yes" ]; then
++if [ $display_version = "yes" ]; then
+ exit 0
+ fi
+ if [ $? -eq 0 ]; then
+diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in
+index 32a70c8..616969a 100755
+--- a/ldap/admin/src/scripts/dn2rdn.in
++++ b/ldap/admin/src/scripts/dn2rdn.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@nss_libdir@"
+@@ -39,7 +39,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in
+index ce15349..a34241a 100755
+--- a/ldap/admin/src/scripts/ldif2db.in
++++ b/ldap/admin/src/scripts/ldif2db.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@nss_libdir@"
+@@ -82,7 +82,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/ldap/admin/src/scripts/ldif2ldap.in b/ldap/admin/src/scripts/ldif2ldap.in
+index 874b1bb..1e871be 100755
+--- a/ldap/admin/src/scripts/ldif2ldap.in
++++ b/ldap/admin/src/scripts/ldif2ldap.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@ldapsdk_libdir@"
+ libpath_add "@libdir@"
+@@ -40,14 +40,14 @@ do
+ esac
+ done
+
+-if [ "$input_file" == "" ]
++if [ -z "$input_file" ]
+ then
+ usage
+ exit 1
+ fi
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+@@ -67,13 +67,13 @@ ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
+ ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
+ certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
+ autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
+-if [ "$rootdn" == "" ]; then
++if [ -z "$rootdn" ]; then
+ value=$(grep -i 'nsslapd-rootdn' $file)
+ rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
+ fi
+ rm $file
+
+-if [ "$ldapiURL" != "" ]; then
++if [ -n "$ldapiURL" ]; then
+ ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
+ ldapiURL="ldapi://"$ldapiURL
+ fi
+@@ -86,7 +86,7 @@ then
+ export LDAPTLS_CACERTDIR=$certdir
+ fi
+
+-if [ -z $security ]; then
++if [ -z "$security" ]; then
+ security="off"
+ fi
+ revised_protocol=$(check_protocol $protocol $security $ldapi $openldap)
+@@ -99,12 +99,12 @@ protocol=$revised_protocol
+ #
+ # STARTTLS
+ #
+-if [ "$security" == "on" ]; then
+- if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then
+- if [ "$error" == "yes" ]; then
++if [ "$security" = "on" ]; then
++ if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(STARTTLS)"
+ fi
+- if [ "$openldap" == "yes" ]; then
++ if [ "$openldap" = "yes" ]; then
+ ldapmodify -x -ZZ -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
+ else
+ ldapmodify -ZZZ -P $certdir -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
+@@ -116,12 +116,12 @@ fi
+ #
+ # LDAPS
+ #
+-if [ "$security" == "on" ]; then
+- if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then
+- if [ "$error" == "yes" ]; then
++if [ "$security" = "on" ]; then
++ if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(LDAPS)"
+ fi
+- if [ "$openldap" == "yes" ]; then
++ if [ "$openldap" = "yes" ]; then
+ ldapmodify -x -H "ldaps://$host:$secure_port" -D $rootdn -w $passwd -a -f $input_file
+ else
+ ldapmodify -Z -P $certdir -p $secure_port -h $host -D $rootdn -w $passwd -a -f $input_file
+@@ -133,21 +133,21 @@ fi
+ #
+ # LDAPI
+ #
+-if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then
+- if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then
+- if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then
+- if [ "$error" == "yes" ]; then
++if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then
++ if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then
++ if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
+ fi
+ ldapmodify -H $ldapiURL -Y EXTERNAL -a -f $input_file 2>/dev/null
+ else
+- if [ "$error" == "yes" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(LDAPI)"
+ fi
+ ldapmodify -x -H $ldapiURL -D $rootdn -w $passwd -a -f $input_file
+ fi
+ rc=$?
+- if [ $rc != 0 ]
++ if [ $rc -ne 0 ]
+ then
+ echo "Operation failed (error $rc)"
+ fi
+@@ -158,11 +158,11 @@ fi
+ #
+ # LDAP
+ #
+-if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then
+- if [ "$error" == "yes" ]; then
++if [ "$protocol" = "LDAP" ] || [ -z "$protocol" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(LDAP)"
+ fi
+- if [ "$openldap" == "yes" ]; then
++ if [ "$openldap" = "yes" ]; then
+ ldapmodify -x -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
+ else
+ ldapmodify -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
+diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in
+index 7b2058b..36a2fc9 100755
+--- a/ldap/admin/src/scripts/monitor.in
++++ b/ldap/admin/src/scripts/monitor.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@ldapsdk_libdir@"
+@@ -41,7 +41,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+@@ -66,17 +66,17 @@ ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
+ ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
+ certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
+ autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
+-if [ "$rootdn" == "" ]; then
++if [ -z "$rootdn" ]; then
+ value=$(grep -i 'nsslapd-rootdn' $file)
+ rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
+ fi
+ rm $file
+
+-if [ "$passwd" != "" ]; then
++if [ -n "$passwd" ]; then
+ dn="-D $rootdn"
+ passwd="-w$passwd"
+ fi
+-if [ "$ldapiURL" != "" ]
++if [ -n "$ldapiURL" ]
+ then
+ ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
+ ldapiURL="ldapi://"$ldapiURL
+@@ -103,12 +103,12 @@ protocol=$revised_protocol
+ #
+ # STARTTLS
+ #
+-if [ "$security" == "on" ]; then
+- if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then
+- if [ "$error" == "yes" ]; then
++if [ "$security" = "on" ]; then
++ if [ "$protocol" = "STARTTLS" ] || [ -z "$protocol" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(STARTTLS)"
+ fi
+- if [ "$openldap" == "yes" ]; then
++ if [ "$openldap" = "yes" ]; then
+ ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
+ else
+ ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
+@@ -120,12 +120,12 @@ fi
+ #
+ # LDAPS
+ #
+-if [ "$security" == "on" ]; then
+- if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then
+- if [ "$error" == "yes" ]; then
++if [ "$security" = "on" ]; then
++ if [ "$protocol" = "LDAPS" ] || [ -z "$protocol" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(LDAPS)"
+ fi
+- if [ "$openldap" == "yes" ]; then
++ if [ "$openldap" = "yes" ]; then
+ ldapsearch -x -LLL -H "ldaps://$host:$secure_port" -b "$MDN" -s base $dn $passwd "objectClass=*"
+ else
+ ldapsearch -Z -P $certdir -p $secure_port -b "$MDN" -s base $dn $passwd "objectClass=*"
+@@ -137,15 +137,15 @@ fi
+ #
+ # LDAPI
+ #
+-if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then
+- if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then
+- if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then
+- if [ "$error" == "yes" ]; then
++if [ "$ldapi" = "on" ] && [ "$openldap" = "yes" ]; then
++ if [ "$protocol" = "LDAPI" ] || [ -z "$protocol" ]; then
++ if [ $(id -u) -eq 0 ] && [ "$autobind" = "on" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
+ fi
+ ldapsearch -LLL -H "$ldapiURL" -b "$MDN" -s base -Y EXTERNAL "objectClass=*" 2>/dev/null
+ else
+- if [ "$error" == "yes" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(LDAPI)"
+ fi
+ ldapsearch -x -LLL -H "$ldapiURL" -b "$MDN" -s base $dn $passwd "objectClass=*"
+@@ -157,14 +157,14 @@ fi
+ #
+ # LDAP
+ #
+-if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then
+- if [ "$error" == "yes" ]; then
++if [ "$protocol" = "LDAP" ] || [ "$protocol" = "" ]; then
++ if [ "$error" = "yes" ]; then
+ echo "Using the next most secure protocol(LDAP)"
+ fi
+- if [ "$openldap" == "yes" ]; then
++ if [ "$openldap" = "yes" ]; then
+ ldapsearch -x -LLL -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
+ else
+ ldapsearch -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
+- fi
++ fi
+ exit $?
+ fi
+diff --git a/ldap/admin/src/scripts/restart-dirsrv.in b/ldap/admin/src/scripts/restart-dirsrv.in
+index 130e06e..e86a24c 100644
+--- a/ldap/admin/src/scripts/restart-dirsrv.in
++++ b/ldap/admin/src/scripts/restart-dirsrv.in
+@@ -7,7 +7,7 @@
+ # 2: Server started successfully (was not running)
+ # 3: Server could not be stopped
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ restart_instance() {
+ SERV_ID=$1
+diff --git a/ldap/admin/src/scripts/restoreconfig.in b/ldap/admin/src/scripts/restoreconfig.in
+index 9bb1acf..56c9e43 100755
+--- a/ldap/admin/src/scripts/restoreconfig.in
++++ b/ldap/admin/src/scripts/restoreconfig.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@nss_libdir@"
+@@ -31,7 +31,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/ldap/admin/src/scripts/saveconfig.in b/ldap/admin/src/scripts/saveconfig.in
+index 65d80f3..16e3efc 100755
+--- a/ldap/admin/src/scripts/saveconfig.in
++++ b/ldap/admin/src/scripts/saveconfig.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@libdir@"
+@@ -31,7 +31,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+@@ -45,7 +45,7 @@ servid=`normalize_server_id $initfile`
+ echo saving configuration...
+ conf_ldif=@localstatedir@/lib/@PACKAGE_NAME@/slapd-$servid/bak/$servid-`date +%Y_%m_%d_%H%M%S`.ldif
+ @sbindir@/ns-slapd db2ldif -N -D $CONFIG_DIR -s "o=NetscapeRoot" -a $conf_ldif -n NetscapeRoot 2>&1
+-if [ "$?" -ge 1 ]
++if [ $? -ge 1 ]
+ then
+ echo Error occurred while saving configuration
+ exit 1
+diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in
+index 481797d..458f0e8 100755
+--- a/ldap/admin/src/scripts/start-dirsrv.in
++++ b/ldap/admin/src/scripts/start-dirsrv.in
+@@ -6,7 +6,7 @@
+ # 1: Server could not be started
+ # 2: Server already running
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ # Starts a single instance
+ start_instance() {
+@@ -44,7 +44,7 @@ start_instance() {
+ STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid
+ if test -f $STARTPIDFILE ; then
+ PID=`cat $STARTPIDFILE`
+- if kill -0 $PID > /dev/null 2>&1 ; then
++ if kill -s 0 $PID > /dev/null 2>&1 ; then
+ echo There is an ns-slapd process already running: $PID
+ return 2;
+ else
+@@ -53,7 +53,7 @@ start_instance() {
+ fi
+ if test -f $PIDFILE ; then
+ PID=`cat $PIDFILE`
+- if kill -0 $PID > /dev/null 2>&1 ; then
++ if kill -s 0 $PID > /dev/null 2>&1 ; then
+ echo There is an ns-slapd running: $PID
+ return 2;
+ else
+@@ -64,7 +64,7 @@ start_instance() {
+ # Use systemctl if available and running as root,
+ # otherwise start the instance the old way.
+ #
+- if [ -d "@systemdsystemunitdir@" ] && [ "$(id -u)" == "0" ];then
++ if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then
+ @bindir@/systemctl start @package_name@@$SERV_ID.service
+ if [ $? -ne 0 ]; then
+ return 1
+@@ -96,7 +96,7 @@ start_instance() {
+ while test $loop_counter -le $max_count; do
+ loop_counter=`expr $loop_counter + 1`
+ if test ! -f $PIDFILE ; then
+- if kill -0 $PID > /dev/null 2>&1 ; then
++ if kill -s 0 $PID > /dev/null 2>&1 ; then
+ sleep 1
+ else
+ echo Server failed to start !!! Please check errors log for problems
+@@ -123,12 +123,12 @@ do
+ done
+ shift $(($OPTIND-1))
+
+-if [ "$initconfig_dir" = "" ]; then
++if [ -z "$initconfig_dir" ]; then
+ initconfig_dir=@initconfigdir@
+ fi
+
+ found=0
+-if [ "$#" -eq 0 ]; then
++if [ $# -eq 0 ]; then
+ # We're starting all instances.
+ ret=0
+ initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; }
+@@ -137,7 +137,7 @@ if [ "$#" -eq 0 ]; then
+ echo Starting instance \"$inst\"
+ start_instance $inst
+ rv=$?
+- if [ "$rv" -ne 0 ]; then
++ if [ $rv -ne 0 ]; then
+ ret=$rv
+ fi
+ done
+diff --git a/ldap/admin/src/scripts/stop-dirsrv.in b/ldap/admin/src/scripts/stop-dirsrv.in
+index 3f02e78..72e2b85 100755
+--- a/ldap/admin/src/scripts/stop-dirsrv.in
++++ b/ldap/admin/src/scripts/stop-dirsrv.in
+@@ -6,7 +6,7 @@
+ # 1: Server could not be stopped
+ # 2: Server was not running
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ stop_instance() {
+ SERV_ID=$1
+@@ -28,7 +28,7 @@ stop_instance() {
+ fi
+ PID=`cat $PIDFILE`
+ # see if the server is already stopped
+- kill -0 $PID > /dev/null 2>&1 || {
++ kill -s 0 $PID > /dev/null 2>&1 || {
+ echo Server not running
+ if test -f $PIDFILE ; then
+ rm -f $PIDFILE
+@@ -39,7 +39,7 @@ stop_instance() {
+ #
+ # use systemctl if running as root
+ #
+- if [ -d "@systemdsystemunitdir@" ] && [ "$(id -u)" == "0" ];then
++ if [ -d "@systemdsystemunitdir@" ] && [ $(id -u) -eq 0 ];then
+ #
+ # Now, check if systemctl is aware of this running instance
+ #
+@@ -65,7 +65,7 @@ stop_instance() {
+ max_count=600
+ while test $loop_counter -le $max_count; do
+ loop_counter=`expr $loop_counter + 1`
+- if kill -0 $PID > /dev/null 2>&1 ; then
++ if kill -s 0 $PID > /dev/null 2>&1 ; then
+ sleep 1;
+ else
+ if test -f $PIDFILE ; then
+@@ -88,11 +88,11 @@ do
+ done
+ shift $(($OPTIND-1))
+
+-if [ "$initconfig_dir" = "" ]; then
++if [ -z "$initconfig_dir" ]; then
+ initconfig_dir=@initconfigdir@
+ fi
+
+-if [ "$#" -eq 0 ]; then
++if [ $# -eq 0 ]; then
+ # We're stopping all instances.
+ ret=0
+ initfiles=`get_initconfig_files $initconfig_dir` || { echo No instances found in $initconfig_dir ; exit 1 ; }
+@@ -105,7 +105,7 @@ if [ "$#" -eq 0 ]; then
+ echo Stopping instance \"$inst\"
+ stop_instance $inst
+ rv=$?
+- if [ "$rv" -ne 0 ]; then
++ if [ $rv -ne 0 ]; then
+ ret=$rv
+ fi
+ done
+diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in
+index e2f73c3..7774148 100755
+--- a/ldap/admin/src/scripts/suffix2instance.in
++++ b/ldap/admin/src/scripts/suffix2instance.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@libdir@"
+@@ -32,14 +32,14 @@ do
+ esac
+ done
+
+-if [ "$args" == "" ]
++if [ -z "$args" ]
+ then
+ usage
+ exit 1
+ fi
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in
+index 211bdce..bf600dd 100755
+--- a/ldap/admin/src/scripts/upgradedb.in
++++ b/ldap/admin/src/scripts/upgradedb.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@libdir@"
+@@ -39,7 +39,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+ echo "Available instances: $initfile"
+diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in
+index e9d8cab..51585ae 100755
+--- a/ldap/admin/src/scripts/upgradednformat.in
++++ b/ldap/admin/src/scripts/upgradednformat.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ # upgradednformat -- upgrade DN format to the new style (RFC 4514)
+ # Usgae: upgradednformat [-N] -n backend_instance -a db_instance_directory
+@@ -49,13 +49,13 @@ do
+ esac
+ done
+
+-if [ "$be" = "" ] || [ "$dir" = "" ]; then
++if [ -z "$be" ] || [ -z "$dir" ]; then
+ usage
+ exit 1
+ fi
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in
+index 0b46b27..365e32f 100755
+--- a/ldap/admin/src/scripts/vlvindex.in
++++ b/ldap/admin/src/scripts/vlvindex.in
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-source @datadir@/@package_name@/data/DSSharedLib
++. @datadir@/@package_name@/data/DSSharedLib
+
+ libpath_add "@libdir@/@package_name@/"
+ libpath_add "@libdir@"
+@@ -45,7 +45,7 @@ do
+ done
+
+ initfile=$(get_init_file "@initconfigdir@" $servid)
+-if [ $? == 1 ]
++if [ $? -eq 1 ]
+ then
+ usage
+ echo "You must supply a valid server instance identifier. Use -Z to specify instance name"
+diff --git a/rpm/389-ds-base-git.sh b/rpm/389-ds-base-git.sh
+index e5aaa8a..1a38da1 100644
+--- a/rpm/389-ds-base-git.sh
++++ b/rpm/389-ds-base-git.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ DATE=`date +%Y%m%d`
+ # use a real tag name here
+diff --git a/rpm/add_patches.sh b/rpm/add_patches.sh
+index 690d0b2..31823d5 100755
+--- a/rpm/add_patches.sh
++++ b/rpm/add_patches.sh
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-function usage()
++usage()
+ {
+ echo "Adds patches to a specfile"
+ echo ""
+@@ -51,5 +51,5 @@ for p in $patches; do
+ sed -i -e "/${prefix}/a Patch${i}: ${p}" -e "/$prepprefix/a %patch${i} -p1" $specfile
+ prefix="Patch${i}:"
+ prepprefix="%patch${i}"
+- i=$(($i+1))
++ i=`expr $i + 1`
+ done
+diff --git a/rpm/rpmverrel.sh b/rpm/rpmverrel.sh
+index 86b808e..06e97c7 100755
+--- a/rpm/rpmverrel.sh
++++ b/rpm/rpmverrel.sh
+@@ -6,7 +6,7 @@ srcdir=`pwd`
+
+ # Source VERSION.sh to set the version
+ # and release environment variables.
+-source ./VERSION.sh
++. ./VERSION.sh
+
+ if [ "$1" = "version" ]; then
+ echo $RPM_VERSION
+diff --git a/wrappers/initscript.in b/wrappers/initscript.in
+index ad4ea2b..fa79dbd 100644
+--- a/wrappers/initscript.in
++++ b/wrappers/initscript.in
+@@ -32,28 +32,20 @@ then
+ fi
+ fi
+
+-# figure out which echo we're using
+-ECHO_N=`echo -n`
+-
+-# some shells echo cannot use -n - linux echo by default cannot use \c
+ echo_n()
+ {
+- if [ "$ECHO_N" = '-n' ] ; then
+- echo "$*\c"
+- else
+- echo -n "$*"
+- fi
++ printf '%s' "$*"
+ }
+
+ # failure and success are not defined on some platforms
+-type failure > /dev/null 2>&1 || {
++which failure > /dev/null 2>&1 || {
+ failure()
+ {
+ echo_n " FAILED"
+ }
+ }
+
+-type success > /dev/null 2>&1 || {
++which success > /dev/null 2>&1 || {
+ success()
+ {
+ echo_n " SUCCESS"
+@@ -178,7 +170,7 @@ start() {
+ pid=`cat $pidfile`
+ instlockfile="@localstatedir@/lock/@package_name@/slapd-$instance/server/$pid"
+ name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
+- if kill -0 $pid && [ $name = "ns-slapd" ]; then
++ if kill -s 0 $pid && [ $name = "ns-slapd" ]; then
+ echo_n " already running"
+ success; echo
+ successes=`expr $successes + 1`
+@@ -239,7 +231,7 @@ start() {
+ while test $loop_counter -le $max_count ; do
+ loop_counter=`expr $loop_counter + 1`
+ if test ! -f $pidfile ; then
+- if kill -0 $pid > /dev/null 2>&1 ; then
++ if kill -s 0 $pid > /dev/null 2>&1 ; then
+ sleep 1
+ else
+ break
+@@ -249,7 +241,7 @@ start() {
+ break
+ fi
+ done
+- if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
++ if kill -s 0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
+ success; echo
+ successes=`expr $successes + 1`
+ else
+@@ -278,7 +270,7 @@ stop() {
+ if [ -f $pidfile ]; then
+ pid=`cat $pidfile`
+ server_stopped=0
+- if kill -0 $pid > /dev/null 2>&1 ; then
++ if kill -s 0 $pid > /dev/null 2>&1 ; then
+ kill $pid
+ if [ $? -eq 0 ]; then
+ server_stopped=1
+@@ -297,7 +289,7 @@ stop() {
+ max_count=600
+ while test $loop_counter -le $max_count; do
+ loop_counter=`expr $loop_counter + 1`
+- if kill -0 $pid > /dev/null 2>&1 ; then
++ if kill -s 0 $pid > /dev/null 2>&1 ; then
+ sleep 1
+ else
+ if test -f $pidfile ; then
+@@ -339,7 +331,7 @@ status() {
+ for instance in $INSTANCES; do
+ if [ -f $piddir/slapd-$instance.pid ]; then
+ pid=`cat $piddir/slapd-$instance.pid`
+- if kill -0 $pid > /dev/null 2>&1 ; then
++ if kill -s 0 $pid > /dev/null 2>&1 ; then
+ echo "$prog $instance (pid $pid) is running..."
+ else
+ echo "$prog $instance dead but pid file exists"
+diff --git a/wrappers/ldap-agent-initscript.in b/wrappers/ldap-agent-initscript.in
+index dd8ee97..b7aa4fe 100644
+--- a/wrappers/ldap-agent-initscript.in
++++ b/wrappers/ldap-agent-initscript.in
+@@ -31,28 +31,20 @@ then
+ fi
+ fi
+
+-# figure out which echo we're using
+-ECHO_N=`echo -n`
+-
+-# some shells echo cannot use -n - linux echo by default cannot use \c
+ echo_n()
+ {
+- if [ "$ECHO_N" = '-n' ] ; then
+- echo "$*\c"
+- else
+- echo -n "$*"
+- fi
++ printf '%s' "$*"
+ }
+
+ # failure and success are not defined on some platforms
+-type failure > /dev/null 2>&1 || {
++which failure > /dev/null 2>&1 || {
+ failure()
+ {
+ echo_n " FAILED"
+ }
+ }
+
+-type success > /dev/null 2>&1 || {
++which success > /dev/null 2>&1 || {
+ success()
+ {
+ echo_n " SUCCESS"
+@@ -92,7 +84,7 @@ start() {
+ if [ -f $pidfile ]; then
+ pid=`cat $pidfile`
+ name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
+- if kill -0 $pid && [ $name = "$processname" ]; then
++ if kill -s 0 $pid && [ $name = "$processname" ]; then
+ echo_n " already running"
+ success; echo
+ subagent_running=1
+@@ -121,7 +113,7 @@ start() {
+ while test $loop_counter -le $max_count ; do
+ loop_counter=`expr $loop_counter + 1`
+ if test ! -f $pidfile ; then
+- if kill -0 $pid > /dev/null 2>&1 ; then
++ if kill -s 0 $pid > /dev/null 2>&1 ; then
+ sleep 1
+ else
+ break
+@@ -131,7 +123,7 @@ start() {
+ break
+ fi
+ done
+- if kill -0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
++ if kill -s 0 $pid > /dev/null 2>&1 && test -f $pidfile ; then
+ success; echo
+ else
+ failure; echo
+@@ -147,7 +139,7 @@ stop() {
+ if [ -f $pidfile ]; then
+ pid=`cat $pidfile`
+ subagent_stopped=0
+- if kill -0 $pid > /dev/null 2>&1 ; then
++ if kill -s 0 $pid > /dev/null 2>&1 ; then
+ kill $pid
+ if [ $? -eq 0 ]; then
+ subagent_stopped=1
+@@ -164,7 +156,7 @@ stop() {
+ max_count=10
+ while test $loop_counter -le $max_count; do
+ loop_counter=`expr $loop_counter + 1`
+- if kill -0 $pid > /dev/null 2>&1 ; then
++ if kill -s 0 $pid > /dev/null 2>&1 ; then
+ sleep 1
+ else
+ if test -f $pidfile ; then
+@@ -200,7 +192,7 @@ condrestart() {
+ if [ -f $pidfile ]; then
+ pid=`cat $pidfile`
+ name=`ps -p $pid | tail -1 | awk '{ print $4 }'`
+- if kill -0 $pid && [ $name = "$processname" ]; then
++ if kill -s 0 $pid && [ $name = "$processname" ]; then
+ restart
+ fi
+ fi
+@@ -210,7 +202,7 @@ status() {
+ ret=0
+ if [ -f $pidfile ]; then
+ pid=`cat $pidfile`
+- if kill -0 $pid > /dev/null 2>&1 ; then
++ if kill -s 0 $pid > /dev/null 2>&1 ; then
+ echo "$prog (pid $pid) is running..."
+ else
+ echo "$prog dead but pid file exists"
+--
+1.9.3
+
diff --git a/SOURCES/0042-Ticket-47970-Account-lockout-attributes-incorrectly-.patch b/SOURCES/0042-Ticket-47970-Account-lockout-attributes-incorrectly-.patch
deleted file mode 100644
index 4621245..0000000
--- a/SOURCES/0042-Ticket-47970-Account-lockout-attributes-incorrectly-.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 42d118ae0f727026745d7846ffab878585bb529a Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 2 Dec 2014 14:10:46 -0500
-Subject: [PATCH 42/53] Ticket 47970 - Account lockout attributes incorrectly
- updated after failed SASL Bind
-
-Bug Description: When a SASL bind fails, the target DN is not set. If password policy
- account lockout is configured, it attempts to update the password retry
- count on the dn ("") - which is the Root DSE entry, not a user entry.
-
- This also confuses the COS plugin, and it incorrectly triggers a COS
- cache rebuild after the failed login.
-
-Fix Description: Do not update the password retry counters if it is a failed SASL bind.
-
-https://fedorahosted.org/389/ticket/47970
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 17e79688e05908f7fff319bdeb5167cbeaaf922c)
-(cherry picked from commit 36f0d05b15a8e984c64631fb7ed070358dd8c68f)
----
- ldap/servers/slapd/result.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
-index ca2fa43..2198337 100644
---- a/ldap/servers/slapd/result.c
-+++ b/ldap/servers/slapd/result.c
-@@ -364,16 +364,18 @@ send_ldap_result_ext(
- BerElement *ber
- )
- {
-- Connection *conn = pb->pb_conn;
-- int i, rc, logit = 0;
-- ber_tag_t tag;
-- int flush_ber_element = 1;
- Slapi_Operation *operation;
-- const char *dn = NULL;
-+ passwdPolicy *pwpolicy = NULL;
-+ Connection *conn = pb->pb_conn;
- Slapi_DN *sdn = NULL;
-+ const char *dn = NULL;
-+ ber_tag_t tag;
-+ int flush_ber_element = 1;
-+ int bind_method = 0;
- int internal_op;
-- passwdPolicy *pwpolicy = NULL;
--
-+ int i, rc, logit = 0;
-+
-+ slapi_pblock_get (pb, SLAPI_BIND_METHOD, &bind_method);
- slapi_pblock_get (pb, SLAPI_OPERATION, &operation);
-
- if (operation->o_status == SLAPI_OP_STATUS_RESULT_SENT) {
-@@ -451,7 +453,7 @@ send_ldap_result_ext(
-
- /* invalid password. Update the password retry here */
- /* put this here for now. It could be a send_result pre-op plugin. */
-- if (err == LDAP_INVALID_CREDENTIALS) {
-+ if (err == LDAP_INVALID_CREDENTIALS && bind_method != LDAP_AUTH_SASL ) {
- slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
- dn = slapi_sdn_get_dn(sdn);
- pwpolicy = new_passwdPolicy(pb, dn);
---
-1.9.3
-
diff --git a/SOURCES/0043-Ticket-47970-add-lib389-testcase.patch b/SOURCES/0043-Ticket-47970-add-lib389-testcase.patch
deleted file mode 100644
index 7be9579..0000000
--- a/SOURCES/0043-Ticket-47970-add-lib389-testcase.patch
+++ /dev/null
@@ -1,232 +0,0 @@
-From b10d004f6461a8dd5d5d2766cf95e92c5d94927e Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 4 Dec 2014 15:57:40 -0500
-Subject: [PATCH 43/53] Ticket 47970 - add lib389 testcase
-
-https://fedorahosted.org/389/ticket/47970
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit f6929c9b7c24a43b019e966b1fc37d33b21274a1)
-(cherry picked from commit b6cd13f49713fecf6b2c94a31e25cd726e216c65)
----
- dirsrvtests/tickets/ticket47970_test.py | 206 ++++++++++++++++++++++++++++++++
- 1 file changed, 206 insertions(+)
- create mode 100644 dirsrvtests/tickets/ticket47970_test.py
-
-diff --git a/dirsrvtests/tickets/ticket47970_test.py b/dirsrvtests/tickets/ticket47970_test.py
-new file mode 100644
-index 0000000..49d505a
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket47970_test.py
-@@ -0,0 +1,206 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import ldap.sasl
-+import logging
-+import socket
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from constants import *
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+USER1_DN = "uid=user1,%s" % DEFAULT_SUFFIX
-+USER2_DN = "uid=user2,%s" % DEFAULT_SUFFIX
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to standalone topology for the 'module'.
-+ At the beginning, It may exists a standalone instance.
-+ It may also exists a backup for the standalone instance.
-+
-+ Principle:
-+ If standalone instance exists:
-+ restart it
-+ If backup of standalone exists:
-+ create/rebind to standalone
-+
-+ restore standalone instance from backup
-+ else:
-+ Cleanup everything
-+ remove instance
-+ remove backup
-+ Create instance
-+ Create backup
-+ '''
-+ global installation_prefix
-+
-+ if installation_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ standalone = DirSrv(verbose=False)
-+
-+ # Args for the standalone instance
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+
-+ # Get the status of the backups
-+ backup_standalone = standalone.checkBackupFS()
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ # assuming the instance is already stopped, just wait 5 sec max
-+ standalone.stop(timeout=5)
-+ standalone.start(timeout=10)
-+
-+ if backup_standalone:
-+ # The backup exist, assuming it is correct
-+ # we just re-init the instance with it
-+ if not instance_standalone:
-+ standalone.create()
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # restore standalone instance from backup
-+ standalone.stop(timeout=10)
-+ standalone.restoreFS(backup_standalone)
-+ standalone.start(timeout=10)
-+
-+ else:
-+ # We should be here only in two conditions
-+ # - This is the first time a test involve standalone instance
-+ # - Something weird happened (instance/backup destroyed)
-+ # so we discard everything and recreate all
-+
-+ # Remove the backup. So even if we have a specific backup file
-+ # (e.g backup_standalone) we clear backup that an instance may have created
-+ if backup_standalone:
-+ standalone.clearBackupFS()
-+
-+ # Remove the instance
-+ if instance_standalone:
-+ standalone.delete()
-+
-+ # Create the instance
-+ standalone.create()
-+
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # Time to create the backups
-+ standalone.stop(timeout=10)
-+ standalone.backupfile = standalone.backupFS()
-+ standalone.start(timeout=10)
-+
-+ # clear the tmp directory
-+ standalone.clearTmpDir(__file__)
-+
-+ #
-+ # Here we have standalone instance up and running
-+ # Either coming from a backup recovery
-+ # or from a fresh (re)init
-+ # Time to return the topology
-+ return TopologyStandalone(standalone)
-+
-+
-+def test_ticket47970(topology):
-+ """
-+ Testing that a failed SASL bind does not trigger account lockout -
-+ which would attempt to update the passwordRetryCount on the root dse entry
-+ """
-+
-+ log.info('Testing Ticket 47970 - Testing that a failed SASL bind does not trigger account lockout')
-+
-+ #
-+ # Enable account lockout
-+ #
-+ try:
-+ topology.standalone.modify_s("cn=config", [(ldap.MOD_REPLACE, 'passwordLockout', 'on')])
-+ log.info('account lockout enabled.')
-+ except ldap.LDAPError, e:
-+ log.error('Failed to enable account lockout: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ topology.standalone.modify_s("cn=config", [(ldap.MOD_REPLACE, 'passwordMaxFailure', '5')])
-+ log.info('passwordMaxFailure set.')
-+ except ldap.LDAPError, e:
-+ log.error('Failed to to set passwordMaxFailure: ' + e.message['desc'])
-+ assert False
-+
-+ #
-+ # Perform SASL bind that should fail
-+ #
-+ failed_as_expected = False
-+ try:
-+ user_name = "mark"
-+ pw = "secret"
-+ auth_tokens = ldap.sasl.digest_md5(user_name, pw)
-+ topology.standalone.sasl_interactive_bind_s("", auth_tokens)
-+ except ldap.INVALID_CREDENTIALS, e:
-+ log.info("SASL Bind failed as expected")
-+ failed_as_expected = True
-+
-+ if not failed_as_expected:
-+ log.error("SASL bind unexpectedly succeeded!")
-+ assert False
-+
-+ #
-+ # Check that passwordRetryCount was not set on the root dse entry
-+ #
-+ try:
-+ entry = topology.standalone.search_s("", ldap.SCOPE_BASE,
-+ "passwordRetryCount=*",
-+ ['passwordRetryCount'])
-+ except ldap.LDAPError, e:
-+ log.error('Failed to search Root DSE entry: ' + e.message['desc'])
-+ assert False
-+
-+ if entry:
-+ log.error('Root DSE was incorrectly updated')
-+ assert False
-+
-+ # We passed
-+ log.info('Root DSE was correctly not updated')
-+ log.info("Test Passed.")
-+
-+
-+def test_ticket47970_final(topology):
-+ topology.standalone.stop(timeout=10)
-+
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ topo = topology(True)
-+ test_ticket47970(topo)
-+
-+if __name__ == '__main__':
-+ run_isolated()
-\ No newline at end of file
---
-1.9.3
-
diff --git a/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch b/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
new file mode 100644
index 0000000..94219a4
--- /dev/null
+++ b/SOURCES/0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
@@ -0,0 +1,61 @@
+From 0cb8a7e2f797b4d48a20e650cf8510b8495a35e6 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 11 Aug 2015 10:23:21 -0700
+Subject: [PATCH 43/45] Ticket #48245 - Man pages and help for remove-ds.pl
+ doesn't display "-a" option
+
+Description: Adding the description for "-a" to the man page and the help usage.
+
+https://fedorahosted.org/389/ticket/48245
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit a2dbb56ec5ad468972a41a500e1cdbb4ced01cb0)
+(cherry picked from commit 06dafdfed1528ea6724f61492f4c93977a3ce809)
+---
+ ldap/admin/src/scripts/remove-ds.pl.in | 5 +++--
+ man/man8/remove-ds.pl.8 | 5 ++++-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in
+index e7eb591..b35ae32 100755
+--- a/ldap/admin/src/scripts/remove-ds.pl.in
++++ b/ldap/admin/src/scripts/remove-ds.pl.in
+@@ -21,8 +21,9 @@ Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd
+ my $res = new Resource("@propertydir@/setup-ds.res");
+
+ sub usage {
+- print(STDERR "Usage: $0 [-f] [-d -d ... -d] -i instance\n\n");
+- print(STDERR " Opts: -f - force removal\n");
++ print(STDERR "Usage: $0 [-a] [-f] [-d -d ... -d] -i instance\n\n");
++ print(STDERR " Opts: -a - remove all\n");
++ print(STDERR " -f - force removal\n");
+ print(STDERR " -i instance - instance name to remove (e.g. - slapd-example)\n");
+ print(STDERR " -d - turn on debugging output\n");
+ }
+diff --git a/man/man8/remove-ds.pl.8 b/man/man8/remove-ds.pl.8
+index 8c7c118..0568ff8 100644
+--- a/man/man8/remove-ds.pl.8
++++ b/man/man8/remove-ds.pl.8
+@@ -19,7 +19,7 @@
+ remove\-ds.pl \- Remove an instance of Directory Server
+ .SH SYNOPSIS
+ .B remove-ds.pl
+-[\-f] [\-d \-d ... \-d] \-i \fIinstance\fR
++[\-a] [\-f] [\-d \-d ... \-d] \-i \fIinstance\fR
+ .SH DESCRIPTION
+ Removes a Directory Server instance from the system. The instance
+ will be shutdown and the files will be removed. The certificate
+@@ -33,6 +33,9 @@ will contain the retained certificate database files.
+ .SH OPTIONS
+ A summary of options is included below:
+ .TP
++.B \fB\-a\fR
++Removes all files and directories belonging to the instance
++.TP
+ .B \fB\-f\fR
+ Force removal
+ .TP
+--
+1.9.3
+
diff --git a/SOURCES/0044-Ticket-47960-cookie_change_info-returns-random-negat.patch b/SOURCES/0044-Ticket-47960-cookie_change_info-returns-random-negat.patch
deleted file mode 100644
index aefa76f..0000000
--- a/SOURCES/0044-Ticket-47960-cookie_change_info-returns-random-negat.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From bf2263bac10b890cdfc1fb7cd37f868785190cce Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 10 Dec 2014 17:12:00 -0800
-Subject: [PATCH 44/53] Ticket #47960 - cookie_change_info returns random
- negative number if there was no change in a tree
-
-Description: When no changes had not been made, Retro Changelog db
-was empty and the search callback sync_handle_cnum_entry in the
-Content Synchronization had no chance to be called. If it was not
-called, an uninitialized garbage value in Sync_CallBackData was set
-to cookie_change_info.
-
-This patch checks if the search callback sync_handle_cnum_entry is
-called or not. If it is not called, set 0 to cookie_change_info.
-
-https://fedorahosted.org/389/ticket/47960
-
-Reviewed by rmeggins@redhat.com and tbordaz@redhat.com (Thank you,
-Rich and Thierry!!)
-
-(cherry picked from commit a908c6b57cd77ff2f6e2fe0fe1fa2e0eccba77e0)
-(cherry picked from commit b7a472c71db4671c127584fcf7bfd8c75930bc8c)
----
- ldap/servers/plugins/sync/sync.h | 2 ++
- ldap/servers/plugins/sync/sync_util.c | 14 ++++++++++----
- 2 files changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/plugins/sync/sync.h b/ldap/servers/plugins/sync/sync.h
-index 9c2d8be..0bcec7a 100644
---- a/ldap/servers/plugins/sync/sync.h
-+++ b/ldap/servers/plugins/sync/sync.h
-@@ -76,6 +76,8 @@ typedef struct sync_update {
- Slapi_Entry *upd_e;
- } Sync_UpdateNode;
-
-+#define SYNC_CALLBACK_PREINIT (-1)
-+
- typedef struct sync_callback {
- Slapi_PBlock *orig_pb;
- int changenr;
-diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
-index de65b99..af22bcb 100644
---- a/ldap/servers/plugins/sync/sync_util.c
-+++ b/ldap/servers/plugins/sync/sync_util.c
-@@ -373,6 +373,7 @@ sync_handle_cnum_entry(Slapi_Entry *e, void *cb_data)
- if( NULL != value && NULL != value->bv_val &&
- '\0' != value->bv_val[0]) {
- cb->changenr = sync_number2int(value->bv_val);
-+ cb->cb_err = 0; /* changenr successfully set */
- }
- }
- }
-@@ -500,7 +501,7 @@ sync_cookie_get_change_info(Sync_CallBackData *scbd)
- slapi_pblock_init(seq_pb);
-
- slapi_seq_internal_set_pb(seq_pb, base, SLAPI_SEQ_LAST, attrname, NULL, NULL, 0, 0,
-- plugin_get_default_component_id(), 0);
-+ plugin_get_default_component_id(), 0);
-
- rc = slapi_seq_internal_callback_pb (seq_pb, scbd, NULL, sync_handle_cnum_entry, NULL);
- slapi_pblock_destroy(seq_pb);
-@@ -518,15 +519,20 @@ sync_cookie_create (Slapi_PBlock *pb)
-
- Sync_CallBackData scbd;
- int rc;
-- Sync_Cookie *sc = (Sync_Cookie *)slapi_ch_malloc(sizeof(Sync_Cookie));
--
-+ Sync_Cookie *sc = (Sync_Cookie *)slapi_ch_calloc(1, sizeof(Sync_Cookie));
-
-+ scbd.cb_err = SYNC_CALLBACK_PREINIT;
- rc = sync_cookie_get_change_info (&scbd);
-
- if (rc == 0) {
- sc->cookie_server_signature = sync_cookie_get_server_info(pb);
- sc->cookie_client_signature = sync_cookie_get_client_info(pb);
-- sc->cookie_change_info = scbd.changenr;
-+ if (scbd.cb_err == SYNC_CALLBACK_PREINIT) {
-+ /* changenr is not initialized. */
-+ sc->cookie_change_info = 0;
-+ } else {
-+ sc->cookie_change_info = scbd.changenr;
-+ }
- } else {
- slapi_ch_free ((void **)&sc);
- sc = NULL;
---
-1.9.3
-
diff --git a/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch b/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
new file mode 100644
index 0000000..75a2224
--- /dev/null
+++ b/SOURCES/0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
@@ -0,0 +1,46 @@
+From 3598e701b5362633daa40380088d6ba9c8e2d103 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Fri, 14 Aug 2015 12:32:31 +0200
+Subject: [PATCH 44/45] Ticket 48249: sync_repl uuid may be invalid
+
+Bug Description:
+ uuid is computed from nsuniqueid of the entry.
+ If the computed uuid contains NULL char, slapi_ch_smprintf("%s")
+ will stop on the it, leaving the rest of the buffer with the value
+ that was on the heap at that time
+
+Fix Description:
+ use malloc/memcpy instead of slapi_ch_smprintf
+
+https://fedorahosted.org/389/ticket/48249
+
+Reviewed by: Noriko Hosoi (thank you !!)
+
+Platforms tested: F22
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit a80fe155cb302e0ef10e14cb238c88698b5995a2)
+---
+ ldap/servers/plugins/sync/sync_util.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
+index 00dc182..1dcff91 100644
+--- a/ldap/servers/plugins/sync/sync_util.c
++++ b/ldap/servers/plugins/sync/sync_util.c
+@@ -107,7 +107,8 @@ sync_nsuniqueid2uuid(const char *nsuniqueid)
+
+ u[16] = '\0';
+
+- uuid = slapi_ch_smprintf("%s",(char *)u);
++ uuid = slapi_ch_malloc(sizeof(u));
++ memcpy(uuid, u, sizeof(u));
+
+ return(uuid);
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0045-Ticket-47960-cookie_change_info-returns-random-negat.patch b/SOURCES/0045-Ticket-47960-cookie_change_info-returns-random-negat.patch
deleted file mode 100644
index d739ea3..0000000
--- a/SOURCES/0045-Ticket-47960-cookie_change_info-returns-random-negat.patch
+++ /dev/null
@@ -1,251 +0,0 @@
-From 254ba1f6adf1575f5992ccc1a228ecd10ce96cc5 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 12 Dec 2014 15:41:36 -0800
-Subject: [PATCH 45/53] Ticket #47960 - cookie_change_info returns random
- negative number if there was no change in a tree
-
-Description: An additional fix for the type mismatch for the change
-numbers. Change Number is declared as "unsigned long" in the Retro
-Changelog plugin, while cookie_change_info in the Content Sync plugin
-is "int", which could end up with a negative number when the change
-number passes (2^31 - 1).
-
-Changing the type of cookie_change_info to "unsigned long".
-
-https://fedorahosted.org/389/ticket/47960
-
-Reviewed by rmeggins@redhat.com and tbordaz@redhat.com (Thank you,
-Rich and Thierry!!)
-
-(cherry picked from commit 96c130b432ce0b15028e325c0e337679291aef9f)
-(cherry picked from commit 61a4e7035742612a1a8bf42b16e93cc55776dc31)
----
- ldap/servers/plugins/sync/sync.h | 9 +++--
- ldap/servers/plugins/sync/sync_refresh.c | 32 +++++++++++++-----
- ldap/servers/plugins/sync/sync_util.c | 56 ++++++++++++++++++++------------
- 3 files changed, 65 insertions(+), 32 deletions(-)
-
-diff --git a/ldap/servers/plugins/sync/sync.h b/ldap/servers/plugins/sync/sync.h
-index 0bcec7a..803c656 100644
---- a/ldap/servers/plugins/sync/sync.h
-+++ b/ldap/servers/plugins/sync/sync.h
-@@ -64,10 +64,12 @@
- #define CL_ATTR_NEWSUPERIOR "newsuperior"
- #define CL_SRCH_BASE "cn=changelog"
-
-+#define SYNC_INVALID_CHANGENUM ((unsigned long)-1)
-+
- typedef struct sync_cookie {
- char *cookie_client_signature;
- char *cookie_server_signature;
-- int cookie_change_info;
-+ unsigned long cookie_change_info;
- } Sync_Cookie;
-
- typedef struct sync_update {
-@@ -80,8 +82,8 @@ typedef struct sync_update {
-
- typedef struct sync_callback {
- Slapi_PBlock *orig_pb;
-- int changenr;
-- int change_start;
-+ unsigned long changenr;
-+ unsigned long change_start;
- int cb_err;
- Sync_UpdateNode *cb_updates;
- } Sync_CallBackData;
-@@ -112,6 +114,7 @@ int sync_cookie_isvalid (Sync_Cookie *testcookie, Sync_Cookie *refcookie);
- void sync_cookie_free (Sync_Cookie **freecookie);
- char * sync_cookie2str(Sync_Cookie *cookie);
- int sync_number2int(char *nrstr);
-+unsigned long sync_number2ulong(char *nrstr);
- char *sync_nsuniqueid2uuid(const char *nsuniqueid);
-
- int sync_is_active (Slapi_Entry *e, Slapi_PBlock *pb);
-diff --git a/ldap/servers/plugins/sync/sync_refresh.c b/ldap/servers/plugins/sync/sync_refresh.c
-index 4e256e6..bfff77b 100644
---- a/ldap/servers/plugins/sync/sync_refresh.c
-+++ b/ldap/servers/plugins/sync/sync_refresh.c
-@@ -293,9 +293,9 @@ sync_refresh_update_content(Slapi_PBlock *pb, Sync_Cookie *client_cookie, Sync_C
- cb_data.orig_pb = pb;
- cb_data.change_start = client_cookie->cookie_change_info;
-
-- filter = slapi_ch_smprintf("(&(changenumber>=%d)(changenumber<=%d))",
-- client_cookie->cookie_change_info,
-- server_cookie->cookie_change_info);
-+ filter = slapi_ch_smprintf("(&(changenumber>=%lu)(changenumber<=%lu))",
-+ client_cookie->cookie_change_info,
-+ server_cookie->cookie_change_info);
- slapi_search_internal_set_pb(
- seq_pb,
- CL_SRCH_BASE,
-@@ -305,7 +305,7 @@ sync_refresh_update_content(Slapi_PBlock *pb, Sync_Cookie *client_cookie, Sync_C
- 0,
- NULL, NULL,
- plugin_get_default_component_id(),
-- 0);
-+ 0);
-
- rc = slapi_search_internal_callback_pb (
- seq_pb, &cb_data, NULL, sync_read_entry_from_changelog, NULL);
-@@ -460,6 +460,7 @@ sync_read_entry_from_changelog( Slapi_Entry *cl_entry, void *cb_data)
- int chg_req;
- int prev = 0;
- int index = 0;
-+ unsigned long chgnum = 0;
- Sync_CallBackData *cb = (Sync_CallBackData *) cb_data;
-
- if (cb == NULL) {
-@@ -470,13 +471,28 @@ sync_read_entry_from_changelog( Slapi_Entry *cl_entry, void *cb_data)
- if (uniqueid == NULL) {
- slapi_log_error (SLAPI_LOG_FATAL, SYNC_PLUGIN_SUBSYSTEM,
- "Retro Changelog does not provied nsuniquedid."
-- "Check RCL plugin configuration." );
-+ "Check RCL plugin configuration.\n" );
- return(1);
- }
-- chgtype = sync_get_attr_value_from_entry (cl_entry, CL_ATTR_CHGTYPE);
- chgnr = sync_get_attr_value_from_entry (cl_entry, CL_ATTR_CHANGENUMBER);
--
-- index = sync_number2int(chgnr) - cb->change_start;
-+ chgnum = sync_number2ulong(chgnr);
-+ if (SYNC_INVALID_CHANGENUM == chgnum) {
-+ slapi_log_error (SLAPI_LOG_FATAL, SYNC_PLUGIN_SUBSYSTEM,
-+ "Change number provided by Retro Changelog is invalid: %s\n", chgnr);
-+ slapi_ch_free_string(&chgnr);
-+ slapi_ch_free_string(&uniqueid);
-+ return(1);
-+ }
-+ if (chgnum < cb->change_start) {
-+ slapi_log_error (SLAPI_LOG_FATAL, SYNC_PLUGIN_SUBSYSTEM,
-+ "Change number provided by Retro Changelog %s is less than the initial number %lu\n",
-+ chgnr, cb->change_start);
-+ slapi_ch_free_string(&chgnr);
-+ slapi_ch_free_string(&uniqueid);
-+ return(1);
-+ }
-+ index = chgnum - cb->change_start;
-+ chgtype = sync_get_attr_value_from_entry (cl_entry, CL_ATTR_CHGTYPE);
- chg_req = sync_str2chgreq(chgtype);
- switch (chg_req){
- case LDAP_REQ_ADD:
-diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
-index af22bcb..67cb453 100644
---- a/ldap/servers/plugins/sync/sync_util.c
-+++ b/ldap/servers/plugins/sync/sync_util.c
-@@ -266,10 +266,10 @@ sync_cookie2str(Sync_Cookie *cookie)
- char *cookiestr = NULL;
-
- if (cookie) {
-- cookiestr = slapi_ch_smprintf("%s#%s#%d",
-- cookie->cookie_server_signature,
-- cookie->cookie_client_signature,
-- cookie->cookie_change_info);
-+ cookiestr = slapi_ch_smprintf("%s#%s#%lu",
-+ cookie->cookie_server_signature,
-+ cookie->cookie_client_signature,
-+ cookie->cookie_change_info);
- }
- return(cookiestr);
- }
-@@ -370,10 +370,11 @@ sync_handle_cnum_entry(Slapi_Entry *e, void *cb_data)
- slapi_attr_first_value( chattr,&sval );
- if ( NULL != sval ) {
- value = slapi_value_get_berval ( sval );
-- if( NULL != value && NULL != value->bv_val &&
-- '\0' != value->bv_val[0]) {
-- cb->changenr = sync_number2int(value->bv_val);
-- cb->cb_err = 0; /* changenr successfully set */
-+ if (value && value->bv_val && ('\0' != value->bv_val[0])) {
-+ cb->changenr = sync_number2ulong(value->bv_val);
-+ if (SYNC_INVALID_CHANGENUM != cb->changenr) {
-+ cb->cb_err = 0; /* changenr successfully set */
-+ }
- }
- }
- }
-@@ -452,31 +453,30 @@ sync_cookie_get_client_info(Slapi_PBlock *pb)
- clientinfo = slapi_ch_smprintf("%s:%s:%s",clientdn,targetdn,strfilter);
- return (clientinfo);
- }
--static int
-+static unsigned long
- sync_cookie_get_change_number(int lastnr, const char *uniqueid)
- {
- Slapi_PBlock *srch_pb;
- Slapi_Entry **entries;
- Slapi_Entry *cl_entry;
- int rv;
-- int newnr = -1;
-+ unsigned long newnr = SYNC_INVALID_CHANGENUM;
- char *filter = slapi_ch_smprintf("(&(changenumber>=%d)(targetuniqueid=%s))",lastnr,uniqueid);
-
- srch_pb = slapi_pblock_new();
-- slapi_search_internal_set_pb(srch_pb, CL_SRCH_BASE,
-- LDAP_SCOPE_SUBTREE, filter,
-- NULL, 0, NULL, NULL, plugin_get_default_component_id(), 0);
-- slapi_search_internal_pb(srch_pb);
-+ slapi_search_internal_set_pb(srch_pb, CL_SRCH_BASE, LDAP_SCOPE_SUBTREE, filter,
-+ NULL, 0, NULL, NULL, plugin_get_default_component_id(), 0);
-+ slapi_search_internal_pb(srch_pb);
- slapi_pblock_get(srch_pb, SLAPI_PLUGIN_INTOP_RESULT, &rv);
-- if ( rv == LDAP_SUCCESS) {
-+ if (rv == LDAP_SUCCESS) {
- slapi_pblock_get(srch_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-- if (entries && *entries) {
-+ if (entries && *entries) {
- Slapi_Attr *attr;
- Slapi_Value *val;
- cl_entry = *entries; /* only use teh first one */
- slapi_entry_attr_find(cl_entry, CL_ATTR_CHANGENUMBER, &attr);
- slapi_attr_first_value(attr, &val);
-- newnr = sync_number2int((char *)slapi_value_get_string(val));
-+ newnr = sync_number2ulong((char *)slapi_value_get_string(val));
- }
- }
-
-@@ -579,8 +579,8 @@ sync_cookie_parse (char *cookie)
- if (p) {
- *p = '\0';
- sc->cookie_client_signature = slapi_ch_strdup(q);
-- sc->cookie_change_info = sync_number2int(p+1);
-- if (sc->cookie_change_info < 0) {
-+ sc->cookie_change_info = sync_number2ulong(p+1);
-+ if (SYNC_INVALID_CHANGENUM == sc->cookie_change_info) {
- goto error_return;
- }
- } else {
-@@ -716,14 +716,28 @@ sync_pblock_copy(Slapi_PBlock *src)
- return dest;
- }
-
--int sync_number2int(char *chgnrstr)
-+int
-+sync_number2int(char *chgnrstr)
- {
- char *end;
- int nr;
-- nr = strtoul(chgnrstr, &end, 10);
-+ nr = (int)strtoul(chgnrstr, &end, 10);
- if ( *end == '\0') {
- return (nr);
- } else {
- return (-1);
- }
- }
-+
-+unsigned long
-+sync_number2ulong(char *chgnrstr)
-+{
-+ char *end;
-+ unsigned long nr;
-+ nr = strtoul(chgnrstr, &end, 10);
-+ if ( *end == '\0') {
-+ return (nr);
-+ } else {
-+ return SYNC_INVALID_CHANGENUM;
-+ }
-+}
---
-1.9.3
-
diff --git a/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch b/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
new file mode 100644
index 0000000..077923f
--- /dev/null
+++ b/SOURCES/0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
@@ -0,0 +1,180 @@
+From 0cf9e38234476a0f3680ea388351f9bf90735818 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Fri, 14 Aug 2015 11:19:24 -0700
+Subject: [PATCH 45/45] Ticket #48250 - Slapd crashes reported from latest
+ build
+
+Bug Description: There was a conflict between an import task and
+deleting the instance. While the import task was still running,
+the backend instance was removed, which should have been rejected.
+
+Fix Description: Backend tasks keeps instance refcnt positive and
+disable the backend in the mapping tree. This patch adds the
+check for the mapping tree in the backend deletion callback. If
+the instance refcnt is positive or the mapping tree is disabled,
+the deletion is backed off.
+
+For the backend deletion, the referral info is not needed. To
+reduce unnecessary allocation and free, adding the code which
+checks if the given referral variable is NULL or not to mtn_get_be.
+If it is NULL, no allocation for the referral entry occurs.
+
+https://fedorahosted.org/389/ticket/48250
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit 01fea1f89a680358245677f72a67e9ccf196f66d)
+(cherry picked from commit 7a4b0a705ec7376e704f6ae591beabf6c8f890af)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 11 +++--
+ ldap/servers/slapd/mapping_tree.c | 52 ++++++++++++++----------
+ 2 files changed, 39 insertions(+), 24 deletions(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+index 895d846..42c8ffe 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+@@ -128,7 +128,7 @@ ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_
+
+ /*
+ * Config DSE callback for index deletes.
+- */
++ */
+ int
+ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg)
+ {
+@@ -138,15 +138,19 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
+ const struct berval *attrValue;
+ int rc = SLAPI_DSE_CALLBACK_OK;
+ struct attrinfo *ainfo = NULL;
++ Slapi_Backend *be = NULL;
+
+ returntext[0] = '\0';
+ *returncode = LDAP_SUCCESS;
+
+- if (slapi_counter_get_value(inst->inst_ref_count) > 0) {
++ if ((slapi_counter_get_value(inst->inst_ref_count) > 0) ||
++ /* check if the backend is ON or not.
++ * If offline or being deleted, non SUCCESS is returned. */
++ (slapi_mapping_tree_select(pb, &be, NULL, returntext) != LDAP_SUCCESS)) {
+ *returncode = LDAP_UNAVAILABLE;
+ rc = SLAPI_DSE_CALLBACK_ERROR;
++ goto bail;
+ }
+-
+ *returncode = LDAP_SUCCESS;
+
+ slapi_entry_attr_find(e, "cn", &attr);
+@@ -165,6 +169,7 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
+ rc = SLAPI_DSE_CALLBACK_ERROR;
+ }
+ }
++bail:
+ return rc;
+ }
+
+diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
+index ca8d6af..165eba1 100644
+--- a/ldap/servers/slapd/mapping_tree.c
++++ b/ldap/servers/slapd/mapping_tree.c
+@@ -2171,7 +2171,9 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
+ }
+
+ be[0] = NULL;
+- referral[0] = NULL;
++ if (referral) {
++ referral[0] = NULL;
++ }
+
+ mtn_lock();
+
+@@ -2658,7 +2660,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
+ ((SLAPI_OPERATION_SEARCH == op_type)||(SLAPI_OPERATION_BIND == op_type) ||
+ (SLAPI_OPERATION_UNBIND == op_type) || (SLAPI_OPERATION_COMPARE == op_type))) ||
+ override_referral) {
+- *referral = NULL;
++ if (referral) {
++ *referral = NULL;
++ }
+ if ((target_node == mapping_tree_root) ){
+ /* If we got here, then we couldn't find a matching node
+ * for the target. We'll use the default backend. Once
+@@ -2679,22 +2683,25 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
+ /* there is only one backend no choice possible */
+ *index = 0;
+ } else {
+- *index = mtn_get_be_distributed(pb, target_node,
+- target_sdn, &flag_stop);
+- if (*index == SLAPI_BE_NO_BACKEND)
+- result = LDAP_UNWILLING_TO_PERFORM;
+- }
+- }
+- if (*index == SLAPI_BE_REMOTE_BACKEND) {
+- *be = NULL;
+- *referral = (target_node->mtn_referral_entry ?
+- slapi_entry_dup(target_node->mtn_referral_entry) :
+- NULL);
++ *index = mtn_get_be_distributed(pb, target_node, target_sdn, &flag_stop);
++ if (*index == SLAPI_BE_NO_BACKEND) {
++ result = LDAP_UNWILLING_TO_PERFORM;
++ }
++ }
++ }
++ if (*index == SLAPI_BE_REMOTE_BACKEND) {
++ *be = NULL;
++ if (referral) {
++ *referral = (target_node->mtn_referral_entry ?
++ slapi_entry_dup(target_node->mtn_referral_entry) : NULL);
++ }
+ (*index)++;
+ }else if ((*index == SLAPI_BE_NO_BACKEND) || (*index >= target_node->mtn_be_count)) {
+- /* we have already returned all backends -> return NULL */
++ /* we have already returned all backends -> return NULL */
+ *be = NULL;
+- *referral = NULL;
++ if (referral) {
++ *referral = NULL;
++ }
+ } else {
+ /* return next backend, increment index */
+ *be = target_node->mtn_be[*index];
+@@ -2749,7 +2756,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
+ * send back NULL to jump to next node
+ */
+ *be = NULL;
+- *referral = NULL;
++ if (referral) {
++ *referral = NULL;
++ }
+ result = LDAP_SUCCESS;
+ } else {
+ /* first time we hit this referral -> return it
+@@ -2758,11 +2767,12 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
+ * returned this referral
+ */
+ *be = NULL;
+- *referral = (target_node->mtn_referral_entry ?
+- slapi_entry_dup(target_node->mtn_referral_entry) :
+- NULL);
++ if (referral) {
++ *referral = (target_node->mtn_referral_entry ?
++ slapi_entry_dup(target_node->mtn_referral_entry) : NULL);
++ }
+ (*index)++;
+- if (NULL == *referral) {
++ if (NULL == target_node->mtn_referral_entry) {
+ if (errorbuf) {
+ PR_snprintf(errorbuf, BUFSIZ,
+ "Mapping tree node for %s is set to return a referral,"
+@@ -2782,7 +2792,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
+ "mapping tree selected backend : %s\n",
+ slapi_be_get_name(*be));
+ slapi_be_Rlock(*be);
+- } else if (*referral) {
++ } else if (referral && *referral) {
+ slapi_log_error(SLAPI_LOG_ARGS, NULL,
+ "mapping tree selected referral at node : %s\n",
+ slapi_sdn_get_dn(target_node->mtn_subtree));
+--
+1.9.3
+
diff --git a/SOURCES/0046-Ticket-47636-Error-log-levels-not-displayed-correctl.patch b/SOURCES/0046-Ticket-47636-Error-log-levels-not-displayed-correctl.patch
deleted file mode 100644
index 84b2784..0000000
--- a/SOURCES/0046-Ticket-47636-Error-log-levels-not-displayed-correctl.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From cac085393e5d3ea996b9dd19811088f675c15b5f Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 8 Dec 2014 15:50:53 -0500
-Subject: [PATCH 46/53] Ticket 47636 - Error log levels not displayed correctly
-
-Bug Description: Searching for nsslapd-errorlog-level returns an
- unexpected value (the level plus 16384).
-
-Fix Description: This is a regression from the first fix for this
- ticket. The fix is to only adjust the level zero,
- to its full default value of 16384.
-
-https://fedorahosted.org/389/ticket/47636
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit f12e1216cc7baf128911d519cc8758c1c9277957)
-(cherry picked from commit 7b32ab042511f69e544f91b318387edd00129292)
----
- ldap/servers/slapd/libglobs.c | 22 ++++++++++++++++++++--
- 1 file changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
-index b437112..b2b40d3 100644
---- a/ldap/servers/slapd/libglobs.c
-+++ b/ldap/servers/slapd/libglobs.c
-@@ -118,6 +118,7 @@ typedef enum {
- CONFIG_CONSTANT_STRING, /* for #define values, e.g. */
- CONFIG_SPECIAL_REFERRALLIST, /* this is a berval list */
- CONFIG_SPECIAL_SSLCLIENTAUTH, /* maps strings to an enumeration */
-+ CONFIG_SPECIAL_ERRORLOGLEVEL, /* requires & with LDAP_DEBUG_ANY */
- CONFIG_STRING_OR_EMPTY, /* use an empty string */
- CONFIG_SPECIAL_ANON_ACCESS_SWITCH, /* maps strings to an enumeration */
- CONFIG_SPECIAL_VALIDATE_CERT_SWITCH, /* maps strings to an enumeration */
-@@ -289,7 +290,7 @@ slapi_onoff_t init_mempool_switch;
- static int
- isInt(ConfigVarType type)
- {
-- return type == CONFIG_INT || type == CONFIG_ON_OFF || type == CONFIG_SPECIAL_SSLCLIENTAUTH;
-+ return type == CONFIG_INT || type == CONFIG_ON_OFF || type == CONFIG_SPECIAL_SSLCLIENTAUTH || type == CONFIG_SPECIAL_ERRORLOGLEVEL;
- }
-
- /* the caller will typically have to cast the result based on the ConfigVarType */
-@@ -339,7 +340,7 @@ static struct config_get_and_set {
- {CONFIG_LOGLEVEL_ATTRIBUTE, config_set_errorlog_level,
- NULL, 0,
- (void**)&global_slapdFrontendConfig.errorloglevel,
-- CONFIG_INT, NULL, STRINGIFYDEFINE(SLAPD_DEFAULT_ERRORLOG_LEVEL)},
-+ CONFIG_SPECIAL_ERRORLOGLEVEL, NULL, NULL},
- {CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE, NULL,
- log_set_logging, SLAPD_ERROR_LOG,
- (void**)&global_slapdFrontendConfig.errorlog_logging_enabled,
-@@ -7563,6 +7564,23 @@ config_set_value(
- *((char **)value) : "unknown");
- break;
-
-+ case CONFIG_SPECIAL_ERRORLOGLEVEL:
-+ if (value) {
-+ int ival = *(int *)value;
-+ ival &= ~LDAP_DEBUG_ANY;
-+ if (ival == 0) {
-+ /*
-+ * Don't store the default value as zero,
-+ * but as its real value.
-+ */
-+ ival = LDAP_DEBUG_ANY;
-+ }
-+ slapi_entry_attr_set_int(e, cgas->attr_name, ival);
-+ }
-+ else
-+ slapi_entry_attr_set_charptr(e, cgas->attr_name, "");
-+ break;
-+
- case CONFIG_SPECIAL_ANON_ACCESS_SWITCH:
- if (!value) {
- slapi_entry_attr_set_charptr(e, cgas->attr_name, "off");
---
-1.9.3
-
diff --git a/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch b/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
new file mode 100644
index 0000000..245fe21
--- /dev/null
+++ b/SOURCES/0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
@@ -0,0 +1,158 @@
+From 34024061a980fa5472fab680b873c0666413e5ec Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 17 Aug 2015 14:51:17 -0400
+Subject: [PATCH 46/47] Ticket 48233 - Server crashes in ACL_LasFindFlush
+ during shutdown if ACIs contain IP addresss restrictions
+
+Bug Description: The server will crash at shutdown if there are ACI's that use IP rules.
+
+Fix Description: When we stop the acl plugin we need to free aci avl list first, before
+ we free the libaccess ACL global lists. Otherwise, we dereference a freed
+ struct.
+
+https://fedorahosted.org/389/ticket/48233
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 22d315b910b086d3e7edca3b6b52511d5da63802)
+(cherry picked from commit 57c5d35b4a5ea3e85ae2a7471cbe487531ee3835)
+---
+ dirsrvtests/tickets/ticket48233_test.py | 105 ++++++++++++++++++++++++++++++++
+ ldap/servers/plugins/acl/aclplugin.c | 2 +-
+ 2 files changed, 106 insertions(+), 1 deletion(-)
+ create mode 100644 dirsrvtests/tickets/ticket48233_test.py
+
+diff --git a/dirsrvtests/tickets/ticket48233_test.py b/dirsrvtests/tickets/ticket48233_test.py
+new file mode 100644
+index 0000000..387279d
+--- /dev/null
++++ b/dirsrvtests/tickets/ticket48233_test.py
+@@ -0,0 +1,105 @@
++import os
++import sys
++import time
++import ldap
++import logging
++import pytest
++from lib389 import DirSrv, Entry, tools, tasks
++from lib389.tools import DirSrvTools
++from lib389._constants import *
++from lib389.properties import *
++from lib389.tasks import *
++from lib389.utils import *
++
++logging.getLogger(__name__).setLevel(logging.DEBUG)
++log = logging.getLogger(__name__)
++
++installation1_prefix = None
++
++
++class TopologyStandalone(object):
++ def __init__(self, standalone):
++ standalone.open()
++ self.standalone = standalone
++
++
++@pytest.fixture(scope="module")
++def topology(request):
++ global installation1_prefix
++ if installation1_prefix:
++ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
++
++ # Creating standalone instance ...
++ standalone = DirSrv(verbose=False)
++ args_instance[SER_HOST] = HOST_STANDALONE
++ args_instance[SER_PORT] = PORT_STANDALONE
++ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
++ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
++ args_standalone = args_instance.copy()
++ standalone.allocate(args_standalone)
++ instance_standalone = standalone.exists()
++ if instance_standalone:
++ standalone.delete()
++ standalone.create()
++ standalone.open()
++
++ # Delete each instance in the end
++ def fin():
++ standalone.delete()
++ request.addfinalizer(fin)
++
++ # Clear out the tmp dir
++ standalone.clearTmpDir(__file__)
++
++ return TopologyStandalone(standalone)
++
++
++def test_ticket48233(topology):
++ """Test that ACI's that use IP restrictions do not crash the server at
++ shutdown
++ """
++
++ # Add aci to restrict access my ip
++ aci_text = ('(targetattr != "userPassword")(version 3.0;acl ' +
++ '"Enable anonymous access - IP"; allow (read,compare,search)' +
++ '(userdn = "ldap:///anyone") and (ip="127.0.0.1");)')
++
++ try:
++ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', aci_text)])
++ except ldap.LDAPError as e:
++ log.error('Failed to add aci: (%s) error %s' % (aci_text, e.message['desc']))
++ assert False
++ time.sleep(1)
++
++ # Anonymous search to engage the aci
++ try:
++ topology.standalone.simple_bind_s("", "")
++ except ldap.LDAPError as e:
++ log.error('Failed to anonymously bind -error %s' % (e.message['desc']))
++ assert False
++
++ try:
++ entries = topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'objectclass=*')
++ if not entries:
++ log.fatal('Failed return an entries from search')
++ assert False
++ except ldap.LDAPError, e:
++ log.fatal('Search failed: ' + e.message['desc'])
++ assert False
++
++ # Restart the server
++ topology.standalone.restart(timeout=10)
++
++ # Check for crash
++ if topology.standalone.detectDisorderlyShutdown():
++ log.fatal('Server crashed!')
++ assert False
++
++ log.info('Test complete')
++
++
++if __name__ == '__main__':
++ # Run isolated
++ # -s for DEBUG mode
++ CURRENT_FILE = os.path.realpath(__file__)
++ pytest.main("-s %s" % CURRENT_FILE)
+\ No newline at end of file
+diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c
+index 45a6315..d90996e 100644
+--- a/ldap/servers/plugins/acl/aclplugin.c
++++ b/ldap/servers/plugins/acl/aclplugin.c
+@@ -269,13 +269,13 @@ aclplugin_stop ( Slapi_PBlock *pb )
+ {
+ int rc = 0; /* OK */
+
++ free_acl_avl_list();
+ ACL_Destroy();
+ acl_destroy_aclpb_pool();
+ acl_remove_ext();
+ ACL_AttrGetterHashDestroy();
+ ACL_MethodHashDestroy();
+ ACL_DestroyPools();
+- free_acl_avl_list();
+ aclanom__del_profile(1);
+ aclgroup_free();
+ //aclext_free_lockarray();
+--
+1.9.3
+
diff --git a/SOURCES/0047-Ticket-47722-Using-the-filter-file-does-not-work.patch b/SOURCES/0047-Ticket-47722-Using-the-filter-file-does-not-work.patch
deleted file mode 100644
index ea339f2..0000000
--- a/SOURCES/0047-Ticket-47722-Using-the-filter-file-does-not-work.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 325de7ba798d0f1b7ab4b6e607653306032cd8cd Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 9 Dec 2014 15:29:07 -0500
-Subject: [PATCH 47/53] Ticket 47722 - Using the filter file does not work
-
-Bug Description: Using a filter file does not work correctly. rsearch fails to
- to use the filters from the file.
-
-Fix Description: There was a bug where we incorrectly freed each filter right after
- we added it to the local list. This left the list empty.
-
-https://fedorahosted.org/389/ticket/47722
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit fb22b387e4376caae35121a645a5879dbac7b4fb)
-(cherry picked from commit 4002f3b946f567994de6c32c6ff713b1d341a975)
----
- ldap/servers/slapd/tools/rsearch/nametable.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/tools/rsearch/nametable.c b/ldap/servers/slapd/tools/rsearch/nametable.c
-index 9d56a34..03a6ae1 100644
---- a/ldap/servers/slapd/tools/rsearch/nametable.c
-+++ b/ldap/servers/slapd/tools/rsearch/nametable.c
-@@ -160,7 +160,6 @@ int nt_load(NameTable *nt, const char *filename)
- free(s);
- break;
- }
-- free(s);
- }
- PR_Close(fd);
- return nt->size;
---
-1.9.3
-
diff --git a/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch b/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
new file mode 100644
index 0000000..616cc6b
--- /dev/null
+++ b/SOURCES/0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
@@ -0,0 +1,147 @@
+From d88650af2dc614519bdb138b162d3c6e3b5ae9c5 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 18 Aug 2015 13:43:55 -0700
+Subject: [PATCH 47/47] Ticket #48243 - replica upgrade failed in starting
+ dirsrv service due to upgrade scripts did not run
+
+Description: In the upgrade process, there is a combination of requirements:
+ . the server is running.
+ . the server instance service is disabled.
+ . upgrade scripts are expected to run against the instance.
+ . the server is restarted once the upgrade is done.
+ . the server instance service remains disabled.
+To fulfill the requirements,
+ . spec file is modified to enumerate slapd dir (except .remove) in the
+ /etc/dirsrv for getting the server instance.
+ . Start/Update perl scripts are modified not to create a symlink in
+ /etc/systemd/system/dirsrv.target.wants for the upgrade case, which
+ means the service remains disabled.
+
+https://fedorahosted.org/389/ticket/48243
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 29c09a5bcc7d54be1aa6880b4f2a423edd3dc463)
+(cherry picked from commit 2c5e0d5692bcabe16a7e3b8e0d24eb3a88913155)
+---
+ ldap/admin/src/scripts/DSCreate.pm.in | 7 ++++---
+ ldap/admin/src/scripts/DSMigration.pm.in | 2 +-
+ ldap/admin/src/scripts/DSUpdate.pm.in | 2 +-
+ rpm/389-ds-base.spec.in | 20 +++++++++++++-------
+ 4 files changed, 19 insertions(+), 12 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
+index e4a4ed0..cdde339 100644
+--- a/ldap/admin/src/scripts/DSCreate.pm.in
++++ b/ldap/admin/src/scripts/DSCreate.pm.in
+@@ -1098,6 +1098,7 @@ sub updateTmpfilesDotD {
+ }
+
+ sub updateSystemD {
++ my $noservicelink = shift;
+ my $inf = shift;
+ my $unitdir = "@systemdsystemunitdir@";
+ my $confbasedir = "@systemdsystemconfdir@";
+@@ -1129,7 +1130,7 @@ sub updateSystemD {
+ next;
+ } else {
+ my $servicelink = "$confdir/$pkgname\@$inst.service";
+- if (! -l $servicelink) {
++ if (! -l $servicelink && ! $noservicelink) {
+ if (!symlink($servicefile, $servicelink)) {
+ debug(1, "error updating link $servicelink to $servicefile - $!\n");
+ push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ];
+@@ -1216,7 +1217,7 @@ sub createDSInstance {
+ return @errs;
+ }
+
+- if (@errs = updateSystemD($inf)) {
++ if (@errs = updateSystemD(0, $inf)) {
+ return @errs;
+ }
+
+@@ -1452,7 +1453,7 @@ sub removeDSInstance {
+ }
+
+ # update systemd files
+- push @errs, updateSystemD();
++ push @errs, updateSystemD(0);
+
+ # if we got here, report success
+ if (@errs) {
+diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in
+index e59e667..630ab43 100644
+--- a/ldap/admin/src/scripts/DSMigration.pm.in
++++ b/ldap/admin/src/scripts/DSMigration.pm.in
+@@ -1132,7 +1132,7 @@ sub migrateDS {
+ }
+
+ # do the systemd stuff
+- @errs = DSCreate::updateSystemD($inf);
++ @errs = DSCreate::updateSystemD(0, $inf);
+ if (@errs) {
+ $mig->msg(@errs);
+ goto cleanup;
+diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in
+index 1809ad9..be1e67c 100644
+--- a/ldap/admin/src/scripts/DSUpdate.pm.in
++++ b/ldap/admin/src/scripts/DSUpdate.pm.in
+@@ -408,7 +408,7 @@ sub updateDSInstance {
+
+ push @errs, updateTmpfilesDotD($inf);
+
+- push @errs, updateSystemD($inf);
++ push @errs, updateSystemD(1, $inf);
+
+ return @errs;
+ }
+diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
+index d0bbb7a..b7556e1 100644
+--- a/rpm/389-ds-base.spec.in
++++ b/rpm/389-ds-base.spec.in
+@@ -248,6 +248,7 @@ rm -rf $RPM_BUILD_ROOT
+
+ %post
+ output=/dev/null
++output2=/dev/null
+ %systemd_post %{pkgname}-snmp.service
+ # reload to pick up any changes to systemd files
+ /bin/systemctl daemon-reload >$output 2>&1 || :
+@@ -260,12 +261,17 @@ instances="" # instances that require a restart after upgrade
+ ninst=0 # number of instances found in total
+ if [ -n "$DEBUGPOSTTRANS" ] ; then
+ output=$DEBUGPOSTTRANS
++ output2=${DEBUGPOSTTRANS}.upgrade
+ fi
+-echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
+-for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
+- if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
+- inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
+- echo found instance $inst - getting status >> $output 2>&1 || :
++echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
++instbase="%{_sysconfdir}/%{pkgname}"
++for dir in $instbase/slapd-* ; do
++ echo dir = $dir >> $output 2>&1 || :
++ if [ ! -d "$dir" ] ; then continue ; fi
++ case "$dir" in *.removed) continue ;; esac
++ basename=`basename $dir`
++ inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
++ echo found instance $inst - getting status >> $output 2>&1 || :
+ if /bin/systemctl -q is-active $inst ; then
+ echo instance $inst is running >> $output 2>&1 || :
+ instances="$instances $inst"
+@@ -290,9 +296,9 @@ echo remove pid files . . . >> $output 2>&1 || :
+ echo upgrading instances . . . >> $output 2>&1 || :
+ DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
+ if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
+- %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
++ %{_sbindir}/setup-ds.pl -l $output2 -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
+ else
+- %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
++ %{_sbindir}/setup-ds.pl -l $output2 -u -s General.UpdateMode=offline >> $output 2>&1 || :
+ fi
+
+ # restart instances that require it
+--
+1.9.3
+
diff --git a/SOURCES/0048-Ticket-47451-Need-to-unregister-tasks-created-by-plu.patch b/SOURCES/0048-Ticket-47451-Need-to-unregister-tasks-created-by-plu.patch
deleted file mode 100644
index 58a9168..0000000
--- a/SOURCES/0048-Ticket-47451-Need-to-unregister-tasks-created-by-plu.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-From d9e460db38763e81f1065777dd54f95efd108017 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 13 Nov 2014 17:22:24 -0500
-Subject: [PATCH 48/53] Ticket 47451 - Need to unregister tasks created by
- plugins
-
-Bug Description: Tasks created by plugins are not unregistered when a plugin
- is stopped or deleted. Repeated stopping/starting a plugin
- that registers tasks will corrupt the dse callback linked list
- and will crash the server if a task is invoked.
-
-Fix Description: Create a plugin task unregister function, and call it in the
- clsoe functions of plugins that register functions.
-
-https://fedorahosted.org/389/ticket/47451
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 005c4c9be360a7ebba38b61f934ace94224eef3f)
-(cherry picked from commit fb7eef1c08a2d15c94eaedaabec2b07e970ffb3a)
----
- ldap/servers/plugins/automember/automember.c | 8 ++++++++
- ldap/servers/plugins/linkedattrs/linked_attrs.c | 2 ++
- ldap/servers/plugins/memberof/memberof.c | 1 +
- .../plugins/posix-winsync/posix-winsync-config.c | 1 +
- ldap/servers/plugins/schema_reload/schema_reload.c | 2 ++
- ldap/servers/plugins/usn/usn.c | 1 +
- ldap/servers/plugins/usn/usn.h | 1 +
- ldap/servers/plugins/usn/usn_cleanup.c | 8 ++++++++
- ldap/servers/slapd/slapi-plugin.h | 1 +
- ldap/servers/slapd/task.c | 19 +++++++++++++++++++
- 10 files changed, 44 insertions(+)
-
-diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
-index c5bb0ae..c443a65 100644
---- a/ldap/servers/plugins/automember/automember.c
-+++ b/ldap/servers/plugins/automember/automember.c
-@@ -397,6 +397,14 @@ automember_close(Slapi_PBlock * pb)
- slapi_log_error(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM,
- "--> automember_close\n");
-
-+ /* unregister the tasks */
-+ slapi_plugin_task_unregister_handler("automember rebuild membership",
-+ automember_task_add);
-+ slapi_plugin_task_unregister_handler("automember export updates",
-+ automember_task_add_export_updates);
-+ slapi_plugin_task_unregister_handler("automember map updates",
-+ automember_task_add_map_entries);
-+
- automember_delete_config();
- slapi_ch_free((void **)&g_automember_config);
- slapi_sdn_free(&_PluginDN);
-diff --git a/ldap/servers/plugins/linkedattrs/linked_attrs.c b/ldap/servers/plugins/linkedattrs/linked_attrs.c
-index 20bb9fa..e302867 100644
---- a/ldap/servers/plugins/linkedattrs/linked_attrs.c
-+++ b/ldap/servers/plugins/linkedattrs/linked_attrs.c
-@@ -383,6 +383,8 @@ linked_attrs_close(Slapi_PBlock * pb)
- slapi_log_error(SLAPI_LOG_TRACE, LINK_PLUGIN_SUBSYSTEM,
- "--> linked_attrs_close\n");
-
-+ slapi_plugin_task_unregister_handler("fixup linked attributes", linked_attrs_fixup_task_add);
-+
- linked_attrs_delete_config();
- slapi_destroy_rwlock(g_config_lock);
- g_config_lock = NULL;
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index ce48f01..cb4ef75 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -454,6 +454,7 @@ int memberof_postop_close(Slapi_PBlock *pb)
- slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
- "--> memberof_postop_close\n" );
-
-+ slapi_plugin_task_unregister_handler("memberof task", memberof_task_add);
- memberof_release_config();
- slapi_sdn_free(&_ConfigAreaDN);
- slapi_sdn_free(&_pluginDN);
-diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
-index 4234080..50e3a61 100644
---- a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
-+++ b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
-@@ -237,6 +237,7 @@ posix_winsync_config(Slapi_Entry *config_e)
- void
- posix_winsync_config_free()
- {
-+ slapi_plugin_task_unregister_handler("memberuid task", posix_group_task_add);
- slapi_entry_free(theConfig.config_e);
- theConfig.config_e = NULL;
- slapi_destroy_mutex(theConfig.lock);
-diff --git a/ldap/servers/plugins/schema_reload/schema_reload.c b/ldap/servers/plugins/schema_reload/schema_reload.c
-index 6cf1181..3ff4c4d 100644
---- a/ldap/servers/plugins/schema_reload/schema_reload.c
-+++ b/ldap/servers/plugins/schema_reload/schema_reload.c
-@@ -131,6 +131,8 @@ schemareload_start(Slapi_PBlock *pb)
- static int
- schemareload_close(Slapi_PBlock *pb)
- {
-+
-+ slapi_plugin_task_unregister_handler("schema reload task", schemareload_add);
- PR_DestroyLock(schemareload_lock);
-
- return 0;
-diff --git a/ldap/servers/plugins/usn/usn.c b/ldap/servers/plugins/usn/usn.c
-index 837dc2e..6b34bf4 100644
---- a/ldap/servers/plugins/usn/usn.c
-+++ b/ldap/servers/plugins/usn/usn.c
-@@ -300,6 +300,7 @@ usn_close(Slapi_PBlock *pb)
- {
- slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM, "--> usn_close\n");
-
-+ usn_cleanup_close();
- slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP,
- "", LDAP_SCOPE_BASE, "(objectclass=*)", usn_rootdse_search);
-
-diff --git a/ldap/servers/plugins/usn/usn.h b/ldap/servers/plugins/usn/usn.h
-index 8e6c5c8..4bc9e97 100644
---- a/ldap/servers/plugins/usn/usn.h
-+++ b/ldap/servers/plugins/usn/usn.h
-@@ -54,4 +54,5 @@ void *usn_get_identity();
-
- /* usn_cleanup.c */
- int usn_cleanup_start(Slapi_PBlock *pb);
-+int usn_cleanup_close();
-
-diff --git a/ldap/servers/plugins/usn/usn_cleanup.c b/ldap/servers/plugins/usn/usn_cleanup.c
-index 2b1371d..c12dfd2 100644
---- a/ldap/servers/plugins/usn/usn_cleanup.c
-+++ b/ldap/servers/plugins/usn/usn_cleanup.c
-@@ -58,6 +58,14 @@ usn_cleanup_start(Slapi_PBlock *pb)
- return rc;
- }
-
-+int
-+usn_cleanup_close()
-+{
-+ int rc = slapi_plugin_task_unregister_handler("USN tombstone cleanup task",
-+ usn_cleanup_add);
-+ return rc;
-+}
-+
- /*
- * Task thread
- */
-diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
-index 8ffc582..0ae3601 100644
---- a/ldap/servers/slapd/slapi-plugin.h
-+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -6604,6 +6604,7 @@ int slapi_config_remove_callback(int operation, int flags, const char *base, int
-
- int slapi_task_register_handler(const char *name, dseCallbackFn func);
- int slapi_plugin_task_register_handler(const char *name, dseCallbackFn func, Slapi_PBlock *plugin_pb);
-+int slapi_plugin_task_unregister_handler(const char *name, dseCallbackFn func);
- void slapi_task_begin(Slapi_Task *task, int total_work);
- void slapi_task_inc_progress(Slapi_Task *task);
- void slapi_task_finish(Slapi_Task *task, int rc);
-diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
-index 2a0cb82..006ae53 100644
---- a/ldap/servers/slapd/task.c
-+++ b/ldap/servers/slapd/task.c
-@@ -461,6 +461,25 @@ int slapi_task_get_refcount(Slapi_Task *task)
- }
-
- int
-+slapi_plugin_task_unregister_handler(const char *name, dseCallbackFn func)
-+{
-+ char *base = NULL;
-+ int rc = 0;
-+
-+ base = slapi_create_dn_string("cn=%s,%s", name, TASK_BASE_DN);
-+
-+ slapi_config_remove_callback(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP, base,
-+ LDAP_SCOPE_SUBTREE, "(objectclass=*)", func);
-+ slapi_config_remove_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP,
-+ base, LDAP_SCOPE_BASE, "(objectclass=*)", task_deny);
-+ slapi_config_remove_callback(SLAPI_OPERATION_DELETE, DSE_FLAG_PREOP,
-+ base, LDAP_SCOPE_BASE, "(objectclass=*)", task_deny);
-+ slapi_ch_free_string(&base);
-+
-+ return rc;
-+}
-+
-+int
- slapi_plugin_task_register_handler(const char *name, dseCallbackFn func, Slapi_PBlock *plugin_pb)
- {
- Slapi_PBlock *add_pb = NULL;
---
-1.9.3
-
diff --git a/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch b/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
new file mode 100644
index 0000000..8a3830b
--- /dev/null
+++ b/SOURCES/0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
@@ -0,0 +1,40 @@
+From 0e44c819b72dfad40a7f9eea6067f6060fa9c35b Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Wed, 19 Aug 2015 10:03:50 -0400
+Subject: [PATCH] Ticket 47831 - remove debug logging from retro cl
+
+Description: Instrumented debug logging was accidentally left in the source.
+ This logging is being removed.
+
+https://fedorahosted.org/389/ticket/47931
+
+Reviewed by: mreynolds
+
+(cherry picked from commit db7153f89bf3dda935e6ef4f175697bda32fe720)
+(cherry picked from commit 1781280f133c4877f83949400294641a558f5406)
+---
+ ldap/servers/plugins/retrocl/retrocl_po.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
+index f689373..d9f4e6d 100644
+--- a/ldap/servers/plugins/retrocl/retrocl_po.c
++++ b/ldap/servers/plugins/retrocl/retrocl_po.c
+@@ -157,14 +157,11 @@ write_replog_db(
+ int err = 0;
+ int ret = LDAP_SUCCESS;
+ int i;
+- int mark = 0;
+
+ if (!dn) {
+ slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
+ return ret;
+ }
+- mark = (post_entry && retrocl_entry_in_scope(post_entry));
+- slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
+
+ if (post_entry){
+ if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
+--
+1.9.3
+
diff --git a/SOURCES/0049-Ticket-47451-Running-a-plugin-task-can-crash-the-ser.patch b/SOURCES/0049-Ticket-47451-Running-a-plugin-task-can-crash-the-ser.patch
deleted file mode 100644
index 057e0d8..0000000
--- a/SOURCES/0049-Ticket-47451-Running-a-plugin-task-can-crash-the-ser.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 511ee2b326c8110678c34f66d1d043770afc5900 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 26 Nov 2014 16:23:00 -0500
-Subject: [PATCH 49/53] Ticket 47451 - Running a plugin task can crash the
- server
-
-Bug Description: When a plugin task completes it attempts to update a counter,
- but the wrong structure is accessed which can lead to a crash.
-
-Fix Description: When creating a new task, make sure to store the plugin structure,
- not the pblock in the task structure.
-
-https://fedorahosted.org/389/ticket/47451
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 0e0848a8385463532d53db94c0c8cae912c30eb4)
-(cherry picked from commit d34b0ced2ed3ed81c6c487e90d4c372939da4677)
----
- ldap/servers/slapd/task.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
-index 006ae53..b1f7652 100644
---- a/ldap/servers/slapd/task.c
-+++ b/ldap/servers/slapd/task.c
-@@ -131,9 +131,9 @@ slapi_new_task(const char *dn)
- }
-
- Slapi_Task *
--slapi_plugin_new_task(const char *dn, void *plugin)
-+slapi_plugin_new_task(const char *dn, void *plugin_pb)
- {
-- return new_task(dn, plugin);
-+ return new_task(dn, plugin_pb);
- }
-
- /* slapi_destroy_task: destroy a task
-@@ -583,9 +583,11 @@ void slapi_task_set_cancel_fn(Slapi_Task *task, TaskCallbackFn func)
- ***********************************/
- /* create a new task, fill in DN, and setup modify callback */
- static Slapi_Task *
--new_task(const char *rawdn, void *plugin)
-+new_task(const char *rawdn, void *plugin_pb)
- {
- Slapi_Task *task = NULL;
-+ Slapi_PBlock *pb = (Slapi_PBlock *)plugin_pb;
-+ void *plugin = pb ? pb->pb_plugin : NULL;
- char *dn = NULL;
-
- if (rawdn == NULL) {
---
-1.9.3
-
diff --git a/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch b/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
new file mode 100644
index 0000000..e717cd5
--- /dev/null
+++ b/SOURCES/0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
@@ -0,0 +1,62 @@
+From 6a07ebb40ee121c176f789d01937d7ceedc77776 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 20 Aug 2015 17:01:28 -0700
+Subject: [PATCH 49/52] Ticket #48254 - CLI db2index fails with usage errors
+
+Bug Description:
+1) CLI db2index had an issue in option handling, which accidentally
+added '=' at the end of the previous option.
+2) if a value of an option includes a white space, e.g., -T "by MCC
+ou=People dc=example dc=com", the value was not passed to the program
+as a string.
+
+Fix Description:
+1) Removed unnecessary '='.
+2) Quote $OPTARG which could include a white space, and call ns-slapd
+ command line vai eval.
+
+https://fedorahosted.org/389/ticket/48254
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
+
+(cherry picked from commit 3507c46c9f1156df11b6cf05eba695d81088b416)
+(cherry picked from commit a6d7e3bd29eb63def170f73dc21e967df230f20a)
+---
+ ldap/admin/src/scripts/db2index.in | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
+index 2b76cd1..6a0785e 100755
+--- a/ldap/admin/src/scripts/db2index.in
++++ b/ldap/admin/src/scripts/db2index.in
+@@ -39,13 +39,13 @@ do
+ benameopt="set";;
+ s) args=$args" -s $OPTARG"
+ includeSuffix="set";;
+- t) args=$args" -t $OPTARG";;
+- T) args=$args=" -T $OPTARG";;
+- d) args=$args=" -d $OPTARG";;
+- a) args=$args=" -a $OPTARG";;
+- x) args=$args=" -x $OPTARG";;
+- v) args=$args=" -v";;
+- S) args=$args=" -S";;
++ t) args=$args" -t "\"$OPTARG\";;
++ T) args=$args" -T "\"$OPTARG\";;
++ d) args=$args" -d $OPTARG";;
++ a) args=$args" -a $OPTARG";;
++ x) args=$args" -x $OPTARG";;
++ v) args=$args" -v";;
++ S) args=$args" -S";;
+ D) args=$args" -D $OPTARG";;
+ ?) usage
+ exit 1;;
+@@ -79,5 +79,5 @@ then
+ usage
+ exit 1
+ else
+- @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
++ eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
+ fi
+--
+1.9.3
+
diff --git a/SOURCES/0050-Ticket-47451-Dynamic-Plugin-various-fixes.patch b/SOURCES/0050-Ticket-47451-Dynamic-Plugin-various-fixes.patch
deleted file mode 100644
index 97583e7..0000000
--- a/SOURCES/0050-Ticket-47451-Dynamic-Plugin-various-fixes.patch
+++ /dev/null
@@ -1,610 +0,0 @@
-From 78b344ff88f488aa63ccccf464e83ad55ee9e96d Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 16 Dec 2014 15:25:35 -0500
-Subject: [PATCH 50/53] Ticket 47451 - Dynamic Plugin - various fixes
-
-Description: The previous commit 0e0848a8385463532d53db94c0c8cae912c30eb4 on
- master branch was wrong, and broke the other plugin tasks.
-
- Upon further testing, some memory leaks and crashes were detected
- and fixed:
-
- automember.c - Fix memory leak, and PRCList corruption
- dna.c - Fix crash caused by event context not being freed at plugin stop
- memberof.c - pass in the correct function argument, not the pblock
- rootdn_access.c - Fix memory leak
- plugins/uiduniq/uid.c - Add start and close functions to properly handle plugin restarts
- dse.c - Improve plugin restart handling, and properly handle plugin registration
- plugin.c - Properly wait for a plugin to finish before restarting it.
- task.c - Proprely handle the task function arguments
-
-https://fedorahosted.org/389/ticket/47451
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit ff023a48b7fc78711eed8ae11e67057597acdeb3)
-(cherry picked from commit f17159e73ba0851599c4e50c1bf52d3d10f2711f)
----
- ldap/servers/plugins/automember/automember.c | 4 +-
- ldap/servers/plugins/dna/dna.c | 14 ++-
- ldap/servers/plugins/memberof/memberof.c | 2 +-
- ldap/servers/plugins/rootdn_access/rootdn_access.c | 4 +-
- ldap/servers/plugins/schema_reload/schema_reload.c | 2 +-
- ldap/servers/plugins/uiduniq/uid.c | 63 ++++++++----
- ldap/servers/slapd/dse.c | 74 +++++++-------
- ldap/servers/slapd/plugin.c | 110 ++++++++++++---------
- ldap/servers/slapd/task.c | 10 +-
- 9 files changed, 161 insertions(+), 122 deletions(-)
-
-diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
-index c443a65..6a8fd22 100644
---- a/ldap/servers/plugins/automember/automember.c
-+++ b/ldap/servers/plugins/automember/automember.c
-@@ -406,7 +406,6 @@ automember_close(Slapi_PBlock * pb)
- automember_task_add_map_entries);
-
- automember_delete_config();
-- slapi_ch_free((void **)&g_automember_config);
- slapi_sdn_free(&_PluginDN);
- slapi_sdn_free(&_ConfigAreaDN);
- slapi_destroy_rwlock(g_automember_config_lock);
-@@ -449,6 +448,8 @@ automember_load_config()
- /* Clear out any old config. */
- automember_config_write_lock();
- automember_delete_config();
-+ g_automember_config = (PRCList *)slapi_ch_calloc(1, sizeof(struct configEntry));
-+ PR_INIT_CLIST(g_automember_config);
-
- search_pb = slapi_pblock_new();
-
-@@ -866,6 +867,7 @@ automember_delete_config()
- list = PR_LIST_HEAD(g_automember_config);
- automember_delete_configEntry(list);
- }
-+ slapi_ch_free((void **)&g_automember_config);
-
- return;
- }
-diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
-index 75edca8..ded0bbb 100644
---- a/ldap/servers/plugins/dna/dna.c
-+++ b/ldap/servers/plugins/dna/dna.c
-@@ -202,6 +202,7 @@ static char *hostname = NULL;
- static char *portnum = NULL;
- static char *secureportnum = NULL;
-
-+static Slapi_Eq_Context eq_ctx = {0};
-
- /**
- * server struct for shared ranges
-@@ -708,6 +709,7 @@ dna_close(Slapi_PBlock * pb)
- slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
- "--> dna_close\n");
-
-+ slapi_eq_cancel(eq_ctx);
- dna_delete_config(NULL);
- slapi_ch_free((void **)&dna_global_config);
- slapi_destroy_rwlock(g_dna_cache_lock);
-@@ -869,7 +871,7 @@ dna_load_plugin_config(Slapi_PBlock *pb, int use_eventq)
- * starting up would cause the change to not
- * get changelogged. */
- time(&now);
-- slapi_eq_once(dna_update_config_event, NULL, now + 30);
-+ eq_ctx = slapi_eq_once(dna_update_config_event, NULL, now + 30);
- } else {
- dna_update_config_event(0, NULL);
- }
-@@ -2404,7 +2406,7 @@ static int dna_get_next_value(struct configEntry *config_entry,
- } else {
- /* dna_first_free_value() failed for some unknown reason */
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-- "dna_get_next_value: failed to allocate a new ID!!\n");
-+ "dna_get_next_value: failed to allocate a new ID!! (set(%d) (max: %d)\n",setval,config_entry->maxval);
- goto done;
- }
- }
-@@ -3401,7 +3403,7 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
- ret = dna_first_free_value(config_entry, &setval);
- if (LDAP_SUCCESS != ret){
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-- "dna_pre_op: failed to allocate a new ID\n");
-+ "dna_pre_op: failed to allocate a new ID 1\n");
- /* Set an error string to be returned to the client. */
- *errstr = slapi_ch_smprintf("Allocation of a new value for range"
- " %s failed! Unable to proceed.",
-@@ -3412,7 +3414,9 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
- } else {
- /* dna_first_free_value() failed for some unknown reason */
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-- "dna_pre_op: failed to allocate a new ID!!\n");
-+ "dna_pre_op: failed to allocate a new ID!! 2\n");
-+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-+ "dna_get_next_value: failed to allocate a new ID!! (set(%d) (max: %d)\n",setval,config_entry->maxval);
- /* Set an error string to be returned to the client. */
- *errstr = slapi_ch_smprintf("Allocation of a new value for range"
- " %s failed! Unable to proceed.",
-@@ -3678,6 +3682,8 @@ _dna_pre_op_modify(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Mods *smods, char **e
- /* dna_first_free_value() failed for some unknown reason */
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_pre_op: failed to allocate a new ID!!\n");
-+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-+ "dna_get_next_value: failed to allocate a new ID!! (set(%d) (max: %d)\n",setval,config_entry->maxval);
- /* Set an error string to be returned to the client. */
- *errstr = slapi_ch_smprintf("Allocation of a new value for range"
- " %s failed! Unable to proceed.",
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index cb4ef75..bfa733a 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -2764,7 +2764,7 @@ int memberof_task_add(Slapi_PBlock *pb, Slapi_Entry *e,
- mytaskdata->bind_dn = slapi_ch_strdup(bind_dn);
-
- /* allocate new task now */
-- task = slapi_plugin_new_task(slapi_entry_get_ndn(e), pb);
-+ task = slapi_plugin_new_task(slapi_entry_get_ndn(e), arg);
-
- /* register our destructor for cleaning up our private data */
- slapi_task_set_destructor_fn(task, memberof_task_destructor);
-diff --git a/ldap/servers/plugins/rootdn_access/rootdn_access.c b/ldap/servers/plugins/rootdn_access/rootdn_access.c
-index 9122f9b..3045e9f 100644
---- a/ldap/servers/plugins/rootdn_access/rootdn_access.c
-+++ b/ldap/servers/plugins/rootdn_access/rootdn_access.c
-@@ -217,7 +217,7 @@ rootdn_close(Slapi_PBlock *pb)
- slapi_ch_array_free(hosts);
- slapi_ch_array_free(hosts_to_deny);
- slapi_ch_array_free(ips);
-- slapi_ch_array_free(ips);
-+ slapi_ch_array_free(ips_to_deny);
-
- return 0;
- }
-@@ -416,6 +416,8 @@ rootdn_load_config(Slapi_PBlock *pb)
- }
- } else {
- /* failed to get the plugin entry */
-+ slapi_log_error(SLAPI_LOG_FATAL, ROOTDN_PLUGIN_SUBSYSTEM, "rootdn_load_config: "
-+ "Failed to get plugin entry\n");
- result = -1;
- }
-
-diff --git a/ldap/servers/plugins/schema_reload/schema_reload.c b/ldap/servers/plugins/schema_reload/schema_reload.c
-index 3ff4c4d..b1a5bb8 100644
---- a/ldap/servers/plugins/schema_reload/schema_reload.c
-+++ b/ldap/servers/plugins/schema_reload/schema_reload.c
-@@ -273,7 +273,7 @@ schemareload_add(Slapi_PBlock *pb, Slapi_Entry *e,
- schemadir = fetch_attr(e, "schemadir", NULL);
-
- /* allocate new task now */
-- task = slapi_plugin_new_task(slapi_entry_get_ndn(e), pb);
-+ task = slapi_plugin_new_task(slapi_entry_get_ndn(e), arg);
- if (task == NULL) {
- slapi_log_error(SLAPI_LOG_FATAL, "schemareload", "unable to allocate new task!\n");
- *returncode = LDAP_OPERATIONS_ERROR;
-diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c
-index 07ff0ec..f37ab8c 100644
---- a/ldap/servers/plugins/uiduniq/uid.c
-+++ b/ldap/servers/plugins/uiduniq/uid.c
-@@ -1265,6 +1265,38 @@ preop_modrdn(Slapi_PBlock *pb)
-
- }
-
-+static int
-+uiduniq_start(Slapi_PBlock *pb)
-+{
-+ Slapi_Entry *plugin_entry = NULL;
-+ struct attr_uniqueness_config *config = NULL;
-+
-+ if (slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &plugin_entry) == 0){
-+ /* load the config into the config list */
-+ if ((config = uniqueness_entry_to_config(pb, plugin_entry)) == NULL) {
-+ return SLAPI_PLUGIN_FAILURE;
-+ }
-+ slapi_pblock_set(pb, SLAPI_PLUGIN_PRIVATE, (void*) config);
-+ }
-+
-+ return 0;
-+}
-+
-+static int
-+uiduniq_close(Slapi_PBlock *pb)
-+{
-+ Slapi_Entry *plugin_entry = NULL;
-+ struct attr_uniqueness_config *config = NULL;
-+
-+ slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &config);
-+ if (config) {
-+ slapi_pblock_set(pb, SLAPI_PLUGIN_PRIVATE, NULL);
-+ free_uniqueness_config(config);
-+ slapi_ch_free((void **) &config);
-+ }
-+ return 0;
-+}
-+
- /* ------------------------------------------------------------ */
- /*
- * Initialize the plugin
-@@ -1307,13 +1339,6 @@ NSUniqueAttr_Init(Slapi_PBlock *pb)
- }
- slapi_ch_free_string(&plugin_type);
-
-- /* load the config into the config list */
-- if ((config = uniqueness_entry_to_config(pb, plugin_entry)) == NULL) {
-- err = SLAPI_PLUGIN_FAILURE;
-- break;
-- }
-- slapi_pblock_set(pb, SLAPI_PLUGIN_PRIVATE, (void*) config);
--
- /* Provide descriptive information */
- err = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
- (void*)&pluginDesc);
-@@ -1329,30 +1354,26 @@ NSUniqueAttr_Init(Slapi_PBlock *pb)
- err = slapi_pblock_set(pb, premdn, (void*)preop_modrdn);
- if (err) break;
-
-+ err = slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *) uiduniq_start);
-+ if (err) break;
-+
-+ err = slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *) uiduniq_close);
-+ if (err) break;
-+
-+
- END
-
- if (err) {
-- slapi_log_error(SLAPI_LOG_PLUGIN, "NSUniqueAttr_Init",
-- "Error: %d\n", err);
-- if (config) {
-- slapi_pblock_set(pb, SLAPI_PLUGIN_PRIVATE, NULL);
-- free_uniqueness_config(config);
-- slapi_ch_free((void **) &config);
-- }
-+ slapi_log_error(SLAPI_LOG_PLUGIN, "NSUniqueAttr_Init", "Error: %d\n", err);
- err = -1;
- }
- else
-- slapi_log_error(SLAPI_LOG_PLUGIN, "NSUniqueAttr_Init",
-- "plugin loaded\n");
-+ slapi_log_error(SLAPI_LOG_PLUGIN, "NSUniqueAttr_Init", "plugin loaded\n");
-
- return err;
- }
-
--int
--uidunique_init(Slapi_PBlock *pb)
--{
-- return NSUniqueAttr_Init(pb);
--}
-+
-
-
- /* ------------------------------------------------------------ */
-diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
-index fc5f492..f0ce255 100644
---- a/ldap/servers/slapd/dse.c
-+++ b/ldap/servers/slapd/dse.c
-@@ -1827,6 +1827,7 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
- int retval = -1;
- int need_be_postop = 0;
- int plugin_started = 0;
-+ int internal_op = 0;
-
- PR_ASSERT(pb);
- if (slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &pdse ) < 0 ||
-@@ -1843,6 +1844,8 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
- return retval;
- }
-
-+ internal_op = operation_is_flag_set(pb->pb_op, OP_FLAG_INTERNAL);
-+
- /* Find the entry we are about to modify. */
- ec = dse_get_entry_copy(pdse, sdn, DSE_USE_LOCK);
- if ( ec == NULL ) {
-@@ -2039,20 +2042,22 @@ dse_modify(Slapi_PBlock *pb) /* JCM There should only be one exit point from thi
- }
- }
- /*
-- * Perform postop plugin configuration changes
-+ * Perform postop plugin configuration changes unless this is an internal operation
- */
-- if(returncode == LDAP_SUCCESS){
-- dse_post_modify_plugin(ec, ecc, mods);
-- } else if(plugin_started){
-- if(plugin_started == 1){
-- /* the op failed, turn the plugin off */
-- plugin_delete(ecc, returntext, 0 /* not locked */);
-- } else if (plugin_started == 2){
-- /*
-- * This probably can't happen, but...
-- * the op failed, turn the plugin back on.
-- */
-- plugin_add(ecc, returntext, 0 /* not locked */);
-+ if(!internal_op){
-+ if(returncode == LDAP_SUCCESS){
-+ dse_post_modify_plugin(ec, ecc, mods);
-+ } else if(plugin_started){
-+ if(plugin_started == 1){
-+ /* the op failed, turn the plugin off */
-+ plugin_delete(ecc, returntext, 0 /* not locked */);
-+ } else if (plugin_started == 2){
-+ /*
-+ * This probably can't happen, but...
-+ * the op failed, turn the plugin back on.
-+ */
-+ plugin_add(ecc, returntext, 0 /* not locked */);
-+ }
- }
- }
-
-@@ -2065,6 +2070,7 @@ static void
- dse_post_modify_plugin(Slapi_Entry *entryBefore, Slapi_Entry *entryAfter, LDAPMod **mods)
- {
- char *enabled = NULL;
-+ int restart_plugin = 1;
- int i;
-
- if (!slapi_entry_attr_hasvalue(entryBefore, SLAPI_ATTR_OBJECTCLASS, "nsSlapdPlugin") ||
-@@ -2080,31 +2086,18 @@ dse_post_modify_plugin(Slapi_Entry *entryBefore, Slapi_Entry *entryAfter, LDAPMo
- !strcasecmp(enabled, "on"))
- {
- for(i = 0; mods && mods[i]; i++){
-- /* Check if we are modifying a plugin's config, if so restart the plugin */
-- if (strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_PATH) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_INITFN) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_TYPE) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_DEPENDS_ON_TYPE) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_DEPENDS_ON_NAMED) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_SCHEMA_CHECK) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_BE_TXN) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_TARGET_SUBTREE) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_EXCLUDE_TARGET_SUBTREE) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_BIND_SUBTREE) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_EXCLUDE_BIND_SUBTREE) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_LOAD_NOW) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_LOAD_GLOBAL) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_PRECEDENCE) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_LOG_ACCESS) == 0 ||
-- strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_LOG_AUDIT) == 0 )
-- {
-- /* for all other plugin config changes, restart the plugin */
-- if(plugin_restart(entryBefore, entryAfter) != LDAP_SUCCESS){
-- slapi_log_error(SLAPI_LOG_FATAL,"dse_post_modify_plugin", "The configuration change "
-- "for plugin (%s) could not be applied dynamically, and will be ignored until "
-- "the server is restarted.\n",
-- slapi_entry_get_dn(entryBefore));
-- }
-+ if (strcasecmp(mods[i]->mod_type, ATTR_PLUGIN_ENABLED) == 0){
-+ /* we already stop/started the pugin - don't do it again */
-+ restart_plugin = 0;
-+ break;
-+ }
-+ }
-+ if(restart_plugin){ /* for all other plugin config changes, restart the plugin */
-+ if(plugin_restart(entryBefore, entryAfter) != LDAP_SUCCESS){
-+ slapi_log_error(SLAPI_LOG_FATAL,"dse_post_modify_plugin", "The configuration change "
-+ "for plugin (%s) could not be applied dynamically, and will be ignored until "
-+ "the server is restarted.\n",
-+ slapi_entry_get_dn(entryBefore));
- }
- }
- }
-@@ -2690,7 +2683,10 @@ slapi_config_register_callback_plugin(int operation,
- Slapi_DN dn;
-
- slapi_sdn_init_dn_byref(&dn,base);
-- rc = (NULL != dse_register_callback(pdse, operation, flags, &dn, scope, filter, fn, fn_arg, pb ? pb->pb_plugin: NULL));
-+ /* if a pblock was passed, this is a plugin, so set the f_arg as the plugin */
-+ rc = (NULL != dse_register_callback(pdse, operation, flags, &dn, scope, filter, fn,
-+ pb ? (void*)pb->pb_plugin : fn_arg,
-+ pb ? pb->pb_plugin: NULL));
- slapi_sdn_done(&dn);
- }
- }
-diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c
-index dde3ce5..820c25f 100644
---- a/ldap/servers/slapd/plugin.c
-+++ b/ldap/servers/slapd/plugin.c
-@@ -58,6 +58,11 @@
- #define CHECK_ALL 0
- #define CHECK_TYPE 1
-
-+/* plugin removal flags */
-+#define PLUGIN_NOT_FOUND 0
-+#define PLUGIN_REMOVED 1
-+#define PLUGIN_BUSY 2
-+
- static char *critical_plugins[] = { "cn=ldbm database,cn=plugins,cn=config",
- "cn=ACL Plugin,cn=plugins,cn=config",
- "cn=ACL preoperation,cn=plugins,cn=config",
-@@ -3294,7 +3299,7 @@ plugin_remove_plugins(struct slapdplugin *plugin_entry, char *plugin_type)
- struct slapdplugin *plugin = NULL;
- struct slapdplugin *plugin_next = NULL;
- struct slapdplugin *plugin_prev = NULL;
-- int removed = 0;
-+ int removed = PLUGIN_NOT_FOUND;
- int type;
-
- /* look everywhere for other plugin functions with the plugin id */
-@@ -3315,7 +3320,13 @@ plugin_remove_plugins(struct slapdplugin *plugin_entry, char *plugin_type)
-
- pblock_init(&pb);
- plugin_set_stopped(plugin);
-- plugin_op_all_finished(plugin);
-+ if (slapi_counter_get_value(plugin->plg_op_counter) > 0){
-+ /*
-+ * Plugin is still busy, and we might be blocking it
-+ * by holding global plugin lock so return for now.
-+ */
-+ return PLUGIN_BUSY;
-+ }
- plugin_call_one( plugin, SLAPI_PLUGIN_CLOSE_FN, &pb);
-
- if(plugin_prev){
-@@ -3332,7 +3343,7 @@ plugin_remove_plugins(struct slapdplugin *plugin_entry, char *plugin_type)
- plugin_remove_from_shutdown(plugin);
- plugin->plg_removed = 1;
- plugin->plg_started = 0;
-- removed = 1;
-+ removed = PLUGIN_REMOVED;
- } else {
- plugin_prev = plugin;
- }
-@@ -3362,15 +3373,10 @@ plugin_delete(Slapi_Entry *plugin_entry, char *returntext, int locked)
- const char *plugin_dn = slapi_entry_get_dn_const(plugin_entry);
- char *value = NULL;
- int td_locked = 1;
-- int removed = 0;
-+ int removed = PLUGIN_BUSY;
- int type = 0;
- int rc = LDAP_SUCCESS;
-
-- if(!locked){
-- slapi_rwlock_wrlock(global_rwlock);
-- }
-- slapi_td_set_plugin_locked(&td_locked);
--
- /* Critical server plugins can not be disabled */
- if(plugin_is_critical(plugin_entry)){
- LDAPDebug(LDAP_DEBUG_ANY, "plugin_delete: plugin \"%s\" is critical to server operations, and can not be disabled\n",
-@@ -3390,54 +3396,62 @@ plugin_delete(Slapi_Entry *plugin_entry, char *returntext, int locked)
- rc = -1;
- goto done;
- } else {
-- rc = plugin_get_type_and_list(value, &type, &plugin_list);
-- if ( rc != 0 ) {
-- /* error: unknown plugin type */
-- LDAPDebug(LDAP_DEBUG_ANY, "plugin_delete: unknown plugin type \"%s\" in entry \"%s\"\n",
-- value, slapi_entry_get_dn_const(plugin_entry), 0);
-- PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Plugin delete failed: unknown plugin type "
-+ while(removed == PLUGIN_BUSY){
-+ removed = PLUGIN_NOT_FOUND;
-+ if(!locked){
-+ slapi_rwlock_wrlock(global_rwlock);
-+ }
-+ slapi_td_set_plugin_locked(&td_locked);
-+
-+ rc = plugin_get_type_and_list(value, &type, &plugin_list);
-+ if ( rc != 0 ) {
-+ /* error: unknown plugin type */
-+ LDAPDebug(LDAP_DEBUG_ANY, "plugin_delete: unknown plugin type \"%s\" in entry \"%s\"\n",
-+ value, slapi_entry_get_dn_const(plugin_entry), 0);
-+ PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Plugin delete failed: unknown plugin type "
- "\"%s\" in entry.",value);
-- rc = -1;
-- goto done;
-- }
-+ rc = -1;
-+ goto unlock;
-+ }
-
-- /*
-- * Skip syntax/matching rule/database plugins - these can not be disabled as it
-- * could break existing schema. We allow the update to occur, but it will
-- * not take effect until the next server restart.
-- */
-- if(type == SLAPI_PLUGIN_SYNTAX || type == SLAPI_PLUGIN_MATCHINGRULE || type == SLAPI_PLUGIN_DATABASE){
-- removed = 1; /* avoids error check below */
-- goto done;
-- }
-+ /*
-+ * Skip syntax/matching rule/database plugins - these can not be disabled as it
-+ * could break existing schema. We allow the update to occur, but it will
-+ * not take effect until the next server restart.
-+ */
-+ if(type == SLAPI_PLUGIN_SYNTAX || type == SLAPI_PLUGIN_MATCHINGRULE || type == SLAPI_PLUGIN_DATABASE){
-+ removed = PLUGIN_REMOVED; /* avoids error check below */
-+ goto unlock;
-+ }
-
-- /*
-- * Now remove the plugin from the list and the hashtable
-- */
-- for(plugin = *plugin_list; plugin ; plugin = plugin->plg_next){
-- if(strcasecmp(plugin->plg_dn, plugin_dn) == 0){
-- /*
-- * Make sure there are no other plugins that depend on this one before removing it
-- */
-- if(plugin_delete_check_dependency(plugin, CHECK_ALL, returntext) != LDAP_SUCCESS){
-- LDAPDebug(LDAP_DEBUG_ANY, "plugin_delete: failed to disable/delete plugin (%s)\n",
-- plugin->plg_dn,0,0);
-- rc = -1;
-- goto done;
-+ /*
-+ * Now remove the plugin from the list and the hashtable
-+ */
-+ for(plugin = *plugin_list; plugin ; plugin = plugin->plg_next){
-+ if(strcasecmp(plugin->plg_dn, plugin_dn) == 0){
-+ /*
-+ * Make sure there are no other plugins that depend on this one before removing it
-+ */
-+ if(plugin_delete_check_dependency(plugin, CHECK_ALL, returntext) != LDAP_SUCCESS){
-+ LDAPDebug(LDAP_DEBUG_ANY, "plugin_delete: failed to disable/delete plugin (%s)\n",
-+ plugin->plg_dn,0,0);
-+ rc = -1;
-+ break;
-+ }
-+ removed = plugin_remove_plugins(plugin, value);
-+ break;
- }
-- removed = plugin_remove_plugins(plugin, value);
-- break;
- }
-+unlock:
-+ if(!locked){
-+ slapi_rwlock_unlock(global_rwlock);
-+ }
-+ td_locked = 0;
-+ slapi_td_set_plugin_locked(&td_locked);
- }
- }
-
- done:
-- if(!locked){
-- slapi_rwlock_unlock(global_rwlock);
-- }
-- td_locked = 0;
-- slapi_td_set_plugin_locked(&td_locked);
--
- slapi_ch_free_string(&value);
-
- if(!removed && rc == 0){
-diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
-index b1f7652..98ec88c 100644
---- a/ldap/servers/slapd/task.c
-+++ b/ldap/servers/slapd/task.c
-@@ -131,9 +131,9 @@ slapi_new_task(const char *dn)
- }
-
- Slapi_Task *
--slapi_plugin_new_task(const char *dn, void *plugin_pb)
-+slapi_plugin_new_task(const char *dn, void *plugin)
- {
-- return new_task(dn, plugin_pb);
-+ return new_task(dn, plugin);
- }
-
- /* slapi_destroy_task: destroy a task
-@@ -540,7 +540,7 @@ slapi_plugin_task_register_handler(const char *name, dseCallbackFn func, Slapi_P
-
- /* register add callback */
- slapi_config_register_callback_plugin(SLAPI_OPERATION_ADD, DSE_FLAG_PREOP,
-- dn, LDAP_SCOPE_SUBTREE, "(objectclass=*)", func, NULL, plugin_pb);
-+ dn, LDAP_SCOPE_SUBTREE, "(objectclass=*)", func, plugin_pb, plugin_pb);
- /* deny modify/delete of the root task entry */
- slapi_config_register_callback(SLAPI_OPERATION_MODIFY, DSE_FLAG_PREOP,
- dn, LDAP_SCOPE_BASE, "(objectclass=*)", task_deny, NULL);
-@@ -583,11 +583,9 @@ void slapi_task_set_cancel_fn(Slapi_Task *task, TaskCallbackFn func)
- ***********************************/
- /* create a new task, fill in DN, and setup modify callback */
- static Slapi_Task *
--new_task(const char *rawdn, void *plugin_pb)
-+new_task(const char *rawdn, void *plugin)
- {
- Slapi_Task *task = NULL;
-- Slapi_PBlock *pb = (Slapi_PBlock *)plugin_pb;
-- void *plugin = pb ? pb->pb_plugin : NULL;
- char *dn = NULL;
-
- if (rawdn == NULL) {
---
-1.9.3
-
diff --git a/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch b/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
new file mode 100644
index 0000000..4582e71
--- /dev/null
+++ b/SOURCES/0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
@@ -0,0 +1,375 @@
+From 94bde9f69f10e0811e261b5d53e5bebfcd891820 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 25 Aug 2015 11:48:31 -0700
+Subject: [PATCH 50/52] Ticket #48254 - Shell CLI fails with usage errors if an
+ argument containing white spaces is given
+
+Description: In addition to the patch:
+ Ticket #48254 - CLI db2index fails with usage errors
+ commit 3507c46c9f1156df11b6cf05eba695d81088b416
+applying the similar changes to all the shell CLI which could be given
+arguments that include white spaces.
+
+https://fedorahosted.org/389/ticket/48254
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 5fe28921810a53dcd31525ba1f675582b6aba0f7)
+(cherry picked from commit 19b0d4af54e319e3479b16bf1366568271e3daa6)
+---
+ ldap/admin/src/scripts/bak2db.in | 10 +++++-----
+ ldap/admin/src/scripts/db2bak.in | 8 ++++----
+ ldap/admin/src/scripts/db2index.in | 10 +++++-----
+ ldap/admin/src/scripts/db2ldif.in | 14 +++++++-------
+ ldap/admin/src/scripts/dbverify.in | 10 +++++-----
+ ldap/admin/src/scripts/dn2rdn.in | 8 ++++----
+ ldap/admin/src/scripts/ldif2db.in | 22 +++++++++++-----------
+ ldap/admin/src/scripts/monitor.in | 8 ++++----
+ ldap/admin/src/scripts/suffix2instance.in | 4 ++--
+ ldap/admin/src/scripts/upgradedb.in | 8 ++++----
+ ldap/admin/src/scripts/upgradednformat.in | 10 +++++-----
+ ldap/admin/src/scripts/vlvindex.in | 16 ++++++++--------
+ 12 files changed, 64 insertions(+), 64 deletions(-)
+
+diff --git a/ldap/admin/src/scripts/bak2db.in b/ldap/admin/src/scripts/bak2db.in
+index a2e54cc..ab7c6b3 100755
+--- a/ldap/admin/src/scripts/bak2db.in
++++ b/ldap/admin/src/scripts/bak2db.in
+@@ -44,12 +44,12 @@ do
+ h) usage
+ exit 0;;
+ Z) servid=$OPTARG;;
+- n) args=$args" -n $OPTARG";;
++ n) args=$args" -n \"$OPTARG\"";;
+ q) args=$args" -q";;
+- d) args=$args" -d $OPTARG";;
++ d) args=$args" -d \"$OPTARG\"";;
+ v) args=$args" -v";;
+- D) args=$args" -D $OPTARG";;
+- i) args=$args" -i $OPTARG";;
++ D) args=$args" -D \"$OPTARG\"";;
++ i) args=$args" -i \"$OPTARG\"";;
+ a) archivedir=$OPTARG;;
+ S) args=$args" -S";;
+ ?) usage
+@@ -76,4 +76,4 @@ else
+ archivedir=`pwd`/$archivedir
+ fi
+
+-@sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args
++eval @sbindir@/ns-slapd archive2db -D $CONFIG_DIR -a $archivedir $args
+diff --git a/ldap/admin/src/scripts/db2bak.in b/ldap/admin/src/scripts/db2bak.in
+index 1896c19..adbe30b 100755
+--- a/ldap/admin/src/scripts/db2bak.in
++++ b/ldap/admin/src/scripts/db2bak.in
+@@ -43,10 +43,10 @@ do
+ q) args=$args" -q";;
+ v) args=$args" -v";;
+ S) args=$args" -S";;
+- D) args=$args" -D $OPTARG";;
+- i) args=$args" -i $OPTARG";;
++ D) args=$args" -D \"$OPTARG\"";;
++ i) args=$args" -i \"$OPTARG\"";;
+ a) $bakdir=$OPTARG;;
+- d) args=$args" -d $OPTARG";;
++ d) args=$args" -d \"$OPTARG\"";;
+ Z) servid=$OPTARG;;
+ ?) usage
+ exit 1;;
+@@ -72,4 +72,4 @@ then
+ fi
+
+ echo "Back up directory: $bak_dir"
+-@sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args
++eval @sbindir@/ns-slapd db2archive -D $CONFIG_DIR -a $bak_dir $args
+diff --git a/ldap/admin/src/scripts/db2index.in b/ldap/admin/src/scripts/db2index.in
+index 6a0785e..c8e9075 100755
+--- a/ldap/admin/src/scripts/db2index.in
++++ b/ldap/admin/src/scripts/db2index.in
+@@ -35,15 +35,15 @@ do
+ h) usage
+ exit 0;;
+ Z) servid=$OPTARG;;
+- n) args=$args" -n $OPTARG"
++ n) args=$args" -n \"$OPTARG\""
+ benameopt="set";;
+- s) args=$args" -s $OPTARG"
++ s) args=$args" -s \"$OPTARG\""
+ includeSuffix="set";;
+ t) args=$args" -t "\"$OPTARG\";;
+ T) args=$args" -T "\"$OPTARG\";;
+- d) args=$args" -d $OPTARG";;
+- a) args=$args" -a $OPTARG";;
+- x) args=$args" -x $OPTARG";;
++ d) args=$args" -d \"$OPTARG\"";;
++ a) args=$args" -a \"$OPTARG\"";;
++ x) args=$args" -x \"$OPTARG\"";;
+ v) args=$args" -v";;
+ S) args=$args" -S";;
+ D) args=$args" -D $OPTARG";;
+diff --git a/ldap/admin/src/scripts/db2ldif.in b/ldap/admin/src/scripts/db2ldif.in
+index fcf73a0..e9f7f7e 100755
+--- a/ldap/admin/src/scripts/db2ldif.in
++++ b/ldap/admin/src/scripts/db2ldif.in
+@@ -106,12 +106,12 @@ do
+ Z) servid=$OPTARG;;
+ n) benameopt="-n $OPTARG"
+ required_param="yes";;
+- s) includeSuffix="-s $OPTARG"
++ s) includeSuffix="-s \"$OPTARG\""
+ required_param="yes";;
+- x) excludeSuffix="-x $OPTARG";;
+- a) outputFile="-a $OPTARG";;
+- d) args=$args" -d $OPTARG";;
+- D) args=$args" -D $OPTARG";;
++ x) excludeSuffix="-x \"$OPTARG\"";;
++ a) outputFile="-a \"$OPTARG\"";;
++ d) args=$args" -d \"$OPTARG\"";;
++ D) args=$args" -D \"$OPTARG\"";;
+ N) args=$args" -N";;
+ E) args=$args" -E";;
+ S) args=$args" -S";;
+@@ -154,7 +154,7 @@ rn=$?
+ echo "Exported ldif file: $ldif_file"
+ if [ $rn -eq 1 ]
+ then
+- @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args
++ eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $outputFile $args
+ else
+- @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file
++ eval @sbindir@/ns-slapd db2ldif -D $CONFIG_DIR $benameopt $includeSuffix $excludeSuffix $args -a $ldif_file
+ fi
+diff --git a/ldap/admin/src/scripts/dbverify.in b/ldap/admin/src/scripts/dbverify.in
+index bbacc17..b98e9b2 100755
+--- a/ldap/admin/src/scripts/dbverify.in
++++ b/ldap/admin/src/scripts/dbverify.in
+@@ -33,14 +33,14 @@ do
+ h) usage
+ exit 0;;
+ Z) servid=$OPTARG;;
+- n) args=$args" -n $OPTARG";;
+- d) args=$args" -d $OPTARG";;
++ n) args=$args" -n \"$OPTARG\"";;
++ d) args=$args" -d \"$OPTARG\"";;
+ V) args=$args" -V";;
+ v) args=$args" -v"
+ display_version="yes";;
+ f) args=$args" -f";;
+- D) args=$args" -D $OPTARG";;
+- a) args=$args" -a $OPTARG";;
++ D) args=$args" -D \"$OPTARG\"";;
++ a) args=$args" -a \"$OPTARG\"";;
+ ?) usage
+ exit 1;;
+ esac
+@@ -57,7 +57,7 @@ fi
+
+ . $initfile
+
+-@sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
++eval @sbindir@/ns-slapd dbverify -D $CONFIG_DIR $args
+ if [ $display_version = "yes" ]; then
+ exit 0
+ fi
+diff --git a/ldap/admin/src/scripts/dn2rdn.in b/ldap/admin/src/scripts/dn2rdn.in
+index 616969a..762e63a 100755
+--- a/ldap/admin/src/scripts/dn2rdn.in
++++ b/ldap/admin/src/scripts/dn2rdn.in
+@@ -27,12 +27,12 @@ do
+ h) usage
+ exit 0;;
+ Z) servid=$OPTARG;;
+- d) arg=$arg" -d $OPTARG";;
+- a) arg=$arg" -a $OPTARG"
++ d) arg=$arg" -d \"$OPTARG\"";;
++ a) arg=$arg" -a \"$OPTARG\""
+ archive="provided";;
+ v) arg=$arg" -v";;
+ f) arg=$arg" -f";;
+- D) arg=$arg" -D $OPTARG";;
++ D) arg=$arg" -D \"$OPTARG\"";;
+ ?) usage
+ exit 1;;
+ esac
+@@ -55,4 +55,4 @@ if [ "$archive" != "provided" ]; then
+ args=$args"-a $bak_dir"
+ fi
+
+-@sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args
++eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR -r $args
+diff --git a/ldap/admin/src/scripts/ldif2db.in b/ldap/admin/src/scripts/ldif2db.in
+index a34241a..3aed469 100755
+--- a/ldap/admin/src/scripts/ldif2db.in
++++ b/ldap/admin/src/scripts/ldif2db.in
+@@ -59,16 +59,16 @@ do
+ h) usage
+ exit 0;;
+ Z) servid=$OPTARG;;
+- n) args=$args" -n $OPTARG";;
+- i) args=$args" -i $OPTARG";;
+- s) args=$args" -s $OPTARG";;
+- x) args=$args" -x $OPTARG";;
+- c) args=$args" -c $OPTARG";;
+- d) args=$args" -d $OPTARG";;
+- g) args=$args" -g $OPTARG";;
+- G) args=$args" -G $OPTARG";;
+- t) args=$args" -t $OPTARG";;
+- D) args=$args" -D $OPTARG";;
++ n) args=$args" -n \"$OPTARG\"";;
++ i) args=$args" -i \"$OPTARG\"";;
++ s) args=$args" -s \"$OPTARG\"";;
++ x) args=$args" -x \"$OPTARG\"";;
++ c) args=$args" -c \"$OPTARG\"";;
++ d) args=$args" -d \"$OPTARG\"";;
++ g) args=$args" -g \"$OPTARG\"";;
++ G) args=$args" -G \"$OPTARG\"";;
++ t) args=$args" -t \"$OPTARG\"";;
++ D) args=$args" -D \"$OPTARG\"";;
+ E) args=$args" -E";;
+ v) args=$args" -v";;
+ N) args=$args" -N";;
+@@ -104,6 +104,6 @@ if [ $quiet -eq 0 ]; then
+ echo importing data ...
+ fi
+
+-@sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1
++eval @sbindir@/ns-slapd ldif2db -D $CONFIG_DIR $args 2>&1
+
+ exit $?
+diff --git a/ldap/admin/src/scripts/monitor.in b/ldap/admin/src/scripts/monitor.in
+index 36a2fc9..e9265a1 100755
+--- a/ldap/admin/src/scripts/monitor.in
++++ b/ldap/admin/src/scripts/monitor.in
+@@ -73,8 +73,8 @@ fi
+ rm $file
+
+ if [ -n "$passwd" ]; then
+- dn="-D $rootdn"
+- passwd="-w$passwd"
++ dn="-D \"$rootdn\""
++ passwd="-w \"$passwd\""
+ fi
+ if [ -n "$ldapiURL" ]
+ then
+@@ -109,9 +109,9 @@ if [ "$security" = "on" ]; then
+ echo "Using the next most secure protocol(STARTTLS)"
+ fi
+ if [ "$openldap" = "yes" ]; then
+- ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
++ eval ldapsearch -x -LLL -ZZ -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
+ else
+- ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
++ eval ldapsearch -ZZZ -P $certdir -h $host -p $port -b "$MDN" -s base $dn $passwd "objectClass=*"
+ fi
+ exit $?
+ fi
+diff --git a/ldap/admin/src/scripts/suffix2instance.in b/ldap/admin/src/scripts/suffix2instance.in
+index 7774148..d7c6661 100755
+--- a/ldap/admin/src/scripts/suffix2instance.in
++++ b/ldap/admin/src/scripts/suffix2instance.in
+@@ -24,7 +24,7 @@ while getopts "Z:s:h" flag
+ do
+ case $flag in
+ Z) servid=$OPTARG;;
+- s) args=$args" -s $OPTARG";;
++ s) args=$args" -s \"$OPTARG\"";;
+ h) usage
+ exit 0;;
+ ?) usage
+@@ -55,4 +55,4 @@ then
+ exit 1
+ fi
+
+-@sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1
++eval @sbindir@/ns-slapd suffix2instance -D $CONFIG_DIR $args 2>&1
+diff --git a/ldap/admin/src/scripts/upgradedb.in b/ldap/admin/src/scripts/upgradedb.in
+index bf600dd..2b7c79d 100755
+--- a/ldap/admin/src/scripts/upgradedb.in
++++ b/ldap/admin/src/scripts/upgradedb.in
+@@ -29,10 +29,10 @@ do
+ v) args=$args" -v";;
+ f) args=$args" -f";;
+ r) args=$args" -r";;
+- d) args=$args" -d $OPTARG";;
+- a) args=$args" -a $OPTARG"
++ d) args=$args" -d \"$OPTARG\"";;
++ a) args=$args" -a \"$OPTARG\""
+ archive_provided="yes";;
+- D) args=$args" -D $OPTARG";;
++ D) args=$args" -D \"$OPTARG\"";;
+ h) usage
+ exit 0;;
+ esac
+@@ -56,4 +56,4 @@ then
+ fi
+
+ echo upgrade index files ...
+-@sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args
++eval @sbindir@/ns-slapd upgradedb -D $CONFIG_DIR $args
+diff --git a/ldap/admin/src/scripts/upgradednformat.in b/ldap/admin/src/scripts/upgradednformat.in
+index 51585ae..9de60ea 100755
+--- a/ldap/admin/src/scripts/upgradednformat.in
++++ b/ldap/admin/src/scripts/upgradednformat.in
+@@ -36,14 +36,14 @@ do
+ Z) servid=$OPTARG;;
+ v) args=$args" -v";;
+ N) args=$args" -N";;
+- d) args=$args" -d $OPTARG";;
+- a) args=$args" -a $OPTARG"
++ d) args=$args" -d \"$OPTARG\"";;
++ a) args=$args" -a \"$OPTARG\""
+ dir="set";;
+- n) args=$args" -n $OPTARG"
++ n) args=$args" -n \"$OPTARG\""
+ be="set";;
+ h) usage
+ exit 0;;
+- D) args=$args" -D $OPTARG";;
++ D) args=$args" -D \"$OPTARG\"";;
+ ?) usage
+ exit 1;;
+ esac
+@@ -65,7 +65,7 @@ fi
+
+ . $initfile
+
+-@sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args
++eval @sbindir@/ns-slapd upgradednformat -D $CONFIG_DIR $args
+ rc=$?
+
+ exit $rc
+diff --git a/ldap/admin/src/scripts/vlvindex.in b/ldap/admin/src/scripts/vlvindex.in
+index 365e32f..a1696bc 100755
+--- a/ldap/admin/src/scripts/vlvindex.in
++++ b/ldap/admin/src/scripts/vlvindex.in
+@@ -29,14 +29,14 @@ do
+ case $flag in
+ Z) servid=$OPTARG;;
+ v) args=$args" -v";;
+- s) args=$args" -s $OPTARG";;
+- d) args=$args" -d $OPTARG";;
+- a) args=$args" -a $OPTARG";;
+- T) args=$args" -T $OPTARG";;
++ s) args=$args" -s \"$OPTARG\"";;
++ d) args=$args" -d \"$OPTARG\"";;
++ a) args=$args" -a \"$OPTARG\"";;
++ T) args=$args" -T \"$OPTARG\"";;
+ S) args=$args" -S";;
+- n) args=$args" -n $OPTARG";;
+- x) args=$args" -x $OPTARG";;
+- D) args=$args" -D $OPTARG";;
++ n) args=$args" -n \"$OPTARG\"";;
++ x) args=$args" -x \"$OPTARG\"";;
++ D) args=$args" -D \"$OPTARG\"";;
+ h) usage
+ exit 0;;
+ ?) usage
+@@ -61,4 +61,4 @@ then
+ exit 1
+ fi
+
+-@sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
++eval @sbindir@/ns-slapd db2index -D $CONFIG_DIR $args
+--
+1.9.3
+
diff --git a/SOURCES/0051-Ticket-47451-Fix-jenkins-errors.patch b/SOURCES/0051-Ticket-47451-Fix-jenkins-errors.patch
deleted file mode 100644
index 6e44fad..0000000
--- a/SOURCES/0051-Ticket-47451-Fix-jenkins-errors.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 7602bd4138d78c7df9479b3f760895cecd10d7d9 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 16 Dec 2014 16:10:05 -0500
-Subject: [PATCH 51/53] Ticket 47451 - Fix jenkins errors
-
-Description: Fix compiler warnings
-
-https://fedorahosted.org/389/ticket/47451
-(cherry picked from commit 3e1d97624f390b96c1de21b115619822b72ebf98)
-(cherry picked from commit 15e1cdd7d01933d42b83b00e1e8c01c16fd36e8e)
----
- ldap/servers/plugins/dna/dna.c | 6 +-----
- ldap/servers/plugins/uiduniq/uid.c | 2 --
- 2 files changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
-index ded0bbb..f4a36f0 100644
---- a/ldap/servers/plugins/dna/dna.c
-+++ b/ldap/servers/plugins/dna/dna.c
-@@ -2406,7 +2406,7 @@ static int dna_get_next_value(struct configEntry *config_entry,
- } else {
- /* dna_first_free_value() failed for some unknown reason */
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-- "dna_get_next_value: failed to allocate a new ID!! (set(%d) (max: %d)\n",setval,config_entry->maxval);
-+ "dna_get_next_value: failed to allocate a new ID!!\n");
- goto done;
- }
- }
-@@ -3415,8 +3415,6 @@ _dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr)
- /* dna_first_free_value() failed for some unknown reason */
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_pre_op: failed to allocate a new ID!! 2\n");
-- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-- "dna_get_next_value: failed to allocate a new ID!! (set(%d) (max: %d)\n",setval,config_entry->maxval);
- /* Set an error string to be returned to the client. */
- *errstr = slapi_ch_smprintf("Allocation of a new value for range"
- " %s failed! Unable to proceed.",
-@@ -3682,8 +3680,6 @@ _dna_pre_op_modify(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Mods *smods, char **e
- /* dna_first_free_value() failed for some unknown reason */
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_pre_op: failed to allocate a new ID!!\n");
-- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
-- "dna_get_next_value: failed to allocate a new ID!! (set(%d) (max: %d)\n",setval,config_entry->maxval);
- /* Set an error string to be returned to the client. */
- *errstr = slapi_ch_smprintf("Allocation of a new value for range"
- " %s failed! Unable to proceed.",
-diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c
-index f37ab8c..2120b4f 100644
---- a/ldap/servers/plugins/uiduniq/uid.c
-+++ b/ldap/servers/plugins/uiduniq/uid.c
-@@ -1285,7 +1285,6 @@ uiduniq_start(Slapi_PBlock *pb)
- static int
- uiduniq_close(Slapi_PBlock *pb)
- {
-- Slapi_Entry *plugin_entry = NULL;
- struct attr_uniqueness_config *config = NULL;
-
- slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &config);
-@@ -1312,7 +1311,6 @@ NSUniqueAttr_Init(Slapi_PBlock *pb)
- int preadd = SLAPI_PLUGIN_PRE_ADD_FN;
- int premod = SLAPI_PLUGIN_PRE_MODIFY_FN;
- int premdn = SLAPI_PLUGIN_PRE_MODRDN_FN;
-- struct attr_uniqueness_config *config = NULL;
-
- BEGIN
-
---
-1.9.3
-
diff --git a/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch b/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
new file mode 100644
index 0000000..f24f18a
--- /dev/null
+++ b/SOURCES/0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
@@ -0,0 +1,45 @@
+From ba9f2607b8bf565e2f6d1f8751c16c0b485a7210 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Mon, 24 Aug 2015 16:13:12 -0700
+Subject: [PATCH 51/52] Ticket #47757 - Unable to dereference unqiemember
+ attribute because it is dn [#UID] not dn syntax
+
+Description: In addtion to DN syntax, adding Name and Optional UID
+syntax to the deref attr's OID check.
+
+https://fedorahosted.org/389/ticket/47757
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 2dbbb9df4691590f788049a822c47eb501182c85)
+(cherry picked from commit 626f2d7060390a3234ebb50b92937d1ec5a89481)
+---
+ ldap/servers/plugins/deref/deref.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/deref/deref.c b/ldap/servers/plugins/deref/deref.c
+index 35c2564..f476a4d 100644
+--- a/ldap/servers/plugins/deref/deref.c
++++ b/ldap/servers/plugins/deref/deref.c
+@@ -20,6 +20,9 @@
+ #ifndef DN_SYNTAX_OID
+ #define DN_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.12"
+ #endif
++#ifndef NAME_AND_OPTIONAL_UID_SYNTAX_OID
++#define NAME_AND_OPTIONAL_UID_SYNTAX_OID "1.3.6.1.4.1.1466.115.121.1.34"
++#endif
+
+ /*
+ * Plug-in globals
+@@ -290,7 +293,7 @@ deref_check_for_dn_syntax(const char *derefattr)
+
+ slapi_attr_init(attr, derefattr);
+ slapi_attr_get_syntax_oid_copy(attr, &oid);
+- ret = oid && !strcmp(oid, DN_SYNTAX_OID);
++ ret = oid && (!strcmp(oid, DN_SYNTAX_OID) || !strcmp(oid, NAME_AND_OPTIONAL_UID_SYNTAX_OID));
+ slapi_ch_free_string(&oid);
+ slapi_attr_free(&attr);
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0052-Ticket-47451-Add-Dynamic-Plugin-CI-Suite.patch b/SOURCES/0052-Ticket-47451-Add-Dynamic-Plugin-CI-Suite.patch
deleted file mode 100644
index 399e1d9..0000000
--- a/SOURCES/0052-Ticket-47451-Add-Dynamic-Plugin-CI-Suite.patch
+++ /dev/null
@@ -1,2590 +0,0 @@
-From c038b581bdcabcc86a33f9a3eae446b684825698 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 16 Dec 2014 16:44:33 -0500
-Subject: [PATCH 52/53] Ticket 47451 - Add Dynamic Plugin CI Suite
-
-Description: Add lib389(CI) testsuite for Dynamic Plugins
-
- Perform functional tests for plugins that have configuration settings
- - Restart the plugin
- - Make condfig change
- - Test the plugin
- - Make another config change
- - Test plugin
- - Test plugin dependency
- - Cleanup
-
- Perform memory corruption test
- - This test forces the global plugin linked list, DSE callbacks,
- and task handlers to be rewritten in various orders while
- testing all the plugins.
-
- Perform Stress tests
- - Perform a series of operations that engage two plugins. While
- there operations are being performed restart various plugins.
- - Verify the server does not crash, and that hte plugins work
- correctly.
-
-https://fedorahosted.org/389/ticket/47451
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 4e39dbbfde56ca68f5a26d0bf2ac3a261234c8cd)
-(cherry picked from commit 2ace01377aec2872579f9f892361946f1d5b07d2)
----
- dirsrvtests/suites/dynamic-plugins/constants.py | 33 +
- dirsrvtests/suites/dynamic-plugins/finalizer.py | 57 +
- dirsrvtests/suites/dynamic-plugins/plugin_tests.py | 1973 ++++++++++++++++++++
- dirsrvtests/suites/dynamic-plugins/stress_tests.py | 133 ++
- .../suites/dynamic-plugins/test_dynamic_plugins.py | 315 ++++
- 5 files changed, 2511 insertions(+)
- create mode 100644 dirsrvtests/suites/dynamic-plugins/constants.py
- create mode 100644 dirsrvtests/suites/dynamic-plugins/finalizer.py
- create mode 100644 dirsrvtests/suites/dynamic-plugins/plugin_tests.py
- create mode 100644 dirsrvtests/suites/dynamic-plugins/stress_tests.py
- create mode 100644 dirsrvtests/suites/dynamic-plugins/test_dynamic_plugins.py
-
-diff --git a/dirsrvtests/suites/dynamic-plugins/constants.py b/dirsrvtests/suites/dynamic-plugins/constants.py
-new file mode 100644
-index 0000000..cbc310e
---- /dev/null
-+++ b/dirsrvtests/suites/dynamic-plugins/constants.py
-@@ -0,0 +1,33 @@
-+'''
-+Created on Dec 09, 2014
-+
-+@author: mreynolds
-+'''
-+import os
-+from lib389 import DN_DM
-+from lib389._constants import *
-+from lib389.properties import *
-+
-+SUFFIX = 'dc=example,dc=com'
-+PASSWORD = 'password'
-+
-+# Used for standalone topology
-+HOST_STANDALONE = LOCALHOST
-+PORT_STANDALONE = 33389
-+SERVERID_STANDALONE = 'dynamic-plugins'
-+
-+# Each defined instance above must be added in that list
-+ALL_INSTANCES = [ {SER_HOST: HOST_STANDALONE, SER_PORT: PORT_STANDALONE, SER_SERVERID_PROP: SERVERID_STANDALONE},
-+ ]
-+# This is a template
-+args_instance = {
-+ SER_DEPLOYED_DIR: os.environ.get('PREFIX', None),
-+ SER_BACKUP_INST_DIR: os.environ.get('BACKUPDIR', DEFAULT_BACKUPDIR),
-+ SER_ROOT_DN: DN_DM,
-+ SER_ROOT_PW: PASSWORD,
-+ SER_HOST: LOCALHOST,
-+ SER_PORT: DEFAULT_PORT,
-+ SER_SERVERID_PROP: "template",
-+ SER_CREATION_SUFFIX: DEFAULT_SUFFIX}
-+
-+
-diff --git a/dirsrvtests/suites/dynamic-plugins/finalizer.py b/dirsrvtests/suites/dynamic-plugins/finalizer.py
-new file mode 100644
-index 0000000..eb02332
---- /dev/null
-+++ b/dirsrvtests/suites/dynamic-plugins/finalizer.py
-@@ -0,0 +1,57 @@
-+'''
-+Created on Nov 5, 2013
-+
-+@author: tbordaz
-+'''
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import socket
-+import time
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools
-+from lib389.tools import DirSrvTools
-+from lib389._constants import DN_DM
-+from lib389.properties import *
-+from constants import *
-+
-+log = logging.getLogger(__name__)
-+
-+global installation_prefix
-+installation_prefix=os.getenv('PREFIX')
-+
-+def test_finalizer():
-+ global installation_prefix
-+
-+ # for each defined instance, remove it
-+ for args_instance in ALL_INSTANCES:
-+ if installation_prefix:
-+ # overwrite the environment setting
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ instance = DirSrv(verbose=True)
-+ instance.allocate(args_instance)
-+ if instance.exists():
-+ instance.delete()
-+
-+ # remove any existing backup for this instance
-+ instance.clearBackupFS()
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ test_finalizer()
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
-diff --git a/dirsrvtests/suites/dynamic-plugins/plugin_tests.py b/dirsrvtests/suites/dynamic-plugins/plugin_tests.py
-new file mode 100644
-index 0000000..fa88145
---- /dev/null
-+++ b/dirsrvtests/suites/dynamic-plugins/plugin_tests.py
-@@ -0,0 +1,1973 @@
-+'''
-+Created on Dec 09, 2014
-+
-+@author: mreynolds
-+'''
-+import os
-+import sys
-+import time
-+import ldap
-+import time
-+import logging
-+import socket
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from constants import *
-+
-+log = logging.getLogger(__name__)
-+
-+USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
-+USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
-+USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
-+BUSER1_DN = 'uid=user1,ou=branch1,' + DEFAULT_SUFFIX
-+BUSER2_DN = 'uid=user2,ou=branch2,' + DEFAULT_SUFFIX
-+BUSER3_DN = 'uid=user3,ou=branch2,' + DEFAULT_SUFFIX
-+BRANCH1_DN = 'ou=branch1,' + DEFAULT_SUFFIX
-+BRANCH2_DN = 'ou=branch2,' + DEFAULT_SUFFIX
-+GROUP_OU = 'ou=groups,' + DEFAULT_SUFFIX
-+PEOPLE_OU = 'ou=people,' + DEFAULT_SUFFIX
-+GROUP_DN = 'cn=group,' + DEFAULT_SUFFIX
-+
-+'''
-+ Functional tests for each plugin
-+
-+ Test:
-+ plugin restarts (test when on and off)
-+ plugin config validation
-+ plugin dependencies
-+ plugin functionality (including plugin tasks)
-+'''
-+
-+
-+################################################################################
-+#
-+# Test Plugin Dependency
-+#
-+################################################################################
-+def test_dependency(inst, plugin):
-+ """
-+ Set the "account usabilty" plugin to depend on this plugin. This plugin
-+ is generic, always enabled, and perfect for our testing
-+ """
-+
-+ try:
-+ inst.modify_s('cn=' + PLUGIN_ACCT_USABILITY + ',cn=plugins,cn=config',
-+ [(ldap.MOD_REPLACE, 'nsslapd-plugin-depends-on-named', plugin)])
-+
-+ except ldap.LDAPError, e:
-+ log.error('test_dependency: Failed to modify ' + PLUGIN_ACCT_USABILITY + ': error ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.modify_s('cn=' + plugin + ',cn=plugins,cn=config',
-+ [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'off')])
-+
-+ except ldap.UNWILLING_TO_PERFORM:
-+ # failed as expected
-+ pass
-+ else:
-+ # Incorrectly succeeded
-+ log.error('test_dependency: Plugin dependency check failed (%s)' % plugin)
-+ assert False
-+
-+ # Now undo the change
-+ try:
-+ inst.modify_s('cn=' + PLUGIN_ACCT_USABILITY + ',cn=plugins,cn=config',
-+ [(ldap.MOD_DELETE, 'nsslapd-plugin-depends-on-named', None)])
-+ except ldap.LDAPError, e:
-+ log.error('test_dependency: Failed to reset ' + plugin + ': error ' + e.message['desc'])
-+ assert False
-+
-+
-+################################################################################
-+#
-+# Test Account Policy Plugin (0)
-+#
-+################################################################################
-+def test_acctpolicy(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_ACCT_POLICY)
-+ inst.plugins.enable(name=PLUGIN_ACCT_POLICY)
-+
-+ if args == "restart":
-+ return True
-+
-+ CONFIG_DN = 'cn=config,cn=Account Policy Plugin,cn=plugins,cn=config'
-+ log.info('Testing ' + PLUGIN_ACCT_POLICY + '...')
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ # Add the config entry
-+ try:
-+ inst.add_s(Entry((CONFIG_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'cn': 'config',
-+ 'alwaysrecordlogin': 'yes',
-+ 'stateattrname': 'lastLoginTime'
-+ })))
-+ except ldap.ALREADY_EXISTS:
-+ try:
-+ inst.modify_s(CONFIG_DN,
-+ [(ldap.MOD_REPLACE, 'alwaysrecordlogin', 'yes'),
-+ (ldap.MOD_REPLACE, 'stateattrname', 'lastLoginTime')])
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy: Failed to modify config entry: error ' + e.message['desc'])
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy: Failed to add config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ # Now set the config entry in the plugin entry
-+ #try:
-+ # inst.modify_s('cn=' + PLUGIN_ACCT_POLICY + ',cn=plugins,cn=config',
-+ # [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', CONFIG_DN)])
-+ #except ldap.LDAPError, e:
-+ # log.error('test_acctpolicy: Failed to set config entry in plugin entry: error ' + e.message['desc'])
-+ # assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # !!!! acctpolicy does have have a dse callabck to check for live updates - restart plugin for now !!!!
-+ inst.plugins.disable(name=PLUGIN_ACCT_POLICY)
-+ inst.plugins.enable(name=PLUGIN_ACCT_POLICY)
-+
-+ # Add an entry
-+ try:
-+ inst.add_s(Entry((USER1_DN, {'objectclass': "top extensibleObject".split(),
-+ 'sn': '1',
-+ 'cn': 'user 1',
-+ 'uid': 'user1',
-+ 'userpassword': 'password'})))
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy: Failed to add test user' + USER1_DN + ': error ' + e.message['desc'])
-+ assert False
-+
-+ # bind as user
-+ try:
-+ inst.simple_bind_s(USER1_DN, "password")
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy:Failed to bind as user1: ' + e.message['desc'])
-+ assert False
-+
-+ # Bind as Root DN
-+ try:
-+ inst.simple_bind_s(DN_DM, PASSWORD)
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy: Failed to bind as rootDN: ' + e.message['desc'])
-+ assert False
-+
-+ # Check lastLoginTime of USER1
-+ try:
-+ entries = inst.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'lastLoginTime=*')
-+ if not entries:
-+ log.fatal('test_acctpolicy: Search failed to find an entry with lastLoginTime.')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_acctpolicy: Search failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Change config - change the stateAttrName to a new attribute
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'stateattrname', 'testLastLoginTime')])
-+
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy: Failed to modify config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ # !!!! must restart for now !!!!!
-+ inst.plugins.disable(name=PLUGIN_ACCT_POLICY)
-+ inst.plugins.enable(name=PLUGIN_ACCT_POLICY)
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # login as user
-+ try:
-+ inst.simple_bind_s(USER1_DN, "password")
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy: Failed to bind(2nd) as user1: ' + e.message['desc'])
-+ assert False
-+
-+ # Bind as Root DN
-+ try:
-+ inst.simple_bind_s(DN_DM, PASSWORD)
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy: Failed to bind as rootDN: ' + e.message['desc'])
-+ assert False
-+
-+ # Check testLastLoginTime was added to USER1
-+ try:
-+ entries = inst.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(testLastLoginTime=*)')
-+ if not entries:
-+ log.fatal('test_acctpolicy: Search failed to find an entry with testLastLoginTime.')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_acctpolicy: Search failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_ACCT_POLICY)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_acctpolicy: Failed to delete test entry: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_acctpolicy: PASS\n')
-+
-+ return
-+
-+
-+################################################################################
-+#
-+# Test Attribute Uniqueness Plugin (1)
-+#
-+################################################################################
-+def test_attruniq(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_ATTR_UNIQUENESS)
-+ inst.plugins.enable(name=PLUGIN_ATTR_UNIQUENESS)
-+
-+ if args == "restart":
-+ return
-+
-+ log.info('Testing ' + PLUGIN_ATTR_UNIQUENESS + '...')
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s('cn=' + PLUGIN_ATTR_UNIQUENESS + ',cn=plugins,cn=config',
-+ [(ldap.MOD_REPLACE, 'uniqueness-attribute-name', 'uid')])
-+
-+ except ldap.LDAPError, e:
-+ log.error('test_attruniq: Failed to configure plugin for "uid": error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Add an entry
-+ try:
-+ inst.add_s(Entry((USER1_DN, {'objectclass': "top extensibleObject".split(),
-+ 'sn': '1',
-+ 'cn': 'user 1',
-+ 'uid': 'user1',
-+ 'mail': 'user1@example.com',
-+ 'userpassword': 'password'})))
-+ except ldap.LDAPError, e:
-+ log.error('test_attruniq: Failed to add test user' + USER1_DN + ': error ' + e.message['desc'])
-+ assert False
-+
-+ # Add an entry with a duplicate "uid"
-+ try:
-+ inst.add_s(Entry((USER2_DN, {'objectclass': "top extensibleObject".split(),
-+ 'sn': '2',
-+ 'cn': 'user 2',
-+ 'uid': 'user2',
-+ 'uid': 'user1',
-+ 'userpassword': 'password'})))
-+
-+ except ldap.CONSTRAINT_VIOLATION:
-+ pass
-+ else:
-+ log.error('test_attruniq: Adding of 2nd entry(uid) incorrectly succeeded')
-+ assert False
-+
-+ ############################################################################
-+ # Change config to use "mail" instead of "uid"
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s('cn=' + PLUGIN_ATTR_UNIQUENESS + ',cn=plugins,cn=config',
-+ [(ldap.MOD_REPLACE, 'uniqueness-attribute-name', 'mail')])
-+
-+ except ldap.LDAPError, e:
-+ log.error('test_attruniq: Failed to configure plugin for "mail": error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin - Add an entry, that has a duplicate "mail" value
-+ ############################################################################
-+
-+ try:
-+ inst.add_s(Entry((USER2_DN, {'objectclass': "top extensibleObject".split(),
-+ 'sn': '2',
-+ 'cn': 'user 2',
-+ 'uid': 'user2',
-+ 'mail': 'user1@example.com',
-+ 'userpassword': 'password'})))
-+ except ldap.CONSTRAINT_VIOLATION:
-+ pass
-+ else:
-+ log.error('test_attruniq: Adding of 2nd entry(mail) incorrectly succeeded')
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_ATTR_UNIQUENESS)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_attruniq: Failed to delete test entry: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_attruniq: PASS\n')
-+ return
-+
-+
-+################################################################################
-+#
-+# Test Auto Membership Plugin (2)
-+#
-+################################################################################
-+def test_automember(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_AUTOMEMBER)
-+ inst.plugins.enable(name=PLUGIN_AUTOMEMBER)
-+
-+ if args == "restart":
-+ return
-+
-+ CONFIG_DN = 'cn=config,cn=' + PLUGIN_AUTOMEMBER + ',cn=plugins,cn=config'
-+
-+ log.info('Testing ' + PLUGIN_AUTOMEMBER + '...')
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ # Add the automember group
-+ try:
-+ inst.add_s(Entry((GROUP_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'cn': 'group'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to add group: error ' + e.message['desc'])
-+ assert False
-+
-+ # Add ou=branch1
-+ try:
-+ inst.add_s(Entry((BRANCH1_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'ou': 'branch1'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to add branch1: error ' + e.message['desc'])
-+ assert False
-+
-+ # Add ou=branch2
-+ try:
-+ inst.add_s(Entry((BRANCH2_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'ou': 'branch2'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to add branch2: error ' + e.message['desc'])
-+ assert False
-+
-+ # Add the automember config entry
-+ try:
-+ inst.add_s(Entry((CONFIG_DN, {
-+ 'objectclass': 'top autoMemberDefinition'.split(),
-+ 'cn': 'config',
-+ 'autoMemberScope': 'ou=branch1,' + DEFAULT_SUFFIX,
-+ 'autoMemberFilter': 'objectclass=top',
-+ 'autoMemberDefaultGroup': 'cn=group,' + DEFAULT_SUFFIX,
-+ 'autoMemberGroupingAttr': 'member:dn'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to add config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test the plugin
-+ ############################################################################
-+
-+ # Add a user that should get added to the group
-+ try:
-+ inst.add_s(Entry((BUSER1_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user1'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to add user: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check the group
-+ try:
-+ entries = inst.search_s(GROUP_DN, ldap.SCOPE_BASE,
-+ '(member=' + BUSER1_DN + ')')
-+ if not entries:
-+ log.fatal('test_automember: Search failed to find member user1')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_automember: Search failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Change config
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(CONFIG_DN,
-+ [(ldap.MOD_REPLACE, 'autoMemberGroupingAttr', 'uniquemember:dn'),
-+ (ldap.MOD_REPLACE, 'autoMemberScope', 'ou=branch2,' + DEFAULT_SUFFIX)])
-+
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to modify config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Add a user that should get added to the group
-+ try:
-+ inst.add_s(Entry((BUSER2_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user2'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to user to branch2: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check the group
-+ try:
-+ entries = inst.search_s(GROUP_DN, ldap.SCOPE_BASE,
-+ '(uniquemember=' + BUSER2_DN + ')')
-+ if not entries:
-+ log.fatal('test_automember: Search failed to find uniquemember user2')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_automember: Search failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test Task
-+ ############################################################################
-+
-+ # Disable plugin
-+ inst.plugins.disable(name=PLUGIN_AUTOMEMBER)
-+
-+ # Add an entry that should be picked up by automember - verify it is not(yet)
-+ try:
-+ inst.add_s(Entry((BUSER3_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user3'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to user3 to branch2: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check the group - uniquemember sahould not exist
-+ try:
-+ entries = inst.search_s(GROUP_DN, ldap.SCOPE_BASE,
-+ '(uniquemember=' + BUSER3_DN + ')')
-+ if entries:
-+ log.fatal('test_automember: user3 was incorrectly added to the group')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_automember: Search failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Enable plugin
-+ inst.plugins.enable(name=PLUGIN_AUTOMEMBER)
-+
-+ # Add the task
-+ try:
-+ inst.add_s(Entry(('cn=task-' + str(int(time.time())) + ',cn=automember rebuild membership,cn=tasks,cn=config', {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'basedn': 'ou=branch2,' + DEFAULT_SUFFIX,
-+ 'filter': 'objectclass=top'})))
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to add task: error ' + e.message['desc'])
-+ assert False
-+
-+ time.sleep(3) # Wait for the task to do its work
-+
-+ # Verify the fixup task worked
-+ try:
-+ entries = inst.search_s(GROUP_DN, ldap.SCOPE_BASE,
-+ '(uniquemember=' + BUSER3_DN + ')')
-+ if not entries:
-+ log.fatal('test_automember: user3 was not added to the group')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_automember: Search failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_AUTOMEMBER)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(BUSER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to delete test entry1: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(BUSER2_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to delete test entry2: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(BUSER3_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to delete test entry3: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(BRANCH1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to delete branch1: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(BRANCH2_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to delete test branch2: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(GROUP_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to delete test group: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(CONFIG_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to delete plugin config entry: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_automember: PASS\n')
-+ return
-+
-+
-+################################################################################
-+#
-+# Test DNA Plugin (3)
-+#
-+################################################################################
-+def test_dna(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_DNA)
-+ inst.plugins.enable(name=PLUGIN_DNA)
-+
-+ if args == "restart":
-+ return
-+
-+ CONFIG_DN = 'cn=config,cn=' + PLUGIN_DNA + ',cn=plugins,cn=config'
-+
-+ log.info('Testing ' + PLUGIN_DNA + '...')
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ try:
-+ inst.add_s(Entry((CONFIG_DN, {
-+ 'objectclass': 'top dnaPluginConfig'.split(),
-+ 'cn': 'config',
-+ 'dnatype': 'uidNumber',
-+ 'dnafilter': '(objectclass=top)',
-+ 'dnascope': DEFAULT_SUFFIX,
-+ 'dnaMagicRegen': '-1',
-+ 'dnaMaxValue': '50000',
-+ 'dnaNextValue': '1'
-+ })))
-+ except ldap.ALREADY_EXISTS:
-+ try:
-+ inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'dnaNextValue', '1'),
-+ (ldap.MOD_REPLACE, 'dnaMagicRegen', '-1')])
-+ except ldap.LDAPError, e:
-+ log.error('test_dna: Failed to set the DNA plugin: error ' + e.message['desc'])
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.error('test_dna: Failed to add config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ try:
-+ inst.add_s(Entry((USER1_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user1'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_dna: Failed to user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # See if the entry now has the new uidNumber assignment - uidNumber=1
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=1)')
-+ if not entries:
-+ log.fatal('test_dna: user1 was not updated - (looking for uidNumber: 1)')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Test the magic regen value
-+ try:
-+ inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'uidNumber', '-1')])
-+ except ldap.LDAPError, e:
-+ log.error('test_dna: Failed to set the magic reg value: error ' + e.message['desc'])
-+ assert False
-+
-+ # See if the entry now has the new uidNumber assignment - uidNumber=2
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=2)')
-+ if not entries:
-+ log.fatal('test_dna: user1 was not updated (looking for uidNumber: 2)')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ ################################################################################
-+ # Change the config
-+ ################################################################################
-+
-+ try:
-+ inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'dnaMagicRegen', '-2')])
-+ except ldap.LDAPError, e:
-+ log.error('test_dna: Failed to set the magic reg value to -2: error ' + e.message['desc'])
-+ assert False
-+
-+ ################################################################################
-+ # Test plugin
-+ ################################################################################
-+
-+ # Test the magic regen value
-+ try:
-+ inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'uidNumber', '-2')])
-+ except ldap.LDAPError, e:
-+ log.error('test_dna: Failed to set the magic reg value: error ' + e.message['desc'])
-+ assert False
-+
-+ # See if the entry now has the new uidNumber assignment - uidNumber=3
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=3)')
-+ if not entries:
-+ log.fatal('test_dna: user1 was not updated (looking for uidNumber: 3)')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_AUTOMEMBER)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_automember: Failed to delete test entry1: ' + e.message['desc'])
-+ assert False
-+
-+ inst.plugins.disable(name=PLUGIN_DNA)
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_dna: PASS\n')
-+
-+ return
-+
-+
-+################################################################################
-+#
-+# Test Linked Attrs Plugin (4)
-+#
-+################################################################################
-+def test_linkedattrs(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_LINKED_ATTRS)
-+ inst.plugins.enable(name=PLUGIN_LINKED_ATTRS)
-+
-+ if args == "restart":
-+ return
-+
-+ CONFIG_DN = 'cn=config,cn=' + PLUGIN_LINKED_ATTRS + ',cn=plugins,cn=config'
-+
-+ log.info('Testing ' + PLUGIN_LINKED_ATTRS + '...')
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ # Add test entries
-+ try:
-+ inst.add_s(Entry((USER1_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user1'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to user1: error ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.add_s(Entry((USER2_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user2'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # Add the linked attrs config entry
-+ try:
-+ inst.add_s(Entry((CONFIG_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'cn': 'config',
-+ 'linkType': 'directReport',
-+ 'managedType': 'manager'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to add config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Set "directReport" should add "manager" to the other entry
-+ try:
-+ inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'directReport', USER2_DN)])
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to add "directReport" to user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # See if manager was added to the other entry
-+ try:
-+ entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
-+ if not entries:
-+ log.fatal('test_linkedattrs: user2 missing "manager" attribute')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Remove "directReport" should remove "manager" to the other entry
-+ try:
-+ inst.modify_s(USER1_DN, [(ldap.MOD_DELETE, 'directReport', None)])
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to delete directReport: error ' + e.message['desc'])
-+ assert False
-+
-+ # See if manager was removed
-+ try:
-+ entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
-+ if entries:
-+ log.fatal('test_linkedattrs: user2 "manager" attribute not removed')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Change the config - using linkType "indirectReport" now
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'linkType', 'indirectReport')])
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to set linkTypee: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Make sure the old linkType(directManager) is not working
-+ try:
-+ inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'directReport', USER2_DN)])
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to add "directReport" to user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # See if manager was added to the other entry, better not be...
-+ try:
-+ entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
-+ if entries:
-+ log.fatal('test_linkedattrs: user2 had "manager" added unexpectedly')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_linkedattrs: Search for user2 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Now, set the new linkType "indirectReport", which should add "manager" to the other entry
-+ try:
-+ inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'indirectReport', USER2_DN)])
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to add "indirectReport" to user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # See if manager was added to the other entry, better not be
-+ try:
-+ entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
-+ if not entries:
-+ log.fatal('test_linkedattrs: user2 missing "manager"')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_linkedattrs: Search for user2 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Remove "indirectReport" should remove "manager" to the other entry
-+ try:
-+ inst.modify_s(USER1_DN, [(ldap.MOD_DELETE, 'indirectReport', None)])
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to delete directReport: error ' + e.message['desc'])
-+ assert False
-+
-+ # See if manager was removed
-+ try:
-+ entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
-+ if entries:
-+ log.fatal('test_linkedattrs: user2 "manager" attribute not removed')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test Fixup Task
-+ ############################################################################
-+
-+ # Disable plugin and make some updates that would of triggered the plugin
-+ inst.plugins.disable(name=PLUGIN_LINKED_ATTRS)
-+
-+ try:
-+ inst.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'indirectReport', USER2_DN)])
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to add "indirectReport" to user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # The entry should not have a manager attribute
-+ try:
-+ entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
-+ if entries:
-+ log.fatal('test_linkedattrs: user2 incorrectly has a "manager" attr')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Verify that the task does not work yet(not until we enable the plugin)
-+ try:
-+ inst.add_s(Entry(('cn=task-' + str(int(time.time())) + ',cn=fixup linked attributes,cn=tasks,cn=config', {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'basedn': DEFAULT_SUFFIX,
-+ 'filter': '(objectclass=top)'})))
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to add task: error ' + e.message['desc'])
-+ assert False
-+
-+ time.sleep(3) # Wait for the task to do, or not do, its work
-+
-+ # The entry should still not have a manager attribute
-+ try:
-+ entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
-+ if entries:
-+ log.fatal('test_linkedattrs: user2 incorrectly has a "manager" attr')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_linkedattrs: Search for user2 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Enable the plugin and rerun the task entry
-+ inst.plugins.enable(name=PLUGIN_LINKED_ATTRS)
-+
-+ # Add the task again
-+ try:
-+ inst.add_s(Entry(('cn=task-' + str(int(time.time())) + ',cn=fixup linked attributes,cn=tasks,cn=config', {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'basedn': DEFAULT_SUFFIX,
-+ 'filter': 'objectclass=top'})))
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to add task: error ' + e.message['desc'])
-+ assert False
-+
-+ time.sleep(3) # Wait for the task to do its work
-+
-+ # Check if user2 now has a manager attribute now
-+ try:
-+ entries = inst.search_s(USER2_DN, ldap.SCOPE_BASE, '(manager=*)')
-+ if not entries:
-+ log.fatal('test_linkedattrs: task failed: user2 missing "manager" attr')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_linkedattrs: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_LINKED_ATTRS)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to delete test entry1: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(USER2_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to delete test entry2: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(CONFIG_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_linkedattrs: Failed to delete plugin config entry: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_linkedattrs: PASS\n')
-+ return
-+
-+
-+################################################################################
-+#
-+# Test MemberOf Plugin (5)
-+#
-+################################################################################
-+def test_memberof(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_MEMBER_OF)
-+ inst.plugins.enable(name=PLUGIN_MEMBER_OF)
-+
-+ if args == "restart":
-+ return
-+
-+ PLUGIN_DN = 'cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config'
-+
-+ log.info('Testing ' + PLUGIN_MEMBER_OF + '...')
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'member')])
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to update config(member): error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Add our test entries
-+ try:
-+ inst.add_s(Entry((USER1_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user1'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to add user1: error ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.add_s(Entry((GROUP_DN, {
-+ 'objectclass': 'top groupOfNames groupOfUniqueNames extensibleObject'.split(),
-+ 'cn': 'group',
-+ 'member': USER1_DN
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to add group: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check if the user now has a "memberOf" attribute
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
-+ if not entries:
-+ log.fatal('test_memberof: user1 missing memberOf')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Remove "member" should remove "memberOf" from the entry
-+ try:
-+ inst.modify_s(GROUP_DN, [(ldap.MOD_DELETE, 'member', None)])
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to delete member: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check that "memberOf" was removed
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
-+ if entries:
-+ log.fatal('test_memberof: user1 incorrect has memberOf attr')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Change the config
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'uniquemember')])
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to update config(uniquemember): error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(GROUP_DN, [(ldap.MOD_REPLACE, 'uniquemember', USER1_DN)])
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to add uniquemember: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check if the user now has a "memberOf" attribute
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
-+ if not entries:
-+ log.fatal('test_memberof: user1 missing memberOf')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Remove "uniquemember" should remove "memberOf" from the entry
-+ try:
-+ inst.modify_s(GROUP_DN, [(ldap.MOD_DELETE, 'uniquemember', None)])
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to delete member: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check that "memberOf" was removed
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
-+ if entries:
-+ log.fatal('test_memberof: user1 incorrect has memberOf attr')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test Fixup Task
-+ ############################################################################
-+
-+ inst.plugins.disable(name=PLUGIN_MEMBER_OF)
-+
-+ # Add uniquemember, should not update USER1
-+ try:
-+ inst.modify_s(GROUP_DN, [(ldap.MOD_REPLACE, 'uniquemember', USER1_DN)])
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to add uniquemember: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check for "memberOf"
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
-+ if entries:
-+ log.fatal('test_memberof: user1 incorrect has memberOf attr')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Run fixup task while plugin disabled - should not add "memberOf
-+ # Verify that the task does not work yet(not until we enable the plugin)
-+ try:
-+ inst.add_s(Entry(('cn=task-' + str(int(time.time())) + ',' + DN_MBO_TASK, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'basedn': DEFAULT_SUFFIX,
-+ 'filter': 'objectclass=top'})))
-+ except ldap.NO_SUCH_OBJECT:
-+ pass
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to add task: error ' + e.message['desc'])
-+ assert False
-+
-+ time.sleep(3) # Wait for the task to do, or not do, its work
-+
-+ # Check for "memberOf"
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
-+ if entries:
-+ log.fatal('test_memberof: user1 incorrectly has memberOf attr')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ # Enable the plugin, and run the task
-+ inst.plugins.enable(name=PLUGIN_MEMBER_OF)
-+
-+ try:
-+ inst.add_s(Entry(('cn=task-' + str(int(time.time())) + ',' + DN_MBO_TASK, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'basedn': DEFAULT_SUFFIX,
-+ 'filter': 'objectclass=top'})))
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to add task: error ' + e.message['desc'])
-+ assert False
-+
-+ time.sleep(3) # Wait for the task to do its work
-+
-+ # Check for "memberOf"
-+ try:
-+ entries = inst.search_s(USER1_DN, ldap.SCOPE_BASE, '(memberOf=*)')
-+ if not entries:
-+ log.fatal('test_memberof: user1 missing memberOf attr')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_memberof: Search for user1 failed: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_MEMBER_OF)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to delete test entry1: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(GROUP_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_memberof: Failed to delete test group: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_memberof: PASS\n')
-+
-+ return
-+
-+
-+################################################################################
-+#
-+# Test Managed Entry Plugin (6)
-+#
-+################################################################################
-+def test_mep(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_MANAGED_ENTRY)
-+ inst.plugins.enable(name=PLUGIN_MANAGED_ENTRY)
-+
-+ if args == "restart":
-+ return
-+
-+ USER_DN = 'uid=user1,ou=people,' + DEFAULT_SUFFIX
-+ MEP_USER_DN = 'cn=user1,ou=groups,' + DEFAULT_SUFFIX
-+ USER_DN2 = 'uid=user 1,ou=people,' + DEFAULT_SUFFIX
-+ MEP_USER_DN2 = 'uid=user 1,ou=groups,' + DEFAULT_SUFFIX
-+ CONFIG_DN = 'cn=config,cn=' + PLUGIN_MANAGED_ENTRY + ',cn=plugins,cn=config'
-+ TEMPLATE_DN = 'cn=MEP Template,' + DEFAULT_SUFFIX
-+ TEMPLATE_DN2 = 'cn=MEP Template2,' + DEFAULT_SUFFIX
-+
-+ log.info('Testing ' + PLUGIN_MANAGED_ENTRY + '...')
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ # Add our org units
-+ try:
-+ inst.add_s(Entry((PEOPLE_OU, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'ou': 'people'})))
-+ except ldap.ALREADY_EXISTS:
-+ pass
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to add people org unit: error ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.add_s(Entry((GROUP_OU, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'ou': 'people'})))
-+ except ldap.ALREADY_EXISTS:
-+ pass
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to add people org unit: error ' + e.message['desc'])
-+ assert False
-+
-+ # Add the template entry
-+ try:
-+ inst.add_s(Entry((TEMPLATE_DN, {
-+ 'objectclass': 'top mepTemplateEntry extensibleObject'.split(),
-+ 'cn': 'MEP Template',
-+ 'mepRDNAttr': 'cn',
-+ 'mepStaticAttr': 'objectclass: posixGroup|objectclass: extensibleObject'.split('|'),
-+ 'mepMappedAttr': 'cn: $cn|uid: $cn|gidNumber: $uidNumber'.split('|')
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to add template entry: error ' + e.message['desc'])
-+ assert False
-+
-+ # log.info('geb.....')
-+ # time.sleep(30)
-+
-+ # Add the config entry
-+ try:
-+ inst.add_s(Entry((CONFIG_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'cn': 'config',
-+ 'originScope': PEOPLE_OU,
-+ 'originFilter': 'objectclass=posixAccount',
-+ 'managedBase': GROUP_OU,
-+ 'managedTemplate': TEMPLATE_DN
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to add config entry: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Add an entry that meets the MEP scope
-+ try:
-+ inst.add_s(Entry((USER_DN, {
-+ 'objectclass': 'top posixAccount extensibleObject'.split(),
-+ 'uid': 'user1',
-+ 'cn': 'user1',
-+ 'uidNumber': '1',
-+ 'gidNumber': '1',
-+ 'homeDirectory': '/home/user1'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check if a managed group entry was created
-+ try:
-+ inst.search_s(MEP_USER_DN, ldap.SCOPE_BASE, '(objectclass=top)')
-+ except ldap.LDAPError, e:
-+ log.fatal('test_mep: Unable to find MEP entry: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Change the config
-+ ############################################################################
-+
-+ # Add a new template entry
-+ try:
-+ inst.add_s(Entry((TEMPLATE_DN2, {
-+ 'objectclass': 'top mepTemplateEntry extensibleObject'.split(),
-+ 'cn': 'MEP Template2',
-+ 'mepRDNAttr': 'uid',
-+ 'mepStaticAttr': 'objectclass: posixGroup|objectclass: extensibleObject'.split('|'),
-+ 'mepMappedAttr': 'cn: $uid|uid: $cn|gidNumber: $gidNumber'.split('|')
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to add template entry2: error ' + e.message['desc'])
-+ assert False
-+
-+ # Set the new template dn
-+ try:
-+ inst.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'managedTemplate', TEMPLATE_DN2)])
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to set mep plugin config: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Add an entry that meets the MEP scope
-+ try:
-+ inst.add_s(Entry((USER_DN2, {
-+ 'objectclass': 'top posixAccount extensibleObject'.split(),
-+ 'uid': 'user 1',
-+ 'cn': 'user 1',
-+ 'uidNumber': '1',
-+ 'gidNumber': '1',
-+ 'homeDirectory': '/home/user2'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to user2: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check if a managed group entry was created
-+ try:
-+ inst.search_s(MEP_USER_DN2, ldap.SCOPE_BASE, '(objectclass=top)')
-+ except ldap.LDAPError, e:
-+ log.fatal('test_mep: Unable to find MEP entry2: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_MANAGED_ENTRY)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(USER_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to delete test user1: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(USER_DN2)
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to delete test user 2: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(TEMPLATE_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to delete template1: ' + e.message['desc'])
-+ assert False
-+
-+ inst.plugins.disable(name=PLUGIN_MANAGED_ENTRY)
-+
-+ try:
-+ inst.delete_s(TEMPLATE_DN2)
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to delete template2: ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(CONFIG_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_mep: Failed to delete config: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_mep: PASS\n')
-+ return
-+
-+
-+################################################################################
-+#
-+# Test Passthru Plugin (7)
-+#
-+################################################################################
-+def test_passthru(inst, args=None):
-+ # Passthru is a bit picky about the state of the entry - we can't just restart it
-+ if args == "restart":
-+ return
-+
-+ # stop the plugin
-+ inst.plugins.disable(name=PLUGIN_PASSTHRU)
-+
-+ PLUGIN_DN = 'cn=' + PLUGIN_PASSTHRU + ',cn=plugins,cn=config'
-+ PASSTHRU_DN = 'uid=admin,dc=pass,dc=thru'
-+ PASSTHRU_DN2 = 'uid=admin2,dc=pass2,dc=thru'
-+ PASS_SUFFIX1 = 'dc=pass,dc=thru'
-+ PASS_SUFFIX2 = 'dc=pass2,dc=thru'
-+ PASS_BE2 = 'PASS2'
-+
-+ log.info('Testing ' + PLUGIN_PASSTHRU + '...')
-+
-+ ############################################################################
-+ # Add a new "remote" instance, and a user for auth
-+ ############################################################################
-+
-+ # Create second instance
-+ passthru_inst = DirSrv(verbose=False)
-+
-+ #if installation1_prefix:
-+ # args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+ # Args for the master1 instance
-+ """
-+ args_instance[SER_HOST] = '127.0.0.1'
-+ args_instance[SER_PORT] = '33333'
-+ args_instance[SER_SERVERID_PROP] = 'passthru'
-+ """
-+ args_instance[SER_HOST] = 'localhost.localdomain'
-+ args_instance[SER_PORT] = 33333
-+ args_instance[SER_SERVERID_PROP] = 'passthru'
-+
-+ args_instance[SER_CREATION_SUFFIX] = PASS_SUFFIX1
-+ args_passthru_inst = args_instance.copy()
-+ passthru_inst.allocate(args_passthru_inst)
-+ passthru_inst.create()
-+ passthru_inst.open()
-+
-+ # Create a second backend
-+ passthru_inst.backend.create(PASS_SUFFIX2, {BACKEND_NAME: PASS_BE2})
-+ passthru_inst.mappingtree.create(PASS_SUFFIX2, bename=PASS_BE2)
-+
-+ # Create the top of the tree
-+ try:
-+ passthru_inst.add_s(Entry((PASS_SUFFIX2, {
-+ 'objectclass': 'top domain'.split(),
-+ 'dc': 'pass2'})))
-+ except ldap.ALREADY_EXISTS:
-+ pass
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: Failed to create suffix entry: error ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ # Add user to suffix1
-+ try:
-+ passthru_inst.add_s(Entry((PASSTHRU_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'admin',
-+ 'userpassword': 'password'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: Failed to admin1: error ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ # Add user to suffix 2
-+ try:
-+ passthru_inst.add_s(Entry((PASSTHRU_DN2, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'admin2',
-+ 'userpassword': 'password'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: Failed to admin2 : error ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ ############################################################################
-+ # Configure and start plugin
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on'),
-+ (ldap.MOD_REPLACE, 'nsslapd-pluginarg0', 'ldap://127.0.0.1:33333/dc=pass,dc=thru')])
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: Failed to set mep plugin config: error ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # login as user
-+ try:
-+ inst.simple_bind_s(PASSTHRU_DN, "password")
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: pass through bind failed: ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ ############################################################################
-+ # Change the config
-+ ############################################################################
-+
-+ # login as root DN
-+ try:
-+ inst.simple_bind_s(DN_DM, PASSWORD)
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: pass through bind failed: ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', 'ldap://127.0.0.1:33333/dc=pass2,dc=thru')])
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: Failed to set mep plugin config: error ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # login as user
-+ try:
-+ inst.simple_bind_s(PASSTHRU_DN2, "password")
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: pass through bind failed: ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ # login as root DN
-+ try:
-+ inst.simple_bind_s(DN_DM, PASSWORD)
-+ except ldap.LDAPError, e:
-+ log.error('test_passthru: pass through bind failed: ' + e.message['desc'])
-+ passthru_inst.delete()
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_PASSTHRU)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ # remove the passthru instance
-+ passthru_inst.delete()
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_passthru: PASS\n')
-+
-+ return
-+
-+
-+################################################################################
-+#
-+# Test Referential Integrity Plugin (8)
-+#
-+################################################################################
-+def test_referint(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_REFER_INTEGRITY)
-+ inst.plugins.enable(name=PLUGIN_REFER_INTEGRITY)
-+
-+ if args == "restart":
-+ return
-+
-+ log.info('Testing ' + PLUGIN_REFER_INTEGRITY + '...')
-+ PLUGIN_DN = 'cn=' + PLUGIN_REFER_INTEGRITY + ',cn=plugins,cn=config'
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'referint-membership-attr', 'member')])
-+ except ldap.LDAPError, e:
-+ log.error('test_referint: Failed to configure RI plugin: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Add some users and a group
-+ try:
-+ inst.add_s(Entry((USER1_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user1'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_referint: Failed to add user1: error ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.add_s(Entry((USER2_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user2'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_referint: Failed to add user2: error ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.add_s(Entry((GROUP_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'cn': 'group',
-+ 'member': USER1_DN,
-+ 'uniquemember': USER2_DN
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_referint: Failed to add group: error ' + e.message['desc'])
-+ assert False
-+
-+ # Delete a user
-+ try:
-+ inst.delete_s(USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_referint: Failed to delete user1: ' + e.message['desc'])
-+ assert False
-+
-+ # Check for integrity
-+ try:
-+ entry = inst.search_s(GROUP_DN, ldap.SCOPE_BASE, '(member=' + USER1_DN + ')')
-+ if entry:
-+ log.error('test_referint: user1 was not removed from group')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_referint: Unable to search group: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Change the config
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'referint-membership-attr', 'uniquemember')])
-+ except ldap.LDAPError, e:
-+ log.error('test_referint: Failed to configure RI plugin: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Delete a user
-+ try:
-+ inst.delete_s(USER2_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_referint: Failed to delete user1: ' + e.message['desc'])
-+ assert False
-+
-+ # Check for integrity
-+ try:
-+ entry = inst.search_s(GROUP_DN, ldap.SCOPE_BASE, '(uniquemember=' + USER2_DN + ')')
-+ if entry:
-+ log.error('test_referint: user2 was not removed from group')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_referint: Unable to search group: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_REFER_INTEGRITY)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(GROUP_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_referint: Failed to delete user1: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_referint: PASS\n')
-+
-+ return
-+
-+
-+################################################################################
-+#
-+# Test Retro Changelog Plugin (9)
-+#
-+################################################################################
-+def test_retrocl(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_RETRO_CHANGELOG)
-+ inst.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
-+
-+ if args == "restart":
-+ return
-+
-+ log.info('Testing ' + PLUGIN_RETRO_CHANGELOG + '...')
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ # Gather the current change count (it's not 1 once we start the stabilty tests)
-+ try:
-+ entry = inst.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(changenumber=*)')
-+ except ldap.LDAPError, e:
-+ log.error('test_retrocl: Failed to get the count: error ' + e.message['desc'])
-+ assert False
-+
-+ entry_count = len(entry)
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Add a user
-+ try:
-+ inst.add_s(Entry((USER1_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user1'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_retrocl: Failed to add user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # Check we logged this in the retro cl
-+ try:
-+ entry = inst.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(changenumber=*)')
-+ if not entry or len(entry) == entry_count:
-+ log.error('test_retrocl: changelog not updated')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_retrocl: Unable to search group: ' + e.message['desc'])
-+ assert False
-+
-+ entry_count += 1
-+
-+ ############################################################################
-+ # Change the config - disable plugin
-+ ############################################################################
-+
-+ inst.plugins.disable(name=PLUGIN_RETRO_CHANGELOG)
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ try:
-+ inst.delete_s(USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_retrocl: Failed to delete user1: ' + e.message['desc'])
-+ assert False
-+
-+ # Check we didn't logged this in the retro cl
-+ try:
-+ entry = inst.search_s(RETROCL_SUFFIX, ldap.SCOPE_SUBTREE, '(changenumber=*)')
-+ if len(entry) != entry_count:
-+ log.error('test_retrocl: changelog incorrectly updated - change count: '
-+ + str(len(entry)) + ' - expected 1')
-+ assert False
-+ except ldap.LDAPError, e:
-+ log.fatal('test_retrocl: Unable to search retro changelog: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ inst.plugins.enable(name=PLUGIN_RETRO_CHANGELOG)
-+ test_dependency(inst, PLUGIN_RETRO_CHANGELOG)
-+
-+ ############################################################################
-+ # Cleanup
-+ ############################################################################
-+
-+ # None
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_retrocl: PASS\n')
-+
-+ return
-+
-+
-+################################################################################
-+#
-+# Test Root DN Access Control Plugin (10)
-+#
-+################################################################################
-+def test_rootdn(inst, args=None):
-+ # stop the plugin, and start it
-+ inst.plugins.disable(name=PLUGIN_ROOTDN_ACCESS)
-+ inst.plugins.enable(name=PLUGIN_ROOTDN_ACCESS)
-+
-+ if args == "restart":
-+ return
-+
-+ PLUGIN_DN = 'cn=' + PLUGIN_ROOTDN_ACCESS + ',cn=plugins,cn=config'
-+
-+ ############################################################################
-+ # Configure plugin
-+ ############################################################################
-+
-+ # Add an user and aci to open up cn=config
-+ try:
-+ inst.add_s(Entry((USER1_DN, {
-+ 'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user1',
-+ 'userpassword': 'password'
-+ })))
-+ except ldap.LDAPError, e:
-+ log.error('test_retrocl: Failed to add user1: error ' + e.message['desc'])
-+ assert False
-+
-+ # Set an aci so we can modify the plugin after ew deny the root dn
-+ ACI = '(target ="ldap:///cn=config")(targetattr = "*")(version 3.0;acl "all access";allow (all)(userdn="ldap:///anyone");)'
-+ try:
-+ inst.modify_s(DN_CONFIG, [(ldap.MOD_ADD, 'aci', ACI)])
-+ except ldap.LDAPError, e:
-+ log.error('test_rootdn: Failed to add aci to config: error ' + e.message['desc'])
-+ assert False
-+
-+ # Set allowed IP to an unknown host - blocks root dn
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'rootdn-allow-ip', '10.10.10.10')])
-+ except ldap.LDAPError, e:
-+ log.error('test_rootdn: Failed to set rootDN plugin config: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Bind as Root DN
-+ failed = False
-+ try:
-+ inst.simple_bind_s(DN_DM, PASSWORD)
-+ except ldap.LDAPError, e:
-+ failed = True
-+
-+ if not failed:
-+ log.error('test_rootdn: Root DN was incorrectly able to bind')
-+ assert False
-+
-+ ############################################################################
-+ # Change the config
-+ ############################################################################
-+
-+ try:
-+ inst.simple_bind_s(USER1_DN, 'password')
-+ except ldap.LDAPError, e:
-+ log.error('test_rootdn: failed to bind as user1')
-+ assert False
-+
-+ # Remove the restriction
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_DELETE, 'rootdn-allow-ip', None)])
-+ except ldap.LDAPError, e:
-+ log.error('test_rootdn: Failed to set rootDN plugin config: error ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin
-+ ############################################################################
-+
-+ # Bind as Root DN
-+ failed = False
-+ try:
-+ inst.simple_bind_s(DN_DM, PASSWORD)
-+ except ldap.LDAPError, e:
-+ failed = True
-+
-+ if failed:
-+ log.error('test_rootdn: Root DN was not able to bind')
-+ assert False
-+
-+ ############################################################################
-+ # Test plugin dependency
-+ ############################################################################
-+
-+ test_dependency(inst, PLUGIN_ROOTDN_ACCESS)
-+
-+ ############################################################################
-+ # Cleanup - remove ACI from cn=config and test user
-+ ############################################################################
-+
-+ try:
-+ inst.modify_s(DN_CONFIG, [(ldap.MOD_DELETE, 'aci', ACI)])
-+ except ldap.LDAPError, e:
-+ log.error('test_rootdn: Failed to add aci to config: error ' + e.message['desc'])
-+ assert False
-+
-+ try:
-+ inst.delete_s(USER1_DN)
-+ except ldap.LDAPError, e:
-+ log.error('test_rootdn: Failed to delete user1: ' + e.message['desc'])
-+ assert False
-+
-+ ############################################################################
-+ # Test passed
-+ ############################################################################
-+
-+ log.info('test_rootdn: PASS\n')
-+
-+ return
-+
-+
-+# Array of test functions
-+func_tests = [test_acctpolicy, test_attruniq, test_automember, test_dna,
-+ test_linkedattrs, test_memberof, test_mep, test_passthru,
-+ test_referint, test_retrocl, test_rootdn]
-+
-+
-+def test_all_plugins(inst, args=None):
-+ for func in func_tests:
-+ func(inst, args)
-+
-+ return
-+
-diff --git a/dirsrvtests/suites/dynamic-plugins/stress_tests.py b/dirsrvtests/suites/dynamic-plugins/stress_tests.py
-new file mode 100644
-index 0000000..a1f666d
---- /dev/null
-+++ b/dirsrvtests/suites/dynamic-plugins/stress_tests.py
-@@ -0,0 +1,133 @@
-+'''
-+Created on Dec 16, 2014
-+
-+@author: mreynolds
-+'''
-+import os
-+import sys
-+import time
-+import ldap
-+import time
-+import logging
-+import socket
-+import pytest
-+import threading
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from constants import *
-+
-+log = logging.getLogger(__name__)
-+
-+NUM_USERS = 250
-+
-+
-+def openConnection(inst):
-+ # Open a new connection to our LDAP server
-+ server = DirSrv(verbose=False)
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ server.allocate(args_standalone)
-+ server.open()
-+
-+ return server
-+
-+
-+# Configure Referential Integrity Plugin for stress test
-+def configureRI(inst):
-+ inst.plugins.enable(name=PLUGIN_REFER_INTEGRITY)
-+ PLUGIN_DN = 'cn=' + PLUGIN_REFER_INTEGRITY + ',cn=plugins,cn=config'
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'referint-membership-attr', 'uniquemember')])
-+ except ldap.LDAPError, e:
-+ log.error('configureRI: Failed to configure RI plugin: error ' + e.message['desc'])
-+ assert False
-+
-+
-+# Configure MemberOf Plugin for stress test
-+def configureMO(inst):
-+ inst.plugins.enable(name=PLUGIN_MEMBER_OF)
-+ PLUGIN_DN = 'cn=' + PLUGIN_MEMBER_OF + ',cn=plugins,cn=config'
-+ try:
-+ inst.modify_s(PLUGIN_DN, [(ldap.MOD_REPLACE, 'memberofgroupattr', 'uniquemember')])
-+ except ldap.LDAPError, e:
-+ log.error('configureMO: Failed to update config(uniquemember): error ' + e.message['desc'])
-+ assert False
-+
-+
-+class DelUsers(threading.Thread):
-+ def __init__(self, inst, rdnval):
-+ threading.Thread.__init__(self)
-+ self.daemon = True
-+ self.inst = inst
-+ self.rdnval = rdnval
-+
-+ def run(self):
-+ conn = openConnection(self.inst)
-+ idx = 0
-+ log.info('DelUsers - Deleting ' + str(NUM_USERS) + ' entries (' + self.rdnval + ')...')
-+ while idx < NUM_USERS:
-+ USER_DN = 'uid=' + self.rdnval + str(idx) + ',' + DEFAULT_SUFFIX
-+ try:
-+ conn.delete_s(USER_DN)
-+ except ldap.LDAPError, e:
-+ log.error('DeleteUsers: failed to delete (' + USER_DN + ') error: ' + e.message['desc'])
-+ assert False
-+
-+ idx += 1
-+
-+ conn.close()
-+ log.info('DelUsers - Finished deleting ' + str(NUM_USERS) + ' entries (' + self.rdnval + ').')
-+
-+
-+class AddUsers(threading.Thread):
-+ def __init__(self, inst, rdnval, addToGroup):
-+ threading.Thread.__init__(self)
-+ self.daemon = True
-+ self.inst = inst
-+ self.addToGroup = addToGroup
-+ self.rdnval = rdnval
-+
-+ def run(self):
-+ # Start adding users
-+ conn = openConnection(self.inst)
-+ idx = 0
-+
-+ if self.addToGroup:
-+ GROUP_DN = 'cn=stress-group,' + DEFAULT_SUFFIX
-+ try:
-+ conn.add_s(Entry((GROUP_DN,
-+ {'objectclass': 'top groupOfNames groupOfUniqueNames extensibleObject'.split(),
-+ 'uid': 'user' + str(idx)})))
-+ except ldap.ALREADY_EXISTS:
-+ pass
-+ except ldap.LDAPError, e:
-+ log.error('AddUsers: failed to add group (' + USER_DN + ') error: ' + e.message['desc'])
-+ assert False
-+
-+ log.info('AddUsers - Adding ' + str(NUM_USERS) + ' entries (' + self.rdnval + ')...')
-+
-+ while idx < NUM_USERS:
-+ USER_DN = 'uid=' + self.rdnval + str(idx) + ',' + DEFAULT_SUFFIX
-+ try:
-+ conn.add_s(Entry((USER_DN, {'objectclass': 'top extensibleObject'.split(),
-+ 'uid': 'user' + str(idx)})))
-+ except ldap.LDAPError, e:
-+ log.error('AddUsers: failed to add (' + USER_DN + ') error: ' + e.message['desc'])
-+ assert False
-+
-+ if self.addToGroup:
-+ # Add the user to the group
-+ try:
-+ conn.modify_s(GROUP_DN, [(ldap.MOD_ADD, 'uniquemember', USER_DN)])
-+ except ldap.LDAPError, e:
-+ log.error('AddUsers: Failed to add user' + USER_DN + ' to group: error ' + e.message['desc'])
-+ assert False
-+
-+ idx += 1
-+
-+ conn.close()
-+ log.info('AddUsers - Finished adding ' + str(NUM_USERS) + ' entries (' + self.rdnval + ').')
-diff --git a/dirsrvtests/suites/dynamic-plugins/test_dynamic_plugins.py b/dirsrvtests/suites/dynamic-plugins/test_dynamic_plugins.py
-new file mode 100644
-index 0000000..3677fd5
---- /dev/null
-+++ b/dirsrvtests/suites/dynamic-plugins/test_dynamic_plugins.py
-@@ -0,0 +1,315 @@
-+'''
-+Created on Dec 09, 2014
-+
-+@author: mreynolds
-+'''
-+import os
-+import sys
-+import time
-+import ldap
-+import ldap.sasl
-+import logging
-+import socket
-+import pytest
-+import plugin_tests
-+import stress_tests
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from constants import *
-+
-+log = logging.getLogger(__name__)
-+
-+installation_prefix = None
-+
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to standalone topology for the 'module'.
-+ At the beginning, It may exists a standalone instance.
-+ It may also exists a backup for the standalone instance.
-+
-+ Principle:
-+ If standalone instance exists:
-+ restart it
-+ If backup of standalone exists:
-+ create/rebind to standalone
-+
-+ restore standalone instance from backup
-+ else:
-+ Cleanup everything
-+ remove instance
-+ remove backup
-+ Create instance
-+ Create backup
-+ '''
-+ global installation_prefix
-+
-+ if installation_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation_prefix
-+
-+ standalone = DirSrv(verbose=False)
-+
-+ # Args for the standalone instance
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+
-+ # Get the status of the backups
-+ backup_standalone = standalone.checkBackupFS()
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ # assuming the instance is already stopped, just wait 5 sec max
-+ standalone.stop(timeout=5)
-+ standalone.start(timeout=10)
-+
-+ if backup_standalone:
-+ # The backup exist, assuming it is correct
-+ # we just re-init the instance with it
-+ if not instance_standalone:
-+ standalone.create()
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # restore standalone instance from backup
-+ standalone.stop(timeout=10)
-+ standalone.restoreFS(backup_standalone)
-+ standalone.start(timeout=10)
-+
-+ else:
-+ # We should be here only in two conditions
-+ # - This is the first time a test involve standalone instance
-+ # - Something weird happened (instance/backup destroyed)
-+ # so we discard everything and recreate all
-+
-+ # Remove the backup. So even if we have a specific backup file
-+ # (e.g backup_standalone) we clear backup that an instance may have created
-+ if backup_standalone:
-+ standalone.clearBackupFS()
-+
-+ # Remove the instance
-+ if instance_standalone:
-+ standalone.delete()
-+
-+ # Create the instance
-+ standalone.create()
-+
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ standalone.open()
-+
-+ # Time to create the backups
-+ standalone.stop(timeout=10)
-+ standalone.backupfile = standalone.backupFS()
-+ standalone.start(timeout=10)
-+
-+ #
-+ # Here we have standalone instance up and running
-+ # Either coming from a backup recovery
-+ # or from a fresh (re)init
-+ # Time to return the topology
-+ return TopologyStandalone(standalone)
-+
-+
-+def test_dynamic_plugins(topology):
-+ """
-+ Test Dynamic Plugins - exercise each plugin and its main features, while
-+ changing the configuration without restarting the server.
-+
-+ Need to test: functionality, stability, and stress.
-+
-+ Functionality - Make sure that as configuration changes are made they take
-+ effect immediately. Cross plugin interaction (e.g. automember/memberOf)
-+ needs to tested, as well as plugin tasks. Need to test plugin
-+ config validation(dependencies, etc).
-+
-+ Memory Corruption - Restart the plugins many times, and in different orders and test
-+ functionality, and stability. This will excerise the internal
-+ plugin linked lists, dse callabcks, and task handlers.
-+
-+ Stress - Put the server under some type of load that is using a particular
-+ plugin for each operation, and then make changes to that plugin.
-+ The new changes should take effect, and the server should not crash.
-+
-+ """
-+
-+ ############################################################################
-+ # Test plugin functionality
-+ ############################################################################
-+
-+ # First enable dynamic plugins
-+ try:
-+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', 'on')])
-+ except ldap.LDAPError, e:
-+ ldap.error('Failed to enable dynamic plugin!' + e.message['desc'])
-+ assert False
-+
-+ log.info('#####################################################')
-+ log.info('Testing Dynamic Plugins Functionality...')
-+ log.info('#####################################################\n')
-+
-+ plugin_tests.test_all_plugins(topology.standalone)
-+
-+ log.info('#####################################################')
-+ log.info('Successfully Tested Dynamic Plugins Functionality.')
-+ log.info('#####################################################\n')
-+
-+ ############################################################################
-+ # Test the stability by exercising the internal lists, callabcks, and task handlers
-+ ############################################################################
-+
-+ log.info('#####################################################')
-+ log.info('Testing Dynamic Plugins for Memory Corruption...')
-+ log.info('#####################################################\n')
-+ prev_plugin_test = None
-+ prev_prev_plugin_test = None
-+ for plugin_test in plugin_tests.func_tests:
-+ #
-+ # Restart the plugin several times (and prev plugins) - work that linked list
-+ #
-+ plugin_test(topology.standalone, "restart")
-+
-+ if prev_prev_plugin_test:
-+ prev_prev_plugin_test(topology.standalone, "restart")
-+
-+ plugin_test(topology.standalone, "restart")
-+
-+ if prev_plugin_test:
-+ prev_plugin_test(topology.standalone, "restart")
-+
-+ plugin_test(topology.standalone, "restart")
-+
-+ # Now run the functional test
-+ plugin_test(topology.standalone)
-+
-+ # Set the previous tests
-+ if prev_plugin_test:
-+ prev_prev_plugin_test = prev_plugin_test
-+ prev_plugin_test = plugin_test
-+
-+ log.info('#####################################################')
-+ log.info('Successfully Tested Dynamic Plugins for Memory Corruption.')
-+ log.info('#####################################################\n')
-+
-+ ############################################################################
-+ # Stress two plugins while restarting it, and while restarting other plugins.
-+ # The goal is to not crash, and have the plugins work after stressing it.
-+ ############################################################################
-+
-+ log.info('#####################################################')
-+ log.info('Stressing Dynamic Plugins...')
-+ log.info('#####################################################\n')
-+
-+ # Configure the plugins
-+ stress_tests.configureMO(topology.standalone)
-+ stress_tests.configureRI(topology.standalone)
-+
-+ # Launch three new threads to add a bunch of users
-+ add_users = stress_tests.AddUsers(topology.standalone, 'user', True)
-+ add_users.start()
-+ add_users2 = stress_tests.AddUsers(topology.standalone, 'entry', True)
-+ add_users2.start()
-+ add_users3 = stress_tests.AddUsers(topology.standalone, 'person', True)
-+ add_users3.start()
-+ time.sleep(1)
-+
-+ # While we are adding users restart the MO plugin
-+ topology.standalone.plugins.disable(name=PLUGIN_MEMBER_OF)
-+ topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
-+ time.sleep(3)
-+ topology.standalone.plugins.disable(name=PLUGIN_MEMBER_OF)
-+ time.sleep(1)
-+ topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
-+
-+ # Restart idle plugin
-+ topology.standalone.plugins.disable(name=PLUGIN_LINKED_ATTRS)
-+ topology.standalone.plugins.enable(name=PLUGIN_LINKED_ATTRS)
-+
-+ # Wait for the 'adding' threads to complete
-+ add_users.join()
-+ add_users2.join()
-+ add_users3.join()
-+
-+ # Now launch three threads to delete the users, and restart both the MO and RI plugins
-+ del_users = stress_tests.DelUsers(topology.standalone, 'user')
-+ del_users.start()
-+ del_users2 = stress_tests.DelUsers(topology.standalone, 'entry')
-+ del_users2.start()
-+ del_users3 = stress_tests.DelUsers(topology.standalone, 'person')
-+ del_users3.start()
-+ time.sleep(1)
-+
-+ # Restart the both the MO and RI plugins during these deletes
-+
-+ topology.standalone.plugins.disable(name=PLUGIN_REFER_INTEGRITY)
-+ topology.standalone.plugins.disable(name=PLUGIN_MEMBER_OF)
-+ topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
-+ topology.standalone.plugins.enable(name=PLUGIN_REFER_INTEGRITY)
-+ time.sleep(3)
-+ topology.standalone.plugins.disable(name=PLUGIN_REFER_INTEGRITY)
-+ time.sleep(1)
-+ topology.standalone.plugins.disable(name=PLUGIN_MEMBER_OF)
-+ time.sleep(1)
-+ topology.standalone.plugins.enable(name=PLUGIN_MEMBER_OF)
-+ time.sleep(1)
-+ topology.standalone.plugins.enable(name=PLUGIN_REFER_INTEGRITY)
-+
-+ # Restart idle plugin
-+ topology.standalone.plugins.disable(name=PLUGIN_LINKED_ATTRS)
-+ topology.standalone.plugins.enable(name=PLUGIN_LINKED_ATTRS)
-+
-+ # Wait for the 'deleting' threads to complete
-+ del_users.join()
-+ del_users2.join()
-+ del_users3.join()
-+
-+ # Now make sure both the MO and RI plugins still work
-+ plugin_tests.func_tests[8](topology.standalone) # RI plugin
-+ plugin_tests.func_tests[5](topology.standalone) # MO plugin
-+
-+ log.info('#####################################################')
-+ log.info('Successfully Stressed Dynamic Plugins.')
-+ log.info('#####################################################\n')
-+
-+ ############################################################################
-+ # We made it to the end!
-+ ############################################################################
-+
-+ log.info('#####################################################')
-+ log.info('#####################################################')
-+ log.info("Dynamic Plugins Testsuite: Completed Successfully!")
-+ log.info('#####################################################')
-+ log.info('#####################################################')
-+
-+def test_dynamic_plugins_final(topology):
-+ topology.standalone.stop(timeout=10)
-+
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation_prefix
-+ installation_prefix = None
-+
-+ topo = topology(True)
-+ test_dynamic_plugins(topo)
-+
-+if __name__ == '__main__':
-+ run_isolated()
---
-1.9.3
-
diff --git a/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch b/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
new file mode 100644
index 0000000..4b31ffd
--- /dev/null
+++ b/SOURCES/0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
@@ -0,0 +1,71 @@
+From 679e7b024e36ac9dfce85766f5d82cc272911e53 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 25 Aug 2015 16:31:10 -0700
+Subject: [PATCH 52/52] Ticket #48228 - wrong password check if
+ passwordInHistory is decreased.
+
+Description: Regression was added by this commit:
+ commit 1a119125856006543aae0520b5800a8b52c3b049
+ Ticket #48228 - wrong password check if passwordInHistory is decreased.
+Compare function pw_history_cmp used in qsort did not check the correct
+address for the timestamp string, which made qsort return the password
+history in the wrong order.
+
+https://fedorahosted.org/389/ticket/48228
+
+Reviewed by rmeggins@redhat.com (Thank you, Rich!)
+
+(cherry picked from commit 391acfcf9a67b9b27ebbd98d1dfe30ef54a027c4)
+(cherry picked from commit 096b386663c949136095def77a7fb12eee64e542)
+---
+ ldap/servers/slapd/pw.c | 21 ++++++++-------------
+ 1 file changed, 8 insertions(+), 13 deletions(-)
+
+diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
+index 3abebbf..4e222d7 100644
+--- a/ldap/servers/slapd/pw.c
++++ b/ldap/servers/slapd/pw.c
+@@ -1085,8 +1085,6 @@ retry:
+ static int
+ pw_history_cmp(const void *h0, const void *h1)
+ {
+- size_t h0sz = 0;
+- size_t h1sz = 0;
+ if (!h0) {
+ if (!h1) {
+ return 0;
+@@ -1097,23 +1095,20 @@ pw_history_cmp(const void *h0, const void *h1)
+ if (!h1) {
+ return 1;
+ } else {
+- size_t delta;
+- h0sz = strlen(h0);
+- h1sz = strlen(h1);
+- delta = h0sz - h1sz;
+- if (!delta) {
+- return delta;
+- }
+- if (h0sz < GENERALIZED_TIME_LENGTH) {
++ char *h0str = *(char **)h0;
++ char *h1str = *(char **)h1;
++ size_t h0sz = strlen(h0str);
++ size_t h1sz = strlen(h1str);
++ if ((h0sz < GENERALIZED_TIME_LENGTH) ||
++ (h1sz < GENERALIZED_TIME_LENGTH)) {
+ /* too short for the history str. */
+- return 0;
++ return h0sz - h1sz;
+ }
++ return PL_strncmp(h0str, h1str, GENERALIZED_TIME_LENGTH);
+ }
+ }
+- return PL_strncmp(h0, h1, GENERALIZED_TIME_LENGTH);
+ }
+
+-
+ static int
+ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw )
+ {
+--
+1.9.3
+
diff --git a/SOURCES/0053-Ticket-47525-Crash-if-setting-invalid-plugin-config-.patch b/SOURCES/0053-Ticket-47525-Crash-if-setting-invalid-plugin-config-.patch
deleted file mode 100644
index d136264..0000000
--- a/SOURCES/0053-Ticket-47525-Crash-if-setting-invalid-plugin-config-.patch
+++ /dev/null
@@ -1,349 +0,0 @@
-From e47e64776f32a0bb593d1b9b3441e080f87f36f4 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 3 Dec 2014 16:47:59 -0500
-Subject: [PATCH 53/53] Ticket 47525 - Crash if setting invalid plugin config
- area for MemberOf Plugin
-
-Bug Description: Setting the nsslapd-pluginconfigarea to an entry that
- does not have the required config attributes causes a
- crash.
-
-Fix Description: The plugin entry was being accidentally freed instead
- of the config area entry.
-
- The shared config area validation was being performed
- in postop - this has now been moved into the preop stage.
-
- Also, set the returntext when an error occurs.
-
-https://fedorahosted.org/389/ticket/47525
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 42f935ab7406802d522f357048db1e68d729d5e5)
-(cherry picked from commit d06b39743ef3b016ac25a242821a5dfc1ec67cb4)
----
- ldap/servers/plugins/memberof/memberof.c | 1 -
- ldap/servers/plugins/memberof/memberof_config.c | 193 ++++++++++++++++--------
- 2 files changed, 130 insertions(+), 64 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index bfa733a..7e3e308 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -408,7 +408,6 @@ int memberof_postop_start(Slapi_PBlock *pb)
- }
- }
-
-- memberof_set_plugin_area(slapi_entry_get_sdn(config_e));
- memberof_set_config_area(slapi_entry_get_sdn(config_e));
- if (( rc = memberof_config( config_e, pb )) != LDAP_SUCCESS ) {
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
-index df8ddcb..eb83bd0 100644
---- a/ldap/servers/plugins/memberof/memberof_config.c
-+++ b/ldap/servers/plugins/memberof/memberof_config.c
-@@ -342,56 +342,40 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- *returncode = LDAP_SUCCESS;
-
- /*
-- * Apply the config settings from the shared config entry
-+ * Check if this is a shared config entry
- */
- sharedcfg = slapi_entry_attr_get_charptr(e, SLAPI_PLUGIN_SHARED_CONFIG_AREA);
- if(sharedcfg){
-- int rc = 0;
--
-- rc = slapi_dn_syntax_check(pb, sharedcfg, 1);
-- if (rc) { /* syntax check failed */
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,"memberof_apply_config: "
-- "%s does not contain a valid DN (%s)\n",
-- SLAPI_PLUGIN_SHARED_CONFIG_AREA, sharedcfg);
-- *returncode = LDAP_INVALID_DN_SYNTAX;
-- goto done;
-- }
- if((config_sdn = slapi_sdn_new_dn_byval(sharedcfg))){
- slapi_search_internal_get_entry(config_sdn, NULL, &config_entry, memberof_get_plugin_id());
- if(config_entry){
-- char errtext[SLAPI_DSE_RETURNTEXT_SIZE];
-- int err = 0;
-- /*
-- * If we got here, we are updating the shared config area, so we need to
-- * validate and apply the settings from that config area.
-- */
-- if ( SLAPI_DSE_CALLBACK_ERROR == memberof_validate_config (pb, NULL, config_entry, &err, errtext,0))
-- {
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "%s", errtext);
-- *returncode = LDAP_UNWILLING_TO_PERFORM;
-- goto done;
--
-- }
-+ /* Set the entry to be the shared config entry. Validation was done in preop */
- e = config_entry;
- } else {
-- /* this should of been checked in preop validation */
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, "memberof_apply_config: "
-- "Failed to locate shared config entry (%s)\n",sharedcfg);
-+ /* This should of been checked in preop validation */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "memberof_apply_config: Failed to locate shared config entry (%s)",
-+ sharedcfg);
-+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,"%s\n",returntext);
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- goto done;
- }
- }
- }
-
-+ /*
-+ * Apply the config settings
-+ */
- groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR);
- memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR);
- allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR);
- entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR);
- entryScopeExcludeSubtree = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE);
-
-- /* We want to be sure we don't change the config in the middle of
-- * a memberOf operation, so we obtain an exclusive lock here */
-+ /*
-+ * We want to be sure we don't change the config in the middle of
-+ * a memberOf operation, so we obtain an exclusive lock here
-+ */
- memberof_wlock_config();
-
- if (groupattrs)
-@@ -402,8 +386,10 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- theConfig.groupattrs = groupattrs;
- groupattrs = NULL; /* config now owns memory */
-
-- /* We allocate a list of Slapi_Attr using the groupattrs for
-- * convenience in our memberOf comparison functions */
-+ /*
-+ * We allocate a list of Slapi_Attr using the groupattrs for
-+ * convenience in our memberOf comparison functions
-+ */
- for (i = 0; theConfig.group_slapiattrs && theConfig.group_slapiattrs[i]; i++)
- {
- slapi_attr_free(&theConfig.group_slapiattrs[i]);
-@@ -412,8 +398,10 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- /* Count the number of groupattrs. */
- for (num_groupattrs = 0; theConfig.groupattrs && theConfig.groupattrs[num_groupattrs]; num_groupattrs++)
- {
-- /* Add up the total length of all attribute names. We need
-- * to know this for building the group check filter later. */
-+ /*
-+ * Add up the total length of all attribute names. We need
-+ * to know this for building the group check filter later.
-+ */
- groupattr_name_len += strlen(theConfig.groupattrs[num_groupattrs]);
- }
-
-@@ -434,8 +422,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- /* Terminate the list. */
- theConfig.group_slapiattrs[i] = NULL;
-
-- /* The filter is based off of the groupattr, so we
-- * update it here too. */
-+ /* The filter is based off of the groupattr, so we update it here too. */
- slapi_filter_free(theConfig.group_filter, 1);
-
- if (num_groupattrs > 1)
-@@ -463,11 +450,13 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- filter_str = slapi_ch_smprintf("(%s=*)", theConfig.groupattrs[0]);
- }
-
-- /* Log an error if we were unable to build the group filter for some
-+ /*
-+ * Log an error if we were unable to build the group filter for some
- * reason. If this happens, the memberOf plugin will not be able to
- * check if an entry is a group, causing it to not catch changes. This
- * shouldn't happen, but there may be some garbage configuration that
-- * could trigger this. */
-+ * could trigger this.
-+ */
- if ((theConfig.group_filter = slapi_str2filter(filter_str)) == NULL)
- {
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-@@ -547,13 +536,10 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- memberof_unlock_config();
-
- done:
-- slapi_ch_free_string(&sharedcfg);
- slapi_sdn_free(&config_sdn);
-- if(config_entry){
-- /* we switched the entry pointer to the shared config entry - which needs to be freed */
-- slapi_entry_free(e);
-- }
-+ slapi_entry_free(config_entry);
- slapi_ch_array_free(groupattrs);
-+ slapi_ch_free_string(&sharedcfg);
- slapi_ch_free_string(&memberof_attr);
- slapi_ch_free_string(&allBackends);
-
-@@ -745,6 +731,7 @@ memberof_config_get_entry_scope_exclude_subtree()
-
- return entry_exclude_subtree;
- }
-+
- /*
- * Check if we are modifying the config, or changing the shared config entry
- */
-@@ -753,53 +740,133 @@ memberof_shared_config_validate(Slapi_PBlock *pb)
- {
- Slapi_Entry *e = 0;
- Slapi_Entry *resulting_e = 0;
-- Slapi_DN *sdn = 0;
-+ Slapi_Entry *config_entry = NULL;
-+ Slapi_DN *sdn = NULL;
-+ Slapi_DN *config_sdn = NULL;
- Slapi_Mods *smods = 0;
-+ Slapi_Mod *smod = NULL, *nextmod = NULL;
- LDAPMod **mods = NULL;
- char returntext[SLAPI_DSE_RETURNTEXT_SIZE];
-+ char *configarea_dn = NULL;
- int ret = SLAPI_PLUGIN_SUCCESS;
-
- slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
-
-- if (slapi_sdn_issuffix(sdn, memberof_get_config_area()) &&
-- slapi_sdn_compare(sdn, memberof_get_config_area()) == 0)
-- {
-- /*
-- * This is the shared config entry. Apply the mods and set/validate
-- * the config
-- */
-- int result = 0;
--
-+ if (slapi_sdn_compare(sdn, memberof_get_plugin_area()) == 0 ||
-+ slapi_sdn_compare(sdn, memberof_get_config_area()) == 0)
-+ {
- slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &e);
- if(e){
-+ /*
-+ * Create a copy of the entry and apply the
-+ * mods to create the resulting entry.
-+ */
- slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
- smods = slapi_mods_new();
- slapi_mods_init_byref(smods, mods);
--
-- /* Create a copy of the entry and apply the
-- * mods to create the resulting entry. */
- resulting_e = slapi_entry_dup(e);
- if (mods && (slapi_entry_apply_mods(resulting_e, mods) != LDAP_SUCCESS)) {
- /* we don't care about this, the update is invalid and will be caught later */
- goto bail;
- }
-
-- if ( SLAPI_DSE_CALLBACK_ERROR == memberof_validate_config (pb, NULL, resulting_e, &ret, returntext,0)) {
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "%s", returntext);
-- ret = LDAP_UNWILLING_TO_PERFORM;
-+ if (slapi_sdn_compare(sdn, memberof_get_plugin_area())){
-+ /*
-+ * This entry is a plugin config area entry, validate it.
-+ */
-+ if( SLAPI_DSE_CALLBACK_ERROR == memberof_validate_config (pb, NULL, resulting_e, &ret, returntext,0)) {
-+ ret = LDAP_UNWILLING_TO_PERFORM;
-+ }
-+ } else {
-+ /*
-+ * This is the memberOf plugin entry, check if we are adding/replacing the
-+ * plugin config area.
-+ */
-+ nextmod = slapi_mod_new();
-+ for (smod = slapi_mods_get_first_smod(smods, nextmod);
-+ smod != NULL;
-+ smod = slapi_mods_get_next_smod(smods, nextmod) )
-+ {
-+ if ( PL_strcasecmp(SLAPI_PLUGIN_SHARED_CONFIG_AREA, slapi_mod_get_type(smod)) == 0 )
-+ {
-+ /*
-+ * Okay, we are modifying the plugin config area, we only care about
-+ * adds and replaces.
-+ */
-+ if(SLAPI_IS_MOD_REPLACE(slapi_mod_get_operation(smod)) ||
-+ SLAPI_IS_MOD_ADD(slapi_mod_get_operation(smod)))
-+ {
-+ struct berval *bv = NULL;
-+ int rc = 0;
-+
-+ bv = slapi_mod_get_first_value(smod);
-+ configarea_dn = slapi_ch_strdup(bv->bv_val);
-+ if(configarea_dn){
-+ /* Check the DN syntax */
-+ rc = slapi_dn_syntax_check(pb, configarea_dn, 1);
-+ if (rc) { /* syntax check failed */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s does not contain a valid DN (%s)",
-+ SLAPI_PLUGIN_SHARED_CONFIG_AREA, configarea_dn);
-+ ret = LDAP_UNWILLING_TO_PERFORM;
-+ goto bail;
-+ }
-+
-+ /* Check if the plugin config area entry exists */
-+ if((config_sdn = slapi_sdn_new_dn_byval(configarea_dn))){
-+ rc = slapi_search_internal_get_entry(config_sdn, NULL, &config_entry,
-+ memberof_get_plugin_id());
-+ if(config_entry){
-+ int err = 0;
-+ /*
-+ * Validate the settings from the new config area.
-+ */
-+ if ( memberof_validate_config(pb, NULL, config_entry, &err, returntext,0)
-+ == SLAPI_DSE_CALLBACK_ERROR )
-+ {
-+ ret = LDAP_UNWILLING_TO_PERFORM;
-+ goto bail;
-+
-+ }
-+ } else {
-+ /* The config area does not exist */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "Unable to locate shared config entry (%s) error %d",
-+ slapi_sdn_get_dn(memberof_get_config_area()), rc);
-+ ret = LDAP_UNWILLING_TO_PERFORM;
-+ goto bail;
-+ }
-+ }
-+ }
-+ slapi_ch_free_string(&configarea_dn);
-+ slapi_sdn_free(&config_sdn);
-+ slapi_entry_free(config_entry);
-+ }
-+ }
-+ }
- }
- } else {
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, "memberof_shared_config_validate: "
-- "Unable to locate shared config entry (%s) error %d\n",
-- slapi_sdn_get_dn(memberof_get_config_area()), result);
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,"Unable to locate shared config entry (%s)",
-+ slapi_sdn_get_dn(memberof_get_config_area()));
- ret = LDAP_UNWILLING_TO_PERFORM;
- }
- }
-
- bail:
-+
-+ if (ret){
-+ slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
-+ slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, returntext);
-+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, "memberof_shared_config_validate: %s/n",
-+ returntext);
-+ }
-+ slapi_sdn_free(&config_sdn);
-+ if(nextmod)
-+ slapi_mod_free(&nextmod);
- slapi_mods_free(&smods);
- slapi_entry_free(resulting_e);
-+ slapi_entry_free(config_entry);
-+ slapi_ch_free_string(&configarea_dn);
-
- return ret;
- }
---
-1.9.3
-
diff --git a/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch b/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
new file mode 100644
index 0000000..a428a37
--- /dev/null
+++ b/SOURCES/0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
@@ -0,0 +1,54 @@
+From c03a9f7c121355aefadc92ed67bcb6f400196017 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 2 Sep 2015 14:28:27 -0700
+Subject: [PATCH 53/54] Ticket #48265 - Complex filter in a search request
+ doen't work as expected. (regression)
+
+Description: commit c2658c14802783d0a8919783aa7123be9e749c18 to fix
+Ticket 47521 - Complex filter in a search request doen't work as expected.
+regressed this case:
+ "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(|(uid=*test*)(cn=*test*))(o=X))"
+in which a simple filter follows a complex filter which choice is
+different from the outer choice. I.e., '|' for (uid=...)(cn=...)
+is different from the first '&'.
+
+The fix for 47521 solves this case:
+ "(&(&(uid=A)(cn=B))(&(givenname=C))(mail=D)(&(description=E)))"
+in this case, (mail=D) used to be dropped from the filter in the
+function index_subsys_flatten_filter.
+
+The 47521 fix saved the simple filter "(mail=D)" in the 2nd example,
+but it forced to skip the complex filter with the different choice
+and converted the 1st example to:
+ "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(o=X))"
+This patch saves such a complex filter, as well.
+
+https://fedorahosted.org/389/ticket/48265
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 8c3d3e4648fbb5229e329e2154d46f1ae808ba02)
+(cherry picked from commit 3d9dbf2d441e551495a1f3169dc2020324c484b4)
+---
+ ldap/servers/slapd/index_subsystem.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/ldap/servers/slapd/index_subsystem.c b/ldap/servers/slapd/index_subsystem.c
+index fdaef6a..93bf9d5 100644
+--- a/ldap/servers/slapd/index_subsystem.c
++++ b/ldap/servers/slapd/index_subsystem.c
+@@ -412,6 +412,11 @@ static void index_subsys_flatten_filter(Slapi_Filter *flist)
+ }
+ else
+ {
++ /* don't loose a nested filter having a different choice */
++ if (flast) {
++ flast->f_next = f;
++ flast = f;
++ }
+ fprev = f;
+ f = f->f_next;
+ }
+--
+1.9.3
+
diff --git a/SOURCES/0054-Ticket-47965-Fix-coverity-issues-2014-11-24.patch b/SOURCES/0054-Ticket-47965-Fix-coverity-issues-2014-11-24.patch
deleted file mode 100644
index ddafec9..0000000
--- a/SOURCES/0054-Ticket-47965-Fix-coverity-issues-2014-11-24.patch
+++ /dev/null
@@ -1,433 +0,0 @@
-From 86cb4a8568160e5f5f1051506b8f24bb1312ff60 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 24 Nov 2014 12:22:34 -0500
-Subject: [PATCH 54/55] Ticket 47965 - Fix coverity issues (2014/11/24)
-
-12864 - nesting level adjustment - sync_presist.c
-12867 - Uninitialized pointer read - repl5_replica.c
-12870 - Unused value - repl5_ruv.c
-12880, 12881, 12893 - Unused value - dblayer.c
-12887 - nesting level adjustment - acl.c
-12894 - nesting level adjustment - acl_ext.c
-12898 - Logically dead code - acllas.c
-12891 - Unused value - windows_inc_protocol.c
-12902 - Unused value - repl5_inc_protocol.c
-
-https://fedorahosted.org/389/ticket/47965
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit da90d57c30bf93265f06499b8ea2102378a0ed12)
-(cherry picked from commit 61d1211f1721355d571d570a67f36ef6baeb4866)
----
- ldap/servers/plugins/acl/acl.c | 3 +-
- ldap/servers/plugins/acl/acl_ext.c | 52 +++++++------
- ldap/servers/plugins/acl/acllas.c | 4 -
- .../plugins/replication/repl5_inc_protocol.c | 1 -
- ldap/servers/plugins/replication/repl5_replica.c | 2 +-
- ldap/servers/plugins/replication/repl5_ruv.c | 1 -
- .../plugins/replication/windows_inc_protocol.c | 89 +++++++++++-----------
- ldap/servers/plugins/sync/sync_persist.c | 8 +-
- ldap/servers/slapd/back-ldbm/dblayer.c | 21 +++--
- ldap/servers/slapd/pw.c | 47 +++++++-----
- 10 files changed, 119 insertions(+), 109 deletions(-)
-
-diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
-index 403c5b3..f04e258 100644
---- a/ldap/servers/plugins/acl/acl.c
-+++ b/ldap/servers/plugins/acl/acl.c
-@@ -2106,9 +2106,10 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int *
- ** acl in the entry cache list.
- */
- if (!((res_right & (SLAPI_ACL_SEARCH | SLAPI_ACL_READ)) &&
-- (aci_right & (SLAPI_ACL_SEARCH | SLAPI_ACL_READ))))
-+ (aci_right & (SLAPI_ACL_SEARCH | SLAPI_ACL_READ)))){
- matches = ACL_FALSE;
- goto acl__resource_match_aci_EXIT;
-+ }
- }
-
-
-diff --git a/ldap/servers/plugins/acl/acl_ext.c b/ldap/servers/plugins/acl/acl_ext.c
-index 126a234..0863de0 100644
---- a/ldap/servers/plugins/acl/acl_ext.c
-+++ b/ldap/servers/plugins/acl/acl_ext.c
-@@ -334,12 +334,14 @@ acl_operation_ext_destructor ( void *ext, void *object, void *parent )
- int attr_only = 0;
- PRLock *shared_lock = aclcb->aclcb_lock;
-
-- if (aclcb->aclcb_lock ) PR_Lock ( shared_lock );
-+ if (aclcb->aclcb_lock )
-+ PR_Lock ( shared_lock );
- else {
- goto clean_aclpb;
- }
- if ( !aclcb->aclcb_lock ) {
-- slapi_log_error (SLAPI_LOG_FATAL, plugin_name, "aclcb lock released! aclcb cache can't be refreshed\n");
-+ slapi_log_error (SLAPI_LOG_FATAL, plugin_name,
-+ "aclcb lock released! aclcb cache can't be refreshed\n");
- PR_Unlock ( shared_lock );
- goto clean_aclpb;
- }
-@@ -347,29 +349,29 @@ acl_operation_ext_destructor ( void *ext, void *object, void *parent )
- /* We need to refresh the aclcb cache */
- if ( aclpb->aclpb_state & ACLPB_UPD_ACLCB_CACHE )
- acl_clean_aclEval_context ( &aclcb->aclcb_eval_context, 0 /* clean*/ );
-- if ( aclpb->aclpb_prev_entryEval_context.acle_numof_attrs ) {
-- c_evalContext = &aclpb->aclpb_prev_entryEval_context;
-- } else {
-- c_evalContext = &aclpb->aclpb_curr_entryEval_context;
-- }
--
-- if (( aclpb->aclpb_state & ACLPB_INCR_ACLCB_CACHE ) &&
-- ! ( aclpb->aclpb_state & ACLPB_UPD_ACLCB_CACHE ))
-- attr_only = 1;
--
-- acl_copyEval_context ( NULL, c_evalContext, &aclcb->aclcb_eval_context, attr_only );
--
-- aclcb->aclcb_aclsignature = aclpb->aclpb_signature;
-- if ( aclcb->aclcb_sdn &&
-- (0 != slapi_sdn_compare ( aclcb->aclcb_sdn,
-- aclpb->aclpb_authorization_sdn ) ) ) {
-- slapi_sdn_set_ndn_byval( aclcb->aclcb_sdn,
-- slapi_sdn_get_ndn ( aclpb->aclpb_authorization_sdn ) );
-- }
-- aclcb->aclcb_state = 0;
-- aclcb->aclcb_state |= ACLCB_HAS_CACHED_EVALCONTEXT;
--
-- PR_Unlock ( shared_lock );
-+ if ( aclpb->aclpb_prev_entryEval_context.acle_numof_attrs ) {
-+ c_evalContext = &aclpb->aclpb_prev_entryEval_context;
-+ } else {
-+ c_evalContext = &aclpb->aclpb_curr_entryEval_context;
-+ }
-+
-+ if (( aclpb->aclpb_state & ACLPB_INCR_ACLCB_CACHE ) &&
-+ ! ( aclpb->aclpb_state & ACLPB_UPD_ACLCB_CACHE ))
-+ attr_only = 1;
-+
-+ acl_copyEval_context ( NULL, c_evalContext, &aclcb->aclcb_eval_context, attr_only );
-+
-+ aclcb->aclcb_aclsignature = aclpb->aclpb_signature;
-+ if ( aclcb->aclcb_sdn &&
-+ (0 != slapi_sdn_compare( aclcb->aclcb_sdn, aclpb->aclpb_authorization_sdn )))
-+ {
-+ slapi_sdn_set_ndn_byval( aclcb->aclcb_sdn,
-+ slapi_sdn_get_ndn ( aclpb->aclpb_authorization_sdn ) );
-+ }
-+ aclcb->aclcb_state = 0;
-+ aclcb->aclcb_state |= ACLCB_HAS_CACHED_EVALCONTEXT;
-+
-+ PR_Unlock ( shared_lock );
- }
-
- clean_aclpb:
-diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
-index 2d0dae9..439c8f1 100644
---- a/ldap/servers/plugins/acl/acllas.c
-+++ b/ldap/servers/plugins/acl/acllas.c
-@@ -1726,10 +1726,6 @@ DS_LASAuthMethodEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
- } else {
- rc = (matched == ACL_TRUE ? LAS_EVAL_FALSE : LAS_EVAL_TRUE);
- }
-- } else {
-- rc = LAS_EVAL_FAIL;
-- slapi_log_error( SLAPI_LOG_ACL, plugin_name,
-- "Returning UNDEFINED for authmethod evaluation.\n");
- }
-
- return rc;
-diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-index b867fc4..5cf170c 100644
---- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
-@@ -940,7 +940,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
- /* Destroy the backoff timer, since we won't need it anymore */
- backoff_delete(&prp_priv->backoff);
- }
-- use_busy_backoff_timer = PR_FALSE;
- } else if (event_occurred(prp, EVENT_TRIGGERING_CRITERIA_MET)){
- /* changes are available */
- if ( prp_priv->backoff == NULL || backoff_expired (prp_priv->backoff, 60)){
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index dab1c4e..77663f6 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -2140,7 +2140,7 @@ done:
- char *ridstr = NULL;
- char *token = NULL;
- char *repl_root;
-- char *iter;
-+ char *iter = NULL;
- int i;
-
- for(i = 0; clean_vals[i]; i++){
-diff --git a/ldap/servers/plugins/replication/repl5_ruv.c b/ldap/servers/plugins/replication/repl5_ruv.c
-index 500fd7a..132c641 100644
---- a/ldap/servers/plugins/replication/repl5_ruv.c
-+++ b/ldap/servers/plugins/replication/repl5_ruv.c
-@@ -705,7 +705,6 @@ set_max_csn_nolock_ext(RUV *ruv, const CSN *max_csn, const char *replica_purl, P
- csn_as_string(replica->csn, PR_FALSE, csn2));
- return_value = RUV_COVERS_CSN;
- }
-- return_value = RUV_SUCCESS;
- }
- return return_value;
- }
-diff --git a/ldap/servers/plugins/replication/windows_inc_protocol.c b/ldap/servers/plugins/replication/windows_inc_protocol.c
-index d62deec..ec6ca55 100644
---- a/ldap/servers/plugins/replication/windows_inc_protocol.c
-+++ b/ldap/servers/plugins/replication/windows_inc_protocol.c
-@@ -675,63 +675,64 @@ windows_inc_run(Private_Repl_Protocol *prp)
- backoff_delete(&prp_priv->backoff);
- }
- else if (event_occurred(prp, EVENT_BACKOFF_EXPIRED))
-- {
-+ {
- rc = windows_acquire_replica(prp, &ruv, 1 /* check RUV for incremental */);
- use_busy_backoff_timer = PR_FALSE;
- if (rc == ACQUIRE_SUCCESS)
-- {
-- next_state = STATE_SENDING_UPDATES;
-- }
-+ {
-+ next_state = STATE_SENDING_UPDATES;
-+ }
- else if (rc == ACQUIRE_REPLICA_BUSY)
-- {
-- next_state = STATE_BACKOFF;
-- use_busy_backoff_timer = PR_TRUE;
-- }
-+ {
-+ next_state = STATE_BACKOFF;
-+ use_busy_backoff_timer = PR_TRUE;
-+ }
- else if (rc == ACQUIRE_CONSUMER_WAS_UPTODATE)
-- {
-+ {
- next_state = STATE_WAIT_CHANGES;
-- }
-+ }
- else if (rc == ACQUIRE_TRANSIENT_ERROR)
-- {
-- next_state = STATE_BACKOFF;
-- }
-+ {
-+ next_state = STATE_BACKOFF;
-+ }
- else if (rc == ACQUIRE_FATAL_ERROR)
-- {
-- next_state = STATE_STOP_FATAL_ERROR;
-- }
-+ {
-+ next_state = STATE_STOP_FATAL_ERROR;
-+ }
-+
- if (rc != ACQUIRE_SUCCESS)
-- {
-- int optype, ldaprc;
-- windows_conn_get_error(prp->conn, &optype, &ldaprc);
-- agmt_set_last_update_status(prp->agmt, ldaprc,
-+ {
-+ int optype, ldaprc;
-+ windows_conn_get_error(prp->conn, &optype, &ldaprc);
-+ agmt_set_last_update_status(prp->agmt, ldaprc,
- prp->last_acquire_response_code, NULL);
-- }
-- /*
-- * We either need to step the backoff timer, or
-- * destroy it if we don't need it anymore.
-- */
-+ }
-+
-+ /*
-+ * We either need to step the backoff timer, or
-+ * destroy it if we don't need it anymore.
-+ */
- if (STATE_BACKOFF == next_state)
-- {
-- time_t next_fire_time;
-- time_t now;
-- /* Step the backoff timer */
-- time(&now);
-- next_fire_time = backoff_step(prp_priv->backoff);
-- /* And go back to sleep */
-- slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
-- "%s: Replication session backing off for %ld seconds\n",
-- agmt_get_long_name(prp->agmt),
-- next_fire_time - now);
-+ {
-+ time_t next_fire_time;
-+ time_t now;
-+ /* Step the backoff timer */
-+ time(&now);
-+ next_fire_time = backoff_step(prp_priv->backoff);
-+ /* And go back to sleep */
-+ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
-+ "%s: Replication session backing off for %ld seconds\n",
-+ agmt_get_long_name(prp->agmt),
-+ next_fire_time - now);
-
-- protocol_sleep(prp, PR_INTERVAL_NO_TIMEOUT);
-- }
-+ protocol_sleep(prp, PR_INTERVAL_NO_TIMEOUT);
-+ }
- else
-- {
-- /* Destroy the backoff timer, since we won't need it anymore */
-- backoff_delete(&prp_priv->backoff);
-- }
-- use_busy_backoff_timer = PR_FALSE;
-- }
-+ {
-+ /* Destroy the backoff timer, since we won't need it anymore */
-+ backoff_delete(&prp_priv->backoff);
-+ }
-+ }
- else if (event_occurred(prp, EVENT_TRIGGERING_CRITERIA_MET))
- {
- /* changes are available */
-diff --git a/ldap/servers/plugins/sync/sync_persist.c b/ldap/servers/plugins/sync/sync_persist.c
-index 8d46102..f41a10c 100644
---- a/ldap/servers/plugins/sync/sync_persist.c
-+++ b/ldap/servers/plugins/sync/sync_persist.c
-@@ -661,10 +661,10 @@ sync_send_results( void *arg )
- ectrls = (LDAPControl **)slapi_ch_calloc(2, sizeof (LDAPControl *));
- if (req->req_cookie)
- sync_cookie_update(req->req_cookie, ec);
-- sync_create_state_control(ec, &ectrls[0], chg_type, req->req_cookie);
-- rc = slapi_send_ldap_search_entry( req->req_pblock,
-- ec, ectrls,
-- noattrs?noattrs:attrs, attrsonly );
-+ sync_create_state_control(ec, &ectrls[0], chg_type, req->req_cookie);
-+ rc = slapi_send_ldap_search_entry( req->req_pblock,
-+ ec, ectrls,
-+ noattrs?noattrs:attrs, attrsonly );
- if (rc) {
- slapi_log_error(SLAPI_LOG_CONNS, SYNC_PLUGIN_SUBSYSTEM,
- "Error %d sending entry %s\n",
-diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
-index f3159a9..2524355 100644
---- a/ldap/servers/slapd/back-ldbm/dblayer.c
-+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
-@@ -4805,19 +4805,18 @@ static int checkpoint_threadmain(void *param)
-
- for (inst_obj = objset_first_obj(li->li_instance_set);
- inst_obj;
-- inst_obj = objset_next_obj(li->li_instance_set, inst_obj)) {
-+ inst_obj = objset_next_obj(li->li_instance_set, inst_obj))
-+ {
- inst = (ldbm_instance *)object_get_data(inst_obj);
- rc = dblayer_get_id2entry(inst->inst_be, &db);
-- if (!db) {
-+ if (!db || rc ) {
- continue;
- }
- LDAPDebug1Arg(LDAP_DEBUG_BACKLDBM, "compactdb: Compacting DB start: %s\n",
- inst->inst_name);
- rc = dblayer_txn_begin(inst->inst_be, NULL, &txn);
- if (rc) {
-- LDAPDebug1Arg(LDAP_DEBUG_ANY,
-- "compactdb: transaction begin failed: %d\n",
-- rc);
-+ LDAPDebug1Arg(LDAP_DEBUG_ANY, "compactdb: transaction begin failed: %d\n", rc);
- break;
- }
- rc = db->compact(db, txn.back_txn_txn, NULL/*start*/, NULL/*stop*/,
-@@ -4826,12 +4825,20 @@ static int checkpoint_threadmain(void *param)
- LDAPDebug(LDAP_DEBUG_ANY,
- "compactdb: failed to compact %s; db error - %d %s\n",
- inst->inst_name, rc, db_strerror(rc));
-- rc = dblayer_txn_abort(inst->inst_be, &txn);
-+ if((rc = dblayer_txn_abort(inst->inst_be, &txn))){
-+ LDAPDebug(LDAP_DEBUG_ANY, "compactdb: failed to abort txn (%s) db error - %d %s\n",
-+ inst->inst_name, rc, db_strerror(rc));
-+ break;
-+ }
- } else {
- LDAPDebug2Args(LDAP_DEBUG_BACKLDBM,
- "compactdb: compact %s - %d pages freed\n",
- inst->inst_name, c_data.compact_pages_free);
-- rc = dblayer_txn_commit(inst->inst_be, &txn);
-+ if((rc = dblayer_txn_commit(inst->inst_be, &txn))){
-+ LDAPDebug(LDAP_DEBUG_ANY, "compactdb: failed to commit txn (%s) db error - %d %s\n",
-+ inst->inst_name, rc, db_strerror(rc));
-+ break;
-+ }
- }
- }
- time_of_last_comapctdb_completion = current_time(); /* seconds since epoch */
-diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
-index a4d2dc6..7930be9 100644
---- a/ldap/servers/slapd/pw.c
-+++ b/ldap/servers/slapd/pw.c
-@@ -2011,28 +2011,33 @@ slapi_pwpolicy_make_response_control (Slapi_PBlock *pb, int seconds, int logins,
- }
-
- rc = ber_printf( ber, "{" );
-- if ( seconds >= 0 || logins >= 0 ) {
-- if ( seconds >= 0 ) {
-- rc = ber_printf( ber, "t{ti}", LDAP_TAG_PWP_WARNING,
-- LDAP_TAG_PWP_SECSLEFT,
-- seconds );
-- }
-- else {
-- rc = ber_printf( ber, "t{ti}", LDAP_TAG_PWP_WARNING,
-- LDAP_TAG_PWP_GRCLOGINS,
-- logins );
-+ if ( rc != -1){
-+ if(seconds >= 0 || logins >= 0 ) {
-+ if ( seconds >= 0 ) {
-+ rc = ber_printf( ber, "t{ti}", LDAP_TAG_PWP_WARNING,
-+ LDAP_TAG_PWP_SECSLEFT,
-+ seconds );
-+ }
-+ else {
-+ rc = ber_printf( ber, "t{ti}", LDAP_TAG_PWP_WARNING,
-+ LDAP_TAG_PWP_GRCLOGINS,
-+ logins );
-+ }
-+ }
-+ if (rc != -1){
-+ if ( error >= 0 ) {
-+ rc = ber_printf( ber, "te", LDAP_TAG_PWP_ERROR, error );
-+ }
-+ if (rc != -1){
-+ rc = ber_printf( ber, "}" );
-+ if ( rc != -1 )
-+ {
-+ rc = ber_flatten( ber, &bvp );
-+ }
-+ }
- }
- }
-- if ( error >= 0 ) {
-- rc = ber_printf( ber, "te", LDAP_TAG_PWP_ERROR, error );
-- }
-- rc = ber_printf( ber, "}" );
-
-- if ( rc != -1 )
-- {
-- rc = ber_flatten( ber, &bvp );
-- }
--
- ber_free( ber, 1 );
-
- if ( rc != -1 )
-@@ -2041,11 +2046,11 @@ slapi_pwpolicy_make_response_control (Slapi_PBlock *pb, int seconds, int logins,
- new_ctrl.ldctl_oid = LDAP_X_CONTROL_PWPOLICY_RESPONSE;
- new_ctrl.ldctl_value = *bvp;
- new_ctrl.ldctl_iscritical = 0;
-- rc= slapi_pblock_set( pb, SLAPI_ADD_RESCONTROL, &new_ctrl );
-+ rc = slapi_pblock_set( pb, SLAPI_ADD_RESCONTROL, &new_ctrl );
- ber_bvfree(bvp);
- }
-
-- LDAPDebug( LDAP_DEBUG_TRACE, "<= slapi_pwpolicy_make_response_control", 0, 0, 0 );
-+ LDAPDebug( LDAP_DEBUG_TRACE, "<= slapi_pwpolicy_make_response_control (%d)", rc, 0, 0 );
-
- return (rc==-1?LDAP_OPERATIONS_ERROR:LDAP_SUCCESS);
- }
---
-1.9.3
-
diff --git a/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch b/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
new file mode 100644
index 0000000..56c535a
--- /dev/null
+++ b/SOURCES/0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
@@ -0,0 +1,38 @@
+From 8d4369e6060f7c079b02fa87a0cd0d2ae0488ecd Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 2 Sep 2015 18:04:27 -0700
+Subject: [PATCH 54/54] Ticket #47981 - COS cache doesn't properly mark vattr
+ cache as invalid when there are multiple suffixes
+
+Description: commit 42e2df3858a4e14706d57b5c907d1d3768f4d970 for fixing
+icket 47981 accidentally added "break" to the while loop when a
+condition is satisfied:
+ if(!cos_cache_add_dn_defs(suffixVals[valIndex]->bv_val ,pDefs))
+which skips the rest of the definitions. This patch removes the
+"break".
+
+https://fedorahosted.org/389/ticket/47981
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit 6557b820dca7980067afc2a33184197b2d154a51)
+(cherry picked from commit c1721f1d6e2344eefaec817ed47119c15c43fcfc)
+---
+ ldap/servers/plugins/cos/cos_cache.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c
+index ddb85ab..e0b841d 100644
+--- a/ldap/servers/plugins/cos/cos_cache.c
++++ b/ldap/servers/plugins/cos/cos_cache.c
+@@ -647,7 +647,6 @@ static int cos_cache_build_definition_list(cosDefinitions **pDefs, int *vattr_ca
+ {
+ *vattr_cacheable = -1;
+ cos_def_available = 1;
+- break;
+ }
+ }
+ valIndex++;
+--
+1.9.3
+
diff --git a/SOURCES/0055-Ticket-47965-Fix-coverity-issues-2014-12-16.patch b/SOURCES/0055-Ticket-47965-Fix-coverity-issues-2014-12-16.patch
deleted file mode 100644
index 3de1600..0000000
--- a/SOURCES/0055-Ticket-47965-Fix-coverity-issues-2014-12-16.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From c56a01740faa7af009eab4f009d334bb7b705f89 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 16 Dec 2014 11:26:04 -0800
-Subject: [PATCH 55/55] Ticket 47965 - Fix coverity issues (2014/12/16)
-
-12867 - Uninitialized pointer read
-
-Description:
-The third arg for ldap_utf8strtok_r is supposed to be initialized.
-
-https://fedorahosted.org/389/ticket/47965
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 62072539953d0956e0f2664ef1a3691cf8fbdac0)
-(cherry picked from commit a2977b4b1839f4853594a46593ac5e2e27155bed)
----
- ldap/servers/plugins/acl/acllas.c | 6 +++---
- ldap/servers/plugins/acl/aclparse.c | 4 ++--
- ldap/servers/plugins/replication/repl5_replica.c | 2 +-
- ldap/servers/plugins/replication/repl_extop.c | 4 ++--
- ldap/servers/plugins/replication/windows_connection.c | 2 +-
- ldap/servers/plugins/replication/windows_private.c | 2 +-
- ldap/servers/plugins/rootdn_access/rootdn_access.c | 2 +-
- ldap/servers/slapd/back-ldbm/ldbm_attr.c | 2 +-
- 8 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
-index 439c8f1..4738a40 100644
---- a/ldap/servers/plugins/acl/acllas.c
-+++ b/ldap/servers/plugins/acl/acllas.c
-@@ -1223,7 +1223,7 @@ DS_LASUserDnAttrEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
-
- /* See if we have a parent[2].attr" rule */
- if (strstr(attrName, "parent[") != NULL) {
-- char *word, *str, *next;
-+ char *word, *str, *next = NULL;
-
- numOflevels = 0;
- n_currEntryDn = slapi_entry_get_ndn ( lasinfo.resourceEntry );
-@@ -1489,7 +1489,7 @@ DS_LASLdapUrlAttrEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
-
- /* See if we have a parent[2].attr" rule */
- if (strstr(attrName, "parent[") != NULL) {
-- char *word, *str, *next;
-+ char *word, *str, *next = NULL;
-
- numOflevels = 0;
- n_currEntryDn = slapi_entry_get_ndn ( lasinfo.resourceEntry );
-@@ -2659,7 +2659,7 @@ DS_LASGroupDnAttrEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
-
- /* See if we have a parent[2].attr" rule */
- if (strstr(attrName, "parent[") != NULL) {
-- char *word, *str, *next;
-+ char *word, *str, *next = NULL;
-
- numOflevels = 0;
- n_currEntryDn = slapi_entry_get_ndn ( lasinfo.resourceEntry ) ;
-diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c
-index be86c8b..fd262e8 100644
---- a/ldap/servers/plugins/acl/aclparse.c
-+++ b/ldap/servers/plugins/acl/aclparse.c
-@@ -600,7 +600,7 @@ __aclp__sanity_check_acltxt (aci_t *aci_item, char *str)
- ACLListHandle_t *handle = NULL;
- char *newstr = NULL;
- char *word;
-- char *next;
-+ char *next = NULL;
- const char *brkstr = " ;";
- int checkversion = 0;
-
-@@ -1367,7 +1367,7 @@ __aclp__get_aci_right (char *str)
- {
-
- char *sav_str = slapi_ch_strdup(str);
-- char *t, *tt;
-+ char *t, *tt = NULL;
- int type = 0;
- char *delimiter = ",";
- char *val = NULL;
-diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
-index 77663f6..61ae7ec 100644
---- a/ldap/servers/plugins/replication/repl5_replica.c
-+++ b/ldap/servers/plugins/replication/repl5_replica.c
-@@ -2046,7 +2046,7 @@ replica_check_for_tasks(Replica *r, Slapi_Entry *e)
- char *forcing;
- char *csnpart;
- char *ridstr;
-- char *iter;
-+ char *iter = NULL;
- int i;
-
- for(i = 0; i < CLEANRIDSIZ && clean_vals[i]; i++){
-diff --git a/ldap/servers/plugins/replication/repl_extop.c b/ldap/servers/plugins/replication/repl_extop.c
-index 35014a9..4fefe9f 100644
---- a/ldap/servers/plugins/replication/repl_extop.c
-+++ b/ldap/servers/plugins/replication/repl_extop.c
-@@ -1463,7 +1463,7 @@ multimaster_extop_abort_cleanruv(Slapi_PBlock *pb)
- char *repl_root;
- char *payload = NULL;
- char *certify_all;
-- char *iter;
-+ char *iter = NULL;
- int rc = LDAP_SUCCESS;
-
- slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &extop_oid);
-@@ -1591,7 +1591,7 @@ multimaster_extop_cleanruv(Slapi_PBlock *pb)
- char *force = NULL;
- char *extop_oid;
- char *repl_root;
-- char *iter;
-+ char *iter = NULL;
- int release_it = 0;
- int rid = 0;
- int rc = LDAP_OPERATIONS_ERROR;
-diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c
-index c7c7a98..e78c367 100644
---- a/ldap/servers/plugins/replication/windows_connection.c
-+++ b/ldap/servers/plugins/replication/windows_connection.c
-@@ -595,7 +595,7 @@ windows_LDAPMessage2Entry(Slapi_Entry *e, Repl_Connection *conn,
- char *dupa = slapi_ch_strdup(a);
- char *newa = NULL; /* dup of 'a' with next range */
- char *p, *wp, *pp; /* work pointers */
-- char *iter;
-+ char *iter = NULL;
- int high = 0;
- int sizea = strlen(a) + 2;
- /* handling subtype(s) */
-diff --git a/ldap/servers/plugins/replication/windows_private.c b/ldap/servers/plugins/replication/windows_private.c
-index cfa2704..9be6c7d 100644
---- a/ldap/servers/plugins/replication/windows_private.c
-+++ b/ldap/servers/plugins/replication/windows_private.c
-@@ -946,7 +946,7 @@ create_subtree_pairs(char **pairs)
- subtreePair *spp;
- char **ptr;
- char *p0, *p1;
-- char *saveptr;
-+ char *saveptr = NULL;
- int cnt;
-
- for (cnt = 0, ptr = pairs; ptr && *ptr; cnt++, ptr++) ;
-diff --git a/ldap/servers/plugins/rootdn_access/rootdn_access.c b/ldap/servers/plugins/rootdn_access/rootdn_access.c
-index 3045e9f..5c530c6 100644
---- a/ldap/servers/plugins/rootdn_access/rootdn_access.c
-+++ b/ldap/servers/plugins/rootdn_access/rootdn_access.c
-@@ -229,7 +229,7 @@ rootdn_load_config(Slapi_PBlock *pb)
- Slapi_Entry *e = NULL;
- char *openTime = NULL;
- char *closeTime = NULL;
-- char *token, *iter, *copy;
-+ char *token, *iter = NULL, *copy;
- char hour[3], min[3];
- int result = 0;
- int time;
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-index 13ab07b..7b3f664 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
-@@ -509,7 +509,7 @@ attr_index_parse_idlistsize(struct attrinfo *ai, const char *strval, struct inde
- int rc = 0; /* assume success */
- char *mystr = slapi_ch_strdup(strval); /* copy for strtok */
- char *values = NULL;
-- char *lasts, *val, *ptr;
-+ char *lasts = NULL, *val, *ptr;
- int seen_limit = 0, seen_type = 0, seen_flags = 0, seen_values = 0;
- Slapi_Attr *attr = &ai->ai_sattr;
-
---
-1.9.3
-
diff --git a/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch b/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
new file mode 100644
index 0000000..f77fb37
--- /dev/null
+++ b/SOURCES/0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
@@ -0,0 +1,47 @@
+From 4040a7b0968db2aa5b905c7268abf57eca2ec8c2 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Mon, 14 Sep 2015 12:01:08 -0400
+Subject: [PATCH 55/61] Ticket 48276 - initialize free_flags in
+ reslimit_update_from_entry()
+
+Description: In reslimit_update_from_entry() the free_flags was not initialized,
+ which could lead to it being seen as set, and cause an entry's
+ vattrs to be incorrectly/unexpectedly freed.
+
+https://fedorahosted.org/389/ticket/48276
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 2311c71cec33c29863bdb1dabe1ed363679316d3)
+(cherry picked from commit 5f32582d043a5498791dda5af7091bf1a4a320f0)
+---
+ ldap/servers/slapd/resourcelimit.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/ldap/servers/slapd/resourcelimit.c b/ldap/servers/slapd/resourcelimit.c
+index 8c0a09c..7630f88 100644
+--- a/ldap/servers/slapd/resourcelimit.c
++++ b/ldap/servers/slapd/resourcelimit.c
+@@ -342,11 +342,14 @@ reslimit_update_from_dn( Slapi_Connection *conn, Slapi_DN *dn )
+ int
+ reslimit_update_from_entry( Slapi_Connection *conn, Slapi_Entry *e )
+ {
+- char *fnname = "reslimit_update_from_entry()";
+- char *actual_type_name, *get_ext_logname;
+- int i, rc, type_name_disposition, free_flags;
+- SLAPIResLimitConnData *rlcdp;
+- Slapi_ValueSet *vs;
++ SLAPIResLimitConnData *rlcdp = NULL;
++ Slapi_ValueSet *vs = NULL;
++ char *fnname = "reslimit_update_from_entry()";
++ char *actual_type_name = NULL;
++ char *get_ext_logname = NULL;
++ int type_name_disposition = 0;
++ int free_flags = 0;
++ int rc, i;
+
+ LDAPDebug( SLAPI_RESLIMIT_TRACELEVEL, "=> %s conn=0x%x, entry=0x%x\n",
+ fnname, conn, e );
+--
+1.9.3
+
diff --git a/SOURCES/0056-Ticket-47750-During-delete-operation-do-not-refresh-.patch b/SOURCES/0056-Ticket-47750-During-delete-operation-do-not-refresh-.patch
deleted file mode 100644
index a670d02..0000000
--- a/SOURCES/0056-Ticket-47750-During-delete-operation-do-not-refresh-.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 6649bbb2900841a101ab60ef43d55742ee3abb9a Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Thu, 18 Dec 2014 09:08:52 -0500
-Subject: [PATCH] Ticket 47750 - During delete operation do not refresh cache
- entry if it is a tombstone
-
-Bug Description: After calling the betxn postop plugins do not attempt to refresh the
- entry if it was converted to a tombstone. A tombstone entry does
- not have its entry mutex allocated, and it will be dereferenced.
-
-Fix Description: If the entry is converted to a tombstone, there is no need to
- refresh it in the first place. Skip the cache refresh if its a
- tombstone. If its not a tombstone, we also need to return the
- cache entry if it was not changed in betxn postop, because we
- incremented its refcnt while checking if it was updated.
-
-https://fedorahosted.org/389/ticket/47750
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit 4ae67943e807b869aeda213dcd39b59feb5f8259)
-(cherry picked from commit f63473228d05c56a096580ec5e66566b35ab4535)
----
- ldap/servers/slapd/back-ldbm/ldbm_delete.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-index 5f12ea3..56ea3df 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-@@ -1261,6 +1261,16 @@ ldbm_back_delete( Slapi_PBlock *pb )
-
- /* delete from cache and clean up */
- if (e) {
-+ if(!create_tombstone_entry){
-+ struct backentry *old_e = e;
-+ e = cache_find_id(&inst->inst_cache,e->ep_id);
-+ if(e != old_e){
-+ cache_unlock_entry(&inst->inst_cache, old_e);
-+ CACHE_RETURN(&inst->inst_cache, &old_e);
-+ } else {
-+ CACHE_RETURN(&inst->inst_cache, &e);
-+ }
-+ }
- if (cache_is_in_cache(&inst->inst_cache, e)) {
- ep_id = e->ep_id; /* Otherwise, e might have been freed. */
- CACHE_REMOVE(&inst->inst_cache, e);
---
-1.9.3
-
diff --git a/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
new file mode 100644
index 0000000..adc14d9
--- /dev/null
+++ b/SOURCES/0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
@@ -0,0 +1,76 @@
+From 14e08bde4a48a8e8b56edc817b5d1e3d56b96c72 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Tue, 15 Sep 2015 18:25:02 -0700
+Subject: [PATCH 56/61] Ticket #48226 - In MMR, double free coould occur under
+ some special condition
+
+Description: commit a0f8e0f981a046882db299a7a6d6d1c01bc19571 introduced
+a memory leak in the case of resolve_attribute_state_present_to_deleted.
+In the case, csnset is not consumed. Thus, it has to be freed by csnset_
+free.
+
+https://fedorahosted.org/389/ticket/48226
+
+Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
+
+(cherry picked from commit b26ec6762fe2b5d37ade59243086cfd2308e8f0a)
+(cherry picked from commit 4a3efc3330a034fa485f33e453054758561d4cea)
+---
+ ldap/servers/slapd/entrywsi.c | 22 +++++++++++-----------
+ ldap/servers/slapd/valueset.c | 1 +
+ 2 files changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
+index e719dce..a8f8455 100644
+--- a/ldap/servers/slapd/entrywsi.c
++++ b/ldap/servers/slapd/entrywsi.c
+@@ -1280,23 +1280,23 @@ resolve_attribute_state_present_to_deleted(Slapi_Entry *e, Slapi_Attr *a, Slapi_
+ const CSN *adcsn= attr_get_deletion_csn(a);
+ int i;
+ if ( valuestoupdate != NULL && valuestoupdate[0] != NULL ) {
+- for (i=0;valuestoupdate[i]!=NULL;++i) {
+- /* This call ensures that the value does not contain a deletion_csn
+- * which is before the presence_csn or distinguished_csn of the value.
+- */
+- purge_attribute_state_multi_valued(a, valuestoupdate[i]);
+- vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
+- vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
+- deletedcsn= csn_max(vdcsn, adcsn);
++ for (i=0;valuestoupdate[i]!=NULL;++i) {
++ /* This call ensures that the value does not contain a deletion_csn
++ * which is before the presence_csn or distinguished_csn of the value.
++ */
++ purge_attribute_state_multi_valued(a, valuestoupdate[i]);
++ vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
++ vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
++ deletedcsn= csn_max(vdcsn, adcsn);
+ if(csn_compare(vucsn,deletedcsn)<0)
+ {
+- if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
++ if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
+ {
+ entry_present_value_to_deleted_value(a,valuestoupdate[i]);
+ }
+ }
+- valuestoupdate[i]->v_csnset = NULL;
+- }
++ csnset_free(&valuestoupdate[i]->v_csnset);
++ }
+ }
+ }
+
+diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
+index 7eabb82..50c0e52 100644
+--- a/ldap/servers/slapd/valueset.c
++++ b/ldap/servers/slapd/valueset.c
+@@ -1416,6 +1416,7 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
+ {
+ value_update_csn(v,t,csn);
+ if (csnref_updated) {
++ csnset_free(&valuestoupdate[i]->v_csnset);
+ valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
+ }
+ valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
+--
+1.9.3
+
diff --git a/SOURCES/0057-Ticket-47989-Windows-Sync-accidentally-cleared-raw_e.patch b/SOURCES/0057-Ticket-47989-Windows-Sync-accidentally-cleared-raw_e.patch
deleted file mode 100644
index c36f08e..0000000
--- a/SOURCES/0057-Ticket-47989-Windows-Sync-accidentally-cleared-raw_e.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 5907e7902b3d586d6ce534c542728bd9d153f575 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 16 Jan 2015 16:28:06 -0800
-Subject: [PATCH 57/59] Ticket #47989 - Windows Sync accidentally cleared
- raw_entry
-
-Description: raw_entry in the private area in Windows Agreement stores
-raw_entry that is un-schema processed last entry read from AD.
-The pointer was cleared before it is being accessed by the Plug-ins that
-call Windows Sync API, e.g., Posix Sync. The bug was introduced by
-commit f6397113666f06848412bb12f754f04258cfa5fa.
-
-This patch removed the raw_entry cleanup code in windows_search_entry_ext.
-And in case the raw_entry is NULL, pass remote_entry for the AD entry.
-
-https://fedorahosted.org/389/ticket/47989
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 3305a6b849f79a9684799bec4cc155c7147daea6)
-(cherry picked from commit f6d8b2ec3dee5760826892f522c0f1e1989f9fcb)
----
- ldap/servers/plugins/replication/windows_connection.c | 4 ----
- ldap/servers/plugins/replication/windows_protocol_util.c | 8 ++++++--
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c
-index e78c367..317386b 100644
---- a/ldap/servers/plugins/replication/windows_connection.c
-+++ b/ldap/servers/plugins/replication/windows_connection.c
-@@ -814,10 +814,6 @@ next:
- slapi_ch_free_string(&filter_copy);
- ldap_controls_free(serverctrls_copy);
- serverctrls_copy = NULL;
--
-- /* clear it here in case the search fails and
-- we are left with a bogus old entry */
-- windows_private_set_raw_entry(conn->agmt, NULL);
- conn->last_ldap_error = ldap_rc;
- if (NULL != res)
- {
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index c424590..dabc936 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -1689,7 +1689,9 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
- windows_map_mods_for_replay(prp,op->p.p_modify.modify_mods, &mapped_mods, is_user, &password);
- if (is_user) {
- winsync_plugin_call_pre_ad_mod_user_mods_cb(prp->agmt,
-- windows_private_get_raw_entry(prp->agmt),
-+ windows_private_get_raw_entry(prp->agmt)?
-+ windows_private_get_raw_entry(prp->agmt):
-+ remote_entry,
- local_dn,
- local_entry,
- op->p.p_modify.modify_mods,
-@@ -1697,7 +1699,9 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op
- &mapped_mods);
- } else if (is_group) {
- winsync_plugin_call_pre_ad_mod_group_mods_cb(prp->agmt,
-- windows_private_get_raw_entry(prp->agmt),
-+ windows_private_get_raw_entry(prp->agmt)?
-+ windows_private_get_raw_entry(prp->agmt):
-+ remote_entry,
- local_dn,
- local_entry,
- op->p.p_modify.modify_mods,
---
-1.9.3
-
diff --git a/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch b/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
new file mode 100644
index 0000000..35347f1
--- /dev/null
+++ b/SOURCES/0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
@@ -0,0 +1,335 @@
+From 05e127c89281cece8bc1fa79bac6b95cc23dcca9 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Fri, 11 Sep 2015 18:56:53 +0200
+Subject: [PATCH 57/61] Ticket 48266: Fractional replication evaluates several
+ times the same CSN
+
+Bug Description:
+ In fractional replication if there are only skipped updates and many of them, the supplier
+ acquire the replica for a long time. At the end of the session, RUV is not updated
+ so the next session will restart evaluating the same skipped updates
+
+Fix Description:
+ The fix introduces subentries under the suffix: 'cn=repl keep alive <rid>,$SUFFIX'
+ During an incremental replication session, if the session only contains skipped updates
+ and the number of them overpass a threshold (100), it triggers an update on that subentry.
+
+ This update will eventually be replicated, moving forward the RUV
+
+https://fedorahosted.org/389/ticket/48266
+
+Reviewed by: Noriko Hosoi, Rich Megginson, Simon Pichugin
+
+Platforms tested: <plat>
+
+Flag Day: no
+
+Doc impact: no
+
+(cherry picked from commit 6343e4cba17802e19daa5c971120fa352ff80ad4)
+---
+ ldap/servers/plugins/replication/repl5.h | 2 +
+ .../plugins/replication/repl5_inc_protocol.c | 39 ++++++
+ ldap/servers/plugins/replication/repl5_replica.c | 156 +++++++++++++++++++++
+ .../plugins/replication/repl5_tot_protocol.c | 13 +-
+ 4 files changed, 209 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
+index 0b0f26b..17282bb 100644
+--- a/ldap/servers/plugins/replication/repl5.h
++++ b/ldap/servers/plugins/replication/repl5.h
+@@ -523,6 +523,8 @@ Replica *windows_replica_new(const Slapi_DN *root);
+ during addition of the replica over LDAP */
+ Replica *replica_new_from_entry (Slapi_Entry *e, char *errortext, PRBool is_add_operation);
+ void replica_destroy(void **arg);
++int replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid);
++int replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid);
+ PRBool replica_get_exclusive_access(Replica *r, PRBool *isInc, PRUint64 connid, int opid,
+ const char *locking_purl,
+ char **current_purl);
+diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+index 216de3c..e0599e5 100644
+--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+@@ -1672,6 +1672,11 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ int finished = 0;
+ ConnResult replay_crc;
+ char csn_str[CSN_STRSIZE];
++ PRBool subentry_update_sent = PR_FALSE;
++ PRBool subentry_update_needed = PR_FALSE;
++ int skipped_updates = 0;
++ int fractional_repl;
++#define FRACTIONAL_SKIPPED_THRESHOLD 100
+
+ /* Start the results reading thread */
+ rd = repl5_inc_rd_new(prp);
+@@ -1688,6 +1693,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+
+ memset ( (void*)&op, 0, sizeof (op) );
+ entry.op = &op;
++ fractional_repl = agmt_is_fractional(prp->agmt);
+ do {
+ cl5_operation_parameters_done ( entry.op );
+ memset ( (void*)entry.op, 0, sizeof (op) );
+@@ -1783,6 +1789,15 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ csn_as_string(entry.op->csn, PR_FALSE, csn_str);
+ replica_id = csn_get_replicaid(entry.op->csn);
+ uniqueid = entry.op->target_address.uniqueid;
++
++ if (fractional_repl && message_id)
++ {
++ /* This update was sent no need to update the subentry
++ * and restart counting the skipped updates
++ */
++ subentry_update_needed = PR_FALSE;
++ skipped_updates = 0;
++ }
+
+ if (prp->repl50consumer && message_id)
+ {
+@@ -1813,6 +1828,16 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ agmt_get_long_name(prp->agmt),
+ entry.op->target_address.uniqueid, csn_str);
+ agmt_inc_last_update_changecount (prp->agmt, csn_get_replicaid(entry.op->csn), 1 /*skipped*/);
++ if (fractional_repl)
++ {
++ skipped_updates++;
++ if (skipped_updates > FRACTIONAL_SKIPPED_THRESHOLD) {
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
++ "%s: skipped updates is too high (%d) if no other update is sent we will update the subentry\n",
++ agmt_get_long_name(prp->agmt), skipped_updates);
++ subentry_update_needed = PR_TRUE;
++ }
++ }
+ }
+ }
+ break;
+@@ -1878,6 +1903,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ PR_Unlock(rd->lock);
+ } while (!finished);
+
++ if (fractional_repl && subentry_update_needed)
++ {
++ Replica *replica;
++ ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
++ replica = (Replica*) object_get_data(prp->replica_object);
++ if (replica)
++ {
++ rid = replica_get_rid(replica);
++ }
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
++ "%s: skipped updates was definitely too high (%d) update the subentry now\n",
++ agmt_get_long_name(prp->agmt), skipped_updates);
++ replica_subentry_update(agmt_get_replarea(prp->agmt), rid);
++ }
+ /* Terminate the results reading thread */
+ if (!prp->repl50consumer)
+ {
+diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
+index 92b4e96..6ac28c1 100644
+--- a/ldap/servers/plugins/replication/repl5_replica.c
++++ b/ldap/servers/plugins/replication/repl5_replica.c
+@@ -414,6 +414,161 @@ replica_destroy(void **arg)
+ slapi_ch_free((void **)arg);
+ }
+
++#define KEEP_ALIVE_ATTR "keepalivetimestamp"
++#define KEEP_ALIVE_ENTRY "repl keep alive"
++#define KEEP_ALIVE_DN_FORMAT "cn=%s %d,%s"
++
++
++static int
++replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
++{
++ char *entry_string = NULL;
++ Slapi_Entry *e = NULL;
++ Slapi_PBlock *pb = NULL;
++ int return_value;
++ int rc = 0;
++
++ entry_string = slapi_ch_smprintf("dn: cn=%s %d,%s\nobjectclass: top\nobjectclass: ldapsubentry\nobjectclass: extensibleObject\ncn: %s %d",
++ KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), KEEP_ALIVE_ENTRY, rid);
++ if (entry_string == NULL) {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
++ "replica_subentry_create add failed in slapi_ch_smprintf\n");
++ rc = -1;
++ goto done;
++ }
++
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "add %s\n", entry_string);
++ e = slapi_str2entry(entry_string, 0);
++
++ /* create the entry */
++ pb = slapi_pblock_new();
++
++
++ slapi_add_entry_internal_set_pb(pb, e, NULL, /* controls */
++ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* flags */);
++ slapi_add_internal_pb(pb);
++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value);
++ if (return_value != LDAP_SUCCESS && return_value != LDAP_ALREADY_EXISTS)
++ {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
++ "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
++ ldap_err2string(return_value));
++ rc = -1;
++ slapi_entry_free(e); /* The entry was not consumed */
++ goto done;
++ }
++
++done:
++
++ slapi_pblock_destroy(pb);
++ slapi_ch_free_string(&entry_string);
++ return rc;
++
++}
++
++int
++replica_subentry_check(Slapi_DN *repl_root, ReplicaId rid)
++{
++ Slapi_PBlock *pb;
++ char *filter = NULL;
++ Slapi_Entry **entries = NULL;
++ int res;
++ int rc = 0;
++
++ pb = slapi_pblock_new();
++ filter = slapi_ch_smprintf("(&(objectclass=ldapsubentry)(cn=%s %d))", KEEP_ALIVE_ENTRY, rid);
++ slapi_search_internal_set_pb(pb, slapi_sdn_get_dn(repl_root), LDAP_SCOPE_ONELEVEL,
++ filter, NULL, 0, NULL, NULL,
++ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
++ slapi_search_internal_pb(pb);
++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res);
++ if (res == LDAP_SUCCESS)
++ {
++ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
++ if (entries && (entries[0] == NULL))
++ {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
++ "Need to create replication keep alive entry <cn=%s %d,%s>\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
++ rc = replica_subentry_create(repl_root, rid);
++ } else {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
++ "replication keep alive entry <cn=%s %d,%s> already exists\n", KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
++ rc = 0;
++ }
++ } else {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
++ "Error accessing replication keep alive entry <cn=%s %d,%s> res=%d\n",
++ KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root), res);
++ /* The status of the entry is not clear, do not attempt to create it */
++ rc = 1;
++ }
++ slapi_free_search_results_internal(pb);
++
++ slapi_pblock_destroy(pb);
++ slapi_ch_free_string(&filter);
++ return rc;
++}
++
++int
++replica_subentry_update(Slapi_DN *repl_root, ReplicaId rid)
++{
++ int ldrc;
++ int rc = LDAP_SUCCESS; /* Optimistic default */
++ LDAPMod * mods[2];
++ LDAPMod mod;
++ struct berval * vals[2];
++ char buf[20];
++ time_t curtime;
++ struct tm ltm;
++ struct berval val;
++ Slapi_PBlock *modpb = NULL;
++ char *dn;
++
++ replica_subentry_check(repl_root, rid);
++ curtime = current_time();
++ gmtime_r(&curtime, <m);
++ strftime(buf, sizeof (buf), "%Y%m%d%H%M%SZ", <m);
++
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "subentry_update called at %s\n", buf);
++
++
++ val.bv_val = buf;
++ val.bv_len = strlen(val.bv_val);
++
++ vals [0] = &val;
++ vals [1] = NULL;
++
++ mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
++ mod.mod_type = KEEP_ALIVE_ATTR;
++ mod.mod_bvalues = vals;
++
++ mods[0] = &mod;
++ mods[1] = NULL;
++
++ modpb = slapi_pblock_new();
++ dn = slapi_ch_smprintf(KEEP_ALIVE_DN_FORMAT, KEEP_ALIVE_ENTRY, rid, slapi_sdn_get_dn(repl_root));
++
++ slapi_modify_internal_set_pb(modpb, dn, mods, NULL, NULL,
++ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0);
++ slapi_modify_internal_pb(modpb);
++
++ slapi_pblock_get(modpb, SLAPI_PLUGIN_INTOP_RESULT, &ldrc);
++
++ if (ldrc != LDAP_SUCCESS)
++ {
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
++ "Failure (%d) to update replication keep alive entry \"%s: %s\"\n", ldrc, KEEP_ALIVE_ATTR, buf);
++ rc = ldrc;
++ } else {
++ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name,
++ "Successful update of replication keep alive entry \"%s: %s\"\n", KEEP_ALIVE_ATTR, buf);
++ }
++
++ slapi_pblock_destroy(modpb);
++ slapi_ch_free_string(&dn);
++ return rc;
++
++}
+ /*
+ * Attempt to obtain exclusive access to replica (advisory only)
+ *
+@@ -3816,6 +3971,7 @@ replica_enable_replication (Replica *r)
+ /* What to do ? */
+ }
+
++ replica_subentry_check(r->repl_root, replica_get_rid(r));
+ /* Replica came back online, Check if the total update was terminated.
+ If flag is still set, it was not terminated, therefore the data is
+ very likely to be incorrect, and we should not restart Replication threads...
+diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
+index d9401cf..e004af4 100644
+--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
+@@ -318,6 +318,9 @@ repl5_tot_run(Private_Repl_Protocol *prp)
+ int portnum = 0;
+ Slapi_DN *area_sdn = NULL;
+ CSN *remote_schema_csn = NULL;
++ int init_retry = 0;
++ Replica *replica;
++ ReplicaId rid = 0; /* Used to create the replica keep alive subentry */
+
+ PR_ASSERT(NULL != prp);
+
+@@ -395,7 +398,15 @@ repl5_tot_run(Private_Repl_Protocol *prp)
+ ctrls = (LDAPControl **)slapi_ch_calloc (3, sizeof (LDAPControl *));
+ ctrls[0] = create_managedsait_control ();
+ ctrls[1] = create_backend_control(area_sdn);
+-
++
++ /* Time to make sure it exists a keep alive subentry for that replica */
++ replica = (Replica*) object_get_data(prp->replica_object);
++ if (replica)
++ {
++ rid = replica_get_rid(replica);
++ }
++ replica_subentry_check(area_sdn, rid);
++
+ slapi_search_internal_set_pb (pb, slapi_sdn_get_dn (area_sdn),
+ LDAP_SCOPE_SUBTREE, "(|(objectclass=ldapsubentry)(objectclass=nstombstone)(nsuniqueid=*))", NULL, 0, ctrls, NULL,
+ repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0);
+--
+1.9.3
+
diff --git a/SOURCES/0058-Ticket-47991-upgrade-script-fails-if-etc-and-var-are.patch b/SOURCES/0058-Ticket-47991-upgrade-script-fails-if-etc-and-var-are.patch
deleted file mode 100644
index 11bd5af..0000000
--- a/SOURCES/0058-Ticket-47991-upgrade-script-fails-if-etc-and-var-are.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 454afeaa481ee389dadc7ce62a53e6f0ff4952b1 Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Tue, 20 Jan 2015 10:34:41 +0100
-Subject: [PATCH 58/59] Ticket 47991 - upgrade script fails if /etc and /var
- are on different file systems
-
-Bug Description: the script to upgrade configfiles creates a backup dir in /var
- and tries to move files fro /etc to this backup dir
- using the perl rename function.
- this fails if /etc and /var are different fiel systems
-
-Fix Description: create the backup dir also in /etc
-
-https://fedorahosted.org/389/ticket/47991
-
-Reviewed by: Mark, Thanks
-
-(cherry picked from commit 96850932c054edcc477d070cf619006344b1d443)
----
- ldap/admin/src/scripts/60upgradeconfigfiles.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/admin/src/scripts/60upgradeconfigfiles.pl b/ldap/admin/src/scripts/60upgradeconfigfiles.pl
-index 4b37353..189eb03 100644
---- a/ldap/admin/src/scripts/60upgradeconfigfiles.pl
-+++ b/ldap/admin/src/scripts/60upgradeconfigfiles.pl
-@@ -16,7 +16,7 @@ sub runinst {
- # make a backup directory to store the deleted config file, then
- # don't really delete it, just move it to that directory
- my $mode = (stat($inf->{slapd}->{config_dir}))[2];
-- my $bakdir = $inf->{slapd}->{bak_dir} . ".bak";
-+ my $bakdir = $inf->{slapd}->{config_dir} . "/bak" ;
- if (! -d $bakdir) {
- $! = 0; # clear
- mkdir $bakdir, $mode;
---
-1.9.3
-
diff --git a/SOURCES/0058-Ticket-48266-coverity-issue.patch b/SOURCES/0058-Ticket-48266-coverity-issue.patch
new file mode 100644
index 0000000..7cbc726
--- /dev/null
+++ b/SOURCES/0058-Ticket-48266-coverity-issue.patch
@@ -0,0 +1,25 @@
+From 25fa7a078549404141f1fd36b277a857a615df83 Mon Sep 17 00:00:00 2001
+From: Thierry Bordaz <tbordaz@redhat.com>
+Date: Fri, 18 Sep 2015 18:38:19 +0200
+Subject: [PATCH 58/61] Ticket 48266: coverity issue
+
+(cherry picked from commit 8cd4f45a9621dfaea7249179919b783857c9f22c)
+---
+ ldap/servers/plugins/replication/repl5_inc_protocol.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+index e0599e5..7680340 100644
+--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+@@ -1672,7 +1672,6 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ int finished = 0;
+ ConnResult replay_crc;
+ char csn_str[CSN_STRSIZE];
+- PRBool subentry_update_sent = PR_FALSE;
+ PRBool subentry_update_needed = PR_FALSE;
+ int skipped_updates = 0;
+ int fractional_repl;
+--
+1.9.3
+
diff --git a/SOURCES/0059-Ticket-47988-Schema-learning-mechanism-in-replicatio.patch b/SOURCES/0059-Ticket-47988-Schema-learning-mechanism-in-replicatio.patch
deleted file mode 100644
index 9dec1bf..0000000
--- a/SOURCES/0059-Ticket-47988-Schema-learning-mechanism-in-replicatio.patch
+++ /dev/null
@@ -1,628 +0,0 @@
-From e68a455c1191bfc597d95ce1f6326a9f6397c39d Mon Sep 17 00:00:00 2001
-From: "Thierry bordaz (tbordaz)" <tbordaz@redhat.com>
-Date: Thu, 22 Jan 2015 14:29:52 +0100
-Subject: [PATCH 59/59] Ticket 47988: Schema learning mechanism, in
- replication, unable to extend an existing definition
-
-Bug Description:
- At the beginning of a replication session, a supplier checks the status of remote schema vs
- its own schema. If the remote schema contains new/extended definitions, the supplier learns
- those definitions.
- It learns through internal MOD_ADD operation on cn=schema.
- For extending definition, this fails because the definition already exists.
-
-Fix Description:
- It needs to MOD_DEL and MOD_ADD those extended definitions while it needs to do MOD_ADD for new definitions.
- It uses the field 'old_value' in 'struct schema_mods_indexes' to determine if it needs to del some definitions.
- Some definitions can not be deleted
- - if an objectclass is standard or is a superior of others oc
- - if an attribute is a standard definition or is used in objectclass
- This was problematic for updating the schema, so the fix is relaxing those controls for
- internal operations
-
-https://fedorahosted.org/389/ticket/47988
-
-Reviewed by: ?
-
-Platforms tested: F17
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 51e05df9c37c66206041f026c9a67ec17bc9ea4a)
-(cherry picked from commit 107316806d291e584028e278c9ce1e0e99ff5617)
----
- .../servers/plugins/replication/repl5_connection.c | 17 +
- ldap/servers/slapd/schema.c | 365 ++++++++++++++++-----
- 2 files changed, 309 insertions(+), 73 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
-index 2971025..eddcae8 100644
---- a/ldap/servers/plugins/replication/repl5_connection.c
-+++ b/ldap/servers/plugins/replication/repl5_connection.c
-@@ -1779,6 +1779,7 @@ conn_push_schema(Repl_Connection *conn, CSN **remotecsn)
- CSN *localcsn = NULL;
- Slapi_PBlock *spb = NULL;
- char localcsnstr[CSN_STRSIZE + 1] = {0};
-+ char remotecnsstr[CSN_STRSIZE+1] = {0};
-
- if (!remotecsn)
- {
-@@ -1807,6 +1808,16 @@ conn_push_schema(Repl_Connection *conn, CSN **remotecsn)
- }
- else
- {
-+ if (*remotecsn) {
-+ csn_as_string (*remotecsn, PR_FALSE, remotecnsstr);
-+ csn_as_string (localcsn, PR_FALSE, localcsnstr);
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "[S] Checking consumer schema localcsn:%s / remotecsn:%s\n", localcsnstr, remotecnsstr);
-+ } else {
-+ csn_as_string (localcsn, PR_FALSE, localcsnstr);
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "[S] Checking consumer schema localcsn:%s / remotecsn:NULL\n", localcsnstr);
-+ }
- if (!update_consumer_schema(conn)) {
- /* At least one schema definition (attributetypes/objectclasses) of the consumer
- * is a superset of the supplier.
-@@ -1815,7 +1826,11 @@ conn_push_schema(Repl_Connection *conn, CSN **remotecsn)
- * So it could be possible that a second attempt (right now) of update_consumer_schema
- * would be successful
- */
-+ slapi_log_error(SLAPI_LOG_REPL, "schema",
-+ "[S] schema definitions may have been learned\n");
- if (!update_consumer_schema(conn)) {
-+ slapi_log_error(SLAPI_LOG_REPL, "schema",
-+ "[S] learned definitions are not suffisant to try to push the schema \n");
- return_value = CONN_OPERATION_FAILED;
- }
- }
-@@ -1831,6 +1846,8 @@ conn_push_schema(Repl_Connection *conn, CSN **remotecsn)
- memcpy(remotecsnstr, remote_schema_csn_bervals[0]->bv_val,
- remote_schema_csn_bervals[0]->bv_len);
- remotecsnstr[remote_schema_csn_bervals[0]->bv_len] = '\0';
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
-+ "[S] Reread remotecsn:%s\n", remotecsnstr);
- *remotecsn = csn_new_by_string(remotecsnstr);
- if (*remotecsn && (csn_compare(localcsn, *remotecsn) <= 0)) {
- return_value = CONN_SCHEMA_NO_UPDATE_NEEDED;
-diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
-index 8744a6d..05329a6 100644
---- a/ldap/servers/slapd/schema.c
-+++ b/ldap/servers/slapd/schema.c
-@@ -139,6 +139,7 @@ typedef struct repl_schema_policy {
- struct schema_mods_indexes {
- int index;
- char *new_value;
-+ char *old_value;
- struct schema_mods_indexes *next;
- };
-
-@@ -155,9 +156,9 @@ static int oc_check_required(Slapi_PBlock *, Slapi_Entry *,struct objclass *);
- static int oc_check_allowed_sv(Slapi_PBlock *, Slapi_Entry *e, const char *type, struct objclass **oclist );
- static int schema_delete_objectclasses ( Slapi_Entry *entryBefore,
- LDAPMod *mod, char *errorbuf, size_t errorbufsize,
-- int schema_ds4x_compat );
-+ int schema_ds4x_compat, int is_internal_operation);
- static int schema_delete_attributes ( Slapi_Entry *entryBefore,
-- LDAPMod *mod, char *errorbuf, size_t errorbufsize);
-+ LDAPMod *mod, char *errorbuf, size_t errorbufsize, int is_internal_operation);
- static int schema_add_attribute ( Slapi_PBlock *pb, LDAPMod *mod,
- char *errorbuf, size_t errorbufsize, int schema_ds4x_compat );
- static int schema_add_objectclass ( Slapi_PBlock *pb, LDAPMod *mod,
-@@ -2074,7 +2075,9 @@ modify_schema_dse (Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr
- int schema_modify_enabled = config_get_schemamod();
- int reapply_mods = 0;
- int is_replicated_operation = 0;
--
-+ int is_internal_operation = 0;
-+ Slapi_Operation *operation = NULL;
-+
- if (!schema_modify_enabled) {
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- schema_create_errormsg( returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-@@ -2085,6 +2088,8 @@ modify_schema_dse (Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr
-
- slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
- slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation);
-+ slapi_pblock_get( pb, SLAPI_OPERATION, &operation);
-+ is_internal_operation = slapi_operation_is_flag_set(operation, SLAPI_OP_FLAG_INTERNAL);
-
- /* In case we receive a schema from a supplier, check if we can accept it
- * (it is a superset of our own schema).
-@@ -2153,11 +2158,11 @@ modify_schema_dse (Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr
- if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) {
- if (strcasecmp (mods[i]->mod_type, "objectclasses") == 0) {
- *returncode = schema_delete_objectclasses (entryBefore, mods[i],
-- returntext, SLAPI_DSE_RETURNTEXT_SIZE, schema_ds4x_compat );
-+ returntext, SLAPI_DSE_RETURNTEXT_SIZE, schema_ds4x_compat, is_internal_operation);
- }
- else if (strcasecmp (mods[i]->mod_type, "attributetypes") == 0) {
- *returncode = schema_delete_attributes (entryBefore, mods[i],
-- returntext, SLAPI_DSE_RETURNTEXT_SIZE );
-+ returntext, SLAPI_DSE_RETURNTEXT_SIZE, is_internal_operation);
- }
- else {
- *returncode= LDAP_NO_SUCH_ATTRIBUTE;
-@@ -2196,6 +2201,7 @@ modify_schema_dse (Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr
- schema_create_errormsg( returntext, SLAPI_DSE_RETURNTEXT_SIZE,
- schema_errprefix_generic, mods[i]->mod_type,
- "Replace is not allowed on the subschema subentry" );
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "modify_schema_dse: Replace is not allowed on the subschema subentry\n");
- rc = SLAPI_DSE_CALLBACK_ERROR;
- } else {
- if (strcasecmp (mods[i]->mod_type, "attributetypes") == 0) {
-@@ -2264,7 +2270,7 @@ modify_schema_dse (Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr
- * Add a new objectclass
- */
- *returncode = schema_add_objectclass ( pb, mods[i], returntext,
-- SLAPI_DSE_RETURNTEXT_SIZE, schema_ds4x_compat );
-+ SLAPI_DSE_RETURNTEXT_SIZE, schema_ds4x_compat);
- }
- else {
- if ( schema_ds4x_compat ) {
-@@ -2465,16 +2471,20 @@ oc_add_nolock(struct objclass *newoc)
- */
- static int
- schema_delete_objectclasses( Slapi_Entry *entryBefore, LDAPMod *mod,
-- char *errorbuf, size_t errorbufsize, int schema_ds4x_compat )
-+ char *errorbuf, size_t errorbufsize, int schema_ds4x_compat, int is_internal_operation)
- {
- int i;
- int rc = LDAP_SUCCESS; /* optimistic */
- struct objclass *poc, *poc2, *delete_oc = NULL;
-
- if ( NULL == mod->mod_bvalues ) {
-- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc,
-- NULL, "Cannot remove all schema object classes" );
-+ if (is_internal_operation) {
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_objectclasses: Remove all objectclass in Internal op\n");
-+ } else {
-+ schema_create_errormsg(errorbuf, errorbufsize, schema_errprefix_oc,
-+ NULL, "Cannot remove all schema object classes");
- return LDAP_UNWILLING_TO_PERFORM;
-+ }
- }
-
- for (i = 0; mod->mod_bvalues[i]; i++) {
-@@ -2492,11 +2502,19 @@ schema_delete_objectclasses( Slapi_Entry *entryBefore, LDAPMod *mod,
- for (poc2 = g_get_global_oc_nolock(); poc2 != NULL; poc2 = poc2->oc_next) {
- if (poc2->oc_superior &&
- (strcasecmp (poc2->oc_superior, delete_oc->oc_name) == 0)) {
-- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc,
-+ if (is_internal_operation) {
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_objectclasses: Should not delete object class (%s) which has child object classes"
-+ ". But accept it because it is internal operation\n",
-+ delete_oc->oc_name);
-+ } else {
-+ schema_create_errormsg(errorbuf, errorbufsize, schema_errprefix_oc,
- delete_oc->oc_name, "Cannot delete an object class"
-- " which has child object classes" );
-- rc = LDAP_UNWILLING_TO_PERFORM;
-- goto unlock_and_return;
-+ " which has child object classes");
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_objectclasses: Cannot delete an object class (%s) which has child object classes\n",
-+ delete_oc->oc_name);
-+ rc = LDAP_UNWILLING_TO_PERFORM;
-+ goto unlock_and_return;
-+ }
- }
- }
-
-@@ -2505,10 +2523,19 @@ schema_delete_objectclasses( Slapi_Entry *entryBefore, LDAPMod *mod,
- }
-
- else {
-- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc,
-- delete_oc->oc_name, "Cannot delete a standard object class" );
-- rc = LDAP_UNWILLING_TO_PERFORM;
-- goto unlock_and_return;
-+ if (is_internal_operation) {
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_objectclasses: Should not delete a standard object class (%s)"
-+ ". But accept it because it is internal operation\n",
-+ delete_oc->oc_name);
-+ oc_delete_nolock (poc->oc_name);
-+ } else {
-+ schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc,
-+ delete_oc->oc_name, "Cannot delete a standard object class" );
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_objectclasses: Cannot delete a standard object class (%s)\n",
-+ delete_oc->oc_name);
-+ rc = LDAP_UNWILLING_TO_PERFORM;
-+ goto unlock_and_return;
-+ }
- }
- }
- else {
-@@ -2552,7 +2579,7 @@ schema_return(int rc,struct sizedbuffer * psb1,struct sizedbuffer *psb2,struct s
- */
- static int
- schema_delete_attributes ( Slapi_Entry *entryBefore, LDAPMod *mod,
-- char *errorbuf, size_t errorbufsize)
-+ char *errorbuf, size_t errorbufsize, int is_internal_operation)
- {
- char *attr_ldif, *oc_list_type = "";
- asyntaxinfo *a;
-@@ -2563,10 +2590,14 @@ schema_delete_attributes ( Slapi_Entry *entryBefore, LDAPMod *mod,
- struct sizedbuffer *psbAttrSyntax= sizedbuffer_construct(BUFSIZ);
-
- if (NULL == mod->mod_bvalues) {
-- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at,
-+ if (is_internal_operation) {
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_attributes: Remove all attributetypes in Internal op\n");
-+ } else {
-+ schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at,
- NULL, "Cannot remove all schema attribute types" );
-- return schema_return(LDAP_UNWILLING_TO_PERFORM,psbAttrOid,psbAttrName,
-+ return schema_return(LDAP_UNWILLING_TO_PERFORM,psbAttrOid,psbAttrName,
- psbAttrSyntax,NULL);
-+ }
- }
-
- for (i = 0; mod->mod_bvalues[i]; i++) {
-@@ -2592,12 +2623,20 @@ schema_delete_attributes ( Slapi_Entry *entryBefore, LDAPMod *mod,
- if ((a = attr_syntax_get_by_name ( psbAttrName->buffer)) != NULL ) {
- /* only modify attrs which were user defined */
- if (a->asi_flags & SLAPI_ATTR_FLAG_STD_ATTR) {
-- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at,
-- psbAttrName->buffer,
-- "Cannot delete a standard attribute type" );
-- attr_syntax_return( a );
-- return schema_return(LDAP_UNWILLING_TO_PERFORM,psbAttrOid,psbAttrName,
-- psbAttrSyntax,NULL);
-+ if (is_internal_operation) {
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_attributes: Should not delete a standard attribute type (%s)"
-+ ". But accept it because it is internal operation\n",
-+ psbAttrName->buffer);
-+ } else {
-+ schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at,
-+ psbAttrName->buffer,
-+ "Cannot delete a standard attribute type");
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_attributes: Cannot delete a standard attribute type (%s)\n",
-+ psbAttrName->buffer);
-+ attr_syntax_return(a);
-+ return schema_return(LDAP_UNWILLING_TO_PERFORM, psbAttrOid, psbAttrName,
-+ psbAttrSyntax, NULL);
-+ }
- }
-
- /* Do not allow deletion if referenced by an object class. */
-@@ -2627,17 +2666,32 @@ schema_delete_attributes ( Slapi_Entry *entryBefore, LDAPMod *mod,
- }
-
- if (attr_in_use_by_an_oc) {
-- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at,
-- psbAttrName->buffer, "Is included in the %s list for object class %s. Cannot delete.",
-- oc_list_type, oc->oc_name );
-- break;
-+ if (is_internal_operation) {
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_attributes: Should not delete an attribute (%s) used in oc (%s)"
-+ ". But accept it because it is internal operation\n",
-+ oc_list_type, oc->oc_name);
-+ } else {
-+ schema_create_errormsg(errorbuf, errorbufsize, schema_errprefix_at,
-+ psbAttrName->buffer, "Is included in the %s list for object class %s. Cannot delete.",
-+ oc_list_type, oc->oc_name);
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_attributes: Could delete an attribute (%s) used in oc (%s)"
-+ ". But accept it because it is internal operation\n",
-+ oc_list_type, oc->oc_name);
-+ break;
-+ }
- }
- }
- oc_unlock();
- if (attr_in_use_by_an_oc) {
-- attr_syntax_return( a );
-- return schema_return(LDAP_UNWILLING_TO_PERFORM,psbAttrOid,psbAttrName,
-- psbAttrSyntax,NULL);
-+ if (is_internal_operation) {
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_delete_attributes: Should not delete an attribute used in oc"
-+ ". But accept it because it is internal operation\n");
-+
-+ } else {
-+ attr_syntax_return(a);
-+ return schema_return(LDAP_UNWILLING_TO_PERFORM, psbAttrOid, psbAttrName,
-+ psbAttrSyntax, NULL);
-+ }
- }
-
- /* Delete it. */
-@@ -2744,7 +2798,10 @@ add_oc_internal(struct objclass *pnew_oc, char *errorbuf, size_t errorbufsize,
- }
- }
-
-- /* check to see if the superior oc exists */
-+ /* check to see if the superior oc exists
-+ * This is not enforced for internal op (when learning new schema
-+ * definitions from a replication session)
-+ */
- if (!rc && pnew_oc->oc_superior &&
- ((psup_oc = oc_find_nolock (pnew_oc->oc_superior, NULL, PR_FALSE)) == NULL)) {
- schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc,
-@@ -2798,7 +2855,10 @@ add_oc_internal(struct objclass *pnew_oc, char *errorbuf, size_t errorbufsize,
- sizedbuffer_destroy(psbOcOid);
- }
-
-- /* check to see if the oc's attributes are valid */
-+ /* check to see if the oc's attributes are valid
-+ * This is not checked if this is an internal operation (learning schema
-+ * definitions from a replication session)
-+ */
- if (!rc && !(flags & DSE_SCHEMA_NO_CHECK) &&
- schema_check_oc_attrs ( pnew_oc, errorbuf, errorbufsize,
- 0 /* don't strip options */ ) == 0 ) {
-@@ -6265,11 +6325,101 @@ schema_oc_superset_check(struct objclass *oc_list1, struct objclass *oc_list2, c
-
- return rc;
- }
-+
-+static char *
-+schema_oc_to_string(struct objclass *oc)
-+{
-+ char *oc_str;
-+ int i;
-+ int size = 0;
-+
-+ /* Compute the size of the string that can contain
-+ * the oc definition and allocates it
-+ */
-+ if (oc->oc_oid) size += strlen(oc->oc_oid);
-+ if (oc->oc_name) size += strlen(oc->oc_name);
-+ if (oc->oc_desc) size += strlen(oc->oc_desc);
-+ if (oc->oc_orig_required) {
-+ for (i =0; oc->oc_orig_required[i] != NULL; i++) {
-+ size += strlen(oc->oc_orig_required[i]);
-+ size += 3;
-+ }
-+ }
-+ if (oc->oc_orig_allowed) {
-+ for (i =0; oc->oc_orig_allowed[i] != NULL; i++) {
-+ size += strlen(oc->oc_orig_allowed[i]);
-+ size += 3;
-+ }
-+ }
-+ size += strlen(schema_oc_kind_strings_with_spaces[oc->oc_kind]);
-+
-+ size += 128; /* for all keywords: NAME, DESC, SUP... */
-+ if ((oc_str = (char *) slapi_ch_calloc(1, size)) == NULL) {
-+ return NULL;
-+ }
-+
-+ /* OID + name */
-+ sprintf(oc_str, "( %s NAME '%s'", (oc->oc_oid) ? oc->oc_oid : "", oc->oc_name);
-+
-+ /* description */
-+ strcat(oc_str, " DESC '");
-+ if (oc->oc_desc) {
-+ strcat(oc_str, oc->oc_desc);
-+ }
-+ strcat(oc_str, "'");
-+
-+ /* SUP */
-+ if (oc->oc_superior) {
-+ strcat(oc_str, " SUP '");
-+ strcat(oc_str, oc->oc_superior);
-+ strcat(oc_str, "'");
-+ }
-+
-+ /* oc_kind */
-+ strcat(oc_str, schema_oc_kind_strings_with_spaces[oc->oc_kind]);
-+
-+ /* MUST */
-+ if (oc->oc_orig_required) {
-+ strcat(oc_str, " MUST ( ");
-+ for ( i = 0; oc->oc_orig_required[i] != NULL; ++i ) {
-+ if (i > 0) {
-+ strcat(oc_str, " $ ");
-+ }
-+ strcat(oc_str, oc->oc_orig_required[i]);
-+ }
-+ strcat(oc_str, " ) ");
-+ }
-+
-+ /* MAY */
-+ if (oc->oc_orig_allowed) {
-+ strcat(oc_str, " MAY ( ");
-+ for ( i = 0; oc->oc_orig_allowed[i] != NULL; ++i ) {
-+ if (i > 0) {
-+ strcat(oc_str, " $ ");
-+ }
-+ strcat(oc_str, oc->oc_orig_allowed[i]);
-+ }
-+ strcat(oc_str, " ) ");
-+ }
-+
-+ /* flags */
-+ if (oc->oc_flags & OC_FLAG_USER_OC) {
-+ strcat(oc_str, " X-ORIGIN 'blahblahblah'");
-+ }
-+
-+ strcat(oc_str, " )");
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "schema_oc_to_string: replace (old[%d]=%s)\n",
-+ size, oc_str);
-+
-+ return(oc_str);
-+
-+}
- /* call must hold oc_lock at least in read */
- static struct schema_mods_indexes *
- schema_list_oc2learn(struct objclass *oc_remote_list, struct objclass *oc_local_list, int replica_role) {
- struct objclass *oc_remote, *oc_local;
- struct schema_mods_indexes *head = NULL, *mods_index;
-+ struct schema_mods_indexes *tail = NULL;
- int index = 0;
- int repl_schema_policy;
- const char *message;
-@@ -6309,11 +6459,22 @@ schema_list_oc2learn(struct objclass *oc_remote_list, struct objclass *oc_local_
- continue;
- }
-
-- /* insert it in the list */
-+ /* insert it at the end of the list
-+ * to keep the order of the original schema
-+ * For example superior oc should be declared first
-+ */
- mods_index->index = index;
-- mods_index->next = head;
-+ mods_index->next = NULL;
- mods_index->new_value = NULL;
-- head = mods_index;
-+ if (oc_local) {
-+ mods_index->old_value = schema_oc_to_string(oc_local);
-+ }
-+ if (head == NULL) {
-+ head = mods_index;
-+ } else {
-+ tail->next = mods_index;
-+ }
-+ tail = mods_index;
- }
- }
- slapi_rwlock_unlock( schema_policy_lock );
-@@ -7173,17 +7334,27 @@ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
- /* do modify */
- slapi_modify_internal_pb (newpb);
- slapi_pblock_get (newpb, SLAPI_PLUGIN_INTOP_RESULT, &op_result);
-- if (op_result == LDAP_SUCCESS) {
-- /* Update the schema csn if the operation succeeded */
-- schema_csn = csn_new();
-- if (NULL != schema_csn) {
-- csn_set_replicaid(schema_csn, 0);
-- csn_set_time(schema_csn, current_time());
-- g_set_global_schema_csn(schema_csn);
-- }
-- }
-+ if (op_result == LDAP_SUCCESS) {
-+ char *type;
-
-- slapi_pblock_destroy(newpb);
-+ if (smods && smods->mods) {
-+ type = smods->mods[0]->mod_type;
-+ } else {
-+ type = "unknown";
-+ }
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "modify_schema_internal_mod: successfully learn %s definitions\n", type);
-+ /* Update the schema csn if the operation succeeded */
-+ schema_csn = csn_new();
-+ if (NULL != schema_csn) {
-+ csn_set_replicaid(schema_csn, 0);
-+ csn_set_time(schema_csn, current_time());
-+ g_set_global_schema_csn(schema_csn);
-+ }
-+ } else {
-+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "modify_schema_internal_mod: fail to learn schema definitions (%d) \n", op_result);
-+ }
-+
-+ slapi_pblock_destroy(newpb);
- }
-
- /* Prepare slapi_mods for the internal mod
-@@ -7191,32 +7362,80 @@ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
- */
- static void
- modify_schema_prepare_mods(Slapi_Mods *smods, char *type, struct schema_mods_indexes *values)
--{
-- struct schema_mods_indexes *object;
-- struct berval *bv;
-- struct berval **bvps;
-- int nb_values, i;
--
-- for (object = values, nb_values = 0; object != NULL; object = object->next, nb_values++);
-- bvps = (struct berval **) slapi_ch_calloc(1, (nb_values + 1) * sizeof(struct berval *));
--
--
-+{
-+ struct schema_mods_indexes *object;
-+ struct berval *bv;
-+ struct berval **bvps_del = NULL;
-+ struct berval **bvps_add = NULL;
-+ int nb_values_del, nb_values_add, i;
-+ int nb_mods;
-+
-+ /* Checks the values to delete */
-+ for (object = values, nb_values_del = 0; object != NULL; object = object->next) {
-+ if (object->old_value) {
-+ nb_values_del++;
-+ }
-+ }
-+ if (nb_values_del) {
-+ bvps_del = (struct berval **) slapi_ch_calloc(1, (nb_values_del + 1) * sizeof (struct berval *));
-+
-+ for (i = 0, object = values; object != NULL; object = object->next) {
-+ if (object->old_value) {
-+ bv = (struct berval *) slapi_ch_malloc(sizeof (struct berval));
-+ bv->bv_len = strlen(object->old_value);
-+ bv->bv_val = (void*) object->old_value;
-+ bvps_del[i] = bv;
-+ i++;
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "MOD[%d] del (%s): %s\n", i, type, object->old_value);
-+ }
-+ }
-+ bvps_del[nb_values_del] = NULL;
-+ }
-+
-+ /* Checks the values to add */
-+ for (object = values, nb_values_add = 0; object != NULL; object = object->next, nb_values_add++);
-+
-+ if (nb_values_add) {
-+ bvps_add = (struct berval **) slapi_ch_calloc(1, (nb_values_add + 1) * sizeof (struct berval *));
-+
-+
- for (i = 0, object = values; object != NULL; i++, object = object->next) {
-- bv = (struct berval *) slapi_ch_malloc(sizeof(struct berval));
-- bv->bv_len = strlen(object->new_value);
-- bv->bv_val = (void*) object->new_value;
-- bvps[i] = bv;
-- slapi_log_error(SLAPI_LOG_REPL, "schema", "MOD[%d] add (%s): %s\n", i, type, object->new_value);
-- }
-- bvps[nb_values] = NULL;
-- slapi_mods_init (smods, 2);
-- slapi_mods_add_modbvps( smods, LDAP_MOD_ADD, type, bvps );
-- for (i = 0; bvps[i] != NULL; i++) {
-- /* bv_val should not be free. It belongs to the incoming MOD */
-- slapi_ch_free((void **) &bvps[i]);
-- }
-- slapi_ch_free((void **) &bvps);
--
-+ bv = (struct berval *) slapi_ch_malloc(sizeof (struct berval));
-+ bv->bv_len = strlen(object->new_value);
-+ bv->bv_val = (void*) object->new_value;
-+ bvps_add[i] = bv;
-+ slapi_log_error(SLAPI_LOG_REPL, "schema", "MOD[%d] add (%s): %s\n", i, type, object->new_value);
-+ }
-+ bvps_add[nb_values_add] = NULL;
-+ }
-+
-+ /* Prepare the mods */
-+ nb_mods = 1;
-+ if (bvps_del) nb_mods++;
-+ if (bvps_add) nb_mods++;
-+ slapi_mods_init(smods, nb_mods);
-+ if (bvps_del) slapi_mods_add_modbvps(smods, LDAP_MOD_DELETE, type, bvps_del);
-+ if (bvps_add) slapi_mods_add_modbvps(smods, LDAP_MOD_ADD, type, bvps_add);
-+
-+
-+ /* clean up */
-+ if (bvps_del) {
-+
-+ for (i = 0; bvps_del[i] != NULL; i++) {
-+ /* bv_val should not be free. It belongs to the incoming MOD */
-+ slapi_ch_free((void **) &bvps_del[i]);
-+ }
-+ slapi_ch_free((void **) &bvps_del);
-+ }
-+
-+ if (bvps_add) {
-+
-+ for (i = 0; bvps_add[i] != NULL; i++) {
-+ /* bv_val should not be free. It belongs to the incoming MOD */
-+ slapi_ch_free((void **) &bvps_add[i]);
-+ }
-+ slapi_ch_free((void **) &bvps_add);
-+ }
- }
-
- /* called by modify_schema_dse/supplier_learn_new_definitions to learn new
---
-1.9.3
-
diff --git a/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch b/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
new file mode 100644
index 0000000..b6f97be
--- /dev/null
+++ b/SOURCES/0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
@@ -0,0 +1,67 @@
+From ac98944372376a0d41a33dfe84a99bfaa151699f Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Fri, 18 Sep 2015 11:56:29 -0400
+Subject: [PATCH 59/61] Ticket 48217 - cleanallruv - fix regression with server
+ shutdown
+
+Bug Description: Recent checks for server shutdown were added to cleanallruv task,
+ but we did not properly check for "shutdown" at the end of the task.
+ This caused the server to think the task successfully finished,
+ when in fact it did not.
+
+Fix Description: Properly check for shutdown at the end of the task, and handler it
+ appropriately.
+
+https://fedorahosted.org/389/ticket/48217
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit c41d36de0ca438bf23e4e810bfec0fd59cbc790b)
+(cherry picked from commit d9f03f5fddfc8ba7009c9dcc584686e43d6339e8)
+---
+ ldap/servers/plugins/replication/repl5_replica_config.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
+index 446da3f..8d3c481 100644
+--- a/ldap/servers/plugins/replication/repl5_replica_config.c
++++ b/ldap/servers/plugins/replication/repl5_replica_config.c
+@@ -1948,7 +1948,7 @@ done:
+ /*
+ * If the replicas are cleaned, release the rid
+ */
+- if(!aborted){
++ if(!aborted && !slapi_is_shutting_down()){
+ delete_cleaned_rid_config(data);
+ /* make sure all the replicas have been "pre_cleaned" before finishing */
+ check_replicas_are_done_cleaning(data);
+@@ -3005,7 +3005,7 @@ replica_abort_task_thread(void *arg)
+ }
+
+ /*
+- * Now send the cleanruv extended op to all the agreements
++ * Now send the abort cleanruv extended op to all the agreements
+ */
+ while(agmt_not_notified && !slapi_is_shutting_down()){
+ agmt_obj = agmtlist_get_first_agreement_for_replica (data->replica);
+@@ -3013,7 +3013,7 @@ replica_abort_task_thread(void *arg)
+ agmt_not_notified = 0;
+ break;
+ }
+- while (agmt_obj){
++ while (agmt_obj && !slapi_is_shutting_down()){
+ agmt = (Repl_Agmt*)object_get_data (agmt_obj);
+ if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
+ agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
+@@ -3058,7 +3058,7 @@ replica_abort_task_thread(void *arg)
+ } /* while */
+
+ done:
+- if(agmt_not_notified){
++ if(agmt_not_notified || slapi_is_shutting_down()){
+ /* failure */
+ cleanruv_log(data->task, data->rid, ABORT_CLEANALLRUV_ID,"Abort task failed, will resume the task at the next server startup.");
+ } else {
+--
+1.9.3
+
diff --git a/SOURCES/0060-Ticket-47988-Schema-learning-mechanism-in-replicatio.patch b/SOURCES/0060-Ticket-47988-Schema-learning-mechanism-in-replicatio.patch
deleted file mode 100644
index ed0fc9c..0000000
--- a/SOURCES/0060-Ticket-47988-Schema-learning-mechanism-in-replicatio.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 602e9ef126808491be5d33d9c4faa9c86e63730a Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Sun, 25 Jan 2015 22:05:12 -0800
-Subject: [PATCH] Ticket 47988: Schema learning mechanism, in replication,
- unable to extend an existing definition
-
-Description: Covscan FORWARD_NULL fix introduced by commit
-commit 51e05df9c37c66206041f026c9a67ec17bc9ea4a
-
-1. ldap/servers/slapd/schema.c:2490: var_deref_op: Dereferencing null pointer "mod->mod_vals.modv_bvals".
-2. ldap/servers/slapd/schema.c:2603: var_deref_op: Dereferencing null pointer "mod->mod_vals.modv_bvals".
-
-Added NULL check on mod->mod_bvalues to the for loop stop condition.
-
-(cherry picked from commit cfa8e4daef9253df0bd8a348f302299bda16b37c)
-(cherry picked from commit 1e2bf2b1ee6cd4c08a171edfedb10ee6bb1c3420)
----
- ldap/servers/slapd/schema.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
-index 05329a6..a251aa7 100644
---- a/ldap/servers/slapd/schema.c
-+++ b/ldap/servers/slapd/schema.c
-@@ -2487,7 +2487,7 @@ schema_delete_objectclasses( Slapi_Entry *entryBefore, LDAPMod *mod,
- }
- }
-
-- for (i = 0; mod->mod_bvalues[i]; i++) {
-+ for (i = 0; mod->mod_bvalues && mod->mod_bvalues[i]; i++) {
- if ( LDAP_SUCCESS != ( rc = parse_oc_str (
- (const char *)mod->mod_bvalues[i]->bv_val, &delete_oc,
- errorbuf, errorbufsize, 0, 0, schema_ds4x_compat, NULL))) {
-@@ -2600,7 +2600,7 @@ schema_delete_attributes ( Slapi_Entry *entryBefore, LDAPMod *mod,
- }
- }
-
-- for (i = 0; mod->mod_bvalues[i]; i++) {
-+ for (i = 0; mod->mod_bvalues && mod->mod_bvalues[i]; i++) {
- attr_ldif =(char *) mod->mod_bvalues[i]->bv_val;
-
- /* normalize the attr ldif */
---
-1.9.3
-
diff --git a/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch b/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
new file mode 100644
index 0000000..f9138cf
--- /dev/null
+++ b/SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
@@ -0,0 +1,78 @@
+From caab3e19a97d58450bbf06034974d4631aa904b6 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 18 Sep 2015 11:13:43 -0700
+Subject: [PATCH 60/61] Ticket #48188 - segfault in ns-slapd due to accessing
+ Slapi_DN freed in pre bind plug-in
+
+This patch is based upon the patch provided by Simo Sorce <simo@redhat.com> for
+Ticket #48272 - Allow PRE_BIND plugins to mangle DNs
+
+Description:
+Allow a pre_bind plugin to map a DN to another
+
+This is useful for plugins that deal with virtual trees or non-standard
+clients binding with values that are not proper DNs and similar situations.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+
+2 changes are made to the original patch:
+1. removed "slapi_sdn_free(&sdn)" with this comment:
+ * It is a plug-in's responsibility to free the original Slapi_DN.
+ Note: slapi-nis already freed the original sdn.
+2. reset dn from the new sdn.
+ dn = slapi_sdn_get_dn(sdn);
+
+https://fedorahosted.org/389/ticket/48188
+
+Reviewed by rmeggins@redhat.com and lkrispen@redhat.com.
+
+(cherry picked from commit 40e0d0f80d6fd1271431e105580293747c43c327)
+(cherry picked from commit 6871f4f6d14198563f7f3cb0646a00faa28d35ea)
+---
+ ldap/servers/slapd/bind.c | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index 1bd604f..4ec276a 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -669,7 +669,7 @@ do_bind( Slapi_PBlock *pb )
+
+ slapi_pblock_set( pb, SLAPI_BACKEND, be );
+
+- /* not root dn - pass to the backend */
++ /* not root dn - pass to the backend */
+ if ( be->be_bind != NULL ) {
+
+ /*
+@@ -677,10 +677,25 @@ do_bind( Slapi_PBlock *pb )
+ * the backend bind function. then call the post-bind
+ * plugins.
+ */
+- if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN )
+- == 0 ) {
++ if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 ) {
+ rc = 0;
+
++ /* Check if a pre_bind plugin mapped the DN to another backend */
++ Slapi_DN *pb_sdn;
++ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
++ if (pb_sdn != sdn) {
++ /*
++ * Slapi_DN set in pblock was changed by a pre bind plug-in.
++ * It is a plug-in's responsibility to free the original Slapi_DN.
++ */
++ sdn = pb_sdn;
++ dn = slapi_sdn_get_dn(sdn);
++
++ slapi_be_Unlock(be);
++ be = slapi_be_select(sdn);
++ slapi_be_Rlock(be);
++ }
++
+ /*
+ * Is this account locked ?
+ * could be locked through the account inactivation
+--
+1.9.3
+
diff --git a/SOURCES/0061-Ticket-48005-ns-slapd-crash-in-shutdown-phase.patch b/SOURCES/0061-Ticket-48005-ns-slapd-crash-in-shutdown-phase.patch
deleted file mode 100644
index 3d59efe..0000000
--- a/SOURCES/0061-Ticket-48005-ns-slapd-crash-in-shutdown-phase.patch
+++ /dev/null
@@ -1,1057 +0,0 @@
-From 2e87dafa9d39e6ab08382612be762c25afa80d4f Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Sun, 15 Feb 2015 17:34:12 -0800
-Subject: [PATCH] Ticket #48005 - ns-slapd crash in shutdown phase
-
-Description: There was a small window that long running tasks access its
-own task object after it's aready released by main thread in the shutdown
-period. This patch adds refcounter to such threads and make destructor
-wait until the counter becomes 0. Plus, the shutdown check is added to
-their task callbacks.
-
-Following tasks are updated by this patch:
- slapd/task.c: "fixup tombstones"
- posix-winsync/posix-winsync-config.c: "memberuid task"
- replication/repl5_replica_config.c: "cleanallruv"
- replication/repl5_replica_config.c: "abort cleanallruv"
- syntaxes/validate_task.c: "syntax validate"
- automember/automember.c: "automember rebuild membership"
- automember/automember.c: "automember export updates"
- automember/automember.c: "automember map updates"
- linkedattrs/linked_attrs.c: "fixup linked attributes"
- memberof/memberof.c: "memberof task"
- schema_reload/schema_reload.c: "schema reload task"
- usn/usn_cleanup.c: "USN tombstone cleanup task"
-
-Following tasks are already covered:
- slapd/task.c: "import"
- slapd/task.c: "index"
- slapd/task.c: "upgradedb"
-
-Following tasks are processed in an ordinary worker thread; no need to change
- slapd/task.c: "sysconfig reload"
- slapd/task.c: "export"
- slapd/task.c: "backup"
- slapd/task.c: "restore"
-
-(cherry picked from commit ab2e26de21beb5a92d2a18ab5a20db9637b83c7a)
-(cherry picked from commit eebbabbaba8f024671158f527a169fc378ff01d6)
-
-Conflicts:
- ldap/servers/plugins/memberof/memberof.c
----
- ldap/servers/plugins/automember/automember.c | 70 ++++++++++++++++++----
- ldap/servers/plugins/linkedattrs/fixup_task.c | 40 +++++++++++--
- ldap/servers/plugins/memberof/memberof.c | 26 +++++++-
- ldap/servers/plugins/memberof/memberof.h | 2 +-
- .../plugins/posix-winsync/posix-group-task.c | 40 ++++++++++---
- .../plugins/replication/repl5_replica_config.c | 58 ++++++++++++++++++
- ldap/servers/plugins/schema_reload/schema_reload.c | 23 ++++++-
- ldap/servers/plugins/syntaxes/validate_task.c | 26 +++++++-
- ldap/servers/plugins/usn/usn_cleanup.c | 58 +++++++++++++-----
- ldap/servers/slapd/slapi-plugin.h | 9 +++
- ldap/servers/slapd/slapi-private.h | 2 -
- ldap/servers/slapd/task.c | 47 +++++++++++++--
- 12 files changed, 348 insertions(+), 53 deletions(-)
-
-diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
-index 6a8fd22..b2914db 100644
---- a/ldap/servers/plugins/automember/automember.c
-+++ b/ldap/servers/plugins/automember/automember.c
-@@ -119,9 +119,9 @@ static int automember_task_add_map_entries(Slapi_PBlock *pb, Slapi_Entry *e, Sla
- void automember_rebuild_task_thread(void *arg);
- void automember_export_task_thread(void *arg);
- void automember_map_task_thread(void *arg);
--void automember_task_destructor(Slapi_Task *task);
--void automember_task_export_destructor(Slapi_Task *task);
--void automember_task_map_destructor(Slapi_Task *task);
-+static void automember_task_destructor(Slapi_Task *task);
-+static void automember_task_export_destructor(Slapi_Task *task);
-+static void automember_task_map_destructor(Slapi_Task *task);
-
- #define DEFAULT_FILE_MODE PR_IRUSR | PR_IWUSR
-
-@@ -1962,11 +1962,15 @@ fetch_attr(Slapi_Entry *e, const char *attrname, const char *default_val)
- return slapi_value_get_string(val);
- }
-
--void
-+static void
- automember_task_destructor(Slapi_Task *task)
- {
- if (task) {
- task_data *mydata = (task_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
- if (mydata) {
- slapi_ch_free_string(&mydata->bind_dn);
- slapi_sdn_free(&mydata->base_dn);
-@@ -1976,11 +1980,15 @@ automember_task_destructor(Slapi_Task *task)
- }
- }
-
--void
-+static void
- automember_task_export_destructor(Slapi_Task *task)
- {
- if (task) {
- task_data *mydata = (task_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
- if (mydata) {
- slapi_ch_free_string(&mydata->ldif_out);
- slapi_ch_free_string(&mydata->bind_dn);
-@@ -1991,11 +1999,15 @@ automember_task_export_destructor(Slapi_Task *task)
- }
- }
-
--void
-+static void
- automember_task_map_destructor(Slapi_Task *task)
- {
- if (task) {
- task_data *mydata = (task_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
- if (mydata) {
- slapi_ch_free_string(&mydata->ldif_out);
- slapi_ch_free_string(&mydata->ldif_in);
-@@ -2114,7 +2126,8 @@ out:
- * Search using the basedn, filter, and scope provided from the task data.
- * Then loop of each entry, and apply the membership if applicable.
- */
--void automember_rebuild_task_thread(void *arg){
-+void automember_rebuild_task_thread(void *arg)
-+{
- Slapi_Task *task = (Slapi_Task *)arg;
- struct configEntry *config = NULL;
- Slapi_PBlock *search_pb = NULL, *fixup_pb = NULL;
-@@ -2124,6 +2137,12 @@ void automember_rebuild_task_thread(void *arg){
- int result = 0;
- int i = 0;
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error( SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+ "automember_rebuild_task_thread --> refcount incremented.\n" );
- /*
- * Fetch our task data from the task
- */
-@@ -2192,7 +2211,8 @@ void automember_rebuild_task_thread(void *arg){
- if (slapi_dn_issuffix(slapi_entry_get_dn(entries[i]), config->scope) &&
- (slapi_filter_test_simple(entries[i], config->filter) == 0))
- {
-- if(automember_update_membership(config, entries[i], NULL)){
-+ if (slapi_is_shutting_down() ||
-+ automember_update_membership(config, entries[i], NULL)) {
- result = SLAPI_PLUGIN_FAILURE;
- automember_config_unlock();
- goto out;
-@@ -2226,6 +2246,9 @@ out:
- }
- slapi_task_inc_progress(task);
- slapi_task_finish(task, result);
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error( SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+ "automember_rebuild_task_thread <-- refcount decremented.\n" );
- }
-
- /*
-@@ -2328,7 +2351,8 @@ out:
- return rv;
- }
-
--void automember_export_task_thread(void *arg){
-+void automember_export_task_thread(void *arg)
-+{
- Slapi_Task *task = (Slapi_Task *)arg;
- Slapi_PBlock *search_pb = NULL;
- Slapi_Entry **entries = NULL;
-@@ -2340,6 +2364,13 @@ void automember_export_task_thread(void *arg){
- int i = 0;
- int rc = 0;
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error( SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+ "automember_export_task_thread --> refcount incremented.\n" );
-+
- td = (task_data *)slapi_task_get_data(task);
- slapi_task_begin(task, 1);
- slapi_task_log_notice(task, "Automember export task starting. Exporting changes to (%s)", td->ldif_out);
-@@ -2394,7 +2425,8 @@ void automember_export_task_thread(void *arg){
- if (slapi_dn_issuffix(slapi_sdn_get_dn(td->base_dn), config->scope) &&
- (slapi_filter_test_simple(entries[i], config->filter) == 0))
- {
-- if(automember_update_membership(config, entries[i], ldif_fd)){
-+ if (slapi_is_shutting_down() ||
-+ automember_update_membership(config, entries[i], ldif_fd)) {
- result = SLAPI_DSE_CALLBACK_ERROR;
- automember_config_unlock();
- goto out;
-@@ -2423,6 +2455,9 @@ out:
- }
- slapi_task_inc_progress(task);
- slapi_task_finish(task, result);
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error( SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+ "automember_export_task_thread <-- refcount decremented.\n" );
- }
-
- /*
-@@ -2507,7 +2542,8 @@ out:
- * Read in the text entries from ldif_in, and convert them to slapi_entries.
- * Then, write to ldif_out what the updates would be if these entries were added
- */
--void automember_map_task_thread(void *arg){
-+void automember_map_task_thread(void *arg)
-+{
- Slapi_Task *task = (Slapi_Task *)arg;
- Slapi_Entry *e = NULL;
- int result = SLAPI_DSE_CALLBACK_OK;
-@@ -2527,6 +2563,12 @@ void automember_map_task_thread(void *arg){
- #endif
- int rc = 0;
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error( SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+ "automember_map_task_thread --> refcount incremented.\n" );
- td = (task_data *)slapi_task_get_data(task);
- slapi_task_begin(task, 1);
- slapi_task_log_notice(task, "Automember map task starting... Reading entries from (%s)"
-@@ -2586,7 +2628,8 @@ void automember_map_task_thread(void *arg){
- if (slapi_dn_issuffix(slapi_entry_get_dn_const(e), config->scope) &&
- (slapi_filter_test_simple(e, config->filter) == 0))
- {
-- if(automember_update_membership(config, e, ldif_fd_out)){
-+ if (slapi_is_shutting_down() ||
-+ automember_update_membership(config, e, ldif_fd_out)) {
- result = SLAPI_DSE_CALLBACK_ERROR;
- slapi_entry_free(e);
- slapi_ch_free_string(&entrystr);
-@@ -2620,6 +2663,9 @@ out:
- }
- slapi_task_inc_progress(task);
- slapi_task_finish(task, result);
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error( SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
-+ "automember_map_task_thread <-- refcount decremented.\n" );
- }
-
- /*
-diff --git a/ldap/servers/plugins/linkedattrs/fixup_task.c b/ldap/servers/plugins/linkedattrs/fixup_task.c
-index db3c693..3a01fed 100644
---- a/ldap/servers/plugins/linkedattrs/fixup_task.c
-+++ b/ldap/servers/plugins/linkedattrs/fixup_task.c
-@@ -119,6 +119,10 @@ linked_attrs_fixup_task_destructor(Slapi_Task *task)
- {
- if (task) {
- task_data *mydata = (task_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
- if (mydata) {
- slapi_ch_free_string(&mydata->linkdn);
- slapi_ch_free_string(&mydata->bind_dn);
-@@ -137,6 +141,12 @@ linked_attrs_fixup_task_thread(void *arg)
- int found_config = 0;
- int rc = 0;
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM,
-+ "linked_attrs_fixup_task_thread --> refcount incremented.\n" );
- /* Fetch our task data from the task */
- td = (task_data *)slapi_task_get_data(task);
-
-@@ -154,8 +164,8 @@ linked_attrs_fixup_task_thread(void *arg)
- linked_attrs_read_lock();
- main_config = linked_attrs_get_config();
- if (!PR_CLIST_IS_EMPTY(main_config)) {
-- struct configEntry *config_entry = NULL;
-- PRCList *list = PR_LIST_HEAD(main_config);
-+ struct configEntry *config_entry = NULL;
-+ PRCList *list = PR_LIST_HEAD(main_config);
-
- while (list != main_config) {
- config_entry = (struct configEntry *) list;
-@@ -204,6 +214,10 @@ linked_attrs_fixup_task_thread(void *arg)
-
- /* this will queue the destruction of the task */
- slapi_task_finish(task, rc);
-+
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM,
-+ "linked_attrs_fixup_task_thread <-- refcount decremented.\n");
- }
-
- static void
-@@ -269,7 +283,7 @@ linked_attrs_fixup_links(struct configEntry *config)
- if(rc == 0){
- slapi_back_transaction_commit(fixup_pb);
- } else {
-- slapi_back_transaction_abort(fixup_pb);
-+ slapi_back_transaction_abort(fixup_pb);
- }
- slapi_pblock_destroy(fixup_pb);
- }
-@@ -352,11 +366,20 @@ linked_attrs_remove_backlinks_callback(Slapi_Entry *e, void *callback_data)
- int rc = 0;
- Slapi_DN *sdn = slapi_entry_get_sdn(e);
- char *type = (char *)callback_data;
-- Slapi_PBlock *pb = slapi_pblock_new();
-+ Slapi_PBlock *pb = NULL;
- char *val[1];
- LDAPMod mod;
- LDAPMod *mods[2];
-
-+ /*
-+ * If the server is ordered to shutdown, stop the fixup and return an error.
-+ */
-+ if (slapi_is_shutting_down()) {
-+ rc = -1;
-+ goto bail;
-+ }
-+
-+ pb = slapi_pblock_new();
- /* Remove all values of the passed in type. */
- val[0] = 0;
-
-@@ -377,7 +400,7 @@ linked_attrs_remove_backlinks_callback(Slapi_Entry *e, void *callback_data)
- slapi_modify_internal_pb(pb);
-
- slapi_pblock_destroy(pb);
--
-+bail:
- return rc;
- }
-
-@@ -394,6 +417,13 @@ linked_attrs_add_backlinks_callback(Slapi_Entry *e, void *callback_data)
- LDAPMod mod;
- LDAPMod *mods[2];
-
-+ /*
-+ * If the server is ordered to shutdown, stop the fixup and return an error.
-+ */
-+ if (slapi_is_shutting_down()) {
-+ rc = -1;
-+ goto done;
-+ }
- /* Setup the modify operation. Only the target will
- * change, so we only need to do this once. */
- val[0] = linkdn;
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index 7e3e308..14bad98 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -2636,6 +2636,12 @@ void memberof_fixup_task_thread(void *arg)
- int rc = 0;
- Slapi_PBlock *fixup_pb = NULL;
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_fixup_task_thread --> refcount incremented.\n" );
- /* Fetch our task data from the task */
- td = (task_data *)slapi_task_get_data(task);
-
-@@ -2702,6 +2708,9 @@ void memberof_fixup_task_thread(void *arg)
-
- /* this will queue the destruction of the task */
- slapi_task_finish(task, rc);
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_fixup_task_thread <-- refcount decremented.\n");
- }
-
- /* extract a single value from the entry (as a string) -- if it's not in the
-@@ -2793,8 +2802,14 @@ out:
- void
- memberof_task_destructor(Slapi_Task *task)
- {
-+ slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_task_destructor -->\n" );
- if (task) {
- task_data *mydata = (task_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
- if (mydata) {
- slapi_ch_free_string(&mydata->dn);
- slapi_ch_free_string(&mydata->bind_dn);
-@@ -2803,6 +2818,8 @@ memberof_task_destructor(Slapi_Task *task)
- slapi_ch_free((void **)&mydata);
- }
- }
-+ slapi_log_error( SLAPI_LOG_PLUGIN, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_task_destructor <--\n" );
- }
-
- int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str)
-@@ -2841,6 +2858,13 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data)
- memberof_del_dn_data del_data = {0, config->memberof_attr};
- Slapi_ValueSet *groups = 0;
-
-+ /*
-+ * If the server is ordered to shutdown, stop the fixup and return an error.
-+ */
-+ if (slapi_is_shutting_down()) {
-+ rc = -1;
-+ goto bail;
-+ }
- /* get a list of all of the groups this user belongs to */
- groups = memberof_get_groups(config, sdn);
-
-@@ -2889,6 +2913,6 @@ int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data)
- }
-
- slapi_valueset_free(groups);
--
-+bail:
- return rc;
- }
-diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h
-index 6d56081..59029d7 100644
---- a/ldap/servers/plugins/memberof/memberof.h
-+++ b/ldap/servers/plugins/memberof/memberof.h
-@@ -81,7 +81,7 @@ typedef struct memberofconfig {
- char *memberof_attr;
- int allBackends;
- Slapi_DN *entryScope;
-- Slapi_DN *entryScopeExcludeSubtree;
-+ Slapi_DN *entryScopeExcludeSubtree;
- Slapi_Filter *group_filter;
- Slapi_Attr **group_slapiattrs;
- } MemberOfConfig;
-diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c
-index c5ea729..c76545a 100644
---- a/ldap/servers/plugins/posix-winsync/posix-group-task.c
-+++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c
-@@ -165,6 +165,10 @@ posix_group_task_destructor(Slapi_Task *task)
- {
- if (task) {
- task_data *mydata = (task_data *) slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
- if (mydata) {
- slapi_ch_free_string(&mydata->dn);
- slapi_ch_free_string(&mydata->filter_str);
-@@ -172,6 +176,8 @@ posix_group_task_destructor(Slapi_Task *task)
- slapi_ch_free((void **) &mydata);
- }
- }
-+ slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
-+ "posix_group_task_destructor <--\n");
- }
-
- #if 0 /* NOT USED */
-@@ -245,17 +251,28 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
- "_fix_memberuid ==>\n");
- cb_data *the_cb_data = (cb_data *) callback_data;
-
-- int rc;
-+ int rc = 0;
- Slapi_Attr *muid_attr = NULL;
- Slapi_Value *v = NULL;
-
-- Slapi_Mods *smods = slapi_mods_new();
--
-- char *dn = slapi_entry_get_dn(e);
-- Slapi_DN *sdn = slapi_entry_get_sdn(e);
-+ Slapi_Mods *smods = NULL;
-+ char *dn = NULL;
-+ Slapi_DN *sdn = NULL;
- LDAPMod **mods = NULL;
- int is_posix_group = 0;
-
-+ /*
-+ * If the server is ordered to shutdown, stop the fixup and return an error.
-+ */
-+ if (slapi_is_shutting_down()) {
-+ rc = -1;
-+ goto bail;
-+ }
-+
-+ smods = slapi_mods_new();
-+ dn = slapi_entry_get_dn(e);
-+ sdn = slapi_entry_get_sdn(e);
-+
- if (hasObjectClass(e, "posixGroup")) {
- is_posix_group = 1;
- }
-@@ -441,7 +458,7 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
- slapi_pblock_destroy(mod_pb);
- }
- slapi_mods_free(&smods);
--
-+bail:
- slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
- "_fix_memberuid <==\n");
- /*
-@@ -450,7 +467,7 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
- * uniqueMember attribute. But "not found" error shoud not
- * be returned, which stops the further fixup task.
- */
-- return 0;
-+ return rc;
- }
-
- static void
-@@ -463,6 +480,12 @@ posix_group_fixup_task_thread(void *arg)
- task_data *td = NULL;
- int rc = 0;
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
-+ "posix_group_fixup_task_thread --> refcount incremented.\n" );
- /* Fetch our task data from the task */
- td = (task_data *) slapi_task_get_data(task);
-
-@@ -491,4 +514,7 @@ posix_group_fixup_task_thread(void *arg)
-
- slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
- "_task_thread <==\n");
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
-+ "posix_group_fixup_task_thread <-- refcount decremented.\n");
- }
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 3bc3916..1570ba7 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -109,6 +109,8 @@ static CSN* replica_cleanallruv_find_maxcsn(Replica *replica, ReplicaId rid, cha
- static int replica_cleanallruv_get_replica_maxcsn(Repl_Agmt *agmt, char *rid_text, char *basedn, CSN **csn);
- static void preset_cleaned_rid(ReplicaId rid);
- static multimaster_mtnode_extension * _replica_config_get_mtnode_ext (const Slapi_Entry *e);
-+static void replica_cleanall_ruv_destructor(Slapi_Task *task);
-+static void replica_cleanall_ruv_abort_destructor(Slapi_Task *task);
-
- /*
- * Note: internal add/modify/delete operations should not be run while
-@@ -1509,6 +1511,10 @@ replica_cleanall_ruv_task(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
- rc = SLAPI_DSE_CALLBACK_ERROR;
- goto out;
- }
-+
-+ /* register our destructor for waiting the task is done */
-+ slapi_task_set_destructor_fn(task, replica_cleanall_ruv_destructor);
-+
- /*
- * Get our task settings
- */
-@@ -1752,6 +1758,13 @@ replica_cleanallruv_thread(void *arg)
- int aborted = 0;
- int rc = 0;
-
-+ if (!data) {
-+ return; /* no data */
-+ }
-+ if (data->task) {
-+ slapi_task_inc_refcount(data->task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, "replica_cleanallruv_thread --> refcount incremented.\n");
-+ }
- /*
- * Initialize our settings
- */
-@@ -1974,6 +1987,8 @@ done:
- }
- if(data->task){
- slapi_task_finish(data->task, rc);
-+ slapi_task_dec_refcount(data->task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, "replica_cleanallruv_thread <-- refcount decremented.\n");
- }
- if(data->payload){
- ber_bvfree(data->payload);
-@@ -1989,6 +2004,36 @@ done:
- slapi_ch_free((void **)&data);
- }
-
-+static void
-+replica_cleanall_ruv_destructor(Slapi_Task *task)
-+{
-+ slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
-+ "replica_cleanall_ruv_destructor -->\n" );
-+ if (task) {
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
-+ }
-+ slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
-+ "replica_cleanall_ruv_destructor <--\n" );
-+}
-+
-+static void
-+replica_cleanall_ruv_abort_destructor(Slapi_Task *task)
-+{
-+ slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
-+ "replica_cleanall_ruv_abort_destructor -->\n" );
-+ if (task) {
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
-+ }
-+ slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name,
-+ "replica_cleanall_ruv_abort_destructor <--\n" );
-+}
-+
- /*
- * Loop over the agmts, and check if they are in the last phase of cleaning, meaning they have
- * released cleanallruv data from the config
-@@ -2775,6 +2820,10 @@ replica_cleanall_ruv_abort(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter
-
- /* allocate new task now */
- task = slapi_new_task(slapi_entry_get_ndn(e));
-+
-+ /* register our destructor for waiting the task is done */
-+ slapi_task_set_destructor_fn(task, replica_cleanall_ruv_abort_destructor);
-+
- /*
- * Get our task settings
- */
-@@ -2921,6 +2970,13 @@ replica_abort_task_thread(void *arg)
- int release_it = 0;
- int count = 0, rc = 0;
-
-+ if (!data) {
-+ return; /* no data */
-+ }
-+ if (data->task) {
-+ slapi_task_inc_refcount(data->task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, "replica_abort_task_thread --> refcount incremented.\n");
-+ }
- cleanruv_log(data->task, ABORT_CLEANALLRUV_ID, "Aborting task for rid(%d)...",data->rid);
-
- /*
-@@ -3028,6 +3084,8 @@ done:
-
- if(data->task){
- slapi_task_finish(data->task, agmt_not_notified);
-+ slapi_task_dec_refcount(data->task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name, "replica_abort_task_thread <-- refcount incremented.\n");
- }
- if(data->repl_obj && release_it)
- object_release(data->repl_obj);
-diff --git a/ldap/servers/plugins/schema_reload/schema_reload.c b/ldap/servers/plugins/schema_reload/schema_reload.c
-index b1a5bb8..25336fe 100644
---- a/ldap/servers/plugins/schema_reload/schema_reload.c
-+++ b/ldap/servers/plugins/schema_reload/schema_reload.c
-@@ -86,6 +86,7 @@ static int schemareload_add(Slapi_PBlock *pb, Slapi_Entry *e,
- void *arg);
- static int schemareload_start(Slapi_PBlock *pb);
- static int schemareload_close(Slapi_PBlock *pb);
-+static void schemareload_destructor(Slapi_Task *task);
-
- /*
- * Init function
-@@ -159,6 +160,12 @@ schemareload_thread(void *arg)
- int total_work = 2;
- task_data *td = NULL;
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, "schemareload",
-+ "schemareload_thread --> refcount incremented.\n" );
- /* Fetch our task data from the task */
- td = (task_data *)slapi_task_get_data(task);
-
-@@ -174,7 +181,11 @@ schemareload_thread(void *arg)
- rv = slapi_validate_schema_files(td->schemadir);
- slapi_task_inc_progress(task);
-
-- if (LDAP_SUCCESS == rv) {
-+ if (slapi_is_shutting_down()) {
-+ slapi_task_log_notice(task, "Server is shuttoing down; Schema validation aborted.");
-+ slapi_task_log_status(task, "Server is shuttoing down; Schema validation aborted.");
-+ slapi_log_error(SLAPI_LOG_FATAL, "schemareload", "Server is shuttoing down; Schema validation aborted.");
-+ } else if (LDAP_SUCCESS == rv) {
- slapi_task_log_notice(task, "Schema validation passed.");
- slapi_task_log_status(task, "Schema validation passed.");
- slapi_log_error(SLAPI_LOG_FATAL, "schemareload", "Schema validation passed.\n");
-@@ -199,16 +210,18 @@ schemareload_thread(void *arg)
- slapi_task_log_status(task, "Schema reload task failed.");
- slapi_log_error(SLAPI_LOG_FATAL, "schemareload", "Schema reload task failed.\n");
- }
-- PR_Unlock(schemareload_lock);
- } else {
- slapi_task_log_notice(task, "Schema validation failed.");
- slapi_task_log_status(task, "Schema validation failed.");
- slapi_log_error(SLAPI_LOG_FATAL, "schemareload", "Schema validation failed.\n");
-- PR_Unlock(schemareload_lock);
- }
-+ PR_Unlock(schemareload_lock);
-
- /* this will queue the destruction of the task */
- slapi_task_finish(task, rv);
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, "schemareload",
-+ "schemareload_thread <-- refcount decremented.\n");
- }
-
- /* extract a single value from the entry (as a string) -- if it's not in the
-@@ -233,6 +246,10 @@ schemareload_destructor(Slapi_Task *task)
- {
- if (task) {
- task_data *mydata = (task_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
- if (mydata) {
- slapi_ch_free_string(&mydata->schemadir);
- slapi_ch_free_string(&mydata->bind_dn);
-diff --git a/ldap/servers/plugins/syntaxes/validate_task.c b/ldap/servers/plugins/syntaxes/validate_task.c
-index 99f6309..71b4b7e 100644
---- a/ldap/servers/plugins/syntaxes/validate_task.c
-+++ b/ldap/servers/plugins/syntaxes/validate_task.c
-@@ -179,6 +179,10 @@ syntax_validate_task_destructor(Slapi_Task *task)
- {
- if (task) {
- task_data *mydata = (task_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
- if (mydata) {
- slapi_ch_free_string(&mydata->dn);
- slapi_ch_free_string(&mydata->filter_str);
-@@ -197,6 +201,12 @@ syntax_validate_task_thread(void *arg)
- task_data *td = NULL;
- Slapi_PBlock *search_pb = slapi_pblock_new();
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, SYNTAX_PLUGIN_SUBSYSTEM,
-+ "syntax_validate_task_thread --> refcount incremented.\n" );
- /* Fetch our task data from the task */
- td = (task_data *)slapi_task_get_data(task);
-
-@@ -231,16 +241,26 @@ syntax_validate_task_thread(void *arg)
-
- /* this will queue the destruction of the task */
- slapi_task_finish(task, rc);
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, SYNTAX_PLUGIN_SUBSYSTEM,
-+ "syntax_validate_task_thread <-- refcount decremented.\n");
- }
-
- static int
- syntax_validate_task_callback(Slapi_Entry *e, void *callback_data)
- {
-- int rc = 0;
-- char *dn = slapi_entry_get_dn(e);
-+ int rc = 0;
-+ char *dn = slapi_entry_get_dn(e);
- task_data *td = (task_data *)callback_data;
- Slapi_PBlock *pb = NULL;
-
-+ /*
-+ * If the server is ordered to shutdown, stop the fixup and return an error.
-+ */
-+ if (slapi_is_shutting_down()) {
-+ rc = -1;
-+ goto bail;
-+ }
- /* Override the syntax checking config to force syntax checking. */
- if (slapi_entry_syntax_check(NULL, e, 1) != 0) {
- char *error_text = NULL;
-@@ -261,7 +281,7 @@ syntax_validate_task_callback(Slapi_Entry *e, void *callback_data)
- /* Keep a tally of the number of invalid entries found. */
- slapi_counter_increment(td->invalid_entries);
- }
--
-+bail:
- return rc;
- }
-
-diff --git a/ldap/servers/plugins/usn/usn_cleanup.c b/ldap/servers/plugins/usn/usn_cleanup.c
-index c12dfd2..dd07b4c 100644
---- a/ldap/servers/plugins/usn/usn_cleanup.c
-+++ b/ldap/servers/plugins/usn/usn_cleanup.c
-@@ -49,6 +49,8 @@ struct usn_cleanup_data {
-
- static int usn_cleanup_add(Slapi_PBlock *pb, Slapi_Entry *e,
- Slapi_Entry *eAfter, int *returncode, char *returntext, void *arg);
-+static void usn_cleanup_task_destructor(Slapi_Task *task);
-+
-
- int
- usn_cleanup_start(Slapi_PBlock *pb)
-@@ -83,8 +85,14 @@ usn_cleanup_thread(void *arg)
- Slapi_PBlock *delete_pb = NULL;
- char *filter = "objectclass=nsTombstone";
-
-+ if (!task) {
-+ return; /* no task */
-+ }
- slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
- "--> usn_cleanup_thread\n");
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, USN_PLUGIN_SUBSYSTEM,
-+ "usn_cleanup_thread --> refcount incremented.\n" );
-
- if (NULL == usn_get_identity()) { /* plugin is not initialized */
- slapi_task_log_notice(task, "USN plugin is not initialized\n");
-@@ -195,14 +203,12 @@ bail:
- if (cleanup_data->maxusn_to_delete) {
- slapi_ch_free_string(&filter);
- }
-- slapi_ch_free_string(&cleanup_data->maxusn_to_delete);
-- slapi_ch_free_string(&cleanup_data->suffix);
-- slapi_ch_free_string(&cleanup_data->bind_dn);
-- slapi_ch_free((void **)&cleanup_data);
-
- /* this will queue the destruction of the task */
- slapi_task_finish(task, rv);
--
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, USN_PLUGIN_SUBSYSTEM,
-+ "usn_cleanup_thread <-- refcount decremented.\n");
- slapi_log_error(SLAPI_LOG_TRACE, USN_PLUGIN_SUBSYSTEM,
- "<-- usn_cleanup_thread\n");
- }
-@@ -283,7 +289,7 @@ usn_cleanup_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
- backend = slapi_entry_attr_get_charptr(e, "backend");
- maxusn = slapi_entry_attr_get_charptr(e, "maxusn_to_delete");
-
-- if (NULL == suffix && NULL == backend) {
-+ if (!suffix && !backend) {
- slapi_log_error(SLAPI_LOG_FATAL, USN_PLUGIN_SUBSYSTEM,
- "USN tombstone cleanup: Both suffix and backend are missing.\n");
- *returncode = LDAP_PARAM_ERROR;
-@@ -292,7 +298,7 @@ usn_cleanup_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
- }
-
- /* suffix is not given, but backend is; get the suffix */
-- if (NULL == suffix && NULL != backend) {
-+ if (!suffix && backend) {
- be = slapi_be_select_by_instance_name(backend);
- be_suffix = slapi_be_getsuffix(be, 0);
- if (be_suffix) {
-@@ -317,12 +323,6 @@ usn_cleanup_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
- goto bail;
- }
-
-- cleanup_data =
-- (struct usn_cleanup_data *)slapi_ch_malloc(sizeof(struct usn_cleanup_data));
-- cleanup_data->suffix = slapi_ch_strdup(suffix);
-- cleanup_data->maxusn_to_delete = slapi_ch_strdup(maxusn);
-- cleanup_data->bind_dn = slapi_ch_strdup(bind_dn);
--
- /* allocate new task now */
- task = slapi_plugin_new_task(slapi_entry_get_ndn(e), arg);
- if (task == NULL) {
-@@ -330,11 +330,21 @@ usn_cleanup_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
- "USN tombstone cleanup: unable to allocate new task.\n");
- *returncode = LDAP_OPERATIONS_ERROR;
- rv = SLAPI_DSE_CALLBACK_ERROR;
-- slapi_ch_free((void**)&cleanup_data);
- goto bail;
- }
-
-+ /* register our destructor for cleaning up our private data */
-+ slapi_task_set_destructor_fn(task, usn_cleanup_task_destructor);
-+
- /* Stash our argument in the task for use by the task thread */
-+ cleanup_data =
-+ (struct usn_cleanup_data *)slapi_ch_malloc(sizeof(struct usn_cleanup_data));
-+ cleanup_data->suffix = suffix;
-+ suffix = NULL; /* don't free in this function */
-+ cleanup_data->maxusn_to_delete = maxusn;
-+ maxusn = NULL; /* don't free in this function */
-+ cleanup_data->bind_dn = bind_dn;
-+ bind_dn = NULL; /* don't free in this function */
- slapi_task_set_data(task, cleanup_data);
-
- /* start the USN tombstone cleanup task as a separate thread */
-@@ -361,3 +371,23 @@ bail:
- return rv;
- }
-
-+static void
-+usn_cleanup_task_destructor(Slapi_Task *task)
-+{
-+ slapi_log_error(SLAPI_LOG_PLUGIN, USN_PLUGIN_SUBSYSTEM, "usn_cleanup_task_destructor -->\n");
-+ if (task) {
-+ struct usn_cleanup_data *mydata = (struct usn_cleanup_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
-+ if (mydata) {
-+ slapi_ch_free_string(&mydata->suffix);
-+ slapi_ch_free_string(&mydata->maxusn_to_delete);
-+ slapi_ch_free_string(&mydata->bind_dn);
-+ /* Need to cast to avoid a compiler warning */
-+ slapi_ch_free((void **)&mydata);
-+ }
-+ }
-+ slapi_log_error(SLAPI_LOG_PLUGIN, USN_PLUGIN_SUBSYSTEM, "usn_cleanup_task_destructor <--\n");
-+}
-diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
-index 0ae3601..dfe75eb 100644
---- a/ldap/servers/slapd/slapi-plugin.h
-+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -7958,6 +7958,15 @@ void slapi_plugin_op_finished(void *arg);
- #define RDN_IS_CONFLICT 0x2
- int slapi_is_special_rdn(const char *rdn, int flag);
-
-+/**
-+ * Sleeps for PRIntervalTime ticks defined in NSPR library
-+ *
-+ * \param PRIntervalTime ticks
-+ *
-+ * \return Nothing
-+ */
-+void DS_Sleep(PRIntervalTime ticks);
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
-index 921c397..9ca1950 100644
---- a/ldap/servers/slapd/slapi-private.h
-+++ b/ldap/servers/slapd/slapi-private.h
-@@ -1245,8 +1245,6 @@ void bervalarray_add_berval_fast(struct berval ***vals, const struct berval *add
-
- /***** End of items added for the replication plugin. ***********************/
-
--void DS_Sleep(PRIntervalTime ticks);
--
- /* macro to specify the behavior of upgradedb & upgradednformat */
- #define SLAPI_UPGRADEDB_FORCE 0x1 /* reindex all (no check w/ idl switch) */
- #define SLAPI_UPGRADEDB_SKIPINIT 0x2 /* call upgradedb as part of other op */
-diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
-index 98ec88c..19a52a3 100644
---- a/ldap/servers/slapd/task.c
-+++ b/ldap/servers/slapd/task.c
-@@ -113,6 +113,8 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
- static Slapi_Entry *get_internal_entry(Slapi_PBlock *pb, char *dn);
- static void modify_internal_entry(char *dn, LDAPMod **mods);
-
-+static void fixup_tombstone_task_destructor(Slapi_Task *task);
-+
- /***********************************
- * Public Functions
- ***********************************/
-@@ -2218,6 +2220,12 @@ task_fixup_tombstone_thread(void *arg)
- int fixup_count = 0;
- int rc, i, j;
-
-+ if (!task) {
-+ return; /* no task */
-+ }
-+ slapi_task_inc_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, TASK_TOMBSTONE_FIXUP,
-+ "fixup_tombstone_task_thread --> refcount incremented.\n" );
- slapi_task_begin(task, 1);
- slapi_task_log_notice(task, "Beginning tombstone fixup task...\n");
- slapi_log_error(SLAPI_LOG_REPL, TASK_TOMBSTONE_FIXUP,
-@@ -2233,8 +2241,14 @@ task_fixup_tombstone_thread(void *arg)
-
- /* Okay check the specified backends only */
- for(i = 0; base && base[i]; i++){
-- Slapi_PBlock *search_pb = slapi_pblock_new();
-+ Slapi_PBlock *search_pb = NULL;
-+
-+ if (slapi_is_shutting_down()) {
-+ rc = -1;
-+ goto bail;
-+ }
-
-+ search_pb = slapi_pblock_new();
- /* find entries that need fixing... */
- slapi_search_internal_set_pb(search_pb, base[i], LDAP_SCOPE_SUBTREE,
- filter, NULL, 0, NULL, NULL, plugin_get_default_component_id(), 0);
-@@ -2247,8 +2261,7 @@ task_fixup_tombstone_thread(void *arg)
- slapi_log_error(SLAPI_LOG_REPL, TASK_TOMBSTONE_FIXUP,
- "Failed to search backend for tombstones, error %d\n", rc);
- slapi_pblock_destroy(search_pb);
-- slapi_task_finish(task, rc);
-- return;
-+ goto bail;
- }
-
- slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
-@@ -2281,9 +2294,11 @@ task_fixup_tombstone_thread(void *arg)
- slapi_log_error(SLAPI_LOG_REPL, TASK_TOMBSTONE_FIXUP, "%s %d tombstones.\n",
- task_data->stripcsn ? "Stripped" : "Fixed", fixup_count);
- slapi_task_inc_progress(task);
-+bail:
- slapi_task_finish(task, rc);
-- slapi_ch_array_free(base);
-- slapi_ch_free((void **)&task_data);
-+ slapi_task_dec_refcount(task);
-+ slapi_log_error(SLAPI_LOG_PLUGIN, TASK_TOMBSTONE_FIXUP,
-+ "fixup_tombstone_task_thread <-- refcount decremented.\n" );
- }
-
-
-@@ -2387,6 +2402,8 @@ task_fixup_tombstones_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
- }
-
- task = slapi_new_task(slapi_entry_get_ndn(e));
-+ /* register our destructor for cleaning up our private data */
-+ slapi_task_set_destructor_fn(task, fixup_tombstone_task_destructor);
- task_data = (struct task_tombstone_data *)slapi_ch_calloc(1, sizeof(struct task_tombstone_data));
- task_data->base = base;
- task_data->task = task;
-@@ -2422,6 +2439,26 @@ done:
- return SLAPI_DSE_CALLBACK_OK;
- }
-
-+static void
-+fixup_tombstone_task_destructor(Slapi_Task *task)
-+{
-+ slapi_log_error(SLAPI_LOG_PLUGIN, TASK_TOMBSTONE_FIXUP,
-+ "fixup_tombstone_task_destructor -->\n" );
-+ if (task) {
-+ struct task_tombstone_data *mydata = (struct task_tombstone_data *)slapi_task_get_data(task);
-+ while (slapi_task_get_refcount(task) > 0) {
-+ /* Yield to wait for the fixup task finishes. */
-+ DS_Sleep (PR_MillisecondsToInterval(100));
-+ }
-+ if (mydata) {
-+ slapi_ch_array_free(mydata->base);
-+ slapi_ch_free((void **)&mydata);
-+ }
-+ }
-+ slapi_log_error(SLAPI_LOG_PLUGIN, TASK_TOMBSTONE_FIXUP,
-+ "fixup_tombstone_task_destructor <--\n" );
-+}
-+
- /* cleanup old tasks that may still be in the DSE from a previous session
- * (this can happen if the server crashes [no matter how unlikely we like
- * to think that is].)
---
-1.9.3
-
diff --git a/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch b/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
new file mode 100644
index 0000000..0ce22e8
--- /dev/null
+++ b/SOURCES/0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
@@ -0,0 +1,172 @@
+From 91e8872841e18eb96f2680fba180d636bb0a2a67 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Fri, 18 Sep 2015 15:19:51 -0700
+Subject: [PATCH 61/61] Ticket #48188 - segfault in ns-slapd due to accessing
+ Slapi_DN freed in pre bind plug-in
+
+Description: Additional fixes based upon the comments by rmeggins@redhat.com
+(Thank you, Rich!!).
+https://fedorahosted.org/389/ticket/48188?replyto=24#comment:24
+1. Implemented the case 2)
+ If the plugin changes the SLAPI_BIND_TARGET_SDN *value*,
+ we need to select a different backend. It is possible
+ (but not very useful) for the plugin to change the pointer,
+ but use the same value.
+2. Added an api slapi_be_select_exact which returns NULL if
+ there is no matching backend.
+
+https://fedorahosted.org/389/ticket/48188
+
+Reviewed by rmeggins@redhat.com (Thank you!)
+
+(cherry picked from commit 8212a8913b748cd1f5e986a754c37ef41db8272a)
+(cherry picked from commit a215c006e0900caaa555def9e047e295844d8652)
+---
+ ldap/servers/slapd/bind.c | 47 +++++++++++++++++++++++++++++----------
+ ldap/servers/slapd/mapping_tree.c | 19 ++++++++++++++++
+ ldap/servers/slapd/slapi-plugin.h | 1 +
+ 3 files changed, 55 insertions(+), 12 deletions(-)
+
+diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
+index 4ec276a..474b508 100644
+--- a/ldap/servers/slapd/bind.c
++++ b/ldap/servers/slapd/bind.c
+@@ -107,6 +107,7 @@ do_bind( Slapi_PBlock *pb )
+ int auto_bind = 0;
+ int minssf = 0;
+ int minssf_exclude_rootdse = 0;
++ Slapi_DN *original_sdn = NULL;
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "do_bind\n", 0, 0, 0 );
+
+@@ -660,10 +661,9 @@ do_bind( Slapi_PBlock *pb )
+ goto free_and_return;
+ }
+
+- if (referral)
+- {
+- send_referrals_from_entry(pb,referral);
+- slapi_entry_free(referral);
++ if (referral) {
++ send_referrals_from_entry(pb,referral);
++ slapi_entry_free(referral);
+ goto free_and_return;
+ }
+
+@@ -671,29 +671,50 @@ do_bind( Slapi_PBlock *pb )
+
+ /* not root dn - pass to the backend */
+ if ( be->be_bind != NULL ) {
+-
++ original_sdn = slapi_sdn_dup(sdn);
+ /*
+ * call the pre-bind plugins. if they succeed, call
+ * the backend bind function. then call the post-bind
+ * plugins.
+ */
+ if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 ) {
++ int sdn_updated = 0;
+ rc = 0;
+
+ /* Check if a pre_bind plugin mapped the DN to another backend */
+ Slapi_DN *pb_sdn;
+ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
+- if (pb_sdn != sdn) {
++ if (!pb_sdn) {
++ PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n");
++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++ goto free_and_return;
++ } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) {
+ /*
+ * Slapi_DN set in pblock was changed by a pre bind plug-in.
+ * It is a plug-in's responsibility to free the original Slapi_DN.
+ */
+ sdn = pb_sdn;
+ dn = slapi_sdn_get_dn(sdn);
+-
+- slapi_be_Unlock(be);
+- be = slapi_be_select(sdn);
+- slapi_be_Rlock(be);
++ if (!dn) {
++ PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n");
++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++ goto free_and_return;
++ }
++ if (!sdn_updated) { /* pb_sdn != sdn; need to compare the dn's. */
++ sdn_updated = slapi_sdn_compare(original_sdn, sdn);
++ }
++ if (sdn_updated) { /* call slapi_be_select only when the DN is updated. */
++ slapi_be_Unlock(be);
++ be = slapi_be_select_exact(sdn);
++ if (be) {
++ slapi_be_Rlock(be);
++ slapi_pblock_set( pb, SLAPI_BACKEND, be );
++ } else {
++ PR_snprintf(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn);
++ send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
++ goto free_and_return;
++ }
++ }
+ }
+
+ /*
+@@ -845,10 +866,12 @@ account_locked:
+ }
+
+ free_and_return:;
+- if (be)
++ slapi_sdn_free(&original_sdn);
++ if (be) {
+ slapi_be_Unlock(be);
++ }
+ if (bind_sdn_in_pb) {
+- slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
++ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
+ }
+ slapi_sdn_free(&sdn);
+ slapi_ch_free_string( &saslmech );
+diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
+index 165eba1..20c2cc3 100644
+--- a/ldap/servers/slapd/mapping_tree.c
++++ b/ldap/servers/slapd/mapping_tree.c
+@@ -3095,6 +3095,25 @@ slapi_be_select( const Slapi_DN *sdn ) /* JCM - The name of this should change??
+ return be;
+ }
+
++Slapi_Backend *
++slapi_be_select_exact(const Slapi_DN *sdn)
++{
++ Slapi_Backend *be = NULL;
++ mapping_tree_node *node = NULL;
++
++ if (!sdn) {
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "slapi_be_select_exact: Empty Slapi_DN is given.\n");
++ return NULL;
++ }
++ node = slapi_get_mapping_tree_node_by_dn(sdn);
++
++ if (node && node->mtn_be) {
++ be = node->mtn_be[0];
++ }
++
++ return be;
++}
++
+ /* Check if the dn targets an internal reserved backends */
+ int
+ slapi_on_internal_backends(const Slapi_DN *sdn)
+diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
+index 6b04610..564da44 100644
+--- a/ldap/servers/slapd/slapi-plugin.h
++++ b/ldap/servers/slapd/slapi-plugin.h
+@@ -6338,6 +6338,7 @@ Slapi_Backend *slapi_be_new( const char *type, const char *name,
+ int isprivate, int logchanges );
+ void slapi_be_free(Slapi_Backend **be);
+ Slapi_Backend *slapi_be_select( const Slapi_DN *sdn );
++Slapi_Backend *slapi_be_select_exact(const Slapi_DN *sdn);
+ Slapi_Backend *slapi_be_select_by_instance_name( const char *name );
+ int slapi_be_exist(const Slapi_DN *sdn);
+ void slapi_be_delete_onexit(Slapi_Backend *be);
+--
+1.9.3
+
diff --git a/SOURCES/0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch b/SOURCES/0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch
deleted file mode 100644
index 903a69d..0000000
--- a/SOURCES/0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch
+++ /dev/null
@@ -1,347 +0,0 @@
-From 205bce153c7db8258a8a28498cf54e7374dca588 Mon Sep 17 00:00:00 2001
-From: Thierry Bordaz <tbordaz@redhat.com>
-Date: Tue, 14 Apr 2015 16:24:44 +0200
-Subject: [PATCH] CVE-2015-1854 389ds-base: access control bypass with modrdn
-
-Bug Description:
- 47553 fix checks the write right access only if the RDN is
- modified. This allows to rename entries even if the
- authenticated user is not allowed of that.
-
-Fix Description:
- Roll back a wrong optimization that tested the write access
- only if RDN value was changed.
-
-https://fedorahosted.org/389/ticket/47553
-
-Reviewed by: ?
-
-Platforms tested: F17 (upstream test)
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit 44e5c0998bdf7dcb167e8472713ff393b776e4e3)
-
-Conflicts:
- dirsrvtests/tickets/ticket47553_single_aci_test.py
----
- dirsrvtests/tickets/ticket47553_rdn_write_test.py | 132 +++++++++++++++++++++
- dirsrvtests/tickets/ticket47553_single_aci_test.py | 52 ++++++--
- ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 32 ++---
- 3 files changed, 184 insertions(+), 32 deletions(-)
- create mode 100644 dirsrvtests/tickets/ticket47553_rdn_write_test.py
-
-diff --git a/dirsrvtests/tickets/ticket47553_rdn_write_test.py b/dirsrvtests/tickets/ticket47553_rdn_write_test.py
-new file mode 100644
-index 0000000..f15d9b3
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket47553_rdn_write_test.py
-@@ -0,0 +1,132 @@
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import pytest
-+from lib389 import DirSrv, Entry, tools, tasks
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from lib389.tasks import *
-+from lib389.utils import *
-+from ldap.controls.simple import GetEffectiveRightsControl
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+installation1_prefix = None
-+
-+SRC_ENTRY_CN = "tuser"
-+EXT_RDN = "01"
-+DST_ENTRY_CN = SRC_ENTRY_CN + EXT_RDN
-+
-+SRC_ENTRY_DN = "cn=%s,%s" % (SRC_ENTRY_CN, SUFFIX)
-+DST_ENTRY_DN = "cn=%s,%s" % (DST_ENTRY_CN, SUFFIX)
-+
-+class TopologyStandalone(object):
-+ def __init__(self, standalone):
-+ standalone.open()
-+ self.standalone = standalone
-+
-+
-+#@pytest.fixture(scope="module")
-+def topology(request):
-+ global installation1_prefix
-+
-+ # Creating standalone instance ...
-+ standalone = DirSrv(verbose=False)
-+ if installation1_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+ args_instance[SER_HOST] = HOST_STANDALONE
-+ args_instance[SER_PORT] = PORT_STANDALONE
-+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
-+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
-+ args_standalone = args_instance.copy()
-+ standalone.allocate(args_standalone)
-+ instance_standalone = standalone.exists()
-+ if instance_standalone:
-+ standalone.delete()
-+ standalone.create()
-+ standalone.open()
-+
-+ # Clear out the tmp dir
-+ standalone.clearTmpDir(__file__)
-+
-+ return TopologyStandalone(standalone)
-+
-+def test_ticket47553_rdn_write_init(topology):
-+ topology.standalone.log.info("\n\n######################### Add entry tuser ######################\n")
-+ topology.standalone.add_s(Entry((SRC_ENTRY_DN, {
-+ 'objectclass': "top person".split(),
-+ 'sn': SRC_ENTRY_CN,
-+ 'cn': SRC_ENTRY_CN})))
-+
-+def test_ticket47553_rdn_write_get_ger(topology):
-+ ANONYMOUS_DN = ""
-+ topology.standalone.log.info("\n\n######################### GER rights for anonymous ######################\n")
-+ request_ctrl = GetEffectiveRightsControl(criticality=True, authzId="dn:" + ANONYMOUS_DN)
-+ msg_id = topology.standalone.search_ext(SUFFIX, ldap.SCOPE_SUBTREE, "objectclass=*", serverctrls=[request_ctrl])
-+ rtype, rdata, rmsgid, response_ctrl = topology.standalone.result3(msg_id)
-+ value = ''
-+ for dn, attrs in rdata:
-+ topology.standalone.log.info("dn: %s" % dn)
-+ for value in attrs['entryLevelRights']:
-+ topology.standalone.log.info("############### entryLevelRights: %r" % value)
-+ assert 'n' not in value
-+
-+def test_ticket47553_rdn_write_modrdn_anonymous(topology):
-+ ANONYMOUS_DN = ""
-+ topology.standalone.close()
-+ topology.standalone.binddn = ANONYMOUS_DN
-+ topology.standalone.open()
-+ msg_id = topology.standalone.search_ext("", ldap.SCOPE_BASE, "objectclass=*")
-+ rtype, rdata, rmsgid, response_ctrl = topology.standalone.result3(msg_id)
-+ value = ''
-+ for dn, attrs in rdata:
-+ topology.standalone.log.info("dn: %s" % dn)
-+ for attr in attrs:
-+ topology.standalone.log.info("############### %r: %r" % (attr, attrs[attr]))
-+
-+
-+ try:
-+ topology.standalone.rename_s(SRC_ENTRY_DN, "cn=%s" % DST_ENTRY_CN, delold=True)
-+ except Exception as e:
-+ topology.standalone.log.info("Exception (expected): %s" % type(e).__name__)
-+ isinstance(e, ldap.INSUFFICIENT_ACCESS)
-+
-+ try:
-+ topology.standalone.getEntry(DST_ENTRY_DN, ldap.SCOPE_BASE, "objectclass=*")
-+ assert False
-+ except Exception as e:
-+ topology.standalone.log.info("The entry was not renamed (expected)")
-+ isinstance(e, ldap.NO_SUCH_OBJECT)
-+
-+def test_ticket47553_rdn_write(topology):
-+ '''
-+ Write your testcase here...
-+ '''
-+
-+ log.info('Test complete')
-+
-+
-+def test_ticket47553_rdn_write_final(topology):
-+ topology.standalone.delete()
-+ log.info('Testcase PASSED')
-+
-+
-+def run_isolated():
-+ global installation1_prefix
-+ installation1_prefix = '/home/tbordaz/install_master'
-+
-+ topo = topology(True)
-+ test_ticket47553_rdn_write_init(topo)
-+ test_ticket47553_rdn_write_get_ger(topo)
-+ test_ticket47553_rdn_write(topo)
-+ test_ticket47553_rdn_write_modrdn_anonymous(topo)
-+ test_ticket47553_rdn_write_final(topo)
-+
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
-diff --git a/dirsrvtests/tickets/ticket47553_single_aci_test.py b/dirsrvtests/tickets/ticket47553_single_aci_test.py
-index 4be2470..0c8d7e9 100644
---- a/dirsrvtests/tickets/ticket47553_single_aci_test.py
-+++ b/dirsrvtests/tickets/ticket47553_single_aci_test.py
-@@ -276,7 +276,27 @@ def _moddn_aci_deny_tree(topology, mod_type=None, target_from=STAGING_DN, target
- #topology.master1.modify_s(SUFFIX, mod)
- topology.master1.log.info("Add a DENY aci under %s " % PROD_EXCEPT_DN)
- topology.master1.modify_s(PROD_EXCEPT_DN, mod)
--
-+
-+def _write_aci_staging(topology, mod_type=None):
-+ assert mod_type is not None
-+
-+ ACI_TARGET = "(targetattr= \"cn\")(target=\"ldap:///cn=*,%s\")" % STAGING_DN
-+ ACI_ALLOW = "(version 3.0; acl \"write staging entries\"; allow (write)"
-+ ACI_SUBJECT = " userdn = \"ldap:///%s\";)" % BIND_DN
-+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
-+ mod = [(mod_type, 'aci', ACI_BODY)]
-+ topology.master1.modify_s(SUFFIX, mod)
-+
-+def _write_aci_production(topology, mod_type=None):
-+ assert mod_type is not None
-+
-+ ACI_TARGET = "(targetattr= \"cn\")(target=\"ldap:///cn=*,%s\")" % PRODUCTION_DN
-+ ACI_ALLOW = "(version 3.0; acl \"write production entries\"; allow (write)"
-+ ACI_SUBJECT = " userdn = \"ldap:///%s\";)" % BIND_DN
-+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
-+ mod = [(mod_type, 'aci', ACI_BODY)]
-+ topology.master1.modify_s(SUFFIX, mod)
-+
- def _moddn_aci_staging_to_production(topology, mod_type=None, target_from=STAGING_DN, target_to=PRODUCTION_DN):
- assert mod_type != None
-
-@@ -293,6 +313,8 @@ def _moddn_aci_staging_to_production(topology, mod_type=None, target_from=STAGIN
- ACI_BODY = ACI_TARGET_FROM + ACI_TARGET_TO + ACI_ALLOW + ACI_SUBJECT
- mod = [(mod_type, 'aci', ACI_BODY)]
- topology.master1.modify_s(SUFFIX, mod)
-+
-+ _write_aci_staging(topology, mod_type=mod_type)
-
- def _moddn_aci_from_production_to_staging(topology, mod_type=None):
- assert mod_type != None
-@@ -303,6 +325,8 @@ def _moddn_aci_from_production_to_staging(topology, mod_type=None):
- ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
- mod = [(mod_type, 'aci', ACI_BODY)]
- topology.master1.modify_s(SUFFIX, mod)
-+
-+ _write_aci_production(topology, mod_type=mod_type)
-
-
- def test_ticket47553_init(topology):
-@@ -347,12 +371,9 @@ def test_ticket47553_init(topology):
- 'description': "production except DIT"})))
-
- # enable acl error logging
-- #mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '128')]
-- #topology.master1.modify_s(DN_CONFIG, mod)
-- #topology.master2.modify_s(DN_CONFIG, mod)
--
--
--
-+ mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', str(128+262144))]
-+ topology.master1.modify_s(DN_CONFIG, mod)
-+ topology.master2.modify_s(DN_CONFIG, mod)
-
-
- # add dummy entries in the staging DIT
-@@ -883,6 +904,7 @@ def test_ticket47553_moddn_staging_prod_9(topology):
- _bind_manager(topology)
- mod = [(ldap.MOD_ADD, 'aci', ACI_BODY)]
- topology.master1.modify_s(PRODUCTION_DN, mod)
-+ _write_aci_staging(topology, mod_type=ldap.MOD_ADD)
- _bind_normal(topology)
-
- topology.master1.log.info("Try to MODDN %s -> %s,%s" % (old_dn, new_rdn, new_superior))
-@@ -891,6 +913,7 @@ def test_ticket47553_moddn_staging_prod_9(topology):
- _bind_manager(topology)
- mod = [(ldap.MOD_DELETE, 'aci', ACI_BODY)]
- topology.master1.modify_s(PRODUCTION_DN, mod)
-+ _write_aci_staging(topology, mod_type=ldap.MOD_DELETE)
- _bind_normal(topology)
-
-
-@@ -934,6 +957,7 @@ def test_ticket47553_moddn_staging_prod_9(topology):
- _bind_manager(topology)
- mod = [(ldap.MOD_ADD, 'aci', ACI_BODY)]
- topology.master1.modify_s(PRODUCTION_DN, mod)
-+ _write_aci_staging(topology, mod_type=ldap.MOD_ADD)
- _bind_normal(topology)
-
- try:
-@@ -949,6 +973,7 @@ def test_ticket47553_moddn_staging_prod_9(topology):
- _bind_manager(topology)
- mod = [(ldap.MOD_DELETE, 'aci', ACI_BODY)]
- topology.master1.modify_s(PRODUCTION_DN, mod)
-+ _write_aci_staging(topology, mod_type=ldap.MOD_DELETE)
- _bind_normal(topology)
-
- # Add the moddn aci that will be evaluated because of the config flag
-@@ -1009,7 +1034,12 @@ def test_ticket47553_moddn_prod_staging(topology):
- old_dn = "%s,%s" % (old_rdn, PRODUCTION_DN)
- new_rdn = old_rdn
- new_superior = STAGING_DN
--
-+
-+ # add the write right because we want to check the moddn
-+ _bind_manager(topology)
-+ _write_aci_production(topology, mod_type=ldap.MOD_ADD)
-+ _bind_normal(topology)
-+
- try:
- topology.master1.log.info("Try to move back MODDN %s -> %s,%s" % (old_dn, new_rdn, new_superior))
- topology.master1.rename_s(old_dn, new_rdn, newsuperior=new_superior)
-@@ -1019,7 +1049,11 @@ def test_ticket47553_moddn_prod_staging(topology):
- except Exception as e:
- topology.master1.log.info("Exception (expected): %s" % type(e).__name__)
- assert isinstance(e, ldap.INSUFFICIENT_ACCESS)
--
-+
-+ _bind_manager(topology)
-+ _write_aci_production(topology, mod_type=ldap.MOD_DELETE)
-+ _bind_normal(topology)
-+
- # successfull MOD with the both ACI
- _bind_manager(topology)
- _moddn_aci_staging_to_production(topology, mod_type=ldap.MOD_DELETE, target_from=STAGING_DN, target_to=PRODUCTION_DN)
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
-index 6a4982c..4129318 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
-@@ -677,31 +677,17 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
-
- /* JCMACL - Should be performed before the child check. */
- /* JCMACL - Why is the check performed against the copy, rather than the existing entry? */
-+ /* This check must be performed even if the entry is renamed with its own name
-+ * No optimization here we need to check we have the write access to the target entry
-+ */
-+ ldap_result_code = plugin_call_acl_plugin(pb, ec->ep_entry,
-+ NULL /*attr*/, NULL /*value*/, SLAPI_ACL_WRITE,
-+ ACLPLUGIN_ACCESS_MODRDN, &errbuf);
-+ if (ldap_result_code != LDAP_SUCCESS)
- {
-- Slapi_RDN *new_rdn;
-- Slapi_RDN *old_rdn;
--
-- /* Taken from the entry */
-- old_rdn = slapi_entry_get_srdn(ec->ep_entry);
--
-- /* Taken from the request */
-- new_rdn = slapi_rdn_new();
-- slapi_sdn_get_rdn(&dn_newrdn, new_rdn);
--
-- /* Only if we change the RDN value, we need the write access to the entry */
-- if (slapi_rdn_compare(old_rdn, new_rdn)) {
-- ldap_result_code = plugin_call_acl_plugin(pb, ec->ep_entry,
-- NULL /*attr*/, NULL /*value*/, SLAPI_ACL_WRITE,
-- ACLPLUGIN_ACCESS_MODRDN, &errbuf);
-- }
--
-- slapi_rdn_free(&new_rdn);
-+ goto error_return;
-+ }
-
-- if (ldap_result_code != LDAP_SUCCESS) {
-- goto error_return;
-- }
-- }
--
- /* Set the new dn to the copy of the entry */
- slapi_entry_set_sdn( ec->ep_entry, &dn_newdn );
- if (entryrdn_get_switch()) { /* subtree-rename: on */
---
-1.9.3
-
diff --git a/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch b/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch
new file mode 100644
index 0000000..6f83044
--- /dev/null
+++ b/SOURCES/0062-Ticket-48266-coverity-unused-variable-init_retry.patch
@@ -0,0 +1,27 @@
+From 02c520c6fa44f9f2499c79e48531b59d62875a39 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Sat, 19 Sep 2015 09:58:39 -0700
+Subject: [PATCH] Ticket 48266 - coverity -- unused variable 'init_retry'
+
+Description: Backport error for Ticket 48266 - Fractional replication
+ evaluates several times the same CSN
+ (commit 05e127c89281cece8bc1fa79bac6b95cc23dcca9)
+---
+ ldap/servers/plugins/replication/repl5_tot_protocol.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
+index e004af4..7da893a 100644
+--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
+@@ -318,7 +318,6 @@ repl5_tot_run(Private_Repl_Protocol *prp)
+ int portnum = 0;
+ Slapi_DN *area_sdn = NULL;
+ CSN *remote_schema_csn = NULL;
+- int init_retry = 0;
+ Replica *replica;
+ ReplicaId rid = 0; /* Used to create the replica keep alive subentry */
+
+--
+1.9.3
+
diff --git a/SOURCES/0063-Ticket-48190-idm-ipa-389-ds-base-entry-cache-converg.patch b/SOURCES/0063-Ticket-48190-idm-ipa-389-ds-base-entry-cache-converg.patch
deleted file mode 100644
index e98f7e6..0000000
--- a/SOURCES/0063-Ticket-48190-idm-ipa-389-ds-base-entry-cache-converg.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 82d69a381183cf5125ba8d4afdfd12c65544e348 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Sun, 31 May 2015 17:08:29 -0700
-Subject: [PATCH 63/72] Ticket #48190 - idm/ipa 389-ds-base entry cache
- converges to 500 KB in dblayer_is_cachesize_sane
-
-Description: This issue was introduced by the fix for Ticket 47499
-commit 1e035d1111f6abcb87e760a2b9e41fa9e05a7ebd.
-
-The function dblayer_is_cachesize_sane was originally implemented for
-db cache to check if the given db cache size is larger than the available
-memory or not. The function resets the size to the available memory size
-if it is larger. Also, considering the extra metadata size needed for the
-db cache, it multiplies by 0.8 every time it starts the server. It is not
-needed even for the db cache. The code is old and we don't have to save
-the memory there. Thus, this patch removes the resetting code.
-
-https://fedorahosted.org/389/ticket/48190
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit bf9ef718cfd48c26eaf11662f522451d866e7681)
----
- ldap/servers/slapd/back-ldbm/dblayer.c | 7 -------
- ldap/servers/slapd/back-ldbm/ldbm_instance_config.c | 6 ++++--
- 2 files changed, 4 insertions(+), 9 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
-index 2524355..d3deff8 100644
---- a/ldap/servers/slapd/back-ldbm/dblayer.c
-+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
-@@ -1116,13 +1116,6 @@ int dblayer_is_cachesize_sane(size_t *cachesize)
- if (!issane) {
- *cachesize = (size_t)((pages - procpages) * pagesize);
- }
-- /* We now compensate for DB's own compensation for metadata size
-- * They increase the actual cache size by 25%, but only for sizes
-- * less than 500Meg.
-- */
-- if (*cachesize < 500*MEGABYTE) {
-- *cachesize = (size_t)((double)*cachesize * (double)0.8);
-- }
-
- return issane;
- }
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
-index 9b93f9a..f75ca97 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
-@@ -121,11 +121,12 @@ ldbm_instance_config_cachememsize_set(void *arg, void *value, char *errorbuf, in
- ldbm_instance *inst = (ldbm_instance *) arg;
- int retval = LDAP_SUCCESS;
- size_t val = (size_t) value;
-+ size_t chkval = val;
-
- /* Do whatever we can to make sure the data is ok. */
-
- if (apply) {
-- if (!dblayer_is_cachesize_sane(&val)){
-+ if (!dblayer_is_cachesize_sane(&chkval)){
- PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "Error: cachememsize value is too large.");
- LDAPDebug( LDAP_DEBUG_ANY,"Error: cachememsize value is too large.\n",
-@@ -152,11 +153,12 @@ ldbm_instance_config_dncachememsize_set(void *arg, void *value, char *errorbuf,
- ldbm_instance *inst = (ldbm_instance *) arg;
- int retval = LDAP_SUCCESS;
- size_t val = (size_t)value;
-+ size_t chkval = val;
-
- /* Do whatever we can to make sure the data is ok. */
-
- if (apply) {
-- if (!dblayer_is_cachesize_sane(&val)){
-+ if (!dblayer_is_cachesize_sane(&chkval)){
- PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
- "Error: dncachememsize value is too large.");
- LDAPDebug( LDAP_DEBUG_ANY,"Error: dncachememsize value is too large.\n",
---
-1.9.3
-
diff --git a/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch b/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch
new file mode 100644
index 0000000..2d85f36
--- /dev/null
+++ b/SOURCES/0063-Ticket-48266-Online-init-crashes-consumer.patch
@@ -0,0 +1,41 @@
+From 060b9298fd03cbdac725be398e7754f67aa2b5c1 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 22 Sep 2015 09:49:12 -0400
+Subject: [PATCH 63/65] Ticket 48266 - Online init crashes consumer
+
+Bug Description: When trying to create the 'replica keep alive' entry
+ on a consumer during an online init, the entry gets freed
+ in op_shared_add(), and then freed again in
+ replica_subentry_create() which leads to a crash.
+
+Fix Description: Do not free the "keep alive" entry if a referral is
+ returned when trying to create the keep-alive entry.
+
+https://fedorahosted.org/389/ticket/48266
+
+Reviewed by: tbordaz(Thanks!)
+
+(cherry picked from commit 5538bac519c5363bb456e98d615c9366dedd57d8)
+(cherry picked from commit 1c127b40c1c7298839562326babbf2cba65cce1b)
+---
+ ldap/servers/plugins/replication/repl5_replica.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
+index 6ac28c1..708008c 100644
+--- a/ldap/servers/plugins/replication/repl5_replica.c
++++ b/ldap/servers/plugins/replication/repl5_replica.c
+@@ -448,7 +448,9 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
+ repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION), 0 /* flags */);
+ slapi_add_internal_pb(pb);
+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &return_value);
+- if (return_value != LDAP_SUCCESS && return_value != LDAP_ALREADY_EXISTS)
++ if (return_value != LDAP_SUCCESS &&
++ return_value != LDAP_ALREADY_EXISTS &&
++ return_value != LDAP_REFERRAL /* CONSUMER */)
+ {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
+ "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
+--
+1.9.3
+
diff --git a/SOURCES/0064-Ticket-48146-async-simple-paged-results-issue.patch b/SOURCES/0064-Ticket-48146-async-simple-paged-results-issue.patch
deleted file mode 100644
index 6027eef..0000000
--- a/SOURCES/0064-Ticket-48146-async-simple-paged-results-issue.patch
+++ /dev/null
@@ -1,159 +0,0 @@
-From 577fa6ada5d860e5ed7291aff2e41938ca92793b Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Sun, 26 Apr 2015 14:46:44 -0700
-Subject: [PATCH 64/72] Ticket #48146 - async simple paged results issue
-
-Description: When the last page of the single paged results is returned,
-the search results structure is freed in the simple paged results code
-(in op_shared_search). The search results structure is stashed in the
-simple paged results object across the pages. The free and the clean up
-of the stashed address should have been atomic, but it was not.
-
-https://fedorahosted.org/389/ticket/48146
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 947477f2e2367337a8c220d8c9d03a62bf1bbf1c)
-(cherry picked from commit ec8801a69adbe2f502513fabcbb79bc5e38bf197)
----
- ldap/servers/slapd/opshared.c | 18 +++++++-----------
- ldap/servers/slapd/pagedresults.c | 36 +++++++++++-------------------------
- 2 files changed, 18 insertions(+), 36 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index ebd4fdf..e7cee8a 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -881,7 +881,10 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
- if (PAGEDRESULTS_SEARCH_END == pr_stat) {
- if (sr) { /* in case a left over sr is found, clean it up */
-+ PR_Lock(pb->pb_conn->c_mutex);
-+ pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
- be->be_search_results_release(&sr);
-+ PR_Unlock(pb->pb_conn->c_mutex);
- }
- if (NULL == next_be) {
- /* no more entries && no more backends */
-@@ -897,17 +900,10 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate);
- pagedresults_lock(pb->pb_conn, pr_idx);
- if ((pagedresults_set_current_be(pb->pb_conn, be, pr_idx) < 0) ||
-- (pagedresults_set_search_result(pb->pb_conn, operation,
-- sr, 0, pr_idx) < 0) ||
-- (pagedresults_set_search_result_count(pb->pb_conn, operation,
-- curr_search_count,
-- pr_idx) < 0) ||
-- (pagedresults_set_search_result_set_size_estimate(pb->pb_conn,
-- operation,
-- estimate,
-- pr_idx) < 0) ||
-- (pagedresults_set_with_sort(pb->pb_conn, operation,
-- with_sort, pr_idx) < 0)) {
-+ (pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx) < 0) ||
-+ (pagedresults_set_search_result_count(pb->pb_conn, operation, curr_search_count, pr_idx) < 0) ||
-+ (pagedresults_set_search_result_set_size_estimate(pb->pb_conn, operation, estimate, pr_idx) < 0) ||
-+ (pagedresults_set_with_sort(pb->pb_conn, operation, with_sort, pr_idx) < 0)) {
- pagedresults_unlock(pb->pb_conn, pr_idx);
- goto free_and_return;
- }
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index d589708..e61c000 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -100,26 +100,20 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- ber_free(ber, 1);
- if ( cookie.bv_len <= 0 ) {
- int i;
-- int maxlen;
- /* first time? */
-- maxlen = conn->c_pagedresults.prl_maxlen;
-+ int maxlen = conn->c_pagedresults.prl_maxlen;
- if (conn->c_pagedresults.prl_count == maxlen) {
- if (0 == maxlen) { /* first time */
- conn->c_pagedresults.prl_maxlen = 1;
-- conn->c_pagedresults.prl_list =
-- (PagedResults *)slapi_ch_calloc(1,
-- sizeof(PagedResults));
-+ conn->c_pagedresults.prl_list = (PagedResults *)slapi_ch_calloc(1, sizeof(PagedResults));
- } else {
- /* new max length */
- conn->c_pagedresults.prl_maxlen *= 2;
-- conn->c_pagedresults.prl_list =
-- (PagedResults *)slapi_ch_realloc(
-+ conn->c_pagedresults.prl_list = (PagedResults *)slapi_ch_realloc(
- (char *)conn->c_pagedresults.prl_list,
-- sizeof(PagedResults) *
-- conn->c_pagedresults.prl_maxlen);
-+ sizeof(PagedResults) * conn->c_pagedresults.prl_maxlen);
- /* initialze newly allocated area */
-- memset(conn->c_pagedresults.prl_list + maxlen, '\0',
-- sizeof(PagedResults) * maxlen);
-+ memset(conn->c_pagedresults.prl_list + maxlen, '\0', sizeof(PagedResults) * maxlen);
- }
- *index = maxlen; /* the first position in the new area */
- } else {
-@@ -276,8 +270,8 @@ pagedresults_free_one( Connection *conn, Operation *op, int index )
- prp->pr_current_be->be_search_results_release &&
- prp->pr_search_result_set) {
- prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
-- prp->pr_current_be = NULL;
- }
-+ prp->pr_current_be = NULL;
- if (prp->pr_mutex) {
- /* pr_mutex is reused; back it up and reset it. */
- prmutex = prp->pr_mutex;
-@@ -314,8 +308,8 @@ pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid )
- prp->pr_current_be->be_search_results_release &&
- prp->pr_search_result_set) {
- prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
-- prp->pr_current_be = NULL;
- }
-+ prp->pr_current_be = NULL;
- prp->pr_flags |= CONN_FLAG_PAGEDRESULTS_ABANDONED;
- prp->pr_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING;
- conn->c_pagedresults.prl_count--;
-@@ -404,16 +398,8 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr,
- if (conn && (index > -1)) {
- if (!locked) PR_Lock(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
-- if (sr) { /* set */
-- if (NULL ==
-- conn->c_pagedresults.prl_list[index].pr_search_result_set) {
-- conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
-- rc = 0;
-- }
-- } else { /* reset */
-- conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
-- rc = 0;
-- }
-+ conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
-+ rc = 0;
- }
- if (!locked) PR_Unlock(conn->c_mutex);
- }
-@@ -732,9 +718,9 @@ pagedresults_cleanup(Connection *conn, int needlock)
- if (prp->pr_current_be && prp->pr_search_result_set &&
- prp->pr_current_be->be_search_results_release) {
- prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
-- prp->pr_current_be = NULL;
- rc = 1;
- }
-+ prp->pr_current_be = NULL;
- if (prp->pr_mutex) {
- PR_DestroyLock(prp->pr_mutex);
- }
-@@ -780,9 +766,9 @@ pagedresults_cleanup_all(Connection *conn, int needlock)
- if (prp->pr_current_be && prp->pr_search_result_set &&
- prp->pr_current_be->be_search_results_release) {
- prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
-- prp->pr_current_be = NULL;
- rc = 1;
- }
-+ prp->pr_current_be = NULL;
- }
- slapi_ch_free((void **)&conn->c_pagedresults.prl_list);
- conn->c_pagedresults.prl_maxlen = 0;
---
-1.9.3
-
diff --git a/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch b/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch
new file mode 100644
index 0000000..ebe138e
--- /dev/null
+++ b/SOURCES/0064-Ticket-48284-free-entry-when-internal-add-fails.patch
@@ -0,0 +1,53 @@
+From d1598673937a83127249e6c26de6af3a18a5f51c Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 22 Sep 2015 13:41:06 -0400
+Subject: [PATCH 64/65] Ticket 48284 - free entry when internal add fails
+
+Bug Description: The entry passed to an internal add operaton is expected
+ to be consumed, but it is not freed during an internal
+ add when setting slapi_add_internal_pb() returns an error.
+
+Fix Description: Free the entry in slapi_add_internal_pb() when the operation
+ is not allowed.
+
+https://fedorahosted.org/389/ticket/48284
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit 622be8bfbc942fe100b8880df72db26e99e1c954)
+(cherry picked from commit 99dbfb7601daea80f80d1ea9d29766d76555e01a)
+---
+ ldap/servers/slapd/add.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
+index 5eb2042..31012a2 100644
+--- a/ldap/servers/slapd/add.c
++++ b/ldap/servers/slapd/add.c
+@@ -316,6 +316,12 @@ int slapi_add_internal_pb (Slapi_PBlock *pb)
+
+ if (!allow_operation (pb))
+ {
++ /* free the entry as it's expected to be consumed */
++ Slapi_Entry *e;
++ slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
++ slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL);
++ slapi_entry_free(e);
++
+ slapi_send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "This plugin is not configured to access operation target data", 0, NULL );
+ return 0;
+@@ -727,8 +733,8 @@ static void op_shared_add (Slapi_PBlock *pb)
+ slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &pse);
+ do_ps_service(pse, NULL, LDAP_CHANGETYPE_ADD, 0);
+ /*
+- * If be_add succeeded, then e is consumed except the resurect case.
+- * If it is resurect, the corresponding tombstone entry is resurected
++ * If be_add succeeded, then e is consumed except the resurrect case.
++ * If it is resurrect, the corresponding tombstone entry is resurrected
+ * and put into the cache.
+ * Otherwise, we set e to NULL to prevent freeing it ourselves.
+ */
+--
+1.9.3
+
diff --git a/SOURCES/0065-Ticket-48146-async-simple-paged-results-issue-log-pr.patch b/SOURCES/0065-Ticket-48146-async-simple-paged-results-issue-log-pr.patch
deleted file mode 100644
index e07e791..0000000
--- a/SOURCES/0065-Ticket-48146-async-simple-paged-results-issue-log-pr.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 01fb4193778aa165070c3a8b4fe2c48e83ce3828 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 1 May 2015 10:50:39 -0700
-Subject: [PATCH 65/72] Ticket #48146 - async simple paged results issue; log
- pr index
-
-Description: When the request is a simple paged results search,
- log pr index in the access log.
-Sample access log for "getent netgroup <name>":
- [..] conn=23 op=521 SRCH base="cn=accounts,dc=testrelm,dc=test" scope=2 filter="(&(|(memberOf=ipaUniqueID=3036b6a0-ee18-11e4-b7dd-00215e2032c0,cn=ng,cn=alt,dc=testrelm,dc=test))(objectClass=ipaHost))" attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
- [..] conn=23 op=521 RESULT err=0 tag=101 nentries=200 etime=0 notes=P pr_idx=3
-
-https://fedorahosted.org/389/ticket/48146
-
-Reviewed by rmeggins@redhat.com (Thanks, Rich!!)
-
-(cherry picked from commit 9eb20d89755160aa916544c7cfce0ad066e538f7)
----
- ldap/servers/slapd/result.c | 32 +++++++++++++++++++++++++++++++-
- 1 file changed, 31 insertions(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
-index 2198337..226f01c 100644
---- a/ldap/servers/slapd/result.c
-+++ b/ldap/servers/slapd/result.c
-@@ -1961,6 +1961,9 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
- CSN *operationcsn = NULL;
- char csn_str[CSN_STRSIZE + 5];
- char etime[ETIME_BUFSIZ];
-+ int pr_idx = -1;
-+
-+ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
-
- internal_op = operation_is_flag_set( op, OP_FLAG_INTERNAL );
-
-@@ -2054,7 +2057,34 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
- }
- slapi_ch_free((void**)&dn);
- } else {
-- if ( !internal_op )
-+ if (pr_idx > -1)
-+ {
-+ if ( !internal_op )
-+ {
-+ slapi_log_access( LDAP_DEBUG_STATS,
-+ "conn=%" NSPRIu64 " op=%d RESULT err=%d"
-+ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s"
-+ " pr_idx=%d\n",
-+ op->o_connid,
-+ op->o_opid,
-+ err, tag, nentries,
-+ etime,
-+ notes_str, csn_str, pr_idx );
-+ }
-+ else
-+ {
-+ slapi_log_access( LDAP_DEBUG_ARGS,
-+ "conn=%s op=%d RESULT err=%d"
-+ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s"
-+ " pr_idx=%d\n",
-+ LOG_INTERNAL_OP_CON_ID,
-+ LOG_INTERNAL_OP_OP_ID,
-+ err, tag, nentries,
-+ etime,
-+ notes_str, csn_str, pr_idx );
-+ }
-+ }
-+ else if ( !internal_op )
- {
- slapi_log_access( LDAP_DEBUG_STATS,
- "conn=%" NSPRIu64 " op=%d RESULT err=%d"
---
-1.9.3
-
diff --git a/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch b/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
new file mode 100644
index 0000000..23541a8
--- /dev/null
+++ b/SOURCES/0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
@@ -0,0 +1,35 @@
+From 3a3d1f22ea262270bc859aeb4c80928d5a085817 Mon Sep 17 00:00:00 2001
+From: Mark Reynolds <mreynolds@redhat.com>
+Date: Tue, 22 Sep 2015 13:58:38 -0400
+Subject: [PATCH 65/65] Ticket 48266 - do not free repl keep alive entry on
+ error
+
+Description: There is no need to free the "repl keep alive" entry
+ if any stage of the "add" fails. Otherwise we could
+ potentially run into a double free.
+
+https://fedorahosted.org/389/ticket/48266
+
+Reviewed by: nhosoi(Thanks!)
+
+(cherry picked from commit e5d9b0c741af1c3ea5e8212148a3ba95ee18925b)
+(cherry picked from commit f95e73f620987de9107246b30b28fd463024b61f)
+---
+ ldap/servers/plugins/replication/repl5_replica.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
+index 708008c..8b53f3c 100644
+--- a/ldap/servers/plugins/replication/repl5_replica.c
++++ b/ldap/servers/plugins/replication/repl5_replica.c
+@@ -456,7 +456,6 @@ replica_subentry_create(Slapi_DN *repl_root, ReplicaId rid)
+ "create replication keep alive entry %s: %s\n", slapi_entry_get_dn_const(e),
+ ldap_err2string(return_value));
+ rc = -1;
+- slapi_entry_free(e); /* The entry was not consumed */
+ goto done;
+ }
+
+--
+1.9.3
+
diff --git a/SOURCES/0066-Ticket-48146-async-simple-paged-results-issue-need-t.patch b/SOURCES/0066-Ticket-48146-async-simple-paged-results-issue-need-t.patch
deleted file mode 100644
index 4b7aec6..0000000
--- a/SOURCES/0066-Ticket-48146-async-simple-paged-results-issue-need-t.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From 39e430f55e61605d27849c0f17e37e046cbbda72 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 1 May 2015 12:01:13 -0700
-Subject: [PATCH 66/72] Ticket #48146 - async simple paged results issue; need
- to close a small window for a pr index competed among multiple threads.
-
-Description: If multiple async simple paged results requests come in via one
-connection simultaneously, the same slot in the paged results array in the
-connection could be shared. If one of them has to do paging, the search
-request object stashed in the paged result array slot could be freed by the
-other request if it has the shorter life cycle.
-
-These 3 reqs use the same paged results array slot.
-req0: <--------------><----x
-page1 page2
-req1: <----->
-req2: <------->
-frees search result object of req0
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 3cf85d1ad6cbc0feac5578dee5ce259c0f65055f)
----
- ldap/servers/slapd/opshared.c | 93 +++++++++++++++++++--------------------
- ldap/servers/slapd/pagedresults.c | 3 +-
- ldap/servers/slapd/proto-slap.h | 2 +-
- 3 files changed, 49 insertions(+), 49 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index e7cee8a..430b0c6 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -408,6 +408,51 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- */
- operation_set_target_spec (pb->pb_op, basesdn);
-
-+ if (be_name == NULL)
-+ {
-+ /* no specific backend was requested, use the mapping tree
-+ */
-+ err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
-+ if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
-+ || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
-+ {
-+ send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
-+ rc = -1;
-+ goto free_and_return;
-+ }
-+ if (be_list[0] != NULL)
-+ {
-+ index = 0;
-+ if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
-+ /* move the index in the be_list which matches pr_be */
-+ while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
-+ index++;
-+ } else {
-+ while (be_list[index] && be_list[index+1])
-+ index++;
-+ }
-+ /* "be" is either pr_be or the last backend */
-+ be = be_list[index];
-+ }
-+ else
-+ be = pr_be?pr_be:NULL;
-+ }
-+ else
-+ {
-+ /* specific backend be_name was requested, use slapi_be_select_by_instance_name
-+ */
-+ if (pr_be) {
-+ be_single = be = pr_be;
-+ } else {
-+ be_single = be = slapi_be_select_by_instance_name(be_name);
-+ }
-+ if (be_single)
-+ slapi_be_Rlock(be_single);
-+ be_list[0] = NULL;
-+ referral_list[0] = NULL;
-+ referral = NULL;
-+ }
-+
- /* this is time to check if mapping tree specific control
- * was used to specify that we want to parse only
- * one backend
-@@ -478,8 +523,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- if ( slapi_control_present (ctrlp, LDAP_CONTROL_PAGEDRESULTS,
- &ctl_value, &iscritical) )
- {
-- rc = pagedresults_parse_control_value(pb, ctl_value,
-- &pagesize, &pr_idx);
-+ rc = pagedresults_parse_control_value(pb, ctl_value, &pagesize, &pr_idx, be);
- /* Let's set pr_idx even if it fails; in case, pr_idx == -1. */
- slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
- if ((LDAP_SUCCESS == rc) ||
-@@ -520,51 +564,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- }
- }
-
-- if (be_name == NULL)
-- {
-- /* no specific backend was requested, use the mapping tree
-- */
-- err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
-- if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
-- || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
-- {
-- send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
-- rc = -1;
-- goto free_and_return;
-- }
-- if (be_list[0] != NULL)
-- {
-- index = 0;
-- if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
-- /* move the index in the be_list which matches pr_be */
-- while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
-- index++;
-- } else {
-- while (be_list[index] && be_list[index+1])
-- index++;
-- }
-- /* "be" is either pr_be or the last backend */
-- be = be_list[index];
-- }
-- else
-- be = pr_be?pr_be:NULL;
-- }
-- else
-- {
-- /* specific backend be_name was requested, use slapi_be_select_by_instance_name
-- */
-- if (pr_be) {
-- be_single = be = pr_be;
-- } else {
-- be_single = be = slapi_be_select_by_instance_name(be_name);
-- }
-- if (be_single)
-- slapi_be_Rlock(be_single);
-- be_list[0] = NULL;
-- referral_list[0] = NULL;
-- referral = NULL;
-- }
--
- slapi_pblock_set(pb, SLAPI_BACKEND_COUNT, &index);
-
- if (be)
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index e61c000..a3a5fc4 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -58,7 +58,7 @@
- int
- pagedresults_parse_control_value( Slapi_PBlock *pb,
- struct berval *psbvp, ber_int_t *pagesize,
-- int *index )
-+ int *index, Slapi_Backend *be )
- {
- int rc = LDAP_SUCCESS;
- struct berval cookie = {0};
-@@ -119,6 +119,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- } else {
- for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
- if (!conn->c_pagedresults.prl_list[i].pr_current_be) {
-+ conn->c_pagedresults.prl_list[i].pr_current_be = be;
- *index = i;
- break;
- }
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index c987b4a..80504b2 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1467,7 +1467,7 @@ int slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt,
- * pagedresults.c
- */
- int pagedresults_parse_control_value(Slapi_PBlock *pb, struct berval *psbvp,
-- ber_int_t *pagesize, int *index);
-+ ber_int_t *pagesize, int *index, Slapi_Backend *be);
- void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical,
- ber_int_t estimate,
- int curr_search_count, int index);
---
-1.9.3
-
diff --git a/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch b/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
new file mode 100644
index 0000000..d2e826c
--- /dev/null
+++ b/SOURCES/0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
@@ -0,0 +1,123 @@
+From 695f06f02f6285bad4c494fda98f8f17ace2d1aa Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Wed, 30 Sep 2015 13:32:05 -0700
+Subject: [PATCH 66/68] Ticket #48299 - pagedresults - when timed out, search
+ results could have been already freed.
+
+Description: When a search results object is freed, there is a window
+until the information is set to the pagedresults handle. If the paged-
+results handle is released due to a timeout in the window, double free
+occurs.
+
+This patch sets NULL just before the search results object is freed
+in the backend as well as in dse.
+
+Plus, fixed a minor memory leak in pagedresults_parse_control_value.
+
+https://fedorahosted.org/389/ticket/48299
+
+Reviewed and a bug found by tbordaz@redhat.com (Thank you, Thierry!!)
+
+(cherry picked from commit f90c3a6e1933b9cc19a51b17a038f26652c4b2bc)
+(cherry picked from commit 56151ed75bbd63af80932fe73a512df835b17593)
+---
+ ldap/servers/slapd/back-ldbm/ldbm_search.c | 1 +
+ ldap/servers/slapd/dse.c | 1 +
+ ldap/servers/slapd/pagedresults.c | 33 +++++++++++++++++++++++++++++-
+ ldap/servers/slapd/proto-slap.h | 1 +
+ 4 files changed, 35 insertions(+), 1 deletion(-)
+
+diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c
+index 73c54d3..8ed6b4d 100644
+--- a/ldap/servers/slapd/back-ldbm/ldbm_search.c
++++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c
+@@ -1890,6 +1890,7 @@ delete_search_result_set( Slapi_PBlock *pb, back_search_result_set **sr )
+ /* If the op is pagedresults, let the module clean up sr. */
+ return;
+ }
++ pagedresults_set_search_result_pb(pb, NULL, 0);
+ slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
+ }
+ if ( NULL != (*sr)->sr_candidates )
+diff --git a/ldap/servers/slapd/dse.c b/ldap/servers/slapd/dse.c
+index e8e393b..68ce751 100644
+--- a/ldap/servers/slapd/dse.c
++++ b/ldap/servers/slapd/dse.c
+@@ -2830,6 +2830,7 @@ dse_next_search_entry (Slapi_PBlock *pb)
+ /* we reached the end of the list */
+ if (e == NULL)
+ {
++ pagedresults_set_search_result_pb(pb, NULL, 0);
+ dse_search_set_delete (ss);
+ slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
+ }
+diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
+index d0c93cd..6dd6432 100644
+--- a/ldap/servers/slapd/pagedresults.c
++++ b/ldap/servers/slapd/pagedresults.c
+@@ -172,7 +172,6 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
+ }
+ /* reset sizelimit */
+ op->o_pagedresults_sizelimit = -1;
+- slapi_ch_free((void **)&cookie.bv_val);
+
+ if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)) {
+ if (conn->c_pagedresults.prl_list[*index].pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) {
+@@ -189,6 +188,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
+ LDAPDebug1Arg(LDAP_DEBUG_ANY, "pagedresults_parse_control_value: invalid cookie: %d\n", *index);
+ }
+ bail:
++ slapi_ch_free((void **)&cookie.bv_val);
+ /* cleaning up the rest of the timedout or abandoned if any */
+ prp = conn->c_pagedresults.prl_list;
+ for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
+@@ -1010,3 +1010,34 @@ pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
+ PR_Unlock(conn->c_mutex);
+ return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
+ }
++
++int
++pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked)
++{
++ int rc = -1;
++ Connection *conn = NULL;
++ Operation *op = NULL;
++ int index = -1;
++ if (!pb) {
++ return 0;
++ }
++ slapi_pblock_get(pb, SLAPI_OPERATION, &op);
++ if (!op_is_pagedresults(op)) {
++ return 0; /* noop */
++ }
++ slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
++ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &index);
++ LDAPDebug2Args(LDAP_DEBUG_TRACE,
++ "--> pagedresults_set_search_result_pb: idx=%d, sr=%p\n", index, sr);
++ if (conn && (index > -1)) {
++ if (!locked) PR_Lock(conn->c_mutex);
++ if (index < conn->c_pagedresults.prl_maxlen) {
++ conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
++ rc = 0;
++ }
++ if (!locked) PR_Unlock(conn->c_mutex);
++ }
++ LDAPDebug1Arg(LDAP_DEBUG_TRACE,
++ "<-- pagedresults_set_search_result_pb: %d\n", rc);
++ return rc;
++}
+diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
+index e8673e1..b10c1eb 100644
+--- a/ldap/servers/slapd/proto-slap.h
++++ b/ldap/servers/slapd/proto-slap.h
+@@ -1488,6 +1488,7 @@ void op_set_pagedresults(Operation *op);
+ void pagedresults_lock(Connection *conn, int index);
+ void pagedresults_unlock(Connection *conn, int index);
+ int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
++int pagedresults_set_search_result_pb(Slapi_PBlock *pb, void *sr, int locked);
+
+ /*
+ * sort.c
+--
+1.9.3
+
diff --git a/SOURCES/0067-Ticket-48146-async-simple-paged-results-issue.patch b/SOURCES/0067-Ticket-48146-async-simple-paged-results-issue.patch
deleted file mode 100644
index a89acd4..0000000
--- a/SOURCES/0067-Ticket-48146-async-simple-paged-results-issue.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 3e34dcaf4899a5379d40d80f2eee7821b2604702 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 4 May 2015 14:06:43 -0700
-Subject: [PATCH 67/72] Ticket #48146 - async simple paged results issue
-
-Description: Invalid index could cause Invalid read.
-
-https://fedorahosted.org/389/ticket/48146
-(cherry picked from commit 8e21bfbe4fcac79cf39e5c6b579c4bc88e05257e)
----
- ldap/servers/slapd/pagedresults.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index a3a5fc4..327da54 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -138,6 +138,13 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- memcpy(ptr, cookie.bv_val, cookie.bv_len);
- *(ptr+cookie.bv_len) = '\0';
- *index = strtol(ptr, NULL, 10);
-+ if (conn->c_pagedresults.prl_maxlen <= *index) {
-+ rc = LDAP_PROTOCOL_ERROR;
-+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
-+ "pagedresults_parse_control_value: invalid cookie: %d\n",
-+ *index);
-+ goto bail;
-+ }
- slapi_ch_free_string(&ptr);
- prp = conn->c_pagedresults.prl_list + *index;
- if (!(prp->pr_search_result_set)) { /* freed and reused for the next backend. */
-@@ -162,6 +169,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- "pagedresults_parse_control_value: invalid cookie: %d\n",
- *index);
- }
-+bail:
- PR_Unlock(conn->c_mutex);
-
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
---
-1.9.3
-
diff --git a/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
new file mode 100644
index 0000000..913e0c4
--- /dev/null
+++ b/SOURCES/0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
@@ -0,0 +1,53 @@
+From 6b1aeee584c74c47abf8f7190d4783c061607279 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Thu, 1 Oct 2015 15:11:24 -0700
+Subject: [PATCH 67/68] Ticket #48192 - Individual abandoned simple paged
+ results request has no chance to be cleaned up
+
+Description: If CONN_FLAG_PAGEDRESULTS_ABANDONED is set to pr_flags,
+the search results in the pagedresults handle is supposed to have been
+cleaned up. But when there is a contention, there is a case that it
+is reset with the already released search results. This patch adds an
+additional check for abandoned flag in pagedresults_set_search_result.
+If the pagedresults handle shows it is abandoned, the search results
+is not set to the handle unless it is for cleaning up with NULL.
+
+https://fedorahosted.org/389/ticket/48192
+
+Reviewed by rmeggins@redhat.com (Thanks, Rich!!)
+
+(cherry picked from commit 6e453918e82af6c597390aebf92a8eb3283c3591)
+(cherry picked from commit 96b9b6794e0a6bfa0d74c84f6c80131c4f820fa7)
+---
+ ldap/servers/slapd/pagedresults.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
+index 6dd6432..87447c4 100644
+--- a/ldap/servers/slapd/pagedresults.c
++++ b/ldap/servers/slapd/pagedresults.c
+@@ -337,7 +337,7 @@ pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid )
+ for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
+ if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) {
+ PagedResults *prp = conn->c_pagedresults.prl_list + i;
+- if (prp && prp->pr_current_be &&
++ if (prp->pr_current_be &&
+ prp->pr_current_be->be_search_results_release &&
+ prp->pr_search_result_set) {
+ prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
+@@ -429,7 +429,11 @@ pagedresults_set_search_result(Connection *conn, Operation *op, void *sr,
+ if (conn && (index > -1)) {
+ if (!locked) PR_Lock(conn->c_mutex);
+ if (index < conn->c_pagedresults.prl_maxlen) {
+- conn->c_pagedresults.prl_list[index].pr_search_result_set = sr;
++ PagedResults *prp = conn->c_pagedresults.prl_list + index;
++ if (!(prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) || !sr) {
++ /* If abandoned, don't set the search result unless it is NULL */
++ prp->pr_search_result_set = sr;
++ }
+ rc = 0;
+ }
+ if (!locked) PR_Unlock(conn->c_mutex);
+--
+1.9.3
+
diff --git a/SOURCES/0068-Ticket-48146-async-simple-paged-results-issue.patch b/SOURCES/0068-Ticket-48146-async-simple-paged-results-issue.patch
deleted file mode 100644
index 8feeef8..0000000
--- a/SOURCES/0068-Ticket-48146-async-simple-paged-results-issue.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-From ef82e8471b3bc171ae99ffd753937b55aa0e6e2f Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 26 May 2015 10:41:03 -0700
-Subject: [PATCH 68/72] Ticket #48146 - async simple paged results issue
-
-Description: commit 5060d11f5039efa8534a8b65392ac6e10cbd2168 introduced
-a regression. Handling backend "be" should be done after checking OID
-MTN_CONTROL_USE_ONE_BACKEND_EXT_OID in the request control.
-
-https://fedorahosted.org/389/ticket/48146
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit bd2c0d0b6a499d7f91a36e8a9feb83e4fbd3dac5)
-(cherry picked from commit 0c7b38abfb4c5c02286efd5e698616534a798993)
----
- ldap/servers/slapd/opshared.c | 108 ++++++++++++++++++++++--------------------
- 1 file changed, 57 insertions(+), 51 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 430b0c6..ff67a9b 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -408,57 +408,12 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- */
- operation_set_target_spec (pb->pb_op, basesdn);
-
-- if (be_name == NULL)
-- {
-- /* no specific backend was requested, use the mapping tree
-- */
-- err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
-- if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
-- || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
-- {
-- send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
-- rc = -1;
-- goto free_and_return;
-- }
-- if (be_list[0] != NULL)
-- {
-- index = 0;
-- if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
-- /* move the index in the be_list which matches pr_be */
-- while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
-- index++;
-- } else {
-- while (be_list[index] && be_list[index+1])
-- index++;
-- }
-- /* "be" is either pr_be or the last backend */
-- be = be_list[index];
-- }
-- else
-- be = pr_be?pr_be:NULL;
-- }
-- else
-- {
-- /* specific backend be_name was requested, use slapi_be_select_by_instance_name
-- */
-- if (pr_be) {
-- be_single = be = pr_be;
-- } else {
-- be_single = be = slapi_be_select_by_instance_name(be_name);
-- }
-- if (be_single)
-- slapi_be_Rlock(be_single);
-- be_list[0] = NULL;
-- referral_list[0] = NULL;
-- referral = NULL;
-- }
--
-- /* this is time to check if mapping tree specific control
-- * was used to specify that we want to parse only
-- * one backend
-+ /*
-+ * this is time to check if mapping tree specific control was used to
-+ * specify that we want to parse only one backend.
- */
- slapi_pblock_get(pb, SLAPI_REQCONTROLS, &ctrlp);
-- if (NULL != ctrlp)
-+ if (ctrlp)
- {
- if (slapi_control_present(ctrlp, MTN_CONTROL_USE_ONE_BACKEND_EXT_OID,
- &ctl_value, &iscritical))
-@@ -513,7 +468,57 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- }
- }
- }
-+ }
-+
-+ if (be_name == NULL)
-+ {
-+ /* no specific backend was requested, use the mapping tree
-+ */
-+ err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
-+ if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
-+ || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
-+ {
-+ send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
-+ rc = -1;
-+ goto free_and_return;
-+ }
-+ if (be_list[0] != NULL)
-+ {
-+ index = 0;
-+ if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
-+ /* move the index in the be_list which matches pr_be */
-+ while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
-+ index++;
-+ } else {
-+ while (be_list[index] && be_list[index+1])
-+ index++;
-+ }
-+ /* "be" is either pr_be or the last backend */
-+ be = be_list[index];
-+ }
-+ else
-+ be = pr_be?pr_be:NULL;
-+ }
-+ else
-+ {
-+ /* specific backend be_name was requested, use slapi_be_select_by_instance_name
-+ */
-+ if (pr_be) {
-+ be_single = be = pr_be;
-+ } else {
-+ be_single = be = slapi_be_select_by_instance_name(be_name);
-+ }
-+ if (be_single) {
-+ slapi_be_Rlock(be_single);
-+ }
-+ be_list[0] = NULL;
-+ referral_list[0] = NULL;
-+ referral = NULL;
-+ }
-
-+ /* Handle the rest of the controls. */
-+ if (ctrlp)
-+ {
- if ( slapi_control_present (ctrlp, LDAP_CONTROL_GET_EFFECTIVE_RIGHTS,
- &ctl_value, &iscritical) )
- {
-@@ -1024,10 +1029,11 @@ next_be:
- }
-
- free_and_return:
-- if ((be_list[0] != NULL) || (referral_list[0] != NULL))
-+ if ((be_list[0] != NULL) || (referral_list[0] != NULL)) {
- slapi_mapping_tree_free_all(be_list, referral_list);
-- else if (be_single)
-+ } else if (be_single) {
- slapi_be_Unlock(be_single);
-+ }
-
- free_and_return_nolock:
- slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, &rc);
---
-1.9.3
-
diff --git a/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch b/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
new file mode 100644
index 0000000..0e44b72
--- /dev/null
+++ b/SOURCES/0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
@@ -0,0 +1,343 @@
+From 5b2efd34c07c65e24f4129430064f7299803dbf8 Mon Sep 17 00:00:00 2001
+From: Noriko Hosoi <nhosoi@redhat.com>
+Date: Fri, 2 Oct 2015 11:38:01 -0700
+Subject: [PATCH 68/68] Ticket #48298 - ns-slapd crash during
+ ipa-replica-manage del
+
+Bug Description: The cause of the problem is rather not a race condition but
+accessing an already freed agreement in a plug-in:
+> The crashed thread is deleting an agreement object, which calls mep_pre_op.
+> It eventually calls op_shared_search with the deleted agreement object with
+> base scope and filter "(|(objectclass=*)(objectclass=ldapsubentry))"
+> Since it is a DSE entry it goes to dse_search, in which it calls agmt_get_
+> replarea and crashes in slapi_sdn_copy by NULL dereference in from SDN...
+
+Fix Description: This patch adds the check to agmt_get_replarea, in which if
+the agreement is not in the agreement list, it returnes NULL repl area. When
+the NULL repl area is returned the callers back off with an error.
+
+https://fedorahosted.org/389/ticket/48298
+
+Reviewed by rmeggins@redhat.com (Thanks, Rich!)
+
+(cherry picked from commit 3cbdfa613ed8668337213fe9c3c15cf54ce798aa)
+(cherry picked from commit f09eb8c0f8ee315b2a20d6460c975a546207411e)
+---
+ ldap/servers/plugins/replication/repl5.h | 1 +
+ ldap/servers/plugins/replication/repl5_agmt.c | 17 +++++++++--
+ ldap/servers/plugins/replication/repl5_agmtlist.c | 34 ++++++++++++++++++----
+ .../plugins/replication/repl5_inc_protocol.c | 10 ++++++-
+ .../plugins/replication/repl5_replica_config.c | 6 +++-
+ .../plugins/replication/repl5_tot_protocol.c | 12 ++++++--
+ .../plugins/replication/repl_session_plugin.c | 22 +++++++++++---
+ .../plugins/replication/windows_protocol_util.c | 12 ++++++++
+ 8 files changed, 98 insertions(+), 16 deletions(-)
+
+diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
+index 17282bb..df92ca0 100644
+--- a/ldap/servers/plugins/replication/repl5.h
++++ b/ldap/servers/plugins/replication/repl5.h
+@@ -390,6 +390,7 @@ void agmtlist_shutdown();
+ void agmtlist_notify_all(Slapi_PBlock *pb);
+ Object* agmtlist_get_first_agreement_for_replica (Replica *r);
+ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev);
++int agmtlist_agmt_exists(const Repl_Agmt *ra);
+
+ /* In repl5_backoff.c */
+ typedef struct backoff_timer Backoff_Timer;
+diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
+index f84eacb..76d26a1 100644
+--- a/ldap/servers/plugins/replication/repl5_agmt.c
++++ b/ldap/servers/plugins/replication/repl5_agmt.c
+@@ -696,6 +696,12 @@ agmt_start(Repl_Agmt *ra)
+ * index.
+ */
+ repl_sdn = agmt_get_replarea(ra);
++ if (!repl_sdn) {
++ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
++ "agmt_start: failed to get repl area. Please check agreement.\n");
++ prot_free(&prot);
++ return -1;
++ }
+
+ pb = slapi_pblock_new();
+ attrs[0] = (char*)type_agmtMaxCSN;
+@@ -770,7 +776,7 @@ agmt_start(Repl_Agmt *ra)
+ slapi_rdn_get_value_by_ref(slapi_rdn_get_rdn(ra->rdn)),
+ ra->hostname, ra->port);
+ if(strstr(maxcsns[i], buf) || strstr(maxcsns[i], unavail_buf)){
+- /* Set the maxcsn */
++ /* Set the maxcsn */
+ slapi_ch_free_string(&ra->maxcsn);
+ ra->maxcsn = slapi_ch_strdup(maxcsns[i]);
+ ra->consumerRID = agmt_maxcsn_get_rid(maxcsns[i]);
+@@ -976,8 +982,11 @@ agmt_get_bindmethod(const Repl_Agmt *ra)
+ Slapi_DN *
+ agmt_get_replarea(const Repl_Agmt *ra)
+ {
+- Slapi_DN *return_value;
++ Slapi_DN *return_value = NULL;
+ PR_ASSERT(NULL != ra);
++ if (!agmtlist_agmt_exists(ra)) {
++ return return_value;
++ }
+ PR_Lock(ra->lock);
+ return_value = slapi_sdn_new();
+ slapi_sdn_copy(ra->replarea, return_value);
+@@ -2690,6 +2699,9 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
+ Object *repl_obj = NULL;
+
+ replarea_sdn = agmt_get_replarea(ra);
++ if (!replarea_sdn) {
++ goto bail;
++ }
+ repl_obj = replica_get_replica_from_dn(replarea_sdn);
+ slapi_sdn_free(&replarea_sdn);
+ if (repl_obj) {
+@@ -2748,6 +2760,7 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
+ slapi_entry_add_string(e, "nsds5replicaLastInitStatus", ra->last_init_status);
+ }
+ }
++bail:
+ return SLAPI_DSE_CALLBACK_OK;
+ }
+
+diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c
+index 34650b4..f50862f 100644
+--- a/ldap/servers/plugins/replication/repl5_agmtlist.c
++++ b/ldap/servers/plugins/replication/repl5_agmtlist.c
+@@ -109,6 +109,24 @@ agmtlist_release_agmt(Repl_Agmt *ra)
+ }
+ }
+
++int
++agmtlist_agmt_exists(const Repl_Agmt *ra)
++{
++ Object *ro;
++ int exists = 0;
++
++ PR_ASSERT(NULL != agmt_set);
++ if (!ra) {
++ return exists;
++ }
++ ro = objset_find(agmt_set, agmt_ptr_cmp, (const void *)ra);
++ if (ro) {
++ exists = 1;
++ object_release(ro);
++ }
++ return exists;
++}
++
+
+ /*
+ * Note: when we add the new object, we have a reference to it. We hold
+@@ -135,6 +153,9 @@ add_new_agreement(Slapi_Entry *e)
+
+ /* get the replica for this agreement */
+ replarea_sdn = agmt_get_replarea(ra);
++ if (!replarea_sdn) {
++ return 1;
++ }
+ repl_obj = replica_get_replica_from_dn(replarea_sdn);
+ slapi_sdn_free(&replarea_sdn);
+ if (repl_obj) {
+@@ -841,13 +862,16 @@ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev)
+ else
+ obj = objset_first_obj(agmt_set);
+
+- while (obj)
+- {
++ for ( ; obj; obj = objset_next_obj(agmt_set, obj)) {
+ agmt = (Repl_Agmt*)object_get_data (obj);
+- PR_ASSERT (agmt);
++ if (!agmt) {
++ continue;
++ }
+
+ agmt_root = agmt_get_replarea(agmt);
+- PR_ASSERT (agmt_root);
++ if (!agmt_root) {
++ continue;
++ }
+
+ if (slapi_sdn_compare (replica_root, agmt_root) == 0)
+ {
+@@ -856,7 +880,7 @@ Object* agmtlist_get_next_agreement_for_replica (Replica *r, Object *prev)
+ }
+
+ slapi_sdn_free (&agmt_root);
+- obj = objset_next_obj(agmt_set, obj);
++
+ }
+
+ return NULL;
+diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+index 7680340..244bbb2 100644
+--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
+@@ -1906,6 +1906,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ {
+ Replica *replica;
+ ReplicaId rid = -1; /* Used to create the replica keep alive subentry */
++ Slapi_DN *replarea_sdn = NULL;
+ replica = (Replica*) object_get_data(prp->replica_object);
+ if (replica)
+ {
+@@ -1914,7 +1915,14 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: skipped updates was definitely too high (%d) update the subentry now\n",
+ agmt_get_long_name(prp->agmt), skipped_updates);
+- replica_subentry_update(agmt_get_replarea(prp->agmt), rid);
++ replarea_sdn = agmt_get_replarea(prp->agmt);
++ if (!replarea_sdn) {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
++ "send_updates: Unknown replication area due to agreement not found.");
++ return_value = UPDATE_FATAL_ERROR;
++ } else {
++ replica_subentry_update(replarea_sdn, rid);
++ }
+ }
+ /* Terminate the results reading thread */
+ if (!prp->repl50consumer)
+diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
+index 8d3c481..e85ae3e 100644
+--- a/ldap/servers/plugins/replication/repl5_replica_config.c
++++ b/ldap/servers/plugins/replication/repl5_replica_config.c
+@@ -2368,13 +2368,17 @@ replica_send_cleanruv_task(Repl_Agmt *agmt, cleanruv_data *clean_data)
+ conn_delete_internal_ext(conn);
+ return;
+ }
+- val.bv_len = PR_snprintf(data, sizeof(data), "CLEANRUV%d", clean_data->rid);
+ sdn = agmt_get_replarea(agmt);
++ if (!sdn) {
++ conn_delete_internal_ext(conn);
++ return;
++ }
+ mod.mod_op = LDAP_MOD_ADD|LDAP_MOD_BVALUES;
+ mod.mod_type = "nsds5task";
+ mod.mod_bvalues = vals;
+ vals [0] = &val;
+ vals [1] = NULL;
++ val.bv_len = PR_snprintf(data, sizeof(data), "CLEANRUV%d", clean_data->rid);
+ val.bv_val = data;
+ mods[0] = &mod;
+ mods[1] = NULL;
+diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c
+index 7da893a..16b51b5 100644
+--- a/ldap/servers/plugins/replication/repl5_tot_protocol.c
++++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c
+@@ -329,6 +329,13 @@ repl5_tot_run(Private_Repl_Protocol *prp)
+ goto done;
+ }
+
++ area_sdn = agmt_get_replarea(prp->agmt);
++ if (!area_sdn) {
++ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Warning: unable to "
++ "get repl area. Please check agreement.\n");
++ goto done;
++ }
++
+ conn_set_timeout(prp->conn, agmt_get_timeout(prp->agmt));
+
+ /* acquire remote replica */
+@@ -387,11 +394,10 @@ repl5_tot_run(Private_Repl_Protocol *prp)
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Beginning total update of replica "
+ "\"%s\".\n", agmt_get_long_name(prp->agmt));
+
+- pb = slapi_pblock_new ();
++ /* RMREPL - need to send schema here */
+
+- /* RMREPL - need to send schema here */
++ pb = slapi_pblock_new ();
+
+- area_sdn = agmt_get_replarea(prp->agmt);
+ /* we need to provide managedsait control so that referral entries can
+ be replicated */
+ ctrls = (LDAPControl **)slapi_ch_calloc (3, sizeof (LDAPControl *));
+diff --git a/ldap/servers/plugins/replication/repl_session_plugin.c b/ldap/servers/plugins/replication/repl_session_plugin.c
+index 1c04089..2fa993d 100644
+--- a/ldap/servers/plugins/replication/repl_session_plugin.c
++++ b/ldap/servers/plugins/replication/repl_session_plugin.c
+@@ -48,6 +48,10 @@ repl_session_plugin_call_agmt_init_cb(Repl_Agmt *ra)
+ }
+ if (initfunc) {
+ replarea = agmt_get_replarea(ra);
++ if (!replarea) {
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_agmt_init_cb -- Aborted -- No replication area\n");
++ return;
++ }
+ cookie = (*initfunc)(replarea);
+ slapi_sdn_free(&replarea);
+ }
+@@ -73,8 +77,11 @@ repl_session_plugin_call_pre_acquire_cb(const Repl_Agmt *ra, int is_total,
+
+ if (thefunc) {
+ replarea = agmt_get_replarea(ra);
+- rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total,
+- data_guid, data);
++ if (!replarea) {
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_pre_acquire_cb -- Aborted -- No replication area\n");
++ return 1;
++ }
++ rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, data_guid, data);
+ slapi_sdn_free(&replarea);
+ }
+
+@@ -95,8 +102,11 @@ repl_session_plugin_call_post_acquire_cb(const Repl_Agmt *ra, int is_total,
+
+ if (thefunc) {
+ replarea = agmt_get_replarea(ra);
+- rc = (*thefunc)(agmt_get_priv(ra), replarea,
+- is_total, data_guid, data);
++ if (!replarea) {
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_post_acquire_cb -- Aborted -- No replication area\n");
++ return 1;
++ }
++ rc = (*thefunc)(agmt_get_priv(ra), replarea, is_total, data_guid, data);
+ slapi_sdn_free(&replarea);
+ }
+
+@@ -151,6 +161,10 @@ repl_session_plugin_call_destroy_agmt_cb(const Repl_Agmt *ra)
+
+ if (thefunc) {
+ replarea = agmt_get_replarea(ra);
++ if (!replarea) {
++ LDAPDebug0Args(LDAP_DEBUG_ANY, "repl_session_plugin_call_destroy_agmt_cb -- Aborted -- No replication area\n");
++ return;
++ }
+ (*thefunc)(agmt_get_priv(ra), replarea);
+ slapi_sdn_free(&replarea);
+ }
+diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
+index 5c12af7..084b520 100644
+--- a/ldap/servers/plugins/replication/windows_protocol_util.c
++++ b/ldap/servers/plugins/replication/windows_protocol_util.c
+@@ -5319,6 +5319,13 @@ windows_update_local_entry(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,
+ * in the groups caused by moving member entries.
+ * We need to update the local groups manually... */
+ local_subtree = agmt_get_replarea(prp->agmt);
++ if (!local_subtree) {
++ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
++ "failed to get local subtree from agreement\n");
++ local_entry = orig_local_entry;
++ orig_local_entry = NULL;
++ goto bail;
++ }
+ local_subtree_sdn = local_subtree;
+ orig_local_sdn = slapi_entry_get_sdn_const(orig_local_entry);
+ escaped_filter_val = slapi_escape_filter_value((char *)slapi_sdn_get_ndn(orig_local_sdn),
+@@ -5651,6 +5658,11 @@ windows_search_local_entry_by_uniqueid(Private_Repl_Protocol *prp,
+ *ret_entry = NULL;
+ if (is_global) { /* Search from the suffix (rename case) */
+ local_subtree = agmt_get_replarea(prp->agmt);
++ if (!local_subtree) {
++ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
++ "failed to get local subtree from agreement\n");
++ return LDAP_PARAM_ERROR;
++ }
+ local_subtree_sdn = local_subtree;
+ } else {
+ local_subtree_sdn = windows_private_get_directory_treetop(prp->agmt);
+--
+1.9.3
+
diff --git a/SOURCES/0069-Ticket-48146-async-simple-paged-results-issue.patch b/SOURCES/0069-Ticket-48146-async-simple-paged-results-issue.patch
deleted file mode 100644
index 110279e..0000000
--- a/SOURCES/0069-Ticket-48146-async-simple-paged-results-issue.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-From 2c5b4ef85d492732050f3bec57eec1b7afbb1120 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Sat, 30 May 2015 16:44:14 -0700
-Subject: [PATCH 69/72] Ticket #48146 - async simple paged results issue
-
-Description: commit 5e9c4f1f09596dd076a6c3a0bb419580e8fd705e broke the
-CI test case ticket47824_test.py.
-
-If the simple paged results search is operated on a backend having one
-or more sub-backends underneath, it fails to pick up the next sub-back
-ends, but repeats the search on the parent backend. The problem was
-fixed.
-
-https://fedorahosted.org/389/ticket/48146
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 03d3455dfbe84f034a234df2ebd8cfdd7ad15f48)
-(cherry picked from commit f6fe5bfe4c1fb1402af789a0f935c765c299d103)
----
- ldap/servers/slapd/opshared.c | 87 ++++++++++++++++++++-----------------------
- 1 file changed, 41 insertions(+), 46 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index ff67a9b..5dff42f 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -470,46 +470,31 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- }
- }
-
-- if (be_name == NULL)
-- {
-- /* no specific backend was requested, use the mapping tree
-- */
-- err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
-- if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
-- || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
-- {
-- send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
-- rc = -1;
-- goto free_and_return;
-- }
-- if (be_list[0] != NULL)
-- {
-- index = 0;
-- if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
-- /* move the index in the be_list which matches pr_be */
-- while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
-- index++;
-+ if (be_name == NULL) {
-+ /* no specific backend was requested, use the mapping tree
-+ */
-+ err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
-+ if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
-+ || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL))) {
-+ send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
-+ rc = -1;
-+ goto free_and_return;
-+ }
-+ if (be_list[0] != NULL) {
-+ index = 0;
-+ while (be_list[index] && be_list[index+1]) {
-+ index++;
-+ }
-+ be = be_list[index];
- } else {
-- while (be_list[index] && be_list[index+1])
-- index++;
-+ be = NULL;
- }
-- /* "be" is either pr_be or the last backend */
-- be = be_list[index];
-- }
-- else
-- be = pr_be?pr_be:NULL;
-- }
-- else
-- {
-+ } else {
- /* specific backend be_name was requested, use slapi_be_select_by_instance_name
- */
-- if (pr_be) {
-- be_single = be = pr_be;
-- } else {
-- be_single = be = slapi_be_select_by_instance_name(be_name);
-- }
-+ be_single = be = slapi_be_select_by_instance_name(be_name);
- if (be_single) {
-- slapi_be_Rlock(be_single);
-+ slapi_be_Rlock(be_single);
- }
- be_list[0] = NULL;
- referral_list[0] = NULL;
-@@ -528,6 +513,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- if ( slapi_control_present (ctrlp, LDAP_CONTROL_PAGEDRESULTS,
- &ctl_value, &iscritical) )
- {
-+ /* be is set only when this request is new. otherwise, prev be is honored. */
- rc = pagedresults_parse_control_value(pb, ctl_value, &pagesize, &pr_idx, be);
- /* Let's set pr_idx even if it fails; in case, pr_idx == -1. */
- slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
-@@ -536,13 +522,24 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- unsigned int opnote = SLAPI_OP_NOTE_SIMPLEPAGED;
- op_set_pagedresults(operation);
- pr_be = pagedresults_get_current_be(pb->pb_conn, pr_idx);
-- pr_search_result = pagedresults_get_search_result(pb->pb_conn,
-- operation,
-- pr_idx);
-- estimate =
-- pagedresults_get_search_result_set_size_estimate(pb->pb_conn,
-- operation,
-- pr_idx);
-+ if (be_name) {
-+ if (pr_be != be_single) {
-+ slapi_be_Unlock(be_single);
-+ be_single = be = pr_be;
-+ slapi_be_Rlock(be_single);
-+ }
-+ } else if (be_list[0]) {
-+ if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
-+ /* move the index in the be_list which matches pr_be */
-+ index = 0;
-+ while (be_list[index] && be_list[index+1] && pr_be != be_list[index]) {
-+ index++;
-+ }
-+ be = be_list[index];
-+ }
-+ }
-+ pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
-+ estimate = pagedresults_get_search_result_set_size_estimate(pb->pb_conn, operation, pr_idx);
- if (pagedresults_get_unindexed(pb->pb_conn, operation, pr_idx)) {
- opnote |= SLAPI_OP_NOTE_UNINDEXED;
- }
-@@ -687,7 +684,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- * change ONE-LEVEL searches to BASE
- */
-
-- /* that's mean we only support one suffix per backend */
-+ /* that means we only support one suffix per backend */
- be_suffix = slapi_be_getsuffix(be, 0);
-
- if (be_list[0] == NULL)
-@@ -711,9 +708,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- * In async paged result case, the search result might be released
- * by other theads. We need to double check it in the locked region.
- */
-- pr_search_result = pagedresults_get_search_result(pb->pb_conn,
-- operation,
-- pr_idx);
-+ pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
- if (pr_search_result) {
- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
- rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
---
-1.9.3
-
diff --git a/SOURCES/0070-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0070-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
deleted file mode 100644
index dfb25f9..0000000
--- a/SOURCES/0070-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+++ /dev/null
@@ -1,321 +0,0 @@
-From 810e825adebf9f1669bab9f61831f158e0c2f941 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 4 Jun 2015 16:27:05 -0700
-Subject: [PATCH 70/72] Ticket #48192 - Individual abandoned simple paged
- results request has no chance to be cleaned up
-
-Description: When allocating a slot in simple paged results array stashed
-in a connection in pagedresults_parse_control_value, a new code is added
-to scan the array if the existing slot is timed out or not. If it is, the
-slot is released and a search results is released if it is attached.
-
-Also, if a request is abandoned, instead of returning a valid cookie, it
-changed to return an empty cookie to inform the client the request was not
-successfully completed.
-
-https://fedorahosted.org/389/ticket/48192
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit f3c3125fc9fd4dc1cbd41027d6442cb525efd014)
-(cherry picked from commit 97c707df4e11936202310e99bcf5f45d15b49f0f)
----
- ldap/servers/slapd/opshared.c | 41 +++++++-------
- ldap/servers/slapd/pagedresults.c | 110 ++++++++++++++++++++++++--------------
- 2 files changed, 89 insertions(+), 62 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 5dff42f..9cf431c 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -517,8 +517,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- rc = pagedresults_parse_control_value(pb, ctl_value, &pagesize, &pr_idx, be);
- /* Let's set pr_idx even if it fails; in case, pr_idx == -1. */
- slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
-- if ((LDAP_SUCCESS == rc) ||
-- (LDAP_CANCELLED == rc) || (0 == pagesize)) {
-+ if ((LDAP_SUCCESS == rc) || (LDAP_CANCELLED == rc) || (0 == pagesize)) {
- unsigned int opnote = SLAPI_OP_NOTE_SIMPLEPAGED;
- op_set_pagedresults(operation);
- pr_be = pagedresults_get_current_be(pb->pb_conn, pr_idx);
-@@ -545,9 +544,8 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- }
- slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote );
- if ((LDAP_CANCELLED == rc) || (0 == pagesize)) {
-- /* paged-results-request was abandoned */
-- pagedresults_set_response_control(pb, 0, estimate,
-- curr_search_count, pr_idx);
-+ /* paged-results-request was abandoned; making an empty cookie. */
-+ pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx);
- send_ldap_result(pb, 0, NULL,
- "Simple Paged Results Search abandoned",
- 0, NULL);
-@@ -574,10 +572,21 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
-
- /* adjust time and size limits */
- compute_limits (pb);
--
-- /* call the pre-search plugins. if they succeed, call the backend
-- search function. then call the post-search plugins. */
-
-+ /* set the timelimit to clean up the too-long-lived-paged results requests */
-+ if (op_is_pagedresults(operation)) {
-+ time_t optime, time_up;
-+ int tlimit;
-+ slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &tlimit );
-+ slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
-+ time_up = (tlimit==-1 ? -1 : optime + tlimit); /* -1: no time limit */
-+ pagedresults_set_timelimit(pb->pb_conn, pb->pb_op, time_up, pr_idx);
-+ }
-+
-+ /*
-+ * call the pre-search plugins. if they succeed, call the backend
-+ * search function. then call the post-search plugins.
-+ */
- /* ONREPL - should regular plugin be called for internal searches ? */
- if (plugin_call_plugins(pb, SLAPI_PLUGIN_PRE_SEARCH_FN) == 0)
- {
-@@ -642,16 +651,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- }
- }
-
-- /* set the timelimit to clean up the too-long-lived-paged results requests */
-- if (op_is_pagedresults(operation)) {
-- time_t optime, time_up;
-- int tlimit;
-- slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &tlimit );
-- slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime );
-- time_up = (tlimit==-1 ? -1 : optime + tlimit); /* -1: no time limit */
-- pagedresults_set_timelimit(pb->pb_conn, pb->pb_op, time_up, pr_idx);
-- }
--
- /* PAR: now filters have been rewritten, we can assign plugins to work on them */
- index_subsys_assign_filter_decoders(pb);
-
-@@ -880,10 +879,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
- if (PAGEDRESULTS_SEARCH_END == pr_stat) {
- if (sr) { /* in case a left over sr is found, clean it up */
-- PR_Lock(pb->pb_conn->c_mutex);
-- pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
-- be->be_search_results_release(&sr);
-- PR_Unlock(pb->pb_conn->c_mutex);
-+ pagedresults_free_one(pb->pb_conn, operation, pr_idx);
- }
- if (NULL == next_be) {
- /* no more entries && no more backends */
-@@ -1306,7 +1302,6 @@ iterate(Slapi_PBlock *pb, Slapi_Backend *be, int send_result,
- operation_out_of_disk_space();
- }
- pr_stat = PAGEDRESULTS_SEARCH_END;
-- pagedresults_set_timelimit(pb->pb_conn, pb->pb_op, 0, pr_idx);
- rval = -1;
- done = 1;
- continue;
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 327da54..402dd10 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -41,6 +41,27 @@
-
- #include "slap.h"
-
-+/* helper function to clean up one prp slot */
-+static void
-+_pr_cleanup_one_slot(PagedResults *prp)
-+{
-+ PRLock *prmutex = NULL;
-+ if (!prp) {
-+ return;
-+ }
-+ if (prp->pr_current_be && prp->pr_current_be->be_search_results_release) {
-+ /* sr is left; release it. */
-+ prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
-+ }
-+ /* clean up the slot */
-+ if (prp->pr_mutex) {
-+ /* pr_mutex is reused; back it up and reset it. */
-+ prmutex = prp->pr_mutex;
-+ }
-+ memset(prp, '\0', sizeof(PagedResults));
-+ prp->pr_mutex = prmutex;
-+}
-+
- /*
- * Parse the value from an LDAPv3 "Simple Paged Results" control. They look
- * like this:
-@@ -65,6 +86,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- Connection *conn = pb->pb_conn;
- Operation *op = pb->pb_op;
- BerElement *ber = NULL;
-+ PagedResults *prp = NULL;
-
- LDAPDebug0Args(LDAP_DEBUG_TRACE, "--> pagedresults_parse_control_value\n");
- if ( NULL == conn || NULL == op || NULL == pagesize || NULL == index ) {
-@@ -117,13 +139,31 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- }
- *index = maxlen; /* the first position in the new area */
- } else {
-- for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
-- if (!conn->c_pagedresults.prl_list[i].pr_current_be) {
-- conn->c_pagedresults.prl_list[i].pr_current_be = be;
-+ time_t ctime = current_time();
-+ prp = conn->c_pagedresults.prl_list;
-+ for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
-+ if (!prp->pr_current_be) { /* unused slot; take it */
-+ prp->pr_current_be = be;
-+ *index = i;
-+ break;
-+ } else if (((prp->pr_timelimit > 0) && (ctime < prp->pr_timelimit)) || /* timelimit exceeded */
-+ (prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) /* abandoned */) {
-+ _pr_cleanup_one_slot(prp);
-+ conn->c_pagedresults.prl_count--;
-+ prp->pr_current_be = be;
- *index = i;
- break;
- }
- }
-+ /* cleaning up the rest of the timedout if any */
-+ for (++i; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
-+ if (prp->pr_current_be &&
-+ (((prp->pr_timelimit > 0) && (ctime < prp->pr_timelimit)) || /* timelimit exceeded */
-+ (prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED)) /* abandoned */) {
-+ _pr_cleanup_one_slot(prp);
-+ conn->c_pagedresults.prl_count--;
-+ }
-+ }
- }
- if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen) &&
- !conn->c_pagedresults.prl_list[*index].pr_mutex) {
-@@ -131,7 +171,6 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- }
- conn->c_pagedresults.prl_count++;
- } else {
-- PagedResults *prp = NULL;
- /* Repeated paged results request.
- * PagedResults is already allocated. */
- char *ptr = slapi_ch_malloc(cookie.bv_len + 1);
-@@ -156,8 +195,10 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- slapi_ch_free((void **)&cookie.bv_val);
-
- if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)) {
-- if (conn->c_pagedresults.prl_list[*index].pr_flags &
-- CONN_FLAG_PAGEDRESULTS_ABANDONED) {
-+ if (conn->c_pagedresults.prl_list[*index].pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) {
-+ /* repeated case? */
-+ prp = conn->c_pagedresults.prl_list + *index;
-+ _pr_cleanup_one_slot(prp);
- rc = LDAP_CANCELLED;
- } else {
- /* Need to keep the latest msgid to prepare for the abandon. */
-@@ -273,20 +314,8 @@ pagedresults_free_one( Connection *conn, Operation *op, int index )
- "conn=%d paged requests list count is %d\n",
- conn->c_connid, conn->c_pagedresults.prl_count);
- } else if (index < conn->c_pagedresults.prl_maxlen) {
-- PRLock *prmutex = NULL;
- PagedResults *prp = conn->c_pagedresults.prl_list + index;
-- if (prp && prp->pr_current_be &&
-- prp->pr_current_be->be_search_results_release &&
-- prp->pr_search_result_set) {
-- prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
-- }
-- prp->pr_current_be = NULL;
-- if (prp->pr_mutex) {
-- /* pr_mutex is reused; back it up and reset it. */
-- prmutex = prp->pr_mutex;
-- }
-- memset(prp, '\0', sizeof(PagedResults));
-- prp->pr_mutex = prmutex;
-+ _pr_cleanup_one_slot(prp);
- conn->c_pagedresults.prl_count--;
- rc = 0;
- }
-@@ -309,7 +338,7 @@ pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid )
- ; /* Not a paged result. */
- } else {
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-- "--> pagedresults_free_one: msgid=%d\n", msgid);
-+ "--> pagedresults_free_one_msgid_nolock: msgid=%d\n", msgid);
- for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
- if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) {
- PagedResults *prp = conn->c_pagedresults.prl_list + i;
-@@ -318,16 +347,14 @@ pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid )
- prp->pr_search_result_set) {
- prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set));
- }
-- prp->pr_current_be = NULL;
- prp->pr_flags |= CONN_FLAG_PAGEDRESULTS_ABANDONED;
- prp->pr_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING;
-- conn->c_pagedresults.prl_count--;
- rc = 0;
- break;
- }
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-- "<-- pagedresults_free_one: %d\n", rc);
-+ "<-- pagedresults_free_one_msgid_nolock: %d\n", rc);
- }
- }
-
-@@ -845,37 +872,42 @@ pagedresults_reset_processing(Connection *conn, int index)
- }
- #endif
-
--/* Are all the paged results requests timed out? */
-+/*
-+ * This timedout is mainly for an end user leaves a commandline untouched
-+ * for a long time. This should not affect a permanent connection which
-+ * manages multiple simple paged results requests over the connection.
-+ *
-+ * [rule]
-+ * If there is just one slot and it's timed out, we return it is timedout.
-+ * If there are multiple slots, the connection may be a permanent one.
-+ * Do not return timed out here. But let the next request take care the
-+ * timedout slot(s).
-+ */
- int
- pagedresults_is_timedout_nolock(Connection *conn)
- {
-- int i;
- PagedResults *prp = NULL;
- time_t ctime;
-- int rc = 0;
-
- LDAPDebug0Args(LDAP_DEBUG_TRACE, "--> pagedresults_is_timedout\n");
-
-- if (NULL == conn || 0 == conn->c_pagedresults.prl_count) {
-- LDAPDebug0Args(LDAP_DEBUG_TRACE, "<-- pagedresults_is_timedout: -\n");
-- return rc;
-+ if (!conn || (0 == conn->c_pagedresults.prl_maxlen)) {
-+ LDAPDebug0Args(LDAP_DEBUG_TRACE, "<-- pagedresults_is_timedout: false\n");
-+ return 0;
- }
-
- ctime = current_time();
-- for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
-- prp = conn->c_pagedresults.prl_list + i;
-+ prp = conn->c_pagedresults.prl_list;
-+ if (prp && (1 == conn->c_pagedresults.prl_maxlen)) {
- if (prp->pr_current_be && (prp->pr_timelimit > 0)) {
-- if (ctime < prp->pr_timelimit) {
-- LDAPDebug0Args(LDAP_DEBUG_TRACE,
-- "<-- pagedresults_is_timedout: 0\n");
-- return 0; /* at least, one request is not timed out. */
-- } else {
-- rc = 1; /* possibly timed out */
-+ if (ctime > prp->pr_timelimit) {
-+ LDAPDebug0Args(LDAP_DEBUG_TRACE, "<-- pagedresults_is_timedout: true\n");
-+ return 1;
- }
- }
- }
-- LDAPDebug0Args(LDAP_DEBUG_TRACE, "<-- pagedresults_is_timedout: 1\n");
-- return rc; /* all requests are timed out. */
-+ LDAPDebug0Args(LDAP_DEBUG_TRACE, "<-- pagedresults_is_timedout: false\n");
-+ return 0;
- }
-
- /* reset all timeout */
---
-1.9.3
-
diff --git a/SOURCES/0071-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0071-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
deleted file mode 100644
index 7e126e2..0000000
--- a/SOURCES/0071-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From aa6561d02969ce1db1a50da2b8af8679f6aeca69 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Fri, 5 Jun 2015 10:13:17 -0700
-Subject: [PATCH 71/72] Ticket #48192 - Individual abandoned simple paged
- results request has no chance to be cleaned up
-
-Description: Checking the cookie value passed by the client was not
-sufficient. The negative value check was missing, which lead to
-the simple paged results array out of bounds. Plus, a minor memory
-leak was fixed. Thanks to Thierry Bordaz for his reviews!
-
-https://fedorahosted.org/389/ticket/48192
-(cherry picked from commit 298371d372678cf553594ae73ae57a6ea35358bf)
-(cherry picked from commit 7718eb6a6714d1a284c3c706e621a7eb0ca5655a)
----
- ldap/servers/slapd/pagedresults.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 402dd10..2e70e19 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -177,14 +177,14 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- memcpy(ptr, cookie.bv_val, cookie.bv_len);
- *(ptr+cookie.bv_len) = '\0';
- *index = strtol(ptr, NULL, 10);
-- if (conn->c_pagedresults.prl_maxlen <= *index) {
-+ slapi_ch_free_string(&ptr);
-+ if ((conn->c_pagedresults.prl_maxlen <= *index) || (*index < 0)){
- rc = LDAP_PROTOCOL_ERROR;
- LDAPDebug1Arg(LDAP_DEBUG_ANY,
- "pagedresults_parse_control_value: invalid cookie: %d\n",
- *index);
- goto bail;
- }
-- slapi_ch_free_string(&ptr);
- prp = conn->c_pagedresults.prl_list + *index;
- if (!(prp->pr_search_result_set)) { /* freed and reused for the next backend. */
- conn->c_pagedresults.prl_count++;
---
-1.9.3
-
diff --git a/SOURCES/0072-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0072-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
deleted file mode 100644
index 5ea6c6c..0000000
--- a/SOURCES/0072-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+++ /dev/null
@@ -1,314 +0,0 @@
-From 504609eadf933c726d829e1532dbe525ab71d1b2 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 9 Jun 2015 10:02:02 -0700
-Subject: [PATCH 72/72] Ticket #48192 - Individual abandoned simple paged
- results request has no chance to be cleaned up
-
-Description: When a simple paged results is abandoned immediately and
-asynchronously just after the request, the abandon request has a chance
-to be handled before the simple paged results control is received and
-processed. In the case, the search could be executed and the search
-result structure could be leaked.
-
-This patch adds more abandon checks. In op_shared_search, after the
-send_results_ext call, if the SLAPI_OP_STATUS_ABANDONED bit is set in
-the status in the operation object, it cleans up the search results
-again, which gives the second chance.
-
-https://fedorahosted.org/389/ticket/48192
-
-Reviewed by tbordaz@redhat.com (Thank you so much, Thierry!!)
-
-(cherry picked from commit 1d18dd0107d48ac1d79f7c9988adf18b0905bbdb)
-(cherry picked from commit 798eae4f2240a5b47963a2bb09a2a17acfc488ec)
----
- ldap/servers/slapd/abandon.c | 10 +++---
- ldap/servers/slapd/back-ldbm/ldbm_search.c | 13 ++++++--
- ldap/servers/slapd/opshared.c | 36 +++++++++++++--------
- ldap/servers/slapd/pagedresults.c | 52 +++++++++++++++++-------------
- ldap/servers/slapd/proto-slap.h | 2 +-
- 5 files changed, 69 insertions(+), 44 deletions(-)
-
-diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c
-index 6b4bbf2..d80087e 100644
---- a/ldap/servers/slapd/abandon.c
-+++ b/ldap/servers/slapd/abandon.c
-@@ -132,8 +132,7 @@ do_abandon( Slapi_PBlock *pb )
- }
-
- operation_set_abandoned_op (pb->pb_op, o->o_abandoned_op);
-- if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_ABANDON_FN )
-- == 0 ) {
-+ if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_ABANDON_FN ) == 0 ) {
- int rc = 0;
-
- if ( o->o_status != SLAPI_OP_STATUS_RESULT_SENT ) {
-@@ -148,14 +147,13 @@ do_abandon( Slapi_PBlock *pb )
- suppressed_by_plugin = 1;
- }
- } else {
-- LDAPDebug( LDAP_DEBUG_TRACE, "do_abandon: op not found\n", 0, 0,
-- 0 );
-+ LDAPDebug0Args(LDAP_DEBUG_TRACE, "do_abandon: op not found\n");
- }
-
- if ( 0 == pagedresults_free_one_msgid_nolock(pb->pb_conn, id) ) {
- slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64
-- " op=%d ABANDON targetop=Simple Paged Results\n",
-- (long long unsigned int)pb->pb_conn->c_connid, pb->pb_op->o_opid );
-+ " op=%d ABANDON targetop=Simple Paged Results msgid=%d\n",
-+ (long long unsigned int)pb->pb_conn->c_connid, pb->pb_op->o_opid, id );
- } else if ( NULL == o ) {
- slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON"
- " targetop=NOTFOUND msgid=%d\n",
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c
-index e1951a0..c6c5735 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_search.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c
-@@ -1817,12 +1817,21 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension )
- }
- }
- }
-+ /* check for the final abandon */
-+ if (slapi_op_abandoned(pb)) {
-+ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate );
-+ if ( use_extension ) {
-+ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY_EXT, NULL );
-+ }
-+ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, NULL );
-+ delete_search_result_set(pb, &sr);
-+ rc = SLAPI_FAIL_GENERAL;
-+ }
-
- bail:
-- if(rc){
-+ if (rc && op) {
- op->o_reverse_search_state = 0;
- }
--
- return rc;
- }
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 9cf431c..4be5366 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -748,7 +748,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- pagedresults_unlock(pb->pb_conn, pr_idx);
- if (next_be) {
- /* no more entries, but at least another backend */
-- if (pagedresults_set_current_be(pb->pb_conn, next_be, pr_idx) < 0) {
-+ if (pagedresults_set_current_be(pb->pb_conn, next_be, pr_idx, 0) < 0) {
- goto free_and_return;
- }
- }
-@@ -878,23 +878,23 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- curr_search_count = pnentries;
- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
- if (PAGEDRESULTS_SEARCH_END == pr_stat) {
-- if (sr) { /* in case a left over sr is found, clean it up */
-- pagedresults_free_one(pb->pb_conn, operation, pr_idx);
-- }
-+ /* no more entries, but at least another backend */
-+ PR_Lock(pb->pb_conn->c_mutex);
-+ pagedresults_set_search_result(pb->pb_conn, operation, NULL, 1, pr_idx);
-+ be->be_search_results_release(&sr);
-+ rc = pagedresults_set_current_be(pb->pb_conn, next_be, pr_idx, 1);
-+ PR_Unlock(pb->pb_conn->c_mutex);
- if (NULL == next_be) {
-- /* no more entries && no more backends */
-- curr_search_count = -1;
-- } else {
-- /* no more entries, but at least another backend */
-- if (pagedresults_set_current_be(pb->pb_conn, next_be, pr_idx) < 0) {
-+ /* no more entries && no more backends */
-+ curr_search_count = -1;
-+ } else if (rc < 0) {
- goto free_and_return;
-- }
- }
- } else {
- curr_search_count = pnentries;
- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate);
- pagedresults_lock(pb->pb_conn, pr_idx);
-- if ((pagedresults_set_current_be(pb->pb_conn, be, pr_idx) < 0) ||
-+ if ((pagedresults_set_current_be(pb->pb_conn, be, pr_idx, 0) < 0) ||
- (pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx) < 0) ||
- (pagedresults_set_search_result_count(pb->pb_conn, operation, curr_search_count, pr_idx) < 0) ||
- (pagedresults_set_search_result_set_size_estimate(pb->pb_conn, operation, estimate, pr_idx) < 0) ||
-@@ -904,10 +904,20 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- }
- pagedresults_unlock(pb->pb_conn, pr_idx);
- }
-- pagedresults_set_response_control(pb, 0, estimate,
-- curr_search_count, pr_idx);
- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL );
- next_be = NULL; /* to break the loop */
-+ if (operation->o_status & SLAPI_OP_STATUS_ABANDONED) {
-+ /* It turned out this search was abandoned. */
-+ PR_Lock(pb->pb_conn->c_mutex);
-+ pagedresults_free_one_msgid_nolock( pb->pb_conn, operation->o_msgid);
-+ PR_Unlock(pb->pb_conn->c_mutex);
-+ /* paged-results-request was abandoned; making an empty cookie. */
-+ pagedresults_set_response_control(pb, 0, estimate, -1, pr_idx);
-+ send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
-+ rc = LDAP_SUCCESS;
-+ goto free_and_return;
-+ }
-+ pagedresults_set_response_control(pb, 0, estimate, curr_search_count, pr_idx);
- if (curr_search_count == -1) {
- pagedresults_free_one(pb->pb_conn, operation, pr_idx);
- }
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index 2e70e19..a7fe2cd 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -87,6 +87,8 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- Operation *op = pb->pb_op;
- BerElement *ber = NULL;
- PagedResults *prp = NULL;
-+ time_t ctime = current_time();
-+ int i;
-
- LDAPDebug0Args(LDAP_DEBUG_TRACE, "--> pagedresults_parse_control_value\n");
- if ( NULL == conn || NULL == op || NULL == pagesize || NULL == index ) {
-@@ -121,7 +123,6 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- /* the ber encoding is no longer needed */
- ber_free(ber, 1);
- if ( cookie.bv_len <= 0 ) {
-- int i;
- /* first time? */
- int maxlen = conn->c_pagedresults.prl_maxlen;
- if (conn->c_pagedresults.prl_count == maxlen) {
-@@ -138,15 +139,16 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- memset(conn->c_pagedresults.prl_list + maxlen, '\0', sizeof(PagedResults) * maxlen);
- }
- *index = maxlen; /* the first position in the new area */
-+ prp = conn->c_pagedresults.prl_list + *index;
-+ prp->pr_current_be = be;
- } else {
-- time_t ctime = current_time();
- prp = conn->c_pagedresults.prl_list;
- for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
- if (!prp->pr_current_be) { /* unused slot; take it */
- prp->pr_current_be = be;
- *index = i;
- break;
-- } else if (((prp->pr_timelimit > 0) && (ctime < prp->pr_timelimit)) || /* timelimit exceeded */
-+ } else if (((prp->pr_timelimit > 0) && (ctime > prp->pr_timelimit)) || /* timelimit exceeded */
- (prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED) /* abandoned */) {
- _pr_cleanup_one_slot(prp);
- conn->c_pagedresults.prl_count--;
-@@ -155,15 +157,6 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- break;
- }
- }
-- /* cleaning up the rest of the timedout if any */
-- for (++i; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
-- if (prp->pr_current_be &&
-- (((prp->pr_timelimit > 0) && (ctime < prp->pr_timelimit)) || /* timelimit exceeded */
-- (prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED)) /* abandoned */) {
-- _pr_cleanup_one_slot(prp);
-- conn->c_pagedresults.prl_count--;
-- }
-- }
- }
- if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen) &&
- !conn->c_pagedresults.prl_list[*index].pr_mutex) {
-@@ -181,8 +174,8 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- if ((conn->c_pagedresults.prl_maxlen <= *index) || (*index < 0)){
- rc = LDAP_PROTOCOL_ERROR;
- LDAPDebug1Arg(LDAP_DEBUG_ANY,
-- "pagedresults_parse_control_value: invalid cookie: %d\n",
-- *index);
-+ "pagedresults_parse_control_value: invalid cookie: %d\n", *index);
-+ *index = -1; /* index is invalid. reinitializing it. */
- goto bail;
- }
- prp = conn->c_pagedresults.prl_list + *index;
-@@ -206,11 +199,24 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
- }
- } else {
- rc = LDAP_PROTOCOL_ERROR;
-- LDAPDebug1Arg(LDAP_DEBUG_ANY,
-- "pagedresults_parse_control_value: invalid cookie: %d\n",
-- *index);
-+ LDAPDebug1Arg(LDAP_DEBUG_ANY, "pagedresults_parse_control_value: invalid cookie: %d\n", *index);
- }
- bail:
-+ /* cleaning up the rest of the timedout or abandoned if any */
-+ prp = conn->c_pagedresults.prl_list;
-+ for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++, prp++) {
-+ if (prp->pr_current_be &&
-+ (((prp->pr_timelimit > 0) && (ctime > prp->pr_timelimit)) || /* timelimit exceeded */
-+ (prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED)) /* abandoned */) {
-+ _pr_cleanup_one_slot(prp);
-+ conn->c_pagedresults.prl_count--;
-+ if (i == *index) {
-+ /* registered slot is expired and cleaned up. return cancelled. */
-+ *index = -1;
-+ rc = LDAP_CANCELLED;
-+ }
-+ }
-+ }
- PR_Unlock(conn->c_mutex);
-
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -326,7 +332,9 @@ pagedresults_free_one( Connection *conn, Operation *op, int index )
- return rc;
- }
-
--/* Used for abandoning */
-+/*
-+ * Used for abandoning - conn->c_mutex is already locked in do_abandone.
-+ */
- int
- pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid )
- {
-@@ -334,7 +342,7 @@ pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid )
- int i;
-
- if (conn && (msgid > -1)) {
-- if (conn->c_pagedresults.prl_count <= 0) {
-+ if (conn->c_pagedresults.prl_maxlen <= 0) {
- ; /* Not a paged result. */
- } else {
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
-@@ -381,18 +389,18 @@ pagedresults_get_current_be(Connection *conn, int index)
- }
-
- int
--pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index)
-+pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock)
- {
- int rc = -1;
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "--> pagedresults_set_current_be: idx=%d\n", index);
- if (conn && (index > -1)) {
-- PR_Lock(conn->c_mutex);
-+ if (!nolock) PR_Lock(conn->c_mutex);
- if (index < conn->c_pagedresults.prl_maxlen) {
- conn->c_pagedresults.prl_list[index].pr_current_be = be;
- }
-- PR_Unlock(conn->c_mutex);
- rc = 0;
-+ if (!nolock) PR_Unlock(conn->c_mutex);
- }
- LDAPDebug1Arg(LDAP_DEBUG_TRACE,
- "<-- pagedresults_set_current_be: %d\n", rc);
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index 80504b2..c5c412d 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1472,7 +1472,7 @@ void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical,
- ber_int_t estimate,
- int curr_search_count, int index);
- Slapi_Backend *pagedresults_get_current_be(Connection *conn, int index);
--int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index);
-+int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index, int nolock);
- void *pagedresults_get_search_result(Connection *conn, Operation *op,
- int index);
- int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr,
---
-1.9.3
-
diff --git a/SOURCES/0073-Ticket-48194-nsSSL3Ciphers-preference-not-enforced-s.patch b/SOURCES/0073-Ticket-48194-nsSSL3Ciphers-preference-not-enforced-s.patch
deleted file mode 100644
index 8e2ba49..0000000
--- a/SOURCES/0073-Ticket-48194-nsSSL3Ciphers-preference-not-enforced-s.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-From 413ac674d497a981b30bdc81b47ea2bb3e14ad57 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 11 Jun 2015 22:25:14 -0700
-Subject: [PATCH] Ticket #48194 - nsSSL3Ciphers preference not enforced server
- side
-
-Description: The fix for ticket 47838 accidentally changed the timing
-of setting default cipher preferences and creating a sslSocket which
-broke setting the default preferences to each sslSocket.
-
-https://fedorahosted.org/389/ticket/48194
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 53c9c4e84e3bcbc40de87b1e7cf7634d14599e1c)
-(cherry picked from commit 99109e38ca671951c50724018fce71e2e362f0ff)
----
- ldap/servers/slapd/ssl.c | 97 +++++++++++++++++++++++++-----------------------
- 1 file changed, 50 insertions(+), 47 deletions(-)
-
-diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
-index 6b51e0c..36a4788 100644
---- a/ldap/servers/slapd/ssl.c
-+++ b/ldap/servers/slapd/ssl.c
-@@ -1342,9 +1342,6 @@ slapd_ssl_init()
- freeConfigEntry( &entry );
- }
-
-- /* ugaston- Cipher preferences must be set before any sslSocket is created
-- * for such sockets to take preferences into account.
-- */
- freeConfigEntry( &entry );
-
- /* Introduce a way of knowing whether slapd_ssl_init has
-@@ -1590,6 +1587,45 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
-
- errorbuf[0] = '\0';
-
-+ /*
-+ * Cipher preferences must be set before any sslSocket is created
-+ * for such sockets to take preferences into account.
-+ */
-+ getConfigEntry(configDN, &e);
-+ if (e == NULL) {
-+ slapd_SSL_warn("Security Initialization: Failed get config entry %s", configDN);
-+ return 1;
-+ }
-+ val = slapi_entry_attr_get_charptr(e, "allowWeakCipher");
-+ if (val) {
-+ if (!PL_strcasecmp(val, "off") || !PL_strcasecmp(val, "false") ||
-+ !PL_strcmp(val, "0") || !PL_strcasecmp(val, "no")) {
-+ allowweakcipher = CIPHER_SET_DISALLOWWEAKCIPHER;
-+ } else if (!PL_strcasecmp(val, "on") || !PL_strcasecmp(val, "true") ||
-+ !PL_strcmp(val, "1") || !PL_strcasecmp(val, "yes")) {
-+ allowweakcipher = CIPHER_SET_ALLOWWEAKCIPHER;
-+ } else {
-+ slapd_SSL_warn("The value of allowWeakCipher \"%s\" in %s is invalid.",
-+ "Ignoring it and set it to default.", val, configDN);
-+ }
-+ }
-+ slapi_ch_free((void **) &val);
-+
-+ /* Set SSL cipher preferences */
-+ *cipher_string = 0;
-+ if(ciphers && (*ciphers) && PL_strcmp(ciphers, "blank"))
-+ PL_strncpyz(cipher_string, ciphers, sizeof(cipher_string));
-+ slapi_ch_free((void **) &ciphers);
-+
-+ if ( NULL != (val = _conf_setciphers(cipher_string, allowweakcipher)) ) {
-+ errorCode = PR_GetError();
-+ slapd_SSL_warn("Security Initialization: Failed to set SSL cipher "
-+ "preference information: %s (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-+ val, errorCode, slapd_pr_strerror(errorCode));
-+ slapi_ch_free((void **) &val);
-+ }
-+ freeConfigEntry(&e);
-+
- /* Import pr fd into SSL */
- pr_sock = SSL_ImportFD( NULL, sock );
- if( pr_sock == (PRFileDesc *)NULL ) {
-@@ -1632,8 +1668,6 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- slapd_pk11_setSlotPWValues(slot, 0, 0);
- }
-
--
--
- /*
- * Now, get the complete list of cipher families. Each family
- * has a token name and personality name which we'll use to find
-@@ -1816,9 +1850,8 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- "out of disk space! Make more room in /tmp "
- "and try again. (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
- errorCode, slapd_pr_strerror(errorCode));
-- }
-- else {
-- slapd_SSL_error("Config of server nonce cache failed (error %d - %s)",
-+ } else {
-+ slapd_SSL_error("Config of server nonce cache failed (error %d - %s)",
- errorCode, slapd_pr_strerror(errorCode));
- }
- return rv;
-@@ -1985,36 +2018,6 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- #if !defined(NSS_TLS10) /* NSS_TLS11 or newer */
- }
- #endif
-- val = slapi_entry_attr_get_charptr(e, "allowWeakCipher");
-- if (val) {
-- if (!PL_strcasecmp(val, "off") || !PL_strcasecmp(val, "false") ||
-- !PL_strcmp(val, "0") || !PL_strcasecmp(val, "no")) {
-- allowweakcipher = CIPHER_SET_DISALLOWWEAKCIPHER;
-- } else if (!PL_strcasecmp(val, "on") || !PL_strcasecmp(val, "true") ||
-- !PL_strcmp(val, "1") || !PL_strcasecmp(val, "yes")) {
-- allowweakcipher = CIPHER_SET_ALLOWWEAKCIPHER;
-- } else {
-- slapd_SSL_warn("The value of allowWeakCipher \"%s\" in %s is invalid.",
-- "Ignoring it and set it to default.", val, configDN);
-- }
-- }
-- slapi_ch_free((void **) &val);
--
-- /* Set SSL cipher preferences */
-- *cipher_string = 0;
-- if(ciphers && (*ciphers) && PL_strcmp(ciphers, "blank"))
-- PL_strncpyz(cipher_string, ciphers, sizeof(cipher_string));
-- slapi_ch_free((void **) &ciphers);
--
-- if ( NULL != (val = _conf_setciphers(cipher_string, allowweakcipher)) ) {
-- errorCode = PR_GetError();
-- slapd_SSL_warn("Security Initialization: Failed to set SSL cipher "
-- "preference information: %s (" SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
-- val, errorCode, slapd_pr_strerror(errorCode));
-- rv = 3;
-- slapi_ch_free((void **) &val);
-- }
--
- freeConfigEntry( &e );
-
- if(( slapd_SSLclientAuth = config_get_SSLclientAuth()) != SLAPD_SSLCLIENTAUTH_OFF ) {
-@@ -2059,17 +2062,17 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
- /* richm 20020227
- To do LDAP client SSL init, we need to do
-
-- static void
-- ldapssl_basic_init( void )
-- {
-- PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
-+ static void
-+ ldapssl_basic_init( void )
-+ {
-+ PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
-
-- PR_SetConcurrency( 4 );
-- }
-+ PR_SetConcurrency( 4 );
-+ }
- NSS_Init(certdbpath);
- SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE);
-- SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
-- s = NSS_SetDomesticPolicy();
-+ SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
-+ s = NSS_SetDomesticPolicy();
- We already do pr_init, we don't need pr_setconcurrency, we already do nss_init and the rest
-
- */
-@@ -2095,7 +2098,7 @@ slapd_SSL_client_auth (LDAP* ld)
- char **family;
- char *personality = NULL;
- char *activation = NULL;
-- char *cipher = NULL;
-+ char *cipher = NULL;
-
- for (family = family_list; *family; family++) {
- getConfigEntry( *family, &entry );
---
-1.9.3
-
diff --git a/SOURCES/0074-Ticket-48192-Individual-abandoned-simple-paged-resul.patch b/SOURCES/0074-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
deleted file mode 100644
index 959a784..0000000
--- a/SOURCES/0074-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From 22b0f8f0de1ee208a8c06c171bc2069da0adcc87 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 6 Jul 2015 14:06:11 -0700
-Subject: [PATCH] Ticket #48192 - Individual abandoned simple paged results
- request has no chance to be cleaned up
-
-Description: There was a small window that the search on the next page
-after the previous page abandoned referred the cleaned up simple paged
-object.
-
-This patch introduces a pagedresults_is_abandoned helper function to
-check the simple paged results was abandoned or not with some improvements
-based upon the comments by rmeggins@redhat.com (Thank you!!):
-1) adding locking when getting a simplepaged object in pagedresults_is_
- abandoned_or_notavailable as well as in pagedresults_{un}lock.
-2) sending "Simple Paged Results Search abandoned" if the previous page
- with the same cookie in the same connection was abandoned.
-
-https://fedorahosted.org/389/ticket/48192
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit e4d83c91fc88fcf9e6c823c608c629ac10e362f8)
-(cherry picked from commit b513a502250f93cfb43df000c2140b27c4ef0d39)
-(cherry picked from commit 7b17c488de280f29264920b4e53dce862ed5b7e4)
----
- ldap/servers/slapd/opshared.c | 22 ++++++++++++++++------
- ldap/servers/slapd/pagedresults.c | 24 +++++++++++++++++++++++-
- ldap/servers/slapd/proto-slap.h | 1 +
- 3 files changed, 40 insertions(+), 7 deletions(-)
-
-diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
-index 4be5366..1bad7ef 100644
---- a/ldap/servers/slapd/opshared.c
-+++ b/ldap/servers/slapd/opshared.c
-@@ -709,12 +709,20 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- */
- pr_search_result = pagedresults_get_search_result(pb->pb_conn, operation, pr_idx);
- if (pr_search_result) {
-- slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-- rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
-+ if (pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+ pagedresults_unlock(pb->pb_conn, pr_idx);
-+ /* Previous operation was abandoned and the simplepaged object is not in use. */
-+ send_ldap_result(pb, 0, NULL, "Simple Paged Results Search abandoned", 0, NULL);
-+ rc = LDAP_SUCCESS;
-+ goto free_and_return;
-+ } else {
-+ slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result );
-+ rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat);
-
-- /* search result could be reset in the backend/dse */
-- slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
-- pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
-+ /* search result could be reset in the backend/dse */
-+ slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr);
-+ pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx);
-+ }
- } else {
- pr_stat = PAGEDRESULTS_SEARCH_END;
- }
-@@ -744,7 +752,9 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
- if (PAGEDRESULTS_SEARCH_END == pr_stat) {
- pagedresults_lock(pb->pb_conn, pr_idx);
- slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
-- pagedresults_free_one(pb->pb_conn, operation, pr_idx);
-+ if (!pagedresults_is_abandoned_or_notavailable(pb->pb_conn, pr_idx)) {
-+ pagedresults_free_one(pb->pb_conn, operation, pr_idx);
-+ }
- pagedresults_unlock(pb->pb_conn, pr_idx);
- if (next_be) {
- /* no more entries, but at least another backend */
-diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
-index a7fe2cd..010e5c1 100644
---- a/ldap/servers/slapd/pagedresults.c
-+++ b/ldap/servers/slapd/pagedresults.c
-@@ -890,6 +890,8 @@ pagedresults_reset_processing(Connection *conn, int index)
- * If there are multiple slots, the connection may be a permanent one.
- * Do not return timed out here. But let the next request take care the
- * timedout slot(s).
-+ *
-+ * must be called within conn->c_mutex
- */
- int
- pagedresults_is_timedout_nolock(Connection *conn)
-@@ -918,7 +920,10 @@ pagedresults_is_timedout_nolock(Connection *conn)
- return 0;
- }
-
--/* reset all timeout */
-+/*
-+ * reset all timeout
-+ * must be called within conn->c_mutex
-+ */
- int
- pagedresults_reset_timedout_nolock(Connection *conn)
- {
-@@ -981,7 +986,9 @@ pagedresults_lock( Connection *conn, int index )
- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
- return;
- }
-+ PR_Lock(conn->c_mutex);
- prp = conn->c_pagedresults.prl_list + index;
-+ PR_Unlock(conn->c_mutex);
- if (prp->pr_mutex) {
- PR_Lock(prp->pr_mutex);
- }
-@@ -995,9 +1002,24 @@ pagedresults_unlock( Connection *conn, int index )
- if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
- return;
- }
-+ PR_Lock(conn->c_mutex);
- prp = conn->c_pagedresults.prl_list + index;
-+ PR_Unlock(conn->c_mutex);
- if (prp->pr_mutex) {
- PR_Unlock(prp->pr_mutex);
- }
- return;
- }
-+
-+int
-+pagedresults_is_abandoned_or_notavailable( Connection *conn, int index )
-+{
-+ PagedResults *prp;
-+ if (!conn || (index < 0) || (index >= conn->c_pagedresults.prl_maxlen)) {
-+ return 1; /* not abandoned, but do not want to proceed paged results op. */
-+ }
-+ PR_Lock(conn->c_mutex);
-+ prp = conn->c_pagedresults.prl_list + index;
-+ PR_Unlock(conn->c_mutex);
-+ return prp->pr_flags & CONN_FLAG_PAGEDRESULTS_ABANDONED;
-+}
-diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
-index c5c412d..4c0d1ce 100644
---- a/ldap/servers/slapd/proto-slap.h
-+++ b/ldap/servers/slapd/proto-slap.h
-@@ -1515,6 +1515,7 @@ int pagedresults_cleanup_all(Connection *conn, int needlock);
- void op_set_pagedresults(Operation *op);
- void pagedresults_lock(Connection *conn, int index);
- void pagedresults_unlock(Connection *conn, int index);
-+int pagedresults_is_abandoned_or_notavailable(Connection *conn, int index);
-
- /*
- * sort.c
---
-1.9.3
-
diff --git a/SOURCES/0075-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch b/SOURCES/0075-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
deleted file mode 100644
index 97aef2a..0000000
--- a/SOURCES/0075-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 8eef70242e661d55cdc0fae7f5328c780ec6d60a Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Mon, 13 Jul 2015 17:51:01 -0700
-Subject: [PATCH] Ticket #48223 - Winsync fails when AD users have multiple
- spaces (two)inside the value of the rdn attribute
-
-Description: When the dirsync search returns a remote entry, winsync
-search the entry with DN to retrieve the whole attribute value pairs.
-The DN used for the search was normalized which replaced multiple white-
-spaces with one in the DN. This patch does not used the normalized DN,
-but the same DN given by AD.
-
-The DN normalization behaviour was introduced to fix a ticket #529 -
-dn normalization must handle multiple space characters in attributes.
-
-Added additional debugging to get the info which entry failed to sync.
-
-https://fedorahosted.org/389/ticket/48223
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit 2c484cc6e89e473bced0e9b25dd6e68d53024bb3)
-(cherry picked from commit 69fd1f188105b2c3ca1bee04b05909e53c980b34)
-(cherry picked from commit 8622b69a733a6126414876f11ab627211cb3bd06)
----
- ldap/servers/plugins/posix-winsync/posix-group-func.c | 2 +-
- ldap/servers/plugins/replication/windows_protocol_util.c | 11 +++++++----
- 2 files changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
-index 5f841e5..a497f3f 100644
---- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
-+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
-@@ -95,7 +95,7 @@ getEntry(const char *udn, char **attrs)
- }
- else {
- slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME,
-- "getEntry: error searching for uid: %d\n", rc);
-+ "getEntry: error searching for uid %s: %d\n", udn, rc);
- }
-
- return NULL;
-diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
-index dabc936..ca79021 100644
---- a/ldap/servers/plugins/replication/windows_protocol_util.c
-+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
-@@ -3244,7 +3244,7 @@ windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,
- const char *searchbase = NULL;
- Slapi_Entry *found_entry = NULL;
-
-- searchbase = slapi_sdn_get_dn(remote_dn);
-+ searchbase = slapi_sdn_get_udn(remote_dn);
- cres = windows_search_entry_ext(prp->conn, (char*)searchbase, filter, &found_entry, NULL, LDAP_SCOPE_BASE);
- if (cres)
- {
-@@ -5904,13 +5904,16 @@ retry:
- remote_entry = NULL;
- } else
- {
-- slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to fetch inbound entry.\n",agmt_get_long_name(prp->agmt));
-+ slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name,
-+ "%s: windows_process_dirsync_entry: failed to fetch inbound entry %s.\n",
-+ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
- }
- slapi_entry_free(local_entry);
- if (rc) {
- /* Something bad happened */
-- slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,"%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",agmt_get_long_name(prp->agmt),
-- slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
-+ slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
-+ "%s: windows_process_dirsync_entry: failed to update inbound entry for %s.\n",
-+ agmt_get_long_name(prp->agmt), slapi_sdn_get_dn(slapi_entry_get_sdn_const(e)));
- }
- } else
- {
---
-1.9.3
-
diff --git a/SOURCES/0076-Ticket-47553-Enhance-ACIs-to-have-more-control-over-.patch b/SOURCES/0076-Ticket-47553-Enhance-ACIs-to-have-more-control-over-.patch
deleted file mode 100644
index cf4cac8..0000000
--- a/SOURCES/0076-Ticket-47553-Enhance-ACIs-to-have-more-control-over-.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From b9771a9a3202b4d3a8562ed7359c824f8922b4fe Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 15 Oct 2014 16:20:51 -0700
-Subject: [PATCH 76/84] Ticket #47553 - Enhance ACIs to have more control over
- MODRDN operations
-
-Description: Macro SLAPI_ACL_ALL does not contain SLAPI_ACL_MODDN.
-Thus, even though all operations are allowed by "allow (all)", just
-modrdn fails with "Insufficient access (50)".
-
-https://fedorahosted.org/389/ticket/47553
-
-Reviewed by tbordaz@redhat.com (Thank you, Thierry!!)
-
-(cherry picked from commit 4aafe7444d983c08b16a84b7c23c8d303de45dc6)
----
- ldap/servers/slapd/slapi-plugin.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
-index dfe75eb..5a7af5e 100644
---- a/ldap/servers/slapd/slapi-plugin.h
-+++ b/ldap/servers/slapd/slapi-plugin.h
-@@ -237,12 +237,12 @@ NSPR_API(PRUint32) PR_fprintf(struct PRFileDesc* fd, const char *fmt, ...)
- #define SLAPI_ACL_ADD 0x20
- #define SLAPI_ACL_SELF 0x40
- #define SLAPI_ACL_PROXY 0x80
--#define SLAPI_ACL_ALL 0x7f
- /* Values 0x200 and 0x400 are booked (acl.h) by
- * ACLPB_SLAPI_ACL_WRITE_ADD
- * ACLPB_SLAPI_ACL_WRITE_DEL
- */
- #define SLAPI_ACL_MODDN 0x0800
-+#define SLAPI_ACL_ALL 0x087f
-
-
- /*
---
-1.9.3
-
diff --git a/SOURCES/0077-Ticket-47553-Enhance-ACIs-to-have-more-control-over-.patch b/SOURCES/0077-Ticket-47553-Enhance-ACIs-to-have-more-control-over-.patch
deleted file mode 100644
index c56fbc8..0000000
--- a/SOURCES/0077-Ticket-47553-Enhance-ACIs-to-have-more-control-over-.patch
+++ /dev/null
@@ -1,676 +0,0 @@
-From b19dc5b453751ca63545e39537bfb87707cf867e Mon Sep 17 00:00:00 2001
-From: "Thierry bordaz (tbordaz)" <tbordaz@redhat.com>
-Date: Thu, 16 Oct 2014 17:24:15 +0200
-Subject: [PATCH 77/84] Ticket 47553: Enhance ACIs to have more control over
- MODRDN operations
-
-Bug Description:
- The ticket 47553 introduces a new aci right: moddn.
- This rights allows/deny to do a MODDN from a part of the DIT to an other.
- Before the right allow/deny to do a MODDN was granted if the subject had 'write' access to the rdn attribute.
- To switch from the previous mode to the new one, there is a toggle 'nsslapd-moddn-aci'.
- The getEffectiveRight control, should report the MODDN right ('n') according to
- the acis and the value of this toggle
-
-Fix Description:
- test 'nsslapd-moddn-aci' in the geteffectiveright code
-
-https://fedorahosted.org/389/ticket/47553
-
-Reviewed by: Noriko (Thanks !)
-
-Platforms tested: F17
-
-Flag Day: no
-
-Doc impact: no
-
-(cherry picked from commit be67f8128d4a19edec95a6b1b022fd9262710e74)
----
- dirsrvtests/tickets/ticket47553_ger.py | 553 ++++++++++++++++++++++++++
- ldap/servers/plugins/acl/acleffectiverights.c | 67 ++--
- 2 files changed, 590 insertions(+), 30 deletions(-)
- create mode 100644 dirsrvtests/tickets/ticket47553_ger.py
-
-diff --git a/dirsrvtests/tickets/ticket47553_ger.py b/dirsrvtests/tickets/ticket47553_ger.py
-new file mode 100644
-index 0000000..d688c70
---- /dev/null
-+++ b/dirsrvtests/tickets/ticket47553_ger.py
-@@ -0,0 +1,553 @@
-+'''
-+Created on Nov 7, 2013
-+
-+@author: tbordaz
-+'''
-+import os
-+import sys
-+import time
-+import ldap
-+import logging
-+import socket
-+import time
-+import logging
-+import pytest
-+import re
-+from lib389 import DirSrv, Entry, tools
-+from lib389.tools import DirSrvTools
-+from lib389._constants import *
-+from lib389.properties import *
-+from constants import *
-+from lib389._constants import REPLICAROLE_MASTER
-+from ldap.controls.simple import GetEffectiveRightsControl
-+
-+logging.getLogger(__name__).setLevel(logging.DEBUG)
-+log = logging.getLogger(__name__)
-+
-+#
-+# important part. We can deploy Master1 and Master2 on different versions
-+#
-+installation1_prefix = None
-+installation2_prefix = None
-+
-+TEST_REPL_DN = "cn=test_repl, %s" % SUFFIX
-+
-+STAGING_CN = "staged user"
-+PRODUCTION_CN = "accounts"
-+EXCEPT_CN = "excepts"
-+
-+STAGING_DN = "cn=%s,%s" % (STAGING_CN, SUFFIX)
-+PRODUCTION_DN = "cn=%s,%s" % (PRODUCTION_CN, SUFFIX)
-+PROD_EXCEPT_DN = "cn=%s,%s" % (EXCEPT_CN, PRODUCTION_DN)
-+
-+STAGING_PATTERN = "cn=%s*,%s" % (STAGING_CN[:2], SUFFIX)
-+PRODUCTION_PATTERN = "cn=%s*,%s" % (PRODUCTION_CN[:2], SUFFIX)
-+BAD_STAGING_PATTERN = "cn=bad*,%s" % (SUFFIX)
-+BAD_PRODUCTION_PATTERN = "cn=bad*,%s" % (SUFFIX)
-+
-+BIND_CN = "bind_entry"
-+BIND_DN = "cn=%s,%s" % (BIND_CN, SUFFIX)
-+BIND_PW = "password"
-+
-+NEW_ACCOUNT = "new_account"
-+MAX_ACCOUNTS = 20
-+
-+CONFIG_MODDN_ACI_ATTR = "nsslapd-moddn-aci"
-+
-+class TopologyMaster1Master2(object):
-+ def __init__(self, master1, master2):
-+ master1.open()
-+ self.master1 = master1
-+
-+ master2.open()
-+ self.master2 = master2
-+
-+
-+@pytest.fixture(scope="module")
-+def topology(request):
-+ '''
-+ This fixture is used to create a replicated topology for the 'module'.
-+ The replicated topology is MASTER1 <-> Master2.
-+ At the beginning, It may exists a master2 instance and/or a master2 instance.
-+ It may also exists a backup for the master1 and/or the master2.
-+
-+ Principle:
-+ If master1 instance exists:
-+ restart it
-+ If master2 instance exists:
-+ restart it
-+ If backup of master1 AND backup of master2 exists:
-+ create or rebind to master1
-+ create or rebind to master2
-+
-+ restore master1 from backup
-+ restore master2 from backup
-+ else:
-+ Cleanup everything
-+ remove instances
-+ remove backups
-+ Create instances
-+ Initialize replication
-+ Create backups
-+ '''
-+ global installation1_prefix
-+ global installation2_prefix
-+
-+ # allocate master1 on a given deployement
-+ master1 = DirSrv(verbose=False)
-+ if installation1_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-+
-+ # Args for the master1 instance
-+ args_instance[SER_HOST] = HOST_MASTER_1
-+ args_instance[SER_PORT] = PORT_MASTER_1
-+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1
-+ args_master = args_instance.copy()
-+ master1.allocate(args_master)
-+
-+ # allocate master1 on a given deployement
-+ master2 = DirSrv(verbose=False)
-+ if installation2_prefix:
-+ args_instance[SER_DEPLOYED_DIR] = installation2_prefix
-+
-+ # Args for the consumer instance
-+ args_instance[SER_HOST] = HOST_MASTER_2
-+ args_instance[SER_PORT] = PORT_MASTER_2
-+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2
-+ args_master = args_instance.copy()
-+ master2.allocate(args_master)
-+
-+
-+ # Get the status of the backups
-+ backup_master1 = master1.checkBackupFS()
-+ backup_master2 = master2.checkBackupFS()
-+
-+ # Get the status of the instance and restart it if it exists
-+ instance_master1 = master1.exists()
-+ if instance_master1:
-+ master1.stop(timeout=10)
-+ master1.start(timeout=10)
-+
-+ instance_master2 = master2.exists()
-+ if instance_master2:
-+ master2.stop(timeout=10)
-+ master2.start(timeout=10)
-+
-+ if backup_master1 and backup_master2:
-+ # The backups exist, assuming they are correct
-+ # we just re-init the instances with them
-+ if not instance_master1:
-+ master1.create()
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ master1.open()
-+
-+ if not instance_master2:
-+ master2.create()
-+ # Used to retrieve configuration information (dbdir, confdir...)
-+ master2.open()
-+
-+ # restore master1 from backup
-+ master1.stop(timeout=10)
-+ master1.restoreFS(backup_master1)
-+ master1.start(timeout=10)
-+
-+ # restore master2 from backup
-+ master2.stop(timeout=10)
-+ master2.restoreFS(backup_master2)
-+ master2.start(timeout=10)
-+ else:
-+ # We should be here only in two conditions
-+ # - This is the first time a test involve master-consumer
-+ # so we need to create everything
-+ # - Something weird happened (instance/backup destroyed)
-+ # so we discard everything and recreate all
-+
-+ # Remove all the backups. So even if we have a specific backup file
-+ # (e.g backup_master) we clear all backups that an instance my have created
-+ if backup_master1:
-+ master1.clearBackupFS()
-+ if backup_master2:
-+ master2.clearBackupFS()
-+
-+ # Remove all the instances
-+ if instance_master1:
-+ master1.delete()
-+ if instance_master2:
-+ master2.delete()
-+
-+ # Create the instances
-+ master1.create()
-+ master1.open()
-+ master2.create()
-+ master2.open()
-+
-+ #
-+ # Now prepare the Master-Consumer topology
-+ #
-+ # First Enable replication
-+ master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1)
-+ master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2)
-+
-+ # Initialize the supplier->consumer
-+
-+ properties = {RA_NAME: r'meTo_$host:$port',
-+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
-+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
-+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
-+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
-+ repl_agreement = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties)
-+
-+ if not repl_agreement:
-+ log.fatal("Fail to create a replica agreement")
-+ sys.exit(1)
-+
-+ log.debug("%s created" % repl_agreement)
-+
-+ properties = {RA_NAME: r'meTo_$host:$port',
-+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
-+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
-+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
-+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
-+ master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties)
-+
-+ master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2)
-+ master1.waitForReplInit(repl_agreement)
-+
-+ # Check replication is working fine
-+ master1.add_s(Entry((TEST_REPL_DN, {
-+ 'objectclass': "top person".split(),
-+ 'sn': 'test_repl',
-+ 'cn': 'test_repl'})))
-+ loop = 0
-+ while loop <= 10:
-+ try:
-+ ent = master2.getEntry(TEST_REPL_DN, ldap.SCOPE_BASE, "(objectclass=*)")
-+ break
-+ except ldap.NO_SUCH_OBJECT:
-+ time.sleep(1)
-+ loop += 1
-+
-+ # Time to create the backups
-+ master1.stop(timeout=10)
-+ master1.backupfile = master1.backupFS()
-+ master1.start(timeout=10)
-+
-+ master2.stop(timeout=10)
-+ master2.backupfile = master2.backupFS()
-+ master2.start(timeout=10)
-+
-+ # clear the tmp directory
-+ master1.clearTmpDir(__file__)
-+
-+ #
-+ # Here we have two instances master and consumer
-+ # with replication working. Either coming from a backup recovery
-+ # or from a fresh (re)init
-+ # Time to return the topology
-+ return TopologyMaster1Master2(master1, master2)
-+
-+
-+
-+def _bind_manager(topology):
-+ topology.master1.log.info("Bind as %s " % DN_DM)
-+ topology.master1.simple_bind_s(DN_DM, PASSWORD)
-+
-+def _bind_normal(topology):
-+ # bind as bind_entry
-+ topology.master1.log.info("Bind as %s" % BIND_DN)
-+ topology.master1.simple_bind_s(BIND_DN, BIND_PW)
-+
-+def _moddn_aci_deny_tree(topology, mod_type=None, target_from=STAGING_DN, target_to=PROD_EXCEPT_DN):
-+ '''
-+ It denies the access moddn_to in cn=except,cn=accounts,SUFFIX
-+ '''
-+ assert mod_type != None
-+
-+ ACI_TARGET_FROM = ""
-+ ACI_TARGET_TO = ""
-+ if target_from:
-+ ACI_TARGET_FROM = "(target_from = \"ldap:///%s\")" % (target_from)
-+ if target_to:
-+ ACI_TARGET_TO = "(target_to = \"ldap:///%s\")" % (target_to)
-+
-+ ACI_ALLOW = "(version 3.0; acl \"Deny MODDN to prod_except\"; deny (moddn)"
-+ ACI_SUBJECT = " userdn = \"ldap:///%s\";)" % BIND_DN
-+ ACI_BODY = ACI_TARGET_TO + ACI_TARGET_FROM + ACI_ALLOW + ACI_SUBJECT
-+ mod = [(mod_type, 'aci', ACI_BODY)]
-+ #topology.master1.modify_s(SUFFIX, mod)
-+ topology.master1.log.info("Add a DENY aci under %s " % PROD_EXCEPT_DN)
-+ topology.master1.modify_s(PROD_EXCEPT_DN, mod)
-+
-+def _moddn_aci_staging_to_production(topology, mod_type=None, target_from=STAGING_DN, target_to=PRODUCTION_DN):
-+ assert mod_type != None
-+
-+
-+ ACI_TARGET_FROM = ""
-+ ACI_TARGET_TO = ""
-+ if target_from:
-+ ACI_TARGET_FROM = "(target_from = \"ldap:///%s\")" % (target_from)
-+ if target_to:
-+ ACI_TARGET_TO = "(target_to = \"ldap:///%s\")" % (target_to)
-+
-+ ACI_ALLOW = "(version 3.0; acl \"MODDN from staging to production\"; allow (moddn)"
-+ ACI_SUBJECT = " userdn = \"ldap:///%s\";)" % BIND_DN
-+ ACI_BODY = ACI_TARGET_FROM + ACI_TARGET_TO + ACI_ALLOW + ACI_SUBJECT
-+ mod = [(mod_type, 'aci', ACI_BODY)]
-+ topology.master1.modify_s(SUFFIX, mod)
-+
-+def _moddn_aci_from_production_to_staging(topology, mod_type=None):
-+ assert mod_type != None
-+
-+ ACI_TARGET = "(target_from = \"ldap:///%s\") (target_to = \"ldap:///%s\")" % (PRODUCTION_DN, STAGING_DN)
-+ ACI_ALLOW = "(version 3.0; acl \"MODDN from production to staging\"; allow (moddn)"
-+ ACI_SUBJECT = " userdn = \"ldap:///%s\";)" % BIND_DN
-+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
-+ mod = [(mod_type, 'aci', ACI_BODY)]
-+ topology.master1.modify_s(SUFFIX, mod)
-+
-+
-+def test_ticket47553_init(topology):
-+ """
-+ Creates
-+ - a staging DIT
-+ - a production DIT
-+ - add accounts in staging DIT
-+ - enable ACL logging (commented for performance reason)
-+
-+ """
-+
-+ topology.master1.log.info("\n\n######################### INITIALIZATION ######################\n")
-+
-+ # entry used to bind with
-+ topology.master1.log.info("Add %s" % BIND_DN)
-+ topology.master1.add_s(Entry((BIND_DN, {
-+ 'objectclass': "top person".split(),
-+ 'sn': BIND_CN,
-+ 'cn': BIND_CN,
-+ 'userpassword': BIND_PW})))
-+
-+ # DIT for staging
-+ topology.master1.log.info("Add %s" % STAGING_DN)
-+ topology.master1.add_s(Entry((STAGING_DN, {
-+ 'objectclass': "top organizationalRole".split(),
-+ 'cn': STAGING_CN,
-+ 'description': "staging DIT"})))
-+
-+ # DIT for production
-+ topology.master1.log.info("Add %s" % PRODUCTION_DN)
-+ topology.master1.add_s(Entry((PRODUCTION_DN, {
-+ 'objectclass': "top organizationalRole".split(),
-+ 'cn': PRODUCTION_CN,
-+ 'description': "production DIT"})))
-+
-+ # DIT for production/except
-+ topology.master1.log.info("Add %s" % PROD_EXCEPT_DN)
-+ topology.master1.add_s(Entry((PROD_EXCEPT_DN, {
-+ 'objectclass': "top organizationalRole".split(),
-+ 'cn': EXCEPT_CN,
-+ 'description': "production except DIT"})))
-+
-+ # enable acl error logging
-+ #mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '128')]
-+ #topology.master1.modify_s(DN_CONFIG, mod)
-+ #topology.master2.modify_s(DN_CONFIG, mod)
-+
-+
-+
-+
-+
-+ # add dummy entries in the staging DIT
-+ for cpt in range(MAX_ACCOUNTS):
-+ name = "%s%d" % (NEW_ACCOUNT, cpt)
-+ topology.master1.add_s(Entry(("cn=%s,%s" % (name, STAGING_DN), {
-+ 'objectclass': "top person".split(),
-+ 'sn': name,
-+ 'cn': name})))
-+
-+
-+def test_ticket47553_mode_default_add_deny(topology):
-+ '''
-+ This test case checks that the ADD operation fails (no ADD aci on production)
-+ '''
-+
-+ topology.master1.log.info("\n\n######################### mode moddn_aci : ADD (should fail) ######################\n")
-+
-+ _bind_normal(topology)
-+
-+ #
-+ # First try to add an entry in production => INSUFFICIENT_ACCESS
-+ #
-+ try:
-+ topology.master1.log.info("Try to add %s" % PRODUCTION_DN)
-+ name = "%s%d" % (NEW_ACCOUNT, 0)
-+ topology.master1.add_s(Entry(("cn=%s,%s" % (name, PRODUCTION_DN), {
-+ 'objectclass': "top person".split(),
-+ 'sn': name,
-+ 'cn': name})))
-+ assert 0 # this is an error, we should not be allowed to add an entry in production
-+ except Exception as e:
-+ topology.master1.log.info("Exception (expected): %s" % type(e).__name__)
-+ assert isinstance(e, ldap.INSUFFICIENT_ACCESS)
-+
-+def test_ticket47553_mode_default_ger_no_moddn(topology):
-+ topology.master1.log.info("\n\n######################### mode moddn_aci : GER no moddn ######################\n")
-+ request_ctrl = GetEffectiveRightsControl(criticality=True,authzId="dn: " + BIND_DN)
-+ msg_id = topology.master1.search_ext(PRODUCTION_DN, ldap.SCOPE_SUBTREE, "objectclass=*", serverctrls=[request_ctrl])
-+ rtype,rdata,rmsgid,response_ctrl = topology.master1.result3(msg_id)
-+ ger={}
-+ value=''
-+ for dn, attrs in rdata:
-+ topology.master1.log.info ("dn: %s" % dn)
-+ value = attrs['entryLevelRights'][0]
-+
-+ topology.master1.log.info ("############### entryLevelRights: %r" % value)
-+ assert 'n' not in value
-+
-+def test_ticket47553_mode_default_ger_with_moddn(topology):
-+ '''
-+ This test case adds the moddn aci and check ger contains 'n'
-+ '''
-+
-+ topology.master1.log.info("\n\n######################### mode moddn_aci: GER with moddn ######################\n")
-+
-+ # successfull MOD with the ACI
-+ _bind_manager(topology)
-+ _moddn_aci_staging_to_production(topology, mod_type=ldap.MOD_ADD, target_from=STAGING_DN, target_to=PRODUCTION_DN)
-+ _bind_normal(topology)
-+
-+ request_ctrl = GetEffectiveRightsControl(criticality=True,authzId="dn: " + BIND_DN)
-+ msg_id = topology.master1.search_ext(PRODUCTION_DN, ldap.SCOPE_SUBTREE, "objectclass=*", serverctrls=[request_ctrl])
-+ rtype,rdata,rmsgid,response_ctrl = topology.master1.result3(msg_id)
-+ ger={}
-+ value = ''
-+ for dn, attrs in rdata:
-+ topology.master1.log.info ("dn: %s" % dn)
-+ value = attrs['entryLevelRights'][0]
-+
-+ topology.master1.log.info ("############### entryLevelRights: %r" % value)
-+ assert 'n' in value
-+
-+ # successfull MOD with the both ACI
-+ _bind_manager(topology)
-+ _moddn_aci_staging_to_production(topology, mod_type=ldap.MOD_DELETE, target_from=STAGING_DN, target_to=PRODUCTION_DN)
-+ _bind_normal(topology)
-+
-+def test_ticket47553_mode_switch_default_to_legacy(topology):
-+ '''
-+ This test switch the server from default mode to legacy
-+ '''
-+ topology.master1.log.info("\n\n######################### Disable the moddn aci mod ######################\n" )
-+ _bind_manager(topology)
-+ mod = [(ldap.MOD_REPLACE, CONFIG_MODDN_ACI_ATTR, 'off')]
-+ topology.master1.modify_s(DN_CONFIG, mod)
-+
-+def test_ticket47553_mode_legacy_ger_no_moddn1(topology):
-+ topology.master1.log.info("\n\n######################### mode legacy 1: GER no moddn ######################\n")
-+ request_ctrl = GetEffectiveRightsControl(criticality=True,authzId="dn: " + BIND_DN)
-+ msg_id = topology.master1.search_ext(PRODUCTION_DN, ldap.SCOPE_SUBTREE, "objectclass=*", serverctrls=[request_ctrl])
-+ rtype,rdata,rmsgid,response_ctrl = topology.master1.result3(msg_id)
-+ ger={}
-+ value=''
-+ for dn, attrs in rdata:
-+ topology.master1.log.info ("dn: %s" % dn)
-+ value = attrs['entryLevelRights'][0]
-+
-+ topology.master1.log.info ("############### entryLevelRights: %r" % value)
-+ assert 'n' not in value
-+
-+def test_ticket47553_mode_legacy_ger_no_moddn2(topology):
-+ topology.master1.log.info("\n\n######################### mode legacy 2: GER no moddn ######################\n")
-+ # successfull MOD with the ACI
-+ _bind_manager(topology)
-+ _moddn_aci_staging_to_production(topology, mod_type=ldap.MOD_ADD, target_from=STAGING_DN, target_to=PRODUCTION_DN)
-+ _bind_normal(topology)
-+
-+ request_ctrl = GetEffectiveRightsControl(criticality=True,authzId="dn: " + BIND_DN)
-+ msg_id = topology.master1.search_ext(PRODUCTION_DN, ldap.SCOPE_SUBTREE, "objectclass=*", serverctrls=[request_ctrl])
-+ rtype,rdata,rmsgid,response_ctrl = topology.master1.result3(msg_id)
-+ ger={}
-+ value=''
-+ for dn, attrs in rdata:
-+ topology.master1.log.info ("dn: %s" % dn)
-+ value = attrs['entryLevelRights'][0]
-+
-+ topology.master1.log.info ("############### entryLevelRights: %r" % value)
-+ assert 'n' not in value
-+
-+ # successfull MOD with the both ACI
-+ _bind_manager(topology)
-+ _moddn_aci_staging_to_production(topology, mod_type=ldap.MOD_DELETE, target_from=STAGING_DN, target_to=PRODUCTION_DN)
-+ _bind_normal(topology)
-+
-+def test_ticket47553_mode_legacy_ger_with_moddn(topology):
-+ topology.master1.log.info("\n\n######################### mode legacy : GER with moddn ######################\n")
-+
-+ # being allowed to read/write the RDN attribute use to allow the RDN
-+ ACI_TARGET = "(target = \"ldap:///%s\")(targetattr=\"cn\")" % (PRODUCTION_DN)
-+ ACI_ALLOW = "(version 3.0; acl \"MODDN production changing the RDN attribute\"; allow (read,search,write)"
-+ ACI_SUBJECT = " userdn = \"ldap:///%s\";)" % BIND_DN
-+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
-+
-+ # successfull MOD with the ACI
-+ _bind_manager(topology)
-+ mod = [(ldap.MOD_ADD, 'aci', ACI_BODY)]
-+ topology.master1.modify_s(SUFFIX, mod)
-+ _bind_normal(topology)
-+
-+ request_ctrl = GetEffectiveRightsControl(criticality=True,authzId="dn: " + BIND_DN)
-+ msg_id = topology.master1.search_ext(PRODUCTION_DN, ldap.SCOPE_SUBTREE, "objectclass=*", serverctrls=[request_ctrl])
-+ rtype,rdata,rmsgid,response_ctrl = topology.master1.result3(msg_id)
-+ ger={}
-+ value=''
-+ for dn, attrs in rdata:
-+ topology.master1.log.info ("dn: %s" % dn)
-+ value = attrs['entryLevelRights'][0]
-+
-+ topology.master1.log.info ("############### entryLevelRights: %r" % value)
-+ assert 'n' in value
-+
-+ # successfull MOD with the both ACI
-+ _bind_manager(topology)
-+ mod = [(ldap.MOD_DELETE, 'aci', ACI_BODY)]
-+ topology.master1.modify_s(SUFFIX, mod)
-+ _bind_normal(topology)
-+
-+
-+def test_ticket47553_final(topology):
-+ topology.master1.stop(timeout=10)
-+ topology.master2.stop(timeout=10)
-+
-+def run_isolated():
-+ '''
-+ run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..)
-+ To run isolated without py.test, you need to
-+ - edit this file and comment '@pytest.fixture' line before 'topology' function.
-+ - set the installation prefix
-+ - run this program
-+ '''
-+ global installation1_prefix
-+ global installation2_prefix
-+ installation1_prefix = None
-+ installation2_prefix = None
-+
-+ topo = topology(True)
-+ topo.master1.log.info("\n\n######################### Ticket 47553 ######################\n")
-+ test_ticket47553_init(topo)
-+
-+ # Check that without appropriate aci we are not allowed to add/delete
-+ test_ticket47553_mode_default_add_deny(topo)
-+ test_ticket47553_mode_default_ger_no_moddn(topo)
-+ test_ticket47553_mode_default_ger_with_moddn(topo)
-+ test_ticket47553_mode_switch_default_to_legacy(topo)
-+ test_ticket47553_mode_legacy_ger_no_moddn1(topo)
-+ test_ticket47553_mode_legacy_ger_no_moddn2(topo)
-+ test_ticket47553_mode_legacy_ger_with_moddn(topo)
-+
-+ test_ticket47553_final(topo)
-+
-+
-+
-+
-+if __name__ == '__main__':
-+ run_isolated()
-+
-diff --git a/ldap/servers/plugins/acl/acleffectiverights.c b/ldap/servers/plugins/acl/acleffectiverights.c
-index b9e2055..3c7d635 100644
---- a/ldap/servers/plugins/acl/acleffectiverights.c
-+++ b/ldap/servers/plugins/acl/acleffectiverights.c
-@@ -456,38 +456,45 @@ _ger_get_entry_rights (
- entryrights |= SLAPI_ACL_DELETE;
- _append_gerstr(gerstr, gerstrsize, gerstrcap, "d", NULL);
- }
-- /*
-- * Some limitation/simplification applied here:
-- * - The modrdn right requires the rights to delete the old rdn and
-- * the new one. However we have no knowledge of what the new rdn
-- * is going to be.
-- * - In multi-valued RDN case, we check the right on
-- * the first rdn type only for now.
-- */
-- rdn = slapi_rdn_new_dn ( slapi_entry_get_ndn (e) );
-- slapi_rdn_get_first(rdn, &rdntype, &rdnvalue);
-- if ( NULL != rdntype ) {
-- slapi_log_error (SLAPI_LOG_ACL, plugin_name,
-- "_ger_get_entry_rights: SLAPI_ACL_WRITE_DEL & _ADD %s\n", rdntype );
-- if (acl_access_allowed(gerpb, e, rdntype, NULL,
-- ACLPB_SLAPI_ACL_WRITE_DEL) == LDAP_SUCCESS &&
-- acl_access_allowed(gerpb, e, rdntype, NULL,
-- ACLPB_SLAPI_ACL_WRITE_ADD) == LDAP_SUCCESS)
-- {
-- /* n - rename e */
-- entryrights |= SLAPI_ACL_WRITE;
-- _append_gerstr(gerstr, gerstrsize, gerstrcap, "n", NULL);
-- }
-- }
-- slapi_rdn_free ( &rdn );
--
-- if (acl_access_allowed(gerpb, e, NULL, NULL, SLAPI_ACL_MODDN) == LDAP_SUCCESS) {
-- slapi_log_error (SLAPI_LOG_ACL, plugin_name,
-- "_ger_get_entry_rights: SLAPI_ACL_MODDN %s\n", slapi_entry_get_ndn (e) );
-+
-+ if (config_get_moddn_aci()) {
-+ /* The server enforces the new MODDN aci right.
-+ * So the status 'n' is set if this right is granted.
-+ * Opposed to the legacy mode where this flag is set if
-+ * WRITE was granted on rdn attrbibute
-+ */
-+ if (acl_access_allowed(gerpb, e, NULL, NULL, SLAPI_ACL_MODDN) == LDAP_SUCCESS) {
-+ slapi_log_error(SLAPI_LOG_ACL, plugin_name,
-+ "_ger_get_entry_rights: SLAPI_ACL_MODDN %s\n", slapi_entry_get_ndn(e));
-+ /* n - rename e */
-+ entryrights |= SLAPI_ACL_MODDN;
-+ _append_gerstr(gerstr, gerstrsize, gerstrcap, "n", NULL);
-+ }
-+ } else {
-+ /*
-+ * Some limitation/simplification applied here:
-+ * - The modrdn right requires the rights to delete the old rdn and
-+ * the new one. However we have no knowledge of what the new rdn
-+ * is going to be.
-+ * - In multi-valued RDN case, we check the right on
-+ * the first rdn type only for now.
-+ */
-+ rdn = slapi_rdn_new_dn(slapi_entry_get_ndn(e));
-+ slapi_rdn_get_first(rdn, &rdntype, &rdnvalue);
-+ if (NULL != rdntype) {
-+ slapi_log_error(SLAPI_LOG_ACL, plugin_name,
-+ "_ger_get_entry_rights: SLAPI_ACL_WRITE_DEL & _ADD %s\n", rdntype);
-+ if (acl_access_allowed(gerpb, e, rdntype, NULL,
-+ ACLPB_SLAPI_ACL_WRITE_DEL) == LDAP_SUCCESS &&
-+ acl_access_allowed(gerpb, e, rdntype, NULL,
-+ ACLPB_SLAPI_ACL_WRITE_ADD) == LDAP_SUCCESS) {
- /* n - rename e */
-- entryrights |= SLAPI_ACL_MODDN;
-- _append_gerstr(gerstr, gerstrsize, gerstrcap, "n", NULL);
-+ entryrights |= SLAPI_ACL_WRITE;
-+ _append_gerstr(gerstr, gerstrsize, gerstrcap, "n", NULL);
-+ }
- }
-+ slapi_rdn_free(&rdn);
-+ }
- if ( entryrights == 0 )
- {
- _append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
---
-1.9.3
-
diff --git a/SOURCES/0078-Ticket-48265-Complex-filter-in-a-search-request-doen.patch b/SOURCES/0078-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
deleted file mode 100644
index 9b9e18f..0000000
--- a/SOURCES/0078-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 924a6ec6ca3131ff7233fd664ede9051907d96b1 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Wed, 2 Sep 2015 14:28:27 -0700
-Subject: [PATCH 78/84] Ticket #48265 - Complex filter in a search request
- doen't work as expected. (regression)
-
-Description: commit c2658c14802783d0a8919783aa7123be9e749c18 to fix
-Ticket 47521 - Complex filter in a search request doen't work as expected.
-regressed this case:
- "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(|(uid=*test*)(cn=*test*))(o=X))"
-in which a simple filter follows a complex filter which choice is
-different from the outer choice. I.e., '|' for (uid=...)(cn=...)
-is different from the first '&'.
-
-The fix for 47521 solves this case:
- "(&(&(uid=A)(cn=B))(&(givenname=C))(mail=D)(&(description=E)))"
-in this case, (mail=D) used to be dropped from the filter in the
-function index_subsys_flatten_filter.
-
-The 47521 fix saved the simple filter "(mail=D)" in the 2nd example,
-but it forced to skip the complex filter with the different choice
-and converted the 1st example to:
- "(&(&(|(l=A)(l=B)(l=C))(|(C=D)(c=E)))(o=X))"
-This patch saves such a complex filter, as well.
-
-https://fedorahosted.org/389/ticket/48265
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit 8c3d3e4648fbb5229e329e2154d46f1ae808ba02)
-(cherry picked from commit 3d9dbf2d441e551495a1f3169dc2020324c484b4)
-(cherry picked from commit c03a9f7c121355aefadc92ed67bcb6f400196017)
----
- ldap/servers/slapd/index_subsystem.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/ldap/servers/slapd/index_subsystem.c b/ldap/servers/slapd/index_subsystem.c
-index eff908e..d0ba1bd 100644
---- a/ldap/servers/slapd/index_subsystem.c
-+++ b/ldap/servers/slapd/index_subsystem.c
-@@ -441,6 +441,11 @@ static void index_subsys_flatten_filter(Slapi_Filter *flist)
- }
- else
- {
-+ /* don't loose a nested filter having a different choice */
-+ if (flast) {
-+ flast->f_next = f;
-+ flast = f;
-+ }
- fprev = f;
- f = f->f_next;
- }
---
-1.9.3
-
diff --git a/SOURCES/0079-Ticket-47912-Proper-handling-of-No-original_tombston.patch b/SOURCES/0079-Ticket-47912-Proper-handling-of-No-original_tombston.patch
deleted file mode 100644
index 8fe2078..0000000
--- a/SOURCES/0079-Ticket-47912-Proper-handling-of-No-original_tombston.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 8f54c897c404164c618c808435d3887e62d32915 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 7 Oct 2014 14:02:20 -0700
-Subject: [PATCH 79/84] Ticket #47912 - Proper handling of "No
- original_tombstone for changenumber" errors
-
-Bug Description: As analyzed by Ludwig Krispen in
- https://fedorahosted.org/389/ticket/47912#comment:1,
-an error message "No original_tombstone for ..." is always logged
-if original_tombstone does not exist. It should be just for the
-case create_tombstone_entry.
-
-Fix Description: This patch place the original_tombstone handling
-in "if (create_tombstone_entry)" clause.
-
-https://fedorahosted.org/389/ticket/47912
-
-Reviewed by lkrispen@redhat.com (Thank you, Ludwig!!)
-
-(cherry picked from commit 36381c120773872d3d4d2cb2417f155e6ac790a6)
----
- ldap/servers/slapd/back-ldbm/ldbm_delete.c | 48 +++++++++++++++---------------
- 1 file changed, 24 insertions(+), 24 deletions(-)
-
-diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-index 56ea3df..3de8efa 100644
---- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
-@@ -225,33 +225,33 @@ ldbm_back_delete( Slapi_PBlock *pb )
- free_delete_existing_entry = 1; /* must free the dup */
- if (create_tombstone_entry) {
- slapi_sdn_set_ndn_byval(&nscpEntrySDN, slapi_sdn_get_ndn(slapi_entry_get_sdn(e->ep_entry)));
-- }
-
-- /* reset tombstone entry */
-- if (original_tombstone) {
-- /* must duplicate tombstone before returning it to cache,
-- * which could free the entry. */
-- if ( (tmptombstone = backentry_dup( original_tombstone )) == NULL ) {
-- ldap_result_code= LDAP_OPERATIONS_ERROR;
-- goto error_return;
-- }
-- if (cache_is_in_cache(&inst->inst_cache, tombstone)) {
-- CACHE_REMOVE(&inst->inst_cache, tombstone);
-- }
-- CACHE_RETURN(&inst->inst_cache, &tombstone);
-- if (tombstone) {
-+ /* reset tombstone entry */
-+ if (original_tombstone) {
-+ /* must duplicate tombstone before returning it to cache,
-+ * which could free the entry. */
-+ if ( (tmptombstone = backentry_dup( original_tombstone )) == NULL ) {
-+ ldap_result_code= LDAP_OPERATIONS_ERROR;
-+ goto error_return;
-+ }
-+ if (cache_is_in_cache(&inst->inst_cache, tombstone)) {
-+ CACHE_REMOVE(&inst->inst_cache, tombstone);
-+ }
-+ CACHE_RETURN(&inst->inst_cache, &tombstone);
-+ if (tombstone) {
-+ slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_delete",
-+ "conn=%lu op=%d [retry: %d] tombstone %s is not freed!!! refcnt %d, state %d\n",
-+ conn_id, op_id, retry_count, slapi_entry_get_dn(tombstone->ep_entry),
-+ tombstone->ep_refcnt, tombstone->ep_state);
-+ }
-+ tombstone = original_tombstone;
-+ original_tombstone = tmptombstone;
-+ tmptombstone = NULL;
-+ } else {
- slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_delete",
-- "conn=%lu op=%d [retry: %d] tombstone %s is not freed!!! refcnt %d, state %d\n",
-- conn_id, op_id, retry_count, slapi_entry_get_dn(tombstone->ep_entry),
-- tombstone->ep_refcnt, tombstone->ep_state);
-+ "conn=%lu op=%d [retry: %d] No original_tombstone for %s!!\n",
-+ conn_id, op_id, retry_count, slapi_entry_get_dn(e->ep_entry));
- }
-- tombstone = original_tombstone;
-- original_tombstone = tmptombstone;
-- tmptombstone = NULL;
-- } else {
-- slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_delete",
-- "conn=%lu op=%d [retry: %d] No original_tombstone for %s!!\n",
-- conn_id, op_id, retry_count, slapi_entry_get_dn(e->ep_entry));
- }
- if (ruv_c_init) {
- /* reset the ruv txn stuff */
---
-1.9.3
-
diff --git a/SOURCES/0080-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch b/SOURCES/0080-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
deleted file mode 100644
index 2ae359c..0000000
--- a/SOURCES/0080-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
+++ /dev/null
@@ -1,809 +0,0 @@
-From d32a172a4bc927a5eb72acecfe07ba7fa8ea3a55 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 8 Jul 2015 11:48:27 -0400
-Subject: [PATCH 80/84] Ticket 48208 - CleanAllRUV should completely purge
- changelog
-
-Bug Description: After cleanAllRUV finishes, the changelog still
- contains entries from the cleaned rid. Under certain
- conditions this can allow the RUV to get polluted
- again, and the ruv element will be missing the replica
- url.
-
-Fix Description: At the end of the cleaning task, fire of a thread to
- to completely purge the changelog of all entries
- containing the cleaned rid.
-
- Also, improved the cleanAllRUV task when dealing
- with a server shutdown - previously if the timing is
- right the task can "delay/hang" the shutdown process.
-
-https://fedorahosted.org/389/ticket/48208
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit ff1c34538b0600259dba4801da2b2f0993fa5404)
-(cherry picked from commit 9e4cf12cfbfde0761325b75c3fd5a8b39223760a)
-(cherry picked from commit 46cd28db8402517febf0c5db4f2f869c491c41c0)
----
- ldap/servers/plugins/replication/cl5_api.c | 447 ++++++++++++++++++---
- ldap/servers/plugins/replication/cl5_api.h | 5 +-
- .../plugins/replication/repl5_replica_config.c | 44 +-
- 3 files changed, 430 insertions(+), 66 deletions(-)
-
-diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
-index 42e52ae..c5840b5 100644
---- a/ldap/servers/plugins/replication/cl5_api.c
-+++ b/ldap/servers/plugins/replication/cl5_api.c
-@@ -353,14 +353,17 @@ static void _cl5TrimCleanup ();
- static int _cl5TrimMain (void *param);
- static void _cl5DoTrimming (ReplicaId rid);
- static void _cl5CompactDBs();
--static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid);
-+static void _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid);
-+static int _cl5PurgeGetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key);
-+static int _cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key);
-+static void _cl5TrimFile (Object *obj, long *numToTrim);
- static PRBool _cl5CanTrim (time_t time, long *numToTrim);
- static int _cl5ReadRUV (const char *replGen, Object *obj, PRBool purge);
- static int _cl5WriteRUV (CL5DBFile *file, PRBool purge);
- static int _cl5ConstructRUV (const char *replGen, Object *obj, PRBool purge);
- static int _cl5UpdateRUV (Object *obj, CSN *csn, PRBool newReplica, PRBool purge);
- static int _cl5GetRUV2Purge2 (Object *fileObj, RUV **ruv);
--void trigger_cl_trimming_thread(void *rid);
-+void trigger_cl_purging_thread(void *rid);
-
- /* bakup/recovery, import/export */
- static int _cl5LDIF2Operation (char *ldifEntry, slapi_operation_parameters *op,
-@@ -3499,9 +3502,17 @@ static void _cl5DoTrimming (ReplicaId rid)
- trimmed more often than other. We might have to fix that by, for
- example, randomizing starting point */
- obj = objset_first_obj (s_cl5Desc.dbFiles);
-- while (obj && _cl5CanTrim ((time_t)0, &numToTrim))
-+ while (obj && (_cl5CanTrim ((time_t)0, &numToTrim) || rid))
- {
-- _cl5TrimFile (obj, &numToTrim, rid);
-+ if (rid){
-+ /*
-+ * We are cleaning an invalid rid, and need to strip it
-+ * from the changelog.
-+ */
-+ _cl5PurgeRID (obj, rid);
-+ } else {
-+ _cl5TrimFile (obj, &numToTrim);
-+ }
- obj = objset_next_obj (s_cl5Desc.dbFiles, obj);
- }
-
-@@ -3578,12 +3589,351 @@ bail:
- return;
- }
-
-+/*
-+ * If the rid is not set it is the very first iteration of the changelog.
-+ * If the rid is set, we are doing another pass, and we have a key as our
-+ * starting point.
-+ */
-+static int
-+_cl5PurgeGetFirstEntry(Object *obj, CL5Entry *entry, void **iterator, DB_TXN *txnid, int rid, DBT *key)
-+{
-+ DBC *cursor = NULL;
-+ DBT data = {0};
-+ CL5Iterator *it;
-+ CL5DBFile *file;
-+ int rc;
-+
-+ file = (CL5DBFile*)object_get_data (obj);
-+
-+ /* create cursor */
-+ rc = file->db->cursor(file->db, txnid, &cursor, 0);
-+ if (rc != 0)
-+ {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeGetFirstEntry: failed to create cursor; db error - %d %s\n", rc, db_strerror(rc));
-+ rc = CL5_DB_ERROR;
-+ goto done;
-+ }
-+
-+ key->flags = DB_DBT_MALLOC;
-+ data.flags = DB_DBT_MALLOC;
-+ while ((rc = cursor->c_get(cursor, key, &data, rid?DB_SET:DB_NEXT)) == 0)
-+ {
-+ /* skip service entries on the first pass (rid == 0)*/
-+ if (!rid && cl5HelperEntry ((char*)key->data, NULL))
-+ {
-+ slapi_ch_free(&key->data);
-+ slapi_ch_free(&(data.data));
-+ continue;
-+ }
-+
-+ /* format entry */
-+ rc = cl5DBData2Entry(data.data, data.size, entry);
-+ slapi_ch_free(&(data.data));
-+ if (rc != 0)
-+ {
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ "_cl5PurgeGetFirstEntry: failed to format entry: %d\n", rc);
-+ goto done;
-+ }
-+
-+ it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator));
-+ it->cursor = cursor;
-+ object_acquire (obj);
-+ it->file = obj;
-+ *(CL5Iterator**)iterator = it;
-+
-+ return CL5_SUCCESS;
-+ }
-+
-+ slapi_ch_free(&key->data);
-+ slapi_ch_free(&(data.data));
-+
-+ /* walked of the end of the file */
-+ if (rc == DB_NOTFOUND)
-+ {
-+ rc = CL5_NOTFOUND;
-+ goto done;
-+ }
-+
-+ /* db error occured while iterating */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeGetFirstEntry: failed to get entry; db error - %d %s\n",
-+ rc, db_strerror(rc));
-+ rc = CL5_DB_ERROR;
-+
-+done:
-+ /*
-+ * We didn't success in assigning this cursor to the iterator,
-+ * so we need to free the cursor here.
-+ */
-+ if (cursor)
-+ cursor->c_close(cursor);
-+
-+ return rc;
-+}
-+
-+/*
-+ * Get the next entry. If we get a lock error we will restart the process
-+ * starting at the current key.
-+ */
-+static int
-+_cl5PurgeGetNextEntry (CL5Entry *entry, void *iterator, DBT *key)
-+{
-+ CL5Iterator *it;
-+ DBT data={0};
-+ int rc;
-+
-+ it = (CL5Iterator*) iterator;
-+
-+ key->flags = DB_DBT_MALLOC;
-+ data.flags = DB_DBT_MALLOC;
-+ while ((rc = it->cursor->c_get(it->cursor, key, &data, DB_NEXT)) == 0)
-+ {
-+ if (cl5HelperEntry ((char*)key->data, NULL))
-+ {
-+ slapi_ch_free(&key->data);
-+ slapi_ch_free(&(data.data));
-+ continue;
-+ }
-+
-+ /* format entry */
-+ rc = cl5DBData2Entry (data.data, data.size, entry);
-+ slapi_ch_free (&(data.data));
-+ if (rc != 0)
-+ {
-+ if (rc != CL5_DB_LOCK_ERROR){
-+ /* Not a lock error, free the key */
-+ slapi_ch_free(&key->data);
-+ }
-+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+ repl_plugin_name_cl,
-+ "_cl5PurgeGetNextEntry: failed to format entry: %d\n",
-+ rc);
-+
-+ }
-+
-+ return rc;
-+ }
-+ slapi_ch_free(&(data.data));
-+
-+ /* walked of the end of the file or entry is out of range */
-+ if (rc == 0 || rc == DB_NOTFOUND){
-+ slapi_ch_free(&key->data);
-+ return CL5_NOTFOUND;
-+ }
-+ if (rc != CL5_DB_LOCK_ERROR){
-+ /* Not a lock error, free the key */
-+ slapi_ch_free(&key->data);
-+ }
-+
-+ /* cursor operation failed */
-+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+ repl_plugin_name_cl,
-+ "_cl5PurgeGetNextEntry: failed to get entry; db error - %d %s\n",
-+ rc, db_strerror(rc));
-+
-+ return rc;
-+}
-+
-+#define MAX_RETRIES 10
-+/*
-+ * _cl5PurgeRID(Object *obj, ReplicaId cleaned_rid)
-+ *
-+ * Clean the entire changelog of updates from the "cleaned rid" via CLEANALLRUV
-+ * Delete entries in batches so we don't consume too many db locks, and we don't
-+ * lockup the changelog during the entire purging process using one transaction.
-+ * We save the key from the last iteration so we don't have to start from the
-+ * beginning for each new iteration.
-+ */
-+static void
-+_cl5PurgeRID(Object *obj, ReplicaId cleaned_rid)
-+{
-+ slapi_operation_parameters op = {0};
-+ ReplicaId csn_rid;
-+ CL5Entry entry;
-+ DB_TXN *txnid = NULL;
-+ DBT key = {0};
-+ void *iterator = NULL;
-+ long totalTrimmed = 0;
-+ long trimmed = 0;
-+ char *starting_key = NULL;
-+ int batch_count = 0;
-+ int db_lock_retry_count = 0;
-+ int first_pass = 1;
-+ int finished = 0;
-+ int rc = 0;
-+
-+ PR_ASSERT (obj);
-+ entry.op = &op;
-+
-+ /*
-+ * Keep processing the changelog until we are done, shutting down, or we
-+ * maxed out on the db lock retries.
-+ */
-+ while (!finished && db_lock_retry_count < MAX_RETRIES && !slapi_is_shutting_down()){
-+ trimmed = 0;
-+
-+ /*
-+ * Sleep a bit to allow others to use the changelog - we can't hog the
-+ * changelog for the entire purge.
-+ */
-+ DS_Sleep(PR_MillisecondsToInterval(100));
-+
-+ rc = TXN_BEGIN(s_cl5Desc.dbEnv, NULL, &txnid, 0);
-+ if (rc != 0){
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: failed to begin transaction; db error - %d %s. "
-+ "Changelog was not purged of rid(%d)\n",
-+ rc, db_strerror(rc), cleaned_rid);
-+ return;
-+ }
-+
-+ /*
-+ * Check every changelog entry for the cleaned rid
-+ */
-+ rc = _cl5PurgeGetFirstEntry(obj, &entry, &iterator, txnid, first_pass?0:cleaned_rid, &key);
-+ first_pass = 0;
-+ while (rc == CL5_SUCCESS && !slapi_is_shutting_down()) {
-+ /*
-+ * Store the new starting key - we need this starting key in case
-+ * we run out of locks and have to start the transaction over.
-+ */
-+ slapi_ch_free_string(&starting_key);
-+ starting_key = slapi_ch_strdup((char*)key.data);
-+
-+ if(trimmed == 10000 || (batch_count && trimmed == batch_count)){
-+ /*
-+ * Break out, and commit these deletes. Do not free the key,
-+ * we need it for the next pass.
-+ */
-+ cl5_operation_parameters_done (&op);
-+ db_lock_retry_count = 0; /* reset the retry count */
-+ break;
-+ }
-+ if(op.csn){
-+ csn_rid = csn_get_replicaid (op.csn);
-+ if (csn_rid == cleaned_rid){
-+ rc = _cl5CurrentDeleteEntry (iterator);
-+ if (rc != CL5_SUCCESS){
-+ /* log error */
-+ cl5_operation_parameters_done (&op);
-+ if (rc == CL5_DB_LOCK_ERROR){
-+ /*
-+ * Ran out of locks, need to restart the transaction.
-+ * Reduce the the batch count and reset the key to
-+ * the starting point
-+ */
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: Ran out of db locks deleting entry. "
-+ "Reduce the batch value and restart.\n");
-+ batch_count = trimmed - 10;
-+ if (batch_count < 10){
-+ batch_count = 10;
-+ }
-+ trimmed = 0;
-+ slapi_ch_free(&(key.data));
-+ key.data = starting_key;
-+ starting_key = NULL;
-+ db_lock_retry_count++;
-+ break;
-+ } else {
-+ /* fatal error */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: fatal error (%d)\n", rc);
-+ slapi_ch_free(&(key.data));
-+ finished = 1;
-+ break;
-+ }
-+ }
-+ trimmed++;
-+ }
-+ }
-+ slapi_ch_free(&(key.data));
-+ cl5_operation_parameters_done (&op);
-+
-+ rc = _cl5PurgeGetNextEntry (&entry, iterator, &key);
-+ if (rc == CL5_DB_LOCK_ERROR){
-+ /*
-+ * Ran out of locks, need to restart the transaction.
-+ * Reduce the the batch count and reset the key to the starting
-+ * point.
-+ */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: Ran out of db locks getting the next entry. "
-+ "Reduce the batch value and restart.\n");
-+ batch_count = trimmed - 10;
-+ if (batch_count < 10){
-+ batch_count = 10;
-+ }
-+ trimmed = 0;
-+ cl5_operation_parameters_done (&op);
-+ slapi_ch_free(&(key.data));
-+ key.data = starting_key;
-+ starting_key = NULL;
-+ db_lock_retry_count++;
-+ break;
-+ }
-+ }
-+
-+ if (rc == CL5_NOTFOUND){
-+ /* Scanned the entire changelog, we're done */
-+ finished = 1;
-+ }
-+
-+ /* Destroy the iterator before we finish with the txn */
-+ cl5DestroyIterator (iterator);
-+
-+ /*
-+ * Commit or abort the txn
-+ */
-+ if (rc == CL5_SUCCESS || rc == CL5_NOTFOUND){
-+ rc = TXN_COMMIT (txnid, 0);
-+ if (rc != 0){
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: failed to commit transaction; db error - %d %s. "
-+ "Changelog was not completely purged of rid (%d)\n",
-+ rc, db_strerror(rc), cleaned_rid);
-+ break;
-+ } else if (finished){
-+ /* We're done */
-+ totalTrimmed += trimmed;
-+ break;
-+ } else {
-+ /* Not done yet */
-+ totalTrimmed += trimmed;
-+ trimmed = 0;
-+ }
-+ } else {
-+ rc = TXN_ABORT (txnid);
-+ if (rc != 0){
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: failed to abort transaction; db error - %d %s. "
-+ "Changelog was not completely purged of rid (%d)\n",
-+ rc, db_strerror(rc), cleaned_rid);
-+ }
-+ if (batch_count == 0){
-+ /* This was not a retry. Fatal error, break out */
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: Changelog was not purged of rid (%d)\n",
-+ cleaned_rid);
-+ break;
-+ }
-+ }
-+ }
-+ slapi_ch_free_string(&starting_key);
-+
-+ slapi_log_error (SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ "_cl5PurgeRID: Removed (%ld entries) that originated from rid (%d)\n",
-+ totalTrimmed, cleaned_rid);
-+}
-+
- /* Note that each file contains changes for a single replicated area.
- trimming algorithm:
- */
- #define CL5_TRIM_MAX_PER_TRANSACTION 10
-
--static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
-+static void _cl5TrimFile (Object *obj, long *numToTrim)
- {
- DB_TXN *txnid;
- RUV *ruv = NULL;
-@@ -3606,7 +3956,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- }
-
- entry.op = &op;
--
- while ( !finished && !slapi_is_shutting_down() )
- {
- it = NULL;
-@@ -3627,7 +3976,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- }
-
- finished = _cl5GetFirstEntry (obj, &entry, &it, txnid);
-- while ( !finished )
-+ while ( !finished && !slapi_is_shutting_down())
- {
- /*
- * This change can be trimmed if it exceeds purge
-@@ -3641,11 +3990,12 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- continue;
- }
- csn_rid = csn_get_replicaid (op.csn);
-+
- if ( (*numToTrim > 0 || _cl5CanTrim (entry.time, numToTrim)) &&
- ruv_covers_csn_strict (ruv, op.csn) )
- {
- rc = _cl5CurrentDeleteEntry (it);
-- if ( rc == CL5_SUCCESS && cleaned_rid != csn_rid)
-+ if ( rc == CL5_SUCCESS)
- {
- rc = _cl5UpdateRUV (obj, op.csn, PR_FALSE, PR_TRUE);
- }
-@@ -3659,7 +4009,6 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- /* The above two functions have logged the error */
- abort = PR_TRUE;
- }
--
- }
- else
- {
-@@ -3716,7 +4065,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- rc = TXN_ABORT (txnid);
- if (rc != 0)
- {
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "_cl5TrimFile: failed to abort transaction; db error - %d %s\n",
- rc, db_strerror(rc));
- }
-@@ -3727,7 +4076,7 @@ static void _cl5TrimFile (Object *obj, long *numToTrim, ReplicaId cleaned_rid)
- if (rc != 0)
- {
- finished = 1;
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "_cl5TrimFile: failed to commit transaction; db error - %d %s\n",
- rc, db_strerror(rc));
- }
-@@ -4751,9 +5100,9 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
- goto done;
- }
- #endif
-- /* back off */
-+ /* back off */
- interval = PR_MillisecondsToInterval(slapi_rand() % 100);
-- DS_Sleep(interval);
-+ DS_Sleep(interval);
- }
- #if USE_DB_TXN
- /* begin transaction */
-@@ -4799,19 +5148,19 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
- }
- cnt ++;
- }
--
-+
- if (rc == 0) /* we successfully added entry */
- {
- #if USE_DB_TXN
- rc = TXN_COMMIT (txnid, 0);
- #endif
- }
-- else
-+ else
- {
-- char s[CSN_STRSIZE];
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ char s[CSN_STRSIZE];
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "_cl5WriteOperationTxn: failed to write entry with csn (%s); "
-- "db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s),
-+ "db error - %d %s\n", csn_as_string(op->csn,PR_FALSE,s),
- rc, db_strerror(rc));
- #if USE_DB_TXN
- rc = TXN_ABORT (txnid);
-@@ -4832,7 +5181,7 @@ static int _cl5WriteOperationTxn(const char *replName, const char *replGen,
- /* update purge vector if we have not seen any changes from this replica before */
- _cl5UpdateRUV (file_obj, op->csn, PR_TRUE, PR_TRUE);
-
-- slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl,
-+ slapi_log_error(SLAPI_LOG_PLUGIN, repl_plugin_name_cl,
- "cl5WriteOperationTxn: successfully written entry with csn (%s)\n", csnStr);
- rc = CL5_SUCCESS;
- done:
-@@ -4846,7 +5195,7 @@ done:
- return rc;
- }
-
--static int _cl5WriteOperation(const char *replName, const char *replGen,
-+static int _cl5WriteOperation(const char *replName, const char *replGen,
- const slapi_operation_parameters *op, PRBool local)
- {
- return _cl5WriteOperationTxn(replName, replGen, op, local, NULL);
-@@ -4897,7 +5246,7 @@ static int _cl5GetFirstEntry (Object *obj, CL5Entry *entry, void **iterator, DB_
- goto done;
- }
-
-- it = (CL5Iterator*)slapi_ch_malloc (sizeof (CL5Iterator));
-+ it = (CL5Iterator*)slapi_ch_malloc(sizeof (CL5Iterator));
- it->cursor = cursor;
- object_acquire (obj);
- it->file = obj;
-@@ -4972,7 +5321,7 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator)
- slapi_ch_free (&(data.data));
- if (rc != 0)
- {
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
- "_cl5GetNextEntry: failed to format entry: %d\n", rc);
- }
-
-@@ -5001,38 +5350,42 @@ static int _cl5GetNextEntry (CL5Entry *entry, void *iterator)
- }
-
- /* cursor operation failed */
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "_cl5GetNextEntry: failed to get entry; db error - %d %s\n",
-- rc, db_strerror(rc));
-+ slapi_log_error(rc == CL5_DB_LOCK_ERROR?SLAPI_LOG_REPL:SLAPI_LOG_FATAL,
-+ repl_plugin_name_cl,
-+ "_cl5GetNextEntry: failed to get entry; db error - %d %s\n",
-+ rc, db_strerror(rc));
-
-- return CL5_DB_ERROR;
-+ return rc;
- }
-
- static int _cl5CurrentDeleteEntry (void *iterator)
- {
- int rc;
- CL5Iterator *it;
-- CL5DBFile *file;
-+ CL5DBFile *file;
-
-- PR_ASSERT (iterator);
-+ PR_ASSERT (iterator);
-
- it = (CL5Iterator*)iterator;
-
- rc = it->cursor->c_del (it->cursor, 0);
-
- if (rc == 0) {
-- /* decrement entry count */
-- file = (CL5DBFile*)object_get_data (it->file);
-- PR_AtomicDecrement (&file->entryCount);
-- return CL5_SUCCESS;
-- } else {
-- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "_cl5CurrentDeleteEntry failed, err=%d %s\n",
-- rc, db_strerror(rc));
-- /* We don't free(close) the cursor here, as the caller will free it by a call to cl5DestroyIterator */
-- /* Freeing it here is a potential bug, as the cursor can't be referenced later once freed */
-- return CL5_DB_ERROR;
-- }
-+ /* decrement entry count */
-+ file = (CL5DBFile*)object_get_data (it->file);
-+ PR_AtomicDecrement (&file->entryCount);
-+ return CL5_SUCCESS;
-+ } else {
-+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-+ "_cl5CurrentDeleteEntry failed, err=%d %s\n",
-+ rc, db_strerror(rc));
-+ /*
-+ * We don't free(close) the cursor here, as the caller will free it by
-+ * a call to cl5DestroyIterator. Freeing it here is a potential bug,
-+ * as the cursor can't be referenced later once freed.
-+ */
-+ return rc;
-+ }
- }
-
- static PRBool _cl5IsValidIterator (const CL5Iterator *iterator)
-@@ -6304,7 +6657,7 @@ static int _cl5ExportFile (PRFileDesc *prFile, Object *obj)
- slapi_write_buffer (prFile, "\n", strlen("\n"));
-
- entry.op = &op;
-- rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL);
-+ rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL);
- while (rc == CL5_SUCCESS)
- {
- rc = _cl5Operation2LDIF (&op, file->replGen, &buff, &len);
-@@ -6725,16 +7078,16 @@ cl5CleanRUV(ReplicaId rid){
- slapi_rwlock_unlock (s_cl5Desc.stLock);
- }
-
--void trigger_cl_trimming(ReplicaId rid){
-+void trigger_cl_purging(ReplicaId rid){
- PRThread *trim_tid = NULL;
-
-- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_trimming: rid (%d)\n",(int)rid);
-- trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_trimming_thread,
-+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "trigger_cl_purging: rid (%d)\n",(int)rid);
-+ trim_tid = PR_CreateThread(PR_USER_THREAD, (VFP)(void*)trigger_cl_purging_thread,
- (void *)&rid, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
- PR_UNJOINABLE_THREAD, DEFAULT_THREAD_STACKSIZE);
- if (NULL == trim_tid){
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "trigger_cl_trimming: failed to create trimming "
-+ "trigger_cl_purging: failed to create trimming "
- "thread; NSPR error - %d\n", PR_GetError ());
- } else {
- /* need a little time for the thread to get started */
-@@ -6743,7 +7096,7 @@ void trigger_cl_trimming(ReplicaId rid){
- }
-
- void
--trigger_cl_trimming_thread(void *arg){
-+trigger_cl_purging_thread(void *arg){
- ReplicaId rid = *(ReplicaId *)arg;
-
- /* make sure we have a change log, and we aren't closing it */
-@@ -6752,7 +7105,7 @@ trigger_cl_trimming_thread(void *arg){
- }
- if (CL5_SUCCESS != _cl5AddThread()) {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
-- "trigger_cl_trimming: failed to increment thread count "
-+ "trigger_cl_purging: failed to increment thread count "
- "NSPR error - %d\n", PR_GetError ());
- }
- _cl5DoTrimming(rid);
-diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h
-index ba9eb32..5dcc8e2 100644
---- a/ldap/servers/plugins/replication/cl5_api.h
-+++ b/ldap/servers/plugins/replication/cl5_api.h
-@@ -145,6 +145,9 @@ enum
- CL5_CSN_ERROR, /* CSN API failed */
- CL5_RUV_ERROR, /* RUV API failed */
- CL5_OBJSET_ERROR, /* namedobjset api failed */
-+ CL5_DB_LOCK_ERROR, /* bdb returns error 12 when the db runs out of locks,
-+ this var needs to be in slot 12 of the list.
-+ Do not re-order enum above! */
- CL5_PURGED_DATA, /* requested data has been purged */
- CL5_MISSING_DATA, /* data should be in the changelog, but is missing */
- CL5_UNKNOWN_ERROR, /* unclassified error */
-@@ -492,6 +495,6 @@ int cl5WriteRUV();
- int cl5DeleteRUV();
- void cl5CleanRUV(ReplicaId rid);
- void cl5NotifyCleanup(int rid);
--void trigger_cl_trimming(ReplicaId rid);
-+void trigger_cl_purging(ReplicaId rid);
-
- #endif
-diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
-index 1570ba7..974778c 100644
---- a/ldap/servers/plugins/replication/repl5_replica_config.c
-+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
-@@ -1468,6 +1468,11 @@ replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext /* not
- */
- cl5CleanRUV(rid);
-
-+ /*
-+ * Now purge the changelog
-+ */
-+ trigger_cl_purging(rid);
-+
- if (rc != RUV_SUCCESS){
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanruv_task: task failed(%d)\n",rc);
- return LDAP_OPERATIONS_ERROR;
-@@ -1867,7 +1872,7 @@ replica_cleanallruv_thread(void *arg)
- /* no agmts, just clean this replica */
- break;
- }
-- while (agmt_obj){
-+ while (agmt_obj && !slapi_is_shutting_down()){
- agmt = (Repl_Agmt*)object_get_data (agmt_obj);
- if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
- agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
-@@ -1947,13 +1952,15 @@ replica_cleanallruv_thread(void *arg)
- break;
- }
- /*
-- * need to sleep between passes
-+ * Need to sleep between passes unless we are shutting down
- */
-- cleanruv_log(data->task, CLEANALLRUV_ID, "Replicas have not been cleaned yet, "
-- "retrying in %d seconds", interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
-+ if (!slapi_is_shutting_down()){
-+ cleanruv_log(data->task, CLEANALLRUV_ID, "Replicas have not been cleaned yet, "
-+ "retrying in %d seconds", interval);
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
-
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
-@@ -1964,10 +1971,9 @@ replica_cleanallruv_thread(void *arg)
-
- done:
- /*
-- * If the replicas are cleaned, release the rid, and trim the changelog
-+ * If the replicas are cleaned, release the rid
- */
- if(!aborted){
-- trigger_cl_trimming(data->rid);
- delete_cleaned_rid_config(data);
- /* make sure all the replicas have been "pre_cleaned" before finishing */
- check_replicas_are_done_cleaning(data);
-@@ -1977,7 +1983,7 @@ done:
- /*
- * Shutdown or abort
- */
-- if(!is_task_aborted(data->rid)){
-+ if(!is_task_aborted(data->rid) || slapi_is_shutting_down()){
- cleanruv_log(data->task, CLEANALLRUV_ID,"Server shutting down. Process will resume at server startup");
- } else {
- cleanruv_log(data->task, CLEANALLRUV_ID,"Task aborted for rid(%d).",data->rid);
-@@ -2212,7 +2218,7 @@ check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn)
- not_all_caughtup = 0;
- break;
- }
-- while (agmt_obj){
-+ while (agmt_obj && !slapi_is_shutting_down()){
- agmt = (Repl_Agmt*)object_get_data (agmt_obj);
- if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
- agmt_obj = agmtlist_get_next_agreement_for_replica (data->replica, agmt_obj);
-@@ -2269,7 +2275,7 @@ check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task)
- not_all_alive = 0;
- break;
- }
-- while (agmt_obj){
-+ while (agmt_obj && !slapi_is_shutting_down()){
- agmt = (Repl_Agmt*)object_get_data (agmt_obj);
- if(!agmt_is_enabled(agmt) || get_agmt_agreement_type(agmt) == REPLICA_TYPE_WINDOWS){
- agmt_obj = agmtlist_get_next_agreement_for_replica (replica, agmt_obj);
-@@ -3034,12 +3040,14 @@ replica_abort_task_thread(void *arg)
- break;
- }
- /*
-- * need to sleep between passes
-+ * Need to sleep between passes. unless we are shutting down
- */
-- cleanruv_log(data->task, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval);
-- PR_Lock( notify_lock );
-- PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-- PR_Unlock( notify_lock );
-+ if (!slapi_is_shutting_down()){
-+ cleanruv_log(data->task, ABORT_CLEANALLRUV_ID,"Retrying in %d seconds",interval);
-+ PR_Lock( notify_lock );
-+ PR_WaitCondVar( notify_cvar, PR_SecondsToInterval(interval) );
-+ PR_Unlock( notify_lock );
-+ }
-
- if(interval < 14400){ /* 4 hour max */
- interval = interval * 2;
-@@ -3057,7 +3065,7 @@ done:
- * Wait for this server to stop its cleanallruv task(which removes the rid from the cleaned list)
- */
- cleanruv_log(data->task, ABORT_CLEANALLRUV_ID, "Waiting for CleanAllRUV task to abort...");
-- while(is_cleaned_rid(data->rid)){
-+ while(is_cleaned_rid(data->rid) && !slapi_is_shutting_down()){
- DS_Sleep(PR_SecondsToInterval(1));
- count++;
- if(count == 60){ /* it should not take this long */
---
-1.9.3
-
diff --git a/SOURCES/0081-Ticket-47931-memberOf-retrocl-deadlocks.patch b/SOURCES/0081-Ticket-47931-memberOf-retrocl-deadlocks.patch
deleted file mode 100644
index c5ce9dc..0000000
--- a/SOURCES/0081-Ticket-47931-memberOf-retrocl-deadlocks.patch
+++ /dev/null
@@ -1,1317 +0,0 @@
-From 570d9af5ceed18e600bbf040e48752f923718a01 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Tue, 4 Aug 2015 12:19:31 -0400
-Subject: [PATCH 81/84] Ticket 47931 - memberOf & retrocl deadlocks
-
-Bug Description: When concurrently updating multiple backends the
- memberOf and retrocl plugins can deadlock on each
- other. This is caused by the required retrocl lock,
- and the db lock on the changenumber index in the
- retrocl db.
-
-Fix Description: Added scoping to the retrocl that allows subtrees/suffixes
- to be included or excluded. Also moved the existing
- memberOf scoping outside of its global lock.
-
- Also improved the memberOf config copying to be consistent
- and more efficient. Improved the memberOf scoping attributes
- to be multivalued. And, properly valdiated new config
- settings in the preop valdiation function, instead of the
- "apply config" function.
-
-https://fedorahosted.org/389/ticket/47931
-
-Valgrind: passed
-
-Reviewed by: nhosoi(Thanks!)
-
-(cherry picked from commit fd959ac864d6d86d24928bc2c6f097d1a6031ecd)
-(cherry picked from commit d8108476d3bedbcc03f6c61bfb3d50e921faaf42)
-(cherry picked from commit 9ba3240a177c156e365f22c721432321bb0a679e)
----
- ldap/servers/plugins/memberof/memberof.c | 247 ++++++++++++++---------
- ldap/servers/plugins/memberof/memberof.h | 8 +-
- ldap/servers/plugins/memberof/memberof_config.c | 253 +++++++++++++++++-------
- ldap/servers/plugins/retrocl/retrocl.c | 183 +++++++++++++++--
- ldap/servers/plugins/retrocl/retrocl.h | 4 +
- ldap/servers/plugins/retrocl/retrocl_po.c | 41 +++-
- 6 files changed, 536 insertions(+), 200 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index 14bad98..1840e34 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -148,7 +148,7 @@ static int memberof_compare(MemberOfConfig *config, const void *a, const void *b
- static int memberof_qsort_compare(const void *a, const void *b);
- static void memberof_load_array(Slapi_Value **array, Slapi_Attr *attr);
- static int memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *sdn);
--static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
-+static int memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn, MemberOfConfig *config,
- char **types, plugin_search_entry_callback callback, void *callback_data);
- static int memberof_is_direct_member(MemberOfConfig *config, Slapi_Value *groupdn,
- Slapi_Value *memberdn);
-@@ -176,7 +176,7 @@ static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
- static void memberof_fixup_task_thread(void *arg);
- static int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str);
- static int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data);
--
-+static int memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn);
-
- /*** implementation ***/
-
-@@ -521,7 +521,8 @@ memberof_get_plugin_area()
- int memberof_postop_del(Slapi_PBlock *pb)
- {
- int ret = SLAPI_PLUGIN_SUCCESS;
-- MemberOfConfig configCopy = {0, 0, 0, 0};
-+ MemberOfConfig *mainConfig = NULL;
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- Slapi_DN *sdn;
- void *caller_id = NULL;
-
-@@ -541,12 +542,13 @@ int memberof_postop_del(Slapi_PBlock *pb)
- struct slapi_entry *e = NULL;
-
- slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &e );
--
-- /* We need to get the config lock first. Trying to get the
-- * config lock after we already hold the op lock can cause
-- * a deadlock. */
- memberof_rlock_config();
-- /* copy config so it doesn't change out from under us */
-+ mainConfig = memberof_get_config();
-+ if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){
-+ /* The entry is not in scope, bail...*/
-+ memberof_unlock_config();
-+ goto bail;
-+ }
- memberof_copy_config(&configCopy, memberof_get_config());
- memberof_unlock_config();
-
-@@ -561,7 +563,6 @@ int memberof_postop_del(Slapi_PBlock *pb)
- "memberof_postop_del: error deleting dn (%s) from group. Error (%d)\n",
- slapi_sdn_get_dn(sdn),ret);
- memberof_unlock();
-- memberof_free_config(&configCopy);
- goto bail;
- }
-
-@@ -586,10 +587,10 @@ int memberof_postop_del(Slapi_PBlock *pb)
- }
- }
- memberof_unlock();
-+bail:
- memberof_free_config(&configCopy);
- }
-
--bail:
- if(ret){
- slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
- ret = SLAPI_PLUGIN_FAILURE;
-@@ -623,7 +624,7 @@ memberof_del_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config, Slapi_DN *
-
- groupattrs[0] = config->groupattrs[i];
-
-- rc = memberof_call_foreach_dn(pb, sdn, groupattrs,
-+ rc = memberof_call_foreach_dn(pb, sdn, config, groupattrs,
- memberof_del_dn_type_callback, &data);
- }
-
-@@ -673,6 +674,20 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
- return rc;
- }
-
-+/* Check if the the entry include scope is a child of the sdn */
-+static Slapi_DN*
-+memberof_scope_is_child_of_dn(MemberOfConfig *config, Slapi_DN *sdn)
-+{
-+ int i = 0;
-+
-+ while(config->entryScopes && config->entryScopes[i]){
-+ if(slapi_sdn_issuffix(config->entryScopes[i], sdn)){
-+ return config->entryScopes[i];
-+ }
-+ i++;
-+ }
-+ return NULL;
-+}
- /*
- * Does a callback search of "type=dn" under the db suffix that "dn" is in,
- * unless all_backends is set, then we look at all the backends. If "dn"
-@@ -681,7 +696,7 @@ memberof_del_dn_type_callback(Slapi_Entry *e, void *callback_data)
- */
- int
- memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
-- char **types, plugin_search_entry_callback callback, void *callback_data)
-+ MemberOfConfig *config, char **types, plugin_search_entry_callback callback, void *callback_data)
- {
- Slapi_PBlock *search_pb = NULL;
- Slapi_DN *base_sdn = NULL;
-@@ -689,9 +704,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- char *escaped_filter_val;
- char *filter_str = NULL;
- char *cookie = NULL;
-- int all_backends = memberof_config_get_all_backends();
-- Slapi_DN *entry_scope = memberof_config_get_entry_scope();
-- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
-+ int all_backends = config->allBackends;
- int types_name_len = 0;
- int num_types = 0;
- int dn_len = slapi_sdn_get_ndn_len(sdn);
-@@ -699,11 +712,7 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- int rc = 0;
- int i = 0;
-
-- if (entry_scope && !slapi_sdn_issuffix(sdn, entry_scope)) {
-- return (rc);
-- }
--
-- if (entry_scope_exclude_subtree && slapi_sdn_issuffix(sdn, entry_scope_exclude_subtree)) {
-+ if (!memberof_entry_in_scope(config, sdn)) {
- return (rc);
- }
-
-@@ -760,6 +769,8 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- search_pb = slapi_pblock_new();
- be = slapi_get_first_backend(&cookie);
- while(be){
-+ Slapi_DN *scope_sdn = NULL;
-+
- if(!all_backends){
- be = slapi_be_select(sdn);
- if(be == NULL){
-@@ -775,13 +786,14 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- continue;
- }
- }
-- if (entry_scope) {
-- if (slapi_sdn_issuffix(base_sdn, entry_scope)) {
-+
-+ if (config->entryScopes || config->entryScopeExcludeSubtrees) {
-+ if (memberof_entry_in_scope(config, base_sdn)) {
- /* do nothing, entry scope is spanning
- * multiple suffixes, start at suffix */
-- } else if (slapi_sdn_issuffix(entry_scope, base_sdn)) {
-+ } else if ((scope_sdn = memberof_scope_is_child_of_dn(config, base_sdn))) {
- /* scope is below suffix, set search base */
-- base_sdn = entry_scope;
-+ base_sdn = scope_sdn;
- } else if(!all_backends){
- break;
- } else {
-@@ -799,7 +811,6 @@ memberof_call_foreach_dn(Slapi_PBlock *pb, Slapi_DN *sdn,
- break;
- }
-
--
- if(!all_backends){
- break;
- }
-@@ -824,10 +835,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- {
- int ret = SLAPI_PLUGIN_SUCCESS;
- void *caller_id = NULL;
-- Slapi_DN *entry_scope = NULL;
-- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
-
-- entry_scope = memberof_config_get_entry_scope();
- slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
- "--> memberof_postop_modrdn\n" );
-
-@@ -842,7 +850,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- if(memberof_oktodo(pb))
- {
- MemberOfConfig *mainConfig = 0;
-- MemberOfConfig configCopy = {0, 0, 0, 0};
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- struct slapi_entry *pre_e = NULL;
- struct slapi_entry *post_e = NULL;
- Slapi_DN *pre_sdn = 0;
-@@ -850,7 +858,6 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
-
- slapi_pblock_get( pb, SLAPI_ENTRY_PRE_OP, &pre_e );
- slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &post_e );
--
- if(pre_e && post_e)
- {
- pre_sdn = slapi_entry_get_sdn(pre_e);
-@@ -863,11 +870,19 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- memberof_copy_config(&configCopy, mainConfig);
- memberof_unlock_config();
-
-+ /* Need to check both the pre/post entries */
-+ if((pre_sdn && !memberof_entry_in_scope(&configCopy, pre_sdn)) &&
-+ (post_sdn && !memberof_entry_in_scope(&configCopy, post_sdn)))
-+ {
-+ /* The entry is not in scope */
-+ goto bail;
-+ }
-+
- memberof_lock();
-
- /* update any downstream members */
- if(pre_sdn && post_sdn && configCopy.group_filter &&
-- 0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
-+ 0 == slapi_filter_test_simple(post_e, configCopy.group_filter))
- {
- int i = 0;
- Slapi_Attr *attr = 0;
-@@ -879,7 +894,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- if(0 == slapi_entry_attr_find(post_e, configCopy.groupattrs[i], &attr))
- {
- if((ret = memberof_moddn_attr_list(pb, &configCopy, pre_sdn,
-- post_sdn, attr) != 0))
-+ post_sdn, attr) != 0))
- {
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_postop_modrdn - update failed for (%s), error (%d)\n",
-@@ -894,49 +909,49 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- * of other group entries. We need to update any member
- * attributes to refer to the new name. */
- if (ret == LDAP_SUCCESS && pre_sdn && post_sdn) {
-- if ((entry_scope && !slapi_sdn_issuffix(post_sdn, entry_scope)) ||
-- (entry_scope_exclude_subtree && slapi_sdn_issuffix(post_sdn, entry_scope_exclude_subtree))) {
-+ if (!memberof_entry_in_scope(&configCopy, post_sdn)){
- if((ret = memberof_del_dn_from_groups(pb, &configCopy, pre_sdn))){
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_postop_modrdn - delete dn failed for (%s), error (%d)\n",
- slapi_sdn_get_dn(pre_sdn), ret);
- }
- if(ret == LDAP_SUCCESS && pre_e && configCopy.group_filter &&
-- 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter)) {
-+ 0 == slapi_filter_test_simple(pre_e, configCopy.group_filter))
-+ {
- /* is the entry of interest as a group? */
-- int i = 0;
-- Slapi_Attr *attr = 0;
--
-- /* Loop through to find each grouping attribute separately. */
-- for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
-- if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
-- if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
-- slapi_sdn_get_dn(pre_sdn),ret);
-- }
-+ int i = 0;
-+ Slapi_Attr *attr = 0;
-
-+ /* Loop through to find each grouping attribute separately. */
-+ for (i = 0; configCopy.groupattrs[i] && ret == LDAP_SUCCESS; i++) {
-+ if (0 == slapi_entry_attr_find(pre_e, configCopy.groupattrs[i], &attr)) {
-+ if((ret = memberof_del_attr_list(pb, &configCopy, pre_sdn, attr))){
-+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_postop_modrdn: error deleting attr list - dn (%s). Error (%d)\n",
-+ slapi_sdn_get_dn(pre_sdn),ret);
- }
-+
- }
-- }
-+ }
-+ }
- if(ret == LDAP_SUCCESS) {
-- memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
-- if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
-- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
-- slapi_entry_get_dn(post_e), ret);
-- }
-+ memberof_del_dn_data del_data = {0, configCopy.memberof_attr};
-+ if((ret = memberof_del_dn_type_callback(post_e, &del_data))){
-+ slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-+ "memberof_postop_modrdn - delete dn callback failed for (%s), error (%d)\n",
-+ slapi_entry_get_dn(post_e), ret);
- }
-+ }
- } else {
- if((ret = memberof_replace_dn_from_groups(pb, &configCopy, pre_sdn, post_sdn))){
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "memberof_postop_modrdn - replace dne failed for (%s), error (%d)\n",
-+ "memberof_postop_modrdn - replace dn failed for (%s), error (%d)\n",
- slapi_sdn_get_dn(pre_sdn), ret);
- }
- }
- }
--
- memberof_unlock();
-+bail:
- memberof_free_config(&configCopy);
- }
-
-@@ -978,7 +993,7 @@ memberof_replace_dn_from_groups(Slapi_PBlock *pb, MemberOfConfig *config,
-
- groupattrs[0] = config->groupattrs[i];
-
-- if((ret = memberof_call_foreach_dn(pb, pre_sdn, groupattrs,
-+ if((ret = memberof_call_foreach_dn(pb, pre_sdn, config, groupattrs,
- memberof_replace_dn_type_callback,
- &data)))
- {
-@@ -1096,12 +1111,11 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- goto done;
- }
-
--
-- if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
-+ if(memberof_oktodo(pb))
- {
- int config_copied = 0;
- MemberOfConfig *mainConfig = 0;
-- MemberOfConfig configCopy = {0, 0, 0, 0};
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-
- /* get the mod set */
- slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
-@@ -1120,19 +1134,22 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- * only copy the config the first time it's needed so
- * it remains the same for all mods in the operation,
- * despite any config changes that may be made. */
-- if (!config_copied)
-- {
-+ if (!config_copied){
- memberof_rlock_config();
- mainConfig = memberof_get_config();
-
- if (memberof_is_grouping_attr(type, mainConfig))
- {
- interested = 1;
-+ if (!memberof_entry_in_scope(mainConfig, sdn)){
-+ /* Entry is not in scope */
-+ memberof_unlock_config();
-+ goto bail;
-+ }
- /* copy config so it doesn't change out from under us */
- memberof_copy_config(&configCopy, mainConfig);
- config_copied = 1;
- }
--
- memberof_unlock_config();
- } else {
- if (memberof_is_grouping_attr(type, &configCopy))
-@@ -1229,8 +1246,7 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- }
-
- bail:
-- if (config_copied)
-- {
-+ if (config_copied){
- memberof_free_config(&configCopy);
- }
-
-@@ -1276,22 +1292,25 @@ int memberof_postop_add(Slapi_PBlock *pb)
-
- if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
- {
-- MemberOfConfig *mainConfig = 0;
-- MemberOfConfig configCopy = {0, 0, 0, 0};
- struct slapi_entry *e = NULL;
--
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-+ MemberOfConfig *mainConfig;
- slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &e );
--
-
- /* is the entry of interest? */
- memberof_rlock_config();
- mainConfig = memberof_get_config();
- if(e && mainConfig && mainConfig->group_filter &&
- 0 == slapi_filter_test_simple(e, mainConfig->group_filter))
-+
- {
- interested = 1;
-- /* copy config so it doesn't change out from under us */
-- memberof_copy_config(&configCopy, mainConfig);
-+ if(!memberof_entry_in_scope(mainConfig, slapi_entry_get_sdn(e))){
-+ /* Entry is not in scope */
-+ memberof_unlock_config();
-+ goto bail;
-+ }
-+ memberof_copy_config(&configCopy, memberof_get_config());
- }
- memberof_unlock_config();
-
-@@ -1316,11 +1335,11 @@ int memberof_postop_add(Slapi_PBlock *pb)
- }
-
- memberof_unlock();
--
- memberof_free_config(&configCopy);
- }
- }
-
-+bail:
- if(ret){
- slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ret);
- ret = SLAPI_PLUGIN_FAILURE;
-@@ -1358,26 +1377,61 @@ int memberof_oktodo(Slapi_PBlock *pb)
- }
-
- if(slapi_pblock_get(pb, SLAPI_PLUGIN_OPRETURN, &oprc) != 0)
-- {
-+ {
- slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
- "memberof_postop_oktodo: could not get parameters\n" );
- ret = -1;
- }
-
-- /* this plugin should only execute if the operation succeeded
-- */
-- if(oprc != 0)
-+ /* this plugin should only execute if the operation succeeded */
-+ if(oprc != 0)
- {
- ret = 0;
- }
--
-+
-+bail:
- slapi_log_error( SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM,
- "<-- memberof_postop_oktodo\n" );
-
--bail:
- return ret;
- }
-
-+/*
-+ * Return 1 if the entry is in the scope.
-+ * For MODRDN the caller should check both the preop
-+ * and postop entries. If we are moving out of, or
-+ * into scope, we should process it.
-+ */
-+static int
-+memberof_entry_in_scope(MemberOfConfig *config, Slapi_DN *sdn)
-+{
-+ if (config->entryScopeExcludeSubtrees){
-+ int i = 0;
-+
-+ /* check the excludes */
-+ while(config->entryScopeExcludeSubtrees[i]){
-+ if (slapi_sdn_issuffix(sdn, config->entryScopeExcludeSubtrees[i])){
-+ return 0;
-+ }
-+ i++;
-+ }
-+ }
-+ if (config->entryScopes){
-+ int i = 0;
-+
-+ /* check the excludes */
-+ while(config->entryScopes[i]){
-+ if (slapi_sdn_issuffix(sdn, config->entryScopes[i])){
-+ return 1;
-+ }
-+ i++;
-+ }
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
- static Slapi_DN *
- memberof_getsdn(Slapi_PBlock *pb)
- {
-@@ -2045,7 +2099,7 @@ memberof_get_groups_r(MemberOfConfig *config, Slapi_DN *member_sdn,
- {
- /* Search for any grouping attributes that point to memberdn.
- * For each match, add it to the list, recurse and do same search */
-- return memberof_call_foreach_dn(NULL, member_sdn, config->groupattrs,
-+ return memberof_call_foreach_dn(NULL, member_sdn, config, config->groupattrs,
- memberof_get_groups_callback, data);
- }
-
-@@ -2057,12 +2111,12 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- {
- Slapi_DN *group_sdn = slapi_entry_get_sdn(e);
- char *group_ndn = slapi_entry_get_ndn(e);
-- char *group_dn = slapi_entry_get_dn(e);
-+ char *group_dn = slapi_entry_get_dn(e);
- Slapi_Value *group_ndn_val = 0;
-- Slapi_Value *group_dn_val = 0;
-+ Slapi_Value *group_dn_val = 0;
- Slapi_ValueSet *groupvals = *((memberof_get_groups_data*)callback_data)->groupvals;
-- Slapi_ValueSet *group_norm_vals = *((memberof_get_groups_data*)callback_data)->group_norm_vals;
-- Slapi_DN *entry_scope_exclude_subtree = memberof_config_get_entry_scope_exclude_subtree();
-+ Slapi_ValueSet *group_norm_vals = *((memberof_get_groups_data*)callback_data)->group_norm_vals;
-+ MemberOfConfig *config = ((memberof_get_groups_data*)callback_data)->config;
- int rc = 0;
-
- if(slapi_is_shutting_down()){
-@@ -2116,18 +2170,19 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- goto bail;
- }
-
-- /* if the group does not belong to an excluded subtree, adds it to the valueset */
-- if (!(entry_scope_exclude_subtree && slapi_sdn_issuffix(group_sdn, entry_scope_exclude_subtree))) {
-- /* Push group_dn_val into the valueset. This memory is now owned
-- * by the valueset. */
-- group_dn_val = slapi_value_new_string(group_dn);
-- slapi_valueset_add_value_ext(groupvals, group_dn_val, SLAPI_VALUE_FLAG_PASSIN);
-- slapi_valueset_add_value_ext(group_norm_vals, group_ndn_val, SLAPI_VALUE_FLAG_PASSIN);
-- }
--
-- /* now recurse to find parent groups of e */
-- memberof_get_groups_r(((memberof_get_groups_data*)callback_data)->config,
-- group_sdn, callback_data);
-+ /* if the group does not belong to an excluded subtree, adds it to the valueset */
-+ if (memberof_entry_in_scope(config, group_sdn)) {
-+ /* Push group_dn_val into the valueset. This memory is now owned
-+ * by the valueset. */
-+ group_dn_val = slapi_value_new_string(group_dn);
-+ slapi_valueset_add_value_ext(groupvals, group_dn_val, SLAPI_VALUE_FLAG_PASSIN);
-+ slapi_valueset_add_value_ext(group_norm_vals, group_ndn_val, SLAPI_VALUE_FLAG_PASSIN);
-+ }
-+ if(!config->skip_nested || config->fixup_task){
-+ /* now recurse to find parent groups of e */
-+ memberof_get_groups_r(((memberof_get_groups_data*)callback_data)->config,
-+ group_sdn, callback_data);
-+ }
-
- bail:
- return rc;
-@@ -2218,8 +2273,8 @@ memberof_test_membership(Slapi_PBlock *pb, MemberOfConfig *config,
- {
- char *attrs[2] = {config->memberof_attr, 0};
-
-- return memberof_call_foreach_dn(pb, group_sdn, attrs,
-- memberof_test_membership_callback , config);
-+ return memberof_call_foreach_dn(pb, group_sdn, config, attrs,
-+ memberof_test_membership_callback, config);
- }
-
- /*
-diff --git a/ldap/servers/plugins/memberof/memberof.h b/ldap/servers/plugins/memberof/memberof.h
-index 59029d7..4516387 100644
---- a/ldap/servers/plugins/memberof/memberof.h
-+++ b/ldap/servers/plugins/memberof/memberof.h
-@@ -80,8 +80,10 @@ typedef struct memberofconfig {
- char **groupattrs;
- char *memberof_attr;
- int allBackends;
-- Slapi_DN *entryScope;
-- Slapi_DN *entryScopeExcludeSubtree;
-+ Slapi_DN **entryScopes;
-+ int entryScopeCount;
-+ Slapi_DN **entryScopeExcludeSubtrees;
-+ int entryExcludeScopeCount;
- Slapi_Filter *group_filter;
- Slapi_Attr **group_slapiattrs;
- } MemberOfConfig;
-@@ -100,8 +102,6 @@ void memberof_rlock_config();
- void memberof_wlock_config();
- void memberof_unlock_config();
- int memberof_config_get_all_backends();
--Slapi_DN * memberof_config_get_entry_scope();
--Slapi_DN * memberof_config_get_entry_scope_exclude_subtree();
- void memberof_set_config_area(Slapi_DN *sdn);
- Slapi_DN * memberof_get_config_area();
- void memberof_set_plugin_area(Slapi_DN *sdn);
-diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
-index eb83bd0..5fc1314 100644
---- a/ldap/servers/plugins/memberof/memberof_config.c
-+++ b/ldap/servers/plugins/memberof/memberof_config.c
-@@ -77,7 +77,7 @@ static int memberof_search (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_En
- /* This is the main configuration which is updated from dse.ldif. The
- * config will be copied when it is used by the plug-in to prevent it
- * being changed out from under a running memberOf operation. */
--static MemberOfConfig theConfig = {NULL, NULL,0, NULL, NULL, NULL, NULL};
-+static MemberOfConfig theConfig = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- static Slapi_RWLock *memberof_config_lock = 0;
- static int inited = 0;
-
-@@ -89,6 +89,19 @@ static int dont_allow_that(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Ent
- return SLAPI_DSE_CALLBACK_ERROR;
- }
-
-+static void
-+memberof_free_scope(Slapi_DN **scopes, int *count)
-+{
-+ int i = 0;
-+
-+ while(scopes && scopes[i]){
-+ slapi_sdn_free(&scopes[i]);
-+ i++;
-+ }
-+ slapi_ch_free((void**)&scopes);
-+ *count = 0;
-+}
-+
- /*
- * memberof_config()
- *
-@@ -184,16 +197,22 @@ memberof_release_config()
- *
- * Validate the pending changes in the e entry.
- */
--static int
-+int
- memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e,
- int *returncode, char *returntext, void *arg)
- {
- Slapi_Attr *memberof_attr = NULL;
- Slapi_Attr *group_attr = NULL;
- Slapi_DN *config_sdn = NULL;
-+ Slapi_DN **include_dn = NULL;
-+ Slapi_DN **exclude_dn = NULL;
- char *syntaxoid = NULL;
- char *config_dn = NULL;
-+ char *skip_nested = NULL;
-+ char **entry_scopes = NULL;
-+ char **entry_exclude_scopes = NULL;
- int not_dn_syntax = 0;
-+ int num_vals = 0;
-
- *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */
-
-@@ -301,8 +320,112 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- }
- }
-+ /*
-+ * Check the entry scopes
-+ */
-+ entry_scopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals);
-+ if(entry_scopes){
-+ int i = 0;
-+
-+ /* Validate the syntax before we create our DN array */
-+ for (i = 0;i < num_vals; i++){
-+ if(slapi_dn_syntax_check(pb, entry_scopes[i], 1)){
-+ /* invalid dn syntax */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s: Invalid DN (%s) for include suffix.",
-+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+ slapi_ch_array_free(entry_scopes);
-+ theConfig.entryScopeCount = 0;
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ goto done;
-+ }
-+ }
-+ /* Now create our SDN array for conflict checking */
-+ include_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ include_dn[i] = slapi_sdn_new_dn_passin(entry_scopes[i]);
-+ }
-+ }
-+ /*
-+ * Check and process the entry exclude scopes
-+ */
-+ entry_exclude_scopes =
-+ slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals);
-+ if(entry_exclude_scopes){
-+ int i = 0;
-+
-+ /* Validate the syntax before we create our DN array */
-+ for (i = 0;i < num_vals; i++){
-+ if(slapi_dn_syntax_check(pb, entry_exclude_scopes[i], 1)){
-+ /* invalid dn syntax */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s: Invalid DN (%s) for exclude suffix.",
-+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+ slapi_ch_array_free(entry_exclude_scopes);
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ goto done;
-+ }
-+ }
-+ /* Now create our SDN array for conflict checking */
-+ exclude_dn = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ exclude_dn[i] = slapi_sdn_new_dn_passin(entry_exclude_scopes[i]);
-+ }
-+ }
-+ /*
-+ * Need to do conflict checking
-+ */
-+ if(include_dn && exclude_dn){
-+ /*
-+ * Make sure we haven't mixed the same suffix, and there are no
-+ * conflicts between the includes and excludes
-+ */
-+ int i = 0;
-+
-+ while(include_dn[i]){
-+ int x = 0;
-+ while(exclude_dn[x]){
-+ if(slapi_sdn_compare(include_dn[i], exclude_dn[x] ) == 0)
-+ {
-+ /* we have a conflict */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s: include suffix (%s) is also listed as an exclude suffix list",
-+ MEMBEROF_PLUGIN_SUBSYSTEM, slapi_sdn_get_dn(include_dn[i]));
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ goto done;
-+ }
-+ x++;
-+ }
-+ i++;
-+ }
-+
-+ /* Check for parent/child conflicts */
-+ i = 0;
-+ while(include_dn[i]){
-+ int x = 0;
-+ while(exclude_dn[x]){
-+ if(slapi_sdn_issuffix(include_dn[i], exclude_dn[x]))
-+ {
-+ /* we have a conflict */
-+ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
-+ "%s: include suffix (%s) is a child of the exclude suffix(%s)",
-+ MEMBEROF_PLUGIN_SUBSYSTEM,
-+ slapi_sdn_get_dn(include_dn[i]),
-+ slapi_sdn_get_dn(exclude_dn[i]));
-+ *returncode = LDAP_UNWILLING_TO_PERFORM;
-+ goto done;
-+ }
-+ x++;
-+ }
-+ i++;
-+ }
-+ }
-
- done:
-+ memberof_free_scope(exclude_dn, &num_vals);
-+ memberof_free_scope(include_dn, &num_vals);
-+ slapi_ch_free((void**)&entry_scopes);
-+ slapi_ch_free((void**)&entry_exclude_scopes);
- slapi_sdn_free(&config_sdn);
- slapi_ch_free_string(&config_dn);
-
-@@ -316,7 +439,6 @@ done:
- }
- }
-
--
- /*
- * memberof_apply_config()
- *
-@@ -335,9 +457,11 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- int num_groupattrs = 0;
- int groupattr_name_len = 0;
- char *allBackends = NULL;
-- char *entryScope = NULL;
-- char *entryScopeExcludeSubtree = NULL;
-+ char **entryScopes = NULL;
-+ char **entryScopeExcludeSubtrees = NULL;
- char *sharedcfg = NULL;
-+ char *skip_nested = NULL;
-+ int num_vals = 0;
-
- *returncode = LDAP_SUCCESS;
-
-@@ -369,8 +493,7 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR);
- memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR);
- allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR);
-- entryScope = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_ATTR);
-- entryScopeExcludeSubtree = slapi_entry_attr_get_charptr(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE);
-+ skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR);
-
- /*
- * We want to be sure we don't change the config in the middle of
-@@ -487,49 +610,39 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- theConfig.allBackends = 0;
- }
-
-- slapi_sdn_free(&theConfig.entryScope);
-- if (entryScope)
-- {
-- if (slapi_dn_syntax_check(NULL, entryScope, 1) == 1) {
-- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "Error: Ignoring invalid DN used as plugin entry scope: [%s]\n",
-- entryScope);
-- theConfig.entryScope = NULL;
-- slapi_ch_free_string(&entryScope);
-- } else {
-- theConfig.entryScope = slapi_sdn_new_dn_passin(entryScope);
-+ /*
-+ * Check and process the entry scopes
-+ */
-+ memberof_free_scope(theConfig.entryScopes, &theConfig.entryScopeCount);
-+ entryScopes = slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_ATTR, &num_vals);
-+ if(entryScopes){
-+ int i = 0;
-+
-+ /* Validation has already been performed in preop, just build the DN's */
-+ theConfig.entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *), num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ theConfig.entryScopes[i] = slapi_sdn_new_dn_passin(entryScopes[i]);
- }
-- } else {
-- theConfig.entryScope = NULL;
-+ theConfig.entryScopeCount = num_vals; /* shortcut for config copy */
- }
--
-- slapi_sdn_free(&theConfig.entryScopeExcludeSubtree);
-- if (entryScopeExcludeSubtree)
-- {
-- if (theConfig.entryScope == NULL) {
-- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "Error: Ignoring ExcludeSubtree (%s) because entryScope is not define\n",
-- entryScopeExcludeSubtree);
-- theConfig.entryScopeExcludeSubtree = NULL;
-- slapi_ch_free_string(&entryScopeExcludeSubtree);
-- } else if (slapi_dn_syntax_check(NULL, entryScopeExcludeSubtree, 1) == 1) {
-- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "Error: Ignoring invalid DN used as plugin entry exclude subtree: [%s]\n",
-- entryScopeExcludeSubtree);
-- theConfig.entryScopeExcludeSubtree = NULL;
-- slapi_ch_free_string(&entryScopeExcludeSubtree);
-- } else {
-- theConfig.entryScopeExcludeSubtree = slapi_sdn_new_dn_passin(entryScopeExcludeSubtree);
-+ /*
-+ * Check and process the entry exclude scopes
-+ */
-+ memberof_free_scope(theConfig.entryScopeExcludeSubtrees,
-+ &theConfig.entryExcludeScopeCount);
-+ entryScopeExcludeSubtrees =
-+ slapi_entry_attr_get_charray_ext(e, MEMBEROF_ENTRY_SCOPE_EXCLUDE_SUBTREE, &num_vals);
-+ if(entryScopeExcludeSubtrees){
-+ int i = 0;
-+
-+ /* Validation has already been performed in preop, just build the DN's */
-+ theConfig.entryScopeExcludeSubtrees =
-+ (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ theConfig.entryScopeExcludeSubtrees[i] =
-+ slapi_sdn_new_dn_passin(entryScopeExcludeSubtrees[i]);
- }
-- } else {
-- theConfig.entryScopeExcludeSubtree = NULL;
-- }
-- if (theConfig.entryScopeExcludeSubtree && theConfig.entryScope && !slapi_sdn_issuffix(theConfig.entryScopeExcludeSubtree, theConfig.entryScope)) {
-- slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
-- "Error: Ignoring ExcludeSubtree (%s) that is out of the scope (%s)\n",
-- slapi_sdn_get_dn(theConfig.entryScopeExcludeSubtree),
-- slapi_sdn_get_dn(theConfig.entryScope));
-- slapi_sdn_free(&theConfig.entryScopeExcludeSubtree);
-+ theConfig.entryExcludeScopeCount = num_vals; /* shortcut for config copy */
- }
-
- /* release the lock */
-@@ -542,6 +655,9 @@ done:
- slapi_ch_free_string(&sharedcfg);
- slapi_ch_free_string(&memberof_attr);
- slapi_ch_free_string(&allBackends);
-+ slapi_ch_free_string(&skip_nested);
-+ slapi_ch_free((void **)&entryScopes);
-+ slapi_ch_free((void **)&entryScopeExcludeSubtrees);
-
- if (*returncode != LDAP_SUCCESS)
- {
-@@ -618,6 +734,23 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
- {
- dest->allBackends = src->allBackends;
- }
-+
-+ if(src->entryScopes){
-+ int num_vals = 0;
-+
-+ dest->entryScopes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryScopeCount+1);
-+ for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+ dest->entryScopes[num_vals] = slapi_sdn_dup(src->entryScopes[num_vals]);
-+ }
-+ }
-+ if(src->entryScopeExcludeSubtrees){
-+ int num_vals = 0;
-+
-+ dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1);
-+ for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+ dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]);
-+ }
-+ }
- }
- }
-
-@@ -643,6 +776,8 @@ memberof_free_config(MemberOfConfig *config)
- slapi_ch_free((void **)&config->group_slapiattrs);
-
- slapi_ch_free_string(&config->memberof_attr);
-+ memberof_free_scope(config->entryScopes, &config->entryScopeCount);
-+ memberof_free_scope(config->entryScopeExcludeSubtrees, &config->entryExcludeScopeCount);
- }
- }
-
-@@ -708,30 +843,6 @@ memberof_config_get_all_backends()
- return all_backends;
- }
-
--Slapi_DN *
--memberof_config_get_entry_scope()
--{
-- Slapi_DN *entry_scope;
--
-- slapi_rwlock_rdlock(memberof_config_lock);
-- entry_scope = theConfig.entryScope;
-- slapi_rwlock_unlock(memberof_config_lock);
--
-- return entry_scope;
--}
--
--Slapi_DN *
--memberof_config_get_entry_scope_exclude_subtree()
--{
-- Slapi_DN *entry_exclude_subtree;
--
-- slapi_rwlock_rdlock(memberof_config_lock);
-- entry_exclude_subtree = theConfig.entryScopeExcludeSubtree;
-- slapi_rwlock_unlock(memberof_config_lock);
--
-- return entry_exclude_subtree;
--}
--
- /*
- * Check if we are modifying the config, or changing the shared config entry
- */
-diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c
-index 8a0f350..7679c29 100644
---- a/ldap/servers/plugins/retrocl/retrocl.c
-+++ b/ldap/servers/plugins/retrocl/retrocl.c
-@@ -82,6 +82,9 @@ char **retrocl_attributes = NULL;
- char **retrocl_aliases = NULL;
- int retrocl_log_deleted = 0;
-
-+static Slapi_DN **retrocl_includes = NULL;
-+static Slapi_DN **retrocl_excludes = NULL;
-+
- /* ----------------------------- Retrocl Plugin */
-
- static Slapi_PluginDesc retrocldesc = {"retrocl", VENDOR, DS_PACKAGE_VERSION, "Retrocl Plugin"};
-@@ -386,6 +389,8 @@ static int retrocl_start (Slapi_PBlock *pb)
- int rc = 0;
- Slapi_Entry *e = NULL;
- char **values = NULL;
-+ int num_vals = 0;
-+ int i = 0;
-
- retrocl_rootdse_init(pb);
-
-@@ -406,6 +411,87 @@ static int retrocl_start (Slapi_PBlock *pb)
- return -1;
- }
-
-+ /* Get the exclude suffixes */
-+ values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_EXCLUDE_SUFFIX, &num_vals);
-+ if(values){
-+ /* Validate the syntax before we create our DN array */
-+ for (i = 0;i < num_vals; i++){
-+ if(slapi_dn_syntax_check(pb, values[i], 1)){
-+ /* invalid dn syntax */
-+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "Invalid DN (%s) for exclude suffix.\n", values[i] );
-+ slapi_ch_array_free(values);
-+ return -1;
-+ }
-+ }
-+ /* Now create our SDN array */
-+ retrocl_excludes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ retrocl_excludes[i] = slapi_sdn_new_dn_byval(values[i]);
-+ }
-+ slapi_ch_array_free(values);
-+ }
-+ /* Get the include suffixes */
-+ values = slapi_entry_attr_get_charray_ext(e, CONFIG_CHANGELOG_INCLUDE_SUFFIX, &num_vals);
-+ if(values){
-+ for (i = 0;i < num_vals; i++){
-+ /* Validate the syntax before we create our DN array */
-+ if(slapi_dn_syntax_check(pb, values[i], 1)){
-+ /* invalid dn syntax */
-+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "Invalid DN (%s) for include suffix.\n", values[i] );
-+ slapi_ch_array_free(values);
-+ return -1;
-+ }
-+ }
-+ /* Now create our SDN array */
-+ retrocl_includes = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),num_vals+1);
-+ for (i = 0;i < num_vals; i++){
-+ retrocl_includes[i] = slapi_sdn_new_dn_byval(values[i]);
-+ }
-+ slapi_ch_array_free(values);
-+ }
-+ if(retrocl_includes && retrocl_excludes){
-+ /*
-+ * Make sure we haven't mixed the same suffix, and there are no
-+ * conflicts between the includes and excludes
-+ */
-+ int i = 0;
-+
-+ while(retrocl_includes[i]){
-+ int x = 0;
-+ while(retrocl_excludes[x]){
-+ if(slapi_sdn_compare(retrocl_includes[i], retrocl_excludes[x] ) == 0){
-+ /* we have a conflict */
-+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "include suffix (%s) is also listed in exclude suffix list\n",
-+ slapi_sdn_get_dn(retrocl_includes[i]));
-+ return -1;
-+ }
-+ x++;
-+ }
-+ i++;
-+ }
-+
-+ /* Check for parent/child conflicts */
-+ i = 0;
-+ while(retrocl_includes[i]){
-+ int x = 0;
-+ while(retrocl_excludes[x]){
-+ if(slapi_sdn_issuffix(retrocl_includes[i], retrocl_excludes[x])){
-+ /* we have a conflict */
-+ slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
-+ "include suffix (%s) is a child of the exclude suffix(%s)\n",
-+ slapi_sdn_get_dn(retrocl_includes[i]),
-+ slapi_sdn_get_dn(retrocl_excludes[i]));
-+ return -1;
-+ }
-+ x++;
-+ }
-+ i++;
-+ }
-+ }
-+
- values = slapi_entry_attr_get_charray(e, "nsslapd-attribute");
- if (values != NULL) {
- int n = 0;
-@@ -471,6 +557,49 @@ static int retrocl_start (Slapi_PBlock *pb)
- }
-
- /*
-+ * Check if an entry is in the configured scope.
-+ * Return 1 if entry is in the scope, or 0 otherwise.
-+ * For MODRDN the caller should check both the preop
-+ * and postop entries. If we are moving out of, or
-+ * into scope, we should record it.
-+ */
-+int
-+retrocl_entry_in_scope(Slapi_Entry *e)
-+{
-+ Slapi_DN *sdn = slapi_entry_get_sdn(e);
-+
-+ if (e == NULL){
-+ return 1;
-+ }
-+
-+ if (retrocl_excludes){
-+ int i = 0;
-+
-+ /* check the excludes */
-+ while(retrocl_excludes[i]){
-+ if (slapi_sdn_issuffix(sdn, retrocl_excludes[i])){
-+ return 0;
-+ }
-+ i++;
-+ }
-+ }
-+ if (retrocl_includes){
-+ int i = 0;
-+
-+ /* check the excludes */
-+ while(retrocl_includes[i]){
-+ if (slapi_sdn_issuffix(sdn, retrocl_includes[i])){
-+ return 1;
-+ }
-+ i++;
-+ }
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+/*
- * Function: retrocl_stop
- *
- * Returns: 0
-@@ -483,26 +612,40 @@ static int retrocl_start (Slapi_PBlock *pb)
-
- static int retrocl_stop (Slapi_PBlock *pb)
- {
-- int rc = 0;
--
-- slapi_ch_array_free(retrocl_attributes);
-- retrocl_attributes = NULL;
-- slapi_ch_array_free(retrocl_aliases);
-- retrocl_aliases = NULL;
--
-- retrocl_stop_trimming();
-- retrocl_be_changelog = NULL;
-- retrocl_forget_changenumbers();
-- PR_DestroyLock(retrocl_internal_lock);
-- retrocl_internal_lock = NULL;
-- slapi_destroy_rwlock(retrocl_cn_lock);
-- retrocl_cn_lock = NULL;
-- legacy_initialised = 0;
--
-- slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "",
-- LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search);
--
-- return rc;
-+ int rc = 0;
-+ int i = 0;
-+
-+ slapi_ch_array_free(retrocl_attributes);
-+ retrocl_attributes = NULL;
-+ slapi_ch_array_free(retrocl_aliases);
-+ retrocl_aliases = NULL;
-+
-+ while(retrocl_excludes && retrocl_excludes[i]){
-+ slapi_sdn_free(&retrocl_excludes[i]);
-+ i++;
-+ }
-+ slapi_ch_free((void**)&retrocl_excludes);
-+ i = 0;
-+
-+ while(retrocl_includes && retrocl_includes[i]){
-+ slapi_sdn_free(&retrocl_includes[i]);
-+ i++;
-+ }
-+ slapi_ch_free((void**)&retrocl_includes);
-+
-+ retrocl_stop_trimming();
-+ retrocl_be_changelog = NULL;
-+ retrocl_forget_changenumbers();
-+ PR_DestroyLock(retrocl_internal_lock);
-+ retrocl_internal_lock = NULL;
-+ slapi_destroy_rwlock(retrocl_cn_lock);
-+ retrocl_cn_lock = NULL;
-+ legacy_initialised = 0;
-+
-+ slapi_config_remove_callback(SLAPI_OPERATION_SEARCH, DSE_FLAG_PREOP, "",
-+ LDAP_SCOPE_BASE,"(objectclass=*)", retrocl_rootdse_search);
-+
-+ return rc;
- }
-
- /*
-diff --git a/ldap/servers/plugins/retrocl/retrocl.h b/ldap/servers/plugins/retrocl/retrocl.h
-index 27f55dc..fe8bf84 100644
---- a/ldap/servers/plugins/retrocl/retrocl.h
-+++ b/ldap/servers/plugins/retrocl/retrocl.h
-@@ -96,6 +96,8 @@ typedef struct _cnumRet {
- /* was originally changelogmaximumage */
- #define CONFIG_CHANGELOG_MAXAGE_ATTRIBUTE "nsslapd-changelogmaxage"
- #define CONFIG_CHANGELOG_DIRECTORY_ATTRIBUTE "nsslapd-changelogdir"
-+#define CONFIG_CHANGELOG_INCLUDE_SUFFIX "nsslapd-include-suffix"
-+#define CONFIG_CHANGELOG_EXCLUDE_SUFFIX "nsslapd-exclude-suffix"
-
- #define RETROCL_CHANGELOG_DN "cn=changelog"
- #define RETROCL_MAPPINGTREE_DN "cn=\"cn=changelog\",cn=mapping tree,cn=config"
-@@ -169,4 +171,6 @@ extern void retrocl_init_trimming(void);
- extern void retrocl_stop_trimming(void);
- extern char *retrocl_get_config_str(const char *attrt);
-
-+int retrocl_entry_in_scope(Slapi_Entry *e);
-+
- #endif /* _H_RETROCL */
-diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
-index 3f8af81..8010db0 100644
---- a/ldap/servers/plugins/retrocl/retrocl_po.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
-@@ -169,6 +169,7 @@ write_replog_db(
- int flag,
- time_t curtime,
- Slapi_Entry *log_e,
-+ Slapi_Entry *post_entry,
- const char *newrdn,
- LDAPMod **modrdn_mods,
- const char *newsuperior
-@@ -185,11 +186,26 @@ write_replog_db(
- int err = 0;
- int ret = LDAP_SUCCESS;
- int i;
-+ int mark = 0;
-
- if (!dn) {
- slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
- return ret;
- }
-+ mark = (post_entry && retrocl_entry_in_scope(post_entry));
-+ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
-+
-+ if (post_entry){
-+ if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
-+ /* modrdn: entry not in scope, just return... */
-+ return ret;
-+ }
-+ } else {
-+ if(!retrocl_entry_in_scope(log_e)){
-+ /* entry not in scope, just return... */
-+ return ret;
-+ }
-+ }
-
- PR_Lock(retrocl_internal_lock);
- changenum = retrocl_assign_changenumber();
-@@ -348,7 +364,7 @@ write_replog_db(
- break;
-
- case OP_DELETE:
-- if (log_e) {
-+ if (retrocl_log_deleted) {
- /* we have to log the full entry */
- if ( entry2reple( e, log_e, OP_DELETE ) != 0 ) {
- err = SLAPI_PLUGIN_FAILURE;
-@@ -588,7 +604,8 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
- char *dn;
- LDAPMod **log_m = NULL;
- int flag = 0;
-- Slapi_Entry *te = NULL;
-+ Slapi_Entry *entry = NULL;
-+ Slapi_Entry *post_entry = NULL;
- Slapi_Operation *op = NULL;
- LDAPMod **modrdn_mods = NULL;
- char *newrdn = NULL;
-@@ -649,7 +666,12 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
- LDAPDebug0Args(LDAP_DEBUG_TRACE,"not applying change for nsTombstone entries\n");
- return SLAPI_PLUGIN_SUCCESS;
- }
--
-+ /*
-+ * Start by grabbing the preop entry, ADD will replace it as needed. Getting the entry
-+ * allows up to perform scoping in write_replog_db() for all op types.
-+ */
-+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry);
-+
- switch ( optype ) {
- case OP_MODIFY:
- (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &log_m );
-@@ -659,14 +681,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
- * For adds, we want the unnormalized dn, so we can preserve
- * spacing, case, when replicating it.
- */
-- (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &te );
-- if ( NULL != te ) {
-- dn = slapi_entry_get_dn( te );
-+ (void)slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &entry );
-+ if ( NULL != entry ) {
-+ dn = slapi_entry_get_dn( entry );
- }
- break;
- case OP_DELETE:
- if (retrocl_log_deleted)
-- (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &te);
-+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_PRE_OP, &entry);
- break;
- case OP_MODRDN:
- /* newrdn is used just for logging; no need to be normalized */
-@@ -674,13 +696,14 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
- (void)slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag );
- (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &modrdn_mods );
- (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &newsuperior );
-+ (void)slapi_pblock_get(pb, SLAPI_ENTRY_POST_OP, &post_entry);
- break;
- }
-
- /* check if we should log change to retro changelog, and
- * if so, do it here */
-- if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, te,
-- newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) )))
-+ if((rc = write_replog_db( pb, optype, dn, log_m, flag, curtime, entry,
-+ post_entry, newrdn, modrdn_mods, slapi_sdn_get_dn(newsuperior) )))
- {
- slapi_log_error(SLAPI_LOG_FATAL, "retrocl-plugin",
- "retrocl_postob: operation failure [%d]\n", rc);
---
-1.9.3
-
diff --git a/SOURCES/0082-Ticket-47931-Fix-coverity-issues.patch b/SOURCES/0082-Ticket-47931-Fix-coverity-issues.patch
deleted file mode 100644
index eeaab2e..0000000
--- a/SOURCES/0082-Ticket-47931-Fix-coverity-issues.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 476ffd9a01ac5bb55d32edad64c68eebd8773861 Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Mon, 10 Aug 2015 10:42:40 -0400
-Subject: [PATCH 82/84] Ticket 47931 - Fix coverity issues
-
-Description: Fix coverity issues in memberof_config.c
-
- 13316 - double free
- 13315 - Dereference after null check
- 13314 - Dereference after null check
- 13313 - copy/paste error
-
-https://fedorahosted.org/389/ticket/47931
-
-Reviewed by: rmeggins(Thanks!)
-
-(cherry picked from commit 5daea973e4526584ee41d7b9f4b1b4993b4de6f1)
-(cherry picked from commit 9a0047ef75f6dbeb1980ac77fab5d62865c77e6a)
-(cherry picked from commit a389bc3bafccb1f7bd9917a734230680e382af91)
----
- ldap/servers/plugins/memberof/memberof_config.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
-index 5fc1314..c335cab 100644
---- a/ldap/servers/plugins/memberof/memberof_config.c
-+++ b/ldap/servers/plugins/memberof/memberof_config.c
-@@ -335,6 +335,7 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- "%s: Invalid DN (%s) for include suffix.",
- MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
- slapi_ch_array_free(entry_scopes);
-+ entry_scopes = NULL;
- theConfig.entryScopeCount = 0;
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- goto done;
-@@ -360,8 +361,9 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- /* invalid dn syntax */
- PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE,
- "%s: Invalid DN (%s) for exclude suffix.",
-- MEMBEROF_PLUGIN_SUBSYSTEM, entry_scopes[i]);
-+ MEMBEROF_PLUGIN_SUBSYSTEM, entry_exclude_scopes[i]);
- slapi_ch_array_free(entry_exclude_scopes);
-+ entry_exclude_scopes = NULL;
- *returncode = LDAP_UNWILLING_TO_PERFORM;
- goto done;
- }
-@@ -747,7 +749,7 @@ memberof_copy_config(MemberOfConfig *dest, MemberOfConfig *src)
- int num_vals = 0;
-
- dest->entryScopeExcludeSubtrees = (Slapi_DN **)slapi_ch_calloc(sizeof(Slapi_DN *),src->entryExcludeScopeCount+1);
-- for(num_vals = 0; src->entryScopes[num_vals]; num_vals++){
-+ for(num_vals = 0; src->entryScopeExcludeSubtrees[num_vals]; num_vals++){
- dest->entryScopeExcludeSubtrees[num_vals] = slapi_sdn_dup(src->entryScopeExcludeSubtrees[num_vals]);
- }
- }
---
-1.9.3
-
diff --git a/SOURCES/0083-Ticket-47831-remove-debug-logging-from-retro-cl.patch b/SOURCES/0083-Ticket-47831-remove-debug-logging-from-retro-cl.patch
deleted file mode 100644
index c426060..0000000
--- a/SOURCES/0083-Ticket-47831-remove-debug-logging-from-retro-cl.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From cbab8a3051994db662348a3c9a1a19d56a8545ca Mon Sep 17 00:00:00 2001
-From: Mark Reynolds <mreynolds@redhat.com>
-Date: Wed, 19 Aug 2015 10:03:50 -0400
-Subject: [PATCH 83/84] Ticket 47831 - remove debug logging from retro cl
-
-Description: Instrumented debug logging was accidentally left in the source.
- This logging is being removed.
-
-https://fedorahosted.org/389/ticket/47931
-
-Reviewed by: mreynolds
-
-(cherry picked from commit db7153f89bf3dda935e6ef4f175697bda32fe720)
-(cherry picked from commit 1781280f133c4877f83949400294641a558f5406)
-(cherry picked from commit 0e44c819b72dfad40a7f9eea6067f6060fa9c35b)
----
- ldap/servers/plugins/retrocl/retrocl_po.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
-index 8010db0..d0cc5e8 100644
---- a/ldap/servers/plugins/retrocl/retrocl_po.c
-+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
-@@ -186,14 +186,11 @@ write_replog_db(
- int err = 0;
- int ret = LDAP_SUCCESS;
- int i;
-- int mark = 0;
-
- if (!dn) {
- slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
- return ret;
- }
-- mark = (post_entry && retrocl_entry_in_scope(post_entry));
-- slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
-
- if (post_entry){
- if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
---
-1.9.3
-
diff --git a/SOURCES/0084-Ticket-47831-remove-debug-logging-from-retro-cl.patch b/SOURCES/0084-Ticket-47831-remove-debug-logging-from-retro-cl.patch
deleted file mode 100644
index 69426c4..0000000
--- a/SOURCES/0084-Ticket-47831-remove-debug-logging-from-retro-cl.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From f5b9a4be65641b29e37e9a0f9a15fee91db2a1e6 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 8 Sep 2015 12:20:33 -0700
-Subject: [PATCH 84/84] Ticket 47831 - remove debug logging from retro cl
-
-Description: 47831 patch expects "skip_nested" which is not supposed
-to be in the branch rhel-7.1.
----
- ldap/servers/plugins/memberof/memberof.c | 16 +++++++---------
- ldap/servers/plugins/memberof/memberof_config.c | 6 +-----
- 2 files changed, 8 insertions(+), 14 deletions(-)
-
-diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
-index 1840e34..4d79cf6 100644
---- a/ldap/servers/plugins/memberof/memberof.c
-+++ b/ldap/servers/plugins/memberof/memberof.c
-@@ -522,7 +522,7 @@ int memberof_postop_del(Slapi_PBlock *pb)
- {
- int ret = SLAPI_PLUGIN_SUCCESS;
- MemberOfConfig *mainConfig = NULL;
-- MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0};
- Slapi_DN *sdn;
- void *caller_id = NULL;
-
-@@ -850,7 +850,7 @@ int memberof_postop_modrdn(Slapi_PBlock *pb)
- if(memberof_oktodo(pb))
- {
- MemberOfConfig *mainConfig = 0;
-- MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0};
- struct slapi_entry *pre_e = NULL;
- struct slapi_entry *post_e = NULL;
- Slapi_DN *pre_sdn = 0;
-@@ -1115,7 +1115,7 @@ int memberof_postop_modify(Slapi_PBlock *pb)
- {
- int config_copied = 0;
- MemberOfConfig *mainConfig = 0;
-- MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0};
-
- /* get the mod set */
- slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
-@@ -1293,7 +1293,7 @@ int memberof_postop_add(Slapi_PBlock *pb)
- if(memberof_oktodo(pb) && (sdn = memberof_getsdn(pb)))
- {
- struct slapi_entry *e = NULL;
-- MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-+ MemberOfConfig configCopy = {0, 0, 0, 0, 0, 0, 0, 0, 0};
- MemberOfConfig *mainConfig;
- slapi_pblock_get( pb, SLAPI_ENTRY_POST_OP, &e );
-
-@@ -2178,11 +2178,9 @@ int memberof_get_groups_callback(Slapi_Entry *e, void *callback_data)
- slapi_valueset_add_value_ext(groupvals, group_dn_val, SLAPI_VALUE_FLAG_PASSIN);
- slapi_valueset_add_value_ext(group_norm_vals, group_ndn_val, SLAPI_VALUE_FLAG_PASSIN);
- }
-- if(!config->skip_nested || config->fixup_task){
-- /* now recurse to find parent groups of e */
-- memberof_get_groups_r(((memberof_get_groups_data*)callback_data)->config,
-- group_sdn, callback_data);
-- }
-+ /* now recurse to find parent groups of e */
-+ memberof_get_groups_r(((memberof_get_groups_data*)callback_data)->config,
-+ group_sdn, callback_data);
-
- bail:
- return rc;
-diff --git a/ldap/servers/plugins/memberof/memberof_config.c b/ldap/servers/plugins/memberof/memberof_config.c
-index c335cab..6be7f3c 100644
---- a/ldap/servers/plugins/memberof/memberof_config.c
-+++ b/ldap/servers/plugins/memberof/memberof_config.c
-@@ -77,7 +77,7 @@ static int memberof_search (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_En
- /* This is the main configuration which is updated from dse.ldif. The
- * config will be copied when it is used by the plug-in to prevent it
- * being changed out from under a running memberOf operation. */
--static MemberOfConfig theConfig = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-+static MemberOfConfig theConfig = {0, 0, 0, 0, 0, 0, 0, 0, 0};
- static Slapi_RWLock *memberof_config_lock = 0;
- static int inited = 0;
-
-@@ -208,7 +208,6 @@ memberof_validate_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
- Slapi_DN **exclude_dn = NULL;
- char *syntaxoid = NULL;
- char *config_dn = NULL;
-- char *skip_nested = NULL;
- char **entry_scopes = NULL;
- char **entry_exclude_scopes = NULL;
- int not_dn_syntax = 0;
-@@ -462,7 +461,6 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- char **entryScopes = NULL;
- char **entryScopeExcludeSubtrees = NULL;
- char *sharedcfg = NULL;
-- char *skip_nested = NULL;
- int num_vals = 0;
-
- *returncode = LDAP_SUCCESS;
-@@ -495,7 +493,6 @@ memberof_apply_config (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
- groupattrs = slapi_entry_attr_get_charray(e, MEMBEROF_GROUP_ATTR);
- memberof_attr = slapi_entry_attr_get_charptr(e, MEMBEROF_ATTR);
- allBackends = slapi_entry_attr_get_charptr(e, MEMBEROF_BACKEND_ATTR);
-- skip_nested = slapi_entry_attr_get_charptr(e, MEMBEROF_SKIP_NESTED_ATTR);
-
- /*
- * We want to be sure we don't change the config in the middle of
-@@ -657,7 +654,6 @@ done:
- slapi_ch_free_string(&sharedcfg);
- slapi_ch_free_string(&memberof_attr);
- slapi_ch_free_string(&allBackends);
-- slapi_ch_free_string(&skip_nested);
- slapi_ch_free((void **)&entryScopes);
- slapi_ch_free((void **)&entryScopeExcludeSubtrees);
-
---
-1.9.3
-
diff --git a/SOURCES/0085-Ticket-48195-Slow-replication-when-deleting-large-qu.patch b/SOURCES/0085-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
deleted file mode 100644
index f36fa21..0000000
--- a/SOURCES/0085-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From e9faf2091c545c8967db41961ef3d14f449e6c8a Mon Sep 17 00:00:00 2001
-From: Ludwig Krispenz <lkrispen@redhat.com>
-Date: Thu, 18 Jun 2015 15:22:54 +0200
-Subject: [PATCH 85/86] Ticket 48195 - Slow replication when deleting large
- quantities of multi-valued attributes
-
-https://fedorahosted.org/389/ticket/48195
-
-In update resoultion for entry deletion, there is still use of valuearray_find() to find an existingvalue to update its csn.
-with the fix for ticket #346 there exists slapi_valueset_find() which uses the possibility to do a binary search on the
-values.
-Fix: do not use valuearray_find
-
-Review: Rich, Thanks
-(cherry picked from commit 09ab8c799fc3d87db7a5b3aa07eccf9b41ea43d5)
-(cherry picked from commit a980b795ac03200fd01a2d05ce568691681d50ef)
-(cherry picked from commit 229ee77872d34acd53707e92c4d0861fa80b3d1f)
----
- ldap/servers/slapd/valueset.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index 1378bd1..9d77b0c 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1440,12 +1440,12 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- int del_index = -1, del_count = 0;
- for (i=0;valuestoupdate[i]!=NULL;++i)
- {
-- int index= valuearray_find(a, vs->va, valuestoupdate[i]);
-- if(index!=-1)
-+ Slapi_Value *v = slapi_valueset_find(a, vs, valuestoupdate[i]);
-+ if(v)
- {
-- value_update_csn(vs->va[index],t,csn);
-+ value_update_csn(v,t,csn);
- if (csnref_updated)
-- valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(vs->va[index]);
-+ valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v);
- valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
- valuestoupdate[i]= NULL;
- del_count++;
---
-1.9.3
-
diff --git a/SOURCES/0086-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0086-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
deleted file mode 100644
index e5ed2ee..0000000
--- a/SOURCES/0086-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 4c82238f0c4273dbf7cf945eebc2ede66f47f680 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Thu, 16 Jul 2015 10:34:47 -0700
-Subject: [PATCH 86/86] Ticket #48226 - In MMR, double free coould occur under
- some special condition
-
-Bug description:
- In a replicated topology, a authenticated user that have write access
- on an entry can send a series of operations that crash the server.
- The crash is due to an access to a already freed buffer.
-Fix description:
- To avoid the double free, duplicate a CSNSet and assign it to the
- Slapi_Value.
-
-https://fedorahosted.org/389/ticket/48226
-
-Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
-
-(cherry picked from commit a0f8e0f981a046882db299a7a6d6d1c01bc19571)
-(cherry picked from commit bdbc81e62eb8d7b8dfb298c7ba983cf86353fe66)
-(cherry picked from commit 413414c98313a076111d8e40a7a10fa369433e6e)
----
- ldap/servers/slapd/valueset.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index 9d77b0c..fb7a99b 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1444,8 +1444,9 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- if(v)
- {
- value_update_csn(v,t,csn);
-- if (csnref_updated)
-- valuestoupdate[i]->v_csnset = (CSNSet *)value_get_csnset(v);
-+ if (csnref_updated) {
-+ valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
-+ }
- valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
- valuestoupdate[i]= NULL;
- del_count++;
---
-1.9.3
-
diff --git a/SOURCES/0087-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch b/SOURCES/0087-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
deleted file mode 100644
index c6cc32e..0000000
--- a/SOURCES/0087-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 92af3c54655cdac45271d2111a53ba6bd6400052 Mon Sep 17 00:00:00 2001
-From: Noriko Hosoi <nhosoi@redhat.com>
-Date: Tue, 15 Sep 2015 18:25:02 -0700
-Subject: [PATCH] Ticket #48226 - In MMR, double free coould occur under some
- special condition
-
-Description: commit a0f8e0f981a046882db299a7a6d6d1c01bc19571 introduced
-a memory leak in the case of resolve_attribute_state_present_to_deleted.
-In the case, csnset is not consumed. Thus, it has to be freed by csnset_
-free.
-
-https://fedorahosted.org/389/ticket/48226
-
-Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
-
-(cherry picked from commit b26ec6762fe2b5d37ade59243086cfd2308e8f0a)
-(cherry picked from commit 4a3efc3330a034fa485f33e453054758561d4cea)
-(cherry picked from commit 14e08bde4a48a8e8b56edc817b5d1e3d56b96c72)
----
- ldap/servers/slapd/entrywsi.c | 22 +++++++++++-----------
- ldap/servers/slapd/valueset.c | 1 +
- 2 files changed, 12 insertions(+), 11 deletions(-)
-
-diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
-index 41afe1a..6773b9f 100644
---- a/ldap/servers/slapd/entrywsi.c
-+++ b/ldap/servers/slapd/entrywsi.c
-@@ -1305,23 +1305,23 @@ resolve_attribute_state_present_to_deleted(Slapi_Entry *e, Slapi_Attr *a, Slapi_
- const CSN *adcsn= attr_get_deletion_csn(a);
- int i;
- if ( valuestoupdate != NULL && valuestoupdate[0] != NULL ) {
-- for (i=0;valuestoupdate[i]!=NULL;++i) {
-- /* This call ensures that the value does not contain a deletion_csn
-- * which is before the presence_csn or distinguished_csn of the value.
-- */
-- purge_attribute_state_multi_valued(a, valuestoupdate[i]);
-- vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
-- vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
-- deletedcsn= csn_max(vdcsn, adcsn);
-+ for (i=0;valuestoupdate[i]!=NULL;++i) {
-+ /* This call ensures that the value does not contain a deletion_csn
-+ * which is before the presence_csn or distinguished_csn of the value.
-+ */
-+ purge_attribute_state_multi_valued(a, valuestoupdate[i]);
-+ vdcsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_DELETED);
-+ vucsn= value_get_csn(valuestoupdate[i], CSN_TYPE_VALUE_UPDATED);
-+ deletedcsn= csn_max(vdcsn, adcsn);
- if(csn_compare(vucsn,deletedcsn)<0)
- {
-- if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
-+ if(!value_distinguished_at_csn(e, a, valuestoupdate[i], deletedcsn))
- {
- entry_present_value_to_deleted_value(a,valuestoupdate[i]);
- }
- }
-- valuestoupdate[i]->v_csnset = NULL;
-- }
-+ csnset_free(&valuestoupdate[i]->v_csnset);
-+ }
- }
- }
-
-diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
-index fb7a99b..7b5fa01 100644
---- a/ldap/servers/slapd/valueset.c
-+++ b/ldap/servers/slapd/valueset.c
-@@ -1445,6 +1445,7 @@ valueset_update_csn_for_valuearray_ext(Slapi_ValueSet *vs, const Slapi_Attr *a,
- {
- value_update_csn(v,t,csn);
- if (csnref_updated) {
-+ csnset_free(&valuestoupdate[i]->v_csnset);
- valuestoupdate[i]->v_csnset = csnset_dup(value_get_csnset(v));
- }
- valuearrayfast_add_value_passin(&vaf_valuesupdated,valuestoupdate[i]);
---
-1.9.3
-
diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec
index 76f89d2..1aa513f 100644
--- a/SPECS/389-ds-base.spec
+++ b/SPECS/389-ds-base.spec
@@ -11,6 +11,15 @@
%global use_db4 0
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0
+# nunc-stans only builds on x86_64 for now
+%ifarch x86_64
+# To build without nunc-stans, set 0 to use_nunc_stans.
+%global use_nunc_stans 1
+%else
+%global use_nunc_stans 0
+%endif
+
+%global nunc_stans_ver 0.1.5
# fedora 15 and later uses tmpfiles.d
# otherwise, comment this out
@@ -24,8 +33,8 @@
Summary: 389 Directory Server (base)
Name: 389-ds-base
-Version: 1.3.3.1
-Release: %{?relprefix}23%{?prerel}%{?dist}
+Version: 1.3.4.0
+Release: %{?relprefix}19%{?prerel}%{?dist}
License: GPLv2 with exceptions
URL: http://port389.org/
Group: System Environment/Daemons
@@ -105,8 +114,7 @@ Requires(postun): systemd-units
# for setup-ds.pl to support ipv6
%if %{use_Socket6}
Requires: perl-Socket6
-%else
-Requires: perl-Socket
+%else Requires: perl-Socket
%endif
Requires: perl-NetAddr-IP
@@ -114,94 +122,75 @@ Source0: http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz
# 389-ds-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Source2: %{name}-devel.README
-Patch0: 0000-Ticket-47748-Simultaneous-adding-a-user-and-binding-.patch
-Patch1: 0001-Ticket-47834-Tombstone_to_glue-if-parents-are-also-c.patch
-Patch2: 0002-Ticket-47890-minor-memory-leaks-in-utilities.patch
-Patch3: 0003-fix-for-47885-did-not-always-return-a-response-contr.patch
-Patch4: 0004-Ticket-47838-harden-the-list-of-ciphers-available-by.patch
-Patch5: 0005-Ticket-47838-47895-CI-test-add-test-cases-for-ticket.patch
-Patch6: 0006-Ticket-47895-If-no-effective-ciphers-are-available-d.patch
-Patch7: 0007-Ticket-47889-DS-crashed-during-ipa-server-install-on.patch
-Patch8: 0008-Ticket-47892-coverity-defects-found-in-1.3.3.1.patch
-Patch9: 0009-Ticket-47750-Creating-a-glue-fails-if-one-above-leve.patch
-Patch10: 0010-Ticket-47908-389-ds-1.3.3.0-does-not-adjust-cipher-s.patch
-Patch11: 0011-Ticket-47838-harden-the-list-of-ciphers-available-by.patch
-Patch12: 0012-Ticket-47838-CI-test-adjusted-test-cases-based-on-th.patch
-Patch13: 0013-Ticket-47880-provide-enabled-ciphers-as-search-resul.patch
-Patch14: 0014-Ticket-47880-CI-test-added-test-cases-for-ticket-478.patch
-Patch15: 0015-Ticket-47892-coverity-defects-found-in-1.3.3.x.patch
-Patch16: 0016-Ticket-47918-result-of-dna_dn_is_shared_config-is-in.patch
-Patch17: 0017-Ticket-47892-Fix-remaining-compiler-warnings.patch
-Patch18: 0018-Ticket-47919-ldbm_back_modify-SLAPI_PLUGIN_BE_PRE_MO.patch
-Patch19: 0019-Ticket-47920-Encoding-of-SearchResultEntry-is-missin.patch
-Patch20: 0020-Ticket-47897-Need-to-move-slapi_pblock_set-pb-SLAPI_.patch
-Patch21: 0021-Ticket-47922-dynamically-added-macro-aci-is-not-eval.patch
-Patch22: 0022-Ticket-47928-Disable-SSL-v3-by-default.patch
-Patch23: 0023-Ticket-47928-CI-test-added-test-cases-for-ticket-479.patch
-Patch24: 0024-Ticket-47937-Crash-in-entry_add_present_values_wsi_m.patch
-Patch25: 0025-Ticket-47928-Disable-SSL-v3-by-default.patch
-Patch26: 0026-Ticket-47939-Malformed-cookie-for-LDAP-Sync-makes-DS.patch
-Patch27: 0027-Ticket-47945-Add-SSL-TLS-version-info-to-the-access-.patch
-Patch28: 0028-Ticket-47948-ldap_sasl_bind-fails-assertion-ld-NULL-.patch
-Patch29: 0029-Ticket-47953-Should-not-check-aci-syntax-when-deleti.patch
-Patch30: 0030-Ticket-47928-Disable-SSL-v3-by-default.patch
-Patch31: 0031-Fix-for-CVE-2014-8112.patch
-Patch32: 0032-Ticket-47942-DS-hangs-during-online-total-update.patch
-Patch33: 0033-Fix-for-CVE-2014-8105.patch
-Patch34: 0034-Additional-fix-for-ticket-47526-v3.patch
-Patch35: 0035-fix-jenkins-warning.patch
-Patch36: 0036-Ticket-47950-Bind-DN-tracking-unable-to-write-to-int.patch
-Patch37: 0037-Ticket-47949-logconv.pl-support-parsing-showing-repo.patch
-Patch38: 0038-Ticket-47947-start-dirsrv-after-chrony-on-RHEL7-and-.patch
-Patch39: 0039-Ticket-47967-cos_cache_build_definition_list-does-no.patch
-Patch40: 0040-Ticket-47969-COS-memory-leak-when-rebuilding-the-cac.patch
-Patch41: 0041-Ticket-47969-Fix-coverity-issue.patch
-Patch42: 0042-Ticket-47970-Account-lockout-attributes-incorrectly-.patch
-Patch43: 0043-Ticket-47970-add-lib389-testcase.patch
-Patch44: 0044-Ticket-47960-cookie_change_info-returns-random-negat.patch
-Patch45: 0045-Ticket-47960-cookie_change_info-returns-random-negat.patch
-Patch46: 0046-Ticket-47636-Error-log-levels-not-displayed-correctl.patch
-Patch47: 0047-Ticket-47722-Using-the-filter-file-does-not-work.patch
-Patch48: 0048-Ticket-47451-Need-to-unregister-tasks-created-by-plu.patch
-Patch49: 0049-Ticket-47451-Running-a-plugin-task-can-crash-the-ser.patch
-Patch50: 0050-Ticket-47451-Dynamic-Plugin-various-fixes.patch
-Patch51: 0051-Ticket-47451-Fix-jenkins-errors.patch
-Patch52: 0052-Ticket-47451-Add-Dynamic-Plugin-CI-Suite.patch
-Patch53: 0053-Ticket-47525-Crash-if-setting-invalid-plugin-config-.patch
-Patch54: 0054-Ticket-47965-Fix-coverity-issues-2014-11-24.patch
-Patch55: 0055-Ticket-47965-Fix-coverity-issues-2014-12-16.patch
-Patch56: 0056-Ticket-47750-During-delete-operation-do-not-refresh-.patch
-Patch57: 0057-Ticket-47989-Windows-Sync-accidentally-cleared-raw_e.patch
-Patch58: 0058-Ticket-47991-upgrade-script-fails-if-etc-and-var-are.patch
-Patch59: 0059-Ticket-47988-Schema-learning-mechanism-in-replicatio.patch
-Patch60: 0060-Ticket-47988-Schema-learning-mechanism-in-replicatio.patch
-Patch61: 0061-Ticket-48005-ns-slapd-crash-in-shutdown-phase.patch
-Patch62: 0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch
-Patch63: 0063-Ticket-48190-idm-ipa-389-ds-base-entry-cache-converg.patch
-Patch64: 0064-Ticket-48146-async-simple-paged-results-issue.patch
-Patch65: 0065-Ticket-48146-async-simple-paged-results-issue-log-pr.patch
-Patch66: 0066-Ticket-48146-async-simple-paged-results-issue-need-t.patch
-Patch67: 0067-Ticket-48146-async-simple-paged-results-issue.patch
-Patch68: 0068-Ticket-48146-async-simple-paged-results-issue.patch
-Patch69: 0069-Ticket-48146-async-simple-paged-results-issue.patch
-Patch70: 0070-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
-Patch71: 0071-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
-Patch72: 0072-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
-Patch73: 0073-Ticket-48194-nsSSL3Ciphers-preference-not-enforced-s.patch
-Patch74: 0074-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
-Patch75: 0075-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
-Patch76: 0076-Ticket-47553-Enhance-ACIs-to-have-more-control-over-.patch
-Patch77: 0077-Ticket-47553-Enhance-ACIs-to-have-more-control-over-.patch
-Patch78: 0078-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
-Patch79: 0079-Ticket-47912-Proper-handling-of-No-original_tombston.patch
-Patch80: 0080-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
-Patch81: 0081-Ticket-47931-memberOf-retrocl-deadlocks.patch
-Patch82: 0082-Ticket-47931-Fix-coverity-issues.patch
-Patch83: 0083-Ticket-47831-remove-debug-logging-from-retro-cl.patch
-Patch84: 0084-Ticket-47831-remove-debug-logging-from-retro-cl.patch
-Patch85: 0085-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
-Patch86: 0086-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
-Patch87: 0087-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+Source3: https://git.fedorahosted.org/cgit/nunc-stans.git/snapshot/nunc-stans-%{nunc_stans_ver}.tar.bz2
+Patch0: 0001-Ticket-48203-Fix-coverity-issues-06-22-2015.patch
+Patch1: 0002-Ticket-48195-Slow-replication-when-deleting-large-qu.patch
+Patch2: 0003-Ticket-48212-Dynamic-nsMatchingRule-changes-had-no-e.patch
+Patch3: 0004-Ticket-48212-CI-test-added-test-cases-for-ticket-482.patch
+Patch4: 0005-Ticket-48214-ldapsearch-on-nsslapd-maxbersize-return.patch
+Patch5: 0006-Ticket-48214-CI-test-added-test-cases-for-ticket-482.patch
+Patch6: 0007-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+Patch7: 0008-Ticket-48119-setup-ds.pl-does-not-log-invalid-file-p.patch
+Patch8: 0009-Ticket-48203-Fix-coverity-issues-07-07-2015.patch
+Patch9: 0010-Ticket-48208-CleanAllRUV-should-completely-purge-cha.patch
+Patch10: 0011-Ticket-47799-Any-negative-LDAP-error-code-number-rep.patch
+Patch11: 0012-Ticket-48013-Inconsistent-behaviour-of-DS-when-LDAP-.patch
+Patch12: 0013-Ticket-48217-cleanAllRUV-hangs-shutdown-if-not-all-o.patch
+Patch13: 0014-Ticket-48216-crash-in-ns-slapd-when-deleting-winSync.patch
+Patch14: 0015-Ticket-48119-Silent-install-needs-to-properly-exit-w.patch
+Patch15: 0016-Ticket-47878-Remove-warning-suppression-in-1.3.4.patch
+Patch16: 0017-Ticket-48223-Winsync-fails-when-AD-users-have-multip.patch
+Patch17: 0018-Ticket-47910-logconv.pl-validate-start-and-end-time-.patch
+Patch18: 0019-Ticket-48224-logconv.pl-should-handle-.tar.xz-.txz-..patch
+Patch19: 0020-Ticket-48194-CI-test-fixing-test-cases-for-ticket-48.patch
+Patch20: 0021-Ticket-48203-Fix-coverity-issues-07-14-2015.patch
+Patch21: 0022-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
+Patch22: 0023-Ticket-48224-redux-logconv.pl-should-handle-.tar.xz-.patch
+Patch23: 0024-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+Patch24: 0025-Ticket-48226-CI-test-added-test-cases-for-ticket-482.patch
+Patch25: 0026-Ticket-48179-Starting-a-replica-agreement-can-lead-t.patch
+Patch26: 0027-Ticket-47910-logconv.pl-check-that-the-end-time-is-g.patch
+Patch27: 0028-Ticket-48224-redux-2-logconv.pl-should-handle-.tar.x.patch
+Patch28: 0029-Ticket-48206-Crash-during-retro-changelog-trimming.patch
+Patch29: 0030-Ticket-48010-winsync-range-retrieval-gets-only-5000-.patch
+Patch30: 0031-Ticket-48232-winsync-lastlogon-attribute-not-syncing.patch
+Patch31: 0032-Ticket-48231-logconv-autobind-handling-regression-ca.patch
+Patch32: 0033-Ticket-47810-memberOf-plugin-not-properly-rejecting-.patch
+Patch33: 0034-Ticket-48215-verify_db.pl-doesn-t-verify-DB-specifie.patch
+Patch34: 0035-Ticket-48215-update-dbverify-usage.patch
+Patch35: 0036-Ticket-48215-update-dbverify-usage-in-main.c.patch
+Patch36: 0037-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
+Patch37: 0038-Ticket-48228-CI-test-added-test-cases-for-ticket-482.patch
+Patch38: 0039-Ticket-47931-memberOf-retrocl-deadlocks.patch
+Patch39: 0040-Ticket-47931-Fix-coverity-issues.patch
+Patch40: 0041-Ticket-47686-removing-chaining-database-links-trigge.patch
+Patch41: 0042-Ticket-47511-bashisms-in-389-ds-base-admin-scripts.patch
+Patch42: 0043-Ticket-48245-Man-pages-and-help-for-remove-ds.pl-doe.patch
+Patch43: 0044-Ticket-48249-sync_repl-uuid-may-be-invalid.patch
+Patch44: 0045-Ticket-48250-Slapd-crashes-reported-from-latest-buil.patch
+Patch45: 0046-Ticket-48233-Server-crashes-in-ACL_LasFindFlush-duri.patch
+Patch46: 0047-Ticket-48243-replica-upgrade-failed-in-starting-dirs.patch
+Patch47: 0048-Ticket-47831-remove-debug-logging-from-retro-cl.patch
+Patch48: 0049-Ticket-48254-CLI-db2index-fails-with-usage-errors.patch
+Patch49: 0050-Ticket-48254-Shell-CLI-fails-with-usage-errors-if-an.patch
+Patch50: 0051-Ticket-47757-Unable-to-dereference-unqiemember-attri.patch
+Patch51: 0052-Ticket-48228-wrong-password-check-if-passwordInHisto.patch
+Patch52: 0053-Ticket-48265-Complex-filter-in-a-search-request-doen.patch
+Patch53: 0054-Ticket-47981-COS-cache-doesn-t-properly-mark-vattr-c.patch
+Patch54: 0055-Ticket-48276-initialize-free_flags-in-reslimit_updat.patch
+Patch55: 0056-Ticket-48226-In-MMR-double-free-coould-occur-under-s.patch
+Patch56: 0057-Ticket-48266-Fractional-replication-evaluates-severa.patch
+Patch57: 0058-Ticket-48266-coverity-issue.patch
+Patch58: 0059-Ticket-48217-cleanallruv-fix-regression-with-server-.patch
+Patch59: 0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
+Patch60: 0061-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
+Patch61: 0062-Ticket-48266-coverity-unused-variable-init_retry.patch
+Patch62: 0063-Ticket-48266-Online-init-crashes-consumer.patch
+Patch63: 0064-Ticket-48284-free-entry-when-internal-add-fails.patch
+Patch64: 0065-Ticket-48266-do-not-free-repl-keep-alive-entry-on-er.patch
+Patch65: 0066-Ticket-48299-pagedresults-when-timed-out-search-resu.patch
+Patch66: 0067-Ticket-48192-Individual-abandoned-simple-paged-resul.patch
+Patch67: 0068-Ticket-48298-ns-slapd-crash-during-ipa-replica-manag.patch
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
@@ -226,6 +215,11 @@ BuildRequires: libdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: libicu-devel
BuildRequires: pcre-devel
+%if %{use_nunc_stans}
+BuildRequires: libtalloc-devel
+BuildRequires: libevent-devel
+BuildRequires: libtevent-devel
+%endif
%description libs
Core libraries for the 389 Directory Server base package. These libraries
@@ -245,12 +239,20 @@ Requires: openldap-devel
%else
Requires: mozldap-devel
%endif
+%if %{use_nunc_stans}
+Requires: libtalloc
+Requires: libevent
+Requires: libtevent
+%endif
%description devel
Development Libraries and headers for the 389 Directory Server base package.
%prep
%setup -q -n %{name}-%{version}%{?prerel}
+%if %{use_nunc_stans}
+%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3
+%endif
cp %{SOURCE2} README.devel
%patch0 -p1
%patch1 -p1
@@ -320,38 +322,32 @@ cp %{SOURCE2} README.devel
%patch65 -p1
%patch66 -p1
%patch67 -p1
-%patch68 -p1
-%patch69 -p1
-%patch70 -p1
-%patch71 -p1
-%patch72 -p1
-%patch73 -p1
-%patch74 -p1
-%patch75 -p1
-%patch76 -p1
-%patch77 -p1
-%patch78 -p1
-%patch79 -p1
-%patch80 -p1
-%patch81 -p1
-%patch82 -p1
-%patch83 -p1
-%patch84 -p1
-%patch85 -p1
-%patch86 -p1
-%patch87 -p1
%build
+%if %{use_nunc_stans}
+pushd ../nunc-stans-%{nunc_stans_ver}
+%configure --with-fhs --libdir=%{_libdir}/%{pkgname}
+make %{?_smp_mflags}
+mkdir lib
+cp .libs/libnunc-stans.so.0.0.0 lib/libnunc-stans.so
+mkdir -p include/nunc-stans
+cp nunc-stans.h include/nunc-stans/nunc-stans.h
+popd
+%endif
+
%if %{use_openldap}
OPENLDAP_FLAG="--with-openldap"
%endif
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
NSSARGS="--with-svrcore-inc=%{_includedir} --with-svrcore-lib=%{_libdir} --with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
+%if %{use_nunc_stans}
+NUNC_STANS_FLAGS="--enable-nunc-stans --with-nunc-stans=../nunc-stans-%{nunc_stans_ver}"
+%endif
%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
- --with-systemdgroupname=%{groupname} $NSSARGS
+ --with-systemdgroupname=%{groupname} $NSSARGS $NUNC_STANS_FLAGS
# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS
@@ -366,6 +362,14 @@ make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
+%if %{use_nunc_stans}
+pushd ../nunc-stans-%{nunc_stans_ver}
+make DESTDIR="$RPM_BUILD_ROOT" install
+rm -rf $RPM_BUILD_ROOT%{_includedir} $RPM_BUILD_ROOT%{_datadir} \
+ $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/pkgconfig
+popd
+%endif
+
make DESTDIR="$RPM_BUILD_ROOT" install
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
@@ -389,6 +393,7 @@ rm -rf $RPM_BUILD_ROOT
%post
output=/dev/null
+output2=/dev/null
%systemd_post %{pkgname}-snmp.service
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
@@ -401,12 +406,17 @@ instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
+ output2=${DEBUGPOSTTRANS}.upgrade
fi
-echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
-for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
- if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
- inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
- echo found instance $inst - getting status >> $output 2>&1 || :
+echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
+instbase="%{_sysconfdir}/%{pkgname}"
+for dir in $instbase/slapd-* ; do
+ echo dir = $dir >> $output 2>&1 || :
+ if [ ! -d "$dir" ] ; then continue ; fi
+ case "$dir" in *.removed) continue ;; esac
+ basename=`basename $dir`
+ inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
+ echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
@@ -431,9 +441,9 @@ echo remove pid files . . . >> $output 2>&1 || :
echo upgrading instances . . . >> $output 2>&1 || :
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
- %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
+ %{_sbindir}/setup-ds.pl -l $output2 -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
else
- %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
+ %{_sbindir}/setup-ds.pl -l $output2 -u -s General.UpdateMode=offline >> $output 2>&1 || :
fi
# restart instances that require it
@@ -459,7 +469,7 @@ fi
%files
%defattr(-,root,root,-)
-%doc LICENSE EXCEPTION LICENSE.GPLv2
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
@@ -487,51 +497,170 @@ fi
%files devel
%defattr(-,root,root,-)
-%doc LICENSE EXCEPTION LICENSE.GPLv2 README.devel
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%{_includedir}/%{pkgname}
%{_libdir}/%{pkgname}/libslapd.so
+%if %{use_nunc_stans}
+%{_libdir}/%{pkgname}/libnunc-stans.so
+%endif
%{_libdir}/pkgconfig/*
%files libs
%defattr(-,root,root,-)
-%doc LICENSE EXCEPTION LICENSE.GPLv2 README.devel
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%dir %{_libdir}/%{pkgname}
%{_libdir}/%{pkgname}/libslapd.so.*
%{_libdir}/%{pkgname}/libns-dshttpd.so*
+%if %{use_nunc_stans}
+%{_libdir}/%{pkgname}/libnunc-stans.so*
+%endif
%changelog
-* Thu Sep 24 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-23
-- release 1.3.3.1-23
-- Resolves: bug 1262363 - In MMR, double free coould occur under some special condition (DS 48226)
-
-* Fri Sep 11 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-22
-- release 1.3.3.1-22
-- Resolves: bug 1262363 - In MMR, double free coould occur under some special condition (DS 48226)
-
-* Tue Sep 8 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-21
-- release 1.3.3.1-21
-- Resolves: bug 1258318 - Deadlock with retrochangelog, memberof plugin (DS 47931)
-- Resolves: bug 1259466 - Enhance ACIs to have more control over MODRDN operations (DS 47553)
-- Resolves: bug 1259999 - Some filters in RHDS10 are not working fine. (DS 48265)
-- Resolves: bug 1260000 - handling of "No original_tombstone for changenumber" errors (DS 47912)
-- Resolves: bug 1260001 - cleanallruv should completely clean changelog (DS 48208)
-
-* Thu Jul 16 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-20
-- release 1.3.3.1-20
-- Resolves: bug 1243718 - Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute (DS 48223)
-
-* Mon Jul 6 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-19
+* Mon Oct 5 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-19
+- release 1.3.4.0-19
+- Resolves: bug 1228823 - async simple paged results issue (DS 48299, DS 48192)
+- Resolves: bug 1266944 - ns-slapd crash during ipa-replica-manage del (DS 48298)
+
+* Tue Sep 22 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-18
+- release 1.3.4.0-18
+- Resolves: bug 1259949 - Fractional replication evaluates several times the same CSN (DS 48266, DS 48284)
+
+* Fri Sep 18 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-17
+- release 1.3.4.0-17
+- Resolves: bug 1259949 - A backport error (coverity -- unused variable 'init_retry')
+
+* Fri Sep 18 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-16
+- release 1.3.4.0-16
+- Resolves: bug 1243970 - In MMR, double free coould occur under some special condition (DS 48276, DS 48226)
+- Resolves: bug 1259949 - Fractional replication evaluates several times the same CSN (DS 48266)
+- Resolves: bug 1241723 - cleanallruv - fix regression with server shutdown (DS 48217)
+- Resolves: bug 1264224 - segfault in ns-slapd due to accessing Slapi_DN freed in pre bind plug-in (DS 48188)
+
+* Fri Sep 4 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-15
+- release 1.3.4.0-15
+- Resolves: bug 1258996 - Complex filter in a search request doen't work as expected. (regression) (DS 48265)
+- Resolves: bug 1179370 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes (DS 47981)
+
+* Tue Aug 25 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-14
+- release 1.3.4.0-14
+- Resolves: bug 1246389 - wrong password check if passwordInHistory is decreased. (DS 48228)
+- Resolves: bug 1255851 - Shell CLI fails with usage errors if an argument containing white spaces is given (DS 48254)
+- Resolves: bug 1256938 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax (DS 47757)
+
+* Wed Aug 19 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-13
+- release 1.3.4.0-13
+- Resolves: bug 1245519 - remove debug logging from retro cl (DS 47831)
+
+* Tue Aug 18 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-12
+- release 1.3.4.0-12
+- Resolves: bug 1252133 - replica upgrade failed in starting dirsrv service (DS 48243)
+- Resolves: bug 1254344 - Server crashes in ACL_LasFindFlush during shutdown if ACIs contain IP addresss restrictions (DS 48233)
+
+* Fri Aug 14 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-11
+- release 1.3.4.0-11
+- Resolves: bug 1249784 - ipa-dnskeysyncd unhandled exception on named-pkcs11 start (DS 48249)
+- Resolves: bug 1252082 - removing chaining database links trigger valgrind read error (DS 47686)
+- Resolves: bug 1252207 - bashisms in 389-ds-base admin scripts (DS 47511)
+- Resolves: bug 1252533 - Man pages and help for remove-ds.pl doesn't display "-a" option (DS 48245)
+- Resolves: bug 1252781 - Slapd crashes reported from latest builds (DS 48250)
+
+* Mon Aug 10 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-10
+- release 1.3.4.0-10
+- Resolves: bug 1245519 - Fix coverity issues (DS 47931)
+
+* Fri Aug 7 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-9
+- release 1.3.4.0-9
+- Resolves: bug 1240876 - verify_db.pl doesn't verify DB specified by -a option. (DS 48215)
+- Resolves: bug 1245235 - winsync lastlogon attribute not syncing between IPA & Windows 2008. (DS 48232)
+- Resolves: bug 1245519 - Deadlock with retrochangelog, memberof plugin (DS 47931)
+- Resolves: bug 1246389 - wrong password check if passwordInHistory is decreased. (DS 48228)
+- Resolves: bug 1247811 - logconv autobind handling regression caused by 47446 (DS 48231)
+- Resolves: bug 1250177 - Investigate betxn plugins to ensure they return the correct error code (DS 47810)
+
+* Thu Jul 23 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-8
+- release 1.3.4.0-8
+- Resolves: bug 1160243 - [RFE] allow logconv.pl -S/-E switches to work even when exact/same timestamps are not present in access log file (DS 47910)
+- Resolves: bug 1172037 - winsync range retrieval gets only 5000 values upon initialization (DS 48010)
+- Resolves: bug 1242531 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224)
+- Resolves: bug 1243950 - When starting a replica agreement a deadlock can occur with an op updating nsuniqueid index (DS 48179)
+- Resolves: bug 1243970 - In MMR, double free coould occur under some special condition (DS 48226)
+- Resolves: bug 1244926 - Crash while triming the retro changelog (DS 48206)
+
+* Thu Jul 16 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-7
+- release 1.3.4.0-7
+- Resolves: bug 1235060 - Fix coverity issues - 07/14/2015 (DS 48203)
+- Resolves: bug 1242531 - redux - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224)
+
+* Tue Jul 14 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-6
+- release 1.3.4.0-6
+- Resolves: bug 1240845 - cleanallruv should completely clean changelog (DS 48208)
+- Resolves: bug 1095603 - Any negative LDAP error code number reported as Illegal error by ldclt. (DS 47799)
+- Resolves: bug 1168675 - Inconsistent behaviour of DS when LDAP Sync is used with an invalid cookie (DS 48013)
+- Resolves: bug 1241723 - cleanAllRUV hangs shutdown if not all of the replicas are online (DS 48217)
+- Resolves: bug 1241497 - crash in ns-slapd when deleting winSyncSubtreePair from sync agreement (DS 48216)
+- Resolves: bug 1240404 - Silent install needs to properly exit when INF file is missing (DS 48119)
+- Resolves: bug 1240406 - Remove warning suppression in 1.3.4 (DS 47878)
+- Resolves: bug 1242683 - Winsync fails when AD users have multiple spaces (two)inside the value of the rdn attribute (DS 48223)
+- Resolves: bug 1160243 - logconv.pl - validate start and end time args (DS 47910)
+- Resolves: bug 1242531 - logconv.pl should handle *.tar.xz, *.txz, *.xz log files (DS 48224)
+- Resolves: bug 1230996 - CI test: fixing test cases for ticket 48194 (DS 48194)
+
+* Tue Jul 7 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-5
+- release 1.3.4.0-5
+- Resolves: bug 1235060 - Fix coverity issues (DS 48203)
+
+* Tue Jul 7 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-4
+- release 1.3.4.0-4
+- Resolves: bug 1240404 - setup-ds.pl does not log invalid --file path errors the same (DS 48119)
+- Resolves: bug 1240406 - setup -u stops after first failure (DS 47878)
+
+* Mon Jul 6 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-3
+- release 1.3.4.0-3
+- Resolves: bug 1228823 - async simple paged results issue (DS 48192)
+- Resolves: bug 1237325 - reindex off-line twice could provoke index corruption (DS 48212)
+- Resolves: bug 1238790 - ldapsearch on nsslapd-maxbersize returns 0 instead of current value (DS 48214)
+
+* Wed Jun 24 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-2
+- release 1.3.4.0-2
+- Resolves: bug 1235060 - Fix coverity issues
+- Resolves: bug 1235387 - Slow replication when deleting large quantities of multi-valued attributes (DS 48195)
+
+* Fri Jun 19 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.4.0-1
+- Release 1.3.4.0-1 (rebase)
+- Enable nunc-stans for x86_64.
+- Resolves: bug 1034325 - Linked attributes betxnpreoperation - transaction not aborted when linked entry does not exit (DS 47640)
+- Resolves: bug 1052755 - Retro Changelog Plugin accepts invalid value in nsslapd-changelogmaxage attribute (DS 47669)
+- Resolves: bug 1096409 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown (DS 47801)
+- Resolves: bug 1145378 - Adding an entry with an invalid password as rootDN is incorrectly rejected (DS 47900)
+- Resolves: bug 1145382 - Bad manipulation of passwordhistory (DS 47905)
+- Resolves: bug 1154147 - Uniqueness plugin: should allow to exclude some subtrees from its scope (DS 47927)
+- Resolves: bug 1171358 - Make ReplicaWaitForAsyncResults configurable (DS 47957)
+- Resolves: bug 1171663 - MODDN fails when entry doesn't have memberOf attribute and new DN is in the scope of memberOfExcludeSubtree (DS 47526)
+- Resolves: bug 1174457 - [RFE] memberOf - add option to skip nested group lookups during delete operations (DS 47963)
+- Resolves: bug 1178640 - db2bak.pl man page should be improved. (DS 48008)
+- Resolves: bug 1179370 - COS cache doesn't properly mark vattr cache as invalid when there are multiple suffixes (DS 47981)
+- Resolves: bug 1180331 - Local Password Policies for Nested OU's not honoured (DS 47980)
+- Resolves: bug 1180776 - nsslapd-db-locks modify not taking into account (DS 47934)
+- Resolves: bug 1181341 - nsslapd-changelogtrim-interval and nsslapd-changelogcompactdb-interval are not validated (DS 47617)
+- Resolves: bug 1185882 - ns-activate.pl fails to activate account if it was disabled on AD (DS 48001)
+- Resolves: bug 1186548 - ns-slapd crash in shutdown phase (DS 48005)
+- Resolves: bug 1189154 - DNS errors after IPA upgrade due to broken ReplSync (DS 48030)
+- Resolves: bug 1206309 - winsync sets AccountUserControl in AD to 544 (DS 47723)
+- Resolves: bug 1210845 - slapd crashes during Dogtag clone reinstallation (DS 47966)
+- Resolves: bug 1210850 - add an option '-u' to dbgen.pl for adding group entries with (DS 48025)
+- Resolves: bug 1210852 - aci with wildcard and macro not correctly evaluated (DS 48141)
+
+* Fri Jun 12 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-19
- release 1.3.3.1-19
-- Resolves: bug 1230037 - async simple paged results issue (DS 48192)
+- Resolves: bug 1230996 - nsSSL3Ciphers preference not enforced server side (DS 48194)
-* Tue Jun 16 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-18
+* Fri Jun 5 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-18
- release 1.3.3.1-18
-- Resolves: bug 1232100 - CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference not enforced server side (DS 48194)
+- Resolves: bug 1228823 - async simple paged results issue (DS 48146, DS 48192)
-* Wed Jun 10 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-17
+* Tue Jun 2 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-17
- release 1.3.3.1-17
-- Resolves: bug 1230038 - idm/ipa 389-ds-base entry cache converges to 500 KB in dblayer_is_cachesize_sane (DS 48190)
-- Resolves: bug 1230037 - async simple paged results issue (DS 48146, DS 48192)
+- Resolves: bug 1226510 - idm/ipa 389-ds-base entry cache converges to 500 KB in dblayer_is_cachesize_sane (DS 48190)
* Tue Apr 21 2015 Noriko Hosoi <nhosoi@redhat.com> - 1.3.3.1-16
- release 1.3.3.1-16