From cf69660948f8d215417def922d31111768393176 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 18 Oct 2023 17:27:19 +0200 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 389-ds revision 849bc47441ba176dd017696fdc628845 --- .gitattributes | 23 + 389-ds-base-2.2.8~git37.fdb3bae.tar.zst | 3 + 389-ds-base.obsinfo | 4 + 389-ds-rpmlintrc | 1 + 389-ds.changes | 3434 +++++++++++++++++++++++ 389-ds.spec | 452 +++ 70yast.ldif | 628 +++++ LICENSE.openldap | 47 + _service | 44 + _servicedata | 4 + dirsrv-user.conf | 3 + extra-schema.tgz | 3 + krbkdcbefore.conf | 7 + supportutils-plugin-dirsrv.tar.zst | 3 + vendor.tar.zst | 3 + 15 files changed, 4659 insertions(+) create mode 100644 .gitattributes create mode 100644 389-ds-base-2.2.8~git37.fdb3bae.tar.zst create mode 100644 389-ds-base.obsinfo create mode 100644 389-ds-rpmlintrc create mode 100644 389-ds.changes create mode 100644 389-ds.spec create mode 100644 70yast.ldif create mode 100644 LICENSE.openldap create mode 100644 _service create mode 100644 _servicedata create mode 100644 dirsrv-user.conf create mode 100644 extra-schema.tgz create mode 100644 krbkdcbefore.conf create mode 100644 supportutils-plugin-dirsrv.tar.zst create mode 100644 vendor.tar.zst diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/389-ds-base-2.2.8~git37.fdb3bae.tar.zst b/389-ds-base-2.2.8~git37.fdb3bae.tar.zst new file mode 100644 index 0000000..327b332 --- /dev/null +++ b/389-ds-base-2.2.8~git37.fdb3bae.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7326a88952de1827e51dcedc9b198e68e611b75dd7d2bedc908d083d2a894ac0 +size 4471437 diff --git a/389-ds-base.obsinfo b/389-ds-base.obsinfo new file mode 100644 index 0000000..1ef2f6c --- /dev/null +++ b/389-ds-base.obsinfo @@ -0,0 +1,4 @@ +name: 389-ds-base +version: 2.2.8~git37.fdb3bae +mtime: 1691676877 +commit: fdb3bae34b979bb9d345cf250bae1f0343e47c2a diff --git a/389-ds-rpmlintrc b/389-ds-rpmlintrc new file mode 100644 index 0000000..b88d856 --- /dev/null +++ b/389-ds-rpmlintrc @@ -0,0 +1 @@ +addFilter("W: incorrect-fsf-address") diff --git a/389-ds.changes b/389-ds.changes new file mode 100644 index 0000000..f3eeb55 --- /dev/null +++ b/389-ds.changes @@ -0,0 +1,3434 @@ +------------------------------------------------------------------- +Tue Aug 15 04:08:16 UTC 2023 - william.brown@suse.com + +- bsc#1212726 - SSSD client performance improvements +- Update to version 2.2.8~git37.fdb3bae: + * Issue 5082 - slugify: ModuleNotFoundError when running test cases + * Issue 4551 - Part 2 - Fix build warning of previous PR (#5888) + * Issue 5834 - AccountPolicyPlugin erroring for some users (#5866) + * Issue 5872 - part 2 - fix is_dbi regression (#5887) + * Issue 5804 - dtablesize being set to soft maxfiledescriptor limit (#5806) + * Issue 5848 - dsconf should prevent setting the replicaID for hub and consumer roles (#5849) + * Issue 5883 - Remove connection mutex contention risk on autobind (#5886) + * Issue 5872 - `dbscan()` in lib389 can return bytes + * Bump version to 2.2.9 + * Issue 5729 - Memory leak in factory_create_extension (#5814) + * Issue 5877 - test_basic_ldapagent breaks test_setup_ds_as_non_root* tests + * Issue 5853 - Update Cargo.lock and fix minor warning (#5854) + * Issue 5867 - lib389 should use filter for tarfile as recommended by PEP 706 (#5868) + * Issue 5864 - Server fails to start after reboot because it's unable to access nsslapd-rundir + * Issue 5856 - SyntaxWarning: invalid escape sequence '\,' + * Issue 5859 - dbscan fails with AttributeError: 'list' object has no attribute 'extends' + +------------------------------------------------------------------- +Fri Jul 21 04:20:07 UTC 2023 - william.brown@suse.com + +- bsc#1212726 - SSSD client performance improvements +- Update to version 2.2.8~git21.c11e86f: + * Issue 4551 - Paged search impacts performance (#5838) + * Issue 4169 - UI - Fix retrochangelog and schema Typeaheads (#5837) + * issue 5833 - dsconf monitor backend fails on lmdb (#5835) + * Issue 3555 - UI - Fix audit issue with npm - semver and word-wrap + +------------------------------------------------------------------- +Tue Jul 11 01:55:15 UTC 2023 - william.brown@suse.com + +- bsc#1213190 - update for stability patches +- Update to version 2.2.8~git17.48834f1: + * Issue 5752 - RFE - Provide a history for LastLoginTime (#5807) + * Issue 5793 - UI - fix suffix selection in export modal + * Issue 5825 - healthcheck - password storage scheme warning needs more info + * Issue #5822 - Allow empty export path for db2ldif + * Issue 5755 - Massive memory leaking on update operations (#5824) + * Issue 5551 - Almost empty and not loaded ns-slapd high cpu load + * Issue 5722 - RFE When a filter contains 'nsrole', improve response time by rewriting the filter (#5723) + * Issue 5755 - The Massive memory leaking on update operations (#5803) + * Issue 5752 - CI - Add more tests for lastLoginHistorySize RFE (#5802) + * Issue 2375 - CLI - Healthcheck - revise and add new checks + * Issue 5781 - Bug handling return code of pre-extended operation plugin. + * Issue 5646 - Various memory leaks (#5725) + * Issue 5789 - Improve ds-replcheck error handling + +------------------------------------------------------------------- +Tue May 30 00:29:53 UTC 2023 - william.brown@suse.com + +- bsc#1211812 - update for stability patches +- Update to version 2.2.8~git4.1eeaedf: + * Issue 5642 - Build fails against setuptools 67.0.0 + * Issue 5778 - UI - Remove error message if .dsrc is missing + * Issue 5751 - Cleanallruv task crashes on consumer (#5775) + * Issue 5743 - Disabling replica crashes the server (#5746) + * Bump version to 2.2.8 + * Issue 5752 - RFE - Provide a history for LastLoginTime (#5753) + * Issue 5770 - RFE - Extend Password Adminstrators to allow skipping password info updates + * Issue 5768 - CLI/UI - cert checks are too strict, and other issues + * Issue 5765 - Improve installer selinux handling + * Issue 5643 - Memory leak in entryrdn during delete (#5717) + * Issue 152 - RFE - Add support for LDAP alias entries + * Issue 5052 - BUG - Custom filters prevented entry deletion (#5060) + * Issue 5704 - crash in sync_refresh_initial_content (#5720) + * Issue 5738 - RFE - UI - Read/write replication monitor info to .dsrc file + * Issue 5749 - RFE - Allow Account Policy Plugin to handle inactivity and expiration at the same time + * Bump version to 2.2.7 + +------------------------------------------------------------------- +Fri Apr 21 00:36:40 UTC 2023 - william.brown@suse.com + +- bsc#1210462 - OpenLDAP to 389-ds migration - exclude some unsupported attributes. +- Update to version 2.2.6~git40.002a0ca: + * Issue 5734 - RFE - Exclude pwdFailureTime and ContextCSN (#5735) + * Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727) + * Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations + * Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711) + * Issue 1081 - Stop schema replication from overwriting x-origin + * Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699) + * Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692) + * Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691) + * Issue 5687 - UI - sensitive information disclosure + * Issue 4583 - Update specfile to skip checks of ASAN builds + * Issue 5550 - dsconf monitor crashes with Error math domain error (#5553) + * Issue 3604 - UI - Add support for Subject Alternative Names in CSR + * Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled + * Fix build break + * Issue 5640 - Update logconv for new logging format + * Issue 5545 - A random crash in import over lmdb (#5546) + * Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498) + * Issue 5408: lmdb import is slow (#5481) + * Issue 5162 - CI - fix error message for invalid pem file + * Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604) + * Issue 5671 - covscan - clang warning (#5672) + * Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn + * Issue 5666 - CLI - Add timeout parameter for tasks + * Issue 5567 - CLI - make ldifgen use the same default ldif name for all options + * Issue 5162 - Lib389 - verify certificate type before adding + * Issue 5630 - CLI - need to add logging filter for stdout + * Issue 5646 - CLI/UI - do not hardcode password storage schemes + * Issue 5640 - Update logconv for new logging format + * Issue 5652 - Libasan crash in replication/cascading_test (#5659) + * Issue 5658 - CLI - unable to add attribute with matching rule + * Issue 5653 - covscan - fix invalid dereference + * Issue 5648 - Covscan - Compiler warnings (#5651) + * Issue 5630 - CLI - error messages should goto stderr + * Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639) + * Issue 5632 - CLI - improve error handling with db2ldif + * Issue 5578 - dscreate ds-root does not normaile paths (#5613) + * Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579) + * Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates + * Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees + * Issue 5497 - boolean attributes should be case insensitive + * Bump version to 2.2.6 + * Issue 5607, 5351, 5611 - UI/CLI - fix various issues + * Issue 5608 - UI - need to replace some "const" with "let" + * Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584) + * Issue 5602 - UI - browser crash when trying to modify read-only variable + * Issue 5581 - UI - Support cockpit dark theme + +------------------------------------------------------------------- +Wed Jan 11 01:51:45 UTC 2023 - william.brown@suse.com + +- bsc#1205996 - prevent segfault in cl5configtrim +- Update to version 2.2.4~git25.c81ee34: + * Issue 5593 - CLI - dsidm account subtree-status fails with TypeError + * Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592) + * Fix latest npm audit failures + * Issue 5599 - CI - webui tests randomly fail + * Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries + +------------------------------------------------------------------- +Fri Jan 06 01:29:49 UTC 2023 - william.brown@suse.com + +- bsc#1206563 - improve pam_saslauthd migration handling from openldap +- Update to version 2.2.4~git20.7eba9b9: + * Issue 5526 - RFE - Improve saslauthd migration options (#5528) + * Issue 5588 - Fix CI tests + * Issue 5585 - lib389 password policy DN handling is incorrect (#5587) + * Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth + * Bump version to 2.2.5 + * Issue 5236 - UI add specialized group edit modal + * Issue 5278 - CLI - dsidm asks for the old password on password reset + * Issue 5531 - CI - use universal_lines in capture_output + * Issue 5505 - Fix compiler warning (#5506) + * Issue 3615 - CLI - prevent virtual attribute indexing + * Issue 5413 - Allow mutliple MemberOf fixup tasks with different bases/filters + * Issue 5561 - Nightly tests are failing + +------------------------------------------------------------------- +Tue Dec 06 02:25:05 UTC 2022 - william.brown@suse.com + +- bsc#1205974 - support pam_saslauthd for authentication pass through + requirements. See also jsc#PED-2701 +- Update to version 2.2.4~git8.8a6e7be: + * Issue 5521 - RFE - split pass through auth cli + * Issue 5521 - BUG - Pam PTA multiple issues + * Issue 5544 - Increase default task TTL + +------------------------------------------------------------------- +Wed Nov 23 22:50:51 UTC 2022 - william.brown@suse.com + +- Update to version 2.2.4~git5.d25f9eb: + * Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542) + * Issue 5539 - Make logger's parameter name unified (#5540) + * Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538) + * Issue 5534 - Fix a rebase typo (#5537) + * Issue 5534 - Add copyright text to the repository files + * Bump version to 2.2.4 + * Issue 5532 - Make db compaction TOD day more robust. + * Issue 3729 - RFE Extend log of operations statistics in access log (#5508) + * Issue 5529 - UI - Fix npm vulnerability in loader-utils + * Issue 3555 - UI - fix audit issue with npm loader-utils (#5514) + * Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement + * Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516) + * Issue 5162 - RFE - CLI allow adding CA certificate bundles + * Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455) + * Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513) + * Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed + * Issue 5502 - RFE - Add option to display entry attributes in audit log + * Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501) + * Issue 5367 - RFE - store full DN in database record + +------------------------------------------------------------------- +Fri Oct 21 03:34:30 UTC 2022 - william.brown@suse.com + +- Update to version 2.2.3~git20.b1ed566: + * Issue 5495 - RFE - skip dds during migration. (#5496) + * Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492) + * Issue 5368 - Retro Changelog trimming does not work (#5486) + * Issue 5487 - Fix various issues with logconv.pl + * Issue 5482 - lib389 - Can not enable replication with a mixed case suffix + * Issue 5478 - Random crash in connection code during server shutdown (#5479) + * Issue 3061 - RFE - Add password policy debug log level + * Issue 4324 - Revert recursive pthread mutex usage in factory.c + * Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264) + * Issue 4324 - Revert recursive pthread mutex change (#5463) + +------------------------------------------------------------------- +Fri Oct 21 03:08:36 UTC 2022 - william.brown@suse.com + +- bsc#1204493 - Improve reliability of migrations from openldap when dynamic directory services + is configured. +- Update to version 2.0.16~git52.76ecbe1: + * Issue 5495 - RFE - skip dds during migration. (#5496) + * Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492) + * Issue 5368 - Retro Changelog trimming does not work (#5486) + * Issue 5487 - Fix various issues with logconv.pl + * Issue 5482 - lib389 - Can not enable replication with a mixed case suffix + * Issue 4776 - Fix entryuuid fixup task (#5483) + * Issue 5356 - Update Cargo.lock and bootstrap PBKDF2-SHA512 (#5480) + * Issue 3061 - RFE - Add password policy debug log level + * Issue 5462 - RFE - add missing default indexes (#5464) + * Issue 4324 - Revert recursive pthread mutex usage in factory.c + +------------------------------------------------------------------- +Mon Sep 26 05:52:46 UTC 2022 - william.brown@suse.com + +- bsc#1194119 - CVE-2021-45710 - tokio data race with memory corruption +- Update to version 2.0.16~git37.9a47b3d2: + * Revert "Issue 5446 - Fix some covscan issues (#5451)" + * Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255) + * Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272) + * Issue 5453 - UI/CLI - Changing Root DN breaks UI + * Issue 5446 - Fix some covscan issues (#5451) + * Issue 5294: Report Portal 5 is not processing an XML file with (#5358) + * Issue 4588 - Gost yescrypt may fail to build on some older versions of glibc + * Issue 4308 - checking if an entry is a referral is expensive + * Issue 5447 - UI - add NDN max cache size to UI + * Issue 5443 - UI - disable save button while saving + * Issue 5077 - UI - Add retrocl exclude attribute functionality (#5078) + +------------------------------------------------------------------- +Tue Aug 23 01:50:22 UTC 2022 - william.brown@suse.com + +- bsc#1202470 - CVE-2022-2850 - Resolve sync repl crash during invalid cookie handling +- Update to version 2.0.16~git20.219f047ae: + * Issue #5423 - Fix missing 'not' in description + * Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422) + * Issue 3903 - fix repl keep alive event interval + * Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420) + * Issue 5415 - Hostname when set to localhost causing failures in other tests + * Issue 5412 - lib389 - do not set backend name to lowercase + * Issue 3903 - keep alive update event starts too soon + * Issue 5397 - Fix various memory leaks + * Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400) + * Issue 3903 - Supplier should do periodic updates + +------------------------------------------------------------------- +Tue Aug 02 04:30:18 UTC 2022 - william.brown@suse.com + +- bsc#1197998 - Update sudoers schema to support UTF-8 +- Update to version 2.0.16~git9.e2a858a86: + * Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387) + * Issue 5383 - UI - Various fixes and RFE's for UI + * Issue 4656 - Remove problematic language from source code + * Issue 5380 - Separate cleanAllRUV code into new file + * Issue 5322 - optime & wtime on rejected connections is not properly set + * Issue 5375 - CI - disable TLS hostname checking + * Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function + * Issue 5371 - Update npm and cargo packages + * Issue 3069 - Support ECDSA private keys for TLS (#5365) + * Bump version to 2.0.16 + +------------------------------------------------------------------- +Wed Jun 8 05:48:39 UTC 2022 - William Brown + +- Changelog fix - bsc#1195324 - CVE-2021-4091 - double free in psearch + +------------------------------------------------------------------- +Tue May 31 01:25:48 UTC 2022 - william.brown@suse.com + +- bsc#1199889 - CVE-2022-1949 - full access control bypass with simple crafted query, resolved + by Issue 5170. +- Update to version 2.0.15~git26.1ea6a6803: + * Issue 5302 - Release tarballs don't contain cockpit webapp + * Issue 5237 - audit-ci: Cannot convert undefined or null to object + * Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285) + * Issue 4970 - Add support for recursively deleting subentries + * Issue 5284 - Replication broken after password change (#5286) + * Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292) + * Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int' + * Issue 5170 - RFE - Filter optimiser (#5171) + * Issue 5276 - CLI - improve task handling + * Issue 5273 - CLI - add arg completer for instance name + +------------------------------------------------------------------- +Tue May 03 01:47:13 UTC 2022 - william.brown@suse.com + +- Resolve bsc#1199008 - An incorrectly backported fix would cause dscontainer not to start + due to a missing function definition +- Update to version 2.0.15~git17.498ec3e93: + * Issue 5273 - CLI - add arg completer for instance name + * Issue 2893 - CLI - dscreate - add options for setting up replication + * Issue 4866 - CLI - when enabling replication set changelog trimming by default + * Issue 5241 - UI - Add account locking missing functionality (#5251) + * Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266) + * Issue 5098 - Fix cherry-pick error + * Fix cherry-pick error + * Issue 4904 - Fix various small issues + * Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261) + * Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256) + * Issue 5210 - Python undefined names in lib389 + * Issue 4959 - BUG - Invalid /etc/hosts setup can cause isLocalHost (#4960) + * Issue 5249 - dscontainer: ImportError: cannot import name 'get_default_db_lib' from 'lib389.utils' + +------------------------------------------------------------------- +Thu Mar 31 04:41:36 UTC 2022 - william.brown@suse.com + +- Resolve bsc#1197275 - CVE-2022-0918 - Crafted message may cause DoS +- Update to version 2.0.15~git4.f46ab49c9: + * Issue 5242- Craft message may crash the server (#5243) + * Issue 5234 - UI - rename Users and Groups tab + * Issue 5217 - Simplify instance creation and administration by non root user (#5224) + * Issue 5227 - UI - No way to move back to Get Started step (#5233) + * Bump version to 2.0.15 + * Issue 5230 - Race condition in RHDS disk monitoring functions + * Issue 4299 - UI - Add CoS funtionality (#5196) + * Issue 5225 - UI - impossible to manually set entry cache + * Issue 5186 - UI - Fix SASL Mapping regex test feature + * Issue 5221 - User with expired password can still login with full privledges + +------------------------------------------------------------------- +Tue Mar 22 00:21:35 UTC 2022 - william.brown@suse.com + +- Resolve bsc#1197345 - CVE-2022-0996 - Mishandling of password expiry +- Update to version 2.0.14~git25.e6431d959: + * Issue 5221 - User with expired password can still login with full privledges + * Issue 5218 - double-free of the virtual attribute context in persistent search (#5219) + * Issue 5200 - dscontainer should use environment variables with DS_ prefix + * Issue 5193 - Incomplete ruv occasionally returned from ruv search (#5194) + * Issue 5189 - memberOf plugin exclude subtree not cleaning up groups on modrdn + * Issue 5188 - UI - LDAP editor - add entry and group types + * Issue 5184 - memberOf does not work correctly with multiple include scopes + * Issue 5162 - BUG - error on importing chain files (#5164) + * Issue 5186 - UI - Fix SASL Mapping regex validation and other minor improvements + * Issue 5048 - Support for nsslapd-tcp-fin-timeout and nsslapd-tcp-keepalive-time (#5179) + +------------------------------------------------------------------- +Tue Feb 22 00:20:18 UTC 2022 - william.brown@suse.com + +- fixes bsc#1196425 +- jsc#SLE-22585 - Support running with bare uid/gid (non-root) in containers. +- Update to version 2.0.14~git12.d04ffd4b6: + * Issue 5102 - BUG - container may fail with bare uid/gid (#5140) + * Issue 5137 - RFE - improve sssd conf output (#5138) + * Issue 5145 - Fix covscan errors + * Issue 4721 - UI - attribute uniqueness crashes UI when there are no configs + * Issue 5155 - RFE - Provide an option to abort an Auto Member rebuild task + * Issue 4299 - UI - Add Role funtionality (#5163) + * Issue 5050 - bdb bulk op fails if fs page size > 8K (#5150) + * Issue 4775 - Add entryuuid CLI and Fixup (#4776) + * Issue 5142 - CLI - dsctl dbgen is broken + * Issue 4299 - UI - fix minor issues with ldap editor (table view) + +------------------------------------------------------------------- +Tue Feb 22 00:20:18 UTC 2022 - william.brown@suse.com + +- jsc#SLE-22585 - Support running with bare uid/gid (non-root) in containers. +- Update to version 2.0.14~git12.d04ffd4b6: + * Issue 5102 - BUG - container may fail with bare uid/gid (#5140) + * Issue 5137 - RFE - improve sssd conf output (#5138) + * Issue 5145 - Fix covscan errors + * Issue 4721 - UI - attribute uniqueness crashes UI when there are no configs + * Issue 5155 - RFE - Provide an option to abort an Auto Member rebuild task + * Issue 4299 - UI - Add Role funtionality (#5163) + * Issue 5050 - bdb bulk op fails if fs page size > 8K (#5150) + * Issue 4775 - Add entryuuid CLI and Fixup (#4776) + * Issue 5142 - CLI - dsctl dbgen is broken + * Issue 4299 - UI - fix minor issues with ldap editor (table view) + +------------------------------------------------------------------- +Tue Jan 25 01:34:10 UTC 2022 - william.brown@suse.com + +- Update to version 2.0.13~git1.72eb93ac9: + * Issue 5129 - BUG - Incorrect fn signature in add_index (#5130) + * Bump version to 2.0.13 + * Issue 5132 - Update Rust crate lru to fix CVE + * Issue 3555 - UI - fix audit issue with npm nanoid + * Issue 4299 - UI - Add ACI editing features + * Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality + * Issue 5127 - run restorecon on /dev/shm at server startup + * Issue 5124 - dscontainer fails to create an instance + * Issue 4312 - fix compiler warning + * Issue 5115 - AttributeError: type object 'build_manpages' has no attribute 'build_manpages' + +------------------------------------------------------------------- +Mon Jan 10 05:24:08 UTC 2022 - William Brown + +- Resolve boo#1194068 by adding required schema +- Add missing support utils plugin + +------------------------------------------------------------------- +Mon Jan 10 05:20:23 UTC 2022 - william.brown@suse.com + +- Update to version 2.0.11~git13.e14935725: + * Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094) + * Issue 5079 - BUG - multiple ways to specific primary (#5087) + * Issue 4992 - BUG - slapd.socket container fix (#4993) + * Issue 5037 - in OpenQA changelog trimming can crashes (#5070) + * Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality + * Issue 4962 - Fix various UI bugs - Database and Backups (#5044) + * Issue 5046 - BUG - update concread (#5047) + * Issue 5043 - BUG - Result must be used compiler warning (#5045) + * Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections + * Issue 4931 - RFE: dsidm - add creation of service accounts + * Issue 5024 - BUG - windows ro replica sigsegv (#5027) + * Issue 5020 - BUG - improve clarity of posix win sync logging (#5021) + * Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009) + * Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016) + * Issue 5014 - UI - Add group creation to LDAP editor + * Issue 5006 - UI - LDAP editor tree not being properly updated + * Issue 5001 - Update CI test for new availableSASLMechs attribute + * Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail. + * Issue 5001 - Fix next round of UI bugs: + * Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000) + * Issue 4978 - use more portable python command for checking containers + * Issue 4678 - RFE automatique disable of virtual attribute checking (#4918) + * Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981) + * Issue 4978 - make installer robust + * Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import + * Issue 4973 - update snmp to use /run/dirsrv for PID file + * Issue 4962 - Fix various UI bugs - Plugins (#4969) + * Issue 4973 - installer changes permissions on /run + * Issue 4092 - systemd-tmpfiles warnings + * Issue 4956 - Automember allows invalid regex, and does not log proper error + * Issue 4731 - Promoting/demoting a replica can crash the server + * Issue 4962 - Fix various UI bugs part 1 + * Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949) + * Issue 4943 - Fix csn generator to limit time skew drift (#4946) + * Issue 2790 - Set db home directory by default + * Bump github contianer shm size to 4 gigs + * Issue 4299 - Merge LDAP editor code into Cockpit UI + * Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace + * Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922) + * Issue 4847 - BUG - potential deadlock in replica (#4936) + * Issue 4513 - fix ACI CI tests involving ip/hostname rules + * Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926) + * Issue 4916 - Memory leak in ldap-agent + +------------------------------------------------------------------- +Mon Nov 29 00:23:51 UTC 2021 - William Brown + +- jsc#SLE-22962 - submit 2.x version in preparation for BDB to LMDB transition +- Add missing dependency on iproute2 for lib389 +- Update to version 2.0.10~git0.21dd2802c: + * Bump version to 2.0.10 + * Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.) + * Issue 4912 - Account Policy plugin does not set the config entry DN + * Issue 4863 - typoes in logconv.pl + * Issue 4796 - Add support for nsslapd-state to CLI & UI + * Issue 4894 - IPA failure in ipa user-del --preserve (#4907) + * Issue 4912 - dsidm command crashing when account policy plugin is enabled + * Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index + * Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks + * Issue 4887 - UI - fix minor regression from camelCase fixup + * Bump version to 2.0.9 + * Issue 4887 - UI - Update webpack.config.js and package.json + * Issue 4149 - UI - Migrate the remaining components to PF4 + * Issue 4875 - CLI - Add some verbosity to installer + * Issue 4884 - server crashes when dnaInterval attribute is set to zero +- Update to version 2.0.8~git0.553f26c87: + * Bump version to 2.0.8 + * Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878) + * Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876) + * Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867) + * Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871) + * Issue 4736 - lib389 - fix regression in certutil error checking + * Issue 4861 - Improve instructions in custom.conf for memory leak detection + * Issue 4859 - Don't version libns-dshttpd + * Issue 4169 - Migrate Replication & Schema tabs to PF4 + * Issue 4623 - RFE - Monitor the current DB locks ( nsslapd-db-current-locks ) + * Issue 4736 - CLI - Errors from certutil are not propagated + * Issue 4460 - Fix isLocal and TLS paths discovery (#4850) + * Issue 4848 - Force to require nss version greater or equal as the version available at the build time + * Issue - 4696 - Password hash upgrade on bind (#4840) + * Bump version to 2.0.7 + * Issue 4443 - Internal unindexed searches in syncrepl/retro changelog + * Issue 4603 - Reindexing a single backend (#4831) + * Issue 4169 - UI - migrate Server Tab forms to PF4 + * Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819) + * Issue 4820 - RFE - control flow integrity (#4821) + * Issue 4706 - negative wtime for compare operations (#4780) + * Issue 4414 - SIGFPE crash in rhds disk monitoring routine (#4829) + * Issue 4262 - Fix Index out of bound in fractional test (#4828) + * Issue 4826 - Filter argparse-manpage from autogenerated requires + * Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823) + * Issue 2820 - Fix CI test suite issues + * Bump version to 2.0.6 +- Remove unneeded shadow dependency, no longer required due to + systemd-sysusers +- Update to version 2.0.6~git0.d81dc6c90: + * Bump version to 2.0.6 + * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions + * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810) + * Issue 4169 - UI - Migrate Typeaheads to PF4 (#4808) + * Issue 4414 - disk monitoring - prevent division by zero crash + * Issue 4788 - CLI should support Temporary Password Rules attributes (#4793) + * Issue 4656 - Fix replication plugin rename dependency issues + * Issue 4656 - replication name change upgrade code causes crash with dynamic plugins + * Issue 4506 - Improve SASL logging + * Issue 4709 - Fix double free in dbscan + * Issue 4093 - Fix MEP test case + * Issue 4747 - Remove unstable/unstatus tests (followup) (#4809) + * Issue 4791 - Missing dependency for RetroCL RFE (#4792) + * Issue 4794 - BUG - don't capture container output (#4798) + * Issue 4593 - Log an additional message if the server certificate nickname doesn't match nsSSLPersonalitySSL value + * Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799) + * Issue 4169 - UI Migrate checkbox to PF4 (#4769) + * Issue 4447 - Crash when the Referential Integrity log is manually edited + * Issue 4773 - Add CI test for DNA interval assignment + * Issue 4789 - Temporary password rules are not enforce with local password policy (#4790) + * Issue 4379 - fixing regression in test_info_disclosure + * Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service + * Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service + * Issue 4575 Update test docstrings metadata + * Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream + * removed the snmp_present() from utils.py as we have get_rpm_version() in conftest.py + * Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream +- Fix requires as openssl cli is required by 389-ds now. +- Add now working CONFIG parameter to sysusers generator +- Update to version 2.0.5~git0.607bfbf16: + * Bump version to 2.0.5 + * Issue 4778 - RFE - Allow setting TOD for db compaction and add task + * Issue 4169 - UI - Port plugin tables to PF4 + * Issue 4656 - Allow backward compatilbity for replication plugin name change + * Issue 4764 - replicated operation sometime checks ACI (#4783) + * Issue 2820 - Fix CI test suite issues + * Issue 4781 - There are some typos in man-pages + * Issue 4773 - Enable interval feature of DNA plugin + * Issue 4623 - RFE - Monitor the current DB locks (#4762) + * Issue 3555 - Fix UI audit issue + * Issue 4725 - Fix compiler warnings + * Issue 4770 - Lower FIPS logging severity + * Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766) + * Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727) + * Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748) + * Issue 4759 - Fix coverity issue (#4760) + * Issue 4169 - UI - Migrate Buttons to PF4 (#4745) + * Issue 4714 - dscontainer fails with rootless podman + * Issue 4750 - Fix compiler warning in retrocl (#4751) + * Issue 4742 - UI - should always use LDAPI path when calling CLI + * Issue 4169 - UI - Migrate Server, Security, and Schema tables to PF4 + * Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732) + * Issue 4701 - RFE - Exclude attributes from retro changelog (#4723) + * Issue 4740 - Fix CI lib389 userPwdPolicy and subtreePwdPolicy (#4741) + * Issue 4711 - SIGSEV with sync_repl (#4738) + * Issue 4734 - import of entry with no parent warning (#4735) + * Issue 4729 - GitHub Actions fails to run pytest tests + * Issue 4656 - Remove problematic language from source code + * Issue 4632 - dscontainer: SyntaxWarning: "is" with a literal. + * Issue 4169 - UI - migrate replication tables to PF4 + * Issue 4637 - ndn cache leak (#4724) + * Issue 4577 - Fix ASAN flags in specfile + * Issue 4169 - UI - PF4 migration - database tables + * issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan (#4709) +- Recommend openssl(cli) by lib389: admin tools like dscreate can + call out to /usr/bin/openssl to manage certificates. As the admin + could decide to manage the certificates differently, we only + recommend openssl here. +- Update to version 389-ds-base-2.0.4~git0.7f6ba5a37: + * Bump version to 2.0.4 + * Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (#4715) + * Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4713) + * Issue 4700 - Regression in winsync replication agreement (#4712) + * Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4710) + * Issue 4169 - UI - migrate monitor tables to PF4 + * issue 4585 - backend redesign phase 3c - dbregion test removal (#4665) + * Issue 2736 - remove remaining perl references + * Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736 + * Issue 4706 - negative wtime in access log for CMP operations + * Issue 3585 - LDAP server returning controltype in different sequence + * Issue 4127 - With Accounts/Account module delete fuction is not working (#4697) + * Issue 4666 - BUG - cb_ping_farm can fail with anonymous binds disabled (#4669) + * Issue 4671 - UI - Fix browser crashes + * Issue 4169 - UI - Add PF4 charts for server stats + * Issue 4648 - Fix some issues and improvement around CI tests (#4651) + * Issue 4654 Updates to tickets/ticket48234_test.py (#4654) + * Issue 4229 - Fix Rust linking + * Issue 4673 - Update Rust crates + * Issue 4658 - monitor - connection start date is incorrect + * Issue 4169 - UI - migrate modals to PF4 + * Issue 4656 - remove problematic language from ds-replcheck + * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down + * Issue 4656 - Remove problematic language from UI/CLI/lib389 + * Issue 4661 - RFE - allow importing openldap schemas (#4662) + * Issue 4659 - restart after openldap migration to enable plugins (#4660) + * Merge pull request #4664 from mreynolds389/issue4663 + * issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622) + * Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645) + * Issue 4646 - CLI/UI - revise DNA plugin management + * Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647) + * Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652) + * Issue 4169 - UI - Migrate alerts to PF4 + * Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection + * Issue 4595 - Paged search lookthroughlimit bug (#4602) + * Issue 4169 - UI - port charts to PF4 + * Issue 2820 - Fix CI test suite issues + * Issue 4513 - CI - make acl ip address tests more robust + * Bump version to 2.0.3 + * Issue 4619 - remove pytest requirement from lib389 + * Issue 4615 - log message when psearch first exceeds max threads per conn + * Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618) + * Issue 4324 - Some architectures the cache line size file does not exist + * Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614) + * Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm + * Update dscontainer (#4564) + * Issue 4149 - UI - port TreeView and opther components to PF4 + * Issue 4577 - Add GitHub actions + * Issue 4591 - RFE - improve openldap_to_ds help and features (#4607) + * issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613) + * Issue 4609 - CVE - info disclosure when authenticating + * Issue 4348 - Add tests for dsidm + * Issue 4571 - Stale libdb-utils dependency + * Issue 4600 - performance modify rate: reduce lock contention on the object extension factory (#4601) + * Issue 4577 - Add GitHub actions + * Issue 4588 - BUG - unable to compile without xcrypt (#4589) + * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) + * Issue 4581 - A failed re-indexing leaves the database in broken state (#4582) + * Issue 4348 - Add tests for dsidm + * Issue 4577 - Add GitHub actions + * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) + * Issue 4093 - fix compiler warnings and update doxygen + * Issue 4575 - Update test docstrings metadata + * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) + * Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569) + * Issue 4513 - Add DS version check to SSL version test (#4570) + * Issue 5442 - Search results are different between RHDS10 and RHDS11 + * Issue 4396 - Minor memory leak in backend (#4558) + * Revert "Update metadata for customerscenario in test docstring" + * Update metadata for customerscenario in test docstring + * Issue 4513 - Fix replication CI test failures (#4557) + * Issue 4513 - Fix replication CI test failures (#4557) + * Issue 4153 - Added a CI test (#4556) + * Issue 4506 - BUG - fix oob alloc for fds (#4555) + * Issue 4548 - CLI - dsconf needs better root DN access control plugin validation + * Issue 4506 - Temporary fix for io issues (#4516) + * Issue 4535 - lib389 - Fix log function in backends.py + * Issue 4534 - libasan read buffer overflow in filtercmp (#4541) + * Issue 4544 - Compiler warnings on krb5 functions (#4545) + * Update rpm.mk for RUST tarballs +- small spec cleanup +- As there is no python-* package, the direct use of singlespec + seems unapplicable. So do not build for all python3.x flavors, + but only for the main one: + + Use releavant %python3_ macros. + + Do not use %python_module, as this pulls in all python + versions. +- Update to version 2.0.2~git0.6d17ca7df: + * Bump version to 2.0.2 + * Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540) + * Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529) + * Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated + * Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523) + * Issue 4513 - CI Tests - fix test failures + * Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533) + * Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt + * Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527) + * Issue 4506 - BUG - Fix bounds on fd table population (#4520) + * Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525) + * Issue 4219 - Log internal unindexed searches (notes=A) + * Issue 4384 - Separate eventq into REALTIME and MONOTONIC + * Issue 4381 - RFE - LDAPI authentication DN rewritter + * Issue 4513 - Fix schema test and lib389 task module (#4514) + * Issue 4414 - disk monitoring - prevent division by zero crash + * Issue 4517 - BUG: Multiple systemd pin warnings (#4518) + * Issue 4507 - Improve csngen testing task (#4508) + * Issue 4498 - BUG - entryuuid replication may not work (#4503) + * Issue 4480 - Unexpected info returned to ldap request (#4491) + * Issue #4504 - Fix pytest test_dsconf_replication_monitor (#4505) + * Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502) + * Merge pull request #4501 from mreynolds389/issue4500 + * Issue 4272 RFE - add support for gost-yescrypt for hashing passwords (#4497) + * Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481) + * Issue 3522 - Remove DES to AES conversion code + * Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493) + * Issue 4373 - BUG - calloc of size 0 in MT build (#4496) + * Issue 4483 - heap-use-after-free in slapi_be_getsuffix + * Issue 4486 - Remove random ldif file generation from import test (#4487) + * Issue 4224 - cleanup specfile after libsds removal + * Issue 4421 - Unable to build with Rust enabled in closed environment + * Issue 4489 - Remove return statement from a void function (#4490) + * Issue 4229 - RFE - Improve rust linking and build performance (#4474) + * Ticket 4224 - openldap can become confused with entryuuid + * Ticket 4313 - improve tests and improve readme re refdel + * Ticket 4313 - fix potential syncrepl data corruption + * Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476) + * Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475) + * Issue 4315: performance search rate: nagle triggers high rate of setsocketopt (#4437) + * Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472) + * Issue 4446 RFE - openldap password hashers + * Issue 4284 - dsidm fails to delete an organizationalUnit entry + * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466) + * Issue 4464 - RFE - clang with ds+asan+rust + * Issue 4105 - Remove python.six (fix regression) + * Issue 4384 - Use MONOTONIC clock for all timing events and conditions + * Issue 4418 - ldif2db - offline. Warn the user of skipped entries + * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467) + * Issue 4460 - BUG - lib389 should use system tls policy + * Issue 3657 - Add options to dsctl for dsrc file + * Issue 4454 - RFE - fix version numbers to allow object caching + * Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set + * Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439) + * Issue 4112 - Added a CI test (#4441) + * Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451) + * Issue 4105 - Remove python.six from lib389 (#4456) + * Fix pytest test collection + * Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444) + * Issue 4410 RFE - ndn cache with arc in rust + * Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid + * Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining + * Issue 4428 - Paged Results with Chaining Test Case + * do not add referrals for masters with different data generation #2054 (#4427) + * Issue 4383 - Do not normalize escaped spaces in a DN + * Issue 4432 - After a failed online import the next imports are very slow + * Issue 4316 - performance search rate: useless poll on network send callback (#4424) + * Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked' + * Issue 4429 - NULL dereference in revert_cache() + * Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422) + * Issue 4407 RFE - remove http client and presence plugin (#4409) + * build problems at alpine linux + * Issue 4415 - unable to query schema if there are extra parenthesis +- Rust is a hard-requirement of 2.0.0 series, so enable-rust flags removed +- Perl has been completly removed in 2.0.0, enable-perl removed and lib389 + is the default. Perl tools have not been included in SUSE since 1.4.1.x +- Update to version 2.0.1~git0.b557f5daa: + * Bump version to 2.0.1 + * Issue 4420 - change NVR to use X.X.X instead of X.X.X.X + * Issue 4391 - DSE config modify does not call be_postop (#4394) + * Issue 4218 - Verify the new wtime and optime access log keywords (#4397) + * Issue 4176 - CL trimming causes high CPU + * ticket 2058: Add keep alive entry after on-line initialization - second version (#4399) + * Issue 4403 RFE - OpenLDAP pw hash migration tests (#4408) + * Bump version to 2.0.0 + +------------------------------------------------------------------- +Tue Sep 21 00:56:43 UTC 2021 - wbrown@suse.de + +- Update to version 1.4.4.17~git0.5e1e392ae: + * Bump version to 1.4.4.17 + * Issue 4927 - rebase lib389 and cockpit in 1.4.4 + * Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.) + * Issue 4912 - Account Policy plugin does not set the config entry DN + * Issue 4796 - Add support for nsslapd-state to CLI & UI + * Issue 4894 - IPA failure in ipa user-del --preserve (#4907) + * Issue 4169 - backport lib389 cert list fix + * Issue 4912 - dsidm command crashing when account policy plugin is enabled + * Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index + * Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks + +------------------------------------------------------------------- +Fri Jul 09 04:16:10 UTC 2021 - wbrown@suse.de + +- bsc#1188151 - Update to 1.4.4.16 patch release +- bsc#1188455 - CVE-2021-3652 - fix crypt handling of locked accounts +- Update to version 389dsbase1.4.4.16~git16.c1926dfc6: + * Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819) + * Issue 4656 - (2nd) Remove problematic language from UI/CLI/lib389 + * Issue 4262 - Fix Index out of bound in fractional test (#4828) + * Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823) + * Issue 4656 - remove problematic language from ds-replcheck + * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions + * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810) + * Issue 4788 - CLI should support Temporary Password Rules attributes (#4793) + * Issue 4506 - Improve SASL logging + * Issue 4093 - Fix MEP test case + * Issue 4747 - Remove unstable/unstatus tests (followup) (#4809) + * Issue 4789 - Temporary password rules are not enforce with local password policy (#4790) + * Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799) + * Issue 4447 - Crash when the Referential Integrity log is manually edited + * Issue 4773 - Add CI test for DNA interval assignment + * Issue 4750 - Fix compiler warning in retrocl (#4751) + +------------------------------------------------------------------- +Fri Jul 09 04:11:01 UTC 2021 - wbrown@suse.de + +- Update to version 1.4.4.16~git0.3d31c6c71: + * Bump version to 1.4.4.16 + * Update npm packages + * Issue 4719 - lib389 - fix dsconf passthrough auth bugs + * Issue 4778 - RFE - Allow setting TOD for db compaction and add task + * Issue 4764 - replicated operation sometime checks ACI (#4783) + * Issue 4623 - RFE - Monitor the current DB locks (#4762) + * Issue 4781 - There are some typos in man-pages + * Issue 4773 - Enable interval feature of DNA plugin + * Issue 3555 - Fix UI audit issue + * Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748) + +------------------------------------------------------------------- +Thu Apr 8 02:37:31 UTC 2021 - William Brown + +- bsc#1184476 - Add supportconfig utility for customer services to capture + 389-ds support information. + +------------------------------------------------------------------- +Thu Apr 08 01:43:57 UTC 2021 - wbrown@suse.de + +- Update to version 1.4.4.14~git0.37dc95673: + * Bump version to 1.4.4.14 + * Issue 4671 - UI - Fix browser crashes + * Issue 4229 - Fix Rust linking + * Issue 4658 - monitor - connection start date is incorrect + * Issue 4656 - Make replication CLI backwards compatible with role name change + * Issue 4656 - Remove problematic language from UI/CLI/lib389 + * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down + * Issue 4661 - RFE - allow importing openldap schemas (#4662) + * Issue 4659 - restart after openldap migration to enable plugins (#4660) + * Issue 4663 - CLI - unable to add objectclass/attribute without x-origin + +------------------------------------------------------------------- +Tue Mar 30 00:34:44 UTC 2021 - wbrown@suse.de + +- bsc#1184142 - restart after openldap migration so that plugins can correctly + perform data fix ups. +- Update to version 1.4.4.14~git0.37dc95673: + * Bump version to 1.4.4.14 + * Issue 4671 - UI - Fix browser crashes + * Issue 4229 - Fix Rust linking + * Issue 4658 - monitor - connection start date is incorrect + * Issue 4656 - Make replication CLI backwards compatible with role name change + * Issue 4656 - Remove problematic language from UI/CLI/lib389 + * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down + * Issue 4661 - RFE - allow importing openldap schemas (#4662) + * Issue 4659 - restart after openldap migration to enable plugins (#4660) + * Issue 4663 - CLI - unable to add objectclass/attribute without x-origin + +------------------------------------------------------------------- +Mon Feb 15 00:11:38 UTC 2021 - wbrown@suse.de + +- Update to version 389-ds-base-1.4.4.13~git0.6841d693f: + * Bump version to 1.4.4.13 + * Update dscontainer (#4564) + * Issue 4591 - RFE - improve openldap_to_ds help and features (#4607) + * Issue 4324 - Some architectures the cache line size file does not exist + * Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614) + * Issue 4609 - CVE - info disclosure when authenticating + * Bump version to 1.4.4.12 + * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) + * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) + * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) + +------------------------------------------------------------------- +Wed Feb 03 02:01:39 UTC 2021 - wbrown@suse.de + +- Update to version 1.4.4.12~git0.7b681e1da: + * Bump version to 1.4.4.12 + * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) + * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) + * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) + * Issue 4396 - Minor memory leak in backend (#4558) (#4572) + * Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569) + * Issue 5442 - Search results are different between RHDS10 and RHDS11 + * Bump version to 1.4.4.11 + * Issue 4548 - CLI - dsconf needs better root DN access control plugin validation + * Issue 4513 - Fix schema test and lib389 task module (#4514) + +------------------------------------------------------------------- +Mon Jan 18 01:06:59 UTC 2021 - wbrown@suse.de + +- Upstream fix for bsc#1180847 - openldap_to_ds can fail if the + backend has no overlays or indexes. +- Remove patches now merged upstream. + * 0001-Ticket-51260-fix-potential-syncrepl-data-corruption.patch + * 0002-Ticket-51260-improve-tests-and-improve-readme-re-ref.patch + * 0003-Ticket-4224-openldap-can-become-confused-with-entryu.patch + * 0004-Issue-4410-RFE-ndn-cache-with-arc-in-rust.patch + * 0005-Issue-4403-RFE-OpenLDAP-pw-hash-migration-tests-4408.patch + * 0006-Issue-4446-RFE-openldap-password-hashers.patch + * 0007-Issue-4464-RFE-clang-with-ds-asan-rust.patch + * 0008-Issue-4229-RFE-Improve-rust-linking-and-build-perfor.patch +- Update to version 1.4.4.10~git0.ebdf25251: + * Bump version to 1.4.4.10 + * Issue 4418 - fix cherry-pick error + * Issue 4381 - RFE - LDAPI authentication DN rewritter + * Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540) + * Issue 4513 - CI Tests - fix test failures + * Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529) + * Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated + * Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533) + * Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527) + * Issue 4506 - BUG - Fix bounds on fd table population (#4520) + +------------------------------------------------------------------- +Tue Dec 01 02:50:05 UTC 2020 - wbrown@suse.de + +- Lib389 is a hard requirement in 1.4.4, and perl has been completely + removed. Reflect this in our spec file. +- Add rebased patches for SUSE Feature Completion: jsc#SLE-11501 + * 0001-Ticket-51260-fix-potential-syncrepl-data-corruption.patch + * 0002-Ticket-51260-improve-tests-and-improve-readme-re-ref.patch + * 0003-Ticket-4224-openldap-can-become-confused-with-entryu.patch + * 0004-Issue-4410-RFE-ndn-cache-with-arc-in-rust.patch + * 0005-Issue-4403-RFE-OpenLDAP-pw-hash-migration-tests-4408.patch + * 0006-Issue-4446-RFE-openldap-password-hashers.patch + * 0007-Issue-4464-RFE-clang-with-ds-asan-rust.patch + * 0008-Issue-4229-RFE-Improve-rust-linking-and-build-perfor.patch +- Update to version 1.4.4.9~git0.b09e60339: + * Bump version to 1.4.4.9 + * Issue 4105 - Remove python.six (fix regression) + * Issue 4384 - Use MONOTONIC clock for all timing events and conditions + * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467) + * Issue 4460 - BUG - lib389 should use system tls policy + * Issue 3657 - Add options to dsctl for dsrc file + * Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set + * Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439) + * Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451) + * Issue 4105 - Remove python.six from lib389 (#4456) + +------------------------------------------------------------------- +Thu Nov 12 03:47:16 UTC 2020 - wbrown@suse.de + +- Update to version 1.4.4.8~git0.bf454ad07: + * Bump version to 1.4.4.8 + * Issue 4415 - unable to query schema if there are extra parenthesis + * Issue 4176 - CL trimming causes high CPU + * Bump version to 1.4.4.7 + * Issue 2526 - revert backend validation check + * Issue 4262 - more perl removal cleanup + * Issue 2526 - retrocl backend created out of order + * Bump version to 1.4.4.6 + * Issue 4262 - Remove legacy tools subpackage (final cleanup) + * Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install) + +------------------------------------------------------------------- +Thu Oct 08 23:20:32 UTC 2020 - william.brown@suse.com + +- Update to version 1.4.4.4~git0.318a3ce0c: + * Bump version to 1.4.4.4 + * Ticket 51175 - resolve plugin name leaking + * Issue 51187 - UI - stop importing Cockpit's PF css + * Issue 51192 - Add option to reject internal unindexed searches + * Issue 50840 - Fix test docstrings metadata-1 + * Issue 50840 - Fix test docstrings metadata + * Ticket 50980 - fix foo_filter_rewrite + * Issue 51165 - add more logconv stats for the new access log keywords + * Issue 50928 - Unable to create a suffix with countryName either via dscreate or the admin console + * Issue 51188 - db2ldif crashes when LDIF file can't be accessed + * Issue 50545 - Port remaining legacy tools to new python CLI + * Issue 51165 - add new access log keywords for wtime and optime + * Issue : 49761 - Fix CI test suite issues ( Port remaning acceptance test suit part 1) + * Issue: 51070 - Port Import TET module to python3 part2 + * Issue:51142 - Port manage Entry TET suit to python 3 part 1 + * Issue: 50860 - Port Password Policy test cases from TET to python3 final + * Issue 50696 - Fix Allowed and Denied Ciphers lists - WebUI + * Issue 51169 - UI - attr uniqueness - selecting empty subtree crashes cockpit + * Issue 49256 - log warning when thread number is very different from autotuned value + * Issue 51157 - Reindex task may create abandoned index file + * Issue 50873 - Fix issues with healthcheck tool + * Issue:50860 - Port Password Policy test cases from TET to python3 part2 + * Issue 51166 - Log an error when a search is fully unindexed + * Ticket 50544 - OpenLDAP syncrepl compatability + * Ticket 51161 - fix SLE15.2 install issps + * Issue 49999 - rpm.mk build-cockpit should clean cockpit_dist first + * Issue 51144 - dsctl fails with instance names that contain slapd- + * Issue 51155 - Fix OID for sambaConfig objectclass + * Ticket 51159 - dsidm ou delete fails + * Issue 50984 - Memory leaks in disk monitoring + * Ticket 51131 - improve mutex alloc in conntable + * Issue 49761 - Fix CI tests + * Ticket 49859 - A distinguished value can be missing in an entry + * Issue 50791 - Healthcheck should look for notes=A/F in access log + * Issue 51072 - Set the default minimum worker threads + * Ticket 51140 - missing ifdef + * Issue 50912 - pwdReset can be modified by a user + * Issue 50781 - Make building cockpit plugin optional + * Issue 51100 - Correct numSubordinates value for cn=monitor + * Issue 51136 - dsctl and dsidm do not errors correctly when using JSON + * Ticket 137 - fix compiler warning + * Issue 50781 - Make building cockpit plugin optional + * Issue 51132 - Winsync setting winSyncWindowsFilter not working as expected + * Ticket 51034 - labeledURIObject + * Issue 50545 - Port remaining legacy tools to new python CLI + * Issue 50889 - Extract pem files into a private namespace + * Ticket 137 - Implement EntryUUID plugin + * Ticket 51072 - improve autotune defaults + * Ticket 51115 - enable samba3.ldif by default + * Issue 51118 - UI - improve modal validation when creating an instance + * Issue 50746 - Add option to healthcheck to list all the lint reports + * Bump version to 1.4.4.3 + * Issue 50931 - RFE AD filter rewriter for ObjectCategory + * Issue: 50860 - Port Password Policy test cases from TET to python3 part1 + * Issue 51113 - Allow using uid for replication manager entry + * Issue 51095 - abort operation if CSN can not be generated + * Issue 51110 - Fix ASAN ODR warnings + * Issue 49850 -ldbm_get_nonleaf_ids() painfully slow for databases with many non-leaf entries + * Issue 51102 - RFE - ds-replcheck - make online timeout configurable + * Issue 51076 - remove unnecessary slapi entry dups + * Issue 51086 - Improve dscreate instance name validation + * Issue:51070 - Port Import TET module to python3 part1 + * Ticket 51037 - compiler warning + * Ticket 50989 - ignore pid when it is ourself in protect_db + * Ticket 51037 - RFE AD filter rewriter for ObjectSID + * Issue 50499 - Fix some npm audit issues + * Issue 51091 - healthcheck json report fails when mapping tree is deleted + * Ticket 51079 - container pid start and stop issues + * Revert "Issue 51017 - Implement dynamic ds/bz pytest markers" + * Issue 49761 - Fix CI tests + * Issue 50610 - Fix return code when it's nothing to free + * Issue 50610 - memory leaks in dbscan and changelog encryption + * Issue 51076 - prevent unnecessarily duplication of the target entry + * Issue 50940 - Permissions of some shipped directories may change over time + * Issue 50873 - Fix issues with healthcheck tool + * Issue 51017 - Implement dynamic ds/bz pytest markers + * Ticket 51082 - abort when a empty valueset is freed + * Issue:CI test - automember_plugin (Long Duration test) + * Issue 50201 - nsIndexIDListScanLimit accepts any value + * Bump version to 1.4.4.2 + * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema + * Issue 51054 - Revise ACI target syntax checking + * Ticket 51068 - deadlock when updating the schema + * Issue 51042 - try to use both c_rehash and openssl rehash + * Issue 51042 - switch from c_rehash to openssl rehash + * Issue 50992 - Bump jemalloc version and enable profiling + * Issue 51060 - unable to set sslVersionMin to TLS1.0 + * Issue 51064 - Unable to install server where IPv6 is disabled + * Issue 51051 - CLI fix consistency issues with confirmations + * Issue 50655 - etime displayed has an order of magnitude 10 times smaller than it should be + * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now + * Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev + * Issue 49761 - Fix CI tests + * Issue 51047 - React deprecating ComponentWillMount + * Issue 50499 - fix npm audit issues + * Issue 50545 - Port dbgen.pl to dsctl + * Issue 51027 - Test passwordHistory is not rewritten on a fail attempt + * Bump version to 1.4.4.1 + * Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins + * Ticket 50877 - task to run tests of csn generator + * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now + * Issue: 48055 - CI test - automember_plugin(part3) + * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1 + * Issue 51031 UI - transition between two instances needs improvement + * Bump version to 1.4.4 + +------------------------------------------------------------------- +Sun Aug 02 23:52:12 UTC 2020 - william.brown@suse.com + +- Update to version 1.4.3.12~git0.9bc042902: + * Bump version to 1.4.3.12 + * Issue 51222 - It should not be allowed to delete Managed Entry manually + * Issue 51129 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version + * Issue 51086 - Fix instance name length for interactive install + * Issue 51136 - JSON Error output has redundant messages + * Issue 51059 - If dbhome directory is set online backup fails + * Issue 51000 - Separate the BDB backend monitors + * Issue 49300 - entryUSN is duplicated after memberOf operation + * Issue 50984 - Fix disk_mon_check_diskspace types + +------------------------------------------------------------------- +Wed Jul 15 04:10:48 UTC 2020 - william.brown@suse.com + +- Remove patch that is now included in latest release: + 0001-Ticket-51161-fix-SLE15.2-install-issps.patch +- Resolve bsc#1174057 upstream stability and fix rollup. +- Update to version 1.4.3.11~git0.82796f172: + * Bump version to 1.4.3.11 + * Issue 51192 - Add option to reject internal unindexed searches + * Ticket 51159 - dsidm ou delete fails + * Issue 51165 - add more logconv stats for the new access log keywords + * Issue 51188 - db2ldif crashes when LDIF file can't be accessed + * Issue 51165 - add new access log keywords for wtime and optime + * Issue 50696 - Fix Allowed and Denied Ciphers lists - WebUI + * Issue 51169 - UI - attr uniqueness - selecting empty subtree crashes cockpit + * Issue 49256 - log warning when thread number is very different from autotuned value + * Issue 51157 - Reindex task may create abandoned index file + * Issue 51166 - Log an error when a search is fully unindexed + * Ticket 51161 - fix SLE15.2 install issps + * Issue 51144 - dsctl fails with instance names that contain slapd- + * Issue 50984 - Memory leaks in disk monitoring + * Issue 50201 - nsIndexIDListScanLimit accepts any value + * Bump version to 1.4.3.10 + * Ticket 49859 - A distinguished value can be missing in an entry + * Issue 50791 - Healthcheck should look for notes=A/F in access log + * Issue 51072 - Set the default minimum worker threads + * Issue 50912 - pwdReset can be modified by a user + * Issue 51100 - Correct numSubordinates value for cn=monitor + * Issue 51136 - dsctl and dsidm do not errors correctly when using JSON + * Issue 51132 - Winsync setting winSyncWindowsFilter not working as expected + * Ticket 51072 - improve autotune defaults + * Issue 50746 - Add option to healthcheck to list all the lint reports + * Issue 51118 - UI - improve modal validation when creating an instance + +------------------------------------------------------------------- +Fri Jun 19 01:56:49 UTC 2020 - William Brown + +- Add 0001-Ticket-51161-fix-SLE15.2-install-issps.patch to resolve bsc#1172328 + This corrects a failure to install on SUSE due to incorrect hostname + generation, and a python 3 utf8 issue that is triggered by systemd. + +------------------------------------------------------------------- +Mon Jun 01 01:10:10 UTC 2020 - william.brown@suse.com + +- Update to version 1.4.3.9~git0.3eb8617f6: + * Bump version to 1.4.3.9 + * Issue 50931 - RFE AD filter rewriter for ObjectCategory + * Issue 51113 - Allow using uid for replication manager entry + * Issue 51095 - abort operation if CSN can not be generated + * Issue 51110 - Fix ASAN ODR warnings + * Issue 51102 - RFE - ds-replcheck - make online timeout configurable + * Issue 51076 - remove unnecessary slapi entry dups + * Issue 51086 - Improve dscreate instance name validation + * Ticket 50989 - ignore pid when it is ourself in protect_db + * Issue 50499 - Fix some npm audit issues + * Issue 51091 - healthcheck json report fails when mapping tree is deleted + * Ticket 51079 - container pid start and stop issues + * Issue 50610 - Fix return code when it's nothing to free + * Ticket 51082 - abort when a empty valueset is freed + * Issue 50610 - memory leaks in dbscan and changelog encryption + * Issue 51076 - prevent unnecessarily duplication of the target entry + * Bump version to 1.4.3.8 + * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema + * Issue 51054 - Revise ACI target syntax checking + * Ticket 51068 - deadlock when updating the schema + * Issue 51060 - unable to set sslVersionMin to TLS1.0 + * Issue 51064 - Unable to install server where IPv6 is disabled + * Issue 51051 - CLI fix consistency issues with confirmations + * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now + * Issue 51054 - AddressSanitizer: heap-buffer-overflow in ldap_utf8prev + * Issue 51047 - React deprecating ComponentWillMount + * Issue 50499 - fix npm audit issues + * Issue 50545 - Port dbgen.pl to dsctl + * Bump version to 1.4.3.7 + * Ticket 51024 - syncrepl_entry callback does not contain attributes added by postoperation plugins + * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1 + * Issue 49731 - undo db_home_dir under /dev/shm/dirsrv for now + * Issue 51031 UI - transition between two instances needs improvement + * Bump version to 1.4.3.6 + * Issue 50933 - 10rfc2307compat.ldif is not ready to set used by default + * Ticket 50931 - RFE AD filter rewriter for ObjectCategory + * Issue 51016 - Fix memory leaks in changelog5_init and perfctrs_init + * Ticket 50980 - RFE extend usability for slapi_compute_add_search_rewriter and slapi_compute_add_evaluator + * Ticket 51008 - dbhome in containers + * Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code + * Ticket 51014 - slapi_pal.c possible static buffer overflow + * Issue 50545 - remove dbmon "incr" option from arg parser + * Issue 50545 - Port dbmon.sh to dsconf + * Issue 51005 - AttributeUniqueness plugin's DN parameter should not have a default value + * Issue 49731 - Fix additional issues with setting db home directory by default + * Issue 50337 - Replace exec() with setattr() + * Ticket 50905 - intermittent SSL hang with rhds + * Issue 50952 - SSCA lacks basicConstraint:CA + * Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given + * Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value + * Bump version to 1.4.3.5 + * Issue 50994 - Fix latest UI bugs found by QE + * Ticket 50933 - rfc2307compat.ldif + * Issue 50337 - Replace exec() with setattr() + * Issue 50984 - Memory leaks in disk monitoring + * Issue 50984 - Memory leaks in disk monitoring + * Issue 49731 - dscreate fails in silent mode because of db_home_dir + * Issue 50975 - Revise UI branding with new minimized build + * Issue 49437 - Fix memory leak with indirect COS + * Issue 49731 - Do not add db_home_dir to template-dse.ldif + * Issue 49731 - set and use db_home_directory by default + * Ticket 50971 - fix BSD_SOURCE + * -n option of dbverify does not work + * Issue 50952- SSCA lacks basicConstraint:CA + * Issue 50976 - Clean up Web UI source directory from unused files + * Issue 50955 - Fix memory leaks in chaining plugin(part 2) + * Issue 50966 - UI - Database indexes not using typeAhead correctly + * Issue 50974 - UI - wrong title in "Delete Suffix" popup + * Issue 50972 - Fix cockpit plugin build + * Issue 49761 - Fix CI test suite issues + * Issue 50971 - Support building on FreeBSD. + * Issue 50960 - [RFE] Advance options in RHDS Disk Monitoring Framework + * Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted + * Issue 50963 - We should bundle *.min.js files of Console + * Issue: 50860 - Port Password Policy test cases from TET to python3 Password grace limit section. + * Issue: 50860 - Port Password Policy test cases from TET to python3 series of bugs Port final + * Issue 50954 - buildnum.py - fix date formatting issue + * Bump version to 1.4.3.4 + * Issue 50954 - Port buildnum.pl to python(part 2) + * Issue 50955 - Fix memory leaks in chaining plugin + * Issue 50954 - Port buildnum.pl to python + * Ticket 50947 - change 00core.ldif objectClasses for openldap migration + * Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory + * Issue 50937 - Update CLI for new backend split configuration + * Issue: 50860 - Port Password Policy test cases from TET to python3 pwp.sh + * Ticket 50945 - givenname alias of gn from openldap + * Ticket 50935 - systemd override in lib389 for dscontainer + * Issue 50499 - Fix npm audit issues + * Issue 49761 - Fix CI test suite issues + * Ticket 50618 - clean compiler warning and log level + * Ticket 50889 - fix compiler issues + * Issue 50884 - Health check tool DSEldif check fails + * Issue 50926 - Remove dual spinner and other UI fixes + * Issue 50928 - Unable to create a suffix with countryName + * Issue 50758 - Only Recommend bash-completion, not Require + * Issue 50923 - Fix a test regression + * Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code + * Issue 50920 - cl-dump exit code is 0 even if command fails with invalid arguments + * Issue 50923 - Add test - dsctl fails to remove instances with dashes in the name + * Issue 50919 - Backend delete fails using dsconf + * Issue 50872 - dsconf can't create GSSAPI replication agreements + * Issue 50912 - RFE - add password policy attribute pwdReset + * Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group + * Ticket 50889 - Extract pem files into a private namespace + * Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before + * Issue: 50686 - Port fractional replication test cases from TET to python3 final + * Issue 49845 - Remove pkgconfig check for libasan + * Issue:50860 - Port Password Policy test cases from TET to python3 bug624080 + * Issue:50860 - Port Password Policy test cases from TET to python3 series of bugs + * Ticket 50786 - connection table freelist + * Ticket 50618 - support cgroupv2 + * Ticket 50900 - Fix cargo offline build + * Ticket 50898 - ldclt core dumped when run with -e genldif option + * Bump version to 1.4.3.3 + * Issue 50855 - remove unused file from UI + * Issue 50855 - UI: Port Server Tab to React + * Issue 49845 - README does not contain complete information on building + * Issue: 50686 - Port fractional replication test cases from TET to python3 part 1 + * Ticket - 49623-cont cenotaph errors on modrdn operations + * Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled + * Issue 50886 - Typo in the replication debug message + * Issue 50873 - Fix healthcheck and virtual attr check + * Issue 50873 - Fix issues with healthcheck tool + * Issue 50028 - Add a new CI test case + * Issue 49946 - Add a new CI test case + * Issue 50117 - Add a new CI test case + * Ticket 50787 - fix implementation of attr unique + * Ticket 50859 - support running only with ldaps socket + * Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name + * Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache + * Issue 50867 - Fix minor buildsys issues + * Issue 50737 - Allow building with rust online without vendoring + * Ticket 50831 add cargo.lock to allow offline builds + * Ticket 50694 - import PEM certs on startup + * Ticket 50857 - Memory leak in ACI using IP subject + * Issue 49761 - Fix CI test suite issues + * Issue 50853 - Fix NULL pointer deref in config setting + * Issue 50850 - Fix dsctl healthcheck for python36 + * Issue 49990 - Need to enforce a hard maximum limit for file descriptors + * Ticket 48707 - ldapssotoken for authentication + * Bump version to 1.4.3.2 + * Issue 49254 - Fix compiler failures and warnings + * Ticket 50741-cont bdb_start - Detected Disorderly Shutdown + * Issue 50836 - Port Schema UI tab to React + * Issue 50842 - Decrease 389-console Cockpit component size + * Ticket 50790 - Add result text when filter is invalid + * Issue 50627 - Add ASAN logs to HTML report + * Issue 50834 - Incorrectly setting the NSS default SSL version max + * Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free + * Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 + * Ticket 50784 - performance testing scripts + * Issue 50599 - Fix memory leak when removing db region files + * Issue 49395 - Set the default TLS version min to TLS1.2 + * Issue 50818 - dsconf pwdpolicy get error + * Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined" + * Issue 50599 - Remove db region files prior to db recovery + * Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/ + * Issue 50816 - dsconf allows the root password to be set to nothing + * Issue 50798 - incorrect bytes in format string(fix import issue) + * Bump version to 1.4.3.1 + * Ticket 50798 - incorrect bytes in format string + * Issue 50545 - Add the new replication monitor functionality to UI + * Issue 50806 - Fix minor issues in lib389 health checks + * Issue: 50690 - Port Password Storage test cases from TET to python3 part 1 + * Issue 49761 - Fix CI test suite issues + * Issue 49761 - Fix CI test suite issues + * Issue 50754 - Add Restore Change Log option to CLI + * Issue: 48055 - CI test - automember_plugin(part2) + * Ticket 50667 - dsctl -l did not respect PREFIX + * Issue 50780 - More CLI fixes + * Ticket 50649 - lib389 without defaults.inf + * Issue 50780 - Fix UI issues + * Ticket 50727 - correct mistaken options in filter validation patch + * Issue 50779 - lib389 - conflict compare fails for DN's with spaces + * Set branch version to 1.4.3.0 + +------------------------------------------------------------------- +Mon Jun 01 00:22:18 UTC 2020 - william.brown@suse.com + +- Remove 0001-Ticket-51014-slapi_pal.c-possible-static-buffer-over.patch + as it is part of 1.4.2.14 +- Update to version 1.4.2.14~git0.5ac5b02ce: + * Bump version to 1.4.2.14 + * Issue 51113 - Allow using uid for replication manager entry + * Issue 51095 - abort operation if CSN can not be generated + * Issue 51110 - Fix ASAN ODR warnings + * Issue 51102 - RFE - ds-replcheck - make online timeout configurable + * Issue 51076 - remove unnecessary slapi entry dups + * Issue 51086 - Improve dscreate instance name validation + * Ticket 50989 - ignore pid when it is ourself in protect_db + * Issue 50499 - Fix some npm audit issues + * Issue 51091 - healthcheck json report fails when mapping tree is deleted + * Ticket 51079 - container pid start and stop issues + * Issue 50610 - Fix return code when it's nothing to free + * Ticket 51082 - abort when a empty valueset is freed + * Issue 50610 - memory leaks in dbscan and changelog encryption + * Issue 51076 - prevent unnecessarily duplication of the target entry + * Issue 50940 - Permissions of some shipped directories may change over time + * Bump version to 1.4.2.13 + * Ticket 50787 - fix implementation of attr unique + * Issue 51078 - Add nsslapd-enable-upgrade-hash to the schema + * Ticket 51068 - deadlock when updating the schema + * Issue 51060 - unable to set sslVersionMin to TLS1.0 + * Issue 51064 - Unable to install server where IPv6 is disabled + * Issue 51051 - CLI fix consistency issues with confirmations + * Issue 51047 - React deprecating ComponentWillMount + * Issue 50499 - fix npm audit issues + * Ticket 51035 - Heavy StartTLS connection load can randomly fail with err=1 + * Issue 51031 UI - transition between two instances needs improvement + * Bump version to 1.4.2.12 + * Issue 50337 - Replace exec() with setattr() + * Issue 50545 - the check for the ds version for the backend config was broken + * Issue 50875 - Refactor passwordUserAttributes's and passwordBadWords's code + * Ticket 51014 - slapi_pal.c possible static buffer overflow + * Issue 50545 - remove dbmon "incr" option from arg parser + * Issue 50545 - Port dbmon.sh to dsconf + * Ticket 50905 - intermittent SSL hang with rhds + * Issue 50952 - SSCA lacks basicConstraint:CA + * Issue 50640 - Database links: get_monitor() takes 1 positional argument but 2 were given + * Issue 50869 - Setting nsslapd-allowed-sasl-mechanisms truncates the value + +------------------------------------------------------------------- +Tue Apr 07 05:27:28 UTC 2020 - 389-ds-maintainer@suse.de + +- Patch rollup as described in bsc#1169364 +- Add rust vendor.tar.gz as a source - rust is still an optional build + and will be enabled in the future. +- Update ns-slapd ownership to remove dirsrv as an owner as dirsrv will + not exist in containers with systemd users. +- Add 0001-Ticket-51014-slapi_pal.c-possible-static-buffer-over.patch to + resolve a warning found in static analysis in OBS (upstream #51014) +- Update to version 1.4.2.11~git0.aff1a2831: + * Bump version to 1.4.2.11 + * Issue 50994 - Fix latest UI bugs found by QE + * Issue 50337 - Replace exec() with setattr() + * Issue 50984 - Memory leaks in disk monitoring + * Issue 50975 - Revise UI branding with new minimized build + * Issue 49437 - Fix memory leak with indirect COS + * Issue 50976 - Clean up Web UI source directory from unused files + * Issue 50744 - -n option of dbverify does not work + * Issue 50952- SSCA lacks basicConstraint:CA + * Bump version to 1.4.2.10 + * Issue 50966 - UI - Database indexes not using typeAhead correctly + * Issue 50974 - UI - wrong title in "Delete Suffix" popup + * Issue 50972 - Fix cockpit plugin build + * Issue 50800 - wildcards in rootdn-allow-ip attribute are not accepted + * Issue 50963 - We should bundle *.min.js files of Console + * Bump version to 1.4.2.9 + * Ticket: 50755 - setting nsslapd-db-home-directory is overriding db_directory + * Issue 50937 - Update CLI for new backend split configuration + * Issue 50499 - Fix npm audit issues + * Issue 50884 - Health check tool DSEldif check fails + * Issue 50926 - Remove dual spinner and other UI fixes + * Issue 49845 - Remove pkgconfig check for libasan + * Issue 50758 - Only Recommend bash-completion, not Require + * Issue 50928 - Unable to create a suffix with countryName + * Issue 50904 - Connect All React Components And Refactor the Main Navigation Tab Code + * Issue 50919 - Backend delete fails using dsconf + * Issue 50872 - dsconf can't create GSSAPI replication agreements + * Ticket 50914 - No error returned when adding an entry matching filters for a non existing automember group + * Issue 50909 - nsDS5ReplicaId cant be set to the old value it had before + * Ticket 50618 - support cgroupv2 + * Ticket 50898 - ldclt core dumped when run with -e genldif option + +------------------------------------------------------------------- +Mon Feb 17 22:37:41 UTC 2020 - 389-ds-maintainer@suse.de + +- Update to version 1.4.2.8~git0.3aaa3e820: + * Bump version to 1.4.2.8 + * Issue 50855 - remove unused file from UI + * Issue 50855 - UI: Port Server Tab to React + * Issue 49845 - README does not contain complete information on building + * Ticket - 49623-cont cenotaph errors on modrdn operations + * Issue 50882 - Fix healthcheck errors for instances that do not have TLS enabled + * Issue 50886 - Typo in the replication debug message + * Issue 50873 - Fix healthcheck and virtual attr check + * Issue 50873 - Fix issues with healthcheck tool + * Ticket 50857 - Memory leak in ACI using IP subject + * Issue 50823 - dsctl doesn't work with 'slapd-' in the instance name + * Ticket 49624 cont - DB Deadlock on modrdn appears to corrupt database and entry cache + * Issue 50850 - Fix dsctl healthcheck for python36 + * Issue 49990 - Need to enforce a hard maximum limit for file descriptors + +------------------------------------------------------------------- +Tue Jan 28 04:11:30 UTC 2020 - 389-ds-maintainer@suse.de + +- Update to version 1.4.2.7~git0.202953d28: + * Bump version to 1.4.2.7 + * Issue 49254 - Fix compiler failures and warnings + * Ticket 50741-cont bdb_start - Detected Disorderly Shutdown + * Issue 50836 - Port Schema UI tab to React + * Issue 50842 - Decrease 389-console Cockpit component size + * Ticket 50790 - Add result text when filter is invalid + * Issue 50834 - Incorrectly setting the NSS default SSL version max + * Issue 50829 - Disk monitoring rotated log cleanup causes heap-use-after-free + * Ticket 50709 - (cont) Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 + * Issue 50599 - Fix memory leak when removing db region files + * Issue 49395 - Set the default TLS version min to TLS1.2 + * Issue 50818 - dsconf pwdpolicy get error + * Issue 50824 - dsctl remove fails with "name 'ensure_str' is not defined" + * Issue 50599 - Remove db region files prior to db recovery + * Issue 50812 - dscontainer executable should be placed under /usr/libexec/dirsrv/ + * Issue 50816 - dsconf allows the root password to be set to nothing + * Issue 50798 - incorrect bytes in format string(fix import issue) + +------------------------------------------------------------------- +Tue Jan 21 03:51:34 UTC 2020 - 389-ds-maintainer@suse.de + +- Update to version 1.4.2.6~git0.e84bbce3f: + * Bump version to 1.4.2.6 + * Ticket 50798 - incorrect bytes in format string + * Issue 50545 - Add the new replication monitor functionality to UI + * Issue 50806 - Fix minor issues in lib389 health checks + * Issue 50754 - Add Restore Change Log option to CLI + * Ticket 50727 - change syntax validate by default in 1.4.2 + * Ticket 50667 - dsctl -l did not respect PREFIX + * Issue 50780 - More CLI fixes + * Issue 50780 - Fix UI issues + * Ticket 50727 - correct mistaken options in filter validation patch + * Issue 50779 - lib389 - conflict compare fails for DN's with spaces + * Ticket #49761 - Fix CI test suite issues + * Issue 50499 - Fix npm audit issues + * Issue 50774 - Account.enroll_certificate() should not check for DS version + * Issue 50771 - 1.4.2.5 doesn't compile due to error ModuleNotFoundError: No module named 'pkg_resources.extern' + * Issue 50758 - Need to enable CLI arg completion + * Ticket 50709: Several memory leaks reported by Valgrind for 389-ds 1.3.9.1-10 + * Issue: 50690 - Port Password Storage test cases from TET to python3(create required types in password_plugins) + * Issue: 48851 - Investigate and port TET matching rules filter tests(last test cases for match index) + * Issue 50761 - Parametrized tests are missing ':parametrized' value + * Bump version to 1.4.2.5 + * Issue 50747 - Port readnsstate to dsctl + * Issue 50758 - Enable CLI arg completion + * Issue 50753 - Dumping the changelog to a file doesn't work + * Ticket 50745: ns-slapd hangs during CleanAllRUV tests + * Issue 50734 - lib389 creates non-SSCA cert DBs with misleading README.txt + * Issue: 48851 - investigate and port TET matching rules filter tests(cert) + * Issue: 50443 - Create a module in lib389 to Convert a byte sequence to a properly escaped for LDAP + * Ticket 50664 - DS can fail to recover if an empty directory exists in db + * Ticket 50736 - RetroCL trimming may crash at shutdown if trimming configuration is invalid + * Ticket 50741 - bdb_start - Detected Disorderly Shutdown last time Directory Server was running + * Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted + * Issue 50701 - Fix type in lint report + * Ticket 50729 - add support for gssapi tests on suse + * Issue 50701 - Add additional healthchecks to dsconf + * Issue 50711 - `dsconf security` lacks option for setting nsTLSAllowClientRenegotiation attribute + * Issue 50439 - Update docker integration for Fedora + * Issue: 48851 - Investigate and port TET matching rules filter tests(last test cases for match) + * Issue 50499 - Fix npm audit issues + * Issue 50722 - Test IDs are not unique + * Issue 50712 - Version comparison doesn't work correctly on git builds + * Issue 50499 - Fix npm audit issues + * Issue 50706 - Missing lib389 dependency - packaging + * Bump version to 1.4.2.4 + * Issue 49761 - Fix CI test suite issues + * Issue 50634 - Fix CLI error parsing for non-string values + * Ticket 50659 AddressSanitizer: SEGV ... in bdb_pre_close + * Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes + * Issue 50644 - fix regression with creating sample entries + * Issue 50699 - Add Disk Monitor to CLI and UI + * Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes + * Issue 50536 - After audit log file is rotated, DS version string is logged after each update + * Issue #50712 - Version comparison doesn't work correctly on git builds + * Issue 50706 - Missing lib389 dependency - packaging + * Issue 49761 - Fix CI test suite issues + * Issue #50683 - Makefile.am contains unused RPM-related targets + * Issue 50696 - Fix various UI bugs + * Update based on Marks feedback + * Update to mark as skipif + * Ticket 50641 - Update default aci to allows users to change their own password + * Ticket 50007, 50648 - improve x509 handling. + * Issue 50689 - Failed db restore task does not report an error + * Issue 50199 - Disable perl by default + * Ticket 50633 - Add cargo vendor support for offline builds + * Issue 50499 - Fix npm audit issues + * Bump version to 1.4.2.3 + * Issue 50592 - Port Replication Tab to ReactJS + * Issue 50680 - Remove branding from upstream spec file + * Issue 50669 - Remove nunc-stans in favour of reworking current conn code (add.) + * Issue: 48055 - CI test - automember_plugin(part1) + * Issue 50677 - Map subtree searches with NULL base to default naming context + * Issue 50669 - Fix RPM build + * Ticket 50669 - remove nunc-stans + * Ticket 49850 cont -fix crash in ldbm_non_leaf + * Issue 50634 - Clean up CLI errors output - Fix wrong exception + * Issue 50660 - Build failure on Fedora 31 + * Issue 50634 - Clean up CLI errors output + * Issue: 48851 - Investigate and port TET matching rules filter tests(match more test cases) + * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request" + * Issue 49850 - ldbm_get_nonleaf_ids() slow for databases with many non-leaf entries + * Issue 50655 - access log etime is not properly formatted + * Issue 50653 - objectclass parsing fails to log error message text + * Issue 50646 - Improve task handling during shutdowns + * Add new test suite to test migration between RHDS versions + * Ticket 50627 - Support platforms without pytest_html + * Ticket 49476 - backend refactoring phase1, fix failing tests + * Ticket 49476 - refactor ldbm backend to allow replacement of BDB + * Ticket - 50349 - additional fix: filter schema check must handle subtypes + * Issue: 48851 - investigate and port TET matching rules filter tests(indexing more test cases) + * Issue 50638 - RecursionError: maximum recursion depth exceeded while calling a Python object + * Ticket 50636 - Crash during sasl bind + * Ticket 50632 - Add ensure attr state so that diffs are easier from 389-ds-portal + * Ticket 50619 - extend commands to have more modify options + * Issue 50499 - Fix npm audit issues + * bump version to 1.4.2.2 + +------------------------------------------------------------------- +Tue Oct 08 02:04:20 UTC 2019 - 389-ds-maintainer@suse.de + +- Update to version 1.4.2.2~git0.d41ef935b: + * Issue 50627 - Add ASAN logs to HTML report + * Issue 50545 - Port repl-monitor.pl to lib389 CLI + * Ticket 50622 - ds_selinux_enabled may crash on suse + * Ticket 50595 - remove syslog.target requirement + * Ticket 50617 - disable cargo lock + * Issue 50620 - Fix regressions from 50506 (slapi_enry_attr_get_ref) + * Issue 50615 - Log current test name to journald + * Ticket: 50610 memory leak in dbscan + * Bump version to 1.4.2.1 + * Ticket 50581 - ns-slapd crashes during ldapi search + * Issue 50604 - Fix UI validation + * ticket 50510 - etime can contain invalid nanosecond value + * Ticket 50593 Investigate URP handling on standalone instance + * Issue 50506 - Fix regression for relication stripattrs + * Issue 50580 - Perl can't be disabled in configure + * Ticket 50584, 49212 - docker healthcheck and configuration + * Issue 50546 - fix more UI issues(part 2) + * Do not use comparision with "is" for empty value + * Issue 50546 - fix more UI issues + * Issue 50586 - lib389 - Fix DSEldif long line processing + * Issue 50173 - Add the validate-syntax task to the dsconf schema + * Issue 50546 - Fix various issues in UI + * Bump version to 1.4.2.0 + * Ticket 50576 - Same proc uid/gid maps to rootdn for ldapi sasl + * Ticket 50567, 50568 - strict host check disable and display container version + * Issue 50550 - DS installer debug messages leaking to ipa-server-install + * Issue 50545 - Port fixup-memberuid and add the functionality to CLI and UI + * Issue 50572 - After running cl-dump dbdir/cldb/*ldif.done are not deleted + * Issue 50578 - Add SKIP_AUDIT_CI flag for Cockpit builds + * Ticket 50349 - filter schema validation + * Issue: 48055 - CI test-(Plugin configuration should throw proper error messages if not configured properly) + * Issue 49324 - idl_new fix assert + * Ticket 50564 - Fix rust libraries by default and improve docker + * Issue 50206 - Refactor lock, unlock and status of dsidm account/role + * Issue 49324 - idl_new report index name in error conditions + * Issue 49761 - Fix CI test suite issues + * Issue 50506 - Fix regression from slapi_entry_attr_get_ref refactor + * Issue 50499 - Audit fix - Update npm 'eslint-utils' version + * Issue 49624 - modrdn silently fails if DB deadlock occurs + * fix for 50542 crashes in filter tests + * Issue 49761 - Fix CI test suite issues + * Ticket 50542 - Entry cache contention during base search + * Issue 50462 - Fix CI tests + * Ticket 50490 objects and memory leaks + * Issue 50538 - Move CI test to individual file + * Issue 50538 - cleanAllRUV task limit is not enforced for replicated tasks + * Issue 50536 - Audit log heading written to log after every update + * Issue 50525 - nsslapd-defaultnamingcontext does not change when the assigned suffix gets deleted + * Issue 50534 - CLI change schema edit subcommand to replace + * Issue 50506 - cont Fix invalid frees from pointer reference calls + * Issue 50507 - Fix Cockpit UI styling for PF4 + * Issue: 48851 - investigate and port TET matching rules filter tests(indexing final) + * Issue: 48851 - Add more test cases to the match test suite(mode replace) + * Issue 50530 - Directory Server not RFC 4511 compliant with requested attr "1.1" + * Issue 50529 - LDAP server returning PWP controls in different sequence + * Issue 50506 - Fix invalid frees from pointer reference calls. + * Issue 50506 - Replace slapi_entry_attr_get_charptr() with slapi_entry_attr_get_ref() + * Issue 50521 - Add regressions in CI tests + * Ticket 50510 - etime can contain invalid nanosecond value + * Issue 50488 - Create a monitor for disk space usagedisk-space-mon + * Issue 50511 - lib389 PosixGroups type can not handle rdn properly + * Issue 50508 - UI - fix local password policy form + +------------------------------------------------------------------- +Thu Aug 13 05:31:18 UTC 2019 - William Brown + +- Fix spec file discrepencies from SLE +- Update to correct license issue in spec file +- Update to simplify rust option selection +- Update to version 1.4.1.6~git0.5ac5a8aad: + * Bump version to 1.4.1.6 + * Issue 50355 - SSL version min and max not correctly applied + * Issue 50497 - Port cl-dump.pl tool to Python using lib389 + * Issue: 48851 - investigate and port TET matching rules filter tests(Final) + * correction to fix for #50417 + * Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file + * Issue 50425 - Add jemalloc LD_PRELOAD to systemd drop-in file + * Issue 50325 - Add Security tab to UI + * Ticket 49789 - By default, do not manage unhashed password + * Ticket 49421 - Implement password hash upgrade on bind. + * Ticket 49421 - on bind password upgrade proof of concept + * Ticket 50493 - connection_is_free to trylock + * Ticket 50459 - Correct issue with allocation state + * Issue 50499 - Fix audit issues and remove jquery from the whitelist + * Ticket 50459 - c_mutex to use pthread_mutex to allow ns sharing + * Ticket 50484 - Add a release build dockerfile and dscontainer improvements + * Issue 50486 - Update jemalloc to 5.2.0 +- Update to version 1.4.1.5~git0.748334143: + * Bump version to 1.4.1.5 + * Issue 50431 - Fix regression from coverity fix + * Issue 49239 - Add a new CI test case + * Issue 49997 - Add a new CI test case + * Issue 50177 - Add a new CI test case, also added fixes in lib389 + * Issue 49761 - Fix CI test suite issues + * Issue 50474 - Unify result codes for add and modify of repl5 config + * Ticket 50472 - memory leak with encryption + * Issue 50462 - Fix Root DN access control plugin CI tests + * Issue 50462 - Fix CI tests + * Ticket 50217 - Implement dsconf security section + * Issue: 48851 - Add more test cases to the match test suite. + * Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients + * Ticket 50439 - fix waitpid issue when pid does not exist + * Issue 50454 - Fix Cockpit UI branding + * Issue: 48851 - investigate and port TET matching rules filter tests(index) + * Issue 49232 - Truncate the message when buffer capacity is exceeded + * Bump version to 1.4.1.4 + * Ticket 49361 - Use IPv6 friendly network functions + * Issue: 48851 - Investigate and port TET matching rules filter tests(bug772777) + * Issue: 50446 - NameError: name 'ds_is_older' is not defined + * Issue 49602 - Revise replication status messages + * Ticket 50439 - Update docker integration to work out of source directory + * Ticket 50037 - revert path changes as it breaks prefix/rpm builds + * Issue 50431 - Fix regression from coverity fix + * Issue 50370 - CleanAllRUV task crashing during server shutdown + * Issue: 48851 - investigate and port TET matching rules filter tests(match) + * Issue 50417 - Fix missing quote in some legacy tools + * Ticket 50431 - Fix covscan warnings + * Revert "Issue 49960 - Core schema contains strings instead of numer oids" + * Issue 50426 - nsSSL3Ciphers is limited to 1024 characters + * Issue 50052 - Fix rpm.mk according to audit-ci change + * Issue 50365 - PIDFile= references path below legacy directory /var/run/ + * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request" + * Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS + * Ticket 50417 - Revise legacy tool scripts to work with new systemd changes + * Issue: 48851 - Add more search filters to vfilter_simple test suite + * Issue 49761 - Fix CI test suite issues + * Issue 49875 - Move SystemD service config to a drop-in file + * Ticket 50413 - ds-replcheck - Always display the Result Summary + * Issue 50052 - Add package-lock.json and use "npm ci" + * Issue: 48851 - investigate and port TET matching rules filter tests(vfilter simple) + * Ticket 50355 - NSS can change the requested SSL min and max versions + * Issue: 48851 - investigate and port TET matching rules filter tests(vfilter_ld) + * Issue 50390 - Add Managed Entries Plug-in Config Entry schema + * Ticket 49730 - Remove unused Mozilla ldapsdk variables +- Update to version 1.4.1.3~git0.1f1119d4b: + * Bump version to 1.4.1.3 + * Issue 49761 - Fix CI test suite issues + * Issue 50041 - Add the rest UI Plugin tabs - Part 2 + * Ticket 50340 - 2nd try - structs for diabled plugins will not be freed + * Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389 + * Ticket 50389 - ns-slapd craches while two threads are polling the same connection + * Issue: 48851 - investigate and port TET matching rules filter tests(scanlimit) + * Issue 50037 - lib389 fails to install in venv under non-root user + * Issue: 50112 - Port ACI test suit from TET to python3(userattr) + * Ticket 50393 - maxlogsperdir accepting negative values + * Issue: 50112 - Port ACI test suit from TET to python3(roledn) + * Issue 49960 - Core schema contains strings instead of numer oids + * Ticket 50396 - Crash in PAM plugin when user does not exist + * Issue 50387 - enable_tls() should label ports with ldap_port_t + * Issue 50390 - Add Managed Entries Plug-in Config Entry schema + * Ticket 50306 - Fix regression with maxbersize + * Issue 50384 - Missing dependency: cracklib-dicts + * Issue 49029 - [RFE] improve internal operations logging + * Issue 49761 - Fix CI test suite issues + * Issue - 50374 dsdim posixgroup create fails with ERROR + * Ticket 50251 - clear text passwords visable in CLI verbose mode logging + * Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients + * Issue:48851 - investigate and port TET matching rules filter tests + * Issue 50220 - attr_encryption test suite failing + * Ticket 50370 - CleanAllRUV task crashing during server shutdown + * Ticket 50340 cont - structs for disabled plugins will not be freed + * Fix missing import + * Issue 50164 - Add test for dscreate to basic test suite + * Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes + * Issue 49730 - MozLDAP bindings have been unsupported for a while + * Issue #50353 - Categorize tests by tiers + * Issue 50303 - Add creation date to task data + * Issue: 50358 - Create a Bitwise Plugin class in plugins.py + * Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion + * Ticket 50329 - revert fix + * Issue: 50112 - Port ACI test suit from TET to python3(keyaci) + * Ticket 50344 - tidy rpm vs build systemd flag handling + * Issue #50067 - Fix krb5 dependency in a specfile + * Ticket 50340 - structs for diabled plugins will not be freed + * Ticket 50327 - Add replication conflict support to UI + * Ticket 50327 - Add replication conflict entry support to lib389/CLI + * Ticket 50329 - improve connection default parameters + * Issue: 50313 - Add a NestedRole type to lib389 + * Issue:50112 - Port ACI test suit from TET to python3(Delete and Add) + * Ticket 49390, 50019 - support cn=config compare operations + * Issue 50041 - Add the rest UI Plugin tabs - Part 1 + * Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS + * Ticket 49990 - Increase the default FD limits + * Ticket 50306 - (cont typo) Move connection config inside struct + * Ticket 50291 - Add monitor tab functionality to Cockpit UI + * Fix cockpit console AppStream data + * Ticket 50317 - fix ds-backtrace issue on latest gdb + * Ticket 50305 - Revise CleanAllRUV task restart process + * Fix typo from: Issue 49915 - Add regression test + * Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified + * Ticket 49899 - fix pin.txt and pwdfile permissions + * Issue 49915 - Add regression test + * Ticket 50303 - Add task creation date to task data + * Ticket 50306 - Move connection config inside struct + * Ticket 50240 - Improve task logging + * Issue 50032 - Fix deprecation warnings in tests + * Ticket 50310 - fix sasl header include + * Ticket 49390 - improve compare and cn=config compare tests +- fix permissions handling (boo#1120189) +- Update to version 1.4.1.2~git0.9a126614a: + * Removes sysconfig from RPM as we no longer create it to detect + instance existance or settings. Older installs will still have + their sysconfig parsed, but new installs should use systemd + environment variables. + * Bump version to 1.4.1.2 + * Ticket 50308 - Revise memory leak fix + * Ticket 50308 - Fix memory leaks for repeat binds and replication + * Use PKG_CHECK_MODULES to detect the systemd library + * Use PKG_CHECK_MODULES to detect the kerberos library + * Use pkg-config from the host system to better support cross-compiling + * Use PKG_CHECK_MODULES to detect the libsasl2 library + * configure.ac: Add missing comma to an AC_ARG_ENABLE macro + * configure.ac: Remove unpaired parentheses from two help strings + * m4/doxygen.m4: Fix spelling of Doxygen in a message + * Use PKG_CHECK_MODULES to detect the pcre library + * Use PKG_CHECK_MODULES to detect the cmocka library + * Use PKG_CHECK_MODULES to detect the nss library + * Use PKG_CHECK_MODULES to detect the nspr library + * Use PKG_CHECK_MODULES to detect the event library + * Ticket 49873 - (cont 3rd) cleanup debug log + * Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup + * Issue 50292 - Fix Plugin CLI and UI issues + * Issue:50112 - Port ACI test suit from TET to python3(misc and syntax) + * Ticket 50289 - Fix various database UI issues + * Ticket 49463 After cleanALLruv, replication is looping on keep alive DEL + * Ticket 50300 - Fix memory leak in automember plugin + * Ticket 50265: the warning about skew time could last forever + * Ticket 50260 - Invalid cache flushing improvements + * Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry + * Ticket 50077 - Do not automatically turn automember postop modifies on + * Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members + * Ticket 49715 - extend account functionality + * Ticket 49873: (cont) Contention on virtual attribute lookup + * Ticket 50260 - backend txn plugins can corrupt entry cache + * Ticket 50255 - Port password policy test to use DSLdapObject + * Ticket 49667 - 49668 - remove old spec files + * Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present + * Issue: 50112 - Port ACI test suit from TET to python3(Search) + * Ticket 50259 - implement dn construction test + * Ticket 50273 - reduce default replicaton agmt timeout + * Ticket 50208 - lib389- Fix issue with list all instances + * Issue: 50112 - Port ACI test suit from TET to python3(Global Group) + * Issue 50041 - Add CLI functionality for special plugins + * Issue 50263 - LDAPS port not listening after installation + * Ticket 49575 - Indicate autosize value errors and corrective actions + * Ticket 50137 - create should not check in non-stateful mode for exist + * Ticket 49655 - remove doap file + * Issue 50197 - Fix dscreate regression + * Ticket 50234 - one level search returns not matching entry + * Ticket 50257 - lib389 - password policy user vs subtree checks are broken + * Issue: 50253 - Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py + * Issue 49029 - [RFE] improve internal operations logging + * Ticket 50230 - improve ioerror msg when not root/dirsrv + * Issue 50246 - Fix the regression in old control tools + * Ticket 50197 - Container integration part 2 + * Ticket 50197 - Container init tools + * Ticket 50232 - export creates not importable ldif file + * Ticket 50215 - UI - implement Database Tab in reachJS + * Ticket 50243 - refint modrdn stress test + * Ticket 50238 - Failed modrdn can corrupt entry cache + * Ticket 50236 - memberOf should be more robust + * Ticket 50213 - fix list instance issue + * Issue: 50219 - Add generic filter to DSLdapObjects + * Issue: 50227 - Making an cosClassicDefinition type in src/lib389/lib389/cos.py + * Issue: 50112 - Port ACI test suit from TET to python3(modify) + * Ticket 50224 - warnings on deprecated API usage + * Issue:50112 - Port ACI test suit from TET to python3(valueaci) + * Issue: 50112 Port ACI test suit from TET to python3(Aci Atter) + * Ticket 50208 - make instances mark off based on dse.ldif not sysconfig + * Issue: 50170 - composable object types for nsRole in lib389 + * Ticket 50199 - disable perl by default + * Issue:50211 - Making an actual Anonymous type in lib389/idm/account.py + * Ticket 50155 - password history check has no way to just check the current password + * Ticket 49873 - Contention on virtual attribute lookup + * Ticket 50197 - Container integration improvements + * Ticket 50195 - improve selinux error messages in interactive + * Ticket 49658 - In replicated topology a single-valued attribute can diverge + * Ticket 50111: Use pkg-config to detect icu + * Ticket 50165 - Fix issues with dscreate + * Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status + * Ticket 50140 - Use high ports in container installs + * Ticket 50184 - Add cli tool parity to dsconf/dsctl + * Ticket 50159 - sssd and config display +- Remove a pair of %if..%endif guards that do not affect the build. +- Updates to 389-ds.spec + - Make lib389 a requirement of 389-ds installs + - Disable shell script wrappers that have be replaced by dsctl/dsconf + - Disable perl in spec file build. For replacement tools see: + http://www.port389.org/docs/389ds/FAQ/legacy-command-changes.html + - Remove patches that have been merged by upstream + - Removed: 0001-init_fhs.patch - merged by upstream + - Removed: 0002-use-python2-for-selinux-detection.patch - merged + by upstream + - Removed: drop-caps.patch - merged by upstream + - Commented requires and recommendes in 389-ds.spec + - cyrus-sasl-plain added as a requirement as it is the only plaintext + or start TLS secure method for password auth (LDAPS is always secure) + - cyrus-sasl-gssapi moved to recommends as it is not always required + - cyrus-sasl-digestmd5 moved to recommends, as it is insecure and not + always required + - openldap2-client moved to recommends on lib389 as a supplement to + ldap command line tools that we provide, but not necessary + - python3-selinux and python3-policycoreutils moved to recommends + as they are not required, and only give "nice to have" features + during install of an instance +- Update to version 1.4.1.1~git0.af9bb7206: + * Bump version to 1.4.1.1 + * Ticket 50151 - lib389 support cli add/replace/delete on objects + * Issue 50041 - CLI and WebUI - Add memberOf plugin functionality + * Bump version to 1.4.1.0 + * Ticket 50125 - perl fix ups for tmpfiles + * Ticket 50164 - Add test for dscreate + * Fix for ticket 50059: If an object is nsds5replica, it must be cn=replica + * Ticket 50169 - lib389 changed hardcoded systemctl path + * Ticket 50165 - Fix dscreate issues + * Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser + * Fix compiler warning in snmp main() + * Ticket - Fix compiler warning in init.c + * Ticket 49540 - FIx compiler warning in ldif2ldbm + * Ticket 50169 - lib389 changed hardcoded systemctl path + * Ticket 50165 - Fix dscreate issues + * Issue 50152 - Replace os.getenv('HOME') with os.path.expanduser + * Ticket 49540 - FIx compiler warning in ldif2ldbm + * Ticket 50077 - Fix compiler warnings in automember rebuild task + * Ticket 49972 - use-after-free in case of several parallel krb + * authentication + * Ticket 50161 - Fixed some descriptions in "dsconf backend --help" + * Ticket 50153 - Increase default max logs + * Ticket 50123 - with_tmpfiles_d is associated to systemd + * Ticket 49984 - python installer add option to create suffix entry + * Ticket 49984 - python installer add option to create suffix entry + * Ticket 50077 - RFE - improve automember plugin to work with + * modify ops + * Ticket 50136 - Allow resetting passwords on the CLI + * Ticket 49994 - Adjust dsconf backend usage + * Ticket 50138 - db2bak.pl -P LDAPS does not work when + * nsslapd-securePort is missing + * Ticket 50122 - Fix incorrect path spec + * Issue 50145 - Add a verbose option to the backup tools + * Ticket 50056 - dsctl db2ldif throws an exception + * Ticket 50078 - cannot add cenotaph in read only consumer + * Ticket 50126 - Incorrect usage of sudo in test + * Issue 50130 - Building RPMs on RHEL8 fails + * Ticket 50134 - fixup-memberof.pl does not respect protocol requested + * Issue 50122 - Selinux test for presence + * Issue 50101 - Port fourwaymmr Test TET suit to python3 + * Issue 50091 - shadowWarning is not generated if passwordWarning + * is lower than 86400 seconds (1 day). + * Ticket 50128 - NS Stress fails without ipv6 + * Issue 49618 - Set nsslapd-cachememsize to custom value + * Ticket 50117 - after certain failed import operation, impossible + * to replay an import operation + * Ticket 49999 - rpm.mk dist-bz2 should clean cockpit_dist first + * Issue 48064 - Fix various issues in disk monitoring test suite + * Issue 49938 - lib389 - Clean up CLI logging + * Issue 49761 - Fix CI test suite issues + * Ticket 50056 - Fix UI bugs (part 2) + * Issue: 48064 - CI test - disk_monitoring + * Ticket 50099 - extend error messages + * Ticket 50099 - In FIPS mode, the server can select an unsupported + * password storage scheme + * Issue 50041 - Add basic plugin UI/CLI wrappers + * Issue 50082 - Port state test suite + * Ticket 49574 - remove index subsystem + * Issue 49588 - Add py3 support for tickets : part-5 + * Ticket 50095 - cleanup deprecated key.h includes +- use lib389 on 15.0 and up. now that we do not hardrequire the + python selinux bindings anymore + +------------------------------------------------------------------- +Fri Aug 9 02:15:50 UTC 2019 - William Brown + +- Update specfile to be inline with the OpenSUSE spec file + * include future-configurations in the spec which are not active until 15.2 + * lib389 (upstream requirement from 1.4.0) + * rust (upstream requirement from 1.4.2) + * removal of perl (upstream has not supported perl in any 1.4.x release) + * resolve missing svrcore obsoletes statement and pkg configuration + (bsc#1144797) + +------------------------------------------------------------------- +Thu Aug 01 04:19:39 UTC 2019 - 389-ds-maintainer@suse.de + +- Update to version 1.4.0.26~git0.8a2d3de6f: + * Bump version to 1.4.0.26 + * Issue 50499 - Fix audit issues and remove jquery from the whitelist + * Issue 50355 - SSL version min and max not correctly applied + * Issue 50325 - Add Security tab to UI + * Issue 50177 - Add a new CI test case, also added fixes in lib389 + * Bump version to 1.4.0.25 + * Issue 50431 - Fix regression from coverity fix + * Bump version to 389-ds-base-1.4.0.24 + * Fix cherry-pick error from last commit + * Issue 50052 - Fix rpm.mk according to audit-ci change + * Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present + * Issue 50041 - Add the rest UI Plugin tabs - Part 1 + * Ticket 50217 - Implement dsconf security section + * Issue 49602 - Revise replication status messages + * Issue 50431 - Fix regression from coverity fix + * Ticket 50431 - Fix covscan warnings + * Issue 50426 - nsSSL3Ciphers is limited to 1024 characters + * Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request" + * Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS + * Ticket 50413 - ds-replcheck - Always display the Result Summary + * Ticket 50355 - NSS can change the requested SSL min and max versions + * Bump version to 1.4.0.23 + * Issue 50041 - Add the rest UI Plugin tabs - Part 2 + * Ticket 50340 - 2nd try - structs for diabled plugins will not be freed + * Ticket 50393 - maxlogsperdir accepting negative values + * Ticket 50396 - Crash in PAM plugin when user does not exist + * Issue 50390 - Add Managed Entries Plug-in Config Entry schema + * Ticket 50251 - clear text passwords visable in CLI verbose mode logging + * Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients + * Ticket 50370 - CleanAllRUV task crashing during server shutdown + * Ticket 50340 cont - structs for disabled plugins will not be freed + * Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes + * Ticket 50329 - revert fix + * Ticket 50340 - structs for diabled plugins will not be freed + * Ticket 50327 - Add replication conflict support to UI + * Ticket 50327 - Add replication conflict entry support to lib389/CLI + * Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS + * Ticket 49990 - Increase the default FD limits + * Ticket 50291 - Add monitor tab functionality to Cockpit UI + * Fix cockpit console AppStream data + * Ticket 50305 - Revise CleanAllRUV task restart process + * Ticket 50303 - Add task creation date to task data + * Ticket 50240 - Improve task logging + + +------------------------------------------------------------------- +Tue Apr 16 01:19:05 UTC 2019 - 389-ds-maintainer@suse.de + +- Update to version 1.4.0.22~git0.9d84a40dd: + * Bump version to 1.4.0.22 which resolves: + * (bsc#1120189) + * (bsc#991201, CVE-2016-5416) + * (bsc#1083689, CVE-2018-1054) + * (bsc#1092187, CVE-2018-1089) + * (bsc#1099465, CVE-2018-10871) + * (bsc#1108674, CVE-2018-14638) + * (bsc#1109609, CVE-2018-14648) + * (bsc#1132385, CVE-2019-3883) + * (bsc#1105606, CVE-2018-10935) + * Ticket 50308 - Revise memory leak fix + * Ticket 50308 - Fix memory leaks for repeat binds and replication + * Ticket 49873 - (cont 3rd) cleanup debug log + * Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup + * Issue 50292 - Fix Plugin CLI and UI issues + * Ticket 50289 - Fix various database UI issues + * Ticket 50300 - Fix memory leak in automember plugin + * Ticket 50265: the warning about skew time could last forever + * Ticket 50260 - Invalid cache flushing improvements + * Remove obsolete patch 0001-init_fhs.patch + * Remove obsolete patch 0002-use-python2-for-selinux-detection.patch + * Remove obsolete patch 0003-fix-rm-non-existent-man-pages.patch + * Remove obsolete patch simplify-lib389-setup-py.patch + * Remove obsolete patch tw.patch + * Remove obsolete patch 0006-under-network-load-ps-can-decrease-connection-refcnt.patch + * Remove obsolete patch 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch + * Remove obsolete patch 0008-invalid-password-migration-causes-unauth-bind.patch + * Remove obsolete patch 0009-ldapsearch-with-server-side-sort-crashes-the-server.patch + * Remove obsolete patch 0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch + +------------------------------------------------------------------- +Tue Sep 11 12:47:02 UTC 2018 - varkoly@suse.com + +- Introduce patch: + 0010-Log-buffer-exceeded-emergency-logging-msg-is-not-thread-safe.patch + to fix the issue "389-ds: Server crash through modify command with large DN" + (bsc#1106699, CVE-2018-14624) + +------------------------------------------------------------------- +Wed Aug 22 13:26:15 UTC 2018 - varkoly@suse.com + +- Introduce patch: + 0009-ldapsearch-with-server-side-sort-crashes-the-server.patch + to fix the issue that ldapsearch with server side sort allows + users to cause a crash (bsc#1105606, CVE-2018-10935) + +------------------------------------------------------------------- +Tue Jul 31 14:36:51 UTC 2018 - dakechi@suse.com + +- Introduce patches: + * 0006-under-network-load-ps-can-decrease-connection-refcnt.patch + to fix the race condition on reference counter (bsc#1096368, + CVE-2018-10850) + * 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch + (bsc#1076530, CVE-2017-15134) + * 0008-invalid-password-migration-causes-unauth-bind.patch + (bsc#1076530, CVE-2017-15135) + +------------------------------------------------------------------- +Mon Feb 19 13:01:04 UTC 2018 - hguo@suse.com + +- Explicitly generate dirsrv sysconfig file as it is necessary for + SLES 15 (bsc#1081324). + +------------------------------------------------------------------- +Fri Feb 2 01:31:25 UTC 2018 - mrueckert@suse.de + +- switch lib389 to use the python3-ldap subpackage + +------------------------------------------------------------------- +Wed Jan 31 13:28:21 UTC 2018 - hguo@suse.com + +- For SLES 15 schedule, do not build lib389 programmable extension + for now. + +------------------------------------------------------------------- +Wed Jan 31 11:13:17 UTC 2018 - dimstar@opensuse.org + +- BuildRequire python3-ldap instead of python3-pyldap: pyldap is + deprecated in favor of python-ldap. + +------------------------------------------------------------------- +Tue Jan 30 14:19:15 UTC 2018 - hguo@suse.com + +- Rename dependency package python-pyldap into python3-pyldap. + +------------------------------------------------------------------- +Mon Jan 29 15:20:10 UTC 2018 - hguo@suse.com + +- Correct name to dependency package "python-pyldap". + +------------------------------------------------------------------- +Thu Jan 25 15:09:41 UTC 2018 - hguo@suse.com + +- Introduce patch 0003-fix-rm-non-existent-man-pages.patch to remove + a faulty rm statement from makefile. + +------------------------------------------------------------------- +Sun Jan 14 02:59:15 UTC 2018 - mrueckert@suse.de + +- add tw.patch to fix potential buffer overflow + +------------------------------------------------------------------- +Tue Dec 5 14:45:57 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Mon Nov 20 22:34:46 UTC 2017 - mrueckert@suse.de + +- added simplify-lib389-setup-py.patch + seems the python3 setuptools on leap 42.3 do not like this fancy + syntax. kill it and always use the python 3 way. + +------------------------------------------------------------------- +Mon Nov 20 22:15:45 UTC 2017 - mrueckert@suse.de + +- update to 1.4.0.3 + - Ticket 49457 - Fix spal_meminfo_get function prototype + - Ticket 49455 - Add tests to monitor test suit. + - Ticket 49448 - dynamic default pw scheme based on environment. + - Ticket 49298 - fix complier warn + - Ticket 49298 - Correct error codes with config restore. + - Ticket 49454 - SSL Client Authentication breaks in FIPS mode + - Ticket 49453 - passwd.py to use pwdhash defaults. + - Ticket 49427 - whitespace in fedse.c + - Ticket 49410 - opened connection can remain no longer poll, + like hanging + - Ticket 48118 - fix compiler warning for incorrect return type + - Ticket 49451 - Add environment markers to lib389 dependencies + - Ticket 49325 - Proof of concept rust tqueue in sds + - Ticket 49443 - scope one searches in 1.3.7 give incorrect + results + - Ticket 48118 - At startup, changelog can be erronously rebuilt + after a normal shutdown + - Ticket 49412 - SIGSEV when setting invalid changelog config + value + - Ticket 49441 - Import crashes - oneline fix + - Ticket 49377 - Incoming BER too large with TLS on plain port + - Ticket 49441 - Import crashes with large indexed binary + attributes + - Ticket 49435 - Fix NS race condition on loaded test systems + - Ticket 77 - lib389 - Refactor docstrings in rST format - part 2 + - Ticket 17 - lib389 - dsremove support + - Ticket 3 - lib389 - python 3 compat for paged results test + - Ticket 3 - lib389 - Python 3 support for memberof plugin test + suit + - Ticket 3 - lib389 - config test + - Ticket 3 - lib389 - python 3 support ds_logs tests + - Ticket 3 - lib389 - python 3 support for betxn test + +------------------------------------------------------------------- +Sat Nov 11 00:53:42 UTC 2017 - mrueckert@suse.de + +- we actually need pyldap + +------------------------------------------------------------------- +Fri Nov 10 23:50:29 UTC 2017 - mrueckert@suse.de + +- lib389 is merged into this tarball now. move the subpackage here. + +------------------------------------------------------------------- +Fri Nov 10 22:45:23 UTC 2017 - mrueckert@suse.de + +- update to 1.4.0.2 + - Ticket 48393 - fix copy and paste error + - Ticket 49439 - cleanallruv is not logging information + - Ticket 48393 - Improve replication config validation + - Ticket lib389 3 - Python 3 support for ACL test suite + - Ticket 103 - sysconfig not found + - Ticket 49436 - double free in COS in some conditions + - Ticket 48007 - CI test to test changelog trimming interval + - Ticket 49424 - Resolve csiphash alignment issues + - Ticket lib389 3 - Python 3 support for + pwdPolicy_controls_test.py + - Ticket 3 - python 3 support - filter test + - Ticket 49434 - RPM build errors + - Ticket 49432 - filter optimise crash + - Ticket 49432 - Add complex fliter CI test + - Ticket 48894 - harden valueset_array_to_sorted_quick valueset + access + - Ticket 49401 - Fix compiler incompatible-pointer-types warnings + - Ticket 48681 - Use of uninitialized value in string ne at + /usr/bin/logconv.pl + - Ticket 49409 - Update lib389 requirements + - Ticket 49401 - improve valueset sorted performance on delete + - Ticket 49374 - server fails to start because maxdisksize is + recognized incorrectly + - Ticket 49408 - Server allows to set any nsds5replicaid in the + existing replica entry + - Ticket 49407 - status-dirsrv shows ellipsed lines + - Ticket 48681 - Use of uninitialized value in string ne at + /usr/bin/logconv.pl + - Ticket 49386 - Memberof should be ignore MODRDN when the + pre/post entry are identical + - Ticket 48006 - Missing warning for invalid replica backoff + configuration + - Ticket 49064 - testcase hardening + - Ticket 49064 - RFE allow to enable MemberOf plugin in dedicated + consumer + - Ticket lib389 3 - python 3 support + - Ticket 49402 - Adding a database entry with the same database + name that was deleted hangs server at shutdown + - Ticket 48235 - remove memberof lock (cherry-pick error) + - Ticket 49394 - build warning + - Ticket 49381 - Refactor numerous suite docstrings - Part 2 + - Ticket 49394 - slapi_pblock_get may leave unchanged the + provided variable + - Ticket 49403 - tidy ns logging + - Ticket 49381 - Refactor filter test suite docstrings + - Ticket 48235 - Remove memberOf global lock + - Ticket 103 - Make sysconfig where it is expected to exist + - Ticket 49400 - Add clang support to rpm builds + - Ticket 49381 - Refactor ACL test suite docstrings + - Ticket 49363 - Merge lib389 + - Ticket 101 - BaseException.message has been deprecated in + Python3 + - Ticket 102 - referral support + - Ticket 99 - Fix typo in create_topology + - Ticket #98 - Fix dbscan output + - Ticket #77 - Fix changelogdb param issue + - Ticket #77 - Refactor docstrings in rST format - part 1 + - Ticket 96 - Change binaries’ names + - Ticket 77 - Add sphinx documentation + - Ticket 43 - Add support for Referential Integrity plugin + - Ticket 45 - Add support for Rootdn Access Control plugin + - Ticket 46 - dsconf support for dynamic schema reload + - Ticket 74 - Advice users to set referint-update-delay to 0 + - Ticket 92 - display_attr() should return str not bytes in py3 + - Ticket 93 - Fix test cases in ctl_dbtasks_test.py + - Ticket 88 - python install and remove for tests + - Ticket 85 - Remove legacy replication attribute + - Ticket 91 - Fix replication topology + - Ticket 89 - Fix inconsistency with serverid + - Ticket 79 - Fix replica.py and add tests + - Ticket 86 - add build dir to gitignore + - Ticket 83 - Add an util for generating instance parameters + - Ticket 87 - Update accesslog regec for HR etimes + - Ticket 49 - Add support for whoami plugin + - Ticket 48 - Add support for USN plugin + - Ticket 78 - Add exists() method to DSLdapObject + - Ticket 31 - Allow complete removal of some memberOf attrs + - Ticket31 - Add memberOf fix-up task + - Ticket 67 - Add ensure_int function + - Ticket 59 - lib389 support for index management. + - Ticket 67 - get attr by type + - Ticket 70 - Improve repl tools + - Ticket 50 - typo in db2* in dsctl + - Ticket 31 - Add status command and SkipNested support for + MemberOf + - Ticket 31 - Add functional tests for MemberOf plugin + - Ticket 66 - expand healthcheck for Directory Server + - Ticket 69 - add specfile requires + - Ticket 31 - Initial MemberOf plugin support + - Ticket 50 - Add db2* tasks to dsctl + - Ticket 65 - Add m2c2 topology + - Ticket 63 - part 2, agreement test + - Ticket 63 - lib389 python 3 fix + - Ticket 62 - dirsrv offline log + - Ticket 60 - add dsrc to dsconf and dsidm + - Ticket 32 - Add TLS external bind support for testing + - Ticket 27 - Fix get function in tests + - Ticket 28 - userAccount for older versions without nsmemberof + - Ticket 27 - Improve dseldif API + - Ticket 30 - Add initial support for account lock and unlock. + - Ticket 29 - fix incorrect format in tools + - Ticket 28 - Change default objectClasses for users and groups + - Ticket 1 - Fix missing dn / rdn on config. + - Ticket 27 - Add a module for working with dse.ldif file + - Ticket 1 - cn=config comparison + - Ticket 21 - Missing serverid in dirsrv_test due to incorrect + allocation + - Ticket 26 - improve lib389 sasl support + - Ticket 24 - Join paths using os.path.join instead of string + concatenation + - Ticket 25 - Fix RUV repr function + - Ticket 23 - Use DirSrv.exists() instead of manually checking + for instance’s existence + - Ticket 1 - cn=config comparison + - Ticket 22 - Specify a basedn parameter for IDM modules + - Ticket 19 - missing readme.md in python3 + - Ticket 20 - Use the DN_DM constant instead of hard coding its + value + - Ticket 19 - Missing file and improve make + - Ticket 14 - Remane dsadm to dsctl + - Ticket 16 - Reset InstScriptsEnabled argument during the init + - Ticket 14 - Remane dsadm to dsctl + - Ticket 13 - Add init function to create new domain entries + - Ticket 15 - Improve instance configuration ability + - Ticket 10 - Improve command line tool arguments + - Ticket 9 - Convert readme to MD + - Ticket 7 - Add pause and resume methods to topology fixtures + - Ticket 49172 - Allow lib389 to read system schema and instance + - Ticket 49172 - Allow lib389 to read system schema and instance + - Ticket 6 - Bump lib389 version 1.0.4 + - Ticket 5 - Fix container build on fedora + - Ticket 4 - Cert detection breaks some tests + - Ticket 49137 - Add sasl plain tests, lib389 support + - Ticket 2 - pytest mark with version relies on root + - Ticket 49126 - DIT management tool + - Ticket 49101 - Python 2 generate example entries + - Ticket 49103 - python 2 support for installer + - Ticket 47747 - Add topology_i2 and topology_i3 + - Ticket 49087 - lib389 resolve jenkins issues + - Ticket 48413 - Improvements to lib389 for rest + - Ticket 49083 - Support prefix for discovery of the defaults.inf + file. + - Ticket 49055 - Fix debugging mode issue + - Ticket 49060 - Increase number of masters, hubs and consumers + in topology + - Ticket 47747 - Add more topology fixtures + - Ticket 47840 - Add InstScriptsEnabled argument + - Ticket 47747 - Add topology fixtures module + - Ticket 48707 - Implement draft-wibrown-ldapssotoken-01 + - Ticket 49022 - Lib389, py3 installer cannot create entries in + backend + - Ticket 49024 - Fix paths to the dbdir parent + - Ticket 49024 - Fix db_dir paths + - Ticket 49024 - Fix paths in tools module + - Ticket 48961 - Fix lib389 minor issues shown by 48961 test + - Ticket 49010 - Lib389 fails to start with systemctl changes + - Ticket 49007 - lib389 fixes for paths to use online values + - Ticket 49005 - Update lib389 to work in containers correctly. + - Ticket 48991 - Fix lib389 spec for python2 and python3 + - Ticket 48984 - Add lib389 paths module + - Ticket 48951 - dsadm dsconfig status and plugin + - Ticket 47957 - Update the replication “idle” status string + - Ticket 48951 - dsadm and dsconf base files + - Ticket 48952 - Restart command needs a sleep + - Ticket 48949 - Fix ups for style and correctness + - Ticket 48949 - added copying slapd-collations.conf + - Ticket 48949 - change default file path generation - use + os.path.join + - Ticket 48949 - os.makedirs() exist_ok not python2 compatible, + added try/except + - Ticket 48949 - configparser fallback not python2 compatible + - Ticket 48946 - openConnection should not fully popluate DirSrv + object + - Ticket 48832 - Add DirSrvTools.getLocalhost() function + - Ticket 48382 - Fix serverCmd to get sbin dir properly + - Bug 1347760 - Information disclosure via repeated use of LDAP + ADD operation, etc. + - Ticket 48937 - Cleanup valgrind wrapper script + - Ticket 48923 - Fix additional issue with serverCmd + - Ticket 48923 - serverCmd timeout not working as expected + - Ticket 48917 - Attribute presence + - Ticket 48911 - Plugin improvements for lib389 + - Ticket 48911 - Improve plugin support based on new mapped + objects + - Ticket 48910 - Fixes for backend tests and lib389 reliability. + - Ticket 48860 - Add replication tools + - Ticket 48888 - Correction to create of dsldapobject + - Ticket 48886 - Fix NSS SSL library in lib389 + - Ticket 48885 - Fix spec file requires + - Ticket 48884 - Bugfixes for mapped object and new connections + - Ticket 48878 - better style for backend in backend_test.py + - Ticket 48878 - pep8 fixes part 2 + - Ticket 48878 - pep8 fixes and fix rpm to build + - Ticket 48853 - Prerelease installer + - Ticket 48820 - Begin to test compatability with py.test3, and + the new orm + - Ticket 48434 - Fix for negative tz offsets + - Ticket 48857 - Remove python-krbV from lib389 + - Ticket 48820 - Fix tests to ensure they work with the new + object types + - Ticket 48820 - Move Encryption and RSA to the new object types + - Ticket 48820 - Proof of concept of orm style mapping of configs + and objects + - Ticket 48820 - Clitool rename + - Ticket 48431 - lib389 integrate ldclt + - Ticket 48434 - lib389 logging tools + - Ticket 48796 - add function to remove logs + - Ticket 48771 - lib389 - get ns-slapd version + - Ticket 48830 - Convert lib389 to ip route tools + - Ticket 48763 - backup should run regardless of existing + backups. + - Ticket 48434 - lib389 logging tools + - Ticket 48798 - EL6 compat for lib389 tests for DH params + - Ticket 48798 - lib389 add ability to create nss ca and + certificate + - Ticket 48433 - Aci linting tools + - Ticket 48791 - format args in server tools + - Ticket 48399 - Helper makefile is missing mkdir dist + - Ticket 48399 - Helper makefile is missing mkdir dist + - Ticket 48794 - lib389 build requires are on a single line + - Ticket 48660 - Add function to convert binary values in an + entry to base64 + - Ticket 48764 - Fix mit krb password to be random. + - Ticket 48765 - Change default ports for standalone topology + - Ticket 48750 - Clean up logging to improve command experience + - Ticket 48751 - Improve lib389 ldapi support + - Ticket 48399 - Add helper makefile to lib389 to build and + install + - Ticket 48661 - Agreement test suite fails at the test_changes + case + - Ticket 48407 - Add test coverage module for lib389 repo + - Ticket 48357 - clitools should standarise their args + - Ticket 48560 - Make verbose handling consistent + - Ticket 48419 - getadminport() should not a be a static method + - Ticket 48408 - RFE escaped default suffix for tests + - Ticket 48401 - Revert typecheck + - Ticket 48401 - lib389 Entry hasAttr returs dict instead of + false + - Ticket 48390 - RFE Improvements to lib389 monitor features for + rest389 + - Ticket 48358 - Add new spec file + - Ticket 48371 - weaker host check on localhost.localdomain + - Ticket 58358 - Update spec file with pre-release versioning + - Ticket 48358 - Make Fedora packaging changes to the spec file + - Ticket 48358 - Prepare lib389 for Fedora Packaging + - Ticket 48364 - Fix test failures + - Ticket 48360 - Refactor the delete agreement function + - Ticket 48361 - Expand 389ds monitoring capabilities + - Ticket 48246 - Adding license/copyright to lib389 files + - Ticket 48340 - Add basic monitor support to lib389 + https://fedorahosted.org/389/ticket/48340 + - Ticket 48353 - Add Replication REST support to lib389 + - Ticket 47840 - Fix regression + - Ticket 48343 - lib389 krb5 realm management + https://fedorahosted.org/389/ticket/48343 + - Ticket 47840 - fix lib389 to use sbin scripts + https://fedorahosted.org/389/ticket/47840 + - Ticket 48335 - Add SASL support to lib389 + - Ticket 48329 - Fix case-senstive scyheam comparisions + - Ticket 48303 - Fix lib389 broken tests + - Ticket 48329 - add matching rule functions to schema module + - Ticket 48324 - fix boolean capitalisation (one line) + https://fedorahosted.org/389/ticket/48324 + - Ticket 48321 - Improve is_a_dn check to prevent mistakes with + lib389 auth https://fedorahosted.org/389/ticket/48321 + - Ticket 48322 - Allow reindex function to reindex all attributes + - Ticket 48319 - Fix ldap.LDAPError exception processing + - Ticket 48318 - Do not delete a changelog while disabling a + replication by suffix + - Ticket 48308 - Add eq and ne to Entry to allow fast comparison + https://fedorahosted.org/389/ticket/48308 + - Ticket 48303 - Fix lib389 broken tests - backend_test + - Ticket 48309 - Fix lib389 lib imports + - Ticket 48303 - Fix lib389 broken tests - agreement_test + - Ticket 48303 - Fix lib389 broken tests - aci_parse_test + - Ticket 48301 - add tox support + - Ticket 48204 - update lib389 for python3 + - Ticket 48273 - Improve valgrind functions + - Ticket 48271 - Fix for self.prefix being none when + SER_DEPLOYED_DIR is none + https://fedorahosted.org/389/ticket/48271 + - Ticket 48259 - Add aci parsing utilities to lib389 + - Ticket 48252 - (lib389) adding get_bin_dir and dbscan + - Ticket 48247 - Change the default user to ‘dirsrv’ + - Ticket 47848 - Add new function to create ldif files + - Ticket 48239 - Fix for prefix allocation of un-initialised + dirsrv objects + - Ticket 48237 - Add lib389 helper to enable and disable logging + services. + - Ticket 48236 - Add get effective rights helper to lib389 + - Ticket 48238 - Add objectclass and attribute type query + mechanisms + - Ticket 48029 - Add missing replication related functions + - Ticket 48028 - add valgrind wrapper for ns-slapd + - Ticket 48028 - lib389 - add valgrind functions + - Ticket 48022 - lib389 - Add all the server tasks + - Ticket 48023 - create function to test replication between + servers + - Ticket 48020 - lib389 - need to reset args_instance with every + DirSrv init + - Ticket 48000 - Repl agmts need more time to stop + - Ticket 48004 - Fix various issues + - Ticket 48000 - replica agreement pause/resume should have a + short sleep + - Ticket 47990 - Add check for “.removed” instances when doing an + upgrade + - Ticket 47990 - Add “upgrade” function to lib389 + - Ticket 47691 - using lib389 with RPMs + - Ticket 47848 - Add support for setuptools. + - Ticket 47855 - Add function to clear tmp directory + - Ticket 47851 - Need to retrieve tmp directory path + - Ticket 47845 - add stripcsn option to tombstone fixup task + - Ticket 47851 - Add function to retrieve dirsrvtests data + directory + - Ticket 47845 - Add backup/restore/fixup tombstone tasks to + lib389 + - Ticket 47819 - Add the new precise tombstone purging config + attribute + - Ticket 47695 - Add plugins/tasks/Index + - Ticket 47648 - lib389 - add schema classes, methods + - Ticket 47671 - CI lib389: allow to open a DirSrv without having + to create the instance + - Ticket 47600 - Replica/Agreement/Changelog not conform to the + design + - Ticket 47652 - replica add fails: MT.list return a list not an + entry + - Ticket 47635 - MT/Backend/Suffix to be conform with the design + - Ticket 47625 - CI lib389: DirSrv not conform to the design + - Ticket 47595 - fail to detect/reinit already existing + instance/backup + - Ticket 47590 - CI tests: add/split functions around replication + - Ticket 47584 - CI tests: add backup/restore of an instance + - Ticket 47578 - CI tests: removal of ‘sudo’ and absolute path in + lib389 + - Ticket 47568 - Rename DSAdmin class + - Ticket 47566 - Initial import of DSadmin into 389-test repos + +------------------------------------------------------------------- +Tue Oct 24 12:35:24 UTC 2017 - jengelh@inai.de + +- Use openSUSE rpm group classifications. +- Remove removal of .a files that do not exist to begin with + (because of --disable-static). +- Remove double removal of .la files. +- Do not suppress errors from useradd. + +------------------------------------------------------------------- +Wed Oct 18 20:57:17 UTC 2017 - mrueckert@suse.de + +- update to 1.4.0.1 + - Ticket 49038 - remove legacy replication - change cleanup + script precedence + - Ticket 49392 - memavailable not available + - Ticket 49235 - pbkdf2 by default + - Ticket 49279 - remove dsktune + - Ticket 49372 - filter optimisation improvements for common + queries + - Ticket 49320 - Activating already active role returns error 16 + - Ticket 49389 - unable to retrieve specific cosAttribute when + subtree password policy is configured + - Ticket 49092 - Add CI test for schema-reload + - Ticket 49388 - repl-monitor - matches null string many times in + regex + - Ticket 49387 - pbkdf2 settings were too aggressive + - Ticket 49385 - Fix coverity warnings + - Ticket 49305 - Need to wrap atomic calls + - Ticket 48973 - Indexing a ExactIA5Match attribute with a + IgnoreIA5Match matching rule triggers a warning + - Ticket 49378 - server init fails + - Ticket 49305 - Need to wrap atomic calls + - Ticket 49180 - add CI test + - Ticket 49180 - errors log filled with attrlist_replace - + attr_replace + +------------------------------------------------------------------- +Tue Oct 10 16:06:18 UTC 2017 - mrueckert@suse.de + +- drop 389-ds-reproducible.patch: applied upstream + +------------------------------------------------------------------- +Fri Sep 29 00:06:42 UTC 2017 - mrueckert@suse.de + +- move upgrade and restart code to postun + +------------------------------------------------------------------- +Thu Sep 28 15:40:51 UTC 2017 - mrueckert@suse.de + +- make sure we stop before uninstall +- build require gdb for directory ownership + +------------------------------------------------------------------- +Wed Sep 27 16:11:29 UTC 2017 - mrueckert@suse.de + +- sync requires with fedora spec file + - build with tcmalloc + - add missing requires for things like bind-utils, db-utils + - add requires to the devel package + - split out the snmp agent + - upgrade all databases on update + +------------------------------------------------------------------- +Wed Sep 27 15:10:25 UTC 2017 - mrueckert@suse.de + +- update to 1.4.0.0 + - Ticket 49327 - Add CI test for password expiration controls + - Ticket 48085 - CI tests - replication ruvstore + - Ticket 49381 - Refactor numerous suite docstrings + - Ticket 48085 - CI tests - replication cl5 + - Ticket 49379 - Allowed sasl mapping requires restart + - Ticket 49327 - password expired control not sent during grace + logins + - Ticket 49380 - Add CI test + - Ticket 83 - Fix create_test.py imports + - Ticket 49381 - Add docstrings to ds_logs, gssapi_repl, betxn + - Ticket 49380 - Crash when adding invalid replication agreement + - Ticket 48081 - CI test - password - Ticket 49295 - Fix CI tests + - Ticket 49295 - Fix CI test for account policy + - Ticket 49373 - remove unused header file +- changes from 1.3.7.4 + - Ticket 49371 - Cleanup update script + - Ticket 48831 - Autotune dncache with entry cache. + - Ticket 49312 - pwdhash -D used default hash algo + - Ticket 49043 - make replication conflicts transparent to + clients + - Ticket 49371 - Fix rpm build + - Ticket 49371 - Template dse.ldif did not contain all needed + plugins + - Ticket 49295 - Fix CI Tests + - Ticket 49050 - make objectclass ldapsubentry effective + immediately +- changes from 1.3.7.3 + - Ticket 49354 - fix regression in total init due to mistake in + range fetch + - Ticket 49370 - local password policies should use the same + defaults as the global policy + - Ticket 48989 - Delete slow lib389 test + - Ticket 49367 - missing braces in idsktune + - Ticket 49364 - incorrect function declaration. + - Ticket 49275 - fix tls auth regression + - Ticket 49038 - Revise creation of cn=replication,cn=config + - Ticket 49368 - Fix typo in log message + - Ticket 48059 - Add docstrings to CLU tests + - Ticket 47840 - Add docstrings to setup tests + - Ticket 49348 - support perlless and wrapperless install + +------------------------------------------------------------------- +Tue Sep 19 09:39:08 CEST 2017 - kukuk@suse.de + +- Remove unnecessary ldconfig calls + +------------------------------------------------------------------- +Wed Aug 30 15:49:42 UTC 2017 - mrueckert@suse.de + +- update to 1.3.7.2 + - Ticket 49038 - Fix regression from legacy code cleanup + - Ticket 49295 - Fix CI tests + - Ticket 48067 - Add bugzilla tests for ds_logs + - Ticket 49356 - mapping tree crash can occur during tot init + - Ticket 49275 - fix compiler warns for gcc 7 + - Ticket 49248 - Add a docstring to account locking test case + - Ticket 49445 - remove dead code + - Ticket 48081 - Add regression tests for pwpolicy + - Ticket 48056 - Add docstrings to basic test suite + - Ticket 49349 - global name ‘imap’ is not defined + - Ticket 83 - lib389 - Fix tests and create_test.py + - Ticket 48185 - Remove referint-logchanges attr from referint’s + config + - Ticket 48081 - Add regression tests for pwpolicy + - Ticket 83 - lib389 - Replace topology agmt objects + - Ticket 49331 - change autoscaling defaults + - Ticket 49330 - Improve ndn cache performance. + - Ticket 49347 - reproducable build numbers + - Ticket 39344 - changelog ldif import fails + - Ticket 49337 - Add regression tests for import tests + - Ticket 49309 - syntax checking on referint’s delay attr + - Ticket 49336 - SECURITY: Locked account provides different + return code + - Ticket 49332 - Event queue is not working + - Ticket 49313 - Change the retrochangelog default cache size + - Ticket 49329 - Descriptive error msg for USN cleanup task + - Ticket 49328 - Cleanup source code + - Ticket 49299 - Add normalized dn cache stats to dbmon.sh + - Ticket 49290 - improve idl handling in complex searches + - Ticket 49328 - Update clang-format config file + - Ticket 49091 - remove usage of changelog semaphore + - Ticket 49275 - shadow warnings for gcc7 - pass 1 + - Ticket 49316 - fix missing not condition in clock cleanu + - Ticket 49038 - Remove legacy replication + - Ticket 49287 - v3 extend csnpl handling to multiple backends + - Ticket 49310 - remove sds logging in debug builds + - Ticket 49031 - Improve memberof with a cache of group parents + - Ticket 49316 - Fix clock unsafety in DS + - Ticket 48210 - Add IP addr and connid to monitor output + - Ticket 49295 - Fix CI tests and compiler warnings + - Ticket 49295 - Fix CI tests + - Ticket 49305 - Improve atomic behaviours in 389-ds + - Ticket 49298 - fix missing header + - Ticket 49314 - Add untracked files to the .gitignore + - Ticket 49303 - Fix error in CI test + - Ticket 49302 - fix dirsrv importst due to lib389 change + - Ticket 49303 - Add option to disable TLS client-initiated + renegotiation + - Ticket 49298 - force sync() on shutdown + - Ticket 49306 - make -f rpm.mk rpms produces build without + tcmalloc enabled + - Ticket 49297 - improve search perf in bpt by removing a deref + - Ticket 49284 - resolve crash in memberof when deleting attrs + - Ticket 49290 - unindexed range searches don’t provide notes=U + - Ticket 49301 - Add one logpipe test case +- changes from 1.3.6.8 + - Ticket 49356 - mapping tree crash can occur during tot init +- changes from 1.3.6.7 + - Ticket 49330 - Improve ndn cache performance + - Ticket 49298 - fix missing header + - Ticket 49298 - force sync() on shutdown + - Ticket 49336 - SECURITY: Locked account provides different + return code + - Ticket 49334 - fix backup restore if changelog exists + - Ticket 49313 - Change the retrochangelog default cache size + - Fix error log format in add.c + - Ticket 49287 - fix compiler warning for patch 49287 + - Ticket 49287 - v3 extend csnpl handling to multiple backends + - Ticket 49288 - RootDN Access wrong plugin path in + template-dse.ldif.in + - Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV if + related pblock has not operation set + - Ticket 49008 - Fix MO plugin betxn test + - Ticket 49227 - ldapsearch does not return the expected Error + log level + - Ticket 49028 - Add autotuning test suite + - Ticket 49273 - bak2db doesn’t operate with dbversion + - Ticket 49184 - adjust logging level in MO plugin + - Ticket 49257 - only register modify callbacks + - Ticket 49257 - Update CI script + - Ticket 49008 - Adjust CI test for new memberOf behavior + - Ticket 49273 - crash when DBVERSION is corrupt. + - Ticket 49268 - master branch fails on big endian systems + - Ticket 49241 - add symblic link location to db2bak.pl output + - Ticket 49257 - Reject nsslapd-cachememsize & nsslapd-cachesize + when nsslapd-cache-autosize is set + - Ticket 48538 - Failed to delete old semaphore + - Ticket 49231 - force EXTERNAL always + - Ticket 49267 - autosize split of 0 results in dbcache of 0 + +------------------------------------------------------------------- +Wed Aug 30 12:29:40 UTC 2017 - bwiedemann@suse.com + +- Add 389-ds-reproducible.patch not use build date in build num + to make build reproducible (boo#1047218) + +------------------------------------------------------------------- +Tue Aug 15 14:37:47 UTC 2017 - hguo@suse.com + +- Introduce acl as mandatory runtime dependency. + +------------------------------------------------------------------- +Tue Aug 8 14:37:00 UTC 2017 - hguo@suse.com + +- Rename patch 389-ds-base-1.3.2.11_init_fhs.patch -> 0001-init_fhs.patch +- Fix faulty python module import with patch + 0002-use-python2-for-selinux-detection.patch +- Conduct a major clean-up of spec file to remove all outdated macros +- Introduce extra schema files from OpenLDAP distribution with + extra-schema.tgz and LICENSE.openldap + +------------------------------------------------------------------- +Sat May 27 08:46:54 UTC 2017 - mrueckert@suse.de + +- update to 1.3.6.6 + - Ticket 49157 - fix error in ds-logpipe.py + - Ticket 48864 - remove config.h from spal header. + - Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework + report format + - Ticket 49261 - Fix script usage and man pages + - Ticket 49238 - AddressSanitizer: heap-use-after-free in + libreplication + - Ticket 48864 - Fix FreeIPA build + - Ticket 49257 - Reject dbcachesize updates while auto cache + sizing is enabled + - Ticket 49249 - cos_cache is erroneously logging schema checking + failure + - Ticket 49258 - Allow nsslapd-cache-autosize to be modified + while the server is running + - Ticket 49247 - resolve build issues on debian + - Ticket 49246 - ns-slapd crashes in role cache creation + - Ticket 49157 - ds-logpipe.py crashes for non-existing users + - Ticket 49241 - Update man page and usage for db2bak.pl + - Ticket 49075 - Adjust logging severity levels + - Ticket 47662 - db2index not properly evaluating arguments + - Ticket 48989 - fix perf counters +- changes from 1.3.6.5 + - Ticket 49231 - fix sasl mech handling + - Ticket 49233 - Fix crash in persistent search + - Ticket 49230 - slapi_register_plugin creates config entry where + it should not + - Ticket 49135 - PBKDF2 should determine rounds at startup + - Ticket 49236 - Fix CI Tests + - Ticket 48310 - entry distribution should be case insensitive + - Ticket 49224 - without –prefix, $prefixdir would be NONE in + defaults. +- drop 9563d299.patch: included upstream + +------------------------------------------------------------------- +Fri May 19 10:32:03 UTC 2017 - mrueckert@suse.de + +- added 9563d299.patch to fix building slapi-nis and freeipa + +------------------------------------------------------------------- +Thu May 11 11:01:05 UTC 2017 - jengelh@inai.de + +- Do not suppress errors from user/group creation. + Add some safety quoting here and there. + +------------------------------------------------------------------- +Thu Apr 27 21:02:04 UTC 2017 - mrueckert@suse.de + +- update to 1.3.6.4 + - Ticket 49228 - Fix SSE4.2 detection. + - Ticket 49229 - Correct issues in latest commits + - Ticket 49226 - Memory leak in ldap-agent-bin + - Ticket 49214 - Implement htree concept + - Ticket 49119 - Cleanup configure.ac options and defines + - Ticket 49097 - whitespace fixes for pblock change + - Ticket 49097 - Pblock get/set cleanup + - Ticket 49222 - Resolve various test issues on rawhide + - Issue 48978 - Fix the emergency logging functions severity + levels + - Issue 49227 - ldapsearch for nsslapd-errorlog-level returns + incorrect values + - Ticket 49041 - nss won’t start if sql db type set + - Ticket 49223 - Fix sds queue locking + - Issue 49204 - Fix 32bit arch build failures + - Issue 49204 - Need to update function declaration + - Ticket 49204 - Fix lower bounds on import autosize + On small + VM, autotune breaks the access of the suffixes + - Issue 49221 - During an upgrade the provided localhost name is + ignored + - Issue 49220 - Remote crash via crafted LDAP messages (SECURITY + FIX) + - Ticket 49184 - Overflow in memberof + - Ticket 48050 - Add account policy tests to plugins test suite + - Ticket 49207 - Supply docker POC build for DS. + - Issue 47662 - CLI args get removed + - Issue 49210 - Fix regression when checking is password min age + should be checked + - Ticket 48864 - Add cgroup memory limit detection to 389-ds + - Issue 48085 - Expand the repl acceptance test suite + - Ticket 49209 - Hang due to omitted replica lock release + - Ticket 48864 - Cleanup memory detection before we add cgroup + support + - Ticket 48864 - Cleanup up broken format macros and imports + - Ticket 49153 - Remove vacuum lock on transaction cleanup + - Ticket 49200 - provide minimal dse.ldif for python installer + - Issue 49205 - Fix logconv.pl man page + - Issue 49177 - Fix pkg-config file + - Issue 49035 - dbmon.sh shows pages-in-use that exceeds the + cache size + - Ticket 48432 - Linux capabilities on ns-slapd + - Ticket 49196 - Autotune generates crit messages + - Ticket 49194 - Lower default ioblock timeout + - Ticket 49193 - gcc7 warning fixes + - Issue 49039 - password min age should be ignored if password + needs to be reset + - Ticket 48989 - Re-implement lock counter + - Issue 49192 - Deleting suffix can hang server + - Issue 49156 - Modify token :assert: to :expectedresults: + - Ticket 48989 - missing return in counter + - Ticket 48989 - Improve counter overflow fix + - Ticket 49190 - Upgrade lfds to 7.1.1 + - Ticket 49187 - Fix attribute definition + - Ticket 49185 - Fix memleak in compute init + +------------------------------------------------------------------- +Fri Mar 24 13:42:40 UTC 2017 - mrueckert@suse.de + +- update to 1.3.6.3 + This release contains security and bug fixes and a few + enhancements. + - Issue 49177 - rpm would not create valid pkgconfig files(pt2) + - Issue 49186 - Fix NS to improve shutdown relability + - Issue 49174 - nunc-stans can not use negative timeout + - Issue 49076 - To debug DB_DEADLOCK condition, allow to reset + DB_TXN_NOWAIT flag on txn_begin + - Issue 49188 - retrocl can crash server at shutdown + - Issue 47840 - Add setup_ds test suite + - Fix srvcore version dependancy + - Issue 48989 - Overflow in counters and monitor + - Issue 49095 - targetattr wildcard evaluation is incorrectly + case sensitive + - Issue 49177 - rpm would not create valid pkgconfig files + - Issue 49176 - Remove tcmalloc restriction from s390x + - Issue 49157 - ds-logpipe.py crashes for non-existing users + - Issue 49065 - dbmon.sh fails if you have + nsslapd-require-secure-binds enabled + - Issue 49095 - Fix double-free in _cl5NewDBFile() error path + - Issue 49169 - Fix covscan errors(regression) + - Issue 49172 - Fix test schema files + - Issue 49171 - Nunc Stans incorrectly reports a timeout + - Issue 49169 - Fix covscan errors + - Issue 49164 - Change NS to acq-rel semantics for atomics + - Issue 49154 - Nunc Stans stress should assert it has 95% + success rate + - Issue 49165 - pw_verify did not handle external auth + - Issue 49062 - Reset agmt update staus and total init + - Issue 49151 - Remove defunct selinux policy +- add BR for autoconf, autotool, libtool as upstream doesn't ship + a prebuilt configure anymore +- import BR from nunc-stans as it is intree now: + libtevent-devel libtalloc-devel libevent-devel +- added BR for doxygen to build doxygen +- enable auto-dn-suffix feature + +------------------------------------------------------------------- +Mon Feb 20 12:49:23 UTC 2017 - mrueckert@suse.de + +- fix build on factory: libsystemd-* libs got merged into libsystemd. + +------------------------------------------------------------------- +Wed Dec 21 15:48:51 UTC 2016 - mrueckert@suse.de + +- update to 1.3.5.15 + - bz1358565 - Clear and unsalted password types are vulnerable to + timing attack (SECURITY FIX) + - Ticket 49016 - (un)register/migration/remove may fail if there + is no suffix on ‘userRoot’ backend + - Ticket 48328 - Add missing dependency + - Ticket 49009 - args debug logging must be more restrictive + - Ticket 49014 - ns-accountstatus.pl shows wrong status for + accounts inactivated by Account policy plugin + - Ticket 47703 - remove search limit for aci group evaluation + - Ticket 48909 - Replication stops working in FIPS mode +- changes in 1.3.5.14 + - Ticket 48992 - Total init may fail if the pushed schema is + rejected + - Ticket 48832 - Fix CI test suite for password min age + - Ticket 48983 - Configure and Makefile.in from new default paths + work. + - Ticket 48983 - Configure and Makefile.in from new default paths + work. + - Ticket 48983 - generate install path info from autotools + scripts + - Ticket 48944 - on a read only replica invalid state info can + accumulate + - Ticket 48766 - use a consumer maxcsn only as anchor if supplier + is more advanced + - Ticket 48921 - CI Replication stress tests have limits set too + low + - Ticket 48969 - nsslapd-auditfaillog always has an explicit path + - Ticket 48957 - Update repl-monitor to handle new status + messages + - Ticket 48832 - Fix CI tests + - Ticket 48975 - Disabling CLEAR password storage scheme will + crash server when setting a password + - Ticket 48369 - Add CI test suite + - Ticket 48970 - Serverside sorting crashes the server + - Ticket 48972 - remove old pwp code that adds/removes ACIs + - Ticket 48957 - set proper update status to replication + agreement in case of failure + - Ticket 48950 - Add systemd warning to the LD_PRELOAD example in + /etc/sysconfig/dirsrv + - provide backend dir in suffix template + - Ticket 48953 - Skip labelling and unlabelling ports during the + test + - Ticket 48967 - Add CI test and refactor test suite + - Ticket 48967 - passwordMinAge attribute doesn’t limit the + minimum age of the password + - Fix jenkins warnings about unused vars + - Ticket 48402 - v3 allow plugins to detect a restore or import + - Ticket #48969 - nsslapd-auditfaillog always has an explicit + path + - Ticket 48964 - cleanAllRUV changelog purging incorrectly + processes all backends + - Ticket 48965 - Fix building rpms using rpm.mk + - Ticket 48965 - Fix generation of the pre-release version + - Bugzilla 1368956 - man page of ns-accountstatus.pl shows + redundant entries for -p port option + - Ticket 48960 - Crash in import_wait_for_space_in_fifo(). + - Ticket 48832 - Fix more CI test failures + - Ticket 48958 - Audit fail log doesn’t work if audit log + disabled. + - Ticket 48956 - ns-accountstatus.pl showing “activated” user + even if it is inactivated + - Ticket 48954 - replication fails because anchorcsn cannot be + found + - Ticket 48832 - Fix CI tests failures from jenkins server + - Ticket 48950 - Change example in /etc/sysconfig/dirsrv to use + tcmalloc + +------------------------------------------------------------------- +Sat Nov 19 21:02:06 UTC 2016 - aj@ajaissle.de + +- New upstream release 1.3.4.14 + +------------------------------------------------------------------- +Mon Sep 5 13:13:06 UTC 2016 - mrueckert@suse.de + +- update to 1.3.5.13 + - CVE-2016-4992 389-ds-base: Information disclosure via repeated + use of LDAP ADD operation, etc. + - Ticket 47538 - Fix repl-monitor color and lag times + - Ticket 47538 - repl-monitor.pl legend not properly sorted + - Ticket 47538 - repl-monitor.pl not displaying correct color + code for lag time + - Ticket 47664 - Move CI test to the pr suite and refactor + - Ticket 47824 - Remove CI test from tickets and add logging + - Ticket 47911 - split out snmp agent into a subpackage + - Ticket 47976 - Add fixed CI test case + - Ticket 47982 - Fix log hr timestamps when invalid value is set + in cn=config + - Ticket 48109 - substring index with nssubstrbegin: 1 is not + being used with filters like (attr=x*) + - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the + status of the directory server instance. + - Ticket 48191 - Move CI test to the pr suite and refactor + - Ticket 48234 - “matching rules” in ACI’s “bind rules not fully + evaluated + - Ticket 48234 - CI test: test case for ticket 48234 + - Ticket 48275 - search returns no entry when OR filter component + contains non readable attribute + - Ticket 48326 - Move CI test to config test suite and refactor + - Ticket 48336 - Missing semanage dependency + - Ticket 48336 - setup-ds should detect if port is already + defined + - Ticket 48346 - ldaputil code cleanup + - Ticket 48346 - log too verbose when re-acquiring expired ticket + - Ticket 48354 - Review of default ACI in the directory server + - Ticket 48363 - CI test - add test suite + - Ticket 48366 - proxyauth does not work bound as directory + manager + - Ticket 48404 - libslapd owned by libs and devel + - Ticket 48449 - Import readNSState from richm’s repo + - Ticket 48449 - Import readNSState.py from RichM’s repo + - Ticket 48450 - Add prestart work around for systemd ask + password + - Ticket 48450 - Autotools components for + ds_systemd_ask_password_acl + - Ticket 48617 - Coverity fixes + - Ticket 48636 - Fix config validation check + - Ticket 48636 - Improve replication convergence + - Ticket 48637 - DN cache is not always updated when ADD + operation fails + - Ticket 48743 - If a cipher is disabled do not attempt to look + it up + - Ticket 48745 - Matching Rule caseExactIA5Match indexes + incorrectly values with upper cases + - Ticket 48745 - Matching Rule caseExactIA5Match indexes + incorrectly values with upper cases + - Ticket 48747 - dirsrv service fails to start when + nsslapd-listenhost is configured + - Ticket 48752 - Page result search should return empty cookie if + there is no returned entry + - Ticket 48752 - Add CI test + - Ticket 48754 - ldclt should support -H + - Ticket 48755 - moving an entry could make the online init fail + - Ticket 48755 - CI test: test case for ticket 48755 + - Ticket 48766 - Replication changelog can incorrectly skip over + updates + - Ticket 48767 - flow control in replication also blocks + receiving results + - Ticket 48795 - Make various improvements to create_test.py + - Ticket 48799 - Test cases for objectClass values being dropped. + - Ticket 48815 - ns-accountstatus.pl - fix DN normalization + - Ticket 48832 - Fix timing and localhost issues + - Ticket 48832 - CI tests + - Ticket 48833 - 389 showing inconsistent values for shadowMax + and shadowWarning in 1.3.5.1 + - Ticket 48834 - Fix jenkins: discared qualifier on auditlog.c + - Ticket 48834 - Modifier’s name is not recorded in the audit log + with modrdn and moddn operations + - Ticket 48844 - Regression introduced in matching rules by DS + 48746 + - Ticket 48846 - 32 bit systems set low vmsize + - Ticket 48846 - Older kernels do not expose memavailable + - Ticket 48846 - Rlimit checks should detect RLIM_INFINITY + - Ticket 48848 - modrdn deleteoldrdn can fail to find old + attribute value, perhaps due to case folding + - Ticket 48849 - Systemd introduced incompatible changes that + breaks ds build + - Ticket 48850 - Correct memory leaks in pwdhash-bin and ns-slapd + - Ticket 48854 - Running db2index with no options breaks + replication + - Ticket 48855 - Add basic pwdPolicy tests + - Ticket 48858 - Segfault changing nsslapd-rootpw + - Ticket 48862 - At startup DES to AES password conversion causes + timeout in start script + - Ticket 48863 - remove check for vmsize from util_info_sys_pages + - Ticket 48870 - Correct plugin execution order due to changes in + exop + - Ticket 48872 - Fix segfault and use after free in plugin + shutdown + - Ticket 48873 - Backend should accept the reduced cache + allocation when issane == 1 + - Ticket 48877 - Fixes for RPM spec with spectool + - Ticket 48880 - adding pre/post extop ability + - Ticket 48882 - server can hang in connection list processing + - Ticket 48889 - ldclt - fix man page and usage info + - Ticket 48891 - ns-slapd crashes during the shutdown after + adding attribute with a matching rule + - Ticket 48892 - Wrong result code display in audit-failure log + - Ticket 48893 - cn=config should not have readable components to + anonymous + - Ticket 48895 - tests package should be noarch + - Ticket 48898 - Crash during shutdown if nunc-stans is enabled + - Ticket 48899 - Values of dbcachetries/dbcachehits in cn=monitor + could overflow. + - Ticket 48900 - Add connection perf stats to logconv.pl + - Ticket 48902 - Strdup pwdstoragescheme name to prevent + misbehaving plugins + - Ticket 48904 - syncrepl search returning error 329; plugin + sending a bad error code + - Ticket 48905 - coverity defects + - Ticket 48912 - ntUserNtPassword schema + - Ticket 48914 - db2bak.pl task enters infinitive loop when bak + fs is almost full + - Ticket 48916 - DNA Threshold set to 0 causes SIGFPE + - Ticket 48918 - Upgrade to 389-ds-base >= 1.3.5.5 doesn’t + install 389-ds-base-snmp + - Ticket 48919 - Compiler warnings while building 389-ds-base on + RHEL7 + - Ticket 48920 - Memory leak in pwdhash-bin + - Ticket 48921 - Adding replication and reliability tests + - Ticket 48922 - Fix crash when deleting backend while import is + running + - Ticket 48924 - Fixup tombstone task needs to set proper flag + when updating tombstones + - Ticket 48925 - slapd crash with SIGILL: Dsktune should detect + lack of CMPXCHG16B + - Ticket 48928 - log of page result cookie should log empty + cookie with a different value than 0 + - Ticket 48930 - Paged result search can hang the server + - Ticket 48934 - remove-ds.pl deletes an instance even if wrong + prefix was specified + - Ticket 48935 - Update dirsrv.systemd file + - Ticket 48936 - Duplicate collation entries + - Ticket 48939 - nsslapd-workingdir is empty when ns-slapd is + started by systemd + - Ticket 48940 - DS logs have warning:ancestorid not indexed + - Ticket 48943 - When fine-grained policy is applied, a sub-tree + has a priority over a user while changing password + - Ticket 48943 - Add CI Test for the password test suite + +------------------------------------------------------------------- +Wed Jun 29 13:11:38 UTC 2016 - mrueckert@suse.de + +- update to 1.3.5.4 + - Ticket 48836 - replication session fails because of permission + denied + - Ticket 48837 - Replication: total init aborted + - Ticket 48617 - Server ram checks work in isolation + - Ticket 48220 - The “repl-monitor” web page does not display + “year” in date. + - Ticket 48829 - Add gssapi sasl replication bind test + - Ticket 48497 - uncomment pytest from CI test + - Ticket 48828 - db2ldif is not taking into account multiple + suffixes or backends + - Ticket 48818 - Fix case where return code is always -1 + - Ticket 48826 - 52updateAESplugin.pl may fail on older versions + of perl + - Ticket 48825 - Configure make generate invalid makefile +- changes from 1.3.5.3 + - Ticket 47536 - Allow usage of OpenLDAP libraries that don’t use + NSS for crypto + - Ticket 47536 - CI test: added test cases for ticket 47536 + - Ticket 47840 - default instance scripts if undefined. + - Ticket 47888 - Add CI test + - Ticket 47888 - DES to AES password conversion fails if a + backend is empty + - Ticket 47951 - Fix startpid from altering dev/null + - Ticket 47968 - Disable journald logs by default + - Ticket 47982 - HR Log timers, regression fix for subsystem + logging + - Ticket 48078 - CI test - paged_results - TET part + - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the + status of the directory server instance. + - Ticket 48269 - ns-accountstatus status message improvement + - Ticket 48342 - DNA: deadlock during DNA_EXTEND_EXOP_REQUEST_OID + - Ticket 48342 - DNA Deadlock test cases + - Ticket 48342 - Prevent transaction abort if a transaction has + not begun + - Ticket 48350 - Integrate ASAN into our rpm build process + - Ticket 48374 - entry cache locks not released in error + conditions + - Ticket 48410 - 389-ds-base - Unable to remove / unregister a DS + instance from admin server + - Ticket 48447 - with-initddir should accept no + - Ticket 48450 - Systemd password agent support + - Ticket 48492 - heap corruption at schema replication. + - Ticket 48597 - Deadlock when rebuilding the group of authorized + replication managers + - Ticket 48662 - db2index with no attribute args fail. + - Ticket 48710 - auto-dn-suffix unrecognized option + - Ticket 48769 - Fix white space in extendedop.c + - Ticket 48769 - RFE: Be_txn extended operation plugin type + - Ticket 48770 - Improve extended op plugin handling + - Ticket 48775 - If nsSSL3 is on, even if SSL v3 is not really + enabled, a confusing message is logged. + - Ticket 48779 - Remove startpidfile check in start-dirsrv + - Ticket 48781 - Vague error message: setup_ol_tls_conn - failed: + unable to create new TLS context + - Ticket 48782 - Make sure that when LDAP_OPT_X_TLS_NEWCTX is + set, the value is set to zero. + - Ticket 48783 - Fix ns-accountstatus.pl syntax error + - Ticket 48784 - CI test: added test cases for ticket 48784 + - Ticket 48784 - Make the SSL version set to the client library + configurable. + - Ticket 48798 - Enable DS to offer weaker DH params in NSS + - Ticket 48799 - objectclass values could be dropped on the + consumer + - Ticket 48800 - Cleaning up error buffers + - Ticket 48801 - ASAN errors during tests + - Ticket 48802 - Compilation warnings from clang + - Ticket 48808 - Add test case + - Ticket 48808 - Paged results search returns the blank list of + entries + - Ticket 48813 - password history is not updated when an admin + resets the password + - Ticket 48815 - ns-accountstatus.sh does handle DN’s with single + quotes + - Ticket 48818 - In docker, no one can hear your process hang. + - Ticket 48822 - (389-ds-base-1.3.5) Fixing coverity issues. + - Ticket 48824 - Cleanup rpm.mk and 389 specfile +- enable nunc-stans + +------------------------------------------------------------------- +Fri Apr 29 00:51:36 UTC 2016 - mrueckert@suse.de + +- should also define the username + +------------------------------------------------------------------- +Fri Apr 29 00:27:43 UTC 2016 - mrueckert@suse.de + +- fix building systemd stuff +- create user and home directory for it + +------------------------------------------------------------------- +Thu Apr 14 01:52:13 UTC 2016 - mrueckert@suse.de + +- limit gcc_security to TW. it enables compiler options not + supported on leap e.g. + +------------------------------------------------------------------- +Thu Apr 14 01:41:49 UTC 2016 - mrueckert@suse.de + +- enable more gcc security features +- enable selinux +- fix the systemd options to actually pass some variable and also + set the tmpfiles path + +------------------------------------------------------------------- +Thu Apr 14 01:23:51 UTC 2016 - mrueckert@suse.de + +- update to 1.3.5.1 + - Ticket 47982 - improve timestamp resolution in logs + - Ticket 48759 - no plugin calls in tombstone purging + - Ticket 48665 - Prevent sefault in + ldbm_instance_modify_config_entry + - Ticket 48757 - License tag does not match actual license of + code + - Ticket 48746 - Crash when indexing an attribute with a matching + rule + - Ticket 48497 - extended search without MR indexed attribute + prevents later indexing with that MR + - Ticket 48368 - Resolve the py.test conflicts with the + create_test.py issue + - Ticket 48748 - Fix memory_leaks test suite teardown failure + - Ticket 48383 - import tasks with dynamic buffer sizes + - Ticket 48420 - change severity of some messages related to + "keep alive" entries + - Ticket 48386 - Clean up dsktune code + - Ticket 48537 - undefined reference to `abstraction_increment' + - Ticket 48747 - dirsrv service fails to start when + nsslapd-listenhost is configured +- changes from 1.3.5.0 + - Ticket 132 - Makefile.am must include header files and + template scripts + - Ticket 142 - [RFE] Default password syntax settings don't + work with fine-grained policies + - Ticket 548 - RFE: Allow AD password sync to update + shadowLastChange + - Ticket 47788 - Only check postop result if its a replication + operation + - Ticket 47840 - add configure option to disable instance + specific scripts + - Ticket 47968 - [RFE] Send logs to journald + - Ticket 47977 - [RFE] Implement sd_notify mechanism + - Ticket 48016 - search, matching rules and filter error + "unsupported type 0xA9" + - Ticket 48144 - Add /usr/sbin/status-dirsrv script to get the + status of the directory server instance. + - Ticket 48145 - RFE Add log file for rejected changes + - Ticket 48147 - Unable to enable DS service for auto start + - Ticket 48151 - Improve CleanAllRUV task logging + - Ticket 48218 - cleanAllRUV - modify the existing "force" option + to bypass the "replica online" checks + - Ticket 48244 - No validation check for the value for + nsslapd-db-locks. + - Ticket 48257 - Fix coverity issues - 08/24/2015 + - Ticket 48263 - allow plugins to detect tombstone operations + - Ticket 48269 - RFE: need an easy way to detect locked accounts + locked by inactivity. + - Ticket 48270 - fail to index an attribute with a specific + matching rule/48269 + - Ticket 48280 - enable logging of internal ops in the audit log + - Ticket 48285 - The dirsrv user/group should be created in rpm + %pre, and ideally with fixed uid/gid + - Ticket 48289 - 389-ds-base: ldclt-bin killed by SIGSEGV + - Ticket 48290 - No man page entry for - option '-u' of dbgen.pl + for adding group entries with uniquemembers + - Ticket 48294 - Linked Attributes plug-in - won't update links + after MODRDN operation + - Ticket 48295 - Entry cache is not rolled back -- Linked + Attributes plug-in - wrong behaviour when adding valid and + broken links + - Ticket 48311 - nunc-stans: Attempt to release connection that + is not acquired + - Ticket 48317 - SELinux port labeling retry attempts are + excessive + - Ticket 48326 - [RFE] it could be nice to have + nsslapd-maxbersize default to bigger than 2Mb + - Ticket 48350 - configure.ac add options for debbuging and + security analysis / hardening. + - Ticket 48351 - Fix buffer overflow error when reading url with + len 0 + - Ticket 48363 - Support for rfc3673 '+' to return operational + attributes + - Ticket 48369 - [RFE] response control for password age should + be sent by default by RHDS + - Ticket 48384 - Server startup should warn about values + consuming too much ram + - Ticket 48387 - ASAN invalid read in cos_cache.c + - Ticket 48394 - lower password history minimum to 1 + - Ticket 48395 - ASAN - Use after free in uiduniq 7bit.c + - Ticket 48398 - Coverity defect 13352 - Resource leak in + auditlog.c + - Ticket 48400 - ldclt - segmentation fault error while binding + - Ticket 48445 - keep alive entries can break replication + - Ticket 48446 - logconv.pl displays negative operation speeds + - Ticket 48566 - acl.c attrFilterArray maybe uninitialised. + - Ticket 48662 - db2index with no attribute args fail. + +------------------------------------------------------------------- +Tue Mar 1 16:39:06 UTC 2016 - claes.backstrom@opensuse.org + +- Update to new upstream release 1.3.4.8 + * Various bugs are fixed + +------------------------------------------------------------------- +Fri Nov 20 10:49:42 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.4.5 + * Various bugs are fixed + +------------------------------------------------------------------- +Mon Sep 14 08:50:01 UTC 2015 - hguo@suse.com + +- Upgrade from 1.3.3.13 to 1.3.4.4 with accumulated bugfixes. + +------------------------------------------------------------------- +Wed Sep 9 11:07:09 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.13 +- Removed 389-ds-1.3.3.11-CVE-2015-3230.patch (included upstream) + +------------------------------------------------------------------- +Wed Jun 17 09:38:48 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.11 +- Added 389-ds-1.3.3.11-CVE-2015-3230.patch: + nsSSL3Ciphers preference not enforced on server side + [boo#934934] [CVE-2015-3230] + +------------------------------------------------------------------- +Wed Apr 29 10:17:58 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.10 + * One important security bug was fixed: + Bug 1216203 - CVE-2015-1854 389ds-base: access control bypass with modrdn + +------------------------------------------------------------------- +Wed Apr 15 09:05:08 UTC 2015 - jengelh@inai.de + +- Simplify filelist + +------------------------------------------------------------------- +Mon Apr 13 19:30:00 UTC 2015 - aj@ajaissle.de + +- Move bin/ and sbin/ to /usr/lib/389-ds/bin resp. sbin/ +- Removed conflict with atheme + +------------------------------------------------------------------- +Sat Mar 28 10:34:43 UTC 2015 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.9 + * Several bugs are fixed including 2 security bugs + Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all] + Ticket 47431 - Duplicate values for the attribute nsslapd-pluginarg are not handled correctly + Ticket 47451 - dynamic plugins - fix crash caused by invalid plugin config + Ticket 47728 - compilation failed with ' incomplete struct/union/enum' if not set USE_POSIX_RWLOCKS + Ticket 47742 - 64bit problem on big endian: auth method not supported + Ticket 47801 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown + Ticket 47828 - DNA scope: allow to exlude some subtrees + Ticket 47836 - Do not return '0' as empty fallback value of nsds5replicalastupdatestart and nsds5replicalastupdatestart + Ticket 47901 - After total init, nsds5replicaLastInitStatus can report an erroneous error status (like 'Referral') + Ticket 47936 - Create a global lock to serialize write operations over several backends + Ticket 47957 - Make ReplicaWaitForAsyncResults configurable + Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD + Ticket 48003 - add template scripts + Ticket 48003 - build "suite" framework + Ticket 48005 - ns-slapd crash in shutdown phase + Ticket 48021 - nsDS5ReplicaBindDNGroup checkinterval not working properly + Ticket 48027 - revise the rootdn plugin configuration validation + Ticket 48030 - spec file should run "systemctl stop" against each running instance instead of dirsrv.target + Ticket 48048 - Fix coverity issues - 2015/2/24 + Ticket 48048 - Fix coverity issues - 2015/3/1 + Ticket 48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) + +------------------------------------------------------------------- +Wed Dec 24 21:05:17 UTC 2014 - aj@ajaissle.de + +- Conflicts with atheme -- /usr/sbin/dbverify + +------------------------------------------------------------------- +Tue Dec 9 15:41:21 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.5 +* Several bugs are fixed. + +------------------------------------------------------------------- +Tue Sep 9 09:50:20 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.3.0 +* First cut of 389-ds-base-1.3.3.x + +------------------------------------------------------------------- +Fri Aug 29 10:38:51 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.2.23 +* Various bugs were fixed + +- Highlights since 1.3.2.16: +* Important bugs including memory leaks and crash bugs were fixed + (1.3.2.17) +* Various bugs were fixed (1.3.2.18) +* Various bugs were fixed (1.3.2.19) +* A security bug was fixed (1.3.2.22) + +------------------------------------------------------------------- +Thu Mar 27 12:20:23 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.2.16 +* Directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind +* Create a normalized dn cache +* Replication retry time attributes cannot be added +* Empty control list causes LDAP protocol error is thrown (dup 47361) +* Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version +* Windows Sync group issues +* Size returned by slapi_entry_size is not accurate +* Single valued attribute replicated ADD does not work +* Environment variables are not passed when DS is started via service +* Propagate plugin precedence to all registered function types +* Unresolved external symbol references break loading of the ACL plugin +* Package issue in 389-ds-base + +- Fix unresolveable 'Requires:' +* perl(Mozilla:LDAP) -> perl(Mozilla::LDAP::API), perl(Mozilla::LDAP::Conn), + perl(Mozilla::LDAP::Entry), perl(Mozilla::LDAP::LDIF), perl(Mozilla::LDAP::Utils) +* cyrus-sasl-md5 -> cyrus-sasl-digestmd5 + +- Macros for dirsrv-snmp in pre/post/preun/postun + +------------------------------------------------------------------- +Mon Feb 17 08:59:04 UTC 2014 - aj@ajaissle.de + +- Update to new upstream release 1.3.2.11 +* Enhancement: ACL supports new keyword SELFDN as in " = + #SELFDN" to allow users to create entries assigned to + themselves. Also handling subtype in ACL is improved. +* A dozen of bugs are fixed including a crash bug and a deadlock. + +- Spec cleanup +* enable init scripts for openSUSE < 1220 (e.g. SLES) +* dirsrv.target.wants goes into unitdir +* Added a 389-ds-rpmlintrc + +- Added 389-ds-base-1.3.2.11_init_fhs.patch +* Make init scripts LSB conform + +------------------------------------------------------------------- +Fri Dec 27 02:28:55 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 1.3.2.10 +* Suffixes used in the memberof and referential integrity plug-ins + are now configurable. +* The hard-coded limit of 64 masters was removed. +* Enhancements: plug-in library path validation, replication + logging, changelog trimming interval, and referential integrity. + +------------------------------------------------------------------- +Fri Aug 2 10:05:12 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 1.3.1.5 +* Plug-in transaction support +* Normalized DN cache +* Configurable allowed SASL mechanisms +* SASL mapping improvements +* Configurable SASL buffer +* Replication retry settings +* Instance script improvements +* Access log analyzer improvements +* Performance improvements + +------------------------------------------------------------------- +Mon Mar 11 11:47:45 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 1.3.0.3 +* No NEWS file available; SCM changelog entries at + http://port389.org/wiki/Releases/1.3.0.2#New_features_.2F_Fixed_bugs_in_1.3.0 + +------------------------------------------------------------------- +Wed Sep 26 11:06:01 UTC 2012 - jengelh@inai.de + +- Update to new upstream release 1.2.11.15 +* This is a bugfix release to CLEANALLRUV, userpassword, + schema reloading and others. + +------------------------------------------------------------------- +Mon Sep 17 09:26:12 UTC 2012 - jengelh@inai.de + +- Initial package (version 1.2.11.12) for build.opensuse.org diff --git a/389-ds.spec b/389-ds.spec new file mode 100644 index 0000000..1ad5aa0 --- /dev/null +++ b/389-ds.spec @@ -0,0 +1,452 @@ +# +# spec file for package 389-ds +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define use_python python3 +%define skip_python2 1 +%{?!python_module:%define python_module() python-%{**} python3-%{**}} + +%define homedir %{_localstatedir}/lib/dirsrv +%define logdir %{_localstatedir}/log/dirsrv +%define lockdir %{_localstatedir}/lock/dirsrv +# User and group name that own the home directory +%define user_group dirsrv +%ifnarch s390x s390 ppc64 ppc64le +%global use_tcmalloc 1 +%else +%global use_tcmalloc 0 +%endif +%define svrcorelib libsvrcore0 + +Name: 389-ds +Version: 2.2.8~git37.fdb3bae +Release: 0 +Summary: 389 Directory Server +License: GPL-3.0-or-later AND MPL-2.0 +Group: Productivity/Networking/LDAP/Servers +URL: https://pagure.io/389-ds-base +Source: 389-ds-base-%{version}.tar.zst +Source1: extra-schema.tgz +Source2: LICENSE.openldap +Source3: vendor.tar.zst +Source4: supportutils-plugin-dirsrv.tar.zst +Source5: 70yast.ldif +Source9: %{name}-rpmlintrc +Source10: %{user_group}-user.conf +Source11: krbkdcbefore.conf +# 389-ds does not support i686 +ExcludeArch: %ix86 +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: cracklib-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: db-devel >= 4.5 +BuildRequires: doxygen +BuildRequires: fdupes +BuildRequires: gawk +BuildRequires: gcc-c++ +BuildRequires: gdb +BuildRequires: krb5-devel +BuildRequires: libcmocka-devel +BuildRequires: libevent-devel +BuildRequires: libjson-c-devel +BuildRequires: libtalloc-devel +BuildRequires: libtevent-devel +BuildRequires: libtool +BuildRequires: lmdb-devel +BuildRequires: procps +BuildRequires: sysuser-tools +# net-snmp-devel is needed to build the snmp ldap-agent +BuildRequires: net-snmp-devel >= 5.1.2 +BuildRequires: openldap2-devel +# Libressl is incompatible with our rust cryptographic needs. +BuildRequires: openssl-devel +# pam-devel is required by the pam passthru auth plug-in +BuildRequires: %use_python-argcomplete +BuildRequires: %use_python-argparse-manpage +BuildRequires: %use_python-devel +BuildRequires: %use_python-ldap >= 3 +BuildRequires: %use_python-pyasn1 +BuildRequires: %use_python-pyasn1-modules +BuildRequires: %use_python-python-dateutil +BuildRequires: %use_python-setuptools +BuildRequires: %use_python-six +BuildRequires: %use_python-cryptography +BuildRequires: pam-devel +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros +BuildRequires: zlib-devel +BuildRequires: zstd +BuildRequires: pkgconfig(icu-i18n) +BuildRequires: pkgconfig(icu-uc) +BuildRequires: pkgconfig(libcap) +BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libpcre2-8) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(nspr) +BuildRequires: pkgconfig(nss) +BuildRequires: pkgconfig(systemd) +%if %{use_tcmalloc} +BuildRequires: pkgconfig(libtcmalloc) +%endif +BuildRequires: cargo +BuildRequires: rsync +BuildRequires: rust +Requires: %{_sbindir}/service +Requires: acl +# This is a requirement as it's the only known "safe" method of +# plaintext password authentication to ldap, beside the use of +# ldaps. +Requires: cyrus-sasl-plain +Requires: db-utils +Requires: lib389 = %{version} +# Needed for creating the ccache and some GSSAPI steps in sasl +Requires: krb5 +%sysusers_requires +# 389-ds does not directly require gssapi, but it is needed for +# ldap gssapi auth, so we recommend it. +# This used to be a requirement, but it's actually optional. +Recommends: cyrus-sasl-gssapi + +Requires(post): fillup +Requires(post): permissions +Obsoletes: 389-ds-base < %{version}-%{release} +Provides: 389-ds-base = %{version}-%{release} +%{?systemd_ordering} + +%description +389 Directory Server is a full-featured LDAPv3 compliant server. In +addition to the standard LDAPv3 operations, it supports multi-master +replication, fully online configuration and administration, chaining, +virtual attributes, access control directives in the data, Virtual +List View, server-side sorting, SASL, TLS/SSL, and many other +features. (The server started out as Netscape Directory Server.) + +%package devel +Summary: Development files for the 389 Directory Server +License: GPL-3.0-or-later AND MPL-2.0 +Group: Development/Libraries/C and C++ +Provides: svrcore-devel = 4.1.4 +Obsoletes: svrcore-devel < 4.1.4 +Requires: %{name} = %{version} +Requires: %{svrcorelib} = %{version} +Requires: libevent-devel +Requires: openldap2-devel +Requires: pkgconfig +Requires: pkgconfig(nspr) +Requires: pkgconfig(nss) +Requires: pkgconfig(systemd) + +%description devel +389 Directory Server is a full-featured LDAPv3 compliant server. In +addition to the standard LDAPv3 operations, it supports multi-master +replication, fully online configuration and administration, chaining, +virtual attributes, access control directives in the data, Virtual +List View, server-side sorting, SASL, TLS/SSL, and many other +features. + +This package contains the development files for 389DS. + +%package snmp +Summary: SNMP Agent for 389 Directory Server +License: GPL-3.0-or-later AND MPL-2.0 +Group: System/Daemons +Requires: %{name} = %{version} + +Obsoletes: %{name} <= 1.3.6.2 + +%description snmp +SNMP Agent for the 389 Directory Server base package. + +%package -n lib389 +Summary: 389 Directory Server administration tools and library +License: GPL-3.0-or-later AND MPL-2.0 +Group: Development/Languages/Python +Requires: %{use_python}-argcomplete +Requires: %{use_python}-argparse-manpage +Requires: %{use_python}-distro +Requires: %{use_python}-ldap >= 3.0 +Requires: %{use_python}-pyasn1 +Requires: %{use_python}-pyasn1-modules +Requires: %{use_python}-python-dateutil +Requires: %{use_python}-python-slugify +Requires: %{use_python}-six +Requires: %{use_python}-cryptography +Requires: iproute2 +Requires: krb5-client +Requires: mozilla-nss-tools +# Tools like dscreate would call out to /usr/bin/openssl +Requires: openssl(cli) +# We recommend this here as a supplementary tool for ldap +# server interaction, but it's in no way required. +Recommends: openldap2-client +# These are recommended if you have selinux on your system +# to allow some supplementary automated interactions during +# setup, but it's not required. +Recommends: python3-selinux +Recommends: python3-policycoreutils + +Provides: python3-lib389 = %{version}-%{release} +Obsoletes: python-lib389 < %{version}-%{release} +Obsoletes: python3-lib389 < %{version}-%{release} + +%description -n lib389 +Python library for interacting with and administering 389 +Directory Server instances locally or remotely. + +%package -n %{svrcorelib} +Summary: Secure PIN handling using NSS crypto +License: MPL-2.0 +Group: System/Libraries + +%description -n %{svrcorelib} +svrcore provides applications with several ways to handle secure PIN storage +e.g. in an application that must be restarted, but needs the PIN to unlock +the private key and other crypto material, without user intervention. svrcore +uses the facilities provided by NSS. + +%prep +# Extract the 389-ds sources. +%setup -q -a 1 -n %{name}-base-%{version} + +# Extract the vendor.tar.gz. The -D -T here prevents removal of the sources +# from the previous setup step. +%setup -q -n %{name}-base-%{version} -D -T -a 3 +# When we update and revendor, we need to move the cargo.lock to the correct place. +cp Cargo.lock src/Cargo.lock +# Setup support utils +%setup -q -n %{name}-base-%{version} -D -T -a 4 + +# Debugging for if anything goes south. +lscpu +free -h +df -h + +%build +%sysusers_generate_pre %{SOURCE10} %{user_group} %{user_group}-user.conf +# Make sure python3 is used in shebangs +# FIX ME!! This should be fixed in the source code !!! +sed -r -i '1s|^#!\s*%{_bindir}.*python.*|#!%{_bindir}/%{use_python}|' ldap/admin/src/scripts/{*.py,ds-replcheck} src/lib389/cli/ds* + +# TODO: +# seems to have no effect --enable-perl \ +# warning that it might lead to instabilities --with-journald \ +touch docs/custom.css +autoreconf -fi +export CFLAGS="%{optflags}" # -std=gnu99" +%configure \ + %if 0%{?suse_version} >= 1330 + --enable-gcc-security \ + %endif + --enable-autobind \ + --enable-auto-dn-suffix \ + --with-openldap \ + --enable-cmocka \ + %if %{use_tcmalloc} + --enable-tcmalloc \ + %endif + --with-selinux \ + --enable-rust-offline \ + --disable-perl \ + --libexecdir=%{_prefix}/lib/dirsrv/ \ + --with-pythonexec="%{_bindir}/%{use_python}" \ + --with-systemd \ + --with-systemdgroupname=dirsrv.target \ + --with-systemdsystemunitdir="%{_unitdir}" \ + --with-systemdsystemconfdir="%{_sysconfdir}/systemd/system" \ + --with-tmpfiles-d="%{_sysconfdir}/tmpfiles.d" \ + --with-systemdgroupname=dirsrv.target \ + +export XCFLAGS="$CFLAGS" +make %{?_smp_mflags} +#make setup.py +pushd src/lib389 +%python3_build +popd + +%install +%make_install +pushd src/lib389 +%python3_install +mv %{buildroot}/usr/libexec/dirsrv/dscontainer %{buildroot}%{_prefix}/lib/dirsrv/ +rmdir %{buildroot}/usr/libexec/dirsrv/ +popd + +cp -r man/man3 %{buildroot}%{_mandir}/man3 + +install -D -d -m 0750 %{buildroot}%{homedir} +mkdir -p %{buildroot}%{logdir} +mkdir -p %{buildroot}%{homedir} +mkdir -p %{buildroot}%{lockdir} +mkdir -p %{buildroot}%{_sysusersdir} +mkdir -p %{buildroot}/usr/lib/supportconfig/plugins/ +mkdir -p %{buildroot}%{_unitdir}/dirsrv@.service.d/ + +#remove libtool archives and static libs +find %{buildroot} -type f -name "*.la" -delete -print + +# install extra schema files +cp -R extra-schema "%{buildroot}/%{_datadir}/dirsrv/" +cp %{SOURCE5} "%{buildroot}/%{_datadir}/dirsrv/schema/" + +# Install the support utils plugin. +cp supportutils-plugin-dirsrv*/dirsrv "%{buildroot}/usr/lib/supportconfig/plugins/dirsrv" + +# bring OpenLDAP copyright notice here because it is referenced by several extra schema files +cp %{SOURCE2} ./ + +rm -rv %{buildroot}/usr/share/cockpit/ +rm -rv %{buildroot}/usr/share/metainfo/389-console/ +mv src/svrcore/README{,.svrcore} +mv src/svrcore/LICENSE{,.svrcore} +install -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/ +install -m 0644 %{SOURCE11} %{buildroot}%{_unitdir}/dirsrv@.service.d/krbkdcbefore.conf + +# For the purposes of our krb integration, we enable this by default. +mv %{buildroot}%{_datadir}/dirsrv/data/60kerberos.ldif %{buildroot}%{_datadir}/dirsrv/schema/60kerberos.ldif + +# Sssshhh duplicate checker ... +%fdupes %{buildroot}/%{_prefix} + +%pre -f %{user_group}.pre +%service_add_pre dirsrv.target + +%post +%service_add_post dirsrv.target +%fillup_only -n dirsrv +%set_permissions %{_sbindir}/ns-slapd + +%verifyscript +%verify_permissions -e %{_sbindir}/ns-slapd + +%preun +%service_del_preun dirsrv.target + +%postun +%service_del_postun dirsrv.target +output=/dev/null +# reload to pick up any changes to systemd files +/bin/systemctl daemon-reload >$output 2>&1 || : +# reload to pick up any shared lib changes +%fillup_only -n dirsrv +%fillup_only -n dirsrv.systemd +exit 0 + +%pre snmp +%service_add_pre dirsrv-snmp.service + +%post snmp +%service_add_post dirsrv-snmp.service + +%preun snmp +%service_del_preun dirsrv-snmp.service + +%postun snmp +%service_del_postun dirsrv-snmp.service + +%post -n %{svrcorelib} -p /sbin/ldconfig + +%postun -n %{svrcorelib} -p /sbin/ldconfig + +%files +%doc README* +%license LICENSE LICENSE.openldap +%{_sysusersdir}/%{user_group}-user.conf +%dir %attr(-,%{user_group},%{user_group}) %{homedir} +%dir %attr(-,%{user_group},%{user_group}) %{logdir} +%config(noreplace) %{_sysconfdir}/dirsrv/config/* +%config(noreplace) %{_sysconfdir}/dirsrv/schema/* +%{_datadir}/dirsrv +%dir %{_libdir}/dirsrv +%dir %{_libdir}/dirsrv/* +%dir %{_sysconfdir}/dirsrv +%dir %{_sysconfdir}/dirsrv/config +%dir %{_sysconfdir}/dirsrv/schema +%{_libdir}/dirsrv/librewriters.so +%{_libdir}/dirsrv/plugins/*.so +%{_libdir}/dirsrv/python/*.py +%{_libdir}/dirsrv/*.so.* +%exclude %{_mandir}/man1/ldap-agent* +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man8/ns-slapd.8.gz +%{_mandir}/man8/openldap_to_ds.8.gz +%{_bindir}/* +# TODO: audit bug running https://bugzilla.opensuse.org/show_bug.cgi?id=1111564 +# This also needs a lot more work on the service file +#attr(750,root,dirsrv) #caps(CAP_NET_BIND_SERVICE=pe) #{_sbindir}/ns-slapd +%verify(not caps) %attr(755,root,root) %{_sbindir}/ns-slapd +%{_sbindir}/openldap_to_ds +%{_unitdir}/dirsrv@.service +%dir %{_unitdir}/dirsrv@.service.d +%{_unitdir}/dirsrv@.service.d/krbkdcbefore.conf +%{_unitdir}/dirsrv.target +%exclude %{_unitdir}/dirsrv@.service.d/custom.conf +%{_prefix}/lib/dirsrv/ds_systemd_ask_password_acl +%{_prefix}/lib/dirsrv/ds_selinux_restorecon.sh +# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but +# sysctl.d is always in /lib. +%{_prefix}/lib/sysctl.d/* +%dir %{_datadir}/gdb/auto-load/usr/sbin/ +%{_datadir}/gdb/auto-load/usr/sbin/ns-slapd-gdb.py +%dir %{_prefix}/lib/supportconfig +%dir %{_prefix}/lib/supportconfig/plugins +%attr(750,root,root) %{_prefix}/lib/supportconfig/plugins/dirsrv + +%files devel +%doc README* +%doc src/svrcore/README.svrcore +%license LICENSE +%license src/svrcore/LICENSE.svrcore +%{_mandir}/man3/* +%{_includedir}/dirsrv +%{_includedir}/svrcore.h +%{_libdir}/libsvrcore.so +%{_libdir}/dirsrv/libslapd.so +%{_libdir}/dirsrv/libns-dshttpd.so +%{_libdir}/dirsrv/libldaputil.so +%{_libdir}/pkgconfig/dirsrv.pc +%{_libdir}/pkgconfig/svrcore.pc + +%files -n %{svrcorelib} +%license src/svrcore/LICENSE* +%{_libdir}/libsvrcore.so.* + +%files snmp +%license LICENSE LICENSE.GPLv3+ LICENSE.openssl +# TODO: README.devel +%config(noreplace)%{_sysconfdir}/dirsrv/config/ldap-agent.conf +%{_sbindir}/ldap-agent* +%{_mandir}/man1/ldap-agent.1* +%{_unitdir}/dirsrv-snmp.service + +%files -n lib389 +%license src/lib389/LICENSE +%doc src/lib389/README* +%{_sbindir}/dsconf +%{_sbindir}/dscreate +%{_sbindir}/dsctl +%{_sbindir}/dsidm +%dir %{_prefix}/lib/dirsrv/ +%{_prefix}/lib/dirsrv/dscontainer +%{_mandir}/man8/dsconf.8.gz +%{_mandir}/man8/dscreate.8.gz +%{_mandir}/man8/dsctl.8.gz +%{_mandir}/man8/dsidm.8.gz +%{python3_sitelib}/lib389* + +%changelog diff --git a/70yast.ldif b/70yast.ldif new file mode 100644 index 0000000..0b651dd --- /dev/null +++ b/70yast.ldif @@ -0,0 +1,628 @@ +dn: cn=schema +objectClass: top +objectClass: ldapSubentry +objectClass: subschema +cn: schema +attributeTypes: ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgno + reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 253 + 5' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.52 NAME 'dhcpFailOverSplit' DESC ' + Split between the primary and secondary servers for fail over purpose' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' + ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3 + 755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1 + .3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' DES + C 'This is the actual hostname that was assigned to a client. It may not be t + he name that was requested by the client. The fully qualified domain name ca + n be determined by appending the value of "dhcpDomainName" (with a dot separa + tor) to this name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'The + distinguished name(s) of a class(es) in a subclass.' EQUALITY distinguishedNa + meMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The start + ing & ending IP Addresses in the range (inclusive), separated by a hyphen; if + the range only contains one address, then just the address can be specified + with no hyphen. Each range is defined as a separate value.' EQUALITY caseIgn + oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( suseDefaultTemplate-oid NAME 'suseDefaultTemplate' DESC 'The + DN of a template that should be used by default' EQUALITY distinguishedNameM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined + ' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host infor + mation, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DESC + 'This is the time the current lease for an address expires.' EQUALITY general + izedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN 'use + r defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' DESC 'The + starting labels of a domain name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno + reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defi + ned' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to li + ve - how long this record can be cached by caching DNS servers' EQUALITY inte + gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user def + ined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointState + ' DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protoco + l [FAILOVR]' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.55 NAME 'dhcpServerDN' DESC 'List + of all DHCP Servers in the tree. Used by dhcpLocatorObject' EQUALITY disting + uishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' + ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry tim + e in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming Aut + hority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Sub + stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC 'The D + N of the dhcpServer which is the primary server for the configuration.' EQUAL + ITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE + X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.40 NAME 'dhcpLocatorDN' DESC 'The + DN of dhcpLocator object which contain the DNs of all DHCP configuration obje + cts. There will be a single dhcpLocator object in the tree with links to all + the DHCP objects in the tree' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Da + ta Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5S + ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'This + indicates whether the address was assigned via BOOTP.' EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fi + ngerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBSTR ca + seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'use + r defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DESC + 'If the client request was received via a relay agent, this contains informat + ion about the relay agent that was available from the DHCP request. This is + a hex-encoded option value.' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( suseNamingAttribute-oid NAME 'suseNamingAttribute' DESC 'Att + ributeType that should be used as the RDN' EQUALITY caseIgnoreIA5Match SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The dis + tinguished name(s) of pools.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS MX + record preference. Lower numbers have higher preference' EQUALITY integerMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' + ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The d + istinguished name(s) of the dhcpOption objects containing the configuration o + ptions provided by the server.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6. + 1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.48 NAME 'dhcpFailOverPrimaryPort' + DESC 'Port on which primary server listens for connections from its fail over + peer (secondary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( suseDefaultValue-oid NAME 'suseDefaultValue' DESC 'an Attrib + ute-Value-Assertions to define defaults for specific Attributes' EQUALITY cas + eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( suseSkelDir-oid NAME 'suseSkelDir' EQUALITY caseExactIA5Mat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( suseImapServer-oid NAME 'suseImapServer' EQUALITY caseIgnor + eMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defin + ed' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'The + DN of dhcpService object(s)which contain the configuration information. Each + dhcpServer object has this attribute identifying the DHCP configuration(s) th + at the server is associated with.' EQUALITY distinguishedNameMatch SYNTAX 1.3 + .6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.50 NAME 'dhcpFailOverResponseDelay + ' DESC 'Maximum response time in seconds, before Server assumes that connecti + on to fail over peer has failed' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParamet + er' DESC 'Delay in seconds corresponding to Delayed Service Parameter configu + ration, as defined in DHC Load Balancing Algorithm [RFC 3074]. ' EQUALITY in + tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user d + efined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The di + stinguished name of a client address.' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY case + IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The sub + net mask length for the subnet. The mask can be easily computed from this le + ngth.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALU + E X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.43 NAME 'dhcpDnsZoneServer' DESC ' + Master server of the DNS Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( suseNextUniqueId-oid NAME 'suseNextUniqueId' DESC 'Next unus + ed unique ID, can be used to generate directory wide uniqe IDs' EQUALITY inte + gerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 S + INGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DESC + 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' EQU + ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X- + ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.58 NAME 'dhcpRange6' DESC 'The sta + rting & ending IP Addresses in the range (inclusive), separated by a hyphen; + if the range only contains one address, then just the address can be specifie + d with no hyphen. Each range is defined as a separate value.' EQUALITY caseI + gnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a + resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( suseImapUseSsl-oid NAME 'suseImapUseSsl' EQUALITY booleanMa + tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' + ) +attributeTypes: ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIgn + oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DE + SC 'This is the hostname that was requested by the client.' EQUALITY caseIgno + reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user d + efined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certificate + , RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Flex + ible storage for specific data depending on what object this exists in. Like + conditional statements, server parameters, etc. This allows the standard to e + volve without needing to adjust the schema.' EQUALITY caseIgnoreIA5Match SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.46 NAME 'dhcpFailOverPrimaryServer + ' DESC 'IP address or DNS name of the server playing primary role in DHC Load + Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146 + 6.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( suseImapDefaultQuota-oid NAME 'suseImapDefaultQuota' EQUALI + TY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'u + ser defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' DES + C 'This is the time of the last state change for a leased address.' EQUALITY + generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIG + IN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, R + FC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.53 NAME 'dhcpFailOverLoadBalanceTi + me' DESC 'Cutoff time in seconds, after which load balance is disabled' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' + ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, RFC + 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DE + SC 'The distinguished name of a "dhcpClient" that an address is reserved for. + This may not be the same as the "dhcpAssignedToClient" attribute if the add + ress is being reassigned but the current lease has not yet expired.' EQUALITY + distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-O + RIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' S + UP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3. + 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'T + he distinguished name(s) of subclass(es).' EQUALITY distinguishedNameMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RF + C 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name + pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire t + ime in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SI + NGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone n + ame - domain name not including host name' SUP name EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE- + VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' DESC 'The name of a + zone, i.e. the name of the highest node in the zone' EQUALITY caseIgnoreIA5Ma + tch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC 'Gener + ic error log attribute that allows logging error conditions within a dhcpServ + ice or a dhcpSubnet, like no IP addresses available for lease.' EQUALITY case + IgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'us + er defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.56 NAME 'dhcpComments' DESC 'Gener + ic attribute that allows coments within any DHCP object' EQUALITY caseIgnore + IA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user def + ined' ) +attributeTypes: ( susePasswordHash-oid NAME 'susePasswordHash' DESC 'Hash meth + od to use for new users' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466. + 115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Si + gner, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'The + clients hardware address that requested this IP address.' EQUALITY caseIgnore + IA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user def + ined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.41 NAME 'dhcpKeyAlgorithm' DESC 'A + lgorithm to generate TSIG Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP address + - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon nota + tion xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Match SYNT + AX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'Thi + s is the name of the domain sent to the client by the server. It is essentia + lly the same as the value for DHCP option 15 sent to the client, and represen + ts only the domain - not the full FQDN. To obtain the full FQDN assigned to + the client you must prepend the "dhcpAssignedHostName" to this value with a " + .".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE- + VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Termin + al DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgn + oreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user def + ined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minimum + time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host porti + on of a domain name' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubst + ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user d + efined' ) +attributeTypes: ( susePlugin-oid NAME 'susePlugin' DESC 'plugin to use upon us + er/ group creation' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. + 1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The di + stinguished name(s) of the groups.' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Encod + ed text string or list of bytes expressed in hexadecimal, separated by colons + . Clients match subclasses based on matching the class data with the results + of match or spawn with statements in the class name declarations.' EQUALITY + caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN + 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.49 NAME 'dhcpFailOverSecondaryPort + ' DESC 'Port on which secondary server listens for connections from its fail + over peer (primary server)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115 + .121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( suseMaxPasswordLength-oid NAME 'suseMaxPasswordLength' DESC + 'maximum Password length for new users' EQUALITY integerMatch ORDERING intege + rOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'us + er defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.44 NAME 'dhcpKeyDN' DESC 'The DNs + of TSIG Key to use in secure dynamic updates. In case of locator object, this + will be list of TSIG keys. In case of DHCP Service, Shared Network, Subnet + and DNS Zone, it will be a single key.' EQUALITY distinguishedNameMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( suseMaxUniqueId-oid NAME 'suseMaxUniqueId' DESC 'upper Borde + r for Unique IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIgn + oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.51 NAME 'dhcpFailOverUnackedUpdate + s' DESC 'Number of BNDUPD messages that server can send before it receives BN + DACK from its fail over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1 + 15.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primary + name server for this zone - should be host name not IP address' SUP name EQUA + LITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466 + .115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DE + SC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Fai + lover Protocol [FAILOVR]' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The d + istinguished name(s) client addresses.' EQUALITY distinguishedNameMatch SYNTA + X 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseIg + noreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( suseSearchFilter-oid NAME 'suseSearchFilter' DESC 'Search fi + lter to localize Objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X + -ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'This + attribute contains the permit lists associated with a pool. Each permit list + is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the r + esource record' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings + Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user define + d' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'T + his stores information about the current binding-status of an address. For d + ynamic addresses managed by DHCP, the values should be restricted to the foll + owing: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP + ". For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESER + VED" (an address that is managed by DHCP that is reserved for a specific clie + nt), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), " + ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTA + SSIGNABLE".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denot + ing time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + X-ORIGIN 'user defined' ) +attributeTypes: ( suseDefaultBase-oid NAME 'suseDefaultBase' DESC 'Base DN whe + re new Objects should be created by default' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIgn + oreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.54 NAME 'dhcpFailOverPeerDN' DESC + 'The DNs of Fail over peers. In case of locator object, this will be list of + fail over peers in the tree. In case of Subnet and pool, it will be a single + Fail Over Peer' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.1 + 21.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or + mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno + reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defi + ned' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchange + Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substri + ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mail + address of person responsible for this zone - @ should be replaced with . (pe + riod)' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN + TAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'The + DN of dhcpServer(s) which provide backup service for the configuration.' EQU + ALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'u + ser defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.47 NAME 'dhcpFailOverSecondaryServ + er' DESC 'IP address or DNS name of the server playing secondary role in DHC + Load Balancing and Fail over.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1 + .1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime' + DESC 'This is the last time a valid DHCP packet was received from the client. + ' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V + ALUE X-ORIGIN 'user defined' ) +attributeTypes: ( suseMapAttribute-oid NAME 'suseMapAttribute' EQUALITY caseI + gnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record typ + e - A, SOA, NS, MX, etc...' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgno + reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN + 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' DES + C 'This is the distinguished name of a "dhcpClient" that an address is curren + tly assigned to. This attribute is only present in the class when the addres + s is leased.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the dis + tinguished name(s) of the dhcpHost objects.' EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 addres + s, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service loca + tion, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( suseImapAdmin-oid NAME 'suseImapAdmin' EQUALITY caseIgnoreM + atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined + ' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DESC + 'The distinguished name(s) of sharedNetworks.' EQUALITY distinguishedNameMat + ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.57 NAME 'dhcpClientId' DESC 'clien + t Identifier.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. + 26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.99 NAME 'sPFRecord' DESC 'Sender Polic + y Framework, RFC 4408' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr + ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignment' + DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Lo + ad Balancing Algorithm [RFC 3074].' EQUALITY octetStringMatch SYNTAX 1.3.6.1. + 4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record s + erial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING + LE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encoded + option values to be sent to clients. Each value represents a single option a + nd contains (OptionTag, Length, OptionValue) encoded in the format used by DH + CP.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGI + N 'user defined' ) +attributeTypes: ( suseSecondaryGroup-oid NAME 'suseSecondaryGroup' DESC 'secon + day group DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.42 NAME 'dhcpKeySecret' DESC 'Secr + et to generate TSIG Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.11 + 5.121.1.40 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The ve + rsion attribute of this object.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 + .1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record Typ + e, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The d + istinguished name(s) of the subnets.' EQUALITY distinguishedNameMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( suseMinPasswordLength-oid NAME 'suseMinPasswordLength' DESC + 'minimum Password length for new users' EQUALITY integerMatch ORDERING intege + rOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'us + er defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text string, + RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SY + NTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique ID + for each DLZ resource record' SUP name EQUALITY caseIgnoreMatch SUBSTR caseI + gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIG + IN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'This + indicates the status of updating DNS resource records on behalf of the clien + t by the DHCP server for this address. The value is a 16-bit bitmask.' EQUAL + ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN ' + user defined' ) +attributeTypes: ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-existant + , RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S + YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'user defined' ) +attributeTypes: ( 2.16.840.1.113719.1.203.4.45 NAME 'dhcpZoneDN' DESC 'The DNs + of DNS Zone. In case of locator object, this will be list of DNS Zones in th + e tree. In case of DHCP Service, Shared Network and Subnet, it will be a sing + le DNS Zone.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121 + .1.12 X-ORIGIN 'user defined' ) +attributeTypes: ( suseMinUniqueId-oid NAME 'suseMinUniqueId' DESC 'lower Borde + r for Unique IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX + 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +attributeTypes: ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA record + refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 + 1.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) +objectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain STRUCT + URAL MAY ( aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord + ) X-ORIGIN 'user defined' ) +objectClasses: ( suseModuleConfiguration-oid NAME 'suseModuleConfiguration' DE + SC 'Contains configuration of Management Modules' SUP top STRUCTURAL MUST cn + MAY suseDefaultBase X-ORIGIN 'user defined' ) +objectClasses: ( suseUserConfiguration-oid NAME 'suseUserConfiguration' DESC ' + Configuration of user management tools' SUP suseModuleConfiguration STRUCTURA + L MAY ( suseMinPasswordLength $ suseMaxPasswordLength $ susePasswordHash $ su + seSkelDir $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaul + tTemplate $ suseSearchFilter $ suseMapAttribute ) X-ORIGIN 'user defined' ) +objectClasses: ( suseObjectTemplate-oid NAME 'suseObjectTemplate' DESC 'Base C + lass for Object-Templates' SUP top STRUCTURAL MUST cn MAY ( susePlugin $ suse + DefaultValue $ suseNamingAttribute ) X-ORIGIN 'user defined' ) +objectClasses: ( suseUserTemplate-oid NAME 'suseUserTemplate' DESC 'User objec + t template' SUP suseObjectTemplate STRUCTURAL MAY suseSecondaryGroup X-ORIGIN + 'user defined' ) +objectClasses: ( suseGroupTemplate-oid NAME 'suseGroupTemplate' DESC 'Group ob + ject template' SUP suseObjectTemplate STRUCTURAL X-ORIGIN 'user defined' ) +objectClasses: ( suseGroupConfiguration-oid NAME 'suseGroupConfiguration' DESC + 'Configuration of user management tools' SUP suseModuleConfiguration STRUCTU + RAL MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultT + emplate $ suseSearchFilter $ suseMapAttribute ) X-ORIGIN 'user defined' ) +objectClasses: ( suseCaConfiguration-oid NAME 'suseCaConfiguration' DESC 'Conf + iguration of CA management tools' SUP suseModuleConfiguration STRUCTURAL X-OR + IGIN 'user defined' ) +objectClasses: ( suseDnsConfiguration-oid NAME 'suseDnsConfiguration' DESC 'Co + nfiguration of mail server management tools' SUP suseModuleConfiguration STRU + CTURAL X-ORIGIN 'user defined' ) +objectClasses: ( suseDhcpConfiguration-oid NAME 'suseDhcpConfiguration' DESC ' + Configuration of DHCP server management tools' SUP suseModuleConfiguration ST + RUCTURAL X-ORIGIN 'user defined' ) +objectClasses: ( suseMailConfiguration-oid NAME 'suseMailConfiguration' DESC ' + Configuration of IMAP user management tools' SUP suseModuleConfiguration STRU + CTURAL MUST ( suseImapServer $ suseImapAdmin $ suseImapDefaultQuota $ suseIma + pUseSsl ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC 'Service + object that represents the actual DHCP Service configuration. This is a conta + iner object.' SUP top STRUCTURAL MUST cn MAY ( dhcpPrimaryDN $ dhcpSecondaryD + N $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHos + tDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPe + erDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DESC 'Th + is stores configuration information for a shared network.' SUP top STRUCTURAL + MUST cn MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpS + tatements $ dhcpComments $ dhcpOption ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'This clas + s defines a subnet. This is a container object.' SUP top STRUCTURAL MUST ( cn + $ dhcpNetMask ) MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dh + cpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFai + lOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-ORIGIN 'user def + ined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This stores + configuration information about a pool.' SUP top STRUCTURAL MUST ( cn $ dhcp + Range ) MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ + dhcpZoneDN $ dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-ORIG + IN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Group obje + ct that lists host DNs and parameters. This is a container object.' SUP top S + TRUCTURAL MUST cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpCom + ments $ dhcpOption ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This repres + ents information about a particular client' SUP top STRUCTURAL MUST cn MAY ( + dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ + dhcpOption $ dhcpClientId ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Represents + information about a collection of related clients.' SUP top STRUCTURAL MUST + cn MAY ( dhcpSubclassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ d + hcpOption ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'Represe + nts information about a collection of related classes.' SUP top STRUCTURAL MU + ST cn MAY ( dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ d + hcpOption ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Represen + ts information about a collection of options defined.' SUP top AUXILIARY MUST + cn MAY ( dhcpOption $ dhcpComments ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'This cla + ss represents an IP Address, which may or may not have been leased.' SUP top + STRUCTURAL MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $ dhcpStar + tTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhc + pDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForCl + ient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress ) X-ORIGIN ' + user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This is the + object that holds past information about the IP address. The cn is the time/ + date stamp when the address was assigned or released, the address state at th + e time, if the address was assigned or released.' SUP top STRUCTURAL MUST cn + MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLast + TransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpReques + tedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToCl + ient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog ) X-ORIGIN 'user def + ined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'DHCP Ser + ver Object' SUP top STRUCTURAL MUST cn MAY ( dhcpServiceDN $ dhcpLocatorDN $ + dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServ + iceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatem + ents $ dhcpComments $ dhcpOption ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.13 NAME 'dhcpTSigKey' DESC 'TSIG ke + y for secure dynamic updates' SUP top STRUCTURAL MUST ( cn $ dhcpKeyAlgorithm + $ dhcpKeySecret ) MAY dhcpComments X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.14 NAME 'dhcpDnsZone' DESC 'DNS Zon + e for updating leases' SUP top STRUCTURAL MUST ( cn $ dhcpDnsZoneServer ) MAY + ( dhcpKeyDN $ dhcpComments ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.15 NAME 'dhcpFailOverPeer' DESC 'Th + is class defines the Fail over peer' SUP top STRUCTURAL MUST ( cn $ dhcpFailO + verPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailOverPrimaryPort $ dh + cpFailOverSecondaryPort ) MAY ( dhcpFailOverResponseDelay $ dhcpFailOverUnack + edUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignm + ent $ dhcpFailOverLoadBalanceTime $ dhcpComments ) X-ORIGIN 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.16 NAME 'dhcpLocator' DESC 'Locator + object for DHCP configuration in the tree. There will be a single dhcpLocato + r object in the tree with links to all the DHCP objects in the tree' SUP top + STRUCTURAL MUST cn MAY ( dhcpServiceDN $ dhcpServerDN $ dhcpSharedNetworkDN $ + dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpK + eyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments ) X-ORIGIN + 'user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.17 NAME 'dhcpSubnet6' DESC 'This cl + ass defines an IPv6 subnet. This is a container object.' SUP top STRUCTURAL M + UST cn MAY ( dhcpRange6 $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClasses + DN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeer + DN $ dhcpStatements $ dhcpComments $ dhcpOption $ dhcpPermitList ) X-ORIGIN ' + user defined' ) +objectClasses: ( 2.16.840.1.113719.1.203.6.18 NAME 'dhcpPool6' DESC 'This stor + es configuration information about an IPv6 pool.' SUP top STRUCTURAL MUST ( c + n $ dhcpRange6 ) MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOp + tionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption + ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.10 NAME 'dlzZone' DESC 'Zone name porti + on of a domain name' SUP top STRUCTURAL MUST dlzZoneName X-ORIGIN 'user defin + ed' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.20 NAME 'dlzHost' DESC 'Host name porti + on of a domain name' SUP top STRUCTURAL MUST dlzHostName X-ORIGIN 'user defin + ed' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.30 NAME 'dlzAbstractRecord' DESC 'Data + common to all DNS record types' SUP top ABSTRACT MUST ( dlzRecordID $ dlzHost + Name $ dlzType $ dlzTTL ) X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.40 NAME 'dlzGenericRecord' DESC 'Generi + c DNS record - useful when a specific object class has not been defined for a + DNS record' SUP dlzAbstractRecord STRUCTURAL MUST dlzData X-ORIGIN 'user def + ined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.50 NAME 'dlzARecord' DESC 'DNS A record + ' SUP dlzAbstractrecord STRUCTURAL MUST dlzIPAddr X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.60 NAME 'dlzNSRecord' DESC 'DNS NS reco + rd' SUP dlzGenericRecord STRUCTURAL X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.70 NAME 'dlzMXRecord' DESC 'DNS MX reco + rd' SUP dlzGenericRecord STRUCTURAL MUST dlzPreference X-ORIGIN 'user defined + ' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.80 NAME 'dlzSOARecord' DESC 'DNS SOA re + cord' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzSerial $ dlzRefresh $ dlzRet + ry $ dlzExpire $ dlzMinimum $ dlzAdminEmail $ dlzPrimaryNS ) X-ORIGIN 'user d + efined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.90 NAME 'dlzTextRecord' DESC 'Text data + with spaces should be wrapped in double quotes' SUP dlzGenericRecord STRUCTU + RAL X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.100 NAME 'dlzPTRRecord' DESC 'DNS PTR r + ecord' SUP dlzGenericRecord STRUCTURAL X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.110 NAME 'dlzCNameRecord' DESC 'DNS CNa + me record' SUP dlzGenericRecord STRUCTURAL X-ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.18420.1.2.120 NAME 'dlzXFR' DESC 'Host allowed to + perform zone transfer' SUP top STRUCTURAL MUST ( dlzRecordID $ dlzIPAddr ) X + -ORIGIN 'user defined' ) +objectClasses: ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL MUST + ( zoneName $ relativeDomainName ) MAY ( dNSTTL $ dNSClass $ aRecord $ mDRecor + d $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ pTRRecord $ hInfoRecord $ + mInfoRecord $ tXTRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ aAAARecord $ + LocRecord $ nXTRecord $ sRVRecord $ nAPTRRecord $ kXRecord $ certRecord $ a6 + Record $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ sP + FRecord ) X-ORIGIN 'user defined' ) diff --git a/LICENSE.openldap b/LICENSE.openldap new file mode 100644 index 0000000..05ad757 --- /dev/null +++ b/LICENSE.openldap @@ -0,0 +1,47 @@ +The OpenLDAP Public License + Version 2.8, 17 August 2003 + +Redistribution and use of this software and associated documentation +("Software"), with or without modification, are permitted provided +that the following conditions are met: + +1. Redistributions in source form must retain copyright statements + and notices, + +2. Redistributions in binary form must reproduce applicable copyright + statements and notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution, and + +3. Redistributions must contain a verbatim copy of this document. + +The OpenLDAP Foundation may revise this license from time to time. +Each revision is distinguished by a version number. You may use +this Software under terms of this license revision or under the +terms of any subsequent revision of the license. + +THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS +CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT +SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) +OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +The names of the authors and copyright holders must not be used in +advertising or otherwise to promote the sale, use or other dealing +in this Software without specific, written prior permission. Title +to copyright in this Software shall at all times remain with copyright +holders. + +OpenLDAP is a registered trademark of the OpenLDAP Foundation. + +Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, +California, USA. All Rights Reserved. Permission to copy and +distribute verbatim copies of this document is granted. diff --git a/_service b/_service new file mode 100644 index 0000000..a0970f1 --- /dev/null +++ b/_service @@ -0,0 +1,44 @@ + + + https://github.com/389ds/389-ds-base.git + @PARENT_TAG@~git@TAG_OFFSET@.%h + git + 389-ds-base-2.2 + 389-ds-base-(.*) + \1 + enable + william.brown@suse.com + + + + *.tar + zst + + + + 389-ds-base + zst + true + + + 389-ds-base + + + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..3217356 --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/389ds/389-ds-base.git + fdb3bae34b979bb9d345cf250bae1f0343e47c2a \ No newline at end of file diff --git a/dirsrv-user.conf b/dirsrv-user.conf new file mode 100644 index 0000000..be6c242 --- /dev/null +++ b/dirsrv-user.conf @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g dirsrv - - +u dirsrv - "User for 389 directory server" /var/lib/dirsrv /sbin/nologin diff --git a/extra-schema.tgz b/extra-schema.tgz new file mode 100644 index 0000000..3f990b1 --- /dev/null +++ b/extra-schema.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b5c407bc55bff257b2a1a65e2cb188a2e1c97aa9ed43158d87e1afb0f1fb0b39 +size 5151 diff --git a/krbkdcbefore.conf b/krbkdcbefore.conf new file mode 100644 index 0000000..e3a2047 --- /dev/null +++ b/krbkdcbefore.conf @@ -0,0 +1,7 @@ +[Unit] +Before=radiusd.service kadmind.service krb5kdc.service + +# Kpropd is the kerberos internal replication system. you do NOT need this +# with 389-ds at the same time. +# Conflicts=kpropd.service + diff --git a/supportutils-plugin-dirsrv.tar.zst b/supportutils-plugin-dirsrv.tar.zst new file mode 100644 index 0000000..6bf8741 --- /dev/null +++ b/supportutils-plugin-dirsrv.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7a63680a033d6b713bd5f08b6692c9f2050bb895b6b27456d6344612d5eb4749 +size 10641 diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..1670113 --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9c9da45e94954da76fc9c24b4316bac8c454771a11bd8cb6b1143c7743638044 +size 14670275