Friday July 20, 2007

Configuring OpenDS with dsconfig

OpenDS 1.0.0-build002 is now available

• Revision 2382 (Issue #1897) -- Update the verify-index and rebuild-index utilities to include a "--countErrors" option that can be used to return a non-zero exit code if any errors are encountered.
  
  
• Revision 2391 (Issue #1771) -- Update the entry cache implementations to ensure that they flush all entries from a backend whenever it is taken offline.
  
  
• Revision 2405 (Issue #1988) -- Implement a monitor provider that can be used to publish information about the client connections that are currently established.
  
  
• Revision 2422 (Issue #1953) -- Update the Berkeley DB JE backend so that if a problem occurs in the database that causes a RunRecoveryException to be thrown, the server will provide notification in the form of administrative alerts.
  
  
• Revision 2424 (Issue #339) -- Implement support for password history functionality. The password history can be maintained either based on the number of previous passwords, or the length of time the previous passwords have been retained, or both.
  
  
• Revision 2428 (Issue #1603) -- Make updates to the way that the server attempts to register the Windows service on Windows Vista.
  
  
• Revision 2430 -- When running the QuickSetup installer, if there are no backends found to replicate then disable the "Replicate Suffix" option and automatically select the "Create New Suffix" option.
  
  
• Revision 2437 (Issue #90) -- Update the server to provide more complete support for the password policy control as defined in draft-behera-ldap-password-policy.
  
  
• Revision 2438 -- Update the graphical tools to use the term "Base DN" instead of "Suffix".
  
  
• Revision 2439 -- Update the server so that the set of alert handlers are configurable rather than always using a hard-coded JMX alert handler.
  
  
• Revision 2441 -- Expose the dsconfig tool in the Directory Server build.
  
  

Friday July 13, 2007

OpenDS 1.0.0-build001 is now available

• Revision 2238 -- Perform a refactoring of much of the core server to provide the framework that will be needed to support, proxy, distribution, and virtual functionality.
  
  
• Revision 2254 -- Display an "Open" dialog box rather than a "Save" dialog when prompting the user to select the desired directory in the QuickSetup tool.
  
  
• Revision 2255 (Issue #1812) -- Fix a problem in which the server could become blocked if it was configured for replication but none of the replication servers were available.
  
  
• Revision 2257 (Issues #1325, 1850, 1863) -- Provide the ability to create a basic replication environment at install time using the QuickSetup utility. Provide the ability to cancel an installation process midway through, even after potentially making changes to remote servers. Provide better support for merging the QuickSetup and QuickUpgrade functionality into a single tool.
  
  
• Revision 2259 (Issue #577) -- Update the server so that it uses a non-success result for operations that include the LDAP no-op control. This control isn't completely standardized and there is no official result code reserved for it, but we have decided to use the same result code that OpenLDAP uses (result code 16654) until an official result code is assigned.
  
  
• Revision 2260 (Issue #1476) -- Update the SASL ANONYMOUS mechanism handler so that any trace string provided in the client credentials will be included in the access log.
  
  
• Revision 2262 (Issues #1565, 1848) -- Update the LDAP filter processing code so that decoding string filters will be more strict and more correct. This will catch filters that were invalid but previously not rejected.
  
  
• Revision 2263 (Issue #1879) -- Fix potential null pointer exceptions in the replication code finalization on systems with poorly-configured name resolution.
  
  
• Revision 2264 (Issue #670) -- Update the support for access control rules based on the client's IP address to handle IPv6 addresses.
  
  
• Revision 2267 (Issue #1856) -- Use more correct and robust argument parsing for the status utility.
  
  
• Revision 2268 (Issues #1874, 1875) -- Provide better error handling in the replication domain initialization process.
  
  
• Revision 2269 (Issue #1473) -- Fix a problem with inconsistent format checking for the targattrfilters ACI keyword.
  
  
• Revision 2272 (Issue #1876) -- Implement a change in replication that can help improve performance in the case where the flush to the replication server database is a bottleneck.
  
  
• Revision 2274 (Issues #1423, 1839, 1871) -- Eliminate the ConfigurableComponent interface, as it has been replaced by the ConfigurationChangeListener interface and is no longer needed.
  
  
• Revision 2276 (Issue #1836) -- Update the import-ldif utility so that it includes a new "--countRejects" option that can be used to count the number of rejected entries. That value will be used as the exit code, and can be used in scripts to determine if there were any failures during the import.
  
  
• Revision 2277 (Issue #1883) -- Update all of the command-line utilities to ensure that the exit code should always be between 0 and 255. Any value that would have been outside that range will be changed to 255.
  
  
• Revision 2278 (Issues #704, 705, 706, 918, 1901) -- Fix a number of issues related to search filter processing.
  
  
• Revision 2279 (Issue #631) -- Update the password modify extended operation so that it properly sets password policy state attributes that were not previously updated, including last login time if the user provides the current password and it is correct, or the auth failure times if the user provides an incorrect password.
  
  
• Revision 2280 (Issue #1898) -- Fix a potential problem when encountering replication conflicts for an entry that has been deleted.
  
  
• Revision 2282 (Issue #1789) -- Use a more appropriate result code when interacting with the filesystem entry cache if there is a problem with its configuration.
  
  
• Revision 2285 (Issue #1872) -- Use valid OIDs for the historical CSN ordering matching rule and the associated attribute syntax.
  
  
• Revision 2287 (Issue #1632) -- Skip schema checking for replicated operations.
  
  
• Revision 2289 (Issue #874) -- Fix a problem in which the ldifsearch utility always returned the object class attribute even if it should not have been included in the results.
  
  
• Revision 2303 (Issue #1474) -- Use a more user-friendly message for the case in which an LDAP client loses a connection to the Directory Server.
  
  
• Revision 2305 (Issue #1906) -- Update the server to reject requests from LDAPv2 clients if those requests contain controls. Previously, the server would only strip out response controls, but this had the potential to hide problems, and the new behavior is more consistent with that exhibited by DSEE.
  
  
• Revision 2306 (Issue #1907) -- Update the way that the server handles search requests with the virtual list view control to be more forgiving with target ranges that are out of the bounds of the actual result set.
  
  
• Revision 2307 (Issue #1908) -- Update the default access logger so that it will include an attrs="ALL" element in the case that the client did not request any specific attributes to return for a search operation.
  
  
• Revision 2313 (Issue #1403) -- Update the file-based trust manager provider so that it will reject certificates that are expired or not yet valid.
  
  
• Revision 2314 (Issue #1909) -- Update the LDIF reader so that it has the ability to perform syntax validation as well as schema checking. It will honor the ds-cfg-invalid-attribute-syntax-behavior configuration option.
  
  
• Revision 2315 (Issue #1911) -- Update the MakeLDIF tool so that the "random:telephone" tag will generate telephone numbers that include the country code so that they are more compliant with the ITU-T E.123 specification.
  
  
• Revision 2316 (Issue #1231, 1234) -- Update the LDAP and JMX connection handlers so that they attempt to bind a server socket to the configured port for all appropriate addresses during the initialization phase. This should provide a more reliable mechanism for determining whether the connection handler will be allowed to start.
  
  
• Revision 2317 (Issue #1861) -- Update the configuration file handler so that it will report back to clients if a problem occurs while applying a configuration add, delete, or modify after the new configuration has been written to disk.
  
  
• Revision 1423 (Issue #1428) -- Update the import-ldif utility to provide the ability to write skipped entries to a specified file.
  
  
• Revision 2326 -- Update the server to provide a new ds-cfg-strip-syntax-minimum-upper-bound configuration attribute to strip the suggested minimum upper bound from the attribute type syntax OID. This may cause problems with certain APIs (e.g., JNDI).
  
  
• Revision 2334 (Issue #1880) -- Provide better error handling for runtime exceptions encountered during the JMX connection handler.
  
  
• Revision 2337 (Issues #1861, 1932, 1936, 1937) -- Fix a set of problems with the configuration interface in which insufficient validation was performed when applying configuration changes.
  
  
• Revision 2338 (Issue #1368) -- Update the Berkeley DB Java Edition backend to ensure that the matched DN component of the request is set when appropriate.
  
  
• Revision 2340 (Issue #1462) -- Fix a problem that could cause a deadlock in the server when performing a subtree delete operation.
  
  
• Revision 2342 (Issue #1899) -- Update the configuration for the Berkeley DB Java Edition backend to ensure that it will require a valid value for the database logging level.
  
  
• Revision 2345 (Issue #987) -- Update all of the tools provided with OpenDS to make them easier to invoke programmatically.
  
  
• Revision 2346 (Issue #1957) -- Change the log level for many of the messages generated by the import-ldif utility to reduce the amount of output generated by default.
  
  
• Revision 2348 (Issue #1238) -- Update the server's DIGEST-MD5 SASL mechanism handler so that it provides the ability to process the digest-uri element of the request if a value is provided for the ds-cfg-server-fqdn configuration attribute.
  
  
• Revision 2351 (Issue #1321) -- Update the access and audit logging systems to provide a way to control whether synchronization messages should be logged. If they are (which is the default configuration), then those messages will be noted with a "type=synchronization" flag.
  
  
• Revision 2354 (Issue #1916) -- Fix the manage-account tool to use the correct underlying Java class.
  
  
• Revision 2355 -- Fix a problem with the way that the server encoded the "reverse order" flag in the server-side sort control.
  
  
• Revision 2359 (Issue #1972) -- Update the bind processing code so that the "bind in progress" flag will not be incorrectly unset between stages of a multi-stage SASL bind.
  
  
• Revision 2363 (Issue #1810) -- Update the password policy configuration to support a new ds-cfg-state-update-failure-policy that can make it possible to configure whether an otherwise successful bind operation should fail if a problem occurs while attempting to update the password policy state information for the user.
  
  
• Revision 2364 (Issues #1588, 1589) -- Improve the locking code used for server entry cache implementations to simplify the code and eliminate the potential for returning a stale entry.
  
  
• Revision 2365 (Issue #1974) -- Fix a problem that prevented attribute syntaxes and matching rules from being notified of configuration changes.
  
  
• Revision 2368 (Issue #1217) -- Update the JMX connection handler to ensure that any client connecting to the server using JMX will be required to have the jmx-read privilege. The jmx-notify privilege has been deprecated, as Java does not provide a reliable mechanism for trapping client registration to receive notifications.
  
  
• Revision 2373 (Issue #1895) -- Fix a problem in which total update initialization did not work properly with environments containing three servers that are also replication servers.
  
  
• Revision 2377 (Issue #614) -- Update the LDAP connection handler to eliminate the possibility of a race condition if a client sent a second request with the same message ID as the first request while the server was still performing post-response processing for the first operation.
  
  

Monday July 02, 2007

OpenDS 0.9.0 is now available

• Revision 2116 (Issue #1596) -- Fix problems in the access control handler in which it was not possible to use the userattr bind target if it contained an LDAP URL.
  
  
• Revision 2118 (Issue #1797) -- Fix problems leading to potential deadlocks in the replication subsystem.
  
  
• Revision 2127 (Issue #1799) -- Fix a problem with the upgrade utility that could cause upgrades to fail if SSL was enabled.
  
  
• Revision 2131 -- Improve the replication monitoring information that the server makes available, particularly in the case of a replication server that is not connected to any directory server instances.
  
  
• Revision 2135 (Issues #1455, 1480, 1575) -- Make a number of changes to the Berkeley DB JE backend, including adding the ability to manage a number of settings with the server online (e.g., indexes, entry index limit, substring length, entry compression).
  
  
• Revision 2138 (Issue #1578) -- Support the use of alternate root bind DNs in the userdn bind target.
  
  
• Revision 2143 -- Update the upgrade process to ensure that any files present in the previous installation's config directory but not in the config directory for the new instance are properly restored.
  
  
• Revision 2144 -- Make the QuickSetup and QuickUpgrade dialog boxes use the same height.
  
  
• Revision 2149 (Issue #1801) -- Improve the error message that is generated from the start-ds script if there is a problem with the Java environment. It should now say "Java 5.0 or higher" instead of just "Java 5.0", and if there is a chance that the problem was with the JAVA_ARGS values, then the message will also indicate that could be the culprit.
  
  
• Revision 2157 (Issue #253) -- Provide a way to control the order in which plugins are invoked.
  
  
• Revision 2161 -- Update the set of plugins included with the server so that they will look for changes to the set of registered plugin types and reject the change if any of the new plugin types are not appropriate.
  
  
• Revision 2166 (Issue #751) -- Update the pre-parse and pre-operation plugin result objects to add the ability to skip core processing without skipping post-operation plugins. Also, make sure that post-response plugins are always invoked for all operations that get far enough in their processing to have called the pre-parse plugins.
  
  
• Revision 2176 -- Add a new configuration option that makes it possible to control how the server should handle changes if it is unable to connect to a replication server.
  
  
• Revision 2186 (Issue #849) -- Update the way that the password policy import plugin encodes passwords during an LDIF import. If an entry specifies a specific password policy, then its default storage schemes will use. Otherwise, it is possible to specify the default schemes that should be used. If all else fails, then the server will fall back on hard-coded default schemes (SSHA for user password values, and SHA1 for auth password values).
  
  
• Revision 2190 -- Fix a problem in the server's configuration handler in which configuration changes made by internal operations may not be persisted to disk due to a failure to close the output stream.
  
  
• Revision 2201 (Issues #292, 579, 1782, 1845) -- Add a new extended operation that can be used to interact with password policy state information, including getting and setting various state variables. Also, add a new manage-account tool that can be used to interact with this extended operation. Finally, fix a bug in which it was not possible for users to authenticate if their account had the pwdReset flag and last login time tracking was enabled.
  
  
• Revision 2202 (Issue #461) -- Update the way that the server handles access control rules that include criteria involving an IP address so that its behavior is consistent with that exhibited by DSEE.
  
  
• Revision 2208 (Issue #1674) -- Provide the ability to cancel install and upgrade processing.
  
  
• Revision 2209 (Issue #1815) -- Fix a problem in which the uninstaller has the potential to remove server configuration and/or log files even if the user selected to retain them.