%global pkgname dirsrv
%global srcname 389-ds-base
# Exclude i686 bit arches
ExcludeArch: i686
# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6.
%global use_Socket6 0
%global use_asan 0
%global use_rust 1
%global bundle_jemalloc 1
%if %{use_asan}
%global bundle_jemalloc 0
%endif
%if %{bundle_jemalloc}
%global jemalloc_name jemalloc
%global jemalloc_ver 5.3.0
%global __provides_exclude ^libjemalloc\\.so.*$
%endif
# Use Clang instead of GCC
%global use_clang 0
# Build cockpit plugin
%global use_cockpit 1
# fedora 15 and later uses tmpfiles.d
# otherwise, comment this out
%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
# systemd support
%global groupname %{pkgname}.target
# set PIE flag
%global _hardened_build 1
# Filter argparse-manpage from autogenerated package Requires
%global __requires_exclude ^python.*argparse-manpage
# Force to require nss version greater or equal as the version available at the build time
# See bz1986327
%define dirsrv_requires_ge() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
Summary: 389 Directory Server (base)
Name: 389-ds-base
Version: 2.0.17
Release: 1%{?dist}
License: GPLv3+ and (ASL 2.0 or MIT)
URL: https://www.port389.org
Conflicts: selinux-policy-base < 3.9.8
Conflicts: freeipa-server < 4.0.3
Obsoletes: %{name} <= 1.4.0.9
Obsoletes: %{name}-legacy-tools < 1.4.4.6
Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6
Provides: ldif2ldbm >= 0
##### Bundled cargo crates list - START #####
Provides: bundled(crate(ahash)) = 0.7.6
Provides: bundled(crate(ansi_term)) = 0.12.1
Provides: bundled(crate(atty)) = 0.2.14
Provides: bundled(crate(autocfg)) = 1.1.0
Provides: bundled(crate(base64)) = 0.13.1
Provides: bundled(crate(bitflags)) = 1.3.2
Provides: bundled(crate(byteorder)) = 1.4.3
Provides: bundled(crate(cbindgen)) = 0.9.1
Provides: bundled(crate(cc)) = 1.0.76
Provides: bundled(crate(cfg-if)) = 1.0.0
Provides: bundled(crate(clap)) = 2.34.0
Provides: bundled(crate(concread)) = 0.2.21
Provides: bundled(crate(crossbeam)) = 0.8.2
Provides: bundled(crate(crossbeam-channel)) = 0.5.6
Provides: bundled(crate(crossbeam-deque)) = 0.8.2
Provides: bundled(crate(crossbeam-epoch)) = 0.9.11
Provides: bundled(crate(crossbeam-queue)) = 0.3.6
Provides: bundled(crate(crossbeam-utils)) = 0.8.12
Provides: bundled(crate(entryuuid)) = 0.1.0
Provides: bundled(crate(entryuuid_syntax)) = 0.1.0
Provides: bundled(crate(fastrand)) = 1.8.0
Provides: bundled(crate(fernet)) = 0.1.4
Provides: bundled(crate(foreign-types)) = 0.3.2
Provides: bundled(crate(foreign-types-shared)) = 0.1.1
Provides: bundled(crate(getrandom)) = 0.2.8
Provides: bundled(crate(hashbrown)) = 0.12.3
Provides: bundled(crate(hermit-abi)) = 0.1.19
Provides: bundled(crate(instant)) = 0.1.12
Provides: bundled(crate(itoa)) = 1.0.4
Provides: bundled(crate(jobserver)) = 0.1.25
Provides: bundled(crate(libc)) = 0.2.137
Provides: bundled(crate(librnsslapd)) = 0.1.0
Provides: bundled(crate(librslapd)) = 0.1.0
Provides: bundled(crate(lock_api)) = 0.4.9
Provides: bundled(crate(log)) = 0.4.17
Provides: bundled(crate(lru)) = 0.7.8
Provides: bundled(crate(memoffset)) = 0.6.5
Provides: bundled(crate(once_cell)) = 1.16.0
Provides: bundled(crate(openssl)) = 0.10.42
Provides: bundled(crate(openssl-macros)) = 0.1.0
Provides: bundled(crate(openssl-sys)) = 0.9.77
Provides: bundled(crate(parking_lot)) = 0.11.2
Provides: bundled(crate(parking_lot_core)) = 0.8.5
Provides: bundled(crate(paste)) = 0.1.18
Provides: bundled(crate(paste-impl)) = 0.1.18
Provides: bundled(crate(pin-project-lite)) = 0.2.9
Provides: bundled(crate(pkg-config)) = 0.3.26
Provides: bundled(crate(ppv-lite86)) = 0.2.17
Provides: bundled(crate(proc-macro-hack)) = 0.5.19
Provides: bundled(crate(proc-macro2)) = 1.0.47
Provides: bundled(crate(pwdchan)) = 0.1.0
Provides: bundled(crate(quote)) = 1.0.21
Provides: bundled(crate(rand)) = 0.8.5
Provides: bundled(crate(rand_chacha)) = 0.3.1
Provides: bundled(crate(rand_core)) = 0.6.4
Provides: bundled(crate(redox_syscall)) = 0.2.16
Provides: bundled(crate(remove_dir_all)) = 0.5.3
Provides: bundled(crate(ryu)) = 1.0.11
Provides: bundled(crate(scopeguard)) = 1.1.0
Provides: bundled(crate(serde)) = 1.0.147
Provides: bundled(crate(serde_derive)) = 1.0.147
Provides: bundled(crate(serde_json)) = 1.0.88
Provides: bundled(crate(slapd)) = 0.1.0
Provides: bundled(crate(slapi_r_plugin)) = 0.1.0
Provides: bundled(crate(smallvec)) = 1.10.0
Provides: bundled(crate(strsim)) = 0.8.0
Provides: bundled(crate(syn)) = 1.0.103
Provides: bundled(crate(synstructure)) = 0.12.6
Provides: bundled(crate(tempfile)) = 3.3.0
Provides: bundled(crate(textwrap)) = 0.11.0
Provides: bundled(crate(tokio)) = 1.21.2
Provides: bundled(crate(tokio-macros)) = 1.8.0
Provides: bundled(crate(toml)) = 0.5.9
Provides: bundled(crate(unicode-ident)) = 1.0.5
Provides: bundled(crate(unicode-width)) = 0.1.10
Provides: bundled(crate(unicode-xid)) = 0.2.4
Provides: bundled(crate(uuid)) = 0.8.2
Provides: bundled(crate(vcpkg)) = 0.2.15
Provides: bundled(crate(vec_map)) = 0.8.2
Provides: bundled(crate(version_check)) = 0.9.4
Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1
Provides: bundled(crate(winapi)) = 0.3.9
Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
Provides: bundled(crate(zeroize)) = 1.5.7
Provides: bundled(crate(zeroize_derive)) = 1.3.2
##### Bundled cargo crates list - END #####
BuildRequires: nspr-devel >= 4.32
BuildRequires: nss-devel >= 3.67.0-7
BuildRequires: openldap-devel
BuildRequires: libdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: icu
BuildRequires: libicu-devel
BuildRequires: pcre-devel
BuildRequires: cracklib-devel
%if %{use_clang}
BuildRequires: libatomic
BuildRequires: clang
%else
BuildRequires: gcc
BuildRequires: gcc-c++
%endif
# The following are needed to build the snmp ldap-agent
BuildRequires: net-snmp-devel
BuildRequires: lm_sensors-devel
BuildRequires: bzip2-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
# the following is for the pam passthru auth plug-in
BuildRequires: pam-devel
BuildRequires: systemd-units
BuildRequires: systemd-devel
%if %{use_asan}
BuildRequires: libasan
%endif
# If rust is enabled
%if %{use_rust}
BuildRequires: cargo
BuildRequires: rust
%endif
BuildRequires: pkgconfig
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(krb5)
# Needed to support regeneration of the autotool artifacts.
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
# For our documentation
BuildRequires: doxygen
# For tests!
BuildRequires: libcmocka-devel
BuildRequires: libevent-devel
# For lib389 and related components
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-setuptools
BuildRequires: python%{python3_pkgversion}-ldap
BuildRequires: python%{python3_pkgversion}-six
BuildRequires: python%{python3_pkgversion}-pyasn1
BuildRequires: python%{python3_pkgversion}-pyasn1-modules
BuildRequires: python%{python3_pkgversion}-dateutil
BuildRequires: python%{python3_pkgversion}-argcomplete
BuildRequires: python%{python3_pkgversion}-argparse-manpage
BuildRequires: python%{python3_pkgversion}-libselinux
BuildRequires: python%{python3_pkgversion}-policycoreutils
# For cockpit
%if %{use_cockpit}
BuildRequires: rsync
%endif
Requires: %{name}-libs = %{version}-%{release}
Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release}
# this is needed for using semanage from our setup scripts
Requires: policycoreutils-python-utils
Requires: /usr/sbin/semanage
Requires: libsemanage-python%{python3_pkgversion}
Requires: selinux-policy >= 3.14.1-29
# the following are needed for some of our scripts
Requires: openldap-clients
Requires: /usr/bin/c_rehash
Requires: python%{python3_pkgversion}-ldap
Requires: acl
# this is needed to setup SSL if you are not using the
# administration server package
Requires: nss-tools
Requires: nspr >= 4.32
Requires: nss >= 3.67.0-7
# these are not found by the auto-dependency method
# they are required to support the mandatory LDAP SASL mechs
Requires: cyrus-sasl-gssapi
Requires: cyrus-sasl-md5
Requires: cyrus-sasl-plain
# this is needed for verify-db.pl
Requires: libdb-utils
# Needed for password dictionary checks
Requires: cracklib-dicts
# Needed by logconv.pl
Requires: perl-DB_File
Requires: perl-Archive-Tar
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
Requires: perl-debugger
Requires: perl-sigtrap
%endif
# Picks up our systemd deps.
%{?systemd_requires}
Obsoletes: %{name} <= 1.3.5.4
Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2
# 389-ds-git.sh should be used to generate the source tarball from git
Source1: %{name}-git.sh
Source2: %{name}-devel.README
%if %{bundle_jemalloc}
Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
%endif
# Remove this after rust-1.56 lands in repos
%if 0%{?rhel} == 8
Patch0: concread-use-2018-edition.patch
%endif
%description
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
%if %{use_asan}
WARNING! This build is linked to Address Sanitisation libraries. This probably
isn't what you want. Please contact support immediately.
Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
%endif
%package libs
Summary: Core libraries for 389 Directory Server
BuildRequires: nspr-devel >= 4.32
BuildRequires: nss-devel >= 3.67.0-7
BuildRequires: openldap-devel
BuildRequires: libdb-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: libicu-devel
BuildRequires: pcre-devel
BuildRequires: libtalloc-devel
BuildRequires: libevent-devel
BuildRequires: libtevent-devel
Requires: krb5-libs
Requires: libevent
BuildRequires: systemd-devel
BuildRequires: make
Provides: svrcore = 4.1.4
Conflicts: svrcore
Obsoletes: svrcore <= 4.1.3
%description libs
Core libraries for the 389 Directory Server base package. These libraries
are used by the main package and the -devel package. This allows the -devel
package to be installed with just the -libs package and without the main package.
%package devel
Summary: Development libraries for 389 Directory Server
Requires: %{name}-libs = %{version}-%{release}
Requires: pkgconfig
Requires: nspr-devel
Requires: nss-devel >= 3.34
Requires: openldap-devel
Requires: libtalloc
Requires: libevent
Requires: libtevent
Requires: systemd-libs
Provides: svrcore-devel = 4.1.4
Conflicts: svrcore-devel
Obsoletes: svrcore-devel <= 4.1.3
%description devel
Development Libraries and headers for the 389 Directory Server base package.
%package snmp
Summary: SNMP Agent for 389 Directory Server
Requires: %{name} = %{version}-%{release}
Obsoletes: %{name} <= 1.4.0.0
%description snmp
SNMP Agent for the 389 Directory Server base package.
%package -n python%{python3_pkgversion}-lib389
Summary: A library for accessing, testing, and configuring the 389 Directory Server
BuildArch: noarch
Requires: openssl
Requires: iproute
Recommends: bash-completion
Requires: python%{python3_pkgversion}
Requires: python%{python3_pkgversion}-distro
Requires: python%{python3_pkgversion}-ldap
Requires: python%{python3_pkgversion}-six
Requires: python%{python3_pkgversion}-pyasn1
Requires: python%{python3_pkgversion}-pyasn1-modules
Requires: python%{python3_pkgversion}-dateutil
Requires: python%{python3_pkgversion}-argcomplete
Requires: python%{python3_pkgversion}-libselinux
Requires: python%{python3_pkgversion}-setuptools
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
%description -n python%{python3_pkgversion}-lib389
This module contains tools and libraries for accessing, testing,
and configuring the 389 Directory Server.
%if %{use_cockpit}
%package -n cockpit-389-ds
Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server
BuildArch: noarch
Requires: cockpit
Requires: 389-ds-base
Requires: python%{python3_pkgversion}
Requires: python%{python3_pkgversion}-lib389
%description -n cockpit-389-ds
A cockpit UI Plugin for configuring and administering the 389 Directory Server
%endif
%prep
%autosetup -p1 -v -n %{name}-%{version}
%if %{bundle_jemalloc}
%setup -q -n %{name}-%{version} -T -D -b 3
%endif
cp %{SOURCE2} README.devel
%build
OPENLDAP_FLAG="--with-openldap"
%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529
NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3"
%if %{use_asan}
ASAN_FLAGS="--enable-asan --enable-debug"
%endif
%if %{use_rust}
RUST_FLAGS="--enable-rust --enable-rust-offline"
%endif
%if !%{use_cockpit}
COCKPIT_FLAGS="--disable-cockpit"
%endif
%if %{use_clang}
export CC=clang
export CXX=clang++
CLANG_FLAGS="--enable-clang"
%endif
%if %{bundle_jemalloc}
# Override page size, bz #1545539
# 4K
%ifarch %ix86 %arm x86_64 s390x
%define lg_page --with-lg-page=12
%endif
# 64K
%ifarch ppc64 ppc64le aarch64
%define lg_page --with-lg-page=16
%endif
# Override huge page size on aarch64
# 2M instead of 512M
%ifarch aarch64
%define lg_hugepage --with-lg-hugepage=21
%endif
# Build jemalloc
pushd ../%{jemalloc_name}-%{jemalloc_ver}
%configure \
--libdir=%{_libdir}/%{pkgname}/lib \
--bindir=%{_libdir}/%{pkgname}/bin \
--enable-prof
make %{?_smp_mflags}
popd
%endif
# Enforce strict linking
%define _ld_strict_symbol_defs 1
# Rebuild the autotool artifacts now.
autoreconf -fiv
%configure --enable-autobind --with-selinux $TMPFILES_FLAG \
--with-systemd \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
--with-systemdgroupname=%{groupname} \
--libexecdir=%{_libexecdir}/%{pkgname} \
$NSSARGS $ASAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \
--enable-cmocka \
--enable-perl
# lib389
pushd ./src/lib389
%py3_build
popd
# argparse-manpage dynamic man pages have hardcoded man v1 in header,
# need to change it to v8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsconf.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsctl.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsidm.8
sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dscreate.8
# Generate symbolic info for debuggers
export XCFLAGS=$RPM_OPT_FLAGS
#make %{?_smp_mflags}
make
%install
mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
%if %{use_cockpit}
mkdir -p %{buildroot}%{_datadir}/cockpit
%endif
make DESTDIR="$RPM_BUILD_ROOT" install
%if %{use_cockpit}
find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
%endif
# Copy in our docs from doxygen.
cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
# lib389
pushd src/lib389
%py3_install
popd
mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname}
# for systemd
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
# remove libtool archives and static libs
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a
rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la
%if %{bundle_jemalloc}
pushd ../%{jemalloc_name}-%{jemalloc_ver}
make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc
cp -pa README ../%{name}-%{version}/README.jemalloc
popd
%endif
%check
# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
%post
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
output2=${DEBUGPOSTTRANS}.upgrade
else
output=/dev/null
output2=/dev/null
fi
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
# Soft static allocation for UID and GID
USERNAME="dirsrv"
ALLOCATED_UID=389
GROUPNAME="dirsrv"
ALLOCATED_GID=389
HOMEDIR="/usr/share/dirsrv"
getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME
if ! getent passwd $USERNAME >/dev/null ; then
if ! getent passwd $ALLOCATED_UID >/dev/null ; then
/usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
else
/usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME
fi
fi
# Reload our sysctl before we restart (if we can)
sysctl --system &> $output; true
# Gather the running instances so we can restart them
instbase="%{_sysconfdir}/%{pkgname}"
ninst=0
for dir in $instbase/slapd-* ; do
echo dir = $dir >> $output 2>&1 || :
if [ ! -d "$dir" ] ; then continue ; fi
case "$dir" in *.removed) continue ;; esac
basename=`basename $dir`
inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
else
echo instance $inst is not running >> $output 2>&1 || :
fi
ninst=`expr $ninst + 1`
done
if [ $ninst -eq 0 ] ; then
echo no instances to upgrade >> $output 2>&1 || :
exit 0 # have no instances to upgrade - just skip the rest
else
# restart running instances
echo shutting down all instances . . . >> $output 2>&1 || :
for inst in $instances ; do
echo stopping instance $inst >> $output 2>&1 || :
/bin/systemctl stop $inst >> $output 2>&1 || :
done
for inst in $instances ; do
echo starting instance $inst >> $output 2>&1 || :
/bin/systemctl start $inst >> $output 2>&1 || :
done
fi
%preun
if [ $1 -eq 0 ]; then # Final removal
# remove instance specific service files/links
rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
fi
%postun
if [ $1 = 0 ]; then # Final removal
rm -rf /var/run/%{pkgname}
fi
%post snmp
%systemd_post %{pkgname}-snmp.service
%preun snmp
%systemd_preun %{pkgname}-snmp.service %{groupname}
%postun snmp
%systemd_postun_with_restart %{pkgname}-snmp.service
exit 0
%files
%if %{bundle_jemalloc}
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
%license COPYING.jemalloc
%else
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
%endif
%dir %{_sysconfdir}/%{pkgname}
%dir %{_sysconfdir}/%{pkgname}/schema
%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
%dir %{_sysconfdir}/%{pkgname}/config
%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
%{_datadir}/%{pkgname}
%{_datadir}/gdb/auto-load/*
%{_unitdir}
%{_bindir}/dbscan
%{_mandir}/man1/dbscan.1.gz
%{_bindir}/ds-replcheck
%{_mandir}/man1/ds-replcheck.1.gz
%{_bindir}/ds-logpipe.py
%{_mandir}/man1/ds-logpipe.py.1.gz
%{_bindir}/ldclt
%{_mandir}/man1/ldclt.1.gz
%{_bindir}/logconv.pl
%{_mandir}/man1/logconv.pl.1.gz
%{_bindir}/pwdhash
%{_mandir}/man1/pwdhash.1.gz
#%caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd
%{_sbindir}/ns-slapd
%{_mandir}/man8/ns-slapd.8.gz
%{_sbindir}/openldap_to_ds
%{_mandir}/man8/openldap_to_ds.8.gz
%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
%{_mandir}/man5/99user.ldif.5.gz
%{_mandir}/man5/certmap.conf.5.gz
%{_mandir}/man5/slapd-collations.conf.5.gz
%{_mandir}/man5/dirsrv.5.gz
%{_mandir}/man5/dirsrv.systemd.5.gz
%{_libdir}/%{pkgname}/python
%dir %{_libdir}/%{pkgname}/plugins
%{_libdir}/%{pkgname}/plugins/*.so
# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
# sysctl.d is always in /lib.
%{_prefix}/lib/sysctl.d/*
%dir %{_localstatedir}/lib/%{pkgname}
%dir %{_localstatedir}/log/%{pkgname}
%ghost %dir %{_localstatedir}/lock/%{pkgname}
%exclude %{_sbindir}/ldap-agent*
%exclude %{_mandir}/man1/ldap-agent.1.gz
%exclude %{_unitdir}/%{pkgname}-snmp.service
%if %{bundle_jemalloc}
%{_libdir}/%{pkgname}/lib/
%{_libdir}/%{pkgname}/bin/
%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
%endif
%files devel
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%{_mandir}/man3/*
%{_includedir}/svrcore.h
%{_includedir}/%{pkgname}
%{_libdir}/libsvrcore.so
%{_libdir}/%{pkgname}/libslapd.so
%{_libdir}/%{pkgname}/libns-dshttpd.so
%{_libdir}/%{pkgname}/libldaputil.so
%{_libdir}/pkgconfig/svrcore.pc
%{_libdir}/pkgconfig/dirsrv.pc
%files libs
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%dir %{_libdir}/%{pkgname}
%{_libdir}/libsvrcore.so.*
%{_libdir}/%{pkgname}/libslapd.so.*
%{_libdir}/%{pkgname}/libns-dshttpd.so.*
%{_libdir}/%{pkgname}/libldaputil.so.*
%{_libdir}/%{pkgname}/librewriters.so*
%if %{bundle_jemalloc}
%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
%endif
%files snmp
%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
%{_sbindir}/ldap-agent*
%{_mandir}/man1/ldap-agent.1.gz
%{_unitdir}/%{pkgname}-snmp.service
%files -n python%{python3_pkgversion}-lib389
%doc LICENSE LICENSE.GPLv3+
%{python3_sitelib}/lib389*
%{_sbindir}/dsconf
%{_mandir}/man8/dsconf.8.gz
%{_sbindir}/dscreate
%{_mandir}/man8/dscreate.8.gz
%{_sbindir}/dsctl
%{_mandir}/man8/dsctl.8.gz
%{_sbindir}/dsidm
%{_mandir}/man8/dsidm.8.gz
%{_libexecdir}/%{pkgname}/dscontainer
%if %{use_cockpit}
%files -n cockpit-389-ds -f cockpit.list
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
%doc README.md
%endif
%changelog
* Fri Nov 18 2022 Mark Reynolds <mreynolds@redhat.com> - 2.0.17-1
- Bump version to 2.0.17
- Issue 5534 - Add copyright text to the repository files
- Issue 5532 - Make db compaction TOD day more robust.
- Issue 5529 - UI - Fix npm vulnerability in loader-utils
- Issue 3555 - UI - fix audit issue with npm loader-utils (#5514)
- Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement
- Issue 5162 - RFE - CLI allow adding CA certificate bundles
- Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455)
- Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513)
- Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed
- Issue 5502 - RFE - Add option to display entry attributes in audit log
- Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501)
- Issue 5495 - RFE - skip dds during migration. (#5496)
- Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492)
- Issue 5368 - Retro Changelog trimming does not work (#5486)
- Issue 5487 - Fix various issues with logconv.pl
- Issue 5482 - lib389 - Can not enable replication with a mixed case suffix
- Issue 4776 - Fix entryuuid fixup task (#5483)
- Issue 5356 - Update Cargo.lock and bootstrap PBKDF2-SHA512 (#5480)
- Issue 3061 - RFE - Add password policy debug log level
- Issue 5462 - RFE - add missing default indexes (#5464)
- Issue 4324 - Revert recursive pthread mutex usage in factory.c
- Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264)
- Issue 4324 - Revert recursive pthread mutex change (#5463)
- Issue 5305 - OpenLDAP version autodetection doesn't work
- Issue 5032 - Fix OpenLDAP version check (#5091)
- Issue 5032 - OpenLDAP is not shipped with non-threaded version of libldap (#5033) (#5456)
- Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255)
- Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272)
- Issue 5453 - UI/CLI - Changing Root DN breaks UI
- Issue 5446 - Fix some covscan issues (#5451)
- Issue 5294 - Report Portal 5 is not processing an XML file with (#5358)
- Issue 4588 - Gost yescrypt may fail to build on some older versions of glibc
- Issue 4308 - checking if an entry is a referral is expensive
- Issue 5447 - UI - add NDN max cache size to UI
- Issue 5443 - UI - disable save button while saving
- Issue 5077 - UI - Add retrocl exclude attribute functionality (#5078)
- Issue 5413 - Allow only one MemberOf fixup task at a time
- Issue 5158 - entryuuid fixup tasks fails in replicated topology (#5439)
- Issue 4592 - dscreate error with custom dir_path (#5434)
- Issue 5397 - Fix memory leak with the intent filter
- Issue 5356 - For RUST build update the default password storage scheme
- Issue 5423 - Fix missing 'not' in description
- Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422)
- Issue 3903 - fix repl keep alive event interval
- Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420)
- Issue 5415 - Hostname when set to localhost causing failures in other tests
- Issue 5412 - lib389 - do not set backend name to lowercase
- Issue 3903 - keep alive update event starts too soon
- Issue 5397 - Fix various memory leaks
- Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400)
- Issue 3903 - Supplier should do periodic updates
- Issue 5392 - dscreate fails when using alternative ports in the SELinux hi_reserved_port_t label range
- Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387)
- Issue 5383 - UI - Various fixes and RFE's for UI
- Issue 4656 - Remove problematic language from source code
- Issue 5380 - Separate cleanAllRUV code into new file
- Issue 5322 - optime & wtime on rejected connections is not properly set
- Issue 5375 - CI - disable TLS hostname checking
- Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function
- Issue 5371 - Update npm and cargo packages
- Issue 3069 - Support ECDSA private keys for TLS (#5365)
* Tue Jul 5 2022 Mark Reynolds <mreynolds@redhat.com> - 2.0.16-1
- Bump version to 2.0.16
- Issue 5221 - fix covscan (#5359)
- Issue 4984 - BUG - pid file handling (#4986)
- Issue 5353 - CLI - dsconf backend export breaks with multiple backends
- Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347)
- Issue 5323 - BUG - improve skipping of monitor db (#5340)
- Issue 5323 - BUG - Fix issue in mdb tests with monitor (#5326)
- Issue 5329 - Improve replication extended op logging
- Issue 5343 - Various improvements to winsync
- Issue 4932 - CLI - add parser aliases to long arg names
- Issue 5332 - BUG - normalise filter as intended
- Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153)
- Issue 5311 - Missing Requires for acl in the spec file
- Issue 5333 - 389-ds-base fails to build with Python 3.11
- Issue 5170 - BUG - incorrect behaviour of filter test (#5315)
- Issue 5324 - plugin acceptance test needs hardening
- Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321)
- Issue 5304 - Need a compatibility option about sub suffix handling (#5310)
- Issue 5302 - Release tarballs don't contain cockpit webapp
- Issue 5237 - audit-ci: Cannot convert undefined or null to object
- Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285)
- Issue 4970 - Add support for recursively deleting subentries
- Issue 5284 - Replication broken after password change (#5286)
- Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292)
- Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
- Issue 5170 - RFE - Filter optimiser (#5171)
- Issue 5276 - CLI - improve task handling
- Issue 5273 - CLI - add arg completer for instance name
- Issue 2893 - CLI - dscreate - add options for setting up replication
- Issue 4866 - CLI - when enabling replication set changelog trimming by default
- Issue 5241 - UI - Add account locking missing functionality (#5251)
- Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266)
- Issue 5098 - Fix cherry-pick error
- Issue 4904 - Fix various small issues
- Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261)
- Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256)
- Issue 5210 - Python undefined names in lib389
- Issue 4959 - BUG - Invalid /etc/hosts setup can cause isLocalHost (#4960)
- Issue 5249 - dscontainer: ImportError: cannot import name 'get_default_db_lib' from 'lib389.utils'
- Issue 5242 - SECURITY_FIX - Craft message may crash the server (#5243)
- Issue 5234 - UI - rename Users and Groups tab
- Issue 5217 - Simplify instance creation and administration by non root user (#5224)
- Issue 5227 - UI - No way to move back to Get Started step (#5233)
* Wed Mar 23 2022 Mark Reynolds <mreynolds@redhat.com> - 2.0.15-1
- Bump version to 2.0.15
- Issue 5230 - Race condition in RHDS disk monitoring functions
- Issue 4299 - UI - Add CoS funtionality (#5196)
- Issue 5225 - UI - impossible to manually set entry cache
- Issue 5186 - UI - Fix SASL Mapping regex test feature
- Issue 5221 - User with expired password can still login with full privledges
- Issue 5218 - double-free of the virtual attribute context in persistent search (#5219)
- Issue 5200 - dscontainer should use environment variables with DS_ prefix
- Issue 5193 - Incomplete ruv occasionally returned from ruv search (#5194)
- Issue 5189 - memberOf plugin exclude subtree not cleaning up groups on modrdn
- Issue 5188 - UI - LDAP editor - add entry and group types
- Issue 5184 - memberOf does not work correctly with multiple include scopes
- Issue 5162 - BUG - error on importing chain files (#5164)
- Issue 5186 - UI - Fix SASL Mapping regex validation and other minor improvements
- Issue 5048 - Support for nsslapd-tcp-fin-timeout and nsslapd-tcp-keepalive-time (#5179)
- Issue 5122 - dsconf instance backend suffix set doesn't accept backend name (#5178)
- Issue 5160 - BUG - x- prefix in descr-oid can confuse oid parser (#5161)
- Issue 5098 - Multiple issues around replication and CI test test_online_reinit_may_hang (#5109)
- Issue 5102 - BUG - container may fail with bare uid/gid (#5140)
- Issue 5137 - RFE - improve sssd conf output (#5138)
- Issue 5145 - Fix covscan errors
- Issue 4721 - UI - attribute uniqueness crashes UI when there are no configs
- Issue 5155 - RFE - Provide an option to abort an Auto Member rebuild task
- Issue 4299 - UI - Add Role funtionality (#5163)
- Issue 5050 - bdb bulk op fails if fs page size > 8K (#5150)
- Issue 4775 - Add entryuuid CLI and Fixup (#4776)
- Issue 5142 - CLI - dsctl dbgen is broken
- Issue 4299 - UI - fix minor issues with ldap editor (table view)
- Issue 4299 - UI - fix minor issues with ldap editor
- Issue 5103 - UI - Add support for TPR to web console (#5111)
* Thu Jan 27 2022 Mark Reynolds <mreynolds@redhat.com> - 2.0.14-1
- Bump version to 2.0.14-1
- Issue 5127 - ds_selinux_restorecon.sh: always exit 0
- Issue 5037 - in OpenQA changelog trimming can crashes (#5070)
- Issue 4992 - BUG - slapd.socket container fix (#4993)
- Issue 5079 - BUG - multiple ways to specific primary (#5087)
- Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094)
- Issue 5135 - UI - Disk monitoring threshold does update properly
- Issue 5129 - BUG - Incorrect fn signature in add_index (#5130)
* Thu Jan 27 2022 Adam Williamson <awilliam@redhat.com> - 2.0.13-2
- Backport PR#5141 to fix startup when a directory doesn't exist (#2047323)
* Mon Jan 24 2022 Mark Reynolds <mreynolds@redhat.com> - 2.0.13-1
- Bump version to 2.0.13
- Issue 5132 - Update Rust crate lru to fix CVE
- Issue 3555 - UI - fix audit issue with npm nanoid
- Issue 4299 - UI - Add ACI editing features
- Issue 4299 - UI - LDAP editor - add "edit" and "rename" functionality
- Issue 5127 - run restorecon on /dev/shm at server startup
- Issue 5124 - dscontainer fails to create an instance
- Issue 4312 - fix compiler warnings
- Issue 5115 - AttributeError: type object 'build_manpages' has no attribute 'build_manpages'
- Issue 4312 - performance search rate: contention on global monitoring counters (#4940)
- Issue 5105 - During a bind, if the target entry is not reachable the operation may complete without sending result (#5107)
- Issue 5095 - sync-repl with openldap may send truncated syncUUID (#5099)
- Issue 3584 - Add is_fips check to password tests (#5100)
- Issue 5074 - retro changelog cli updates (#5075)
- Issue 4994 - Revert retrocl dependency workaround (#4995)
* Thu Dec 16 2021 Mark Reynolds <mreynolds@redhat.com> - 2.0.12-1
- Bump version to 2.0.12-1
- Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality
- Issue 4962 - Fix various UI bugs - Database and Backups (#5044)
- Issue 5046 - BUG - update concread (#5047)
- Issue 5043 - BUG - Result must be used compiler warning (#5045)
- Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections
- Issue 4931 - RFE: dsidm - add creation of service accounts
- Issue 5024 - BUG - windows ro replica sigsegv (#5027)
- Issue 5020 - BUG - improve clarity of posix win sync logging (#5021)
- Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009)
* Mon Nov 22 2021 Mark Reynolds <mreynolds@redhat.com> - 2.0.11-1
- Bump version to 2.0.11
- Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016)
- Issue 5014 - UI - Add group creation to LDAP editor
- Issue 5006 - UI - LDAP editor tree not being properly updated
- Issue 5001 - Update CI test for new availableSASLMechs attribute
- Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail.
- Issue 5001 - Fix next round of UI bugs:
- Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000)
- Issue 4978 - use more portable python command for checking containers
- Issue 4678 - RFE automatique disable of virtual attribute checking (#4918)
- Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981)
- Issue 4978 - make installer robust
- Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import
- Issue 4973 - update snmp to use /run/dirsrv for PID file
- Issue 4962 - Fix various UI bugs - Plugins (#4969)
- Issue 4973 - installer changes permissions on /run
- Issue 4092 - systemd-tmpfiles warnings
- Issue 4956 - Automember allows invalid regex, and does not log proper error
- Issue 4731 - Promoting/demoting a replica can crash the server
- Issue 4962 - Fix various UI bugs part 1
- Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949)
- Issue 4943 - Fix csn generator to limit time skew drift (#4946)
- Issue 2790 - Set db home directory by default
- Issue 4299 - Merge LDAP editor code into Cockpit UI
- Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace
- Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922)
- Issue 4847 - BUG - potential deadlock in replica (#4936)
- Issue 4513 - fix ACI CI tests involving ip/hostname rules
- Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926)
- Issue 4916 - Memory leak in ldap-agent
* Thu Nov 04 2021 Viktor Ashirov <vashirov@redhat.com> - 2.0.10-2
- Resolves #rhbz2016595
* Mon Sep 20 2021 Mark Reynolds <mreynolds@redhat.com> - 2.0.10-1
- Bump version to 2.0.10
- Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
- Issue 4912 - Account Policy plugin does not set the config entry DN
- Issue 4863 - typoes in logconv.pl
- Issue 4796 - Add support for nsslapd-state to CLI & UI
- Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
- Issue 4912 - dsidm command crashing when account policy plugin is enabled
- Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
- Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
- Issue 4887 - UI - fix minor regression from camelCase fixup
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.0.7-1.2
- Rebuilt with OpenSSL 3.0.0
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.7-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jul 15 2021 Mark Reynolds <mreynolds@redhat.com> - 2.0.7-1
- Bump version to 2.0.7
- Issue 4443 - Internal unindexed searches in syncrepl/retro changelog
- Issue 4603 - Reindexing a single backend (#4831)
- Issue 4169 - UI - migrate Server Tab forms to PF4
- Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819)
- Issue 4820 - RFE - control flow integrity (#4821)
- Issue 4706 - negative wtime for compare operations (#4780)
- Issue 4414 - SIGFPE crash in rhds disk monitoring routine (#4829)
- Issue 4262 - Fix Index out of bound in fractional test (#4828)
- Issue 4826 - Filter argparse-manpage from autogenerated requires
- Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823)
- Issue 2820 - Fix CI test suite issues
* Thu Jun 24 2021 Thierry Bordaz <tbordaz@redhat.com> - 2.0.6-1
- Bump version to 2.0.6
- Issue 4803 - Improve DB Locks Monitoring Feature Descriptions
- Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810)
- Issue 4169 - UI - Migrate Typeaheads to PF4 (#4808)
- Issue 4414 - disk monitoring - prevent division by zero crash
- Issue 4788 - CLI should support Temporary Password Rules attributes (#4793)
- Issue 4656 - Fix replication plugin rename dependency issues
- Issue 4656 - replication name change upgrade code causes crash with dynamic plugins
- Issue 4506 - Improve SASL logging
- Issue 4709 - Fix double free in dbscan
- Issue 4093 - Fix MEP test case
- Issue 4747 - Remove unstable/unstatus tests (followup) (#4809)
- Issue 4791 - Missing dependency for RetroCL RFE (#4792)
- Issue 4794 - BUG - don't capture container output (#4798)
- Issue 4593 - Log an additional message if the server certificate nickname doesn't match nsSSLPersonalitySSL value
- Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799)
- Issue 4169 - UI Migrate checkbox to PF4 (#4769)
- Issue 4447 - Crash when the Referential Integrity log is manually edited
- Issue 4773 - Add CI test for DNA interval assignment
- Issue 4789 - Temporary password rules are not enforce with local password policy (#4790)
- Issue 4379 - fixing regression in test_info_disclosure
- Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service
- Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service
- Issue 4575 Update test docstrings metadata
- Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream
- removed the snmp_present() from utils.py as we have get_rpm_version() in conftest.py
- Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 2.0.5-1.1
- Rebuilt for Python 3.10
* Sun May 30 2021 Mark Reynolds <mreynolds@redhat.com> - 2.0.5-1
- Bump version to 2.0.5
- Issue 4778 - RFE - Allow setting TOD for db compaction and add task
- Issue 4169 - UI - Port plugin tables to PF4
- Issue 4656 - Allow backward compatilbity for replication plugin name change
- Issue 4764 - replicated operation sometime checks ACI (#4783)
- Issue 2820 - Fix CI test suite issues
- Issue 4781 - There are some typos in man-pages
- Issue 4773 - Enable interval feature of DNA plugin
- Issue 4623 - RFE - Monitor the current DB locks (#4762)
- Issue 3555 - Fix UI audit issue
- Issue 4725 - Fix compiler warnings
- Issue 4770 - Lower FIPS logging severity
- Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766)
- Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727)
- Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748)
- Issue 4759 - Fix coverity issue (#4760)
- Issue 4169 - UI - Migrate Buttons to PF4 (#4745)
- Issue 4714 - dscontainer fails with rootless podman
- Issue 4750 - Fix compiler warning in retrocl (#4751)
- Issue 4742 - UI - should always use LDAPI path when calling CLI
- Issue 4169 - UI - Migrate Server, Security, and Schema tables to PF4
- Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732)
- Issue 4701 - RFE - Exclude attributes from retro changelog (#4723)
- Issue 4740 - Fix CI lib389 userPwdPolicy and subtreePwdPolicy (#4741)
- Issue 4711 - SIGSEV with sync_repl (#4738)
- Issue 4734 - import of entry with no parent warning (#4735)
- Issue 4729 - GitHub Actions fails to run pytest tests
- Issue 4656 - Remove problematic language from source code
- Issue 4632 - dscontainer: SyntaxWarning: "is" with a literal.
- Issue 4169 - UI - migrate replication tables to PF4
- Issue 4637 - ndn cache leak (#4724)
- Issue 4577 - Fix ASAN flags in specfile
- Issue 4169 - UI - PF4 migration - database tables
- issue 4653 - refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan (#4709)
* Thu May 20 2021 Christian Heimes <cheimes@redhat.com> - 2.0.4-4
- Enable interval feature of DNA plugin (resolves: rhbz#1962671)
* Wed May 19 2021 Pete Walter <pwalter@fedoraproject.org> - 2.0.4-3.2
- Rebuild for ICU 69
* Wed May 19 2021 Pete Walter <pwalter@fedoraproject.org> - 2.0.4-3.1
- Rebuild for ICU 69
* Wed May 19 2021 Thierry Bordaz <tbordaz@redhat.com> - 2.0.4-3
- Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766)
* Fri May 07 2021 Viktor Ashirov <vashirov@redhat.com> - 2.0.4-2
- Rebuilt to fix NVR
* Fri Apr 09 2021 Simon Pichugin <spichugi@redhat.com> - 2.0.4-1.1
- Add Rust bundled Provides and Update License
* Thu Apr 08 2021 Thierry Bordaz <tbordaz@redhat.com> - 2.0.4-1
- Bump version to 2.0.4
- Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (#4715)
- Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4713)
- Issue 4700 - Regression in winsync replication agreement (#4712)
- Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4710)
- Issue 4169 - UI - migrate monitor tables to PF4
- issue 4585 - backend redesign phase 3c - dbregion test removal (#4665)
- Issue 2736 - remove remaining perl references
- Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736
- Issue 4706 - negative wtime in access log for CMP operations
- Issue 3585 - LDAP server returning controltype in different sequence
- Issue 4127 - With Accounts/Account module delete fuction is not working (#4697)
- Issue 4666 - BUG - cb_ping_farm can fail with anonymous binds disabled (#4669)
- Issue 4671 - UI - Fix browser crashes
- Issue 4169 - UI - Add PF4 charts for server stats
- Issue 4648 - Fix some issues and improvement around CI tests (#4651)
- Issue 4654 Updates to tickets/ticket48234_test.py (#4654)
- Issue 4229 - Fix Rust linking
- Issue 4673 - Update Rust crates
- Issue 4658 - monitor - connection start date is incorrect
- Issue 4169 - UI - migrate modals to PF4
- Issue 4656 - remove problematic language from ds-replcheck
- Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down
- Issue 4656 - Remove problematic language from UI/CLI/lib389
- Issue 4661 - RFE - allow importing openldap schemas (#4662)
- Issue 4659 - restart after openldap migration to enable plugins (#4660)
- Merge pull request #4664 from mreynolds389/issue4663
- issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622)
- Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645)
- Issue 4646 - CLI/UI - revise DNA plugin management
- Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647)
- Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652)
- Issue 4169 - UI - Migrate alerts to PF4
- Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection
- Issue 4595 - Paged search lookthroughlimit bug (#4602)
- Issue 4169 - UI - port charts to PF4
- Issue 2820 - Fix CI test suite issues
- Issue 4513 - CI - make acl ip address tests more robust
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.0.3-3.1
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Fri Feb 26 2021 Alexander Bokovoy <abokovoy@redhat.com> - 2.0.3-3
- Remove a revert of the fix for Issue 4609 - CVE - info disclosure when authenticating(breaks Dogtag)
- Dogtag has fixed own code that failed in the presence of the fix for Issue 4609
* Fri Feb 19 2021 Mark Reynolds <mreynolds@redhat.com> - 2.0.3-2
- Bump version to 2.0.3-2
- Revert Issue 4609 - CVE - info disclosure when authenticating(breaks DogTag)
* Fri Feb 12 2021 Mark Reynolds <mreynolds@redhat.com> - 2.0.3-1
- Bump version to 2.0.3
- Issue 4619 - remove pytest requirement from lib389
- Issue 4615 - log message when psearch first exceeds max threads per conn
- Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618)
- Issue 4324 - Some architectures the cache line size file does not exist
- Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614)
- Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm
- PR 4564 - Update dscontainer
- Issue 4149 - UI - port TreeView and opther components to PF4
- Issue 4577 - Add GitHub actions
- Issue 4591 - RFE - improve openldap_to_ds help and features (#4607)
- issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613)
- Issue 4609 - CVE - info disclosure when authenticating
- Issue 4348 - Add tests for dsidm
- Issue 4571 - Stale libdb-utils dependency
- Issue 4600 - performance modify rate: reduce lock contention on the object extension factory (#4601)
- Issue 4577 - Add GitHub actions
- Issue 4588 - BUG - unable to compile without xcrypt (#4589)
- Issue 4579 - libasan detects heap-use-after-free in URP test (#4584)
- Issue 4581 - A failed re-indexing leaves the database in broken state (#4582)
- Issue 4348 - Add tests for dsidm
- Issue 4577 - Add GitHub actions
- Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573)
- Issue 4093 - fix compiler warnings and update doxygen
- Issue 4575 - Update test docstrings metadata
- Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553)
- Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569)
- Issue 4513 - Add DS version check to SSL version test (#4570)
- Issue 5442 - Search results are different between RHDS10 and RHDS11
- Issue 4396 - Minor memory leak in backend (#4558)
- Issue 4513 - Fix replication CI test failures (#4557)
- Issue 4513 - Fix replication CI test failures (#4557)
- Issue 4153 - Added a CI test (#4556)
- Issue 4506 - BUG - fix oob alloc for fds (#4555)
- Issue 4548 - CLI - dsconf needs better root DN access control plugin validation
- Issue 4506 - Temporary fix for io issues (#4516)
- Issue 4535 - lib389 - Fix log function in backends.py
- Issue 4534 - libasan read buffer overflow in filtercmp (#4541)
- Issue 4544 - Compiler warnings on krb5 functions (#4545)
- Update rpm.mk for RUST tarballs
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 14 2021 Mark Reynolds <mreynolds@redhat.com> - 2.0.2-1
- Bump version to 2.0.2
- Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540)
- Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529)
- Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated
- Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523)
- Issue 4513 - CI Tests - fix test failures
- Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533)
- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt
- Issue 4504 - pytest test_dsconf_replication_monitor fails on RHEL - Fix merging issue (#4530)
- Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527)
- Issue 4506 - BUG - Fix bounds on fd table population (#4520)
- Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525)
- Issue 4219 - Log internal unindexed searches (notes=A)
- Issue 4384 - Separate eventq into REALTIME and MONOTONIC
- Issue 4381 - RFE - LDAPI authentication DN rewritter
- Issue 4513 - Fix schema test and lib389 task module (#4514)
- Issue 4414 - disk monitoring - prevent division by zero crash
- Issue 4517 - BUG: Multiple systemd pin warnings (#4518)
- Issue 4507 - Improve csngen testing task (#4508)
- Issue 4498 - BUG - entryuuid replication may not work (#4503)
- Issue 4480 - Unexpected info returned to ldap request (#4491)
- Issue 4504 - Fix pytest test_dsconf_replication_monitor (#4505)
- Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502)
- Issue 4500 - Add cockpit enabling to dsctl
- Issue 4272 - RFE - add support for gost-yescrypt for hashing passwords (#4497)
- Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481)
- Issue 3522 - Remove DES to AES conversion code
- Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493)
- Issue 4373 - BUG - calloc of size 0 in MT build (#4496)
- Issue 4483 - heap-use-after-free in slapi_be_getsuffix
- Issue 4486 - Remove random ldif file generation from import test (#4487)
- Issue 4224 - cleanup specfile after libsds removal
- Issue 4421 - Unable to build with Rust enabled in closed environment
- Issue 4489 - Remove return statement from a void function (#4490)
- Issue 4229 - RFE - Improve rust linking and build performance (#4474)
- Issue 4224 - openldap can become confused with entryuuid
- Issue 4313 - improve tests and improve readme re refdel
- Issue 4313 - fix potential syncrepl data corruption
- Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476)
- Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475)
- Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt (#4437)
- Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472)
- Issue 4446 - RFE - openldap password hashers
- Issue 4284 - dsidm fails to delete an organizationalUnit entry
- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466)
- Issue 4464 - RFE - clang with ds+asan+rust
- Issue 4105 - Remove python.six (fix regression)
- Issue 4384 - Use MONOTONIC clock for all timing events and conditions
- Issue 4418 - ldif2db - offline. Warn the user of skipped entries
- Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467)
- Issue 4460 - BUG - lib389 should use system tls policy
- Issue 3657 - Add options to dsctl for dsrc file
- Issue 4454 - RFE - fix version numbers to allow object caching
- Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set
- Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439)
- Issue 4112 - Added a CI test (#4441)
- Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451)
- Issue 4105 - Remove python.six from lib389 (#4456)
- Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444)
- Issue 4410 - RFE - ndn cache with arc in rust
- Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid
- Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining
- Issue 4428 - Paged Results with Chaining Test Case
- Issue 2054 - do not add referrals for masters with different data generation
- Issue 4383 - Do not normalize escaped spaces in a DN
- Issue 4432 - After a failed online import the next imports are very slow
- Issue 4316 - performance search rate: useless poll on network send callback (#4424)
- Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked'
- Issue 4429 - NULL dereference in revert_cache()
- Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422)
- Issue 4407 - RFE - remove http client and presence plugin (#4409)
- Issue 4398 - build problems at alpine linux
- Issue 4415 - unable to query schema if there are extra parenthesis
* Thu Oct 29 2020 Mark Reynolds <mreynolds@redhat.com> - 2.0.1-1
- Bump version to 2.0.1
- Issue 4420 - change NVR to use X.X.X instead of X.X.X.X
- Issue 4391 - DSE config modify does not call be_postop (#4394)
- Issue 4218 - Verify the new wtime and optime access log keywords (#4397)
- Issue 4176 - CL trimming causes high CPU
- Issue 2058 - Add keep alive entry after on-line initialization - second version (#4399)
- Issue 4403 - RFE - OpenLDAP pw hash migration tests (#4408)
* Wed Oct 28 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.5.0-1
- Bump version to 1.4.5.0
- Issue 4262 - more perl removal cleanup
- Issue 2526 - retrocl backend created out of order
* Mon Oct 26 2020 Mark Reynolds <mreynolds@redhat.com> - 1.4.4.6-1
- Bump version to 1.4.4.6
- Issue 4262 - Remove legacy tools subpackage (final cleanup)
- Issue 4262 - Remove legacy tools subpackage (restart instances after rpm install)
- Issue 4262 - Remove legacy tools subpackage
- Issue 2526 - revert API change in slapi_be_getsuffix()
- Issue 4363 - Sync repl: per thread structure was incorrectly initialized (#4395)
- Issue 4392 - Update create_test.py
- Issue 2820 - Fix CI tests (#4365)
- Issue 2526 - suffix management in backends incorrect
- Issue 4389 - errors log with incorrectly formatted message parent_update_on_childchange
- Issue 4295 - Fix a closing quote issue (#4386)
- Issue 1199 - Misleading message in access log for idle timeout (#4385)
- Issue 3600 - RFE - openldap migration tooling (#4318)
- Issue 4176 - import ldif2cl task should not close all changelogs
- Issue 4159 - Healthcheck code DSBLE0002 not returned on disabled suffix
- Issue 4379 - allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service (#4380)
- Issue 4329 - Sync repl - if a serie of updates target the same entry then the cookie get wrong changenumber (#4356)
- Issue 3555 - Fix npm audit issues (#4370)
- Issue 4372 - BUG - Chaining DB did not validate bind mech parameters (#4374)
- Issue 4334 - RFE - Task timeout may cause larger dataset imports to fail (#4359)
- Issue 4361 - RFE - add - dscreate --advanced flag to avoid user confusion
- Issue 4368 - ds-replcheck crashes when processing glue entries
- Issue 4366 - lib389 - Fix account status inactivity checks
- Issue 4265 - UI - Make the secondary plugins read-only (#4364)
- Issue 4360 - password policy max sequence sets is not working as expected
- Issue 4348 - Add tests for dsidm
- Issue 4350 - One line, fix invalid type error in tls_cacertdir check (#4358)