commit 3f5e12f58dd9a00d443d44bf116cd4d9e6def1e0 Author: MSVSphere Packaging Team Date: Wed Apr 3 14:28:41 2024 +0300 import 389-ds-base-1.4.3.39-2.module+el8.10.0+21274+876b7855 diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata new file mode 100644 index 0000000..dff35e2 --- /dev/null +++ b/.389-ds-base.metadata @@ -0,0 +1,3 @@ +bd9aab32d9cbf9231058d585479813f3420dc872 SOURCES/389-ds-base-1.4.3.39.tar.bz2 +1c8f2d0dfbf39fa8cd86363bf3314351ab21f8d4 SOURCES/jemalloc-5.3.0.tar.bz2 +978b7c5e4a9e5784fddb23ba1abe4dc5a071589f SOURCES/vendor-1.4.3.39-1.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..89f8081 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +SOURCES/389-ds-base-1.4.3.39.tar.bz2 +SOURCES/jemalloc-5.3.0.tar.bz2 +SOURCES/vendor-1.4.3.39-1.tar.gz diff --git a/SOURCES/0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch b/SOURCES/0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch new file mode 100644 index 0000000..11a2741 --- /dev/null +++ b/SOURCES/0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch @@ -0,0 +1,119 @@ +From dddb14210b402f317e566b6387c76a8e659bf7fa Mon Sep 17 00:00:00 2001 +From: progier389 +Date: Tue, 14 Feb 2023 13:34:10 +0100 +Subject: [PATCH 1/2] issue 5647 - covscan: memory leak in audit log when + adding entries (#5650) + +covscan reported an issue about "vals" variable in auditlog.c:231 and indeed a charray_free is missing. +Issue: 5647 +Reviewed by: @mreynolds389, @droideck +--- + ldap/servers/slapd/auditlog.c | 71 +++++++++++++++++++---------------- + 1 file changed, 38 insertions(+), 33 deletions(-) + +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index 68cbc674d..3128e0497 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -177,6 +177,40 @@ write_auditfail_log_entry(Slapi_PBlock *pb) + slapi_ch_free_string(&audit_config); + } + ++/* ++ * Write the attribute values to the audit log as "comments" ++ * ++ * Slapi_Attr *entry - the attribute begin logged. ++ * char *attrname - the attribute name. ++ * lenstr *l - the audit log buffer ++ * ++ * Resulting output in the log: ++ * ++ * #ATTR: VALUE ++ * #ATTR: VALUE ++ */ ++static void ++log_entry_attr(Slapi_Attr *entry_attr, char *attrname, lenstr *l) ++{ ++ Slapi_Value **vals = attr_get_present_values(entry_attr); ++ for(size_t i = 0; vals && vals[i]; i++) { ++ char log_val[256] = ""; ++ const struct berval *bv = slapi_value_get_berval(vals[i]); ++ if (bv->bv_len >= 256) { ++ strncpy(log_val, bv->bv_val, 252); ++ strcpy(log_val+252, "..."); ++ } else { ++ strncpy(log_val, bv->bv_val, bv->bv_len); ++ log_val[bv->bv_len] = 0; ++ } ++ addlenstr(l, "#"); ++ addlenstr(l, attrname); ++ addlenstr(l, ": "); ++ addlenstr(l, log_val); ++ addlenstr(l, "\n"); ++ } ++} ++ + /* + * Write "requested" attributes from the entry to the audit log as "comments" + * +@@ -212,21 +246,9 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + for (req_attr = ldap_utf8strtok_r(display_attrs, ", ", &last); req_attr; + req_attr = ldap_utf8strtok_r(NULL, ", ", &last)) + { +- char **vals = slapi_entry_attr_get_charray(entry, req_attr); +- for(size_t i = 0; vals && vals[i]; i++) { +- char log_val[256] = {0}; +- +- if (strlen(vals[i]) > 256) { +- strncpy(log_val, vals[i], 252); +- strcat(log_val, "..."); +- } else { +- strcpy(log_val, vals[i]); +- } +- addlenstr(l, "#"); +- addlenstr(l, req_attr); +- addlenstr(l, ": "); +- addlenstr(l, log_val); +- addlenstr(l, "\n"); ++ slapi_entry_attr_find(entry, req_attr, &entry_attr); ++ if (entry_attr) { ++ log_entry_attr(entry_attr, req_attr, l); + } + } + } else { +@@ -234,7 +256,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + for (; entry_attr; entry_attr = entry_attr->a_next) { + Slapi_Value **vals = attr_get_present_values(entry_attr); + char *attr = NULL; +- const char *val = NULL; + + slapi_attr_get_type(entry_attr, &attr); + if (strcmp(attr, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) { +@@ -251,23 +272,7 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + addlenstr(l, ": ****************************\n"); + continue; + } +- +- for(size_t i = 0; vals && vals[i]; i++) { +- char log_val[256] = {0}; +- +- val = slapi_value_get_string(vals[i]); +- if (strlen(val) > 256) { +- strncpy(log_val, val, 252); +- strcat(log_val, "..."); +- } else { +- strcpy(log_val, val); +- } +- addlenstr(l, "#"); +- addlenstr(l, attr); +- addlenstr(l, ": "); +- addlenstr(l, log_val); +- addlenstr(l, "\n"); +- } ++ log_entry_attr(entry_attr, attr, l); + } + } + slapi_ch_free_string(&display_attrs); +-- +2.43.0 + diff --git a/SOURCES/0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch b/SOURCES/0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch new file mode 100644 index 0000000..456ea5c --- /dev/null +++ b/SOURCES/0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch @@ -0,0 +1,27 @@ +From be7c2b82958e91ce08775bf6b5da3c311d3b00e5 Mon Sep 17 00:00:00 2001 +From: progier389 +Date: Mon, 20 Feb 2023 16:14:05 +0100 +Subject: [PATCH 2/2] Issue 5647 - Fix unused variable warning from previous + commit (#5670) + +* issue 5647 - memory leak in audit log when adding entries +* Issue 5647 - Fix unused variable warning from previous commit +--- + ldap/servers/slapd/auditlog.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c +index 3128e0497..0597ecc6f 100644 +--- a/ldap/servers/slapd/auditlog.c ++++ b/ldap/servers/slapd/auditlog.c +@@ -254,7 +254,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) + } else { + /* Return all attributes */ + for (; entry_attr; entry_attr = entry_attr->a_next) { +- Slapi_Value **vals = attr_get_present_values(entry_attr); + char *attr = NULL; + + slapi_attr_get_type(entry_attr, &attr); +-- +2.43.0 + diff --git a/SOURCES/0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch b/SOURCES/0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch new file mode 100644 index 0000000..670230c --- /dev/null +++ b/SOURCES/0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch @@ -0,0 +1,147 @@ +From 692c4cec6cc5c0086cf58f83bcfa690c766c9887 Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Fri, 2 Feb 2024 14:14:28 +0100 +Subject: [PATCH] Issue 5407 - sync_repl crashes if enabled while dynamic + plugin is enabled (#5411) + +Bug description: + When dynamic plugin is enabled, if a MOD enables sync_repl plugin + then sync_repl init function registers the postop callback + that will be called for the MOD itself while the preop + has not been called. + postop expects preop to be called and so primary operation + to be set. When it is not set it crashes + +Fix description: + If the primary operation is not set, just return + +relates: #5407 +--- + .../suites/syncrepl_plugin/basic_test.py | 68 +++++++++++++++++++ + ldap/servers/plugins/sync/sync_persist.c | 23 ++++++- + 2 files changed, 90 insertions(+), 1 deletion(-) + +diff --git a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py +index eb3770b78..cdf35eeaa 100644 +--- a/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py ++++ b/dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py +@@ -592,6 +592,74 @@ def test_sync_repl_cenotaph(topo_m2, request): + + request.addfinalizer(fin) + ++def test_sync_repl_dynamic_plugin(topology, request): ++ """Test sync_repl with dynamic plugin ++ ++ :id: d4f84913-c18a-459f-8525-110f610ca9e6 ++ :setup: install a standalone instance ++ :steps: ++ 1. reset instance to standard (no retroCL, no sync_repl, no dynamic plugin) ++ 2. Enable dynamic plugin ++ 3. Enable retroCL/content_sync ++ 4. Establish a sync_repl req ++ :expectedresults: ++ 1. Should succeeds ++ 2. Should succeeds ++ 3. Should succeeds ++ 4. Should succeeds ++ """ ++ ++ # Reset the instance in a default config ++ # Disable content sync plugin ++ topology.standalone.plugins.disable(name=PLUGIN_REPL_SYNC) ++ ++ # Disable retro changelog ++ topology.standalone.plugins.disable(name=PLUGIN_RETRO_CHANGELOG) ++ ++ # Disable dynamic plugins ++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'off')]) ++ topology.standalone.restart() ++ ++ # Now start the test ++ # Enable dynamic plugins ++ try: ++ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-dynamic-plugins', b'on')]) ++ except ldap.LDAPError as e: ++ log.error('Failed to enable dynamic plugin! {}'.format(e.args[0]['desc'])) ++ assert False ++ ++ # Enable retro changelog ++ topology.standalone.plugins.enable(name=PLUGIN_RETRO_CHANGELOG) ++ ++ # Enbale content sync plugin ++ topology.standalone.plugins.enable(name=PLUGIN_REPL_SYNC) ++ ++ # create a sync repl client and wait 5 seconds to be sure it is running ++ sync_repl = Sync_persist(topology.standalone) ++ sync_repl.start() ++ time.sleep(5) ++ ++ # create users ++ users = UserAccounts(topology.standalone, DEFAULT_SUFFIX) ++ users_set = [] ++ for i in range(10001, 10004): ++ users_set.append(users.create_test_user(uid=i)) ++ ++ time.sleep(10) ++ # delete users, that automember/memberof will generate nested updates ++ for user in users_set: ++ user.delete() ++ # stop the server to get the sync_repl result set (exit from while loop). ++ # Only way I found to acheive that. ++ # and wait a bit to let sync_repl thread time to set its result before fetching it. ++ topology.standalone.stop() ++ sync_repl.get_result() ++ sync_repl.join() ++ log.info('test_sync_repl_dynamic_plugin: PASS\n') ++ ++ # Success ++ log.info('Test complete') ++ + def test_sync_repl_invalid_cookie(topology, request): + """Test sync_repl with invalid cookie + +diff --git a/ldap/servers/plugins/sync/sync_persist.c b/ldap/servers/plugins/sync/sync_persist.c +index d2210b64c..283607361 100644 +--- a/ldap/servers/plugins/sync/sync_persist.c ++++ b/ldap/servers/plugins/sync/sync_persist.c +@@ -156,6 +156,17 @@ ignore_op_pl(Slapi_PBlock *pb) + * This is the same for ident + */ + prim_op = get_thread_primary_op(); ++ if (prim_op == NULL) { ++ /* This can happen if the PRE_OP (sync_update_persist_betxn_pre_op) was not called. ++ * The only known case it happens is with dynamic plugin enabled and an ++ * update that enable the sync_repl plugin. In such case sync_repl registers ++ * the postop (sync_update_persist_op) that is called while the preop was not called ++ */ ++ slapi_log_err(SLAPI_LOG_PLUGIN, SYNC_PLUGIN_SUBSYSTEM, ++ "ignore_op_pl - Operation without primary op set (0x%lx)\n", ++ (ulong) op); ++ return; ++ } + ident = sync_persist_get_operation_extension(pb); + + if (ident) { +@@ -232,8 +243,18 @@ sync_update_persist_op(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eprev, ber + + + prim_op = get_thread_primary_op(); ++ if (prim_op == NULL) { ++ /* This can happen if the PRE_OP (sync_update_persist_betxn_pre_op) was not called. ++ * The only known case it happens is with dynamic plugin enabled and an ++ * update that enable the sync_repl plugin. In such case sync_repl registers ++ * the postop (sync_update_persist_op) that is called while the preop was not called ++ */ ++ slapi_log_err(SLAPI_LOG_PLUGIN, SYNC_PLUGIN_SUBSYSTEM, ++ "sync_update_persist_op - Operation without primary op set (0x%lx)\n", ++ (ulong) pb_op); ++ return; ++ } + ident = sync_persist_get_operation_extension(pb); +- PR_ASSERT(prim_op); + + if ((ident == NULL) && operation_is_flag_set(pb_op, OP_FLAG_NOOP)) { + /* This happens for URP (add cenotaph, fixup rename, tombstone resurrect) +-- +2.43.0 + diff --git a/SOURCES/0004-Issue-5547-automember-plugin-improvements.patch b/SOURCES/0004-Issue-5547-automember-plugin-improvements.patch new file mode 100644 index 0000000..918945d --- /dev/null +++ b/SOURCES/0004-Issue-5547-automember-plugin-improvements.patch @@ -0,0 +1,840 @@ +From 8dc61a176323f0d41df730abd715ccff3034c2be Mon Sep 17 00:00:00 2001 +From: Mark Reynolds +Date: Sun, 27 Nov 2022 09:37:19 -0500 +Subject: [PATCH] Issue 5547 - automember plugin improvements + +Description: + +Rebuild task has the following improvements: + +- Only one task allowed at a time +- Do not cleanup previous members by default. Add new CLI option to intentionally + cleanup memberships before rebuilding from scratch. +- Add better task logging to show fixup progress + +To prevent automember from being called in a nested be_txn loop thread storage is +used to check and skip these loops. + +relates: https://github.com/389ds/389-ds-base/issues/5547 + +Reviewed by: spichugi(Thanks!) +--- + .../automember_plugin/automember_mod_test.py | 43 +++- + ldap/servers/plugins/automember/automember.c | 232 ++++++++++++++---- + ldap/servers/slapd/back-ldbm/ldbm_add.c | 11 +- + ldap/servers/slapd/back-ldbm/ldbm_delete.c | 10 +- + ldap/servers/slapd/back-ldbm/ldbm_modify.c | 11 +- + .../lib389/cli_conf/plugins/automember.py | 10 +- + src/lib389/lib389/plugins.py | 7 +- + src/lib389/lib389/tasks.py | 9 +- + 8 files changed, 250 insertions(+), 83 deletions(-) + +diff --git a/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py b/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py +index 8d25384bf..7a0ed3275 100644 +--- a/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py ++++ b/dirsrvtests/tests/suites/automember_plugin/automember_mod_test.py +@@ -5,12 +5,13 @@ + # License: GPL (version 3 or any later version). + # See LICENSE for details. + # --- END COPYRIGHT BLOCK --- +-# ++import ldap + import logging + import pytest + import os ++import time + from lib389.utils import ds_is_older +-from lib389._constants import * ++from lib389._constants import DEFAULT_SUFFIX + from lib389.plugins import AutoMembershipPlugin, AutoMembershipDefinitions + from lib389.idm.user import UserAccounts + from lib389.idm.group import Groups +@@ -41,6 +42,11 @@ def automember_fixture(topo, request): + user_accts = UserAccounts(topo.standalone, DEFAULT_SUFFIX) + user = user_accts.create_test_user() + ++ # Create extra users ++ users = UserAccounts(topo.standalone, DEFAULT_SUFFIX) ++ for i in range(0, 100): ++ users.create_test_user(uid=i) ++ + # Create automember definitions and regex rules + automember_prop = { + 'cn': 'testgroup_definition', +@@ -59,7 +65,7 @@ def automember_fixture(topo, request): + automemberplugin.enable() + topo.standalone.restart() + +- return (user, groups) ++ return user, groups + + + def test_mods(automember_fixture, topo): +@@ -72,19 +78,21 @@ def test_mods(automember_fixture, topo): + 2. Update user that should add it to group[1] + 3. Update user that should add it to group[2] + 4. Update user that should add it to group[0] +- 5. Test rebuild task correctly moves user to group[1] ++ 5. Test rebuild task adds user to group[1] ++ 6. Test rebuild task cleanups groups and only adds it to group[1] + :expectedresults: + 1. Success + 2. Success + 3. Success + 4. Success + 5. Success ++ 6. Success + """ + (user, groups) = automember_fixture + + # Update user which should go into group[0] + user.replace('cn', 'whatever') +- groups[0].is_member(user.dn) ++ assert groups[0].is_member(user.dn) + if groups[1].is_member(user.dn): + assert False + if groups[2].is_member(user.dn): +@@ -92,7 +100,7 @@ def test_mods(automember_fixture, topo): + + # Update user0 which should go into group[1] + user.replace('cn', 'mark') +- groups[1].is_member(user.dn) ++ assert groups[1].is_member(user.dn) + if groups[0].is_member(user.dn): + assert False + if groups[2].is_member(user.dn): +@@ -100,7 +108,7 @@ def test_mods(automember_fixture, topo): + + # Update user which should go into group[2] + user.replace('cn', 'simon') +- groups[2].is_member(user.dn) ++ assert groups[2].is_member(user.dn) + if groups[0].is_member(user.dn): + assert False + if groups[1].is_member(user.dn): +@@ -108,7 +116,7 @@ def test_mods(automember_fixture, topo): + + # Update user which should go back into group[0] (full circle) + user.replace('cn', 'whatever') +- groups[0].is_member(user.dn) ++ assert groups[0].is_member(user.dn) + if groups[1].is_member(user.dn): + assert False + if groups[2].is_member(user.dn): +@@ -128,12 +136,24 @@ def test_mods(automember_fixture, topo): + automemberplugin.enable() + topo.standalone.restart() + +- # Run rebuild task ++ # Run rebuild task (no cleanup) + task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount") ++ with pytest.raises(ldap.UNWILLING_TO_PERFORM): ++ # test only one fixup task is allowed at a time ++ automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=top") + task.wait() + +- # Test membership +- groups[1].is_member(user.dn) ++ # Test membership (user should still be in groups[0]) ++ assert groups[1].is_member(user.dn) ++ if not groups[0].is_member(user.dn): ++ assert False ++ ++ # Run rebuild task with cleanup ++ task = automemberplugin.fixup(DEFAULT_SUFFIX, "objectclass=posixaccount", cleanup=True) ++ task.wait() ++ ++ # Test membership (user should only be in groups[1]) ++ assert groups[1].is_member(user.dn) + if groups[0].is_member(user.dn): + assert False + if groups[2].is_member(user.dn): +@@ -148,4 +168,3 @@ if __name__ == '__main__': + # -s for DEBUG mode + CURRENT_FILE = os.path.realpath(__file__) + pytest.main(["-s", CURRENT_FILE]) +- +diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c +index 3494d0343..419adb052 100644 +--- a/ldap/servers/plugins/automember/automember.c ++++ b/ldap/servers/plugins/automember/automember.c +@@ -1,5 +1,5 @@ + /** BEGIN COPYRIGHT BLOCK +- * Copyright (C) 2011 Red Hat, Inc. ++ * Copyright (C) 2022 Red Hat, Inc. + * All rights reserved. + * + * License: GPL (version 3 or any later version). +@@ -14,7 +14,7 @@ + * Auto Membership Plug-in + */ + #include "automember.h" +- ++#include + + /* + * Plug-in globals +@@ -22,7 +22,9 @@ + static PRCList *g_automember_config = NULL; + static Slapi_RWLock *g_automember_config_lock = NULL; + static uint64_t abort_rebuild_task = 0; +- ++static pthread_key_t td_automem_block_nested; ++static PRBool fixup_running = PR_FALSE; ++static PRLock *fixup_lock = NULL; + static void *_PluginID = NULL; + static Slapi_DN *_PluginDN = NULL; + static Slapi_DN *_ConfigAreaDN = NULL; +@@ -93,9 +95,43 @@ static void automember_task_export_destructor(Slapi_Task *task); + static void automember_task_map_destructor(Slapi_Task *task); + + #define DEFAULT_FILE_MODE PR_IRUSR | PR_IWUSR ++#define FIXUP_PROGRESS_LIMIT 1000 + static uint64_t plugin_do_modify = 0; + static uint64_t plugin_is_betxn = 0; + ++/* automember_plugin fixup task and add operations should block other be_txn ++ * plugins from calling automember_post_op_mod() */ ++static int32_t ++slapi_td_block_nested_post_op(void) ++{ ++ int32_t val = 12345; ++ ++ if (pthread_setspecific(td_automem_block_nested, (void *)&val) != 0) { ++ return PR_FAILURE; ++ } ++ return PR_SUCCESS; ++} ++ ++static int32_t ++slapi_td_unblock_nested_post_op(void) ++{ ++ if (pthread_setspecific(td_automem_block_nested, NULL) != 0) { ++ return PR_FAILURE; ++ } ++ return PR_SUCCESS; ++} ++ ++static int32_t ++slapi_td_is_post_op_nested(void) ++{ ++ int32_t *value = pthread_getspecific(td_automem_block_nested); ++ ++ if (value == NULL) { ++ return 0; ++ } ++ return 1; ++} ++ + /* + * Config cache locking functions + */ +@@ -317,6 +353,14 @@ automember_start(Slapi_PBlock *pb) + return -1; + } + ++ if (fixup_lock == NULL) { ++ if ((fixup_lock = PR_NewLock()) == NULL) { ++ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_start - Failed to create fixup lock.\n"); ++ return -1; ++ } ++ } ++ + /* + * Get the plug-in target dn from the system + * and store it for future use. */ +@@ -360,6 +404,11 @@ automember_start(Slapi_PBlock *pb) + } + } + ++ if (pthread_key_create(&td_automem_block_nested, NULL) != 0) { ++ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_start - pthread_key_create failed\n"); ++ } ++ + slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "automember_start - ready for service\n"); + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, +@@ -394,6 +443,8 @@ automember_close(Slapi_PBlock *pb __attribute__((unused))) + slapi_sdn_free(&_ConfigAreaDN); + slapi_destroy_rwlock(g_automember_config_lock); + g_automember_config_lock = NULL; ++ PR_DestroyLock(fixup_lock); ++ fixup_lock = NULL; + + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "<-- automember_close\n"); +@@ -1619,7 +1670,6 @@ out: + return rc; + } + +- + /* + * automember_update_member_value() + * +@@ -1634,7 +1684,7 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char + LDAPMod *mods[2]; + char *vals[2]; + char *member_value = NULL; +- int rc = 0; ++ int rc = LDAP_SUCCESS; + Slapi_DN *group_sdn; + + /* First thing check that the group still exists */ +@@ -1653,7 +1703,7 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char + "automember_update_member_value - group (default or target) can not be retrieved (%s) err=%d\n", + group_dn, rc); + } +- return rc; ++ goto out; + } + + /* If grouping_value is dn, we need to fetch the dn instead. */ +@@ -1879,6 +1929,13 @@ automember_mod_post_op(Slapi_PBlock *pb) + PRCList *list = NULL; + int rc = SLAPI_PLUGIN_SUCCESS; + ++ if (slapi_td_is_post_op_nested()) { ++ /* don't process op twice in the same thread */ ++ return rc; ++ } else { ++ slapi_td_block_nested_post_op(); ++ } ++ + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "--> automember_mod_post_op\n"); + +@@ -2005,6 +2062,7 @@ automember_mod_post_op(Slapi_PBlock *pb) + } + } + } ++ slapi_td_unblock_nested_post_op(); + + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "<-- automember_mod_post_op (%d)\n", rc); +@@ -2024,6 +2082,13 @@ automember_add_post_op(Slapi_PBlock *pb) + slapi_log_err(SLAPI_LOG_TRACE, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "--> automember_add_post_op\n"); + ++ if (slapi_td_is_post_op_nested()) { ++ /* don't process op twice in the same thread */ ++ return rc; ++ } else { ++ slapi_td_block_nested_post_op(); ++ } ++ + /* Reload config if a config entry was added. */ + if ((sdn = automember_get_sdn(pb))) { + if (automember_dn_is_config(sdn)) { +@@ -2039,7 +2104,7 @@ automember_add_post_op(Slapi_PBlock *pb) + + /* If replication, just bail. */ + if (automember_isrepl(pb)) { +- return SLAPI_PLUGIN_SUCCESS; ++ goto bail; + } + + /* Get the newly added entry. */ +@@ -2052,7 +2117,7 @@ automember_add_post_op(Slapi_PBlock *pb) + tombstone); + slapi_value_free(&tombstone); + if (is_tombstone) { +- return SLAPI_PLUGIN_SUCCESS; ++ goto bail; + } + + /* Check if a config entry applies +@@ -2063,21 +2128,19 @@ automember_add_post_op(Slapi_PBlock *pb) + list = PR_LIST_HEAD(g_automember_config); + while (list != g_automember_config) { + config = (struct configEntry *)list; +- + /* Does the entry meet scope and filter requirements? */ + if (slapi_dn_issuffix(slapi_sdn_get_dn(sdn), config->scope) && +- (slapi_filter_test_simple(e, config->filter) == 0)) { ++ (slapi_filter_test_simple(e, config->filter) == 0)) ++ { + /* Find out what membership changes are needed and make them. */ + if (automember_update_membership(config, e, NULL) == SLAPI_PLUGIN_FAILURE) { + rc = SLAPI_PLUGIN_FAILURE; + break; + } + } +- + list = PR_NEXT_LINK(list); + } + } +- + automember_config_unlock(); + } else { + slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, +@@ -2098,6 +2161,7 @@ bail: + slapi_pblock_set(pb, SLAPI_RESULT_CODE, &result); + slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, &errtxt); + } ++ slapi_td_unblock_nested_post_op(); + + return rc; + } +@@ -2138,6 +2202,7 @@ typedef struct _task_data + Slapi_DN *base_dn; + char *bind_dn; + int scope; ++ PRBool cleanup; + } task_data; + + static void +@@ -2270,6 +2335,7 @@ automember_task_abort_thread(void *arg) + * basedn: dc=example,dc=com + * filter: (uid=*) + * scope: sub ++ * cleanup: yes/on (default is off) + * + * basedn and filter are required. If scope is omitted, the default is sub + */ +@@ -2284,9 +2350,22 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + const char *base_dn; + const char *filter; + const char *scope; ++ const char *cleanup_str; ++ PRBool cleanup = PR_FALSE; + + *returncode = LDAP_SUCCESS; + ++ PR_Lock(fixup_lock); ++ if (fixup_running) { ++ PR_Unlock(fixup_lock); ++ *returncode = LDAP_UNWILLING_TO_PERFORM; ++ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_task_add - there is already a fixup task running\n"); ++ rv = SLAPI_DSE_CALLBACK_ERROR; ++ goto out; ++ } ++ PR_Unlock(fixup_lock); ++ + /* + * Grab the task params + */ +@@ -2300,6 +2379,12 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + rv = SLAPI_DSE_CALLBACK_ERROR; + goto out; + } ++ if ((cleanup_str = slapi_entry_attr_get_ref(e, "cleanup"))) { ++ if (strcasecmp(cleanup_str, "yes") == 0 || strcasecmp(cleanup_str, "on")) { ++ cleanup = PR_TRUE; ++ } ++ } ++ + scope = slapi_fetch_attr(e, "scope", "sub"); + /* + * setup our task data +@@ -2315,6 +2400,7 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + mytaskdata->bind_dn = slapi_ch_strdup(bind_dn); + mytaskdata->base_dn = slapi_sdn_new_dn_byval(base_dn); + mytaskdata->filter_str = slapi_ch_strdup(filter); ++ mytaskdata->cleanup = cleanup; + + if (scope) { + if (strcasecmp(scope, "sub") == 0) { +@@ -2334,6 +2420,9 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + task = slapi_plugin_new_task(slapi_entry_get_ndn(e), arg); + slapi_task_set_destructor_fn(task, automember_task_destructor); + slapi_task_set_data(task, mytaskdata); ++ PR_Lock(fixup_lock); ++ fixup_running = PR_TRUE; ++ PR_Unlock(fixup_lock); + /* + * Start the task as a separate thread + */ +@@ -2345,6 +2434,9 @@ automember_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter __attr + "automember_task_add - Unable to create task thread!\n"); + *returncode = LDAP_OPERATIONS_ERROR; + slapi_task_finish(task, *returncode); ++ PR_Lock(fixup_lock); ++ fixup_running = PR_FALSE; ++ PR_Unlock(fixup_lock); + rv = SLAPI_DSE_CALLBACK_ERROR; + } else { + rv = SLAPI_DSE_CALLBACK_OK; +@@ -2372,6 +2464,9 @@ automember_rebuild_task_thread(void *arg) + PRCList *list = NULL; + PRCList *include_list = NULL; + int result = 0; ++ int64_t fixup_progress_count = 0; ++ int64_t fixup_progress_elapsed = 0; ++ int64_t fixup_start_time = 0; + size_t i = 0; + + /* Reset abort flag */ +@@ -2380,6 +2475,7 @@ automember_rebuild_task_thread(void *arg) + if (!task) { + return; /* no task */ + } ++ + slapi_task_inc_refcount(task); + slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "automember_rebuild_task_thread - Refcount incremented.\n"); +@@ -2393,9 +2489,11 @@ automember_rebuild_task_thread(void *arg) + slapi_task_log_status(task, "Automember rebuild task starting (base dn: (%s) filter (%s)...", + slapi_sdn_get_dn(td->base_dn), td->filter_str); + /* +- * Set the bind dn in the local thread data ++ * Set the bind dn in the local thread data, and block post op mods + */ + slapi_td_set_dn(slapi_ch_strdup(td->bind_dn)); ++ slapi_td_block_nested_post_op(); ++ fixup_start_time = slapi_current_rel_time_t(); + /* + * Take the config lock now and search the database + */ +@@ -2426,6 +2524,21 @@ automember_rebuild_task_thread(void *arg) + * Loop over the entries + */ + for (i = 0; entries && (entries[i] != NULL); i++) { ++ fixup_progress_count++; ++ if (fixup_progress_count % FIXUP_PROGRESS_LIMIT == 0 ) { ++ slapi_task_log_notice(task, ++ "Processed %ld entries in %ld seconds (+%ld seconds)", ++ fixup_progress_count, ++ slapi_current_rel_time_t() - fixup_start_time, ++ slapi_current_rel_time_t() - fixup_progress_elapsed); ++ slapi_task_log_status(task, ++ "Processed %ld entries in %ld seconds (+%ld seconds)", ++ fixup_progress_count, ++ slapi_current_rel_time_t() - fixup_start_time, ++ slapi_current_rel_time_t() - fixup_progress_elapsed); ++ slapi_task_inc_progress(task); ++ fixup_progress_elapsed = slapi_current_rel_time_t(); ++ } + if (slapi_atomic_load_64(&abort_rebuild_task, __ATOMIC_ACQUIRE) == 1) { + /* The task was aborted */ + slapi_task_log_notice(task, "Automember rebuild task was intentionally aborted"); +@@ -2443,48 +2556,66 @@ automember_rebuild_task_thread(void *arg) + if (slapi_dn_issuffix(slapi_entry_get_dn(entries[i]), config->scope) && + (slapi_filter_test_simple(entries[i], config->filter) == 0)) + { +- /* First clear out all the defaults groups */ +- for (size_t ii = 0; config->default_groups && config->default_groups[ii]; ii++) { +- if ((result = automember_update_member_value(entries[i], config->default_groups[ii], +- config->grouping_attr, config->grouping_value, NULL, DEL_MEMBER))) +- { +- slapi_task_log_notice(task, "Automember rebuild membership task unable to delete " +- "member from default group (%s) error (%d)", +- config->default_groups[ii], result); +- slapi_task_log_status(task, "Automember rebuild membership task unable to delete " +- "member from default group (%s) error (%d)", +- config->default_groups[ii], result); +- slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, +- "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n", +- config->default_groups[ii], result); +- goto out; +- } +- } +- +- /* Then clear out the non-default group */ +- if (config->inclusive_rules && !PR_CLIST_IS_EMPTY((PRCList *)config->inclusive_rules)) { +- include_list = PR_LIST_HEAD((PRCList *)config->inclusive_rules); +- while (include_list != (PRCList *)config->inclusive_rules) { +- struct automemberRegexRule *curr_rule = (struct automemberRegexRule *)include_list; +- if ((result = automember_update_member_value(entries[i], slapi_sdn_get_dn(curr_rule->target_group_dn), +- config->grouping_attr, config->grouping_value, NULL, DEL_MEMBER))) ++ if (td->cleanup) { ++ ++ slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_rebuild_task_thread - Cleaning up groups (config %s)\n", ++ config->dn); ++ /* First clear out all the defaults groups */ ++ for (size_t ii = 0; config->default_groups && config->default_groups[ii]; ii++) { ++ if ((result = automember_update_member_value(entries[i], ++ config->default_groups[ii], ++ config->grouping_attr, ++ config->grouping_value, ++ NULL, DEL_MEMBER))) + { + slapi_task_log_notice(task, "Automember rebuild membership task unable to delete " +- "member from group (%s) error (%d)", +- slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ "member from default group (%s) error (%d)", ++ config->default_groups[ii], result); + slapi_task_log_status(task, "Automember rebuild membership task unable to delete " +- "member from group (%s) error (%d)", +- slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ "member from default group (%s) error (%d)", ++ config->default_groups[ii], result); + slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, + "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n", +- slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ config->default_groups[ii], result); + goto out; + } +- include_list = PR_NEXT_LINK(include_list); + } ++ ++ /* Then clear out the non-default group */ ++ if (config->inclusive_rules && !PR_CLIST_IS_EMPTY((PRCList *)config->inclusive_rules)) { ++ include_list = PR_LIST_HEAD((PRCList *)config->inclusive_rules); ++ while (include_list != (PRCList *)config->inclusive_rules) { ++ struct automemberRegexRule *curr_rule = (struct automemberRegexRule *)include_list; ++ if ((result = automember_update_member_value(entries[i], ++ slapi_sdn_get_dn(curr_rule->target_group_dn), ++ config->grouping_attr, ++ config->grouping_value, ++ NULL, DEL_MEMBER))) ++ { ++ slapi_task_log_notice(task, "Automember rebuild membership task unable to delete " ++ "member from group (%s) error (%d)", ++ slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ slapi_task_log_status(task, "Automember rebuild membership task unable to delete " ++ "member from group (%s) error (%d)", ++ slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_rebuild_task_thread - Unable to unable to delete from (%s) error (%d)\n", ++ slapi_sdn_get_dn(curr_rule->target_group_dn), result); ++ goto out; ++ } ++ include_list = PR_NEXT_LINK(include_list); ++ } ++ } ++ slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_rebuild_task_thread - Finished cleaning up groups (config %s)\n", ++ config->dn); + } + + /* Update the memberships for this entries */ ++ slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, ++ "automember_rebuild_task_thread - Updating membership (config %s)\n", ++ config->dn); + if (slapi_is_shutting_down() || + automember_update_membership(config, entries[i], NULL) == SLAPI_PLUGIN_FAILURE) + { +@@ -2508,15 +2639,22 @@ out: + slapi_task_log_notice(task, "Automember rebuild task aborted. Error (%d)", result); + slapi_task_log_status(task, "Automember rebuild task aborted. Error (%d)", result); + } else { +- slapi_task_log_notice(task, "Automember rebuild task finished. Processed (%d) entries.", (int32_t)i); +- slapi_task_log_status(task, "Automember rebuild task finished. Processed (%d) entries.", (int32_t)i); ++ slapi_task_log_notice(task, "Automember rebuild task finished. Processed (%ld) entries in %ld seconds", ++ (int64_t)i, slapi_current_rel_time_t() - fixup_start_time); ++ slapi_task_log_status(task, "Automember rebuild task finished. Processed (%ld) entries in %ld seconds", ++ (int64_t)i, slapi_current_rel_time_t() - fixup_start_time); + } + slapi_task_inc_progress(task); + slapi_task_finish(task, result); + slapi_task_dec_refcount(task); + slapi_atomic_store_64(&abort_rebuild_task, 0, __ATOMIC_RELEASE); ++ slapi_td_unblock_nested_post_op(); ++ PR_Lock(fixup_lock); ++ fixup_running = PR_FALSE; ++ PR_Unlock(fixup_lock); ++ + slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM, +- "automember_rebuild_task_thread - Refcount decremented.\n"); ++ "automember_rebuild_task_thread - task finished, refcount decremented.\n"); + } + + /* +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c +index ba2d73a84..ce4c314a1 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c +@@ -1,6 +1,6 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2022 Red Hat, Inc. + * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. + * All rights reserved. + * +@@ -1264,10 +1264,6 @@ ldbm_back_add(Slapi_PBlock *pb) + goto common_return; + + error_return: +- /* Revert the caches if this is the parent operation */ +- if (parent_op && betxn_callback_fails) { +- revert_cache(inst, &parent_time); +- } + if (addingentry_id_assigned) { + next_id_return(be, addingentry->ep_id); + } +@@ -1376,6 +1372,11 @@ diskfull_return: + if (!not_an_error) { + rc = SLAPI_FAIL_GENERAL; + } ++ ++ /* Revert the caches if this is the parent operation */ ++ if (parent_op && betxn_callback_fails) { ++ revert_cache(inst, &parent_time); ++ } + } + + common_return: +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c +index de23190c3..27f0ac58a 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c +@@ -1407,11 +1407,6 @@ commit_return: + goto common_return; + + error_return: +- /* Revert the caches if this is the parent operation */ +- if (parent_op && betxn_callback_fails) { +- revert_cache(inst, &parent_time); +- } +- + if (tombstone) { + if (cache_is_in_cache(&inst->inst_cache, tombstone)) { + tomb_ep_id = tombstone->ep_id; /* Otherwise, tombstone might have been freed. */ +@@ -1496,6 +1491,11 @@ error_return: + conn_id, op_id, parent_modify_c.old_entry, parent_modify_c.new_entry, myrc); + } + ++ /* Revert the caches if this is the parent operation */ ++ if (parent_op && betxn_callback_fails) { ++ revert_cache(inst, &parent_time); ++ } ++ + common_return: + if (orig_entry) { + /* NOTE: #define SLAPI_DELETE_BEPREOP_ENTRY SLAPI_ENTRY_PRE_OP */ +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c +index 537369055..64b293001 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c +@@ -1,6 +1,6 @@ + /** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. +- * Copyright (C) 2005 Red Hat, Inc. ++ * Copyright (C) 2022 Red Hat, Inc. + * Copyright (C) 2009 Hewlett-Packard Development Company, L.P. + * All rights reserved. + * +@@ -1043,11 +1043,6 @@ ldbm_back_modify(Slapi_PBlock *pb) + goto common_return; + + error_return: +- /* Revert the caches if this is the parent operation */ +- if (parent_op && betxn_callback_fails) { +- revert_cache(inst, &parent_time); +- } +- + if (postentry != NULL) { + slapi_entry_free(postentry); + postentry = NULL; +@@ -1103,6 +1098,10 @@ error_return: + if (!not_an_error) { + rc = SLAPI_FAIL_GENERAL; + } ++ /* Revert the caches if this is the parent operation */ ++ if (parent_op && betxn_callback_fails) { ++ revert_cache(inst, &parent_time); ++ } + } + + /* if ec is in cache, remove it, then add back e if we still have it */ +diff --git a/src/lib389/lib389/cli_conf/plugins/automember.py b/src/lib389/lib389/cli_conf/plugins/automember.py +index 15b00c633..568586ad8 100644 +--- a/src/lib389/lib389/cli_conf/plugins/automember.py ++++ b/src/lib389/lib389/cli_conf/plugins/automember.py +@@ -155,7 +155,7 @@ def fixup(inst, basedn, log, args): + log.info('Attempting to add task entry... This will fail if Automembership plug-in is not enabled.') + if not plugin.status(): + log.error("'%s' is disabled. Rebuild membership task can't be executed" % plugin.rdn) +- fixup_task = plugin.fixup(args.DN, args.filter) ++ fixup_task = plugin.fixup(args.DN, args.filter, args.cleanup) + if args.wait: + log.info(f'Waiting for fixup task "{fixup_task.dn}" to complete. You can safely exit by pressing Control C ...') + fixup_task.wait(timeout=args.timeout) +@@ -225,8 +225,8 @@ def create_parser(subparsers): + subcommands = automember.add_subparsers(help='action') + add_generic_plugin_parsers(subcommands, AutoMembershipPlugin) + +- list = subcommands.add_parser('list', help='List Automembership definitions or regex rules.') +- subcommands_list = list.add_subparsers(help='action') ++ automember_list = subcommands.add_parser('list', help='List Automembership definitions or regex rules.') ++ subcommands_list = automember_list.add_subparsers(help='action') + list_definitions = subcommands_list.add_parser('definitions', help='Lists Automembership definitions.') + list_definitions.set_defaults(func=definition_list) + list_regexes = subcommands_list.add_parser('regexes', help='List Automembership regex rules.') +@@ -269,6 +269,8 @@ def create_parser(subparsers): + fixup_task.add_argument('-f', '--filter', required=True, help='Sets the LDAP filter for entries to fix up') + fixup_task.add_argument('-s', '--scope', required=True, choices=['sub', 'base', 'one'], type=str.lower, + help='Sets the LDAP search scope for entries to fix up') ++ fixup_task.add_argument('--cleanup', action='store_true', ++ help="Clean up previous group memberships before rebuilding") + fixup_task.add_argument('--wait', action='store_true', + help="Wait for the task to finish, this could take a long time") + fixup_task.add_argument('--timeout', default=0, type=int, +@@ -279,7 +281,7 @@ def create_parser(subparsers): + fixup_status.add_argument('--dn', help="The task entry's DN") + fixup_status.add_argument('--show-log', action='store_true', help="Display the task log") + fixup_status.add_argument('--watch', action='store_true', +- help="Watch the task's status and wait for it to finish") ++ help="Watch the task's status and wait for it to finish") + + abort_fixup = subcommands.add_parser('abort-fixup', help='Abort the rebuild membership task.') + abort_fixup.set_defaults(func=abort) +diff --git a/src/lib389/lib389/plugins.py b/src/lib389/lib389/plugins.py +index 52691a44c..a1ad0a45b 100644 +--- a/src/lib389/lib389/plugins.py ++++ b/src/lib389/lib389/plugins.py +@@ -1141,13 +1141,15 @@ class AutoMembershipPlugin(Plugin): + def __init__(self, instance, dn="cn=Auto Membership Plugin,cn=plugins,cn=config"): + super(AutoMembershipPlugin, self).__init__(instance, dn) + +- def fixup(self, basedn, _filter=None): ++ def fixup(self, basedn, _filter=None, cleanup=False): + """Create an automember rebuild membership task + + :param basedn: Basedn to fix up + :type basedn: str + :param _filter: a filter for entries to fix up + :type _filter: str ++ :param cleanup: cleanup old group memberships ++ :type cleanup: boolean + + :returns: an instance of Task(DSLdapObject) + """ +@@ -1156,6 +1158,9 @@ class AutoMembershipPlugin(Plugin): + task_properties = {'basedn': basedn} + if _filter is not None: + task_properties['filter'] = _filter ++ if cleanup: ++ task_properties['cleanup'] = "yes" ++ + task.create(properties=task_properties) + + return task +diff --git a/src/lib389/lib389/tasks.py b/src/lib389/lib389/tasks.py +index 1a16bbb83..193805780 100644 +--- a/src/lib389/lib389/tasks.py ++++ b/src/lib389/lib389/tasks.py +@@ -1006,12 +1006,13 @@ class Tasks(object): + return exitCode + + def automemberRebuild(self, suffix=DEFAULT_SUFFIX, scope='sub', +- filterstr='objectclass=top', args=None): ++ filterstr='objectclass=top', cleanup=False, args=None): + ''' +- @param suffix - The suffix the task should examine - defualt is ++ @param suffix - The suffix the task should examine - default is + "dc=example,dc=com" + @param scope - The scope of the search to find entries +- @param fitlerstr - THe search filter to find entries ++ @param fitlerstr - The search filter to find entries ++ @param cleanup - reset/clear the old group mmeberships prior to rebuilding + @param args - is a dictionary that contains modifier of the task + wait: True/[False] - If True, waits for the completion of + the task before to return +@@ -1027,6 +1028,8 @@ class Tasks(object): + entry.setValues('basedn', suffix) + entry.setValues('filter', filterstr) + entry.setValues('scope', scope) ++ if cleanup: ++ entry.setValues('cleanup', 'yes') + + # start the task and possibly wait for task completion + try: +-- +2.43.0 + diff --git a/SOURCES/389-ds-base-devel.README b/SOURCES/389-ds-base-devel.README new file mode 100644 index 0000000..190c874 --- /dev/null +++ b/SOURCES/389-ds-base-devel.README @@ -0,0 +1,4 @@ +For detailed information on developing plugins for +389 Directory Server visit. + +http://port389/wiki/Plugins diff --git a/SOURCES/389-ds-base-git.sh b/SOURCES/389-ds-base-git.sh new file mode 100644 index 0000000..0043901 --- /dev/null +++ b/SOURCES/389-ds-base-git.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +DATE=`date +%Y%m%d` +# use a real tag name here +VERSION=1.3.5.14 +PKGNAME=389-ds-base +TAG=${TAG:-$PKGNAME-$VERSION} +URL="https://git.fedorahosted.org/git/?p=389/ds.git;a=snapshot;h=$TAG;sf=tgz" +SRCNAME=$PKGNAME-$VERSION + +wget -O $SRCNAME.tar.gz "$URL" + +echo convert tgz format to tar.bz2 format + +gunzip $PKGNAME-$VERSION.tar.gz +bzip2 $PKGNAME-$VERSION.tar diff --git a/SOURCES/Cargo-1.4.3.39-1.lock b/SOURCES/Cargo-1.4.3.39-1.lock new file mode 100644 index 0000000..4667a17 --- /dev/null +++ b/SOURCES/Cargo-1.4.3.39-1.lock @@ -0,0 +1,933 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "addr2line" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + +[[package]] +name = "ahash" +version = "0.7.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a824f2aa7e75a0c98c5a504fceb80649e9c35265d44525b5f94de4771a395cd" +dependencies = [ + "getrandom", + "once_cell", + "version_check", +] + +[[package]] +name = "ansi_term" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" +dependencies = [ + "winapi", +] + +[[package]] +name = "atty" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" +dependencies = [ + "hermit-abi", + "libc", + "winapi", +] + +[[package]] +name = "autocfg" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + +[[package]] +name = "backtrace" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +dependencies = [ + "addr2line", + "cc", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + +[[package]] +name = "base64" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" + +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "bitflags" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cbindgen" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9daec6140ab4dcd38c3dd57e580b59a621172a526ac79f1527af760a55afeafd" +dependencies = [ + "clap", + "log", + "proc-macro2", + "quote", + "serde", + "serde_json", + "syn 1.0.109", + "tempfile", + "toml", +] + +[[package]] +name = "cc" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +dependencies = [ + "jobserver", + "libc", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "clap" +version = "2.34.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" +dependencies = [ + "ansi_term", + "atty", + "bitflags 1.3.2", + "strsim", + "textwrap", + "unicode-width", + "vec_map", +] + +[[package]] +name = "concread" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcc9816f5ac93ebd51c37f7f9a6bf2b40dfcd42978ad2aea5d542016e9244cf6" +dependencies = [ + "ahash", + "crossbeam", + "crossbeam-epoch", + "crossbeam-utils", + "lru", + "parking_lot", + "rand", + "smallvec", + "tokio", +] + +[[package]] +name = "crossbeam" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1137cd7e7fc0fb5d3c5a8678be38ec56e819125d8d7907411fe24ccb943faca8" +dependencies = [ + "crossbeam-channel", + "crossbeam-deque", + "crossbeam-epoch", + "crossbeam-queue", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-channel" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "176dc175b78f56c0f321911d9c8eb2b77a78a4860b9c19db83835fea1a46649b" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-queue" +version = "0.3.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df0346b5d5e76ac2fe4e327c5fd1118d6be7c51dfb18f9b7922923f287471e35" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" + +[[package]] +name = "entryuuid" +version = "0.1.0" +dependencies = [ + "cc", + "libc", + "paste", + "slapi_r_plugin", + "uuid", +] + +[[package]] +name = "entryuuid_syntax" +version = "0.1.0" +dependencies = [ + "cc", + "libc", + "paste", + "slapi_r_plugin", + "uuid", +] + +[[package]] +name = "errno" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "fastrand" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" + +[[package]] +name = "fernet" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93804560e638370a8be6d59ce71ed803e55e230abdbf42598e666b41adda9b1f" +dependencies = [ + "base64", + "byteorder", + "getrandom", + "openssl", + "zeroize", +] + +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "getrandom" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "gimli" +version = "0.28.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" + +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" +dependencies = [ + "ahash", +] + +[[package]] +name = "hermit-abi" +version = "0.1.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" +dependencies = [ + "libc", +] + +[[package]] +name = "instant" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "itoa" +version = "1.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" + +[[package]] +name = "jobserver" +version = "0.1.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c37f63953c4c63420ed5fd3d6d398c719489b9f872b9fa683262f8edd363c7d" +dependencies = [ + "libc", +] + +[[package]] +name = "libc" +version = "0.2.152" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" + +[[package]] +name = "librnsslapd" +version = "0.1.0" +dependencies = [ + "cbindgen", + "libc", + "slapd", +] + +[[package]] +name = "librslapd" +version = "0.1.0" +dependencies = [ + "cbindgen", + "concread", + "libc", + "slapd", +] + +[[package]] +name = "linux-raw-sys" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456" + +[[package]] +name = "lock_api" +version = "0.4.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +dependencies = [ + "autocfg", + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" + +[[package]] +name = "lru" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e999beba7b6e8345721bd280141ed958096a2e4abdf74f67ff4ce49b4b54e47a" +dependencies = [ + "hashbrown", +] + +[[package]] +name = "memchr" +version = "2.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" + +[[package]] +name = "miniz_oxide" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +dependencies = [ + "adler", +] + +[[package]] +name = "object" +version = "0.32.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" +dependencies = [ + "memchr", +] + +[[package]] +name = "once_cell" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + +[[package]] +name = "openssl" +version = "0.10.62" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671" +dependencies = [ + "bitflags 2.4.1", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + +[[package]] +name = "openssl-sys" +version = "0.9.98" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "parking_lot" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" +dependencies = [ + "instant", + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60a2cfe6f0ad2bfc16aefa463b497d5c7a5ecd44a23efa72aa342d90177356dc" +dependencies = [ + "cfg-if", + "instant", + "libc", + "redox_syscall 0.2.16", + "smallvec", + "winapi", +] + +[[package]] +name = "paste" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880" +dependencies = [ + "paste-impl", + "proc-macro-hack", +] + +[[package]] +name = "paste-impl" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6" +dependencies = [ + "proc-macro-hack", +] + +[[package]] +name = "pin-project-lite" +version = "0.2.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" + +[[package]] +name = "pkg-config" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69d3587f8a9e599cc7ec2c00e331f71c4e69a5f9a4b8a6efd5b07466b9736f9a" + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "proc-macro-hack" +version = "0.5.20+deprecated" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" + +[[package]] +name = "proc-macro2" +version = "1.0.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95fc56cda0b5c3325f5fbbd7ff9fda9e02bb00bb3dac51252d2f1bfa1cb8cc8c" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "pwdchan" +version = "0.1.0" +dependencies = [ + "base64", + "cc", + "libc", + "openssl", + "paste", + "slapi_r_plugin", + "uuid", +] + +[[package]] +name = "quote" +version = "1.0.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "redox_syscall" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" +dependencies = [ + "bitflags 1.3.2", +] + +[[package]] +name = "redox_syscall" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +dependencies = [ + "bitflags 1.3.2", +] + +[[package]] +name = "rsds" +version = "0.1.0" + +[[package]] +name = "rustc-demangle" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" + +[[package]] +name = "rustix" +version = "0.38.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca" +dependencies = [ + "bitflags 2.4.1", + "errno", + "libc", + "linux-raw-sys", + "windows-sys", +] + +[[package]] +name = "ryu" +version = "1.0.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "serde" +version = "1.0.195" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.195" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + +[[package]] +name = "serde_json" +version = "1.0.111" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "slapd" +version = "0.1.0" +dependencies = [ + "fernet", +] + +[[package]] +name = "slapi_r_plugin" +version = "0.1.0" +dependencies = [ + "libc", + "paste", + "uuid", +] + +[[package]] +name = "smallvec" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2593d31f82ead8df961d8bd23a64c2ccf2eb5dd34b0a34bfb4dd54011c72009e" + +[[package]] +name = "strsim" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" + +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn" +version = "2.0.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "tempfile" +version = "3.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" +dependencies = [ + "cfg-if", + "fastrand", + "redox_syscall 0.4.1", + "rustix", + "windows-sys", +] + +[[package]] +name = "textwrap" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" +dependencies = [ + "unicode-width", +] + +[[package]] +name = "tokio" +version = "1.35.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" +dependencies = [ + "backtrace", + "pin-project-lite", + "tokio-macros", +] + +[[package]] +name = "tokio-macros" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + +[[package]] +name = "toml" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234" +dependencies = [ + "serde", +] + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "unicode-width" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" + +[[package]] +name = "uuid" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7" +dependencies = [ + "getrandom", +] + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "vec_map" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" + +[[package]] +name = "zeroize" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec new file mode 100644 index 0000000..042e01f --- /dev/null +++ b/SPECS/389-ds-base.spec @@ -0,0 +1,971 @@ + +%global pkgname dirsrv +%global srcname 389-ds-base + +# Exclude i686 bit arches +ExcludeArch: i686 + +# for a pre-release, define the prerel field e.g. .a1 .rc2 - comment out for official release +# also remove the space between % and global - this space is needed because +# fedpkg verrel stupidly ignores comment lines +#% global prerel .rc3 +# also need the relprefix field for a pre-release e.g. .0 - also comment out for official release +#% global relprefix 0. + +# If perl-Socket-2.000 or newer is available, set 0 to use_Socket6. +%global use_Socket6 0 + +%global use_asan 0 +%global use_rust 1 +%global use_legacy 1 +%global bundle_jemalloc 1 +%if %{use_asan} +%global bundle_jemalloc 0 +%endif + +%if %{bundle_jemalloc} +%global jemalloc_name jemalloc +%global jemalloc_ver 5.3.0 +%global __provides_exclude ^libjemalloc\\.so.*$ +%endif + +# Use Clang instead of GCC +%global use_clang 0 + +# fedora 15 and later uses tmpfiles.d +# otherwise, comment this out +%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d} + +# systemd support +%global groupname %{pkgname}.target + +# set PIE flag +%global _hardened_build 1 + +# Filter argparse-manpage from autogenerated package Requires +%global __requires_exclude ^python.*argparse-manpage + +Summary: 389 Directory Server (base) +Name: 389-ds-base +Version: 1.4.3.39 +Release: %{?relprefix}2%{?prerel}%{?dist} +License: GPLv3+ and (ASL 2.0 or MIT) +URL: https://www.port389.org +Group: System Environment/Daemons +Conflicts: selinux-policy-base < 3.9.8 +Conflicts: freeipa-server < 4.0.3 +Obsoletes: %{name} <= 1.4.0.9 +Provides: ldif2ldbm >= 0 + +##### Bundled cargo crates list - START ##### +Provides: bundled(crate(addr2line)) = 0.21.0 +Provides: bundled(crate(adler)) = 1.0.2 +Provides: bundled(crate(ahash)) = 0.7.7 +Provides: bundled(crate(ansi_term)) = 0.12.1 +Provides: bundled(crate(atty)) = 0.2.14 +Provides: bundled(crate(autocfg)) = 1.1.0 +Provides: bundled(crate(backtrace)) = 0.3.69 +Provides: bundled(crate(base64)) = 0.13.1 +Provides: bundled(crate(bitflags)) = 1.3.2 +Provides: bundled(crate(bitflags)) = 2.4.1 +Provides: bundled(crate(byteorder)) = 1.5.0 +Provides: bundled(crate(cbindgen)) = 0.9.1 +Provides: bundled(crate(cc)) = 1.0.83 +Provides: bundled(crate(cfg-if)) = 1.0.0 +Provides: bundled(crate(clap)) = 2.34.0 +Provides: bundled(crate(concread)) = 0.2.21 +Provides: bundled(crate(crossbeam)) = 0.8.4 +Provides: bundled(crate(crossbeam-channel)) = 0.5.11 +Provides: bundled(crate(crossbeam-deque)) = 0.8.5 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.18 +Provides: bundled(crate(crossbeam-queue)) = 0.3.11 +Provides: bundled(crate(crossbeam-utils)) = 0.8.19 +Provides: bundled(crate(entryuuid)) = 0.1.0 +Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 +Provides: bundled(crate(errno)) = 0.3.8 +Provides: bundled(crate(fastrand)) = 2.0.1 +Provides: bundled(crate(fernet)) = 0.1.4 +Provides: bundled(crate(foreign-types)) = 0.3.2 +Provides: bundled(crate(foreign-types-shared)) = 0.1.1 +Provides: bundled(crate(getrandom)) = 0.2.12 +Provides: bundled(crate(gimli)) = 0.28.1 +Provides: bundled(crate(hashbrown)) = 0.12.3 +Provides: bundled(crate(hermit-abi)) = 0.1.19 +Provides: bundled(crate(instant)) = 0.1.12 +Provides: bundled(crate(itoa)) = 1.0.10 +Provides: bundled(crate(jobserver)) = 0.1.27 +Provides: bundled(crate(libc)) = 0.2.152 +Provides: bundled(crate(librnsslapd)) = 0.1.0 +Provides: bundled(crate(librslapd)) = 0.1.0 +Provides: bundled(crate(linux-raw-sys)) = 0.4.12 +Provides: bundled(crate(lock_api)) = 0.4.11 +Provides: bundled(crate(log)) = 0.4.20 +Provides: bundled(crate(lru)) = 0.7.8 +Provides: bundled(crate(memchr)) = 2.7.1 +Provides: bundled(crate(miniz_oxide)) = 0.7.1 +Provides: bundled(crate(object)) = 0.32.2 +Provides: bundled(crate(once_cell)) = 1.19.0 +Provides: bundled(crate(openssl)) = 0.10.62 +Provides: bundled(crate(openssl-macros)) = 0.1.1 +Provides: bundled(crate(openssl-sys)) = 0.9.98 +Provides: bundled(crate(parking_lot)) = 0.11.2 +Provides: bundled(crate(parking_lot_core)) = 0.8.6 +Provides: bundled(crate(paste)) = 0.1.18 +Provides: bundled(crate(paste-impl)) = 0.1.18 +Provides: bundled(crate(pin-project-lite)) = 0.2.13 +Provides: bundled(crate(pkg-config)) = 0.3.28 +Provides: bundled(crate(ppv-lite86)) = 0.2.17 +Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated +Provides: bundled(crate(proc-macro2)) = 1.0.76 +Provides: bundled(crate(pwdchan)) = 0.1.0 +Provides: bundled(crate(quote)) = 1.0.35 +Provides: bundled(crate(rand)) = 0.8.5 +Provides: bundled(crate(rand_chacha)) = 0.3.1 +Provides: bundled(crate(rand_core)) = 0.6.4 +Provides: bundled(crate(redox_syscall)) = 0.2.16 +Provides: bundled(crate(redox_syscall)) = 0.4.1 +Provides: bundled(crate(rsds)) = 0.1.0 +Provides: bundled(crate(rustc-demangle)) = 0.1.23 +Provides: bundled(crate(rustix)) = 0.38.30 +Provides: bundled(crate(ryu)) = 1.0.16 +Provides: bundled(crate(scopeguard)) = 1.2.0 +Provides: bundled(crate(serde)) = 1.0.195 +Provides: bundled(crate(serde_derive)) = 1.0.195 +Provides: bundled(crate(serde_json)) = 1.0.111 +Provides: bundled(crate(slapd)) = 0.1.0 +Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 +Provides: bundled(crate(smallvec)) = 1.12.0 +Provides: bundled(crate(strsim)) = 0.8.0 +Provides: bundled(crate(syn)) = 1.0.109 +Provides: bundled(crate(syn)) = 2.0.48 +Provides: bundled(crate(tempfile)) = 3.9.0 +Provides: bundled(crate(textwrap)) = 0.11.0 +Provides: bundled(crate(tokio)) = 1.35.1 +Provides: bundled(crate(tokio-macros)) = 2.2.0 +Provides: bundled(crate(toml)) = 0.5.11 +Provides: bundled(crate(unicode-ident)) = 1.0.12 +Provides: bundled(crate(unicode-width)) = 0.1.11 +Provides: bundled(crate(uuid)) = 0.8.2 +Provides: bundled(crate(vcpkg)) = 0.2.15 +Provides: bundled(crate(vec_map)) = 0.8.2 +Provides: bundled(crate(version_check)) = 0.9.4 +Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1 +Provides: bundled(crate(winapi)) = 0.3.9 +Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 +Provides: bundled(crate(windows-sys)) = 0.52.0 +Provides: bundled(crate(windows-targets)) = 0.52.0 +Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.52.0 +Provides: bundled(crate(windows_aarch64_msvc)) = 0.52.0 +Provides: bundled(crate(windows_i686_gnu)) = 0.52.0 +Provides: bundled(crate(windows_i686_msvc)) = 0.52.0 +Provides: bundled(crate(windows_x86_64_gnu)) = 0.52.0 +Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.52.0 +Provides: bundled(crate(windows_x86_64_msvc)) = 0.52.0 +Provides: bundled(crate(zeroize)) = 1.7.0 +Provides: bundled(crate(zeroize_derive)) = 1.4.2 +##### Bundled cargo crates list - END ##### + +BuildRequires: nspr-devel >= 4.32 +BuildRequires: nss-devel >= 3.67.0-7 +BuildRequires: perl-generators +BuildRequires: openldap-devel +BuildRequires: libdb-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: icu +BuildRequires: libicu-devel +BuildRequires: pcre-devel +BuildRequires: cracklib-devel +%if %{use_clang} +BuildRequires: libatomic +BuildRequires: clang +%else +BuildRequires: gcc +BuildRequires: gcc-c++ +%endif +# The following are needed to build the snmp ldap-agent +BuildRequires: net-snmp-devel +BuildRequires: lm_sensors-devel +BuildRequires: bzip2-devel +BuildRequires: zlib-devel +BuildRequires: openssl-devel +# the following is for the pam passthru auth plug-in +BuildRequires: pam-devel +BuildRequires: systemd-units +BuildRequires: systemd-devel +%if %{use_asan} +BuildRequires: libasan +%endif +# If rust is enabled +%if %{use_rust} +BuildRequires: cargo +BuildRequires: rust +%endif +BuildRequires: pkgconfig +BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(krb5) + +# Needed to support regeneration of the autotool artifacts. +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +# For our documentation +BuildRequires: doxygen +# For tests! +BuildRequires: libcmocka-devel +BuildRequires: libevent-devel +# For lib389 and related components +BuildRequires: python%{python3_pkgversion} +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-ldap +BuildRequires: python%{python3_pkgversion}-six +BuildRequires: python%{python3_pkgversion}-pyasn1 +BuildRequires: python%{python3_pkgversion}-pyasn1-modules +BuildRequires: python%{python3_pkgversion}-dateutil +BuildRequires: python%{python3_pkgversion}-argcomplete +BuildRequires: python%{python3_pkgversion}-argparse-manpage +BuildRequires: python%{python3_pkgversion}-policycoreutils +BuildRequires: python%{python3_pkgversion}-libselinux +BuildRequires: python%{python3_pkgversion}-cryptography + +# For cockpit +BuildRequires: rsync + +Requires: %{name}-libs = %{version}-%{release} +Requires: python%{python3_pkgversion}-lib389 = %{version}-%{release} + +# this is needed for using semanage from our setup scripts +Requires: policycoreutils-python-utils +Requires: /usr/sbin/semanage +Requires: libsemanage-python%{python3_pkgversion} + +Requires: selinux-policy >= 3.14.1-29 + +# the following are needed for some of our scripts +Requires: openldap-clients +Requires: openssl-perl +Requires: python%{python3_pkgversion}-ldap + +# this is needed to setup SSL if you are not using the +# administration server package +Requires: nss-tools +Requires: nspr >= 4.32 +Requires: nss >= 3.67.0-7 + +# these are not found by the auto-dependency method +# they are required to support the mandatory LDAP SASL mechs +Requires: cyrus-sasl-gssapi +Requires: cyrus-sasl-md5 +Requires: cyrus-sasl-plain + +# this is needed for verify-db.pl +Requires: libdb-utils + +# Needed for password dictionary checks +Requires: cracklib-dicts + +# This picks up libperl.so as a Requires, so we add this versioned one +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: perl-Errno >= 1.23-360 + +# Needed by logconv.pl +Requires: perl-DB_File +Requires: perl-Archive-Tar + +# Needed for password dictionary checks +Requires: cracklib-dicts + +# Picks up our systemd deps. +%{?systemd_requires} + +Obsoletes: %{name} <= 1.3.5.4 + +Source0: https://releases.pagure.org/389-ds-base/%{name}-%{version}.tar.bz2 +# 389-ds-git.sh should be used to generate the source tarball from git +Source1: %{name}-git.sh +Source2: %{name}-devel.README +%if %{bundle_jemalloc} +Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 +%endif +%if %{use_rust} +Source4: vendor-%{version}-1.tar.gz +Source5: Cargo-%{version}-1.lock +%endif + +Patch01: 0001-issue-5647-covscan-memory-leak-in-audit-log-when-add.patch +Patch02: 0002-Issue-5647-Fix-unused-variable-warning-from-previous.patch +Patch03: 0003-Issue-5407-sync_repl-crashes-if-enabled-while-dynami.patch +Patch04: 0004-Issue-5547-automember-plugin-improvements.patch + +%description +389 Directory Server is an LDAPv3 compliant server. The base package includes +the LDAP server and command line utilities for server administration. +%if %{use_asan} +WARNING! This build is linked to Address Sanitisation libraries. This probably +isn't what you want. Please contact support immediately. +Please see http://seclists.org/oss-sec/2016/q1/363 for more information. +%endif + +%package libs +Summary: Core libraries for 389 Directory Server +Group: System Environment/Daemons +BuildRequires: nspr-devel >= 4.32 +BuildRequires: nss-devel >= 3.67.0-7 +BuildRequires: openldap-devel +BuildRequires: libdb-devel +BuildRequires: cyrus-sasl-devel +BuildRequires: libicu-devel +BuildRequires: pcre-devel +BuildRequires: libtalloc-devel +BuildRequires: libevent-devel +BuildRequires: libtevent-devel +Requires: krb5-libs +Requires: libevent +BuildRequires: systemd-devel +Provides: svrcore = 4.1.4 +Conflicts: svrcore +Obsoletes: svrcore <= 4.1.3 + +%description libs +Core libraries for the 389 Directory Server base package. These libraries +are used by the main package and the -devel package. This allows the -devel +package to be installed with just the -libs package and without the main package. + +%if %{use_legacy} +%package legacy-tools +Summary: Legacy utilities for 389 Directory Server +Group: System Environment/Daemons +Obsoletes: %{name} <= 1.4.0.9 +Requires: %{name}-libs = %{version}-%{release} +# for setup-ds.pl to support ipv6 +%if %{use_Socket6} +Requires: perl-Socket6 +%else +Requires: perl-Socket +%endif +Requires: perl-NetAddr-IP +# use_openldap assumes perl-Mozilla-LDAP is built with openldap support +Requires: perl-Mozilla-LDAP +# for setup-ds.pl +Requires: bind-utils +%global __provides_exclude_from %{_libdir}/%{pkgname}/perl +%global __requires_exclude perl\\((DSCreate|DSMigration|DSUpdate|DSUtil|Dialog|DialogManager|FileConn|Inf|Migration|Resource|Setup|SetupLog) +%{?perl_default_filter} + +%description legacy-tools +Legacy (and deprecated) utilities for 389 Directory Server. This includes +the old account management and task scripts. These are deprecated in favour of +the dscreate, dsctl, dsconf and dsidm tools. +%endif + +%package devel +Summary: Development libraries for 389 Directory Server +Group: Development/Libraries +Requires: %{name}-libs = %{version}-%{release} +Requires: pkgconfig +Requires: nspr-devel >= 4.32 +Requires: nss-devel >= 3.67.0-7 +Requires: openldap-devel +Requires: libtalloc +Requires: libevent +Requires: libtevent +Requires: systemd-libs +Provides: svrcore-devel = 4.1.4 +Conflicts: svrcore-devel +Obsoletes: svrcore-devel <= 4.1.3 + +%description devel +Development Libraries and headers for the 389 Directory Server base package. + +%package snmp +Summary: SNMP Agent for 389 Directory Server +Group: System Environment/Daemons +Requires: %{name} = %{version}-%{release} + +Obsoletes: %{name} <= 1.4.0.0 + +%description snmp +SNMP Agent for the 389 Directory Server base package. + +%package -n python%{python3_pkgversion}-lib389 +Summary: A library for accessing, testing, and configuring the 389 Directory Server +BuildArch: noarch +Group: Development/Libraries +Requires: 389-ds-base +Requires: openssl +Requires: iproute +Requires: platform-python +Recommends: bash-completion +Requires: python%{python3_pkgversion}-ldap +Requires: python%{python3_pkgversion}-six +Requires: python%{python3_pkgversion}-pyasn1 +Requires: python%{python3_pkgversion}-pyasn1-modules +Requires: python%{python3_pkgversion}-dateutil +Requires: python%{python3_pkgversion}-argcomplete +Requires: python%{python3_pkgversion}-libselinux +Requires: python%{python3_pkgversion}-setuptools +Requires: python%{python3_pkgversion}-distro +Requires: python%{python3_pkgversion}-cryptography +%{?python_provide:%python_provide python%{python3_pkgversion}-lib389} + +%description -n python%{python3_pkgversion}-lib389 +This module contains tools and libraries for accessing, testing, + and configuring the 389 Directory Server. + +%package -n cockpit-389-ds +Summary: Cockpit UI Plugin for configuring and administering the 389 Directory Server +BuildArch: noarch +Requires: cockpit +Requires: platform-python +Requires: python%{python3_pkgversion}-lib389 + +%description -n cockpit-389-ds +A cockpit UI Plugin for configuring and administering the 389 Directory Server + +%prep +%autosetup -p1 -v -n %{name}-%{version}%{?prerel} +%if %{use_rust} +tar xvzf %{SOURCE4} +cp %{SOURCE5} src/Cargo.lock +%endif +%if %{bundle_jemalloc} +%setup -q -n %{name}-%{version}%{?prerel} -T -D -b 3 +%endif +cp %{SOURCE2} README.devel + +%build + +OPENLDAP_FLAG="--with-openldap" +%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"} +# hack hack hack https://bugzilla.redhat.com/show_bug.cgi?id=833529 +NSSARGS="--with-nss-lib=%{_libdir} --with-nss-inc=%{_includedir}/nss3" + +%if %{use_asan} +ASAN_FLAGS="--enable-asan --enable-debug" +%endif + +%if %{use_rust} +RUST_FLAGS="--enable-rust --enable-rust-offline" +%endif + +%if %{use_legacy} +LEGACY_FLAGS="--enable-legacy --enable-perl" +%else +LEGACY_FLAGS="--disable-legacy --disable-perl" +%endif + +%if %{use_clang} +export CC=clang +export CXX=clang++ +CLANG_FLAGS="--enable-clang" +%endif + +%if %{bundle_jemalloc} +# Override page size, bz #1545539 +# 4K +%ifarch %ix86 %arm x86_64 s390x +%define lg_page --with-lg-page=12 +%endif + +# 64K +%ifarch ppc64 ppc64le aarch64 +%define lg_page --with-lg-page=16 +%endif + +# Override huge page size on aarch64 +# 2M instead of 512M +%ifarch aarch64 +%define lg_hugepage --with-lg-hugepage=21 +%endif + +# Build jemalloc +pushd ../%{jemalloc_name}-%{jemalloc_ver} +%configure \ + --libdir=%{_libdir}/%{pkgname}/lib \ + --bindir=%{_libdir}/%{pkgname}/bin \ + --enable-prof +make %{?_smp_mflags} +popd +%endif + + +# Enforce strict linking +%define _strict_symbol_defs_build 1 + +# Rebuild the autotool artifacts now. +autoreconf -fiv + +%configure --enable-autobind --with-selinux $OPENLDAP_FLAG $TMPFILES_FLAG \ + --with-systemd \ + --with-systemdsystemunitdir=%{_unitdir} \ + --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \ + --with-systemdgroupname=%{groupname} \ + --libexecdir=%{_libexecdir}/%{pkgname} \ + $NSSARGS $ASAN_FLAGS $RUST_FLAGS $LEGACY_FLAGS $CLANG_FLAGS \ + --enable-cmocka + +# lib389 +pushd ./src/lib389 +%py3_build +popd +# argparse-manpage dynamic man pages have hardcoded man v1 in header, +# need to change it to v8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsconf.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsctl.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dsidm.8 +sed -i "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}%{?prerel}/src/lib389/man/dscreate.8 + +# Generate symbolic info for debuggers +export XCFLAGS=$RPM_OPT_FLAGS + +#make %{?_smp_mflags} +make + +%install + +mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir} +mkdir -p %{buildroot}%{_datadir}/cockpit +make DESTDIR="$RPM_BUILD_ROOT" install + +# Cockpit file list +find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list +find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list + +# Copy in our docs from doxygen. +cp -r %{_builddir}/%{name}-%{version}%{?prerel}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3 + +# lib389 +pushd src/lib389 +%py3_install +popd + +mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname} +mkdir -p $RPM_BUILD_ROOT/var/3lock/%{pkgname} + +# for systemd +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants + +#remove libtool archives and static libs +find %{buildroot} -type f -name "*.la" -delete +find %{buildroot} -type f -name "*.a" -delete + +%if %{use_legacy} +# make sure perl scripts have a proper shebang +sed -i -e 's|#{{PERL-EXEC}}|#!/usr/bin/perl|' $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/script-templates/template-*.pl +%endif + +%if %{bundle_jemalloc} +pushd ../%{jemalloc_name}-%{jemalloc_ver} +make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin +cp -pa COPYING ../%{name}-%{version}%{?prerel}/COPYING.jemalloc +cp -pa README ../%{name}-%{version}%{?prerel}/README.jemalloc +popd +%endif + +%check +# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build. +if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +if [ -n "$DEBUGPOSTTRANS" ] ; then + output=$DEBUGPOSTTRANS + output2=${DEBUGPOSTTRANS}.upgrade +else + output=/dev/null + output2=/dev/null +fi + +# reload to pick up any changes to systemd files +/bin/systemctl daemon-reload >$output 2>&1 || : + +# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation +# Soft static allocation for UID and GID +USERNAME="dirsrv" +ALLOCATED_UID=389 +GROUPNAME="dirsrv" +ALLOCATED_GID=389 +HOMEDIR="/usr/share/dirsrv" + +getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME +if ! getent passwd $USERNAME >/dev/null ; then + if ! getent passwd $ALLOCATED_UID >/dev/null ; then + /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME + else + /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME + fi +fi + +# Reload our sysctl before we restart (if we can) +sysctl --system &> $output; true + +%preun +if [ $1 -eq 0 ]; then # Final removal + # remove instance specific service files/links + rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || : +fi + +%postun +if [ $1 = 0 ]; then # Final removal + rm -rf /var/run/%{pkgname} +fi + +%post snmp +%systemd_post %{pkgname}-snmp.service + +%preun snmp +%systemd_preun %{pkgname}-snmp.service %{groupname} + +%postun snmp +%systemd_postun_with_restart %{pkgname}-snmp.service + +%if %{use_legacy} +%post legacy-tools + +# START UPGRADE SCRIPT + +if [ -n "$DEBUGPOSTTRANS" ] ; then + output=$DEBUGPOSTTRANS + output2=${DEBUGPOSTTRANS}.upgrade +else + output=/dev/null + output2=/dev/null +fi + +# find all instances +instances="" # instances that require a restart after upgrade +ninst=0 # number of instances found in total + +echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || : +instbase="%{_sysconfdir}/%{pkgname}" +for dir in $instbase/slapd-* ; do + echo dir = $dir >> $output 2>&1 || : + if [ ! -d "$dir" ] ; then continue ; fi + case "$dir" in *.removed) continue ;; esac + basename=`basename $dir` + inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`" + echo found instance $inst - getting status >> $output 2>&1 || : + if /bin/systemctl -q is-active $inst ; then + echo instance $inst is running >> $output 2>&1 || : + instances="$instances $inst" + else + echo instance $inst is not running >> $output 2>&1 || : + fi + ninst=`expr $ninst + 1` +done +if [ $ninst -eq 0 ] ; then + echo no instances to upgrade >> $output 2>&1 || : + exit 0 # have no instances to upgrade - just skip the rest +fi +# shutdown all instances +echo shutting down all instances . . . >> $output 2>&1 || : +for inst in $instances ; do + echo stopping instance $inst >> $output 2>&1 || : + /bin/systemctl stop $inst >> $output 2>&1 || : +done +echo remove pid files . . . >> $output 2>&1 || : +/bin/rm -f /var/run/%{pkgname}*.pid /var/run/%{pkgname}*.startpid +# do the upgrade +echo upgrading instances . . . >> $output 2>&1 || : +DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"` +if [ -n "$DEBUGPOSTSETUPOPT" ] ; then + %{_sbindir}/setup-ds.pl -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || : +else + %{_sbindir}/setup-ds.pl -u -s General.UpdateMode=offline >> $output 2>&1 || : +fi + +# restart instances that require it +for inst in $instances ; do + echo restarting instance $inst >> $output 2>&1 || : + /bin/systemctl start $inst >> $output 2>&1 || : +done +#END UPGRADE +%endif + +exit 0 + + +%files +%if %{bundle_jemalloc} +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc +%license COPYING.jemalloc +%else +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl +%endif +%dir %{_sysconfdir}/%{pkgname} +%dir %{_sysconfdir}/%{pkgname}/schema +%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif +%dir %{_sysconfdir}/%{pkgname}/config +%dir %{_sysconfdir}/systemd/system/%{groupname}.wants +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf +%{_datadir}/%{pkgname} +%{_datadir}/gdb/auto-load/* +%{_unitdir} +%{_bindir}/dbscan +%{_mandir}/man1/dbscan.1.gz +%{_bindir}/ds-replcheck +%{_mandir}/man1/ds-replcheck.1.gz +%{_bindir}/ds-logpipe.py +%{_mandir}/man1/ds-logpipe.py.1.gz +%{_bindir}/ldclt +%{_mandir}/man1/ldclt.1.gz +%{_sbindir}/ldif2ldap +%{_mandir}/man8/ldif2ldap.8.gz +%{_bindir}/logconv.pl +%{_mandir}/man1/logconv.pl.1.gz +%{_bindir}/pwdhash +%{_mandir}/man1/pwdhash.1.gz +%{_bindir}/readnsstate +%{_mandir}/man1/readnsstate.1.gz +# Remove for now: %caps(CAP_NET_BIND_SERVICE=pe) {_sbindir}/ns-slapd +%{_sbindir}/ns-slapd +%{_mandir}/man8/ns-slapd.8.gz +%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl +%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh +%{_mandir}/man5/99user.ldif.5.gz +%{_mandir}/man5/certmap.conf.5.gz +%{_mandir}/man5/slapd-collations.conf.5.gz +%{_mandir}/man5/dirsrv.5.gz +%{_mandir}/man5/dirsrv.systemd.5.gz +%{_libdir}/%{pkgname}/python +%dir %{_libdir}/%{pkgname}/plugins +%{_libdir}/%{pkgname}/plugins/*.so +# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but +# sysctl.d is always in /lib. +%{_prefix}/lib/sysctl.d/* +%dir %{_localstatedir}/lib/%{pkgname} +%dir %{_localstatedir}/log/%{pkgname} +%ghost %dir %{_localstatedir}/lock/%{pkgname} +%exclude %{_sbindir}/ldap-agent* +%exclude %{_mandir}/man1/ldap-agent.1.gz +%exclude %{_unitdir}/%{pkgname}-snmp.service +%if %{bundle_jemalloc} +%{_libdir}/%{pkgname}/lib/ +%{_libdir}/%{pkgname}/bin/ +%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config +%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so +%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a +%exclude %{_libdir}/%{pkgname}/lib/pkgconfig +%endif + +%files devel +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%{_mandir}/man3/* +%{_includedir}/svrcore.h +%{_includedir}/%{pkgname} +%{_libdir}/libsvrcore.so +%{_libdir}/%{pkgname}/libslapd.so +%{_libdir}/%{pkgname}/libns-dshttpd.so +%{_libdir}/%{pkgname}/libsds.so +%{_libdir}/%{pkgname}/libldaputil.so +%{_libdir}/pkgconfig/svrcore.pc +%{_libdir}/pkgconfig/dirsrv.pc +%{_libdir}/pkgconfig/libsds.pc + +%files libs +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%dir %{_libdir}/%{pkgname} +%{_libdir}/libsvrcore.so.* +%{_libdir}/%{pkgname}/libslapd.so.* +%{_libdir}/%{pkgname}/libns-dshttpd-*.so +%{_libdir}/%{pkgname}/libsds.so.* +%{_libdir}/%{pkgname}/libldaputil.so.* +%{_libdir}/%{pkgname}/librewriters.so* +%if %{bundle_jemalloc} +%{_libdir}/%{pkgname}/lib/libjemalloc.so.2 +%endif + +%if %{use_legacy} +%files legacy-tools +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%{_bindir}/infadd +%{_mandir}/man1/infadd.1.gz +%{_bindir}/ldif +%{_mandir}/man1/ldif.1.gz +%{_bindir}/migratecred +%{_mandir}/man1/migratecred.1.gz +%{_bindir}/mmldif +%{_mandir}/man1/mmldif.1.gz +%{_bindir}/rsearch +%{_mandir}/man1/rsearch.1.gz +%{_libexecdir}/%{pkgname}/ds_selinux_enabled +%{_libexecdir}/%{pkgname}/ds_selinux_port_query +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/template-initconfig +%{_mandir}/man5/template-initconfig.5.gz +%{_datadir}/%{pkgname}/properties/*.res +%{_datadir}/%{pkgname}/script-templates +%{_datadir}/%{pkgname}/updates +%{_sbindir}/ldif2ldap +%{_mandir}/man8/ldif2ldap.8.gz +%{_sbindir}/bak2db +%{_mandir}/man8/bak2db.8.gz +%{_sbindir}/db2bak +%{_mandir}/man8/db2bak.8.gz +%{_sbindir}/db2index +%{_mandir}/man8/db2index.8.gz +%{_sbindir}/db2ldif +%{_mandir}/man8/db2ldif.8.gz +%{_sbindir}/dbverify +%{_mandir}/man8/dbverify.8.gz +%{_sbindir}/ldif2db +%{_mandir}/man8/ldif2db.8.gz +%{_sbindir}/restart-dirsrv +%{_mandir}/man8/restart-dirsrv.8.gz +%{_sbindir}/start-dirsrv +%{_mandir}/man8/start-dirsrv.8.gz +%{_sbindir}/status-dirsrv +%{_mandir}/man8/status-dirsrv.8.gz +%{_sbindir}/stop-dirsrv +%{_mandir}/man8/stop-dirsrv.8.gz +%{_sbindir}/upgradedb +%{_mandir}/man8/upgradedb.8.gz +%{_sbindir}/vlvindex +%{_mandir}/man8/vlvindex.8.gz +%{_sbindir}/monitor +%{_mandir}/man8/monitor.8.gz +%{_sbindir}/dbmon.sh +%{_mandir}/man8/dbmon.sh.8.gz +%{_sbindir}/dn2rdn +%{_mandir}/man8/dn2rdn.8.gz +%{_sbindir}/restoreconfig +%{_mandir}/man8/restoreconfig.8.gz +%{_sbindir}/saveconfig +%{_mandir}/man8/saveconfig.8.gz +%{_sbindir}/suffix2instance +%{_mandir}/man8/suffix2instance.8.gz +%{_sbindir}/upgradednformat +%{_mandir}/man8/upgradednformat.8.gz +%{_mandir}/man1/dbgen.pl.1.gz +%{_bindir}/repl-monitor +%{_mandir}/man1/repl-monitor.1.gz +%{_bindir}/repl-monitor.pl +%{_mandir}/man1/repl-monitor.pl.1.gz +%{_bindir}/cl-dump +%{_mandir}/man1/cl-dump.1.gz +%{_bindir}/cl-dump.pl +%{_mandir}/man1/cl-dump.pl.1.gz +%{_bindir}/dbgen.pl +%{_mandir}/man8/bak2db.pl.8.gz +%{_sbindir}/bak2db.pl +%{_sbindir}/cleanallruv.pl +%{_mandir}/man8/cleanallruv.pl.8.gz +%{_sbindir}/db2bak.pl +%{_mandir}/man8/db2bak.pl.8.gz +%{_sbindir}/db2index.pl +%{_mandir}/man8/db2index.pl.8.gz +%{_sbindir}/db2ldif.pl +%{_mandir}/man8/db2ldif.pl.8.gz +%{_sbindir}/fixup-linkedattrs.pl +%{_mandir}/man8/fixup-linkedattrs.pl.8.gz +%{_sbindir}/fixup-memberof.pl +%{_mandir}/man8/fixup-memberof.pl.8.gz +%{_sbindir}/ldif2db.pl +%{_mandir}/man8/ldif2db.pl.8.gz +%{_sbindir}/migrate-ds.pl +%{_mandir}/man8/migrate-ds.pl.8.gz +%{_sbindir}/ns-accountstatus.pl +%{_mandir}/man8/ns-accountstatus.pl.8.gz +%{_sbindir}/ns-activate.pl +%{_mandir}/man8/ns-activate.pl.8.gz +%{_sbindir}/ns-inactivate.pl +%{_mandir}/man8/ns-inactivate.pl.8.gz +%{_sbindir}/ns-newpwpolicy.pl +%{_mandir}/man8/ns-newpwpolicy.pl.8.gz +%{_sbindir}/remove-ds.pl +%{_mandir}/man8/remove-ds.pl.8.gz +%{_sbindir}/schema-reload.pl +%{_mandir}/man8/schema-reload.pl.8.gz +%{_sbindir}/setup-ds.pl +%{_mandir}/man8/setup-ds.pl.8.gz +%{_sbindir}/syntax-validate.pl +%{_mandir}/man8/syntax-validate.pl.8.gz +%{_sbindir}/usn-tombstone-cleanup.pl +%{_mandir}/man8/usn-tombstone-cleanup.pl.8.gz +%{_sbindir}/verify-db.pl +%{_mandir}/man8/verify-db.pl.8.gz +%{_libdir}/%{pkgname}/perl +%endif + +%files snmp +%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel +%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf +%{_sbindir}/ldap-agent* +%{_mandir}/man1/ldap-agent.1.gz +%{_unitdir}/%{pkgname}-snmp.service + +%files -n python%{python3_pkgversion}-lib389 +%doc LICENSE LICENSE.GPLv3+ +%{python3_sitelib}/lib389* +%{_sbindir}/dsconf +%{_mandir}/man8/dsconf.8.gz +%{_sbindir}/dscreate +%{_mandir}/man8/dscreate.8.gz +%{_sbindir}/dsctl +%{_mandir}/man8/dsctl.8.gz +%{_sbindir}/dsidm +%{_mandir}/man8/dsidm.8.gz +%{_libexecdir}/%{pkgname}/dscontainer + +%files -n cockpit-389-ds -f cockpit.list +%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml +%doc README.md + +%changelog +* Wed Apr 03 2024 MSVSphere Packaging Team - 1.4.3.39-2 +- Rebuilt for MSVSphere 8.10 beta + +* Mon Feb 05 2024 Thierry Bordaz - 1.4.3.39-2 +- Bump version to 1.4.3.39-2 +- Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) +- Resolves: RHEL-5390 - schema-compat-plugin expensive with automember rebuild +- Resolves: RHEL-5135 - crash in sync_update_persist_op() of content sync plugin + +* Tue Jan 16 2024 Simon Pichugin - 1.4.3.39-1 +- Bump version to 1.4.3.39-1 +- Resolves: RHEL-19028 - Rebase 389-ds-base in RHEL 8.10 to 1.4.3.39 +- Resolves: RHEL-19240 - [RFE] Add PROXY protocol support to 389-ds-base +- Resolves: RHEL-5143 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG. +- Resolves: RHEL-5107 - bdb_start - Detected Disorderly Shutdown directory server is not starting +- Resolves: RHEL-16338 - ns-slapd crash in slapi_attr_basetype +- Resolves: RHEL-14025 - After an upgrade the LDAP server won't start if nsslapd-conntablesize is present in the dse.ldif file. + + +* Fri Dec 08 2023 James Chapman - 1.4.3.38-1 +- Bump version to 1.4.3.38-1 +- Resolves: RHEL-19028 - Rebase 389-ds-base in RHEL 8.10 to 1.4.3.38 + +* Wed Aug 16 2023 Mark Reynolds - 1.4.3.37-1 +- Bump versionto 1.4.3.37-1 +- Resolves: rhbz#2224505 - Paged search impacts performance +- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme +- Resolves: rhbz#2218235 - python3-lib389: Python tarfile extraction needs change to avoid a warning +- Resolves: rhbz#2210491 - dtablesize being set to soft maxfiledescriptor limit causing massive slowdown in large enviroments. +- Resolves: rhbz#2149967 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG + +* Tue Jul 11 2023 Mark Reynolds - 1.4.3.36-2 +- Bump version to 1.4.3.36-2 +- Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme + +* Wed Jun 14 2023 Mark Reynolds - 1.4.3.36-1 +- Bump version to 1.4.3.36-1 +- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.36 + +* Mon May 22 2023 Mark Reynolds - 1.4.3.35-1 +- Bump version to 1.4.3.35-1 +- Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.35 + +* Tue Nov 15 2022 Mark Reynolds - 1.4.3.32-1 +- Bump version to 1.4.3.32-1 +- Resolves: Bug 2098138 - broken nsslapd-subtree-rename-switch option in rhds11 +- Resolves: Bug 2119063 - entryuuid fixup tasks fails because entryUUID is not mutable +- Resolves: Bug 2136610 - [RFE] Add 'cn' attribute to IPA audit logs +- Resolves: Bug 2142638 - pam mutex lock causing high etimes, affecting red hat internal sso +- Resolves: Bug 2096795 - [RFE] Support ECDSA private keys for TLS +