external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 6a0772b6 | patch | commit | show whitespace

Merge branch 'master' into update-jdk-11

maximthomas

05.54.2025 a6118d2c726313283f1cc2d69b14d1bd18c9e7d2

Merge branch 'master' into update-jdk-11

5 files modified

	opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPConnectionHandlerConfiguration.xml	4 ●●●●● patch \| view \| raw \| blame \| history
	opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPConnectionHandlerConfiguration.xml	4 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/main/java/org/opends/server/core/GroupManager.java	39 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/core/GroupManagerTestCase.java	54 ●●●●● patch \| view \| raw \| blame \| history
	opendj-server-legacy/src/test/java/org/opends/server/protocols/ldap/TestLDAPConnectionHandler.java	4 ●●●●● patch \| view \| raw \| blame \| history

 opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPConnectionHandlerConfiguration.xml

@@ -13,6 +13,7 @@
  information: "Portions Copyright [year] [name of copyright owner]".

  Portions copyright 2013-2016 ForgeRock AS.
  Portions copyright 2025 3A Systems, LLC
  ! -->
<adm:managed-object name="http-connection-handler"
  plural-name="http-connection-handlers"
@@ -225,6 +226,9 @@
      they send extremely large requests to the server causing it to
      attempt to allocate large amounts of memory.
    </adm:description>
      <adm:requires-admin-action>
          <adm:component-restart />
      </adm:requires-admin-action>
    <adm:default-behavior>
      <adm:defined>
        <adm:value>5 megabytes</adm:value>

 opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPConnectionHandlerConfiguration.xml

@@ -14,6 +14,7 @@

  Copyright 2007-2009 Sun Microsystems, Inc.
  Portions copyright 2011-2016 ForgeRock AS.
  Portions copyright 2025 3A Systems, LLC
  ! -->
<adm:managed-object name="ldap-connection-handler"
  plural-name="ldap-connection-handlers"
@@ -311,6 +312,9 @@
      send extremely large requests to the server causing it to
      attempt to allocate large amounts of memory.
    </adm:description>
    <adm:requires-admin-action>
      <adm:component-restart />
    </adm:requires-admin-action>
    <adm:default-behavior>
      <adm:defined>
        <adm:value>5 megabytes</adm:value>

 opendj-server-legacy/src/main/java/org/opends/server/core/GroupManager.java

@@ -13,6 +13,7 @@
 *
 * Copyright 2007-2010 Sun Microsystems, Inc.
 * Portions Copyright 2011-2016 ForgeRock AS.
 * Portions Copyright 2025 3A Systems,LLC.
 */
package org.opends.server.core;

@@ -726,48 +727,34 @@
      return;
    }

    Group<?> group =null;
    lock.readLock().lock();
    try
    {
      if (!groupInstances.containsKey(oldEntry.getName()))
      {
        // If the modified entry is not in any group instance, it's probably
        // not a group, exit fast
        return;
      }
    try{
        group = groupInstances.get(oldEntry.getName());
    }
    finally
    {
      lock.readLock().unlock();
    }

    lock.writeLock().lock();
    try
    {
      Group<?> group = groupInstances.get(oldEntry.getName());
      if (group != null)
      {
    if (group!=null) {
        try {
        if (!oldEntry.getName().equals(newEntry.getName())
            || !group.mayAlterMemberList()
            || updatesObjectClass(modifications))
        {
                    || updatesObjectClass(modifications)) {
                lock.writeLock().lock();
                try {
          groupInstances.remove(oldEntry.getName());
          // This updates the refreshToken
          createAndRegisterGroup(newEntry);
                } finally {
                    lock.writeLock().unlock();
        }
        else
        {
            } else {
          group.updateMembers(modifications);
        }
      }
    }
    catch (UnsupportedOperationException | DirectoryException e)
    {
        } catch (UnsupportedOperationException | DirectoryException e) {
      logger.traceException(e);
    }
    finally
    {
      lock.writeLock().unlock();
    }
  }


 opendj-server-legacy/src/test/java/org/opends/server/core/GroupManagerTestCase.java

@@ -13,12 +13,17 @@
 *
 * Copyright 2008-2010 Sun Microsystems, Inc.
 * Portions Copyright 2011-2016 ForgeRock AS.
 * Portions Copyright 2025 3A Systems, LLC
 */
package org.opends.server.core;

import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;

import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
@@ -2292,6 +2297,55 @@
    TestCaseUtils.clearBackend("userRoot");
  }

  @Test
  public void test_issue_535() throws Exception {
      TestCaseUtils.clearBackend("userRoot", "dc=example,dc=com");
      TestCaseUtils.addEntries(
              "dn: ou=Users,dc=example,dc=com",
              "objectClass: organizationalUnit",
              "objectClass: top",
              "ou: Users",
              "",
              "dn: ou=Groups,dc=example,dc=com",
              "objectClass: organizationalUnit",
              "objectClass: top",
              "ou: Groups",
              "",
              "dn: cn=Test User,ou=Users,dc=example,dc=com",
              "objectClass: inetOrgPerson",
              "objectClass: organizationalPerson",
              "objectClass: person",
              "objectClass: top",
              "uid: testuser",
              "cn: Test User",
              "sn: User",
              "userPassword: password123",
              "",
              "dn: cn=Level1,ou=Groups,dc=example,dc=com",
              "objectClass: groupOfNames",
              "objectClass: top",
              "cn: Level1",
              "member: cn=Test User,ou=Users,dc=example,dc=com",
              "",
              "dn: cn=Level2,ou=Groups,dc=example,dc=com",
              "objectClass: groupOfNames",
              "objectClass: top",
              "cn: Level2",
              "member: cn=Level1,ou=Groups,dc=example,dc=com",
              ""
      );
      ExecutorService executor = Executors.newFixedThreadPool(100);
      for (int i = 0; i < 10000; i++) {
          executor.submit(() -> {
              final ModifyRequest modifyRequest = newModifyRequest(DN.valueOf("cn=Level2,ou=Groups,dc=example,dc=com"));
              modifyRequest.addModification(REPLACE, "member", "cn=Test User,ou=Users,dc=example,dc=com");
              ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
              assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
          });
      }
      executor.shutdown();
      assertTrue(executor.awaitTermination(1, TimeUnit.MINUTES));
  }
  /**
   * Adds nested group entries.
   *

 opendj-server-legacy/src/test/java/org/opends/server/protocols/ldap/TestLDAPConnectionHandler.java

@@ -13,6 +13,7 @@
 *
 * Copyright 2006-2009 Sun Microsystems, Inc.
 * Portions Copyright 2012-2016 ForgeRock AS.
 * Portions Copyright 2025 3A Systems, LLC.
 */
package org.opends.server.protocols.ldap;

@@ -85,7 +86,7 @@
        "ds-cfg-use-tcp-no-delay: true",
        "ds-cfg-allow-tcp-reuse-address: true",
        "ds-cfg-send-rejection-notice: true",
        "ds-cfg-max-request-size: 5 megabytes",
        "ds-cfg-max-request-size: 10 megabytes",
        "ds-cfg-num-request-handlers: 2",
        "ds-cfg-allow-start-tls: false",
        "ds-cfg-use-ssl: false",
@@ -105,6 +106,7 @@
    Collection<String> cips = LDAPConnHandler.getEnabledSSLCipherSuites();
    Collection<String> protos = LDAPConnHandler.getEnabledSSLProtocols();
    int maxReqSize = LDAPConnHandler.getMaxRequestSize();
    assertEquals(maxReqSize,10*1000*1000);
    String shutListName=LDAPConnHandler.getShutdownListenerName();
    SSLClientAuthPolicy policy = LDAPConnHandler.getSSLClientAuthPolicy();
    Collection<ClientConnection> cons=LDAPConnHandler.getClientConnections();

			@@ -13,6 +13,7 @@
			information: "Portions Copyright [year] [name of copyright owner]".

			Portions copyright 2013-2016 ForgeRock AS.
			Portions copyright 2025 3A Systems, LLC
			! -->
			<adm:managed-object name="http-connection-handler"
			plural-name="http-connection-handlers"
			@@ -225,6 +226,9 @@
			they send extremely large requests to the server causing it to
			attempt to allocate large amounts of memory.
			</adm:description>
			<adm:requires-admin-action>
			<adm:component-restart />
			</adm:requires-admin-action>
			<adm:default-behavior>
			<adm:defined>
			<adm:value>5 megabytes</adm:value>

			@@ -14,6 +14,7 @@

			Copyright 2007-2009 Sun Microsystems, Inc.
			Portions copyright 2011-2016 ForgeRock AS.
			Portions copyright 2025 3A Systems, LLC
			! -->
			<adm:managed-object name="ldap-connection-handler"
			plural-name="ldap-connection-handlers"
			@@ -311,6 +312,9 @@
			send extremely large requests to the server causing it to
			attempt to allocate large amounts of memory.
			</adm:description>
			<adm:requires-admin-action>
			<adm:component-restart />
			</adm:requires-admin-action>
			<adm:default-behavior>
			<adm:defined>
			<adm:value>5 megabytes</adm:value>

			@@ -13,6 +13,7 @@
			*
			* Copyright 2007-2010 Sun Microsystems, Inc.
			* Portions Copyright 2011-2016 ForgeRock AS.
			* Portions Copyright 2025 3A Systems,LLC.
			*/
			package org.opends.server.core;

			@@ -726,48 +727,34 @@
			return;
			}

			Group<?> group =null;
			lock.readLock().lock();
			try
			{
			if (!groupInstances.containsKey(oldEntry.getName()))
			{
			// If the modified entry is not in any group instance, it's probably
			// not a group, exit fast
			return;
			}
			try{
			group = groupInstances.get(oldEntry.getName());
			}
			finally
			{
			lock.readLock().unlock();
			}

			lock.writeLock().lock();
			try
			{
			Group<?> group = groupInstances.get(oldEntry.getName());
			if (group != null)
			{
			if (group!=null) {
			try {
			if (!oldEntry.getName().equals(newEntry.getName())
			\|\| !group.mayAlterMemberList()
			\|\| updatesObjectClass(modifications))
			{
			\|\| updatesObjectClass(modifications)) {
			lock.writeLock().lock();
			try {
			groupInstances.remove(oldEntry.getName());
			// This updates the refreshToken
			createAndRegisterGroup(newEntry);
			} finally {
			lock.writeLock().unlock();
			}
			else
			{
			} else {
			group.updateMembers(modifications);
			}
			}
			}
			catch (UnsupportedOperationException \| DirectoryException e)
			{
			} catch (UnsupportedOperationException \| DirectoryException e) {
			logger.traceException(e);
			}
			finally
			{
			lock.writeLock().unlock();
			}
			}

			@@ -13,12 +13,17 @@
			*
			* Copyright 2008-2010 Sun Microsystems, Inc.
			* Portions Copyright 2011-2016 ForgeRock AS.
			* Portions Copyright 2025 3A Systems, LLC
			*/
			package org.opends.server.core;

			import java.util.LinkedHashSet;
			import java.util.List;
			import java.util.Set;
			import java.util.concurrent.ExecutorService;
			import java.util.concurrent.Executors;
			import java.util.concurrent.TimeUnit;
			import java.util.concurrent.atomic.AtomicInteger;

			import org.forgerock.opendj.ldap.DN;
			import org.forgerock.opendj.ldap.ResultCode;
			@@ -2292,6 +2297,55 @@
			TestCaseUtils.clearBackend("userRoot");
			}

			@Test
			public void test_issue_535() throws Exception {
			TestCaseUtils.clearBackend("userRoot", "dc=example,dc=com");
			TestCaseUtils.addEntries(
			"dn: ou=Users,dc=example,dc=com",
			"objectClass: organizationalUnit",
			"objectClass: top",
			"ou: Users",
			"",
			"dn: ou=Groups,dc=example,dc=com",
			"objectClass: organizationalUnit",
			"objectClass: top",
			"ou: Groups",
			"",
			"dn: cn=Test User,ou=Users,dc=example,dc=com",
			"objectClass: inetOrgPerson",
			"objectClass: organizationalPerson",
			"objectClass: person",
			"objectClass: top",
			"uid: testuser",
			"cn: Test User",
			"sn: User",
			"userPassword: password123",
			"",
			"dn: cn=Level1,ou=Groups,dc=example,dc=com",
			"objectClass: groupOfNames",
			"objectClass: top",
			"cn: Level1",
			"member: cn=Test User,ou=Users,dc=example,dc=com",
			"",
			"dn: cn=Level2,ou=Groups,dc=example,dc=com",
			"objectClass: groupOfNames",
			"objectClass: top",
			"cn: Level2",
			"member: cn=Level1,ou=Groups,dc=example,dc=com",
			""
			);
			ExecutorService executor = Executors.newFixedThreadPool(100);
			for (int i = 0; i < 10000; i++) {
			executor.submit(() -> {
			final ModifyRequest modifyRequest = newModifyRequest(DN.valueOf("cn=Level2,ou=Groups,dc=example,dc=com"));
			modifyRequest.addModification(REPLACE, "member", "cn=Test User,ou=Users,dc=example,dc=com");
			ModifyOperation modifyOperation = getRootConnection().processModify(modifyRequest);
			assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
			});
			}
			executor.shutdown();
			assertTrue(executor.awaitTermination(1, TimeUnit.MINUTES));
			}
			/**
			* Adds nested group entries.
			*

			@@ -13,6 +13,7 @@
			*
			* Copyright 2006-2009 Sun Microsystems, Inc.
			* Portions Copyright 2012-2016 ForgeRock AS.
			* Portions Copyright 2025 3A Systems, LLC.
			*/
			package org.opends.server.protocols.ldap;

			@@ -85,7 +86,7 @@
			"ds-cfg-use-tcp-no-delay: true",
			"ds-cfg-allow-tcp-reuse-address: true",
			"ds-cfg-send-rejection-notice: true",
			"ds-cfg-max-request-size: 5 megabytes",
			"ds-cfg-max-request-size: 10 megabytes",
			"ds-cfg-num-request-handlers: 2",
			"ds-cfg-allow-start-tls: false",
			"ds-cfg-use-ssl: false",
			@@ -105,6 +106,7 @@
			Collection<String> cips = LDAPConnHandler.getEnabledSSLCipherSuites();
			Collection<String> protos = LDAPConnHandler.getEnabledSSLProtocols();
			int maxReqSize = LDAPConnHandler.getMaxRequestSize();
			assertEquals(maxReqSize,1010001000);
			String shutListName=LDAPConnHandler.getShutdownListenerName();
			SSLClientAuthPolicy policy = LDAPConnHandler.getSSLClientAuthPolicy();
			Collection<ClientConnection> cons=LDAPConnHandler.getClientConnections();