From 567dff901813f6d598a092021b0cfaa9945300b1 Mon Sep 17 00:00:00 2001
From: Gaetan Boismal <gaetan.boismal@forgerock.com>
Date: Fri, 13 Mar 2015 16:28:42 +0000
Subject: [PATCH] OPENDJ-1773: Fix divergence with duplicated server config files
---
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/CryptPasswordStorageSchemeConfiguration.xml | 38 +++++++-----
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ExternalChangelogDomainConfiguration.xml | 8 +-
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LogPublisherConfiguration.xml | 4
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationDomainConfiguration.xml | 24 ++++++++
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationServerConfiguration.xml | 26 ++++++++
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AccessLogPublisherConfiguration.xml | 2
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LocalDBBackendConfiguration.xml | 19 ++++++
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPAccessLogPublisherConfiguration.xml | 4
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPPassThroughAuthenticationPolicyConfiguration.xml | 25 ++++++++
9 files changed, 122 insertions(+), 28 deletions(-)
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AccessLogPublisherConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AccessLogPublisherConfiguration.xml
index bb69b8a..395bec3 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AccessLogPublisherConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/AccessLogPublisherConfiguration.xml
@@ -61,7 +61,7 @@
<adm:property-override name="java-class">
<adm:default-behavior>
<adm:defined>
- <adm:value>org.opends.server.api.AccessLogPublisher</adm:value>
+ <adm:value>org.opends.server.loggers.AccessLogPublisher</adm:value>
</adm:defined>
</adm:default-behavior>
</adm:property-override>
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/CryptPasswordStorageSchemeConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/CryptPasswordStorageSchemeConfiguration.xml
index d5c7e15..271147d 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/CryptPasswordStorageSchemeConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/CryptPasswordStorageSchemeConfiguration.xml
@@ -23,7 +23,7 @@
!
!
! Copyright 2007-2008 Sun Microsystems, Inc.
- ! Portions Copyright 2010-2013 ForgeRock AS
+ ! Portions Copyright 2010-2015 ForgeRock AS
! Portions Copyright 2012 Dariusz Janny <dariusz.janny@gmail.com>
! -->
<adm:managed-object name="crypt-password-storage-scheme"
@@ -40,18 +40,20 @@
algorithms, either Unix crypt, md5, sha256 or sha512.
</adm:synopsis>
<adm:description>
- This implementation contains an implementation for the user
- password syntax, with a storage scheme name of "CRYPT". Like on most
- Unixes, the "CRYPT" storage scheme has different algorithms, the default
- being the Unix crypt.
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "CRYPT". Like on most Unixes, the
+ "CRYPT" storage scheme has different algorithms, the default being Unix
+ crypt.
- Even though the Unix crypt is a one-way digest, it
- is relatively weak by today's standards. Because it supports
- only a 12-bit salt (meaning that there are only 4096 possible ways to
- encode a given password), it is also vulnerable to dictionary attacks.
- You should therefore use this storage scheme only in cases where an
- external application expects to retrieve the password and verify it
- outside of the directory, rather than by performing an LDAP bind.
+ Warning: even though Unix crypt is a one-way digest, it is very weak by
+ today's standards. Only the first 8 characters in a password are used, and
+ it only uses the bottom 7 bits of each character. It only supports a 12-bit
+ salt (meaning that there are only 4096 possible ways to encode a given
+ password), so it is vulnerable to dictionary attacks.
+
+ You should therefore use this algorithm only in cases where an external
+ application expects to retrieve the password and verify it outside of the
+ directory, instead of by performing an LDAP bind.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
@@ -75,11 +77,11 @@
<adm:description>
Select the crypt algorithm to use to encrypt new passwords.
The value can either be "unix", which means the password is encrypted
- with the Unix crypt algorithm, or md5 which means the password is
+ with the weak Unix crypt algorithm, or "md5" which means the password is
encrypted with the BSD MD5 algorithm and has a $1$ prefix,
- or sha256 which means the password is encrypted with the SHA256 algorithm
- and has a $5$ prefix, or sha512 which means the password is encrypted with
- the SHA512 algorithm and has a $6$ prefix.
+ or "sha256" which means the password is encrypted with the SHA256
+ algorithm and has a $5$ prefix, or "sha512" which means the password is
+ encrypted with the SHA512 algorithm and has a $6$ prefix.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -90,7 +92,9 @@
<adm:enumeration>
<adm:value name="unix">
<adm:synopsis>
- New passwords are encrypted with the Unix crypt algorithm.
+ New passwords are encrypted with the Unix crypt algorithm. Passwords
+ are truncated at 8 characters and the top bit of each character is
+ ignored.
</adm:synopsis>
</adm:value>
<adm:value name="md5">
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ExternalChangelogDomainConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ExternalChangelogDomainConfiguration.xml
index ed2bf8e..10d2bf2 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ExternalChangelogDomainConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ExternalChangelogDomainConfiguration.xml
@@ -23,7 +23,7 @@
!
!
! Copyright 2009 Sun Microsystems, Inc.
- ! Portions copyright 2011 ForgeRock AS
+ ! Portions copyright 2011-2015 ForgeRock AS
! -->
<adm:managed-object name="external-changelog-domain"
plural-name="external-changelog-domains"
@@ -44,9 +44,9 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicates whether the
- <adm:user-friendly-name />
- is enabled.
+ Indicates whether the <adm:user-friendly-name /> is enabled.
+ To enable computing the change numbers, set the Replication Server's
+ "ds-cfg-compute-change-number" property to true.
</adm:synopsis>
<adm:syntax>
<adm:boolean />
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPAccessLogPublisherConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPAccessLogPublisherConfiguration.xml
index cf29f2e..0186457 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPAccessLogPublisherConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/HTTPAccessLogPublisherConfiguration.xml
@@ -22,7 +22,7 @@
! CDDL HEADER END
!
!
- ! Copyright 2013 ForgeRock AS
+ ! Copyright 2013-2015 ForgeRock AS
! -->
<adm:managed-object name="http-access-log-publisher"
plural-name="http-access-log-publishers"
@@ -51,7 +51,7 @@
<adm:property-override name="java-class">
<adm:default-behavior>
<adm:defined>
- <adm:value>org.opends.server.HTTPAccessLogPublisher</adm:value>
+ <adm:value>org.opends.server.loggers.HTTPAccessLogPublisher</adm:value>
</adm:defined>
</adm:default-behavior>
</adm:property-override>
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPPassThroughAuthenticationPolicyConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPPassThroughAuthenticationPolicyConfiguration.xml
index 2b97453..21ee662 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPPassThroughAuthenticationPolicyConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LDAPPassThroughAuthenticationPolicyConfiguration.xml
@@ -184,6 +184,31 @@
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
<adm:property name="connection-timeout">
<adm:synopsis>
Specifies the timeout used when connecting to remote LDAP
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LocalDBBackendConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LocalDBBackendConfiguration.xml
index 336b944..33fd17d 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LocalDBBackendConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LocalDBBackendConfiguration.xml
@@ -23,7 +23,7 @@
!
!
! Copyright 2007-2010 Sun Microsystems, Inc.
- ! Portions Copyright 2010-2013 ForgeRock AS.
+ ! Portions Copyright 2010-2015 ForgeRock AS.
! -->
<adm:managed-object name="local-db-backend"
plural-name="local-db-backends" package="org.forgerock.opendj.server.config"
@@ -44,6 +44,23 @@
can be used to quickly locate target entries based on different
kinds of criteria.
</adm:description>
+ <adm:constraint>
+ <adm:synopsis>
+ The properties db-txn-no-sync and db-txn-write-no-sync are
+ mutually exclusive and cannot be both set at the same time.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="enabled" value="true" />
+ <adm:not>
+ <adm:and>
+ <adm:contains property="db-txn-no-sync" value="true" />
+ <adm:contains property="db-txn-write-no-sync" value="true" />
+ </adm:and>
+ </adm:not>
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-local-db-backend</ldap:name>
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LogPublisherConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LogPublisherConfiguration.xml
index 664299e..64af7b7 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LogPublisherConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/LogPublisherConfiguration.xml
@@ -23,7 +23,7 @@
!
!
! Copyright 2007-2008 Sun Microsystems, Inc.
- ! Portions copyright 2013 ForgeRock AS
+ ! Portions copyright 2013-2015 ForgeRock AS
! -->
<adm:managed-object name="log-publisher" plural-name="log-publishers"
package="org.forgerock.opendj.server.config" abstract="true"
@@ -65,7 +65,7 @@
<adm:syntax>
<adm:java-class>
<adm:instance-of>
- org.opends.server.api.LogPublisher
+ org.opends.server.loggers.LogPublisher
</adm:instance-of>
</adm:java-class>
</adm:syntax>
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationDomainConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationDomainConfiguration.xml
index 4a9367c..8c0bfcb 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationDomainConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationDomainConfiguration.xml
@@ -103,6 +103,30 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
<adm:property name="base-dn" mandatory="true" read-only="true">
<adm:synopsis>
Specifies the base DN of the replicated data.
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationServerConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationServerConfiguration.xml
index bfaa3fd..4a02dd5 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationServerConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ReplicationServerConfiguration.xml
@@ -23,7 +23,7 @@
!
!
! Copyright 2007-2010 Sun Microsystems, Inc.
- ! Portions copyright 2011-2014 ForgeRock AS
+ ! Portions copyright 2011-2015 ForgeRock AS
! -->
<adm:managed-object name="replication-server"
plural-name="replication-servers"
@@ -75,6 +75,30 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+ <adm:property name="source-address" multi-valued="false" mandatory="false">
+ <adm:synopsis>
+ If specified, the server will bind to the address before connecting to the
+ remote server.
+ </adm:synopsis>
+ <adm:description>
+ The address must be one assigned to an existing network interface.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-source-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
<adm:property name="replication-server-id" mandatory="true"
read-only="true">
<adm:synopsis>
--
Gitblit v1.10.0